Need longer idtoken lifetimes for decision engine #453
Comments
|
Marco released glideinwms 3.10.2-rc1 release candidate which (if the frontend.xml file was thus configured) was able to make long idtokens on a frontend, but not on a decision engine. More investigation needed. the routines patched in that release are in the common glideinwms libraries which are installed both on the frontend and on the decision engine but it appears that the patched code in question (cvWParams.py and cvWParamDict.py) is not called in the decision engine to create the tokens. Examination of decisionengine_modules/glideinwms/glide_frontend_element.py shows this at line 1334 I will bump this to 120 and see what it does. |
|
That worked. production and dev currently patched. |
|
Note that it is important to solve the general case of how to renew because at some HPC sites we can be sitting in the queue for a month. I don't think we want month-long tokens out in the wild. I have bumped the priority of this in the htcondor queue up to level 1 "fire". |
|
Also it is the point of this Issue to make the DE respect whatever is written for idtoken_lifetime in the configuration file, just as the frontend already does. |
We discovered today that the DE is making idtoken that are only good for 1 day.
Attempted to increase this value with idtoken_lifetime but Marco tells us that this knob actually
doesn't work.
There's a known patch for this against the glideinwms frontend but not the decision engine.
The text was updated successfully, but these errors were encountered: