Skip to content

Config: Remove broken x509 option, add scitokens option

This MR enables the use of scitokens by setting use-scitokens in the condor section of the config. It also removes the x509_proxy option which no longer works due to changes in both condor and datafind servers. x509 certificates can still be used by specifying them in an environment variable.

Config file:

condor:
  use-scitokens: #FIXME True if using an AP issuer, or the credkey if using an igwn issuer, e.g. gstlalcbc_offline/robot/gstlal.ligo.caltech.edu

Resulting submit options for AP issuer (use-scitokens: True)

use_oauth_services = scitokens
environment = "BEARER_TOKEN_FILE=$$(CondorScratchDir)/.condor_creds/scitokens.use"

Resulting submit options for vault issuer (use-scitokens: gstlalcbc_offline/robot/gstlal.ligo.caltech.edu):

use_oauth_services = igwn
igwn_oauth_options = --vaultserver vault.ligo.org --issuer igwn --role {gstlalcbc_offline} --credkey {gstlalcbc_offline/robot/gstlal.ligo.caltech.edu} --out $ENV(HOME)/.config/htgettoken/bearer_token --nooidc
environment = "BEARER_TOKEN_FILE=$$(CondorScratchDir)/.condor_creds/igwn.use"

Merge request reports

Loading