[WLCGPROB-256] Use SciTokens in HTCondor Job submission (!1) · Merge requests · etf / etf-alice

Nacho Barrientos requested to merge wlcgprob256 into master Mar 29, 2023

This is assuming that check_js can take both -x, inherited from here, and --token.

I thought that there was a qa and a master branch in these repos, but I see that the CI builds the QA image on every push to master and the production image is only built when the deploy:production job is triggered manually. Once this is merged a new ETF image should be available for deployment in etf-06.cern.ch.yaml (etf-alice-preprod.cern.ch).

~~Something else to do I imagine is to add the secrets here, something like:~~

etf_tokens:
    - etf_alice_ce
    - etf_alice_ce.key

~~so this can work. I'll submit a separate merge request.~~

The above is done in https://gitlab.cern.ch/ai/it-puppet-hostgroup-etf/commit/22b7c1d0616a222a642c7c70292abe8f227d13ca (I hadn't pulled grins)

~~Those blobs though have to be provided by ALICE and uploaded to Teigi, I assume?~~

Unclear yet to me what mirrors the OIDC agent configuration from /etc/grid-security/tokens (Puppet deployed) to /opt/omd/sites/etf/.oidc-agent inside the ETF container. It's not a volume and I didn't see anything in the entrypoint.

Clear now: https://gitlab.cern.ch/etf/ncgx/blob/master/bin/etf-init.sh#L263

Edited Mar 29, 2023 by Nacho Barrientos

[WLCGPROB-256] Use SciTokens in HTCondor Job submission

Merge request reports