Publication from : Alessandro Paolini (operations@egi.eu)
Dear VO Managers,
As already discussed, part of our infrastructure is going to change authentication and authorisation system, from X509 personal certificates to AAI tokens.
This month the HTCondorCE version that is deployed on several sites is reaching its end of life and we should start soon a migration campaign to a new HTCondorCE version that dropped the usage of X509 personal certificates in favour of AAI tokens.
This implies that in order to submit jobs to the sites providing a HTCondorCE you will not be able to use VOMS proxies any longer, but you need a token released by AAI Identity Proxies like EGI Check-in (https://docs.egi.eu/users/aai/check-in/obtaining-tokens/).
Besides the migration campaign of the sites, we are also going to clone the several VOs from their VOMS servers to EGI Check-in so the users can get the tokens with the VO entitlements they need.
The other CE technology deployed by other sites, the ARC-CE, will still support the VOMS-based authentication and authorisation for the time being (it can actually be configured to support both the methods).
While we aim to implement this change in a way that should be as smooth as possible, we appreciate that some VOs might not be ready yet to it so that we are also discussing with the HTCondorCE team a possible extension, for a few months, of the support of the old version in order to give more time to the VOs to prepare for the authentication switch; but this is not yet agreed.
We would like to ask you what is your status concerning this switch, either if you use central tools (like the EGI Workload Manager based on Dirac) to consume the CE resources or if you submit jobs through command line.
Please write to "operations egi.eu" and "ucst egi.eu" if you are ready to the change, how you interact with the CEs, if you need further time to be prepared for the new way to access the CEs, and what are the main issues you are facing to get ready for the switch.
Your feedback could be a valuable input for the discussion with the HTCondorCE team about a possible extension of the support of the VOMS-based authentication in the HTCondorCE product.
Best regards,
EGi Operations
Link to this broadcast.