Credential Refresh for Long Running Jobs
CredentialManager service can also refresh the credential of a long running job. Firstly, CredentialManager service obtains all the job handles submitted to MasterForkManagedJobFactoryService (MFMJFS). Then, CredentialManager service queries the status of each job once per hour by default. If the credential of a job will expire within 2 hours and its identity is the same as the identity of the credential stored in CredentialManager service, a new credential with 12-hour-lifetime will be generated from the credential stored in CredentialManager service and used to refresh the soon-to-be-expired credential of that job. All the default values such as 12-hour-lifetime can be overwritten by specifying them in server-configure.wsdd file.
There are two options in init command related with credential refresh.
- -refresh
If user uses this option, CredentialManager service will refresh the credential of a long running job. Otherwise, no action is taken to refresh the credential.
- -jobmanager jobmanagerbaseURL
User can specify which job manager service he will submit job to by using this option.
For example, if user wants CredentialManager service to refresh the credential of a long running job and he will submit his jobs to a MFMJFS running at http://127.0.0.1:8088, he may issue a init command as follows:
myproxy-cm init http://127.0.0.1:8080 songs test -refresh -jobmanager http://127.0.0.1:8088
The source code in mmjfs-3.2-src_bundle.tar.gz is changed to make credential refresh work. There is a mmjfs_src folder in the downloaded CredentialManager source code. In that folder there are three .java files and a mmjfs-3.2-src_bundle.tar.gz file. User should replace the original mmjfs-3.2-src_bundle.tar.gz with the one in the mmjfs_src folder. The .java files are the modified source code files and the modifications are discussed as follows.
- Add a method in GramJob.java to return the service data containing the information on a list of job handles. Actually, there is a method getStartedJobs(jobfactoryURL) to return a list of job handles. However, that method only works when it is called from client (details refer to Bug 1721). As a result, a new method getStartedJobs_servicedata is added to return the service data which will be manually parsed to obtain a list of job handles.
- Modify ManagedJobImpl.java to use service data userIdGridCredentialServiceData to record the identity and termination time of a job's credential. In the original source code, userIdGridCredentialServiceData does not get set at all. We set this service data with identity and termination time of a job's credential.
- Modify ManagedJobImpl.java and managed_job_port_type.gwsdl to add a method setremainingtime to update the termination time of a job's credential. This method will be called upon in CredentialManager service whenever the job's credential is refreshed. We thought that updating the termination time in refreshCredentials method is sufficient. However, we observed that refreshCredentials method does not get called when the credential is refreshed. As a result, we add a method to update the termination time.
It will be nice that the souce code can provide all the functionalities needed for credential refresh. And we do not need to modify the source code to refresh the credential for a long running job. We report Bug 1738 to ask for more features to support credential refresh.