pegasus-isi
[PM-1098] encrypt the credentials when transferred with jobs
HTCondor has now a notion of encrypt_input_files , in addition to encryption of output files and execute directories.
http://research.cs.wisc.edu/htcondor/manual/current/condor_submit.html
we should explore and add the use of this feature for credential transfers
Reporter: @vahi Watchers: @rynge @vahi
https://htcondor.readthedocs.io/en/latest/man-pages/condor_submit.html whether to use encrypt_input_files for it or not.
@rynge on my local desktop, if I do encrypt_input_files, it does work. However, I do notice that the job requrements get updated to include TARGET.HasPerFileEncryption
(TARGET.Arch == "X86_64") && (TARGET.OpSys == "macOS") && (TARGET.Disk >= RequestDisk) && (TARGET.Memory >= RequestMemory) && (TARGET.HasFileTransfer && TARGET.HasPerFileEncryption)
If i look at startds on corbusier and workflow they both have it
(virtualenv) corbusier:run0003 vahi$ condor_status -l corbusier.ads.isi.edu | grep -i encry
HasPerFileEncryption = true
same for ones on workflow
condor_status -l [email protected] | grep -i encr
HasPerFileEncryption = true
i guess the question i have is whether there is a scenario where the startd does not have it on. If so we might have to expose an option in Pegasus to turn off or on the ecryption
from HTCondor team
By default, htcondor file transfers (CEDAR) are encrypted, unless a user explicitly turns it off by setting SEC_DEFAULT_ENCRYPTION=never
However, even in the above case, if a file is explicitly asked to be encrypted in the job submit file, then the file encryption gets turned on , notwithstanding the global option.