htcondor · JaimeFrey · Sep 27, 2024 · Sep 26, 2024 · Sep 26, 2024 · Sep 26, 2024
diff --git a/config/03-managed-fork-defaults.conf b/config/03-managed-fork-defaults.conf
@@ -9,8 +9,8 @@
 #
 ###############################################################################
 
-# Limit the number of jobs allowed by local universe
-START_LOCAL_UNIVERSE = TotalLocalJobsRunning + TotalSchedulerJobsRunning < 20
+# Disable local universe jobs
+START_LOCAL_UNIVERSE = false
 
-# Limit the number of jobs allowed by scheduler universe
-START_SCHEDULER_UNIVERSE = $(START_LOCAL_UNIVERSE)
+# Disable scheduler universe jobs
+START_SCHEDULER_UNIVERSE = false
diff --git a/config/03-managed-fork.conf b/config/03-managed-fork.conf
@@ -7,8 +7,8 @@
 #
 ###############################################################################
 
-# Limit the number of jobs allowed by local universe
-START_LOCAL_UNIVERSE = TotalLocalJobsRunning + TotalSchedulerJobsRunning < 20
+# Disable local universe jobs
+START_LOCAL_UNIVERSE = false
 
-# Limit the number of jobs allowed by scheduler universe
-START_SCHEDULER_UNIVERSE = $(START_LOCAL_UNIVERSE)
+# Disable scheduler universe jobs
+START_SCHEDULER_UNIVERSE = false
diff --git a/config/05-ce-auth-defaults.conf b/config/05-ce-auth-defaults.conf
@@ -46,8 +46,8 @@ ALLOW_NEGOTIATOR = $(SUPERUSERS)
 # Authentication settings
 SEC_DEFAULT_AUTHENTICATION_METHODS = FS
 SEC_CLIENT_AUTHENTICATION_METHODS = FS, TOKEN, SCITOKENS, SSL
-SCHEDD.SEC_WRITE_AUTHENTICATION_METHODS = FS,TOKEN,SCITOKENS,SSL
-SCHEDD.SEC_READ_AUTHENTICATION_METHODS = FS,TOKEN,SCITOKENS,SSL
+SCHEDD.SEC_WRITE_AUTHENTICATION_METHODS = FS,SCITOKENS,SSL
+SCHEDD.SEC_READ_AUTHENTICATION_METHODS = FS,SCITOKENS,SSL
 COLLECTOR.SEC_READ_AUTHENTICATION_METHODS = FS,TOKEN,SCITOKENS,SSL
 COLLECTOR.SEC_WRITE_AUTHENTICATION_METHODS = FS,TOKEN,SCITOKENS,SSL
 COLLECTOR.SEC_ADVERTISE_STARTD_AUTHENTICATION_METHODS = FS,TOKEN,SCITOKENS,SSL

diff --git a/config/05-ce-collector-auth.conf b/config/05-ce-collector-auth.conf
@@ -26,7 +26,7 @@ COLLECTOR.ALLOW_ADVERTISE_MASTER = $(COLLECTOR.ALLOW_ADVERTISE_MASTER), $(USERS)
 
 # Allow the CE registry webapp to approve CE token requests.
 COLLECTOR.SEC_DAEMON_AUTHENTICATION_METHODS = FS,TOKEN
-COLLECTOR.ALLOW_ADMINISTRATOR=condorce_webapp@htcondor.org/localhost condorce_webapp@htcondor.org/$(FULL_HOSTNAME)
+COLLECTOR.ALLOW_ADMINISTRATOR=condorce_webapp@$(UID_DOMAIN)/localhost condorce_webapp@$(UID_DOMAIN)/$(FULL_HOSTNAME)
 
 # When requesting a token to register a new CE, only allow it to advertise a schedd.
 SEC_TOKEN_REQUEST_LIMITS = ADVERTISE_SCHEDD
diff --git a/rpm/htcondor-ce.spec b/rpm/htcondor-ce.spec
@@ -260,26 +260,12 @@ getent passwd condorce_webapp >/dev/null || \
 %post
 /bin/systemctl daemon-reload >/dev/null 2>&1 || :
 
-if [ ! -e /etc/condor-ce/passwords.d/POOL ]; then
-    %{_datadir}/condor-ce/condor_ce_create_password >/dev/null 2>&1 || :
-fi
-
 %systemd_post condor-ce.service
 
 %post collector
 /bin/systemctl daemon-reload >/dev/null 2>&1 || :
 %systemd_post condor-ce-collector.service condor-ce-collector-config.service
 
-if [ ! -e /etc/condor-ce/passwords.d/POOL ]; then
-    %{_datadir}/condor-ce/condor_ce_create_password >/dev/null 2>&1 || :
-fi
-
-autogenerated_token=/etc/condor-ce/webapp.tokens.d/50-webapp
-if [ ! -e $autogenerated_token ]; then
-    CONDOR_CONFIG=/etc/condor-ce/condor_config condor_token_create \
-                 -authz ADMINISTRATOR -identity [email protected] > $autogenerated_token 2>&1 || :
-fi
-
 %preun
 %systemd_preun condor-ce.service
 

diff --git a/src/htcondorce/registry.py b/src/htcondorce/registry.py
@@ -96,7 +96,6 @@ def fetch_tokens(reqid: str, config: Config) -> Dict:
         args.append('-pool', pool)
     req_environ = dict(os.environ)
     req_environ.setdefault('CONDOR_CONFIG', '/etc/condor-ce/condor_config')
-    req_environ['_condor_SEC_CLIENT_AUTHENTICATION_METHODS'] = "TOKEN"
     req_environ['_condor_SEC_TOKEN_DIRECTORY'] = '/etc/condor-ce/webapp.tokens.d'
     process = subprocess.Popen(args, stderr=subprocess.PIPE,
         stdout=subprocess.PIPE, env=req_environ)
@@ -122,7 +121,6 @@ def approve_token(reqid: str, config: Config):
         args.append('-pool', pool)
     req_environ = dict(os.environ)
     req_environ.setdefault('CONDOR_CONFIG', '/etc/condor-ce/condor_config')
-    req_environ['_condor_SEC_CLIENT_AUTHENTICATION_METHODS'] = "TOKEN"
     req_environ['_condor_SEC_TOKEN_DIRECTORY'] = '/etc/condor-ce/webapp.tokens.d'
     process = subprocess.Popen(args, stderr=subprocess.PIPE,
         stdout=subprocess.PIPE, stdin=subprocess.PIPE, env=req_environ)