igwn-robot-get¶
Get credentials for an IGWN robot.
usage: igwn-robot-get [-h] [-V] [-v] -k KEYTAB [-c CCACHE] [-a VAULTSERVER]
[-i ISSUER] [--credkey CREDKEY] [-r ROLE] [-m MINSECS]
[--vaulttokenfile VAULTTOKENFILE] [-o OUTFILE]
[--vaulttokenminttl VAULTTOKENMINTTL] [--condor]
[principal]
Required (positional) arguments¶
- principal
Kerberos principal name (required if -k/–keytab not given)
Optional arguments¶
- -V, --version
show program’s version number and exit
- -v, --verbose
Increate verbosity (can be given multiple times).
Default:
0
Kerberos options¶
- -k, --keytab, --kerberos-keytab
Path to Kerberos keytab file
- -c, --ccache, --kerberos-ccache
Path to Kerberos ccache (default is default Kerberos ccache)
SciToken options¶
- -a, --vaultserver
Name or IP of vault server to use
Default:
'vault.ligo.org'- -i, --issuer
Name of SciToken issuer
Default:
'igwn'- --credkey
Vault credential key for this identity; default is derived from Kerberos principal
- -r, --role
Vault name of role for this identity; default is derived from Kerberos principal
- -m, --minsecs
Minimum number of seconds left in bearer token before expiry; if an existing token is found with a remaining lifetime greater than this number, htgettoken will not renew it
Default:
3600- --vaulttokenfile
Path in which to store/use vault token
- -o, --outfile, --bearertokenfile
Path in which to store bearer token
Default:
'/tmp/bt_u1005'- --vaulttokenminttl
Minimum remaining lifetime of vault token before attempting renewal
Default:
'24h'
Condor options¶
- --condor
Use condor_vault_storer to initialise a token for HTCondor
Default:
False