Help deciphering client credentials for Globus Compute
12 views
Skip to first unread message
Anthony Weaver
May 13, 2025, 10:27:09 AMMay 13
to Discuss
I'm trying to work through the documentation on client credentials so that my compute endpoint will automatically start through systemd. The compute endpoint is up and running and has an entry in /etc/systemd/system to try to start up automatically.
The directions I am following are here:
which links to
which references
I understand at some very high level I'm trying to get a client id and secret and then probably do something like add them in the systemd script as Environment="GLOBUS_COMPUTE_CLIENT_ID=b0500dab-ebd4-430f-b962-0c85bd43bdbb"
I did create a new client id and secret by choosing Register a service account or application credential for automation and filled out the required info, then placed those values in the systemd script. When I restarted thought the startup failed saying access denied. Any guidance on what I missed or where I went wrong would be very much appreciated.
Tony
Josh Bryan
May 13, 2025, 10:59:17 AMMay 13
to Anthony Weaver, Discuss
Tony,
Did you create the endpoint using client credentials? If not, then the endpoint is likely registered to your personal identity, not the client identity you registered. You will need to recreate the endpoint with your environment variables exported during the first start of the endpoint.
Regards,
Josh
Anthony Weaver
May 13, 2025, 11:22:41 AMMay 13
to Josh Bryan, Discuss
Josh,
I did not do that. I just created it basically following these directions:
As far as I can tell, the documentation referenced above doesn't mention creating the endpoint with those values exported and it would be really nice if it did, since, as I understand what you are saying, you can't go back and do that after you create the endpoint.
Even in this documentation: https://globus-compute.readthedocs.io/en/latest/endpoints/endpoints.html
It would be nice to put the client id component near the very top and make it explicit that's what needs to be done in order to autostart on reboot. It's so far down in the documentation after all the compute setup.
I created a Globus flow using this compute endpoint so I'll also have to change the compute id there too when I recreate the compute endpoint. Is that correct?
I will recreate the compute endpoint and go from there. Thank you
Kaufman, Ian
May 13, 2025, 11:44:07 AMMay 13
to Anthony Weaver, Josh Bryan, Discuss
Hi Tony,
Ian
Ian Kaufman
Principal Systems Integration Engineer
Principal Systems Integration Engineer
UC San Diego, Research IT Services
ikaufman AT ucsd DOT edu
From: dis...@globus.org <dis...@globus.org> on behalf of Anthony Weaver <awea...@fandm.edu>
Sent: Tuesday, May 13, 2025 8:22 AM
To: Josh Bryan <jo...@globus.org>
Cc: Discuss <dis...@globus.org>
Subject: Re: [Globus Discuss] Help deciphering client credentials for Globus Compute
Sent: Tuesday, May 13, 2025 8:22 AM
To: Josh Bryan <jo...@globus.org>
Cc: Discuss <dis...@globus.org>
Subject: Re: [Globus Discuss] Help deciphering client credentials for Globus Compute
To unsubscribe from this group and stop receiving emails from it, send an email to
discuss+u...@globus.org.
Anthony Weaver
May 14, 2025, 8:30:44 AMMay 14
to Discuss, ikau...@ucsd.edu, Discuss, Anthony Weaver, jo...@globus.org
So I created a new endpoint, making sure to export my client ID and secret BEFORE starting the endpoint for the first time. I watched the log file after
globus-compute-endpoint start myendpoint and it connected fine. I did not get the message to open a URL and authenticate nor did I get
unauthorized access errors.
Then I enabled the systemd script for my endpoint (while the client ID and secret were still exported) and started the service. It would not connect.
I kept getting unauthorized access to endpoint in the logfile.
To fix it I ended up:
1. systemctl edit globus-compute-endpoint-myendpoint.service
2. Near the top of the file I added
[Service]
Environment="GLOBUS_COMPUTE_CLIENT_ID=b0500dab-ebd4-430f-b962-0c85bd43bdbb"
Environment="GLOBUS_COMPUTE_CLIENT_SECRET=ABCDEFGHIJKLMNOP0123456789="
3. I made sure to save the file as override.conf
Then when I started the compute endpoint as a service it seemed to connect fine. I no longer got the unauthorized error.
As a final test,I rebooted the server and the endpoint service started successfully. I am now testing a flow with this new
endpoint to make sure the computational component still works.
Reply all
Reply to author
Forward
0 new messages