Mailing List Archives

Public Access

 		[Computer Systems Lab]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [HTCondor-users] job failed to submit to CE with SCIToken only


Hi Xiaowei,

In addition to Maarten's suggestion, what is the output from

   condor_ce_config_val -dump READ

Specifically, I am wondering if your config has the line

    ALLOW_READ= *

or if you have something more restrictive....

If I recall, by default, READ access to the CE collector is authorized to any client can then successfully authenticate (for instance, with a valid token)...


Hope this helps,
Todd

On 6/13/2023 10:40 AM, Maarten Litmaath wrote:
Hi Xiaowei,
might it be a configuration issue on the client side?  Check:

https://twiki.cern.ch/twiki/bin/view/LCG/HTCondorCEclientConfigTips


From: HTCondor-users <htcondor-users-bounces@xxxxxxxxxxx> on behalf of JIANG Xiaowei <jiangxw@xxxxxxxxxx>
Sent: Tuesday, June 13, 2023 12:17 PM
To: htcondor-users@xxxxxxxxxxx <htcondor-users@xxxxxxxxxxx>
Subject: [HTCondor-users] job failed to submit to CE with SCIToken only
 

Dear Experts,


I am facing a wierd problem that the cms sam job can not be submitted to our CE with only SCIToken. 

On sam schedd side, there are some errors like [1].

On my CE collector, the CollectorLog is posted in the attachment and no clue in SchedLog.

The related configurations are like:

[root@condorce02 config.d]# cat /etc/condor-ce/mapfiles.d/10-scitokens.conf

# CMS SAM ##
SCITOKENS /^https\:\/\/cms-auth\.web\.cern\.ch\/,08ca855e-d715-410e-a6ff-ad77306e1763$/ cmssgm006
## ATLAS SAM ##
SCITOKENS /^https:\/\/atlas-auth\.web\.cern\.ch\/,5c5d2a4d-9177-3efa-912f-1b4e5c9fb660$/ atlassgm007

[root@condorce02 config.d]# condor_ce_config_val -dump Collector.SEC
COLLECTOR.SEC_ADVERTISE_STARTD_AUTHENTICATION_METHODS = FS,TOKEN,SCITOKENS,GSI,SSL
COLLECTOR.SEC_READ_AUTHENTICATION_METHODS = FS,TOKEN,SCITOKENS,GSI,SSL
COLLECTOR.SEC_WRITE_AUTHENTICATION_METHODS = FS,TOKEN,SCITOKENS,GSI,SSL

The condor_versions are: 

[root@condorce02 config.d]# condor_ce_version
$HTCondorCEVersion: 5.1.6 $
$CondorVersion: 9.0.17 May 27 2023 BuildID: 649540 PackageID: 9.0.17-3 $

Hope to get help from your expert side! Thanks!


Regards,

Xiaowei


[1] - 

06/07/23 13:23:07 [117315] SECMAN: required authentication with collector at <202.122.33.23:9619> failed, so aborting command QUERY_SCHEDD_ADS. 06/07/23 13:23:07 [117315] ERROR: AUTHENTICATE:1003:Failed to authenticate with any method|AUTHENTICATE:1004:Failed to authenticate using SSL|AUTHENTICATE:1004:Failed to authenticate using SCITOKENS|AUTHENTICATE:1004:Failed to authenticate using IDTOKENS|AUTHENTICATE:1004:Failed to authenticate using FS 06/07/23 13:23:07 [117315] Error locating schedd condorce02.ihep.ac.cn 06/07/23 13:23:07 [117315] Can't find address of queue manager 06/07/23 13:23:07 [117315] Error connecting to schedd condorce02.ihep.ac.cn: 


_______________________________________________
HTCondor-users mailing list
To unsubscribe, send a message to htcondor-users-request@xxxxxxxxxxx with a
subject: Unsubscribe
You can also unsubscribe by visiting
https://lists.cs.wisc.edu/mailman/listinfo/htcondor-users

The archives can be found at:
https://lists.cs.wisc.edu/archive/htcondor-users/


-- 
Todd Tannenbaum <tannenba@xxxxxxxxxxx>  University of Wisconsin-Madison
Center for High Throughput Computing    Department of Computer Sciences
Calendar: https://tinyurl.com/yd55mtgd  1210 W. Dayton St. Rm #4257
Phone: (608) 263-7132                   Madison, WI 53706-1685