Re: [Condor-users] FS authentication failure

[Zachary Miller <zmiller@xxxxxxxxxxx>]

On Thu, Jan 20, 2005 at 03:00:32PM -0600, Daniel Forrest wrote:
> > if you really desire host-to-host authenticationg, you'll want to
> > use GSI or KERBEROS.  there is also an FS_REMOTE which can be used
> > on a shared filesystem like NFS but i do not recommend this method
> > since it usually has problems under even a small load.
> 
> The problem with NFS is purely a timing issue.  It's been a while
> since I delved into this, but I seem to recall that the order is:
> 
> 1.) server tells client name of file to create
> 2.) client creates file and notifies server
> 3.) server looks for file to test existence and ownership
> 
> The failure is at step three because the file creation may not be seen
> by the server for several seconds due to NFS delays.

exactly.


> What we have done here is have an NFS directory that is exported from
> our central manager to all of the client machines.  When the server
> and the NFS server are on the same machine this problem goes away.
> The file created by the client will have been created in the local
> filesystem and the NFS cache issues go away.

clever workaround!


> The solution would be for the server to test for existence in a way
> that ensures the directory is updated from the NFS server.  The normal
> way is to create a dummy file and try to link it to the file that the
> client was supposed to create.  The link should fail (because the file
> already exists on the NFS server), but the side-effect is that the NFS
> directory cache is forced to be updated.

perhaps i can add this to the 6.7 branch soon, making FS_REMOTE a usable
option.  for now, it is to be avoided in general unless you do something
trickier like your above setup.

thanks for the tips!


cheers,
-zach