Mailing List Archives
Public Access
|
|
![[Computer Systems Lab]](https://www-auth.cs.wisc.edu/pics/csl_logo.gif)
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [Condor-users] Using condor to update condor
- Date: Fri, 24 Jun 2005 17:24:54 +0100
- From: "Kewley, J \(John\)" <j.kewley@xxxxxxxx>
- Subject: RE: [Condor-users] Using condor to update condor
Requirements for redeploying:
1. Capability to farm things out around a pool
2. On a machine by machine basis, knowing when you cna do the upgrade
Both of these things sound like Condor would be a good move for this.
The first obvious problem is
3. Permissions to update the binaries on that machine
Personally, on the face of it I think it would be a very nice feature,
as long as appropriate flags were enabled in the condor_config files of course
maybe you'd need something in addition to HOSTALLOW_CONFIG and
HOSTALLOW_ADMINISTRATOR like HOSTALLOW_UPGRADE.
Having said that, I can see some problems:
a) I think host-based authentication is used for HOSTALLOW_X, this can mean that
ANYONE logged onto a condor central node can reconfigure machines with that
flag enabled, and in the proposal above can replace binaries which run with some
privelege !!
b) While I am comfortable with the notion of sending arbitrary executables round a
condor pool that run as nobody, or user X. Doing that for
privileged executables sounds nasty.
JK
> -----Original Message-----
> From: condor-users-bounces@xxxxxxxxxxx
> [mailto:condor-users-bounces@xxxxxxxxxxx]On Behalf Of Ian Chesal
> Sent: 24 June 2005 16:48
> To: Condor-Users Mail List
> Subject: [Condor-users] Using condor to update condor
>
>
> This is more for Windows installations, where shared binaries are
> impossible to deploy (or are they?). It would be pretty cool if there
> was a way, say from the central machine (for security of course), to
> push out new condor binaries to all the machines in the system using
> Condor itself to do the job. I can't see running this as a regular job
> since the jobs likely won't have the permissions required to overwrite
> existing binaries. There would need to be a way for Condor itself to
> grab and install the binaries as SYSTEM (or root, but since Unix/Linux
> installs can used shared FS for the binaries this feature seems less
> useful).
>
> A command akin to the condor_reconfig -all -- only it'd be
> condor_redeploy -all.
>
> Anyone out there trying something like this?
>
> - Ian
>
>
> _______________________________________________
> Condor-users mailing list
> Condor-users@xxxxxxxxxxx
> https://lists.cs.wisc.edu/mailman/listinfo/condor-users
>