[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Condor-users] Using condor to update condor

Requirements for redeploying:
1. Capability to farm things out around a pool
2. On a machine by machine basis, knowing when you cna do the upgrade

Both of these things sound like Condor would be a good move for this.
The first obvious problem is
3. Permissions to update the binaries on that machine

Personally, on the face of it I think it would be a very nice feature,
as long as appropriate flags were enabled in the condor_config files of course
maybe you'd need something in addition to HOSTALLOW_CONFIG and

Having said that, I can see some problems:
a) I think host-based authentication is used for HOSTALLOW_X, this can mean that
    ANYONE logged onto a condor central node can reconfigure machines with that
    flag enabled, and in the proposal above can replace binaries which run with some
    privelege !!
b) While I am comfortable with the notion of sending arbitrary executables round a 
   condor pool that run as nobody, or user X. Doing that for 
   privileged executables sounds nasty.


> -----Original Message-----
> From: condor-users-bounces@xxxxxxxxxxx
> [mailto:condor-users-bounces@xxxxxxxxxxx]On Behalf Of Ian Chesal
> Sent: 24 June 2005 16:48
> To: Condor-Users Mail List
> Subject: [Condor-users] Using condor to update condor
> This is more for Windows installations, where shared binaries are
> impossible to deploy (or are they?). It would be pretty cool if there
> was a way, say from the central machine (for security of course), to
> push out new condor binaries to all the machines in the system using
> Condor itself to do the job. I can't see running this as a regular job
> since the jobs likely won't have the permissions required to overwrite
> existing binaries. There would need to be a way for Condor itself to
> grab and install the binaries as SYSTEM (or root, but since Unix/Linux
> installs can used shared FS for the binaries this feature seems less
> useful).
> A command akin to the condor_reconfig -all -- only it'd be
> condor_redeploy -all.
> Anyone out there trying something like this?
> - Ian
> _______________________________________________
> Condor-users mailing list
> Condor-users@xxxxxxxxxxx
> https://lists.cs.wisc.edu/mailman/listinfo/condor-users