Re: [Condor-users] condor_config_val -set problem

[Armen Babikyan <armenb@xxxxxxxxxx>]

Hello Condor Team,

This reply is 6 months belated, but hasn't really been a problem for me 
until now.  Basically, I'm running this command:

grid-8:~> condor_config_val -rset "MY_RESOURCE = False"

And getting this error:

11/20 20:13:59 DaemonCore: Command received via TCP from host 
<192.168.66.80:51285>
11/20 20:13:59 DaemonCore: received command 60003 (DC_CONFIG_RUNTIME), 
calling handler (handle_config())
11/20 20:13:59 WARNING: Someone at 192.168.66.80 is trying to modify 
"MY_RESOURCE_1"
11/20 20:13:59 WARNING: Potential security problem, request refused

Although I'm currently running 6.7.20 (and not 6.7.18 as quoted in the 
email), I'm still having this problem.  In my global condor_config file 
(insecure as it may be), I have:

HOSTALLOW_CONFIG = *
ENABLE_RUNTIME_CONFIG = True
SETTABLE_ATTRS_CONFIG = *

Could Condor's functionality with respect to this feature have changed 
from 6.7.18 to 6.7.20?  Although I used the -set option to 
condor_config_val in my previous email, I really meant to be using -rset 
(for runtime configuration), and I'm still getting a similar error.  I 
turned on D_FULLDEBUG and D_COMMAND in the condor_master, and didn't 
find anything particularly exciting:

11/20 20:31:16 DaemonCore: Command received via UDP from host 
<192.168.66.80:60252>
11/20 20:31:16 DaemonCore: received command 60008 (DC_CHILDALIVE), 
calling handler (HandleChildAliveCommand)
11/20 20:31:18 DaemonCore: Command received via TCP from host 
<192.168.66.80:51337>
11/20 20:31:18 DaemonCore: received command 60003 (DC_CONFIG_RUNTIME), 
calling handler (handle_config())
11/20 20:31:18 WARNING: Someone at 192.168.66.80 is trying to modify 
"MY_RESOURCE_1"
11/20 20:31:18 WARNING: Potential security problem, request refused
11/20 20:31:20 enter Daemons::UpdateCollector
11/20 20:31:20 Trying to update collector <192.168.66.11:9618>
11/20 20:31:20 Attempting to send update via UDP to collector 
parsec.static.net <192.168.66.11:9618>
11/20 20:31:20 SEC_TCP_SESSION_TIMEOUT is undefined, using default value 
of 20
11/20 20:31:20 exit Daemons::UpdateCollector
11/20 20:31:20 enter Daemons::CheckForNewExecutable
11/20 20:31:20 Time stamp of running 
/software/condor/condor/sbin/condor_master: 1150890676
11/20 20:31:20 GetTimeStamp returned: 1150890676
11/20 20:31:20 Time stamp of running 
/software/condor/condor/sbin/condor_schedd: 1150890676
11/20 20:31:20 GetTimeStamp returned: 1150890676
11/20 20:31:20 Time stamp of running 
/software/condor/condor/sbin/condor_startd: 1150890676
11/20 20:31:20 GetTimeStamp returned: 1150890676
11/20 20:31:20 exit Daemons::CheckForNewExecutable
11/20 20:31:20 SEC_DEBUG_PRINT_KEYS is undefined, using default value of 
False
11/20 20:31:26 DaemonCore: Command received via UDP from host 
<192.168.66.80:60254>
11/20 20:31:26 DaemonCore: received command 60008 (DC_CHILDALIVE), 
calling handler (HandleChildAliveCommand)

According to condor_config_val, this value is indeed set:

grid-8:~> condor_config_val -v MY_RESOURCE_1
MY_RESOURCE_1: TRUE
 Defined in '/software/condor/condor/local.grid-8/condor_config.local', 
line 107.

Any suggestions?

Thanks,

 - Armen

Preston Smith wrote:
> Are you running >= 6.7.18? The default security setting for  
> condor_config_val
> changed in 6.7.18..
>
> Release notes say:
> "The security of the ``condor_ config_val -set'' feature was found to be
> insufficient, so this feature is now disabled by default."
>
> Turn it back on with
> ENABLE_RUNTIME_CONFIG = TRUE
>
> -Preston
>
> On May 15, 2006, at 5:19 PM, Armen Babikyan wrote:
>
>   
> > Hi,
> >
> > I'm having trouble getting condor_config_val to set variables.   
> > First, I
> > set HOSTALLOW_CONFIG equal to my hostname in etc/condor_config,
> > restarted condor, then typed in the command:
> >
> >   condor_config_val -set "MY_RESOURCE_1 = FALSE"
> >
> > And received this error message:
> >
> >   Attempt to set configuration "MY_RESOURCE_1 = FALSE" on master
> > foobar.static.net <192.168.66.80:39988> failed.
> >
> > foobar.static.net's MasterLog had this to say:
> >
> > 5/15 16:59:52 DaemonCore: Command received via TCP from host
> > <192.168.66.80:40012>
> > 5/15 16:59:52 DaemonCore: received command 60002 (DC_CONFIG_PERSIST),
> > calling handler (handle_config())
> > 5/15 16:59:52 WARNING: Someone at 192.168.66.80 is trying to modify
> > "MY_RESOURCE_1"
> > 5/15 16:59:52 WARNING: Potential security problem, request refused
> >
> > I've replaced the value of HOSTALLOW_CONFIG with anything I could  
> > think
> > of...hostname.domainname, just the hostname, ip addresses
> > ("192.168.66.80", "127.0.0.1"), "localhost"...even "*".  The variable
> > I'm trying to change is initialized in my host's local configuration
> > file, and I'm not explicitly overriding HOSTALLOW_CONFIG in my host's
> > local configuration file.  I am using Condor 6.7.19.  Any ideas?
> >
> > Thanks,
> >
> >   - Armen
> >
> > --
> > Armen Babikyan
> > MIT Lincoln Laboratory
> > armenb@xxxxxxxxxx . 781-981-1796
> >
> > _______________________________________________
> > Condor-users mailing list
> > Condor-users@xxxxxxxxxxx
> > https://lists.cs.wisc.edu/mailman/listinfo/condor-users
> >     
>
> --
> Preston Smith  <psmith@xxxxxxxxxx>
> Systems Research Engineer
> Rosen Center for Advanced Computing, Purdue University
>
>
>
> _______________________________________________
> Condor-users mailing list
> Condor-users@xxxxxxxxxxx
> https://lists.cs.wisc.edu/mailman/listinfo/condor-users
>
>
>   


--
Armen Babikyan
MIT Lincoln Laboratory
armenb@xxxxxxxxxx . 781-981-1796