Mailing List Archives
Public Access
|
|
![[Computer Systems Lab]](https://www-auth.cs.wisc.edu/pics/csl_logo.gif)
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Condor-users] More questions on flocking
- Date: Wed, 13 Jun 2007 09:49:34 +0100
- From: "Kewley, J \(John\)" <j.kewley@xxxxxxxx>
- Subject: Re: [Condor-users] More questions on flocking
[ some partial answers from me, for fuller / more accurate you;ll
have to wait for Condor team to come online ! ]
> I still have 2 questions concerning flocking:
> * Let's say we wan't to flock from pool A to pool B. On which
> machines of pool B
> must
> --------------------------------------------
> FLOCK_FROM = <list of submitters of pool A>
> --------------------------------------------
> be set? Is the manager of B enough or must it be set on every
> executor one
> would like to make available for pool A?
My understanding is that it is on the central node, i.e. the one containing
the negotiator (and most likely the collector). The manual says that
FLOCK_TO "is a comma separated list of the central manager machines of the pools
that jobs from machine A may flock to."
I presume by analogy that this will similar for FLOCK_FROM
> * It seems that - when set up correctly, including all
> firewalls - there is no
> authentification of users necessary across UID_DOMAIN- or
> FILESYSTEM_DOMAIN-borders, so
> one has to make sure one 'knows and trusts the guys from the
> other pool'.
In many ways it is like a single pool, with default only host-based authentication
and pretty much a trusting environment. If you want to add security, then
for each pair of nodes that want to communicate you would have to find a common
authentication method.
> When do variables like in
> -----------------------------------
> AUTHENTICATION_METHODS = FS_REMOTE
> -----------------------------------
> come into play? Is that only for 'universe = grid' jobs?
Pretty much any condor installation can have security enabled. It has to be
used for some things, like (as I have just been finding out) using the -remote option
to condor_submit and security will be needed for grid jobs such as gt2.
FS_REMOTE, as I understand it, needs some sort of shared filesystem / common UID_DOMAIN
to work.
For more on security, try the manual, or Zach's tutorial from Condor Week:
http://www.cs.wisc.edu/condor/PCW2007/monday_condor.html
the other tutorials may have more details on FLOCKing
JK