[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Condor-users] windows credd problem


For your condor_config.local file are you using the condor_config.local.credd file (suitably renamed and modified for your pool names)? This file can be found in condor\etc. 

Hope this helps,

-----Original Message-----
Sent: October 24, 2007 6:27 PM

Received: from weatherguy.com by gypsum.cs.wisc.edu  with ESMTP id l9OMEi3N0
	23861for <condor-users@xxxxxxxxxxx>; Wed, 24 Oct 2007 17:14:48 -0500
Received: from winxpdev01 by weatherguy.com  with ESMTP idl9OMEcmk017626for 
	<condor-users@xxxxxxxxxxx>; Wed, 24 Oct 2007 16:14:43 -0600
From: "diane" <diane@xxxxxxxxxxxxxxxxxx>
To: "'Condor-Users Mail List'" <condor-users@xxxxxxxxxxx>
References: <000001c8047d$4c2c64a0$e4852de0$@com>	<004f01c804fd$16516850$42f438f0$@wisc.edu>	<000001c80537$f63de210$e2b9a630$@com>	<4702B632.7010609@xxxxxxxxxxx>	<008501c805c7$5f411270$1dc33750$@wisc.edu>	<4703C93B.3020201@xxxxxxxxxxx>	<000c01c80608$345db2c0$9d191840$@com>	<47055387.20403@xxxxxxxxxxx>	<000001c806d6$1ba511f0$52ef35d0$@com><000001c8112d$1bdae530$5390af90$@com>	<000001c814fb$9e7650c0$db62f240$@com><6E3775AF29598B46AA3F102067A510F1021C47AF@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>	<000001c815e2$b64eaa20$22ebfe60$@com>
In-Reply-To: <6E3775AF29598B46AA3F102067A510F1021C4BA1@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
Date: Wed, 24 Oct 2007 12:14:38 -1000
Message-ID: <000001c8168b$4559d700$d00d8500$@com>
MIME-Version: 1.0
X-Mailer: Microsoft Office Outlook 12.0
Content-Language: en-us
X-Seen-By: mailfromd 4.1 gypsum.cs.wisc.edu
Subject: Re: [Condor-users] condor-reuse-vm2 Job Owner  in Windows
X-BeenThere: condor-users@xxxxxxxxxxx
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: Condor-Users Mail List <condor-users@xxxxxxxxxxx>
List-Id: Condor-Users Mail List <condor-users.cs.wisc.edu>
List-Unsubscribe: <https://lists.cs.wisc.edu/mailman/listinfo/condor-users>,
List-Archive: <http://lists.cs.wisc.edu/archive/condor-users>
List-Post: <mailto:condor-users@xxxxxxxxxxx>
List-Help: <mailto:condor-users-request@xxxxxxxxxxx?subject=help>
List-Subscribe: <https://lists.cs.wisc.edu/mailman/listinfo/condor-users>,
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: condor-users-bounces@xxxxxxxxxxx
Errors-To: condor-users-bounces@xxxxxxxxxxx
X-SEF-C67785F9-9FB9-489D-88ED-68E36075F5E7: 1
X-SEF-Processed: 5_5_0_210__2007_10_24_18_27_01
Return-Path: condor-users-bounces@xxxxxxxxxxx
X-OriginalArrivalTime: 24 Oct 2007 22:26:55.0830 (UTC) FILETIME=[FBF30760:01C8168C]

Ian, Tammy,

I added the condor_pool password, but still no luck running.
In fact the CredLog itself hasn't been altered for weeks, so
I'm not sure if that's the file I should be looking at or if
credentials are even being checked at all.

Before pursuing this further, can I just explain the setup I'm trying to
I think what I'm trying to do should be really simple for condor, 
and maybe it's just getting too complicated, when it doesn't need to be.

I'm a software developer of a prototype web services application that
a job scheduler to manage a set of compute intensive tasks, farmed out to a 
pool of machines so they can be running in parallel, and return their
to that application, all in a single work session.  This application uses
as that job scheduler, where the application generates a set
of condor_submit commands.  Eventually this application will
be packaged up and installed elsewhere. In its final installation,
it will be used in a closed environment, where condor will be used only
for this application, not others.  And the machines on which it is 
installed will be dedicated for this purpose.  This will be running
in a classified environment.

The system was developed and runs successfully under linux, 
where a front end 'condor master' and a linux cluster of 'condor slaves'
is used.  In this case, the master and each node in the cluster has 
a version of condor installed.  Only the nodes (each with four virtual
machines) are available for jobs to be started,  
(Note that during the prototyping process, the frontend machine 
(a dual processor running linux) was all that was
available, so it was set up to be allowed to start jobs).

However, we had to port this whole operation to Windows XP.
And I'm fairly new to Windows.

In this process, my current development configuration consists of
a single Windows XP machine (dual processor) (userdomain: winxp-dev-01), 
on which I am currently the only user ('diane'), and on which my web
application and condor are installed.  Note that in the final
installation, the intention is to allow other users access to that machine 
(the condor_master), with condor installed on a cluster of 
windows machines (the condor_slaves).

So for this new prototype running under windows, I installed Condor on 
my single machine (I downloaded the msi file and
just ran the condor windows installer) 
and set it up to start automatically at boot.  So  
my single machine should be the only machine in the pool.

Condor does work when installed this way.  The jobs show
up as owner 'diane' in the condor queue, and the actual
jobs (sub processes) started by the 'executable' show up as running as 
'condor_reuse-vmX when viewed in the Task manager.

HOWEVER, my particular web application requires that one
of the sub processes started by the condor job that it spawns 
be run as a specific user (namely 'diane'), 
and not user 'condor-reuse-vmX' or SYSTEM.

Therefore, after installation, I altered the condor_config file to 
Include the following lines (directly as shown):

HOSTALLOW_CONFIG = winxp-dev-01

I also ran:
	 condor_store_cred add -c -p condor_pool
which seemed to work (told me it was successful)
	condor_store_cred add 
to add credentials for 'diane@winxp-dev-01'
which also worked.

I then rebooted to restart condor.

I then altered my  condor_submit command to include
	-name winxp-dev-01
And altered my condor.submit file to include:
	+Owner = "diane"
	run_as_owner = True

And now, as I said, the job shows up in the condor queue (as owner diane)
But just hangs there (is Idle).  Note, when I remove the 
      +Owner and run_as_owner lines, 
the job starts, but then eventually fails on one of its subprocesses 
(because it is being run as 'condor-reuse-vmX' (or 'condor-reuse-slot1' 
for ver 6.9) and not 'diane').

You mention checking the StartdLog. Where is that?  I have a StartLog
But that and the ShadowLog have no new entries associated with the job

Anyway, I hope the above explanation makes it clearer about 
what I should be doing.

Any help would be greatly appreciated.


-----Original Message-----
From: condor-users-bounces@xxxxxxxxxxx
[mailto:condor-users-bounces@xxxxxxxxxxx] On Behalf Of Ian Chesal
Sent: Wednesday, October 24, 2007 6:06 AM
To: Condor-Users Mail List
Subject: Re: [Condor-users] condor-reuse-vm2 Job Owner in Windows

> Thanks for the info sites.  They were very helpful.

I have to confess that we don't use Condor's credential daemon. We run
all our jobs as fixed domain accounts on our Windows boxes. It was
easier. :)
> When I make changes to the condor configuration,
> as described in the documentation (I think), restart condor, 
> and then submit the job, the job now hangs 
> in the queue (and doesn't even get started).

Tammy already suggested restarting everything (even the condor_master
processes) on all your machines. I'd start with that. And also make sure
you've stored your password with the credd daemon using

It looks like the match is being rejected. Did the job even try to run?
Check the ShadowLog on the machine running condor_schedd to see if the
job perhaps tried to execute on the machine but couldn't run. Also check
the StartdLog on the machine where you're trying to run the job. To make
debugging this easier I'd target your job to one specific machine and
maybe set that machine to only run your jobs (if the queue is not
exclusivily yours). Let us know if that helps at all.

- Ian

Confidentiality Notice.  This message may contain information that is
confidential or otherwise protected from disclosure.
If you are not the intended recipient, you are hereby notified that any use,
disclosure, dissemination, distribution, 
or copying of this message, or any attachments, is strictly prohibited.  If
you have received this message in error, 
please advise the sender by reply e-mail, and delete the message and any
attachments.  Thank you.

Condor-users mailing list
To unsubscribe, send a message to condor-users-request@xxxxxxxxxxx with a
subject: Unsubscribe
You can also unsubscribe by visiting

The archives can be found at: 

Condor-users mailing list
To unsubscribe, send a message to condor-users-request@xxxxxxxxxxx with a
subject: Unsubscribe
You can also unsubscribe by visiting

The archives can be found at: 

This e-mail, and any attachments, may contain information that
is confidential, subject to copyright, or exempt from disclosure.
Any unauthorized review, disclosure, retransmission, 
dissemination or other use of or reliance on this information 
may be unlawful and is strictly prohibited.  


Le présent courriel, et toute pièce jointe, peut contenir de 
l'information qui est confidentielle, régie par les droits 
d'auteur, ou interdite de divulgation. Tout examen, 
divulgation, retransmission, diffusion ou autres utilisations 
non autorisées de l'information ou dépendance non autorisée 
envers celle-ci peut être illégale et est strictement interdite.