Mailing List Archives
Public Access
|
|
![[Computer Systems Lab]](https://www-auth.cs.wisc.edu/pics/csl_logo.gif)
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Condor-users] Running jobs as submitting user in Windows
- Date: Fri, 22 Feb 2008 13:05:10 -0500
- From: "Thompson, Cooper" <cooper.thompson@xxxxxxxx>
- Subject: Re: [Condor-users] Running jobs as submitting user in Windows
Using Condor 6.8.5, I've noticed that the LocalCredd machine attribute is populated only when Condor starts, and only if it can talk to CREDD_HOST when it starts. If condor_credd is not running on CREDD_HOST when Condor is started on your execute machines, they will not set their LocalCredd attribute. As far as I can tell there is a startup-order dependency.
You may try just restarting Condor on your execute nodes and see if they pick up the attribute. I'm not 100% certain, but I don't believe condor_reconfig is NOT sufficient to get your execute machines to pick up the attribute.
Coop
-----Original Message-----
From: condor-users-bounces@xxxxxxxxxxx [mailto:condor-users-bounces@xxxxxxxxxxx] On Behalf Of Ben Burnett
Sent: Friday, February 22, 2008 12:22 PM
To: 'Condor-Users Mail List'
Subject: Re: [Condor-users] Running jobs as submitting user in Windows
Hi Henrik:
Sorry, my message was not intended to be insulting or presumptuous :). I just
fired it off in the midst of a flurry of work.
I assume that CONDOR_HOST points not to the local host, but to the CM (or
MASTER), correct? CREDD_HOST is evaluated to determine what to place in the
LocalCredd attribute, so this would be the first place to look. The rest appears
to be correct.
Regards,
-B
-----Original Message-----
From: condor-users-bounces@xxxxxxxxxxx [mailto:condor-users-bounces@xxxxxxxxxxx]
On Behalf Of Henrik Fällstrand XX
Sent: Friday, February 22, 2008 2:12 AM
To: Condor-Users Mail List
Subject: Re: [Condor-users] Running jobs as submitting user in Windows
Hi Ben,
Yes, i know, ping works, I can even telnet to that port and get a connection, no
problem... What I was suspecting is that there is no "LocalCredd" entry when I
run "condor_status -l E001B78A6A347". Its the only requirement for submitting a
job that does not seem to be met, but then again without this i would not get
authenticated?? Is there a way of forcing requirements to be reset?
Is there some setting with windows authentiaction that I have missed? On the
master resp execute hosts i have the settings below. The CREDD daemon only needs
to be running on the master host, right?
MASTER:
## CREDD logging settings
## Customize these if you wish.
CREDD_LOG = $(LOG)/CreddLog
CREDD_DEBUG = D_COMMAND
MAX_CREDD_LOG = 50000000
DAEMON_LIST = $(DAEMON_LIST), CREDD
CREDD = $(SBIN)/condor_credd.exe
SEC_CREDD_SESSION_TIMEOUT = 10
# Set security settings so that full security to the credd is required
CREDD.SEC_DEFAULT_AUTHENTICATION =REQUIRED
CREDD.SEC_DEFAULT_ENCRYPTION = REQUIRED
CREDD.SEC_DEFAULT_INTEGRITY = REQUIRED
CREDD.SEC_DEFAULT_NEGOTIATION = REQUIRED
# Require PASSWORD auth for password fetching
CREDD.SEC_DAEMON_AUTHENTICATION_METHODS = PASSWORD
# Only honor password fetch requests to the trusted "condor_pool" user
CREDD.ALLOW_DAEMON = condor_pool@$(UID_DOMAIN)
# Require NTSSPI for storing credentials
CREDD.SEC_DEFAULT_AUTHENTICATION_METHODS = NTSSPI
EXECUTE HOSTS:
CREDD_HOST = $(CONDOR_HOST):$(CREDD_PORT)
STARTER_ALLOW_RUNAS_OWNER = True
CREDD_CACHE_LOCALLY = True
CRED_STORE_DIR = $(LOCAL_DIR)/cred_dir (directory is created....)
Regards,
Henrik
Requirements = (Arch == "INTEL") && (OpSys == "WINNT50") && (Disk >= DiskUsage)
&& ((Memory * 1024) >= ImageSize) && (HasFileTransfer) && (HasWindowsRunAsOwner
&& (LocalCredd =?= "E001B78A6A347:9620"))
-----Original Message-----
From: condor-users-bounces@xxxxxxxxxxx [mailto:condor-users-bounces@xxxxxxxxxxx]
On Behalf Of Ben Burnett
Sent: den 21 februari 2008 17:08
To: 'Condor-Users Mail List'
Subject: Re: [Condor-users] Running jobs as submitting user in Windows
> Do you know what this could be?
It's your machine's hostname with the credd port appended to it:
E001B78A6A347.mydom.cypoid.com => E001B78A6A347:9620
Can you ping your machine using the unqualified name:
> ping E001B78A6A347
Regards,
-B
-----Original Message-----
From: condor-users-bounces@xxxxxxxxxxx [mailto:condor-users-bounces@xxxxxxxxxxx]
On Behalf Of Henrik Fällstrand XX
Sent: Thursday, February 21, 2008 9:29 AM
To: Condor-Users Mail List
Subject: Re: [Condor-users] Running jobs as submitting user in Windows
Thanks Mike,
Seems like I'm almost there, now I still got a problem with jobs not starting at
all when using run_as_user. The jobs can not get the correct resources, I'm
suspecting LocalCredd =?= "E001B78A6A347:9620" since this is the only
requirement value I can't see when running condor_status -l. Do you know what
this could be?
When I set debug logging to ALL_DEBUG = D_SECURITY then the CreddLog shows that
all authentication and handshaking succeeds...
Thanks for your help!
Regards,
Henrik
C:\condor>bin\condor_q -analyze 348.0
-- Submitter: E001B78A6A347.mydom.cypoid.com : <192.168.52.200:1746> :
E001B78A6A347.mydom.cypoid.com
ID OWNER SUBMITTED RUN_TIME ST PRI SIZE CMD
---
348.000: Run analysis summary. Of 6 machines,
6 are rejected by your job's requirements
0 reject your job because of their own requirements
0 match but are serving users with a better priority in the pool
0 match but reject the job for unknown reasons
0 match but will not currently preempt their existing job
0 are available to run your job
No successful match recorded.
Last failed match: Thu Feb 21 12:22:06 2008
Reason for last match failure: no match found
WARNING: Be advised:
No resources matched request's constraints
Check the Requirements expression below:
Requirements = (Arch == "INTEL") && (OpSys == "WINNT50") && (Disk >= DiskUsage)
&& ((Memory * 1024) >= ImageSize) && (HasFileTransfer) && (HasWindowsRunAsOwner
&& (LocalCredd =?= "E001B78A6A347:9620"))
C:\condor>bin\condor_status -l E001B78A6A347
MyType = "Machine"
TargetType = "Job"
Name = "vm2@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
Machine = "E001B78A6A347.mydom.cypoid.com"
Rank = 0.000000
CpuBusy = ((LoadAvg - CondorLoadAvg) >= 0.500000) COLLECTOR_HOST_STRING =
"E001B78A6A347"
CondorVersion = "$CondorVersion: 6.8.8 Dec 19 2007 $"
CondorPlatform = "$CondorPlatform: INTEL-WINNT50 $"
VirtualMachineID = 2
VirtualMemory = 1226570
Disk = 29504353
CondorLoadAvg = 0.000000
LoadAvg = 0.000000
KeyboardIdle = 0
ConsoleIdle = 0
Memory = 1023
Cpus = 1
StartdIpAddr = "<192.168.52.200:1148>"
Arch = "INTEL"
OpSys = "WINNT50"
UidDomain = "mydom"
FileSystemDomain = "E001B78A6A347.mydom.cypoid.com"
Subnet = "192.168.52"
HasIOProxy = TRUE
CheckpointPlatform = "WINNT50 INTEL Unknown normal"
TotalVirtualMemory = 2453140
TotalDisk = 59008707
TotalCpus = 2
TotalMemory = 2047
KFlops = 1270663
Mips = 4553
LastBenchmark = 1203605961
TotalLoadAvg = 0.040000
TotalCondorLoadAvg = 0.000000
ClockMin = 974
ClockDay = 4
TotalVirtualMachines = 2
HasFileTransfer = TRUE
HasPerFileEncryption = TRUE
HasReconnect = TRUE
HasMPI = TRUE
HasTDP = TRUE
HasJobDeferral = TRUE
HasJICLocalConfig = TRUE
HasJICLocalStdin = TRUE
HasWindowsRunAsOwner = TRUE
StarterAbilityList =
"HasFileTransfer,HasPerFileEncryption,HasReconnect,HasMPI,HasTDP,HasJobDeferral,
HasJICLocalConfig,HasJICLocalStdin,HasWindowsRunAsOwner"
CpuBusyTime = 0
CpuIsBusy = FALSE
TimeToLive = 2147483647
State = "Unclaimed"
EnteredCurrentState = 1203605961
Activity = "Idle"
EnteredCurrentActivity = 1203605961
Start = TRUE
Requirements = (START) && (IsValidCheckpointPlatform) IsValidCheckpointPlatform
= (((TARGET.JobUniverse == 1) == FALSE) || ((MY.CheckpointPlatform =!=
UNDEFINED) && ((TARGET.LastCheckpointPlatform =?= MY.Checkpoint
Platform) || (TARGET.NumCkpts == 0))))
MaxJobRetirementTime = 0
CurrentRank = 0.000000
MonitorSelfTime = 1203606681
MonitorSelfCPUUsage = 0.013019
MonitorSelfImageSize = 56984.000000
MonitorSelfResidentSetSize = 24648
MonitorSelfAge = 731
MonitorSelfRegisteredSocketCount = 2
DaemonStartTime = 1203605949
UpdateSequenceNumber = 3
MyAddress = "<192.168.52.200:1148>"
LastHeardFrom = 1203606866
UpdatesTotal = 4
UpdatesSequenced = 3
UpdatesLost = 0
UpdatesHistory = "0x00000000000000000000000000000000"
_______________________________________________
Condor-users mailing list
To unsubscribe, send a message to condor-users-request@xxxxxxxxxxx with a
subject: Unsubscribe
You can also unsubscribe by visiting
https://lists.cs.wisc.edu/mailman/listinfo/condor-users
The archives can be found at:
https://lists.cs.wisc.edu/archive/condor-users/
_______________________________________________
Condor-users mailing list
To unsubscribe, send a message to condor-users-request@xxxxxxxxxxx with a
subject: Unsubscribe
You can also unsubscribe by visiting
https://lists.cs.wisc.edu/mailman/listinfo/condor-users
The archives can be found at:
https://lists.cs.wisc.edu/archive/condor-users/
_______________________________________________
Condor-users mailing list
To unsubscribe, send a message to condor-users-request@xxxxxxxxxxx with a
subject: Unsubscribe
You can also unsubscribe by visiting
https://lists.cs.wisc.edu/mailman/listinfo/condor-users
The archives can be found at:
https://lists.cs.wisc.edu/archive/condor-users/
_______________________________________________
Condor-users mailing list
To unsubscribe, send a message to condor-users-request@xxxxxxxxxxx with a
subject: Unsubscribe
You can also unsubscribe by visiting
https://lists.cs.wisc.edu/mailman/listinfo/condor-users
The archives can be found at:
https://lists.cs.wisc.edu/archive/condor-users/