[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Condor-users] Usage of udp/tcp ports is a little confusing...


I want to introduce Condor to our university library.
In that system, I will use one Linux central master for all the
administration and job submissions; the pool consists of all
the public Windows PCs.

I myself need to be sure whether I understand the port usage
and tcp/udp policy of Condor.

Given that I use a HIGHPORT/LOWPORT setting of 9600/9700 and the default 9618 port for the collector
daemon, I believe the default policy is then as follows:

1) General availability information from the pool PCs (Ads) to
    the central master occurs by UDP from pool PC (from a port
    in 9600-9700 range) to central master (to port 9618).
    This is just the usual one-way UDP communication.

2) For job submissions, TCP between pool & central master
    is used between ports in the 9600-9700 range at both

Hence, I conclude from this:

* On central master I need to open the Linux firewall for
  incoming UDP port 9618, if I only want to collect availability
  information, without job submissions.
  Submitting jobs from the central master, I also have to open
  incoming TCP ports in the 9600-9700 range.
  (The linux firewall allows all outgoing communication!).

* On the pool PCs, the Windows firewall must allow
  condor_startd  incoming/outgoing communication with the
  central master Linux PC, in order to give Ads info (UDP)
  and to communicate job submissions (TCP).

Here are my questions:
1) If I'm right with the central master firewall, then I understand
    the Linux firewall requirements.

2) If I'm right with the Windows firewall, then I'm confused
    about the firewall exceptions modifications by installing
    the Condor msi package:
        condor_dagman.exe allowed with any computer
        condor_master.exe allowed with any computer
        condor_startd.exe allowed with any computer

    I'm inclined to completely remove the condor_master.exe
    and the condor_dagman.exe firewall exceptions.
    But why are they there in the first place???

Thank you!