[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Condor-users] Request: Run hook scripts in the context of the user who will execute the job on Windows

> Brain storm thoughts:
> When you say you need to mount a drive as part of your
> Windows hook, do
> you mean the hook itself needs data on the shared file
> system, or that
> the hook needs to mount a drive as a preparation step for the
> user's job
> to run?

The former. The hook needs modules and tools located on my shared drive
to do its thing. We copy up a bunch of stuff to the Windows drives but
its impossible to keep it in sync with the "live" system libaries on my

> Esp if the latter:  If you define a USER_JOB_WRAPPER in your
> condor_config, that wrapper will indeed run as the user, not
> as system.
>   Your hook script could insert into the job ad (into the job
> environment perhaps?) information about what share to mount etc, and
> this would be picked up by your USER_JOB_WRAPPER.  Heck, I
> suppose the
> hook could even rewrite the job ad's Cmd (executable)
> attribute to use
> to point to a dynamically created wrapper that would then of
> course run
> as the user when the job is launched.

That's one approach we were toying with actually: instead of having the
hook pull the job, have the hook *always* pass back to Condor a job that
is actually my hook script. So then Condor, when it fires the hook,
always gets a job and runs it as one of my headless users, which in turn
actually runs my pull script.

Trouble with that is it screws up my stats collection. Every machine
always looks like it's running a job. But it's another "in the pocket"
idea to try here. We haven't exhausted the direct approach yet.

> Another idea: if you are using a "Professional" version of
> Windows, aka
> XP Professional and _not_ XP Home etc, and you are using
> dedicated job
> run accounts with Condor, perhaps you could use the "runas /savecred"
> option and then do a runas from inside your hook.

We're toying with this now. It's been unreliable in the past to stash
credentials this way. It'll work for a period of time and then it'll
start asking for the password again. We'll see how the tests go with
this one.

> If you haven't looked at it lately, section 6.2.8 of the
> Condor Manual
> may inspire some other ideas as well:
> http://www.cs.wisc.edu/condor/manual/v7.2/6_2Microsoft_Windows
> .html#SECTION00728000000000000000

I'll cruise the docs.

Thanks for the ideas guys! I'll keep you posted on the final solution in
case anyone else wants to try hooks on windows with access to network

- Ian

Confidentiality Notice.
This message may contain information that is confidential or otherwise protected from disclosure. If you are not the intended recipient, you are hereby notified that any use, disclosure, dissemination, distribution,  or copying  of this message, or any attachments, is strictly prohibited.  If you have received this message in error, please advise the sender by reply e-mail, and delete the message and any attachments.  Thank you.