[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Condor-users] Condor doesn't appear to respect X509_USER_PROXY

On 8/24/10 12:56 PM, Jaime Frey wrote:
On Aug 24, 2010, at 10:56 AM, Ian Stokes-Rees wrote:

I have my X509_USER_PROXY pointing to a valid proxy cert in my
NFS-mounted home directory (/nfs/home/ijstokes/.globus/x509up_u1004),
but condor seems to insist on looking for it in /tmp, despite what the
docs say here:


I can copy the proxy cert to /tmp, but I need it in the NFS location for
other services on other hosts, and copying it around is just asking for
problems later, when one expires, and the other is renewed/updated.

Is this a bug, or am I doing something wrong?  Trace below.

The problem is that by default, the environment variables that exist when you run condor_submit aren't propagated to the environment that the condor_dagman job runs under. So when condor_dagman runs condor_submit to run jobs in the dag, condor_submit doesn't see X509_USER_PROXY.

You have two options:
1) Do as Zach suggests and set x509userproxy in the dag node submit files.

I should have mentioned that I already do this in the classad files referenced by the DAG:

X509userproxy           = /nfs/home/ijstokes/.globus/x509up_u1004

So that doesn't solve the problem, although perhaps if I took the intermediate DAG classad, modified it to include this, and submitted that, then it would work.

2) Use the -import_env argument to condor_submit_dag.

I'll give it a try.  Why wouldn't this be the default?  The sub-processes squash the environment they automatically inherit from their parent?


fn:Ian Stokes-Rees, PhD
org:Harvard Medical School;Biological Chemistry and Molecular Pharmacology
adr:250 Longwood Ave;;SGM-105;Boston;MA;02115;USA
title:Research Associate, Sliz Lab
tel;work:+1.617.432.5608 x75