Mailing List Archives Public Access	UW Madison Computer Sciences Department Computer Systems Lab

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Condor-users] Condor doesn't appear to respect X509_USER_PROXY

Date: Tue, 24 Aug 2010 13:50:37 -0400
From: Ian Stokes-Rees <ijstokes@xxxxxxxxxxxxxxxxxxx>
Subject: Re: [Condor-users] Condor doesn't appear to respect X509_USER_PROXY

On 8/24/10 12:56 PM, Jaime Frey wrote:

On Aug 24, 2010, at 10:56 AM, Ian Stokes-Rees wrote:

I have my X509_USER_PROXY pointing to a valid proxy cert in my
NFS-mounted home directory (/nfs/home/ijstokes/.globus/x509up_u1004),
but condor seems to insist on looking for it in /tmp, despite what the
docs say here:

http://www.cs.wisc.edu/condor/manual/v7.4/3_6Security.html

I can copy the proxy cert to /tmp, but I need it in the NFS location for
other services on other hosts, and copying it around is just asking for
problems later, when one expires, and the other is renewed/updated.

Is this a bug, or am I doing something wrong? Trace below.

The problem is that by default, the environment variables that exist when you run condor_submit aren't propagated to the environment that the condor_dagman job runs under. So when condor_dagman runs condor_submit to run jobs in the dag, condor_submit doesn't see X509_USER_PROXY.

You have two options:

1) Do as Zach suggests and set x509userproxy in the dag node submit files.

I should have mentioned that I already do this in the classad files referenced by the DAG:

X509userproxy = /nfs/home/ijstokes/.globus/x509up_u1004

So that doesn't solve the problem, although perhaps if I took the intermediate DAG classad, modified it to include this, and submitted that, then it would work.

2) Use the -import_env argument to condor_submit_dag.

I'll give it a try. Why wouldn't this be the default? The sub-processes squash the environment they automatically inherit from their parent?

Thanks,

Ian

begin:vcard
fn:Ian Stokes-Rees, PhD
n:Stokes-Rees;Ian
org:Harvard Medical School;Biological Chemistry and Molecular Pharmacology
adr:250 Longwood Ave;;SGM-105;Boston;MA;02115;USA
email;internet:ijstokes@xxxxxxxxxxxxxxxxxxx
title:Research Associate, Sliz Lab
tel;work:+1.617.432.5608 x75
tel;fax:+1.617.432.5600
tel;cell:+1.617.331.5993
url:http:/sbgrid.org
version:2.1
end:vcard

Follow-Ups:
- Re: [Condor-users] Condor doesn't appear to respect X509_USER_PROXY
  - From: Jaime Frey

References:
- [Condor-users] Condor doesn't appear to respect X509_USER_PROXY
  - From: Ian Stokes-Rees
- Re: [Condor-users] Condor doesn't appear to respect X509_USER_PROXY
  - From: Jaime Frey

Prev by Date: Re: [Condor-users] Condor doesn't appear to respect X509_USER_PROXY
Next by Date: Re: [Condor-users] Condor doesn't appear to respect X509_USER_PROXY
Previous by thread: Re: [Condor-users] Condor doesn't appear to respect X509_USER_PROXY
Next by thread: Re: [Condor-users] Condor doesn't appear to respect X509_USER_PROXY
Index(es):
- Date
- Thread

Mailing List Archives

Public Access

Re: [Condor-users] Condor doesn't appear to respect X509_USER_PROXY