[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Condor-users] condor_shared_port and NAT environment




I second Craig's comment that submitting jobs from behind a NAT to an execute node that is behind a different NAT requires more effort than just turning on CCB, since CCB relies on direct one-directional connectivity between the execute and submit hosts.

If you can configure one incoming TCP port that is forwarded from the public IP of the host machine to the NAT IP of the virtual machine, then condor_shared_port should be a viable solution. You would need to configure TCP_FORWARDING_HOST of condor running inside the NAT so that it advertises the public IP address. You would also need to specify SHARED_PORT_ARGS = -p <port> so that condor's shared port service uses the port number that is forwarded. All incoming connections to that instance of condor should then go to the public IP:port which will be forwarded to the condor daemons inside the NAT.

If the "public" IP:port of the host is firewalled, you would either need to open up that port through the firewall or you would need to use CCB to allow connections to that IP:port from other hosts that are directly accessible in the reverse direction. In other words, you have three options:

1. Open up the port on both execute and submit machines.

2. Open up the port on just submit machines and configure execute machines to use CCB.

3. Open up the port on just execute machines and configure submit machines to use CCB.

You would need to use condor 7.5.0 or later in all parts of your condor pool if you use condor_shared_port.

Let me know if anything is unclear or doesn't work as you would expect.

--Dan

Craig Struble wrote:
Dear Oori,

We've been using Condor's CCB with VirtualBox's NAT networking with success. Our setup has the headnode/submit node with a proper IP address. All execute nodes are NATed and connect to the headnode using CCB. Putting submit nodes behind a NAT too won't work with CCB because at least one end of the job execution set needs to be able to receive connections.

We haven't tried condor_shared_port yet, but I imagine that you would have to setup VirtualBox's port forwarding to the guest port listening to that shared port. This may require some futzing with the Windows firewall settings too.

    Craig

On Jan 29, 2010, at 9:53 AM, U.H wrote:

Dear condor admins,

I’ve been looking around for a solution that will allow running condor
submit/execute machines behind a NAT dictated by a virtual
environment. Would appreciate any advice regarding the following
scenario: We have idle windows machines (hosts), and they are running
virtualbox with linux/condor installations on them (guests). The
headnode is located on a machine with a proper IP address and domain
name. Currently, in this configuration, the pool works fine.

The only issue is that the linux guests currently need their own IP
addresses, which drinks up IP addresses from our dhcp pool. I’d like
the guests to be able to work in (Virtualboxe's) NAT mode, where they
utilize the host’s IP address publicly. That is, each condor submit
machine works behind a different NAT.

Is it possible to run condor in this situation using the new
condor_shared_port directive so that all communication goes out
through that port? Would the central manager machine know to return
all communication through that port so that this port could be the
only one open in the NAT (i.e., guest machine?). Or is it the case
that while all outgoing communication will go through "shared_port",
returning communication will still expect to have  a large number of
ephemeral ports open?

Any info/hints/experiences, much appreciated.

Oori
_______________________________________________
Condor-users mailing list
To unsubscribe, send a message to condor-users-request@xxxxxxxxxxx with a
subject: Unsubscribe
You can also unsubscribe by visiting
https://lists.cs.wisc.edu/mailman/listinfo/condor-users

The archives can be found at:
https://lists.cs.wisc.edu/archive/condor-users/

--
Craig A. Struble, Ph.D. | 369 Cudahy Hall  | Marquette University
Associate Professor of Computer Science    | (414)288-3783
Director, Master of Bioinformatics Program | (414)288-5472 (fax)
http://www.mscs.mu.edu/~cstruble | craig.struble@xxxxxxxxxxxxx



_______________________________________________
Condor-users mailing list
To unsubscribe, send a message to condor-users-request@xxxxxxxxxxx with a
subject: Unsubscribe
You can also unsubscribe by visiting
https://lists.cs.wisc.edu/mailman/listinfo/condor-users

The archives can be found at:
https://lists.cs.wisc.edu/archive/condor-users/