[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Condor-users] STARTER_ALLOW_RUNAS_OWNER + credd stuff notworking



Turns out the problem was case sensitivity of the machine names: “Nurse.metsci.com” vs. “nurse.metsci.com” for the CREDD_HOST setting. CONDOR_HOST doesn’t care about the distinction. The problem sure wasn’t obvious from any logs. This might technically be a bug? DNS names are case-insensitive…

 

Thanks for the help. Reviewing the "LocalCredd” setting as you recommended clued me in on the capitalized letter.

 

From: condor-users-bounces@xxxxxxxxxxx [mailto:condor-users-bounces@xxxxxxxxxxx] On Behalf Of Michael O'Donnell
Sent: Friday, July 01, 2011 8:47 AM
To: Condor-Users Mail List
Subject: Re: [Condor-users] STARTER_ALLOW_RUNAS_OWNER + credd stuff notworking

 


Thomas, try to run this.


# Determine if pool password stored on each machine:
condor_status -f "%s\t" Name -f "%s\n" ifThenElse(isUndefined(LocalCredd),\"UNDEF\",LocalCredd)
If any machine has UNDEF associated with it then the pool password was not stored correctly.

Also, make sure you use condor_reconfig -all

First, set the pool password on the CM with the administrator account.
Second, set the pool password on all nodes from the CM with the admin account.
Third, run condor_reconfig -all

Look at p 330 in the manual for details.


Runasowner has been working for our pool, so there must be a problem with authentication, security or config settings if you cannot store the pool password.

mike



From:

"Rowe, Thomas" <rowet@xxxxxxxxxx>

To:

<condor-users@xxxxxxxxxxx>

Date:

06/30/2011 07:37 PM

Subject:

[Condor-users] STARTER_ALLOW_RUNAS_OWNER + credd stuff not working

Sent by:

condor-users-bounces@xxxxxxxxxxx

 





> condor_store_cred -c add
Account: condor_pool@xxxxxxxxxx
Enter password: [never prompted. Error below follows instantly.]
Operation failed.
   Make sure you have CONFIG access to the target Master.
-----------------------------
> condor_q -analyze
...
Condition                         Machines Matched    Suggestion
   ---------                         ----------------    ----------
1   ( TARGET.HasWindowsRunAsOwner && ( TARGET.LocalCredd is
"nurse.metsci.com:9620" ) )
                                     0                   REMOVE
...
-----------------------------

I cannot figure out how to get the run_as_owner stuff to work. The
condor_store_cred and "condor_store_cred -c" commands fail and I can
understand no explanation from the logs.

I run through the most recent installer on two XP machines. Nurse is the
central manager. Tiger is submit only. ALLOW_CONFIG and ALLOW_WRITE are
"*" on both machines.
I merge the etc/condor_config.local.credd stuff into both
configurations. Only the DAEMON_LIST and central manager differ between
the two. Credd is indeed running on both, and Tiger's credd settings
point to Nurse.

On the central manager condor_store_cred runs fine. On the submit
machine (Tiger), I get the behavior you see above.

When I submit a job requiring run_as_owner, the match making fails as
shown above by condor_q. I have no idea how to proceed.

Thanks.
_______________________________________________
Condor-users mailing list
To unsubscribe, send a message to condor-users-request@xxxxxxxxxxx with a
subject: Unsubscribe
You can also unsubscribe by visiting
https://lists.cs.wisc.edu/mailman/listinfo/condor-users

The archives can be found at:
https://lists.cs.wisc.edu/archive/condor-users/