[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Condor-users] Condor Master with two NICs serving nodes on both NICs



Hi Hermann,

04/27/12 09:08:02 attempt to connect to<10.8.0.1:9618>  failed:
Connection refused (connect errno = 111).

This error indicates that the problem is not just a matter of authorization settings within Condor. It means a network connection could not even be formed. The most likely explanation for that is that Condor is not listening for connections on 10.8.0.1:9618. You could confirm that with lsof or netstat.

What is the value of BIND_ALL_INTERFACES in your configuration? You may be surprised to discover that if BIND_ALL_INTERFACES is false, PRIVATE_NETWORK_INTERFACE doesn't have any useful purpose. Condor daemons either listen on all interfaces (BIND_ALL_INTERFACES=true) or on one (BIND_ALL_INTERFACES=false). However, I suppose it would be possible to run two shared port daemons, each listening on a separate interface. This would effectively allow you to have condor listen on exactly two or any other number interfaces. I have never tried this myself. If you need to do this and can't figure out how to set it up, let me know.

--Dan

On 4/27/12 2:18 AM, Hermann Fuchs wrote:
Hello

I guess my previous email was a bit confusing, sorry for that, so I try
it again.

We have condor master server using Shared Ports and CCB due to firewall
restrictions.
Up until now we only had one NIC communicating with all nodes.

Now we've added a second NIC (a VPN tun device). We want additional
nodes to connect to the master server only through the second NIC.
Unfortunately there is no way around using the same master server for
both networks.

Example:
condor master server
main ip: 123.123.123.123
tun ip: 10.8.0.1
USE_SHARED_PORT = TRUE
NETWORK_INTERFACE = eth0
PRIVATE_NETWORK_NAME = OpenVPNnetwork
PRIVATE_NETWORK_INTERFACE = 10.8.0.1
SHARED_PORT_ARGS = -p 9618
DAEMON_LIST = $(DAEMON_LIST), SHARED_PORT
COLLECTOR_HOST = $(CONDOR_HOST)?sock=collector

"normal node"
CONDOR_HOST = 123.123.123.123
SHARED_PORT_ARGS = -p 9618
DAEMON_LIST = $(DAEMON_LIST), SHARED_PORT
COLLECTOR_HOST = $(CONDOR_HOST)?sock=collector
USE_SHARED_PORT = TRUE

"vpn node"
CONDOR_HOST = 123.123.123.123
PRIVATE_NETWORK_NAME = OpenVPNnetwork
PRIVATE_NETWORK_INTERFACE = tun0
SHARED_PORT_ARGS = -p 9618
DAEMON_LIST = $(DAEMON_LIST), SHARED_PORT
COLLECTOR_HOST = $(CONDOR_HOST)?sock=collector
USE_SHARED_PORT = TRUE


This configuration kind of works.
Both node types can contact the condor master. The vpn node will contact
the condor master using its public ip (collector) and use the vpn for
all other communications. So the vpn node has to be able to contact the
condor master on BOTH ip addresses.

We would like the vpn nodes to communicate using only the vpn network.
However, setting CONDOR_HOST = 10.8.0.1
creates the following error:
condor_status -debug
04/27/12 09:08:02 attempt to connect to<10.8.0.1:9618>  failed:
Connection refused (connect errno = 111).
Error: communication error
CEDAR:6001:Failed to connect to<10.8.0.1:9618?sock=collector>

The vpn clients allow administrative, read and write access for both ip
addresses of the condor master. For testing purposes we allowed everyone
read and write permissions on the master, the problem remained.

Does anybody have an idea how to solve this?

Best regards,
Hermann