Re: [Condor-users] Condor Master with two NICs serving nodes on both NICs

[Dan Bradley <dan@xxxxxxxxxxxx>]

Hi Hermann,

What does lsof or netstat show for the shared port daemon's listen 
socket on port 9618 on the central manager?  If BIND_ALL_INTERFACES is 
true, I would expect it to be listening on *:9618, i.e. all interfaces.

Example command:

lsof -p <PID of condor_shared_port>

netstat -al

--Dan

On 4/27/12 4:53 PM, Hermann Fuchs wrote:
> Hi,
>
> BIND_ALL_INTERFACES is set to true
> interestingly condor does not seem to listen on 10.8.0.1 though. Could 
> this be due to the Shared port daemon and ccb?
> I am not sure if setting up to condor collectors with two shared port 
> daemons will work...
> The manual is a bit sketchy in that respect...
>
> Cheers,
> Hermann
> On 27.04.2012 17:21, Dan Bradley wrote:
> > Hi Hermann,
> >
> > > 04/27/12 09:08:02 attempt to connect to<10.8.0.1:9618>  failed:
> > > Connection refused (connect errno = 111).
> >
> > This error indicates that the problem is not just a matter of 
> > authorization settings within Condor.  It means a network connection 
> > could not even be formed.  The most likely explanation for that is 
> > that Condor is not listening for connections on 10.8.0.1:9618.  You 
> > could confirm that with lsof or netstat.
> >
> > What is the value of BIND_ALL_INTERFACES in your configuration?  You 
> > may be surprised to discover that if BIND_ALL_INTERFACES is false, 
> > PRIVATE_NETWORK_INTERFACE  doesn't have any useful purpose.  Condor 
> > daemons either listen on all interfaces (BIND_ALL_INTERFACES=true) or 
> > on one (BIND_ALL_INTERFACES=false).  However, I suppose it would be 
> > possible to run two shared port daemons, each listening on a separate 
> > interface.  This would effectively allow you to have condor listen on 
> > exactly two or any other number interfaces.  I have never tried this 
> > myself.  If you need to do this and can't figure out how to set it 
> > up, let me know.
> >
> > --Dan
> >
> > On 4/27/12 2:18 AM, Hermann Fuchs wrote:
> > > Hello
> > >
> > > I guess my previous email was a bit confusing, sorry for that, so I try
> > > it again.
> > >
> > > We have condor master server using Shared Ports and CCB due to firewall
> > > restrictions.
> > > Up until now we only had one NIC communicating with all nodes.
> > >
> > > Now we've added a second NIC (a VPN tun device). We want additional
> > > nodes to connect to the master server only through the second NIC.
> > > Unfortunately there is no way around using the same master server for
> > > both networks.
> > >
> > > Example:
> > > condor master server
> > > main ip: 123.123.123.123
> > > tun ip: 10.8.0.1
> > > USE_SHARED_PORT = TRUE
> > > NETWORK_INTERFACE = eth0
> > > PRIVATE_NETWORK_NAME = OpenVPNnetwork
> > > PRIVATE_NETWORK_INTERFACE = 10.8.0.1
> > > SHARED_PORT_ARGS = -p 9618
> > > DAEMON_LIST = $(DAEMON_LIST), SHARED_PORT
> > > COLLECTOR_HOST = $(CONDOR_HOST)?sock=collector
> > >
> > > "normal node"
> > > CONDOR_HOST = 123.123.123.123
> > > SHARED_PORT_ARGS = -p 9618
> > > DAEMON_LIST = $(DAEMON_LIST), SHARED_PORT
> > > COLLECTOR_HOST = $(CONDOR_HOST)?sock=collector
> > > USE_SHARED_PORT = TRUE
> > >
> > > "vpn node"
> > > CONDOR_HOST = 123.123.123.123
> > > PRIVATE_NETWORK_NAME = OpenVPNnetwork
> > > PRIVATE_NETWORK_INTERFACE = tun0
> > > SHARED_PORT_ARGS = -p 9618
> > > DAEMON_LIST = $(DAEMON_LIST), SHARED_PORT
> > > COLLECTOR_HOST = $(CONDOR_HOST)?sock=collector
> > > USE_SHARED_PORT = TRUE
> > >
> > >
> > > This configuration kind of works.
> > > Both node types can contact the condor master. The vpn node will 
> > > contact
> > > the condor master using its public ip (collector) and use the vpn for
> > > all other communications. So the vpn node has to be able to contact the
> > > condor master on BOTH ip addresses.
> > >
> > > We would like the vpn nodes to communicate using only the vpn network.
> > > However, setting CONDOR_HOST = 10.8.0.1
> > > creates the following error:
> > > condor_status -debug
> > > 04/27/12 09:08:02 attempt to connect to<10.8.0.1:9618>  failed:
> > > Connection refused (connect errno = 111).
> > > Error: communication error
> > > CEDAR:6001:Failed to connect to<10.8.0.1:9618?sock=collector>
> > >
> > > The vpn clients allow administrative, read and write access for both ip
> > > addresses of the condor master. For testing purposes we allowed 
> > > everyone
> > > read and write permissions on the master, the problem remained.
> > >
> > > Does anybody have an idea how to solve this?
> > >
> > > Best regards,
> > > Hermann
> > _______________________________________________
> > Condor-users mailing list
> > To unsubscribe, send a message to condor-users-request@xxxxxxxxxxx 
> > with a
> > subject: Unsubscribe
> > You can also unsubscribe by visiting
> > https://lists.cs.wisc.edu/mailman/listinfo/condor-users
> >
> > The archives can be found at:
> > https://lists.cs.wisc.edu/archive/condor-users/
>
> _______________________________________________
> Condor-users mailing list
> To unsubscribe, send a message to condor-users-request@xxxxxxxxxxx with a
> subject: Unsubscribe
> You can also unsubscribe by visiting
> https://lists.cs.wisc.edu/mailman/listinfo/condor-users
>
> The archives can be found at:
> https://lists.cs.wisc.edu/archive/condor-users/