Mailing List Archives
Public Access
|
|
![[Computer Systems Lab]](https://www-auth.cs.wisc.edu/pics/csl_logo.gif)
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Condor-users] Error using Condor grid universe use from a Windows machine [SEC=UNCLASSIFIED]
- Date: Thu, 3 May 2012 08:37:43 -0500
- From: Ziliang Guo <ziliang@xxxxxxxxxxx>
- Subject: Re: [Condor-users] Error using Condor grid universe use from a Windows machine [SEC=UNCLASSIFIED]
I can't help but notice that your ALLOW_WRITE for the Windows machine
is set to only itself. I'm fairly certain that is going to prevent
other machines from sending commands to your Windows box where the
gridmanager is. Also, unless your Windows box is the central manager
as well, that ALLOW_ADMINISTRATE should also include the CM's address.
I don't suppose you're in a position to upgrade the Linux Condor
installs? Been quite a while since we switched HOSTALLOW_ to just
ALLOW_ for the config knobs.
On Thu, May 3, 2012 at 2:02 AM, Steve Cameron <Steve.Cameron@xxxxxxxxxx> wrote:
> Hi Ben
>
> On the windows (my pool) side (i.e. ERM-43880.aad.gov.au)
>
> ALLOW_ADMINISTRATOR = $(FULL_HOSTNAME)
> ALLOW_NEGOTIATOR = $(CONDOR_HOST)
> ALLOW_NEGOTIATOR_SCHEDD = $(CONDOR_HOST), $(FLOCK_NEGOTIATOR_HOSTS)
> ALLOW_OWNER = $(FULL_HOSTNAME), $(ALLOW_ADMINISTRATOR)
> ALLOW_READ = *
> ALLOW_READ_COLLECTOR = $(ALLOW_READ), $(FLOCK_FROM)
> ALLOW_READ_STARTD = $(ALLOW_READ), $(FLOCK_FROM)
> ALLOW_WRITE = ERM-43880.aad.gov.au
> ALLOW_WRITE_COLLECTOR = $(ALLOW_WRITE), $(FLOCK_FROM)
> ALLOW_WRITE_STARTD = $(ALLOW_WRITE), $(FLOCK_FROM)
>
> On the linux (general pool) controller
>
> HOSTALLOW_ADMINISTRATOR = $(CONDOR_HOST)
> HOSTALLOW_NEGOTIATOR = $(CONDOR_HOST)
> HOSTALLOW_NEGOTIATOR_SCHEDD = $(CONDOR_HOST), $(FLOCK_NEGOTIATOR_HOSTS)
> HOSTALLOW_OWNER = $(FULL_HOSTNAME), $(HOSTALLOW_ADMINISTRATOR)
> HOSTALLOW_READ = *.aad.gov.au
> HOSTALLOW_READ_COLLECTOR = $(HOSTALLOW_READ), $(FLOCK_FROM)
> HOSTALLOW_READ_STARTD = $(HOSTALLOW_READ), $(FLOCK_FROM)
> HOSTALLOW_WRITE = 147.66.*
> HOSTALLOW_WRITE_COLLECTOR = $(HOSTALLOW_WRITE), $(FLOCK_FROM)
> HOSTALLOW_WRITE_STARTD = $(HOSTALLOW_WRITE), $(FLOCK_FROM)
>
> On the linux pool machines.
>
> HOSTALLOW_ADMINISTRATOR = $(CONDOR_HOST)
> HOSTALLOW_NEGOTIATOR = $(CONDOR_HOST)
> HOSTALLOW_NEGOTIATOR_SCHEDD = $(CONDOR_HOST), $(FLOCK_NEGOTIATOR_HOSTS)
> HOSTALLOW_OWNER = $(FULL_HOSTNAME), $(HOSTALLOW_ADMINISTRATOR)
> HOSTALLOW_READ = *
> HOSTALLOW_READ_COLLECTOR = $(HOSTALLOW_READ), $(FLOCK_FROM)
> HOSTALLOW_READ_STARTD = $(HOSTALLOW_READ), $(FLOCK_FROM)
> HOSTALLOW_WRITE = *
> HOSTALLOW_WRITE_COLLECTOR = $(HOSTALLOW_WRITE), $(FLOCK_FROM)
> HOSTALLOW_WRITE_STARTD = $(HOSTALLOW_WRITE), $(FLOCK_FROM)
>
> It seems I am changing things in the wrong config file :(
>
> That might explain a few things
>
>
>
> Stephen Cameron
> Antarctic Fisheries Computing and Database Support Provider
> Australian Antarctic Division
> Kingston, Tasmania
>
>
> Phone: 03 62323571
>
> -----Original Message-----
> From: condor-users-bounces@xxxxxxxxxxx [mailto:condor-users-bounces@xxxxxxxxxxx] On Behalf Of Ben Cotton
> Sent: Thursday, 3 May 2012 12:18 AM
> To: Condor-Users Mail List
> Subject: Re: [Condor-users] Error using Condor grid universe use from a Windows machine [SEC=UNCLASSIFIED]
>
> On Tue, May 1, 2012 at 12:28 AM, Steve Cameron <Steve.Cameron@xxxxxxxxxx> wrote:
>>
>> 5/01 14:07:55 [4312] PERMISSION DENIED to unauthenticated user from
>> host
>> 147.66.85.50 for command 60000 (DC_RAISESIGNAL), access level DAEMON:
>> reason: DAEMON authorization policy contains no matching ALLOW entry
>> for this request; identifiers used for this host:
>> 147.66.85.50,NEW-50985.AAD.GOV.AU
>
> This seems like a good place to start. Can you please share your entries from condor_config and condor_config_local that contain the word ALLOW. e.g.
>
> condor_config_val -dump | findstr ALLOW
>
>
> --
> Ben Cotton
> Systems Research Engineer
> IT Research Systems
> Purdue University
> _______________________________________________
> Condor-users mailing list
> To unsubscribe, send a message to condor-users-request@xxxxxxxxxxx with a
> subject: Unsubscribe
> You can also unsubscribe by visiting
> https://lists.cs.wisc.edu/mailman/listinfo/condor-users
>
> The archives can be found at:
> https://lists.cs.wisc.edu/archive/condor-users/
> ___________________________________________________________________________
>
> Australian Antarctic Division - Commonwealth of Australia
> IMPORTANT: This transmission is intended for the addressee only. If you are not the
> intended recipient, you are notified that use or dissemination of this communication is
> strictly prohibited by Commonwealth law. If you have received this transmission in error,
> please notify the sender immediately by e-mail or by telephoning +61 3 6232 3209 and
> DELETE the message.
> Visit our web site at http://www.antarctica.gov.au/
> ___________________________________________________________________________
> _______________________________________________
> Condor-users mailing list
> To unsubscribe, send a message to condor-users-request@xxxxxxxxxxx with a
> subject: Unsubscribe
> You can also unsubscribe by visiting
> https://lists.cs.wisc.edu/mailman/listinfo/condor-users
>
> The archives can be found at:
> https://lists.cs.wisc.edu/archive/condor-users/
--
Condor Project Windows Developer