Mailing List Archives

Public Access

 		[Computer Systems Lab]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [HTCondor-users] Restrict access to only a set of users

Hi John,

i took the negation approach, instead of allowing only specific users, i ended up using deny_write to restrict users our constant users from submitting jobs https://htcondor-wiki.cs.wisc.edu/index.cgi/wiki?p=HowToBanUser
this way i was able to keep them out and make sure the resource was temporarily available for our current needs. I will download this tool and try it out. thank you! 


On Fri, Jun 7, 2013 at 10:24 AM, John (TJ) Knoeller <johnkn@xxxxxxxxxxx> wrote:
condor_status -better-analyze from a HTCondor 7.9.5 or later will analyze START expressions as well as job Requirements.
use -reverse to analyze START _expression_ instead of the default, which analyzes the job Requirements _expression_.

If you download a tarball of the HTCondor 8.0.0 release, you can run the 8.0.0 tools against a pool that is running an
older version of HTCondor by using the -pool argument.

-tj



On 6/6/2013 4:48 PM, Prem Kumar wrote:
Hi Todd,

These nodes are dedicated rack based nodes. I did condor_reconfig and even /etc/init.d/condor stop and start
 
Made some progress, putting the allowed users in machine-ad local config START = ( (User == "userfoo@xxxxxxx") || \
          (User == "userbar@xxxxxxx") )

Oh by the way I did substitute our workshop users(testme001@xxxxxxxxxxx) for the above and not copied as is .... 

Got this node in unclaimed:idle state. Which is better than before. 

I checked the workshop user's job-ad attribute User and I do find them in there, and even the machine-ad attribute now lists 
Start  = ( (User == "userfoo@xxxxxxx") ||  (User == "userbar@xxxxxxx"))



the only difference being the machine-ad attribute is not all upper case as defined in the machine-ad local config file, as seen above.

I tried to submit a new job but the condor_q -analyze reports "Request has not yet been considered by the matchmaker."
I have waited for over 10 mins still not considering. 

condor_status -avail shows these nodes as Unclaimed Idle, any thoughts?

Best Regards,
Prem


On Thu, Jun 6, 2013 at 2:23 PM, Todd Tannenbaum <tannenba@xxxxxxxxxxx> wrote:
On 6/6/2013 2:00 PM, Prem Kumar wrote:
Hi Todd,

Thank you for you quick reply. I used your recipe from the first link.
But I am having a hard time getting the job accepted. Nodes stay in
Owner:Idle state, even thought Load Avg: is 0.00 and no jobs running on
any of the compute/worker nodes..

Any thoughts?
Thank you,
Amit


Are these nodes dedicated servers (aka sitting in a rack) or non-dedicated desktops (aka cycle scavenging) ?

If they are dedicated nodes, then change your START _expression_ to be

START = ( (User == "userfoo@xxxxxxx") || \
          (User == "userbar@xxxxxxx") )

substituting the userids as appropriate and do not worry about load average or keyboard.

Look at an example job from a workshop owner, and confirm that the "User" attribute is what you placed in the START _expression_ above.  For instance, if job 55.0 is from a workshop user, do
   condor_q -l 55.0
and confirm you have an attribute for that job that matches an entry in your START _expression_, eg
   User == "userfoo@xxxxxxx"
You could also try "condor_q -analyze 55.0"

Don't forget to do a condor_reconfig or restart the Condor service on the execute nodes you changed...

regards,
Todd


On Thu, Jun 6, 2013 at 12:44 PM, Todd Tannenbaum <tannenba@xxxxxxxxxxx
<mailto:tannenba@xxxxxxxxxxx>> wrote:

    On 6/6/2013 12:35 PM, Prem Kumar wrote:

        Dear All,

        Hope some body can help me with this. [Sorry for this new email, my
        previous email was never copied to me from the list, so I
        couldn't reply
        to that]

        What is the quickest and the dirtiest way for me to restrict
        access to
        specific set of nodes to a specific set of users. I just need it for
        couple of days.

        Dilemma is, since there are thousands of jobs already queued for
        these
        sets of nodes, how do i restrict queued user jobs from starting
        for 2
        days, while only the workshop users can get access to these
        nodes for
        those two days.

        Please help.
        Prem


    Sounds like this is what you are looking for:

    https://htcondor-wiki.cs.wisc.__edu/index.cgi/wiki?p=__HowToAllowOnlyOneUser

    <https://htcondor-wiki.cs.wisc.edu/index.cgi/wiki?p=HowToAllowOnlyOneUser>

    We have many such common configuration recipes available at
    https://htcondor-wiki.cs.wisc.__edu/index.cgi/wiki?p=__HowToAdminRecipes

    <https://htcondor-wiki.cs.wisc.edu/index.cgi/wiki?p=HowToAdminRecipes>
    or follow the link HOWTO Recipes from the homepage.

    regards,
    Todd




_______________________________________________
HTCondor-users mailing list
To unsubscribe, send a message to htcondor-users-request@xxxxxxxxxxx with a
subject: Unsubscribe
You can also unsubscribe by visiting
https://lists.cs.wisc.edu/mailman/listinfo/htcondor-users

The archives can be found at:
https://lists.cs.wisc.edu/archive/htcondor-users/


_______________________________________________
HTCondor-users mailing list
To unsubscribe, send a message to htcondor-users-request@xxxxxxxxxxx with a
subject: Unsubscribe
You can also unsubscribe by visiting
https://lists.cs.wisc.edu/mailman/listinfo/htcondor-users

The archives can be found at:
https://lists.cs.wisc.edu/archive/htcondor-users/