[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [HTCondor-users] Windows Central Credd Server

Hi Andrew,


No reply, but from working through the messages in my logs and other posts on the forum’s I have it all working now.


1 x Central Manager (Master node) that runs the following Daemon’s: MASTER SCHEDD COLLECTOR NEGOTIATOR CREDD

N x Submit/Execute nodes that run the following Daemon’s: MASTER SCHEDD STARTD KBDD


To get the centralised CREDD working the main points for me were to make sure the UID_DOMAIN was the same and that the pool password had been stored “condor_store_cred add –c” on all nodes.


In terms of config files if you look at the details specified in the file c:\condor\etc\condor_config.local.credd it outlines the majority of the settings you will need.

One thing I changed and I haven’t tried reverting it to retest was I currently have “CREDD.ALLOW_DAEMON = condor_pool@*” rather than “CREDD.ALLOW_DAEMON = condor_pool@($UID_DOMAIN)”


Can PM you my config files if you like, but in my setup I was using dedicated execute accounts rather than runas owner.






From: htcondor-users-bounces@xxxxxxxxxxx [mailto:htcondor-users-bounces@xxxxxxxxxxx] On Behalf Of Andrew Mole
Sent: Monday, 6 May 2013 7:16 PM
To: htcondor-users@xxxxxxxxxxx
Subject: Re: [HTCondor-users] Windows Central Credd Server




Did anyone answer this one? Did you manage to get everything working? It would be good to hear if you got everything sorted out.



I have a small pool – one master node that also acts runs the credd (running windows 7). I have four computers that can submit and can run analyses (they all show up in the queue). I can submit simple jobs to them, but I need to be able to “run_as_owner” to run other analyses.


I have added what I think are the relevant lines to condor_config.local. I don’t see credd on on the Windows TaskMgr processes list but the Condor Service is running, and I believe that credd is up and running properly (as per the C:\condor\log\CreddLog below).


I think I have managed to get the CREDD to work properly, but I am still having problems getting one of the programs to work properly, although it is clearly running on remote computers and returns the results correctly. I think it is probably not a CREDD problem.



05/04/13 17:10:17 ******************************************************

05/04/13 17:10:17 ** condor_credd.exe (CONDOR_CREDD) STARTING UP

05/04/13 17:10:17 ** C:\condor\bin\condor_credd.exe

05/04/13 17:10:17 ** SubsystemInfo: name=CREDD type=DAEMON(12) class=DAEMON(1)

05/04/13 17:10:17 ** Configuration: subsystem:CREDD local:<NONE> class:DAEMON

05/04/13 17:10:17 ** $CondorVersion: 7.8.6 Oct 24 2012 BuildID: 73238 $

05/04/13 17:10:17 ** $CondorPlatform: x86_64_winnt_6.1 $

05/04/13 17:10:17 ** PID = 1292

05/04/13 17:10:17 ** Log last touched 5/4 17:10:04

05/04/13 17:10:17 ******************************************************






From: htcondor-users-bounces@xxxxxxxxxxx [mailto:htcondor-users-bounces@xxxxxxxxxxx] On Behalf Of Robert McMillan
Sent: 07 April 2013 20:12
To: htcondor-users@xxxxxxxxxxx
Subject: [HTCondor-users] Windows Central Credd Server




I am in the process of testing a Windows 7 condor pool on virtual machines before rolling out to a larger physical system. I am not sure how I should be managing credentials and if you could provide some guidance it would be greatly appreciated. Configuration details of the system are below. At present as I add a computer I have had to run condor_store_cred for each of the accounts on the system but ideally this would all be managed in a single by the single credd service so that machines would just work once the correct config files were installed. Is that possible and what settings would I need in the condor_config/condor_config.local files.


An additionally configuration question should the condor_config file be a single file referenced by all computers with only the .local file changing as required? At present I have been copying these to new machines as they are added, but I have NAS storage available that could host them if that was best practice.


I have created a test domain ‘DOMAIN.COM’ on the local LAN with the listed computers and accounts.


·         MASTER.domain.com                    - central ‘manager’, runs COLLECTOR NEGOTIATOR CREDD etc.

·         WORKER1.domain.com                 - executes and submits jobs

·         WORKER2.domain.com                 - executes and submits jobs


·         condor@xxxxxxxxxx                    - not currently used, can be if needed

·         Robert@xxxxxxxxxx                    - my account, used to submit jobs

·         slot1@xxxxxxxxxx                         - execute account

·         slot2@xxxxxxxxxx                         - execute account


Computers are currently setup with 2 slots and slot<n> is a dedicated execute account.



Robert McMillan


Electronic mail messages entering and leaving Arup  business
systems are scanned for acceptability of content and viruses