[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [HTCondor-users] Windows Central Credd Server



Hi Robert,

 

Thank you very much for the reply. I am glad to hear that you got it sorted out. I have managed to get analyses running on my execute nodes, but the program I am running (a commercial structural analysis program via COM from _vbscript_) is only partially responding – I can make changes to the model and SaveAs, but cannot analyze. A bit frustrating.

 

I have done so much messing around with my config files that I am a little bit confused as to what I need to change from the original, but I am fairly sure I will be able to work it out. I don’t know how to PM people on this list. I am on the subscribers list - https://lists.cs.wisc.edu/mailman/roster/htcondor-users

 

Two questions regarding your set-up.

1.       When running the “condor_store_cred add –c”, what level of permissions do you need to have on the node?

2.       Are your dedicated execute accounts set up centrally (i.e. not as local users of the computers)? Are you using CREDD so that they can access central resources? What level of permissions do they need, and how do you get the jobs to run as these users? (sorry, more than one question really…)

 

Andrew

 

 

 

 

 

From: htcondor-users-bounces@xxxxxxxxxxx [mailto:htcondor-users-bounces@xxxxxxxxxxx] On Behalf Of Robert McMillan
Sent: 06 May 2013 17:48
To: 'HTCondor-Users Mail List'
Subject: Re: [HTCondor-users] Windows Central Credd Server

 

Hi Andrew,

 

No reply, but from working through the messages in my logs and other posts on the forum’s I have it all working now.

 

1 x Central Manager (Master node) that runs the following Daemon’s: MASTER SCHEDD COLLECTOR NEGOTIATOR CREDD

N x Submit/Execute nodes that run the following Daemon’s: MASTER SCHEDD STARTD KBDD

 

To get the centralised CREDD working the main points for me were to make sure the UID_DOMAIN was the same and that the pool password had been stored “condor_store_cred add –c” on all nodes.

 

In terms of config files if you look at the details specified in the file c:\condor\etc\condor_config.local.credd it outlines the majority of the settings you will need.

One thing I changed and I haven’t tried reverting it to retest was I currently have “CREDD.ALLOW_DAEMON = condor_pool@*” rather than “CREDD.ALLOW_DAEMON = condor_pool@($UID_DOMAIN)”

 

Can PM you my config files if you like, but in my setup I was using dedicated execute accounts rather than runas owner.

 

Regards,

Robert

 

 

From: htcondor-users-bounces@xxxxxxxxxxx [mailto:htcondor-users-bounces@xxxxxxxxxxx] On Behalf Of Andrew Mole
Sent: Monday, 6 May 2013 7:16 PM
To: htcondor-users@xxxxxxxxxxx
Subject: Re: [HTCondor-users] Windows Central Credd Server

 

Robert,

 

Did anyone answer this one? Did you manage to get everything working? It would be good to hear if you got everything sorted out.

 

 

I have a small pool – one master node that also acts runs the credd (running windows 7). I have four computers that can submit and can run analyses (they all show up in the queue). I can submit simple jobs to them, but I need to be able to “run_as_owner” to run other analyses.

 

I have added what I think are the relevant lines to condor_config.local. I don’t see credd on on the Windows TaskMgr processes list but the Condor Service is running, and I believe that credd is up and running properly (as per the C:\condor\log\CreddLog below).

 

I think I have managed to get the CREDD to work properly, but I am still having problems getting one of the programs to work properly, although it is clearly running on remote computers and returns the results correctly. I think it is probably not a CREDD problem.

 

 

05/04/13 17:10:17 ******************************************************

05/04/13 17:10:17 ** condor_credd.exe (CONDOR_CREDD) STARTING UP

05/04/13 17:10:17 ** C:\condor\bin\condor_credd.exe

05/04/13 17:10:17 ** SubsystemInfo: name=CREDD type=DAEMON(12) class=DAEMON(1)

05/04/13 17:10:17 ** Configuration: subsystem:CREDD local:<NONE> class:DAEMON

05/04/13 17:10:17 ** $CondorVersion: 7.8.6 Oct 24 2012 BuildID: 73238 $

05/04/13 17:10:17 ** $CondorPlatform: x86_64_winnt_6.1 $

05/04/13 17:10:17 ** PID = 1292

05/04/13 17:10:17 ** Log last touched 5/4 17:10:04

05/04/13 17:10:17 ******************************************************

 

Andrew

 

 

 

From: htcondor-users-bounces@xxxxxxxxxxx [mailto:htcondor-users-bounces@xxxxxxxxxxx] On Behalf Of Robert McMillan
Sent: 07 April 2013 20:12
To: htcondor-users@xxxxxxxxxxx
Subject: [HTCondor-users] Windows Central Credd Server

 

Hi,

 

I am in the process of testing a Windows 7 condor pool on virtual machines before rolling out to a larger physical system. I am not sure how I should be managing credentials and if you could provide some guidance it would be greatly appreciated. Configuration details of the system are below. At present as I add a computer I have had to run condor_store_cred for each of the accounts on the system but ideally this would all be managed in a single by the single credd service so that machines would just work once the correct config files were installed. Is that possible and what settings would I need in the condor_config/condor_config.local files.

 

An additionally configuration question should the condor_config file be a single file referenced by all computers with only the .local file changing as required? At present I have been copying these to new machines as they are added, but I have NAS storage available that could host them if that was best practice.

 

I have created a test domain ‘DOMAIN.COM’ on the local LAN with the listed computers and accounts.

Computers:

·         MASTER.domain.com                    - central ‘manager’, runs COLLECTOR NEGOTIATOR CREDD etc.

·         WORKER1.domain.com                 - executes and submits jobs

·         WORKER2.domain.com                 - executes and submits jobs

Accounts:

·         condor@xxxxxxxxxx                    - not currently used, can be if needed

·         Robert@xxxxxxxxxx                    - my account, used to submit jobs

·         slot1@xxxxxxxxxx                         - execute account

·         slot2@xxxxxxxxxx                         - execute account

 

Computers are currently setup with 2 slots and slot<n> is a dedicated execute account.

 

Regards,

Robert McMillan

 

____________________________________________________________
Electronic mail messages entering and leaving Arup  business
systems are scanned for acceptability of content and viruses