[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [HTCondor-users] HTCondor 8.0.3 on Windows workers: firewall rules?



Dear Ziliang Guo,

Thanks for your explanation.

I have checked with Windows 7, what happens when I let HTCondor configure the Windows 7 firewall,
and I found that your explanation seems to conflict with what HTCondor does to the Windows 7 firewall.....


If I have
   ADD_WINDOWS_FIREWALL_EXCEPTION = False

then obviously the firewall rules are not changed.

However, when I start HTCondor with
   ADD_WINDOWS_FIREWALL_EXCEPTION = True
I see the new rules appear in the Windows 7 firewall as described below.


The following executables

condor_dagman.exe
condor_kbdd.exe
condor_master.exe
condor_startd.exe
condor_starter.exe
condor_vm-gahp.exe

each appear in the Firewall Inbound Rules with the settings:
Profile: Private
Enable: Yes
Action: Allow
Override: No
Program: executable's name in C:\condor\bin\
Protocol: TCP and UDP (hence each rule appears twice in the firewall list)
Local port: Any
Remote port: Any
Allowed Users: Any
Allowed Computers: Any


Does HTCondor set these firewall rules, just to be safe for any type of HTCondor PC; submitter, collector, or worker a-like?

Thanks!
Rob.

============================

On Thursday, October 10, 2013 10:10 AM, Ziliang Guo <ziliang@xxxxxxxxxxx> wrote:
kbdd communicates with the local startd, so unless your firewall is
even blocking attempts to connect back to the host, you shouldn't need
it. I believe procd and preen are in the same position so whether you
add them depends on how strict the firewall is. condor_starter I think
you will want to add to the firewall exceptions list. condor_dagman if
I recall correctly runs on the submit node. I don't recall the last
time a successful usage of vm-gahp on Windows was done here at UW, so
I'll let others comment. For any others you have questions on, I'd
suggest looking in the manual, their responsibilities are for the most
part clearly spelled out. Not that many processes end up needing to be
run on Windows on an execute node. On the other hand, HTCondor would
take care of the firewall settings if you were using the default
Windows firewall.

On Tue, Oct 8, 2013 at 6:33 PM, Stub <spamrefuse@xxxxxxxxx> wrote:
> Hi,
>
> I'm about to install HTCondor 8.0.3 on WIndows worker-PCs in our university library.
> The library Windows PCs come with a software that does firewallling and virus protection together.
>
> Its configuration lets me choose which executables can pass the protection shield.
>
> So I must carefully select the HTCondor's exe files that should go in that list
> (and not forget one, as making changes afterwards is A LOT OF work).
>
> The configuration of the Windows workers has following daemon list:
>  DAEMON_LIST=MASTER STARTD KBDD
>
>
> Then should
> condor_master.exe
> condor_kbdd.exe
> condor_startd.exe
>
> be added to the list?
>
> What about condor_procd.exe?
>
> And what about other executables, that may start when jobs are running on the workers?
> condor_dagman.exe
> condor_starter.exe
> condor_vm-gahp.exe
> condor_preen.exe
> ...
>
> Thank you!
> Rob Lahaye.
>
> _______________________________________________
> HTCondor-users mailing list
> To unsubscribe, send a message to htcondor-users-request@xxxxxxxxxxx with a
> subject: Unsubscribe
> You can also unsubscribe by visiting
> https://lists.cs.wisc.edu/mailman/listinfo/htcondor-users
>
> The archives can be found at:
> https://lists.cs.wisc.edu/archive/htcondor-users/
>



-- 
HTCondor Project Windows Developer / NEOS Maintainer