Hey folks -
For this use case, you're likely going to need to disable all cgroup isolation on condor when running, lest you try to re-parent and I don't even recommend trying to do that, because you may enter into a hurt-locker.Â Also your containers may need to be privileged to run, see https://github.com/GoogleCloudPlatform/kubernetes/issues/391 for more details.
Best of luck,
----- Original Message -----
> From: "Todd Tannenbaum" <tannenba@xxxxxxxxxxx>
> To: "HTCondor-Users Mail List" <htcondor-users@xxxxxxxxxxx>
> Sent: Monday, November 10, 2014 12:15:14 PM
> Subject: Re: [HTCondor-users] Trouble trying to make HTCondor work in a Docker container
> On 11/9/2014 7:05 AM, Jim White wrote:
> > Adding UPDATE_COLLECTOR_WITH_TCP=TRUE gets the workers to show up in the
> > pool and allowing everything for hosts in the private IP space lets jobs
> > run.Â I'll have a blog post within a few days to show this running in
> > Google Compute Engine.
> > Jim
> Jim, this sounds great, please share the blog post once written!
> > On Sun, Nov 9, 2014 at 2:14 AM, Jim White <jimwhite@xxxxxx
> > <mailto:jimwhite@xxxxxx>> wrote:
> >Â Â ÂWell, I've gotten past that issue by enabling DNS and (after dealing
> >Â Â Âwith Docker not permitting limit change operations) I can almost see
> >Â Â Âdaylight.Â Submit/execute on the central manager host works, and the
> >Â Â Âworkers can see the queue on the central manager but they never join
> >Â Â Âthe pool, neither to jobs submitted at a worker ever get matched.
> >Â Â ÂThe logs on the central manager never show any connections or
> >Â Â Ârequests from the worker's IP address (although there must be some
> >Â Â Âsince reads for condor_q and condor_status work).Â So I figure this
> >Â Â Âmust be some ordinary Condor config mistake on my part or a
> >Â Â Âcomplication due to the IP address mapping between containers and
> >Â Â Âhosts but I'm surprised I can't find any error messages anywhere in
> >Â Â Âthe logs on either side.
> >Â Â ÂMy current condor_config.local looks something like this
> >Â Â Â(CONDOR_HOST and DAEMON_LIST are set by calling condor_configure
> >Â Â Âwhen the container runs):
> >Â Â Â Â Â## Inside Docker we don't want to rely on DNS for user
> >Â Â Â Â Âauthentication.
> >Â Â Â Â ÂTRUST_UID_DOMAIN = TRUE
> >Â Â Â Â ÂUID_DOMAIN = my-condor-pool
> >Â Â Â Â Â## Use CCB so we don't need to deal with multiple ephemeral ports
> >Â Â Â Â Â## which are not yet supported by Docker.
> >Â Â Â Â ÂUSE_SHARED_PORT = True
> >Â Â Â Â ÂSHARED_PORT_ARGS = -p 9886
> >Â Â Â Â ÂSEC_DEFAULT_NEGOTIATION = NEVER
> >Â Â Â Â ÂSEC_DEFAULT_AUTHENTICATION = NEVER
> >Â Â Â Â Â## We're not gonna try and reconfigure for each host involved.
> >Â Â Â Â Â## Just rely on our private network.
> >Â Â Â Â ÂALLOW_READÂ Â Â Â Â Â = *,*@*
> >Â Â Â Â ÂALLOW_WRITEÂ Â Â Â Â Â= *,*@*
> >Â Â Â Â ÂALLOW_ADMINISTRATORÂ Â= *,*@*
> >Â Â Â Â ÂALLOW_CONFIGÂ Â Â Â Â = *,*@*
> >Â Â Â Â ÂALLOW_NEGOTIATORÂ Â Â = *,*@*
> >Â Â Â Â ÂALLOW_DAEMONÂ Â Â Â Â = *,*@*
> >Â Â Â Â Â# This didn't seem to change the setting for the collector:
> >Â Â Â Â Â# MAX_FILE_DESCRIPTORS=1024
> >Â Â Â Â Â# Maybe DEFAULT_MAX_FILE_DESCRIPTORS?
> >Â Â Â Â Â# The collector wants to allow at least 10240 open descriptors,
> >Â Â Â Â Â# but Docker doesn't permit changing limits.
> >Â Â Â Â ÂCOLLECTOR_MAX_FILE_DESCRIPTORS=1024
> >Â Â Â Â Â# Fiddling with these have had no effect so far...
> >Â Â Â Â ÂFLOCK_FROM=10.*
> >Â Â Â Â ÂFLOCK_TO=$(COLLECTOR_HOST)
> >Â Â Â Â ÂHOSTALLOW_READ=10.*
> >Â Â Â Â ÂHOSTALLOW_WRITE=10.*
> >Â Â ÂJim
> HTCondor-users mailing list
> To unsubscribe, send a message to htcondor-users-request@xxxxxxxxxxx with a
> subject: Unsubscribe
> You can also unsubscribe by visiting
> The archives can be found at:
Timothy St. Clair
Red Hat Inc.
HTCondor-users mailing list
To unsubscribe, send a message to htcondor-users-request@xxxxxxxxxxx with a
You can also unsubscribe by visiting
The archives can be found at: