Mailing List Archives
Public Access
|
|
![[Computer Systems Lab]](https://www-auth.cs.wisc.edu/pics/csl_logo.gif)
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [HTCondor-users] flocking and firewalls
- Date: Tue, 26 Apr 2016 10:15:42 -0500
- From: Brian Bockelman <bbockelm@xxxxxxxxxxx>
- Subject: Re: [HTCondor-users] flocking and firewalls
Hi Mike,
Hereâs the typical setup:
- Enable shared port on your schedd and collector hosts. This is now done by default in the 8.5 series IIRC.
- I believe shared port uses 9618 by default.
- This limits HTCondor to a single port, shared across all daemons.
- Configure the worker nodes to utilize the âCondor Connection Brokerâ
- Set "CCB_ADDRESS = $(COLLECTOR_HOST)â in the worker nodes. [The condor_collector daemon already has this enabled by default.]
- There are a few other considerations, outlined here: http://research.cs.wisc.edu/htcondor/manual/latest/3_7Networking_includes.html#SECTION00474000000000000000
- This causes the condor_startd to utilize the condor_collector as a connection-reversing service. Hence, all connections are *outgoing* from the worker node - no incoming ports needed.
With this, you need one incoming port (9618) for schedds and the collector and zero incoming ports for the worker nodes.
Brian
> On Apr 26, 2016, at 10:03 AM, Michael Fienen <mike@xxxxxxxxxxx> wrote:
>
> Hello HTCondor mavens
>
> I am working on trying to set up flocking among a few USGS centers which are separated by firewalls. My question is, does anyone have a strategy for making the connection with minimal ports being open through the firewall? Or, is there a way that people recommend to make a secure connection for the HTCondor masters to communicate without exposing too much of a hole through the firewalls?
>
> I looked through the tutorials and FAQs and didnât find much information about this specifically. I also saw the daemons to minimize the number of ports needed for running but it would help to be able to make the connection among HTCondor central managers without opening ports at all.
>
> Thanks for any direction!
>
> Cheers,
> Mike Fienen
> USGS Wisconsin Water Science Center
>
>
> _______________________________________________
> HTCondor-users mailing list
> To unsubscribe, send a message to htcondor-users-request@xxxxxxxxxxx with a
> subject: Unsubscribe
> You can also unsubscribe by visiting
> https://lists.cs.wisc.edu/mailman/listinfo/htcondor-users
>
> The archives can be found at:
> https://lists.cs.wisc.edu/archive/htcondor-users/