Re: [HTCondor-users] Communication error when trying to add second machine

[Brian Bockelman <bbockelm@xxxxxxxxxxx>]

> On Aug 5, 2016, at 11:04 AM, Todd L Miller <tlmiller@xxxxxxxxxxx> wrote:
> 
>> I've set the SELinux policy to permissive (and disabled) but nothing has changed.
> 
> 	As far as I can tell, there's a lot of issues with SELinux only /actually/ being disabled if you disable it and then reboot (with it configured to being disabled).  Don't know if that's what's going on here.

Iâm not sure thatâs actually a problem (itâs the design).  We locally went from permissive -> disabled because the sheer volume of errors caused by HTCondor was causing issues for the logging infrastructure.  In Docker Universe, a SELinux error is emitted for each file read and each executable run.

Everything worked fine in permissive mode, however.

> 
>> Does anyone have any ideas?
> 
> 	The file /proc/sys/net/ipv4/ip_local_port_range is written by HTCondor's default linux kernel tuning script; for scaling purposes, we want the local port range to be as wide as possible, and in some cases it's not set that way by default.
> 
> 	We're actively working on improving HTCondor's interoperability with SELInux, but until that's done, you can either disable the tuning script in the HTCondor configuration (set ENABLE_KERNEL_TUNING to FALSE) or edit the tuning script (do 'condor_config_val LINUX_KERNEL_TUNING_SCRIPT' to find it on your system) and comment out the line starting 'setKernelParameter "LOCAL_PORT_RANGE"'.
> 
> 	I have no idea why SELinux would care on one machine and not the other, though.
> 

Looks simply like a TCP connection issue.

Brian