[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [HTCondor-users] Communication error when trying to add second machine
- Date: Fri, 05 Aug 2016 11:08:15 -0500
- From: Brian Bockelman <bbockelm@xxxxxxxxxxx>
- Subject: Re: [HTCondor-users] Communication error when trying to add second machine
> On Aug 5, 2016, at 11:04 AM, Todd L Miller <tlmiller@xxxxxxxxxxx> wrote:
>> I've set the SELinux policy to permissive (and disabled) but nothing has changed.
> As far as I can tell, there's a lot of issues with SELinux only /actually/ being disabled if you disable it and then reboot (with it configured to being disabled). Don't know if that's what's going on here.
Iâm not sure thatâs actually a problem (itâs the design). We locally went from permissive -> disabled because the sheer volume of errors caused by HTCondor was causing issues for the logging infrastructure. In Docker Universe, a SELinux error is emitted for each file read and each executable run.
Everything worked fine in permissive mode, however.
>> Does anyone have any ideas?
> The file /proc/sys/net/ipv4/ip_local_port_range is written by HTCondor's default linux kernel tuning script; for scaling purposes, we want the local port range to be as wide as possible, and in some cases it's not set that way by default.
> We're actively working on improving HTCondor's interoperability with SELInux, but until that's done, you can either disable the tuning script in the HTCondor configuration (set ENABLE_KERNEL_TUNING to FALSE) or edit the tuning script (do 'condor_config_val LINUX_KERNEL_TUNING_SCRIPT' to find it on your system) and comment out the line starting 'setKernelParameter "LOCAL_PORT_RANGE"'.
> I have no idea why SELinux would care on one machine and not the other, though.
Looks simply like a TCP connection issue.