Mailing List Archives
Public Access
|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[HTCondor-users] Problems with condor_ssh_to_job
- Date: Thu, 03 Aug 2017 18:21:45 +0200
- From: Oliver Freyermuth <o.freyermuth@xxxxxxxxxxxxxx>
- Subject: [HTCondor-users] Problems with condor_ssh_to_job
Dear condor experts,
I have a set of two issues using condor_ssh_to_job in our htcondor 8.6.5 setup on CentOS 7.
Our workers are in a private network, the central manager is "outside" of that in a public net, same for the submittor / schedd node.
1) It seems condor_ssh_to_job chooses some random port on the startd machine
when making the reverse connection (from startd to schedd as negotiated via the CCB).
This prevents firewalling - up to now, we have used shared_port successfully, but it seems condor_ssh_to_job ignores that completely.
Is there any way to limit the number of ports condor_ssh_to_job will listen on on the schedd side, or make it use the shared_port_daemon?
If not: How to configure a firewall on the schedd side? Is it possible at all when condor_ssh_to_job should be usable?
2) SELinux policies prevent running ssh-keygen on the startd machine. SELinux denies permission to write the generated keys to /pool/condor/dir_<PID>/.condor_ssh_to_job_1/ .
Is this already fixed in a new version of HTCondor?
This breaks on CentOS 7 out of the box.
Many thanks for your help,
Oliver
--
Oliver Freyermuth
Physikalisches Institut der UniversitÃt Bonn
NuÃallee 12
53115 Bonn
--