Re: [HTCondor-users] HTCondor and Red Hat 7.4 upgrade

[Tim Theisen <tim@xxxxxxxxxxx>]

I have an updated SELinux profile for HTCondor that fixes these
problems. We will re-release the RPMs for HTCondor 8.4.12, 8.5.6, and
8.7.2 on Monday.


On 08/04/2017 11:47 AM, Feldt, Andrew N. wrote:
> Tim,
>
> Thanks for the response.  I have a temporary workaround which cannot be sustained: put SELinux into permissive mode.  (For interested others, this is done by:
>
> setenforce permissive
>
> and only lasts then until the next reboot.)
>
> This fixed the AUTHENTICATE issue (we use FS in an NIS/NFS environment) and allowed new submits to work as well.
>
> We require SELinux enforcing and are treating this as a temporary situation.
>
> Thanks again for your help!
>
> Andy
>
>> On Aug 4, 2017, at 11:29 AM, Tim Theisen <tim@xxxxxxxxxxx> wrote:
>>
>> Hi Andy,
>>
>> Thank you for the report. I'll be working on a solution as quick as
>> possible.
>>
>> So, the wisdom is to hold off on Red Hat 7.4 until we have a solution.
>>
>> I won't be able to produce a solution today. Hopefully, I'll have
>> sometime on Monday.
>>
>> I am sorry for the inconvenience.
>>
>> ...Tim
>>
>>
>> On 08/04/2017 10:34 AM, Feldt, Andrew N. wrote:
>>> Tim,
>>>
>>> While our HTCondor installation will start in the presence of SELinux with RHEL 7.4, the re-installation of HTCondor (actually, just the âcondorâ package) completes, but without installing the htcondor SELinux module.  The reinstall of the condor package shows:
>>>
>>> Conflicting type rules
>>> Binary policy creation failed at /etc/selinux/targeted/tmp/modules/400/htcondor/cil:45
>>> Failed to generate binary
>>> /usr/sbin/semodule:  Failed!
>>>
>>> I tried removing the old htcondor SELinux module and then reinstalling the condor package.  This results in the same error (and then there is no htcondor module installed).
>>>
>>> Even though condor starts, I am unable to release jobs that were put on hold before the update.  I get:
>>>
>>> $ condor_release the-username
>>> AUTHENTICATE:1003:Failed to authenticate with any method
>>> AUTHENTICATE:1004:Failed to authenticate using GSI
>>> GSI:5003:Failed to authenticate.  Globus is reporting error (851968:50).  There is probably a problem with your credentials.  (Did you run grid-proxy-init?)
>>> AUTHENTICATE:1004:Failed to authenticate using KERBEROS
>>> AUTHENTICATE:1004:Failed to authenticate using FS
>>> Couldn't find/release all jobs of user âthe-username"
>>>
>>> It is not clear if this is related since I see no condor logs in the audit.log file on the system where this is run.  But, this worked with the same configuration from before the update.
>>>
>>> Andy
>>>
>>>
>>>> On Aug 3, 2017, at 6:42 PM, Tim Theisen <tim@xxxxxxxxxxx> wrote:
>>>>
>>>> Our friends at the OSG (Open Science Grid) have noticed difficulties
>>>> when upgrading to Red Hat 4 and upgrading HTCondor within a single yum
>>>> command. There seems to be an interaction with the update of the system
>>>> SELinux profile and HTCondor's type enforcement rules. The result is an
>>>> HTCondor installation that will not start up. If you upgrade
>>>> sequentially, first one and then the other (in either order), the
>>>> problem does not occur. If you have a broken HTCondor installation, we
>>>> believe that reinstalling HTCondor will fix the problem. We will post
>>>> more information as it becomes available.
>>>>
>>>> -- 
>>>> Tim Theisen
>>>> Release Manager
>>>> HTCondor & Open Science Grid
>>>> Center for High Throughput Computing
>>>> Department of Computer Sciences
>>>> University of Wisconsin - Madison
>>>> 4261 Computer Sciences and Statistics
>>>> 1210 W Dayton St
>>>> Madison, WI 53706-1685
>>>> +1 608 265 5736
>>>>
>>>>
>>>> _______________________________________________
>>>> HTCondor-users mailing list
>>>> To unsubscribe, send a message to htcondor-users-request@xxxxxxxxxxx with a
>>>> subject: Unsubscribe
>>>> You can also unsubscribe by visiting
>>>> https://lists.cs.wisc.edu/mailman/listinfo/htcondor-users
>>>>
>>>> The archives can be found at:
>>>> https://lists.cs.wisc.edu/archive/htcondor-users/
>>> _______________________________________________
>>> HTCondor-users mailing list
>>> To unsubscribe, send a message to htcondor-users-request@xxxxxxxxxxx with a
>>> subject: Unsubscribe
>>> You can also unsubscribe by visiting
>>> https://lists.cs.wisc.edu/mailman/listinfo/htcondor-users
>>>
>>> The archives can be found at:
>>> https://lists.cs.wisc.edu/archive/htcondor-users/
>> -- 
>> Tim Theisen
>> Release Manager
>> HTCondor & Open Science Grid
>> Center for High Throughput Computing
>> Department of Computer Sciences
>> University of Wisconsin - Madison
>> 4261 Computer Sciences and Statistics
>> 1210 W Dayton St
>> Madison, WI 53706-1685
>> +1 608 265 5736
>>
>> _______________________________________________
>> HTCondor-users mailing list
>> To unsubscribe, send a message to htcondor-users-request@xxxxxxxxxxx with a
>> subject: Unsubscribe
>> You can also unsubscribe by visiting
>> https://lists.cs.wisc.edu/mailman/listinfo/htcondor-users
>>
>> The archives can be found at:
>> https://lists.cs.wisc.edu/archive/htcondor-users/
>
> _______________________________________________
> HTCondor-users mailing list
> To unsubscribe, send a message to htcondor-users-request@xxxxxxxxxxx with a
> subject: Unsubscribe
> You can also unsubscribe by visiting
> https://lists.cs.wisc.edu/mailman/listinfo/htcondor-users
>
> The archives can be found at:
> https://lists.cs.wisc.edu/archive/htcondor-users/

-- 
Tim Theisen
Release Manager
HTCondor & Open Science Grid
Center for High Throughput Computing
Department of Computer Sciences
University of Wisconsin - Madison
4261 Computer Sciences and Statistics
1210 W Dayton St
Madison, WI 53706-1685
+1 608 265 5736