Config is one Central manager + submit node and one Execute-only node. I have USE_SHARED_PORT enabled on both nodes. I can do condor_q, condor_status commands fine. I need to enable a firewall. I used iptables on the central manager node and allowed port 9618 as input. As soon as I do this it is unable to complete the above commands which time out and give the following error
Did you restart HTCondor after enabling USE_SHARED_PORT? I wouldn't expect daemons configured to use shared port to have any listen ports of their own. What does 'condor_config_val USE_SHARED_PORT' say?
Is the directory DAEMON_SOCKET_DIR writeable by the condor user, or whichever user you're running the HTCondor daemon as?
I gather the daemons use randomly allocated ports. Do I need to use a fixed port for each one and allow it through as well?
No. When everything's working right, all the daemons will share a single port (hence the name of the knob).
Do I need to use SHARED_PORT on both the central manager and the execute nodes or is only required on one of them?
It depends on your firewall requirements. If your execute node doesn't need a firewall, you don't need to use shared port on it.
- ToddM