[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [HTCondor-users] Issues with firewall when USE_SHARED_PORT = True



Config is one Central manager + submit node and one Execute-only node. I have USE_SHARED_PORT enabled on both nodes. I can do condor_q, condor_status commands fine. I need to enable a firewall. I used iptables on the central manager node and allowed port 9618 as input. As soon as I do this it is unable to complete the above commands which time out and give the following error

Did you restart HTCondor after enabling USE_SHARED_PORT? I wouldn't expect daemons configured to use shared port to have any listen ports of their own. What does 'condor_config_val USE_SHARED_PORT' say?

Is the directory DAEMON_SOCKET_DIR writeable by the condor user, or whichever user you're running the HTCondor daemon as?

I gather the daemons use randomly allocated ports. Do I need to use a fixed port for each one and allow it through as well?

No. When everything's working right, all the daemons will share a single port (hence the name of the knob).

Do I need to use SHARED_PORT on both the central manager and the execute nodes or is only required on one of them?

It depends on your firewall requirements. If your execute node doesn't need a firewall, you don't need to use shared port on it.

- ToddM