Mailing List Archives
Public Access
|
|
![[Computer Systems Lab]](https://www-auth.cs.wisc.edu/pics/csl_logo.gif)
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [HTCondor-users] Fwd: Re: Cannot sent jobs as Owner in WindowsOS
- Date: Tue, 02 Oct 2018 11:59:36 +0200
- From: rb <robertbosch@xxxxxx>
- Subject: Re: [HTCondor-users] Fwd: Re: Cannot sent jobs as Owner in WindowsOS
Hi TJ
Sorry for the delay, I was on PTO the past couple of days.
To your question pls see attachment.
only machine AherSRVBLD28 (Pool), AherDSKBLD03 (submitter) and AHERDSKBLD04 (Node) was configured to run Jobs as Owner.
a)
Do I need to specify in the Submission file
Run_As_owner or RunAsOwner?
b)
by default we have
load_profile = True
in the submission file.
Is this a conflict to "Run_as_owner"
Best regards,
Robert
-----------------------
-----------------------
> Gesendet: Donnerstag, 27. September 2018 um 23:49 Uhr
> Von: "John M Knoeller" <johnkn@xxxxxxxxxxx>
> An: "HTCondor-Users Mail List" <htcondor-users@xxxxxxxxxxx>
> Betreff: Re: [HTCondor-users] Fwd: Aw: Re: Cannot sent jobs as Owner in WindowsOS
>
> This part of the condor_q -analyze output
>
> 1 ( ( ( OpSys == "WINNT51" || OpSys == "WINNT52" || OpSys == "WINNT60" || OpSys == "WINNT61" ) || ( ( OpSys == "WINDOWS" || OpSys == "LINUX" ) && Arch == "X86_64" ) ) )
> 0 REMOVE
> 2 ( TARGET.HasWindowsRunAsOwner && ( TARGET.LocalCredd is "AHERSRVBLD28.lgs-net.com" )
>
>
> is saying that there are no machines in your pool that are ARCH == X86_64 and also support WindowsRunAsOwner and are using the necessary value for LocalCredd
>
>
> What Does
>
> condor_status -af:h Name OpSys Arch LocalCredd HasWindowsRunAsOwner
>
>
> show?
>
> -tj
>
>
>
>
> From: HTCondor-users <htcondor-users-bounces@xxxxxxxxxxx> On Behalf Of rb
> Sent: Thursday, September 27, 2018 8:40 AM
> To: HTCondor-Users Mail List <htcondor-users@xxxxxxxxxxx>
> Subject: [HTCondor-users] Fwd: Aw: Re: Cannot sent jobs as Owner in WindowsOS
>
>
> Von: rb
> Datum: 19. September 2018 um 11:02
> An: "Todd Tannenbaum"
> Betreff: Aw: Re: [HTCondor-users] Cannot sent jobs as Owner in WindowsOS
>
>
>
> Hello Todd,
>
> thanks for the additional hints.
> I was able to move a bit forward, but was not yet successful.
> Eg I was able to specify a condor-pool PW. Jobs are now picked up by condor, however non of them are picked by the nodes as it seems the requirements are not matching.
> (Remark: Jobs are matching and running when using the default temp user from condor)
>
>
> I attach the condor config files I created now. One for master, one submitter, one node.
> The submission files contain a line: "Run_as_owner = true"
>
> a) Basically I copied the content of the ..\etc\condor_config.local.credd into the condor config file of the pool manager running CREDD
> b) copied
> CREDD_HOST = credd.cs.wisc.edu
> CREDD_CACHE_LOCALLY = True
>
> STARTER_ALLOW_RUNAS_OWNER = True
>
> ALLOW_CONFIG = Administrator@*
> SEC_CLIENT_AUTHENTICATION_METHODS = NTSSPI, PASSWORD
> SEC_CONFIG_NEGOTIATION = REQUIRED
> SEC_CONFIG_AUTHENTICATION = REQUIRED
> SEC_CONFIG_ENCRYPTION = REQUIRED
> SEC_CONFIG_INTEGRITY = REQUIRED
> into all processing and submitter machines.
>
>
> When now running jobs they are stucked in the queue.
> Running condor_q -analyze is giving the following message:
>
> WARNING: Be advised:
> No resources matched request's constraints
> The Requirements expression for your job is:
> ( ( ( OpSys == "WINNT51" || OpSys == "WINNT52" || OpSys == "WINNT60" ||
> OpSys == "WINNT61" ) || ( ( OpSys == "WINDOWS" ||
> OpSys == "LINUX" ) && Arch == "X86_64" ) ) ) &&
> ( TARGET.Disk >= RequestDisk ) && ( TARGET.Memory >= RequestMemory ) &&
> ( TARGET.HasFileTransfer ) && ( TARGET.HasWindowsRunAsOwner &&
> ( TARGET.LocalCredd is "AHERSRVBLD28.lgs-net.com" ) )
>
> Suggestions:
> Condition Machines Matched Suggestion
> --------- ---------------- ----------
> 1 ( ( ( OpSys == "WINNT51" || OpSys == "WINNT52" || OpSys == "WINNT60" || OpSys == "WINNT61" ) || ( ( OpSys == "WINDOWS" || OpSys == "LINUX" ) && Arch == "X86_64" ) ) )
> 0 REMOVE
> 2 ( TARGET.HasWindowsRunAsOwner && ( TARGET.LocalCredd is "AHERSRVBLD28.lgs-net.com" ) )
> 0 REMOVE
> 3 ( TARGET.Disk >= 3 ) 18
> 4 ( TARGET.Memory >= ifthenelse(MemoryUsage isnt undefined,MemoryUsage,0) )
> 18
> 5 ( TARGET.HasFileTransfer ) 18
> ---
> 7163.000: Request is running.
>
>
>
>
>
>
> Some questions:
>
> -Would this depend on the version of condor? I am running 8.4.10 on all machines?
>
> -My user is known in the domain. Would I need to add this user to the local users of each processing machine?
>
> -In the user manual in 7.2.5 "Condor_credd Daemon" a variable called "Local_credd" is mentioned. However I cannot find this variable in non of the examples. Is it necessary to specify this variable in the config file?
>
> - Do I need to use a pool PW? Or is it enought to use suggestion from "7.2.6 Executing Jobs with the User's Profile Loaded" and just set "load_profile = True" in submission file.
>
> - In usermanual 3.8.13.2 I find the following sentence: "Under Windows, HTCondor by default runs jobs under a dynamically created local account that exists for the duration of the job, but it can optionally run the job as the user account that owns the job if STARTER_ALLOW_RUNAS_OWNER is True and the job contains RunAsOwner=True."
> Is it RunAsOwner = true or Run_As_Owner = true?
>
>
> Btw:
> whoami is giving: calibration@xxxxxxxxxxx<mailto:calibration@xxxxxxxxxxx>.
> This is correct. I would like to have this user running jobs in the condor environment.
>
>
> Best regards,
> Robert
>
>
>
> -----------------------
>
> -----------------------
>
>
> > Gesendet: Donnerstag, 13. September 2018 um 22:31 Uhr
> > Von: "Todd Tannenbaum" <tannenba@xxxxxxxxxxx<mailto:tannenba@xxxxxxxxxxx>>
> > An: "HTCondor-Users Mail List" <htcondor-users@xxxxxxxxxxx<mailto:htcondor-users@xxxxxxxxxxx>>, rb <robertbosch@xxxxxx<mailto:robertbosch@xxxxxx>>
> > Betreff: Re: [HTCondor-users] Cannot sent jobs as Owner in WindowsOS
> >
> > On 9/12/2018 5:02 AM, rb wrote:
> > > I would like to send and process the job as "owner".
> > > Not the default "condor-slot user" is procesing the job, but actually the person who is logged on the submitter and is sending the job.
> > >
> > > For this we created a user "calibration*. This user is registered in our domain and has admin-permission on all machines (All win 10) connected to the pool.
> > >
> > > For this I edited the config file on Submitter and Executing nodes:
> > >
> > > [...]
> > > FILESYSTEM_DOMAIN = lgs-net.com
> > > UID_DOMAIN = lgs-net.com
> > > TRUST_UID_DOMAIN = true
> > > SOFT_UID_DOMAIN = true
> > > STARTER_ALLOW_RUNAS_OWNER = true
> > > [...]
> > >
> > >
> > > The submission files are having in addition following entry
> > > [...]
> > > Run_As_Owner = true
> > > [...]
> > >
> > >
> > > I also used "condor_store_cred add" on submitter and pool to store PW for user "calibration"
> > >
> > > Still its not working!
> > > Jobs are created. Also .err and .out files. But they are not picked by Scheduler. Using "condor_q": No jobs in queue.
> > >
> > >
> > > Can someone give some hints?
> > >
> >
> > Did you do a condor_reconfig or restart HTCondor after changing the config settings on your execute and submit hosts?
> >
> > Also I don't see anything in your config re your CREDD_HOST etc, as described in the Microsoft Windows chapter in the HTCondor Manual for executing jobs as the Submitting User... specifically I am looking at this section:
> > http://htcondor.org/manual/v8.7/MicrosoftWindows.html#x75-5750008.2.4
> > Perhaps you want to re-read and follow the configuration examples in that part of the Manual.
> >
> > Some additional ideas / suggestions:
> >
> > Are you running condor_submit as user "calibration" ? What does "whoami" report before submitting the job?
> >
> > Try submitting a very simple job and see if that runs as user "calibration". I would suggest running "whoami.exe" with a job event log and see what happens. For example --
> > executable = whoami.exe
> > output = test.out
> > error = test.err
> > log = test.log
> > run_as_owner = true
> > queue
> >
> > and then take a look at test.out, test.err, test.log.
> >
> > You say the job is successfully submitted but condor_q says no jobs in the queue... ??? what does "condor_q -allusers" say? Or is that because the job is quickly completing... what does condor_history say?
> >
> > Re the below observations: I am not the Windows expert, but I believe you should only need to run 'condor_store_cred add' on the submit node, which will then send the password (encrypted) and securely store it on the host running the condor_credd daemons. The execute node will securely fetch the password as needed.
> >
> > Hope the above helps,
> > Todd
> >
> >
> > > I made two observations:
> > > 1) I cannot use "condor_store_cred add" on executing machines. It returns an error "operation failed". Make sure you have WRITE permission onto this node. Although "WRITE = *" is set in all config files.
> > > 2) By default our Software adds "load_profile = true" in all submission files. Could this be a potential problem?
> > >
> > >
> > >
> > > Best regards,
> > > Robert
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > > -----------------------
> > >
> > > -----------------------
> > >
> > > _______________________________________________
> > > HTCondor-users mailing list
> > > To unsubscribe, send a message to htcondor-users-request@xxxxxxxxxxx<mailto:htcondor-users-request@xxxxxxxxxxx> with a
> > > subject: Unsubscribe
> > > You can also unsubscribe by visiting
> > > https://lists.cs.wisc.edu/mailman/listinfo/htcondor-users
> > >
> > > The archives can be found at:
> > > https://lists.cs.wisc.edu/archive/htcondor-users/
> > >
> >
> >
> > --
> > Todd Tannenbaum <tannenba@xxxxxxxxxxx<mailto:tannenba@xxxxxxxxxxx>> University of Wisconsin-Madison
> > Center for High Throughput Computing Department of Computer Sciences
> > HTCondor Technical Lead 1210 W. Dayton St. Rm #4257
> > Phone: (608) 263-7132<tel:(608)%20263-7132> Madison, WI 53706-1685
> >
> _______________________________________________
> HTCondor-users mailing list
> To unsubscribe, send a message to htcondor-users-request@xxxxxxxxxxx with a
> subject: Unsubscribe
> You can also unsubscribe by visiting
> https://lists.cs.wisc.edu/mailman/listinfo/htcondor-users
>
> The archives can be found at:
> https://lists.cs.wisc.edu/archive/htcondor-users/
Attachment:
condor_status.PNG
Description: PNG image
