This part of the condor_q -analyze output
1 ( ( ( OpSys == "WINNT51" || OpSys == "WINNT52" || OpSys == "WINNT60" || OpSys == "WINNT61" ) || ( ( OpSys == "WINDOWS" || OpSys == "LINUX" ) && Arch == "X86_64"
) ) )
2 ( TARGET.HasWindowsRunAsOwner && ( TARGET.LocalCredd is "AHERSRVBLD28.lgs-net.com" )
is saying that there are no machines in your pool that are ARCH == X86_64 and also support WindowsRunAsOwner and are using the necessary value for LocalCredd
condor_status -af:h Name OpSys Arch LocalCredd HasWindowsRunAsOwner
From: HTCondor-users <htcondor-users-bounces@xxxxxxxxxxx>
On Behalf Of rb
Sent: Thursday, September 27, 2018 8:40 AM
To: HTCondor-Users Mail List <htcondor-users@xxxxxxxxxxx>
Subject: [HTCondor-users] Fwd: Aw: Re: Cannot sent jobs as Owner in WindowsOS
Datum: 19. September 2018 um 11:02
An: "Todd Tannenbaum"
Betreff: Aw: Re: [HTCondor-users] Cannot sent jobs as Owner in WindowsOS
thanks for the additional hints.
I was able to move a bit forward, but was not yet successful.
Eg I was able to specify a condor-pool PW. Jobs are now picked up by condor, however non of them are picked by the nodes as it seems the requirements are not matching.
(Remark: Jobs are matching and running when using the default temp user from condor)
I attach the condor config files I created now. One for master, one submitter, one node.
The submission files contain a line: "Run_as_owner = true"
a) Basically I copied the content of the ..\etc\condor_config.local.credd into the condor config file of the pool manager running CREDD
CREDD_HOST = credd.cs.wisc.edu
CREDD_CACHE_LOCALLY = True
STARTER_ALLOW_RUNAS_OWNER = True
ALLOW_CONFIG = Administrator@*
SEC_CLIENT_AUTHENTICATION_METHODS = NTSSPI, PASSWORD
SEC_CONFIG_NEGOTIATION = REQUIRED
SEC_CONFIG_AUTHENTICATION = REQUIRED
SEC_CONFIG_ENCRYPTION = REQUIRED
SEC_CONFIG_INTEGRITY = REQUIRED
into all processing and submitter machines.
When now running jobs they are stucked in the queue.
Running condor_q -analyze is giving the following message:
WARNING: Be advised:
No resources matched request's constraints
The Requirements _expression_ for your job is:
( ( ( OpSys == "WINNT51" || OpSys == "WINNT52" || OpSys == "WINNT60" ||
OpSys == "WINNT61" ) || ( ( OpSys == "WINDOWS" ||
OpSys == "LINUX" ) && Arch == "X86_64" ) ) ) &&
( TARGET.Disk >= RequestDisk ) && ( TARGET.Memory >= RequestMemory ) &&
( TARGET.HasFileTransfer ) && ( TARGET.HasWindowsRunAsOwner &&
( TARGET.LocalCredd is "AHERSRVBLD28.lgs-net.com" ) )
Condition Machines Matched Suggestion
--------- ---------------- ----------
1 ( ( ( OpSys == "WINNT51" || OpSys == "WINNT52" || OpSys == "WINNT60" || OpSys == "WINNT61" ) || ( ( OpSys == "WINDOWS" || OpSys == "LINUX" ) && Arch == "X86_64" ) ) )
2 ( TARGET.HasWindowsRunAsOwner && ( TARGET.LocalCredd is "AHERSRVBLD28.lgs-net.com" ) )
3 ( TARGET.Disk >= 3 ) 18
4 ( TARGET.Memory >= ifthenelse(MemoryUsage isnt undefined,MemoryUsage,0) )
5 ( TARGET.HasFileTransfer ) 18
7163.000: Request is running.
-Would this depend on the version of condor? I am running 8.4.10 on all machines?
-My user is known in the domain. Would I need to add this user to the local users of each processing machine?
-In the user manual in 7.2.5 "Condor_credd Daemon" a variable called "Local_credd" is mentioned. However I cannot find this variable in non of the examples. Is it necessary to specify this variable in the config file?
- Do I need to use a pool PW? Or is it enought to use suggestion from "7.2.6 Executing Jobs with the User's Profile Loaded" and just set "load_profile = True" in submission file.
- In usermanual 184.108.40.206 I find the following sentence: "Under Windows, HTCondor by default runs jobs under a dynamically created local account that exists for the duration of the job, but it can optionally run the job as the user account that owns the job
if STARTER_ALLOW_RUNAS_OWNER is True and the job contains RunAsOwner=True."
Is it RunAsOwner = true or Run_As_Owner = true?
This is correct. I would like to have this user running jobs in the condor environment.
> Gesendet: Donnerstag, 13. September 2018 um 22:31 Uhr
> Von: "Todd Tannenbaum" <tannenba@xxxxxxxxxxx>
> An: "HTCondor-Users Mail List" <htcondor-users@xxxxxxxxxxx>, rb <robertbosch@xxxxxx>
> Betreff: Re: [HTCondor-users] Cannot sent jobs as Owner in WindowsOS
> On 9/12/2018 5:02 AM, rb wrote:
> > I would like to send and process the job as "owner".
> > Not the default "condor-slot user" is procesing the job, but actually the person who is logged on the submitter and is sending the job.
> > For this we created a user "calibration*. This user is registered in our domain and has admin-permission on all machines (All win 10) connected to the pool.
> > For this I edited the config file on Submitter and Executing nodes:
> > [...]
> > FILESYSTEM_DOMAIN = lgs-net.com
> > UID_DOMAIN = lgs-net.com
> > TRUST_UID_DOMAIN = true
> > SOFT_UID_DOMAIN = true
> > STARTER_ALLOW_RUNAS_OWNER = true
> > [...]
> > The submission files are having in addition following entry
> > [...]
> > Run_As_Owner = true
> > [...]
> > I also used "condor_store_cred add" on submitter and pool to store PW for user "calibration"
> > Still its not working!
> > Jobs are created. Also .err and .out files. But they are not picked by Scheduler. Using "condor_q": No jobs in queue.
> > Can someone give some hints?
> Did you do a condor_reconfig or restart HTCondor after changing the config settings on your execute and submit hosts?
> Also I don't see anything in your config re your CREDD_HOST etc, as described in the Microsoft Windows chapter in the HTCondor Manual for executing jobs as the Submitting User... specifically I am looking at this section:
> Perhaps you want to re-read and follow the configuration examples in that part of the Manual.
> Some additional ideas / suggestions:
> Are you running condor_submit as user "calibration" ? What does "whoami" report before submitting the job?
> Try submitting a very simple job and see if that runs as user "calibration". I would suggest running "whoami.exe" with a job event log and see what happens. For example --
> executable = whoami.exe
> output = test.out
> error = test.err
> log = test.log
> run_as_owner = true
> and then take a look at test.out, test.err, test.log.
> You say the job is successfully submitted but condor_q says no jobs in the queue... ??? what does "condor_q -allusers" say? Or is that because the job is quickly completing... what does condor_history say?
> Re the below observations: I am not the Windows expert, but I believe you should only need to run 'condor_store_cred add' on the submit node, which will then send the password (encrypted) and securely store it on the host running the condor_credd daemons.
The execute node will securely fetch the password as needed.
> Hope the above helps,
> > I made two observations:
> > 1) I cannot use "condor_store_cred add" on executing machines. It returns an error "operation failed". Make sure you have WRITE permission onto this node. Although "WRITE = *" is set in all config files.
> > 2) By default our Software adds "load_profile = true" in all submission files. Could this be a potential problem?
> > Best regards,
> > Robert
> > -----------------------
> > -----------------------
> > _______________________________________________
> > HTCondor-users mailing list
> > To unsubscribe, send a message to
htcondor-users-request@xxxxxxxxxxx with a
> > subject: Unsubscribe
> > You can also unsubscribe by visiting
> > The archives can be found at:
> > https://lists.cs.wisc.edu/archive/htcondor-users/
> Todd Tannenbaum <tannenba@xxxxxxxxxxx> University of Wisconsin-Madison
> Center for High Throughput Computing Department of Computer Sciences
> HTCondor Technical Lead 1210 W. Dayton St. Rm #4257
> Phone: (608) 263-7132 Madison, WI 53706-1685