[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [HTCondor-users] Migrating to version 8

Dear Todd (and all),

thank you very much for your answer; it has helped me to dig into what was happening. With a fresh install of the 8.8.9 with the rpm, when the condor user does not exists, its uid and gid are no more the same than before.
In all other installs: the uid of condor is 64 and same for gid.
In fresh install: the uid of condor is 985 and gid is 879.
So using FS_REMOTE does not work anymore with the file that was adequate for the condor user of the other machines unless you create a new file for this user; and that may help me to solve part of my problems.
Is there a particular reason for this change in uid / gid of condor?
Best regards,

On 19/06/2020 19:39, Todd Tannenbaum wrote:
On 6/19/2020 11:44 AM, Xavier OUVRARD wrote:
Dear all,

I am in the process of migrating to version 8. Some of the nodes are already in version 8.6.11, and everything works perfectly even with the central manager in the latest 7 version.

condor_status and condor_q commands work on that machine

If I push to version 8.8.9 then I am unable to submit jobs; I get errors when submitting of type:

ERROR: Failed to connect to local queue manager
SECMAN:2007:Failed to end classad message.

Is the condor_schedd running on the same machine where you are running condor_submit, or is it remote?

While logged onto the submit machine (presumably the same place where condor_submit gave you the above errors), try the following troubleshooting commands:

First, is the condor_schedd running? Check with "ps auxw | grep condor_schedd" assuming you are on Linux...

Next, condor_ping is a useful tool for debugging this. What do the following commands have to say?

ÂÂÂ condor_ping -table READ WRITE
ÂÂÂ condor_ping -verbose READ WRITE

With condor_ping, it can show what authentication methods the client (condor_submit) is trying, and what method the server is accepting, which could provide some clues...

Also it may be handy if you sent along what sort of security/authentication you are expecting, and/or a dump of your security configuration via the output from the command:

ÂÂ condor_config_val -v -dump SEC

I have already disable all security settings in the config.d condor file of the node with:


Note that write operations with the job queue (e.g. submitting jobs with condor_submit) will always be authenticated unless you explicitly set QUEUE_ALL_USERS_TRUSTED=True in the condor_config file(s) on the submit host. ** I DO NOT RECOMMEND THIS, ESP IF HTCONDOR WAS STARTED AS ROOT, UNLESS YOU REALLY UNDERSTAND THE IMPLICATIONS **, as this could enable anybody with access to the schedd to impersonate other users without any credentials. See the Manual for more info here.

What has changed between 8.6.11 and 8.8.9 on the security side (what has been enforced)?

The Version History and Release Notes section of the manual will always have a section on highlights when upgrading from one stable release to the next; see


Hope the above helps,

Xavier Ouvrard-Brunet
(Fellow â HSE-RP-CS) @ CERN
Office 892/2A-12, Prevessins-MoÃns site
CERN, Esplanade des Particules, 1
CH-1211 Geneva 23
TÃl: +41 22 766 38 92
Personal research page: