Mailing List Archives Public Access	UW Madison Computer Sciences Department Computer Systems Lab

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [HTCondor-users] Condor mapfile

Date: Mon, 29 Jun 2020 22:07:40 +0000
From: Zach Miller <zmiller@xxxxxxxxxxx>
Subject: Re: [HTCondor-users] Condor mapfile

Hello,

Definitely set the debug levels as Steve suggested and we should be able to figure out what is happening.

HTCondor does pass the entire FQAN as input when using the mapfile so I would expect that regexes should be able to match against those attributes.

Let's see what the debug logs say.  They are *extremely* verbose with both D_SECURITY and D_FULLDEBUG enabled, so if you would like me to look at it and extract the useful parts just let me know.


Cheers,
-zach


ïOn 6/29/20, 4:30 PM, "HTCondor-users on behalf of Steven C Timm" <htcondor-users-bounces@xxxxxxxxxxx on behalf of timm@xxxxxxxx> wrote:

    You might want to look at the lcmaps_voms package which can be used to properly parse VO attributes in proxies and let you set up a real voms-mapfile as opposed to trying to do it all in the condor_mapfile.

    But as for debugging the mapfile, set

    all the debugs to 

    D_SECURITY,D_FULLDEBUG 

    and it will let you know what is mapping as what.

    I believe what is getting you in the current config, is that the FQAN is not presented
    to the GSI mapping function in the condor_mapfile, it can only see the DN which is the first part before the /dune/Role=.... 
    so the wild cards you have in the condor_mapfile that contain roles
    will not match that way

    You will have to set up your mapfile based only on DN's.. since the submission DN is always different for Alice, LHCB, and DUNE it shouldn't be hard.

    The job_Router entries based on x509userproxyfirstfqan should work though
    and you can use those job_router entries to assign an AccountingGroup and thus keep track of which jobs are which.

    Steve Timm

    ________________________________________
    From: HTCondor-users <htcondor-users-bounces@xxxxxxxxxxx> on behalf of ejunior@xxxxxxx <ejunior@xxxxxxx>
    Sent: Monday, June 29, 2020 4:18 PM
    To: htcondor-users@xxxxxxxxxxx <htcondor-users@xxxxxxxxxxx>
    Subject: [HTCondor-users] Condor mapfile  

    Hi all,

    first of all my condor installation:
    $CondorVersion: 8.8.9 May 06 2020 BuildID: 503068 PackageID: 8.8.9-1 $
    $CondorPlatform: x86_64_CentOS7 $


    I'm trying to setup my mapfile without success.

    Here the FQANs that I want to map:

    x509UserProxyFQAN =  
    "/DC=org/DC=incommon/C=US/ST=Illinois/L=Batavia/O=Fermi Research  
    Alliance/OU=Fermilab/CN=blabla.bla.gov,/dune/Role=pilot/Capability=NULL,/dune/Role=NULL/Capability=NULL"
    x509UserProxyFQAN = "/DC=ch/DC=cern/OU=Organic  
    Units/OU=Users/CN=user/CN=0000/CN=Name Last  
    name,/lhcb/Role=pilot/Capability=NULL,/lhcb/Role=NULL/Capability=NULL"
    x509UserProxyFQAN = "/DC=ch/DC=cern/OU=Organic  
    Units/OU=Users/CN=user/CN=0000/CN=Name Last  
    name/alice/Role=NULL/Capability=NULL,/alice/alarm/Role=NULL/Capability=NULL,/alice/lcg1/Role=NULL/Capability=NULL,/alice/team/Role=NULL/Capability=NULL"

    Here my configuration files:

    *******************
    Extract of condor_mapfile
    *******************
    GSI ".*,\/alice\/Role\=.*" user_alice
    GSI ".*,\/lhcb\/Role\=.*" user_lhcb
    GSI ".*,\/dune\/Role\=.*" user_dune
    GSI (.*) user_others
    CLAIMTOBE .* anonymous@claimtobe
    FS (.*) \1

    **********EOF**************

    Extract of Job_router:
    ************************
    JOB_ROUTER_ENTRIES @=jre
    [
       TargetUniverse = 5;
         name = "Filtering alice jobs";
       Requirements = regexp("\/alice\/Role\=*", TARGET.x509UserProxyFirstFQAN);
    ]
    @jre

    JOB_ROUTER_ENTRIES @=jre
    [
       TargetUniverse = 5;
         name = "Filtering LHCb jobs";
       Requirements = regexp("\/lhcb\/Role\=*", TARGET.x509UserProxyFirstFQAN);
    ]
    @jre


    JOB_ROUTER_ENTRIES @=jre
    [
       TargetUniverse = 5;
         name = "Filtering Dune jobs";
       Requirements = regexp("\/dune\/Role\=*", TARGET.x509UserProxyFirstFQAN);
    ]
    @jre


    **********EOF**************


    What I'm doing wrong ?


    Best regards,

    Eraldo Jr
    _______________________________________________
    HTCondor-users mailing list
    To unsubscribe, send a message to htcondor-users-request@xxxxxxxxxxx with a
    subject: Unsubscribe
    You can also unsubscribe by visiting
    https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.cs.wisc.edu_mailman_listinfo_htcondor-2Dusers&d=DwICAg&c=gRgGjJ3BkIsb5y6s49QqsA&r=10BCTK25QMgkMYibLRbpYg&m=7mm0Vz8q3m1eRLzFRLCEDFueOA0rR1XiNHutH6g7WbU&s=46zAshCZz6iRIAJMlM9igeh7kZChubbKqqKd0n8mQFE&e= 

    The archives can be found at:
    https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.cs.wisc.edu_archive_htcondor-2Dusers_&d=DwICAg&c=gRgGjJ3BkIsb5y6s49QqsA&r=10BCTK25QMgkMYibLRbpYg&m=7mm0Vz8q3m1eRLzFRLCEDFueOA0rR1XiNHutH6g7WbU&s=XdFy4JUyPdSdbVlYqbfy9oy13PCFWAp_0K8_4n5jIPQ&e=

References:
- [HTCondor-users] Condor mapfile
  - From: ejunior
- Re: [HTCondor-users] Condor mapfile
  - From: Steven C Timm

Prev by Date: [HTCondor-users] sanity check on preemption
Next by Date: [HTCondor-users] Configuration Macro list for HTCondor Templates?
Previous by thread: Re: [HTCondor-users] Condor mapfile
Next by thread: Re: [HTCondor-users] Condor mapfile
Index(es):
- Date
- Thread

Mailing List Archives

Public Access

Re: [HTCondor-users] Condor mapfile