Mailing List Archives Public Access	UW Madison Computer Sciences Department Computer Systems Lab

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [HTCondor-users] Minor problems with two configuration templates

Date: Mon, 30 Nov 2020 22:56:45 +0000
From: John M Knoeller <johnkn@xxxxxxxxxxx>
Subject: Re: [HTCondor-users] Minor problems with two configuration templates

Good catches,  These mataknobs are indeed a bit broken. 

1.  Authentication

When $(FULL_HOSTNAME) is not the same as $(UID_DOMAIN), then ALLOW_OWNER and ALLOW_WRITE need to have additional clauses.

The most restrictive thing would be to add $(authuser)@$(UID_DOMAIN)/$(FULL_HOSTNAME) to both of these, but just
adding $(authuser)@$(UID_DOMAIN) would work, although this is not as restrictive.   The problem with using $(FULL_HOSTNAME) in this context is that it doesn't always have the correct value when HTCondor is not rootly, or when DNS name resolution is not available for the Condor instance (running in a container, for instance).  

2. Remote config feature

Yes preen should not be deleting these files.   The easy fix is to add this to your configuration.

VALID_SPOOL_FILES = $(VALID_SPOOL_FILES)  .config.*

It is actually quite difficult to fix the Remote_Config metaknob to do this automatically using the actual name of the
persistent knob.  As you discovered, it is illegal to have a () inside the body of the $STRING() macro expansion, so you
have to use a temporary variable to hold the tolower() classad expression.

Something like this would work

SPOOL_CONFIG_FILES = $(SPOOL_CONFIG_FILES)  .config.*.KNOB_NAME
SPOOL_CONFIG_FILES_lc = toLower("$(SPOOL_CONFIG_FILES)")
VALID_SPOOL_FILES = $(VALID_SPOOL_FILES) $STRING(SPOOL_CONFIG_FILES_lc)

But this does not work well if you have more than one config knob that you want to change remotely. We will most likely
fix this problem by adding something like .config.* to SYSTEM_VALID_SPOOL_FILES, or switching to a different directory
for the persistent config files.

Thanks for letting us know about these issues.
-tj



-----Original Message-----
From: HTCondor-users <htcondor-users-bounces@xxxxxxxxxxx> On Behalf Of David Rebatto
Sent: Friday, November 27, 2020 10:25 PM
To: HTCondor-Users Mail List <htcondor-users@xxxxxxxxxxx>
Subject: [HTCondor-users] Minor problems with two configuration templates

Hi,

I am trying to configure a test cluster using templates as much as possible, to keep the configuration files clean and readable.
I have encountered two minor problems:

1. Authentication
use SECURITY:USER_BASED defines ALLOW_OWNER as
     $(authuser)@$(FULL_HOSTNAME) $(authuser)@$(IP_ADDRESS)
but when I issue a 'condor_vacate' command, I am authenticated as
    $(authuser)@$(UID_DOMAIN)/$(FULL_HOSTNAME)
so I get a PERMISSION DENIED.

Can be solved by redefining explicitly the ALLOW_OWNER macro after 'use SECURITY:USER_BASED', with the proper value.
I wonder if the original definition is wrong, or can be useful in a different context.

2. Remote config feature
use FEATURE:Remote_Config(MyAttr) defines PERSISTENT_CONFIG_DIR=$(SPOOL) but it doesnât add a corresponding value to SPOOL_VALID_FILES.
If the file '$(SPOOL)/.config.STARTD.myattr' is removed by condor_preen, a subsequent 'condor_reconfig' command fails to read the configuration (Configuration Error Line 0 can't open file while reading  persistent config source: <the file path>) and the startd is restarted instead of reconfigured, aborting all the running jobs.

Can be solved by adding 'SPOOL_VALID_FILES = $(SPOOL_VALID_FILES) .config.STARTD.myattr', or using a different, not preened PERSISTENT_CONFIG_DIR.
I tried to imagine how to include that in the template, but I am having a hard time using both $STRING and toLower() in the same macro.
A plain $STRING(toLower($(0)),.config.STARTD.%s) doesnât work, I guess because I cannot have a ')' in the first argument of $STRING.
Is there a workaround for this?

-- 
David Rebatto
I.N.F.N. - Sezione di Milano
Via Celoria, 16 - 20133 Milano ITALY
tel: +39 02503.17623 e-mail: David.Rebatto@xxxxxxxxxx
URL: http://www.mi.infn.it/~rebatto

"There are 10 kinds of people in the world:
those who understand binary and those who don't..."


_______________________________________________
HTCondor-users mailing list
To unsubscribe, send a message to htcondor-users-request@xxxxxxxxxxx with a
subject: Unsubscribe
You can also unsubscribe by visiting
https://lists.cs.wisc.edu/mailman/listinfo/htcondor-users

The archives can be found at:
https://lists.cs.wisc.edu/archive/htcondor-users/

References:
- [HTCondor-users] Minor problems with two configuration templates
  - From: David Rebatto

Prev by Date: Re: [HTCondor-users] GPUsUsage
Next by Date: [HTCondor-users] Question about scitoken authZ support
Previous by thread: [HTCondor-users] Minor problems with two configuration templates
Next by thread: [HTCondor-users] GPUsUsage
Index(es):
- Date
- Thread

Mailing List Archives

Public Access

Re: [HTCondor-users] Minor problems with two configuration templates