[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [HTCondor-users] Adding a Windows node to an existing Linux-Pool
- Date: Tue, 08 Jun 2021 12:24:47 +0200
- From: Darius Jakobeit <jakobeit@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Subject: Re: [HTCondor-users] Adding a Windows node to an existing Linux-Pool
first of all thanks for your effort in helping me.
The output of "condor_config_val -summary" is the following:
PS C:\Windows\system32> condor_config_val -summary
# condor_config_val $CondorVersion: 9.0.2 May 09 2021 BuildID: 540227 DAILY $
# from C:\condor\condor_config
RELEASE_DIR = C:\condor
LOCAL_CONFIG_FILE = $(LOCAL_DIR)\condor_config.local
LOCAL_CONFIG_DIR = $(LOCAL_DIR)\config
ALLOW_ADMINISTRATOR = SYSTEM@* condor_pool@* Administrator@* jakobeit@*
ALLOW_DAEMON = SYSTEM@* condor_pool@*
ALLOW_NEGOTIATOR = SYSTEM@* condor_pool@*
ALLOW_READ = *
ALLOW_WRITE = *
SEC_DEFAULT_AUTHENTICATION = required
SEC_DEFAULT_ENCRYPTION = required
SEC_DEFAULT_INTEGRITY = required
SEC_READ_AUTHENTICATION = OPTIONAL
SEC_READ_ENCRYPTION = OPTIONAL
SEC_READ_INTEGRITY = OPTIONAL
SECURITY_MODEL = 9.0
INSTALL_USER = jakobeit
CONDOR_HOST = 220.127.116.11
CONTINUE = ($(CPUIdle) && ($(ActivityTimer) > 10) && (KeyboardIdle >
IS_OWNER = (START =?= False)
MaxJobRetirementTime = 0
PREEMPT = (((Activity == "Suspended") && ($(ActivityTimer) >
$(MaxSuspendTime))) || (SUSPEND && (WANT_SUSPEND == False)))
START = ((KeyboardIdle > $(StartIdleTime)) && ( $(CPUIdle) || (State
!= "Unclaimed" && State != "Owner")) )
SUSPEND = ($(KeyboardBusy) || ( (CpuBusyTime > 120) &&
$(ActivationTimer) > 90))
WANT_SUSPEND = ($(SmallJob) || $(KeyboardNotBusy) || $(IsVanilla) ) &&
WANT_VACATE = $(ActivationTimer) > 600 || $(IsVanilla)
DAEMON_LIST = MASTER STARTD KBDD
There is a tokens.sk and a tokens.d directory. From what I have
gathered from your mail I should use an IDTOKEN authentication to join
the Windows node into the existing Linux node.
I have tried to follow this guide:
I have generated a new token using condor_token_create -identity -file
and saved the file in both SEC_TOKEN_SYSTEM_DIRECTORYs (since I wasn't
sure whether to do it only for the user). However, that didn't change
anything for my problem.
Whatever I am trying I get the following:
PS C:\Windows\system32> condor_status -debug
06/08/21 11:43:01 TOKEN: No token found.
06/08/21 11:43:01 SECMAN: required authentication with collector at
<18.104.22.168:9618> failed, so aborting command QUERY_STARTD_ADS.
Error: communication error
AUTHENTICATE:1003:Failed to authenticate with any method
AUTHENTICATE:1004:Failed to authenticate using IDTOKENS
It says "No token found" even though there are tokens in the
SEC_TOKEN_SYSTEM_DIRECTORY. It is also definitely defined:
PS C:\Windows\system32> condor_config_val -v SEC_TOKEN_SYSTEM_DIRECTORY
SEC_TOKEN_SYSTEM_DIRECTORY = C:\condor\tokens.d
# at: <Default>
# raw: SEC_TOKEN_SYSTEM_DIRECTORY = $(RELEASE_DIR)\tokens.d
Maybe I still have some basic misunderstanding regarding the whole
authentication process. Do you see what I did incorrectly?
Date: Mon, 7 Jun 2021 14:39:14 +0000
From: John M Knoeller <johnkn@xxxxxxxxxxx>
To: "htcondor-users@xxxxxxxxxxx" <htcondor-users@xxxxxxxxxxx>
Subject: Re: [HTCondor-users] Adding a Windows node to an existing
Content-Type: text/plain; charset="us-ascii"
The Windows installer should have given the user that ran the
installer ADMINSTRATOR access. Lets check that. please run
On your windows box and post the output.
The Windows installer should also have created a tokens.d directory
and a tokens.sk directory under the directory where HTCondor is
installed (usually C:\Condor). On Windows, the tokens.sk directory
is where HTCondor looks for IDTOKEN signing keys, so this directory
is the equivalent of passwords.d on a Linux machine for IDTOKEN auth
(but not for PASSWORD auth).
You should not need to store a pool password on a Windows machine
unless you intend to use PASSWORD authentication between daemons.
Unlike on Linux, HTCondor Windows never uses the pool password as
part of IDTOKEN authentication because the pool password on Windows
is actually stored in the registry.
To use IDTOKEN authentication, it should be sufficient for whatever
machine is running the condor_collector to have authorization for
the Windows machine to join the pool.
If you want to be able to issue tokens from the Windows machine, you
can copy the POOL file from passwords.d on one of your Linux hosts
to tokens.sk on the Windows machine.
If you want to investigate why condor_store_cred add -c is not
working, try adding this to your condor_config.loca file.
ALL_DEBUG = $(ALL_DEBUG) D_CAT
debug_cmd = D_FULLDEBUG D_SECURITY:1 D_COMMAND:1
MASTER_DEBUG = $(MASTER_DEBUG) $(debug_cmd)
TOOL_DEBUG = $(TOOL_DEBUG) $(debug_cmd)
condor_config_val add -c -debug
And look at the debug output of this command as well as the
MasterLog for that same time period.
From: HTCondor-users <htcondor-users-bounces@xxxxxxxxxxx> on behalf
of Darius Jakobeit <jakobeit@xxxxxxxxxxxxxxxxxxxxxxxxx>
Sent: Friday, June 4, 2021 7:45 AM
To: htcondor-users@xxxxxxxxxxx <htcondor-users@xxxxxxxxxxx>
Subject: [HTCondor-users] Adding a Windows node to an existing Linux-Pool
I am currently trying to wrap my head around how to add a Windows 10
node to an existing Linux-Pool (Ubuntu 20.04, HTCondor V. 9.0.0).
How did I set up the Linux pool? I followed the instructions here:
Using the get_htcondor script with a GET_HTCONDOR_PASSWORD. That
worked like a charm. Now I want to add another execute node which is
using the Windows 10 operation system. For that I installed HTCondor
there using these instructions:
Now the problem here is, that I couldn't enter any HTCondor password
during the steps in the GUI. A following "condor_status" in powershell
gave me some authentification errors. From how I have understood the
manual I think I am supposed to set the pool password with
"condor_store_cred add -c". However, when I am trying to set the pool
password with this command I am getting the following error:
"Operation failed. Make sure you have CONFIG access to the target Master."
Can anybody help me here?