Re: [HTCondor-users] CCB for multiple pools

[Jaime Frey <jfrey@xxxxxxxxxxx>]

All daemons in a pool must be able to directly connect via TCP to your collector daemon. Connecting to the collector cannot involve the use of CCB. So the outside execute nodes you mention cannot be part of the Condor pool thatâs based in the private network.

If youâre describing a case of flocking (where these execute nodes are part of a different Condor pool), the setup you describe can work (central manager in private network, CCB server on public node). But those execute nodes must be publicly contactable (i.e. not inside another private network or behind a firewall).

One host can serve as the CCB server for multiple Condor pools. You would probably want a separate Condor instance for each pool (each using a different well-known port). Some security configurations will require this separation.

 - Jaime

> On Jul 13, 2022, at 8:15 AM, Marco Mambelli via HTCondor-users <htcondor-users@xxxxxxxxxxx> wrote:
> 
> Hi everyone,
> I have a test cluster with condor pools that need to talk w/ execute nodes outside of it, in private networks.
> If the central manager has bidirectional access I can run CCB on the same host to make everything work.
> But this is not the case (recent policy change), I have only one host that can be visible from the outside.
> Schedd and central manager are both in the cluster with only outbound connectivity.
> 
> I was thinking to run the CCB separate from the collector, on the host visible from the outside.
> Is it possible to have a single host being CCB for multiple collectors (separate pools)?
> If yes, do I have to run multiple CCBs on separate HTCondor installations, one per pool?
> How many ports will I need open from the outside to this host?
> 
> Would there be another solution that you recommend instead?
> 
> Thank you,
> Marco
>