[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [condor-users] Flocking problems

Dan Bradley wrote:

James Wilgenbusch wrote:

I have a two condor pools and would like to allow each pool equal access to the other's resources. One pool consists of a 16 machines in the 192.168.0 name space (let's call this pool A). The 16 machines are attached to a central manager that is open to the world. All the nodes in the other pool (say pool B) are visible to the world. I've configured both pools to using the FLOCK_TO/FLOCK_FROM config flags but still I'm having some problems.

A solution for this scenario (flocking into private networks) is currently in development. Until it is released, there is essentially no way to flock into a pool with nodes that are inaccessible to the submitter.

One solution is to set up a Globus gatekeeper on a public node that has access to the private pool and submit jobs directly to the gatekeeper via Condor-G.

An alternative which we are also using is a dedicated Virtual Private Network (VPN) based on secnet [1], with all participating machines having an (additional) IP address in this VPN. Only a single machine (the VPN gateway) from a particular pool (your 198.168. pool) needs to have external access, and then only via a single UDP port for a relatively small number of machines (the other VPN gateways, one each for any other flocked pool). All other machines belonging to your 198.168 pool now tunnel their ‘Condor traffic’ through that gateway, regardless of whether they have a private IP addresses. An added bonus is that traffic between different gateways is automatically encrypted, adding a layer of security to the model. However, running such a VPN raises its own security issues, since institutional firewalls are effectively bypassed by this mechanism, so extreme care needs to be taken both in administering the gateway and in formulating an appropriate security model.

We also run a Globus interface as Dan's mentioned, but the model mentioned above keeps it 'purely' Condor.

[1] http://www.chiark.greenend.org.uk/~secnet/



Dr Mark Calleja
Department of Earth Sciences, University of Cambridge
Downing Street, Cambridge CB2 3EQ, UK
Tel. (+44/0) 1223 333408, Fax  (+44/0) 1223 333450

Condor Support Information: http://www.cs.wisc.edu/condor/condor-support/ To Unsubscribe, send mail to majordomo@xxxxxxxxxxx with unsubscribe condor-users <your_email_address>