[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [HTCondor-users] best way to use cached data
- Date: Sat, 19 Jan 2013 13:02:01 -0500
- From: Matthew Farrellee <matt@xxxxxxxxxx>
- Subject: Re: [HTCondor-users] best way to use cached data
On 01/12/2013 12:21 PM, Dimitri Maziuk wrote:
On 1/12/2013 6:26 AM, Matthew Farrellee wrote:
I've had success with startd cron for advertising the contents of a
cache, and highly recommend it over configuration changes.
As I understand startd cron, you configure your nodes to periodically
run a script that publishes custom attributes, and the way a regular
Yes, where you == administrator.
user would publish their custom attributes is by modifying the script.
(Or am I missing something?)
No, the administrator needs to control the script. It should: gather |
sanitize | publish. gather could be as simple as ls /thecache.
The script runs as condor (root) user, so security-wise this is worse
than letting them 'sudo condor-reconfig' as now they can run anything as
condor.
Security-wise giving the job owner the ability to change configuration
on a node is equivalent to giving them a setuid-root script to run.
Either way, my point was that doesn't work when you're shipping
(flocking, gliding) jobs off-site and have no control over execute nodes
whatsoever.
If you are crossing administrative domains, neither solution will work
without cross-organizational agreement. I expect you'll have a simpler
time asking for a startd cron to be run than allowing jobs to alter node
configuration.
Best,
matt