HTCondor Project List Archives



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Condor-devel] information regarding ticket 1264



Hello,

I'm not sure how I can create an account to contribute information on the 
tracker. Does submitting bug reports require signing a CLA? 

Concerning ticket 1264 (https://condor-
wiki.cs.wisc.edu/index.cgi/tktview?tn=1264,56) "windows daemon refuse to 
shutdown", I have a very similar issue on 2 computers running win2k3 + condor 
7.4.1. 

One of the computer is acting as Central Manager and runs Credd (using 
instructions from the condor_config.credd sample file and the documentation). On 
that computer, stopping the Condor service with net stop condor or the 
services.msc tool will hang. While the service stopping is hanging, there are 
two condor executables running: condor_credd.exe and condor_master.exe. 
Killing condor_credd (through the Task Manager) will allow condor_master to 
terminate correctly. 

The other computer is used to run jobs. It does not run condor_credd. On that 
machine, stopping the service works correctly. 

Here's the condor_config.local file used on the Central Manager:


--------------------------8<----------------------------------
UID_DOMAIN = MELINDA.local

## ALLOW_ADMINISTRATOR = *
## ALLOW_WRITE = *
ALLOW_READ = *
ALLOW_WRITE = */XS205803.MELINDA.local, */XS205804.MELINDA.local
ALLOW_ADMINISTRATOR = */XS205803.MELINDA.local, */XS205804.MELINDA.local
ALLOW_CONFIG = */XS205803.MELINDA.local, */XS205804.MELINDA.local

#ALL_DEBUG = D_ALL
ADD_WINDOWS_FIREWALL_EXCEPTION = False
WINDOWS_FIREWALL_FAILURE_RETRY = 1

# CREDD settings from c:\condor\etc\confor_config.local.credd
CREDD_HOST = XS205803.MELINDA.local
STARTER_ALLOW_RUNAS_OWNER = True
CREDD_CACHE_LOCALLY = True

# Make environment variables accessible
JOB_INHERITS_STARTER_ENVIRONMENT = true

######################################################################
##
##  condor_config.credd
##
##  This is the default local configuration file for the machine
##  running the condor_credd.  You should copy this file to the
##  appropriate location and customize it for your needs.  
##
######################################################################

## Note: The following settings will need to be present in your
## global config file:
##
##   CREDD_HOST = my-credd.cs.wisc.edu
##   STARTER_ALLOW_RUNAS_OWNER = True
##   CREDD_CACHE_LOCALLY = True
##
## You'll also need to ensure that clients are configured to use
## PASSWORD authentication on any machine that can run jobs as the
## submitting user. For example,
##
##   SEC_CLIENT_AUTHENTICATION_METHODS = NTSSPI, PASSWORD
##
## And finally, you'll need to enable CONFIG-level access for all
## machines in the pool so that the pool password can be stored:
##
##   ALLOW_CONFIG = Administrator@*
##   SEC_CONFIG_NEGOTIATION = REQUIRED
##   SEC_CONFIG_AUTHENTICATION = REQUIRED
##   SEC_CONFIG_ENCRYPTION = REQUIRED
##   SEC_CONFIG_INTEGRITY = REQUIRED
##
## See the "Executing Jobs as the Submitting User" section of the
## Condor manual for further details.

## CREDD_SETTINGS

## CREDD logging settings
## Customize these if you wish.
CREDD_LOG = $(LOG)/CreddLog
CREDD_DEBUG = D_COMMAND
MAX_CREDD_LOG = 50000000

#################################################
## CREDD Expert settings
## Everyting below is for the UBER-KNOWLEDGEABLE only!
## Do not change these unless you know what you do!
#################################################


DAEMON_LIST = $(DAEMON_LIST), CREDD
#DC_DAEMON_LIST = \
#MASTER, STARTD, SCHEDD, KBDD, COLLECTOR, NEGOTIATOR, EVENTD, \
#VIEW_SERVER, CONDOR_VIEW, VIEW_COLLECTOR, HAWKEYE, CREDD, HAD, \
#QUILL

CREDD    = $(SBIN)/condor_credd.exe

# Timeout session quickly since we normally only get contacted
# once per starter
SEC_CREDD_SESSION_TIMEOUT = 10


# Set security settings so that full security to the credd is required
CREDD.SEC_DEFAULT_AUTHENTICATION =REQUIRED
CREDD.SEC_DEFAULT_ENCRYPTION = REQUIRED
CREDD.SEC_DEFAULT_INTEGRITY = REQUIRED
CREDD.SEC_DEFAULT_NEGOTIATION = REQUIRED 

# Require PASSWORD auth for password fetching
CREDD.SEC_DAEMON_AUTHENTICATION_METHODS = PASSWORD

# Only honor password fetch requests to the trusted "condor_pool" user
CREDD.ALLOW_DAEMON = condor_pool@$(UID_DOMAIN)

# Require NTSSPI for storing credentials
CREDD.SEC_DEFAULT_AUTHENTICATION_METHODS = NTSSPI

--------------------------8<----------------------------------

Thanks for developping Condor. 

-- 
Alexandre Fayolle                              LOGILAB, Paris (France)
Formations Python, CubicWeb, Debian :  http://www.logilab.fr/formations
Développement logiciel sur mesure :      http://www.logilab.fr/services
Informatique scientifique:               http://www.logilab.fr/science