Mailing List Archives
Authenticated access
|
|
![[Computer Systems Lab]](http://www.cs.wisc.edu/pics/csl_logo.gif)
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [Condor-users] condor on windows server 2003
- Date: Thu, 2 Dec 2004 13:59:14 -0500
- From: "Ian Chesal" <ICHESAL@xxxxxxxxxx>
- Subject: RE: [Condor-users] condor on windows server 2003
When I do condor_store_cred without any options I get:
Usage: condor_store_cred.exe [options] action
where action is one of:
add (Add your credential to secure storage)
delete (Remove your credential from secure storage)
query (Check if your credential has been stored)
and where [options] is one or more of:
-u username (use the specified username)
-p password (use the specified password rather than prompting)
-h (display this message)
So presumably your first request is there:
condor_store_cred -u condor -p abc123 add
That would take care of it.
As for Have you looked at condor_store_cred on unix? It's a whole other beast. If I do condor_store_cred -h on unix I see:
Usage: condor_store_cred [options] [cmdfile]
Valid options:
-v verbose output
-s <host> submit to the specified credd
(e.g. "-s myhost.cs.wisc.edu")
-f <file> specify where credential is stored
-n <name> specify credential name
-m [user@]host[:port] specify MyProxy user/server
(e.g. "-m wright@xxxxxxxxxxxxxxxxxxx:1234")
-D <DN> specify myproxy server DN (if not standard)
(e.g. "-D '/CN=My/CN=Proxy/O=Host'")
-h print this message
With this inteface you can talk to another host to store your credentials remotely. I second your request for remote updates from the windows version of condor_store_cred.
Oh, I should mention that I'm using 6.7.2 so the functionality may be different.
Ian
> -----Original Message-----
> From: condor-users-bounces@xxxxxxxxxxx
> [mailto:condor-users-bounces@xxxxxxxxxxx] On Behalf Of Bryan S. Maher
> Sent: December 2, 2004 12:36 PM
> To: Condor-Users Mail List
> Subject: RE: [Condor-users] condor on windows server 2003
>
> Bob,
>
> Yes, unfortunately, you need to run the condor_store_cred on
> all the execute nodes as user CONDOR (or whatever you are
> using as your dedicated username.)
>
> Along these lines, I was going to chime in on the
> condor_store_cred wish list thread a few days back. It would
> be nice if store_cred could:
>
> 1) take a username AND password on the command line. This
> would allow store_cred to be used in administrative scripts
> to install credentials for dedicated accounts.
>
> 2) configure credentials on a remote host via hostname
> command line argument. This would be even nicer as an
> administrator (or user) could add credentials as needed from
> one desktop.
>
> -Bryan
>
> -----Original Message-----
> From: condor-users-bounces@xxxxxxxxxxx
> [mailto:condor-users-bounces@xxxxxxxxxxx] On Behalf Of
> Robert.Nordlund@xxxxxxxxxxxxxxxx
> Sent: Thursday, December 02, 2004 11:56 AM
> To: Condor-Users Mail List
> Subject: RE: [Condor-users] condor on windows server 2003
>
>
>
>
>
> Bryan,
>
> Does condor need to know the passwords for the VM1_USER
> accounts? Do you have to run condor_store_cred on every machine?
>
> Thanks,
> Bob Nordlund
>
>
>
> |---------+-------------------------------->
> | | "Bryan S. Maher" |
> | | <Bryan.Maher@xxxxxxxx|
> | | du> |
> | | Sent by: |
> | | condor-users-bounces@|
> | | cs.wisc.edu |
> | | |
> | | |
> | | 12/02/2004 11:43 AM |
> | | Please respond to |
> | | Condor-Users Mail |
> | | List |
> | | |
> |---------+-------------------------------->
>
> >-------------------------------------------------------------
> -----------------------------------------------------------------|
> |
> |
> | To: "Condor-Users Mail List"
> <condor-users@xxxxxxxxxxx>
> |
> | cc:
> |
> | Subject: RE: [Condor-users] condor on windows
> server 2003
> |
>
> >-------------------------------------------------------------
> -----------------------------------------------------------------|
>
>
>
>
> Ian,
>
> I have the following in my condor_config file:
>
> VM1_USER = MYDOMAIN\CONDOR
> EXECUTE_LOGIN_IS_DEDICATED = TRUE
>
> According to Collin, making the login dedicated allows condor
> to assume all processes in that user context belong to the
> job and can be managed accordingly. Any processes running in
> the CONDOR user context will be killed if a job is killed.
> By consequence, jobs vacated by VM1 would kill jobs run by
> VM2. You do not have to dedicate the user login.
> Alternately, you could create multiple domain user accounts
> like CONDOR-VM1 and
> CONDOR-VM2 and dedicate one to each of the VM's on your machines.
>
> -Bryan
>
>
> -----Original Message-----
> From: condor-users-bounces@xxxxxxxxxxx
> [mailto:condor-users-bounces@xxxxxxxxxxx] On Behalf Of Ian Chesal
> Sent: Thursday, December 02, 2004 10:50 AM
> To: Condor-Users Mail List; oliver@xxxxxxxxxxxx
> Subject: RE: [Condor-users] condor on windows server 2003
>
> I have a question about running condor jobs as users other
> than condor-reuse-vm? -- does this affect how well condor can
> clean up errant processes? Does conder use the unique
> condor-reuse-vm? user names to identify processes and
> sub-processes to kill when a job gets vacated from a machine?
> If this is the case, will vm1 and vm2 jobs now kill each
> other off if they are vacating the machine?
>
> Ian
>
> > -----Original Message-----
> > From: condor-users-bounces@xxxxxxxxxxx
> > [mailto:condor-users-bounces@xxxxxxxxxxx] On Behalf Of
> Bryan S. Maher
> > Sent: December 2, 2004 10:35 AM
> > To: oliver@xxxxxxxxxxxx; Condor-Users Mail List
> > Subject: RE: [Condor-users] condor on windows server 2003
> >
> > Oliver,
> >
> > I have a dedicated pool of 14 compute nodes all of which
> are running
> > Windows 2003 Server. I had the same problem until I added the
> > condor-reuse-vm? user to the administrator's group.
> > After that, things worked fine. If you look in the
> starter log, you
> > will see " Create_Process: CreateProcess failed, errno=5"
> which is the
> > WIN32 error "Access is denied."
> >
> > I also experienced this problem on 1 out of 3 (approximately) of my
> > Windows XP machines. I'm at a loss to explain why the default
> > installation worked on some machines and not others since
> every one of
> > my workstations is built from the same standard RIS
> deployment image.
> >
> > I started with v.6.6.6 on my execution nodes. Since then,
> the entire
> > pool was upgraded to v6.6.7. These versions will work on
> Windows 2003
> > Server.
> >
> > In my configuration, I created a domain user called CONDOR and
> > specified jobs to run using MYDOMAIN\CONDOR as a dedicated user. I
> > configured my execution nodes to use MYDOMAIN\CONDOR in lieu of
> > condor-reuse-vm?. This allows my jobs to access domain
> network shares
> > at runtime. Note that this is also a potential security hole
> > depending on the permissions you give to CONDOR. In my
> case, I had to
> > make CONDOR an administrator on all the compute nodes just to get
> > things to run. I was assured by folks at the cs.wisc that this
> > shouldn't be necessary but I just can't get it to run otherwise.
> >
> > -Bryan
> >
> > -----Original Message-----
> > From: condor-users-bounces@xxxxxxxxxxx
> > [mailto:condor-users-bounces@xxxxxxxxxxx] On Behalf Of Oliver Hotz
> > Sent: Thursday, December 02, 2004 10:23 AM
> > To: 'Björn Baumeier'; 'Condor-Users Mail List'
> > Subject: RE: [Condor-users] condor on windows server 2003
> >
> > I put up some more information
> >
> > www.heimlich.net/~oliver/condor
> >
> > here you can find the log files.. maybe somebody can make
> something of
> > it.
> >
> > It is matching the Winnt52 correctly
> >
> >
> >
> > -----Original Message-----
> > From: Björn Baumeier [mailto:baumeier@xxxxxxxxxxxxxxxxxxx]
> > Sent: Wednesday, December 01, 2004 11:43 PM
> > To: oliver@xxxxxxxxxxxx; 'Condor-Users Mail List'
> > Subject: AW: [Condor-users] condor on windows server 2003
> >
> > Hello Oliver!
> >
> > We are running a Windows 2003 Server in terminalserver mode to
> > function as central submit node in our pool. The condor version we
> > installed is 6.6.6 and things are working fine without any
> additional
> > settings. However, since we don't use the server as a
> compute node, I
> > can't tell if there is any trouble with that.
> >
> > Can you submit jobs from the server to other node in the pool?
> > If you try to submit to the server, what does "condor_q -analyse"
> > produce?
> > If I am not completely wrong, Windows Server 2003 has
> "OpSys=WINNT52"
> > whereas a Windows XP system has "OpSys=WINNT51". So maybe
> no match has
> > been found.
> >
> > Bjoern
> >
> >
> >
> >
> > ------------------------------------------------------
> > Björn Baumeier baumeier@xxxxxxxxxxxxxxxxxxx
> > Universität Münster
> > Institut für Festkörpertheorie
> > Wilhelm-Klemm-Strasse 10
> > D-48149 Münster
> > Tel. +49 251 83 - 33583
> > ------------------------------------------------------
> >
> > -----Ursprüngliche Nachricht-----
> > Von: condor-users-bounces@xxxxxxxxxxx
> > [mailto:condor-users-bounces@xxxxxxxxxxx] Im Auftrag von Oliver Hotz
> > Gesendet: Donnerstag, 2. Dezember 2004 03:24
> > An: 'Condor-Users Mail List'
> > Betreff: [Condor-users] condor on windows server 2003
> >
> > Hey guys..
> >
> > I am having some extreme problems with getting condor to run on
> > windows server 2003.
> >
> > I know its probably some sort of permissions or security
> policy thing,
> > but I just don`t know what.
> >
> > I installed everything on windows xp pro, and a simple .bat file
> > (creating an empty text document on c:\) works just fine.
> >
> > However, when I try to do the same thing on windows server
> 2003, same
> > condor config, same installation, the file never gets
> written to c:\..
> > neither do I get a error log or output log for that .sub/bat file.
> >
> > Any ideas ?.. anyone that has gotten condor to work on windows 2003
> > server and knows its working ?.. what kind of security policies did
> > you change, etc ?.. I really thought I have tried everything
> > possible.. I just can't think of anything... this is with
> condor 6.7.2
> >
> > oliver
> >
> >
> > _______________________________________________
> > Condor-users mailing list
> > Condor-users@xxxxxxxxxxx
> > http://lists.cs.wisc.edu/mailman/listinfo/condor-users
> >
> >
> > _______________________________________________
> > Condor-users mailing list
> > Condor-users@xxxxxxxxxxx
> > http://lists.cs.wisc.edu/mailman/listinfo/condor-users
> >
> >
> >
> > _______________________________________________
> > Condor-users mailing list
> > Condor-users@xxxxxxxxxxx
> > http://lists.cs.wisc.edu/mailman/listinfo/condor-users
> >
>
> _______________________________________________
> Condor-users mailing list
> Condor-users@xxxxxxxxxxx
> http://lists.cs.wisc.edu/mailman/listinfo/condor-users
>
>
>
> _______________________________________________
> Condor-users mailing list
> Condor-users@xxxxxxxxxxx
> http://lists.cs.wisc.edu/mailman/listinfo/condor-users
>
>
>
>
>
> **************************************************************
> ***********
> PRIVILEGED AND CONFIDENTIAL: This communication, including
> attachments, is for the exclusive use of addressee and may
> contain proprietary, confidential and/or privileged
> information. If you are not the intended recipient, any use,
> copying, disclosure, dissemination or distribution is
> strictly prohibited. If you are not the intended recipient,
> please notify the sender immediately by return e-mail, delete
> this communication and destroy all copies.
> **************************************************************
> ***********
>
>
> _______________________________________________
> Condor-users mailing list
> Condor-users@xxxxxxxxxxx
> http://lists.cs.wisc.edu/mailman/listinfo/condor-users
>
>
>
> _______________________________________________
> Condor-users mailing list
> Condor-users@xxxxxxxxxxx
> http://lists.cs.wisc.edu/mailman/listinfo/condor-users
>