Re: [Condor-users] help with MyProxy and Condor

[Emir Imamagic <eimamagi@xxxxxxx>]

Hi,

I've been using it for quite a while.

- First you should create MyProxy wrapper script (e.g. 
/usr/local/globus-4.0.1/libexec/myproxy-get-delegation.condor):
#!/bin/sh
export LD_LIBRARY_PATH=/usr/local/globus-4.0.1/lib
/usr/local/globus-4.0.1/bin/myproxy-get-delegation $@

and set MYPROXY_GET_DELEGATION option to that instead directly to binary 
/usr/local/globus-4.0.1/bin/myproxy-get-delegation.


- Create MyProxy certificate:
myproxy-init -x -r "<CertSubjectLine>" -l root -k condor -s myproxy.host


- Submit script should be similar to this one:
 executable=MyTest
 MyProxyHost     = myproxy.host:7512
 MyProxyCredentialName = condor
 MyProxyPassword = MyPa88word
 universe=grid
 grid_type=gt2
 log=condorG.log
 output=MyTest.out
 error=MyTest.err
 globusscheduler=mygrid.host
 queue

- You can also set MyProxyRefreshThreshold option in submit script to a 
large value in order to force Condor to refresh certificate straight 
away and trace Gridmanager log (/tmp/Gridmanager.<username>) to see what 
will happen.

Hope this help,
emir


Olga Kornievskaia wrote:
> I was wondering if there is anybody out there who is currently has a 
> working setup of Condor that uses MyProxy to renew credentials. If so, I 
> was wondering if you can share some words of wisdom as to how you've 
> come to a working setup. I work for University of Michigan and we are 
> very interested in using Condor with MyProxy but I have not been able to 
> submit a "grid_type=gt2" type job which, according to the 6.7 manual is 
> type that supports MyProxy.
>
> I'm include local condor config file. If anybody has some suggestions 
> please let me know. Thanks.
>
> # /usr/local/condor/condor_config.local
> CONDOR_HOST = llnl1.citi.umich.edu
> RELEASE_DIR = /nfsv4/llnl1/condor
> LOCAL_DIR = /usr/local/condor
> CONDOR_ADMIN = aglo@xxxxxxxxxxxxxx
> MAIL = /bin/mail
> UID_DOMAIN = citi.umich.edu
> FILESYSTEM_DOMAIN = citi.umich.edu
> CONDOR_IDS = 200007.2
>  LOCK = /tmp/condor-lock.$(HOSTNAME)0.486184851340116
> DAEMON_LIST = COLLECTOR, CREDD, MASTER, NEGOTIATOR, SCHEDD, STARTD
> MYPROXY_GET_DELEGATION = /usr/local/globus-4.0.1/bin/myproxy-get-delegation
> CRED_STORE_DIR = $(LOCAL_DIR)/cred_dir
>
> ## GSI Security
> SEC_DEFAULT_AUTHENTICATION = REQUIRED
> SEC_DEFAULT_AUTHENTICATION_METHODS = GSI
> GSI_DAEMON_DIRECTORY = $(LOCAL_DIR)/security
> GSI_DAEMON_CERT           = $(GSI_DAEMON_DIRECTORY)/hostcert.pem
> GSI_DAEMON_KEY            = $(GSI_DAEMON_DIRECTORY)/hostkey.pem
> GSI_DAEMON_TRUSTED_CA_DIR = $(GSI_DAEMON_DIRECTORY)/certificates
> GSI_DAEMON_NAME = /C=US/ST=Michigan/L=Ann Arbor/O=University of 
> Michigan/OU=CITI Production 
> KCA/CN=condor/llnl1.citi.umich.edu@xxxxxxxxxxxxxx/emailAddress=aglo@xxxxxxxxxxxxxx,/C=US/ST=Michigan/L=Ann 
> Arbor/O=University of Michigan/OU=CITI Production 
> KCA/CN=condor/llnl2.citi.umich.edu@xxxxxxxxxxxxxx/emailAddress=aglo@xxxxxxxxxxxxxx
> GRIDMAP = $(GSI_DAEMON_DIRECTORY)/grid-mapfile
>
> ## Debug level
> ALL_DEBUG = D_SECURITY
> GRIDMANAGER_DEBUG = D_FULLDEBUG
> CONDOR_GAHP_DEBUG = D_FULLDEBUG
> GAHP_DEBUG = D_FULLDEBUG
> GT3_GAHP_DEBUG = D_FULLDEBUG
> GT4_GAHP_DEBUG = D_FULLDEBUG
>
> ## GRID
> GRID_MONITOR = $(SBIN)/grid_monitor.sh
> GRIDMANAGER = $(SBIN)/condor_gridmanager
> ENABLE_GRID_MONITOR = TRUE
> GRIDMANAGER_MAX_SUBMITTED_JOBS_PER_RESOURCE=5000
> GRIDMANAGER_MAX_PENDING_SUBMITS_PER_RESOURCE=5
> GRIDMANAGER_MAX_PENDING_REQUESTS=1000
> GRIDMANAGER_GAHP_CALL_TIMEOUT = 900
> GRIDMANAGER_GLOBUS_COMMIT_TIMEOUT=3600
>
> #GRIDMANAGER_CHECKPROXY_INTERVAL = 600
> GRIDMANAGER_CHECKPROXY_INTERVAL = 180
> GRIDMANAGER_MINIMUM_PROXY_TIME = 180
>
> GRID_MONITOR_HEARTBEAT_TIMEOUT = 300
> GRID_MONITOR_RETRY_DURATION = 31536000
> MAX_GRIDMANAGER_LOG     = 64000
>
> DEFAULT_CRED_EXPIRE_THRESHOLD = 60
>
> GRIDMANAGER_GAHPCLIENT_DEBUG = TRUE
> GRIDMANAGER_GAHPCLIENT_DEBUG_SIZE = 32000
>
> CONDOR_GAHP=$(SBIN)/condor_c-gahp
> CONDOR_GAHP_LOG=/tmp/CGAHPLog.$(USERNAME)
> CONDOR_GAHP_WORKER_THREAD_LOG=/tmp/CGAHPWorkerLog.$(USERNAME)
> GAHP = $(SBIN)/gahp_server
> GAHP_LOG = /tmp/GAHPLog.$(USERNAME)
> GT3_GAHP = $(SBIN)/g3_server
> GT3_GAHP_LOG = /tmp/GT3_GAHPLog.$(USERNAME)
> GT4_GAHP = $(SBIN)/gt4_gahp
> GT4_GAHP_LOG = /tmp/GT4_GAHPLog.$(USERNAME)
>
> _______________________________________________
> Condor-users mailing list
> Condor-users@xxxxxxxxxxx
> https://lists.cs.wisc.edu/mailman/listinfo/condor-users