Re: [Condor-users] Restrict pool to a single submit machine

["Kewley, J \(John\)" <j.kewley@xxxxxxxx>]

You would also need to restrict other machines adding themselves to the pool otherwise

they could simply add themselves as another submit node.

 

Take a look at the HOSTALLOW expressions for this (too early in morning for me

to rememebr exactly what - sorry)

 

JK

-----Original Message-----
From: condor-users-bounces@xxxxxxxxxxx [mailto:condor-users-bounces@xxxxxxxxxxx]On Behalf Of uni-ulm.m.roehm@xxxxxxxxxxxxxxxxxxx
Sent: Tuesday, August 22, 2006 8:23 AM
To: condor-users@xxxxxxxxxxx
Subject: Re: [Condor-users] Restrict pool to a single submit machine

Hi Pascal,

as far as I know this shouldn't be a problem. You could set up one machine as a "Submit node", one as a "Central Manager node" and all the others to be "Execute nodes" (http://www.cs.wisc.edu/condor/manual/v6.8/3_1Introduction.html#SECTION00411000000000000000). In the config file you can do this as follows:

Central Manager Node:        DAEMON_LIST   = MASTER, COLLECTOR, NEGOTIATOR, STARTD
Submit Node:                DAEMON_LIST  = MASTER, SCHEDD
Execute Node:                DAEMON_LIST   = MASTER, STARTD

See the Condor Admininstrator manual for more information.

Cheers, Matthias

Matthias Röhm, University Ulm,
DaimlerChrysler AG, Research Center Ulm,
Department for Inline Inspection and
Data Mining Solutions, RMI/DM
P.O. Box 23 60, 89013 Ulm, Germany

Phone:  +49 (0)731 505 4864
Fax:      +49 (0)711 3052183085
Email:   mailto:Uni-Ulm.M.Roehm@xxxxxxxxxxxxxxxxxxx


> Hello all,
>
> I would like to know if it is possible to have only one submit machine per
> Condor pool. In other words, what we want to do is to avoid having rogue
> submit machines in our pool, since we would like to have all our users to log
> into our single submit machine for accounting purpose.
>
> Six months ago someone suggested
> (https://lists.cs.wisc.edu/archive/condor-users/2006-February/msg00270.shtml)
> to put a restriction in the START expressions, in order to restrict the
> execution of jobs coming from a known schedd (by the way, I guess that with
> the new support of regexps it becomes trivial to perform the proposed
> check...).
> We are not sure if this method is reliable enough to avoid rogue submit
> machines, as the job classad can easily be altered in order to make it likes
> the job comes from a legitimate submit host...
>
> any thoughts/advice on this?
>
> thanks in advance,
>
> Pascal
> _______________________________________________
> Condor-users mailing list
> To unsubscribe, send a message to condor-users-request@xxxxxxxxxxx with a
> subject: Unsubscribe
> You can also unsubscribe by visiting
> https://lists.cs.wisc.edu/mailman/listinfo/condor-users
>
> The archives can be found at either
> https://lists.cs.wisc.edu/archive/condor-users/
> http://www.opencondor.org/spaces/viewmailarchive.action?key=CONDOR