Mailing List Archives

Authenticated access

 		[Computer Systems Lab]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [HTCondor-users] Trouble trying to make HTCondor work in a Docker container

AddingÂUPDATE_COLLECTOR_WITH_TCP=TRUE gets the workers to show up in the pool and allowing everything for hosts in the private IP space lets jobs run. I'll have a blog post within a few days to show this running in Google Compute Engine. Â

Jim

On Sun, Nov 9, 2014 at 2:14 AM, Jim White <jimwhite@xxxxxx> wrote:
Well, I've gotten past that issue by enabling DNS and (after dealing with Docker not permitting limit change operations) I can almost see daylight. Submit/execute on the central manager host works, and the workers can see the queue on the central manager but they never join the pool, neither to jobs submitted at a worker ever get matched. The logs on the central manager never show any connections or requests from the worker's IP address (although there must be some since reads for condor_q and condor_status work). So I figure this must be some ordinary Condor config mistake on my part or a complication due to the IP address mapping between containers and hosts but I'm surprised I can't find any error messages anywhere in the logs on either side.

My current condor_config.local looks something like this (CONDOR_HOST and DAEMON_LIST are set by calling condor_configure when the container runs):

## Inside Docker we don't want to rely on DNS for user authentication.

TRUST_UID_DOMAIN = TRUE
UID_DOMAIN = my-condor-pool

## Use CCB so we don't need to deal with multiple ephemeral ports
## which are not yet supported by Docker.

USE_SHARED_PORT = True
SHARED_PORT_ARGS = -p 9886

SEC_DEFAULT_NEGOTIATION = NEVER
SEC_DEFAULT_AUTHENTICATION = NEVER

## We're not gonna try and reconfigure for each host involved.
## Just rely on our private network.
ALLOW_READ Â Â Â Â Â Â= *,*@*
ALLOW_WRITE Â Â Â Â Â = *,*@*
ALLOW_ADMINISTRATOR Â = *,*@*
ALLOW_CONFIG Â Â Â Â Â= *,*@*
ALLOW_NEGOTIATOR Â Â Â= *,*@*
ALLOW_DAEMON Â Â Â Â Â= *,*@*

# This didn't seem to change the setting for the collector:
# MAX_FILE_DESCRIPTORS=1024
# Maybe DEFAULT_MAX_FILE_DESCRIPTORS?
# The collector wants to allow at least 10240 open descriptors,Â
# but Docker doesn't permit changing limits.
COLLECTOR_MAX_FILE_DESCRIPTORS=1024

# Fiddling with these have had no effect so far...
FLOCK_FROM=10.*
FLOCK_TO=$(COLLECTOR_HOST)
HOSTALLOW_READ=10.*
HOSTALLOW_WRITE=10.*

Jim