Mailing List Archives Authenticated access	UW Madison Computer Sciences Department Computer Systems Lab

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[HTCondor-users] Communication error when trying to add second machine

Date: Thu, 04 Aug 2016 22:32:36 +0000
From: "Hughes, Zachary" <zdhughes@xxxxxxxxx>
Subject: [HTCondor-users] Communication error when trying to add second machine

Hi all,




So I'm working on two Centos 7 machines and used yum to install condor follow the steps on https://research.cs.wisc.edu/htcondor/yum/  . The first machine ( the central manager) seems to be working just fine, condor_status . I used the configuration file located at /etc/condor/condor_config on machine 0 to set it up.

For the second machine the configuration file is nearly identical ( /etc/condor/condor_config on machine 1), but when I start the service :

[root@herc1 ~]# systemctl start condor.service 

I get SELinux Alerts:

###########################################################################
SELinux is preventing /usr/bin/bash from write access on the file ip_local_port_range.

*****  Plugin catchall (100. confidence) suggests   **************************

If you believe that bash should be allowed write access on the ip_local_port_range file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep linux_kernel_tu /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp

Additional Information:
Source Context                system_u:system_r:condor_master_t:s0
Target Context                system_u:object_r:sysctl_net_t:s0
Target Objects                ip_local_port_range [ file ]
Source                        linux_kernel_tu
Source Path                   /usr/bin/bash
Port                          <Unknown>
Host                          herc1.lexas
Source RPM Packages           bash-4.2.46-19.el7.x86_64
Target RPM Packages           
Policy RPM                    selinux-policy-3.13.1-60.el7.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Permissive
Host Name                     herc1.lexas
Platform                      Linux herc1.lexas 3.10.0-327.el7.x86_64 #1 SMP Thu
                              Nov 19 22:10:57 UTC 2015 x86_64 x86_64
Alert Count                   5
First Seen                    2016-08-04 16:22:05 CDT
Last Seen                     2016-08-04 17:04:50 CDT
Local ID                      a0bb55c9-60a0-442b-8f3a-0ce083c46d22

Raw Audit Messages
type=AVC msg=audit(1470348290.276:490): avc:  denied  { write } for  pid=5436 comm="linux_kernel_tu" name="ip_local_port_range" dev="proc" ino=19975 scontext=system_u:system_r:condor_master_t:s0 tcontext=system_u:object_r:sysctl_net_t:s0 tclass=file


type=SYSCALL msg=audit(1470348290.276:490): arch=x86_64 syscall=open success=yes exit=ESRCH a0=2542a80 a1=241 a2=1b6 a3=fffffff0 items=0 ppid=5433 pid=5436 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=linux_kernel_tu exe=/usr/bin/bash subj=system_u:system_r:condor_master_t:s0 key=(null)

Hash: linux_kernel_tu,condor_master_t,sysctl_net_t,file,write
###########################################################################

and condor_status gives:

Error: communication error
CEDAR:6001:Failed to connect to <10.0.7.10:9618>

I've set the SELinux policy to permissive (and disabled) but nothing has changed. Here is my configuration file, 


RELEASE_DIR = /usr
LOCAL_DIR = /var
LOCAL_CONFIG_FILE = /etc/condor/condor_config.local
REQUIRE_LOCAL_CONFIG_FILE = false
LOCAL_CONFIG_DIR = /etc/condor/config.d
use SECURITY : HOST_BASED

RUN     = $(LOCAL_DIR)/run/condor
LOG     = $(LOCAL_DIR)/log/condor
LOCK    = $(LOCAL_DIR)/lock/condor
SPOOL   = $(LOCAL_DIR)/lib/condor/spool
EXECUTE = $(LOCAL_DIR)/lib/condor/execute
BIN     = $(RELEASE_DIR)/bin
LIB = $(RELEASE_DIR)/lib64/condor
INCLUDE = $(RELEASE_DIR)/include/condor
SBIN    = $(RELEASE_DIR)/sbin
LIBEXEC = $(RELEASE_DIR)/libexec/condor
SHARE   = $(RELEASE_DIR)/share/condor

PROCD_ADDRESS = $(RUN)/procd_pipe
JAVA_CLASSPATH_DEFAULT = $(SHARE) $(SHARE)/scimark2lib.jar .
CONDOR_HOST = herc0.lexas
DAEMON_LIST = MASTER, SCHEDD, STARTD (+ NEGOTIATOR and COLLECTOR on machine 0)
UID_DOMAIN		= lexas
FILESYSTEM_DOMAIN	= lexas
COLLECTOR_NAME 		= HERC Condor Pool
CONDOR_IDS=987.982
ALLOW_READ = herc*.lexas, 10.0.7.*, *.cs.wisc.edu
ALLOW_WRITE = herc*.lexas, 10.0.7.*
USE_NFS		= True NEGOTIATOR
USE_AFS		= False
LOCK		= $(LOG)
TRUST_UID_DOMAIN = True

Does anyone have any ideas?

Follow-Ups:
- Re: [HTCondor-users] Communication error when trying to add second machine
  - From: Michael V Pelletier
- Re: [HTCondor-users] Communication error when trying to add second machine
  - From: Todd L Miller
- Re: [HTCondor-users] Communication error when trying to add second machine
  - From: Brian Bockelman

Prev by Date: Re: [HTCondor-users] equivalent job array option for condor_submit
Next by Date: Re: [HTCondor-users] Communication error when trying to add second machine
Previous by thread: Re: [HTCondor-users] equivalent job array option for condor_submit
Next by thread: Re: [HTCondor-users] Communication error when trying to add second machine
Index(es):
- Date
- Thread

Mailing List Archives

Authenticated access

[HTCondor-users] Communication error when trying to add second machine