Mailing List Archives
Authenticated access
|
|
![[Computer Systems Lab]](http://www.cs.wisc.edu/pics/csl_logo.gif)
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [HTCondor-users] Problems with condor_ssh_to_job
- Date: Fri, 20 Oct 2017 16:37:51 -0500
- From: Tim Theisen <tim@xxxxxxxxxxx>
- Subject: Re: [HTCondor-users] Problems with condor_ssh_to_job
Hi Oliver,
I have fixed up the problem with condor_ssh_to_job and SELinux. It will
be in the upcoming 8.6.7 release.
https://htcondor-wiki.cs.wisc.edu/index.cgi/tktview?tn=6362
...Tim
On 08/03/2017 12:24 PM, Oliver Freyermuth wrote:
> Hi Todd,
>
> Am 03.08.2017 um 19:02 schrieb Todd Tannenbaum:
>> Yes, you can use shared_port on your submit (schedd) machine, setup your firewall to only allow port 9618, and still have condor_ssh_to_job work with CCB. To make it all work together this way requires that you change the permissions on the directory used by shared_port like so:
>>
>> chmod 1777 /var/lock/condor/daemon_sock
>>
>> (/var/lock/condor is the default, you may need to do "condor_config_val LOCK" to get the actual path HTCondor lock directory).
>>
>> To understand why this is needed and why it works, read the wisdom for knob DAEMON_SOCKET_DIR in the HTCondor Manual, available at URL http://bit.ly/2u4Jt1F
> Wow - thanks for that link, and also for the quick reply!
> I totally missed that in the documentation, I was looking around in the more general parts (CCB and network configuration, and condor_ssh_to_job options and manpage),
> but never checked there. Really good news we can keep the firewall up with just this (known and needed) hole for usage by HTCondor.
>
>>> 2) SELinux policies prevent running ssh-keygen on the startd machine. SELinux denies permission to write the generated keys to /pool/condor/dir_<PID>/.condor_ssh_to_job_1/ .
>>> Is this already fixed in a new version of HTCondor?
>>> This breaks on CentOS 7 out of the box.
>>>
>> Ugh. Thank you for investigating and reporting this. We will make a ticket on the wiki.htcondor.org to address this for the next release, and include a work-around in the ticket until the new version is released. Tim T will post the ticket URL here shortly.
> Thanks for taking care of that!
>
> Best regards,
> Oliver
>
>
--
Tim Theisen
Release Manager
HTCondor & Open Science Grid
Center for High Throughput Computing
Department of Computer Sciences
University of Wisconsin - Madison
4261 Computer Sciences and Statistics
1210 W Dayton St
Madison, WI 53706-1685
+1 608 265 5736