Mailing List ArchivesAuthenticated access |
![[Computer Systems Lab]](http://www.cs.wisc.edu/pics/csl_logo.gif){kind=logo}
|
Mailing List ArchivesAuthenticated access |
|
For example if I have several condors running different authentication configurations what would be the easiest way to add a remote "queue super user" that would be able to hold jobs. Essentially I need to allow one user/host to run commands that require queue_super_user on a set of condor hosts.
I've tried a lot of different test configurations (some where permissions were wide open for testing: HOSTALLOW_ADMINISTRATOR = *, HOSTALLOW_READ = *, HOSTALLOW_WRITE = *,QUEUE_SUPER_USERS = *) but they all had problems because to hold a job it needs to map your request to a user before if it checks if that user is a queue super user.
I was thinking I could leverage the Unified Map File in some way for my special user, or set up a ssh user and just run the command locally, but I'd rather not do the latter and keep my logic confined to configuration + python bindings.
To give a little more context the project I'm working on provisions cloud resources based on jobs from a condor queue. By inspecting the job queue appropriate virtual machines are booted and registered to condor to complete the jobs. However, this system allows the users to register one or more condor hosts and provisions resources separately for each one. I want my process to be able to issue a condor hold to all of these registered condor hosts which may have differing configuration(ie GSI vs default configuration).
Thanks in advance for any ideas, -Colson On 04/05/2019 12:03 PM, Colson Driemel wrote:
Turns out this is exactly what I was looking for, I had tried it before but i think my grid mapfile must have been set up wrong, thanks!-Colson On 04/05/2019 10:55 AM, Zach Miller wrote:Hello,I think what you want is to check out "QUEUE_SUPER_USERS" unless I'm missing something about your setup:http://research.cs.wisc.edu/htcondor/manual/v8.9/ConfigurationMacros.html#dx33-196135QUEUE_SUPER_USERS can manipulate any job in the queue. By default "condor" is already a queue super user so if you use the map file to map a specific GSI cert DN to "condor" that should do what you want.Or, if you want to map your GSI cert to some other specific unix user (e.g. "colsuper") and add that specific user to the QUEUE_SUPER_USERS and I think you'll be all set:QUEUE_SUPER_USERS = root, condor, colsuper Cheers, -zachïOn 4/5/19, 11:18 AM, "HTCondor-users on behalf of Colson Driemel" <htcondor-users-bounces@xxxxxxxxxxx on behalf of colsond@xxxxxxx> wrote:Hi all,I'm trying to set up a super user of sorts that will be able to remotelyperform actions like holding or editing the classad of jobs.I've been sifting through the condor configuration options listed in thesecurity section (https://research.cs.wisc.edu/htcondor/manual/v8.4/3_6Security.html) but nothing I've tried seems to get the results I'm after.Is anyone familiar with a configuration that would work for this use case? As another note I'm using GSI authentication via certificate proxies.-Colson _______________________________________________ HTCondor-users mailing listTo unsubscribe, send a message to htcondor-users-request@xxxxxxxxxxx with asubject: Unsubscribe You can also unsubscribe by visiting https://lists.cs.wisc.edu/mailman/listinfo/htcondor-users The archives can be found at: https://lists.cs.wisc.edu/archive/htcondor-users/ _______________________________________________ HTCondor-users mailing listTo unsubscribe, send a message to htcondor-users-request@xxxxxxxxxxx with asubject: Unsubscribe You can also unsubscribe by visiting https://lists.cs.wisc.edu/mailman/listinfo/htcondor-users The archives can be found at: https://lists.cs.wisc.edu/archive/htcondor-users/_______________________________________________ HTCondor-users mailing listTo unsubscribe, send a message to htcondor-users-request@xxxxxxxxxxx with asubject: Unsubscribe You can also unsubscribe by visiting https://lists.cs.wisc.edu/mailman/listinfo/htcondor-users The archives can be found at: https://lists.cs.wisc.edu/archive/htcondor-users/