Mailing List ArchivesAuthenticated access |
![[Computer Systems Lab]](http://www.cs.wisc.edu/pics/csl_logo.gif){kind=logo}
|
Mailing List ArchivesAuthenticated access |
|
|
Hi Greg,
Yes you can do this on the submit side if you don't control the execute side.
You can make a default by adding it to SUBMIT_ATTRS on the node where condor_submit is run.
Add this to the configuration there
EncryptExecuteDirectory = true
SUBMIT_ATTRS = $(SUBMIT_ATTRS) EncryptExecuteDirectory
This will default the value of the job attribute, but still allow the submit file to override it.
If you want to force encryption on the submit, then you would instead add that as a submit transform in the schedd.
Add something like this to the configuration of the schedd
JOB_TRANFORM_NAMES = $(JOB_TRANFORM_NAMES) Encrypt
JOB_TRANSFORM_Encrypt @=end
SET EncryptExecuteDirectory = true
# optionally also force match to nodes that can encrypt. (not all Linux nodes can encrypt)
SET Requirements = ( $(MY.Requirements) ) && TARGET.HasEncryptExecuteDirectory
@end
This will override the value of the Job's attribute at submit time. The addition of the requirements clause is not really necessary if all of your execute nodes are Windows, since Windows nodes all have that capability.
-tj
From: HTCondor-users <htcondor-users-bounces@xxxxxxxxxxx> on behalf of Hitchen, Greg (IM&T, Kensington WA) <Greg.Hitchen@xxxxxxxx>
Sent: Thursday, August 12, 2021 3:22 AM To: HTCondor-Users Mail List <htcondor-users@xxxxxxxxxxx> Subject: [HTCondor-users] Windows - Encrypt_Execute_Directory Hi All
Just wondering about the ways in which this can be done. Windows 10 HTCondor 8.8.12
Works with encrypt_execute_directory = True in the submit file on the submit node.
Works with ENCRYPT_EXECUTE_DIRECTORY = True in the condor_config file on the execute node.
Wondering if there is a way to enforce this via the submit node if you cannot access/modify all the execute node configs? i.e. is there some way (in the condor_config file) to make the submit node add it to the submit file by default, or maybe add it to the job attributes by default?
Thanks
Cheers
Greg |