Mailing List Archives

Authenticated access

 		[Computer Systems Lab]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [HTCondor-users] How to add new users

I realize there are always "many ways" to do things.

But when looking up documentation online on "add new users to HTCondor cluster" I get nothing helpful. While https://htcondor.readthedocs.io/en/latest/admin-manual/security.html is a wealth of technical detail on the sophisticated ways that HTCSS has built in security, there doesn't seem to be anything to help new SysAdmins get additional users onto a new cluster.

If it's as simple as "give person server access" then awesome! If it requires a whole host of steps, then a SOP would be greatly appreciated. And TBC, I am asking about a campus HTC cluster with only local users. No grid. No HPC backfill system.

Best regards,
Matthew West



On 09/12/2022 23:33, Steven C Timm wrote:
CAUTION: This email originated from outside of the organisation. Do not click links or open attachments unless you recognise the sender and know the content is safe.

There are various ways to do it.  At Fermilab we have at various times required an x.509 certificate to submit and then had a mapfile of which certificates were allowed to submit, or htcondor also has the capacity to call out to an external server.  We are shifting to requiring "scitoken" access and having a mapfile of which scitokens
are allowed to submit and to which unix user they will be mapped.  Both of those techniques are so-called
remote submit where the users do not actually log into the submit host or have a shell on it, the condor_submit tool just contacts the remote schedd (access point) on its port.

There are a number of ways to configure the way htcondor recognizes its own users..you can have users that correspond to the unix usernames on the system or you can artificially make identities up that have nothing to do with the unix user names on the system, or you can run them all as "nobody".

Steve

From: HTCondor-users <htcondor-users-bounces@xxxxxxxxxxx> on behalf of Matthew T West via HTCondor-users <htcondor-users@xxxxxxxxxxx>
Sent: Friday, December 9, 2022 5:21 PM
To: HTCondor-Users Mail List <htcondor-users@xxxxxxxxxxx>
Cc: Matthew T West <M.T.West@xxxxxxxxxxxx>
Subject: Re: [HTCondor-users] How to add new users
 
Hi Cole,

How then do users get permission to submit jobs into the queue? Is it, if you have permission to be on the access point, you can submit?

I don't have any strict needs and have no firm opinions on the matter.

Here in Exeter, we are investigating using using ColdFront for our access management and they have a Slurm plugin <https://github.com/ubccr/coldfront/tree/master/coldfront/plugins/slurm>. And because HTCondor has such a nice Python API, I was going to see if I might be able to cobble together an equivalent plugin for this ecosystem.

But I couldn't find equivalent functionality, hence the question.

Cheers,
Matt

On 09/12/2022 15:35, Cole Bollig wrote:
CAUTION: This email originated from outside of the organisation. Do not click links or open attachments unless you recognise the sender and know the content is safe.

Hi Matthew,

At the moment condor does not have any tool or way of doing this. One could try to do some clever stuff with security and configuration but that can be long ,difficult, and isn't the same as just being able to allow or deny a user access to condor on an access point. However, this has been a topic of discussion with a design proposal in the works. So, if you have any strict needs and/or requirements regarding this don't be afraid to bring those to light for us.

Cheers,
Cole Bollig
From: HTCondor-users <htcondor-users-bounces@xxxxxxxxxxx> on behalf of Matthew T West via HTCondor-users <htcondor-users@xxxxxxxxxxx>
Sent: Thursday, December 8, 2022 4:23 PM
To: HTCondor-Users Mail List <htcondor-users@xxxxxxxxxxx>
Cc: Matthew T West <M.T.West@xxxxxxxxxxxx>
Subject: [HTCondor-users] How to add new users
 
Hi All,

I spend a decent portion of my time these days managing Slurm accounts
with https://slurm.schedmd.com/sacctmgr.html, but realized today that I
can't think of the equivalent tool the HTCondor ecosystem.

How exactly do new users get permission to submit jobs to the queue,
beyond being allowed on an Access Point?

Cheers,
Matt

--
Matthew T. West
DevOps & HPC SysAdmin
University of Exeter, Research IT
www.exeter.ac.uk/research/researchcomputing/support/researchit
57 Laver Building, North Park Road, Exeter, EX4 4QE, United Kingdom

Please note, I may send emails out of 'normal' working hours, as this fits my own work-life balance. I do not expect a response outside of your own working hours.

_______________________________________________
HTCondor-users mailing list
To unsubscribe, send a message to htcondor-users-request@xxxxxxxxxxx with a
subject: Unsubscribe
You can also unsubscribe by visiting
https://lists.cs.wisc.edu/mailman/listinfo/htcondor-users

The archives can be found at:
https://lists.cs.wisc.edu/archive/htcondor-users/

-- 
Matthew T. West
DevOps & HPC SysAdmin
University of Exeter, Research IT
www.exeter.ac.uk/research/researchcomputing/support/researchit
57 Laver Building, North Park Road, Exeter, EX4 4QE, United Kingdom

Please note, I may send emails out of 'normal' working hours, as this fits my own work-life balance. I do not expect a response outside of your own working hours.

-- 
Matthew T. West
DevOps & HPC SysAdmin
University of Exeter, Research IT
www.exeter.ac.uk/research/researchcomputing/support/researchit
57 Laver Building, North Park Road, Exeter, EX4 4QE, United Kingdom

Please note, I may send emails out of 'normal' working hours, as this fits my own work-life balance. I do not expect a response outside of your own working hours.