Mailing List ArchivesAuthenticated access |
![[Computer Systems Lab]](http://www.cs.wisc.edu/pics/csl_logo.gif){kind=logo}
|
Mailing List ArchivesAuthenticated access |
|
|
The condor_drain command requires authentication between the machine where you run the command and the machine that will drain. get_htcondor will not automatically set things up so that you can use IDTOKEN authentication for this.
It will not matter if the machine you are trying to drain has a token. In order to run the drain command you need a token on the machine running the command that was signed by the signing key that the machine you are trying to drain has
access to. get_htcondor will set things up so that you can use condor tools to send commands to the central manger, but not to other machines. If you want to use IDTOKEN auth to send drain commands from a central location to all of the machines on your pool, you will need to put a token signing key on each machine in the pool (the same key name and value) and create a token signed
by that key to use to run the drain command. -tj From: HTCondor-users <htcondor-users-bounces@xxxxxxxxxxx>
On Behalf Of Curtis Spencer via HTCondor-users I recently created an HTCondor pool using the setup instructions here: https://htcondor.readthedocs.io/en/latest/getting-htcondor/install-linux-as-root.html I am able to run `condor_submit` and run jobs in the cluster but when I run `condor_drain <example.domain>` I get the following error: ``` Attempt to send DRAIN_JOBS to startd <192.168.5.111:9618?addrs=192.168.5.111-9618&alias=blade11.ccb&noUDP&sock=startd_1258_763b>
failed ``` This happens regardless of which machine I try to drain. I am new to token authentication. I have read the documentation here: https://htcondor.readthedocs.io/en/latest/admin-manual/security.html#token-authentication
and verified that the machine I am trying to drain has a token (I'm assuming that was created automatically during the setup) and that the `tokens.d` directory has read/write only for the root user. It appears that the tokens of the master machine (which I am sending the command from) and to the machine I am trying to drain don't match (not sure if they should?): master ``` ~# ls -l /etc/condor/ ~# condor_token_list ``` drain ``` ~# ls -l /etc/condor/ ~# condor_token_list ``` I have tried requesting a new token from the machine I am trying to drain: ``` ~# condor_token_request ``` But when I tried to approve the request from the master machine I got this error: ``` ~# condor_token_request_approve -reqid 3059220 ``` I feel like something still isn't configured quite right and that the problem with `condor_drain` is a symptom of that, but I'm not sure what or how to fix it. Any help would be appreciated, thanks! |