Mailing List Archives Authenticated access	UW Madison Computer Sciences Department Computer Systems Lab

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [HTCondor-users] How to disable security ?

Date: Mon, 27 Mar 2023 13:26:17 -0500
From: Todd Tannenbaum <tannenba@xxxxxxxxxxx>
Subject: Re: [HTCondor-users] How to disable security ?

On 3/27/2023 6:53 AM, Gaetan Geffroy wrote:

I just want to create a pool with 4 Docker containers (CM, Submit, 2 workers), created by and for a python test and deleted after the test ran.

That pool will exist for literally 2 minutes before being deleted. I donât care for security. I donât care who accesses which daemon and who does what.

How can I achieve that ?

The only way I found to have my python program to successfully start and send commands to the collector and the negotiator is to start it with the root user, but then it cannot submit jobs.

Hi Gaetan,

If you start the daemons as root, then you should submit your jobs as non-root, since HTCondor really goes out of its way to not launch (or accept) jobs as root.

Perhaps the below step-by-step guide to setup three docker contains (CM, Submit, Worker) and runs jobs will help out. While it is written from the perspective of someone doing this live on the terminal, it should be straightforward to create Dockerfiles(s) from the below.

Hope this helps,
Todd

On a machine with Docker installed, open up three terminal windows. We will create a virtual network, and then three containers attached to that network.

In window #1 enter, create the virtual network, setup a blank new machine and install your central manager:

$ docker network create gaetan-testing
$ docker run -it --rm --network gaetan-testing --hostname cm.gaetan.org centos:7
# curl -fsSL https://get.htcondor.org | GET_HTCONDOR_PASSWORD="some_secret_password" /bin/bash -s -- --no-dry-run --central-manager cm.gaetan.org

In window #2, setup a blank new machine and install the execution point (execute node):

$ docker run -it --rm --network gaetan-testing --hostname ep.gaetan.org centos:7
# curl -fsSL https://get.htcondor.org | GET_HTCONDOR_PASSWORD="some_secret_password" /bin/bash -s -- --no-dry-run --execute cm.gaetan.org

In window #3, setup a blank new machine and install the access point (submit host) where users can submit jobs. Then you can create a regular (non-root) user to try some commands and submit some jobs.

$ docker run -it --rm --network gaetan-testing --hostname ap.gaetan.org centos:7
# curl -fsSL https://get.htcondor.org | GET_HTCONDOR_PASSWORD="some_secret_password" /bin/bash -s -- --no-dry-run --submit cm.gaetan.org
# useradd gaetan
# su - gaetan
$ condor_q
$ condor_status
$ condor_submit executable="/bin/echo" arguments="Hello, world!" log=hello.log output=hello.out -queue 1
$ condor_wait hello.log
$ more hello.out
$ more hello.log

References:
- [HTCondor-users] How to disable security ?
  - From: Gaetan Geffroy

Prev by Date: Re: [HTCondor-users] No other user than root can locate the Collector or the Negotiator through the Python bindings
Next by Date: [HTCondor-users] token jobs not being routed by HTCondor-CE
Previous by thread: Re: [HTCondor-users] How to disable security ?
Next by thread: [HTCondor-users] token jobs not being routed by HTCondor-CE
Index(es):
- Date
- Thread

Mailing List Archives

Authenticated access

Re: [HTCondor-users] How to disable security ?