[HTCondor-users] [RE] Trying to set up High-Availability Cluster -Issues with IDTOKENS

[Geonmo Ryu <geonmo@xxxxxxxxxxx>]

Hello, Daniel.

I faced exactly same problem.

You need to configure TRUST_DOMAIN.

Default TRUST_DOMAIN is CONDOR_HOST. 

But, trust_domain did not allow "<host>,<host2>" 

So, you should set TRUST_DOMAIN to like "domain.name"

----- Original Message -----
From : Daniel BrÃckner <daniel.brueckner@xxxxxxxxxxxxxxxxxx>
To : "HTCondor-Users Mail List" <htcondor-users@xxxxxxxxxxx>
Sent : 2024-08-12 19:04:28
Subject : [HTCondor-users] Trying to set up High-Availability Cluster -Issues with IDTOKENS

Hello,

I'm trying to set up a high availability central manager pool following this steps described here:

https://htcondor.readthedocs.io/en/lts/admin-manual/high-availability.html

I installed two identical nodes, but they are not able to communicate.

######

08/12/24 11:41:56 DC_AUTHENTICATE: required authentication of x.x.x.3 failed: AUTHENTICATE:1003:Failed to authenticate with any method|AUTHENTICATE:1004:Failed to authenticate using FS|FS:1004:Unable to lstat(/tmp/FS_XXXwWFJF8)|AUTHENTICATE:1004:Failed to authenticate using IDTOKENS

######

Even my computing nodes are not able to connect to any of the CMs using this configuration:

######
08/12/24 11:45:04 DC_AUTHENTICATE: required authentication of x.x.x.70 failed: AUTHENTICATE:1003:Failed to authenticate with any method|AUTHENTICATE:1004:Failed to authenticate using FS|FS:1004:Unable to lstat(/tmp/FS_XXXHdRQPA)|AUTHENTICATE:1004:Failed to authenticate using IDTOKENS
08/12/24 11:45:04 DC_AUTHENTICATE: required authentication of x.x.x.70 failed: AUTHENTICATE:1003:Failed to authenticate with any method|AUTHENTICATE:1004:Failed to authenticate using FS|FS:1004:Unable to lstat(/tmp/FS_XXXNHZucb)|AUTHENTICATE:1004:Failed to authenticate using IDTOKENS
08/12/24 11:45:13 DC_AUTHENTICATE: required authentication of x.x.x.66 failed: AUTHENTICATE:1003:Failed to authenticate with any method|AUTHENTICATE:1004:Failed to authenticate using FS|FS:1004:Unable to lstat(/tmp/FS_XXXzHgGgP)|AUTHENTICATE:1004:Failed to authenticate using IDTOKENS
08/12/24 11:45:13 DC_AUTHENTICATE: required authentication of x.x.x.66 failed: AUTHENTICATE:1003:Failed to authenticate with any method|AUTHENTICATE:1004:Failed to authenticate using FS|FS:1004:Unable to lstat(/tmp/FS_XXXmqwPKw)|AUTHENTICATE:1004:Failed to authenticate using IDTOKENS
08/12/24 11:45:18 DC_AUTHENTICATE: required authentication of x.x.x.66 failed: AUTHENTICATE:1003:Failed to authenticate with any method|AUTHENTICATE:1004:Failed to authenticate using FS|FS:1004:Unable to lstat(/tmp/FS_XXXG0Kexg)|AUTHENTICATE:1004:Failed to authenticate using IDTOKENS
08/12/24 11:45:18 DC_AUTHENTICATE: required authentication of x.x.x.66 failed: AUTHENTICATE:1003:Failed to authenticate with any method|AUTHENTICATE:1004:Failed to authenticate using FS|FS:1004:Unable to lstat(/tmp/FS_XXXh1xYgK)|AUTHENTICATE:1004:Failed to authenticate using IDTOKENS
######

I'm using this configuration macro:

CENTRAL_MANAGER1 = cm1.domain.name
CENTRAL_MANAGER2 = cm2.domain.name
CONDOR_HOST = $(CENTRAL_MANAGER1),$(CENTRAL_MANAGER2)


When I changed CONDOR_HOST to a single host entry, everything works fine:

"CONDOR_HOST = $(CENTRAL_MANAGER1)" or "CONDOR_HOST = $(CENTRAL_MANAGER2)"

While setting up a token for my 2nd CM, I got this error:

#####
condor_token_create -identity condor@xxxxxxxxxxxxxxx
Failed to generate a token.
PASSWD:1:Issuer namespace may not contain spaces or commas
#####

After changing to "CONDOR_HOST = $(CENTRAL_MANAGER2)" I was able to create this token.

I guess there's an issue using the macro "CONDOR_HOST" with two or more hosts when using Tokens. Can anybody confirm this? How can I change my configuration to get things working?

Thanks for your help,

Daniel