Re: [HTCondor-users] Trying to set up High-Availability Cluster

Re: [HTCondor-users] Trying to set up High-Availability Cluster - Issues with IDTOKENS

Mailing List Archives Authenticated access	UW Madison Computer Sciences Department Computer Systems Lab

Date: Mon, 12 Aug 2024 15:08:56 +0200

From: Daniel BrÃckner <daniel.brueckner@xxxxxxxxxxxxxxxxxx>

Subject: Re: [HTCondor-users] Trying to set up High-Availability Cluster - Issues with IDTOKENS

I got the hint to set the macro "TRUST_DOMAIN" manually, since it's default is TRUST_DOMAIN = $(CONDOR_HOST). But unfortunately I'm not able to change this macro. After restarting the service it shows the default value, again.

####

condor_config_val TRUST_DOMAIN
cm1.test.de, cm2.test.de

####

condor_config_val -dump TRUST
# Configuration from machine: cm1.domain.name

# Parameters with names that match TRUST:
BOOTSTRAP_SSL_SERVER_TRUST = false
BOOTSTRAP_SSL_SERVER_TRUST_PROMPT_USER = true
QUEUE_ALL_USERS_TRUSTED = false
TRUST_DOMAIN = $(CONDOR_HOST)
TRUST_DOMAIN_CAFILE = /etc/condor/trust_domain_ca.pem
TRUST_DOMAIN_CAKEY = /etc/condor/trust_domain_ca_privkey.pem
TRUST_LOCAL_UID_DOMAIN = true
TRUST_UID_DOMAIN =
# Contributing configuration file(s):
#       /etc/condor/condor_config
#       /etc/condor/config.d/00-htcondor-9.0.config
#       /etc/condor/config.d/01-central-manager.config
#       /etc/condor/config.d/02-submiter-host.config
#       /etc/condor/config.d/10-stash-plugin.conf
#       /etc/condor/condor_config.local

####

grep -rnwi /etc/condor/ -e "TRUST_DOMAIN"
/etc/condor/config.d/01-central-manager.config:2:TRUST_DOMAIN = "domain.name"

####

Any ideas?

Best regards,

Daniel

On 12.08.2024 11:59, Daniel BrÃckner wrote:

Hello,

I'm trying to set up a high availability central manager pool following this steps described here:

https://htcondor.readthedocs.io/en/lts/admin-manual/high-availability.html

I installed two identical nodes, but they are not able to communicate.

######

08/12/24 11:41:56 DC_AUTHENTICATE: required authentication of x.x.x.3 failed: AUTHENTICATE:1003:Failed to authenticate with any method|AUTHENTICATE:1004:Failed to authenticate using FS|FS:1004:Unable to lstat(/tmp/FS_XXXwWFJF8)|AUTHENTICATE:1004:Failed to authenticate using IDTOKENS

######

Even my computing nodes are not able to connect to any of the CMs using this configuration:

######
08/12/24 11:45:04 DC_AUTHENTICATE: required authentication of x.x.x.70 failed: AUTHENTICATE:1003:Failed to authenticate with any method|AUTHENTICATE:1004:Failed to authenticate using FS|FS:1004:Unable to lstat(/tmp/FS_XXXHdRQPA)|AUTHENTICATE:1004:Failed to authenticate using IDTOKENS
08/12/24 11:45:04 DC_AUTHENTICATE: required authentication of x.x.x.70 failed: AUTHENTICATE:1003:Failed to authenticate with any method|AUTHENTICATE:1004:Failed to authenticate using FS|FS:1004:Unable to lstat(/tmp/FS_XXXNHZucb)|AUTHENTICATE:1004:Failed to authenticate using IDTOKENS
08/12/24 11:45:13 DC_AUTHENTICATE: required authentication of x.x.x.66 failed: AUTHENTICATE:1003:Failed to authenticate with any method|AUTHENTICATE:1004:Failed to authenticate using FS|FS:1004:Unable to lstat(/tmp/FS_XXXzHgGgP)|AUTHENTICATE:1004:Failed to authenticate using IDTOKENS
08/12/24 11:45:13 DC_AUTHENTICATE: required authentication of x.x.x.66 failed: AUTHENTICATE:1003:Failed to authenticate with any method|AUTHENTICATE:1004:Failed to authenticate using FS|FS:1004:Unable to lstat(/tmp/FS_XXXmqwPKw)|AUTHENTICATE:1004:Failed to authenticate using IDTOKENS
08/12/24 11:45:18 DC_AUTHENTICATE: required authentication of x.x.x.66 failed: AUTHENTICATE:1003:Failed to authenticate with any method|AUTHENTICATE:1004:Failed to authenticate using FS|FS:1004:Unable to lstat(/tmp/FS_XXXG0Kexg)|AUTHENTICATE:1004:Failed to authenticate using IDTOKENS
08/12/24 11:45:18 DC_AUTHENTICATE: required authentication of x.x.x.66 failed: AUTHENTICATE:1003:Failed to authenticate with any method|AUTHENTICATE:1004:Failed to authenticate using FS|FS:1004:Unable to lstat(/tmp/FS_XXXh1xYgK)|AUTHENTICATE:1004:Failed to authenticate using IDTOKENS
######

I'm using this configuration macro:

CENTRAL_MANAGER1 = cm1.domain.name
CENTRAL_MANAGER2 = cm2.domain.name
CONDOR_HOST = $(CENTRAL_MANAGER1),$(CENTRAL_MANAGER2)


When I changed CONDOR_HOST to a single host entry, everything works fine:

"CONDOR_HOST = $(CENTRAL_MANAGER1)" or "CONDOR_HOST = $(CENTRAL_MANAGER2)"

While setting up a token for my 2nd CM, I got this error:

#####
condor_token_create -identity condor@xxxxxxxxxxxxxxx
Failed to generate a token.
PASSWD:1:Issuer namespace may not contain spaces or commas
#####

After changing to "CONDOR_HOST = $(CENTRAL_MANAGER2)" I was able to create this token.

I guess there's an issue using the macro "CONDOR_HOST" with two or more hosts when using Tokens. Can anybody confirm this? How can I change my configuration to get things working?

Thanks for your help,

Daniel

_______________________________________________
HTCondor-users mailing list
To unsubscribe, send a message to htcondor-users-request@xxxxxxxxxxx with a
subject: Unsubscribe
You can also unsubscribe by visiting
https://lists.cs.wisc.edu/mailman/listinfo/htcondor-users

The archives can be found at:
https://lists.cs.wisc.edu/archive/htcondor-users/

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Mailing List Archives

Authenticated access

Re: [HTCondor-users] Trying to set up High-Availability Cluster - Issues with IDTOKENS