Re: [HTCondor-users] Condor 23.10.1 compatibility problem with Conda

[Jaime Frey <jfrey@xxxxxxxxxxx>]

âuse security:recommendedâ is a new meta-knob introduced in 23.10.0. It replaces the previous meta-knob âuse security:recommended_v9_0â. If youâre not running any daemons using these configuration files, then the only impact is that your python bindings and command-line tools will not insist on any authentication, encryption, or integrity when communicating with daemons. Any reasonably-configured daemons will insist on using some of these, which will still work.

If you are running daemons using these configuration files, then you will not get any default authorization rules. If youâre not setting the ALLOW_XXXX config parameters yourself, then the daemons wonât accept any connections.

The issue not compatibility with Conda python bindings, but compatibility with bindings using HTCondor versions older than 23.10.0. We had not sufficiently considered the case of a new HTCondor OS package and old user-installed bindings when adding the new meta-knob to the default configuration files. We are looking at changing the default configuration to avoid this problem for the 24.0 release.

 - Jaime

> On Oct 23, 2024, at 6:42âPM, Anderson, Stuart B. <sba@xxxxxxxxxxx> wrote:
> 
> What are the security implications (if any) and functional changes (if any) from deleting /etc/condor/config.d/00-security installed by condor-23.10.1-1.el8.x86_64?
> 
> That configuration file appears to be the only one installed by the RPM and contains the single un-commented line, "use security:recommended" that causes the following compatibility problem with Conda python bindings:
> 
> #
> # What is the system installed version of Condor?
> #
> (igwn) [stuart.anderson@ldas-osg ~]$ which condor_version
> /usr/bin/condor_version
> 
> (igwn) [stuart.anderson@ldas-osg ~]$ condor_version
> $CondorVersion: 23.10.1 2024-10-03 BuildID: 759508 PackageID: 23.10.1-1 GitSHA: acedc362 $
> $CondorPlatform: x86_64_AlmaLinux8 $
> 
> 
> #
> # What Conda environment and conda-forge versions
> #
> (igwn) [stuart.anderson@ldas-osg ~]$ echo $CONDA_PREFIX
> /cvmfs/software.igwn.org/conda/envs/igwn <https://urldefense.com/v3/__http://software.igwn.org/conda/envs/igwn__;!!Mak6IKo!N8B8BAeq5CdmBJLvHv1QJxhdvw1hipCDf40cshXGIckMKXBc5mnEDA7du0GA_PystjusBVrAE1LeXy4$ >
> 
> (igwn) [stuart.anderson@ldas-osg ~]$ conda list | grep -i condor
> htcondor-classads         23.9.6               heed6a68_2    conda-forge
> libcondor_utils           23.9.6               h2e7aa3c_2    conda-forge
> pycondor                  0.6.0              pyhd8ed1ab_0    conda-forge
> python-htcondor           23.9.6          py310h89a073e_2    conda-forge
> 
> (igwn) [stuart.anderson@ldas-osg ~]$ which python
> /cvmfs/software.igwn.org/conda/envs/igwn/bin/python <https://urldefense.com/v3/__http://software.igwn.org/conda/envs/igwn/bin/python__;!!Mak6IKo!N8B8BAeq5CdmBJLvHv1QJxhdvw1hipCDf40cshXGIckMKXBc5mnEDA7du0GA_PystjusBVrAVs_SE78$ >
> 
> 
> #
> # Compatbility problem for both the python package htcondor and htcondor2
> #
> (igwn) [stuart.anderson@ldas-osg ~]$ python -c "import htcondor"
> Error: use security:recommended: does not recognise recommended
> Config source Error "/etc/condor/config.d/00-security", Line 28: at use security:recommended:recommended
> Configuration Error Line 28 while reading config source /etc/condor/config.d/00-security
> 
> (igwn) [stuart.anderson@ldas-osg ~]$ python -c "import htcondor2"
> Error: use security:recommended: does not recognise recommended
> Config source Error "/etc/condor/config.d/00-security", Line 28: at use security:recommended:recommended
> Configuration Error Line 28 while reading config source /etc/condor/config.d/00-security
> 
> 
> Thanks.
> 
> 
> â
> Stuart Anderson
> sba@xxxxxxxxxxx