Re: [HTCondor-users] CM HA failover working only in one direction

[Thomas Hartmann <thomas.hartmann@xxxxxxx>]

it looks like I fixed it - seems to have been a clash between the 
idtokens on my preprod instance...

I had created tokens for the different roles in the cluster like [1], 
where central manager got created without -authz constraints - which I 
copied to both my CM instancess' token.d dirs.
Unfortunately, the tokens seem to get picked up by their alphanumerical 
order, so that token accesspoint-condorce-grid with capabilities like 
[2] came first - causing the Negotiator to fail with insufficient 
capabilities.
tbh I cannot replicate the behavior before fixing/meddling with the auth 
tokens, so that I have no idea how before at least one of the CMs could 
become cluster head...

The fail over is still a bit laggy/wobbly, but at least the authz issue 
seems to be fixed.

Cheers,
  Thomas


[1]
> /etc/condor/tokens.d/
accesspoint-condorce-grid  centralmanager-grid  executionpoint-grid

[2]
-authz ADVERTISE_SCHEDD -authz ADVERTISE_MASTER -authz READ -authz WRITE

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature