Nebraska would like to disable Match Auth
Here's the setup:
- We are running a Condor 7.9.x schedd on t3.unl.edu
- We cannot use 7.8.x because of an issue with RequestedChroot between the T2 and T3 nodes. The schedd submits directly to the T2 and flocks to the glidein setup.
- We cannot use 7.6.x with match auth due to the stderr/out issues.
So, we'd like to add use normal auth for this particular schedd (for this schedd, all jobs are >48 hours, so we aren't worried about scalability). Basically, we need to do it immediately to allow LHE production to proceed.
#1 Updated by Parag Mhashilkar over 7 years ago
- Assignee set to Parag Mhashilkar
- Target version set to v2_6_2
Been working with Derek offline. Here is what we did to get it working -
- Set the attr USE_MATCH_AUTH to False
* Hack/trick to get the schedd's dn into glidein's gridmapfile: Add a primary collector with same node as the other primary collector but with the dn on the schedd. For this to work, there needs to be a secondary collector defined. All the collector dns land up in the gridmapfile. When there is atleast one secondary collector, it will always be selected over any primary collector. Glidein uses this as collector_host and we don't run into risk of using the added collector node landing up in the condor_config of glidein
setup the GSI_DAEMON_NAME correctly to include the schedd's DN
#2 Updated by Derek Weitzel over 7 years ago
I followed all of the changes up until the last point:
- setup the GSI_DAEMON_NAME correctly to include the schedd's DN
I don't remember doing this. The error I was having ended up being that the DNS lookup of the certificate wasn't matching. Just had to turn that off on the schedd side.
#4 Updated by Derek Weitzel over 7 years ago
Also, I want to clarify Brian's comment:
- We cannot use 7.8.x because of an issue with RequestedChroot between the T2 and T3 nodes.
The difference is that the 7.8.x glideins attempt to chroot to the RequestedChroot, which exists on the T2/T3 nodes, but not on the grid. The glideins obviously do not have the chroot, so the job fails, before starting.