Project

General

Profile

Support #2969

Nebraska would like to disable Match Auth

Added by Anthony Tiradani almost 8 years ago. Updated over 7 years ago.

Status:
Closed
Priority:
High
Assignee:
Parag Mhashilkar
Category:
-
Target version:
Start date:
09/19/2012
Due date:
% Done:

0%

Estimated time:
Stakeholders:
Duration:

Description

From Brian:

Hi,

Here's the setup:
- We are running a Condor 7.9.x schedd on t3.unl.edu
- We cannot use 7.8.x because of an issue with RequestedChroot between the T2 and T3 nodes. The schedd submits directly to the T2 and flocks to the glidein setup.
- We cannot use 7.6.x with match auth due to the stderr/out issues.

So, we'd like to add use normal auth for this particular schedd (for this schedd, all jobs are >48 hours, so we aren't worried about scalability). Basically, we need to do it immediately to allow LHE production to proceed.

Brian

History

#1 Updated by Parag Mhashilkar almost 8 years ago

  • Assignee set to Parag Mhashilkar
  • Target version set to v2_6_2

Been working with Derek offline. Here is what we did to get it working -

  • Set the attr USE_MATCH_AUTH to False * Hack/trick to get the schedd's dn into glidein's gridmapfile: Add a primary collector with same node as the other primary collector but with the dn on the schedd. For this to work, there needs to be a secondary collector defined. All the collector dns land up in the gridmapfile. When there is atleast one secondary collector, it will always be selected over any primary collector. Glidein uses this as collector_host and we don't run into risk of using the added collector node landing up in the condor_config of glidein * setup the GSI_DAEMON_NAME correctly to include the schedd's DN

#2 Updated by Derek Weitzel almost 8 years ago

Hi Parag,

I followed all of the changes up until the last point:

  • setup the GSI_DAEMON_NAME correctly to include the schedd's DN

I don't remember doing this. The error I was having ended up being that the DNS lookup of the certificate wasn't matching. Just had to turn that off on the schedd side.

#3 Updated by Parag Mhashilkar almost 8 years ago

Ah. I thought you had to do that. Thanks for the clarification.

#4 Updated by Derek Weitzel almost 8 years ago

Also, I want to clarify Brian's comment:

- We cannot use 7.8.x because of an issue with RequestedChroot between the T2 and T3 nodes.

The difference is that the 7.8.x glideins attempt to chroot to the RequestedChroot, which exists on the T2/T3 nodes, but not on the grid. The glideins obviously do not have the chroot, so the job fails, before starting.

#5 Updated by Parag Mhashilkar almost 8 years ago

  • Status changed from New to Resolved

Resolving the issue.

Hi Parag,

I do not believe this is a critical issue.  It is only a temporary fix for a bug.  We will find a long term solution on our own.

Thanks Parag.

-Derek

#6 Updated by Parag Mhashilkar over 7 years ago

  • Status changed from Resolved to Closed


Also available in: Atom PDF