Versions Compared

Old Version 460

changes.mady.by.user K Scott Rowe

Saved on

compared with

New Version 461

changes.mady.by.user K Scott Rowe

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

testpost002 root >condor_ping -address "<146.88.10.46:9618>" -table -type collector all
Instruction Authentication Encryption Integrity Decision Identity
ALLOW IDTOKENS AES AES ALLOW condor@testpost-cm.aoc.nrao.edu
READ IDTOKENS AES AES ALLOW condor@testpost-cm.aoc.nrao.edu
WRITE IDTOKENS AES AES ALLOW condor@testpost-cm.aoc.nrao.edu
NEGOTIATOR IDTOKENS AES AES ALLOW condor@testpost-cm.aoc.nrao.edu
ADMINISTRATOR IDTOKENS AES AES ALLOW condor@testpost-cm.aoc.nrao.edu
OWNER FAIL FAIL FAIL FAIL FAIL (use -verbose for more info)
CONFIG FAIL FAIL FAIL FAIL FAIL (use -verbose for more info)
DAEMON IDTOKENS AES AES ALLOW condor@testpost-cm.aoc.nrao.edu
ADVERTISE_STARTD IDTOKENS AES AES ALLOW condor@testpost-cm.aoc.nrao.edu
ADVERTISE_SCHEDD IDTOKENS AES AES ALLOW condor@testpost-cm.aoc.nrao.edu
ADVERTISE_MASTER IDTOKENS AES AES ALLOW condor@testpost-cm.aoc.nrao.edu

idtokens with RPMs

...


condor

...

_

...

ANSWER: this can probably just be ignored.  Greg didn't think fresh installs actually created signing keys so this may be an error in documentation.

condor_off vs condor_drain

I would like to be able to issue a command to an execute host telling it to stop accepting new jobs and let the current jobs finish.  I would also like that host to stay in the condor_status output with a message indicating what I have done (i.e. draining, offline, etc)  I think I want something that does some of condor_off and some of condor_drain.  Is there such a beast?

...

I can't find the condor_gpu_discovery on my cluster (HTCondor-9.0.4) or CHTC (9.1.4) even on a GPU host.ANSWER: /usr/libexec/condor/condor_gpu_discovery(9.1.4) even on a GPU host.

ANSWER: /usr/libexec/condor/condor_gpu_discovery


idtokens with RPMs

It seems that installing HTCondor-9.0.4 via RPMs doesn't automatically create signing key in /etc/condor/passwords.d/POOL like the documentation reads https://htcondor.readthedocs.io/en/latest/admin-manual/security.html?highlight=idtokens#quick-configuration-of-security

Also with the RPM install, ALLOW_WRITE = * which seems insecure.  Does this even matter when use security:recommended_v9_0

ANSWER: this can probably just be ignored.  Greg didn't think fresh installs actually created signing keys so this may be an error in documentation.