Description of problem: The ALLOW_NEGOTIATOR* values on features need to be cleaned up. Need to remove mention of FLOCKING and add $(IP_ADDRESS). Possibly other changes needed. Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info:
Removed references to FLOCKING* from values on features with ALLOW_NEGOTIATOR*. Also added $(IP_ADDRESS). Fixed upstream on: BZ831725-cleanup-ALLOW_NEGOTIATOR
tested with: condor-wallaby-base-db-1.25-1 tested on: RHEL6 i386,x86_64 RHEL5 i386,x86_64 - !ruby/object:Mrg::Grid::SerializedConfigs::Feature annotation: A non-functional base for the scheduler. This needs further configuration and is not meant to be used by itself conflicts: [] depends: - Master - NodeAccess included: - BaseJobExecuter name: BaseScheduler params: ... ALLOW_NEGOTIATOR_SCHEDD: $(ALLOW_NEGOTIATOR_SCHEDD), $(CONDOR_HOST), $(IP_ADDRESS) - !ruby/object:Mrg::Grid::SerializedConfigs::Feature annotation: Enables running jobs conflicts: [] depends: - Master included: - BaseJobExecuter name: ExecuteNode params: ... ALLOW_NEGOTIATOR: $(ALLOW_NEGOTIATOR), $(CONDOR_HOST), $(IP_ADDRESS) - !ruby/object:Mrg::Grid::SerializedConfigs::Feature annotation: Enables high availability for the central manager conflicts: [] depends: [] included: - CentralManager name: HACentralManager params: ... ALLOW_NEGOTIATOR_SCHEDD: $(IP_ADDRESS), $(COLLECTOR_HOST) ALLOW_NEGOTIATOR: $(ALLOW_NEGOTIATOR), $(COLLECTOR_HOST), $(IP_ADDRESS) - !ruby/object:Mrg::Grid::SerializedConfigs::Feature annotation: Enables negotiator functionality conflicts: [] depends: - Master - NodeAccess included: [] name: Negotiator params: ... ALLOW_NEGOTIATOR: $(ALLOW_NEGOTIATOR), $(CONDOR_HOST), $(IP_ADDRESS) No FLOCKING* in base db, all ALLOW_NEGOTIATOR in all features has IP_ADDRESS. >>> verified
back to modified I noticed that in the Doc text, some issue is mentioned. I just checked that described changes are made in base db, but probably it should be better to check that the issue does not occur any more. Could you please provide more specific scenario for testing the issue? Some pool configuration which led to the issue in previous version.
Removal of FLOCKING mention was cosmetic. We don't support flocking so it shouldn't be mentioned in params. IP_ADDRESS issue was a change needed from upstream modifications. Should be verifiable by setting up a personal condor and running jobs.
(In reply to comment #6) > Removal of FLOCKING mention was cosmetic. We don't support flocking so it > shouldn't be mentioned in params. > Well then probably there should not be these in wallaby base db: - !ruby/object:Mrg::Grid::SerializedConfigs::Feature annotation: Enables collector functionality conflicts: [] depends: - Master - NodeAccess included: [] name: Collector params: ... FLOCK_COLLECTOR_HOSTS: $(FLOCK_TO) - !ruby/object:Mrg::Grid::SerializedConfigs::Feature annotation: Enables negotiator functionality conflicts: [] depends: - Master - NodeAccess included: [] name: Negotiator params: ... FLOCK_NEGOTIATOR_HOSTS: $(FLOCK_TO) - !ruby/object:Mrg::Grid::SerializedConfigs::Parameter annotation: "" conflicts: [] default_val: "" depends: [] description: A list of collectors for pools that the scheduler attempt to use to run jobs kind: String level: 0 must_change: true name: FLOCK_COLLECTOR_HOSTS needs_restart: false - !ruby/object:Mrg::Grid::SerializedConfigs::Parameter annotation: "" conflicts: [] default_val: "" depends: [] description: A list of negotiator for pools that the scheduler attempt to use to run jobs kind: String level: 0 must_change: true name: FLOCK_NEGOTIATOR_HOSTS needs_restart: false > IP_ADDRESS issue was a change needed from upstream modifications. Should be > verifiable by setting up a personal condor and running jobs. Successfully reproduced with version: condor-wallaby-base-db-1.23-1 $ cat SchedLog ... 12/19/12 07:09:26 (pid:18351) Adding to resolved authorization table: unauthenticated@unmapped/IP: DENY_NEGOTIATOR 12/19/12 07:09:26 (pid:18351) PERMISSION DENIED to unauthenticated@unmapped from host IP for command 416 (NEGOTIATE), access level NEGOTIATOR: reason: NEGOTIATOR authorization policy contains no matching ALLOW entry for this request; identifiers used for this host: IP,hostname ... Verified with version: condor-wallaby-base-db-1.25-1 tested on: RHEL6 i386,x86_64 RHEL5 i386,x86_64 no permission denied in SchedLog, jobs are running
Yes, but those weren't functionally impacting like the ALLOW_* params were. Should probably log a BZ to remove all such params.
tested with: condor-wallaby-base-db-1.25-1 tested on: RHEL6 i386,x86_64 RHEL5 i386,x86_64 All occurrences of ALLOW_NEGOTIATOR* don't have any FLOCK* parameter as value. For removing all other FLOCK* parameters a new Bug 888829 was created. >>> verified
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHSA-2013-0564.html