HTCondor-CE 4 Documentation
This documentation is for HTCondor-CE 4. If you need documentation for HTCondor-CE 3, please consult https://htcondor-ce.readthedocs.io/en/stable/
Troubleshooting Remote HTCondor-CEs¶
Since HTCondor-CE is built on top of HTCondor, it's possible to perform quite a bit of troubleshooting from a remote
client with access to the HTCondor command-line tools.
For testing end-to-end resource request submission or remote interactive-like access, a grid operator will need access
to a host with the htcondor-ce-client installed.
This document outlines the steps that a grid operator can perform in order to troubleshoot a remote HTCondor-CE.
Verifying Network Connectivity¶
Before performing any troubleshooting of the remote HTCondor-CE service, it's important to verify that the HTCondor-CE
can be contacted on its HTCondor-CE port (default: 9619) at the specified fully qualified domain name (FQDN).
Verifying DNS¶
Reverse DNS and GSI authentication
GSI authentication requires that the HTCondor-CE host has a reverse DNS record but that record is not required to
match the forward DNS record! For example, if you have an A record htcondor-ce.chtc.wisc.edu -> 123.4.5.678, a
PTR of 123.4.5.678 -> chtc.wisc.edu would satisfy the GSI authentication requirement.
As noted in the HTCondor-CE installation document, an HTCondor-CE must have forward
and reverse DNS records.
To verify DNS, use a tool like nslookup:
$ nslookup htcondor-ce.chtc.wisc.edu Server: 144.92.254.254 Address: 144.92.254.254#53 Non-authoritative answer: Name: htcondor-ce.chtc.wisc.edu Address: 128.104.100.65 Name: htcondor-ce.chtc.wisc.edu Address: 2607:f388:107c:501:216:3eff:fe89:aa3 $ nslookup 128.104.100.65 65.100.104.128.in-addr.arpa name = htcondor-ce.chtc.wisc.edu. Authoritative answers can be found from: 104.128.in-addr.arpa nameserver = dns2.itd.umich.edu. 104.128.in-addr.arpa nameserver = adns1.doit.wisc.edu. 104.128.in-addr.arpa nameserver = adns3.doit.wisc.edu. 104.128.in-addr.arpa nameserver = adns2.doit.wisc.edu. adns2.doit.wisc.edu internet address = 144.92.20.99 dns2.itd.umich.edu internet address = 192.12.80.222 adns3.doit.wisc.edu internet address = 144.92.104.21 adns1.doit.wisc.edu internet address = 144.92.9.21 adns2.doit.wisc.edu has AAAA address 2607:f388:d:2::1006 adns2.doit.wisc.edu has AAAA address 2607:f388::a53:2 adns3.doit.wisc.edu has AAAA address 2607:f388:2:2001::100b adns3.doit.wisc.edu has AAAA address 2607:f388::a53:3 adns1.doit.wisc.edu has AAAA address 2607:f388:2:2001::100a adns1.doit.wisc.edu has AAAA address 2607:f388::a53:1
If not, the HTCondor-CE administrator will have to register the appropriate DNS records.
Verifying service connectivity¶
After verifying DNS, check to see if the remote HTCondor-CE is listening on the appropriate port:
$ telnet htcondor-ce.chtc.wisc.edu 9619 Trying 128.104.100.65... Connected to htcondor-ce.chtc.wisc.edu. Escape character is '^]'.
If not, the HTCondor-CE administrator will have to ensure that the service is running and/or open up their firewall.
Verifying Configuration¶
Once you've verified network connectivity, you can start verifying the HTCondor-CE daemons.
Inspecting daemons¶
To inspect the running daemons of a remote HTCondor-CE, use condor_status:
$ condor_status -any -pool htcondor-ce.chtc.wisc.edu:9619 MyType TargetType Name Collector None My Pool - htcondor-ce.chtc.wisc.edu@htcondor-ce.c Job_Router None htcondor-ce@htcondor-ce.chtc.wisc.edu Scheduler None htcondor-ce.chtc.wisc.edu DaemonMaster None htcondor-ce.chtc.wisc.edu Submitter None nu_lhcb@users.htcondor.org
If you don't see the appropriate daemons, ask the administrator to following these troubleshooting steps.
Submitter ad
When querying daemons for an HTCondor-CE, you may see Submitter ads for each user with jobs in the queue.
These ads are used to collect per-user stats that are available to the HTCondor-CE administrator.
You can inspect the details of a specific daemon with per-daemon and -long options:
$ condor_status -pool htcondor-ce.chtc.wisc.edu:9619 -collector -long ActiveQueryWorkers = 0 ActiveQueryWorkersPeak = 1 AddressV1 = "{[ p=\"primary\"; a=\"128.104.100.65\"; port=9619; n=\"Internet\"; alias=\"htcondor-ce.chtc.wisc.edu\"; spid=\"collector\"; noUDP=true; ], [ p=\"IPv4\"; a=\"128.104.100.65\"; port=9619; n=\"Internet\"; alias=\"htcondor-ce.chtc.wisc.edu\"; spid=\"collector\"; noUDP=true; ], [ p=\"IPv6\"; a=\"2607:f388:107c:501:216:3eff:fe89:aa3\"; port=9619; n=\"Internet\"; alias=\"htcondor-ce.chtc.wisc.edu\"; spid=\"collector\"; noUDP=true; ]}" CollectorIpAddr = "<128.104.100.65:9619?addrs=128.104.100.65-9619+[2607-f388-107c-501-216-3eff-fe89-aa3]-9619&alias=htcondor-ce.chtc.wisc.edu&noUDP&sock=collector>" CondorAdmin = "root@htcondor-ce.chtc.wisc.edu" CondorPlatform = "$CondorPlatform: x86_64_CentOS7 $" CondorVersion = "$CondorVersion: 8.9.8 Jun 29 2020 BuildID: 508520 PackageID: 8.9.8-0.508520 $" CurrentJobsRunningAll = 0 CurrentJobsRunningGrid = 0 CurrentJobsRunningJava = 0
Inspecting resource requests¶
To inspect resource requests submitted to a remote HTCondor-CE, use condor_q:
$ condor_q -all -name htcondor-ce.chtc.wisc.edu -pool htcondor-ce.chtc.wisc.edu:9619 -- Schedd: htcondor-ce.chtc.wisc.edu : <128.104.100.65:9619?... @ 10/29/20 15:31:45 OWNER BATCH_NAME SUBMITTED DONE RUN IDLE HOLD TOTAL JOB_IDS nu_lhcb ID: 24631 10/18 12:06 33 _ _ _ 35 24631.5-15 nu_lhcb ID: 24632 10/18 12:23 7 _ _ _ 9 24632.2-4 nu_lhcb ID: 24635 10/18 14:23 3 _ _ _ 5 24635.0-1 nu_lhcb ID: 24636 10/18 14:40 5 _ _ _ 9 24636.0-6 nu_lhcb ID: 24637 10/18 14:58 7 _ _ _ 8 24637.2 nu_lhcb ID: 24638 10/18 15:15 7 _ _ _ 8 24638.1
You can inspect the details of a specific resource request with the -long option:
$ condor_q -all -name htcondor-ce.chtc.wisc.edu -pool htcondor-ce.chtc.wisc.edu:9619 -long 24631.5 Arguments = "" BufferBlockSize = 32768 BufferSize = 524288 BytesRecvd = 58669.0 BytesSent = 184201.0 ClusterId = 24631 Cmd = "DIRAC_Ullq7V_pilotwrapper.py" CommittedSlotTime = 0 CommittedSuspensionTime = 0 CommittedTime = 0
Retrieving HTCondor-CE configuration¶
To verify a remote HTCondor-CE configuration, use condor_config_val:
$ condor_config_val -name htcondor-ce.chtc.wisc.edu -pool htcondor-ce.chtc.wisc.edu:9619 -dump # Configuration from master on htcondor-ce.chtc.wisc.edu <128.104.100.65:9619?addrs=128.104.100.65-9619+[2607-f388-107c-501-216-3eff-fe89-aa3]-9619&alias=htcondor-ce.chtc.wisc.edu&noUDP&sock=master_1744571_b0a0> ABORT_ON_EXCEPTION = false ACCOUNTANT_HOST = ACCOUNTANT_LOCAL_DOMAIN = ActivationTimer = ifThenElse(JobStart =!= UNDEFINED, (time() - JobStart), 0) ActivityTimer = (time() - EnteredCurrentActivity) ADD_WINDOWS_FIREWALL_EXCEPTION = $(CondorIsAdmin) ADVERTISE_IPV4_FIRST = $(PREFER_IPV4) ALL_DEBUG = D:CAT D_ALWAYS:2 ALLOW_ADMIN_COMMANDS = true
If you know the name of the configuration variable, you can query for it directly:
$ condor_config_val -name htcondor-ce.chtc.wisc.edu -pool htcondor-ce.chtc.wisc.edu:9619 -verbose JOB_ROUTER_SCHEDD2_NAME JOB_ROUTER_SCHEDD2_NAME = htcondor-ce.chtc.wisc.edu # at: /etc/condor-ce/config.d/02-ce-condor.conf, line 20 # raw: JOB_ROUTER_SCHEDD2_NAME = $(FULL_HOSTNAME)
Verifying Resource Request Submission¶
After verifying that all the remote HTCondor-CE daemons are up, you can start submitting resource requests!
Verifying authentication¶
Before submitting a successful resource request, you will want to verify that you have submit privileges. For this, you will need a credential such as a grid proxy:
$ voms-proxy-info subject : /DC=org/DC=cilogon/C=US/O=University of Wisconsin-Madison/CN=Brian Lin A2266246/CN=41319870 issuer : /DC=org/DC=cilogon/C=US/O=University of Wisconsin-Madison/CN=Brian Lin A2266246 identity : /DC=org/DC=cilogon/C=US/O=University of Wisconsin-Madison/CN=Brian Lin A2266246 type : RFC compliant proxy strength : 1024 bits path : /tmp/x509up_u1000 timeleft : 3:55:22
After you have retrieved your credential, verify that you have the ability to submit requests to the remote HTCondor-CE
(i.e., WRITE access) with condor_ping:
$ export _condor_SEC_CLIENT_AUTHENTICATION_METHODS=SCITOKENS,GSI $ export _condor_SEC_TOOL_DEBUG=D_SECURITY:2 # Extremely verbose debugging for troubleshooting authentication issues $ condor_ping -name htcondor-ce.chtc.wisc.edu \ -pool htcondor-ce.chtc.wisc.edu:9619 \ -verbose \ -debug \ WRITE [...] Remote Version: $CondorVersion: 8.9.8 Jun 29 2020 BuildID: 508520 PackageID: 8.9.8-0.508520 $ Local Version: $CondorVersion: 8.9.9 Aug 26 2020 BuildID: 515894 PackageID: 8.9.9-0.515894 PRE-RELEASE-UWCS $ Session ID: htcondor-ce:2980451:1604006441:0 Instruction: WRITE Command: 60021 Encryption: none Integrity: MD5 Authenticated using: GSI All authentication methods: FS,GSI Remote Mapping: blin@users.htcondor.org Authorized: TRUE
If condor_ping fails,
ask the administrator to follow this troubleshooting section,
set SCHEDD_DEBUG = $(SCHEDD_DEBUG) D_SECURITY:2,
and cross-check the HTCondor-CE SchedLog for authentication issues.
Submitting a trace request¶
HTCondor-CE client
This section requires an installation of the htcondor-ce-client.
The easiest way to troubleshoot end-to-end resource request submission is condor_ce_trace,
available in the htcondor-ce-client.
Follow this documentation for detailed instructions for
installing and using condor_ce_trace.
Advanced Troubleshooting¶
HTCondor-CE client
This section requires an installation of the htcondor-ce-client.
If the issue at hand is complicated or the communication turnaround time with the administrator is too long, it is often more expedient to grant the operator direct access to the HTCondor-CE host. Instead of direct login access, HTCondor-CE has the ability to allow a remote operator to run commands on the host as an unprivileged user. This requires permission to submit resource requests as well as an HTCondor-CE that is configured to run local universe jobs:
$ condor_config_val -name htcondor-ce.chtc.wisc.edu -pool htcondor-ce.chtc.wisc.edu:9619 -verbose START_LOCAL_UNIVERSE START_LOCAL_UNIVERSE = TotalLocalJobsRunning + TotalSchedulerJobsRunning < 20 # at: /etc/condor-ce/config.d/03-managed-fork.conf, line 11 # raw: START_LOCAL_UNIVERSE = TotalLocalJobsRunning + TotalSchedulerJobsRunning < 20 # default: TotalLocalJobsRunning < 200
After verifying that you can submit resource requests and that the HTCondor-CE supports local universe, use condor_ce_run to run commands on the remote HTCondor-CE host:
$ condor_ce_run -lr htcondor-ce.chtc.wisc.edu /bin/sh -c 'condor_q -all' -- Schedd: htcondor-ce.chtc.wisc.edu : <128.104.100.65:9618?... @ 10/29/20 17:42:27 OWNER BATCH_NAME SUBMITTED DONE RUN IDLE HOLD TOTAL JOB_IDS nu_lhcb ID: 530251 7/13 22:20 _ _ _ _ 1 530251.0 nu_lhcb ID: 586158 10/28 05:15 _ _ _ 1 1 586158.0 nu_lhcb ID: 586213 10/28 06:23 _ 1 _ _ 1 586213.0 nu_lhcb ID: 586228 10/28 06:23 _ 1 _ _ 1 586228.0 nu_lhcb ID: 586254 10/28 06:23 _ 1 _ _ 1 586254.0 nu_lhcb ID: 586289 10/28 07:58 _ _ _ 1 1 586289.0
Getting Help¶
If you have any questions or issues about troubleshooting remote HTCondor-CEs, please contact us for assistance.