This module creates a Toolkit runner that will install HTCondor on RedHat 7 or derivative operating systems such as the CentOS 7 release in the HPC VM Image. It should also function on RedHat or Rocky Linux releases 8 and 9, however it is not yet supported. Please report any issues on these platforms.
It also exports a list of Google Cloud APIs which must be enabled prior to provisioning an HTCondor Pool.
It is expected to be used with the htcondor-configure and htcondor-execute-point modules.
The following code snippet uses this module to create startup scripts that install the HTCondor software and adds custom configurations using htcondor-configure and htcondor-execute-point.
- id: htcondor_install
source: community/modules/scripts/htcondor-install
- id: htcondor_startup_central_manager
source: modules/scripts/startup-script
settings:
runners:
- $(htcondor_install.install_htcondor_runner)
- $(htcondor_configure.central_manager_runner)
- id: htcondor_startup_access_point
source: modules/scripts/startup-script
settings:
runners:
- $(htcondor_install.install_htcondor_runner)
- $(htcondor_install.install_autoscaler_deps_runner)
- $(htcondor_install.install_autoscaler_runner)
- $(htcondor_configure.access_point_runner)
- $(htcondor_execute_point.configure_autoscaler_runner)A full example can be found in the examples README.
All POSIX users and HTCondor jobs can act as the service account attached to
VMs within the pool. This enables the use of IAM restrictions via service
accounts but also allows users to access services to which system daemons need
access (e.g. to create Cloud Logging entries). If this is undesirable, one can
restrict access to the instance metadata server to the root and condor
users. This will allow system services to use the service account, but not
other POSIX users or HTCondor jobs. The firewall example below is appropriate
for CentOS 7.
firewall-cmd --direct --permanent --add-rule ipv4 filter OUTPUT_direct 1 \
-m owner --uid-owner root -p tcp -d metadata.google.internal --dport 80 -j ACCEPT
firewall-cmd --direct --permanent --add-rule ipv4 filter OUTPUT_direct 2 \
-m owner --uid-owner condor -p tcp -d metadata.google.internal --dport 80 -j ACCEPT
firewall-cmd --direct --permanent --add-rule ipv4 filter OUTPUT_direct 3 \
-p tcp -d metadata.google.internal --dport 80 -j DROP
firewall-cmd --direct --permanent --add-rule ipv4 filter OUTPUT_direct 4 \
-p tcp -d metadata.google.internal --dport 8080 -j DROP
firewall-cmd --permanent --zone=public --add-port=9618/tcp
firewall-cmd --reloadHTCondor is maintained by the Center for High Throughput Computing at the University of Wisconsin-Madison. Support for HTCondor is available via:
Copyright 2022 Google LLC
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
| Name | Version |
|---|---|
| terraform | >= 0.13.0 |
No providers.
No modules.
No resources.
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| enable_docker | Install and enable docker daemon alongside HTCondor | bool |
true |
no |
| Name | Description |
|---|---|
| gcp_service_list | Google Cloud APIs required by HTCondor |
| install_autoscaler_deps_runner | Toolkit Runner to install HTCondor autoscaler dependencies |
| install_autoscaler_runner | Toolkit Runner to install HTCondor autoscaler |
| install_htcondor_runner | Runner to install HTCondor using startup-scripts |