----
+(Instructions assume root.)
+
*: Start the standard RHEL7.6 image.
*: Install wget. {term}yum install wget{endterm}
*: Follow the instructions {link: http://research.cs.wisc.edu/htcondor/instructions/el/7/development/ here}.
@@ -52,7 +54,8 @@
ALLOW_NEGOTIATOR = $(ALLOW_NEGOTIATOR) $(TCP_FORWARDING_HOST)
{endfile}
*: Fix the condor-annex-ec2 service file by copying the =After=...= line from the =[Unit]= section of =/usr/lib/systemd/system/condor.service= to =[Unit]= section of =/usr/lib/systemd/system/condor-annex-ec2.service=.
+*: Enable the condor-annex-ec2 service. (For systemd: {term}systemctl enable condor-annex-ec2{endterm}.)
*: {term}rm /etc/condor/50ec2.config{endterm}
*: Edit =/usr/libexec/condor/condor-annex-ec2= so that it _only_ sets =EC2PublicIP= and =EC2InstanceID=: remove from after the "Annex-specific code begins here" comment (line 103) all the way down to =echo "done." (line 252); leave that line but remove next line and change the return to return 0.
-*: Run {term}condor_store_cred -c add -f `condor_config_val SEC_PASSWORD_FILE`{endterm} as root to create the pool password file.
-*: Then copy the pool password file to =~ec2-user/.condor= and chown it to that user; then edit =~ec2-user/.user_config= to point to it; this allows =condor_annex= to copy the pool password file to the new instances.
+*: Run {term}condor_store_cred -c add -f `condor_config_val SEC_PASSWORD_FILE`{endterm} as root to create the pool password file. Make sure the password file is owned by root and has 600 permissions afterwards.
+*: Then copy the pool password file to =~ec2-user/.condor= and chown it to that user; then edit =~ec2-user/.condor/user_config= to point to it; this allows =condor_annex= to copy the pool password file to the new instances.
