Using Condor Annex On Chtc

Not logged in

• Browse
• Help
• Home
• Login
• Reports
• Search
• Timeline
• Wiki

• Contents
• Text

The condor_annex tool rents computational resources from Amazon's cloud service and joins them to an HTCondor pool for your jobs to use. These instructions document how to use condor_annex for CHTC jobs. Some restrictions apply:

• At the moment, you can only use condor_annex for jobs on submit-4.chtc.wisc.edu.
• Your jobs must have MayUseAWS set in their ads.
• Your jobs must have WantFlocking set in their ads.
• Your jobs' requirements must, of course, allow them to run on Amazon's cloud.

These restrictions will be covered in the following instructions.

Overview

1. Prepare your AWS account
   1. Obtaining an Access Key
   2. Running the Set-Up Command
   3. Checking the Set-Up
2. Submit a Test Job
3. Run condor_annex
4. Running Jobs at Amazon
5. Cleaning Up (optional)

These instructions assume this is the first time you're using condor_annex on CHTC.

1 Prepare your AWS account

The condor_annex tool includes a -setup command which will prepare your AWS account. If you're not sure if you've done the set-up before, it won't hurt to repeat it, but you may save some time if you follow section 1.3 ("Checking the Set-Up") first. If the set-up checks out OK, great; if not, return here and start at section 1.1 ("Obtaining an Access Key").

1.1 Obtaining an Access Key

In order to use AWS, condor_annex needs a pair of security tokens (like a user name and password). Like a user name, the "access key" is (more or less) public information; the corresponding "secret key" is like a password and must be kept a secret. To help keep both halves secret, condor_annex (and HTCondor) are never told these keys directly; instead, you tell HTCondor which file to look in to find each one.

Log into submit-4.chtc.wisc.edu and create those two files now; we'll tell you how to fill them in shortly. By convention, these files exist in your ~/.condor directory, which is where condor_annex -setup will store the rest of the data it needs.

$ mkdir ~/.condor
$ cd ~/.condor
$ touch publicKeyFile privateKeyFile
$ chmod 600 publicKeyFile privateKeyFile

The last command ensures that only you can read or write to those files.

To donwload a new pair of security tokens for condor_annex to use, go to the IAM console; log in if you need to. The following instructions assume you are logged in as a user with the privilege to create new users. (The 'root' user for any account has this privilege; other accounts may as well.)

1. Click the "Add User" button.
2. Enter name in the User name box; "annex-user" is a fine choice.
3. Click the check box labelled "Programmatic access".
4. Click the button labelled "Next: Permissions".
5. Select "Attach existing policies directly".
6. Type "AdministratorAccess" in the box labelled "Filter".
7. Click the check box on the single line that will appear below (labelled "AdministratorAccess").
8. Click the "Next: review" button (you may need to scroll down).
9. Click the "Create user" button.
10. From the line labelled "annex-user", copy the value in the column labelled "Access key ID" to publicKeyFile.
11. On the line labelled "annex-user", click the "Show" link in the column labelled "Secret access key"; copy the revealed value to privateKeyFile.
12. Hit the "Close" button.

The 'annex-user' now has full privileges to your account. We're working on creating a CloudFormation template that will create a user with only the privileges condor_annex actually needs.

1.2 Running the Set-Up Command

The following command will set-up your AWS account. It will create a number of persistent components, none of which will cost you anything to keep around. These components can take quite some time to create; condor_annex checks each for completion every ten seconds and prints an additional dot (past the first three) when it does so, to let you know that everything's still working.

$ condor_annex -setup
Creating configuration bucket (this takes less than a minute)....... complete.
Creating Lambda functions (this takes about a minute)........ complete.
Creating instance profile (this takes about two minutes)................... complete.
Creating security group (this takes less than a minute)..... complete.
Setup successful.

1.3 Checking the Setup

You can verify at this point (or any later time) that the set-up procedure completed successfully by running the following command.

$ condor_annex -check-setup
Checking for configuration bucket... OK.
Checking for Lambda functions... OK.
Checking for instance profile... OK.
Checking for security group... OK.

2 Submit a Test Job

5 Cleaning Up (Optional)

The resources condor_annex rents for you from Amazon will, as we mentioned before, shut themselves down after the duration, or if they're idle for longer than the time-out. At that point, no more charges will accrue -- it costs you nothing to leave your account set-up to use condor_annex.

If, however, you want to be tidy, you may delete the components setup created by going to the CloudFormation console and deleting the entries whose names begin with 'HTCondorAnnex-'. The setup procedure also creates an SSH key pair which may be useful for debugging; the private key was stored in ~/.condor/HTCondorAnnex-KeyPair.pem. To remove the corresponding public key from your AWS account, go to the key pair console and delete the 'HTCondorAnnex-KeyPair' key.

This work is supported by NSF under Cooperative Agreement OAC-2030508 as part of the PATh Project. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the NSF. Site built using CVSTrac.