[torquedev] 2.5 Release on Cygwin

David Beer dbeer at adaptivecomputing.com
Thu Jul 15 09:48:50 MDT 2010


Looks like Garrick beat me to it. Thanks for your work on this Igor.

David

----- Original Message -----
> Committed. Thank you.
> 
> On Thu, Jul 15, 2010 at 04:11:25PM +0300, Igor Ilyenko alleged:
> > David,
> >
> > I send a significant Cygwin patch against the current trunk.
> >
> >
> > It is necessary for 2.5 Release.
> >
> > It should be committed.
> >
> >
> > --
> >
> > Igor Ilyenko
> >
> > Software Architect
> >
> > United Institute of Information Problems NAS of Belarus
> > http://uiip.bas-net.by
> >
> 
> > diff -Naur ./trunk-3839/contrib/AddPrivileges
> > ./new/contrib/AddPrivileges
> > --- ./trunk-3839/contrib/AddPrivileges 2010-06-07 21:57:04.000000000
> > +0300
> > +++ ./new/contrib/AddPrivileges 2010-07-15 15:44:00.504158303 +0300
> > @@ -1,6 +1,6 @@
> >  #! /bin/sh
> >
> > -### AddPrivileges ver 1.2 17 Mar 2010 ###
> > +### AddPrivileges ver 1.4 12 Jul 2010 ###
> >  ### ------------------------------------------------------ ###
> >  ### This script creates Passwd&Group files and sets ###
> >  ### additional privileges only for Windows users ###
> > @@ -37,7 +37,7 @@
> >
> >     --add add privileges
> >
> > - mom for Torque pbs_mom
> > + mom for Torque pbs_mom (set the SeCreateTokenPrivilege)
> >                 SYSTEM for native Windows user
> >
> >  EOF
> > @@ -46,7 +46,7 @@
> >
> >    -v | --v*)
> >      echo
> > - echo " AddPrivileges ver 1.2 17 Mar 2010"
> > + echo " AddPrivileges ver 1.4 12 Jul 2010"
> >      exit $?
> >      ;;
> >
> > @@ -99,12 +99,13 @@
> >
> >      editrights -a SeCreateTokenPrivilege -u "$CURRENTU"
> >
> > - echo " Set mom's privileges"
> > + echo " Reboot your computer that the SeCreateTokenPrivilege has
> > taken effect"
> >
> >  fi
> >
> >
> >  editrights -a SeServiceLogonRight -u "$CURRENTU"
> > +editrights -a SeAssignPrimaryTokenPrivilege -u "$CURRENTU"
> >
> >
> >  if [[ $? -eq $SUCCESS ]]; then
> > diff -Naur ./trunk-3839/README.cygwin ./new/README.cygwin
> > --- ./trunk-3839/README.cygwin 2010-07-09 20:40:07.000000000 +0300
> > +++ ./new/README.cygwin 2010-07-14 16:52:04.000000000 +0300
> > @@ -1,7 +1,7 @@
> >
> >
> >  Tested with the stable release Cygwin 1.5.25 on
> > -Windows XP Pro and on Windows Server 2003 SE (both 32-bit).
> > +Windows XP Pro (32/64-bit) and on Windows Server 2003 SE (32-bit).
> >  Tested with the stable release Cygwin 1.7.5 on 64-bit Windows 7
> >  Ultimate.
> >  Can be used on heterogeneous Torque clusters.
> >
> > @@ -11,7 +11,7 @@
> >  Mail and drmaa are untested.
> >  In mom quota and setrlimit are not supported because Cygwin doesn't
> >  support ones.
> >
> > -Torque needs two Windows users (local or domain) on each host:
> > +Torque needs at least two Windows users (local or domain) on each
> > host:
> >  <UserAdmin> with Computer administrator privileges and
> >  <SimpleUser> with Limited account.
> >  Both users must be password protected.
> > @@ -24,6 +24,10 @@
> >  ### Install Cygwin ###
> >  ###########################
> >
> > +Following variants are recommended:
> > + Cygwin 1.5.25 on Windows XP/Server 2003;
> > + Cygwin 1.7.5 (or later) on Windows 7/Server 2008.
> > +
> >  Enter into Windows as user <UserAdmin>.
> >  To install Cygwin 1.5.25 browse to http://cygwin.com/win-9x.html
> >  and click the "setup-legacy.exe" link.
> >  Download and run setup-legacy.exe.
> > @@ -45,10 +49,15 @@
> >
> >  Download and install the default's and selected Cygwin packages.
> >
> > +Start a work on Cygwin with the following commands:
> > +
> > + #mkpasswd.exe -l -d > /etc/passwd
> > + #mkgroup.exe -l -d > /etc/group
> > +
> >
> >
> >  Setup openssh for <UserAdmin> and <SimpleUser> using the
> > -ssh-host-config and ssh-user-config comands.
> > +ssh-host-config and ssh-user-config commands
> >
> >  Adjust an access without password prompting on each host.
> >
> > @@ -76,53 +85,64 @@
> >  necessary for normal work Torque components.
> >  As a rule pbs_mom is demanded more privileges than pbs_server.
> >
> > -You may need to assign the user account of <UserAdmin> as well as
> > <SimpleUser> to the correct
> > -groups by hand (by default they are often assigned to "none" as
> > primary group which causes a failure of
> > -the admin check the Torque daemons perform at startup). The
> > /etc/passwd should look similar to
> > -the following:
> > -
> > -SYSTEM:*:18:544:,S-1-5-18::
> > -LocalService:*:19:544:U-NT AUTHORITY\LocalService,S-1-5-19::
> > -NetworkService:*:20:544:U-NT AUTHORITY\NetworkService,S-1-5-20::
> > -Administrators:*:544:544:,S-1-5-32-544::
> > -<UserAdmin>:unused:500:544:<UserAdmin_FullName>,<some_id>:/home/<UserAdmin>:/bin/bash
> > -<SimpleUser>:unused:17690:545:<SimpleUser>,<SimpleUser_FullName>,<some_id>:/home/<SimpleUser>:/bin/bash
> > -
> > -Important is the number "544" in the line of the <UserAdmin>
> > account which tells cygwin that the <UserAdmin>
> > -belongs to the local Administrator group. The /etc/group file
> > should contain something like
> > -
> > -SYSTEM:S-1-5-18:18:
> > -Administrators:<some_id>:544:<UserAdmin>
> > -Users:<some_id>:545:<SimpleUser>
> > -
> > -The AddPrivileges script adds the following permissions to the
> > Torque daemons
> > -depending on the Windows version:
> > -
> > --------------------------------------------------------------------------------------------------
> > -! !! ! ! !
> > -! Run as !! pbs_server + sched ! pbs_mom ! on Windows subkind !
> > -! !! ! ! !
> > -!===================!!=======================!==========================!==========================!
> > -! !! ! ! !
> > -! Cygwin daemon !! --- ! SeCreateTokenPrivilege ! Windows XP/Server
> > 2003 !
> > -! !! ! ! !
> > -!-------------------!!-----------------------!--------------------------!--------------------------!
> > -! !! ! ! !
> > -! Windows service !! SeServiceLogonRight ! SeServiceLogonRight !
> > Windows XP/Server 2003 !
> > -! by <UserAdmin> !! ! SeCreateTokenPrivilege ! Windows 7 !
> > -! !! ! ! !
> > -!-------------------!!-----------------------!--------------------------!--------------------------!
> > -! !! ! ! !
> > -! Windows service !! ! ! Windows XP !
> > -! by SYSTEM !! --- ! --- ! only !
> > -! !! ! ! !
> > -! !! ! ! !
> > -
> > --------------------------------------------------------------------------------------------------
> > +Usage of privileges for known starts of Torque components is
> > resulted in the tables:
> > +
> > +
> > -------------------------------------------------------------------------------------------------------
> > +! !
> > +! Cygwin 1.5.25 !
> > +! !
> > +!-------------------------------------------------------------------------------------------------------!
> > +! !! ! ! !
> > +! Run as !! pbs_server + sched ! pbs_mom ! on Windows subkind !
> > +! !! ! ! !
> > +!===================!!=======================!===============================!==========================!
> > +! !! ! ! !
> > +! Cygwin daemon !! --- ! SeCreateTokenPrivilege ! Windows XP/Server
> > 2003 !
> > +! !! ! ! !
> > +!-------------------!!-----------------------!-------------------------------!--------------------------!
> > +! !! ! ! !
> > +! Windows service !! SeServiceLogonRight ! SeServiceLogonRight !
> > Windows XP/Server 2003 !
> > +! by <UserAdmin> !! ! SeCreateTokenPrivilege ! Windows 7 !
> > +! !! ! ! !
> > +!-------------------!!-----------------------!-------------------------------!--------------------------!
> > +! !! ! ! !
> > +! Windows service !! --- ! --- ! Windows XP !
> > +! by SYSTEM !! ! ! !
> > +! !! ! ! !
> > +
> > -------------------------------------------------------------------------------------------------------
> > +
> > +
> > +
> > -------------------------------------------------------------------------------------------------------
> > +! !
> > +! Cygwin 1.7.5 or later !
> > +! !
> > +!-------------------------------------------------------------------------------------------------------!
> > +! !! ! ! !
> > +! Run as !! pbs_server + sched ! pbs_mom ! on Windows subkind !
> > +! !! ! ! !
> > +!===================!!=======================!===============================!==========================!
> > +! !! ! ! !
> > +! Cygwin daemon !! --- ! SeCreateTokenPrivilege ! Windows XP/Server
> > 2003 !
> > +! !! ! ! !
> > +!-------------------!!-----------------------!-------------------------------!--------------------------!
> > +! !! ! ! !
> > +! Windows service !! SeServiceLogonRight ! SeServiceLogonRight !
> > Windows 7 !
> > +! by <UserAdmin> !! ! SeCreateTokenPrivilege ! !
> > +! !! ! ! !
> > +!-------------------!!-----------------------!-------------------------------!--------------------------!
> > +! !! ! ! !
> > +! Windows service !! SeServiceLogonRight ! SeServiceLogonRight !
> > Windows 7 !
> > +! by <UserAdmin> !! ! SeAssignPrimaryTokenPrivilege ! !
> > +! via LSA registry !! ! ! !
> > +! !! ! ! !
> > +
> > -------------------------------------------------------------------------------------------------------
> > +
> >  Warning!!! You have to understand that a installing of additional
> >  privileges
> >  can decrease your OS security level.
> >
> > -Open the ports for sshd, pbs_server, pbs_mom and pbs_sched in your
> > firewalls.
> > +Reboot your computers that the SeCreateTokenPrivilege has taken
> > effect!
> >
> > -Reboot your computers!!!
> > +Open the ports for sshd, pbs_server, pbs_mom and pbs_sched in your
> > firewalls.
> >
> >
> >
> > @@ -163,9 +183,9 @@
> >
> >  Set your server's hostsname in the .../torque/server_name file.
> >
> > -Submit jobs as <SimpleUser> with limited account.
> > +Submit jobs as <SimpleUser> with Limited account.
> >
> > -For more details refer to the Torque documentation.
> > +See more the Torque Documentations.
> >
> >
> >
> > @@ -196,7 +216,7 @@
> >     #make install
> >
> >  Configure and initiate Torque components.
> > -Install the additional privileges (see above).
> > +Instal the additional privileges (see above).
> >
> >  Use cygrunsrv.exe for install, start, stop and remove services.
> >  See more cygrunsrv.exe --help.
> > @@ -210,7 +230,9 @@
> >     #./contrib/AddPrivileges --add mom
> >     #cygrunsrv.exe -I pbs_mom -p /usr/sbin/pbs_mom.exe -u
> >     <UserAdmin> -w <password>
> >
> > -On Windows XP <UserAdmin> also can start server-sched-mom as
> > services by
> > +
> > +
> > +Only on Windows XP <UserAdmin> also can start server-sched-mom as
> > services by
> >  Windows native user SYSTEM (uid=18):
> >
> >     #./contrib/AddPrivileges --add SYSTEM
> > @@ -219,5 +241,24 @@
> >     #cygrunsrv.exe -I pbs_sched -p /usr/sbin/pbs_sched.exe
> >     #cygrunsrv.exe -I pbs_mom -p /usr/sbin/pbs_mom.exe
> >
> > +
> > +
> > +On Windows 7 with Cygwin 1.7.5 (or later) can use pbs_mom as
> > services via the LSA private registry
> > +area (http://cygwin.com/cygwin-ug-net/ntsec.html). Thus the very
> > special and very dangerous
> > +SeCreateTokenPrivilege is not required:
> > +
> > + #cygserver-config
> > + #cygrunsrv.exe -S cygserver
> > +
> > +For each user:
> > + #passwd -R
> > +
> > + #./contrib/AddPrivileges --add
> > + #cygrunsrv.exe -I pbs_mom -p /usr/sbin/pbs_mom.exe -u <UserAdmin>
> > -w <password>
> > +
> > +This variant of Torque start has been tested with MPICH2-1.2.1 on
> > Windows 7 x86_64.
> > +
> > +
> > +
> >  Services and privileges are managed via the Windows Control Panel
> >  or command line.
> >
> 
> > _______________________________________________
> > torquedev mailing list
> > torquedev at supercluster.org
> > http://www.supercluster.org/mailman/listinfo/torquedev
> 
> 
> --
> Garrick Staples, GNU/Linux HPCC SysAdmin
> University of Southern California
> 
> Life is Good!
> 
> _______________________________________________
> torquedev mailing list
> torquedev at supercluster.org
> http://www.supercluster.org/mailman/listinfo/torquedev

-- 
David Beer | Senior Software Engineer
Adaptive Computing


More information about the torquedev mailing list