LISTSERV - RESCOMP Archives - LISTSERV.MIAMIOH.EDU

RESCOMP Archives

March 2006

RESCOMP@LISTSERV.MIAMIOH.EDU

	LISTSERV Archives
	RESCOMP Home
	RESCOMP March 2006

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: no ssh
From:	Robin <[log in to unmask]>
Reply To:	Research Computing Support <[log in to unmask]>, Robin <[log in to unmask]>
Date:	Wed, 8 Mar 2006 19:59:52 -0500
Content-Type:	text/plain
Parts/Attachments:	text/plain (86 lines)

My previous email and Steve's crossed each other.
Thanks Steve for testing it out.

> I just used an interactive job on c1-3 to ssh to c1-1, and on from 
> there to c2-5.  Do you expect this possibility to be blocked once your 
> files are distributed?

No. I misunderstood Jaime's statement. We still need to find a way to 
limit certain type of SSH.
MPI uses SSH behind the scene and how to allow these through.

When submitted via PBS, only the launcher of mpirun_ssh has all the 
environment variable. The SSH to the rest of the compute nodes is just 
plain old SSH (nothing special).

Currently, we have a loose (and thus robust and easily understood) 
integration between PBS and MPI. That is PBS just assigned compute nodes 
to a file.
PBS does not manage (or even know about) the underlying SSH. When time 
permits, we probably should at least look at a tighter integration 
between PBS and MPI.
There's always some pros and cons w/ regards to 'Loose' and 'Tight' 
integration. I came across the choices while working on the 
SunGridEngine (and the Ethernet MPI)
on that other cluster.

> Once this hole is plugged, the other obvious concern is that someone 
> could stow a cron job on a compute node during PBS session (this 
> wouldn't even need an interactive session).  However, I think it's 
> reasonable for someone to use cron on the head node to fire off 
> occasional qsub's; it's fair use, as they're still having to wait in 
> the queue.

There are quite some holes left that I could think of. We should close 
them using technical means as much as possible.
When time does not permit, human intervention (or policy) to deter users 
from abusing resources. The latter should be as minimal as possible.

Thanks,
Robin

> Steve
>
> At 05:04 PM 3/8/2006, you wrote:
>
>> I just checked that it seemed to work.
>>
>> You can submit an interactive job and get a login shell to that
>> compute node.
>> You still can't ssh into that node.
>>
>> Unless that some files failed to get distributed to certain compute
>> nodes, it should work throughout.
>>
>> Thanks,
>> --------------
>> Robin
>> [log in to unmask]
>> 513-529-1483
>>
>> "Academia politics is the most vicious precisely because the stake is
>> so small" - Kissinger
>>
>>
>>
>> On Mar 8, 2006, at 4:12 PM, jaime combariza wrote:
>>
>>> I tried to ssh from the head node to c1-1 c1-2 c1-3 and I was not
>>> able to do it. So if ssh is disabled it is working.
>>> However, if I request an interactive pbs session then I can ssh to
>>> the compute nodes. So the question
>>> is why bother?
>>>
>>> I still have to check if running jobs will be affected.
>>>
>>>
>>>
>>> Jaime E. Combariza, Ph.D.
>>> Assistant Director Research Computing
>>> http://www.muohio.edu/researchcomputing
>>> Miami University
>>> (513) 529-5080
>>

ATOM RSS1 RSS2

LISTSERV.MIAMIOH.EDU