Hi Reuti, On Tue, Apr 09, 2019 at 09:05 AM PDT, Reuti wrote: > > Am 09.04.2019 um 17:43 schrieb Mun Johl <mun.j...@kazan-networks.com>: > > > > Hi Reuti, > > > > Thank you for your reply! > > Please see my comments below. > > > > On Mon, Apr 08, 2019 at 10:27 PM PDT, Reuti wrote: > >> Hi, > >> > >>> Am 09.04.2019 um 05:37 schrieb Mun Johl <mun.j...@kazan-networks.com>: > >>> > >>> Hi all, > >>> > >>> My company is hiring a contractor for some development work. As such, I > >>> need to modify our grid configuration so that he only has access to a > >>> single execution host. That particular host (let's call it serverA) > >>> will not have all of our data disks mounted. > >>> > >>> NOTE: We are running SGE v8.1.9 on systems running Red Hat Enterprise > >>> Linux v6.8 . > >>> > >>> I'm not really sure how to proceed. I'm thinking of perhaps creating a > >>> new queue which only resides on serverA. > >> > >> There is no need for an additional queue. You can add him to the > >> xuser_lists of all oher queues. But a special queue with a limited number > >> of slots might give the contractor more priority to check his develoment > >> faster. Depends on personal taste whether this one is preferred. This > >> queue could have a forced complex with a high urgency, which he always > >> have to request (or you use JSV to add this to his job submissions). > > > > How would I proceed if I did not create an additional queue? You have > > me intrigued. That is, if I add him to the xuser_lists of all queues, > > he wouldn't be able to submit a job, would he? Perhaps I'm confused. > > All entries in the (cluster) queue definition allow a list of different > characteristics (similar to David's setup in the recent post): > > $ qconf -sq all.q > ... > user_lists NONE,[development_machine=banned_users] > xuser_lists NONE,[@ordinary_hosts=banned_users] > > to keep him away from certain machines only. You don't need both entries, it > depends whether there are machines for development use only, for ordinary > users only, and a pool of machines for mixed use. Sure, one would it rename > to "contractor_team" and not "banned_users", if it's used in "user_lists" too.
Oh, I think I understand that now. You are putting a finer level of control on each queue and configuring said queue for which user(s) can access which host(s). Clever. > >>> We would ask the contractor to > >>> specify this new queue for his jobs. Furthermore, I would add the > >>> contractor to the xuser_lists of all other queues. > >>> > >>> Does that sound reasonable > >> > >> Yes. > >> > >> > >>> or is there an easier method for > >>> accomplishing this task within SGE? > >>> > >>> IF it makes sense to proceed in this manner, what is the easiest way to > >>> add the username of the contractor to the xuser_lists parameter? Can I > >>> simply add his username? Or do I need to create a new access list for > >>> him? > >> > >> Yes. > >> > >> $ qconf -au john_doe banned_users > > > > Okay, so to confirm: I create the banned_users ACL and add that ACL to > > all queues for which john_joe is banned. Correct? > > > > Thanks again for your time and knowledge! > > Either this or create a hostlist to shorten the number of machines for the > above setup. Understood. > === > > Even a forced complex could be bound this way to a hostgroup only: > > $ qconf -sq all.q > ... > complex_values NONE,[@ ordinary_hosts =contractor=TRUE] > > and the BOOL complex "contractor" with a high urgency. This is starting to make my head hurt ;) But I believe you have armed me with enough information for me to move forward with the requisite configuration changes. Thank you and best regards, -- Mun > -- Reuti > > > > Best regards, > > > > -- > > Mun > > > > > >>> Any and all examples of how to implement this type of configuration > >>> would be greatly appreciated since I am not an SGE expert by any stretch > >>> of the imagination. > >>> > >>> By the way, would the contractor only need an account on serverA in > >>> order to utilize SGE? Or would he need an account on the grid master as > >>> well? > >> > >> Are you not using a central user administration by NIS or LDAP? > >> > >> AFAICS he needs an entry only on the execution host (and on the submission > >> host of course). > >> > >> -- Reuti _______________________________________________ users mailing list users@gridengine.org https://gridengine.org/mailman/listinfo/users
