Re: [OMPI users] control openmpi or force to use pbs?

Tue, 19 Feb 2013 15:57:40 -0500 

On 02/18/2013 09:49 PM, Duke Nguyen wrote:

Sorry for the late update. Anyway, per suggestions, here is what I did:
 * prevent ssh-login to the nodes except admins
* reconfigure torque with --with-pam (then reinstall torque, openmpi etc...) 


After testing for a few days with some intensive jobs, everything 
looks fine :)


Thanks for all the helps/suggestsions/comments,

D.

Hi Duke

I'm glad to know everything worked for you.

Gus Correa


On 2/6/13 10:58 PM, Reuti wrote:

Am 06.02.2013 um 16:45 schrieb Duke Nguyen:

> On 2/6/13 10:06 PM, Jeff Squyres (jsquyres) wrote:
>> On Feb 6, 2013, at 5:11 AM, Reuti <re...@staff.uni-marburg.de> wrote:
>>

>>>> Thanks Reuti and Jeff, you are right, users should not be 
allowed to ssh to all nodes, which is how our cluster was set up: 
users can even password-less ssh to any node. I know this is not 
appropriate question in OpenMPI forum, but how can we setup so that 
user can only ssh (with password) to nodes that are allocated to them 
at the time of qsub'ing? I am still new to all of this cluster thing :)
>>> I even disallow this. Only admin staff is allowed to login to the 
nodes. This forces also the admin to look for a tight integration of 
the user's software into the queuing system.

>>
>> +1
>>

>> FWIW, that makes one-more-thing that you have to setup and 
maintain (because it doesn't happen by default -- you'd have to add 
some extra scripting in the ssh authentication stuff to enable that 
functionality).

>>

> Thanks, that what I want to do too, but I thought if it is impossible
> because ssh is needed for seting up a cluster. From what I understand:

> * for an user to run pbs jobs, master and clients should have that user
> on their passwd/shadow/group files

Or use NIS / LDAP to have a central location for this information.


> * configure ssh server on clients to prohibit certain users

Correct, like a line in /etc/ssh/sshd_config:

AllowGroups admin


and only admin staff has this group as one of their secondary groups 
attached.


-- Reuti


> Is that right?

> _______________________________________________
> users mailing list
> us...@open-mpi.org
> http://www.open-mpi.org/mailman/listinfo.cgi/users


>
> _______________________________________________
> users mailing list
> us...@open-mpi.org
> http://www.open-mpi.org/mailman/listinfo.cgi/users
>




_______________________________________________
users mailing list
us...@open-mpi.org
http://www.open-mpi.org/mailman/listinfo.cgi/users
























					Reply via email to