Open MPI logo

Open MPI User's Mailing List Archives

  |   Home   |   Support   |   FAQ   |   all Open MPI User's mailing list

Subject: Re: [OMPI users] control openmpi or force to use pbs?
From: Gus Correa (gus_at_[hidden])
Date: 2013-02-19 15:57:34


On 02/18/2013 09:49 PM, Duke Nguyen wrote:
> Sorry for the late update. Anyway, per suggestions, here is what I did:
> * prevent ssh-login to the nodes except admins
> * reconfigure torque with --with-pam (then reinstall torque, openmpi
> etc...)
>
> After testing for a few days with some intensive jobs, everything
> looks fine :)
>
> Thanks for all the helps/suggestsions/comments,
>
> D.
Hi Duke

I'm glad to know everything worked for you.

Gus Correa
>
> On 2/6/13 10:58 PM, Reuti wrote:
>> Am 06.02.2013 um 16:45 schrieb Duke Nguyen:
>>
>> > On 2/6/13 10:06 PM, Jeff Squyres (jsquyres) wrote:
>> >> On Feb 6, 2013, at 5:11 AM, Reuti <reuti_at_[hidden]> wrote:
>> >>
>> >>>> Thanks Reuti and Jeff, you are right, users should not be
>> allowed to ssh to all nodes, which is how our cluster was set up:
>> users can even password-less ssh to any node. I know this is not
>> appropriate question in OpenMPI forum, but how can we setup so that
>> user can only ssh (with password) to nodes that are allocated to them
>> at the time of qsub'ing? I am still new to all of this cluster thing :)
>> >>> I even disallow this. Only admin staff is allowed to login to the
>> nodes. This forces also the admin to look for a tight integration of
>> the user's software into the queuing system.
>> >>
>> >> +1
>> >>
>> >> FWIW, that makes one-more-thing that you have to setup and
>> maintain (because it doesn't happen by default -- you'd have to add
>> some extra scripting in the ssh authentication stuff to enable that
>> functionality).
>> >>
>>
>> > Thanks, that what I want to do too, but I thought if it is impossible
>> > because ssh is needed for seting up a cluster. From what I understand:
>>
>> > * for an user to run pbs jobs, master and clients should have that user
>> > on their passwd/shadow/group files
>>
>> Or use NIS / LDAP to have a central location for this information.
>>
>>
>> > * configure ssh server on clients to prohibit certain users
>>
>> Correct, like a line in /etc/ssh/sshd_config:
>>
>> AllowGroups admin
>>
>> and only admin staff has this group as one of their secondary groups
>> attached.
>>
>> -- Reuti
>>
>>
>> > Is that right?
>>
>> > _______________________________________________
>> > users mailing list
>> > users_at_[hidden]
>> > http://www.open-mpi.org/mailman/listinfo.cgi/users
>>
> >
> > _______________________________________________
> > users mailing list
> > users_at_[hidden]
> > http://www.open-mpi.org/mailman/listinfo.cgi/users
> >
>
>
>
>
> _______________________________________________
> users mailing list
> users_at_[hidden]
> http://www.open-mpi.org/mailman/listinfo.cgi/users