[Beowulf] Restricting users from ssh into nodes

Prentice Bisbal prentice.bisbal at rutgers.edu
Thu Aug 22 11:08:17 PDT 2013


On 08/22/2013 02:05 PM, Reuti wrote:
> Am 22.08.2013 um 20:00 schrieb Prentice Bisbal:
>
>> On 08/20/2013 02:03 PM, Mark Hahn wrote:
>>>> 1. Many people's job scripts use ssh either directly (to say clean up /tmp)
>>>> or indirectly from mpirun.
>>> sure.
>>>
>>>> (good mpirun's use the batch engine's per-node
>>>> daemon to launch the binaries not ssh).
>>> why should a scheduler have daemons cluttering up compute nodes?
>>> also, do you really launch so many very big but very short jobs
>>> that startup time is a serious concern?  I'm questioning assumptions here.
>>>
>> It's not about reducing startup time. It's about controlling the jobs
>> accurately. With SGE, all jobs started are children of the sge_sheperd
>> processes (which gets started by the sge_execd daemon). This allows SGE
>> to have ultimate control over the jobs  (suspend resume, kill, etc.) and
>> provide accurate process accounting. When you just use SSH, can you
>> provide that level of control?
> +1
>
>
>> And if you really want to be a pro, you create a prolog script that
>> creates a unique temp directory for the user, that they can reference
>> with an environment variable (say, SCRATCH, or SGE_TMP or something
> One you get for free in SGE and it can be accessed by $TMPDIR inside the jobscript. A creation in a prolog is only necessary in case you need a second one (maybe a global one in addition to the one on the node).
>
> Thanks for the additional detail. It's been over a year since I've 
> used SGE, and I'm starting to forget things. :(

Prentice



More information about the Beowulf mailing list