[Beowulf] Blue-sky cluster security [was CLuster - Mpich - tstmachines - Heeelp !!!!!!!!]

Mark Hahn hahn at physics.mcmaster.ca
Sat Jul 29 09:34:42 PDT 2006


>> it would be interesting to try this - connecting to the cluster gets you
>> a VM or containerized environment where you can't see anyone else,
>> and where the only access you have to the cluster is through queue
>> commands.  your jobs would then run in a similar VM/container cloned
>> when you submit them.  I suppose some people would like this, but it
>
> Just brainstorming, what would the best method be? Poach some of the
> globus stuff? A chroot scheme? Xen?

I've never quite understood the value of Globus.  obviously, within a single
admin domain, it's no better than any other scheme.  afaikt, it's main
purpose is to permit me, as a resource owner, to hand over control of some 
resources to some other domain.  this is very gridish, of course, but would
you really want to do that?  I'd like to require that everything that runs 
in my domain can authenticate within my domain - this allows me to report to 
my funding agency, for instance, which Nature papers were accomplished with
which mega-cpu-hour.  in particular, this isn't necessarily any more
difficult - if my org undertakes an agreement with another org, I'm perfectly 
happy automatically creating accounts for their users within my domain...

anyway, the VM/Xen approach would offer the most serious user isolation and 
security containment.  I'm an ssh-ophile, so I'd probably set it up so that 
when a user logs in, the shell they get is inside a user-specific VM.
submitting a job is just cloning the current VM and freeze-drying it for
later reconstitution on compute node(s).  I don't think this kind of scheme
would introduce any new security considerations.



More information about the Beowulf mailing list