Am 08.05.2007 um 15:25 schrieb Angel de Vicente:
If it is of any help, we use a similar setting to the one given
below by Kilian,
where our access file in the compute nodes only has root and
myself. When a user
submits something to the queuing system (Torque+Maui), the
access.conf of the
given nodes is modified with a prologue script, so that access is
given to them
in the allocated nodes, and when the job finishes their name is
taken from
access.conf in an epilogue script.
Nothing fancy, but it works pretty well (you could easily figure
how to abuse
it, but people usually behave nicely, and this was needed mostly to
prevent
accidentally submitting jobs to other nodes, not to tackle abuse).
At the same
time, we have a script that runs once per day to check whether
there are any
jobs from users not allowed (according to the queueing system) to
do so, and if
found they are just mercilessly killed (on very rare occasions
zombies are
hanging around).
This is always a point where I wonder, why there is still no rsh
replacement in Torque like it's available in SUN GridEngine with its
qrsh command. Simply disable rsh and ssh in the complete cluster (or
limit it to admin staff) and all startup of processes in the cluster
is done by SGE's private daemons for each qrsh call by using a Tight
Integration - so you can't access nodes which you are not supposed to
use. In addition, this will also allow correct accounting for Linda/
PVM jobs which still seems not be possible with Torque.
-- Reuti
_______________________________________________
Beowulf mailing list, [email protected]
To change your subscription (digest mode or unsubscribe) visit
http://www.beowulf.org/mailman/listinfo/beowulf
