At 04:51 PM 1/13/2003 -0500, Edmund Bertschinger wrote:
1. As the oscar-2.1 documentation says (I missed it, but Jeff Squyres set me straight), mysqld must not have a password set. This creates a security hole on the server, and I understand that this limitation will be removed in future versions of oscar. In this case, it was my fault for not reading the documentation.
Yep, that is one of the things I have slated for the next oscar release.
2. I was having problems with being unable to ssh into the nodes. It turns out that, in a moment of security paranoia some weeks earlier which I had forgotten, I disabled root logins by editing /etc/ssh/sshd-config and setting PermitRootLogin to no. While this is good security policy on single machines, it is (in retrospect) obviously bad for clusters. Without root login, a cluster can't work. It might be worth a footnote in the oscar documentation about this for the paranoid newbie.
3. If one uses tcp_wrappers (and who doesn't?), then at least during oscar installation, one must allow the client nodes to run tftp on the server. The following hosts.allow file will take care of this. It might be worth noting this fact in the oscar documentation, since the careful linux manager will by default allow no access to any inet services.
#
# hosts.allow This file describes the names of the hosts which are
# allowed to use the local INET services, as decided
# by the '/usr/sbin/tcpd' server.
#
# allow NFS service to oscardomain only
portmap: .oscardomain
rpc.mountd: .oscardomain
# allow ssh logins from anywhere
sshd: ALL
#temporary, for initial cluster setup
in.tftpd: .oscardomain
-----------------------------------------------------------------------------------------------------------------------
Now, a question. Are there any other lines that one should have in hosts.allow? Since I was unable to get successful completion of the PBS tests in oscarinstall step 8, and I couldn't get ganglia to work right, I suspect that I'm missing something. In particular, when I tried to install ganglia, it gave error messages like these in /var/log/messages:
Jan 8 10:23:00 antares /usr/sbin/gmond[1260]: server_thread() Host 18.75.1.148
tried to connect and was refused
Jan 11 15:33:18 antares /usr/sbin/gmond[8551]: mcast_thread() error multicasting
Any ideas?
Thanks,
Ed
-------------------------------------------------------
This SF.NET email is sponsored by: FREE SSL Guide from Thawte
are you planning your Web Server Security? Click here to get a FREE
Thawte SSL guide and find the answers to all your SSL security issues.
http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0026en
_______________________________________________
Oscar-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/oscar-users
------------------------------------------------------- This SF.NET email is sponsored by: FREE SSL Guide from Thawte are you planning your Web Server Security? Click here to get a FREE Thawte SSL guide and find the answers to all your SSL security issues. http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0026en _______________________________________________ Oscar-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/oscar-users
