On 10/14/2014 03:58 AM, Mark Dixon wrote:
On Mon, 13 Oct 2014, Prentice Bisbal wrote:
...
I think what he wants to do is this, which is actually a pretty common
desire:
1. Not let users ssh directly into cluster nodes and bypass the
scheduler.
2. If a user is in a qrsh or qlogin session and has requested multiple
nodes, for debugging parallel jobs, or just running interactive parallel
jobs, that user should be able to ssh to the other nodes assigned to his
interactive job, but should only be allowed to SSH into the nodes
assigned to him.
(2) prevents a user from using SSH to bypass the scheduler as intended
in (1). This works best when the allocation rule is 'fill_up', and/or
node usage is exclusive, since if a user has one slot of 50 different
nodes, he can now do as he pleases on all 50 nodes, interfering with
other jobs on those nodes.
...
Hi Prentice,
I don't get why qrsh/qlogin et al. specifically need to use SSH to
achieve either of those aims?
Mark
Mark,
You are correct, qrsh/qlogin do not need to use ssh in order to achieve
that, but you do need to coordinate ssh access with SGE so that once a
user gets a shell through qrsh/qlogin, they can't then ssh into any
other node willy-nilly.
I think the original question was worded poorly, leading to this
confusion. The built-in qrsh/qlogin can still be used, just so long as
subsequent ssh connections from that qrsh/qlogin are limited only to the
nodes assigned to that user for that job.
Prentice
--
Prentice
_______________________________________________
users mailing list
[email protected]
https://gridengine.org/mailman/listinfo/users
