[GE users] Setup with CSP differs from docs(?)
jlb at salilab.org
Thu Nov 1 00:00:52 GMT 2007
In its current configuration, our cluster uses standard SGE (no CSP) with
a single submit host. I'm looking into implementing CSP in order to allow
hosts outside the immediate cluster to submit jobs in a vaguely secure
It seems like I've got things working (I'm testing with 6.1u2), but it
*also* seems like the Installation Guide is overly broad in some places
and flat wrong in others. I'm wondering if something in my setup will
come back to bite me. Places where my setup differs from the docs seem to
1) In Chapter 4, step 6 of "How to Install a CSP-Secured System" says
that if you do not want to put the CSP security information on the
shared filesystem (i.e., under $SGE_ROOT), then you must tar up all of
and transfer that to all exec hosts. In my mind, I'd like to limit
the dissemination of /var/sgeCA/sge_qmaster/$CELL/private as much as
possible. Through experimenatation, it seems that the only file from
that directory that's necessary for sgeexecd to successfully start and
accept jobs is key.pem. Is this a true statement?
2) Also in Chapter 4, step 4 of "How to Generate Certificates and Private
Keys for Users" says that each user must run
to copy their keys into their ~/.sge directory. There are several
issues with this:
a) On the master host, the command errors out with
Error: Can not find local userkey directory.
b) But this is OK, because qstat and qsub work anyway.
c) On a submit host, the command errors out with
Error: You can install your private key and certificate only on the
d) But copying /var/sgeCA/sge_qmaster/$CELL/userkeys/$USER from the
master host to the submit host lets $USER happily qsub.
Is there anything wrong with my "solution" here?
Thanks for any insights on these or any other issues with CSP. As an
aside, there doesn't seem to be much traffic on the list about this. Do
people not use this much?
QB3 Shared Cluster Sysadmin
To unsubscribe, e-mail: users-unsubscribe at gridengine.sunsource.net
For additional commands, e-mail: users-help at gridengine.sunsource.net
More information about the gridengine-users