[GE users] Question about qrsh setup

Reuti reuti at staff.uni-marburg.de
Wed Nov 28 19:35:42 GMT 2007


Hi,

Am 28.11.2007 um 19:49 schrieb Simon Gao:

> I have a few questions about how qrsh/qlogin works.
>
> On page  http://gridengine.sunsource.net/howto/qrsh_qlogin_ssh.html,
> there are following settings for rsh_daemon and rlogin_daemon:
>
> ====================================================================== 
> ======
>
> Set the parameters rsh_daemon and rlogin_daemon in your cluster
> configuration to ssh:
>
>     *
>
>       rsh_daemon: /usr/sbin/sshd -i
>
>     *
>
>       rlogin_daemon: /usr/sbin/sshd -i
>
> ====================================================================== 
> ======
>
>
> 1. On which node (submission or compute node), the
> rlogin_daemon/rsh_daemon runs?

on the node, where your interactive job runs.

> does a new ssh daemon process got started
> by each qrsh/qlogin?

yes.

> If so, by which user, root or the user who submit
> the job?

login with qrsh or qlogin and iusse (f w/o -):

ps -e f -o pid,ppid,pgrp,user,ruser,command

it will be root.

> 2. Since ssh daemon already runs on every node, why each job submitted
> by qrsh needs to start its own ssh daemon process?

only this way it can be controlled by SGE and killed by a qdel and  
OTOH set limits for the interactive session, which are defined in the  
queue settings.

> Why can those jobs
> use the already running ssh daemon process?
> 3. Do jobs submitted via qrsh use different ssh port in each  
> connection?

yes.

> 4. Since rsh_command and rlogin_command has been set up to point to  
> ssh
> command, isn't it already enough?

??? you mean, it's not working for you? it might be, that the local  
configuration for each node overrides the global one. If you don't  
need a different definition for each node, you can delete all local  
configurations simply and the global one will take effect.

> 5. Is it secure to have to SGE to start a new ssh daemon process?

yes. IMO inside a cluster, where you have a private net to the nodes,  
even the default rsh is safe. The default rsh (and/or ssh) could be  
disabeled completely in /etc/xinetd.d, as SGE will start one for each  
interactive job on its own: complete control to disallow users from  
bypassing SGE's scheduling.

-- Reuti

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe at gridengine.sunsource.net
For additional commands, e-mail: users-help at gridengine.sunsource.net




More information about the gridengine-users mailing list