[GE users] Question about qrsh setup

Simon Gao gao at schrodinger.com
Thu Nov 29 18:34:51 GMT 2007


    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "ISO-8859-10" character set.  ]
    [ Some special characters may be displayed incorrectly. ]

Reuti wrote:
> Hi,
>
> Am 28.11.2007 um 19:49 schrieb Simon Gao:
>
>> I have a few questions about how qrsh/qlogin works.
>>
>> On page  http://gridengine.sunsource.net/howto/qrsh_qlogin_ssh.html,
>> there are following settings for rsh_daemon and rlogin_daemon:
>>
>> ============================================================================
>>
>>
>> Set the parameters rsh_daemon and rlogin_daemon in your cluster
>> configuration to ssh:
>>
>>     *
>>
>>       rsh_daemon: /usr/sbin/sshd -i
>>
>>     *
>>
>>       rlogin_daemon: /usr/sbin/sshd -i
>>
>> ============================================================================
>>
>>
>>
>> 1. On which node (submission or compute node), the
>> rlogin_daemon/rsh_daemon runs?
>
> on the node, where your interactive job runs.
>
>> does a new ssh daemon process got started
>> by each qrsh/qlogin?
>
> yes.
>
>> If so, by which user, root or the user who submit
>> the job?
>
> login with qrsh or qlogin and iusse (f w/o -):
>
> ps -e f -o pid,ppid,pgrp,user,ruser,command
>
> it will be root.
>
>> 2. Since ssh daemon already runs on every node, why each job submitted
>> by qrsh needs to start its own ssh daemon process?
>
> only this way it can be controlled by SGE and killed by a qdel and
> OTOH set limits for the interactive session, which are defined in the
> queue settings.
>
>> Why can those jobs
>> use the already running ssh daemon process?
>> 3. Do jobs submitted via qrsh use different ssh port in each connection?
>
> yes.
>
>> 4. Since rsh_command and rlogin_command has been set up to point to ssh
>> command, isn't it already enough?
>
> ??? you mean, it's not working for you? it might be, that the local
> configuration for each node overrides the global one. If you don't
> need a different definition for each node, you can delete all local
> configurations simply and the global one will take effect.
>
>> 5. Is it secure to have to SGE to start a new ssh daemon process?
>
> yes. IMO inside a cluster, where you have a private net to the nodes,
> even the default rsh is safe. The default rsh (and/or ssh) could be
> disabeled completely in /etc/xinetd.d, as SGE will start one for each
> interactive job on its own: complete control to disallow users from
> bypassing SGE's scheduling.
>
> -- Reuti
>
Thanks, Ron and Reuti. Your explanations helps.

Simon

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe at gridengine.sunsource.net
For additional commands, e-mail: users-help at gridengine.sunsource.net




More information about the gridengine-users mailing list