SMP support with the scyld package/codine/NFS

Andreas Boklund andreas at amy.udd.htu.se
Wed Mar 14 06:53:31 PST 2001


My cluster is not runnig Scyld but the univeristy is using NIS from an
IRIX and loads the home volume from another IRIX(NFS), and some of my
applications resides on a Quad LINUX from Dell. 

I have set up a simple iptables firewall/mascuerading on my master node
that masquerades the nodes from the rest of the world, including
the NFS/NIS servers. But still it lets log on the the nodes via the NIS
and mount all NFS volumes that i like.

The interesting part is the IP-forwarding and Masquerading section.
The rest is just that i dont want ppl to get access to my kluster, a
computer lab has access to the unix network. So just compile a kernel with 
iptables (2.4.x) or do the same stuff with the 2.2 version of the firewall
code.

What it goes for Scyld i have managed to use only one interface by just
changing the value (in the preferences tab i think) from eth1 to eth0.
After that i could assign my nodes real world ip-adresses and allow them
to contact other computers. well it seemed to work for me, never did that
much testing though.

Good luck
//Andreas
PS. Feel free to comment my config options, if you have any ideas of
improvement :)



***** The start section of my Netfilter script in /etc/rc.d/init.d ****

<SNIP>
echo "Turning on IP-forwarding & Masquerading:"
          echo 1 > /proc/sys/net/ipv4/ip_forward
          iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE

        echo "Starting to filter packets"

                ## Stop all packets that comes in on the wrong interface
                for file in /proc/sys/net/ipv4/conf/*/rp_filter; do
                        echo 1 > $file
                done

                # Open a few ports
                iptables -A INPUT -p TCP --destination-port 21 -i eth1 -j ACCEPT #ftp
                iptables -A INPUT -p UDP --destination-port 21 -i eth1 -j ACCEPT #ftp
                iptables -A INPUT -p TCP --destination-port 22 -i eth1 -j ACCEPT #ssh
                iptables -A INPUT -p UDP --destination-port 22 -i eth1 -j ACCEPT #ssh
                iptables -A INPUT -p TCP --destination-port 53 -i eth1 -j ACCEPT #DNS
                iptables -A INPUT -p UDP --destination-port 53 -i eth1 -j ACCEPT #DNS
                iptables -A INPUT -p TCP --destination-port 111 -i eth1 -j ACCEPT #NIS/YP
                iptables -A INPUT -p UDP --destination-port 111 -i eth1 -j ACCEPT #NIS/YP
                iptables -A INPUT -p UDP --destination-port 2049 -i eth1 -j ACCEPT #NFS

                # Allow old/inside connections to reach out and get answers
                iptables -A INPUT -m state --state ESTABLISHED,RELATED -i eth1 -j ACCEPT

                # open ICMP, let ppl ping the master
                iptables -A INPUT -p ICMP -i eth1 -j ACCEPT

                # Drop all now unmatched packets
                iptables -A INPUT -i eth1 -j DROP
</SNIP>




On Wed, 14 Mar 2001, Marc Cozzi wrote:

> WOW, that was a fast response! Almost as fast as the
> DEC True-64 managers list.
> 
> Thanks for the replies Dan, Jag.
> 
> Other questions I have with this configuration have to do with
> operating in the current environment. I currently have lots of
> SUN 420R SMP systems, IRIX, AIX, and DECs running behind a firewall.
> The SUN systems use the Codine batch job scheduling submission
> software (now from SUN) previously from Gridware. All though
> somewhat limited, works well in this shop. SUN has recently released
> a version for Linux with claims to support more platforms in the
> near future, (IRIX, True-64, AIX...) SUN is making the Codine
> software available at no cost!! Also seems very stable...
> 
> Also used with all these systems is a common user file system
> NFS mounted on all boxes. User authentication is via NIS running
> on the SUN Solaris 8 systems. What documentation I could find for
> the Scyld software indicates that a master box must be setup with
> two Ethernets. One pointing to the "outside" and the other to the
> "inside". I assume this is running ipchains/ipforward and acting
> somewhat like a firewall. Is this going to cause problems/prevent
> me from using the existing NFS mounts and NIS authentication scheme?
> Can I just bring up all the Scyld nodes, including master Scyld system,
> on the internal network?
> 
> Once again, thanks for all the experts help and suggestions.
> 
>   marc
> 
> 
> -----Original Message-----
> From: Daniel Ridge [mailto:newt at scyld.com]
> Sent: Wednesday, March 14, 2001 12:27 AM
> To: Marc Cozzi
> Cc: 'beowulf at beowulf.org'
> Subject: Re: SMP support with the scyld package
> 
> 
> 
> On Tue, 13 Mar 2001, Marc Cozzi wrote:
> 
> > greetings,
> > 
> > I'm considering several dual 1GHz, 1GB Intel/Asus systems. Has anyone
> > used the Beowulf package from Scyld Computing Corporation with
> > SMP systems? Does one have to rebuild the kernel to enable SMP
> > support or is it turned on by default? Are there issues with BProc
> > and SMP?
> 
> Scyld's distribution ships with SMP and UP kernels. No problems with
> respect to UP/SMP with bproc. You can also mix-n-match with no ill
> effects.
> 
> Regards,
> 	Dan Ridge
> 	Scyld Computing Corporation 
> 
> 
> _______________________________________________
> Beowulf mailing list, Beowulf at beowulf.org
> To change your subscription (digest mode or unsubscribe) visit
> http://www.beowulf.org/mailman/listinfo/beowulf
> 
> _______________________________________________
> Beowulf mailing list, Beowulf at beowulf.org
> To change your subscription (digest mode or unsubscribe) visit http://www.beowulf.org/mailman/listinfo/beowulf
> 

-- 
*********************************************************
*   Administator of Amy and Sfinx(Iris23)               *
*                                                       *
*   Voice: 070-7294401                                  *
*   ICQ: 12030399                                       *
*   Email: andreas at shtu.htu.se, boklund at linux.nu        *
*                                                       *
*   That is how you find me, How do -I- find you ?      *
*********************************************************





More information about the Beowulf mailing list