[Beowulf] Configuration change monitoring
Mark Hahn
hahn at mcmaster.ca
Thu Aug 30 11:19:55 PDT 2007
> It is more the ITIL standards, and Commercial vendor lobbying, our
> accountants are clueless :)
I have no idea what ITIL means, but would probably prefer to keep
it that way :)
a standard that forces use of specific and commercial packages
is not a standard at all...
> HPC clusters are normally a horde of clones. no configuration change
>> is applied individually to a node, but rather applied en-mass.
>> reimaging nodes is not a huge big deal, for instance (and a non-event
>> if you use nfs-root - definitely a good idea in some cases.)
>>
>
> True The only frequent changes are user account modification, mounted nfs
> files, and scheduler configurations files if log level need to be altered. I
none of those require any node-local changes. as I mentioned, nfs-root
solves many of them, though it's common to use ldap/nis/AD. it's uncommon
to change the NFS mounts on a compute node, but also quite easy to change
the fstab and then something like "pdsh -a mount -a"
> can just write a script or use a file integrity checker to check these. The
> problem is that the department that is asking us to implement configuration
> change monitoring based on a security audit items want more than that, want
perhaps you should ask them what their actual goals/motives are,
and talk to them to figure out how it makes sense for a cluster.
offhand, I'd be surprised if it made any sense to do for anything
except admin nodes (ie, not compute nodes).
regards, mark hahn.
More information about the Beowulf
mailing list