[Beowulf] SSH without login in nodes
Robert G. Brown
rgb at phy.duke.edu
Sun May 6 23:22:26 PDT 2007
On Mon, 7 May 2007, Mark Hahn wrote:
>> Yes, this is the other solution. Do nothing fancy in script-land. Just
>
> right on! we have >1800 users from more institutions than I can count,
> and we just tell users to submit everything nontrivial through the queueing
> system. only rarely do we need to scold users for running nontrivial jobs on
> login nodes, and even more rarely do any of them mess with compute nodes
> directly. we make no effort to actually _prevent_ users from ssh'ing to
> compute nodes.
>
> IMO, part of this is making it easy to submit jobs. in our environment,
> just prefix your command by "sqsub" and it goes onto a compute node.
> (that is, extra job scripts are a mistake, and it's important to propogate
> cwd and env transparently to jobs.) if compilers took more than milliseconds
> to run, people could certainly define FC="sqsub f90" if they wanted, and it
> would work correctly.
Ya. In the olde days they would describe this as the difference between
fascist administration style and -- not so fascist administration style.
It is important to differentiate between security requirements and the
human desire to control other humans. Even security is a cost-benefit
trade-off, but it is one where being a bit more "stringent" is
appropriate. Where it isn't security, you'll probably save energy
effort time ulcers if you just back off on rigid control and try instead
to use human measures.
In fact, even to use a queuing system in the first place requires enough
users and conflicting requirements to make it worth all the hassle. You
can go a long ways on a small mixed-ownership cluster where people tend
to run long jobs on their own nodes all the time and share other
people's when they are idle with the shout-down-the hall "hey Joe -- you
using those nodes?" scheduler.
rgb
> _______________________________________________
> Beowulf mailing list, Beowulf at beowulf.org
> To change your subscription (digest mode or unsubscribe) visit
> http://www.beowulf.org/mailman/listinfo/beowulf
>
--
Robert G. Brown http://www.phy.duke.edu/~rgb/
Duke University Dept. of Physics, Box 90305
Durham, N.C. 27708-0305
Phone: 1-919-660-2567 Fax: 919-660-2525 email:rgb at phy.duke.edu
More information about the Beowulf
mailing list