On Friday 04 May 2007 21:42:58 Chris Samuel wrote: > We use a very ugly hack (this was already in place when I arrived) which > has been very effective over the past few years at doing that and > doesn't prevent people using SSH based MPI launchers (though we don't > recommend them being used). > > Basically it's just the following in /etc/profile on our compute nodes. > > if echo $HOSTNAME | egrep -q '^node' ; then > if [ ! $PBS_ENVIRONMENT ]; > then if [ $USER != "root" ]; > then if [ "$GROUP" != "systems" ]; > then exit; > fi; > fi; > fi; > fi; > > > How's that ?
Not that ugly, actually. But what if users do a ssh node -t "bash --noprofile"? ;) To handle of SSH based MPI launchers, we've disabled user logins from our frontend node to the compute nodes, but allowed them between compute nodes. So that the scheduler takes care of dispatching the initial process on a first node (no SSH involved), and then SSH connections can be used to dispatch the MPI daemons on the other nodes, from the initial one. Cheers, -- Kilian _______________________________________________ Beowulf mailing list, [email protected] To change your subscription (digest mode or unsubscribe) visit http://www.beowulf.org/mailman/listinfo/beowulf
