Hello Chris: Thanks very much for your answer! After updating time, my cluster works well now.
Wen Hao Wang
Chris Dunlap
<[EMAIL PROTECTED]
> To
Wen Hao Wang/China/[EMAIL PROTECTED]
2008-04-22 01:11 cc
[email protected]
Subject
Re: [munge-users] Remotely Decode
Issue
The "rewound credential" status you are seeing on xblade02 indicates
that the clocks on xblade08 and xblade02 are likely out of sync by
more than the default credential TTL of 300 seconds.
A credential contains the time at which it was encoded. When it is
later decoded, it must be within +/- TTL seconds of this encode time
according to the local clock.
Ideally, you should keep the clocks in sync on all of the nodes in
your cluster. For a quick test, you could create the credential with
a longer TTL (via the "-t" command-line option for munge):
$ munge -n -t 3600 | ssh xblade02 unmunge
MUNGE is not related to the SSH protocol / configuration. I just use
SSH as the transport in my examples since it is usually configured
on most nodes. MUNGE assumes the application requesting a credential
already has a mechanism in place to forward it on to the remote node
if needed.
-Chris
On Mon, 2008-04-21 at 06:17pm +0800, Wen Hao Wang wrote:
>
> Hello Chris:
>
> Thanks a lot for your comments!
>
> I distributed /etc/munge/munge.key from xblade08 to xblade01.
> Now "munge -n |ssh xblade01 unmunge" succeeded.
>
> Then I installed munge on other machine xblade02, with the same RHEL
> distribution with xblade01 and xblade08. SSH to xblade02 is not
> configured. I find decoding output for xblade01 and xblade02 are of
> different STATUS. Is munge related to SSH protocol/configuration?
>
> [EMAIL PROTECTED] i386]# munge -n |ssh xblade01 unmunge
> STATUS: Success (0)
> ENCODE_HOST: xblade08.clusters.com (172.20.3.24)
> ENCODE_TIME: 2008-04-21 22:42:58 (1208788978)
> DECODE_TIME: 2008-04-21 22:42:50 (1208788970)
> TTL: 300
> CIPHER: aes128 (4)
> MAC: sha1 (3)
> ZIP: none (0)
> UID: root (0)
> GID: root (0)
> LENGTH: 0
>
> [EMAIL PROTECTED] i386]# munge -n |ssh xblade02 unmunge
> [EMAIL PROTECTED]'s password:
> STATUS: Rewound credential (16)
> ENCODE_HOST: xblade08.clusters.com (172.20.3.24)
> ENCODE_TIME: 2008-04-21 22:43:35 (1208789015)
> DECODE_TIME: 2008-04-21 18:21:00 (1208773260)
> TTL: 300
> CIPHER: aes128 (4)
> MAC: sha1 (3)
> ZIP: none (0)
> UID: root (0)
> GID: root (0)
> LENGTH: 0
>
> [EMAIL PROTECTED] i386]# ssh xblade01 date
> Mon Apr 21 22:50:23 CST 2008
> [EMAIL PROTECTED] i386]# ssh xblade02 date
> [EMAIL PROTECTED]'s password:
>
> Wen Hao Wang
>
>
> > [EMAIL PROTECTED] (Chris Dunlap)
> > 2008-04-21 12:03
> >
> > To Wen Hao Wang/China/[EMAIL PROTECTED]
> > cc [email protected]
> > Subject Re: [munge-users] Remotely Decode Issue
> >
> > Based on your output, it appears that xblade01 & xblade08 have
> > different munge keys, perhaps having been created by the rpm
> > postinstall script.
> >
> > All of the nodes running munged must have the same munge key
> > (located in /etc/munge/munge.key by default). You'll need to
> > securely propagate this file (eg, via ssh) to each node in the
> > cluster. It should be permissioned 0400 and owned by the user under
> > which munged will run. Afterwards, you'll need to restart munged on
> > all nodes to have it reload its key.
> >
> > -Chris
> >
> >
> > On Mon, 2008-04-21 at 10:53am +0800, Wen Hao Wang wrote:
> > >
> > > Hello all:
> > >
> > > I am new to munge.
> > >
> > > I installed and started munge-0.5.8-1 on two RHEL5.2 Snapshort3
> > > machines. SSH has been configured, no password is needed. I
> > > failed to try remotely decoded example in the guide:
> > >
> > > [EMAIL PROTECTED] ~]# rpm -qa|grep munge
> > > munge-0.5.8-1
> > > munge-libs-0.5.8-1
> > > munge-devel-0.5.8-1
> > > slurm-munge-1.3.0-1
> > > [EMAIL PROTECTED] ~]# ssh xblade01 date
> > > Mon Apr 21 15:26:58 CST 2008
> > > [EMAIL PROTECTED] ~]# munge -n |unmunge
> > > STATUS: Success (0)
> > > ENCODE_HOST: xblade08.clusters.com (172.20.3.24)
> > > ENCODE_TIME: 2008-04-20 16:07:03 (1208678823)
> > > DECODE_TIME: 2008-04-20 16:07:03 (1208678823)
> > > TTL: 300
> > > CIPHER: aes128 (4)
> > > MAC: sha1 (3)
> > > ZIP: none (0)
> > > UID: root (0)
> > > GID: root (0)
> > > LENGTH: 0
> > >
> > > [EMAIL PROTECTED] ~]# munge -n |ssh xblade01 unmunge
> > > unmunge: Error: Invalid credential
> > > [EMAIL PROTECTED] ~]# munge -n |xargs ssh xblade01 unmunge
> > > unmunge: Error: Unrecognized parameter
> > >
"MUNGE:AwQDAAAja15c0heBWaefDkmtmwoTw/QyiPU8fKHHLmMc/KzACN95LYzfakFFT8WfTc4iCXDK1LpmQIXQPWhiDsSGUgQ14AZFxY9r2OIZ4OReKXOd7TTR5nY=:"
> > >
> > > Any comments or advice is welcome. Thanks in advance!
> > >
> > > Wen Hao Wang
<<inline: graycol.gif>>
<<inline: pic15672.gif>>
<<inline: ecblank.gif>>
_______________________________________________ munge-users mailing list [email protected] https://mail.gna.org/listinfo/munge-users
