Hi,
Last week I wrote a few emails to this list seeking help for problems I was
having on oscar install. I've managed to solve the problems well enough to
get through step 7. My experience could be helpful for others or at least
for the documentation writers.
1. As the oscar-2.1 documentation says (I missed it, but Jeff Squyres set
me straight), mysqld must not have a password set. This creates a security
hole on the server, and I understand that this limitation will be removed
in future versions of oscar. In this case, it was my fault for not reading
the documentation.
2. I was having problems with being unable to ssh into the nodes. It
turns out that, in a moment of security paranoia some weeks earlier which I
had forgotten, I disabled root logins by editing /etc/ssh/sshd-config and
setting PermitRootLogin to no. While this is good security policy on
single machines, it is (in retrospect) obviously bad for
clusters. Without root login, a cluster can't work. It might be worth a
footnote in the oscar documentation about this for the paranoid newbie.
3. If one uses tcp_wrappers (and who doesn't?), then at least during oscar
installation, one must allow the client nodes to run tftp on the
server. The following hosts.allow file will take care of this. It might
be worth noting this fact in the oscar documentation, since the careful
linux manager will by default allow no access to any inet services.
#
# hosts.allow This file describes the names of the hosts which are
# allowed to use the local INET services, as decided
# by the '/usr/sbin/tcpd' server.
#
# allow NFS service to oscardomain only
portmap: .oscardomain
rpc.mountd: .oscardomain
# allow ssh logins from anywhere
sshd: ALL
#temporary, for initial cluster setup
in.tftpd: .oscardomain
-----------------------------------------------------------------------------------------------------------------------
Now, a question. Are there any other lines that one should have in
hosts.allow? Since I was unable to get successful completion of the PBS
tests in oscarinstall step 8, and I couldn't get ganglia to work right, I
suspect that I'm missing something. In particular, when I tried to install
ganglia, it gave error messages like these in /var/log/messages:
Jan 8 10:23:00 antares /usr/sbin/gmond[1260]: server_thread() Host 18.75.1.148
tried to connect and was refused
Jan 11 15:33:18 antares /usr/sbin/gmond[8551]: mcast_thread() error
multicasting
Any ideas?
Thanks,
Ed
-------------------------------------------------------
This SF.NET email is sponsored by: FREE SSL Guide from Thawte
are you planning your Web Server Security? Click here to get a FREE
Thawte SSL guide and find the answers to all your SSL security issues.
http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0026en
_______________________________________________
Oscar-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/oscar-users
- Re: [Oscar-users] Security issues on oscar install and... Edmund Bertschinger
