[gridengine dev] [DRAFT PATCH] Enhancement: exempt certain programs from execd control
Reuti
reuti at staff.uni-marburg.de
Tue Nov 15 15:17:23 UTC 2011
Am 15.11.2011 um 15:53 schrieb Mark Dixon:
> On Tue, 15 Nov 2011, Reuti wrote:
> ...
>>> If there is still a big need for user defined commands/daemons, it does sound like a gain to make these configurable at the exechost level.
>>
>> This is what is available right now.
>
> Excellent, I've never done that before: presumably execd_params can be overwritten in this way?
Yep. See "man sge_conf".
>>> I'm not sure how much of a gain it would be to configure it at the queue level as well - if you have something that works for all of the situations you care about on a specific host, isn't that enough?
>>
>> You could use -builtin- for normal parallel jobs, avoiding any SSH overhead. But you can have a special queue where you use SSH by intention with X11 forwarding.
>
> Ah, I see (you've made me remember the bad old days on the old cluster, with memories of ssh chewing CPU on the compute nodes...).
>
> Changing the default ssh cipher can reduce that overhead, but I guess it's always there.
>
>
> ...
>>> However, I still don't understand why some sites don't use the builtin protocol: doesn't setting "X11UseLocalhost no" in the submit host sshd config (and then
>>
>> The submit host's sshd shouldn't be used I think. I mean, this is the machine where you issue "ssh" by hand or by SGE to connect to any other "sshd" inside the cluster.
>>
>>> relying on GE copying the DISPLAY variable to the job) fix X11 forwarding? Are there many sites where this is a big no-no?
>>
>> If I set this I can't use any X11 application at all. Was there anything else necessary?
> ...
>
> It all hinges on the sshd on the submit host. If you have set "X11UseLocalhost no", restart sshd and then login, sshd will bind your session's X11 forwarding port to the wildcard address (instead of just the loopback).
>
> The upshot is that your DISPLAY will contain something like "real.host.name.com:10.0" instead of "localhost:10.0".
>
> Using the "-V" flag to qsub/qrsh means that this DISPLAY variable is copied to your processes on the compute nodes and is usable (assuming a lenient firewall policy internal to your cluster).
But then you have to issue "xhost +" I assume.
-- Reuti
More information about the dev
mailing list