Greetings
I have installed the qlustar on a small cluster with one head node and 15 compute nodes. I managed to add all nodes to the cluster and configure slurm on the cluster via QluMan. As the last step to make the cluster available to users, I started creating new groups and users with QluMan. after creating new users and syncing I tried to connect with users to the head node by ssh. However, all the users that I create can not connect to the head node because it says the user does not have premission. I also chose to create a virtual demo cluster during the installation and the demo user which is created during the installation also does not have permission to ssh login to the head node.
I checked on the head node and all user's home directory is created in the /data/home/ directory but they can not connect to the cluster.
I would be so thankful if you guide me on how should I resolve this issue or where in the qlustar config files should I look for the source of the problem.
PS, this cluster was already using an older version of the qlustar from 6 years ago and we just updated it to the latest qlustar 12.
Thanks in advance for your assistance.
Saeed
Hi Saeed,
I would be so thankful if you guide me on how should I resolve this issue or where in the qlustar config files should I look for the source of the problem.
take a look at /etc/ssh/sshd_config: does it contain a line starting with AllowUsers? If so, only users listed there can connect.
On our cluster, only root is allowed on the head node, and I wouldn't want any other users there. Instead, we have a few login nodes for that purpose. But maybe on smaller clusters where setting aside a box just for logins is more expensive (relattively speaking), allowing users on the head node might be more attractive.
A.
"S" == saeed s jahromi saeed.s.jahromi@gmail.com writes:
Hi Saeed,
please read the installation guide https://docs.qlustar.com/Qlustar/12.0/ClusterOS/installation-guide.html Point "9. Additional Settings"
Other than for system stability/security reason, another important argument for an FE node (virtual or physical) is that only then you are guaranteed that users see the same software environment on the machine where they access the cluster (FE node) and on the compute nodes where jobs are run.
To sum it up: Giving users access to the head-node directly is a pretty bad idea.
Best,
Roland
S> However, all the users that I create can not connect to S> the head node because it says the user does not have S> premission. I also chose to create a virtual demo cluster during S> the installation and the demo user which is created during the S> installation also does not have permission to ssh login to the S> head node.
Thanks, Roland for your answer.
I already created a demo virtual cluster at installation time. can I still make it a front-end node now or do I have to reinstall the qlustar from scratch?
Another question: although as you suggested, it is not recommended to give users direct access to the head node, now that I did not setup a FE node, how can I give them access to the head node? Which setting should I enable in the sshd_config or elsewhere to give access to the users to login on the front-end?
Best,
Saeed
In the last response, I mean giving direct access to the head-node. I mistakenly wrote front-node.
"S" == saeed s jahromi saeed.s.jahromi@gmail.com writes:
Hi Saeed,
S> Thanks, Roland for your answer. I already created a demo virtual S> cluster at installation time. can I still make it a front-end S> node now or do I have to reinstall the qlustar from scratch?
in principle you could. But since there a number of manual steps involved that have the potential for errors, it is probably the simplest to install from scratch.
S> Another question: although as you suggested, it is not S> recommended to give users direct access to the head node, now S> that I did not setup a FE node, how can I give them access to the S> head node? Which setting should I enable in the sshd_config or S> elsewhere to give access to the users to login on the front-end?
It is the setting Ansgar mentioned. But you won't do yourself a favor if you opt for this.
Best,
Roland
-
Ansgar Esztermann-Kirchner -
Roland Fehrenbacher -
saeed.s.jahromi@gmail.com