Hi
couple points:
the WNs may only need to know the CE identity, but the info about the WN
itself, if present, should be correct. we had a couple instances where
for some reason, old ssh keys were hanging around on WNs in
'known_hosts' ... if node16-51 tried to ssh to tbn18 but the pub key of
node16-51 in node16-51's ssh_known_hosts file was out of date, the ssh
would fail.
also as you say more keys are needed if you use ssh to support parallel
jobs.
finally everyone who has been advocating moving back to 'usecp' is
correct, except don't forget that this can put a massive load on your
NFS server as your farm expands.
JT
Steve Traylen wrote:
> On Wed, Mar 23, 2005 at 10:20:34AM +0100 or thereabouts, Andreas Unterkircher wrote:
>
>>I'm having a general question on how yaim configures torque:
>>
>>On the CE (= torque server) edg-pbs-knownhosts & edg-pbs-shostsequiv are
>>executed to add the ssh keys/hostnames of all WNs (= torque clients) and
>>the SE. This is necessary as the WNs need to scp their output back to the
>>CE. But also on the WNs edg-pbs-knownhosts gets executed. I wonder why
>>this is necessary for the WNs. Is it because of Torque or are there other
>>LCG services which need these keys on the WNs ? Also, why has the SE ssh
>>key also to be added ? If one had shared NFS home dirs on the CE/WNs could
>>one abandon all the ssh configuration ? (of course one would have to
>>configure pbs_mom with the correct $usecp directives).
>
>
> The WNs only need to know the CEs identity.
>
> Unless you are using scp as the transport for parallel jobs.
>
> Correct, if use the $usecp, you can abandon the ssh setup
> up completly.
>
> Steve
>
>>Thanks,
>>Andreas
>>
>>
>>--
>>Andreas Unterkircher
>>IT Department
>>CERN
>>CH-1211 Geneva 23
>>http://cern.ch/openlab
>
>
> --
> Steve Traylen
> [log in to unmask]
> http://www.gridpp.ac.uk/
|