Re: mpich and iptables firewall?
- From: Reuti <reuti@xxxxxxxx>
- Date: Wed, 12 Jul 2006 16:37:13 +0200
Hi,
In article <op.tckvy2rkz4pjzz@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>, Georg
Bisseling <spam@xxxxxxxxxxxx> wrote:
Hi Astrid,
if I interpret the firewall config correctly, then you allow ssh
between the nodes which is enough for MPI to be able to start processes
on the nodes.
After that your MPI implementation will use some mechanism to
establish TCP connections between all pairs of processes that will
be used to transmit the actual messages.
You will have to add something like
ACCEPT tcp -- 123.45.67.0/24 anywhere tcp
to the INPUT list to allow all traffic between the nodes.
BTW: to me it seems a very weird setup to have a firewall running
on the cluster nodes. It would be more wise to have one headnode
with (at least) two NICs as a gateway/firewall between the cluster
and the rest of the world.
I completely agree with this! In addition (depending on your setup),
running a parallel program in the cluster will just talk between the
nodes, and not to the headnode with its two network cards.
Are you planning in using any queuing system for batch processing?
Using SGE (SUN Gridengine) you could disable rsh and ssh completely
between the nodes (if you are concerned about it [or limit ssh to the
admin staff]), as SGE will use its private rshd for each job.
Furthermore you can get a Tight Integration, where all slave processes
are under the control of SGE, and you won't get any leftover processes
or files on the cluster nodes.
-- Reuti
http://gridengine.sunsource.net/
The firewall software on the cluster nodes will degrade perfomance,.
especially latency and it will of course consume processing power.
And that without any use, I am afraid.
Regards
Georg
On Mon, 10 Jul 2006 15:36:18 +0200, Astrid Kuhr <a_kuhr@xxxxxx> wrote:
Hello!
I am using mpich1 on a cluster under Suse Linux 10.0.
It is compiled with rshcommand=/usr/bin/ssh.
ssh is working corretcly on the cluster without
asking for passwords.
tstmachines -v is running ok on the whole cluster.
But when I start an application with
mpirun -np 5 myapp
then it died with timeout.
A firewall is set with iptables.
An extract von iptables -L is this:
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- loopback/24 anywhere
ACCEPT all -- anywhere anywhere state
RELATED,ESTABLISHED
ACCEPT icmp -- 123.45.0.0/16 anywhere
ACCEPT tcp -- 123.45.0.0/16 anywhere tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain logging (1 references)
target prot opt source destination
LOG tcp -- !123.45.0.0/16 anywhere tcp dpt:ssh
LOG
level warning prefix `ssh>>>'
DROP all -- anywhere anywhere
All PCs, in the cluster are in the IPrange
123.45.xxx.xxx (in range 123.45.67.xxx too).
If I stop all iptables firewalls it is working.
But how cann I get it work with started iptables-firewall?
ssh can pass the firewall, and tstmaschines goes ok too, so
I dont understand, why mpirun is not working?
What I have to change to get it work?
Regards, Astrid
- References:
- mpich and iptables firewall?
- From: Astrid Kuhr
- Re: mpich and iptables firewall?
- From: Georg Bisseling
- mpich and iptables firewall?
- Prev by Date: MPI related Intership at Intel GmbH Bruehl
- Next by Date: How to build a cluster out of two individual SMPs?
- Previous by thread: Re: mpich and iptables firewall?
- Next by thread: Makefile for MPICH2
- Index(es):
Relevant Pages
|
