Beowulf cluster computing ()

Chris Samuel | 1 Aug 2008 07:26

Re: Linux cluster authenticating against multiple Active Directory domains

----- "Chris Samuel" <csamuel <at> vpac.org> wrote:

> We are helping a Uni set up a Linux cluster (CentOS 5
> based) and we've found out that they have two separate
> Active Directory instances, one for staff and one for
> students.

Thanks to *everyone* who responded, very kind of you
all to take the time!

We will look into the various suggestions, but the
major issue we've just found out about is that they
use the same algorithm to create usernames in both
AD systems, and so all you need are a staff member
and a student with the same name and you have a
collision.

My gut feeling is that this pretty much rules out
using their AD system, but I'd love some more sage
advice about whether any of the systems are able to
cope with that situation ?

I'll reply to a couple of the points that people
have brought up separately, but I did want to thank
everyone first so those I don't reply to don't feel
I'm ignoring them! 

cheers,
Chris

(Continue reading)

Chris Samuel | 1 Aug 2008 07:28

Re: Linux cluster authenticating against multiple Active Directory domains

----- "Huw Lynes" <lynesh <at> cardiff.ac.uk> wrote:

Bore da Huw,

> Funnily enough we used to do something similar here. Falling through
> from the main campus LDAP (on an e-directory cluster) to the LDAP in
> Computer Science.

Do you have clashes in user names between the two LDAPs ?  If
so, how do you deal with that ?

> It required some patches to nss_ldap to make it work properly and the
> pam config was a little bit tricky, but it did work. 

Yeah, we'd looked at some of the NSS stuff and realised it
would need patching.. 

> I still have that config up and running on some of my older
> machines so I can hunt down the config and patches if it
> would be useful.

That would be awesome, if nothing else it would tell
us how feasible it's going to be for this system!

Diolch yn fawr,
Chris
--

-- 
Christopher Samuel - (03) 9925 4751 - Systems Manager
 The Victorian Partnership for Advanced Computing

(Continue reading)

Chris Samuel | 1 Aug 2008 07:37

Re: Re: Linux cluster authenticating against multiple Active Directory domains

----- "Dave Love" <d.love <at> liverpool.ac.uk> wrote:

> Having completely separate ADs for staff and students seems odd... 

Yeah, I think they're wishing they'd not done that now.. 

> Why doesn't it work to have two `sufficient' cases
> of pam_ldap with different `config' args pointing
> to different servers?

My information is that it's NSS that's more the problem
here rather than PAm, because of the assumptions it makes.

> However, LDAP isn't an authentication protocol.  Use
> Kerberos for authentication.

We'd prefer to steer clear of Kerberos, it introduces
arbitrary job limitations through ticket lives that
are not tolerable for HPC work.

Say you submit a job that is in the queue for a week
and then will run for 3 months - we don't know if the
AD admins will permit the creation of a 4 month ticket
"just in case"..

There's also the fact that Torque doesn't have GSSAPI
support in the mainline versions yet and what I hear
about the GSSAPI branch implies that it is just for
testing and development at present.

(Continue reading)

Chris Samuel | 1 Aug 2008 07:39

Re: Re: Linux cluster authenticating against multiple Active Directory domains


----- "Dave Love" <d.love <at> liverpool.ac.uk> wrote:

> Geoff Jacobs <gdjacobs <at> gmail.com> writes:
> 
> > Apparently it's GPL, so legal compatibility shouldn't
> be an issue.
> 
> That's actually an odd choice for (presumably) PAM and
> NSS modules which you expect to be dynamically linked
> into programs with non-GPL-compatible licences.

I dunno, you can hardly say that a program that
uses PAM is a derivative work of a GPL'd module
when it will work perfectly well with any old
module.

Of course a BSD licensed one would be ideal, but
not in their businesses interest I suspect. 

cheers,
Chris
--

-- 
Christopher Samuel - (03) 9925 4751 - Systems Manager
 The Victorian Partnership for Advanced Computing
 P.O. Box 201, Carlton South, VIC 3053, Australia
VPAC is a not-for-profit Registered Research Agency

Chris Samuel | 1 Aug 2008 07:41

Re: Re: Building new cluster - estimate (Ivan Oleynik)


----- "Maurice Hilarius" <maurice <at> harddata.com> wrote:

> No matter what anyone says, your codes are all that
> really count.

Indeed!

> BTW< where a lot of people are jumping on the "Get IPMI "
> bandwagon, I suggest getting PDUs with remote IP controlled
> ports is more useful.

Well, it depends on what you're trying to do, if it's get
the system and CPU temperatures then a PDU isn't much cop.. :)

> I have seen too many cases where IPMI jams up.

Yeah, same here.  

--

-- 
Christopher Samuel - (03) 9925 4751 - Systems Manager
 The Victorian Partnership for Advanced Computing
 P.O. Box 201, Carlton South, VIC 3053, Australia
VPAC is a not-for-profit Registered Research Agency

Chris Samuel | 1 Aug 2008 08:07

Re: Re: Building new cluster - estimate (Ivan Oleynik)


----- "Bill Broadley" <bill <at> cse.ucdavis.edu> wrote:

> True, but then again lm_sensors can collects fans speeds and
> temperatures.

Indeed, but getting it working and calibrated can be,
umm, interesting..

--

-- 
Christopher Samuel - (03) 9925 4751 - Systems Manager
 The Victorian Partnership for Advanced Computing
 P.O. Box 201, Carlton South, VIC 3053, Australia
VPAC is a not-for-profit Registered Research Agency

Bill Broadley | 1 Aug 2008 08:07

Picon

Re: Re: Building new cluster - estimate (Ivan Oleynik)

Chris Samuel wrote:
> ----- "Maurice Hilarius" <maurice <at> harddata.com> wrote:
> 
>> No matter what anyone says, your codes are all that
>> really count.
> 
> Indeed!
> 
>> BTW< where a lot of people are jumping on the "Get IPMI "
>> bandwagon, I suggest getting PDUs with remote IP controlled
>> ports is more useful.
> 
> Well, it depends on what you're trying to do, if it's get
> the system and CPU temperatures then a PDU isn't much cop.. :)
> 

True, but then again lm_sensors can collects fans speeds and temperatures.

>> I have seen too many cases where IPMI jams up.
> 
> Yeah, same here.  
>

John Hearns | 1 Aug 2008 09:28

Re: Re: Linux cluster authenticating against multiple Active Directory domains

On Fri, 2008-08-01 at 15:37 +1000, Chris Samuel wrote:

> We'd prefer to steer clear of Kerberos, it introduces
> arbitrary job limitations through ticket lives that
> are not tolerable for HPC work.
> 
Kerberos is heavily used at CERN. They have a solution for that issue -
the job can ask for an extension to the tickets.
Sorry, I don't have a reference handy but its worth documenting this for
the list.

Mark Hahn | 1 Aug 2008 16:06

Picon

Picon

Re: Re: Building new cluster - estimate (Ivan Oleynik)

> BTW< where a lot of people are jumping on the "Get IPMI " bandwagon, I 
> suggest getting PDUs with remote IP controlled ports is more useful.

the thing I don't like about controlled PDUs is that they're pretty
harsh - don't you expect a higher failure rate of node PSUs if you 
go yanking the power this way?

I have only seen a handful of different IPMI interfaces, but they all
were reasonably reliable.

> If you set your machines BIOS to start on power up, it is trivial to stop and 
> start machines with the PD U power, and that is definitely reliable.

huh?  we're talking about network-attached IPMI, which is fully independent
of the controlled motherboard's bios.  are you talking about those hybrid 
systems where the IPMI controller shares an ethernet port with the host?
or IPMI through a kernel driver?

> Plus , with a lot of those PDUs you can add thermal sensors and trigger power 
> off on high temperature conditions.

IPMI normally provides all the motherboard's sensors as well.  it seems 
like those are far more relevant than the temp of the PDU...

using lm_sensors is a poor substitute for IPMI.

David Mathog | 1 Aug 2008 18:11

Picon

Re: reboot without passing through BIOS?

Kilian CAVALOTTI <kilian <at> stanford.edu> wrote:
> I may be totally missing the point, but doesn't the memory need to be 
> physically (as in electrically) reset in order to clean out those bad 
> bits? And doesn't this require a hard reboot, for the machine to be 
> power cycled, so that memory cells are reinitialized? 

The type of errors I am talking about are random bit flips, for
instance, from ambient radiation.  When the OS reboots it will overwrite
memory and so remove those errors.  The affected cells were not damaged,
just in the wrong state.  This should work so long as none of the
damaged bits prevent kexec from doing its job.  Presumably the OS will
also reinitialize all memory structures stored elsewhere in hardware (as
in storage controllers and NICs) since it should not trust the BIOS to
have done this.

Regards,

David Mathog
mathog <at> caltech.edu
Manager, Sequence Analysis Facility, Biology Division, Caltech

Group

gmane.comp.clustering.beowulf.general.

Project Web Page

Beowulf cluster computing ()

Search Archive

Page

1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 41

Articles in period: 408

August 2008

Language

Change language

Options

Current view: Threads only / Showing only 20 lines / Not hiding cited text.
Change to All messages, whole messages, or hide cited text.

Post a message
NNTP Newsgroup
Classic Gmane web interface
XML

XML

RSS Feed
List Information

About Gmane

Recent entries

Borrowing / Renting some machines in Austin, Texas (25 May 2013)
Another Pi cluster (20 May 2013)
[hpc-announce] PSTI'13 Deadline Extension - Workshop on Parallel Softw (14 May 2013)
/. Swedish data center saves $1 million a year using seawater for cool (17 May 2013)
[hpc-announce] EURO-PAR 2013 WORKSHOPS: SECOND JOINT CALL FOR PAPERS (8 May 2013)
Call for Participation: HPDC 2013 (15 May 2013)
Register article on AMD OCP motherboards (15 May 2013)
Pony: not yours. (15 May 2013)
Clusters & HPC at ISEF (15 May 2013)
Linux quality vs. defects (13 May 2013)
[hpc-announce] Call for Papers : HiPC 2013 - 20th IEEE International C (6 May 2013)
why we need cheap, open learning clusters (12 May 2013)
failing forward and learning (12 May 2013)
HUCAA'13 Deadline Extension - Workshop on Heterogeneous and Unconventi (9 May 2013)
[hpc-announce] SC13 Regular, Electronic, and Education Posters - Call (4 May 2013)
Contemporary HPC Book (7 May 2013)
Water cooling (7 May 2013)
just an idea (7 May 2013)
Diskless Phi node installs? (7 May 2013)
CfP: 6th Workshop on Productivity and Performance (PROPER) (6 May 2013)
Diskless Phi node installs? (6 May 2013)

Archives

179	May 2013
303	April 2013
196	March 2013
113	February 2013
115	January 2013
79	December 2012
356	November 2012
136	October 2012
389	September 2012
102	August 2012
2	July 2012
95	June 2012
7	May 2012
29	April 2012
67	March 2012
98	February 2012
184	January 2012
52	December 2011
69	November 2011
88	October 2011
31	September 2011
69	August 2011
56	July 2011
45	June 2011
35	May 2011
82	April 2011
35	March 2011
145	February 2011
37	January 2011
18	December 2010
33	November 2010
158	October 2010
69	September 2010
47	August 2010
150	July 2010
94	June 2010
67	May 2010
131	April 2010
127	March 2010
220	February 2010
152	January 2010
201	December 2009
139	November 2009
291	October 2009
270	September 2009
204	August 2009
89	July 2009
187	June 2009
234	May 2009
631	April 2009
163	March 2009
288	February 2009
230	January 2009
381	December 2008
140	November 2008
341	October 2008
452	September 2008
408	August 2008
591	July 2008
462	June 2008
291	May 2008
236	April 2008
157	March 2008
245	February 2008
120	January 2008
239	December 2007
409	November 2007
370	October 2007
225	September 2007
213	August 2007
293	July 2007
161	June 2007
210	May 2007
443	April 2007
398	March 2007
179	February 2007
190	January 2007
201	December 2006
166	November 2006
129	October 2006
318	September 2006
232	August 2006
100	July 2006
288	June 2006
287	May 2006
100	April 2006
267	March 2006
220	February 2006
14700	January 2006

Design

Zawodny | Right Menu | Left Menu

Your Own Design

Paste the URL of your CSS below. Download CSS template