external user slurm login node access
82 views
Skip to first unread message
Sorin Draga
Mar 18, 2024, 3:40:54 AM3/18/24
to google-cloud-slurm-discuss
Hello everyone,
I would appreciate your advice on a more (apparently) trivial matter:
I
am deploying a cluster via hpc-toolkit and would like to give a certain
external user access to the login node VM. I have tested this
previously with a single VM and accessing it via ssh worked
wonderfully (after adding the user's public ssh key). I would appreciate your advice on a more (apparently) trivial matter:
However, when attempting this with the login VM, things do not go smoothly:
Things that I have tried after the first ssh login attempt failed (on port 22), in
brief, are: I assigned an external IP to the login node, enabled both http
and https traffic (and asked the user to attempt ssh access on ports 80
and 443). Also assigned a compute network user role through IAM
(console).
On port 22 the user gets a Operation timed out error
On ports 80 and 443: Connection refused
Am
I missing something trivial here? Is there a simple (or not so simple)
way to grant an external user access to a deployed cluster (also keeping
in mind safety considerations?)
Thank you for your help!
Alex Chekholko
Mar 18, 2024, 1:14:10 PM3/18/24
to Sorin Draga, google-cloud-slurm-discuss
IIRC the default config only allows SSH via IAP tunnel, so you would also need to allow inbound port 22 in the GCP firewall rules.
--
You received this message because you are subscribed to the Google Groups "google-cloud-slurm-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-cloud-slurm-...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-cloud-slurm-discuss/072e4cdd-0f58-4c4e-aa60-802057272371n%40googlegroups.com.
Sorin Draga
Mar 20, 2024, 5:12:35 AM3/20/24
to Alex Chekholko, google-cloud-slurm-discuss
Hi Alex,
Thank you for the suggestion, I added a specific firewall rule (via console, under VPC firewall rules) for port 22 but the problem persists. Here is the command line version, perhaps I am missing something: gcloud compute --project=my-project-123456 firewall-rules create demo2-login-001 --direction=INGRESS --priority=1000 --network=default --action=ALLOW --rules=tcp:22 --source-ranges=0.0.0.0/0 --target-tags=demo2-login-001
Would greatly appreciate any help 🙂
Alex Chekholko
Mar 20, 2024, 11:51:53 AM3/20/24
to Sorin Draga, google-cloud-slurm-discuss
Hi Sorin,
If you think network connectivity is not an issue and you can connect via SSH but can't log in, then maybe you can examine the auth logs on the instance.
IIRC the default cluster configuration uses "Compute OS Login" which does a bunch of Google SSH automagic underneath and makes it easy to log in with a Google Account.
But it should still be possible to provision a regular user with regular SSH keys.
Regards,
Alex
Reply all
Reply to author
Forward
0 new messages