[Rocks-Discuss] iptables issues
xavier
using Rocks 5.2, /home/users are no more exported to the node when
firewall is on, while its perfectly working when firewall is off.
configuring ssh key, we can now ssh the node with no passwd, but sge do
not work.
Any one got this problem and know how to comfigure firewall?
firewall enable: ssh,nfs4,https,ftp
Cheers
Xavier
Mason J. Katz
incorrect set of firewall rules for your clusters. You can return to
the rules that Rocks installed by doing the following:
# cd /etc/sysconfig
# co iptables
# /etc/rc.d/init/iptables restart
Since the frontend has both a public and private network, altering the
iptables rules is tricky. But the default Rules block everything but
SSH into the frontend and are secure by default. Stick with with
Rocks put there.
mason katz
+1.240.724.6825
xavier
the gui to add nfs permissions.
But now we cannot connect to ganglia from outside...
cheers, Thanks!
Xavier
Mason J. Katz a écrit :
Bart Brashers
...
# Preamble
-A FORWARD -i eth1 -o eth0 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i eth0 -j ACCEPT
-A INPUT -i eth0 -j ACCEPT
-A INPUT -i lo -j ACCEPT
# Samba
-A INPUT -p tcp -m tcp --dport 137 --syn -j ACCEPT
-A INPUT -p udp -m udp --dport 137 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 138 --syn -j ACCEPT
-A INPUT -p udp -m udp --dport 138 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 139 --syn -j ACCEPT
-A INPUT -p udp -m udp --dport 139 -j ACCEPT
# Allow these ports
-A INPUT -m state --state NEW -p tcp --dport ssh -j ACCEPT
# Uncomment the lines below to activate web access to the cluster.
-A INPUT -m state --state NEW -p tcp --dport https -j ACCEPT
-A INPUT -m state --state NEW -p tcp --dport www -j ACCEPT
# Standard rules
-A INPUT -p icmp --icmp-type any -j ACCEPT
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# Uncomment the line below to log incoming packets.
#-A INPUT -j LOG --log-prefix "Unknown packet:"
...
In general, you should stay away from using GUIs to configure your system. They often do stuff they don't tell you about, and break your cluster.
Bart
This message contains information that may be confidential, privileged or otherwise protected by law from disclosure. It is intended for the exclusive use of the Addressee(s). Unless you are the addressee or authorized agent of the addressee, you may not review, copy, distribute or disclose to anyone the message or any information contained within. If you have received this message in error, please contact the sender by electronic reply to em...@environcorp.com and immediately delete all copies of the message.
Henry Zhang
Hi there,
Could someone please give me some advice regarding how to install JDK on Rocks Clusters or
share your successful installation stories?
I tried to download rpm package from Sun Java, and the installation always got stuck at the license page after I typing "yes" to agree to their license agreement.
thanks
Henry
__________________________________________________________________
Ask a question on any topic and get answers from real people. Go to Yahoo! Answers and share what you know at http://ca.answers.yahoo.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.sdsc.edu/pipermail/npaci-rocks-discussion/attachments/20091014/c29d46a5/attachment.html
Ian Kaufman
Are you doing it as root? Are you sure the download is not corrupted?
And, there is a flag to the script that allows you to extract just the RPM
and
not try to extract and install it. I would try that as well:
./jdk-6u15-linux-i586-rpm.bin -x
Ian
--
Ian Kaufman
Research Systems Administrator
UC San Diego, Jacobs School of Engineering ikaufman AT ucsd DOT edu
-------------- next part --------------
An HTML attachment was scrubbed...
Anoop Rajendra
-a
On Wed, Oct 14, 2009 at 10:40 AM, Henry Zhang <henry....@yahoo.ca> wrote:
>
Henry Zhang
Thanks for the reply, Anoop.
Yes I was installing it as a root. It just stuck at lience agreement page if I typed "yes".
However, If I typed "no", it was not stuck, but bailed me out.(which is expected)
regards
henry
--- On Wed, 10/14/09, Anoop Rajendra <anoop.r...@gmail.com> wrote:
-a
__________________________________________________________________
Looking for the perfect gift? Give the gift of Flickr!
-------------- next part --------------
An HTML attachment was scrubbed...
Henry Zhang
Hi Ian,
thanks for the reply. I was installing it as root.
Just stuck after I type "yes" to the license agreement
regards
Henry
--- On Wed, 10/14/09, Ian Kaufman <ikau...@soe.ucsd.edu> wrote:
From: Ian Kaufman <ikau...@soe.ucsd.edu>
Subject: Re: [Rocks-Discuss] Installation of JDK 1.6 on Rocks Clusters 5.1
To: "Discussion of Rocks Clusters" <npaci-rocks...@sdsc.edu>
Received: Wednesday, October 14, 2009, 2:13 PM
Hi Henry,
./jdk-6u15-linux-i586-rpm.bin -x
Ian
__________________________________________________________________
Reclaim your name @ymail.com or @rocketmail.com. Get your new email address now! Go to http://ca.promos.yahoo.com/jacko/
-------------- next part --------------
An HTML attachment was scrubbed...
Ian Kaufman
checksums.
Also, do you have enough space on the drive/partition where you have
downloaded the
JDK file to actually extract the RPM? Are the permissions correct (even if
root, if it is
a NFS partition, you may not be able to)?
Ian
xavier
After noticing than sge (at least qstat and qsub) where not stable, Ie
after a while (from few min to few hours ), sge_qmaster deamon go down
and need to be restarted:
/etc/init.d/sgemaster.nautilus start
So following you instruction i opened the 536 port (used by sge to
communicate with qmaster)
# Sge
-A INPUT -p tcp -m tcp --dport 536 --syn -j ACCEPT
-A INPUT -p udp -m udp --dport 536 -j ACCEPT
Teh if i a ask fot iptables status i get the Following:
/sbin/service ipatbles status
Table: filter
Chain INPUT (policy ACCEPT)
num target prot opt source destination
1 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
2 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
3 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
dpt:536 flags:0x17/0x02
4 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp
dpt:536
...............
.............
.............;
...........
BUT...........because there is always a But...
did not solve the issue and sge_qmaster continue to die....
[xavier@nautilus ~]$ qstat
error: commlib error: got select error (Connection refused)
error: unable to send message to qmaster using port 536 on host
"nautilus.ciimar.up.pt": got send error
and about same errot with qsub
Thanks in advance
Xavier
Bart Brashers a écrit :
Mason J. Katz
only over the cluster private network which does not run any firewall.
Opening port 536 in your firewall allows machines outside of your
cluster to talk with SGE, which is not what you want.
How does SGE fail for you. It sounds like it was working fine but the
qmaster keeps crashing? How is your SGE deployment different from the
default installed from the SGE Roll? Did you add extra queues, or
change any networking on the frontend?
mason katz
+1.240.724.6825
xavier
no i feel like i change nothing, no had addes queue and made no change,
but qmaster still go down
xavier
Using ROCKS 5.2 we had some issues with firewall, now solved coming back
to the initial iptables...
But since that qmaster deamond die very often (works for few min and
sometimes few hours....)
So we have to retstart it each time we want to submit or kill a job.....
Any one now what can happens?
Thanks
Xavier C.
xavier
Using ROCKS 5.2 we had some issues with firewall, now solved coming back
to the initial iptables...
But since that qmaster deamond die very often (works for few min and
sometimes few hours....)
So we have to retstart it each time we want to submit or kill a job.....
Any one now what can happens?
Thanks
Xavier C.
Mason J. Katz a écrit :