Print

Print


Hi Matthieu and Yvan,

Thanks for these informations.

So in my understanding:
- Qserv dev team members can connect from SLAC to ccage.in2p3 using 
their in2p3 account.
   (please note that, if you find it more convenient, direct ssh access 
from SLAC to qserv build nodes can be replaced with ssh forwarding 
through ccage)
- qserv account (with ssh key) will be used to log on all Qserv nodes on 
the private subnetwork. Qserv will be installed automatically on these 
nodes using puppet.
- all Qserv cluster users first must authenticate with their in2p3 
account before being logged on the Qserv private subnetwork.
   qserv account (with ssh key) can't be used to log on from outside in2p3:

The above is ok for us.

I have a few questions:
- assuming Qserv team authenticate to the Qserv build nodes with in2p3 
accounts, will it be possible to use "sudo -u qserv" on these nodes?
- can we also run Qserv daemon on the build nodes? May we use them as 
master nodes? It would be a pity to use such powerful machine only for 
build process, which is resource consuming but short.
- if yes, would it be possible to let all ports open between build nodes 
and the Qserv private subnetwork?

If you answer positively to these questions, why not putting Qserv build 
nodes also in the Qserv private subnetwork? It may be simpler?


About /sps access:
For now the data-loading procedure should rely on ssh, so if the build 
nodes have access to /sps and to Qserv private subnetwork, we should be 
able to make it work.
Would it also be possible to be able to use one of the Qserv build node 
as an NFS server, accessible from all Qserv nodes?

If needed, can we have a short meeting this week in order to clarify the 
Qserv cluster set up? I can be available easily Tuesday and Friday at 
16pm (France time).

Cheers,

Fabrice

On 01/26/2015 06:55 AM, Yvan Calas wrote:
>> On 23 Jan 2015, at 19:53, Fabrice Jammes<[log in to unmask]>  wrote:
>>
>> Direct ssh, , key authentication based, access from ccage to the 25 machines would be the simpler option.
>>
>> If not possible, I think that having ssh access, using ssh key authentication, from ccage to the 3 build nodes is enough.
>> And then we would need to have ssh access from the 3 build nodes to the other 23 machines, using ssh key authentication,
> We plan to put the qserv nodes on a private subnetwork. Those nodes will be accessible from ccage.in2p3.fr and build nodes (ccqserv00[4-6].in2p3.fr) using SSH key authentication for user qserv (see pdf file in attachment). Is it ok for you?
>
> One question however: how do you plan to populate the MySQL servers on the cluster? Do you need to have SPS configured on one of the 25 nodes (the qserv master node)?
>
> Moreover, please let me know if we must reinstall the build nodes with SL7, and when it can be done.
>
> Thanks,
>
> Yvan
>
>
>
> ---
> Yvan Calas
> CC-IN2P3 -- Storage Group
> 21 Avenue Pierre de Coubertin
> CS70202
> F-69627 Villeurbanne Cedex
> Tel: +33 4 72 69 41 73
>


########################################################################
Use REPLY-ALL to reply to list

To unsubscribe from the QSERV-L list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=QSERV-L&A=1