Print

Print
Hi,

Here's an answer proposal to in2p3 sysadmin. Could you please help me to finalize it?

Cheers,

Fabrice


-------- Forwarded Message --------
Subject: Re: [QSERV-L] Requirements
Date: Mon, 26 Jan 2015 11:07:23 -0800
From: Fabrice Jammes <[log in to unmask]>
To: Yvan Calas <[log in to unmask]>, Mattieu Puel <[log in to unmask]>
CC: [log in to unmask] <[log in to unmask]>, qserv-l <[log in to unmask]>, Benoit Delaunay <[log in to unmask]>


Hi Matthieu and Yvan,

Thanks for these informations.

So in my understanding:
- Qserv dev team members can connect from SLAC to ccage.in2p3 using their in2p3 account.
  (please note that, if you find it more convenient, direct ssh access from SLAC to qserv build nodes can be replaced with ssh forwarding through ccage)
- qserv ssh key will be used to log to all Qserv nodes on the private subnetwork. Qserv will be installed automatically on these nodes using puppet.
- qserv ssh key can't be used from outside in2p3:
  all Qserv clusters users first must authenticate with their in2p3 account before being logged on the Qserv private subnetwork.

This is ok.

I have a few questions:
- assuming we authenticate to the Qserv build nodes with our in2p3 accounts, will it be possible to use "sudo -u qserv" account on these nodes?
- can we also run Qserv daemon on the build nodes? We may use them as master nodes.
- if yes, would it be possible to let all ports open between build nodes and the Qserv private subnetwork?

For now the data-loading procedure should rely on ssh, so if the build nodes have access to /sps and to Qserv private subnetwork, we should be able to make it work.

Would it be possible to be able to use one of the Qserv build node as an NFS server, accessible from all Qserv nodes.

If needed, can we have a short meeting this week in order to clarify the Qserv cluster set up?

Cheers,

Fabrice

On 01/26/2015 06:55 AM, Yvan Calas wrote:
[log in to unmask]" type="cite"> 
On 23 Jan 2015, at 19:53, Fabrice Jammes <[log in to unmask]> wrote:

Direct ssh, , key authentication based, access from ccage to the 25 machines would be the simpler option.

If not possible, I think that having ssh access, using ssh key authentication, from ccage to the 3 build nodes is enough.
And then we would need to have ssh access from the 3 build nodes to the other 23 machines, using ssh key authentication,

We plan to put the qserv nodes on a private subnetwork. Those nodes will be accessible from ccage.in2p3.fr and build nodes (ccqserv00[4-6].in2p3.fr) using SSH key authentication for user qserv (see pdf file in attachment). Is it ok for you? 

One question however: how do you plan to populate the MySQL servers on the cluster? Do you need to have SPS configured on one of the 25 nodes (the qserv master node)?

Moreover, please let me know if we must reinstall the build nodes with SL7, and when it can be done.

Thanks,

Yvan




---
Yvan Calas
CC-IN2P3 -- Storage Group
21 Avenue Pierre de Coubertin
CS70202
F-69627 Villeurbanne Cedex
Tel: +33 4 72 69 41 73




Use REPLY-ALL to reply to list

To unsubscribe from the QSERV-L list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=QSERV-L&A=1