-------- Forwarded Message --------
Hi Matthieu and Yvan,
Thanks for these informations.
So in my understanding:
- Qserv dev team members can connect from SLAC to ccage.in2p3
using their in2p3 account.
(please note that, if you find it more convenient, direct ssh
access from SLAC to qserv build nodes can be replaced with ssh
forwarding through ccage)
- qserv ssh key will be used to log to all Qserv nodes on the
private subnetwork. Qserv will be installed automatically on these
nodes using puppet.
- qserv ssh key can't be used from outside in2p3:
all Qserv clusters users first must authenticate with their
in2p3 account before being logged on the Qserv private subnetwork.
This is ok.
I have a few questions:
- assuming we authenticate to the Qserv build nodes with our in2p3
accounts, will it be possible to use "sudo -u qserv" account on
these nodes?
- can we also run Qserv daemon on the build nodes? We may use them
as master nodes.
- if yes, would it be possible to let all ports open between build
nodes and the Qserv private subnetwork?
For now the data-loading procedure should rely on ssh, so if the
build nodes have access to /sps and to Qserv private subnetwork,
we should be able to make it work.
Would it be possible to be able to use one of the Qserv build node
as an NFS server, accessible from all Qserv nodes.
If needed, can we have a short meeting this week in order to
clarify the Qserv cluster set up?
Cheers,
Fabrice
On 01/26/2015 06:55 AM, Yvan Calas
wrote:
[log in to unmask]"
type="cite">
On 23 Jan 2015, at 19:53, Fabrice Jammes <[log in to unmask]> wrote:
Direct ssh, , key authentication based, access from ccage to the 25 machines would be the simpler option.
If not possible, I think that having ssh access, using ssh key authentication, from ccage to the 3 build nodes is enough.
And then we would need to have ssh access from the 3 build nodes to the other 23 machines, using ssh key authentication,
We plan to put the qserv nodes on a private subnetwork. Those nodes will be accessible from ccage.in2p3.fr and build nodes (ccqserv00[4-6].in2p3.fr) using SSH key authentication for user qserv (see pdf file in attachment). Is it ok for you?
One question however: how do you plan to populate the MySQL servers on the cluster? Do you need to have SPS configured on one of the 25 nodes (the qserv master node)?
Moreover, please let me know if we must reinstall the build nodes with SL7, and when it can be done.
Thanks,
Yvan
---
Yvan Calas
CC-IN2P3 -- Storage Group
21 Avenue Pierre de Coubertin
CS70202
F-69627 Villeurbanne Cedex
Tel: +33 4 72 69 41 73