LISTSERV 16.5 - QSERV-L Archives

Hi Matthieu and Yvan,

Thanks for these informations.

So in my understanding:
- Qserv dev team members can connect from SLAC to ccage.in2p3 using their in2p3 account.
(please note that, if you find it more convenient, direct ssh access from SLAC to qserv build nodes can be replaced with ssh forwarding through ccage)
- qserv account (with ssh key) will be used to log on all Qserv nodes on the private subnetwork. Qserv will be installed automatically on these nodes using puppet.
- all Qserv cluster users first must authenticate with their in2p3 account before being logged on the Qserv private subnetwork.
qserv account (with ssh key) can't be used to log on from outside in2p3:

The above is ok for us.

I have a few questions:
- assuming Qserv team authenticate to the Qserv build nodes with in2p3 accounts, will it be possible to use "sudo -u qserv" on these nodes?
- can we also run Qserv daemon on the build nodes? May we use them as master nodes? It would be a pity to use such powerful machine only for build process, which is resource consuming but short.
- if yes, would it be possible to let all ports open between build nodes and the Qserv private subnetwork?

If you answer positively to these questions, why not putting Qserv build nodes also in the Qserv private subnetwork? It may be simpler?

About /sps access:
For now the data-loading procedure should rely on ssh, so if the build nodes have access to /sps and to Qserv private subnetwork, we should be able to make it work.
Would it also be possible to be able to use one of the Qserv build node as an NFS server, accessible from all Qserv nodes?

If needed, can we have a short meeting this week in order to clarify the Qserv cluster set up? I can be available easily Tuesday and Friday at 16pm (France time).

Cheers,

Fabrice

On 01/26/2015 06:55 AM, Yvan Calas wrote:

[log in to unmask]" type="cite">

On 23 Jan 2015, at 19:53, Fabrice Jammes <[log in to unmask]> wrote:

Direct ssh, , key authentication based, access from ccage to the 25 machines would be the simpler option.

If not possible, I think that having ssh access, using ssh key authentication, from ccage to the 3 build nodes is enough.
And then we would need to have ssh access from the 3 build nodes to the other 23 machines, using ssh key authentication,

We plan to put the qserv nodes on a private subnetwork. Those nodes will be accessible from ccage.in2p3.fr and build nodes (ccqserv00[4-6].in2p3.fr) using SSH key authentication for user qserv (see pdf file in attachment). Is it ok for you? 

One question however: how do you plan to populate the MySQL servers on the cluster? Do you need to have SPS configured on one of the 25 nodes (the qserv master node)?

Moreover, please let me know if we must reinstall the build nodes with SL7, and when it can be done.

Thanks,

Yvan

---
Yvan Calas
CC-IN2P3 -- Storage Group
21 Avenue Pierre de Coubertin
CS70202
F-69627 Villeurbanne Cedex
Tel: +33 4 72 69 41 73

Use REPLY-ALL to reply to list

To unsubscribe from the QSERV-L list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=QSERV-L&A=1