[gpfsug-discuss] mmdsh rest api command
Jonathan Buzzard
jonathan.buzzard at strath.ac.uk
Wed Jul 23 18:18:07 BST 2025
On 21/07/2025 22:51, Steve Daniels wrote:
>
> There are three different methods (two really) of allowing internode
> communications for the ssh commanding.
>
> Centralized management where select nodes have one way root passwordless
> ssh access to all of the rest of the nodes and n-to-n where all nodes
> have access to all other nodes via passwordless ssh.
>
When the central administration mode was first introduced you still
needed n-to-n ssh access or it all still fell apart despite being only
able to issue "administration" commands from the central nodes.
From recollection a slew of what I would call "user" commands (such as
changing an ACL on your *own* files for example) all stopped working
unless the n-to-n was maintained.
I am not precluding that this had changed in the meantime, but once
bitten twice shy as they say.
I still maintain reinventing the wheel, which will be a whole bunch of
infrequently tested code paths is a really bad idea in the modern
security threat environment.
JAB.
--
Jonathan A. Buzzard Tel: +44141-5483420
HPC System Administrator, ARCHIE-WeSt.
University of Strathclyde, John Anderson Building, Glasgow. G4 0NG
More information about the gpfsug-discuss
mailing list