[gpfsug-discuss] mmdsh rest api command

Jonathan Buzzard jonathan.buzzard at strath.ac.uk
Wed Jul 23 18:18:07 BST 2025


On 21/07/2025 22:51, Steve Daniels wrote:
> 
> There are three different methods (two really) of allowing internode 
> communications for the ssh commanding.
> 
> Centralized management where select nodes have one way root passwordless 
> ssh access to all of the rest of the nodes and n-to-n where all nodes 
> have access to all other nodes via passwordless ssh.
> 

When the central administration mode was first introduced you still 
needed n-to-n ssh access or it all still fell apart despite being only 
able to issue "administration" commands from the central nodes.

 From recollection a slew of what I would call "user" commands (such as 
changing an ACL on your *own* files for example) all stopped working 
unless the n-to-n was maintained.

I am not precluding that this had changed in the meantime, but once 
bitten twice shy as they say.

I still maintain reinventing the wheel, which will be a whole bunch of 
infrequently tested code paths is a really bad idea in the modern 
security threat environment.


JAB.

-- 
Jonathan A. Buzzard                         Tel: +44141-5483420
HPC System Administrator, ARCHIE-WeSt.
University of Strathclyde, John Anderson Building, Glasgow. G4 0NG




More information about the gpfsug-discuss mailing list