如何在 Centos 7 中使用 firewalld 启用 MPI mpirun
how to enable MPI mpirun using firewalld in Centos 7
我正在尝试在 Centos 7 OS 的小型集群上制作 MPI 运行。防火墙阻止它 运行ning。这是我得到的错误:
$ mpirun -np 30 -hostfile hosts.txt mpi_sample_program/mpitest
------------------------------------------------------------
A process or daemon was unable to complete a TCP connection
to another process:
Local host: marcher5
Remote host: ***.***.***.***.***
This is usually caused by a firewall on the remote host. Please
check that any firewall (e.g., iptables) has been disabled and
try again.
------------------------------------------------------------
--------------------------------------------------------------------------
ORTE was unable to reliably start one or more daemons.
This usually is caused by:
* not finding the required libraries and/or binaries on
one or more nodes. Please check your PATH and LD_LIBRARY_PATH
settings, or configure OMPI with --enable-orterun-prefix-by-default
* lack of authority to execute on one or more specified nodes.
Please verify your allocation and authorities.
* the inability to write startup files into /tmp (--tmpdir/orte_tmpdir_base).
Please check with your sys admin to determine the correct location to use.
* compilation of the orted with dynamic libraries when static are required
(e.g., on Cray). Please check your configure cmd line and consider using
one of the contrib/platform definitions for your system type.
* an inability to create a connection back to mpirun due to a
lack of common network interfaces and/or no route found between
them. Please check network connectivity (including firewalls
and network routing requirements).
--------------------------------------------------------------------------
当我使用 sudo systemctl disable firewalld 禁用防火墙时,MPI 工作正常。
我已经尝试了一个漫长的星期来添加一个允许 MPI 运行 而不关闭 firewalld 的规则,但它还没有工作。
我能够用 sudo iptables -A INPUT -s -j ACCEPT 做到这一点并且它有效。但是现在由于 Centos 7,我必须使用 firewall-cmd。
你建议我在不损害集群安全的情况下做什么。我是否应该添加一条规则以允许我的节点之间的所有流量?
我当前的 firewall-cmd 配置是:
$ firewall-cmd --list-all
work (default, active)
interfaces: eno1
sources:
services: dhcpv6-client ipp-client ssh
ports:
masquerade: no
forward-ports:
icmp-blocks:
rich rules:
我尝试使用此添加源:
sudo firewall-cmd --permanent --zone=work --add-source=[host_IP]
但还是无法正确地制作MPI应用程序运行。
然后决定在这个集群上启用 MPI 的唯一方法是制定一个规则来接受节点之间的所有流量。
我 运行 这 2 个命令。
sudo firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT 0 -s [server+IP] -j ACCEPT
firewall-cmd --reload
它的工作方式与 charm.Not 一样,但确定这是否是安全方面的最佳解决方案。
我正在尝试在 Centos 7 OS 的小型集群上制作 MPI 运行。防火墙阻止它 运行ning。这是我得到的错误:
$ mpirun -np 30 -hostfile hosts.txt mpi_sample_program/mpitest
------------------------------------------------------------
A process or daemon was unable to complete a TCP connection
to another process:
Local host: marcher5
Remote host: ***.***.***.***.***
This is usually caused by a firewall on the remote host. Please
check that any firewall (e.g., iptables) has been disabled and
try again.
------------------------------------------------------------
--------------------------------------------------------------------------
ORTE was unable to reliably start one or more daemons.
This usually is caused by:
* not finding the required libraries and/or binaries on
one or more nodes. Please check your PATH and LD_LIBRARY_PATH
settings, or configure OMPI with --enable-orterun-prefix-by-default
* lack of authority to execute on one or more specified nodes.
Please verify your allocation and authorities.
* the inability to write startup files into /tmp (--tmpdir/orte_tmpdir_base).
Please check with your sys admin to determine the correct location to use.
* compilation of the orted with dynamic libraries when static are required
(e.g., on Cray). Please check your configure cmd line and consider using
one of the contrib/platform definitions for your system type.
* an inability to create a connection back to mpirun due to a
lack of common network interfaces and/or no route found between
them. Please check network connectivity (including firewalls
and network routing requirements).
--------------------------------------------------------------------------
当我使用 sudo systemctl disable firewalld 禁用防火墙时,MPI 工作正常。 我已经尝试了一个漫长的星期来添加一个允许 MPI 运行 而不关闭 firewalld 的规则,但它还没有工作。 我能够用 sudo iptables -A INPUT -s -j ACCEPT 做到这一点并且它有效。但是现在由于 Centos 7,我必须使用 firewall-cmd。 你建议我在不损害集群安全的情况下做什么。我是否应该添加一条规则以允许我的节点之间的所有流量?
我当前的 firewall-cmd 配置是:
$ firewall-cmd --list-all
work (default, active)
interfaces: eno1
sources:
services: dhcpv6-client ipp-client ssh
ports:
masquerade: no
forward-ports:
icmp-blocks:
rich rules:
我尝试使用此添加源:
sudo firewall-cmd --permanent --zone=work --add-source=[host_IP]
但还是无法正确地制作MPI应用程序运行。 然后决定在这个集群上启用 MPI 的唯一方法是制定一个规则来接受节点之间的所有流量。 我 运行 这 2 个命令。
sudo firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT 0 -s [server+IP] -j ACCEPT
firewall-cmd --reload
它的工作方式与 charm.Not 一样,但确定这是否是安全方面的最佳解决方案。