- Infos im HLRS Wiki sind nicht rechtsverbindlich und ohne Gewähr -

Difference between revisions of "CAE howtos"

From HLRS Platforms
Jump to navigationJump to search
m (added Lizenz-ssh-Tunnel.png)
m
 
Line 27: Line 27:
  
 
  # specify license server and port (using a TCP connection)
 
  # specify license server and port (using a TCP connection)
  export LICSERVER=hwwlic2.hww.de # license server
+
  export LICSERVER=licserver.mydomain.de # license server
  export LICSERVER_PORT=51718 # license server port (use vendor daemon port for flexnet)
+
  export LICSERVER_PORT=12345 # license server port (use vendor daemon port for flexnet)
 
  echo -e "license server:\t ${LICSERVER}:${LICSERVER_PORT}"
 
  echo -e "license server:\t ${LICSERVER}:${LICSERVER_PORT}"
 
  export LICSERVERlocal=localhost # local license server
 
  export LICSERVERlocal=localhost # local license server
Line 34: Line 34:
 
  export LICSERVERlocal_PORT=${LICSERVER_PORT:-12345} # local license port
 
  export LICSERVERlocal_PORT=${LICSERVER_PORT:-12345} # local license port
 
  echo -e "local license ssh tunnel end:\t${LICSERVERlocal}:${LICSERVERlocal_PORT}"
 
  echo -e "local license ssh tunnel end:\t${LICSERVERlocal}:${LICSERVERlocal_PORT}"
  SSH_userserver="hpcstruc@hawk-login04"    # passwordless ssh access needed!
+
  SSH_userserver="user@sshserver.mydomain.de"    # passwordless ssh access needed!
 
  SSH_PORT=22
 
  SSH_PORT=22
 
  SSH_ctrlsocket="sshtunnelCtrlSocket.${jobid}"
 
  SSH_ctrlsocket="sshtunnelCtrlSocket.${jobid}"

Latest revision as of 16:18, 17 November 2020

Licensing

ssh-Tunnel

To use a remote license server, a ssh-Tunnel can be used. If a ssh-Tunnel connects a local compute node TCP port with the port the license server listens to, the license can be checked out through the local port.

Setup

ssh tunnel for license server

application node (compute node)

the node where the license is drawn

ssh server

a proxy between the application node and the license server

  • The ssh server has to be accessible from the application node (maybe through a NAT-gateway) and the license server has to be accessible by the ssh server. Thus there mustn't be a firewall to prevent the connections. However the ssh server firewall only has to enable a connection to the application node and the license server port (and probably an administration computer or internal network).
  • The sshd configuration has to enable "AllowTcpForwarding yes" (instead of port 22 also an alternative port might be used).
  • The ssh server user does not need a login-shell to just establish a ssh tunnel (/bin/false is enough), but
  • a passwordless access is needed to automize the setup of a ssh tunnel from a job script.

license server

the node a license is served

Job script example excerpt

# specify license server and port (using a TCP connection)
export LICSERVER=licserver.mydomain.de # license server
export LICSERVER_PORT=12345 # license server port (use vendor daemon port for flexnet)
echo -e "license server:\t ${LICSERVER}:${LICSERVER_PORT}"
export LICSERVERlocal=localhost # local license server
#export LICSERVERlocal=`hostname`       # needs ssh \* binding address
export LICSERVERlocal_PORT=${LICSERVER_PORT:-12345} # local license port
echo -e "local license ssh tunnel end:\t${LICSERVERlocal}:${LICSERVERlocal_PORT}"
SSH_userserver="user@sshserver.mydomain.de"    # passwordless ssh access needed!
SSH_PORT=22
SSH_ctrlsocket="sshtunnelCtrlSocket.${jobid}"
echo "[`date +%Y-%m-%dT%H:%M:%S`] setting up ssh tunnel through ${SSH_userserver} (control socket: ${SSH_ctrlsocket})"
#rm -rf "${SSH_ctrlsocket}" # removing socket file should not be necessary
# establish ssh tunnel
ssh -MS "${SSH_ctrlsocket}" -fNTL ${LICSERVERlocal_PORT}:${LICSERVER}:${LICSERVER_PORT} -p ${SSH_PORT} ${SSH_userserver}
# check ssh tunnel
ssh -S "${SSH_ctrlsocket}" -O check ${SSH_userserver} || (echo "ssh CTRL socket  ${SSH_ctrlsocket} check failed - wait some more time..."; sleep 10)
## adjusting license server environment variables to the ssh tunnel end
# e.g. flexnet (using vendor daemon port)
export LM_LICENSE_FILE="${LICSERVERlocal_PORT}@${LICSERVERlocal}"
echo "[`date +%Y-%m-%dT%H:%M:%S`] licensing redirected to ${LM_LICENSE_FILE}"
# alternative check of connection (output redirected to stderr)
nc -zvw4 ${LICSERVERlocal} ${LICSERVERlocal_PORT} 1>&2
# alternatives, e.g.:
##nmap --system-dns -PN -p${LICSERVERlocal_PORT} ${LICSERVERlocal}
if [ $? -ne 0 ]; then
        echo "ERROR reaching ${LICSERVERlocal}:${LICSERVERlocal_PORT}"
else
        echo "test connection to ${LICSERVERlocal}:${LICSERVERlocal_PORT} succeeded"
fi
#
# start simulation...
#
# close connection
ssh -S "${SSH_ctrlsocket}" -O exit ${SSH_userserver}