- Infos im HLRS Wiki sind nicht rechtsverbindlich und ohne Gewähr -
- Information contained in the HLRS Wiki is not legally binding and HLRS is not responsible for any damages that might result from its use -

CAE howtos

From HLRS Platforms
Revision as of 21:24, 12 November 2020 by Hpcbern (talk | contribs) (initial version)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigationJump to search

Licensing

ssh-Tunnel

To use a remote license server, a ssh-Tunnel can be used. If a ssh-Tunnel connects a local compute node TCP port with the port the license server listens to, the license can be checked out through the local port.

Setup

application node (compute node)
the node where the license is drawn
ssh server
a proxy between the application node and the license server the ssh server has to be accessible from the application node (through a NAT-gateway),
there must be no firewall to prevent the connection. However the ssh server firewall only has to enable a connection to the application node and the license server port (and probably an administration computer).
The sshd configuration has to enable "AllowTcpForwarding yes".
The ssh server user does not need a login-shell to just establish a ssh tunnel (/bin/false is enough),
but a passwordless access is needed to automize the setup.
license server
the node a license is served

Job script example excerpt

export LICSERVER=$mylicenseserver #license server
export LICSERVER_PORT=$mylicenseserverport # license server port
echo -e "license server:\t ${LICSERVER}:${LICSERVER_PORT}"
export LICSERVERlocal=localhost # local license server
#export LICSERVERlocal=`hostname`	# needs ssh \* binding address
export LICSERVERlocal_PORT=${LICSERVER_PORT:-12345} # local license port
echo -e "local license ssh tunnel end:\t${LICSERVERlocal}:${LICSERVERlocal_PORT}"
SSHTUNNEL_userserver="$USER@$sshserver"	# passwordless ssh access needed!
SSHTUNNEL_ctrlsocket="sshtunnelCtrlSocket.${jobid}"
echo "[`date +%Y-%m-%dT%H:%M:%S`] setting up ssh tunnel through ${SSHTUNNEL_userserver} (control socket: ${SSHTUNNEL_ctrlsocket})"
#rm -rf "${SSHTUNNEL_ctrlsocket}" # should not be necessary
ssh -MS "${SSHTUNNEL_ctrlsocket}" -fNTL ${LICSERVERlocal_PORT}:${LICSERVER}:${LICSERVER_PORT} ${SSHTUNNEL_userserver}
ssh -S "${SSHTUNNEL_ctrlsocket}" -O check ${SSHTUNNEL_userserver} || (echo "ssh CTRL socket  ${SSHTUNNEL_ctrlsocket} check failed - wait some more time..."; sleep 10)
## adjusting license server environment variables to the ssh tunnel end
#export LM_LICENSE_FILE="${LICSERVERlocal_PORT}@${LICSERVER_local}"
#echo "[`date +%Y-%m-%dT%H:%M:%S`] licensing redirected to ${LM_LICENSE_FILE}"
nc -zvw4 ${LICSERVERlocal} ${LICSERVERlocal_PORT} # check connection
#
# start simulation
#
ssh -S "${SSHTUNNEL_ctrlsocket}" -O exit ${SSHTUNNEL_userserver}