====== Enhanced QLogin ======
Applications like Matlab or Mathematica with graphical user interfaces present additional challenges in cluster deployment scenarios. Since remote connections are usually not made directly to the compute nodes but NATed through the cluster head node or a router, passing the side-band X11 traffic is challenging. Luckily, SSH contains such functionality. If a user ''ssh'''es to a cluster head node from his desktop, a second ''ssh'' from there to a compute node will successfully tunnel X11 traffic from the compute node, back to the head node, and from there back to the user's desktop.
The problem comes when you introduce Grid Engine for interactive job scheduling via the ''qlogin'' command. With the Mills cluster here at UD, from day one the behavior of ''qlogin'' was modified to use a script we provided versus the default; from ''qconf -sconf'':
:
qlogin_command /opt/shared/GridEngine/local/qlogin_ssh
qlogin_daemon /usr/sbin/sshd -i
rlogin_command builtin
rlogin_daemon builtin
rsh_command builtin
rsh_daemon builtin
:
On the compute node the standard SSH daemon is used to accept the ''qlogin'' connection from the head node. On the head node, the ''qlogin'' connection is made by the ''/opt/shared/GridEngine/local/qlogin_ssh'' script:
#!/bin/sh
HOST=$1
PORT=$2
#
# Ensure that the environment on the remote host will
# match the working env here:
#
export SGE_QLOGIN_PWD=`/bin/pwd`
if [ -z "$WORKGROUP" ]; then
export WORKGROUP=`id -g -n`
fi
if [ -z "$WORKDIR" ]; then
WORKDIR=`/opt/shared/workgroup/bin/workdir -g $WORKGROUP`
if [ $? = 0 ]; then
export WORKDIR
fi
fi
if [ "x$DISPLAY" = "x" ]; then
exec /usr/bin/ssh -p $PORT $HOST
else
exec /usr/bin/ssh -X -Y -p $PORT $HOST
fi
Grid Engine passes two arguments to the script: the hostname of the compute node and a TCP/IP port to use for the session. The ''SGE_QLOGIN_PWD'' variable is set to the working directory when the ''qlogin'' command was issued -- we'll see why in a moment. If ''DISPLAY'' is set, we assume that there is an X11 session active for the user and we tunnel it to the compute node; otherwise, a standard SSH session is opened. Note that we're using ''exec'' because there is nothing else for this script to do after opening the connection.
===== Acting More Like QRsh =====
The standard behavior of this ''qlogin'' is thus to open a connection to a compute node and (as usual for ''ssh'') leaves the user in his home directory and running under his default Unix group (on Mills, ''everyone''). Unfortunately, on Mills the idea is to have people transition into secondary groups in order to submit jobs to Grid Engine. The default ''qrsh'' under Grid Engine propagates the current Unix group to the compute node (if the sysadmin wants it to), so the user's compute node environment is more similar to that which was on the head node.
The nature of the work environment being promoted on Mills dictates that ''qlogin'' sessions would work best if the remote environment:
* uses the same Unix group that was active on the head node
* uses the same working directory that was active on the head node
To accomplish this, we first need to modify what environment variables ''ssh'' will pass to the compute node. On the head node, the following was added to ''/etc/ssh/ssh_config'':
:
SendEnv XMODIFIERS
SendEnv WORKGROUP WORKDIR SGE_QLOGIN_PWD
Likewise, the SSH daemon on the compute nodes must be configured to //accept// those variables in the remote environment:
:
AcceptEnv XMODIFIERS
AcceptEnv WORKGROUP WORKDIR SGE_QLOGIN_PWD
:
With these three variables being passed to the compute node, a ''/etc/profile.d'' script can detect their presence and react accordingly by changing the working directory to ''SGE_QLOGIN_PWD'' and possibly changing the group associated with the process using the value of ''WORKGROUP'' and the ''workgroup'' command available on Mills (similar to ''newgrp'').