dougalb
commented
8 years ago This has been included in cfncluster-cookbook-1.3.0, which is used by cfncluster-1.3.1
Closed cancan101 closed 3 years ago
dougalb
commented
8 years ago This has been included in cfncluster-cookbook-1.3.0, which is used by cfncluster-1.3.1
bwbarrett
commented
7 years ago I'm going to re-open this ticket. With CfnCluster 1.3.2, SGE compute nodes again have admin access, because otherwise the node removal process for SGE doesn't work. Need to think more about paths forward...
demartinofra
commented
3 years ago Because we have announced that we will be deprecating support for SGE in the near-future (see: https://github.com/aws/aws-parallelcluster/wiki/Deprecation-of-SGE-and-Torque-in-ParallelCluster), we will not be performing additional enhancements specific to SGE.
I am going to close this issue. If you would like to request a similar enhancement for one of our other supported schedulers (Slurm or AWS Batch), please feel free to create a new issue.
Right it looks like the default and only option is to make all compute nodes submit hosts and administrative hosts.
Ideally there would be some way to lock down privileges on the computer nodes, for example to prevent malicious programs that have been submitted from gaining admin access to the entire cluster.
docs are provided here: http://arc.liv.ac.uk/SGE/howto/sge-security.html for securing a cluster and I would suggest at least linking to them if not also making of these settings default