Web App / Web Service

The current set is:

80 8080 443 8443

additionally port 22 for connection from within cern.ch domain

3306: mysql port for connecting to the database. This is widely open as of today which presents a real security issue. We should list the nodes which are allowed to connect to the databse instance. As of today the IP list of nodes allowed to connect remotely to the MySQL database is:

taikiken.cern.ch

sakura.cern.ch

kohai.cern.ch

pccaguado.cern.ch

lollopc01.cern.ch

pcsiemensld.cern.ch

Condor

In order for Condor to operate properly with the outside world, you need to open up a range of ports in the firewall. Because the jobs could migrate in either direction (from UW to CERN, or from CERN to UW), the two schedds' command ports need to be acessible at both ends. Technically, only two ports needs to be open: port 9618 for the Collector and one port for the schedd.

To do this, you can restrict the port range used by Condor:

http://www.cs.wisc.edu/condor/manual/v6.8.2/3_3Configuration.html#11265

More information about how to operate Condor to traverse through a firewall can be found here:

http://www.cs.wisc.edu/condor/manual/v6.8.2/3_8Networking.html#SECTION00481400000000000000

To set the schedd to listen on port 25000, add the following parameters to the Condor configuration file:

SCHEDD.IN_LOWPORT = 25000 SCHEDD.IN_HIGHPORT = 25000

-- MarianZUREK - 15 Nov 2006

Edit | Attach | Watch | Print version | History: r3 < r2 < r1 | Backlinks | Raw View | WYSIWYG | More topic actions
Topic revision: r3 - 2006-11-29 - MarianZUREK
 
    • Cern Search Icon Cern Search
    • TWiki Search Icon TWiki Search
    • Google Search Icon Google Search

    ETICS All webs login

This site is powered by the TWiki collaboration platform Powered by PerlCopyright & 2008-2020 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback