DokuWiki

User Tools

Site Tools

Trace:
cluster:154

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision Both sides next revision
cluster:154 [2017/03/03 19:02]
hmeij07 created 		cluster:154 [2017/03/03 19:14]
hmeij07 [OpenHPC]
Line 5: Line 5:
  
   * install vanilla CentOS 7.2   * install vanilla CentOS 7.2
 +  * find Install_guide-CentOS7.2-SLURM-1.2.1-x86_64.pdf recipe guide on http://openhpc.community
 +  * turn selinux off
 +  * next switch to iptables
 +
 +<code>
 +
 +[root@ohpc0-test ~]# systemctl stop firewalld                
 +[root@ohpc0-test ~]# systemctl disable firewalld         
 +     
 +[root@ohpc0-test ~]#  yum install iptables-services -y                          
 +[root@ohpc0-test ~]# systemctl enable iptables
 +[root@ohpc0-test ~]# systemctl enable ip6tables
 +
 +[root@ohpc0-test ~]# vi /etc/sysconfig/iptables
 +
 +# lock up port 22
 +-A INPUT -i eth0 -p tcp -m state --state NEW -m tcp -s 129.133.0.0/16 --dport 22 -j ACCEPT
 +
 +# local allow: note eth1
 +-A INPUT -i eth1 -d 192.168.0.0/16 -p tcp --dport 0:65535 -j ACCEPT
 +-A INPUT -i eth1 -d 192.168.0.0/16 -p udp --dport 0:65535 -j ACCEPT
 +
 +[root@ohpc0-test ~]# vi /etc/sysconfig/ip6tables
 +
 +# comment out port 22
 +
 +[root@ohpc0-test ~]# systemctl restart iptables
 +[root@ohpc0-test ~]# systemctl restart ip6tables
 +[root@ohpc0-test ~]# iptables -L
 +Chain INPUT (policy ACCEPT)
 +target     prot opt source               destination
 +ACCEPT     all  --  anywhere             anywhere             state RELATED,ESTABLISHED
 +ACCEPT     icmp --  anywhere             anywhere
 +ACCEPT     all  --  anywhere             anywhere
 +ACCEPT     tcp  --  129.133.0.0/16       anywhere             state NEW tcp dpt:ssh
 +ACCEPT     tcp  --  anywhere             192.168.0.0/16       tcp
 +ACCEPT     udp  --  anywhere             192.168.0.0/16       udp
 +REJECT     all  --  anywhere             anywhere             reject-with icmp-host-prohibited
 +
 +Chain FORWARD (policy ACCEPT)
 +target     prot opt source               destination
 +REJECT     all  --  anywhere             anywhere             reject-with icmp-host-prohibited
 +
 +Chain OUTPUT (policy ACCEPT)
 +target     prot opt source               destination
 +
 +[root@ohpc0-test ~]# reboot
 +
 +</code>
  
-  * disable firewalld, install iptables 
-  *  
  
 \\ \\
 **[[cluster:0|Back]]** **[[cluster:0|Back]]**
cluster/154.txt ยท Last modified: 2018/08/17 12:48 by hmeij07

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki