我试图在Centos 7操作系统上的小型集群上运行MPI。防火墙阻止它运行。这是我得到的错误:
$ mpirun -np 30 -hostfile hosts.txt mpi_sample_program/mpitest
------------------------------------------------------------
A process or daemon was unable to complete a TCP connection
to another process:
Local host: marcher5
Remote host: ***.***.***.***.***
This is usually caused by a firewall on the remote host. Please
check that any firewall (e.g., iptables) has been disabled and
try again.
------------------------------------------------------------
--------------------------------------------------------------------------
ORTE was unable to reliably start one or more daemons.
This usually is caused by:
* not finding the required libraries and/or binaries on
one or more nodes. Please check your PATH and LD_LIBRARY_PATH
settings, or configure OMPI with --enable-orterun-prefix-by-default
* lack of authority to execute on one or more specified nodes.
Please verify your allocation and authorities.
* the inability to write startup files into /tmp (--tmpdir/orte_tmpdir_base).
Please check with your sys admin to determine the correct location to use.
* compilation of the orted with dynamic libraries when static are required
(e.g., on Cray). Please check your configure cmd line and consider using
one of the contrib/platform definitions for your system type.
* an inability to create a connection back to mpirun due to a
lack of common network interfaces and/or no route found between
them. Please check network connectivity (including firewalls
and network routing requirements).
--------------------------------------------------------------------------
当我使用以下命令禁用防火墙时:sudo systemctl disable firewalld,MPI工作正常。 我已经尝试了很长一段时间来添加一条规则,允许MPI在不关闭火警的情况下运行但是还没有工作。 我能够用sudo iptables -A INPUT -s -j ACCEPT来做它并且它有效。但是现在由于Centos 7,我必须使用firewall-cmd。 在不影响群集安全性的情况下,您建议我做什么?我应该添加规则以允许节点之间的所有流量吗?
我当前的防火墙-cmd配置是:
$ firewall-cmd --list-all
work (default, active)
interfaces: eno1
sources:
services: dhcpv6-client ipp-client ssh
ports:
masquerade: no
forward-ports:
icmp-blocks:
rich rules:
答案 0 :(得分:1)
我尝试使用以下方法添加来源:
sudo firewall-cmd --permanent --zone=work --add-source=[host_IP]
但仍然无法使MPI应用程序正常运行。 然后决定在此群集上启用MPI的唯一方法是制定规则以接受节点之间的所有流量。 我运行了这两个命令。
sudo firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT 0 -s [server+IP] -j ACCEPT
firewall-cmd --reload
它就像一个魅力。虽然不确定这是否是安全方面的最佳解决方案。