Platform LSF Administration Guide Version 6.2

ManualsBrandsHP ManualsSoftwareHP XC System 3.x Software

191

192

193

194

195

196

197

198

199

200

Chapter 8

Platform LSF Licensing

Administering Platform LSF

193

...

Begin Parameters

PRODUCTS= LSF_Base LSF_Manager LSF_Sched_Fairshare

LSF_Sched_Parallel LSF_Sched_Preemption

LSF_Sched_Resource_Reservation LSF_Make

FLOAT_CLIENTS= 25

End Parameters

...

The FLOAT_CLIENTS parameter sets the size of your license pool in the cluster.

When the master LIM starts up, the number of licenses specified in

FLOAT_CLIENTS (or fewer) can be checked out for use as floating client licenses.

If the parameter FLOAT_CLIENTS is not specified in

lsf.cluster.cluster_name, or there is an error in either license.dat or in

lsf.cluster.cluster_name, the floating LSF client license feature is disabled.

Start the license server daemon.

See “Starting the license daemons” on page 182.

To allow your changes to take effect, reconfigure the cluster with the commands:

❖

lsadmin reconfig

❖

badmin reconfig

Warning

When the LSF floating client license feature is enabled, any host will be able

to submit jobs to the cluster. You can limit which hosts can be LSF floating

clients. See “Security issues with floating client licenses” on page 193.

Security issues with floating client licenses

If you want to install or have installed floating client licenses, it is important that you read

this section to inform yourself of the security issues. There are measures to compensate

for these security issues (see “Configuring security for LSF floating client licenses” on

page 194).

With LSF client licenses, when you list client hosts in

lsf.cluster.cluster_name,

there is a level of security defined since you specify the exact hosts that will be used by

the LSF system. Host authentication is done in this way.

With LSF floating client licenses, you should be aware of the security issues:

◆

Hosts that are not specified in lsf.cluster.cluster_name can submit requests.

This means any host can submit requests.

◆

Remote machines make it easier for users to submit commands with a fake user ID.

As a result, if an authorized user uses the user ID

lsfadmin, the user will be able

to run commands that affect the entire cluster or shut it down and cause problems

in the LSF system.