Mailing List Archives
Public Access
|
|
![[Computer Systems Lab]](https://www-auth.cs.wisc.edu/pics/csl_logo.gif)
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Condor-users] Amount of ports used by condor
- Date: Fri, 24 Feb 2006 09:40:54 +0800
- From: <Greg.Hitchen@xxxxxxxx>
- Subject: [Condor-users] Amount of ports used by condor
Quoting from the manual:
***********************************************************************
"The central manager of the pool needs 5 + NEGOTIATOR_SOCKET_CACHE_SIZE
ports for daemon communication, where NEGOTIATOR_SOCKET_CACHE_SIZE
is specified in the configuration or defaults to the value 16.
Each execute machine (those machines running a condor_ startd daemon)
requires 5 + (5 * number of virtual machines advertised by that machine)
ports. By default, the number of virtual machines advertised will equal
the number of physical CPUs in that machine.
Submit machines (those machines running a condor_ schedd daemon) require
5 + (5 * MAX_JOBS_RUNNING) ports. The configuration variable
MAX_JOBS_RUNNING limits (on a per-machine basis, if desired) the maximum
number of jobs. Without this configuration macro, the maximum number of
jobs that could be simultaneously executing at one time is a function
of the number of reachable execute machines."
***********************************************************************
Does each execute machine actually use that many ports all the time or
is it only when actually running a job?
It would appear? that it uses them all the time? We have a pool with
<100 machines in it, using a restricted port range of 9000-10000 and
are getting the "failing to bind to a port" type error already on some
of them.
We are looking at deploying to a geographically spread system, with up
to 5 central managers and perhaps 500+ machines per pool (with
flocking).
One question would be why so many ports? Why isn't it just one per
daemon?
I only ask as I am getting some concerned questions from our
organisations
Security group, who handle the access lists on our PIX's (firewalls).
I have asked them to update the ACLs to allow access for the range
9000-20000 (on the assumption that this would handle up to 1000
machines).
They are asking if it is really necessary as is essentially removing
all protection between our sites.
Thanks for any help/answers/comments.
Cheers
Greg