[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Condor-users] Amount of ports used by condor

On Fri, Feb 24, 2006 at 09:40:54AM +0800, Greg.Hitchen@xxxxxxxx wrote:
> Quoting from the manual:
> ***********************************************************************
> "The central manager of the pool needs 5 + NEGOTIATOR_SOCKET_CACHE_SIZE
> ports for daemon communication, where NEGOTIATOR_SOCKET_CACHE_SIZE
> is specified in the configuration or defaults to the value 16. 
> Each execute machine (those machines running a condor_ startd daemon)
> requires 5 + (5 * number of virtual machines advertised by that machine)
> ports. By default, the number of virtual machines advertised will equal
> the number of physical CPUs in that machine. 
> Submit machines (those machines running a condor_ schedd daemon) require
> 5 + (5 * MAX_JOBS_RUNNING) ports. The configuration variable
> MAX_JOBS_RUNNING limits (on a per-machine basis, if desired) the maximum
> number of jobs. Without this configuration macro, the maximum number of
> jobs that could be simultaneously executing at one time is a function
> of the number of reachable execute machines."
> ***********************************************************************
> Does each execute machine actually use that many ports all the time or
> is it only when actually running a job? 
> It would appear? that it uses them all the time? We have a pool with
> <100 machines in it, using a restricted port range of 9000-10000 and
> are getting the "failing to bind to a port" type error already on some
> of them.
> We are looking at deploying to a geographically spread system, with up
> to 5 central managers and perhaps 500+ machines per pool (with
> flocking).
> One question would be why so many ports? Why isn't it just one per
> daemon?
> I only ask as I am getting some concerned questions from our
> organisations
> Security group, who handle the access lists on our PIX's (firewalls).
> I have asked them to update the ACLs to allow access for the range
> 9000-20000 (on the assumption that this would handle up to 1000
> machines).
> They are asking if it is really necessary as is essentially removing
> all protection between our sites.

The number of machines doesn't factor into it - you just need to have
enough open ports for the max single machine. It's not the sum.

If you have an execute machine with 2 VMs, the manual says to open 15 ports
(5 + 5*number of VMs)

If you have 1000 execute machines, each with 2VMs, you still only have
to open 15 ports. Each machine can use the same 15 ports, but on different
IP addresses.


> Thanks for any help/answers/comments.
> Cheers
> Greg
> _______________________________________________
> Condor-users mailing list
> Condor-users@xxxxxxxxxxx
> https://lists.cs.wisc.edu/mailman/listinfo/condor-users