Secure your cluster against false requests

About this task

To secure your cluster against false requests sent from unlisted hosts, restrict access to the LSF management host and management candidates.

The parameters you set to restrict access depend on whether your cluster allows dynamic hosts.

Procedure

  1. Edit the lsf.conf file.
  2. Limit the number of management candidates in your cluster that are specified by the LSF_MASTER_LIST parameter.
  3. If your cluster does not allow dynamic hosts, prevent unlisted hosts from sending requests by specifying the LSF_REJECT_NONLSFHOST parameter.

    LSF_REJECT_NONLSFHOST=yes

  4. Edit the lsf.cluster.cluster_name file.
  5. Limit or remove the range of IP addresses that are allowed to be dynamic LSF hosts by editing or deleting the LSF_HOST_ADDR_RANGE parameter.
    • If your cluster allows dynamic hosts, limit the range of IP addresses that are specified by the LSF_HOST_ADDR_RANGE parameter.

    • If your cluster does not allow dynamic hosts, ensure that the LSF_HOST_ADDR_RANGE parameter is not specified.

  6. Reconfigure LIM and restart mbatchd on the management host to activate these changes.

    lsadmin reconfig

    badmin mbdrestart