About this task
To secure your cluster against false requests sent from
unlisted hosts, restrict access to the LSF management host and management
candidates.
The parameters you set to restrict access depend
on whether your cluster allows dynamic hosts.
Procedure
- Edit the lsf.conf file.
- Limit the number of management candidates in your cluster that
are specified by the LSF_MASTER_LIST parameter.
- If your cluster does not allow dynamic hosts, prevent unlisted
hosts from sending requests by specifying the LSF_REJECT_NONLSFHOST parameter.
LSF_REJECT_NONLSFHOST=yes
- Edit the lsf.cluster.cluster_name file.
- Limit or remove the range of IP addresses that are allowed
to be dynamic LSF hosts by editing or deleting the LSF_HOST_ADDR_RANGE parameter.
If your cluster allows dynamic hosts, limit the range of
IP addresses that are specified by the LSF_HOST_ADDR_RANGE parameter.
If your cluster does not allow dynamic hosts, ensure that
the LSF_HOST_ADDR_RANGE parameter is not specified.
- Reconfigure LIM and restart mbatchd on
the management host to activate these changes.
lsadmin
reconfig
badmin mbdrestart