Requirements for administering a GPFS file system
Root authority is required to perform all GPFS administration tasks except those with a function limited to listing certain GPFS operating characteristics or modifying individual user file attributes.
On Windows, root authority normally means users in the Administrators group. However, for clusters with both Windows and UNIX nodes, only the special Active Directory domain user root qualifies as having root authority for the purposes of administering GPFS. For more information on GPFS prerequisites, see Installing GPFS prerequisites.
The GPFS commands are designed to maintain the appropriate environment across all nodes in the cluster. To achieve this goal, the GPFS commands use the remote shell and remote file copy commands that you specify on either the mmcrcluster or the mmchcluster command.
The default remote commands are ssh and scp, but you can designate any other remote commands provided they have compatible syntax.
In principle, you can issue GPFS administration commands from any node in the cluster. The nodes that you plan to use for administering GPFS must be able to execute remote shell commands on themselves and on any other node in the cluster. They must do so without the use of a password and without producing any extraneous messages. Similarly, the nodes on which the GPFS commands are issued must be able to copy files to and from any other node in the cluster. And the nodes must do so without the use of a password and without producing any extraneous messages.
The way the passwordless access is achieved depends on the particular remote execution program and authentication mechanism that is used. For example, for rsh and rcp, you might need a properly configured .rhosts file in the root user's home directory on each node in the GPFS cluster. If the remote program is ssh, you can use private identity files that do not have a password. Or, if the identity file is password-protected, you can use the ssh-agent utility to establish an authorized session before you issue mm commands.
You can avoid configuring your GPFS nodes to allow remote access to the root user ID, by using sudo wrapper scripts to run GPFS administrative commands. See Running IBM Spectrum Scale commands without remote root login.
GPFS does not need to know which nodes are being used for administration purposes. It is the administrator's responsibility to issue mm commands only from nodes that are properly configured and can access the rest of the nodes in the cluster.