Armored Node for Sensitive Data: Difference between revisions

From Grid5000
Jump to navigation Jump to search
Line 5: Line 5:


== Node reservation and deployment ==
== Node reservation and deployment ==
Identify your requirements:
* Select a cluster that suits your needs.
* Estimate for how long you will need the resources. If they exceed what is allowed for the ''default'' queue in the [[Grid5000:UsagePolicy Usage Policy]], maybe the ''production'' queue will match your needs. If the duration also exceeds what is allowed by the ''production'' queue (more than one week needed), you should follow the procedure explained on the [[Grid5000:UsagePolicy Usage Policy]] page to request an exception.
Remember that your data will be destroyed at the end of the reservation.


Reserve a node and a VLAN, for example with:
Reserve a node and a VLAN, for example with:
  <code class="host">nancy frontend:</code><code class="command">oarsub</code> -q production -t deploy -l {"type='kavlan'"}/vlan=1+{"cluster='graffiti'"}/nodes=1,walltime=<code class="replace">WALLTIME</code> -r <code class="replace">START DATE</code>
  <code class="host">nancy frontend:</code><code class="command">oarsub</code> -q production -t deploy -l {"type='kavlan'"}/vlan=1+{"cluster='graoully'"}/nodes=1,walltime=<code class="replace">WALLTIME</code> -r <code class="replace">START DATE</code>
Once the job has started, connect inside the job:
<code class="host">nancy frontend:</code><code class="command">oarsub</code> -C <code class="replace">JOB ID</code>
Get the assigned VLAN number:
<code class="host">nancy frontend:</code><code class="command">kavlan</code> -V</code>
Get the reserved node:
<code class="host">nancy frontend:</code><code class="command">uniq</code> $OAR_NODEFILE</code>
Deploy the node with the debian10-x64-big environment, inside the VLAN:
<code class="host">nancy frontend:</code><code class="command">kadeploy3</code> -e debian10-64-big -m <code class="replace">NODE</code> --vlan <code class="replace">VLAN NUMBER</code> -k</code>

Revision as of 16:52, 7 April 2021

Note.png Note

This page is actively maintained by the Grid'5000 team. If you encounter problems, please report them (see the Support page). Additionally, as it is a wiki page, you are free to make minor corrections yourself if needed. If you would like to suggest a more fundamental change, please contact the Grid'5000 team.

This page documents how to secure a Grid'5000 node, making it suitable to host and process more sensitive data. The process is based on a tool (g5k-armor-node.py) that runs on a debian10-x64-big environment.

Node reservation and deployment

Identify your requirements:

  • Select a cluster that suits your needs.
  • Estimate for how long you will need the resources. If they exceed what is allowed for the default queue in the Grid5000:UsagePolicy Usage Policy, maybe the production queue will match your needs. If the duration also exceeds what is allowed by the production queue (more than one week needed), you should follow the procedure explained on the Grid5000:UsagePolicy Usage Policy page to request an exception.

Remember that your data will be destroyed at the end of the reservation.

Reserve a node and a VLAN, for example with:

nancy frontend:oarsub -q production -t deploy -l {"type='kavlan'"}/vlan=1+{"cluster='graoully'"}/nodes=1,walltime=WALLTIME -r START DATE

Once the job has started, connect inside the job:

nancy frontend:oarsub -C JOB ID

Get the assigned VLAN number:

nancy frontend:kavlan -V

Get the reserved node:

nancy frontend:uniq $OAR_NODEFILE

Deploy the node with the debian10-x64-big environment, inside the VLAN:

nancy frontend:kadeploy3 -e debian10-64-big -m NODE --vlan VLAN NUMBER -k