High Performance Computing on Gentoo Linux
1. Introduction
Gentoo Linux, a special flavor of Linux that can be automatically optimized
and customized for just about any application or need. Extreme performance,
configurability and a top-notch user and developer community are all hallmarks
of the Gentoo experience.
Thanks to a technology called Portage, Gentoo Linux can become an ideal secure
server, development workstation, professional desktop, gaming system, embedded
solution or... a High Performance Computing system. Because of its
near-unlimited adaptability, we call Gentoo Linux a metadistribution.
This document explains how to turn a Gentoo system into a High Performance
Computing system. Step by step, it explains what packages one may want to
install and helps configure them.
Obtain Gentoo Linux from the website http://www.gentoo.org, and
refer to the documentation at the same location to
install it.
2. Configuring Gentoo Linux for Clustering
Recommended Optimizations
Note:
We refer to the Gentoo Linux Handbooks in
this section.
|
During the installation process, you will have to set your USE variables in
/etc/make.conf. We recommended that you deactivate all the
defaults (see /etc/make.profile/make.defaults) by negating them
in make.conf. However, you may want to keep such use variables as x86, 3dnow,
gpm, mmx, sse, ncurses, pam and tcpd. Refer to the USE documentation for more
information.
Code Listing 2.1: USE Flags |
USE="-oss 3dnow -apm -arts -avi -berkdb -crypt -cups -encode -gdbm
-gif gpm -gtk -imlib -java -jpeg -kde -gnome -libg++ -libwww -mikmod
mmx -motif -mpeg ncurses -nls -oggvorbis -opengl pam -pdflib -png
-python -qt -qtmt -quicktime -readline -sdl -slang -spell -ssl
-svga tcpd -truetype -X -xml2 -xmms -xv -zlib"
|
Or simply:
Code Listing 2.2: USE Flags - simplified version |
USE="-* 3dnow gpm mmx ncurses pam sse tcpd"
|
Note:
The tcpd USE flag increases security for packages such as xinetd.
|
In step 15 ("Installing the kernel and a System Logger") for stability
reasons, we recommend the vanilla-sources, the official kernel sources
released on http://www.kernel.org/, unless you require special
support such as xfs.
Code Listing 2.3: Installing vanilla-sources |
# emerge -p syslog-ng vanilla-sources
|
When you install miscellaneous packages, we recommend installing the
following:
Code Listing 2.4: Installing necessary packages |
# emerge -p nfs-utils portmap tcpdump ssmtp iptables xinetd
|
Communication Layer (TCP/IP Network)
A cluster requires a communication layer to interconnect the slave nodes to
the master node. Typically, a FastEthernet or GigaEthernet LAN can be used
since they have a good price/performance ratio. Other possibilities include
use of products like Myrinet, QsNet or others.
A cluster is composed of two node types: master and slave. Typically, your
cluster will have one master node and several slave nodes.
The master node is the cluster's server. It is responsible for telling the
slave nodes what to do. This server will typically run such daemons as dhcpd,
nfs, pbs-server, and pbs-sched. Your master node will allow interactive
sessions for users, and accept job executions.
The slave nodes listen for instructions (via ssh/rsh perhaps) from the master
node. They should be dedicated to crunching results and therefore should not
run any unnecessary services.
The rest of this documentation will assume a cluster configuration as per the
hosts file below. You should maintain on every node such a hosts file
(/etc/hosts) with entries for each node participating node in the
cluster.
Code Listing 2.5: /etc/hosts |
# Adelie Linux Research & Development Center
# /etc/hosts
127.0.0.1 localhost
192.168.1.100 master.adelie master
192.168.1.1 node01.adelie node01
192.168.1.2 node02.adelie node02
|
To setup your cluster dedicated LAN, edit your /etc/conf.d/net
file on the master node.
Code Listing 2.6: /etc/conf.d/net |
# Copyright 1999-2002 Gentoo Technologies, Inc.
# Distributed under the terms of the GNU General Public License, v2 or later
# Global config file for net.* rc-scripts
# This is basically the ifconfig argument without the ifconfig $iface
#
iface_eth0="192.168.1.100 broadcast 192.168.1.255 netmask 255.255.255.0"
# Network Connection to the outside world using dhcp -- configure as required for you network
iface_eth1="dhcp"
|
Finally, setup a DHCP daemon on the master node to avoid having to maintain a
network configuration on each slave node.
Code Listing 2.7: /etc/dhcp/dhcpd.conf |
# Adelie Linux Research & Development Center
# /etc/dhcp/dhcpd.conf
log-facility local7;
ddns-update-style none;
use-host-decl-names on;
subnet 192.168.1.0 netmask 255.255.255.0 {
option domain-name "adelie";
range 192.168.1.10 192.168.1.99;
option routers 192.168.1.100;
host node01.adelie {
# MAC address of network card on node 01
hardware ethernet 00:07:e9:0f:e2:d4;
fixed-address 192.168.1.1;
}
host node02.adelie {
# MAC address of network card on node 02
hardware ethernet 00:07:e9:0f:e2:6b;
fixed-address 192.168.1.2;
}
}
|
NFS/NIS
The Network File System (NFS) was developed to allow machines to mount a disk
partition on a remote machine as if it were on a local hard drive. This allows
for fast, seamless sharing of files across a network.
There are other systems that provide similar functionality to NFS which could
be used in a cluster environment. The Andrew File System
from IBM, recently open-sourced, provides a file sharing mechanism with
some additional security and performance features. The Coda File System is still in
development, but is designed to work well with disconnected clients. Many
of the features of the Andrew and Coda file systems are slated for inclusion
in the next version of NFS (Version 4).
The advantage of NFS today is that it is mature, standard, well understood,
and supported robustly across a variety of platforms.
Code Listing 2.8: Ebuilds for NFS-support |
# emerge -p nfs-utils portmap
# emerge nfs-utils portmap
|
Configure and install a kernel to support NFS v3 on all nodes:
Code Listing 2.9: Required Kernel Configurations for NFS |
CONFIG_NFS_FS=y
CONFIG_NFSD=y
CONFIG_SUNRPC=y
CONFIG_LOCKD=y
CONFIG_NFSD_V3=y
CONFIG_LOCKD_V4=y
|
On the master node, edit your /etc/hosts.allow file to allow
connections from slave nodes. If your cluster LAN is on 192.168.1.0/24,
your hosts.allow will look like:
Code Listing 2.10: hosts.allow |
portmap:192.168.1.0/255.255.255.0
|
Edit the /etc/exports file of the master node to export a work
directory structure (/home is good for this).
Code Listing 2.11: /etc/exports |
/home/ *(rw)
|
Add nfs to your master node's default runlevel:
Code Listing 2.12: Adding NFS to the default runlevel |
# rc-update add nfs default
|
To mount the nfs exported filesystem from the master, you also have to
configure your salve nodes' /etc/fstab. Add a line like this
one:
Code Listing 2.13: /etc/fstab |
master:/home/ /home nfs rw,exec,noauto,nouser,async 0 0
|
You'll also need to set up your nodes so that they mount the nfs filesystem by
issuing this command:
Code Listing 2.14: Adding nfsmount to the default runlevel |
# rc-update add nfsmount default
|
RSH/SSH
SSH is a protocol for secure remote login and other secure network services
over an insecure network. OpenSSH uses public key cryptography to provide
secure authorization. Generating the public key, which is shared with remote
systems, and the private key which is kept on the local system, is done first
to configure OpenSSH on the cluster.
For transparent cluster usage, private/public keys may be used. This process
has two steps:
- Generate public and private keys
- Copy public key to slave nodes
For user based authentication, generate and copy as follows:
Code Listing 2.15: SSH key authentication |
# ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/root/.ssh/id_dsa): /root/.ssh/id_dsa
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_dsa.
Your public key has been saved in /root/.ssh/id_dsa.pub.
The key fingerprint is:
f1:45:15:40:fd:3c:2d:f7:9f:ea:55:df:76:2f:a4:1f root@master
# scp /root/.ssh/id_dsa.pub node01:/root/.ssh/authorized_keys
root@master's password:
id_dsa.pub 100% 234 2.0MB/s 00:00
# scp /root/.ssh/id_dsa.pub node02:/root/.ssh/authorized_keys
root@master's password:
id_dsa.pub 100% 234 2.0MB/s 00:00
|
Note:
Host keys must have an empty passphrase. RSA is required for host-based
authentication.
|
For host based authentication, you will also need to edit your
/etc/ssh/shosts.equiv.
Code Listing 2.16: /etc/ssh/shosts.equiv |
node01.adelie
node02.adelie
master.adelie
|
And a few modifications to the /etc/ssh/sshd_config file:
Code Listing 2.17: sshd configurations |
# $OpenBSD: sshd_config,v 1.42 2001/09/20 20:57:51 mouring Exp $
# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
# This is the sshd server system-wide configuration file. See sshd(8)
# for more information.
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
|
If your application require RSH communications, you will need to emerge
net-misc/netkit-rsh and sys-apps/xinetd.
Code Listing 2.18: Installing necessary applicaitons |
# emerge -p xinetd
# emerge xinetd
# emerge -p netkit-rsh
# emerge netkit-rsh
|
Then configure the rsh deamon. Edit your /etc/xinet.d/rsh file.
Code Listing 2.19: rsh |
# Adelie Linux Research & Development Center
# /etc/xinetd.d/rsh
service shell
{
socket_type = stream
protocol = tcp
wait = no
user = root
group = tty
server = /usr/sbin/in.rshd
log_type = FILE /var/log/rsh
log_on_success = PID HOST USERID EXIT DURATION
log_on_failure = USERID ATTEMPT
disable = no
}
|
Edit your /etc/hosts.allow to permit rsh connections:
Code Listing 2.20: hosts.allow |
# Adelie Linux Research & Development Center
# /etc/hosts.allow
in.rshd:192.168.1.0/255.255.255.0
|
Or you can simply trust your cluster LAN:
Code Listing 2.21: hosts.allow |
# Adelie Linux Research & Development Center
# /etc/hosts.allow
ALL:192.168.1.0/255.255.255.0
|
Finally, configure host authentication from /etc/hosts.equiv.
Code Listing 2.22: hosts.equiv |
# Adelie Linux Research & Development Center
# /etc/hosts.equiv
master
node01
node02
|
And, add xinetd to your default runlevel:
Code Listing 2.23: Adding xinetd to the default runlevel |
# rc-update add xinetd default
|
NTP
The Network Time Protocol (NTP) is used to synchronize the time of a computer
client or server to another server or reference time source, such as a radio
or satellite receiver or modem. It provides accuracies typically within a
millisecond on LANs and up to a few tens of milliseconds on WANs relative to
Coordinated Universal Time (UTC) via a Global Positioning Service (GPS)
receiver, for example. Typical NTP configurations utilize multiple redundant
servers and diverse network paths in order to achieve high accuracy and
reliability.
Select a NTP server geographically close to you from Public NTP Time
Servers, and configure your /etc/conf.d/ntp and
/etc/ntp.conf files on the master node.
Code Listing 2.24: Master /etc/conf.d/ntp |
# Copyright 1999-2002 Gentoo Technologies, Inc.
# Distributed under the terms of the GNU General Public License v2
# /etc/conf.d/ntpd
# NOTES:
# - NTPDATE variables below are used if you wish to set your
# clock when you start the ntp init.d script
# - make sure that the NTPDATE_CMD will close by itself ...
# the init.d script will not attempt to kill/stop it
# - ntpd will be used to maintain synchronization with a time
# server regardless of what NTPDATE is set to
# - read each of the comments above each of the variable
# Comment this out if you dont want the init script to warn
# about not having ntpdate setup
NTPDATE_WARN="n"
# Command to run to set the clock initially
# Most people should just uncomment this line ...
# however, if you know what you're doing, and you
# want to use ntpd to set the clock, change this to 'ntpd'
NTPDATE_CMD="ntpdate"
# Options to pass to the above command
# Most people should just uncomment this variable and
# change 'someserver' to a valid hostname which you
# can acquire from the URL's below
NTPDATE_OPTS="-b ntp1.cmc.ec.gc.ca"
##
# A list of available servers is available here:
# http://www.eecis.udel.edu/~mills/ntp/servers.html
# Please follow the rules of engagement and use a
# Stratum 2 server (unless you qualify for Stratum 1)
##
# Options to pass to the ntpd process that will *always* be run
# Most people should not uncomment this line ...
# however, if you know what you're doing, feel free to tweak
#NTPD_OPTS=""
|
Edit your /etc/ntp.conf file on the master to setup an external
synchronization source:
Code Listing 2.25: Master ntp.conf |
# Adelie Linux Research & Development Center
# /etc/ntp.conf
# Synchronization source #1
server ntp1.cmc.ec.gc.ca
restrict ntp1.cmc.ec.gc.ca
# Synchronization source #2
server ntp2.cmc.ec.gc.ca
restrict ntp2.cmc.ec.gc.ca
stratum 10
driftfile /etc/ntp.drift.server
logfile /var/log/ntp
broadcast 192.168.1.255
restrict default kod
restrict 127.0.0.1
restrict 192.168.1.0 mask 255.255.255.0
|
And on all your slave nodes, setup your synchronization source as your master
node.
Code Listing 2.26: Node /etc/conf.d/ntp |
# Copyright 1999-2002 Gentoo Technologies, Inc.
# Distributed under the terms of the GNU General Public License v2
# /etc/conf.d/ntpd
NTPDATE_WARN="n"
NTPDATE_CMD="ntpdate"
NTPDATE_OPTS="-b master"
|
Code Listing 2.27: Node ntp.conf |
# Adelie Linux Research & Development Center
# /etc/ntp.conf
# Synchronization source #1
server master
restrict master
stratum 11
driftfile /etc/ntp.drift.server
logfile /var/log/ntp
restrict default kod
restrict 127.0.0.1
|
Then add ntpd to the default runlevel of all your nodes:
Code Listing 2.28: Adding ntpd to the default runlevel |
# rc-update add ntpd default
|
Note:
NTP will not update the local clock if the time difference between your
synchronization source and the local clock is too great.
|
IPTABLES
To setup a firewall on your cluster, you will need iptables.
Code Listing 2.29: Installing iptables |
# emerge -p iptables
# emerge iptables
|
Required kernel configuration:
Code Listing 2.30: IPtables kernel configuration |
CONFIG_NETFILTER=y
CONFIG_IP_NF_CONNTRACK=y
CONFIG_IP_NF_IPTABLES=y
CONFIG_IP_NF_MATCH_STATE=y
CONFIG_IP_NF_FILTER=y
CONFIG_IP_NF_TARGET_REJECT=y
CONFIG_IP_NF_NAT=y
CONFIG_IP_NF_NAT_NEEDED=y
CONFIG_IP_NF_TARGET_MASQUERADE=y
CONFIG_IP_NF_TARGET_LOG=y
|
And the rules required for this firewall:
Code Listing 2.31: rule-save |
# Adelie Linux Research & Development Center
# /var/lib/iptables/rule-save
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -s 192.168.1.0/255.255.255.0 -i eth1 -j ACCEPT
-A INPUT -s 127.0.0.1 -i lo -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -j LOG
-A INPUT -j REJECT --reject-with icmp-port-unreachable
COMMIT
*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A POSTROUTING -s 192.168.1.0/255.255.255.0 -j MASQUERADE
COMMIT
|
Then add iptables to the default runlevel of all your nodes:
Code Listing 2.32: Adding iptables to the default runlevel |
# rc-update add iptables default
|
3. HPC Tools
OpenPBS
The Portable Batch System (PBS) is a flexible batch queueing and workload
management system originally developed for NASA. It operates on networked,
multi-platform UNIX environments, including heterogeneous clusters of
workstations, supercomputers, and massively parallel systems. Development of
PBS is provided by Altair Grid Technologies.
Code Listing 3.1: Installing openpbs |
# emerge -p openpbs
|
Note:
OpenPBS ebuild does not currently set proper permissions on var-directories
used by OpenPBS.
|
Before starting using OpenPBS, some configurations are required. The files
you will need to personalize for your system are:
- /etc/pbs_environment
- /var/spool/PBS/server_name
- /var/spool/PBS/server_priv/nodes
- /var/spool/PBS/mom_priv/config
- /var/spool/PBS/sched_priv/sched_config
Here is a sample sched_config:
Code Listing 3.2: /var/spool/PBS/sched_priv/sched_config |
#
# Create queues and set their attributes.
#
#
# Create and define queue upto4nodes
#
create queue upto4nodes
set queue upto4nodes queue_type = Execution
set queue upto4nodes Priority = 100
set queue upto4nodes resources_max.nodect = 4
set queue upto4nodes resources_min.nodect = 1
set queue upto4nodes enabled = True
set queue upto4nodes started = True
#
# Create and define queue default
#
create queue default
set queue default queue_type = Route
set queue default route_destinations = upto4nodes
set queue default enabled = True
set queue default started = True
#
# Set server attributes.
#
set server scheduling = True
set server acl_host_enable = True
set server default_queue = default
set server log_events = 511
set server mail_from = adm
set server query_other_jobs = True
set server resources_default.neednodes = 1
set server resources_default.nodect = 1
set server resources_default.nodes = 1
set server scheduler_iteration = 60
|
To submit a task to OpenPBS, the command qsub is used with some
optional parameters. In the example below, "-l" allows you to specify
the resources required, "-j" provides for redirection of standard out and
standard error, and the "-m" will e-mail the user at beginning (b), end (e)
and on abort (a) of the job.
Code Listing 3.3: Submitting a task |
# qsub -l nodes=2 -j oe -m abe myscript
|
Normally jobs submitted to OpenPBS are in the form of scripts. Sometimes, you
may want to try a task manually. To request an interactive shell from OpenPBS,
use the "-I" parameter.
Code Listing 3.4: Requesting an interactive shell |
# qsub -I
|
To check the status of your jobs, use the qstat command:
Code Listing 3.5: Checking the status of the jobs |
# qstat
Job id Name User Time Use S Queue
------ ---- ---- -------- - -----
2.geist STDIN adelie 0 R upto1nodes
|
MPICH
Message passing is a paradigm used widely on certain classes of parallel
machines, especially those with distributed memory. MPICH is a freely
available, portable implementation of MPI, the Standard for message-passing
libraries.
The mpich ebuild provided by Adelie Linux allows for two USE flags:
doc and crypt. doc will cause documentation to be
installed, while crypt will configure MPICH to use ssh instead
of rsh.
Code Listing 3.6: Installing the mpich application |
# emerge -p mpich
# emerge mpich
|
You may need to export a mpich work directory to all your slave nodes in
/etc/exports:
Code Listing 3.7: /etc/exports |
/home *(rw)
|
Most massively parallel processors (MPPs) provide a way to start a program on
a requested number of processors; mpirun makes use of the appropriate
command whenever possible. In contrast, workstation clusters require that each
process in a parallel job be started individually, though programs to help
start these processes exist. Because workstation clusters are not already
organized as an MPP, additional information is required to make use of them.
Mpich should be installed with a list of participating workstations in the
file machines.LINUX in the directory
/usr/share/mpich/. This file is used by mpirun to choose
processors to run on.
Edit this file to reflect your cluster-lan configuration:
Code Listing 3.8: /usr/share/mpich/machines.LINUX |
# Change this file to contain the machines that you want to use
# to run MPI jobs on. The format is one host name per line, with either
# hostname
# or
# hostname:n
# where n is the number of processors in an SMP. The hostname should
# be the same as the result from the command "hostname"
master
node01
node02
# node03
# node04
# ...
|
Use the script tstmachines in /usr/sbin/ to ensure that
you can use all of the machines that you have listed. This script performs
an rsh and a short directory listing; this tests that you both have
access to the node and that a program in the current directory is visible on
the remote node. If there are any problems, they will be listed. These
problems must be fixed before proceeding.
The only argument to tstmachines is the name of the architecture; this
is the same name as the extension on the machines file. For example, the
following tests that a program in the current directory can be executed by
all of the machines in the LINUX machines list.
Code Listing 3.9: Running a test |
# /usr/local/mpich/sbin/tstmachines LINUX
|
Note:
This program is silent if all is well; if you want to see what it is doing,
use the -v (for verbose) argument:
|
Code Listing 3.10: Running a test verbosively |
# /usr/local/mpich/sbin/tstmachines -v LINUX
|
The output from this command might look like:
Code Listing 3.11: Output of the above command |
Trying true on host1.uoffoo.edu ...
Trying true on host2.uoffoo.edu ...
Trying ls on host1.uoffoo.edu ...
Trying ls on host2.uoffoo.edu ...
Trying user program on host1.uoffoo.edu ...
Trying user program on host2.uoffoo.edu ...
|
If tstmachines finds a problem, it will suggest possible reasons and
solutions. In brief, there are three tests:
-
Can processes be started on remote machines? tstmachines attempts
to run the shell command true on each machine in the machines files by
using the remote shell command.
-
Is current working directory available to all machines? This
attempts to ls a file that tstmachines creates by running ls using the
remote shell command.
-
Can user programs be run on remote systems? This checks that shared
libraries and other components have been properly installed on all
machines.
And the required test for every development tool:
Code Listing 3.12: Testing a development tool |
# cd ~
# cp /usr/share/mpich/examples1/hello++.c ~
# make hello++
# mpirun -machinefile /usr/share/mpich/machines.LINUX -np 1 hello++
|
For further information on MPICH, consult the documentation at http://www-unix.mcs.anl.gov/mpi/mpich/docs/mpichman-chp4/mpichman-chp4.htm.
LAM
(Coming Soon!)
OMNI
(Coming Soon!)
4. Bibliography
The original document is published at the Adelie Linux R&D Centre web site,
and is reproduced here with the permission of the authors and Cyberlogic's Adelie Linux R&D
Centre.
-
http://www.gentoo.org, Gentoo Technologies, Inc.
-
http://www.adelielinux.com,
Adelie Linux Research and Development Centre
-
http://nfs.sourceforge.net,
Linux NFS Project
-
http://www-unix.mcs.anl.gov/mpi/mpich/,
Mathematics and Computer Science Division, Argonne National Laboratory
-
http://ntp.org
-
http://www.eecis.udel.edu/~mills/,
David L. Mills, University of Delaware
-
http://www.ietf.org/html.charters/secsh-charter.html,
Secure Shell Working Group, IETF, Internet Society
-
http://www.linuxsecurity.com/,
Guardian Digital
-
http://www.openpbs.org/,
Altair Grid Technologies, LLC.
|