Skip to content

fix(firewall): Update rules for SSH and MPI

Nicolas Litchinkorequested to merge
fix/firewall into main

Context

  1. We gave the impression that ssh connections to the login nodes' public interface were restricted to a given set of IP ranges. This was not the case; anyone could reach the ssh port.
  2. Since connections are denied unless a firewall rules explicitly allows them, MPI tasks could not communicate between nodes.

Impact

  1. Access to the login nodes' public interface will be restricted to the specified IP ranges.
  2. Users will be able to run multi-node MPI tasks.

Test(s)

With these changes:

  1. I was no longer to connect to the login nodes from home without using the VPN. This is the expected behaviour since the firewall rule should only allow EPFL's ranges by default.
  2. I was able to run a short mch_icon-ch1 simulation on 2 compute nodes.

Merge request reports