LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Enterprise Linux Forums > Linux - Enterprise
User Name
Password
Linux - Enterprise This forum is for all items relating to using Linux in the Enterprise.

Notices

Reply
 
Search this Thread
Old 01-08-2008, 09:52 AM   #1
activeq
Member
 
Registered: Jul 2006
Location: Balen, Belgium
Distribution: Suse 10, Centos, Open Solaris
Posts: 76

Rep: Reputation: 15
DISPLAY variable bsub command


Hello,

We're having a LSF HPC cluster on Linux RH Enterprise 4 64B running.
When I login to a login server I can open an xterm with command 'xterm' and with a bsub command using LSF.
When I ssh to another login server, my display variable will be forwarded thanks to a ssh setting. (xforwarding=yes in sshd.conf).
I still can use the command 'xterm' to open an xterm windows on the other loginserver.
When I now want to submit an xterm to a queue with bsub, xterm will not be displayed because of it's $DISPLAY variable. It says:
xterm Xt error: Can't open display: saq1l008:12.0

It seems that bsub will not use the Xforwarding origin from ssh.

We want this to be global, and not for one or two persons. Otherwise it was easy to add an entry in a wrapperscript which controlled the display variable or edit xauth.
We also want it to be as transparant as possible without letting the users to manually set their display variable after they ssh to the new loginserver.

It may be a dump question why we want to ssh to another loginserver and from there start an xterm or other application using X11, but users do silly things ;-)

I'm out of ideas and maybe can help me with this issue.

Thanks in advance.

Last edited by activeq; 01-08-2008 at 09:54 AM.
 
Old 01-09-2008, 07:13 PM   #2
mackdav
Member
 
Registered: Feb 2005
Distribution: RHEL, CentOS
Posts: 113

Rep: Reputation: 16
The reason why it doesn't work is because there is authentication on the pseudo display on the ssh tunnel'd display, so only systems with the correct X authentication (usually a MIT-MAGIC-COOKIE or the like) can connect to it.

Try this:

$ xhost +
$ bsub ...

If they are local to the lsf farm (ie on the same network) then you probably shouldn't be messing around with tunneled displays. You should do this:

myhost$ xhost +
myhost$ ssh launchhost
launchhost$ export DISPLAY=myhost:0.0
launchhost$ bsub ...

...and have the job display direct back to the user's computer rather than displaying unencrypted to the launch host, then tunnelling that back to the user.

If you really need to do it (ie the user is ssh'd in from a system firewalled from the internet, and the lsf node can't get directly back to it) then you need to get the xauth information into the environment, then write a "launcher" that extracts the xauth information from the shell environment, performs the xauth operation, THEN runs your xterm or whatever.

Try this:

On your local machine do

xauth list $DISPLAY

and you get a reply:

mymachine.mydomain.com:0 MIT-MAGIC-COOKIE-1 37cb47264b485cd2e24ef9421def2a83

Then, on your remote machine do:

xauth add mymachine.mydomain.com:0 MIT-MAGIC-COOKIE-1 37cb47264b485cd2e24ef9421def2a83

That's all. Now you can set the display on your remote system, and processes started from that shell can display back to your originating machine. Unencrypted, of course, but it means that arbitrary people on the remote system can't interact with your display (the downside of xhost +).

Your key shouldn't change that often, but when it does, just issue on the
remote machine:

xauth remove mymachine.mydomain.com:0

before you add the new key.

The above is, in a nutshell, what your bsub wrapper has to do.

Last edited by mackdav; 01-09-2008 at 07:15 PM.
 
Old 05-08-2009, 12:10 PM   #3
malexgreen
LQ Newbie
 
Registered: Jan 2006
Posts: 1

Rep: Reputation: 0
Here's what happens when I try the above
nonemagreen@magreen_fc9.hq.tensilica.com:~ 101$ xauth list $DISPLAY
magreen_fc9.hq.tensilica.com/unix:0 MIT-MAGIC-COOKIE-1 4713d325a2c39b515bf443457cdcdd3d
nonemagreen@magreen_fc9.hq.tensilica.com:~ 102$ ssh naos
magreen@naos's password:
Last login: Fri May 8 09:06:31 2009 from magreen_fc9.hq.tensilica.com
nonemagreen@naos:~ 101> xauth add magreen_fc9.hq.tensilica.com/unix:0 MIT-MAGIC-COOKIE-1 4713d325a2c39b515bf443457cdcdd3d
nonemagreen@naos:~ 102> bsub -q pr -Ip "xterm"
Job <807121> is submitted to queue <pr>.
<<Waiting for dispatch ...>>
<<Starting on alma>>
nonemagreen@naos:~ 103> bjobs
No unfinished job found
nonemagreen@naos:~ 104> bsub -q pr -W 300 -c 300 -R "select[type==RHEL4_64 || type==RHEL5_64]" -Ip "xterm"
Job <807122> is submitted to queue <pr>.
<<Waiting for dispatch ...>>
<<Starting on orion>>
xterm Xt error: Can't open display:
nonemagreen@naos:~ 105> setenv DISPLAY magreen_fc9.hq.tensilica.com/unix:0
nonemagreen@naos:~ 106> bsub -q pr -W 300 -c 300 -R "select[type==RHEL4_64 || type==RHEL5_64]" -Ip "xterm"
Job <807123> is submitted to queue <pr>.
<<Waiting for dispatch ...>>
<<Starting on orion>>
xterm Xt error: Can't open display: magreen_fc9.hq.tensilica.com/unix:0
What am I doing wrong?
 
Old 05-10-2009, 09:32 PM   #4
mackdav
Member
 
Registered: Feb 2005
Distribution: RHEL, CentOS
Posts: 113

Rep: Reputation: 16
The reason why that doesn't work is because when you do the

xauth add

...you are adding the details for your workstation to the computer you are ssh'd in to, not to the farm nodes. xauth information isn't stored in the environment anywhere.

Short of doing xhost + you'll have to add the xauth information to your environment, then teach your bsub'd command to do the xauth add before running any commands. Sort of like:

export MY_XAUTH=`xauth list $DISPLAY`

then do a

$bsub MyXterm

where MyXterm does this:

xauth add $MY_XAUTH
xterm

That's just off the top of my head though.
 
  


Reply

Tags
display, xauth


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
X forwarding (DISPLAY variable) Rohan_mk1 Linux - Software 4 07-30-2007 03:03 PM
question about DISPLAY variable chucker8 Linux - General 1 04-27-2006 10:51 AM
Problem withChanging DISPLAY environment variable to display on someone else's screen wantsri Linux - Networking 1 10-25-2005 12:14 PM
Tcl Error no display name and no DISPLAY environment variable thinkgeek Programming 5 07-06-2005 11:24 PM
Urgent!! Display Variable mipas Linux - General 1 03-29-2004 10:33 AM


All times are GMT -5. The time now is 02:28 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration