How severe does this issue affect your experience of using Ray?
- Medium: It contributes to significant difficulty to complete my task, but I can work around it.
I am using ray.tune on a local cluster with several GPU instances. Since the cluster is small, I just manage them manually, with something like
# Head
ray start --head --port PORT --include-dashboard false --num-cpus 2 --num-gpus 2 --system-config '{"worker_niceness": 0}' --block
# Worker
ray start --address=‘HEAD-IP:PORT’ --num-cpus 2 --num-gpus 2 --block
But I’m worrying about its security. If I understand correctly, the recent ray version (2.6) does not offer authentication functionality, and I did not find a way to limit the network interface it binds. So any computer could access my cluster, and execute arbitrary code.
Defining some firewall rule rules may be an option, but it both requires root previlege which requires me to contact system manager and has to know which ports to protect.
Some other options I could think of (but did not succeed):
- Protect with a custom password
- Bind to localhost, then use SSH port forwarding to connect with each host.
Please give me some suggestions or point out anything I misunderstand.