Connect Worker Issues due to Institue-Firewall

Install, Configure and Update
1

Dear CryoSPARC team,

we are setting up a new cryosparc instance. On the master, we were able to install cryosparc sucessfully, but only when the IP address was completely removed from any firewall. This allowed us to create the first user etc. Then we switched the IP address to one that has firewall protection. CryoSPARC works fine as a --standalone installation on that master machine now.

output of “cryosparcm status”

----------------------------------------------------------------------------
CryoSPARC System master node installed at
/home/cryosparcuser/cryosparc/cryosparc_master
Current cryoSPARC version: v4.7.1
----------------------------------------------------------------------------

CryoSPARC process status:

app                              RUNNING   pid 4242, uptime 0:00:10
app_api                          RUNNING   pid 4262, uptime 0:00:08
app_api_dev                      STOPPED   Not started
command_core                     RUNNING   pid 4169, uptime 0:00:19
command_rtp                      RUNNING   pid 4229, uptime 0:00:12
command_vis                      RUNNING   pid 4198, uptime 0:00:13
database                         RUNNING   pid 4065, uptime 0:00:22

----------------------------------------------------------------------------
License is valid
----------------------------------------------------------------------------

global config variables:
export CRYOSPARC_MASTER_HOSTNAME="deimos"
export CRYOSPARC_DB_PATH="/home/cryosparcuser/cryosparc/cryosparc_database"
export CRYOSPARC_BASE_PORT=61000
export CRYOSPARC_DB_CONNECTION_TIMEOUT_MS=20000
export NO_PROXY="${CRYOSPARC_MASTER_HOSTNAME},localhost,127.0.0.1"
export CRYOSPARC_INSECURE=false
export CRYOSPARC_DB_ENABLE_AUTH=true
export CRYOSPARC_CLUSTER_JOB_MONITOR_INTERVAL=10
export CRYOSPARC_CLUSTER_JOB_MONITOR_MAX_RETRIES=1000000
export CRYOSPARC_PROJECT_DIR_PREFIX='CS-'
export CRYOSPARC_DEVELOP=false
export CRYOSPARC_CLICK_WRAP=true

The next step is to install multiple workers.
The worker is configured in a way that passwordless -ssh -X connection is possible in both directions.

On the master machine under ~/.ssh/authorized_keys

ssh-ed25519 "KEY" cryosparcuser@129.132.174.worker

On the (to be) worker machine under ~/.ssh/authorized_keys

ssh-ed25519 "KEY" cryosparcuser@129.132.174.master

Additionally, the /etc/hosts file has been adjusted so that the IP adsress of the other machine is associated with a name.
On the master under /etc/hosts

127.0.0.1 localhost
127.0.1.1 deimos

129.132.174.worker phobos

# The following lines are desirable for IPv6 capable hosts
::1     ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

on the worker under /etc/hosts

127.0.0.1 localhost
127.0.1.1 phobos

129.132.174.master deimos

# The following lines are desirable for IPv6 capable hosts
::1     ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
#127.0.1.1 wks
127.0.0.1 scopem-phobos.ethz.ch phobos

On both machines, the “ufw” has been disabled, output from “sudo ufw status”

Status: inactive

this setup should allow us to follow the installation instructions of a cryosparc worker. However, if we run the following command (from : ~/cryosparc/cryosparc_worker$):

./bin/cryosparcw connect --worker scopem-phobos.ethz.ch --master deimos --port 61000 --ssdpath /mnt/scratch/cryosparcssd/ --sshstr 'cryosparcuser@129.132.174.worker' --lane 'phobos' --newlane

we get the following error:

Response from server: b'<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">\n<html><head>\n<meta type="copyright" content="Copyright (C) 1996-2021 The Squid Software Foundation and contributors">\n<meta http-equiv="Content-Type" content="text/html; charset=utf-8">\n<title>ERROR: The requested URL could not be retrieved</title>\n<style type="text/css"><!-- \n /*\n * Copyright (C) 1996-2021 The Squid Software Foundation and contributors\n *\n * Squid software is distributed under GPLv2+ license and includes\n * contributions from numerous individuals and organizations.\n * Please see the COPYING and CONTRIBUTORS files for details.\n */\n\n/*\n Stylesheet for Squid Error pages\n Adapted from design by Free CSS Templates\n http://www.freecsstemplates.org\n Released for free under a Creative Commons Attribution 2.5 License\n*/\n\n/* Page basics */\n* {\n\tfont-family: verdana, sans-serif;\n}\n\nhtml body {\n\tmargin: 0;\n\tpadding: 0;\n\tbackground: #efefef;\n\tfont-size: 12px;\n\tcolor: #1e1e1e;\n}\n\n/* Page displayed title area */\n#titles {\n\tmargin-left: 15px;\n\tpadding: 10px;\n\tpadding-left: 100px;\n\tbackground: url(\'/squid-internal-static/icons/SN.png\') no-repeat left;\n}\n\n/* initial title */\n#titles h1 {\n\tcolor: #000000;\n}\n#titles h2 {\n\tcolor: #000000;\n}\n\n/* special event: FTP success page titles */\n#titles ftpsuccess {\n\tbackground-color:#00ff00;\n\twidth:100%;\n}\n\n/* Page displayed body content area */\n#content {\n\tpadding: 10px;\n\tbackground: #ffffff;\n}\n\n/* General text */\np {\n}\n\n/* error brief description */\n#error p {\n}\n\n/* some data which may have caused the problem */\n#data {\n}\n\n/* the error message received from the system or other software */\n#sysmsg {\n}\n\npre {\n}\n\n/* special event: FTP directory listing */\n#dirmsg {\n    font-family: courier, monospace;\n    color: black;\n    font-size: 10pt;\n}\n#dirlisting {\n    margin-left: 2%;\n    margin-right: 2%;\n}\n#dirlisting tr.entry td.icon,td.filename,td.size,td.date {\n    border-bottom: groove;\n}\n#dirlisting td.size {\n    width: 50px;\n    text-align: right;\n    padding-right: 5px;\n}\n\n/* horizontal lines */\nhr {\n\tmargin: 0;\n}\n\n/* page displayed footer area */\n#footer {\n\tfont-size: 9px;\n\tpadding-left: 10px;\n}\n\n\nbody\n:lang(fa) { direction: rtl; font-size: 100%; font-family: Tahoma, Roya, sans-serif; float: right; }\n:lang(he) { direction: rtl; }\n --></style>\n</head><body id=ERR_DNS_FAIL>\n<div id="titles">\n<h1>ERROR</h1>\n<h2>The requested URL could not be retrieved</h2>\n</div>\n<hr>\n\n<div id="content">\n<p>The following error was encountered while trying to retrieve the URL: <a href="http://deimos:61002/api">http://deimos:61002/api</a></p>\n\n<blockquote id="error">\n<p><b>Unable to determine IP address from host name <q>deimos</q></b></p>\n</blockquote>\n\n<p>The DNS server returned:</p>\n<blockquote id="data">\n<pre>Name Error: The domain name does not exist.</pre>\n</blockquote>\n\n<p>This means that the cache was not able to resolve the hostname presented in the URL. Check if the address is correct.</p>\n\n<p>Your cache administrator is <a href="mailto:root">root</a>.</p>\n<br>\n</div>\n\n<hr>\n<div id="footer">\n<p>Generated Thu, 11 Dec 2025 16:43:10 GMT by proxybd.ethz.ch (squid/4.15)</p>\n<!-- ERR_DNS_FAIL -->\n</div>\n</body></html>\n'
  system = self._get_callable("system.describe")()
Traceback (most recent call last):
  File "/home/cryosparcuser/cryosparc/cryosparc_worker/cryosparc_tools/cryosparc/command.py", line 105, in func
    with make_json_request(self, "/api", data=data, _stacklevel=4) as request:
  File "/home/cryosparcuser/cryosparc/cryosparc_worker/deps/anaconda/envs/cryosparc_worker_env/lib/python3.10/contextlib.py", line 135, in __enter__
    return next(self.gen)
  File "/home/cryosparcuser/cryosparc/cryosparc_worker/cryosparc_tools/cryosparc/command.py", line 226, in make_request
    raise CommandError(error_reason, url=url, code=code, data=resdata)
cryosparc_tools.cryosparc.errors.CommandError: *** (http://deimos:61002/api, code 503) HTTP Error 503 Service Unavailable; please check cryosparcm log command_core for additional information.
Response from server: b'<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">\n<html><head>\n<meta type="copyright" content="Copyright (C) 1996-2021 The Squid Software Foundation and contributors">\n<meta http-equiv="Content-Type" content="text/html; charset=utf-8">\n<title>ERROR: The requested URL could not be retrieved</title>\n<style type="text/css"><!-- \n /*\n * Copyright (C) 1996-2021 The Squid Software Foundation and contributors\n *\n * Squid software is distributed under GPLv2+ license and includes\n * contributions from numerous individuals and organizations.\n * Please see the COPYING and CONTRIBUTORS files for details.\n */\n\n/*\n Stylesheet for Squid Error pages\n Adapted from design by Free CSS Templates\n http://www.freecsstemplates.org\n Released for free under a Creative Commons Attribution 2.5 License\n*/\n\n/* Page basics */\n* {\n\tfont-family: verdana, sans-serif;\n}\n\nhtml body {\n\tmargin: 0;\n\tpadding: 0;\n\tbackground: #efefef;\n\tfont-size: 12px;\n\tcolor: #1e1e1e;\n}\n\n/* Page displayed title area */\n#titles {\n\tmargin-left: 15px;\n\tpadding: 10px;\n\tpadding-left: 100px;\n\tbackground: url(\'/squid-internal-static/icons/SN.png\') no-repeat left;\n}\n\n/* initial title */\n#titles h1 {\n\tcolor: #000000;\n}\n#titles h2 {\n\tcolor: #000000;\n}\n\n/* special event: FTP success page titles */\n#titles ftpsuccess {\n\tbackground-color:#00ff00;\n\twidth:100%;\n}\n\n/* Page displayed body content area */\n#content {\n\tpadding: 10px;\n\tbackground: #ffffff;\n}\n\n/* General text */\np {\n}\n\n/* error brief description */\n#error p {\n}\n\n/* some data which may have caused the problem */\n#data {\n}\n\n/* the error message received from the system or other software */\n#sysmsg {\n}\n\npre {\n}\n\n/* special event: FTP directory listing */\n#dirmsg {\n    font-family: courier, monospace;\n    color: black;\n    font-size: 10pt;\n}\n#dirlisting {\n    margin-left: 2%;\n    margin-right: 2%;\n}\n#dirlisting tr.entry td.icon,td.filename,td.size,td.date {\n    border-bottom: groove;\n}\n#dirlisting td.size {\n    width: 50px;\n    text-align: right;\n    padding-right: 5px;\n}\n\n/* horizontal lines */\nhr {\n\tmargin: 0;\n}\n\n/* page displayed footer area */\n#footer {\n\tfont-size: 9px;\n\tpadding-left: 10px;\n}\n\n\nbody\n:lang(fa) { direction: rtl; font-size: 100%; font-family: Tahoma, Roya, sans-serif; float: right; }\n:lang(he) { direction: rtl; }\n --></style>\n</head><body id=ERR_DNS_FAIL>\n<div id="titles">\n<h1>ERROR</h1>\n<h2>The requested URL could not be retrieved</h2>\n</div>\n<hr>\n\n<div id="content">\n<p>The following error was encountered while trying to retrieve the URL: <a href="http://deimos:61002/api">http://deimos:61002/api</a></p>\n\n<blockquote id="error">\n<p><b>Unable to determine IP address from host name <q>deimos</q></b></p>\n</blockquote>\n\n<p>The DNS server returned:</p>\n<blockquote id="data">\n<pre>Name Error: The domain name does not exist.</pre>\n</blockquote>\n\n<p>This means that the cache was not able to resolve the hostname presented in the URL. Check if the address is correct.</p>\n\n<p>Your cache administrator is <a href="mailto:root">root</a>.</p>\n<br>\n</div>\n\n<hr>\n<div id="footer">\n<p>Generated Thu, 11 Dec 2025 16:43:10 GMT by proxybd.ethz.ch (squid/4.15)</p>\n<!-- ERR_DNS_FAIL -->\n</div>\n</body></html>\n'

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
  File "/home/cryosparcuser/cryosparc/cryosparc_worker/bin/connect.py", line 78, in <module>
    cli = client.CommandClient(host=master_hostname, port=command_core_port, service="command_core")
  File "/home/cryosparcuser/cryosparc/cryosparc_worker/cryosparc_compute/client.py", line 38, in __init__
    super().__init__(service, host, port, url, timeout, headers, cls=NumpyEncoder)
  File "/home/cryosparcuser/cryosparc/cryosparc_worker/cryosparc_tools/cryosparc/command.py", line 97, in __init__
    self._reload()  # attempt connection immediately to gather methods
  File "/home/cryosparcuser/cryosparc/cryosparc_worker/cryosparc_tools/cryosparc/command.py", line 135, in _reload
    system = self._get_callable("system.describe")()
  File "/home/cryosparcuser/cryosparc/cryosparc_worker/cryosparc_tools/cryosparc/command.py", line 108, in func
    raise CommandError(
cryosparc_tools.cryosparc.errors.CommandError: *** (http://deimos:61002, code 503) Encounted error from JSONRPC function "system.describe" with params ()

A very similar (or identical) error appeared when we tried to create the initial user on the master, if the computer was protected by the firewall.
What kind of port do we need to open to successfully attatch our worker to our master instance?

We greatly appreciate any input and if you need more information, please let us know.

best,
Tamino

2

Prima facie this looks like a name resolution issue, so the /etc/hosts file on phobos may be involved.

Is this a literal excerpt from the phobos:/etc/hosts file, or is master the redaction of an integer in the 1..254 range?

3

Dear @wtempel,

I substituted the last 3 numbers with the name master/worker. I was not sure how sensitive the IP adress is.

In the /eth/hosts files, the correct IP adresses are set.

Best,
Tamino

4

What are the outputs of these commands on phobos:

NO_PROXY=deimos curl deimos:61001
curl ip_addr_of_deimos:61001

As an aside

contains two records for 127.0.0.1. This may be a misconfiguration.

5

Dear @wtempel

thanks for pointing out the mistake in the hosts file! Attached you find the fully adjusted file, also with the IP address.

127.0.0.1 localhost
127.0.1.1 scopem-phobos.ethz.ch phobos

129.132.174.216 deimos

# The following lines are desirable for IPv6 capable hosts
::1     ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
#127.0.1.1 wks
#127.0.0.1 scopem-phobos.ethz.ch phobos

Unfortunately the output of the commands don`t sound so good, do you have any idea for trouble shooting?

NO_PROXY=deimos curl deimos:61001
curl ip_addr_of_deimos:61001
It looks like you are trying to access MongoDB over HTTP on the native driver port.
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html><head>
<meta type="copyright" content="Copyright (C) 1996-2021 The Squid Software Foundation and contributors">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>ERROR: The requested URL could not be retrieved</title>
<style type="text/css"><!-- 
 /*
 * Copyright (C) 1996-2021 The Squid Software Foundation and contributors
 *
 * Squid software is distributed under GPLv2+ license and includes
 * contributions from numerous individuals and organizations.
 * Please see the COPYING and CONTRIBUTORS files for details.
 */

/*
 Stylesheet for Squid Error pages
 Adapted from design by Free CSS Templates
 http://www.freecsstemplates.org
 Released for free under a Creative Commons Attribution 2.5 License
*/

/* Page basics */
* {
	font-family: verdana, sans-serif;
}

html body {
	margin: 0;
	padding: 0;
	background: #efefef;
	font-size: 12px;
	color: #1e1e1e;
}

/* Page displayed title area */
#titles {
	margin-left: 15px;
	padding: 10px;
	padding-left: 100px;
	background: url('/squid-internal-static/icons/SN.png') no-repeat left;
}

/* initial title */
#titles h1 {
	color: #000000;
}
#titles h2 {
	color: #000000;
}

/* special event: FTP success page titles */
#titles ftpsuccess {
	background-color:#00ff00;
	width:100%;
}

/* Page displayed body content area */
#content {
	padding: 10px;
	background: #ffffff;
}

/* General text */
p {
}

/* error brief description */
#error p {
}

/* some data which may have caused the problem */
#data {
}

/* the error message received from the system or other software */
#sysmsg {
}

pre {
}

/* special event: FTP directory listing */
#dirmsg {
    font-family: courier, monospace;
    color: black;
    font-size: 10pt;
}
#dirlisting {
    margin-left: 2%;
    margin-right: 2%;
}
#dirlisting tr.entry td.icon,td.filename,td.size,td.date {
    border-bottom: groove;
}
#dirlisting td.size {
    width: 50px;
    text-align: right;
    padding-right: 5px;
}

/* horizontal lines */
hr {
	margin: 0;
}

/* page displayed footer area */
#footer {
	font-size: 9px;
	padding-left: 10px;
}


body
:lang(fa) { direction: rtl; font-size: 100%; font-family: Tahoma, Roya, sans-serif; float: right; }
:lang(he) { direction: rtl; }
 --></style>
</head><body id=ERR_DNS_FAIL>
<div id="titles">
<h1>ERROR</h1>
<h2>The requested URL could not be retrieved</h2>
</div>
<hr>

<div id="content">
<p>The following error was encountered while trying to retrieve the URL: <a href="http://ip_addr_of_deimos:61001/">http://ip_addr_of_deimos:61001/</a></p>

<blockquote id="error">
<p><b>Unable to determine IP address from host name <q>ip_addr_of_deimos</q></b></p>
</blockquote>

<p>The DNS server returned:</p>
<blockquote id="data">
<pre>Name Error: The domain name does not exist.</pre>
</blockquote>

<p>This means that the cache was not able to resolve the hostname presented in the URL. Check if the address is correct.</p>

<p>Your cache administrator is <a href="mailto:root">root</a>.</p>
<br>
</div>

<hr>
<div id="footer">
<p>Generated Mon, 15 Dec 2025 19:39:51 GMT by proxybd.ethz.ch (squid/4.15)</p>
<!-- ERR_DNS_FAIL -->
</div>
</body></html>

thanks for everything!

6

That helps to avoid confusion. Please can you try this command:

curl 129.132.174.216:61001
grep hosts /etc/nsswitch.conf
7

Sure!

curl 129.132.174.216:61001
grep hosts /etc/nsswitch.conf
It looks like you are trying to access MongoDB over HTTP on the native driver port.
hosts:          files mdns4_minimal [NOTFOUND=return] dns
8

This is the expected output, and, in my view, additional evidence that cryosparcw connect fails on phobos due to a name resolution issue, not due to a “block” on CryoSPARC master ports. Unfortunately, I do not understand why the line

inside phobos:/etc/hosts does not fix this problem.
What is the output of the command (on phobos):

getent hosts deimos

?

9

Dear @wtempel,

the output is the following:

getent hosts deimos
129.132.174.216 deimos

I guess this was expected?

Best,
Tamino

10

Indeed. I think I missed earlier

Does the file

/home/cryosparcuser/cryosparc/cryosparc_worker/config.sh

on phobos already contain a definition like

export NO_PROXY=deimos

?
What is the output of the command

grep -i proxy /home/cryosparcuser/cryosparc/cryosparc_worker/config.sh

?

11

Dear @wtempel,

on phobos, there was no export of no_prox in the config file yet!
I added the line and also re-ran the commands that you suggested earlier afterwards, the output can be found here:

grep -i proxy /home/cryosparcuser/cryosparc/cryosparc_worker/config.sh
export NO_PROXY=deimos

cryosparcuser@scopem-phobos:~$ getent hosts deimos
129.132.174.216 deimos

cryosparcuser@scopem-phobos:~$ curl 129.132.174.216:61001
grep hosts /etc/nsswitch.conf
It looks like you are trying to access MongoDB over HTTP on the native driver port.
hosts:          files mdns4_minimal [NOTFOUND=return] dns

I tried the worker connect command again, and it seems to have worked!

 ./bin/cryosparcw connect --worker scopem-phobos.ethz.ch --master deimos --port 61000 --ssdpath /mnt/scratch/cryosparcssd/ --sshstr 'cryosparcuser@129.132.174.worker' --lane 'phobos' --newlane
 ---------------------------------------------------------------
  CRYOSPARC CONNECT --------------------------------------------
 ---------------------------------------------------------------
  Attempting to register worker scopem-phobos.ethz.ch to command deimos:61002
  Connecting as unix user cryosparcuser
  Will register using ssh string: cryosparcuser@129.132.174.worker
  If this is incorrect, you should re-run this command with the flag --sshstr <ssh string> 
 ---------------------------------------------------------------
  Connected to master.
 ---------------------------------------------------------------
  Current connected workers:
    deimos
 ---------------------------------------------------------------
  Worker will be registered with 24 CPUs.
  Autodetecting available GPUs...
  Detected 1 CUDA devices.

   id           pci-bus  name
   ---------------------------------------------------------------
       0                 1  NVIDIA GeForce RTX 4090                                                                
   ---------------------------------------------------------------
   All devices will be enabled now. 
   This can be changed later using --update
 ---------------------------------------------------------------
  Worker will be registered with SSD cache location /mnt/scratch/cryosparcssd/ 
 ---------------------------------------------------------------
  Autodetecting the amount of RAM available...
  This machine has 127.94GB RAM .
 ---------------------------------------------------------------
 ---------------------------------------------------------------
  Registering worker...
  Done.

  You can now launch jobs on the master node and they will be scheduled
  on to this worker node if resource requirements are met.
 ---------------------------------------------------------------
  Final configuration for scopem-phobos.ethz.ch
               cache_path :  /mnt/scratch/cryosparcssd/
           cache_quota_mb :  None
         cache_reserve_mb :  10000
                     desc :  None
                     gpus :  [{'id': 0, 'mem': 25247481856, 'name': 'NVIDIA GeForce RTX 4090'}]
                 hostname :  scopem-phobos.ethz.ch
                     lane :  phobos
             monitor_port :  None
                     name :  scopem-phobos.ethz.ch
           resource_fixed :  {'SSD': True}
           resource_slots :  {'CPU': [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23], 'GPU': [0], 'RAM': [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15]}
                  ssh_str :  cryosparcuser@129.132.174.worker
                    title :  Worker node scopem-phobos.ethz.ch
                     type :  node
          worker_bin_path :  /home/cryosparcuser/cryosparc/cryosparc_worker/bin/cryosparcw
 ---------------------------------------------------------------
`` ./bin/cryosparcw connect --worker scopem-phobos.ethz.ch --master deimos --port 61000 --ssdpath /mnt/scratch/cryosparcssd/ --sshstr 'cryosparcuser@129.132.174.worker' --lane 'phobos' --newlane
 ---------------------------------------------------------------
  CRYOSPARC CONNECT --------------------------------------------
 ---------------------------------------------------------------
  Attempting to register worker scopem-phobos.ethz.ch to command deimos:61002
  Connecting as unix user cryosparcuser
  Will register using ssh string: cryosparcuser@129.132.174.worker
  If this is incorrect, you should re-run this command with the flag --sshstr <ssh string> 
 ---------------------------------------------------------------
  Connected to master.
 ---------------------------------------------------------------
  Current connected workers:
    deimos
 ---------------------------------------------------------------
  Worker will be registered with 24 CPUs.
  Autodetecting available GPUs...
  Detected 1 CUDA devices.

   id           pci-bus  name
   ---------------------------------------------------------------
       0                 1  NVIDIA GeForce RTX 4090                                                                
   ---------------------------------------------------------------
   All devices will be enabled now. 
   This can be changed later using --update
 ---------------------------------------------------------------
  Worker will be registered with SSD cache location /mnt/scratch/cryosparcssd/ 
 ---------------------------------------------------------------
  Autodetecting the amount of RAM available...
  This machine has 127.94GB RAM .
 ---------------------------------------------------------------
 ---------------------------------------------------------------
  Registering worker...
  Done.

  You can now launch jobs on the master node and they will be scheduled
  on to this worker node if resource requirements are met.
 ---------------------------------------------------------------
  Final configuration for scopem-phobos.ethz.ch
               cache_path :  /mnt/scratch/cryosparcssd/
           cache_quota_mb :  None
         cache_reserve_mb :  10000
                     desc :  None
                     gpus :  [{'id': 0, 'mem': 25247481856, 'name': 'NVIDIA GeForce RTX 4090'}]
                 hostname :  scopem-phobos.ethz.ch
                     lane :  phobos
             monitor_port :  None
                     name :  scopem-phobos.ethz.ch
           resource_fixed :  {'SSD': True}
           resource_slots :  {'CPU': [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23], 'GPU': [0], 'RAM': [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15]}
                  ssh_str :  cryosparcuser@129.132.174.worker
                    title :  Worker node scopem-phobos.ethz.ch
                     type :  node
          worker_bin_path :  /home/cryosparcuser/cryosparc/cryosparc_worker/bin/cryosparcw
 ---------------------------------------------------------------

To double check, I accessed the cryosparc gui of the master and submitted a job on the newly attached worker node.
Everything seems to work now. Thanks for letting me know I also need to export the no_proxy on the worker!

This issue can be closed now - I really really appreciate your time and effort put into solving the issue with me, thanks again @wtempel !

Best,
Tamino