On 29/12/22 11:31 am, Timo Rothenpieler wrote:
Having service files in top level dirs like /run or /var/lib is bound to
cause issues like this.
You can use local systemd overrides for things like this. In this case I
suspect you can create this directory:
/etc/systemd/system/slurmrestd.serv
Ideally, the systemd service would specify the User/Group already, and
then also specify RuntimeDirectory=slurmrestd.
It then pre-creates a slurmrestd directory in /run for the service to
put its runtime files (like sockets) into, avoiding any permission issues.
Having service files in top leve
Thanks Brian!
I also discovered that I can edit the service file to remove the unix
socket. Doesn't seem to impact the things I'm working with anyway. But
this design choice still seems strange to me that editing the service
file is required. It seems like this should also be a configurable it
I dug up my old stuff for getting it started and see that I just
disabled the unix socket completely. I was never able to get it to work
for the reasons you are seeing, so I enabled it in listening mode. There
are comments in the service file about it, but to do so, I changed the
'ExecStart' li
Greetings,
Thanks for responding!
On 12/28/22 20:35, Brian Andrus wrote:
I suspect if you delete /var/lib/slurmrestd.socket and then start
slurmrestd, it will create it as the user you need it to be.
Or just change the owner of it to the slurmrestd owner.
No go on that. Because /var/lib re
I suspect if you delete /var/lib/slurmrestd.socket and then start
slurmrestd, it will create it as the user you need it to be.
Or just change the owner of it to the slurmrestd owner.
I have been running slurmrestd as a separate user for some time.
Brian Andrus
On 12/28/2022 3:20 PM, Chris Sta
Guillaume, thanks for your reply and your workaround.
Do you try adding `SLUTM_JWT=daemon` fo slurmrestd process, and then any
value is is authenticated successfully for request header
`X-SLURM-USER-TOKEN`, `X-SLURM-USER-NAME` .
You can see the information in my last email:
```
# start process w
Hello,
We had the same error and we fixed it by adding
`Environment="SLURM_JWT=daemon"` to the [Service] section of the unit file (in
our case /usr/lib/systemd/system/slurmrestd.service ).
We have a bug (feature?) that makes us unable to use root or slurm user as user
for slurmrestd service
Hi,
I just came across the same issue. Works if slurmdbd allows auth/jwt and has
the proper key. /etc/slurm/slurmdbd.conf:
# Authentication info
AuthType=auth/munge
AuthAltTypes=auth/jwt
AuthAltParameters=jwt_key=/etc/slurm/jwt_hs256.key
and /etc/slurm/jwt_hs256.key on the dbd and the slu
Double-check you have all the packages.
When slurm is built, slurmrestd is a separate package and is only built
if the whole set was directed to do so. If they did not build it, you
will need to do so yourself. This will mean using your custom built
files throughout.
Brian Andrus
On 3/7/202
No problem.
You may want to set your variables in your /etc/sysconfig/slurmrestd file.
That is where you can set that variable along with others
(SLURMRESTD_LISTEN, SLURMRESTD_DEBUG, SLURMREST_OPTIONS) and your
service file will pick them up.
Brian Andrus
On 6/14/2021 12:05 PM, Heitor wrot
On Mon, 14 Jun 2021 11:25:52 -0700
Brian Andrus wrote:
> Using v20.11.7
>
> I have 8081 because that is the port I am running slurmrestd on.
>
> How are you starting slurmrestd? If you are using systemd and have
> the service file, look inside it.
I'm using systemd:
$ cat /usr/lib/sys
Using v20.11.7
I have 8081 because that is the port I am running slurmrestd on.
How are you starting slurmrestd? If you are using systemd and have the
service file, look inside it.
Brian Andrus
On 6/14/2021 9:48 AM, Heitor wrote:
On Mon, 14 Jun 2021 08:30:51 -0700
Brian Andrus wrote:
Yo
On Mon, 14 Jun 2021 08:30:51 -0700
Brian Andrus wrote:
> You don't use the prefix.
>
> This works for me on the node running slurmrestd on port 8081:
>
> user=someuser
> curl --header "X-SLURM-USER-NAME: ${user}" --header
> "X-SLURM-USER-TOKEN: $(sudo scontrol toker username=${user}|cut
> -d='=
You don't use the prefix.
This works for me on the node running slurmrestd on port 8081:
user=someuser
curl --header "X-SLURM-USER-NAME: ${user}" --header "X-SLURM-USER-TOKEN:
$(sudo scontrol toker username=${user}|cut -d='=' -f2-)"
http://localhost:8081/slurm/v0.0.36/ping
Brian Andrus
On 6
Hi,
On 7/06/2021 04:33, David Schanzenbach wrote:
> In our .rpmmacros file we use, the following option is set:
> %_with_slurmrestd 1
You also need libjwt: https://bugs.schedmd.com/show_bug.cgi?id=4
Ward
Hi Sid,
In our .rpmmacros file we use, the following option is set:
%_with_slurmrestd 1
The slurm.spec file in the source tar.bz2 indicates this maps to the
build option of --with slurmrestd
You also need to make sure you have the build dependencies as well,
which I believe are json-c-devel an
Hi Simone,
On 9/04/2021 18:03, Simone Riggi wrote:
> All of them are working.
> So in this case the only requirement for a user is having the read/write
> permission on the socket?
Correct. The authentication is done as you know the user with a socket.
> My goal at the end would be to let a Do
Thanks Ward.
I did the following:
$ slurmrestd unix:/var/run/slurmrestd.socket -a rest_auth/local -s v0.0.36
-vvv
and to test the response:
$ curl --unix-socket /var/run/slurmrestd.socket
localhost/slurm/v0.0.36/ping (here "localhost" can be whatever
character, need to check --unix-socket cu
Hi Simone,
On 8/04/2021 23:23, Simone Riggi wrote:
> $ scontrol token lifespan=7200 username=riggi
>
> How can I configure and test the other auth method (local)? I am using
> jwt at the moment.
> I would like a user to be always authorized to use the rest API.
local means socket (so you don't
Hi again,
I think I managed to make it working with:
$ slurmrestd -f /etc/slurm/slurmrestd.conf -a rest_auth/jwt -s
openapi/v0.0.36 -vvv 0.0.0.0:6820
Sample request:
$ curl -H "X-SLURM-USER-NAME:riggi" -H "X-SLURM-USER-TOKEN:${SLURM_JWT}"
http://localhost:6820/slurm/v0.0.36/ping
{
"meta": {
Ok,
I think I have found the plugins in:
/root/rpmbuild/BUILD/slurm-20.11.5/src/slurmrestd/plugins/openapi/
I did:
make
make install
and now I have:
$ slurmrestd -s list
slurmrestd: Possible OpenAPI plugins:
slurmrestd: openapi/v0.0.35
slurmrestd: openapi/v0.0.36
slurmrestd: openapi/dbv0.0.36
Thanks very much.
I found both files under:
/root/rpmbuild/BUILD/slurm-20.11.5/src/slurmrestd/plugins/auth/jwt/.libs/rest_auth_jwt.so
/root/rpmbuild/BUILD/slurm-20.11.5/src/slurmrestd/plugins/auth/local/.libs/rest_auth_local.so
It seems they weren't installed (any hints why?). By the way I tried
Hi Simone,
On 8/04/2021 15:53, Simone Riggi wrote:
> - I see effectively that --with jwt is not listed. I wonder how to build
> (using rpmbuild) slurm auth plugins?
> In general I didn't understand from the doc what plugins slurmrestd
> expects by default and where it searches it. From -a opti
Thanks very much for your reply.
- I added this line to the slurm.conf file:
AuthAltParameters=jwt_key=/var/spool/slurmctld/jwt_hs256.key
I restarted the daemons but this does not change slurmrestd error. I guess
this is needed anyway after plugins are found, so thanks for pointing that
out.
-
Hi Ole,
On 8/04/2021 10:09, Ole Holm Nielsen wrote:
> On 4/8/21 9:50 AM, Simone Riggi wrote:
>>
>> rpmbuild -ta slurm-20.11.5.tar.bz2 --with mysql --with slurmrestd
>> --with jwt
>
> I don't see this "--with jwt" in the slurm.spec file:
It's not yet there: https://bugs.schedmd.com/show_bug.cgi?i
On 4/8/21 9:50 AM, Simone Riggi wrote:
I write you about how to properly setup slurmrestd.
...
2) Installed slurm with:
rpmbuild -ta slurm-20.11.5.tar.bz2 --with mysql --with slurmrestd --with jwt
I don't see this "--with jwt" in the slurm.spec file:
[slurm-20.11.5]# grep "# --with" slurm.s
Hi Simone,
On 8/04/2021 09:50, Simone Riggi wrote:
> where /etc/slurm/slurmrestd.conf
>
> include /etc/slurm/slurm.conf
> AuthType=auth/jwt
Did you add a key?
AuthAltParameters=jwt_key=/etc/slurm/jwt.key
It needs to be present on the slurmdbd and slurmctld nodes.
Ward
28 matches
Mail list logo
