On Fri, Sep 14, 2018 at 02:34:10PM +0200, Loris Bennett wrote: > Tim Bishop <tim-li...@bishnet.net> writes: > > New member to the list, and we've only been using Slurm for a few > > months. Everything is working well but I have some questions about user > > management. > > > > Our setup is that users are managed via LDAP. They exist on all compute > > nodes and on the submission node, but not on the controller (possibly an > > oversight). I've seen two problems here; > > > > 1. squeue shows jobs running as "nobody". I'm thinking this might be > > because users don't exist on the controller? Presumably there needs to > > be a UID->name mapping happening. > > > > 2. We have users on the submission node (it's used for other things too) > > that don't exist anywhere else within the Slurm cluster and they can > > still submit jobs. I'd have expected them to fail because the user > > doesn't exist, however they just run under the UID. > > > > Old code [1] has a pwuid call which appears to generate a failure if a > > user can't be found. But maybe this disappeared during some later > > refactoring? > > > > I have accounting set up but haven't dug much in to this. I've just read > > through the recent thread "Create users" and it looks like I need to be > > creating users within Slurm and then use AccountingStorageEnforce to > > ensure only users that exist in the accounting database can run jobs. > > Does that look like the right approach? There's some useful stuff in > > that thread about automating user creation too. > > Yes, you're on the right track. You have to use 'sacctmgr' to create > users that Slurm should know about, potentially within a hierarchy which > reflects your organisation. > > Ole Holm Nielsen has some interesting tools here: > > https://github.com/OleHolmNielsen/Slurm_tools/tree/master/slurmaccounts > > As mentioned, we on the other hand add users via a wrapper around > 'sacctmgr' when we set users up. This is just one step in a framework > which also informs the user and the PI via email that the access has > been granted. The "create-Slurm-user-on-first-submit" approach Paul > Edmon describes also seems interesting.
Thanks Loris, that's some useful information. I'll need to do something that runs on a regular basis and syncs LDAP data to Slurm, but that doesn't look too hard. The tools you linked above would certainly be a good starting point. Thanks, Tim. -- Tim Bishop http://www.bishnet.net/tim/ PGP Key: 0x6C226B37FDF38D55
