[slurm-users] Remote submission hosts and security

Benjamin Redling benjamin.rampe at uni-jena.de
Tue Dec 5 15:50:08 MST 2017


Am 05.12.2017 um 22:27 schrieb Jeff White:
> I have a need to allow a server which is outside of my cluster access to
> submit jobs to the cluster.  I can do that easily enough by handing my
> Slurm RPMs, config, and munge key to the owner of that server and
> opening access in my firewall.  However, since it is a system outside of
> my control the owner of it can become root (or impersonate any user they
> wish) and gain full control of Slurm.  Obviously that's not good.
> 
> Are there any mechanisms for allowing a remote host to submit jobs but
> not have any administrative access to Slurm?

you could restrict ssh to executing sbatch (authorized_keys... command=)
and not allow a login, and to allow scp-ing of job files you could
combine that with "rssh"?

Some institutions go the extra mile to build their own (web) portals.
AFAIK to only transfer the job and the user name (or any needed data) to
a service that will executing the slurm job.

@M.? Reading this? Portal project finished and allowed to give details?

Regards,
Benjamin
-- 
FSU Jena | JULIELab.de/Staff/Benjamin+Redling.html
☎ +49 3641 9 44323



More information about the slurm-users mailing list