[slurm-users] Remote submission hosts and security

Jeff White jeff.white at wsu.edu
Wed Dec 6 09:23:10 MST 2017


On 12/05/2017 02:50 PM, Benjamin Redling wrote:
> Am 05.12.2017 um 22:27 schrieb Jeff White:
>> I have a need to allow a server which is outside of my cluster access to
>> submit jobs to the cluster.  I can do that easily enough by handing my
>> Slurm RPMs, config, and munge key to the owner of that server and
>> opening access in my firewall.  However, since it is a system outside of
>> my control the owner of it can become root (or impersonate any user they
>> wish) and gain full control of Slurm.  Obviously that's not good.
>>
>> Are there any mechanisms for allowing a remote host to submit jobs but
>> not have any administrative access to Slurm?
> you could restrict ssh to executing sbatch (authorized_keys... command=)
> and not allow a login, and to allow scp-ing of job files you could
> combine that with "rssh"?
>
> Some institutions go the extra mile to build their own (web) portals.
> AFAIK to only transfer the job and the user name (or any needed data) to
> a service that will executing the slurm job.
>
> @M.? Reading this? Portal project finished and allowed to give details?
>
> Regards,
> Benjamin

A Web portal is exactly why I am doing this.  The remote server is a Web 
server running some software that expects to pass a script to sbatch 
directly.  So the SSH stuff you mention doesn't apply.

-- Jeff White




More information about the slurm-users mailing list