[slurm-users] Remote submission hosts and security
Jeff White
jeff.white at wsu.edu
Wed Dec 6 09:23:10 MST 2017
On 12/05/2017 02:50 PM, Benjamin Redling wrote:
> Am 05.12.2017 um 22:27 schrieb Jeff White:
>> I have a need to allow a server which is outside of my cluster access to
>> submit jobs to the cluster. I can do that easily enough by handing my
>> Slurm RPMs, config, and munge key to the owner of that server and
>> opening access in my firewall. However, since it is a system outside of
>> my control the owner of it can become root (or impersonate any user they
>> wish) and gain full control of Slurm. Obviously that's not good.
>>
>> Are there any mechanisms for allowing a remote host to submit jobs but
>> not have any administrative access to Slurm?
> you could restrict ssh to executing sbatch (authorized_keys... command=)
> and not allow a login, and to allow scp-ing of job files you could
> combine that with "rssh"?
>
> Some institutions go the extra mile to build their own (web) portals.
> AFAIK to only transfer the job and the user name (or any needed data) to
> a service that will executing the slurm job.
>
> @M.? Reading this? Portal project finished and allowed to give details?
>
> Regards,
> Benjamin
A Web portal is exactly why I am doing this. The remote server is a Web
server running some software that expects to pass a script to sbatch
directly. So the SSH stuff you mention doesn't apply.
-- Jeff White
More information about the slurm-users
mailing list