[slurm-users] Kernel keyrings on Slurm node inside Slurm job

Yair Yarom irush at cs.huji.ac.il
Thu Aug 25 12:08:17 UTC 2022


I hope UsePAM won't get deprecated. I can understand the dangers, and
indeed to use it for limits seems weird (nowadays), but it's a nice hook to
have and we use it for other purposes: pam_setquota for /tmp quota per
user; Setting the per user /run/user/ directory (usually systemd sets this
up, but systemd doesn't play nicely with slurm); Fixing some cgroup mess we
have in our system; And calling pam_loginuid.

For a different solution - maybe calling keyctl in a TaskProlog can solve
this issue.



On Thu, 25 Aug 2022 at 12:37, Ole Holm Nielsen <Ole.H.Nielsen at fysik.dtu.dk>
wrote:

> On 8/25/22 11:15, Matthias Leopold wrote:
> > Thanks for the hint. I wasn't aware of UsePAM. At first it looks
> tempting,
> > but then I read some bug reports and saw that it's an "alternative way
> of
> > enforcing resource limits" and is considered an "older deprecated
> > functionality".
> >
> > https://bugs.schedmd.com/show_bug.cgi?id=4098
>
> Warning: Do NOT configure UsePAM=1 in slurm.conf (this advice can be found
> on the net).  See
>
> https://wiki.fysik.dtu.dk/niflheim/Slurm_configuration#configure-prologflags
>
> /Ole
>
>

-- 

  /|       |
  \/       | Yair Yarom | System Group (DevOps)
  []       | The Rachel and Selim Benin School
  [] /\    | of Computer Science and Engineering
  []//\\/  | The Hebrew University of Jerusalem
  [//  \\  | T +972-2-5494522 | F +972-2-5494522
  //    \  | irush at cs.huji.ac.il
 //        |
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.schedmd.com/pipermail/slurm-users/attachments/20220825/b5d867ff/attachment.htm>


More information about the slurm-users mailing list