[slurm-users] Slurm API security best practices

Oren Shani oren.shani at mail.huji.ac.il
Wed Jun 1 07:05:13 UTC 2022


Hi All,

I am making some first steps in putting the Slurm API to use in our
clusters (at the CS and Engineering school of the Hebrew University in
Jerusalem), and at this point I am looking at "read only" applications. For
example, using Telegraf to read Cluster usage data into an SQL database
(Postgres). I would like to use a better security mechanism than the
standard JWT mechanism, that uses short and short-lived keys, provided by
scontrol - which is already a problem when using Telegraf and will be more
problematic when we would like to allow users to use the API to manage
their jobs, etc.

So I wonder if some of you could share their experience and best practices
for creating a more robust security scheme for the API. Basically we do not
intend to give users direct access to the API, but we will have to provide
indirect access which is gnostic of the user identity.

Many thanks,

Oren
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.schedmd.com/pipermail/slurm-users/attachments/20220601/e31c59a4/attachment.htm>


More information about the slurm-users mailing list