Gateway Configuration Settings
Slurm-web gateway can be configured in INI file
/etc/slurm-web/gateway.ini
.
This page contains the reference documentation of all configuration parameters that can be defined in this file, grouped by sections, and a full example to illustrate its syntax and possible values.
Sections
service
Parameter | Type | Description | Required |
---|---|---|---|
interface |
str |
Address of network interfaces to bind native service for incoming
connections. Special value Default: |
- |
port |
int |
TCP port to listen for incoming connections. Default: |
- |
cors |
bool |
When true, Cross-Origin Resource Sharing (CORS) headers are enabled. Default: |
- |
debug |
bool |
Enable debug mode Default: |
- |
log_flags |
list[str] |
List of log flags to enable. Special value Choices:
Default:
|
- |
debug_flags |
list[str] |
List of debug flags to enable. Special value Choices:
Default:
|
- |
ui
Parameter | Type | Description | Required |
---|---|---|---|
host |
uri |
- |
|
enabled |
bool |
Serve frontend application with gateway Default: |
- |
path |
path |
Path to Slurm-web frontend application Default: |
- |
templates |
path |
Path HTML templates folder. Default: |
- |
message_template |
path |
Path to service message HTML template relative to the templates folder. Default: |
- |
message_login |
path |
Path to service message presented to users below the login form. Slurm-web loads the file if it exists. However, it does not fail if file is not found, it is skipped silently. The content must be formatted in markdown. Default: |
- |
hide_denied |
bool |
Control if users can see the list of denied clusters, ie. clusters on which they do not have any permission. When false, these clusters are visible and marked as denied for these users. When true, these clusters are hidden to these users. Default: |
- |
agents
Parameter | Type | Description | Required | ||
---|---|---|---|---|---|
url |
list[uri] |
List of Slurm-web agents URL Example: No default value |
✅ |
||
version |
str |
Version of Slurm-web agent API Default: |
- |
||
racksdb_version |
str |
Minimal supported version of RacksDB API
Default: |
- |
authentication
Parameter | Type | Description | Required |
---|---|---|---|
enabled |
bool |
Determine if authentication is enabled Default: |
- |
method |
str |
Authentification method Choices:
Default: |
- |
ldap
Parameter | Type | Description | Required |
---|---|---|---|
uri |
uri |
URI to connect to LDAP server Example: No default value |
- |
cacert |
path |
Path to CA certificate used to validate signature of LDAP server certificate when using ldaps or STARTTLS protocols. When not defined, the default system CA certificates is used. Example: No default value |
- |
starttls |
bool |
Use STARTTLS protocol to negociate TLS connection with LDAP server Default: |
- |
user_base |
str |
Base DN for users entries Example: No default value |
- |
group_base |
str |
Base DN for group entries Example: No default value |
- |
user_class |
str |
Class of user entries Default: |
- |
user_name_attribute |
str |
User entry attribute for user name Default: |
- |
user_fullname_attribute |
str |
User entry attribute for full name Default: |
- |
user_primary_group_attribute |
str |
User entry attribute for primary group ID Default: |
- |
group_name_attribute |
str |
Group entry attribute for name Default: |
- |
group_object_classes |
list[str] |
List of LDAP object classes for groups Default:
|
- |
lookup_user_dn |
bool |
Lookup user DN in the scope of user base subtree. If disable, LDAP
directory is not requested to search for the user in the subtree before
authentication, and the user DN are considered to be in the form of
Default: |
- |
bind_dn |
str |
DN used to bind to the LDAP server. When this parameter is not defined, access to LDAP directory is performed anonymously. Example: No default value |
- |
bind_password |
password |
Password of bind DN. This parameter is required when Example: No default value |
- |
restricted_groups |
list[str] |
List of users groups allowed to connect. When this parameter is not defined, all users in LDAP directory are authorized to sign in. Example: No default value |
- |
jwt
Parameter | Type | Description | Required |
---|---|---|---|
key |
path |
Path to private key for JWT signature Default: |
- |
duration |
int |
JWT validity duration in days Default: |
- |
algorithm |
str |
Cryptographic algorithm used to sign JWT Choices:
Default: |
- |
audience |
str |
Audience defined in generated JWT and expected in JWT provided by clients Default: |
- |
Example
This section contains a full example of Slurm-web gateway configuration file.
Do NOT use this full example file as a basis for your custom site configuration. This example is provided only to illustrate the syntax of the file, its parameters and possible values. Most parameters are actually optional. You should define only the sections and parameters that are either really required or those for which you want to override default value. Please refer to the quickstart guide to understand the parameters you are supposed to define in most cases. |
This example file is also installed in Slurm-web gateway
distribution packages at
/usr/share/doc/slurm-web-gateway/examples/gateway.ini .
|
# This file is an example configuration file for Slurm-web gateway
#
# Please DO NOT USE THIS FILE as a basis for your custom
# /etc/slurm-web/gateway.ini.
[service]
# Address of network interfaces to bind native service for incoming
# connections. Special value `0.0.0.0` means all network interfaces.
#
# Default value: localhost
interface=localhost
# TCP port to listen for incoming connections.
#
# Default value: 5011
port=5011
# When true, Cross-Origin Resource Sharing (CORS) headers are enabled.
cors=no
# Enable debug mode
debug=no
# List of log flags to enable. Special value `ALL` enables all log flags.
#
# Possible values:
# - slurmweb
# - rfl
# - werkzeug
# - urllib3
# - racksdb
# - ALL
#
# Default value:
# - ALL
log_flags=
ALL
# List of debug flags to enable. Special value `ALL` enables all debug
# flags.
#
# Possible values:
# - slurmweb
# - rfl
# - werkzeug
# - urllib3
# - racksdb
# - ALL
#
# Default value:
# - slurmweb
debug_flags=
slurmweb
[ui]
# Public URL to access the gateway component
host=https://dashboard.corp.com/
# Serve frontend application with gateway
#
# Default value: yes
enabled=yes
# Path to Slurm-web frontend application
#
# Default value: /usr/share/slurm-web/frontend
path=/usr/share/slurm-web/frontend
# Path HTML templates folder.
#
# Default value: /usr/share/slurm-web/templates
templates=/usr/share/slurm-web/templates
# Path to service message HTML template relative to the templates folder.
#
# Default value: message.html.j2
message_template=message.html.j2
# Path to service message presented to users below the login form. Slurm-web
# loads the file if it exists. However, it does not fail if file is not
# found, it is skipped silently. The content must be formatted in markdown.
#
# Default value: /etc/slurm-web/messages/login.md
message_login=/etc/slurm-web/messages/login.md
# Control if users can see the list of denied clusters, ie. clusters on
# which they do not have any permission. When false, these clusters are
# visible and marked as denied for these users. When true, these clusters
# are hidden to these users.
hide_denied=no
[agents]
# List of Slurm-web agents URL
#
# This parameter is required.
url=
https://cluster1/agent
https://cluster2/agent
# Version of Slurm-web agent API
#
# Default value: 4.1.0
version=4.1.0
# Minimal supported version of RacksDB API
#
# CAUTION: You SHOULD NOT change this parameter unless you really know what
# you are doing. This parameter is more intented for Slurm-web developers
# rather than end users. Slurm-web is officially tested and validated with
# the default value only.
#
# Default value: 0.4.0
racksdb_version=0.4.0
[authentication]
# Determine if authentication is enabled
enabled=no
# Authentification method
#
# Possible values:
# - ldap
#
# Default value: ldap
method=ldap
[ldap]
# URI to connect to LDAP server
uri=ldap://localhost
# Path to CA certificate used to validate signature of LDAP server
# certificate when using ldaps or STARTTLS protocols. When not defined, the
# default system CA certificates is used.
cacert=/path/to/certificate.pem
# Use STARTTLS protocol to negociate TLS connection with LDAP server
starttls=no
# Base DN for users entries
user_base=ou=people,dc=example,dc=org
# Base DN for group entries
group_base=ou=group,dc=example,dc=org
# Class of user entries
#
# Default value: posixAccount
user_class=posixAccount
# User entry attribute for user name
#
# Default value: uid
user_name_attribute=uid
# User entry attribute for full name
#
# Default value: cn
user_fullname_attribute=cn
# User entry attribute for primary group ID
#
# Default value: gidNumber
user_primary_group_attribute=gidNumber
# Group entry attribute for name
#
# Default value: cn
group_name_attribute=cn
# List of LDAP object classes for groups
#
# Default value:
# - posixGroup
# - groupOfNames
group_object_classes=
posixGroup
groupOfNames
# Lookup user DN in the scope of user base subtree. If disable, LDAP
# directory is not requested to search for the user in the subtree before
# authentication, and the user DN are considered to be in the form of
# `<user_name_attribute>=$login,<user_base>` (ex:
# `uid=$login,ou=people,dc=example,dc=org`). This notably implies all
# users entries to be at the first level under the user base in the tree.
#
# Default value: yes
lookup_user_dn=yes
# DN used to bind to the LDAP server. When this parameter is not defined,
# access to LDAP directory is performed anonymously.
bind_dn=cn=system,ou=people,dc=example,dc=org
# Password of bind DN. This parameter is required when `bind_dn` is
# defined.
bind_password=SECR3T
# List of users groups allowed to connect. When this parameter is not
# defined, all users in LDAP directory are authorized to sign in.
restricted_groups=
admins
biology
[jwt]
# Path to private key for JWT signature
#
# Default value: /var/lib/slurm-web/jwt.key
key=/var/lib/slurm-web/jwt.key
# JWT validity duration in days
#
# Default value: 1
duration=1
# Cryptographic algorithm used to sign JWT
#
# Possible values:
# - HS256
# - HS384
# - HS512
# - ES256
# - ES256K
# - ES384
# - ES512
# - RS256
# - RS384
# - RS512
# - PS256
# - PS384
# - PS512
# - EdDSA
#
# Default value: HS256
algorithm=HS256
# Audience defined in generated JWT and expected in JWT provided by clients
#
# Default value: slurm-web
audience=slurm-web