Gateway Configuration Settings

Slurm-web gateway can be configured in INI file /etc/slurm-web/gateway.ini.

This page contains the reference documentation of all configuration parameters that can be defined in this file, grouped by sections, and a full example to illustrate its syntax and possible values.

Sections

service

Parameter Type Description Required
interface

str

Address of network interfaces to bind native service for incoming connections. Special value 0.0.0.0 means all network interfaces.

Default: localhost

-

port

int

TCP port to listen for incoming connections.

Default: 5011

-

cors

bool

When true, Cross-Origin Resource Sharing (CORS) headers are enabled.

Default: False

-

debug

bool

Enable debug mode

Default: False

-

log_flags

list[str]

List of log flags to enable. Special value ALL enables all log flags.

Choices:

  • slurmweb

  • rfl

  • werkzeug

  • urllib3

  • racksdb

  • ALL

Default:

  • ALL

-

debug_flags

list[str]

List of debug flags to enable. Special value ALL enables all debug flags.

Choices:

  • slurmweb

  • rfl

  • werkzeug

  • urllib3

  • racksdb

  • ALL

Default:

  • slurmweb

-

ui

Parameter Type Description Required
host

uri

Public URL to access the gateway component

No default value

-

enabled

bool

Serve frontend application with gateway

Default: True

-

path

path

Path to Slurm-web frontend application

Default: /usr/share/slurm-web/frontend

-

templates

path

Path HTML templates folder.

Default: /usr/share/slurm-web/templates

-

message_template

path

Path to service message HTML template relative to the templates folder.

Default: message.html.j2

-

message_login

path

Path to service message presented to users below the login form. Slurm-web loads the file if it exists. However, it does not fail if file is not found, it is skipped silently. The content must be formatted in markdown.

Default: /etc/slurm-web/messages/login.md

-

hide_denied

bool

Control if users can see the list of denied clusters, ie. clusters on which they do not have any permission. When false, these clusters are visible and marked as denied for these users. When true, these clusters are hidden to these users.

Default: False

-

agents

Parameter Type Description Required
url

list[uri]

List of Slurm-web agents URL

Example: ['https://cluster1/agent', 'https://cluster2/agent']

No default value

version

str

Version of Slurm-web agent API

Default: 4.1.0

-

racksdb_version

str

Minimal supported version of RacksDB API

You SHOULD NOT change this parameter unless you really know what you are doing. This parameter is more intented for Slurm-web developers rather than end users. Slurm-web is officially tested and validated with the default value only.

Default: 0.4.0

-

authentication

Parameter Type Description Required
enabled

bool

Determine if authentication is enabled

Default: False

-

method

str

Authentification method

Choices:

  • ldap

Default: ldap

-

ldap

Parameter Type Description Required
uri

uri

URI to connect to LDAP server

Example: ldap://localhost

No default value

-

cacert

path

Path to CA certificate used to validate signature of LDAP server certificate when using ldaps or STARTTLS protocols. When not defined, the default system CA certificates is used.

Example: /path/to/certificate.pem

No default value

-

starttls

bool

Use STARTTLS protocol to negociate TLS connection with LDAP server

Default: False

-

user_base

str

Base DN for users entries

Example: ou=people,dc=example,dc=org

No default value

-

group_base

str

Base DN for group entries

Example: ou=group,dc=example,dc=org

No default value

-

user_class

str

Class of user entries

Default: posixAccount

-

user_name_attribute

str

User entry attribute for user name

Default: uid

-

user_fullname_attribute

str

User entry attribute for full name

Default: cn

-

user_primary_group_attribute

str

User entry attribute for primary group ID

Default: gidNumber

-

group_name_attribute

str

Group entry attribute for name

Default: cn

-

group_object_classes

list[str]

List of LDAP object classes for groups

Default:

  • posixGroup

  • groupOfNames

-

lookup_user_dn

bool

Lookup user DN in the scope of user base subtree. If disable, LDAP directory is not requested to search for the user in the subtree before authentication, and the user DN are considered to be in the form of <user_name_attribute>=$login,<user_base> (ex: uid=$login,ou=people,dc=example,dc=org). This notably implies all users entries to be at the first level under the user base in the tree.

Default: True

-

bind_dn

str

DN used to bind to the LDAP server. When this parameter is not defined, access to LDAP directory is performed anonymously.

Example: cn=system,ou=people,dc=example,dc=org

No default value

-

bind_password

password

Password of bind DN. This parameter is required when bind_dn is defined.

Example: SECR3T

No default value

-

restricted_groups

list[str]

List of users groups allowed to connect. When this parameter is not defined, all users in LDAP directory are authorized to sign in.

Example: ['admins', 'biology']

No default value

-

jwt

Parameter Type Description Required
key

path

Path to private key for JWT signature

Default: /var/lib/slurm-web/jwt.key

-

duration

int

JWT validity duration in days

Default: 1

-

algorithm

str

Cryptographic algorithm used to sign JWT

Choices:

  • HS256

  • HS384

  • HS512

  • ES256

  • ES256K

  • ES384

  • ES512

  • RS256

  • RS384

  • RS512

  • PS256

  • PS384

  • PS512

  • EdDSA

Default: HS256

-

audience

str

Audience defined in generated JWT and expected in JWT provided by clients

Default: slurm-web

-

Example

This section contains a full example of Slurm-web gateway configuration file.

Do NOT use this full example file as a basis for your custom site configuration. This example is provided only to illustrate the syntax of the file, its parameters and possible values. Most parameters are actually optional. You should define only the sections and parameters that are either really required or those for which you want to override default value. Please refer to the quickstart guide to understand the parameters you are supposed to define in most cases.
This example file is also installed in Slurm-web gateway distribution packages at /usr/share/doc/slurm-web-gateway/examples/gateway.ini.
Complete example of Slurm-web gateway configuration file
# This file is an example configuration file for Slurm-web gateway
#
# Please DO NOT USE THIS FILE as a basis for your custom
# /etc/slurm-web/gateway.ini.

[service]

# Address of network interfaces to bind native service for incoming
# connections. Special value `0.0.0.0` means all network interfaces.
#
# Default value: localhost
interface=localhost

# TCP port to listen for incoming connections.
#
# Default value: 5011
port=5011

# When true, Cross-Origin Resource Sharing (CORS) headers are enabled.
cors=no

# Enable debug mode
debug=no

# List of log flags to enable. Special value `ALL` enables all log flags.
#
# Possible values:
# - slurmweb
# - rfl
# - werkzeug
# - urllib3
# - racksdb
# - ALL
#
# Default value:
# - ALL
log_flags=
  ALL

# List of debug flags to enable. Special value `ALL` enables all debug
# flags.
#
# Possible values:
# - slurmweb
# - rfl
# - werkzeug
# - urllib3
# - racksdb
# - ALL
#
# Default value:
# - slurmweb
debug_flags=
  slurmweb

[ui]

# Public URL to access the gateway component
host=https://dashboard.corp.com/

# Serve frontend application with gateway
#
# Default value: yes
enabled=yes

# Path to Slurm-web frontend application
#
# Default value: /usr/share/slurm-web/frontend
path=/usr/share/slurm-web/frontend

# Path HTML templates folder.
#
# Default value: /usr/share/slurm-web/templates
templates=/usr/share/slurm-web/templates

# Path to service message HTML template relative to the templates folder.
#
# Default value: message.html.j2
message_template=message.html.j2

# Path to service message presented to users below the login form. Slurm-web
# loads the file if it exists. However, it does not fail if file is not
# found, it is skipped silently. The content must be formatted in markdown.
#
# Default value: /etc/slurm-web/messages/login.md
message_login=/etc/slurm-web/messages/login.md

# Control if users can see the list of denied clusters, ie. clusters on
# which they do not have any permission. When false, these clusters are
# visible and marked as denied for these users. When true, these clusters
# are hidden to these users.
hide_denied=no

[agents]

# List of Slurm-web agents URL
#
# This parameter is required.
url=
  https://cluster1/agent
  https://cluster2/agent

# Version of Slurm-web agent API
#
# Default value: 4.1.0
version=4.1.0

# Minimal supported version of RacksDB API
# 
# CAUTION: You SHOULD NOT change this parameter unless you really know what
# you are doing. This parameter is more intented for Slurm-web developers
# rather than end users. Slurm-web is officially tested and validated with
# the default value only.
#
# Default value: 0.4.0
racksdb_version=0.4.0

[authentication]

# Determine if authentication is enabled
enabled=no

# Authentification method
#
# Possible values:
# - ldap
#
# Default value: ldap
method=ldap

[ldap]

# URI to connect to LDAP server
uri=ldap://localhost

# Path to CA certificate used to validate signature of LDAP server
# certificate when using ldaps or STARTTLS protocols. When not defined, the
# default system CA certificates is used.
cacert=/path/to/certificate.pem

# Use STARTTLS protocol to negociate TLS connection with LDAP server
starttls=no

# Base DN for users entries
user_base=ou=people,dc=example,dc=org

# Base DN for group entries
group_base=ou=group,dc=example,dc=org

# Class of user entries
#
# Default value: posixAccount
user_class=posixAccount

# User entry attribute for user name
#
# Default value: uid
user_name_attribute=uid

# User entry attribute for full name
#
# Default value: cn
user_fullname_attribute=cn

# User entry attribute for primary group ID
#
# Default value: gidNumber
user_primary_group_attribute=gidNumber

# Group entry attribute for name
#
# Default value: cn
group_name_attribute=cn

# List of LDAP object classes for groups
#
# Default value:
# - posixGroup
# - groupOfNames
group_object_classes=
  posixGroup
  groupOfNames

# Lookup user DN in the scope of user base subtree. If disable, LDAP
# directory is not requested to search for the user in the subtree before
# authentication, and the user DN are considered to be in the form of
# `<user_name_attribute>=$login,<user_base>` (ex:
# `uid=$login,ou=people,dc=example,dc=org`). This notably implies all
# users entries to be at the first level under the user base in the tree.
#
# Default value: yes
lookup_user_dn=yes

# DN used to bind to the LDAP server. When this parameter is not defined,
# access to LDAP directory is performed anonymously.
bind_dn=cn=system,ou=people,dc=example,dc=org

# Password of bind DN. This parameter is required when `bind_dn` is
# defined.
bind_password=SECR3T

# List of users groups allowed to connect. When this parameter is not
# defined, all users in LDAP directory are authorized to sign in.
restricted_groups=
  admins
  biology

[jwt]

# Path to private key for JWT signature
#
# Default value: /var/lib/slurm-web/jwt.key
key=/var/lib/slurm-web/jwt.key

# JWT validity duration in days
#
# Default value: 1
duration=1

# Cryptographic algorithm used to sign JWT
#
# Possible values:
# - HS256
# - HS384
# - HS512
# - ES256
# - ES256K
# - ES384
# - ES512
# - RS256
# - RS384
# - RS512
# - PS256
# - PS384
# - PS512
# - EdDSA
#
# Default value: HS256
algorithm=HS256

# Audience defined in generated JWT and expected in JWT provided by clients
#
# Default value: slurm-web
audience=slurm-web