Slurmrestd Access

With local authentication method, slurmrestd
service authenticates the user
with UID/GID of the client process, which must match UID/GID of slurmrestd
service itself.
In this configuration, both slurmrestd
service and Slurm-web agent must run
as special slurm
administrator user to get full permissions on Slurm cluster.
This is usually not recommended but it can be considered safe in this case
because Slurm-web has its own internal security
autorization policy to control users permissions and
enforce security.
Setup Slurm
Create /etc/systemd/system/slurmrestd.service.d/slurm-web.conf
drop-in configuration override for slurmrestd
service:
[Service]
# Unset vendor unit ExecStart to avoid cumulative definition
ExecStart=
Environment=
# Disable slurm user security check
Environment=SLURMRESTD_SECURITY=disable_user_check
ExecStart=/usr/sbin/slurmrestd $SLURMRESTD_OPTIONS -a rest_auth/local unix:/run/slurmrestd/slurmrestd.socket
RuntimeDirectory=slurmrestd
RuntimeDirectoryMode=0755
User=slurm
Group=slurm
The environment variable SLURMRESTD_SECURITY=disable_user_check is
defined to force slurmrestd run as slurm administrator user.
|
Reload systemd units and enable the service:
# systemctl daemon-reload && systemctl enable --now slurmrestd.service
There is nothing more to configure as it is the configuration expected by default by Slurm-web agent. |
Test Access
To test Slurm-web agent and slurmrestd
service configuration parameters, you
can run slurm-web-connect-check
utility. It tries to send HTTP request to slurmrestd
with Slurm-web agent
configuration parameters and reports the status. For example:
# /usr/libexec/slurm-web/slurm-web-connect-check
✅ connection successful (slurm: 24.11.0, cluster: hpc)