Slurmrestd Access

This page describes how-to setup Slurm slurmrestd service and Slurm-web agent with:

  • Unix socket,

  • local authentication.

slurmrestd access modes unix local

With local authentication method, slurmrestd service authenticates the user with UID/GID of the client process, which must match UID/GID of slurmrestd service itself.

In this configuration, both slurmrestd service and Slurm-web agent must run as special slurm administrator user to get full permissions on Slurm cluster. This is usually not recommended but it can be considered safe in this case because Slurm-web has its own internal security autorization policy to control users permissions and enforce security.

Setup Slurm

Create /etc/systemd/system/slurmrestd.service.d/slurm-web.conf drop-in configuration override for slurmrestd service:

[Service]
# Unset vendor unit ExecStart to avoid cumulative definition
ExecStart=
Environment=
# Disable slurm user security check
Environment=SLURMRESTD_SECURITY=disable_user_check
ExecStart=/usr/sbin/slurmrestd $SLURMRESTD_OPTIONS -a rest_auth/local unix:/run/slurmrestd/slurmrestd.socket
RuntimeDirectory=slurmrestd
RuntimeDirectoryMode=0755
User=slurm
Group=slurm
The environment variable SLURMRESTD_SECURITY=disable_user_check is defined to force slurmrestd run as slurm administrator user.

Reload systemd units and enable the service:

# systemctl daemon-reload && systemctl enable --now slurmrestd.service
There is nothing more to configure as it is the configuration expected by default by Slurm-web agent.

Test Access

To test Slurm-web agent and slurmrestd service configuration parameters, you can run slurm-web-connect-check utility. It tries to send HTTP request to slurmrestd with Slurm-web agent configuration parameters and reports the status. For example:

# /usr/libexec/slurm-web/slurm-web-connect-check
✅ connection successful (slurm: 24.11.0, cluster: hpc)