Update

This page describes how to update Slurm-web to the latest version. It is important to keep your installation up to date to benefit from the latest features, improvements, and security patches.

The document provides a general procedure for updating the software and specific steps for updating to latest major version.

General Procedure

Update Packages

Depending on host Linux distribution, run this command to update Slurm-web packages:

  • RHEL, CentOS, Rocky Linux, AlmaLinux OS and Fedora

  • Debian and Ubuntu

# dnf update
# apt update && apt upgrade

Restart Services

Run these command to restart services:

  • Native service

  • Production HTTP server

When using default native service:

# systemctl restart slurm-web-gateway.service slurm-web-agent.service

When using production HTTP server:

# systemctl restart slurm-web-gateway-uwsgi.service slurm-web-agent-uwsgi.service

Check Status

Check status of services:

  • Native service

  • Production HTTP server

When using default native service:

# systemctl status slurm-web-gateway.service slurm-web-agent.service

When using production HTTP server:

# systemctl status slurm-web-gateway-uwsgi.service slurm-web-agent-uwsgi.service

Services must be active and running.

Connect to Slurm-web web interface with your browser to check it is up-and-running.

Notes for Slurm-web 5

To update Slurm-web from version 4 to version 5, some manual additional steps must be performed because default slurmrestd authentication method has been changed from local to jwt.

This breaking change has been introduced because Slurm 25.05 dropped support of running slurmrestd as slurm system user, which is a requirement for using local authentication in Slurm-web.

It is highly recommended to migrate your Slurm-web installation to jwt authentication. However, documentation is also provided to keep using local authentication despite the recommendation.

To avoid impacting users with automatic upgrades, Slurm-web 5 packages have been moved to a separate repository. Packages repositories settings must be updated to install this version.

Package Repositories

DNF

This procedure works on RHEL, CentOS, Rocky Linux and AlmaLinux OS.

Edit /etc/yum.repos.d/rackslab.repo to add slurmweb-5 repository:

  • RHEL 8

  • RHEL 9

  • Fedora 41

  • Fedora 42

--- a/etc/yum.repos.d/rackslab.repo
+++ b/etc/yum.repos.d/rackslab.repo
@@ -3,3 +3,9 @@
 baseurl=https://pkgs.rackslab.io/rpm/el8/main/$basearch/
 gpgcheck=1
 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Rackslab
+
+[rackslab-slurmweb-5]
+name=Rackslab slurmweb-5
+baseurl=https://pkgs.rackslab.io/rpm/el8/slurmweb-5/$basearch/
+gpgcheck=1
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Rackslab
--- a/etc/yum.repos.d/rackslab.repo
+++ b/etc/yum.repos.d/rackslab.repo
@@ -3,3 +3,9 @@
 baseurl=https://pkgs.rackslab.io/rpm/el9/main/$basearch/
 gpgcheck=1
 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Rackslab
+
+[rackslab-slurmweb-5]
+name=Rackslab slurmweb-5
+baseurl=https://pkgs.rackslab.io/rpm/el9/slurmweb-5/$basearch/
+gpgcheck=1
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Rackslab
--- a/etc/yum.repos.d/rackslab.repo
+++ b/etc/yum.repos.d/rackslab.repo
@@ -3,3 +3,9 @@
 baseurl=https://pkgs.rackslab.io/rpm/fc41/main/$basearch/
 gpgcheck=1
 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Rackslab
+
+[rackslab-slurmweb-5]
+name=Rackslab slurmweb-5
+baseurl=https://pkgs.rackslab.io/rpm/fc41/slurmweb-5/$basearch/
+gpgcheck=1
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Rackslab
--- a/etc/yum.repos.d/rackslab.repo
+++ b/etc/yum.repos.d/rackslab.repo
@@ -3,3 +3,9 @@
 baseurl=https://pkgs.rackslab.io/rpm/fc42/main/$basearch/
 gpgcheck=1
 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Rackslab
+
+[rackslab-slurmweb-5]
+name=Rackslab slurmweb-5
+baseurl=https://pkgs.rackslab.io/rpm/fc42/slurmweb-5/$basearch/
+gpgcheck=1
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Rackslab

Run this command to update repositories and packages:

# dnf update

APT

This procedure works Debian and Ubuntu.

Edit /etc/apt/sources.list.d/rackslab.sources to add slurmweb-5 distribution:

  • Debian 12 « bookworm »

  • Debian 13 « trixie »

  • Debian unstable « sid »

  • Ubuntu 24.04 LTS

--- a/etc/apt/sources.list.d/rackslab.sources
+++ b/etc/apt/sources.list.d/rackslab.sources
@@ -1,6 +1,6 @@
 Types: deb
 URIs: https://pkgs.rackslab.io/deb
 Suites: bookworm
-Components: main
+Components: main slurmweb-5
 Architectures: amd64
 Signed-By: /usr/share/keyrings/rackslab.gpg
--- a/etc/apt/sources.list.d/rackslab.sources
+++ b/etc/apt/sources.list.d/rackslab.sources
@@ -1,6 +1,6 @@
 Types: deb
 URIs: https://pkgs.rackslab.io/deb
 Suites: trixie
-Components: main
+Components: main slurmweb-5
 Architectures: amd64
 Signed-By: /usr/share/keyrings/rackslab.gpg
--- a/etc/apt/sources.list.d/rackslab.sources
+++ b/etc/apt/sources.list.d/rackslab.sources
@@ -1,6 +1,6 @@
 Types: deb
 URIs: https://pkgs.rackslab.io/deb
 Suites: sid
-Components: main
+Components: main slurmweb-5
 Architectures: amd64
 Signed-By: /usr/share/keyrings/rackslab.gpg
--- a/etc/apt/sources.list.d/rackslab.sources
+++ b/etc/apt/sources.list.d/rackslab.sources
@@ -1,6 +1,6 @@
 Types: deb
 URIs: https://pkgs.rackslab.io/deb
 Suites: ubuntu24.04
-Components: main
+Components: main slurmweb-5
 Architectures: amd64
 Signed-By: /usr/share/keyrings/rackslab.gpg

Run this command to update repositories and packages:

# apt update && apt upgrade

Already using JWT?

You were already using slurmrest JWT authentication with Slurm-web 4? Then you can do some cleanup in your configuration.

You can edit /etc/slurm-web/agent.ini to remove [slurmrestd] > auth setting as jwt is the new default value:

--- a/etc/slurm-web/agent.ini
+++ b/etc/slurm-web/agent.ini
@@ -3,5 +3,2 @@

-[slurmrestd]
-auth=jwt
-
 [cache]

If you are using Slurm-web default native service, you can also remove the override that was used to force running the agent as slurm system user:

# rm /etc/systemd/system/slurm-web-agent.service.d/override.conf

New system service file /lib/systemd/system/slurm-web-agent.service can be used without override.

Migrate to JWT authentication

Setup Slurm JWT

Generate random Slurm JWT signing key with restrictive permissions:

# dd if=/dev/random of=/var/spool/slurm/jwt_hs256.key bs=32 count=1
# chown slurm:slurm /var/spool/slurm/jwt_hs256.key
# chmod 0600 /var/spool/slurm/jwt_hs256.key

Edit main Slurm and SlurmDBD configuration to enable JWT alternative authentication:

AuthAltTypes=auth/jwt
AuthAltParameters=jwt_key=/var/spool/slurm/jwt_hs256.key

Restart slurmctld and slurmdbd services to update configuration:

# systemctl restart slurmctld slurmdbd
More links

Setup slurmrestd

Edit /etc/systemd/system/slurmrestd.service.d/slurm-web.conf with these settings:

[Service]
# Unset vendor unit ExecStart and Environment to avoid cumulative definition
ExecStart=
Environment=
Environment="SLURM_JWT=daemon"
ExecStart=/usr/sbin/slurmrestd $SLURMRESTD_OPTIONS -a rest_auth/jwt unix:/run/slurmrestd/slurmrestd.socket
RuntimeDirectory=slurmrestd
RuntimeDirectoryMode=0755
User=slurmrestd
Group=slurmrestd
DynamicUser=yes
With this configuration, slurmrestd listens for incoming connections on Unix socket with jwt authentication method. It is also possible to configure slurmrestd to listen on TCP/IP socket. Please refer to slurmrestd configuration page for more details.

Make systemd reload units changes on disk:

# systemctl daemon-reload

Enable and start slurmrestd service:

# systemctl restart slurmrestd.service

To check slurmrestd daemon is properly running with JWT authentication, run this command:

# export $(scontrol token)
# curl -H X-SLURM-USER-TOKEN:$SLURM_JWT --unix-socket /run/slurmrestd/slurmrestd.socket http://slurm/slurm/v0.0.41/diag
{
   "meta": {
     "plugin": {
      "type": "openapi\/slurmctld",
      "name": "Slurm OpenAPI slurmctld",
      "data_parser": "data_parser\/v0.0.41",
      "accounting_storage": "accounting_storage\/slurmdbd"
    },
   }
  …
}

Slurm JWT signing key

For Slurm-web authentication to slurmrestd, copy Slurm JWT signing key:

# cp /var/spool/slurm/jwt_hs256.key /var/lib/slurm-web/slurmrestd.key

Restrict access to this sensitive file with read permission to slurm-web system user only:

# chown slurm-web:slurm-web /var/lib/slurm-web/slurmrestd.key
# chmod 400 /var/lib/slurm-web/slurmrestd.key
With this configuration, Slurm-web agent automatically generates its tokens with short lifespan for authentication to slurmrestd. As an alternative, Slurm-web supports static tokens. Please refer to slurmrestd configuration page for more details.

To test Slurm-web agent and slurmrestd service configuration parameters, you can run slurm-web-connect-check utility. It tries to send HTTP request to slurmrestd with Slurm-web agent configuration parameters and reports the status. For example:

# /usr/libexec/slurm-web/slurm-web-connect-check
✅ connection successful (slurm: 25.05.0, cluster: hpc)

Agent uWSGI service

If you are using Slurm-web with production HTTP servers, update uWSGI agent service file:

# cp -v /usr/share/slurm-web/wsgi/agent/slurm-web-agent-uwsgi.service /etc/systemd/system/

Reload systemd services:

# systemctl daemon-reload

Restart the service to apply changes:

# systemctl restart slurm-web-agent-uwsgi.service

Keep using local authentication

You want to keep using slurmrestd local authentication despite the recommendation?

Edit Slurm-web agent configuration file /etc/slurm-web/agent.ini to enable local authentication method:

[slurmrestd]
auth=local

Add permission to slurm user on Slurm-web JWT signing key:

# /usr/libexec/slurm-web/slurm-web-gen-jwt-key --with-slurm
INFO ⸬ Setting read permission on key for slurm user

Edit Slurm-web agent service to run as privileged slurm system user:

  • Native service

  • Production HTTP server

With native services, edit agent service settings:

# systemctl edit slurm-web-agent.service

Add the following lines:

[Service]
User=slurm

When using production HTTP server, edit agent uWSGI service settings /etc/systemd/system/slurm-web-agent-uwsgi.service:

--- a/etc/systemd/system/slurm-web-agent-uwsgi.service
+++ b/etc/systemd/system/slurm-web-agent-uwsgi.service
@@ -5,7 +5,7 @@
 [Service]
 # By default, this service runs with slurm-web. When local authentication is
 # used on slurmrestd, this must be changed to run as slurm system user.
-User=slurm-web
+User=slurm
 RuntimeDirectory=slurm-web-agent
 ExecStart=/usr/bin/uwsgi --ini /usr/share/slurm-web/wsgi/agent/slurm-web-agent.ini

Reload service units:

# systemctl daemon-reload

To test Slurm-web agent and slurmrestd service configuration parameters, you can run slurm-web-connect-check utility. It tries to send HTTP request to slurmrestd with Slurm-web agent configuration parameters and reports the status. For example:

# /usr/libexec/slurm-web/slurm-web-connect-check
✅ connection successful (slurm: 24.11.0, cluster: hpc)

Upon succesful test, restart agent service to apply changes:

  • Native service

  • Production HTTP server

When using default native service:

# systemctl restart slurm-web-agent.service

When using production HTTP server:

# systemctl restart slurm-web-agent-uwsgi.service