nixos/slurm: run ctld as user and fix spool dir

* run as user 'slurm' per default instead of root * add user/group slurm to ids.nix * fix default location for the state dir of slurmctld: (/var/spool -> /var/spool/slurmctld) * Update release notes with the above changes
2018-10-23 23:43:53 +02:00 · 2018-10-23 23:43:53 +02:00 · 111d4eb090
commit 111d4eb090
parent f129ed25a0
3 changed files with 54 additions and 0 deletions
--- a/nixos/doc/manual/release-notes/rl-1903.xml
+++ b/nixos/doc/manual/release-notes/rl-1903.xml
@ -152,6 +152,20 @@
     has been renamed to <varname>postgresql_9_6</varname>.
    </para>
   </listitem>
+   <listitem>
+    <para>
+      Slurm introduces the new option
+      <literal>services.slurm.stateSaveLocation</literal>,
+      which is now set to <literal>/var/spool/slurm</literal> by default
+      (instead of <literal>/var/spool</literal>).
+      Make sure to move all files to the new directory or to set the option accordingly.
+    </para>
+    <para>
+      The slurmctld now runs as user <literal>slurm</literal> instead of <literal>root</literal>.
+      If you want to keep slurmctld running as <literal>root</literal>, set
+      <literal>services.slurm.user = root</literal>.
+    </para>
+   </listitem>
  </itemizedlist>
 </section>

--- a/nixos/modules/misc/ids.nix
+++ b/nixos/modules/misc/ids.nix
@ -331,6 +331,7 @@
      zeronet = 304;
      lirc = 305;
      lidarr = 306;
+      slurm = 307;

      # When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399!

@ -622,6 +623,7 @@
      zeronet = 304;
      lirc = 305;
      lidarr = 306;
+      slurm = 307;

      # When adding a gid, make sure it doesn't match an existing
      # uid. Users and groups with the same name should have equal
--- a/nixos/modules/services/computing/slurm/slurm.nix
+++ b/nixos/modules/services/computing/slurm/slurm.nix
@ -6,9 +6,14 @@ let

  cfg = config.services.slurm;
  # configuration file can be generated by http://slurm.schedmd.com/configurator.html
+
+  defaultUser = "slurm";
+
  configFile = pkgs.writeTextDir "slurm.conf"
    ''
      ClusterName=${cfg.clusterName}
+      StateSaveLocation=${cfg.stateSaveLocation}
+      SlurmUser=${cfg.user}
      ${optionalString (cfg.controlMachine != null) ''controlMachine=${cfg.controlMachine}''}
      ${optionalString (cfg.controlAddr != null) ''controlAddr=${cfg.controlAddr}''}
      ${optionalString (cfg.nodeName != null) ''nodeName=${cfg.nodeName}''}
@ -159,6 +164,25 @@ in
        '';
      };

+      stateSaveLocation = mkOption {
+        type = types.str;
+        default = "/var/spool/slurmctld";
+        description = ''
+          Directory into which the Slurm controller, slurmctld, saves its state.
+        '';
+      };
+
+      user = mkOption {
+        type = types.str;
+        default = defaultUser;
+        description = ''
+          Set this option when you want to run the slurmctld daemon
+          as something else than the default slurm user "slurm".
+          Note that the UID of this user needs to be the same
+          on all nodes.
+        '';
+      };
+
      extraConfig = mkOption {
        default = "";
        type = types.lines;
@ -226,6 +250,15 @@ in

    services.munge.enable = mkDefault true;

+    # use a static uid as default to ensure it is the same on all nodes
+    users.users.slurm = mkIf (cfg.user == defaultUser) {
+      name = defaultUser;
+      group = "slurm";
+      uid = config.ids.uids.slurm;
+    };
+
+    users.groups.slurm.gid = config.ids.uids.slurm;
+
    systemd.services.slurmd = mkIf (cfg.client.enable) {
      path = with pkgs; [ wrappedSlurm coreutils ]
        ++ lib.optional cfg.enableSrunX11 slurm-spank-x11;
@ -261,6 +294,11 @@ in
        PIDFile = "/run/slurmctld.pid";
        ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
      };
+
+      preStart = ''
+        mkdir -p ${cfg.stateSaveLocation}
+        chown -R ${cfg.user}:slurm ${cfg.stateSaveLocation}
+      '';
    };

  };