nixos/slurm: run ctld as user and fix spool dir

* run as user 'slurm' per default instead of root * add user/group slurm to ids.nix * fix default location for the state dir of slurmctld: (/var/spool -> /var/spool/slurmctld) * Update release notes with the above changes
2018-10-23 23:43:53 +02:00 · 2018-10-23 23:43:53 +02:00 · 111d4eb090
commit 111d4eb090
parent f129ed25a0
3 changed files with 54 additions and 0 deletions
--- a/nixos/doc/manual/release-notes/rl-1903.xml
+++ b/nixos/doc/manual/release-notes/rl-1903.xml
@ -152,6 +152,20 @@
     has been renamed to <varname>postgresql_9_6</varname>.
    </para>
   </listitem>
   <listitem>
    <para>
      Slurm introduces the new option
      <literal>services.slurm.stateSaveLocation</literal>,
      which is now set to <literal>/var/spool/slurm</literal> by default
      (instead of <literal>/var/spool</literal>).
      Make sure to move all files to the new directory or to set the option accordingly.
    </para>
    <para>
      The slurmctld now runs as user <literal>slurm</literal> instead of <literal>root</literal>.
      If you want to keep slurmctld running as <literal>root</literal>, set
      <literal>services.slurm.user = root</literal>.
    </para>
   </listitem>
  </itemizedlist>
 </section>
--- a/nixos/modules/misc/ids.nix
+++ b/nixos/modules/misc/ids.nix
@ -331,6 +331,7 @@
      zeronet = 304;
      lirc = 305;
      lidarr = 306;
      slurm = 307;
      # When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399!
@ -622,6 +623,7 @@
      zeronet = 304;
      lirc = 305;
      lidarr = 306;
      slurm = 307;
      # When adding a gid, make sure it doesn't match an existing
      # uid. Users and groups with the same name should have equal
--- a/nixos/modules/services/computing/slurm/slurm.nix
+++ b/nixos/modules/services/computing/slurm/slurm.nix
@ -6,9 +6,14 @@ let
  cfg = config.services.slurm;
  # configuration file can be generated by http://slurm.schedmd.com/configurator.html
  defaultUser = "slurm";
  configFile = pkgs.writeTextDir "slurm.conf"
    ''
      ClusterName=${cfg.clusterName}
      StateSaveLocation=${cfg.stateSaveLocation}
      SlurmUser=${cfg.user}
      ${optionalString (cfg.controlMachine != null) ''controlMachine=${cfg.controlMachine}''}
      ${optionalString (cfg.controlAddr != null) ''controlAddr=${cfg.controlAddr}''}
      ${optionalString (cfg.nodeName != null) ''nodeName=${cfg.nodeName}''}
@ -159,6 +164,25 @@ in
        '';
      };
      stateSaveLocation = mkOption {
        type = types.str;
        default = "/var/spool/slurmctld";
        description = ''
          Directory into which the Slurm controller, slurmctld, saves its state.
        '';
      };
      user = mkOption {
        type = types.str;
        default = defaultUser;
        description = ''
          Set this option when you want to run the slurmctld daemon
          as something else than the default slurm user "slurm".
          Note that the UID of this user needs to be the same
          on all nodes.
        '';
      };
      extraConfig = mkOption {
        default = "";
        type = types.lines;
@ -226,6 +250,15 @@ in
    services.munge.enable = mkDefault true;
    # use a static uid as default to ensure it is the same on all nodes
    users.users.slurm = mkIf (cfg.user == defaultUser) {
      name = defaultUser;
      group = "slurm";
      uid = config.ids.uids.slurm;
    };
    users.groups.slurm.gid = config.ids.uids.slurm;
    systemd.services.slurmd = mkIf (cfg.client.enable) {
      path = with pkgs; [ wrappedSlurm coreutils ]
        ++ lib.optional cfg.enableSrunX11 slurm-spank-x11;
@ -261,6 +294,11 @@ in
        PIDFile = "/run/slurmctld.pid";
        ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
      };
      preStart = ''
        mkdir -p ${cfg.stateSaveLocation}
        chown -R ${cfg.user}:slurm ${cfg.stateSaveLocation}
      '';
    };
  };