Hi Tina, Tina Friedrich <tina.friedr...@it.ox.ac.uk> writes:
> Script. Not doing manual anything if it can at all be avoided, way to error > prone. > > We have a cron job that does all of that. Checks if there are users or groups > in > LDAP that aren't in SLURM yet, and adds them - that's adding accounts, adding > users, .... I think it also removed users/accounts if necessary, and also I'd be interested in the removal part. This seems to me to be the trickiest bit, not so much technically, but from a policy point of view. Our HPC accounts are based on university accounts and thus subject to the life-cycle management of the university's identity management system. However, if someone has HPC access but stops using it, we might after a while which to remove or at least block the access. However, if the inactive person is the leader of a research group, we might want to retain the HPC access so that the person will still receive our newsletter. In addition, a person might leave a research group and thus no longer fulfil one of the criteria for HPC access, but still have a valid university account (and also neither the person nor the group leader may inform us about that change). Has anyone come up with a good framework for this kind of thing? Cheers, Loris > handles user<->account associations, as those can change (we allow users in > multiple groups), and it makes a valient attempt at changing default > associations if they need changing, I believe. > > I think it runs every 15 minutes. > > The problem/pitfall that I can see is if a script is coded to, basically, loop > through all users running sacctmgr for each to check it exists. We very > definitely do not do that - the script gets all users, accounts & associations > from SLURM and the equivalent from LDAP and then, basically, does a couple of > list compares. > > Tina > > On 18/08/2020 16:36, Jason Simms wrote: > >> Hello everyone! We have a script that queries our LDAP server for any users >> that have an entitlement to use the cluster, and if they don't already have >> an >> account on the cluster, one is created for them. In addition, they need to be >> added to the Slurm database (in order to track usage, FairShare, etc.). >> >> I've been doing this manually with a command like this: >> >> sacctmgr add user <username> Account=root DefaultAccount=root >> >> I would like to add that command to the user creation script, but I'm warned >> off by the Slurm docs that say never to call sacctmgr in a script/loop. I >> understand the reasons why doing so multiple times in rapid succession can be >> a bad idea. In our case, however, it would be rare to have more than one new >> user at a time (our script runs in 15-min. intervals). Is there really a >> concern in a case like ours? >> >> How do you all handle adding users to Slurm's DB? Manually? Or, if not by >> script or some automated means...?? >> >> Warmest regards, >> Jason >> >> -- >> *Jason L. Simms, Ph.D., M.P.H.* >> Manager of Research and High-Performance Computing >> XSEDE Campus Champion >> Lafayette College >> Information Technology Services >> 710 Sullivan Rd | Easton, PA 18042 >> Office: 112 Skillman Library >> p: (610) 330-5632
