Dear Slurm developers,
After upgrading from Slurm 14.03.x to 16.05.8 we saw that the coordinators
were not able anymore to update jobs from accounts that they coordinate.
Even though in the man page of scontrol still is written that the
coordinator
can call "scontrol update job ..." for jobs that belong to accounts that
they
coordinate.
With commit 938afeb32d643e1036ccada081774b8dccadded0 the
coordinators privileges were removed.
So from Slurm version 15.08.4-1 and afterwards, all versions are affected.
Please, you can find below a patch for slurmctld where the coordinator
privileges are again in effect.
This patch was created for Slurm git tag slurm-16-05-8-1:
{{{
From 141474a9fae4cec475bdab09b01205b395ec176d Mon Sep 17 00:00:00 2001
From: Chrysovalantis Paschoulas <c.paschou...@fz-juelich.de>
Date: Mon, 3 Apr 2017 15:14:39 +0200
Subject: [PATCH 1/1] Bring back coordinator privileges for updating jobs
With commit 938afeb32d643e1036ccada081774b8dccadded0 the privileges
of coordinators were reverted. After that commit the local
authorized variable in _update_job() was not set correctly.
The coordinators were not authorized anymore to update jobs
for the accounts they coordinate. Current commit should fix
this problem.
---
src/slurmctld/job_mgr.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/src/slurmctld/job_mgr.c b/src/slurmctld/job_mgr.c
index 357f923..3f97997 100644
--- a/src/slurmctld/job_mgr.c
+++ b/src/slurmctld/job_mgr.c
@@ -10171,7 +10171,9 @@ static int _update_job(struct job_record
*job_ptr, job_desc_msg_t * job_specs,
&cpus_per_node);
#endif
- authorized = admin = validate_operator(uid);
+ admin = validate_operator(uid);
+ authorized = admin || assoc_mgr_is_user_acct_coord(
+ acct_db_conn, uid, job_ptr->account);
if (job_specs->burst_buffer) {
/* burst_buffer contents are validated at job submit time and
* data is possibly being staged at later times. It can not
@@ -10213,8 +10215,7 @@ static int _update_job(struct job_record
*job_ptr, job_desc_msg_t * job_specs,
memset(&acct_policy_limit_set, 0, sizeof(acct_policy_limit_set_t));
acct_policy_limit_set.tres = tres;
- if (authorized ||
- assoc_mgr_is_user_acct_coord(acct_db_conn, uid,
job_ptr->account)) {
+ if (authorized) {
/* set up the acct_policy if we are authorized */
for (tres_pos = 0; tres_pos < slurmctld_tres_cnt; tres_pos++)
acct_policy_limit_set.tres[tres_pos] = ADMIN_SET_LIMIT;
--
2.9.3
}}}
You can find also attached the patch. By sending this email here is enough
or should I report it also in Bugzilla?
Best Regards,
Chrysovalantis Paschoulas
------------------------------------------------------------------------------------------------
------------------------------------------------------------------------------------------------
Forschungszentrum Juelich GmbH
52425 Juelich
Sitz der Gesellschaft: Juelich
Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498
Vorsitzender des Aufsichtsrats: MinDir Dr. Karl Eugen Huthmacher
Geschaeftsfuehrung: Prof. Dr.-Ing. Wolfgang Marquardt (Vorsitzender),
Karsten Beneke (stellv. Vorsitzender), Prof. Dr.-Ing. Harald Bolt,
Prof. Dr. Sebastian M. Schmidt
------------------------------------------------------------------------------------------------
------------------------------------------------------------------------------------------------
>From 141474a9fae4cec475bdab09b01205b395ec176d Mon Sep 17 00:00:00 2001
From: Chrysovalantis Paschoulas <c.paschou...@fz-juelich.de>
Date: Mon, 3 Apr 2017 15:14:39 +0200
Subject: [PATCH 1/1] Bring back coordinator privileges for updating jobs
With commit 938afeb32d643e1036ccada081774b8dccadded0 the privileges
of coordinators were reverted. After that commit the local
authorized variable in _update_job() was not set correctly.
The coordinators were not authorized anymore to update jobs
for the accounts they coordinate. Current commit should fix
this problem.
---
src/slurmctld/job_mgr.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/src/slurmctld/job_mgr.c b/src/slurmctld/job_mgr.c
index 357f923..3f97997 100644
--- a/src/slurmctld/job_mgr.c
+++ b/src/slurmctld/job_mgr.c
@@ -10171,7 +10171,9 @@ static int _update_job(struct job_record *job_ptr, job_desc_msg_t * job_specs,
&cpus_per_node);
#endif
- authorized = admin = validate_operator(uid);
+ admin = validate_operator(uid);
+ authorized = admin || assoc_mgr_is_user_acct_coord(
+ acct_db_conn, uid, job_ptr->account);
if (job_specs->burst_buffer) {
/* burst_buffer contents are validated at job submit time and
* data is possibly being staged at later times. It can not
@@ -10213,8 +10215,7 @@ static int _update_job(struct job_record *job_ptr, job_desc_msg_t * job_specs,
memset(&acct_policy_limit_set, 0, sizeof(acct_policy_limit_set_t));
acct_policy_limit_set.tres = tres;
- if (authorized ||
- assoc_mgr_is_user_acct_coord(acct_db_conn, uid, job_ptr->account)) {
+ if (authorized) {
/* set up the acct_policy if we are authorized */
for (tres_pos = 0; tres_pos < slurmctld_tres_cnt; tres_pos++)
acct_policy_limit_set.tres[tres_pos] = ADMIN_SET_LIMIT;
--
2.9.3
