Enabling sudo under srun #1620
-
|
This is our yaml file. On the resulting cluster everyone has sudo access (inheriting from GCP compute node admin permissions), but running under |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 1 reply
-
|
I suggest adding the following script settings to your controller module. The example below is adapted from examples/hpc-slurm.yaml. With these settings, I am able to run I am configured as roles/compute.osAdminLogin in the project. - id: slurm_controller
source: community/modules/scheduler/schedmd-slurm-gcp-v5-controller
use:
- network1
- debug_partition
- compute_partition
settings:
disable_controller_public_ips: false
compute_startup_script: |
#!/bin/bash
mkdir /var/slurm-sudoers.d
chmod 750 /var/slurm-sudoers.d
echo '#includedir /var/slurm-sudoers.d' > /etc/sudoers.d/slurm-job-user
chmod 440 /etc/sudoers.d/slurm-job-user
sed -i '/^account.*required.*pam_unix.so/ s/$/ broken_shadow/' /etc/pam.d/system-auth
if [[ -x /opt/adm/compute_startup_script ]]; then
exec /opt/adm/compute_startup_script
fi
prolog_scripts:
- filename: add-job-user-to-sudoers.sh
content: |
#!/bin/bash
if [[ -n "${SLURM_JOB_USER}" && -n "${SLURM_JOB_ID}" && -d /var/slurm-sudoers.d ]]; then
echo "${SLURM_JOB_USER} ALL=(ALL) NOPASSWD: ALL" > "/var/slurm-sudoers.d/${SLURM_JOB_USER}-${SLURM_JOB_ID}"
chmod 440 "/var/slurm-sudoers.d/${SLURM_JOB_USER}-${SLURM_JOB_ID}"
fi
epilog_scripts:
- filename: remove-job-user-to-sudoers.sh
content: |
#!/bin/bash
if [[ -n "${SLURM_JOB_USER}" && -n "${SLURM_JOB_ID}" ]]; then
rm -f "/var/slurm-sudoers.d/${SLURM_JOB_USER}-${SLURM_JOB_ID}"
fi |
Beta Was this translation helpful? Give feedback.
-
|
Thanks for this script, this is what I was looking for |
Beta Was this translation helpful? Give feedback.
I suggest adding the following script settings to your controller module. The example below is adapted from examples/hpc-slurm.yaml.
With these settings, I am able to run
srun -N1 -p debug sudo whoamiand it returnsrootas you'd expect. Without the, you get the interactive prompt.I am configured as roles/compute.osAdminLogin in the project.