Hello José,
you might be interested in ubmod or its successor open xdmod. It's a system
that queries SLURM regularly, writes the data into its own database and makes
it available via webserver. You'd probably have to implement proper security
measures for user management.
Regards,
Lech
(sent from mobile)
Am 02.10.2014 14:38 schrieb =?ISO-8859-1?Q?Jos=E9_Rom=E1n_Bilbao_Castro?=
<[email protected]>:
Re: [slurm-dev] Re: Authentication and invoking slurm commands from
web app
Thanks Brian,So you propose to have something like an intermediate database
that maps web portal users to system users and make all calls internally from
the webserver, right?. I just wanted to avoid the intermediate step for
simplicity, but it seems to be a bad practice. So, regarding the second step...
what is the safest and more logical manner of invoking slurm commands from the
webserver?. I mean, at the end I must pass some credentials for the right
user... Or should I have a tomcat user that belongs to the sudo group and call
invoke commands as another user?. I am totally lost and need some thread to
start pulling from it.Thanks again,Jose2014-10-02 13:23 GMT+02:00 Brian B.
<[email protected]>:Hello Jose,It is never a good idea to have the public facing
credentials be the same as the private credentials. That is if your public
facing server is compromised your internal system is compromised. The limited
cases where direct internal access are needed (e.g. SSH) should be handled by
hardened servers. Allowing users to input executable commands on a webpage is
also not a good security practice. This is essentially how the shellshock bug
works. This is just my take on things but I would suggest building a different
system. --Regards,BrianOn Oct 2, 2014, at 06:40, José Román Bilbao Castro
<[email protected]> wrote:
Hi all,First of all, this is my very first message to the list and don't even
know if this is the proper place to port this message. I
am facing a simple project that should allow a slurm user to monitor
his jobs running on a slurm server. I have been looking at the Slurm
authentication API but I cannot find anything useful for me as this
seems to be applied to users already logged in the system. My question
is where to start looking at (technologies, web development frameworks,
etc...) to be able to enter a user/password on the web browser that
coincides with that of the Linux user, send the credentials to the
server, execute a slurm command on behalf of that user and print results
back... May be this is a very complex question, but I
have not much experience in web development and how it should be done to
link slurm commands execution, specific user authorization, etc... Thanks in
advance,Jose-- *José Román Bilbao Castro*Ingeniero Consultor+34
[email protected]_http://www.idiria.com_
<http://www.idiria.com/_>--Idiria Sociedad Limitada - Aviso legalEste mensaje,
su contenido y cualquier fichero transmitido con él está dirigido únicamente a
su destinatario y es confidencial. Por ello, se informa a quien lo reciba por
error ó tenga conocimiento del mismo sin ser su destinatario, que la
información contenida en él es reservada y su uso no autorizado, por lo que en
tal caso le rogamos nos lo comunique por la misma vía o por teléfono (+ 34
690207492), así como que se abstenga de reproducir el mensaje mediante
cualquier medio o remitirlo o entregarlo a otra persona, procediendo a su
borrado de manera inmediata. Idiria Sociedad Limitada se reserva las acciones
legales que le correspondan contra todo tercero que acceda de forma ilegítima
al contenido de cualquier mensaje externo procedente del mismo. Para
información y consultas visite nuestra web http://www.idiria.com Idiria
Sociedad Limitada - DisclaimerThis message, its content and any file attached
thereto is for the intended recipient only and is confidential. If you have
received this e-mail in error or had access to it, you should note that the
information in it is private and any use thereof is unauthorised. In such an
event please notify us by e-mail or by telephone (+ 34 690207492). Any
reproduction of this e-mail by whatsoever means and any transmission or
dissemination thereof to other persons is prohibited. It should be deleted
immediately from your system.Idiria Sociedad Limitada reserves the right to
take legal action against any persons unlawfully gaining access to the content
of any external message it has emitted.For additional information, please visit
our website http://www.idiria.com
-- *José Román Bilbao Castro*Ingeniero Consultor+34
[email protected]_http://www.idiria.com_
<http://www.idiria.com/_>--Idiria Sociedad Limitada - Aviso legalEste mensaje,
su contenido y cualquier fichero transmitido con él está dirigido únicamente a
su destinatario y es confidencial. Por ello, se informa a quien lo reciba por
error ó tenga conocimiento del mismo sin ser su destinatario, que la
información contenida en él es reservada y su uso no autorizado, por lo que en
tal caso le rogamos nos lo comunique por la misma vía o por teléfono (+ 34
690207492), así como que se abstenga de reproducir el mensaje mediante
cualquier medio o remitirlo o entregarlo a otra persona, procediendo a su
borrado de manera inmediata. Idiria Sociedad Limitada se reserva las acciones
legales que le correspondan contra todo tercero que acceda de forma ilegítima
al contenido de cualquier mensaje externo procedente del mismo. Para
información y consultas visite nuestra web http://www.idiria.com Idiria
Sociedad Limitada - DisclaimerThis message, its content and any file attached
thereto is for the intended recipient only and is confidential. If you have
received this e-mail in error or had access to it, you should note that the
information in it is private and any use thereof is unauthorised. In such an
event please notify us by e-mail or by telephone (+ 34 690207492). Any
reproduction of this e-mail by whatsoever means and any transmission or
dissemination thereof to other persons is prohibited. It should be deleted
immediately from your system.Idiria Sociedad Limitada reserves the right to
take legal action against any persons unlawfully gaining access to the content
of any external message it has emitted.For additional information, please visit
our website http://www.idiria.com