Hi,
is there a way to tell the Slurm daemons on the controlling server
_not_ to listen to commands changing configuration from clients? I
would like to limit such access to certain administration hosts
(localhost would be fine in our case).
By principle, we do not want cluster reconfiguration being accessible
from compute nodes, even (especially;-) when someone is logged in as
root user there.
It is fine and desired that
sacctmgr list account
shows the current configuration to the root user on a compute node, but
I'd rather have things like
sacctmgr create account name=justatest fairshare=1
fail with "Access/permission denied" when issued from a non-management
node.
I do not find a setting limiting the kind of access to certain hosts in
`man slurm.conf` (using 14.11.8). And of course, firewall rules are of
no use when there is querying traffing along the same route as
reconfiguration traffic. Am I overlooking something?
Alrighty then,
Thomas
--
Dr. Thomas Orgis
Universität Hamburg
RRZ / Zentrale Dienste / HPC
Schlüterstr. 70
20146 Hamburg
Tel.: 040/42838 8826
Fax: 040/428 38 6270
