Adding new users to SLURM deployment

31 views
Skip to first unread message

Chathika Weerasuriya

unread,
Jun 16, 2022, 11:56:03 AM6/16/22
to google-cloud-slurm-discuss
Hi,

This is probably a very simple question, but despite spending a number of hours on it, I have not succeeded in adding a new user to a small SLURM cluster that I have created.

To be clear the owner (me) can access the login node, run jobs, etc.

I'm trying to now create new users for my lab group members.

So far I have:
  • Added IAM roles for each, using their some...@gmail.com, with a Compute OS Login role
  • Added the enable_oslogin=TRUE key to project metadata
  • Using the Compute Engine Default Service account credentials (as a JSON file), tried to use the Python client libraries to push HTTP requests:
  1. google.auth.transport.requests to push an HTTP PUT request using the Admin Directory v1 API - this did not work, returning 'Bad Request'
  2. the OS Login API, using build("oslogin", "v1", creds) and try to execute an importsshpublickeys - this says permission denied, i.e., that the service account credentials I am using do not have authorisation to modify a user.
  • I also tried making a POSIX user on the login node manually and adding an SSH pubkey to authorized_keys - no dice, though I suspect that is because OS Login is enabled.

Could someone please point me to how I (as project owner and nominal cluster administrator), could (1) create new users; and (2) add their SSH public keys?

I am probably overcomplicating it, but I just cannot figure it out!

NB: I am trying to avoid my lab members having to install gcloud.

Thanks very much

Chathika Weerasuriya

Alex Chekholko

unread,
Jun 16, 2022, 12:11:27 PM6/16/22
to Chathika Weerasuriya, google-cloud-slurm-discuss
Hi Chathika,

I think that for "Compute OS Login" to work for addresses (Google Accounts) outside of your main domain/organization, you also need to add them to the top-level IAM in your org with role "Compute OS Login External User". I don't remember where I learned that.

They will certainly need to install gcloud sdk as that's what handles the auth and the tunneling and so on; there is a bunch of auto-magic underneath.

IIRC by default the networking is configured so you can't SSH in directly anyway (separate VPC with Cloud NAT).

Regards,
Alex


--
You received this message because you are subscribed to the Google Groups "google-cloud-slurm-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-cloud-slurm-...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-cloud-slurm-discuss/c6647a16-1f03-42cd-be8f-0ed685de4c5dn%40googlegroups.com.

Chathika Weerasuriya

unread,
Jun 16, 2022, 12:16:23 PM6/16/22
to google-cloud-slurm-discuss
Hi Alex,

Thanks for your reply. I'll try adding the new users as External Users, though this project doesn't belong to an organisation or a Google Workspace, so I am not sure what external means in this context.

Out of interest, I have managed to plain SSH (without gcloud) through the external IP address of the login node using my SSH private key, so perhaps there is some route there?

Thanks,

Chathika

Reply all
Reply to author
Forward
0 new messages