User management best practices/examples
jtrmal opened this issue · 3 comments
Hi, I'm trying to set up a basic cluster for our group and I'm very pleased with the documentation and ease of setting things up.
What I'm missing, though, is how to easily manage users over the whole cluster -- I can add users manually to login node but (obviously) these are not distributed across the whole cluster. Is there a good way how to do this without getting into NIS or LDAP setup? Thank you!
Hi,
thank you for the feedback!
By default, we enable os_login. That means you can add users to your cloud project with roles such as compute.os_Login and iam.serviceAccountUser (see the setup os_login page) and that should give users just enough permissions to ssh and use slurm. compute.osAdminLogin can be used if the users need sudo access.
To quote the Slurm user guide:
The OS Login tool is a Google Cloud-specific daemon which provides your Google Directory credentials to compute instances in order to maintain consistency in user attributes like UID/GID and Username. This can replace traditional systems like Active Directory and LDAP.
OS Login is enabled by default on all Slurm instances. You can tell you are using OS Login because, unless specified otherwise for your user in Google Directory, your username when logged in to instances will appear as your full email address, including domain, with special characters like “@” and “.” replaced with underscores (“”). For example, a Google Cloud user at “Someone@domain.com” will have the username “someone_domain_com”. Users from external organizations will have “ext” prepended to their username. For example, a Google Cloud user at “someone@external.com” will have the username “ext_someone_external_com”.
Hi, I will close this issue now. Please feel free to reopen it if you still have questions.