diff options
Diffstat (limited to 'nixos/modules/services/computing/slurm/slurm.nix')
| -rw-r--r-- | nixos/modules/services/computing/slurm/slurm.nix | 83 |
1 files changed, 49 insertions, 34 deletions
diff --git a/nixos/modules/services/computing/slurm/slurm.nix b/nixos/modules/services/computing/slurm/slurm.nix index 705390a21d4..a3dee94e2dc 100644 --- a/nixos/modules/services/computing/slurm/slurm.nix +++ b/nixos/modules/services/computing/slurm/slurm.nix @@ -14,8 +14,8 @@ let ClusterName=${cfg.clusterName} StateSaveLocation=${cfg.stateSaveLocation} SlurmUser=${cfg.user} - ${optionalString (cfg.controlMachine != null) ''controlMachine=${cfg.controlMachine}''} - ${optionalString (cfg.controlAddr != null) ''controlAddr=${cfg.controlAddr}''} + ${optionalString (cfg.controlMachine != null) "controlMachine=${cfg.controlMachine}"} + ${optionalString (cfg.controlAddr != null) "controlAddr=${cfg.controlAddr}"} ${toString (map (x: "NodeName=${x}\n") cfg.nodeName)} ${toString (map (x: "PartitionName=${x}\n") cfg.partitionName)} PlugStackConfig=${plugStackConfig}/plugstack.conf @@ -25,7 +25,7 @@ let plugStackConfig = pkgs.writeTextDir "plugstack.conf" '' - ${optionalString cfg.enableSrunX11 ''optional ${pkgs.slurm-spank-x11}/lib/x11.so''} + ${optionalString cfg.enableSrunX11 "optional ${pkgs.slurm-spank-x11}/lib/x11.so"} ${cfg.extraPlugstackConfig} ''; @@ -34,13 +34,12 @@ let ${cfg.extraCgroupConfig} ''; - slurmdbdConf = pkgs.writeTextDir "slurmdbd.conf" + slurmdbdConf = pkgs.writeText "slurmdbd.conf" '' DbdHost=${cfg.dbdserver.dbdHost} SlurmUser=${cfg.user} StorageType=accounting_storage/mysql StorageUser=${cfg.dbdserver.storageUser} - ${optionalString (cfg.dbdserver.storagePass != null) "StoragePass=${cfg.dbdserver.storagePass}"} ${cfg.dbdserver.extraConfig} ''; @@ -95,26 +94,12 @@ in ''; }; - storagePass = mkOption { - type = types.nullOr types.str; + storagePassFile = mkOption { + type = with types; nullOr str; default = null; description = '' - Database password. Note that this password will be publicable - readable in the nix store. Use <option>configFile</option> - to store the and config file and password outside the nix store. - ''; - }; - - configFile = mkOption { - type = types.nullOr types.str; - default = null; - description = '' - Path to <literal>slurmdbd.conf</literal>. The password for the database connection - is stored in the config file. Use this option to specfify a path - outside the nix store. If this option is unset a configuration file - will be generated. See also: - <citerefentry><refentrytitle>slurmdbd.conf</refentrytitle> - <manvolnum>8</manvolnum></citerefentry>. + Path to file with database password. The content of this will be used to + create the password for the <literal>StoragePass</literal> option. ''; }; @@ -122,7 +107,9 @@ in type = types.lines; default = ""; description = '' - Extra configuration for <literal>slurmdbd.conf</literal> + Extra configuration for <literal>slurmdbd.conf</literal> See also: + <citerefentry><refentrytitle>slurmdbd.conf</refentrytitle> + <manvolnum>8</manvolnum></citerefentry>. ''; }; }; @@ -287,11 +274,30 @@ in ''; }; + etcSlurm = mkOption { + type = types.path; + internal = true; + default = etcSlurm; + description = '' + Path to directory with slurm config files. This option is set by default from the + Slurm module and is meant to make the Slurm config file available to other modules. + ''; + }; }; }; + imports = [ + (mkRemovedOptionModule [ "services" "slurm" "dbdserver" "storagePass" ] '' + This option has been removed so that the database password is not exposed via the nix store. + Use services.slurm.dbdserver.storagePassFile to provide the database password. + '') + (mkRemovedOptionModule [ "services" "slurm" "dbdserver" "configFile" ] '' + This option has been removed. Use services.slurm.dbdserver.storagePassFile + and services.slurm.dbdserver.extraConfig instead. + '') + ]; ###### implementation @@ -311,7 +317,7 @@ in #!/bin/sh if [ -z "$SLURM_CONF" ] then - SLURM_CONF="${etcSlurm}/slurm.conf" "$EXE" "\$@" + SLURM_CONF="${cfg.etcSlurm}/slurm.conf" "$EXE" "\$@" else "$EXE" "\$0" fi @@ -386,23 +392,32 @@ in ''; }; - systemd.services.slurmdbd = mkIf (cfg.dbdserver.enable) { + systemd.services.slurmdbd = let + # slurm strips the last component off the path + configPath = "$RUNTIME_DIRECTORY/slurmdbd.conf"; + in mkIf (cfg.dbdserver.enable) { path = with pkgs; [ wrappedSlurm munge coreutils ]; wantedBy = [ "multi-user.target" ]; after = [ "network.target" "munged.service" "mysql.service" ]; requires = [ "munged.service" "mysql.service" ]; - # slurm strips the last component off the path - environment.SLURM_CONF = - if (cfg.dbdserver.configFile == null) then - "${slurmdbdConf}/slurm.conf" - else - cfg.dbdserver.configFile; + preStart = '' + install -m 600 -o ${cfg.user} -T ${slurmdbdConf} ${configPath} + ${optionalString (cfg.dbdserver.storagePassFile != null) '' + echo "StoragePass=$(cat ${cfg.dbdserver.storagePassFile})" \ + >> ${configPath} + ''} + ''; + + script = '' + export SLURM_CONF=${configPath} + exec ${cfg.package}/bin/slurmdbd -D + ''; serviceConfig = { - Type = "forking"; - ExecStart = "${cfg.package}/bin/slurmdbd"; + RuntimeDirectory = "slurmdbd"; + Type = "simple"; PIDFile = "/run/slurmdbd.pid"; ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID"; }; |