Updating slurm based job access playbooks

Signed-off-by: cgoveas <[email protected]>
dell · Jul 26, 2022 · 89f1beb · 89f1beb
1 parent 5ae4df7
commit 89f1beb
Showing 1 changed file with 13 additions and 1 deletion.
diff --git a/docs/Installation_Guides/ENABLING_OMNIA_FEATURES.md b/docs/Installation_Guides/ENABLING_OMNIA_FEATURES.md
@@ -147,6 +147,7 @@ Through AWX UI <br>
 ## Setting up a centralized IPA authentication service
 IPA services are used to provide account management and centralized authentication. To set up IPA services for all nodes in the target cluster, run the following command from the `omnia/tools` folder on the control plane: <br>
 `ansible-playbook install_ipa_client.yml -i inventory -e kerberos_admin_password="" -e ipa_server_hostname="" -e domain_name="" -e ipa_server_ipadress=""` <br>
+
 | Input Parameter         | Definition                                                      | Variable value                                                                                                                                                                                                                                                    |
 |-------------------------|-----------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
 | kerberos_admin_password | "admin" user password for the IPA server on RockyOS and RedHat. | The password can be found in the file   `omnia/control_plane/input_params/login_vars.yml` when the IPA server is   installed on the control plane. If the IPA server is installed on the manager   node, the value can be found in `omnia/omnia_config.yml`       |
@@ -155,4 +156,15 @@ IPA services are used to provide account management and centralized authenticati
 | ipa_server_ipadress     | The IP address of the IPA server                                | The IP address can be found on the IPA server (typically control plane or   manager node) using the `ip a` command. This IP address should be accessible   from all target nodes.                                                                                 |
 >> **Note**:
 >> * The inventory queried in the above command is to be created by the user prior to running `omnia.yml`.
->> * To set up IPA services on the NFS server,[ click here](../Security/FreeIPA_User_Creation.md#mounting-user-home-directories-to-the-nfs-server)
+>> * To set up IPA services on the NFS server,[click here](../Security/FreeIPA_User_Creation.md#mounting-user-home-directories-to-the-nfs-server)
+
+## Slurm job based user access
+To ensure security while running jobs on the cluster, users can be assigned permissions to access compute nodes only while their jobs are running.
+To enable the feature: <br>
+`cd omnia` <br>
+`ansible-playbook job_based_user_access.yml -i inventory` <br>
+
+>> **Note**:
+* The inventory queried in the above command is to be created by the user prior to running `omnia.yml`.
+* Slurm and [IPA client](#setting-up-a-centralized-ipa-authentication-service) need to installed on the nodes before running this playbook.
+* Only [users](../Security/FreeIPA_User_Creation.md) added to the 'slurm' group can execute slurm jobs. To add users to the group, use the command: `usermod -a -G slurm <username>`.