From 89f1beb4d29c1e7eccad926d23c63d022771418e Mon Sep 17 00:00:00 2001
From: cgoveas <cassandra.goveas@dell.com>
Date: Tue, 26 Jul 2022 14:04:58 +0530
Subject: [PATCH] Updating slurm based job access playbooks

Signed-off-by: cgoveas <cassandra.goveas@dell.com>
---
 .../Installation_Guides/ENABLING_OMNIA_FEATURES.md | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/docs/Installation_Guides/ENABLING_OMNIA_FEATURES.md b/docs/Installation_Guides/ENABLING_OMNIA_FEATURES.md
index 95cbcd7d8..d6bc72c50 100644
--- a/docs/Installation_Guides/ENABLING_OMNIA_FEATURES.md
+++ b/docs/Installation_Guides/ENABLING_OMNIA_FEATURES.md
@@ -147,6 +147,7 @@ Through AWX UI <br>
 ## Setting up a centralized IPA authentication service
 IPA services are used to provide account management and centralized authentication. To set up IPA services for all nodes in the target cluster, run the following command from the `omnia/tools` folder on the control plane: <br>
 `ansible-playbook install_ipa_client.yml -i inventory -e kerberos_admin_password="" -e ipa_server_hostname="" -e domain_name="" -e ipa_server_ipadress=""` <br>
+
 | Input Parameter         | Definition                                                      | Variable value                                                                                                                                                                                                                                                    |
 |-------------------------|-----------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
 | kerberos_admin_password | "admin" user password for the IPA server on RockyOS and RedHat. | The password can be found in the file   `omnia/control_plane/input_params/login_vars.yml` when the IPA server is   installed on the control plane. If the IPA server is installed on the manager   node, the value can be found in `omnia/omnia_config.yml`       |
@@ -155,4 +156,15 @@ IPA services are used to provide account management and centralized authenticati
 | ipa_server_ipadress     | The IP address of the IPA server                                | The IP address can be found on the IPA server (typically control plane or   manager node) using the `ip a` command. This IP address should be accessible   from all target nodes.                                                                                 |
 >> **Note**:
 >> * The inventory queried in the above command is to be created by the user prior to running `omnia.yml`.
->> * To set up IPA services on the NFS server,[ click here](../Security/FreeIPA_User_Creation.md#mounting-user-home-directories-to-the-nfs-server)
+>> * To set up IPA services on the NFS server,[click here](../Security/FreeIPA_User_Creation.md#mounting-user-home-directories-to-the-nfs-server)
+
+## Slurm job based user access
+To ensure security while running jobs on the cluster, users can be assigned permissions to access compute nodes only while their jobs are running.
+To enable the feature: <br>
+`cd omnia` <br>
+`ansible-playbook job_based_user_access.yml -i inventory` <br>
+
+>> **Note**:
+* The inventory queried in the above command is to be created by the user prior to running `omnia.yml`.
+* Slurm and [IPA client](#setting-up-a-centralized-ipa-authentication-service) need to installed on the nodes before running this playbook.
+* Only [users](../Security/FreeIPA_User_Creation.md) added to the 'slurm' group can execute slurm jobs. To add users to the group, use the command: `usermod -a -G slurm <username>`.
\ No newline at end of file