arif/maui
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Added FSSECONDARYGROUPS - maps unix groups to fair share groups.

Browse Source 
Added IGNPBSGROUPLIST - ignores 'qsub -W group_list=<value>'. 
Contributed by Bas van der Vlies (SARA).



git-svn-id: svn://opensvn.adaptivecomputing.com/maui/trunk@95 3f5042e3-fb1d-0410-be18-d6ca2573e517
This commit is contained in:
bchristiansen 2008-05-26 20:17:27 +00:00
parent 1e406f2f46
commit d598ba45be
10 changed files with 213 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
CHANGELOG
View File

@ -1,3 +1,10 @@
Maui 3.2.6p21
Features
- Added FSSECONDARYGROUPS to map unix groups to fair share groups. Contributed by Bas van der Vlies (SARA).
- Added IGNPBSGROUPLIST to ignore 'qsub -W group_list=<value>'. Contributed by Bas van der Vlies (SARA).
Maui 3.2.6p20
- Fixed a potential security issue when Maui is used with some PBS configurations.
- Fixed a bug pertaining to Maui's resource policy ExtendedViolation time (thanks goes to Nick Sonneveld).

3
include/moab-proto.h
View File

@ -65,6 +65,9 @@ int MGroupAdd(char *,mgcred_t **);
int MGroupToString(mgcred_t *,char *);
int MGroupProcessConfig(mgcred_t *,char *);
/* HvB */
int MGroupGetFSGroups();
int MGroupSecondary(char *, mjob_t *);
/* acct object */

4
include/msched-common.h
View File

@ -766,7 +766,9 @@ enum {
pOLDDirectSpecWeight,
pOLDBankServer,
pOLDRMServer,
pNAMaxPS
pNAMaxPS,
pFSSecondaryGroups, /* To enable secondary fairshare group lookups for PBS, HvB */
pIgnPbsGroupList /* ignore the -W group_list parameter for PBS, HvB */
};
#endif /* __M_COMMON_H__ */

6
include/msched.h
View File

@ -1387,8 +1387,12 @@ typedef struct {
xres_t XRes[MAX_MNODE];
char *Message; /* event messages */
int IgnPbsGroupList; /* Ignore -W group_list parameter for Torque/PBS HvB */
int FSSecondaryGroups; /* To enable secondary fairshare group lookups for PBS, HvB */
} mpar_t;
/* cred */
typedef struct {

2
src/moab/MConfig.c
View File

@ -1714,6 +1714,8 @@ int MCfgSetVal(
case pSystemMaxJobProc:
case pSystemMaxJobTime:
case pSystemMaxJobPS:
case pIgnPbsGroupList:
case pFSSecondaryGroups:
MParProcessOConfig(P,PIndex,val,valf,valp,valpa);

14
src/moab/MConst.c
View File

@ -1279,6 +1279,12 @@ const char *MTimePolicy[] = {
const mcfg_t MCfg[] = {
{ NONE, pParamNONE, mdfString, -1, NULL },
{ "LOGLEVEL", pLogLevel, mdfInt, mxoSched, NULL },
{ "LOGDIR", pSchedLogDir, mdfString, mxoSched, NULL },
{ "LOGFACILITY", pLogFacility, mdfStringArray, mxoSched, NULL },
{ "LOGFILEMAXSIZE", pLogFileMaxSize, mdfInt, mxoSched, NULL },
{ "LOGFILE", pSchedLogFile, mdfString, mxoSched, NULL },
{ "LOGFILEROLLDEPTH", pLogFileRollDepth, mdfInt, mxoSched, NULL },
{ "ACCOUNTCAP", pCACap, mdfInt, mxoPar, NULL },
{ "ACCOUNTWEIGHT", pCAWeight, mdfInt, mxoPar, NULL },
{ "ADMIN1", mcoAdmin1Users, mdfStringArray, mxoSched, NULL },
@ -1371,6 +1377,7 @@ const mcfg_t MCfg[] = {
{ "FSQOSCAP", pFQCap, mdfInt, mxoPar, NULL },
{ "FSQOSWEIGHT", pFQWeight, mdfInt, mxoPar, NULL },
{ "FSQOSWEIGHT", pOLDFSQWeight, mdfInt, mxoPar, NULL },
{ "FSSECONDARYGROUPS", pFSSecondaryGroups, mdfString, mxoPar, NULL },
{ "FSUSERCAP", pFUCap, mdfInt, mxoPar, NULL },
{ "FSUSERWEIGHT", pFUWeight, mdfInt, mxoPar, NULL },
{ "FSUSERWEIGHT", pOLDFSUWeight, mdfInt, mxoPar, NULL },
@ -1378,6 +1385,7 @@ const mcfg_t MCfg[] = {
{ "GFSWEIGHT", pOLDGFSWeight, mdfInt, mxoPar, NULL },
{ "GROUPCAP", pCGCap, mdfInt, mxoPar, NULL },
{ "GROUPWEIGHT", pCGWeight, mdfInt, mxoPar, NULL },
{ "IGNPBSGROUPLIST", pIgnPbsGroupList, mdfString, mxoPar, NULL },
{ "JOBAGGREGATIONTIME", pJobAggregationTime, mdfString, mxoSched, NULL },
{ "JOBMAXOVERRUN", pJobMaxOverrun, mdfString, mxoSched, NULL },
{ "JOBMAXSTARTTIME", pMaxJobStartTime, mdfString, mxoPar, NULL },
@ -1388,12 +1396,6 @@ const mcfg_t MCfg[] = {
{ "JOBSIZEPOLICY", pJobSizePolicy, mdfString, mxoPar, NULL },
{ "JOBSYNCTIME", pJobSyncDeadline, mdfString, mxoSched, NULL },
{ "LOCKFILE", pSchedLockFile, mdfString, mxoSched, NULL },
{ "LOGDIR", pSchedLogDir, mdfString, mxoSched, NULL },
{ "LOGFACILITY", pLogFacility, mdfStringArray, mxoSched, NULL },
{ "LOGFILEMAXSIZE", pLogFileMaxSize, mdfInt, mxoSched, NULL },
{ "LOGFILE", pSchedLogFile, mdfString, mxoSched, NULL },
{ "LOGFILEROLLDEPTH", pLogFileRollDepth, mdfInt, mxoSched, NULL },
{ "LOGLEVEL", pLogLevel, mdfInt, mxoSched, NULL },
{ "MACHINECONFIGFILE", pMachineConfigFile, mdfString, mxoSched, NULL },
{ "MAILPROGRAM", mcoMailAction, mdfString, mxoSched, NULL },
{ "MAXJOBPERACCOUNTCOUNT", pHMaxJobPerAccountCount, mdfInt, mxoSched, NULL },

101
src/moab/MGroup.c
View File

@ -22,6 +22,10 @@ extern const char *MXO[];
extern const char *MJobFlags[];
/*
* HvB
*/
extern int FSGroupKeys[];
int MGroupLoadCP(
@ -95,7 +99,104 @@ int MGroupLoadCP(
} /* END MGroupLoadCP() */
/*
* HvB: Get all GroupNames that have a Fairshare target set
*/
int MGroupGetFSGroups()
{
int gindex;
int fsindex = 0;
mgcred_t *G;
const char *FName = "MGroupGetFSGroups";
DBG(5,fFS) DPrint("%s\n", FName);
for (gindex = 0;gindex < MAX_MGROUP + MAX_MHBUF;gindex++)
{
G = &MGroup[gindex];
if ((G == NULL) || (G->Name[0] == '\0') || (G->Name[0] == '\1'))
continue;
if (!strcmp(G->Name,ALL) || !strcmp(G->Name,"NOGROUP"))
continue;
if ( G->F.FSTarget > 0 )
{
DBG(5,fFS) DPrint("Found FSGroup %s(%f) with key %d \n", G->Name, G->F.FSTarget, G->Key);
FSGroupKeys[fsindex++] = G->Key;
}
}
} /* MGroupGetFSGroups */
/* HvB */
int MGroupSecondary(
char *UName, /* I */
mjob_t *J) /* O */
{
int i;
int gindex;
int ng = 0;
int rc;
gid_t *groups = NULL;
struct group *sec_grp;
struct group grp;
mgcred_t *GRP_cred;
const char *FName = "MGroupSecondary";
DBG(5,fFS) DPrint("%s(%s)\n",
FName,
(UName != NULL) ? UName : "NULL");
/*
MGroupGetFSGroups();
*/
i=0;
while ( FSGroupKeys[i] != -1 )
{
DBG(5,fFS) DPrint("Checking if user(%s) is member of group(%s)\n", UName, MGroup[FSGroupKeys[i]].Name);
if ( (sec_grp = getgrnam(MGroup[FSGroupKeys[i]].Name)) != NULL )
{
gindex=0;
while ( sec_grp->gr_mem[gindex] )
{
if ( !strcmp(sec_grp->gr_mem[gindex], UName) )
{
DBG(5,fFS) DPrint("Setting Group credentials for user %s to %s\n", UName, sec_grp->gr_name);
if ( MGroupAdd(sec_grp->gr_name, &J->Cred.G) == FAILURE )
{
DBG(1,fPBS) DPrint("ERROR: cannot add secondary group for job %s (Name: %s)\n",
J->Name,
sec_grp->gr_name);
return(FAILURE);
}
else
{
return(SUCCESS);
}
} /* if !strcmp */
else
{
gindex++;
}
} /* while sec_grp */
} /* if sec_grp */
i++;
} /* while FSGroupKeys[i] */
return(SUCCESS);
} /* MGroupSecondary */
int MGroupAdd(

56
src/moab/MPBSI.c
View File

@ -5442,6 +5442,18 @@ int MPBSJobSetAttr(
return(FAILURE);
}
/* HvB
* Check the secondary groups of the user for FSTargets
*/
if ( MPar[0].FSSecondaryGroups == TRUE )
{
if ( MGroupSecondary(ptr,J) == FAILURE )
{
MJobRemove(J);
return(FAILURE);
}
}
}
if ((J->Cred.U != NULL) && (!strcmp(AP->name,ATTR_euser)))
@ -5461,17 +5473,45 @@ int MPBSJobSetAttr(
}
else if (!strcmp(AP->name,ATTR_egroup))
{
/* get group name */
if (MGroupAdd(AP->value,&J->Cred.G) == FAILURE)
/* HvB
* Only update job credentials when credentials are not set by MGroupSecondary
*/
if ( J->Cred.G == NULL )
{
DBG(1,fPBS) DPrint("ERROR: cannot add group for job %s (Name: %s)\n",
if (MGroupAdd(AP->value,&J->Cred.G) == FAILURE)
{
DBG(1,fPBS) DPrint("ERROR: cannot add group for job %s (Name: %s)\n",
J->Name,
AP->value);
MJobRemove(J);
return(FAILURE);
MJobRemove(J);
return(FAILURE);
} /* end MGroupAdd */
}
}
else if (!strcmp(AP->name,ATTR_g))
/* HvB
* set group credential to the one specified via qsub paramter -W group_list=<value>
*/
{
if ( MPar[0].IgnPbsGroupList == FALSE )
{
if (MGroupAdd(AP->value,&J->Cred.G) == FAILURE)
{
DBG(1,fPBS) DPrint("ERROR: cannot add group for job %s (Name: %s)\n",
J->Name,
AP->value);
MJobRemove(J);
return(FAILURE);
}
} /* end MPar[0] .. */
else
{
DBG(3,fPBS) DPrint("INFO: ignoring PBS group_list(%s) attribute as requested\n",
AP->value);
}
}
else if (!strcmp(AP->name,ATTR_A))

24
src/moab/MPar.c
View File

@ -585,6 +585,16 @@ int MParSetDefaults(
P->NAvailPolicy[0] = DEFAULT_RESOURCEAVAILPOLICY;
/*
* HvB: default is to honour group_list parameter
*/
P->IgnPbsGroupList = 0;
/*
* HvB: default is to disable secondary group lookups for fairshare
*/
P->FSSecondaryGroups = 0;
for (index = 0;index < MAX_MRESOURCETYPE;index++)
{
P->ResourceLimitPolicy[index] = DEFAULT_MRESOURCELIMITPOLICY;
@ -1720,6 +1730,20 @@ int MParProcessOConfig(
break;
/* HvB */
case pIgnPbsGroupList:
P->IgnPbsGroupList = MUBoolFromString(SVal,FALSE);
break;
/* HvB */
case pFSSecondaryGroups:
P->FSSecondaryGroups = MUBoolFromString(SVal,TRUE);
break;
default:
/* NOT HANDLED */

12
src/moab/MSys.c
View File

@ -13,6 +13,7 @@ mjob_t *MJob[MAX_MJOB];
mnode_t *MNode[MAX_MNODE];
mgcred_t *MUser[MAX_MUSER + MAX_MHBUF];
mgcred_t MGroup[MAX_MGROUP + MAX_MHBUF];
int FSGroupKeys[MAX_MGROUP]; /* HvB holds the FairShare Group Keys */
mgcred_t MAcct[MAX_MACCT + MAX_MHBUF];
mres_t *MRes[MAX_MRES];
srsv_t SRes[MAX_MSRES];
@ -276,6 +277,11 @@ int MSysInitialize(mbool_t DoInit)
MLocalInitialize();
/*
* HvB
*/
memset(FSGroupKeys,-1,sizeof(FSGroupKeys));
return(SUCCESS);
} /* END MSysInitialize() */
@ -432,6 +438,12 @@ int MSysLoadConfig(
MUCheckAuthFile(&MSched,MSched.DefaultCSKey,NULL,TRUE);
/*
* HvB: Find all hashkeys of Fairshare groups and save them
* in an array.
*/
MGroupGetFSGroups();
return(SUCCESS);
} /* END MSysLoadConfig() */