diff --git a/CHANGELOG b/CHANGELOG index 7bd9515..20872b1 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,3 +1,10 @@ +Maui 3.2.6p21 + + Features + + - Added FSSECONDARYGROUPS to map unix groups to fair share groups. Contributed by Bas van der Vlies (SARA). + - Added IGNPBSGROUPLIST to ignore 'qsub -W group_list='. Contributed by Bas van der Vlies (SARA). + Maui 3.2.6p20 - Fixed a potential security issue when Maui is used with some PBS configurations. - Fixed a bug pertaining to Maui's resource policy ExtendedViolation time (thanks goes to Nick Sonneveld). diff --git a/include/moab-proto.h b/include/moab-proto.h index 3222c95..4205594 100644 --- a/include/moab-proto.h +++ b/include/moab-proto.h @@ -65,6 +65,9 @@ int MGroupAdd(char *,mgcred_t **); int MGroupToString(mgcred_t *,char *); int MGroupProcessConfig(mgcred_t *,char *); +/* HvB */ +int MGroupGetFSGroups(); +int MGroupSecondary(char *, mjob_t *); /* acct object */ diff --git a/include/msched-common.h b/include/msched-common.h index 619ae76..c780fad 100644 --- a/include/msched-common.h +++ b/include/msched-common.h @@ -766,7 +766,9 @@ enum { pOLDDirectSpecWeight, pOLDBankServer, pOLDRMServer, - pNAMaxPS + pNAMaxPS, + pFSSecondaryGroups, /* To enable secondary fairshare group lookups for PBS, HvB */ + pIgnPbsGroupList /* ignore the -W group_list parameter for PBS, HvB */ }; #endif /* __M_COMMON_H__ */ diff --git a/include/msched.h b/include/msched.h index 66d7137..e7f6ecc 100644 --- a/include/msched.h +++ b/include/msched.h @@ -1387,8 +1387,12 @@ typedef struct { xres_t XRes[MAX_MNODE]; char *Message; /* event messages */ + + int IgnPbsGroupList; /* Ignore -W group_list parameter for Torque/PBS HvB */ + int FSSecondaryGroups; /* To enable secondary fairshare group lookups for PBS, HvB */ + } mpar_t; - + /* cred */ typedef struct { diff --git a/src/moab/MConfig.c b/src/moab/MConfig.c index 89ad385..ec546d0 100644 --- a/src/moab/MConfig.c +++ b/src/moab/MConfig.c @@ -1714,6 +1714,8 @@ int MCfgSetVal( case pSystemMaxJobProc: case pSystemMaxJobTime: case pSystemMaxJobPS: + case pIgnPbsGroupList: + case pFSSecondaryGroups: MParProcessOConfig(P,PIndex,val,valf,valp,valpa); diff --git a/src/moab/MConst.c b/src/moab/MConst.c index 1f775dc..c25c035 100644 --- a/src/moab/MConst.c +++ b/src/moab/MConst.c @@ -1279,6 +1279,12 @@ const char *MTimePolicy[] = { const mcfg_t MCfg[] = { { NONE, pParamNONE, mdfString, -1, NULL }, + { "LOGLEVEL", pLogLevel, mdfInt, mxoSched, NULL }, + { "LOGDIR", pSchedLogDir, mdfString, mxoSched, NULL }, + { "LOGFACILITY", pLogFacility, mdfStringArray, mxoSched, NULL }, + { "LOGFILEMAXSIZE", pLogFileMaxSize, mdfInt, mxoSched, NULL }, + { "LOGFILE", pSchedLogFile, mdfString, mxoSched, NULL }, + { "LOGFILEROLLDEPTH", pLogFileRollDepth, mdfInt, mxoSched, NULL }, { "ACCOUNTCAP", pCACap, mdfInt, mxoPar, NULL }, { "ACCOUNTWEIGHT", pCAWeight, mdfInt, mxoPar, NULL }, { "ADMIN1", mcoAdmin1Users, mdfStringArray, mxoSched, NULL }, @@ -1371,6 +1377,7 @@ const mcfg_t MCfg[] = { { "FSQOSCAP", pFQCap, mdfInt, mxoPar, NULL }, { "FSQOSWEIGHT", pFQWeight, mdfInt, mxoPar, NULL }, { "FSQOSWEIGHT", pOLDFSQWeight, mdfInt, mxoPar, NULL }, + { "FSSECONDARYGROUPS", pFSSecondaryGroups, mdfString, mxoPar, NULL }, { "FSUSERCAP", pFUCap, mdfInt, mxoPar, NULL }, { "FSUSERWEIGHT", pFUWeight, mdfInt, mxoPar, NULL }, { "FSUSERWEIGHT", pOLDFSUWeight, mdfInt, mxoPar, NULL }, @@ -1378,6 +1385,7 @@ const mcfg_t MCfg[] = { { "GFSWEIGHT", pOLDGFSWeight, mdfInt, mxoPar, NULL }, { "GROUPCAP", pCGCap, mdfInt, mxoPar, NULL }, { "GROUPWEIGHT", pCGWeight, mdfInt, mxoPar, NULL }, + { "IGNPBSGROUPLIST", pIgnPbsGroupList, mdfString, mxoPar, NULL }, { "JOBAGGREGATIONTIME", pJobAggregationTime, mdfString, mxoSched, NULL }, { "JOBMAXOVERRUN", pJobMaxOverrun, mdfString, mxoSched, NULL }, { "JOBMAXSTARTTIME", pMaxJobStartTime, mdfString, mxoPar, NULL }, @@ -1388,12 +1396,6 @@ const mcfg_t MCfg[] = { { "JOBSIZEPOLICY", pJobSizePolicy, mdfString, mxoPar, NULL }, { "JOBSYNCTIME", pJobSyncDeadline, mdfString, mxoSched, NULL }, { "LOCKFILE", pSchedLockFile, mdfString, mxoSched, NULL }, - { "LOGDIR", pSchedLogDir, mdfString, mxoSched, NULL }, - { "LOGFACILITY", pLogFacility, mdfStringArray, mxoSched, NULL }, - { "LOGFILEMAXSIZE", pLogFileMaxSize, mdfInt, mxoSched, NULL }, - { "LOGFILE", pSchedLogFile, mdfString, mxoSched, NULL }, - { "LOGFILEROLLDEPTH", pLogFileRollDepth, mdfInt, mxoSched, NULL }, - { "LOGLEVEL", pLogLevel, mdfInt, mxoSched, NULL }, { "MACHINECONFIGFILE", pMachineConfigFile, mdfString, mxoSched, NULL }, { "MAILPROGRAM", mcoMailAction, mdfString, mxoSched, NULL }, { "MAXJOBPERACCOUNTCOUNT", pHMaxJobPerAccountCount, mdfInt, mxoSched, NULL }, diff --git a/src/moab/MGroup.c b/src/moab/MGroup.c index 14d422c..a91f8c4 100644 --- a/src/moab/MGroup.c +++ b/src/moab/MGroup.c @@ -22,6 +22,10 @@ extern const char *MXO[]; extern const char *MJobFlags[]; +/* + * HvB +*/ +extern int FSGroupKeys[]; int MGroupLoadCP( @@ -95,7 +99,104 @@ int MGroupLoadCP( } /* END MGroupLoadCP() */ +/* + * HvB: Get all GroupNames that have a Fairshare target set +*/ +int MGroupGetFSGroups() + { + int gindex; + int fsindex = 0; + mgcred_t *G; + const char *FName = "MGroupGetFSGroups"; + + DBG(5,fFS) DPrint("%s\n", FName); + + for (gindex = 0;gindex < MAX_MGROUP + MAX_MHBUF;gindex++) + { + G = &MGroup[gindex]; + + if ((G == NULL) || (G->Name[0] == '\0') || (G->Name[0] == '\1')) + continue; + + if (!strcmp(G->Name,ALL) || !strcmp(G->Name,"NOGROUP")) + continue; + + if ( G->F.FSTarget > 0 ) + { + DBG(5,fFS) DPrint("Found FSGroup %s(%f) with key %d \n", G->Name, G->F.FSTarget, G->Key); + FSGroupKeys[fsindex++] = G->Key; + } + } + } /* MGroupGetFSGroups */ + +/* HvB */ +int MGroupSecondary( + char *UName, /* I */ + mjob_t *J) /* O */ + + { + int i; + int gindex; + + int ng = 0; + int rc; + + gid_t *groups = NULL; + struct group *sec_grp; + struct group grp; + + mgcred_t *GRP_cred; + + const char *FName = "MGroupSecondary"; + + DBG(5,fFS) DPrint("%s(%s)\n", + FName, + (UName != NULL) ? UName : "NULL"); + + /* + MGroupGetFSGroups(); + */ + + i=0; + while ( FSGroupKeys[i] != -1 ) + { + DBG(5,fFS) DPrint("Checking if user(%s) is member of group(%s)\n", UName, MGroup[FSGroupKeys[i]].Name); + if ( (sec_grp = getgrnam(MGroup[FSGroupKeys[i]].Name)) != NULL ) + { + gindex=0; + while ( sec_grp->gr_mem[gindex] ) + { + if ( !strcmp(sec_grp->gr_mem[gindex], UName) ) + { + DBG(5,fFS) DPrint("Setting Group credentials for user %s to %s\n", UName, sec_grp->gr_name); + if ( MGroupAdd(sec_grp->gr_name, &J->Cred.G) == FAILURE ) + { + DBG(1,fPBS) DPrint("ERROR: cannot add secondary group for job %s (Name: %s)\n", + J->Name, + sec_grp->gr_name); + + return(FAILURE); + } + else + { + return(SUCCESS); + } + } /* if !strcmp */ + else + { + gindex++; + } + } /* while sec_grp */ + } /* if sec_grp */ + + i++; + + } /* while FSGroupKeys[i] */ + + return(SUCCESS); + + } /* MGroupSecondary */ int MGroupAdd( diff --git a/src/moab/MPBSI.c b/src/moab/MPBSI.c index f3a2e77..2750eb4 100644 --- a/src/moab/MPBSI.c +++ b/src/moab/MPBSI.c @@ -5442,6 +5442,18 @@ int MPBSJobSetAttr( return(FAILURE); } + + /* HvB + * Check the secondary groups of the user for FSTargets + */ + if ( MPar[0].FSSecondaryGroups == TRUE ) + { + if ( MGroupSecondary(ptr,J) == FAILURE ) + { + MJobRemove(J); + return(FAILURE); + } + } } if ((J->Cred.U != NULL) && (!strcmp(AP->name,ATTR_euser))) @@ -5461,17 +5473,45 @@ int MPBSJobSetAttr( } else if (!strcmp(AP->name,ATTR_egroup)) { - /* get group name */ - - if (MGroupAdd(AP->value,&J->Cred.G) == FAILURE) + /* HvB + * Only update job credentials when credentials are not set by MGroupSecondary + */ + if ( J->Cred.G == NULL ) { - DBG(1,fPBS) DPrint("ERROR: cannot add group for job %s (Name: %s)\n", + if (MGroupAdd(AP->value,&J->Cred.G) == FAILURE) + { + DBG(1,fPBS) DPrint("ERROR: cannot add group for job %s (Name: %s)\n", J->Name, AP->value); - - MJobRemove(J); - - return(FAILURE); + + MJobRemove(J); + + return(FAILURE); + } /* end MGroupAdd */ + } + } + else if (!strcmp(AP->name,ATTR_g)) + /* HvB + * set group credential to the one specified via qsub paramter -W group_list= + */ + { + if ( MPar[0].IgnPbsGroupList == FALSE ) + { + if (MGroupAdd(AP->value,&J->Cred.G) == FAILURE) + { + DBG(1,fPBS) DPrint("ERROR: cannot add group for job %s (Name: %s)\n", + J->Name, + AP->value); + + MJobRemove(J); + + return(FAILURE); + } + } /* end MPar[0] .. */ + else + { + DBG(3,fPBS) DPrint("INFO: ignoring PBS group_list(%s) attribute as requested\n", + AP->value); } } else if (!strcmp(AP->name,ATTR_A)) diff --git a/src/moab/MPar.c b/src/moab/MPar.c index c7dafd2..057299a 100644 --- a/src/moab/MPar.c +++ b/src/moab/MPar.c @@ -585,6 +585,16 @@ int MParSetDefaults( P->NAvailPolicy[0] = DEFAULT_RESOURCEAVAILPOLICY; + /* + * HvB: default is to honour group_list parameter + */ + P->IgnPbsGroupList = 0; + + /* + * HvB: default is to disable secondary group lookups for fairshare + */ + P->FSSecondaryGroups = 0; + for (index = 0;index < MAX_MRESOURCETYPE;index++) { P->ResourceLimitPolicy[index] = DEFAULT_MRESOURCELIMITPOLICY; @@ -1720,6 +1730,20 @@ int MParProcessOConfig( break; + /* HvB */ + case pIgnPbsGroupList: + + P->IgnPbsGroupList = MUBoolFromString(SVal,FALSE); + + break; + + /* HvB */ + case pFSSecondaryGroups: + + P->FSSecondaryGroups = MUBoolFromString(SVal,TRUE); + + break; + default: /* NOT HANDLED */ diff --git a/src/moab/MSys.c b/src/moab/MSys.c index 954347c..2f74d26 100644 --- a/src/moab/MSys.c +++ b/src/moab/MSys.c @@ -13,6 +13,7 @@ mjob_t *MJob[MAX_MJOB]; mnode_t *MNode[MAX_MNODE]; mgcred_t *MUser[MAX_MUSER + MAX_MHBUF]; mgcred_t MGroup[MAX_MGROUP + MAX_MHBUF]; +int FSGroupKeys[MAX_MGROUP]; /* HvB holds the FairShare Group Keys */ mgcred_t MAcct[MAX_MACCT + MAX_MHBUF]; mres_t *MRes[MAX_MRES]; srsv_t SRes[MAX_MSRES]; @@ -276,6 +277,11 @@ int MSysInitialize(mbool_t DoInit) MLocalInitialize(); + /* + * HvB + */ + memset(FSGroupKeys,-1,sizeof(FSGroupKeys)); + return(SUCCESS); } /* END MSysInitialize() */ @@ -432,6 +438,12 @@ int MSysLoadConfig( MUCheckAuthFile(&MSched,MSched.DefaultCSKey,NULL,TRUE); + /* + * HvB: Find all hashkeys of Fairshare groups and save them + * in an array. + */ + MGroupGetFSGroups(); + return(SUCCESS); } /* END MSysLoadConfig() */