Feb 162016
 

Intro

Pistyll Rhaeadr

I needed a job scheduling system for a single machine, to allow group of people run some number crunching scripts. Decided to try SLURM and was surprised that there are no rpm repo/packages available for Centos – sadly that ain’t as easy as apt-get install slurm-llnl

But I managed to get it working in the end and here you can find a journal from this journey.

 

We need EPEL repo

rpm -Uvh http://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm

Installing required bits and bobs

yum install -y munge-devel munge-libs readline-devel perl-ExtUtils-MakeMaker openssl-devel pam-devel rpm-build perl-DBI perl-Switch munge mariadb-devel

Downloading the latest stable version of Slurm

From http://www.schedmd.com/#repos

Building rpm packages

rpmbuild -ta slurm-15.08.7.tar.bz2

Once done install rpms

ls -l ~/rpmbuild/RPMS/x86_64/*.rpm
rpm -Uvh ~/rpmbuild/RPMS/x86_64/*.rpm

or even better upload it to your custom Spacewalk software channel. Don’t you use Spacewalk server? Check it out, if you have more Centos boxes then you gonna love it, it’s awesome.

We may also add user for slurm at that stage, we are going to need it at later.

useradd slurm
mkdir /var/log/slurm
chown slurm. /var/log/slurm

Install MariaDB

yum install mariadb-server -y
systemctl start mariadb
systemctl enable mariadb
mysql_secure_installation

# you can save mysql root password in root home dir,
# bad practise but from the other hand
# if someone can access root home dir
# then we are in troubles anyway

vim ~/.my.cnf
[client]
password = aksjdlowjedjw34dwnknxpw93e9032edwxbsx
# now root will have mysql root password-less shell.

Create SQL database

Start mysql shell and

mysql> grant all on slurm_acct_db.* TO 'slurm'@'localhost'
-> identified by 'some_pass' with grant option;
mysql> create database slurm_acct_db;

Configure SLURM db backend

# egrep -v '^#|^$' /etc/slurm/slurmdbd.conf
AuthType=auth/munge
DbdAddr=localhost
DbdHost=localhost
SlurmUser=slurm
DebugLevel=4
LogFile=/var/log/slurm/slurmdbd.log
PidFile=/var/run/slurmdbd.pid
StorageType=accounting_storage/mysql
StorageHost=localhost
StoragePass=some_pass
StorageUser=slurm
StorageLoc=slurm_acct_db

and enable service

systemctl start slurmdbd
systemctl enable slurmdbd
systemctl status slurmdbd

After starting service your shiny new database should be populated with tables:

MariaDB [slurm_acct_db]> show tables;
+-------------------------+
| Tables_in_slurm_acct_db |
+-------------------------+
| acct_coord_table |
| acct_table |
| clus_res_table |
| cluster_table |
| qos_table |
| res_table |
| table_defs_table |
| tres_table |
| txn_table |
| user_table |
+-------------------------+
10 rows in set (0.01 sec)

 

Time to configure Munge auth daemon

create-munge-key
systemctl start munge
systemctl status munge
systemctl enable munge

And finally the actual SLURM daemon

Stick something alongside these lines to your /etc/slurm/slurm.conf

# egrep -v '^#|^$' /etc/slurm/slurm.conf
ClusterName=efg
ControlMachine=efg01
SlurmUser=slurm
SlurmctldPort=6817
SlurmdPort=6818
AuthType=auth/munge
StateSaveLocation=/home/slurm/tmp
SlurmdSpoolDir=/tmp/slurmd
SwitchType=switch/none
MpiDefault=none
SlurmctldPidFile=/var/run/slurmctld.pid
SlurmdPidFile=/var/run/slurmd.pid
Proctracktype=proctrack/linuxproc
CacheGroups=0
ReturnToService=0
SlurmctldTimeout=300
SlurmdTimeout=300
InactiveLimit=0
MinJobAge=300
KillWait=30
Waittime=0
SchedulerType=sched/backfill
SelectType=select/linear
FastSchedule=1
SlurmctldDebug=3
SlurmdDebug=3
JobCompType=jobcomp/none
JobAcctGatherType=jobacct_gather/linux
JobAcctGatherFrequency=30
AccountingStorageType=accounting_storage/slurmdbd
NodeName=efg01 CPUs=16 State=UNKNOWN
PartitionName=debug Nodes=efg01 Default=YES MaxTime=INFINITE State=UP

and see if your service can start

systemctl start slurm
systemctl status slurm
systemctl enable slurm

 

 

Testing SLURM

 

scontrol show daemons
srun --ntasks=16 --label /bin/hostname
sbatch # submit script
salloc # create job alloc and start shell, interactive
srun # create job alloc and launch job step, MPI
sattach #
sinfo
sinfo --Node
sinfo -p debug
squeue -i60
squeue -u dyzio -t all
squeue -s -p debug
smap
sview
scontrol show partition
scontrol update PartitionName=debug MaxTime=60
scontrol show config
sacct -u dyzio
sacct -p debug
sstat
sreport
sacctmgr
sprio
sshare
sdiag
scancel --user=dyzio --state=pending
scancel 444445
strigger
# Submit a job array with index values between 0 and 31
sbatch --array=0-31 -N1 tmp
# Submit a job array with index values of 1, 3, 5 and 7
sbatch --array=1,3,5,7 -N1 tmp
# Submit a job array with index values between 1 and 7
# with a step size of 2 (i.e. 1, 3, 5 and 7)
sbatch --array=1-7:2 -N1 tmp

 

 

Any troubles?

Checkout /var/log/messages /var/log/slurm/slurmdbd.log and output from

systemctl status slurm slurmdbd munge -l

That should get you started. Drop a comment below if it did.

Dec 172015
 

Come Back Later

These are just examples to pick your imagination, please do refrain from blindly coping and pasting as you can cut yourself off 😀

UFW quick setup (Debian/Ubuntu)

 

aptitude install ufw
ufw allow 22/tcp
ufw allow from 124.111.0.0/16 to any port 22
ufw allow 80/tcp
ufw allow 443/tcp
ufw allow proto tcp from IP.ADD.Here to any port 3306
ufw allow proto udp from IP.ADD.Here to any port 161
ufw allow proto udp from IP.ADD.Here to any port 161
ufw allow from 10.10.1.0/24
# allow traffic on interface
ufw allow in on em3

ufw enable
ufw status
ufw status numbered
ufw delete 10
# ufw supports connection rate limiting, which is useful for protecting against brute-force login attacks. 
# ufw will deny connections if an IP address has attempted to initiate 6 or more connections in the last 30 seconds.
ufw limit ssh
ufw logging off #once it working stop flooding logs!

# ufw on KVM server, edit /etc/ufw/sysctl.conf
# and make sure we don't filter packets to our libvirt guests
net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-arptables = 0

firewall-cmd quick setup (RedHat/CentOS 7)

firewall-cmd --get-services
firewall-cmd --permanent --add-service=http
firewall-cmd --permanent --add-service=https

# punch a hole for CIFS
firewall-cmd --permanent --add-service=samba

firewall-cmd --permanent --add-port 5989/tcp
firewall-cmd --list-all-zones
firewall-cmd --list-ports

firewall-cmd --get-active-zones
firewall-cmd --zone=public --list-all
firewall-cmd --permanent --remove-service=dhcpv6-client

firewall-cmd --zone=trusted --add-source=10.100.1.18 --permanent
firewall-cmd --reload

Some say firewalld is too complicated for most server type of use, who am I to judge? Alegedly firewalld also requires Network Manager so if Network Manager is disabled then we need to go back. If you want to replace firewalld with good ol’ iptables:

systemctl disable firewalld
systemctl stop firewalld
yum -y install iptables-services
touch /etc/sysconfig/iptables
touch /etc/sysconfig/iptables6
systemctl start iptables
systemctl start ip6tables
systemctl enable iptables
systemctl enable ip6tables