Altair RISE

A program to recognize and reward our most engaged community members

Nominate Yourself Now!

How to enable group detection in Grid Engine usersets

Hello,

I'm trying to set up Altair Grid Engine with two "departments," using UNIX groups to specify which users are in which department. The departments have 50/50 access to our cluster resources. If I add users one-by-one to the user set, it works fine. However, if I add their group using "@groupname", users in that group get no priority on the cluster when submitting jobs.

Our cluster uses FreeIPA to authenticate users and add them to groups. I suspect this is the issue, that Grid Engine for some reason can't identify that a user is part of a group assigned to a department. Is there some way to fix this?

Thanks

Find more posts tagged with

English

Grid Engine

v2023.1

Accepted answers

All comments

Shaun

Just in case it helps someone else, here’s how we solved this with Altair's help. It turns out it’s simply not possible to have grid engine detect the user’s secondary group and assign them to the correct department based on that. You can add "@group" in a userset but it only checks the user's primary group, which in our case is unique to each user for security reasons.

However, we were able to achieve the desired functionality using “Projects” instead of “Departments.” “Projects” can be specified in the qsub/qrsh submission command, but we created a JSV script to set the project at run-time based on the user’s groups.

In the below script, we created two projects, called “dept1” and “dept2,” and set up our functional ticketing policy to weigh jobs based on which project they’re in rather than department (All users are now just part of the defaultdepartment). The script checks if a user is part of “group1” or “group2” and assigns them to the appropriate Project.

#!/usr/bin/env python3 import grp, os, sys jsvpath = "{0}/util/resources/jsv".format(os.getenv("SGE_ROOT")) sys.path.append(jsvpath) from JSV import * def jsv_on_start():     jsv_send_env() def jsv_on_verify():     """This function is run automatically by jsv_main()     Detects if a user is part of group1 or group2     and assign to appropriate project"""     user = jsv_get_param('USER')     if user in grp.getgrnam('group1').gr_mem:         jsv_set_param('P', 'dept1')     elif user in grp.getgrnam('group2').gr_mem:         jsv_set_param('P', 'dept2')     else:         return jsv_reject("User not in a valid group!")     return jsv_accept("Job accepted with project assignment.") if __name__ == '__main__':     jsv_main()