How to enable group detection in Grid Engine usersets

Shaun
Shaun Altair Community Member
edited August 8 in Community Q&A

Hello,

I'm trying to set up Altair Grid Engine with two "departments," using UNIX groups to specify which users are in which department.  The departments have 50/50 access to our cluster resources.  If I add users one-by-one to the user set, it works fine.  However, if I add their group using "@groupname", users in that group get no priority on the cluster when submitting jobs.

Our cluster uses FreeIPA to authenticate users and add them to groups.  I suspect this is the issue, that Grid Engine for some reason can't identify that a user is part of a group assigned to a department.  Is there some way to fix this?

Thanks

Tagged:

Answers

  • Shaun
    Shaun Altair Community Member
    edited August 8

    Just in case it helps someone else, here’s how we solved this with Altair's help.  It turns out it’s simply not possible to have grid engine detect the user’s secondary group and assign them to the correct department based on that.  You can add "@group" in a userset but it only checks the user's primary group, which in our case is unique to each user for security reasons.

    However, we were able to achieve the desired functionality using “Projects” instead of “Departments.”  “Projects” can be specified in the qsub/qrsh submission command, but we created a JSV script to set the project at run-time based on the user’s groups. 

    In the below script, we created two projects, called “dept1” and “dept2,” and set up our functional ticketing policy to weigh jobs based on which project they’re in rather than department (All users are now just part of the defaultdepartment).  The script checks if a user is part of “group1” or “group2” and assigns them to the appropriate Project.

    #!/usr/bin/env python3 import grp, os, sys jsvpath = "{0}/util/resources/jsv".format(os.getenv("SGE_ROOT")) sys.path.append(jsvpath) from JSV import * def jsv_on_start():     jsv_send_env() def jsv_on_verify():     """This function is run automatically by jsv_main()     Detects if a user is part of group1 or group2     and assign to appropriate project"""     user = jsv_get_param('USER')     if user in grp.getgrnam('group1').gr_mem:         jsv_set_param('P', 'dept1')     elif user in grp.getgrnam('group2').gr_mem:         jsv_set_param('P', 'dept2')     else:         return jsv_reject("User not in a valid group!")     return jsv_accept("Job accepted with project assignment.") if __name__ == '__main__':     jsv_main()

Categories