SHA256
1
0
forked from pool/slurm

Accepting request 762650 from home:eeich:branches:network:cluster

- Update to version 19.05.5 (jsc#SLE-8491)
  * Check %docdir/NEWS for details.
  * Includes security fixes CVE-2019-19727, CVE-2019-19728,
    CVE-2019-12838.
  * Disable i586 builds as this is no longer supported.
  * Create libnss_slurm package to support user and group resolution
    thru slurmstepd.
  * slurm-2.4.4-rpath.patch -> Remove-rpath-from-build.patch
    Obsoleted:
    - pam_slurm_adopt-avoid-running-outside-of-the-sshd-PA.patch
    - pam_slurm_adopt-send_user_msg-don-t-copy-undefined-d.patch
    - pam_slurm_adopt-use-uid-to-determine-whether-root-is.patch

OBS-URL: https://build.opensuse.org/request/show/762650
OBS-URL: https://build.opensuse.org/package/show/network:cluster/slurm?expand=0&rev=118
This commit is contained in:
Christian Goll 2020-01-10 10:38:48 +00:00 committed by Git OBS Bridge
parent 69c13014d9
commit 0581b91660
8 changed files with 120 additions and 448 deletions

View File

@ -1,7 +1,20 @@
diff -aruN slurm-2.4.4.orig/contribs/perlapi/libslurm/perl/Makefile.PL.in slurm-2.4.4/contribs/perlapi/libslurm/perl/Makefile.PL.in From: Egbert Eich <eich@suse.com>
--- slurm-2.4.4.orig/contribs/perlapi/libslurm/perl/Makefile.PL.in 2012-11-02 17:46:12.000000000 +0100 Date: Wed Jan 8 20:56:25 2020 +0100
+++ slurm-2.4.4/contribs/perlapi/libslurm/perl/Makefile.PL.in 2012-11-17 17:42:51.919815606 +0100 Subject: Remove rpath from build
@@ -77,7 +77,7 @@ Patch-mainline: never
Git-commit: f79af97c35f38775a7a90cd8e4b98814729d9a9c
References:
Signed-off-by: Egbert Eich <eich@suse.com>
---
slurm-19.05.5/contribs/perlapi/libslurm/perl/Makefile.PL.in | 4 ++--
slurm-19.05.5/contribs/perlapi/libslurmdb/perl/Makefile.PL.in | 4 ++--
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/slurm-19.05.5/contribs/perlapi/libslurm/perl/Makefile.PL.in b/slurm-19.05.5/contribs/perlapi/libslurm/perl/Makefile.PL.in
index fcae437..797c943 100644
--- a/slurm-19.05.5/contribs/perlapi/libslurm/perl/Makefile.PL.in
+++ b/slurm-19.05.5/contribs/perlapi/libslurm/perl/Makefile.PL.in
@@ -77,7 +77,7 @@ DESTDIR_BUG
# AIX has problems with not always having the correct # AIX has problems with not always having the correct
# flags so we have to add some :) # flags so we have to add some :)
my $os = lc(`uname`); my $os = lc(`uname`);
@ -10,7 +23,7 @@ diff -aruN slurm-2.4.4.orig/contribs/perlapi/libslurm/perl/Makefile.PL.in slurm-
$other_ld_flags = " -brtl -G -bnoentry -bgcbypass:1000 -bexpfull" $other_ld_flags = " -brtl -G -bnoentry -bgcbypass:1000 -bexpfull"
if $os =~ "aix"; if $os =~ "aix";
@@ -88,7 +88,7 @@ @@ -88,7 +88,7 @@ WriteMakefile(
($] >= 5.005 ? ## Add these new keywords supported since 5.005 ($] >= 5.005 ? ## Add these new keywords supported since 5.005
(ABSTRACT_FROM => 'lib/Slurm.pm', # retrieve abstract from module (ABSTRACT_FROM => 'lib/Slurm.pm', # retrieve abstract from module
AUTHOR => 'Hongjia Cao <hjcao@nudt.edu.cn>') : ()), AUTHOR => 'Hongjia Cao <hjcao@nudt.edu.cn>') : ()),
@ -19,10 +32,11 @@ diff -aruN slurm-2.4.4.orig/contribs/perlapi/libslurm/perl/Makefile.PL.in slurm-
DEFINE => '', # e.g., '-DHAVE_SOMETHING' DEFINE => '', # e.g., '-DHAVE_SOMETHING'
INC => "-I. -I@top_srcdir@ -I@top_srcdir@/contribs/perlapi/common -I@top_builddir@", INC => "-I. -I@top_srcdir@ -I@top_srcdir@/contribs/perlapi/common -I@top_builddir@",
# Un-comment this if you add C files to link with later: # Un-comment this if you add C files to link with later:
diff -aruN slurm-2.4.4.orig/contribs/perlapi/libslurmdb/perl/Makefile.PL.in slurm-2.4.4/contribs/perlapi/libslurmdb/perl/Makefile.PL.in diff --git a/slurm-19.05.5/contribs/perlapi/libslurmdb/perl/Makefile.PL.in b/slurm-19.05.5/contribs/perlapi/libslurmdb/perl/Makefile.PL.in
--- slurm-2.4.4.orig/contribs/perlapi/libslurmdb/perl/Makefile.PL.in 2012-11-02 17:46:12.000000000 +0100 index 2db028c..83eb4e2 100644
+++ slurm-2.4.4/contribs/perlapi/libslurmdb/perl/Makefile.PL.in 2012-11-17 17:41:27.163818599 +0100 --- a/slurm-19.05.5/contribs/perlapi/libslurmdb/perl/Makefile.PL.in
@@ -76,7 +76,7 @@ +++ b/slurm-19.05.5/contribs/perlapi/libslurmdb/perl/Makefile.PL.in
@@ -76,7 +76,7 @@ DESTDIR_BUG
# AIX has problems with not always having the correct # AIX has problems with not always having the correct
# flags so we have to add some :) # flags so we have to add some :)
my $os = lc(`uname`); my $os = lc(`uname`);
@ -31,11 +45,11 @@ diff -aruN slurm-2.4.4.orig/contribs/perlapi/libslurmdb/perl/Makefile.PL.in slur
$other_ld_flags = " -brtl -G -bnoentry -bgcbypass:1000 -bexpfull" $other_ld_flags = " -brtl -G -bnoentry -bgcbypass:1000 -bexpfull"
if $os =~ "aix"; if $os =~ "aix";
@@ -87,7 +87,7 @@ @@ -87,7 +87,7 @@ WriteMakefile(
($] >= 5.005 ? ## Add these new keywords supported since 5.005 ($] >= 5.005 ? ## Add these new keywords supported since 5.005
(ABSTRACT_FROM => 'Slurmdb.pm', # retrieve abstract from module (ABSTRACT_FROM => 'Slurmdb.pm', # retrieve abstract from module
AUTHOR => 'Don Lipari <lipari@llnl.gov>') : ()), AUTHOR => 'Don Lipari <lipari@llnl.gov>') : ()),
- LIBS => ["-L@top_builddir@/src/db_api/.libs -L@prefix@/lib -lslurmdb"], # e.g., '-lm' - LIBS => ["-L@top_builddir@/src/api/.libs -L@prefix@/lib -lslurm"], # e.g., '-lm'
+ LIBS => ["-L@prefix@/lib -lslurmdb"], # e.g., '-lm' + LIBS => ["-L@prefix@/lib -lslurmdb"], # e.g., '-lm'
DEFINE => '', # e.g., '-DHAVE_SOMETHING' DEFINE => '', # e.g., '-DHAVE_SOMETHING'
INC => "-I. -I@top_srcdir@ -I@top_srcdir@/contribs/perlapi/common -I@top_builddir@", INC => "-I. -I@top_srcdir@ -I@top_srcdir@/contribs/perlapi/common -I@top_builddir@",

View File

@ -1,298 +0,0 @@
From 4c38389917a54e137a4578b45f0f6a821c8c591a Mon Sep 17 00:00:00 2001
From: Matthias Gerstner <matthias.gerstner@suse.de>
Date: Wed, 5 Dec 2018 15:03:19 +0100
Subject: [PATCH 1/3] pam_slurm_adopt: avoid running outside of the sshd PAM
service context
This pam module is tailored towards running in the context of remote ssh
logins. When running in a different context like a local sudo call then
the module could be influenced by e.g. passing environment variables
like SLURM_CONF.
By limiting the module to only perform its actions when running in the
sshd context by default this situation can be avoided. An additional pam
module argument service=<service> allows an Administrator to control
this behaviour, if different behaviour is explicitly desired.
Signed-off-by: Christian Goll <cgoll@suse.de>
---
contribs/pam_slurm_adopt/README | 172 ++++++++++++++++++++++++++++-
contribs/pam_slurm_adopt/pam_slurm_adopt.c | 46 ++++++++
2 files changed, 217 insertions(+), 1 deletion(-)
diff --git a/contribs/pam_slurm_adopt/README b/contribs/pam_slurm_adopt/README
index 07039740f8..8baece6d2e 100644
--- a/contribs/pam_slurm_adopt/README
+++ b/contribs/pam_slurm_adopt/README
@@ -1,5 +1,175 @@
Current documentation can be found here:
https://slurm.schedmd.com/pam_slurm_adopt.html
-
(Which is generated from docs/html/pam_slurm_adopt.shtml.)
+
+=======
+AUTHOR
+ Ryan Cox <ryan_cox@byu.edu>
+
+MODULE TYPES PROVIDED
+ account
+
+DESCRIPTION
+ This module attempts to determine the job which originated this connection.
+ The module is configurable; these are the default steps:
+
+ 1) Check the local stepd for a count of jobs owned by the non-root user
+ a) If none, deny (option action_no_jobs)
+ b) If only one, adopt the process into that job
+ c) If multiple, continue
+ 2) Determine src/dst IP/port of socket
+ 3) Issue callerid RPC to slurmd at IP address of source
+ a) If the remote slurmd can identify the source job, adopt into that job
+ b) If not, continue
+ 4) Pick a random local job from the user to adopt into (option action_unknown)
+
+ Jobs are adopted into a job's allocation step.
+
+MODULE OPTIONS
+This module has the following options (* = default):
+
+ ignore_root - By default, all root connections are ignored. If the RPC
+ is sent to a node which drops packets to the slurmd port, the
+ RPC will block for some time before failing. This is
+ unlikely to be desirable. Likewise, root may be trying to
+ administer the system and not do work that should be in a job.
+ The job may trigger oom-killer or just exit. If root restarts
+ a service or similar, it will be tracked and killed by Slurm
+ when the job exits. This sounds bad because it is bad.
+
+ 1* = Let the connection through without adoption
+ 0 = I am crazy. I want random services to die when root jobs exit. I
+ also like it when RPCs block for a while then time out.
+
+
+ action_no_jobs - The action to perform if the user has no jobs on the node
+
+ ignore = Do nothing. Fall through to the next pam module
+ deny* = Deny the connection
+
+
+ action_unknown - The action to perform when the user has multiple jobs on
+ the node *and* the RPC does not locate the source job.
+ If the RPC mechanism works properly in your environment,
+ this option will likely be relevant *only* when connecting
+ from a login node.
+
+ newest* = Pick the newest job on the node. The "newest" job is chosen
+ based on the mtime of the job's step_extern cgroup; asking
+ Slurm would require an RPC to the controller. The user can ssh
+ in but may be adopted into a job that exits earlier than the
+ job they intended to check on. The ssh connection will at
+ least be subject to appropriate limits and the user can be
+ informed of better ways to accomplish their objectives if this
+ becomes a problem
+ allow = Let the connection through without adoption
+ deny = Deny the connection
+
+
+ action_adopt_failure - The action to perform if the process is unable to be
+ adopted into any job for whatever reason. If the
+ process cannot be adopted into the job identified by
+ the callerid RPC, it will fall through to the
+ action_unknown code and try to adopt there. A failure
+ at that point or if there is only one job will result
+ in this action being taken.
+
+ allow* = Let the connection through without adoption
+ deny = Deny the connection
+
+ action_generic_failure - The action to perform if there are certain failures
+ such as the inability to talk to the local slurmd
+ or if the kernel doesn't offer the correct
+ facilities.
+
+ ignore* = Do nothing. Fall through to the next pam module
+ allow = Let the connection through without adoption
+ deny = Deny the connection
+
+ log_level - See SlurmdDebug in slurm.conf(5) for available options. The
+ default log_level is info.
+
+ disable_x11 - turn off Slurm built-in X11 forwarding support.
+
+ 1 = Do not check for Slurm's X11 forwarding support, and no not
+ alter the DISPLAY variable.
+ 0* = If the step the job is adopted into has X11 enabled, set
+ the DISPLAY variable in the processes environment accordingly.
+
+ service - The pam service name for which this module should run. By default
+ it only runs for sshd for which it was designed for. A
+ different service name can be specified like "login" or "*" to
+ allow the module to in any service context. For local pam logins
+ this module could cause unexpected behaviour or even security
+ issues. Therefore if the service name does not match then this
+ module will not perform the adoption logic and returns
+ PAM_IGNORE immediately.
+
+SLURM.CONF CONFIGURATION
+ PrologFlags=contain must be set in slurm.conf. This sets up the "extern" step
+ into which ssh-launched processes will be adopted.
+
+ **** IMPORTANT ****
+ PrologFlags=contain must be in place *before* using this module.
+ The module bases its checks on local steps that have already been launched. If
+ the user has no steps on the node, such as the extern step, the module will
+ assume that the user has no jobs allocated to the node. Depending on your
+ configuration of the pam module, you might deny *all* user ssh attempts.
+
+NOTES
+ This module and the related RPC currently support Linux systems which
+ have network connection information available through /proc/net/tcp{,6}. A
+ proccess's sockets must exist as symlinks in its /proc/self/fd directory.
+
+ The RPC data structure itself is OS-agnostic. If support is desired for a
+ different OS, relevant code must be added to find one's socket information
+ then match that information on the remote end to a particular process which
+ Slurm is tracking.
+
+ IPv6 is supported by the RPC data structure itself and the code which sends it
+ and receives it. Sending the RPC to an IPv6 address is not currently
+ supported by Slurm. Once support is added, remove the relevant check in
+ slurm_network_callerid().
+
+ For the action_unknown=newest setting to work, the memory cgroup must be in
+ use so that the code can check mtimes of cgroup directories. If you would
+ prefer to use a different subsystem, modify the _indeterminate_multiple
+ function.
+
+FIREWALLS, IP ADDRESSES, ETC.
+ slurmd should be accessible on any IP address from which a user might launch
+ ssh. The RPC to determine the source job must be able to reach the slurmd
+ port on that particular IP address.
+
+ If there is no slurmd on the source node, such as on a login node, it is
+ better to have the RPC be rejected rather than silently dropped. This
+ will allow better responsiveness to the RPC initiator.
+
+EXAMPLES / SUGGESTED USAGE
+ Use of this module is recommended on any compute node.
+
+ Add the following line to the appropriate file in /etc/pam.d, such as
+ system-auth or sshd:
+
+ account sufficient pam_slurm_adopt.so
+
+ If you always want to allow access for an administrative group (e.g. wheel),
+ stack the pam_access module after pam_slurm_adopt. A success with
+ pam_slurm_adopt is sufficient to allow access but the pam_access module can
+ allow others, such as staff, access even without jobs.
+
+ account sufficient pam_slurm_adopt.so
+ account required pam_access.so
+
+
+ Then edit the pam_access configuration file (/etc/security/access.conf):
+
+ +:wheel:ALL
+ -:ALL:ALL
+
+ When access is denied, the user will receive a relevant error message.
+
+ pam_systemd.so is known to not play nice with Slurm's usage of cgroups. It is
+ recommended that you disable it or possibly add pam_slurm_adopt.so after
+ pam_systemd.so.
diff --git a/contribs/pam_slurm_adopt/pam_slurm_adopt.c b/contribs/pam_slurm_adopt/pam_slurm_adopt.c
index 51f21e8729..dccad90185 100644
--- a/contribs/pam_slurm_adopt/pam_slurm_adopt.c
+++ b/contribs/pam_slurm_adopt/pam_slurm_adopt.c
@@ -94,6 +94,7 @@ static struct {
log_level_t log_level;
char *node_name;
bool disable_x11;
+ char *pam_service;
} opts;
static void _init_opts(void)
@@ -107,6 +108,7 @@ static void _init_opts(void)
opts.log_level = LOG_LEVEL_INFO;
opts.node_name = NULL;
opts.disable_x11 = false;
+ opts.pam_service = NULL;
}
static slurm_cgroup_conf_t *slurm_cgroup_conf = NULL;
@@ -576,6 +578,9 @@ static void _parse_opts(pam_handle_t *pamh, int argc, const char **argv)
opts.node_name = xstrdup(v);
} else if (!xstrncasecmp(*argv, "disable_x11=1", 13)) {
opts.disable_x11 = true;
+ } else if (!xstrncasecmp(*argv, "service=", 8)) {
+ v = (char *)(8 + *argv);
+ opts.pam_service = xstrdup(v);
}
}
@@ -601,6 +606,40 @@ static int _load_cgroup_config()
return SLURM_SUCCESS;
}
+/* Make sure to only continue if we're running in the sshd context
+ *
+ * If this module is used locally e.g. via sudo then unexpected things might
+ * happen (e.g. passing environment variables interpreted by slurm code like
+ * SLURM_CONF or inheriting file descriptors that are used by _try_rpc()).
+ */
+static int check_pam_service(pam_handle_t *pamh)
+{
+ const char *allowed = opts.pam_service ? opts.pam_service : "sshd";
+ char *service = NULL;
+ int rc;
+
+ if (!strcmp(allowed, "*"))
+ // any service name is allowed
+ return PAM_SUCCESS;
+
+ rc = pam_get_item(pamh, PAM_SERVICE, (void*)&service);
+
+ if (rc != PAM_SUCCESS) {
+ pam_syslog(pamh, LOG_ERR, "failed to obtain PAM_SERVICE name");
+ return rc;
+ }
+ else if (service == NULL) {
+ // this shouldn't actually happen
+ return PAM_BAD_ITEM;
+ }
+
+ if (!strcmp(service, allowed)) {
+ return PAM_SUCCESS;
+ }
+
+ pam_syslog(pamh, LOG_INFO, "Not adopting process since this is not an allowed pam service");
+ return PAM_IGNORE;
+}
/* Parse arguments, etc then get my socket address/port information. Attempt to
* adopt this process into a job in the following order:
@@ -622,6 +661,12 @@ PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags
_init_opts();
_parse_opts(pamh, argc, argv);
+
+ retval = check_pam_service(pamh);
+ if (retval != PAM_SUCCESS) {
+ return retval;
+ }
+
_log_init(opts.log_level);
switch (opts.action_generic_failure) {
@@ -765,6 +810,7 @@ cleanup:
xfree(buf);
xfree(slurm_cgroup_conf);
xfree(opts.node_name);
+ xfree(opts.pam_service);
return rc;
}
--
2.16.4

View File

@ -1,32 +0,0 @@
From a5d4481c05e2afa1ff1920446663e66c48ef9277 Mon Sep 17 00:00:00 2001
From: Matthias Gerstner <matthias.gerstner@suse.de>
Date: Wed, 5 Dec 2018 14:08:07 +0100
Subject: [PATCH 2/3] pam_slurm_adopt: send_user_msg: don't copy undefined data
into message
Using memcpy, an amount of undefined data from the stack will be copied
into the target buffer. While pam_conv probably doesn't evalute the
extra data it still unclean to do that. It could lead up to an
information leak somewhen.
Signed-off-by: Christian Goll <cgoll@suse.de>
---
contribs/pam_slurm_adopt/helper.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/contribs/pam_slurm_adopt/helper.c b/contribs/pam_slurm_adopt/helper.c
index 9c3e202a87..1bac0a0fcf 100644
--- a/contribs/pam_slurm_adopt/helper.c
+++ b/contribs/pam_slurm_adopt/helper.c
@@ -128,7 +128,7 @@ send_user_msg(pam_handle_t *pamh, const char *mesg)
/* Construct msg to send to app.
*/
- memcpy(str, mesg, sizeof(str));
+ strncpy(str, mesg, sizeof(str));
msg[0].msg_style = PAM_ERROR_MSG;
msg[0].msg = str;
pmsg[0] = &msg[0];
--
2.16.4

View File

@ -1,56 +0,0 @@
From d630acbf5709dcf03f9e8cd1739a77cfe6c1e4b8 Mon Sep 17 00:00:00 2001
From: Matthias Gerstner <matthias.gerstner@suse.de>
Date: Wed, 5 Dec 2018 15:08:53 +0100
Subject: [PATCH 3/3] pam_slurm_adopt: use uid to determine whether root is
logging on
In some systems there can be multiple user accounts for uid 0, therefore
the check for literal user name "root" might be insufficient.
Signed-off-by: Christian Goll <cgoll@suse.de>
---
contribs/pam_slurm_adopt/pam_slurm_adopt.c | 21 ++++++++++-----------
1 file changed, 10 insertions(+), 11 deletions(-)
diff --git a/contribs/pam_slurm_adopt/pam_slurm_adopt.c b/contribs/pam_slurm_adopt/pam_slurm_adopt.c
index dccad90185..f1d062885e 100644
--- a/contribs/pam_slurm_adopt/pam_slurm_adopt.c
+++ b/contribs/pam_slurm_adopt/pam_slurm_adopt.c
@@ -708,17 +708,6 @@ PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags
opts.ignore_root = 1;
}
- /* Ignoring root is probably best but the admin can allow it */
- if (!strcmp(user_name, "root")) {
- if (opts.ignore_root) {
- info("Ignoring root user");
- return PAM_IGNORE;
- } else {
- /* This administrator is crazy */
- info("Danger!!! This is a connection attempt by root and ignore_root=0 is set! Hope for the best!");
- }
- }
-
/* Calculate buffer size for getpwnam_r */
bufsize = sysconf(_SC_GETPW_R_SIZE_MAX);
if (bufsize == -1)
@@ -740,6 +729,16 @@ PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags
if (_load_cgroup_config() != SLURM_SUCCESS)
return rc;
+ /* Ignoring root is probably best but the admin can allow it */
+ if (pwd.pw_uid == 0) {
+ if (opts.ignore_root) {
+ info("Ignoring root user");
+ return PAM_IGNORE;
+ } else {
+ /* This administrator is crazy */
+ info("Danger!!! This is a connection attempt by root (user id 0) and ignore_root=0 is set! Hope for the best!");
+ }
+ }
/*
* Check if there are any steps on the node from any user. A failure here
--
2.16.4

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:a7103b45c58565b580f94cd68bc546344ffaa7dd0e349d23ec849e5acebff9ad
size 6210190

3
slurm-19.05.5.tar.bz2 Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:715be211b7bef80d06df0011ec91c51ab740031bd9ff722a5e60c595feaad282
size 6232295

View File

@ -1,3 +1,19 @@
-------------------------------------------------------------------
Wed Jan 8 20:01:19 UTC 2020 - Egbert Eich <eich@suse.com>
- Update to version 19.05.5 (jsc#SLE-8491)
* Check %docdir/NEWS for details.
* Includes security fixes CVE-2019-19727, CVE-2019-19728,
CVE-2019-12838.
* Disable i586 builds as this is no longer supported.
* Create libnss_slurm package to support user and group resolution
thru slurmstepd.
* slurm-2.4.4-rpath.patch -> Remove-rpath-from-build.patch
Obsoleted:
- pam_slurm_adopt-avoid-running-outside-of-the-sshd-PA.patch
- pam_slurm_adopt-send_user_msg-don-t-copy-undefined-d.patch
- pam_slurm_adopt-use-uid-to-determine-whether-root-is.patch
------------------------------------------------------------------- -------------------------------------------------------------------
Thu Jan 2 09:14:56 UTC 2020 - Egbert Eich <eich@suse.com> Thu Jan 2 09:14:56 UTC 2020 - Egbert Eich <eich@suse.com>

View File

@ -17,15 +17,20 @@
# Check file META in sources: update so_version to (API_CURRENT - API_AGE) # Check file META in sources: update so_version to (API_CURRENT - API_AGE)
%define so_version 33 %define so_version 34
%define ver 18.08.9 %define ver 19.05.5
%define _ver _18_08 %define _ver _19_05
%define dl_ver %{ver} %define dl_ver %{ver}
# so-version is 0 and seems to be stable # so-version is 0 and seems to be stable
%define pmi_so 0 %define pmi_so 0
%define nss_so 2
%define pname slurm %define pname slurm
%ifarch i586
ExclusiveArch: do_not_build
%endif
%if 0%{?sle_version} == 120200 %if 0%{?sle_version} == 120200
%define base_ver 1702 %define base_ver 1702
%endif %endif
@ -42,6 +47,9 @@
%if 0%{?base_ver} > 0 && 0%{?base_ver} < %(echo %{_ver} | tr -d _) %if 0%{?base_ver} > 0 && 0%{?base_ver} < %(echo %{_ver} | tr -d _)
%define upgrade 1 %define upgrade 1
%endif %endif
%if !0%{?is_opensuse} && 0%{!?upgrade:1} && 0%{?sle_version} < 150200
%define legacy_cray 1
%endif
# Build with PMIx only for SLE >= 15.2 and TW # Build with PMIx only for SLE >= 15.2 and TW
%if 0%{?sle_version} >= 150200 || 0%{suse_version} >= 1550 %if 0%{?sle_version} >= 150200 || 0%{suse_version} >= 1550
@ -111,7 +119,7 @@ Group: Productivity/Clustering/Computing
URL: https://www.schedmd.com URL: https://www.schedmd.com
Source: https://download.schedmd.com/slurm/%{pname}-%{dl_ver}.tar.bz2 Source: https://download.schedmd.com/slurm/%{pname}-%{dl_ver}.tar.bz2
Source1: slurm-rpmlintrc Source1: slurm-rpmlintrc
Patch0: slurm-2.4.4-rpath.patch Patch0: Remove-rpath-from-build.patch
Patch1: slurm-2.4.4-init.patch Patch1: slurm-2.4.4-init.patch
Patch2: pam_slurm-Initialize-arrays-and-pass-sizes.patch Patch2: pam_slurm-Initialize-arrays-and-pass-sizes.patch
Patch3: split-xdaemon-in-xdaemon_init-and-xdaemon_finish-for.patch Patch3: split-xdaemon-in-xdaemon_init-and-xdaemon_finish-for.patch
@ -121,9 +129,6 @@ Patch6: slurmdbd-uses-xdaemon_-for-systemd.patch
Patch7: slurmsmwd-uses-xdaemon_-for-systemd.patch Patch7: slurmsmwd-uses-xdaemon_-for-systemd.patch
Patch8: removed-deprecated-xdaemon.patch Patch8: removed-deprecated-xdaemon.patch
Patch9: slurmctld-rerun-agent_init-when-backup-controller-takes-over.patch Patch9: slurmctld-rerun-agent_init-when-backup-controller-takes-over.patch
Patch10: pam_slurm_adopt-avoid-running-outside-of-the-sshd-PA.patch
Patch11: pam_slurm_adopt-send_user_msg-don-t-copy-undefined-d.patch
Patch12: pam_slurm_adopt-use-uid-to-determine-whether-root-is.patch
%{?upgrade:Provides: %{pname} = %{version}} %{?upgrade:Provides: %{pname} = %{version}}
%{?upgrade:Conflicts: %{pname}} %{?upgrade:Conflicts: %{pname}}
@ -240,29 +245,37 @@ through Perl.
Summary: Libraries for SLURM Summary: Libraries for SLURM
Group: System/Libraries Group: System/Libraries
Requires: %{name}-config = %{version} Requires: %{name}-config = %{version}
Provides: libslurm = %{version}
Conflicts: libslurm
%description -n %{libslurm} %description -n %{libslurm}
This package contains the library needed to run programs dynamically linked This package contains the library needed to run programs dynamically linked
with SLURM. with SLURM.
%package -n libpmi%{pmi_so}%{?upgrade:%{_ver}} %package -n libpmi%{pmi_so}
Summary: Libraries for SLURM Summary: SLURM PMI Library
Group: System/Libraries Group: System/Libraries
%{?upgrade:Provides: libpmi%{pmi_so} = %{version}}
%{?upgrade:Conflicts: libpmi%{pmi_so}}
%description -n libpmi%{pmi_so}%{?upgrade:%{_ver}} %description -n libpmi%{pmi_so}
This package contains the library needed to run programs dynamically linked This package contains the library needed to run programs dynamically linked
with SLURM. with SLURM.
%package -n libnss_%{pname}%{nss_so}
Summary: NSS Plugin for SLURM
Group: System/Libraries
%description -n libnss_%{pname}%{nss_so}
libnss_slurm is an optional NSS plugin that permits password and group
resolution for a job on a compute node to be serviced through the local
slurmstepd process.
%package devel %package devel
Summary: Development package for SLURM Summary: Development package for SLURM
Group: Development/Libraries/C and C++ Group: Development/Libraries/C and C++
Requires: %{libslurm} = %{version} Requires: %{libslurm} = %{version}
Requires: %{name} = %{version} Requires: %{name} = %{version}
Requires: libpmi%{pmi_so}%{?upgrade:%{_ver}} = %{version} Requires: libpmi%{pmi_so} = %{version}
%{?upgrade:Provides: %{pname}-devel = %{version}} %{?upgrade:Provides: %{pname}-devel = %{version}}
%{?upgrade:Conflicts: %{pname}-devel} %{?upgrade:Conflicts: %{pname}-devel}
@ -449,6 +462,7 @@ This package contains just the minmal code to run a compute node.
%package config %package config
Summary: Config files and directories for slurm services Summary: Config files and directories for slurm services
Group: Productivity/Clustering/Computing Group: Productivity/Clustering/Computing
Requires: logrotate
%if 0%{?suse_version} <= 1140 %if 0%{?suse_version} <= 1140
Requires(pre): pwdutils Requires(pre): pwdutils
%else %else
@ -493,7 +507,7 @@ Contains also cray specific documentation.
%prep %prep
%setup -q -n %{pname}-%{dl_ver} %setup -q -n %{pname}-%{dl_ver}
%patch0 -p1 %patch0 -p2
%patch1 -p1 %patch1 -p1
%patch2 -p1 %patch2 -p1
%patch3 -p1 %patch3 -p1
@ -504,9 +518,6 @@ Contains also cray specific documentation.
%patch8 -p1 %patch8 -p1
# Drop this fix as it is considered to be resolved by c1a537dbbe6 # Drop this fix as it is considered to be resolved by c1a537dbbe6
##%patch9 -p1 ##%patch9 -p1
%patch10 -p1
%patch11 -p1
%patch12 -p1
%build %build
%define _lto_cflags %{nil} %define _lto_cflags %{nil}
@ -691,7 +702,13 @@ Alias /slurm/ "/usr/share/doc/slurm-%{ver}/html/"
</IfModule> </IfModule>
</Directory> </Directory>
EOF EOF
cat > %{buildroot}/%{_sysconfdir}/%{pname}/nss_slurm.conf <<EOF
## Optional config for libnss_slurm
## Specify if different from default
# SlurmdSpoolDir /var/spool/slurmd
## Specify if does not match hostname
# NodeName myname
EOF
%fdupes -s %{buildroot} %fdupes -s %{buildroot}
%define fixperm() [ $1 -eq 1 -a -e %2 ] && /bin/chmod %1 %2 %define fixperm() [ $1 -eq 1 -a -e %2 ] && /bin/chmod %1 %2
@ -796,8 +813,11 @@ exit 0
%post -n %{libslurm} -p /sbin/ldconfig %post -n %{libslurm} -p /sbin/ldconfig
%postun -n %{libslurm} -p /sbin/ldconfig %postun -n %{libslurm} -p /sbin/ldconfig
%post -n libpmi%{pmi_so}%{?upgrade:%{_ver}} -p /sbin/ldconfig %post -n libpmi%{pmi_so} -p /sbin/ldconfig
%postun -n libpmi%{pmi_so}%{?upgrade:%{_ver}} -p /sbin/ldconfig %postun -n libpmi%{pmi_so} -p /sbin/ldconfig
%post -n libnss_%{pname}%{nss_so} -p /sbin/ldconfig
%postun -n libnss_%{pname}%{nss_so} -p /sbin/ldconfig
%{!?nil: %{!?nil:
# On update the %%postun code of the old package restarts the # On update the %%postun code of the old package restarts the
@ -936,17 +956,21 @@ exit 0
%{?comp_at} %{?comp_at}
%{_libdir}/libslurm*.so.%{so_version}* %{_libdir}/libslurm*.so.%{so_version}*
%files -n libpmi%{pmi_so}%{?upgrade:%{_ver}} %files -n libpmi%{pmi_so}
%{?comp_at} %{?comp_at}
%{_libdir}/libpmi*.so.%{pmi_so}* %{_libdir}/libpmi*.so.%{pmi_so}*
%files -n libnss_%{pname}%{nss_so}
%{?comp_at}
%config(noreplace) %{_sysconfdir}/%{pname}/nss_slurm.conf
%{_libdir}/libnss_slurm.so.%{nss_so}
%files devel %files devel
%{?comp_at} %{?comp_at}
%{_prefix}/include/slurm %{_prefix}/include/slurm
%{_libdir}/libpmi.so %{_libdir}/libpmi.so
%{_libdir}/libpmi2.so %{_libdir}/libpmi2.so
%{_libdir}/libslurm.so %{_libdir}/libslurm.so
%{_libdir}/libslurmdb.so
%{_libdir}/slurm/src/* %{_libdir}/slurm/src/*
%{_mandir}/man3/slurm_* %{_mandir}/man3/slurm_*
%{_libdir}/pkgconfig/slurm.pc %{_libdir}/pkgconfig/slurm.pc
@ -963,7 +987,7 @@ exit 0
%files munge %files munge
%{?comp_at} %{?comp_at}
%{_libdir}/slurm/auth_munge.so %{_libdir}/slurm/auth_munge.so
%{_libdir}/slurm/crypto_munge.so %{_libdir}/slurm/cred_munge.so
%files -n perl-%{name} %files -n perl-%{name}
%{?comp_at} %{?comp_at}
@ -1009,14 +1033,18 @@ exit 0
%{_libdir}/slurm/acct_gather_filesystem_none.so %{_libdir}/slurm/acct_gather_filesystem_none.so
%{_libdir}/slurm/acct_gather_interconnect_none.so %{_libdir}/slurm/acct_gather_interconnect_none.so
%{_libdir}/slurm/acct_gather_profile_none.so %{_libdir}/slurm/acct_gather_profile_none.so
%{?have_json_c:%{_libdir}/slurm/burst_buffer_datawarp.so}
%{_libdir}/slurm/burst_buffer_generic.so %{_libdir}/slurm/burst_buffer_generic.so
%{_libdir}/slurm/checkpoint_none.so %{_libdir}/slurm/checkpoint_none.so
%{_libdir}/slurm/checkpoint_ompi.so %{_libdir}/slurm/checkpoint_ompi.so
%{_libdir}/slurm/core_spec_none.so %{_libdir}/slurm/core_spec_none.so
%{_libdir}/slurm/crypto_openssl.so %{_libdir}/slurm/cli_filter_none.so
%{_libdir}/slurm/cred_none.so
%{_libdir}/slurm/ext_sensors_none.so %{_libdir}/slurm/ext_sensors_none.so
%{_libdir}/slurm/gpu_generic.so
%{_libdir}/slurm/gres_gpu.so %{_libdir}/slurm/gres_gpu.so
%{_libdir}/slurm/gres_mic.so %{_libdir}/slurm/gres_mic.so
%{_libdir}/slurm/gres_mps.so
%{_libdir}/slurm/gres_nic.so %{_libdir}/slurm/gres_nic.so
%{_libdir}/slurm/jobacct_gather_cgroup.so %{_libdir}/slurm/jobacct_gather_cgroup.so
%{_libdir}/slurm/jobacct_gather_linux.so %{_libdir}/slurm/jobacct_gather_linux.so
@ -1061,10 +1089,10 @@ exit 0
%{_libdir}/slurm/sched_backfill.so %{_libdir}/slurm/sched_backfill.so
%{_libdir}/slurm/sched_builtin.so %{_libdir}/slurm/sched_builtin.so
%{_libdir}/slurm/sched_hold.so %{_libdir}/slurm/sched_hold.so
%{_libdir}/slurm/select_alps.so
%{_libdir}/slurm/select_cons_res.so %{_libdir}/slurm/select_cons_res.so
%{_libdir}/slurm/select_cons_tres.so
%{_libdir}/slurm/select_linear.so %{_libdir}/slurm/select_linear.so
%{_libdir}/slurm/select_serial.so %{_libdir}/slurm/site_factor_none.so
%{_libdir}/slurm/slurmctld_nonstop.so %{_libdir}/slurm/slurmctld_nonstop.so
%{_libdir}/slurm/switch_generic.so %{_libdir}/slurm/switch_generic.so
%{_libdir}/slurm/switch_none.so %{_libdir}/slurm/switch_none.so
@ -1089,19 +1117,22 @@ exit 0
%{_libdir}/slurm/acct_gather_profile_influxdb.so %{_libdir}/slurm/acct_gather_profile_influxdb.so
%{_libdir}/slurm/ext_sensors_rrd.so %{_libdir}/slurm/ext_sensors_rrd.so
%{_libdir}/slurm/jobcomp_elasticsearch.so %{_libdir}/slurm/jobcomp_elasticsearch.so
%if !0%{?is_opensuse} %if 0%{?legacy_cray}
%{_libdir}/slurm/acct_gather_energy_cray.so %{_libdir}/slurm/acct_gather_energy_cray_aries.so
%{_libdir}/slurm/core_spec_cray.so %{_libdir}/slurm/core_spec_cray_aries.so
%{_libdir}/slurm/job_submit_cray.so %{_libdir}/slurm/job_submit_cray_aries.so
%{_libdir}/slurm/select_cray.so %{_libdir}/slurm/select_cray_aries.so
%{_libdir}/slurm/switch_cray.so %{_libdir}/slurm/switch_cray_aries.so
%{_libdir}/slurm/task_cray.so %{_libdir}/slurm/task_cray_aries.so
%if 0%{?have_json_c}
%{_libdir}/slurm/node_features_knl_cray.so
%{_libdir}/slurm/power_cray_aries.so
%endif
%endif %endif
%files lua %files lua
%{?comp_at} %{?comp_at}
%{_libdir}/slurm/job_submit_lua.so %{_libdir}/slurm/job_submit_lua.so
%{_libdir}/slurm/proctrack_lua.so
%files torque %files torque
%{?comp_at} %{?comp_at}
@ -1171,7 +1202,7 @@ exit 0
%{_mandir}/man5/nonstop.conf.5.* %{_mandir}/man5/nonstop.conf.5.*
%{_mandir}/man5/topology.* %{_mandir}/man5/topology.*
%{_mandir}/man5/knl.conf.5.* %{_mandir}/man5/knl.conf.5.*
%if !0%{?is_opensuse} %if 0%{?legacy_cray}
%{_mandir}/man5/cray.* %{_mandir}/man5/cray.*
%endif %endif
@ -1182,23 +1213,20 @@ exit 0
%{_mandir}/man1/sh5util.1.gz %{_mandir}/man1/sh5util.1.gz
%endif %endif
%if 0%{?is_opensuse} || 0%{?have_json_c} %if !0%{?legacy_cray}
%files cray %files cray
# do not remove cray sepcific packages from SLES update # do not remove cray sepcific packages from SLES update
%if 0%{?is_opensuse} %{_libdir}/slurm/acct_gather_energy_cray_aries.so
%{_libdir}/slurm/acct_gather_energy_cray.so %{_libdir}/slurm/core_spec_cray_aries.so
%{_libdir}/slurm/core_spec_cray.so %{_libdir}/slurm/job_submit_cray_aries.so
%{_libdir}/slurm/job_submit_cray.so %{_libdir}/slurm/select_cray_aries.so
%{_libdir}/slurm/select_cray.so %{_libdir}/slurm/switch_cray_aries.so
%{_libdir}/slurm/switch_cray.so %{_libdir}/slurm/task_cray_aries.so
%{_libdir}/slurm/task_cray.so
%{_mandir}/man5/cray.* %{_mandir}/man5/cray.*
%endif
%if 0%{?have_json_c} %if 0%{?have_json_c}
%{_libdir}/slurm/burst_buffer_cray.so
%{_libdir}/slurm/node_features_knl_cray.so %{_libdir}/slurm/node_features_knl_cray.so
%{_libdir}/slurm/power_cray.so %{_libdir}/slurm/power_cray_aries.so
%endif %endif
%endif %endif
%changelog %changelog