Step 4 – Retrieve and store the cluster secret
These instructions require the AWS CLI. For more information, see Install or update to the latest version of the AWS CLI in the AWS Command Line Interface User Guide for Version 2.
Store the cluster secret with the following commands.
-
Create the configuration directory for Slurm.
sudo mkdir -p /etc/slurm sudo chmod 0755 /etc/slurmNote
Setting directory permissions to
0755ensures that theslurmuser can traverse the directory to access the key file. Some systems may have a restrictive umask that creates directories with more restrictive permissions by default. -
Retrieve, decode, and store the cluster secret. Before running this command, replace
region-codewith the Region where the target cluster is running, and replacesecret-arnwith the value forsecretArnretrieved in Step 1.aws secretsmanager get-secret-value \ --regionregion-code\ --secret-id 'secret-arn' \ --version-stage AWSCURRENT \ --query 'SecretString' \ --output text | base64 -d | sudo tee /etc/slurm/slurm.keyWarning
In a multiuser environment, any user with access to the instance might be able to fetch the cluster secret if they can access the instance metadata service (IMDS). This, in turn, could allow them to impersonate other users. Consider restricting access to IMDS to root or administrative users only. Alternatively, consider using a different mechanism that doesn't rely on the instance profile to fetch and configure the secret.
-
Set ownership and permissions on the Slurm key file.
sudo chmod 0600 /etc/slurm/slurm.key sudo chown slurm:slurm /etc/slurm/slurm.keyNote
The Slurm key must be owned by the user and group that the
sackdservice runs as.
