nixos/slurm: add option for external slurmdbd.conf

Slurmdbd requires a password database which is stored in slurmdbd.conf. A seperate config file avoids that the password ends up in the nix store. Slurmdbd does 19.5 does not support MySQL socket conections. Adapated the slurm test to provide username and password.
2019-11-10 21:28:09 +01:00 · 2019-11-10 21:28:09 +01:00 · 472e165b56
commit 472e165b56
parent 8219a3b713
2 changed files with 44 additions and 2 deletions
--- a/nixos/modules/services/computing/slurm/slurm.nix
+++ b/nixos/modules/services/computing/slurm/slurm.nix
@ -39,6 +39,8 @@ let
     DbdHost=${cfg.dbdserver.dbdHost}
     SlurmUser=${cfg.user}
     StorageType=accounting_storage/mysql
+     StorageUser=${cfg.dbdserver.storageUser}
+     ${optionalString (cfg.dbdserver.storagePass != null) "StoragePass=${cfg.dbdserver.storagePass}"}
     ${cfg.dbdserver.extraConfig}
   '';

@ -85,6 +87,37 @@ in
          '';
        };

+        storageUser = mkOption {
+          type = types.str;
+          default = cfg.user;
+          description = ''
+            Database user name.
+          '';
+        };
+
+        storagePass = mkOption {
+          type = types.nullOr types.str;
+          default = null;
+          description = ''
+            Database password. Note that this password will be publicable
+            readable in the nix store. Use <option>configFile</option>
+            to store the and config file and password outside the nix store.
+          '';
+        };
+
+        configFile = mkOption {
+          type = types.nullOr types.str;
+          default = null;
+          description = ''
+            Path to <literal>slurmdbd.conf</literal>. The password for the database connection
+            is stored in the config file. Use this option to specfify a path
+            outside the nix store. If this option is unset a configuration file
+            will be generated. See also:
+            <citerefentry><refentrytitle>slurmdbd.conf</refentrytitle>
+            <manvolnum>8</manvolnum></citerefentry>.
+          '';
+        };
+
        extraConfig = mkOption {
          type = types.lines;
          default = "";
@ -360,7 +393,11 @@ in
      requires = [ "munged.service" "mysql.service" ];

      # slurm strips the last component off the path
-      environment.SLURM_CONF = "${slurmdbdConf}/slurm.conf";
+      environment.SLURM_CONF =
+        if (cfg.dbdserver.configFile == null) then
+          "${slurmdbdConf}/slurm.conf"
+        else
+          cfg.dbdserver.configFile;

      serviceConfig = {
        Type = "forking";
--- a/nixos/tests/slurm.nix
+++ b/nixos/tests/slurm.nix
@ -54,10 +54,15 @@ in {
        networking.firewall.enable = false;
        services.slurm.dbdserver = {
          enable = true;
+          storagePass = "password123";
        };
        services.mysql = {
          enable = true;
-          package = pkgs.mysql;
+          package = pkgs.mariadb;
+          initialScript = pkgs.writeText "mysql-init.sql" ''
+            CREATE USER 'slurm'@'localhost' IDENTIFIED BY 'password123';
+            GRANT ALL PRIVILEGES ON slurm_acct_db.* TO 'slurm'@'localhost';
+          '';
          ensureDatabases = [ "slurm_acct_db" ];
          ensureUsers = [{
            ensurePermissions = { "slurm_acct_db.*" = "ALL PRIVILEGES"; };