You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Right now the snap just generates a default munge key at startup, but it doesn't set its internal config state with the value, making it impossible to fetch it without having to find the exact file. Furthermore, running mungekey generates a new key, but this also breaks the current stored state. To fix this, the user has to also push the new key to the config with snap set slurm munge.key <KEY>.
Ideally, all of this should be managed by the snap automatically, so it could be nice to find a better API for managing munge keys.
The text was updated successfully, but these errors were encountered:
@jedel1043 what would you think about having two additional commands alongside mungekey? We could the following apps easily to the snap:
getmungekey -> write current munge.key file to stdout. We'd want to make it such that only root could execute this command so that we don't have to worry about spilling any secrets. This output could then be captured by the charms and stored as a secret for other apps to use.
setmungekey -> takes a munge key from stdin/$1 and updates the munge.key file. Again something we'd what to ensure that only root could do.
Make a mungekey.wrapper that points the actual mungekey binary to the munge.key location under $SNAP_COMMON
What do you think of this option? We wouldn't use the snap set ... API, but we'd also not need to worry as much about cache coherency for munge. We could still use the snap set ... API though for slurm.conf management as we're not duplicating a secret there.
NucciTheBoss
changed the title
Flesh out a good API to get/set/generate munge keys
[Enhancement]: Flesh out a good API to get/set/generate munge keys
Jun 25, 2024
Right now the snap just generates a default munge key at startup, but it doesn't set its internal config state with the value, making it impossible to fetch it without having to find the exact file. Furthermore, running mungekey generates a new key, but this also breaks the current stored state. To fix this, the user has to also push the new key to the config with
snap set slurm munge.key <KEY>
.Ideally, all of this should be managed by the snap automatically, so it could be nice to find a better API for managing munge keys.
The text was updated successfully, but these errors were encountered: