This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
wiki:some_examples_of_admission_rules [2017/05/10 10:47] – neyron | wiki:some_examples_of_admission_rules [2017/05/11 15:32] – [Example 5:] mvesin | ||
---|---|---|---|
Line 164: | Line 164: | ||
==== Example 5: ==== | ==== Example 5: ==== | ||
- | Give a more privilege to the owners (e.g. people who payed for the nodes) | + | Give a more privilege to the owners |
- | * non-owner compete on the resources according to the scheduling policy of the besteffort queue ; | + | * non-owners |
- | * but owners can get jobs running, just like if those jobs did not exist (i.e. besteffort jobs are killed whenever non besteffort jobs require the same resources) | + | * but owners can get jobs running, just like if those jobs did not exist (i.e. besteffort jobs are killed whenever non besteffort jobs require the same resources). |
- | This imply setting up a match between resources and users. | + | |
==Answer== | ==Answer== | ||
- | * First add a property to resources: // | + | * First add a property to resources: // |
* Then add an admission rule which describes the team list with regard to unix users and groups. | * Then add an admission rule which describes the team list with regard to unix users and groups. | ||
- | * Non-besteffort jobs will automatically bound to resources set with // | + | * Non-besteffort jobs will automatically bound to resources set with // |
* Besteffort jobs do not have constraints: | * Besteffort jobs do not have constraints: | ||
<code perl> | <code perl> | ||
- | # Description : set dedicated property | + | # Description : set dedicated property |
my @projects; | my @projects; | ||
Line 187: | Line 186: | ||
push(@projects, | push(@projects, | ||
- | my $dedicated_none | + | my $jobaddedprop |
- | my $user_in_one_group | + | |
- | foreach my $project (@projects) { | + | # original : IGRIDA admission rule |
- | my @members; | + | # modified : nef @ Inria Sophia |
- | foreach (@{$project-> | + | |
- | my $gr; | + | if (!(grep(/ |
- | (undef, | + | # Any user can run besteffort jobs on any resource : |
- | my @group_members = split(/ | + | # no additional verification, |
- | push(@members, | + | |
- | } | + | # Search for projects to which the user belongs |
- | | + | |
- | my %h = map { $_ => 1 } @members; | + | my @members; |
- | if ( $h{$user} eq 1 ) { | + | foreach (@{$project-> |
- | if (!(grep(/ | + | my $gr; |
- | $jobproperties = " | + | (undef, |
- | print(" | + | my @group_members = split(/ |
- | $user_in_one_group = 1; | + | # |
+ | push(@members, | ||
} | } | ||
- | | + | push(@members, |
- | if (!(grep(/ | + | my %h = map { $_ => 1 } @members; |
- | $dedicated_none | + | |
- | } | + | if ( $h{$user} eq 1 ) { |
- | if ((grep(/ | + | |
- | die(" | + | $jobaddedprop .= " OR dedicated=\' |
+ | } else { | ||
+ | if ((grep(/ | ||
+ | die(" | ||
+ | } | ||
} | } | ||
} | } | ||
- | } | ||
- | if (($dedicated_none | + | |
- | if (!(grep(/^besteffort/, @{$type_list}))) { | + | |
- | $jobproperties = " | + | # Always need to limit request to permitted nodes |
+ | if ($queue_name ne " | ||
+ | if (grep(/\S/, $jobproperties)) { | ||
+ | $jobproperties = " | ||
+ | } else { | ||
+ | $jobproperties | ||
+ | } | ||
+ | print(" | ||
} | } | ||
+ | |||
} | } | ||
</ | </ | ||
Line 225: | Line 235: | ||
That set up: | That set up: | ||
* For a user of team ' | * For a user of team ' | ||
- | * => property set: '' | + | * => property set: '' |
- | * That user can also use non dedicated nodes: '' | + | * That user can also force use of dedicated nodes only: '' |
- | * => property set: '' | + | * => property set: '' |
- | * For a user that does not belong to a team which owns nodes1: '' | + | * For a user of teams ' |
- | * => property set: '' | + | * => property set: '' |
+ | * For a user that does not belong to a team which owns nodes: '' | ||
+ | * => property set: '' | ||
* And for that user: '' | * And for that user: '' | ||
* => '' | * => '' | ||
* But with: '' | * But with: '' | ||
- | (Note that there are some known limitations in that property filtering, which could allow malicious users to overcome the usage policy) | + | (There may be some limitations in that property filtering, which could allow malicious users to overcome the usage policy) |