Skip to content

Add SSSD support to controller#93

Open
faganihajizada wants to merge 2 commits intoSlinkyProject:mainfrom
faganihajizada:optional_ssd_controller
Open

Add SSSD support to controller#93
faganihajizada wants to merge 2 commits intoSlinkyProject:mainfrom
faganihajizada:optional_ssd_controller

Conversation

@faganihajizada
Copy link
Contributor

@faganihajizada faganihajizada commented Dec 11, 2025

Summary

Adds optional SSSD support to the controller component, enabling user validation for Slurm reservations with enterprise LDAP/Active Directory accounts.

Problem: Users cannot create reservations with specific user accounts when those users don't exist locally in the controller pod:

$ scontrol create reservationname=test-res starttime=now duration=100 nodes=node-1 users=alice
Error creating the reservation: Unspecified error

Root Cause: Controller (slurmctld) validates user accounts when creating reservations, but only local users are available without SSSD integration. LoginSet and NodeSet already support SSSD, but Controller did not.

Breaking Changes

  • Security Context Change
  • Controller pod now runs as root (required for SSSD)

Testing Notes

Unit tests:

$ go test -v ./internal/builder -run TestBuilder_BuildController
=== RUN   TestBuilder_BuildController
--- PASS: TestBuilder_BuildController (0.03s)
PASS
ok      github.com/SlinkyProject/slurm-operator/internal/builder        0.600s

Verification:

$ kubectl get pod cluster1-controller-0 -n slurm-cluster1 -o json | jq '.spec.securityContext'
{"fsGroup": 401}

$ kubectl exec cluster1-controller-0 -c slurmctld -- ps aux | grep -E "sssd|slurmctld"
root   16  sssd -i                      
root   47  sssd_be --domain DEFAULT     
root   48  sssd_nss                     
root   49  sssd_pam                    
slurm  59  slurmctld --systemd

Additional Context

Provided in support ticket with explored approaches

@faganihajizada faganihajizada mentioned this pull request Dec 11, 2025
Open
@faganihajizada
feat: add optional SSSD support to controller
f4f4ac4 
This enables user validation for operations like Slurm reservation creation with users
without exposing SSH access to the controller pod.
@faganihajizada faganihajizada force-pushed the optional_ssd_controller branch from 4fbcc07 to f4f4ac4 Compare December 11, 2025 19:43
@faganihajizada faganihajizada changed the title Add optional SSSD support to controller Add SSSD support to controller Dec 12, 2025
@faganihajizada faganihajizada marked this pull request as ready for review December 15, 2025 12:31
vivian-hafener
vivian-hafener reviewed Dec 16, 2025
View reviewed changes
This was referenced Feb 20, 2026
Open
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@vivian-hafener vivian-hafener vivian-hafener left review comments

Assignees

@vivian-hafener vivian-hafener

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@faganihajizada @vivian-hafener