Ticket 23228 - Seeking advice on using CloneNSScript and SLURM_NS to modify a namespace
Summary: Seeking advice on using CloneNSScript and SLURM_NS to modify a namespace
Status: RESOLVED FIXED
Alias: None
Product: Slurm
Classification: Unclassified
Component: Other (show other tickets)
Version: 24.11.5
Hardware: Linux Linux
: 4 - Minor Issue
Assignee: Stephen Kendall
QA Contact:
URL:
Depends on:
Blocks:
 
Reported: 2025-07-13 13:22 MDT by Chris Samuel (NERSC)
Modified: 2025-09-05 09:23 MDT (History)
1 user (show)

See Also:
Site: NERSC
Slinky Site: ---
Alineos Sites: ---
Atos/Eviden Sites: ---
Confidential Site: ---
Coreweave sites: ---
Cray Sites: ---
DS9 clusters: ---
Google sites: ---
HPCnow Sites: ---
HPE Sites: ---
IBM Sites: ---
NOAA SIte: ---
NoveTech Sites: ---
Nvidia HWinf-CS Sites: ---
OCF Sites: ---
Recursion Pharma Sites: ---
SFW Sites: ---
SNIC sites: ---
Tzag Elita Sites: ---
Linux Distro: ---
Machine Name:
CLE Version:
Version Fixed: 25.05.4, 25.11.0rc1
Target Release: ---
DevPrio: ---
Emory-Cloud Sites: ---

Attachments
script to automate the creation of /run/user/$UID in a private /run/user (1.08 KB, application/x-sh)
2025-07-14 13:29 MDT, Chris Samuel (NERSC) 		Details
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this ticket.
Description Chris Samuel (NERSC) 2025-07-13 13:22:20 MDT 
Hi there,

We've got a use case for using CloneNSScript to modify the area the job_container/tmpfs plugin configures, specifically to add /run/user to the private area. This of course requires creating /run/user/$UID and setting permissions correctly and this seems like a great use of CloneNSScript.

However, the docs just say:

> This script will be provided the SLURM_NS environment variable to allow
> the script to join the newly created namespace and do further setup work.

But it doesn't say what is passed through via it, or how to use it. :-)

I was looking at the nsenter command and that seems to only take a process ID to use as the source of the namespaces to join, but if I'm following the source correctly this might be a path name instead?

Any suggestions please?

Thanks!

All the best,
Chris
Comment 1 Jason Booth 2025-07-14 10:15:36 MDT 
It looks like the $SLURM_NS is passed into "--mount=" switch and this contains a path.

> nsenter --mount=$SLURM_NS mount --bind /scratch /scratch 2>&1 1 >> $log
> nsenter --mount=$SLURM_NS mount --user-rslave /scratch 2>&1 1 >> $log
Comment 2 Chris Samuel (NERSC) 2025-07-14 11:24:41 MDT 
(In reply to Jason Booth from comment #1)
> It looks like the $SLURM_NS is passed into "--mount=" switch and this
> contains a path.
> 
> > nsenter --mount=$SLURM_NS mount --bind /scratch /scratch 2>&1 1 >> $log
> > nsenter --mount=$SLURM_NS mount --user-rslave /scratch 2>&1 1 >> $log

Gah, I wish I could read!

You are quite correct - I was looking for an option to specify a path and use the `--all` option but it looks like `--all` is the only option that doesn't mention specifying a path to a namespace.

I'll give this a go when I get out of meetings.

As penance I'll upload a copy of the script here when I've got it working so you can use it as an example if that works for you?

Thanks Jason!

All the best,
Chris
Comment 3 Chris Samuel (NERSC) 2025-07-14 13:29:43 MDT 
Created attachment 42445 [details]
script to automate the creation of /run/user/$UID in a private /run/user

This is the script I ended up making, seems to work nicely and passes our reframe tests without issue. I can confirm that two shared jobs on the same node cannot see the files that the other creates.

Our relevant config for job_container.conf is:

> AutoBasePath=true Dirs=/tmp,/dev/shm,/var/tmp,/run/user CloneNSScript=/run/slurm/conf/nersc-namespace.sh

Hope this helps!

All the best,
Chris
Comment 4 Jason Booth 2025-07-14 13:31:42 MDT 
Thanks Chris. I will have Stephen review this and see if we want to amend the documentation.
Comment 5 Chris Samuel (NERSC) 2025-07-14 13:34:13 MDT 
(In reply to Jason Booth from comment #4)

> Thanks Chris. I will have Stephen review this and see if we want to amend
> the documentation.

No worries, and thanks so much for the feature!

Tim had given me a heads up a while ago that this was coming and it opens a lot of opportunities for us I think.

All the best,
Chris
Comment 8 Stephen Kendall 2025-09-05 09:23:43 MDT 
Hi Chris,

We have merged in change to the relevant documentation to better explain the contents and usage of the 'SLURM_NS' variable. This change will be included with the next minor Slurm release, 25.05.4.

https://github.com/SchedMD/slurm/commit/e452d7a37d038eafb7b85e2accfc5b93977b56f8

Best regards,
Stephen