From cd4af7130633ae39af40f4beaf09d0c0a61eeca3 Mon Sep 17 00:00:00 2001 From: Tim Wickberg <tim@schedmd.com> Date: Fri, 2 Nov 2018 20:27:05 -0600 Subject: [PATCH] Docs - remove documentation related to crypto/openssl. crypto/openssl is removed in the next release. Remove documentation in the 18.08 release to discourage further use. Bug 5916. --- doc/html/crypto_plugins.shtml | 3 +-- doc/html/download.shtml | 11 ----------- doc/html/quickstart_admin.shtml | 29 ----------------------------- doc/man/man5/slurm.conf.5 | 4 ++-- 4 files changed, 3 insertions(+), 44 deletions(-) diff --git a/doc/html/crypto_plugins.shtml b/doc/html/crypto_plugins.shtml index 608ab1116a4..8038d783fca 100644 --- a/doc/html/crypto_plugins.shtml +++ b/doc/html/crypto_plugins.shtml @@ -28,7 +28,6 @@ cryptographic mechanism. We recommend, for example:</p> <ul> <li><b>munge</b> — LLNL's Munge system.</li> -<li><b>openssl</b> — Open SSL.</li> </ul></p> <p><span class="commandline">const char plugin_name[]</span><br> @@ -166,6 +165,6 @@ appropriate value to indicate the reason for failure.</p> <p class="footer"><a href="#top">top</a></p> -<p style="text-align:center;">Last modified 27 March 2015</p> +<p style="text-align:center;">Last modified 2 November 2018</p> <!--#include virtual="footer.txt"--> diff --git a/doc/html/download.shtml b/doc/html/download.shtml index d93c290a9e5..7a046e44192 100644 --- a/doc/html/download.shtml +++ b/doc/html/download.shtml @@ -70,17 +70,6 @@ is a job inspection tool for examining and debugging parallel programs, primaril It's an open source, non-interactive, command line, scriptable tool intended for use by programmers and system administrators alike.</li> </ul><br> -<li><b>Digital signatures</b> (Cypto plugin) are used to ensure message are not altered.</li> -<ul> -<li><b>MUNGE</b> (recommended)<br> -MUNGE can be used at an alternative to OpenSSL. -MUNGE is available under the Gnu General Public License. -See MUNGE download information above.</li> -<li><b>OpenSSL</b><br> -OpenSSL may be used as an alternative to MUNGE for generation of digital signatures. -Download it from <a href="http://www.openssl.org/">http://www.openssl.org/</a>.</li> -</ul><br> - <li><b>DRMAA (Distributed Resource Management Application API)</b><br> <a href="http://apps.man.poznan.pl/trac/slurm-drmaa">PSNC DRMAA</a> for Slurm is an implementation of <a href="http://www.gridforum.org/">Open Grid Forum</a> diff --git a/doc/html/quickstart_admin.shtml b/doc/html/quickstart_admin.shtml index 82674856873..6c67ce7f6da 100644 --- a/doc/html/quickstart_admin.shtml +++ b/doc/html/quickstart_admin.shtml @@ -123,8 +123,6 @@ present. Build dependencies for various plugins and commands are denoted below: as the default authentication mechanism.</li> <li> <b>MySQL</b> MySQL support for accounting will be built if the <i>mysql</i> development library is present.</li> -<li> <b>OpenSSL</b> The <i>crypto/openssl</i> CryptoType plugin will be built if - the <i>openssl</i> development library is present.</li> <li> <b>PAM Support</b> PAM support will be added if the <i>PAM</i> development library is installed.</li> <li> <b>NUMA Affinity</b> NUMA support in the task/affinity plugin will be @@ -466,33 +464,6 @@ job step initiation overhead from the <i> slurmctld </i> daemon. The digital signature mechanism is specified by the <b>CryptoType</b> configuration parameter and the default mechanism is MUNGE. </p> -<h3>OpenSSL</h3> -<p>If using <a href="http://www.openssl.org/">OpenSSL</a> digital signatures, -unique job credential keys must be created for your site using the program -<a href="http://www.openssl.org/">openssl</a>. -<b>You must use openssl and not ssh-genkey to construct these keys.</b> -An example of how to do this is shown below. Specify file names that -match the values of <b>JobCredentialPrivateKey</b> and -<b>JobCredentialPublicCertificate</b> in your configuration file. -The <b>JobCredentialPrivateKey</b> file must be readable only by <b>SlurmUser</b>. -The <b>JobCredentialPublicCertificate</b> file must be readable by all users. -Note that you should build the key files on one node and then distribute -them to all nodes in the cluster. -This ensures that all nodes have a consistent set of digital signature -keys. -These keys are used by <i>slurmctld</i> to construct a job step -credential, which is sent to <i>srun</i> and then forwarded to -<i>slurmd</i> to initiate job steps.</p> - -<p class="commandline" style="margin-left:.2in"> -<i>openssl genrsa -out <sysconfdir>/slurm.key 1024</i><br> -<i>openssl rsa -in <sysconfdir>/slurm.key -pubout -out <sysconfdir>/slurm.cert</i> -</p> - -<h3>MUNGE</h3> -<p>If using MUNGE digital signatures, no Slurm keys are required. -This will be addressed in the installation and configuration of MUNGE.</p> - <h3>Authentication</h3> <p>Authentication of communications (identifying who generated a particular message) between Slurm components can use a different security mechanism diff --git a/doc/man/man5/slurm.conf.5 b/doc/man/man5/slurm.conf.5 index 9e9431708ca..74090488cd2 100644 --- a/doc/man/man5/slurm.conf.5 +++ b/doc/man/man5/slurm.conf.5 @@ -1,4 +1,4 @@ -.TH "slurm.conf" "5" "Slurm Configuration File" "August 2018" "Slurm Configuration File" +.TH "slurm.conf" "5" "Slurm Configuration File" "November 2018" "Slurm Configuration File" .SH "NAME" slurm.conf \- Slurm configuration file @@ -506,7 +506,7 @@ The cryptographic signature tool to be used in the creation of job step credentials. The slurmctld daemon must be restarted for a change in \fBCryptoType\fR to take effect. -Acceptable values at present include "crypto/munge" and "crypto/openssl". +Acceptable values at present include "crypto/munge". The default value is "crypto/munge" and is the recommended. .TP -- GitLab