.LP
\fBnamespace.yaml\fR is a YAML\-formatted configuration file that defines
parameters used by Slurm's namespace/linux plugin. Based on these parameters,
the plugin will create the appropriate job-specific namespace(s). The
namespace/linux plugin can creates a filesystem namespace and will
construct a private (or optionally shared) filesystem namespace and mount a list
of directories (defaults to /tmp and /dev/shm) inside it, giving the job a
private view of these directories. These paths are mounted inside the location
specified by 'base_path' in the \fBnamespace.yaml\fR file. It also can create
new User and PID namespaces for the job.
When the job completes, the namespace is unmounted and all files therein are
automatically removed.
To make use of these plugins, 'PrologFlags=Contain' must also be present in
your \fBslurm.conf\fR file, as shown:
.nf
NamespaceType=namespace/linux
PrologFlags=Contain
.fi
The file will always be located in the same directory as the \fBslurm.conf\fR.
The file must be located in the same directory as \fBslurm.conf\fR. Any text
following a "#" in this file is treated as a comment through the end of that
line. Changes to the configuration file take effect upon restart of Slurm
daemons.
.SH "PARAMETERS"
.LP
namespace.yaml contains the following attributes:
.LP
.TP
\fBdefaults\fR
Default namespace configuration. If specified this contains the fields described
in options.
.IP
.TP
\fBnode_confs\fR
List of node namespace configurations. The list element attributes are described
below.
.IP
.SS "node_confs list element definitions"
.LP
Each node_confs element contains the following attributes:
.LP
.TP
\fBnodes\fR
.TP
\fBauto_base_path\fR
This determines if plugin should create the BasePath directory or not. Set it
to 'true' if directory is not pre\-created before slurm startup. If set to true,
the directory is created with permission 0755. Directory is not deleted during
slurm shutdown. If set to 'false' or not specified, plugin would expect
directory to exist. This option can be used on a global or per\-line basis.
This parameter is optional.
.IP
.TP
\fBbase_path\fR
Specify the \fIPATH\fR that the namespace plugin should use as a base to mount
the private directories. This path must be readable and writable by the plugin.
The plugin constructs a directory for each job inside this path, which is then
used for mounting. The \fBbase_path\fR gets mounted as 'private' during slurmd
start and remains mounted until shutdown. The first "%h" within the name is
replaced with the hostname on which the \fBslurmd\fR is running. The first "%n"
within the name is replaced with the Slurm node name on which the \fBslurmd\fR
is running. Set \fIPATH\fR to 'none' to disable the namespace/linux plugin on
node subsets when there is a global setting in \fBdefaults\fR.
\fBNOTE\fR: The \fBbase_path\fR must be unique to each node. If base_path is on
a shared filesystem, you can use "%h" or "%n" to create node-unique directories.
\fBNOTE\fR: The \fBbase_path\fR parameter cannot be set to any of
the paths specified by \fBdirs\fR. Using these directories will cause conflicts
when trying to mount and unmount the private directories for the job.
.IP
.TP
\fBclone_ns_script\fR
Specify fully qualified pathname of an optional initialization script. This
script is run after the namespace construction of a job. This script will be
provided the SLURM_NS environment variable containing the path to the namespace
that can be used by the nsenter command. This variable will allow the script to
join the newly created namespace and do further setup work. This parameter is
optional.
.IP
.TP
\fBclone_ns_script_wait\fR
The number of seconds to wait for the \fBclone_ns_script\fR to complete before
considering the script failed. The default value is 10 seconds.
.IP
.TP
\fBclone_ns_epilog\fR
Specify fully qualified pathname of an optional epilog script. This script runs
just before the namespace is torn down. This script will be provided the
SLURM_NS environment variable containing the path to the namespace that can
be used by the nsenter command. This variable will allow the script to join the
respectively. "CLONE_NEWNS" will also be accepted, but is always on.
\fBNOTE\fR: When CLONE_NEWUSER is specified, bpf token support is also required
if using ConstrainDevices in \fBcgroup.conf\fR.
.IP
.TP
\fBdirs\fR
A comma-separated list of directories to create private mount points for.
This parameter is optional and if not specified it defaults to "/tmp,/dev/shm".
\fBNOTE\fR: /dev/shm has special handling, and instead of a bind mount is always
a fresh tmpfs filesystem.
\fBNOTE\fR: When CLONE_NEWPID is specified, a unique /proc filesystem for the
container will be mounted automatically.
.IP
.TP
\fBinit_script\fR
Specify fully qualified pathname of an optional initialization script. This
script is run before the namespace construction of a job. It can be used to
make the job join additional namespaces prior to the construction of /tmp
namespace or it can be used for any site\-specific setup. This parameter is
optional.
.IP
.TP
\fBshared\fR
Specifying Shared=true will propagate new mounts between the job specific
filesystem namespace and the root filesystem namespace, enable using autofs on
the node. This parameter is optional.
.IP
.TP
\fBuser_ns_script\fR
Specifies the location of a script that will perform the user namespace setup.
This script runs first when setting up the namespace. The environment variable
"SLURM_NS_PID" is provided to allow constructing the path to the various map
files that this script could write to. If not specified, every user and group
will be mapped.
.IP
.SH "NOTES"
.LP
If any parameters in namespace.yaml are changed while slurm is running, then
slurmd on the respective nodes will need to be
restarted for changes to take effect (scontrol reconfigure is not sufficient).
Additionally this can be disruptive to
jobs already running on the node. So care must be taken to make sure no jobs
are running if any changes to job_container.conf are deployed.
Restarting slurmd is safe and non\-disruptive to running jobs, as long as
clone_ns_epilog_wait: 10
clone_ns_script: "/path/to/ns_script"
init_script: "/path/to/init_script"
shared: true
node_confs:
- nodes:
- "n1"
- "n[2-4,6]"
options:
auto_base_path: true
base_path: "/var/nvme/storage_1"
clone_ns_script_wait: 20
dirs: "/tmp"
shared: false
user_ns_script: "/path/to/user_script"
- nodes:
- "n[7-10]"
options:
auto_base_path: true
base_path: "/var/nvme/storage_2"
init_script: "/etc/slurm/init.sh"
.fi
.SH "COPYING"
Copyright (C) 2025 SchedMD LLC.
.LP
This file is part of Slurm, a resource management program.
For details, see <https://slurm.schedmd.com/>.
.LP
Slurm is free software; you can redistribute it and/or modify it under
the terms of the GNU General Public License as published by the Free
Software Foundation; either version 2 of the License, or (at your option)
any later version.
.LP
Slurm is distributed in the hope that it will be useful, but WITHOUT ANY
WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
details.
.SH "SEE ALSO"
.LP
\fBslurm.conf\fR(5)