default Slurm Accounting SSL certificate to be combined certs required for Azure MySQL Database#504
Merged
Merged
Conversation
Contributor
There was a problem hiding this comment.
Pull request overview
Updates Slurm accounting SSL certificate handling so that the default option installs a combined CA bundle (per Azure MySQL TLS root rotation guidance) and writes it to AzureCA.pem for SlurmDBD to use.
Changes:
- Add a “Combined Certs” option (and make it the default) for the accounting certificate URL in the cluster template.
- Implement installer logic to download three CA certs, convert/assemble them, and write the combined PEM to
${config_dir}/AzureCA.pem.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 4 comments.
| File | Description |
|---|---|
| templates/slurm.txt | Adds “Combined Certs” entry and sets it as the default value for the accounting SSL certificate parameter. |
| azure-slurm-install/install.py | Adds _install_combined_certs() and wires it into accounting setup when the “Combined Certs” option is selected. |
azreenz
force-pushed
the
azreenzaman/combined-certs
branch
from
1a94460 to
94cb695
Compare
bwatrous
reviewed
Apr 29, 2026
bwatrous
reviewed
Apr 29, 2026
azreenz
force-pushed
the
azreenzaman/combined-certs
branch
from
f9cb7e0 to
4e7a565
Compare
azreenz
force-pushed
the
azreenzaman/combined-certs
branch
from
4e7a565 to
4b5616f
Compare
aditigaur4
reviewed
Apr 30, 2026
azreenz
force-pushed
the
azreenzaman/combined-certs
branch
2 times, most recently
from
0ae4a1a to
a8443d8
Compare
bwatrous
reviewed
Apr 30, 2026
azreenz
force-pushed
the
azreenzaman/combined-certs
branch
from
995efe9 to
8aaefd0
Compare
azreenz
force-pushed
the
azreenzaman/combined-certs
branch
from
13259cb to
0892a4f
Compare
bwatrous
previously approved these changes
Apr 30, 2026
aditigaur4
reviewed
Apr 30, 2026
aditigaur4
reviewed
Apr 30, 2026
| Config.Entries := {[Value=""], [Value="AzureCA.pem"]} | ||
| DefaultValue = "" | ||
| Config.Entries := {[Value=""], [Value="AzureCA_bundle.pem"]} | ||
| DefaultValue = "AzureCA_bundle.pem" |
Collaborator
There was a problem hiding this comment.
I understand this was done before-- but this is weird. This is saying "Either its a URL or its a string that actually points to a file we know about"...
IMO just remove the default value.
Collaborator
Author
There was a problem hiding this comment.
okay so when this value is empty we should always point StorageParameters=SSL_CA=/etc/slurm/AzureCA_bundle.pem? Right now in the code if you leave acct_cert_url empty then we comment out StorageParameters in slurmdbd.conf
Collaborator
Author
|
New Template looks like this And when custom ssl is enabled both certs are avail in /etc/slurm but slurmdbd.conf points to CustomCA.pem
|
azreenz
force-pushed
the
azreenzaman/combined-certs
branch
from
d43687f to
06a396a
Compare
azreenz
changed the title
azreenz
force-pushed
the
azreenzaman/combined-certs
branch
from
06a396a to
597b303
Compare
…d for Azure MySQL Database
- Package bundled cert during build time
- Always install and link bundled cert
- Point slurmdbd.conf to AzureCA_{version}.pem when no custom ssl cert is specified
- install and link custom cert in addition to bundled cert when specified in template and point slurmdbd.conf to CustomCA.pem
azreenz
force-pushed
the
azreenzaman/combined-certs
branch
from
597b303 to
1fa5d23
Compare
aditigaur4
approved these changes
May 1, 2026
bwatrous
reviewed
May 1, 2026
bwatrous
reviewed
May 1, 2026
bwatrous
approved these changes
May 1, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Always install three SSL certificatetes and combine them to AzureCA{version}.pem as advised by Azure during root certificate rotation. https://learn.microsoft.com/en-us/azure/mysql/flexible-server/security-tls-root-certificate-rotation#steps
Additionally, install optional custom SSL cert slurm.accounting.certificate specified by user in template
The three certificates installed are