diff --git a/.github/actions/install_compatibility_layer/Dockerfile b/.github/actions/install_compatibility_layer/Dockerfile new file mode 100644 index 00000000..be7f66d1 --- /dev/null +++ b/.github/actions/install_compatibility_layer/Dockerfile @@ -0,0 +1,9 @@ +FROM awesomebytes/gentoo_prefix_boostrapped + +USER root +RUN apt-get install -y python3-pip +RUN pip3 install ansible + +COPY entrypoint.sh /entrypoint.sh + +ENTRYPOINT ["/entrypoint.sh"] diff --git a/.github/actions/install_compatibility_layer/action.yml b/.github/actions/install_compatibility_layer/action.yml new file mode 100644 index 00000000..f111b51d --- /dev/null +++ b/.github/actions/install_compatibility_layer/action.yml @@ -0,0 +1,13 @@ +# action.yml +name: 'Install EESSI compatibility layer' +description: 'Use Ansible playbook to install the EESSI compatibility layer inside a Gentoo Prefix Docker container' +inputs: + gentoo-prefix-path: + description: 'Path to the Gentoo Prefix installation' + required: true + default: '/tmp/gentoo' +runs: + using: 'docker' + image: 'Dockerfile' + args: + - ${{ inputs.gentoo-prefix-path }} diff --git a/.github/actions/install_compatibility_layer/entrypoint.sh b/.github/actions/install_compatibility_layer/entrypoint.sh new file mode 100755 index 00000000..5a77bfbc --- /dev/null +++ b/.github/actions/install_compatibility_layer/entrypoint.sh @@ -0,0 +1,14 @@ +#!/bin/bash -l + +cat << EOF > hosts +[cvmfsstratum0servers] +127.0.0.1 +EOF + +ansible-playbook --connection=local --inventory=hosts -e ansible_python_interpreter=python3 -e gentoo_prefix_path=$1 ${GITHUB_WORKSPACE}/ansible/playbooks/install.yml + +# A successful installation should at least have Lmod and archspec, +# so let's check if we can use them. +source $1/usr/lmod/lmod/init/profile +module avail +$1/usr/bin/archspec cpu diff --git a/.github/workflows/install_compatibility_layer.yml b/.github/workflows/install_compatibility_layer.yml new file mode 100644 index 00000000..37f50df0 --- /dev/null +++ b/.github/workflows/install_compatibility_layer.yml @@ -0,0 +1,27 @@ +name: Install compatibility layer + +# Controls when the action will run. Triggers the workflow on push or pull request +# events but only for the master branch +on: + push: + branches: [ master ] + paths: + - 'ansible/playbooks/**' + pull_request: + branches: [ master ] + paths: + - 'ansible/playbooks/**' + +jobs: + install_compat_layer: + # The type of runner that the job will run on + runs-on: ubuntu-latest + + steps: + # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it + - uses: actions/checkout@v2 + + - name: Run install.yml playbook in Docker container + uses: ./.github/actions/install_compatibility_layer + with: + gentoo-prefix-path: '/tmp/gentoo' diff --git a/ansible/playbooks/README.md b/ansible/playbooks/README.md index af1e670f..eec24645 100644 --- a/ansible/playbooks/README.md +++ b/ansible/playbooks/README.md @@ -1,3 +1,6 @@ +![Ansible Lint](https://github.com/EESSI/compatibility-layer/workflows/Ansible%20Lint/badge.svg) +![Install compatibility layer](https://github.com/EESSI/compatibility-layer/workflows/Install%20compatibility%20layer/badge.svg) + # Ansible role/playbooks for installing the compatibility layer This directory contains an Ansible role (`compatibility_layer`) in the subdirectory `roles` which has @@ -38,4 +41,8 @@ The playbook can be run using: ansible-playbook -i hosts -K install.yml ``` The `-K` option will ask for your sudo password, and you have to supply a valid hosts file (here named `hosts`). -By default, the playbook will only run on the host listed in the `cvmfsstratum0servers` section of your hosts file. +By default, the playbook will only run on the host listed in the `cvmfsstratum0servers` section of the supplied `hosts` file. So, your `hosts` file should at least have: +``` +[cvmfsstratum0servers] +ip-or-hostname-of-your-stratum0 +``` diff --git a/ansible/playbooks/roles/compatibility_layer/tasks/main.yml b/ansible/playbooks/roles/compatibility_layer/tasks/main.yml index bf42d284..43a663e2 100644 --- a/ansible/playbooks/roles/compatibility_layer/tasks/main.yml +++ b/ansible/playbooks/roles/compatibility_layer/tasks/main.yml @@ -1,7 +1,8 @@ -# TODO: when startprefix does not exist -# use container to install prefix? -#- include_tasks: install_prefix.yml - +# Main task which: +# - checks the given path for a Prefix installation, +# - starts (and publishes at the end) a CVMFS transaction, if requested, +# - calls the tasks for adding the overlay and installation of sets and packages. +--- - name: Check if a Prefix installation is found at the specified location stat: path: "{{ gentoo_prefix_path }}/usr/bin/emerge" diff --git a/scripts/prefix-symlink-host-paths.sh b/scripts/prefix-symlink-host-paths.sh index f6966e2c..99f9ab4d 100755 --- a/scripts/prefix-symlink-host-paths.sh +++ b/scripts/prefix-symlink-host-paths.sh @@ -23,15 +23,23 @@ if [[ $EPREFIX != $EXPECTED_START/* ]]; then exit 1 fi -# /etc/passwd: required to ensure local users are known (see https://github.com/EESSI/compatibility-layer/issues/15) -# /etc/group: required to ensure local user groups are known -for path in /etc/passwd /etc/group; do +paths=( + "/etc/passwd" # required to ensure local users are known (see https://github.com/EESSI/compatibility-layer/issues/15) + "/etc/group" # required to ensure local user groups are known + "/etc/nsswitch.conf" # required to ensure name-service information is taken from the right source (e.g. ldap) + "/etc/resolv.conf" # required to use the DNS resolver from the host (should be done automatically) + "/lib64/libnss_centrifydc.so.2" # required if Centrify is used in nsswitch.conf + "/lib64/libnss_ldap.so.2" # required if LDAP is used in nsswitch.conf + "/lib64/libnss_sss.so.2" # required if SSSD is used in nsswitch.conf +) + +for path in ${paths[@]}; do echo ">> checking $path ..." ls -ld ${EPREFIX}$path | grep " -> $path" > /dev/null ec=$? if [ $ec -ne 0 ]; then echo_yellow ">> [CHANGE] ${EPREFIX}$path is *not* a symlink to $path, fixing that..." - rm ${EPREFIX}$path + rm -f ${EPREFIX}$path ln -s $path ${EPREFIX}$path else echo_green ">> [OK] ${EPREFIX}$path is already a symlink to $path"