Skip to content

Commit

Permalink
Merge pull request #190 from rug-cit-hpc/develop
Browse files Browse the repository at this point in the history
Develop -> Master for new release.
  • Loading branch information
erijpkema authored Nov 7, 2019
2 parents 7f2d764 + d2bdad7 commit a0382dc
Show file tree
Hide file tree
Showing 140 changed files with 2,688 additions and 867 deletions.
3 changes: 3 additions & 0 deletions .ansible-lint
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
---
exclude_paths:
- "~/.ansible" # Exclude external playbooks.
34 changes: 34 additions & 0 deletions .circleci/config.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
---

# Python CircleCI 2.0 configuration file
#
# Check https://circleci.com/docs/2.0/language-python/ for more details
#

version: 2.1
jobs:
build:
docker:
- image: circleci/python:3

working_directory: ~/repo

steps:
- checkout

- run:
name: install dependencies
command: |
python3 -m venv venv
. venv/bin/activate
pip install ansible-lint
# run tests!
- run:
name: run tests
command: |
. venv/bin/activate
ansible-lint cluster.yml > lint_results 2>&1 || true
errors=$(grep -c "\:" lint_results)
if (( errors > 224 )); then /bin/false; fi
cat lint_results
66 changes: 66 additions & 0 deletions .lorrc
Original file line number Diff line number Diff line change
@@ -0,0 +1,66 @@
#!/bin/bash
#
# Bash code to initialize the environment / repo settings for deploying a specific HPC cluster,
# for which the config is stored in the repo containing this script.
#
# This script assumes there is for each CLUSTERNAME a corresponding:
# 1. ./group_vars/CLUSTERNAME-cluster/ Ansible group variables and secrets encrypted with Ansible vault.
# 2. ./CLUSTERNAME_hosts.ini Ansible inventory file in the root of this repo.
# 3. ./.vault_pass.txt.CLUSTERNAME Ansible vault password file in the root of this repo.
#
# Once this code was sourced (not executed!) like this:
# $> . .lorrc
# You can call the lor-config function for a specific cluster. E.g.:
# $> lor-config talos
#

#
##
### Environment and bash sanity.
##
#
export LOR_DIR="$( cd -P "$( dirname "${BASH_SOURCE}" )" && pwd )"

#
##
### Main.
##
#

function lor-config() {
#
# Get and check input.
#
local cluster="${1-}"
if [[ -z "${cluster:-}" ]]; then
printf '%s\n' 'ERROR: must specify an HPC cluster name.'
return
fi
declare -a required_paths=(
"${LOR_DIR}/group_vars/${cluster}-cluster/"
"${LOR_DIR}/${cluster}_hosts.ini"
"${LOR_DIR}/.vault_pass.txt.${cluster}"
)
for required_path in "${required_paths[@]}"; do
if [[ ! -e "${required_path}" ]]; then
printf '%s\n' "ERROR: ${required_path} does not exist for HPC cluster ${cluster}."
return
fi
done
#
# Get jumphost from inventory file.
#
local jumphost=$(fgrep -A1 '[jumphost]' "${LOR_DIR}/${cluster}_hosts.ini" | tail -1)
#
# Init and report current setup.
#
cd ${LOR_DIR}
export AI_INVENTORY="${cluster}_hosts.ini"
export AI_PROXY="${jumphost}"
export ANSIBLE_VAULT_PASSWORD_FILE=".vault_pass.txt.${cluster}"
export ANSIBLE_TRANSFORM_INVALID_GROUP_CHARS=ignore
printf '%s\n' "Current working directory is $(pwd)"
printf '%s\n' "Using AI_PROXY: ${AI_PROXY}"
printf '%s\n' "Using AI_INVENTORY: ${AI_INVENTORY}"
printf '%s\n' "Using ANSIBLE_VAULT_PASSWORD_FILE: ${ANSIBLE_VAULT_PASSWORD_FILE}"
}
11 changes: 6 additions & 5 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -184,10 +184,10 @@ Deploying a fully functional virtual cluster from scratch involves the following
Execute:
```
dd if=/dev/urandom bs=1 count=1024 > roles/slurm-management/files/[name-of-the-cluster] _munge.key
ansible-vault --vault-password-file=.vault_pass.txt.[name-of-the-cluster] encrypt roles/slurm-management/files/[name-of-the-cluster] _munge.key
dd if=/dev/urandom bs=1 count=1024 > roles/slurm-management/files/[name-of-the-cluster]_munge.key
ansible-vault --vault-password-file=.vault_pass.txt.[name-of-the-cluster] encrypt roles/slurm-management/files/[name-of-the-cluster]_munge.key
```
The encrypted ```[name-of-the-cluster] _munge.key``` can now safely be committed.
The encrypted ```[name-of-the-cluster]_munge.key``` can now safely be committed.
7. Running playbooks.
Expand All @@ -205,7 +205,8 @@ Deploying a fully functional virtual cluster from scratch involves the following
In our case the CentOS cloud image comes with a default ```centos``` user.
```bash
export ANSIBLE_HOST_KEY_CHECKING=False
ansible-playbook -i inventory.py -u centos local_admin_users.yml
ansible-playbook -i inventory.py -u centos -l 'jumphost,cluster' local_admin_users.yml
ansible-playbook -i inventory.py -u root -l 'docs' local_admin_users.yml
ansible-playbook -i inventory.py -u [local_admin_account] single_role_playbooks/ssh_host_signer.yml
export ANSIBLE_HOST_KEY_CHECKING=True
```
Expand All @@ -216,7 +217,7 @@ Deploying a fully functional virtual cluster from scratch involves the following
```
* Deploying only a specific role - e.g. *slurm-management* - on test cluster *Talos*
```bash
ansible-playbook site.yml -i inventory.py -u [local_admin_account] single_role_playbooks/slurm-management.yml
ansible-playbook -i inventory.py -u [local_admin_account] single_role_playbooks/slurm-management.yml
```
8. Verify operation.
Expand Down
10 changes: 9 additions & 1 deletion ansible.cfg
Original file line number Diff line number Diff line change
@@ -1,6 +1,14 @@
[defaults]
retry_files_enabled = False
stdout_callback = debug
vault_password_file = .vault_pass.txt
#
# Do not use a hard-code vault_password_file file here:
# we have multiple .vault_pass.txt.clustername files with specific passwords for each cluster.
# source the .lorrc file in the root of the repo and then use the lor-config function:
# lor-config [name-of-a-cluster]
# This wil configure various environment variables including ANSIBLE_VAULT_PASSWORD_FILE.
#
#vault_password_file = .vault_pass.txt

[ssh_connection]
pipelining = True
Expand Down
Loading

0 comments on commit a0382dc

Please sign in to comment.