diff --git a/.ansible-lint b/.ansible-lint new file mode 100644 index 000000000..720363f13 --- /dev/null +++ b/.ansible-lint @@ -0,0 +1,3 @@ +--- +exclude_paths: + - "~/.ansible" # Exclude external playbooks. diff --git a/.circleci/config.yml b/.circleci/config.yml new file mode 100644 index 000000000..2d2e5455c --- /dev/null +++ b/.circleci/config.yml @@ -0,0 +1,34 @@ +--- + +# Python CircleCI 2.0 configuration file +# +# Check https://circleci.com/docs/2.0/language-python/ for more details +# + +version: 2.1 +jobs: + build: + docker: + - image: circleci/python:3 + + working_directory: ~/repo + + steps: + - checkout + + - run: + name: install dependencies + command: | + python3 -m venv venv + . venv/bin/activate + pip install ansible-lint + + # run tests! + - run: + name: run tests + command: | + . venv/bin/activate + ansible-lint cluster.yml > lint_results 2>&1 || true + errors=$(grep -c "\:" lint_results) + if (( errors > 224 )); then /bin/false; fi + cat lint_results diff --git a/.lorrc b/.lorrc new file mode 100755 index 000000000..ad5b70a45 --- /dev/null +++ b/.lorrc @@ -0,0 +1,66 @@ +#!/bin/bash +# +# Bash code to initialize the environment / repo settings for deploying a specific HPC cluster, +# for which the config is stored in the repo containing this script. +# +# This script assumes there is for each CLUSTERNAME a corresponding: +# 1. ./group_vars/CLUSTERNAME-cluster/ Ansible group variables and secrets encrypted with Ansible vault. +# 2. ./CLUSTERNAME_hosts.ini Ansible inventory file in the root of this repo. +# 3. ./.vault_pass.txt.CLUSTERNAME Ansible vault password file in the root of this repo. +# +# Once this code was sourced (not executed!) like this: +# $> . .lorrc +# You can call the lor-config function for a specific cluster. E.g.: +# $> lor-config talos +# + +# +## +### Environment and bash sanity. +## +# +export LOR_DIR="$( cd -P "$( dirname "${BASH_SOURCE}" )" && pwd )" + +# +## +### Main. +## +# + +function lor-config() { + # + # Get and check input. + # + local cluster="${1-}" + if [[ -z "${cluster:-}" ]]; then + printf '%s\n' 'ERROR: must specify an HPC cluster name.' + return + fi + declare -a required_paths=( + "${LOR_DIR}/group_vars/${cluster}-cluster/" + "${LOR_DIR}/${cluster}_hosts.ini" + "${LOR_DIR}/.vault_pass.txt.${cluster}" + ) + for required_path in "${required_paths[@]}"; do + if [[ ! -e "${required_path}" ]]; then + printf '%s\n' "ERROR: ${required_path} does not exist for HPC cluster ${cluster}." + return + fi + done + # + # Get jumphost from inventory file. + # + local jumphost=$(fgrep -A1 '[jumphost]' "${LOR_DIR}/${cluster}_hosts.ini" | tail -1) + # + # Init and report current setup. + # + cd ${LOR_DIR} + export AI_INVENTORY="${cluster}_hosts.ini" + export AI_PROXY="${jumphost}" + export ANSIBLE_VAULT_PASSWORD_FILE=".vault_pass.txt.${cluster}" + export ANSIBLE_TRANSFORM_INVALID_GROUP_CHARS=ignore + printf '%s\n' "Current working directory is $(pwd)" + printf '%s\n' "Using AI_PROXY: ${AI_PROXY}" + printf '%s\n' "Using AI_INVENTORY: ${AI_INVENTORY}" + printf '%s\n' "Using ANSIBLE_VAULT_PASSWORD_FILE: ${ANSIBLE_VAULT_PASSWORD_FILE}" +} diff --git a/README.md b/README.md index cfc8bb3ee..756eb0fb0 100644 --- a/README.md +++ b/README.md @@ -184,10 +184,10 @@ Deploying a fully functional virtual cluster from scratch involves the following Execute: ``` - dd if=/dev/urandom bs=1 count=1024 > roles/slurm-management/files/[name-of-the-cluster] _munge.key - ansible-vault --vault-password-file=.vault_pass.txt.[name-of-the-cluster] encrypt roles/slurm-management/files/[name-of-the-cluster] _munge.key + dd if=/dev/urandom bs=1 count=1024 > roles/slurm-management/files/[name-of-the-cluster]_munge.key + ansible-vault --vault-password-file=.vault_pass.txt.[name-of-the-cluster] encrypt roles/slurm-management/files/[name-of-the-cluster]_munge.key ``` - The encrypted ```[name-of-the-cluster] _munge.key``` can now safely be committed. + The encrypted ```[name-of-the-cluster]_munge.key``` can now safely be committed. 7. Running playbooks. @@ -205,7 +205,8 @@ Deploying a fully functional virtual cluster from scratch involves the following In our case the CentOS cloud image comes with a default ```centos``` user. ```bash export ANSIBLE_HOST_KEY_CHECKING=False - ansible-playbook -i inventory.py -u centos local_admin_users.yml + ansible-playbook -i inventory.py -u centos -l 'jumphost,cluster' local_admin_users.yml + ansible-playbook -i inventory.py -u root -l 'docs' local_admin_users.yml ansible-playbook -i inventory.py -u [local_admin_account] single_role_playbooks/ssh_host_signer.yml export ANSIBLE_HOST_KEY_CHECKING=True ``` @@ -216,7 +217,7 @@ Deploying a fully functional virtual cluster from scratch involves the following ``` * Deploying only a specific role - e.g. *slurm-management* - on test cluster *Talos* ```bash - ansible-playbook site.yml -i inventory.py -u [local_admin_account] single_role_playbooks/slurm-management.yml + ansible-playbook -i inventory.py -u [local_admin_account] single_role_playbooks/slurm-management.yml ``` 8. Verify operation. diff --git a/ansible.cfg b/ansible.cfg index e5dfdbc7a..5611a6953 100644 --- a/ansible.cfg +++ b/ansible.cfg @@ -1,6 +1,14 @@ [defaults] +retry_files_enabled = False stdout_callback = debug -vault_password_file = .vault_pass.txt +# +# Do not use a hard-code vault_password_file file here: +# we have multiple .vault_pass.txt.clustername files with specific passwords for each cluster. +# source the .lorrc file in the root of the repo and then use the lor-config function: +# lor-config [name-of-a-cluster] +# This wil configure various environment variables including ANSIBLE_VAULT_PASSWORD_FILE. +# +#vault_password_file = .vault_pass.txt [ssh_connection] pipelining = True diff --git a/cluster.yml b/cluster.yml index 10f62daa0..01e7e2257 100644 --- a/cluster.yml +++ b/cluster.yml @@ -1,113 +1,166 @@ ---- -- name: Sanity checks before we start. +# +# Order of deployment required to prevent chicken versus the egg issues: +# 0. For all deployment phases: +# export AI_PROXY="${jumphost_name}" +# export AI_INVENTORY="${cluster_name}_hosts.ini" +# ANSIBLE_VAULT_PASSWORD_FILE=".vault_pass.txt.${cluster_name}" +# +# 1. Use standard CentOS cloud image user 'centos' or 'root' user and without host key checking: +# export ANSIBLE_HOST_KEY_CHECKING=False +# ansible-playbook -i inventory.py -u centos -l 'jumphost,cluster' single_role_playbooks/admin-users.yml +# ansible-playbook -i inventory.py -u root -l 'docs' single_role_playbooks/admin-users.yml +# 2. Use local admin user's account and without host key checking: +# export ANSIBLE_HOST_KEY_CHECKING=False +# ansible-playbook -i inventory.py -u [admin_account] single_role_playbooks/ssh_host_signer.yml +# 3. Use local admin user's account and with strict host key checking to deploy everything else: +# export ANSIBLE_HOST_KEY_CHECKING=True +# ansible-playbook -i inventory.py -u [admin_account] cluster.yml +# This will configure: +# A. Jumphost first as it is required to access the other machines. +# B. SAI as it is required to +# * configure layout on shared storage devices used by other machines. +# * configure Slurm control and Slurm database. +# C. DAI +# D. UI +# E. Compute nodes +# F. Documentation server +# +- name: 'Sanity checks before we start.' hosts: all pre_tasks: - - name: Verify Ansible version meets requirements. + - name: 'Verify Ansible version meets requirements.' assert: that: "ansible_version.full is version_compare('2.4', '>=')" msg: 'You must update Ansible to at least 2.4.x to use this playbook.' -- import_playbook: local_admin_users.yml - -- name: Install roles needed for all virtual cluster components. - hosts: all +- name: 'A. Roles for jumphosts.' + hosts: jumphost roles: - - logins + - admin-users - ssh_host_signer - ssh_known_hosts + - yum-repos + - logins + - {role: geerlingguy.repo-epel, become: true} + - ldap + - static-hostname-lookup + - sshd + - node_exporter + - {role: geerlingguy.security, become: true} + - prom_proxy + - regular-users tasks: - - cron: - # - # Silly workaround for bug in interaction dbus <-> logind - # Need DBus 1.11.10 for a fix, but CentOS 7.6 is stuck on dbus 1.10.24. - # - name: Restart systemd-logind - minute: "/10" + - name: 'Install cron job to reboot jumphost regularly to activate kernel updates.' + cron: + name: 'Reboot to load new kernel.' + weekday: '1' + minute: '45' + hour: '11' user: root - job: /bin/systemctl restart systemd-logind - cron_file: restart_logind + job: /bin/needs-restarting -r >/dev/null 2>&1 || /sbin/shutdown -r +60 "Restarting to apply updates..." + cron_file: reboot become: true -- name: Mount the ceph volume +- name: 'B. Roles for SAIs.' hosts: - - compute-vm - - sys-admin-interface - - deploy-admin-interface - become: True + - sys-admin-interface roles: - - mount-volume - -- name: Install roles needed for all virtual cluster components except jumphosts. - hosts: cluster - become: true - tasks: - roles: - - spacewalk_client - - ldap - - node_exporter - - cluster - - resolver - - shared_storage - -- name: Install ansible on admin interfaces (DAI & SAI). - hosts: - - sys-admin-interface - - deploy-admin-interface - become: True - tasks: - - name: install Ansible - yum: - name: ansible-2.6.6-1.el7.umcg + - admin-users + - ssh_host_signer + - ssh_known_hosts + - spacewalk_client + - logins + - figlet_hostname + - mount-volume + - ldap + - node_exporter + - static-hostname-lookup + - cluster + - sshd + - resolver + - shared_storage + - regular-users -- name: Install roles needed for DAIs. - hosts: - - deploy-admin-interface +- hosts: slurm-management roles: - - envsync + - slurm-management + - prom_server + - {role: cadvisor, become: true} + vars: + # These variables are needed by the mariadb role. + # Which is a depencency of the slurm-management role. + # See roles/slurm/meta/main.yml + hostname_node0: "{{ ansible_hostname }}" + ip_node0: "{{ ansible_default_ipv4['address'] }}" -- name: Install roles needed for jumphosts. - hosts: jumphost - become: true +- name: 'C. Roles for DAIs.' + hosts: deploy-admin-interface roles: - - geerlingguy.repo-epel - - ldap - - cluster - - geerlingguy.security - tasks: - - cron: - name: Reboot to load new kernel. - weekday: 1 - minute: 45 - hour: 11 - user: root - job: /bin/needs-restarting -r >/dev/null 2>&1 || /sbin/shutdown -r +60 "restarting to apply updates" - cron_file: reboot + - admin-users + - ssh_host_signer + - ssh_known_hosts + - spacewalk_client + - logins + - figlet_hostname + - mount-volume + - build-environment + - ldap + - node_exporter + - static-hostname-lookup + - cluster + - sshd + - resolver + - shared_storage + - regular-users + - envsync -- hosts: slurm-management - become: true +- name: 'D. Roles for UIs.' + hosts: user-interface roles: - - slurm-management - - prom_server - - cadvisor - vars: - # These variables are needed by the mariadb role. - # Which is a depencency of the slurm role. - # See roles/slurm/meta/main.yml - hostname_node0: "{{ ansible_hostname }}" - ip_node0: "{{ ansible_default_ipv4['address'] }}" + - admin-users + - ssh_host_signer + - ssh_known_hosts + - spacewalk_client + - logins + - figlet_hostname + - ldap + - node_exporter + - static-hostname-lookup + - cluster + - sshd + - resolver + - shared_storage + - slurm_exporter + - slurm-client + - regular-users + - sudoers -- name: Install virtual compute nodes +- name: 'E. Roles for compute nodes.' hosts: compute-vm - become: true - tasks: roles: - - slurm-client + - admin-users + - ssh_host_signer + - ssh_known_hosts + - spacewalk_client + - logins + - figlet_hostname + - mount-volume + - build-environment + - ldap + - node_exporter + - static-hostname-lookup + - cluster + - sshd + - resolver + - shared_storage + - slurm-client + - regular-users -- name: Install User Interface (UI) - hosts: user-interface - become: true - tasks: +- name: 'F. Roles for documentation servers.' + hosts: + - docs roles: - - slurm_exporter - - slurm-client + - admin-users + - ssh_host_signer + - online_docs ... diff --git a/common.yml b/common.yml deleted file mode 100644 index 1e1ce3031..000000000 --- a/common.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -- name: Install the common role from the hpc-cloud repo. - hosts: all - become: True - roles: - - hpc-cloud/roles/common diff --git a/deploy-os_servers.yaml b/deploy-os_servers.yml similarity index 62% rename from deploy-os_servers.yaml rename to deploy-os_servers.yml index 72c5f3e72..8c2fc79dd 100644 --- a/deploy-os_servers.yaml +++ b/deploy-os_servers.yml @@ -54,20 +54,18 @@ name: "{{ headnode_name }}" groups: headnode ansible_ssh_host: "{{ headnode_vm.openstack.accessIPv4 }}" - private_ip: "{{ headnode_vm.openstack.private_v4 }}" + private_ip: "{{ headnode_vm.server.addresses['Solve-RD_private'] | map(attribute='addr') | list | first }}" ansible_ssh_user: "{{ cloud_user }}" public_ip: "{{ headnode_vm.openstack.accessIPv4 }}" +############################################################################## +# Configure vnode from inventory group 'compute-vm' using Openstack API. +############################################################################## - name: Deploying vcompute nodes. hosts: - compute-vm connection: local tasks: - -############################################################################## -# Configure vnode from inventory group 'compute-vm' using Openstack API. -############################################################################## - - name: create persistent data volume for vcompute nodes. os_volume: display_name: "{{ inventory_hostname }}-volume" @@ -116,19 +114,69 @@ server: "{{ inventory_hostname }}" volume: "{{ inventory_hostname }}-volume" +############################################################################# +# Configure DAI, SAI and jumphost from inventory using Openstack API. +############################################################################# + + - name: create persistent data volume for headnode + os_volume: + display_name: "{{ item }}-volume" + size: 20 + state: present + availability_zone: '{{ storage_availability_zone }}' + with_items: + - "{{ groups['deploy-admin-interface'] }}" + - "{{ groups['sys-admin-interface'] }}" + - "{{ groups['jumphost'] }}" + + - name: Create managment instance + os_server: + state: present + name: "{{ item }}" + image: '{{ image_centos7 }}' + flavor: '{{ flavor_management }}' + security_groups: '{{ security_group_id }}' + key_name: '{{ key_name }}' + auto_floating_ip: no + nics: + - net-name: '{{ private_net_id }}' + - net-name: '{{ private_storage_net_id }}' + availability_zone: '{{ availability_zone }}' + register: managment_vm + with_items: + - "{{ groups['deploy-admin-interface'] }}" + - "{{ groups['sys-admin-interface'] }}" + - "{{ groups['jumphost'] }}" + + - name: attach managment data volume + os_server_volume: + server: "{{ item }}" + volume: "{{ item }}-volume" + with_items: + - "{{ groups['deploy-admin-interface'] }}" + - "{{ groups['sys-admin-interface'] }}" + - "{{ groups['jumphost'] }}" + + - name: add node to inventory + add_host: + name: "{{item.openstack.name}}" + groups: nodes + ansible_ssh_host: "{{ item.server.addresses['Solve-RD_private'] }}" + private_ip: "{{ item.server.addresses['Solve-RD_private'] | map(attribute='addr') | list | first }}" + ansible_ssh_user: "{{ cloud_user }}" + with_items: "{{ managment_vm.results }}" + ############################################################################## -# Configure /etc/hosts from in-memory inventory +# List IPs addresses for/etc/hosts from in-memory inventory ############################################################################## -- name: Configure nodes +- name: List private ip addresses for roles/static-hostname-lookup/templates/{cluster}_hosts hosts: - - all - become: True + - user-interface + become: true gather_facts: false tasks: - - name: add entries to /etc/hosts for all cluster members - lineinfile: - state: present - dest: /etc/hosts - line: "{{ hostvars[item]['private_ip'] }} {{ item }}" - with_items: "{{ groups['all'] }}" + - debug: msg="{{ hostvars[item]['private_ip'] }} {{ item }}" + with_items: + - "{{ groups['cluster'] }}" + - "{{ groups['jumphost'] }}" diff --git a/documentation/Patching_Slurm.md b/documentation/Patching_Slurm.md new file mode 100644 index 000000000..b47abcaff --- /dev/null +++ b/documentation/Patching_Slurm.md @@ -0,0 +1,118 @@ +# Creating patched Slurm for HPC cluster # + +Table of Contents: + +* [Summary](#-summary) +* [Patch and Build RPM](#-patch-and-build) + +--- + +# Summary + +We use a patched Slurm version in order to allow all users to retrieve job stats for all jobs with ```sstat``` +and tools that depend on ```sstat``` (e.g. ```ctop``` from the ```cluster-utils``` module). +In a plain vanilla Slurm version only the root user can get the jobs stats for running of all jobs. +Regular users can only retrieve job stats for their own running jobs +(and for all completed jobs using sacct and the Slurm accounting DB). +The rationale for the default behaviour is that fetching the stats for all jobs can cause quite some load on very large clusters +(thousands of nodes), but on the smaller clusters we use the load from ```sstat``` is negligible. + +# Patch and Build + +### 1. Setup rpmbuild + +``` +mkdir -p ~/rpmbuild/{BUILD,RPMS,SOURCES,SPECS,SRPMS} +if [ -f ~/.rpmmacros ];then + echo '~/.rpmmacros already exists.' +else + echo '%_topdir %(echo $HOME)/rpmbuild' > ~/.rpmmacros + echo 'Initialized ~/.rpmmacros' +fi +``` + +### 2. Download and unpack Slurm + +``` +wget https://download.schedmd.com/slurm/slurm-${SLURM_VERSION}.tar.bz2 +tar -xvjf slurm-${SLURM_VERSION}.tar.bz2 +``` + + +### 3. Patching slurmd source + +Disabled UID check in **_rpc_stat_jobacct** function of +``` +slurm-${SLURM_VERSION}/src/slurmd/slurmd/rec.c +``` +to allow all users to retrieve job stats for all jobs with ```sstat```: +``` + /* + * check that requesting user ID is the SLURM UID or root + * DISABLED to allow sstat to retrieve job stats for all running jobs of all users. + * This may have a negative impact on highly parallellized apps or large clusters. + */ + /*if ((req_uid != uid) && (!_slurm_authorized_user(req_uid))) { + * error("stat_jobacct from uid %ld for job %u " + * "owned by uid %ld", + * (long) req_uid, req->job_id, (long) uid); + * + * if (msg->conn_fd >= 0) { + * slurm_send_rc_msg(msg, ESLURM_USER_ID_MISSING); + * close(fd); + * return ESLURM_USER_ID_MISSING; + * } + }*/ +``` + +### 4. Append umcg suffix to version/release number + +Patch the SLURM ```slurm-${SLURM_VERSION}/slurm.spec``` file. + + * Append ```.umcg``` suffix to release in the SLURM ```slurm-${SLURM_VERSION}/slurm.spec``` file. + Example for Slurm 18.08.8 where the patch level (last number) is ```8```: + Change: + ``` + Release: 8%{?dist} + ``` + into: + ``` + Release: 8%{?dist}.umcg + ``` + The patch level number may be different for other releases. + * Change: + ``` + # when the rel number is one, the directory name does not include it + %if "%{rel}" == "1" + %global slurm_source_dir %{name}-%{version} + %else + %global slurm_source_dir %{name}-%{version}-%{rel} + %endif + ``` + into: + ``` + %global slurm_source_dir %{name}-%{version}-%{rel}.umcg + ``` + +Make sure to also add the ```.umcg``` suffix to the folder name: + +``` +mv slurm-${SLURM_VERSION} slurm-${SLURM_VERSION}.umcg +``` + +### 5. Create new tar.bz2 source code archive with patched code + +``` +tar -cvjf ~/rpmbuild/SOURCES/slurm-${SLURM_VERSION}.umcg.tar.bz2 slurm-${SLURM_VERSION}.umcg +``` + +### 6. Build patched RPMs + +``` +rpmbuild -ta --with lua --with mysql ~/rpmbuild/SOURCES/slurm-${SLURM_VERSION}.umcg.tar.bz2 +``` +When successful, add patched RPMs to custom repo and don't forget to contact admin to update relevant spacewalk channels! +E.g.: +``` +rsync -av ~/rpmbuild/RPMS/x86_64/slurm-${SLURM_VERSION}-*.x86_64.rpm spacewalk02:umcg-centos7/ +``` \ No newline at end of file diff --git a/fender_hosts.ini b/fender_hosts.ini index a60b19105..ca70b9bc4 100644 --- a/fender_hosts.ini +++ b/fender_hosts.ini @@ -2,7 +2,7 @@ corridor [docs] -molgenis42 +docs [slurm-management] fd-sai diff --git a/gearshift_hosts.ini b/gearshift_hosts.ini index 750dcd283..5bb261c5f 100644 --- a/gearshift_hosts.ini +++ b/gearshift_hosts.ini @@ -2,7 +2,7 @@ airlock [docs] -molgenis42 +docs [slurm-management] imperator diff --git a/group_vars/all/vars.yml b/group_vars/all/vars.yml index 6d022fed6..6b2c3129d 100644 --- a/group_vars/all/vars.yml +++ b/group_vars/all/vars.yml @@ -4,8 +4,8 @@ ssh_host_signer_ca_keypair_dir: "{{ inventory_dir }}/ssh-host-ca" ssh_host_signer_ca_private_key: "{{ ssh_host_signer_ca_keypair_dir }}/hpc-ca" ssh_host_signer_key_types: '.*(rsa|ed25519).*' ssh_host_signer_hostnames: "{{ ansible_fqdn }},{{ ansible_hostname }}{% for host in groups['jumphost'] %},{{ host }}+{{ ansible_hostname }}{% endfor %}" -spacewalk_server_url: 'http://spacewalk.hpc.rug.nl/XMLRPC' -slurm_table_name: "{{ stack_prefix }}_slurm_accounting" +spacewalk_server_url: 'http://spacewalk02.hpc.rug.nl/XMLRPC' +slurm_database_name: "{{ stack_prefix }}_slurm_accounting" ai_jumphost: "{{ lookup('env','AI_PROXY') }}" # # Configure allowed network ports for geerlingguy.firewall role @@ -144,6 +144,58 @@ auth_users: pub_keys: | ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHvtYVqBzyLk0gRL0Teq5UnIPjrkJGvbmzjHzPq2D5gw wsteyaert ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA1cD51nNVkZLmVpgnlecprPCNdf6W9IQ/O7KVE5DG3b wsteyaert + ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKcTDLafk1hTH5whx4aJyFwG6fPVz9H7EjOrXHaN8ssQ wsteyaert + fokke: + comment: 'Fokke Dijkstra' + uid: 1024 + pub_keys: | + ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDRVddVL5RVcv2ubRTNdPQ1Z7L+llPe3jxPgLYKvl6Uo fokke@laptop-cit + slaurie: + comment: 'Steve Laurie' + uid: 1025 + pub_keys: | + ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILVkUC6qXGL933sVdlH2dmsTY49s9/Lb9mpP1jpQo1ca slaurie + ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAgEAxnQzwIjJEBVcHe9ezfi0YP3tvTvmbwfhfExm/lABIkurwt5Fe4uYnci1h1cN7c+sL1XFZPgNS4fsQHYhfhZF0FI5+gDZQ5ve2ltDqcMvcQ+M8ykZb4mca1pqnaKpG/qTq8cvBI84TmsfZ/99ppVhvJtBX3fs5EOEIo6Kb7aTzTOtsUULDTRvX4PQk7kNCUfAvqP5xHgzxQbEnq4VvUrTcNnrtIH3dvAoLWSAO5f6eTF1KgMXMTdgqQgafKk25cVuhug8hduPQ0k44E8Bx3/qOOU8CavSJF+0gqX+BsjryG3oy2bujfTno8kddAbwfLQgdBZcg+EN8uDrSxF2jHtJMIqvRfit8RzWjKX/W8rtTcXKvq1pfxD25K+aUE5kZeci4UQL2GSVCTbxJHaDURVpLA0YM6Bm2ewHbbQsmDR8RwH6IGocq70ukj3HfDrae8DOV93xyEsKvnupTy9eR1lvzhDrzfTA4P1m2PZxxq/ud4g15lBNOOrlOvofNIi3X+klJ9oO09EvvvJRpHXrEVWFpU5w2ceVnze6E6jcmoPX/mj+L0984lJf3TS0Zx2aLU93IM6qlQ5kHsnMHbMLry4QN6fD1V/PRcjKuuxL1+ZNTVimMXW/Tl0cOleGsXslLxwzOGXaLeOcdvekjE2OSC+V+vvt9rquGqcCqwoDWarpCjk= slaurie + sido: + comment: 'Sido Haakma' + uid: 1026 + pub_keys: | + ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDo/zQab61JMdNlZH1A9bKNqhmemvqimh0tNiaXc45UA shaakma + mpauper: + comment: 'Marc Pauper' + uid: 1027 + pub_keys: | + ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKX6eNqh9P3BNH96VDXxu/LimWGcJGfSYIpKowvoWxmm mpauper + jvdvelde: + comment: 'Joeri van der Velde' + uid: 1028 + pub_keys: | + ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHR3d0L9yW9LwjaqodEAWs3frNEjyj0M+fq/+jY+I9rh jvdvelde + fmusacchia: + comment: 'Francesco Musacchia' + uid: 1029 + pub_keys: | + ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJjTuMz1RGEWYDvBr1f9gMc71T5Gwx0txPEAsyKVcFXW fmusacchia + dspalding: + comment: 'Dylan Spalding' + uid: 1030 + pub_keys: | + ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINazVx99YGc98wZBtlJcP8KqtJ2LZ1K+JfVWx5wtSNjN jdylanspalding + psivakumar: + comment: 'Prasanth Sivakumar' + uid: 1031 + pub_keys: | + ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK2c7bI3+hjALAfsytm6rQ+VU3hPRVGgrU5fUSrVHMMY psivakumar + fandrade: + comment: 'Fernanda de Andrade' + uid: 1032 + pub_keys: | + ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKvNTAsJVVZrWgfuLO7Vj35vdKusWwmcWJGovGIR+S88 fdeandrade + gdemidov: + comment: 'German Demidov' + uid: 1033 + pub_keys: | + ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOeknUxTyEeYoTGyDTsRV8WnLMS7tbhy/9FamgmUj5V3 gmdemidov # # Local group specs. @@ -165,4 +217,11 @@ auth_groups: gid: 20004 umcg-atd: gid: 20005 +# +# Custom/extra yum repos +# +yum_repos: + umcg-centos7: + description: 'UMCG YUM repo for CentOS 7.' + baseurl: http://spacewalk02.hpc.rug.nl/umcg-centos7 ... diff --git a/group_vars/fender-cluster/secrets.yml b/group_vars/fender-cluster/secrets.yml index 4ae13d72c..f077c6bc9 100644 --- a/group_vars/fender-cluster/secrets.yml +++ b/group_vars/fender-cluster/secrets.yml @@ -1,35 +1,57 @@ $ANSIBLE_VAULT;1.1;AES256 -65343637656638313133333466303564333563643730623132366539303363663835346236313465 -6334663864633837313362646238376339353866346131320a653861376334396563616632313438 -38333930356431386130366666656532666631323863363061373131646639346639626435653032 -6462333934633931640a613534333336326162363234643535303337633534353365333263383363 -65643934613631333435613032343838346562376436376462653236356433316331323163363265 -38353239373461623164396533613030623362646261386465373364663764393061306134623739 -66323233393230376238373363363332666265333135363837386262303835613232373162633337 -37613038306634326234383165356330373939333363396435646565303363343436316566333065 -36303539663038333738623863313761616464363830323635636161373032623432363536633266 -62616336663635353438383935393030343465316239343037366432346530626564346564333532 -64653563383132613236343630643364613761346261623235316236366439396139646463653938 -62653433633833333766376465636532373535626139653339666264643961643635393763646463 -31303264386330613031393536313066616465306364653839613464373664393537343036666137 -31343130363563363932626635383033336637356163633231346261353363303864333533666562 -66373565343536313134636166623731353837663434616132626235653166336436326130656135 -32343363363839316134313064613536636564343966636336313330373931363139316534656361 -62663266356136623463386436336436613831623232623035646635663361353862646334346436 -64656365636461393564663936393231633732363037323630316161333032323763313035313035 -35396364363136316661343262336261353639323236333630396161663565313164626537643334 -34333964666561383163343733343132383564343364323364616639663635373166613238613765 -65343238643665323733663563363765356433373234356161393766653936326339616366643766 -37613564383031306334613563653661666334343133333837666664353932633037666530396332 -31353832356130656231636336396164613663373161346463623635353037343737613434393234 -66646164333963386462326335643566656362393138336561363963666265346365373861613165 -65396533353564613061636466356163396533393466396634376166393833333630373036323664 -34343830376163643139346161336337323332646332363039323861663532343062303234656132 -61326465666532373737393538653831663666313135623238653335356531633733356439306166 -34343136666561316362376265383837333362346635326664653664623534343833643762643265 -37616262616230303464393437313865393534366631356534336433313666623363386632363861 -66653735313363653035656438366161343430633934313438653730366662616537613537613530 -34666139623161636230306135643664353530613730616563396530653035336532373735656534 -33386164386264653433343132373462646664623432636232316330396330373134373130366238 -33633033626536313237313066663538623836366533316236383163356563333161303931393634 -3466623466396361346433366635656633616237656166363936 +39353463643262323431356561653834313234353365363566633330333636326135336335666430 +3632386562376164613435653530366261396130366164660a303331333361393266313232313566 +66333833656463653262323135306637343761643766383565303936346363343734636433343662 +3463643464643034650a666166663030666434373431353532636437353135613464343239336136 +62336532656565646331306566373564333665336366313436316231666134336366343732653830 +32663361653462623665303866656364623834343861313936393732386462386562663833383063 +38393636313136623762643231633963383038656563366436306439353838306230383030363061 +30313939363334336538356363386136363539316431343261313362343731316237373163316533 +37656131623863653730356362383735376433643164343462633739343763633639333162663764 +35323763363433363136333232313265366433366137666665643865336265623637373334626666 +38656632346662656534653364366133626630353432616166646561306530656635326130343136 +66313436313230623837306130326435636661303566656664636464306366636361633635323363 +65626438386366303938316436386364646630663463373834326638373065343861393931633465 +31343339306635393136333361353964636361616165373536356164316361663431646136356134 +63356266653962613134363162306534396564363737366236616137653961346637663635313132 +32353063373466306461656537363336616665656666656631356234313866633263376661633262 +32623164633233653366386165666266336264623133376134336531663139383365643063333266 +35363637303038633136353532633838356661623035663762336237343338316266626335633362 +33396464363131363431363832316666336337623162363737313632313466653763386434393037 +64343632313631396562323131396562616434356238336561653931616361646462303261313731 +34323633303532386139396663353635626634313761313539356161643333306561386431623366 +32393966643232366130356234316265643366313661313230323431663165376436643738383037 +64383037366639353361303063373864333134373062666335393434363733353735633864666432 +32313034616264323661613934306561323439353332343736326531303932636430663133643634 +64316163623430623033343365343831323532393366653966316138633462366434636239373636 +39306566613330393034636537366338313532303038666331343330323330333064663365383239 +34633361303061316130393537636434666362623831363361633861316433636631353665366261 +33626338373662343539393033386333363631353365333061653632383530376264666237666630 +62643936356263383461633133633635346338323932376630323138303264336163366338386539 +65363831343632386463316662366130303461396261363238323531316462326538653434613236 +66383031396631636239316533643138313762363231343966666361363139646337363138373961 +62633132623531633431353433323631633137393030633764343866633434316538363935613761 +65363466613539313539633863346333653939383731616664643938633830353061353236623731 +63636162313163646339616438353939353964313264656236653337386166333130346666316239 +35353434306462646230343130633534373537363764366634363330316264326662313730633637 +62303964666661363637306565643136316336393531646166303138303561343035623430356538 +33336364633261333630653338313830313238666334323938643435353738313662396337333238 +32643238366433393532613436363933306633313439336466373730373461376262303166393435 +32313835353036336231366565653835373432666464626231653638303031383866366230656638 +62616637633462616634383530363161343431623335623732386639633765376536663638323134 +64623966613034343761383738316136363236376362666132303061613534383463373461383138 +64303334616561666437656366316531643738366636613365663566633038303830383163316266 +35356538656331363638333464656137333762353437316633356466313563366661353364363962 +31633931613238336537636337306265666334383862613161613663626537346336323266343166 +31643332343439386562633632343865303236383530386333653032376338613930613065316166 +37346262356138393835346431353563316130373932396161336238643861356238356131653539 +63393433306263366333646333323538393330373266656365643765633935323363666334343463 +61656133393066666530653936303432343264383265646530343239623535646637336538616434 +33313863306264633932396634656330386237353036303730623963363138633261663762643937 +65343630616436386164643732663632646265616430636262376630656436353233353137393830 +39623631613737386638323565663135653331373836613862653735613266626263313039383734 +62383237343064306531633332636334323465313366333937396130343631393163653131646431 +31373836336462343561393637366365356566363666663338313037336237643762363033343466 +66373833623062326166336235313866633436316535306137373333633131313331303533633333 +61353837613133326435306431613138323430663632333535386538323235623835653732643866 +33373862613961643339 diff --git a/group_vars/fender-cluster/vars.yml b/group_vars/fender-cluster/vars.yml index 74dfa561c..a16f5be89 100644 --- a/group_vars/fender-cluster/vars.yml +++ b/group_vars/fender-cluster/vars.yml @@ -2,6 +2,7 @@ slurm_cluster_name: 'fender' slurm_cluster_domain: '' stack_prefix: 'fd' +slurm_version: '17.11.9-2.umcg.el7' mailhub: '192.168.0.5' rewrite_domain: "{{ stack_prefix }}-sai{% if slurm_cluster_domain | length %}.{{ slurm_cluster_domain }}{% endif %}" motd: "To solve or not to solve, that's the question." @@ -27,6 +28,7 @@ ui_ethernet_interfaces: - 'eth1' ssh_host_signer_ca_private_key: "{{ ssh_host_signer_ca_keypair_dir }}/ca-key-production-ebi" use_ldap: yes +create_ldap: yes uri_ldap: fd-dai uri_ldaps: fd-dai ldap_port: 389 @@ -43,6 +45,8 @@ flavor_tiny: s1.tiny flavor_ui: s1.large flavor_vcompute: s1.gargantuan public_net_id: ext-net-37 +public_ip_addresses: + corridor: '193.62.55.161' private_net_id: Solve-RD_private private_subnet_id: Solve-RD_subnet private_storage_net_id: net_provider_vlan3126 @@ -61,9 +65,8 @@ local_admin_groups: - 'admin' - 'docker' local_admin_users: - - 'centos' - 'egon' - - 'gerben' + - 'centos' - 'henkjan' - 'marieke' - 'morris' @@ -71,17 +74,24 @@ local_admin_users: - 'wim' - 'umcg-atd-dm' - 'solve-rd-dm' + - 'gerben' envsync_user: 'envsync' envsync_group: 'depad' hpc_env_prefix: '/apps' -local_regular_groups: +regular_groups: - 'users' - 'depad' - 'solve-rd' - 'umcg-atd' -local_regular_users: +regular_users: - user: 'envsync' groups: ['depad'] + - user: 'solve-rd-dm' + groups: ['solve-rd'] + sudoers: ['%solve-rd'] + - user: 'umcg-atd-dm' + groups: ['umcg-atd'] + sudoers: ['%umcg-atd'] - user: 'gvdvries' groups: ['users', 'depad','umcg-atd', 'solve-rd'] - user: 'mbijlsma' @@ -100,6 +110,23 @@ local_regular_users: groups: ['users', 'solve-rd'] - user: 'wsteyaert' groups: ['users', 'solve-rd'] + - user: 'slaurie' + groups: ['users', 'solve-rd'] + - user: 'mpauper' + groups: ['users', 'solve-rd'] + - user: 'jvdvelde' + groups: ['users', 'solve-rd'] + - user: 'fmusacchia' + groups: ['users', 'solve-rd'] + - user: 'dspalding' + groups: ['users', 'solve-rd'] + - user: 'psivakumar' + groups: ['users', 'solve-rd'] + - user: 'fandrade' + groups: ['users', 'solve-rd'] + - user: 'gdemidov' + groups: ['users', 'solve-rd'] + pfs_mounts: [ { pfs: 'ecst02', source: 'em-isi-3126.ebi.ac.uk:/ifs/Solve-RD/ecst02', diff --git a/group_vars/gearshift-cluster/secrets.yml b/group_vars/gearshift-cluster/secrets.yml index a534bb3bd..b418faa27 100644 --- a/group_vars/gearshift-cluster/secrets.yml +++ b/group_vars/gearshift-cluster/secrets.yml @@ -1,23 +1,27 @@ $ANSIBLE_VAULT;1.1;AES256 -37323464326535306263623264326333313336386432393265323939636436653965643730616230 -6666326235643761356666396138393662363734336131610a666235666234326136396630663037 -30336633626235333836666566373162646635353733306466373663393735616235373066386365 -6263356661383164300a326561623066323561356162336466323636343230666165303239303530 -39303633306266616239643933306165326233653830323933306635396433376164386336393934 -63303435633535343437356266633463326461346232353463303534346537323831363936333734 -33623366346566643736663834633266656334363961613464333063353330613266383838356439 -31613939363137613230373561376166626435323465636531303365393961333435396334383539 -38343264656461326563303562643163343562633737326434356536356138363339363733376262 -31373539636139313865353437393431613737343832303534373162663231316633643936306233 -35373066373464653565643637326234363738386635653231346638343431613762663837626136 -30323437613462646563343134653563396537316564353566623331636364656236363463643562 -63646162626564373163356536336136356631353734376462613331353830653637633436386233 -36616230663062656332633033326162643638633335633364346433643636623339633239383966 -34383432393335613439303065353865303631646361376337646634343730373465323838303964 -62343633393465623030323838616262313731313235646331636561356135373637623031633231 -62646135373539613965306139393466333964626665386431373861646163306138663563623033 -63643032663762613532646630373234343533376635633930636236663138396564666439326530 -63643665323838353433366364646133333863613134383366653163326263316461626435373565 -64386562303366303132306239383365623134333632363038353436613362633161613964363835 -35343333343533656161393964363961663734333137353436623730383139653535313535633932 -3631343435383561356538373962383664333961373665323430 +39306430383937653465313262643266626162353565393265316337633637643134373437366234 +3734316636626335343130383363353465343734633263620a313133616435333236373134343261 +33656164373834656366303233626432623636316633303433346466386233393638373965653037 +6636626264363763300a373237313163303565306230666362613163626135303365666439666531 +35376632346633346662653036636364346564326539343233306661656633383036653632626337 +30646337353962343831383937616362306533356663613237613761363632373461623964333636 +63336234313564303563346264653366343561343139643631623935396364393136666665326637 +36376135366237663834393565383062646465316435323538343965353635303031396264623430 +36386233356138306133366338373166633737326332623939396235653436393362373133313065 +38633966643466356531343233613566353932653463393134306361643131366465666639646635 +63636537626533303530633766623466373064623237663764313434333834643431353439373538 +33656335616162303462373636616264626136323532353833633639396431316132303135373632 +35303264316538333961396334333465386338616230393433356534316137636130383631666239 +65653434663862646262313462356362653139363339313436306461366565383735623364636538 +35366530663933333432643161376665306538383432363132383831663732393263656433333866 +30373963316634353265356332633863623563663836373365376366323338383539663731613062 +32613537316136343539356264343137663537323962636534316161623161656262643563353164 +30643634313235626363656233633534343863353631653437623639363233303439316339663838 +33303664306532303130393138376431373861356635303532396562633766666332373231306435 +37643534653334393862356532306534356531636339393533373937633966613261346637396431 +32633937653565633963666239306633623435343138663063663562663530366161353435333039 +63633462323635393162346235353739613735353934653131333432316666333331356630626432 +31663863323331616432393763323137393831326337336236313731646462363835653631393331 +61333631653463663633326664303637333631373339373762646631313465393436623135663535 +33373335356637643861363865636362326434366165303562336465663333333963326238373839 +3030646139323538616638383439376663353131353439346439 diff --git a/group_vars/gearshift-cluster/vars.yml b/group_vars/gearshift-cluster/vars.yml index 9ba0e0eaf..d90a9f598 100644 --- a/group_vars/gearshift-cluster/vars.yml +++ b/group_vars/gearshift-cluster/vars.yml @@ -2,6 +2,7 @@ slurm_cluster_name: 'gearshift' slurm_cluster_domain: 'hpc.rug.nl' stack_prefix: 'gs' +slurm_version: '18.08.8-1.el7.umcg' mailhub: '172.23.34.34' rewrite_domain: "imperator{% if slurm_cluster_domain | length %}.{{ slurm_cluster_domain }}{% endif %}" motd: | @@ -34,10 +35,10 @@ additional_etc_hosts: | vcompute_hostnames: "{{ stack_prefix }}-vcompute[01-11]" vcompute_sockets: 24 vcompute_cores_per_socket: 1 -vcompute_real_memory: 241660 +vcompute_real_memory: 221501 vcompute_max_cpus_per_node: "{{ vcompute_sockets * vcompute_cores_per_socket - 2 }}" vcompute_max_mem_per_node: "{{ vcompute_real_memory - vcompute_sockets * vcompute_cores_per_socket * 512 }}" -vcompute_local_disk: 2900 +vcompute_local_disk: 2800000 vcompute_features: 'tmp01' vcompute_ethernet_interfaces: - 'eth0' @@ -54,6 +55,7 @@ ui_ethernet_interfaces: - 'eth1' ssh_host_signer_ca_private_key: "{{ ssh_host_signer_ca_keypair_dir }}/umcg-hpc-ca" use_ldap: yes +create_ldap: no uri_ldap: 172.23.40.249 uri_ldaps: comanage-in.id.rug.nl ldap_port: 389 diff --git a/group_vars/hyperchicken-cluster/secrets.yml b/group_vars/hyperchicken-cluster/secrets.yml index 8e8d36ddc..ecb98c0c6 100644 --- a/group_vars/hyperchicken-cluster/secrets.yml +++ b/group_vars/hyperchicken-cluster/secrets.yml @@ -1,22 +1,38 @@ $ANSIBLE_VAULT;1.1;AES256 -65313333653434616266643435373832613563333930396335393864346539353334636333326534 -6661663665303736363666393830323962326133366266320a333331643534393339363630376566 -34343936663630363739633266376635363238636164653532613164346365623462626563396465 -6566393538613063620a633238373466633061613562303738333939303931353330306633306562 -38353138653161336139303165333735376564643838623134616538313666353937666134356339 -33356666386365646466306261636435306335363633326438306531616334353836323261323133 -64626233613834306363646634356332383937306265613433346130373966386635313164633261 -34393033303266316462333035346639333861386166376637366163656633646532393639363235 -39353637656438643231346537366464363334323061616530666430343334376434613930363338 -36363933633761346533316465313738373736666236363134656636613166363436666339343161 -66666533346339366166383664633039623765616435663539393165356262333033636662343764 -36366332653335343035653364643965613363643633663861306238373764343165353838356334 -66626361396139356633386531343462613438646438323733306338346336353166646166653630 -65383064396334393837653366663139346361656661646637646139346264316165656331343732 -61636539613035663737623565363965636238303664643034343933663434653931343833386665 -39666134613165326666393738303033323535663134303436303930613837383737383165383731 -38626361653163303262363338356639363831323331343261356463366264386137636531303139 -39643638616530366561316234633034323864366664363535626236373039656337616136336565 -66366530643731396434303566653830393230313230373432386639646230313739636532336432 -30393538623462336134393736313762303030353461373062393736656465306366626130303466 -3033 +39396536363834383637346134303432333739303439633863303336363465386639653537643537 +6338653434323233646434313434323731626264346639340a626164643631303337623838373064 +65643930383966393161333161623630393130393132623131356137396466626235313861643465 +3430626437633662650a313739333333303137303038363532336236656565396139643161393336 +31383764626133316263333265653536303133353766656666663264663463343135633865393464 +61616461626265623533326436383933326365323666336565363239643936663738643462353666 +34386631383639636538616434613633353263376336633631396366656537326463393932633261 +39343663636430643835663165613164343437343832643136653535373934643461363564653935 +62356337613165383538373330656332346663663338333166613038396461303430383763656236 +63666361616364393230663264623337636165313039386430386164303033396532373439636535 +32656636663165613763353864633538663638393161613234383765656337633437613732616431 +61366463636636363661346634393366623362653031656430356563623737303832376439303365 +37353834383830306139306239643436623030633535316634343465656235623639363533393737 +36623436616564643936663037623731393438316465393364303835393963316333626438373737 +35373363383862353836623061373362646637633634376431353838346239643933663432646539 +35323764613962346537363834353833373339363135643230396361306237313866643834663433 +33336563613037363866663364333962383933343430356638616431656539313363383763376463 +32643338316235396164326538393163386137336564636433373166616639366139343939306665 +32313730333239306335343832356663613863336637643334613232633163326366613666336366 +62363362353063383236636463653037343562363462616634633933333338343434626534323063 +34373535396461656264636436356433636138613066373466336664656666396331306434623738 +66653962623937666230646161333764616134626432353831663236633537613832396636643336 +32373139323638396263353566313161333933626366373063316533636432363166656338313565 +66316334333764336634643039663936373561333261316432333530353261323765663934323861 +32336533663638636563343066633638666434376162643861393161633337393231313931613361 +63366564616432633863333231386137363735346437313235303862373032353039643336663731 +66616134353732326436663464306562393538323432373238643465326531346430636161343665 +39626262383630386630366566383466313931316130393830343161336333313531633465616561 +39396661393831613564623462626364663231666362653663613466386532653235383437633462 +31626533386239653234623365393264326633386463393666633036353465373837376335316162 +30623539313538373934393835663331663932336266633163303636333239393661613236386633 +35393562303930343137633030303766396564613266623763326461346365653261393336613333 +33633932666636646430633563393362363666663766633531333333666365663761386130323164 +65663864356662396531316331336561383930366231643537653632623038333430346338386163 +34643431386139373864303462666335613261303832333639386639613965616365613836306430 +32666661633832653835643263633539333166613261376135336362306562313961313030623763 +3736 diff --git a/group_vars/hyperchicken-cluster/vars.yml b/group_vars/hyperchicken-cluster/vars.yml index a197efe58..0d33900d7 100644 --- a/group_vars/hyperchicken-cluster/vars.yml +++ b/group_vars/hyperchicken-cluster/vars.yml @@ -2,6 +2,7 @@ slurm_cluster_name: 'hyperchicken' slurm_cluster_domain: '' stack_prefix: 'hc' +slurm_version: '18.08.8-1.el7.umcg' mailhub: '192.168.0.5' rewrite_domain: "{{ stack_prefix }}-sai{% if slurm_cluster_domain | length %}.{{ slurm_cluster_domain }}{% endif %}" motd: "To solve or not to solve, that's the question." @@ -27,19 +28,21 @@ ui_ethernet_interfaces: - 'eth1' ssh_host_signer_ca_private_key: "{{ ssh_host_signer_ca_keypair_dir }}/umcg-hpc-development-ca" use_ldap: yes +create_ldap: yes uri_ldap: hc-dai uri_ldaps: hc-dai ldap_port: 389 ldaps_port: 636 -ldap_base: ou=users,dc=hpc,dc=rug,dc=nl -ldap_binddn: cn=admin,ou=users,dc=hpc,dc=rug,dc=nl +ldap_base: dc=hpc,dc=rug,dc=nl +ldap_binddn: cn=admin,dc=hpc,dc=rug,dc=nl ldap_domain: hpc.rug.nl key_name: Gerben image_cirros: cirros-0.3.4-x86_64-disk.img image_centos7: centos7 cloud_user: centos -flavor_nano: s1.nano -flavor_tiny: s1.tiny +flavor_ui: s1.large +flavor_vcompute: s1.gargantuan +flavor_management: s1.small public_net_id: ext-net-37 public_ip_addresses: portal: '193.62.55.164' @@ -49,7 +52,9 @@ private_storage_net_id: net_provider_vlan3126 private_storage_subnet_id: subnet3126 security_group_id: SSH-and-ping-2 slurm_ldap: true +fuse_mountpoint: /groups/solve-rd/tmp09/ availability_zone: AZ_1 +storage_availability_zone: nova local_volume_size: 1 nameservers: [ '/em-isi-3126.ebi.ac.uk/10.35.126.201', # Local DNS lookups for shared storage. @@ -59,6 +64,9 @@ nameservers: [ local_admin_groups: - 'admin' - 'docker' + - 'solve-rd' + - 'umcg-atd' + - 'depad' local_admin_users: - 'centos' - 'egon' @@ -68,17 +76,26 @@ local_admin_users: - 'morris' - 'pieter' - 'wim' + - 'umcg-atd-dm' + - 'solve-rd-dm' + - 'envsync' envsync_user: 'envsync' envsync_group: 'depad' hpc_env_prefix: '/apps' -local_regular_groups: +regular_groups: - 'users' - 'depad' - 'solve-rd' - 'umcg-atd' -local_regular_users: +regular_users: - user: 'envsync' groups: ['depad'] + - user: 'solve-rd-dm' + groups: ['solve-rd'] + sudoers: ['%solve-rd'] + - user: 'umcg-atd-dm' + groups: ['umcg-atd'] + sudoers: ['%umcg-atd'] - user: 'gvdvries' groups: ['users', 'depad', 'umcg-atd', 'solve-rd'] - user: 'mbijlsma' @@ -91,8 +108,10 @@ local_regular_users: groups: ['users', 'depad', 'umcg-atd', 'solve-rd'] - user: 'umcg-atd-dm' groups: ['users', 'umcg-atd'] + sudoers: ['pieter','gerben'] - user: 'solve-rd-dm' groups: ['users', 'solve-rd'] + sudoers: ['%solve-rd'] pfs_mounts: [ { pfs: 'ecst01', source: 'em-isi-3126.ebi.ac.uk:/ifs/Solve-RD/ecst01', @@ -113,4 +132,9 @@ lfs_mounts: [ pfs: 'ecst01', machines: "{{ groups['compute-vm'] + groups['user-interface'] }}" }, ] +interfaces: + - device: 'eth0' + bootproto: 'dhcp' + - device: 'eth1' + bootproto: 'dhcp' ... diff --git a/group_vars/jumphost.yml b/group_vars/jumphost.yml index e085a52a1..bdcc2698f 100644 --- a/group_vars/jumphost.yml +++ b/group_vars/jumphost.yml @@ -4,5 +4,7 @@ firewall_allowed_tcp_ports: - "80" firewall_additional_rules: - "iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 22" + - "iptables -A INPUT -i eth1 -p tcp -s 129.125.2.233,129.125.2.225,129.125.2.226 --dport 9090 -j ACCEPT -m comment --comment 'prometheus server'" + ssh_host_signer_hostnames: "{{ ansible_hostname }}{% if slurm_cluster_domain | length %}.{{ slurm_cluster_domain }}{% endif %},{{ ansible_hostname }}{% if public_ip_addresses is defined and public_ip_addresses[ansible_hostname] | length %},{{ public_ip_addresses[ansible_hostname] }}{% endif %}" -... \ No newline at end of file +... diff --git a/group_vars/nibbler-cluster/secrets.yml b/group_vars/nibbler-cluster/secrets.yml new file mode 100644 index 000000000..71afa75dc --- /dev/null +++ b/group_vars/nibbler-cluster/secrets.yml @@ -0,0 +1,25 @@ +$ANSIBLE_VAULT;1.1;AES256 +34366339343839343031643636396234323431313536386439323733363566356661636232666166 +3234646164316461633366373365663132656336303730630a643363623134656432333432376561 +37313639653135666261666133373663303166623561653034323734663733376534666631383632 +3936373862343533640a633265646334333933636430366161633539333630396635386566326232 +31356361663466383636656564393032373563353538643165633561383963356264613839343733 +36313966663266376565653265396432663737333864633064646339373432663761303063393837 +35656137663166383732383034323330323561323137373361316133303838383464666662316330 +64656331376563623866656236393166636636393561306661366534666438633736316436343533 +31363737333431393031396566346638383332346530336361353139326430396166366437373936 +39653337316530636337366162633365663836336236623033646234623134613465643165343134 +34616462356264373837306235393432373362353231656338393037633463343534636166323332 +34636664623465316139316432333463373664313535316665643832663838303433303763656233 +65333239393363336539353439306439306233353035316139643337356263623663633430383266 +61303638313135366463306333663732626534363439636337653664366136643930666537626564 +64653663323066616430643135633434333233383966396137393636666532373266386337366533 +66333137613563366134333233363963343562373436353161616665623032373233646634393131 +63316233376631356132353330636133386236643363303837656462396163343965643364343662 +33343661653137326137343733656434353265303666613739326631343865626432373637393562 +30346239623462333339303236366431343565666634623033306663663131616531326363656338 +66336132333762313336663138666233626134366139663933663435393430653965356265616532 +35616235383035363630383236613932343136616339616631616137363964383366643136323430 +32653338613031616362633661346139613436333961333838396462323831613965303139346334 +32333235343934623338653230333838333266653965383566643434333237636230303437616136 +63373731333065666439 diff --git a/group_vars/nibbler-cluster/vars.yml b/group_vars/nibbler-cluster/vars.yml new file mode 100644 index 000000000..094738b5b --- /dev/null +++ b/group_vars/nibbler-cluster/vars.yml @@ -0,0 +1,117 @@ +--- +slurm_cluster_name: 'nibbler' +slurm_cluster_domain: 'hpc.rug.nl' +stack_prefix: 'nb' +slurm_version: '18.08.8-1.el7.umcg' +mailhub: '192.168.0.5' +rewrite_domain: "{{ stack_prefix }}-sai.{{ slurm_cluster_domain }}" +motd: "Besides, the determined Real Programmer can write FORTRAN programs in any language. -- Ed Post" +vcompute_hostnames: "{{ stack_prefix }}-vcompute[0-20]" +vcompute_sockets: 4 +vcompute_cores_per_socket: 1 +vcompute_real_memory: 3790 +vcompute_max_cpus_per_node: "{{ vcompute_sockets * vcompute_cores_per_socket - 2 }}" +vcompute_max_mem_per_node: "{{ vcompute_real_memory - vcompute_sockets * vcompute_cores_per_socket * 512 }}" +vcompute_local_disk: 0 +vcompute_features: 'tmp09' +vcompute_ethernet_interfaces: + - 'eth0' +ui_hostnames: "{{ slurm_cluster_name }}" +ui_sockets: 4 +ui_cores_per_socket: 1 +ui_real_memory: 3790 +ui_local_disk: 0 +ui_features: 'prm09,tmp09' +ui_ethernet_interfaces: + - 'eth0' +ssh_host_signer_ca_private_key: "{{ ssh_host_signer_ca_keypair_dir }}/umcg-hpc-development-ca" +use_ldap: yes +create_ldap: no +uri_ldap: ldap.pilot.scz.lab.surf.nl +uri_ldaps: ldap.pilot.scz.lab.surf.nl +ldap_port: 636 +ldaps_port: 636 +ldap_base: o=ElixirNL,dc=pilot-clients,dc=scz,dc=lab,dc=surf,dc=nl +ldap_binddn: cn=admin,o=ElixirNL,dc=pilot-clients,dc=scz,dc=lab,dc=surf,dc=nl +key_name: Fokke +image_cirros: cirros-0.3.4-x86_64-disk.img +image_centos7: centos7 +cloud_user: centos +flavor_nano: s1.nano +flavor_tiny: s1.tiny +public_net_id: ext-net-37 +private_net_id: internal_net +private_subnet_id: Solve-RD_subnet +private_storage_net_id: net_provider_vlan3126 +private_storage_subnet_id: subnet3126 +security_group_id: SSH-and-ping-2 +slurm_ldap: true +availability_zone: AZ_1 +local_volume_size: 1 +nfs_network_range: 10.0.42.0/22 +nfs_mountpoint: /nfs +nameservers: [ + '8.8.4.4', # Google DNS. + '8.8.8.8', # Google DNS. +] +local_admin_groups: + - 'admin' + - 'docker' +local_admin_users: + - 'egon' + - 'gerben' + - 'henkjan' + - 'marieke' + - 'morris' + - 'fokke' + - 'wim' + - 'pieter' + - 'wim' + - 'umcg-atd-dm' + - 'solve-rd-dm' +envsync_user: 'envsync' +envsync_group: 'depad' +hpc_env_prefix: '/apps' +regular_groups: + - 'users' + - 'depad' + - 'solve-rd' + - 'umcg-atd' +regular_users: + - user: 'envsync' + groups: ['depad'] + - user: 'gvdvries' + groups: ['users', 'depad', 'umcg-atd', 'solve-rd'] + - user: 'mbijlsma' + groups: ['users', 'depad', 'umcg-atd', 'solve-rd'] + - user: 'mswertz' + groups: ['users', 'depad', 'umcg-atd', 'solve-rd'] + - user: 'pneerincx' + groups: ['users', 'depad', 'umcg-atd', 'solve-rd'] + - user: 'rkanninga' + groups: ['users', 'depad', 'umcg-atd', 'solve-rd'] + - user: 'umcg-atd-dm' + groups: ['users', 'umcg-atd'] + - user: 'solve-rd-dm' + groups: ['users', 'solve-rd'] +pfs_mounts: [ + { pfs: 'Local-NFS', + source: 'nb-nfs:/nfs', + type: 'nfs4', + rw_options: 'defaults,_netdev,vers=4.0,noatime,nodiratime', + ro_options: 'defaults,_netdev,vers=4.0,noatime,nodiratime,ro' }, +] +lfs_mounts: [ + { lfs: 'home', + pfs: 'Local-NFS' }, + { lfs: 'groups/GROUP/tmp09', + pfs: 'Local-NFS', + groups: ['umcg-atd', 'solve-rd'] }, + { lfs: 'groups/GROUP/prm09', + pfs: 'Local-NFS', + groups: ['umcg-atd', 'solve-rd'] }, + { lfs: 'env09', + pfs: 'Local-NFS', + machines: "{{ groups['compute-vm'] + groups['user-interface'] }}" }, +] +... diff --git a/group_vars/talos-cluster/secrets.yml b/group_vars/talos-cluster/secrets.yml index a169755c7..4a22e8d4d 100644 --- a/group_vars/talos-cluster/secrets.yml +++ b/group_vars/talos-cluster/secrets.yml @@ -1,26 +1,29 @@ $ANSIBLE_VAULT;1.1;AES256 -66613933323735386131363439346137336232393232663961303536663131313835663266636638 -3137623638393635643937316366643733636665316666620a653435613333313336356137353164 -64636637613330633436666566316439343764373337333464366136333662313231616239353131 -3832383636396163380a643063653564656661376131376264303339376433613461323833633336 -39633832633631316165306432373766336638366261313238346163323963613264656336363031 -66363563333365363761333037383836633966303763356634613865326465383333323562303437 -61643837663034633439633334333833656136386332643166613563646230383635333639303464 -32343565323639373135393235363334383364313365343464323336646166303334333033303433 -62656238316233336462366334316561313634653639653865653834373764373762323432633562 -34616235363231383734663234616233346433373030386631613832313830343534346664303430 -34376332623236383934633131316636613233653766326538336631383962346165323736633363 -64386235663930313231313534343530366135656362383437656230646530653331353835653362 -61343839376631656165326338323364653734623961383534396432333761356665353636626433 -30383130313566646465663933353033343365396361326339346539323562633032316536323637 -32646330643632636366383931383234623061636430336135376130376462663137376263393438 -34363363343832623562303637376431323733326633336335313863643834393835623335656565 -66623363353738643966306164316164393235383631316161633635653662306664666263666633 -34623465376131323039383632643266346430636630363463623866363635353638363864666539 -30306135363038363730313938363366646135656636663132313835613435623639346434396534 -31386163646532373062633631373331656366613338623638313633636165323961346562323336 -39633866336266343634393964663635386635323663333665343663326662343233343931393964 -65646534393832353438383134666132613930326561336266353165636335396332333037653863 -31636237643837623066383033646362363638613333396663343630343834373436313332373233 -32643532616630633765633530313561313636366632373364393533356162633134326531646161 -3234 +30373339623134663537366566656333666430313866636235646439626335333264383838663566 +6239353966343130313534643037383230636436653233340a646662396165323861343261313465 +39356330383536616534386230313433656339353830376632623037393238386463383563653233 +3561373166386438300a383965393931643230356638656561666361646239306239626662323234 +61633731643164653139653530666566363861316438333866393434356238323766633430363438 +39623662316561643362616537336431313031626236633061353233666131346262623166613165 +61353263326366386330303338616639663430306561333536366466333231643332636465373139 +38663365333432666661363530623739666461346330646566666166666664333939303534356661 +66323963353536653332303836336133363236363062363630336666653733633136343562646436 +30666131353364336532313036623135643261393139336233346439343038663966666166623431 +31666337316562383233633762336431623331386564336565633964333564393235623563626236 +30663137656462346133633237366531323564383032613762353866643235613739333931616161 +30326162323364383263336238313433316530353066353238356439386661303331343734333263 +37633639393763313332393564633261353539383239653035336663393338323061396461383237 +64643965613262336238366338616230366238613034656431646166353339663136376633356138 +34633133643665633833363935393434353432616438353836316438363564336533626134356134 +61373333643836386135383837373234323135303862363739646434653661336230343235376635 +30643866626138356134313731363334363239303931323266613762393363343636653834333661 +66386530353830646336396164316663366662363761363332363161616436653535363939316532 +32656435326235643633336434303966363930306264383361646534333431366534623239633935 +30386231353865383435313838633962646635616233353034646334376433623138363035376138 +31343037623133666632336633636239373631393135333531383865383538613736396338343539 +33393766373039353566303339633066666235613139613637393466633137336430616236343138 +65666262616538373665336339333231393833396338343637626135323130386439393866386135 +64656665336238346531393739346239353236313537363665646366376136373133356537396332 +39343730623033653935316664346430353934366134663539666438303939346163326237613937 +36643238653036333239613862326162333661363735373930666530666533653631343631623437 +30376231613462323138 diff --git a/group_vars/talos-cluster/vars.yml b/group_vars/talos-cluster/vars.yml index ec3363d7c..c4d77adbf 100644 --- a/group_vars/talos-cluster/vars.yml +++ b/group_vars/talos-cluster/vars.yml @@ -2,6 +2,7 @@ slurm_cluster_name: 'talos' slurm_cluster_domain: 'hpc.rug.nl' stack_prefix: 'tl' +slurm_version: '18.08.8-1.el7.umcg' mailhub: '172.23.34.34' rewrite_domain: "{{ stack_prefix }}-sai{% if slurm_cluster_domain | length %}.{{ slurm_cluster_domain }}{% endif %}" motd: | @@ -41,6 +42,7 @@ ui_ethernet_interfaces: - 'eth1' ssh_host_signer_ca_private_key: "{{ ssh_host_signer_ca_keypair_dir }}/umcg-hpc-development-ca" use_ldap: yes +create_ldap: no uri_ldap: 172.23.40.249 uri_ldaps: comanage-in.id.rug.nl ldap_port: 389 diff --git a/hyperchicken_hosts.ini b/hyperchicken_hosts.ini index ef0a47a63..625fa1e57 100644 --- a/hyperchicken_hosts.ini +++ b/hyperchicken_hosts.ini @@ -2,7 +2,7 @@ portal [docs] -molgenis42 +docs [slurm-management] hc-sai diff --git a/ldap_regular_users.yml b/ldap_regular_users.yml deleted file mode 100644 index 1300fd539..000000000 --- a/ldap_regular_users.yml +++ /dev/null @@ -1,73 +0,0 @@ ---- -- name: 'Create regular users & groups in cluster LDAP.' - hosts: ldap-server - become: True -# roles: -# - openldap - tasks: - - - name: 'Make sure we have a parent entry for users.' - ldap_entry: - dn: "ou=users,{{ ldap_base }}" - objectClass: 'organizationalUnit' - bind_dn: "{{ ldap_binddn }}" - bind_pw: "{{ bindpw }}" - server_uri: 'ldap:///' - - - name: 'Make sure we have a parent entry for groups.' - ldap_entry: - dn: "ou=groups,{{ ldap_base }}" - objectClass: 'organizationalUnit' - bind_dn: "{{ ldap_binddn }}" - bind_pw: "{{ bindpw }}" - server_uri: 'ldap:///' - - - name: 'Add groups to parent entry for groups.' - ldap_entry: - dn: "cn={{ item }},ou=groups,{{ ldap_base }}" - objectClass: 'posixGroup' - state: present - server_uri: 'ldap:///' - bind_dn: "{{ ldap_binddn }}" - bind_pw: "{{ bindpw }}" - attributes: - gidNumber: "{{ auth_groups[item].gid }}" - with_items: "{{ local_regular_groups }}" - - - name: 'Add users to parent entry for users.' - ldap_entry: - dn: "cn={{ item.user }},ou=users,{{ ldap_base }}" - state: present - server_uri: 'ldap:///' - objectClass: - - 'inetOrgPerson' - - 'posixAccount' - - 'top' - - 'ldapPublicKey' - bind_dn: "{{ ldap_binddn }}" - bind_pw: "{{ bindpw }}" - attributes: - sn: "{{ item.user }}" - givenName: "{{ auth_users[item.user].comment }}" - cn: "{{ item.user }}" - uid: "{{ item.user }}" - uidNumber: "{{ auth_users[item.user].uid }}" - gidNumber: "{{ auth_groups['users'].gid }}" - homeDirectory: "/home/{{ item.user }}" - loginShell: '/bin/bash' - sshPublicKey: "{{ auth_users[item.user].pub_keys }}" - with_items: "{{ local_regular_users }}" - - - name: 'Add users to groups.' - ldap_attr: - dn: "cn={{ item.1 }},ou=groups,{{ ldap_base }}" - state: present - server_uri: 'ldap:///' - bind_dn: "{{ ldap_binddn }}" - bind_pw: "{{ bindpw }}" - name: 'memberUid' - values: "{{ item.0.user }}" - with_subelements: - - "{{ local_regular_users }}" - - 'groups' -... diff --git a/local_admin_users.yml b/local_admin_users.yml deleted file mode 100644 index 507f7f978..000000000 --- a/local_admin_users.yml +++ /dev/null @@ -1,44 +0,0 @@ ---- -- name: 'Create local admin groups & users and allow admin group to use sudo on all hosts.' - hosts: all - become: True - tasks: - - name: Check if required groups are present. - group: - name: "{{ item }}" - gid: "{{ auth_groups[item].gid }}" - state: present - with_items: "{{ local_admin_groups }}" - - name: 'Allow passwordless sudo for local admin users.' - lineinfile: dest=/etc/sudoers line="%admin ALL=(ALL:ALL) NOPASSWD:ALL" - - name: "Check if required private groups for user's home dir are present." - group: - name: "{{ item }}" # Use same name as user's account name for user's private group. - gid: "{{ auth_users[item].uid }}" # Use same GID as user's UID for user's private group. - state: present - with_items: "{{ local_admin_users }}" - - name: 'Create /admin root dir for the home dirs of admin users.' - file: - path: '/admin' - owner: 'root' - group: 'root' - mode: 0755 - state: 'directory' - - name: Create local admin users and append them to relevant groups. - user: - name: "{{ item }}" - uid: "{{ auth_users[item].uid }}" - comment: "{{ auth_users[item].comment }}" - group: 'admin' - groups: "{{ local_admin_groups }}" - home: "/admin/{{ item }}" - append: no - with_items: "{{ local_admin_users }}" - - name: 'Deploy authorized keys for admins.' - authorized_key: - user: "{{ item }}" - key: "{{ auth_users[item].pub_keys }}" - state: present - exclusive: yes - with_items: "{{ local_admin_users }}" -... diff --git a/local_regular_users.yml b/local_regular_users.yml deleted file mode 100644 index c46e3cd24..000000000 --- a/local_regular_users.yml +++ /dev/null @@ -1,35 +0,0 @@ ---- -- name: 'Create local regular users & groups.' - hosts: all - become: True - tasks: - - name: 'Check if required groups are present.' - group: - name: "{{ item }}" - gid: "{{ auth_groups[item].gid }}" - state: present - with_items: "{{ local_regular_groups }}" - - name: "Check if required private groups for user's home dir are present." - group: - name: "{{ item.user }}" # Use same name as user's account name for user's private group. - gid: "{{ auth_users[item.user].uid }}" # Use same GID as user's UID for user's private group. - state: present - with_items: "{{ local_regular_users }}" - - name: 'Create local regular users and append them to relevant groups.' - user: - name: "{{ item.user }}" - uid: "{{ auth_users[item.user].uid }}" - comment: "{{ auth_users[item.user].comment }}" - group: "{{ item.user }}" - groups: "{{ item.groups }}" - home: "/home/{{ item.user }}" - append: no - with_items: "{{ local_regular_users }}" - - name: 'Deploy authorized keys for local regular users.' - authorized_key: - user: "{{ item.user }}" - key: "{{ auth_users[item.user].pub_keys }}" - state: present - exclusive: yes - with_items: "{{ local_regular_users }}" -... diff --git a/hc-cluster.yml b/nb-cluster.yml similarity index 67% rename from hc-cluster.yml rename to nb-cluster.yml index b5c45ebb4..5abaeceb6 100644 --- a/hc-cluster.yml +++ b/nb-cluster.yml @@ -4,11 +4,24 @@ pre_tasks: - name: Verify Ansible version meets requirements. assert: - that: "ansible_version.full | version_compare('2.4', '>=')" + that: "ansible_version.full is version_compare('2.4', '>=')" msg: 'You must update Ansible to at least 2.4.x to use this playbook.' - import_playbook: local_admin_users.yml +- name: Install spacewalk client needed for all virtual cluster components except jumphosts. + hosts: cluster + become: true + tasks: + roles: + - spacewalk_client + +- name: Install EPEL repo needed for jumphosts + hosts: jumphost + become: true + roles: + - geerlingguy.repo-epel + - name: Install roles needed for all virtual cluster components. hosts: all roles: @@ -28,13 +41,29 @@ cron_file: restart_logind become: true +- name: Mount the ceph volume + hosts: + - compute-vm + - sys-admin-interface + - deploy-admin-interface + become: True + roles: + - mount-volume + +- name: Setup NFS server + hosts: nfs-server + become: true + roles: + - nfs_home_server + +- import_playbook: local_regular_users.yml + - name: Install roles needed for all virtual cluster components except jumphosts. hosts: cluster become: true tasks: roles: - - spacewalk_client -# - ldap + - ldap - node_exporter - cluster - resolver @@ -48,16 +77,20 @@ tasks: - name: install Ansible yum: - name: ansible-2.6.6-1.el7.umcg + name: ansible + +- name: Install roles needed for DAIs. + hosts: + - deploy-admin-interface + roles: + - envsync - name: Install roles needed for jumphosts. hosts: jumphost become: true roles: - - geerlingguy.repo-epel -# - ldap + - ldap - cluster - - node_exporter - geerlingguy.security tasks: - cron: @@ -75,13 +108,18 @@ - slurm-management - prom_server - cadvisor + vars: + # These variables are needed by the mariadb role. + # Which is a depencency of the slurm role. + # See roles/slurm/meta/main.yml + hostname_node0: "{{ ansible_hostname }}" + ip_node0: "{{ ansible_default_ipv4['address'] }}" - name: Install virtual compute nodes hosts: compute-vm become: true tasks: roles: - - compute-vm - slurm-client - name: Install User Interface (UI) @@ -91,6 +129,5 @@ roles: - slurm_exporter - slurm-client - -- import_playbook: local_regular_users.yml + - sudoers ... diff --git a/nibbler-hosts.ini b/nibbler-hosts.ini new file mode 100644 index 000000000..5486fdf09 --- /dev/null +++ b/nibbler-hosts.ini @@ -0,0 +1,37 @@ +[jumphost] +portal ansible_host=10.0.42.3 + +[nfs-server] +nb-nfs ansible_host=10.0.42.16 + +[slurm-management] +nb-sai ansible_host=10.0.42.12 + +[sys-admin-interface] +nb-sai ansible_host=10.0.42.12 + +[user-interface] +nibbler ansible_host=10.0.42.15 + +[deploy-admin-interface] +nb-dai ansible_host=10.0.42.10 + +[administration:children] +sys-admin-interface +deploy-admin-interface +user-interface +nfs-server + +[compute-vm] +nb-vcompute0 ansible_host=10.0.42.14 +nb-vcompute1 ansible_host=10.0.42.11 +nb-vcompute2 ansible_host=10.0.42.17 +nb-vcompute3 ansible_host=10.0.42.18 + +[cluster:children] +compute-vm +administration + +[nibbler-cluster:children] +cluster +jumphost diff --git a/roles/admin-users/tasks/main.yml b/roles/admin-users/tasks/main.yml new file mode 100644 index 000000000..5bead4985 --- /dev/null +++ b/roles/admin-users/tasks/main.yml @@ -0,0 +1,52 @@ +# Create local admin groups & users and allow admin group to use sudo on all hosts. +--- +- name: Set selinux in permissive mode + selinux: + policy: targeted + state: permissive + become: true +- name: Create admin groups for local admin users. + group: + name: "{{ item }}" + gid: "{{ auth_groups[item].gid }}" + state: present + with_items: "{{ local_admin_groups }}" + become: true +- name: 'Allow passwordless sudo for local admin users.' + lineinfile: dest=/etc/sudoers line="%admin ALL=(ALL:ALL) NOPASSWD:ALL" + become: true +- name: "Create private groups for user's home dirs." + group: + name: "{{ item }}" # Use same name as user's account name for user's private group. + gid: "{{ auth_users[item].uid }}" # Use same GID as user's UID for user's private group. + state: present + with_items: "{{ local_admin_users }}" + become: true +- name: 'Create /admin root dir for the home dirs of local admin users.' + file: + path: '/admin' + owner: 'root' + group: 'root' + mode: 0755 + state: 'directory' + become: true +- name: Create local admin users and append them to relevant groups. + user: + name: "{{ item }}" + uid: "{{ auth_users[item].uid }}" + comment: "{{ auth_users[item].comment }}" + group: 'admin' + groups: "{{ local_admin_groups }}" + home: "/admin/{{ item }}" + append: no + with_items: "{{ local_admin_users }}" + become: true +- name: 'Deploy authorized keys for admins.' + authorized_key: + user: "{{ item }}" + key: "{{ auth_users[item].pub_keys }}" + state: present + exclusive: yes + with_items: "{{ local_admin_users }}" + become: true +... diff --git a/roles/build-environment/tasks/dai-build-dependencies.yml b/roles/build-environment/tasks/dai-build-dependencies.yml new file mode 100644 index 000000000..6cc498be0 --- /dev/null +++ b/roles/build-environment/tasks/dai-build-dependencies.yml @@ -0,0 +1,51 @@ +--- +- name: Install extra build depedencies for Deploy Admin Interfaces (DAIs). + yum: + state: latest + update_cache: yes + name: + # + # Slurm dependencies. + # + - 'readline-devel' + - 'pkgconfig' + - 'perl-ExtUtils-MakeMaker' + - 'perl' + - 'pam-devel' + - 'openssl-devel' + - 'numactl-devel' + - 'nss-softokn-freebl' + - 'ncurses-devel' + - 'mysql-devel' + - 'munge-libs' + - 'munge-devel' + - 'mariadb-devel' + - 'man2html' + - 'lua-devel' + - 'hwloc-devel' + - 'hdf5-devel' + - 'blcr-devel' + - 'blcr' + # + # Ansible dependencies. + # + - 'python-devel' # Previously python2-devel + - 'python-nose' + - 'python-coverage' + - 'python-mock' + - 'python-boto3' + - 'python-botocore' + - 'python-ldap' + - 'python-passlib' + - 'python2-sphinx-theme-alabaster' + - 'pytest' + # + # Lua, Lmod, EasyBuild dependencies. + # + - 'mlnx-ofa_kernel-devel' # Previously rdma-core-devel + - 'libxml2-devel' + - 'libXext-devel' + - 'libX11-devel' + - 'python-pep8' + become: true +... \ No newline at end of file diff --git a/roles/build-environment/tasks/generic-build-dependencies.yml b/roles/build-environment/tasks/generic-build-dependencies.yml new file mode 100644 index 000000000..d719382a9 --- /dev/null +++ b/roles/build-environment/tasks/generic-build-dependencies.yml @@ -0,0 +1,16 @@ +--- +- name: Install generic build depedencies. + yum: + state: latest + update_cache: yes + name: + - "@development" + - 'glibc-common' + - 'glibc-devel' + - 'glibc-headers' + - 'gnutls-devel' + - 'kernel-devel' + - 'libselinux-devel' + - 'openssl-devel' + become: true +... \ No newline at end of file diff --git a/roles/build-environment/tasks/main.yml b/roles/build-environment/tasks/main.yml new file mode 100644 index 000000000..02d3c3133 --- /dev/null +++ b/roles/build-environment/tasks/main.yml @@ -0,0 +1,13 @@ +# +# Deploy a basic/generic build environment on both +# * User Interface: to allow regular users to compile extra stuff in their home or in a tmp group dir. +# * Deploy Admin Interface: to allow deploy admins to compile and deploy apps using EasyBuild. +# The DAI requires additional packages for compiling Slurm, Lmod, Lua, Ansible, etc., +# which users won't need. +# +--- +- import_tasks: generic-build-dependencies.yml + when: inventory_hostname in groups['user-interface'] or inventory_hostname in groups['deploy-admin-interface'] +- import_tasks: dai-build-dependencies.yml + when: inventory_hostname in groups['deploy-admin-interface'] +... \ No newline at end of file diff --git a/roles/cluster/tasks/build_lustre_client.yml b/roles/cluster/tasks/build_lustre_client.yml index c4be4f313..7dda01262 100644 --- a/roles/cluster/tasks/build_lustre_client.yml +++ b/roles/cluster/tasks/build_lustre_client.yml @@ -6,4 +6,4 @@ dest: /tmp/lustre-client-dkms-2.11.0-1.el7.src.rpm - name: build the lustre client. - cmd: rpmbuild --rebuild --without servers /tmp/lustre-client-dkms-2.11.0-1.el7.src.rpm + command: rpmbuild --rebuild --without servers /tmp/lustre-client-dkms-2.11.0-1.el7.src.rpm diff --git a/roles/cluster/tasks/main.yml b/roles/cluster/tasks/main.yml index 6bc45be78..46af6253d 100644 --- a/roles/cluster/tasks/main.yml +++ b/roles/cluster/tasks/main.yml @@ -1,14 +1,20 @@ --- -- name: Set /etc/hosts - template: - src: templates/{{ slurm_cluster_name }}_hosts - dest: /etc/hosts - mode: 0644 - owner: root - group: root - backup: yes - become: true - tags: ['etc_hosts'] +- name: Check if rsync >= 3.1.2 is installed on the control host. + shell: | + rsync --version 2>&1 | head -n 1 | sed 's|^rsync *version *\([0-9\.]*\).*$|\1|' | tr -d '\n' + args: + warn: no + changed_when: false + failed_when: false + check_mode: no + register: rsync_version + +- name: Abort when modern rsync >= 3.1.2 is missing on control host. + debug: + msg: "FATAL: Need rsync >= 3.1.2 on {{ inventory_hostname }}, but detected {{ rsync_version.stdout }}." + when: 'rsync_version is failed or (rsync_version.stdout is version_compare("3.1.2", operator="<"))' + failed_when: 'rsync_version is failed or (rsync_version.stdout is version_compare("3.1.2", operator="<"))' + delegate_to: localhost - name: Add custom config files to /etc/skel/. synchronize: @@ -65,46 +71,31 @@ state: latest update_cache: yes name: + - bc - bzip2 - curl + - dos2unix - figlet - git - git-core + - gnutls - lsof - nano - ncdu - ncurses-static + - openssl - readline-static - screen - tcl-devel - telnet - tmux - tree + - unzip - vim - wget + - fuse + - fuse-libs tags: - software become: true - -- name: Deploy sshd config. - template: - src: templates/sshd_config - dest: /etc/ssh/sshd_config - validate: '/usr/sbin/sshd -T -f %s' - notify: restart_sshd - become: true - -- name: Check if /etc/ssh/moduli contains weak (small) values. - shell: awk '$5 < {{ sshd_moduli_minimum }}' /etc/ssh/moduli - register: sshd_register_moduli - changed_when: false - check_mode: no - -- name: Remove weak (small) values from /etc/ssh/moduli. - shell: awk '$5 >= {{ sshd_moduli_minimum }}' /etc/ssh/moduli > /etc/ssh/moduli.new ; - [ -r /etc/ssh/moduli.new -a -s /etc/ssh/moduli.new ] && mv /etc/ssh/moduli.new /etc/ssh/moduli || true - when: sshd_register_moduli.stdout - notify: restart_sshd - become: true - ... diff --git a/roles/cluster/templates/fender_hosts b/roles/cluster/templates/fender_hosts deleted file mode 100644 index 8c7871858..000000000 --- a/roles/cluster/templates/fender_hosts +++ /dev/null @@ -1,49 +0,0 @@ -# -## -### /etc/hosts file for Solve-RD research clusters. -## -# - -# -# localhost -# -127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 -::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 - -# -# Jumphost servers. -# -192.168.0.8 corridor - -# -# Admin / Management machines. -# DAI = Deploy Admin Interface -# SAI = Sys Admin Interface -# -192.168.0.22 fd-sai -192.168.0.21 fd-dai - -# -# Cluster User Interfaces (UIs). -# -192.168.0.16 fender - -# -# Shared network storage servers. -# - -# -# Cluster nodes. -# -192.168.0.13 fd-vcompute01 -192.168.0.11 fd-vcompute02 -192.168.0.5 fd-vcompute03 -192.168.0.24 fd-vcompute04 -192.168.0.9 fd-vcompute05 -192.168.0.14 fd-vcompute06 -192.168.0.28 fd-vcompute07 -192.168.0.20 fd-vcompute08 -192.168.0.25 fd-vcompute09 -192.168.0.26 fd-vcompute10 -192.168.0.15 fd-vcompute11 -192.168.0.19 fd-vcompute12 diff --git a/roles/cluster/templates/nibbler_hosts b/roles/cluster/templates/nibbler_hosts new file mode 100644 index 000000000..32bd950c5 --- /dev/null +++ b/roles/cluster/templates/nibbler_hosts @@ -0,0 +1,43 @@ +# +## +### /etc/hosts file for virtual research clusters. +## +# + +# +# localhost +# +127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 +::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 + +# +# Jumphost servers. +# +10.0.42.3 portal + +# +# Admin / Management machines. +# DAI = Deploy Admin Interface +# SAI = Sys Admin Interface +# NFS = NFS server +# +10.0.42.12 nb-sai +10.0.42.10 nb-dai +10.0.42.16 nb-nfs + +# +# Cluster User Interfaces (UIs). +# +10.0.42.15 nibbler + +# +# Shared network storage servers. +# + +# +# Cluster nodes. +# +10.0.42.14 nb-vcompute0 +10.0.42.11 nb-vcompute1 +10.0.42.17 nb-vcompute2 +10.0.42.18 nb-vcompute3 diff --git a/roles/datahandling/handlers/main.yml b/roles/datahandling/handlers/main.yml new file mode 100644 index 000000000..37a22e4b2 --- /dev/null +++ b/roles/datahandling/handlers/main.yml @@ -0,0 +1,13 @@ +--- + +- name: generate grub config + command: 'grub2-mkconfig -o /boot/grub2/grub.cfg' + become: true + notify: reboot + listen: grub2-mkconfig + +- name: reboot the machine in desired kernel + reboot: + become: true + listen: reboot +... diff --git a/roles/datahandling/tasks/main.yml b/roles/datahandling/tasks/main.yml index e60e66f3f..c5d6323b9 100644 --- a/roles/datahandling/tasks/main.yml +++ b/roles/datahandling/tasks/main.yml @@ -1,7 +1,17 @@ --- +- name: Set to boot 3.10.0-957.1.3.el7.x86_64 kernel + lineinfile: + path: /etc/default/grub + regexp: '^GRUB_DEFAULT=' + line: 'GRUB_DEFAULT=2' + become: true + notify: grub2-mkconfig + +- meta: flush_handlers + - name: install lustre client yum: - name: lustre-client-2.10.4-1.el7.x86_64 + name: lustre-client-2.10.8-1.el7.x86_64 state: present update_cache: yes become: true @@ -46,6 +56,7 @@ state: present - name: mount all mountpoints in fstab - command: mount -a + # Mount -a does not change anything if nothing needs changing. + command: mount -a # noqa 301 args: warn: false diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml index b367d401a..534581e8f 100644 --- a/roles/docker/tasks/main.yml +++ b/roles/docker/tasks/main.yml @@ -6,6 +6,10 @@ - python2-pip state: latest update_cache: yes -- name: Install docker-py + become: true + +- name: Install docker-py. pip: name: docker + become: true +... \ No newline at end of file diff --git a/roles/fuse-layer/tasks/main.yml b/roles/fuse-layer/tasks/main.yml new file mode 100644 index 000000000..b3061ed84 --- /dev/null +++ b/roles/fuse-layer/tasks/main.yml @@ -0,0 +1,53 @@ +--- +- file: + path: /usr/local/fuse-layer + state: directory + mode: 0755 + become: true + +- name: Install service files. + template: + src: templates/fuse-layer.service + dest: /etc/systemd/system/fuse-layer.service + mode: 644 + owner: root + group: root + tags: + - service-files + become: true + +- name: Install fuse files. + template: + src: templates/fuse.sh + dest: /usr/local/fuse-layer/fuse.sh + mode: 644 + owner: root + group: root + become: true + +- name: Install config.ini files. + template: + src: templates/config.ini + dest: /usr/local/fuse-layer/config.ini + mode: 644 + owner: root + group: root + become: true + +- name: install service files + command: systemctl daemon-reload + become: true + +- name: enable service at boot + systemd: + name: fuse-layer + enabled: yes + become: true + +- name: make sure servcies are started. + systemd: + name: fuse-layer.service + state: restarted + tags: + - start-service + become: true diff --git a/roles/fuse-layer/templates/config.ini b/roles/fuse-layer/templates/config.ini new file mode 100644 index 000000000..4c4efd25a --- /dev/null +++ b/roles/fuse-layer/templates/config.ini @@ -0,0 +1,3 @@ +userId:{{ fuse_userId }} +userSecret:{{ fuse_userSecret }} +userGrant:password diff --git a/roles/fuse-layer/templates/fuse-layer.service b/roles/fuse-layer/templates/fuse-layer.service new file mode 100644 index 000000000..dc77507d1 --- /dev/null +++ b/roles/fuse-layer/templates/fuse-layer.service @@ -0,0 +1,10 @@ +[Unit] +Description=EGA Fuse Layer + +[Service] +TimeoutStartSec=0 +Restart=always +ExecStart=/bin/bash /usr/local/fuse-layer/fuse.sh + +[Install] +WantedBy=multi-user.target diff --git a/roles/fuse-layer/templates/fuse.sh b/roles/fuse-layer/templates/fuse.sh new file mode 100644 index 000000000..a240e15fc --- /dev/null +++ b/roles/fuse-layer/templates/fuse.sh @@ -0,0 +1,8 @@ +source "/apps/modules//modules.bashrc" +module load Java/8-LTS + +java -Xmx2g -jar /usr/local/fuse-layer/ega-fuse-1.0-SNAPSHOT.jar \ +-f /usr/local/fuse-layer/config.ini \ +-m "{{ fuse_mountpoint }}" \ +-u "{{ fuse_user }}" \ +-p "{{ fuse_password }}" diff --git a/roles/interfaces/defaults/main.yml b/roles/interfaces/defaults/main.yml new file mode 100644 index 000000000..a27cd4496 --- /dev/null +++ b/roles/interfaces/defaults/main.yml @@ -0,0 +1,10 @@ +--- +# device defaults +network_onboot: 'yes' +network_device_type: 'Ethernet' +default_yes: 'yes' +default_no: 'no' +persistent_dhclient: 1 +network_device_file_prefix: 'ifcfg-' +netmask: '255.255.255.0' +default_ip: '0.0.0.0' diff --git a/roles/interfaces/handlers/main.yml b/roles/interfaces/handlers/main.yml new file mode 100644 index 000000000..e692ae383 --- /dev/null +++ b/roles/interfaces/handlers/main.yml @@ -0,0 +1,6 @@ +- name: restart_ifaces + systemd: + name: 'network.service' + state: restarted + become: true + listen: restart_ifaces diff --git a/roles/interfaces/tasks/main.yml b/roles/interfaces/tasks/main.yml new file mode 100644 index 000000000..2865342c6 --- /dev/null +++ b/roles/interfaces/tasks/main.yml @@ -0,0 +1,18 @@ +--- +- name: template network devices' files + template: + src: "interface_template.j2" + dest: "/etc/sysconfig/network-scripts/{{network_device_file_prefix}}{{ item.device }}" + mode: 0644 + become: true + with_items: "{{ interfaces }}" + when: interfaces is defined + register: changed_devices + notify: restart_ifaces + +- name: enable service at boot + systemd: + name: network.service + enabled: yes + state: started + become: true diff --git a/roles/interfaces/templates/interface_template.j2 b/roles/interfaces/templates/interface_template.j2 new file mode 100644 index 000000000..240e6a9ed --- /dev/null +++ b/roles/interfaces/templates/interface_template.j2 @@ -0,0 +1,21 @@ +DEVICE="{{ item.device }}" +{% if (item.bootproto is undefined) or (item.bootproto == 'dhcp') %} +BOOTPROTO="dhcp" +{% endif %} +{% if (item.bootproto is defined) and (item.bootproto == 'static' or item.bootproto == 'none') %} +BOOTPROTO="{{ item.bootproto }}" +IPADDR="{{ item.ipaddr|default(default_ip) }}" +NETMASK="{{ item.netmask|default(netmask) }}" +GATEWAY="{{ item.gateway|default(default_ip) }}" +{% endif %} +ONBOOT="{{ item.onboot|default(network_onboot) }}" +{# device type #} +{% if item.type is not defined %} +TYPE="{{ item.type|default(network_device_type) }}" +{% elif (item.type is defined) and (item.type|lower == 'static') %} +TYPE="static" +{% endif %} +USERCTL="{{ item.userctl|default(default_yes) }}" +PEERDNS="{{ item.peerdns|default(default_yes) }}" +IPV6INIT="{{ item.ipv6init|default(default_no) }}" +PERSISTENT_DHCLIENT="{{ item.persistent_dhclient|default(persistent_dhclient) }}" diff --git a/roles/ldap/files/ssh-ldap-wrapper b/roles/ldap/files/ssh-ldap-wrapper deleted file mode 100755 index 84fa93245..000000000 --- a/roles/ldap/files/ssh-ldap-wrapper +++ /dev/null @@ -1,40 +0,0 @@ -#!/bin/bash - -# -# Custom ssh-ldap-wrapper script. -# * Fetches public keys from LDAP using default ssh-ldap-helper and -# * Filters the public keys by dropping unsupported key types or short key sizes considered weak. -# We accept fixed size ed25519 keys and >= 4096 bits rsa keys. -# -declare user="${1}" -declare regex='^([0-9][0-9]*) .* \((.*)\)$' -declare ssh_ldap_helper='/usr/libexec/openssh/ssh-ldap-helper' -declare ssh_keygen='/usr/bin/ssh-keygen' -declare rsa_key_size='4096' -declare -a authorized_keys=() - -while read -r public_keys_line; do - test -z "${public_keys_line:-}" && continue - declare fingerprint="$("${ssh_keygen}" -l -f /dev/stdin <<< "${public_keys_line}")" - if [[ "${fingerprint}" =~ ${regex} ]]; then - declare key_size="${BASH_REMATCH[1]}" - declare key_type="${BASH_REMATCH[2]}" - if [[ "${key_type}" == 'ED25519' ]]; then - authorized_keys=("${authorized_keys[@]}" "${public_keys_line}") - elif [[ "${key_type}" == 'RSA' ]]; then - if [[ "${key_size}" -ge ${rsa_key_size} ]]; then - authorized_keys=("${authorized_keys[@]}" "${public_keys_line}") - else - echo "WARN: Skipping key with unsupported key size ${key_size}. "${key_type}" key size must be >= ${rsa_key_size}." 1>&2 - fi - else - echo "WARN: Skipping unsupported key type ${key_type}." 1>&2 - fi - else - echo "ERROR: Failed to parse key fingerprint ${fingerprint:-}." 1>&2 - fi -done < <("${ssh_ldap_helper}" -s "${user}") - -for authorized_key in "${authorized_keys[@]}"; do - printf '%s\n' "${authorized_key}" -done \ No newline at end of file diff --git a/roles/ldap/files/ssh_ldap_wrapper.py b/roles/ldap/files/ssh_ldap_wrapper.py new file mode 100755 index 000000000..a5a54c17a --- /dev/null +++ b/roles/ldap/files/ssh_ldap_wrapper.py @@ -0,0 +1,138 @@ +#!/usr/bin/env python3 +""" +Usage: ssh_ldap_wrapper.py + +Custom ssh-ldap-wrapper script. +Fetches public keys from LDAP using default ssh-ldap-helper and +Filters the public keys by dropping unsupported key types or short key sizes considered weak. +We accept fixed size ed25519 keys and >= 4096 bits rsa keys. + +Admin users will be sourced from local credentials. This ensures the system will be maintainable in case of a lost connection to the ldap. + +Refactored from a original in bash, which became too obfustcated. +""" + +import logging +import os.path +import sshpubkeys +import subprocess +import sys +import yaml + +class UserKeys(object): + """ + Class holding information about a user and her/his keys. + """ + # The gid of the admin group. + + rsa_key_size = 4096 + ssh_ldap_helper = '/usr/libexec/openssh/ssh-ldap-helper' + + def __init__(self, user: str, admin_gid: int): + self.user = user + self.admin_gid = admin_gid + if self.is_admin(): + self.keys = self.local_keys + else: + self.keys = self.ldap_keys + + def is_admin(self): + """ + Returns: + bool: whether the user is an admin. + """ + try: + gid = subprocess.run( + ['id', '-g', self.user], + stdout=subprocess.PIPE, + stderr=subprocess.PIPE, + check=True).stdout + except subprocess.CalledProcessError as err: + logging.error(err) + logging.error(err.stderr) + return False + + return int(gid) == self.admin_gid + + def is_ok(self, key: str): + """ + Args: + key (str): the ssh key to check. + Returns: + bool: is the key ok or not. + """ + if key == '': + return False + + ssh_key = sshpubkeys.SSHKey(key) + try: + ssh_key.parse() + except sshpubkeys.InvalidKeyError as err: + logging.error("Invalid key: {}".format(err)) + return False + except NotImplementedError as err: + logging.error("Invalid key type: {}".format(err)) + return False + if ssh_key.key_type == b'ssh-rsa' and ssh_key.bits < self.rsa_key_size: + logging.error( + "Invalid key: minimum keysize for rsa is {} bits".format( + self.rsa_key_size)) + return False + elif ssh_key.key_type in (b'ssh-ed25519', b'ssh-rsa'): + return True + else: + logging.error("Skipping unsupported key type {}".format( + ssh_key.key_type)) + return False + + @property + def filtered_keys(self): + """ + Return only keys that comply with standards and regulations. + + Returns: + str: list of keys + """ + return '\n'.join(filter(self.is_ok, self.keys.split('\n'))) + + @property + def local_keys(self): + """ + Return the local keys of a user. + Returns: + str: The keys of a user. + """ + homedir = os.path.expanduser('~{}'.format(self.user)) + with open(os.path.join(homedir, '.ssh/authorized_keys')) as keyfile: + return keyfile.read() + + @property + def ldap_keys(self): + """ + Retreive the keys from the standard ldap wrapper. + + Returns: + str: The keys of a user. + """ + try: + result = subprocess.run( + [self.ssh_ldap_helper, '-s', self.user], + stdout=subprocess.PIPE, + stderr=subprocess.PIPE, + check=True) + + except subprocess.CalledProcessError as err: + logging.error(err) + return '' + + return result.stdout.decode('utf-8') + + +if __name__ == '__main__': + # Log messages will go to sys.stderr. + logging.basicConfig(level=logging.INFO) + dirname = os.path.dirname(os.path.abspath(__file__)) + with open(os.path.join(dirname, 'ssh_ldap_wrapper.yml'), 'r') as f: + config = yaml.load(f.read(), Loader=yaml.BaseLoader) + user_keys = UserKeys(sys.argv[1], int(config['admin_gid'])) + print(user_keys.filtered_keys) diff --git a/roles/ldap/handlers/main.yml b/roles/ldap/handlers/main.yml index 955eefa5c..d17a798d7 100644 --- a/roles/ldap/handlers/main.yml +++ b/roles/ldap/handlers/main.yml @@ -8,13 +8,13 @@ service: name: nslcd state: restarted - become: yes + become: true listen: restart_nslcd - name: Restart sshd service. service: name: sshd state: restarted - become: yes + become: true listen: restart_sshd ... diff --git a/roles/ldap/tasks/main.yml b/roles/ldap/tasks/main.yml index 36e66fe24..29e7df5be 100644 --- a/roles/ldap/tasks/main.yml +++ b/roles/ldap/tasks/main.yml @@ -8,9 +8,15 @@ - openldap-clients - nss-pam-ldapd - openssh-ldap + - python36 + - python36-devel + - python36-PyYAML + - openssl-devel + - python36-sshpubkeys notify: - restart_nslcd - restart_sshd + become: true - name: Deploy nslcd.conf template: @@ -21,6 +27,7 @@ mode: '0600' notify: - restart_nslcd + become: true - name: Deploy ldap.conf template: @@ -31,6 +38,7 @@ mode: '0644' notify: - restart_nslcd + become: true - name: Deploy nsswitch.conf copy: @@ -41,21 +49,25 @@ mode: '0644' notify: - restart_nslcd - -- name: Redeploy sshd config. - template: - src: "{{ playbook_dir }}/roles/cluster/templates/sshd_config" - dest: /etc/ssh/sshd_config - validate: '/usr/sbin/sshd -T -f %s' - notify: restart_sshd + become: true - name: Deploy custom ssh-ldap-wrapper. copy: - src: ssh-ldap-wrapper - dest: /usr/libexec/openssh/ssh-ldap-wrapper + src: ssh_ldap_wrapper.py + dest: /usr/libexec/openssh/ssh_ldap_wrapper.py owner: root group: root mode: '0755' + become: true + +- name: Deploy config file for custom ssh-ldap-wrapper. + template: + src: templates/ssh_ldap_wrapper.yml + dest: /usr/libexec/openssh/ssh_ldap_wrapper.yml + owner: root + group: root + mode: '0644' + become: true - name: Enable services. systemd: @@ -66,6 +78,15 @@ - nslcd notify: - restart_nslcd + become: true + +- name: Redeploy sshd config. + template: + src: "{{ playbook_dir }}/roles/sshd/templates/sshd_config" + dest: /etc/ssh/sshd_config + validate: '/usr/sbin/sshd -T -f %s' + notify: restart_sshd + become: true - meta: flush_handlers ... diff --git a/roles/ldap/templates/ssh_ldap_wrapper.yml b/roles/ldap/templates/ssh_ldap_wrapper.yml new file mode 100644 index 000000000..12082f88b --- /dev/null +++ b/roles/ldap/templates/ssh_ldap_wrapper.yml @@ -0,0 +1,2 @@ +--- +admin_gid: "{{ auth_groups['admin'].gid }}" diff --git a/roles/logins/handlers/main.yml b/roles/logins/handlers/main.yml index c694046f4..96426abfc 100644 --- a/roles/logins/handlers/main.yml +++ b/roles/logins/handlers/main.yml @@ -6,7 +6,7 @@ # - name: Run authconfig update. shell: "authconfig --enablemkhomedir --update" - become: yes + become: true listen: authconfig_update # @@ -25,6 +25,6 @@ - dbus - systemd-logind - oddjobd - become: yes + become: true listen: restart_oddjobd ... diff --git a/roles/logins/tasks/main.yml b/roles/logins/tasks/main.yml index 7a810e160..904f65774 100644 --- a/roles/logins/tasks/main.yml +++ b/roles/logins/tasks/main.yml @@ -1,5 +1,18 @@ --- -- name: Install yum dependencies +- name: Create cron job to restart systemd-logind regularly as workaround for known DBus bug. + cron: + # + # Silly workaround for bug in interaction dbus <-> logind + # Need DBus 1.11.10 for a fix, but CentOS 7.6 is stuck on dbus 1.10.24. + # + name: Restart systemd-logind + minute: "/10" + user: root + job: /bin/systemctl restart systemd-logind + cron_file: restart_logind + become: true + +- name: Install yum dependencies. yum: state: latest update_cache: yes diff --git a/roles/lustre-client/tasks/main.yml b/roles/lustre-client/tasks/main.yml new file mode 100644 index 000000000..8d380b298 --- /dev/null +++ b/roles/lustre-client/tasks/main.yml @@ -0,0 +1,24 @@ +--- +- name: Set lustre client source url. + set_fact: + lustre_rpm_url: https://downloads.whamcloud.com/public/lustre/lustre-2.10.4/el7/client/SRPMS + lustre_src_rpm_name: lustre-2.10.4-1.src.rpm + lustre_client_rpm_name: lustre-client-2.10.4-1.el7.x86_64.rpm + +- name: check if the buildserver has already built the client. + stat: + path: /root/rpmbuild/RPMS/x86_64/{{ lustre_client_rpm_name }} + register: remote_file + +- name: build the lustre client. + block: + - name: Fetch the lustre client source + get_url: + url: "{{ lustre_rpm_url }}/{{ lustre_src_rpm_name }}" + dest: /tmp/{{ lustre_src_rpm_name }} + + - name: build the lustre client. + command: rpmbuild --rebuild --without servers /tmp/{{ lustre_src_rpm_name }} + become: true + when: remote_file.stat.exists == false +... \ No newline at end of file diff --git a/roles/mariadb/files/my.cnf b/roles/mariadb/files/my.cnf index 14aa6dacb..b14ee66f0 100644 --- a/roles/mariadb/files/my.cnf +++ b/roles/mariadb/files/my.cnf @@ -27,23 +27,23 @@ sort_buffer_size = 4M bulk_insert_buffer_size = 16M tmp_table_size = 32M max_heap_table_size = 32M -myisam_recover_options = BACKUP +myisam_recover_options = BACKUP key_buffer_size = 128M table_open_cache = 400 myisam_sort_buffer_size = 512M concurrent_insert = 2 read_buffer_size = 2M read_rnd_buffer_size = 1M -query_cache_limit = 128K -query_cache_size = 64M +query_cache_limit = 128K +query_cache_size = 64M slow_query_log_file = /var/log/mysql/mariadb-slow.log long_query_time = 10 expire_logs_days = 10 max_binlog_size = 100M default_storage_engine = InnoDB -innodb_buffer_pool_size = 128M -innodb_log_buffer_size = 8M +innodb_buffer_pool_size = 256M +innodb_log_buffer_size = 16M innodb_file_per_table = 1 innodb_open_files = 400 innodb_io_capacity = 400 diff --git a/roles/mariadb/handlers/main.yml b/roles/mariadb/handlers/main.yml new file mode 100644 index 000000000..cfb0800f4 --- /dev/null +++ b/roles/mariadb/handlers/main.yml @@ -0,0 +1,19 @@ +--- +# +# Important: maintain correct handler order. +# Handlers are executed in the order in which they are defined +# and not in the order in whch they are listed in a "notify: handler_name" statement! +# +# Restart before reload: an reload after a restart may be redundant but should not fail, +# but the other way around may fail when the impact of changes was too large for a reload. +# +# Currently restart only: mysql.service does not support reloads yet :(. +# +- name: Restart MariaDB/MySQL service. + systemd: + name: 'mysql.service' + state: restarted + daemon_reload: yes + become: true + listen: restart_mysql +... \ No newline at end of file diff --git a/roles/mariadb/tasks/main.yml b/roles/mariadb/tasks/main.yml index 03a328c78..eab3ebd8b 100644 --- a/roles/mariadb/tasks/main.yml +++ b/roles/mariadb/tasks/main.yml @@ -1,78 +1,93 @@ -# Install a docker based mariadb. +# Install a docker based MariaDB. --- -- name: make mariadb settings volume +- name: Make MariaDB/MySQL settings volume. file: path: "{{ item }}" state: directory - mode: 0777 + mode: '0777' # This is broken, insecure, oops. + owner: root + group: root with_items: - - /srv/mariadb/lib/mysql - - /srv/mariadb/etc/mysql - - /srv/mariadb/etc/mysql/conf.d + - '/srv/mariadb/lib/mysql' + - '/srv/mariadb/etc/mysql' + - '/srv/mariadb/etc/mysql/conf.d' + notify: + - restart_mysql + become: true -- name: place settings file +- name: Deploy MariaDB/MySQL config file. copy: - src: files/my.cnf - dest: /srv/mariadb/etc/mysql/conf.d/my.cnf - mode: 660 + src: 'files/my.cnf' + dest: '/srv/mariadb/etc/mysql/conf.d/my.cnf' + mode: '0660' + owner: root + group: root + notify: + - restart_mysql + become: true -- name: Set galara.cnf on node if we have at least three nodes. +- name: Deploy MariaDB/MySQL galara.cnf on node if we have at least three nodes. template: src: files/galera.cnf dest: /srv/mariadb/etc/mysql/conf.d/galera.cnf - mode: 660 + mode: '0660' + owner: root + group: root + notify: + - restart_mysql when: "'databases' in group_names and groups['databases'] | length >= 3" + become: true # This mimics galera_new_cluster.sh -- name: Initialize a new cluster. +- name: Initialize a new MariaDB/MySQL cluster. block: - set_fact: mariadb_args: "--wsrep-new-cluster" - - template: - src: templates/mysql.service - dest: /etc/systemd/system/mysql.service - mode: 644 + src: 'templates/mysql.service' + dest: '/etc/systemd/system/mysql.service' + mode: '0644' owner: root group: root - - - command: systemctl daemon-reload - + notify: + - restart_mysql - systemd: name: mysql.service state: started - + enabled: yes + daemon_reload: yes when: "'databases' in group_names and groups['databases'] \ | length >= 3 and ansible_hostname == hostname_node0" + become: true -- name: Install service file. +- name: Install MariaDB/MySQL service file. block: - set_fact: mariadb_args: "" - template: - src: templates/mysql.service - dest: /etc/systemd/system/mysql.service - mode: 644 + src: 'templates/mysql.service' + dest: '/etc/systemd/system/mysql.service' + mode: '0644' owner: root group: root + notify: + - restart_mysql + become: true -- name: Give the master node some time to initialize the cluster. +- name: Give the master node some time to initialize the MariaDB/MySQL cluster. command: bash -c "sleep 60" when: "'databases' in group_names and groups['databases'] \ | length >= 3" -- name: Daemon reload (the inplicit doesn't work) - command: bash -c "systemctl daemon-reload" - -- name: Make sure service is started. +- name: Make sure MariaDB/MySQL service is started. systemd: name: mysql.service state: started + enabled: yes daemon_reload: yes + become: true -- name: Enable service to start at boot. - command: systemctl reenable mysql.service - -- name: Give the cluster some time to initialize replication. +- name: Give the MariaDB/MySQL cluster some time to initialize replication. command: bash -c "sleep 60 && systemctl daemon-reload" when: "'databases' in group_names and groups['databases'] | length >= 3" + become: true diff --git a/roles/mariadb/templates/mysql.service b/roles/mariadb/templates/mysql.service index 10f17cb98..2b6410a8b 100644 --- a/roles/mariadb/templates/mysql.service +++ b/roles/mariadb/templates/mysql.service @@ -6,8 +6,7 @@ Requires=docker.service [Service] TimeoutStartSec=0 Restart=always -ExecStartPre=-/usr/bin/docker kill %n || /bin/true -ExecStartPre=-/usr/bin/docker rm %n +ExecStartPre=/bin/bash -c "/usr/bin/docker rm -f %n || true" ExecStartPre=/usr/bin/docker pull mariadb:10.2 ExecStart=/usr/bin/docker run --name %n \ --network host \ diff --git a/roles/nfs_home_client/tasks/main.yml b/roles/nfs_home_client/tasks/main.yml index cb8fa5a89..df3e3f048 100644 --- a/roles/nfs_home_client/tasks/main.yml +++ b/roles/nfs_home_client/tasks/main.yml @@ -2,8 +2,11 @@ - name: install nfs utils yum: name: nfs-utils + become: true - name: Add fstab entry lineinfile: path: /etc/exports line: /home {{ nfs_server_ip | default(hostvars[groups['user-interface'][0]]['ansible_default_ipv4']['address']) }}:/home /home nfs rw 0 0 + become: true +... \ No newline at end of file diff --git a/roles/nfs_home_server/defaults/main.yml b/roles/nfs_home_server/defaults/main.yml new file mode 100644 index 000000000..6d341dc60 --- /dev/null +++ b/roles/nfs_home_server/defaults/main.yml @@ -0,0 +1,4 @@ +--- +nfs_network_range: "172.23.40.92/22" +nfs_mountpoint: "/home" +... diff --git a/roles/nfs_home_server/tasks/main.yml b/roles/nfs_home_server/tasks/main.yml index 0dc7dee9b..233a4f697 100644 --- a/roles/nfs_home_server/tasks/main.yml +++ b/roles/nfs_home_server/tasks/main.yml @@ -1,10 +1,31 @@ --- +- import_tasks: mount.yml + - name: 'Install NFS utils.' yum: name: nfs-utils + become: true + +- name: 'Enable nfs service' + systemd: + name: nfs + enabled: yes + become: true - name: 'Add share entry to NFS exports.' lineinfile: path: /etc/exports - line: /home {{network_range}}(rw,sync,no_root_squash,no_subtree_check) -... + line: "{{nfs_mountpoint}} {{nfs_network_range}}(rw,sync,no_root_squash,no_subtree_check)" + register: etc_exports + become: true + +- name: 'Activate exports' + command: 'exportfs -a' + when: etc_exports.changed + +- name: 'Make sure nfs service is started' + systemd: + state: started + name: nfs + become: true +... \ No newline at end of file diff --git a/roles/nfs_home_server/tasks/mount.yml b/roles/nfs_home_server/tasks/mount.yml new file mode 100644 index 000000000..e3fa79ec7 --- /dev/null +++ b/roles/nfs_home_server/tasks/mount.yml @@ -0,0 +1,40 @@ +--- +- name: Make mount point for the cinder volume. + file: + path: "{{nfs_mountpoint}}" + mode: 0755 + state: directory + owner: root + group: root + become: true + +- name: Check the local mount point. + command: mountpoint "{{nfs_mountpoint}}" + register: mount_local + failed_when: false + +- name: Create an ext4 filesystem on /dev/vdb. + filesystem: + fstype: ext4 + dev: /dev/vdb + when: + mount_local.rc == 1 + become: true + +- name: Mount the volume. + mount: + path: "{{nfs_mountpoint}}" + src: /dev/vdb + fstype: ext4 + opts: rw,relatime + state: present + become: true + +- name: Mount all mountpoints from fstab. + command: mount -a + args: + warn: false + when: + mount_local.rc == 1 + become: true +... diff --git a/roles/nfs_home_server/vars/main.yml b/roles/nfs_home_server/vars/main.yml deleted file mode 100644 index 76d495d8c..000000000 --- a/roles/nfs_home_server/vars/main.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- -network_range: "172.23.40.92/22" - diff --git a/roles/node_exporter/tasks/main.yml b/roles/node_exporter/tasks/main.yml index 3c55d7868..345e6f50b 100644 --- a/roles/node_exporter/tasks/main.yml +++ b/roles/node_exporter/tasks/main.yml @@ -3,12 +3,14 @@ path: /usr/local/prometheus state: directory mode: 0755 + become: true - name: Install node exporter copy: src: "{{ playbook_dir }}/promtools/results/node_exporter" dest: /usr/local/prometheus/node_exporter mode: 0755 + become: true - name: Install service files. template: @@ -19,14 +21,17 @@ group: root tags: - service-files + become: true - name: install service files command: systemctl daemon-reload + become: true - name: enable service at boot systemd: name: node-exporter enabled: yes + become: true - name: make sure servcies are started. systemd: @@ -34,3 +39,4 @@ state: restarted tags: - start-service + become: true \ No newline at end of file diff --git a/roles/online_docs/files/index/index.php b/roles/online_docs/files/index/index.php new file mode 100644 index 000000000..a9aca6bc7 --- /dev/null +++ b/roles/online_docs/files/index/index.php @@ -0,0 +1,137 @@ + + + + + + Documentation Library + + +

Documentation Library

+

Infrastructure documented on this server:

+
+ +
+ + + + ,,,,,,,,,, + ,,,,,,,,,,,,,,,, .,,,,,, + ,,,,,,,,,,,,,,,,,,,, ,,,,,,,,,,,,,,, + ,,,,,,,,,,,,,,,,,,,,,,, ,,,,,,,,,,,,,,,,,,, + ,,,,,,,,,,,,,,,,,,,,,,,,,, ,,,,,,,,,,,,,,,,,,,,,,. + ,,,,,,,,,,,,,,,. ,,.,,,,,,,********,,, ,,,,,,,,,,,,,,,,,,,, + ,,,,,,,,,,,, ,,,,,,,,,,,,,,.*****. ,,,,,,,,,,.,,,,,,,,,,,,,,, + ,,,,,,,,. ,,,,,,,,,,,,,,,,,,, ****,,,,,,,,,,,,,,, ,,,,,,,,,,,, + ,,,,,, ,,,,,,,,,,,,,,,,,,,,,,,*** ,,,,,,,,,,,,,,,,,, .,,,,,,,,, + ,,,,,,,,,,,,,,,,%%%%%%%,,,,,,, ***,,,,,,,,,%%%#,,,,,,,,, ,,,,,,,. + ,,,,,,,,,,,,,,,,%%%%%%%%/,,,,,,,**, ,,,,,,%%%%%%%#,,,,,,,,,,,,,,,, + ****,,,,,,,,,,,,,,,(%%%%%%%,,,,,,, ***,,,,,,*%%%%%%%%,,,,,,,,,,,,,,,, + *****,,,,,,,,,,,,,,,,,#%%%*,,,,,,,,**** ,,,,,,%%%%%%%*,,,,,,,,,,,,,,,, + .***** ,,,,,,,,,,,,,,,,,,,,,,,,,,,, ****,,,,,,,,,,**,,,,,,,,,,,,,,,,,,,* + .******,,,,,,,,,,,,,,,,,,,,,,,,,,,****** .,,,,,,,,,,,,,,,,,,,,,,,,,,,,*** + ***** ,,,,,,,,,,,,,,,,,,,,,,,,, *******,,,,,,,,,,,,,,,,,,,,,,,,,,,, **** + ***** ,,,,,,,,,,,,,,,,,,,,,,********** ,,,,,,,,,,,,,,,,,,,,,,,,,,***** + ****,,,,,,,,,,,,,,,,,,, ************ ,,,,,,,,,,,,,,,,,,,,,,,,***** + *****,*.,,,,,,,,,,, ,****************,,,,,,,,,,,,,,,,,,,. ***** + ***********,************************** ,,,,,,,,,,,,,. **** + .************** *************************** ,, .******* + .**************************************************** + ************ **************** ***************** + ************ *********** ***************** + ***********. ,* **************** + **************************** + ***************************** / + ***************************** *///// + * ***************************** */////////.((((. + ./////* *************************** .////////,//((((((( + (/ *//////////. **. **********************/////// /((((((((((( + (((((( /*///////// ******* .**********,*****./////.((((((((((((((( + ((((((((((((( //////// ***************,****** ,///*/(((((((((((((((((* .**** ,*, + ***** *((((((((((((. /////// ******************** /////(((((((((((((((((((( ,********************* + ,********* (((((((((((((((.///////******************/////(((((((((((((((..******. ,*************, ********** + ***********/((((((((((((((((((( /////* ***********, //* (((((((((((((((((*********** ,*************************** + ********** ((((((((((((((((((((((( /////*.******* //**((((((((((((((((((( *********** .******************** ************ + *************. ((((((((((((((((((((((( ,////*****////((((((((((((((((((((/************* ********* ,*************,********* ****. + ***************(((((((((((((((((((((((((/ *// * // *((((((((((((((((((((*************** **************************.**************** + *************** (((((((((((((((((((((((((((///////((((((((((((((((((((. *************** ***************.***********,******** ********. + **************/(((((((((((((((((((((((((((./((((,*((((((((((((((((((((**************** .****************..*********,****************** + ,*********** (((((((((((((((((((((((((((((((((((((((((((((((((((((((( *************. .************************** ******* ************ + ****** (((((((((((((((((((((((((((((( ((((( (((((((((((((((((((((((********** ***** ************** .************ *************, + (((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((/((* .**********. ****************** *************** + ((((((((((((((((((((((((((((((((((/ ((((( ((((((((((((((((((((((((((((((/ ***************.********** ***********. + /(((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((( *************************** ,**** + *(((((((((((((((((((((((((((((((((/.((((( ((((((((((((((((((((((((((((((( ******************* ******* + .(((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((( *********************************** + (((((((((((((((((((((((((((((((((/ ((((( (((((((((((((((((((((((((((((((, ******************************* ***, + (((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((***************. *****************. + ((((((((((((((((((((((((((((( (((((./(((((((((((((((((((((((((((((*(*****************.*************** + /(((((((((((((((((((((((((((((((((((((((((((((((((((((((/ .************************************* + .((((((((((((((((((( (((((( ((((((((((((((((((((/.******. *******************,.************ + (((((((((((((((((((((((((((((((((((((/.********************************************** + ,((((((((((( (((((/.(((((((((( *******************,.***************** *********, + ****(((((((((((((((((((((/ ****, ******************.************************. + .********((( (((((.*((//***************************.********************. + **********/ (((((((/***********,.*****************,.***************, + .***********/,*(************************************************** + .***************************, ****************** ************** + ,******************************************************** + ******************** ****************** ************ + ************************************************, + ***************,******************* .. + *********, ******************* + *********** + + + + + \ No newline at end of file diff --git a/roles/online_docs/files/index/sitemap.php b/roles/online_docs/files/index/sitemap.php new file mode 100644 index 000000000..cc6b97c0f --- /dev/null +++ b/roles/online_docs/files/index/sitemap.php @@ -0,0 +1,47 @@ +]*>(.+)'i", $content, $matches)) { + $title=$matches[1]; + } elseif(preg_match("']*>(.+)'i", $content, $matches)) { + $title=$matches[1]; + } else { + $title='Site without a Title.'; + } + #$relativeUrl = rawurlencode(str_replace($root . '/', '', $indexFile)); + $relativeUrl = implode("/", array_map("rawurlencode", explode("/", str_replace($root . '/', '', $indexFile)))); + array_push($sites, array( + 'relUrl' => $relativeUrl, + 'title' => $title + )); + } + return($sites); +} + +// +// Main. +// +ob_start(); +echo '' . "\n"; +ob_end_flush(); + +?> diff --git a/roles/online_docs/handlers/main.yml b/roles/online_docs/handlers/main.yml index c835f9d6c..e6b70d1aa 100644 --- a/roles/online_docs/handlers/main.yml +++ b/roles/online_docs/handlers/main.yml @@ -10,16 +10,17 @@ state: restarted with_items: - httpd - become: yes + become: true listen: restart_httpd - name: (Re)build webpages. shell: | cd /srv/mkdocs/{{ slurm_cluster_name }}/ umask 0022 - export LC_ALL=en_US.utf8 - export LANG=en_US.utf8 + export LC_ALL='en_US.utf8' + export LANG='en_US.utf8' + export PATH="${PATH}:/usr/local/bin/" mkdocs build - become: yes + become: true listen: build_mkdocs ... \ No newline at end of file diff --git a/roles/online_docs/tasks/main.yml b/roles/online_docs/tasks/main.yml index 65b1b742c..3af69a6fb 100644 --- a/roles/online_docs/tasks/main.yml +++ b/roles/online_docs/tasks/main.yml @@ -2,7 +2,7 @@ # Install webserver and deploy cluster specific documentation on that web server. # --- -- name: Check if rsync >= 3.1.2 is installed on the control host. +- name: 'Check if rsync >= 3.1.2 is installed on the control host.' shell: | rsync --version 2>&1 | head -n 1 | sed 's|^rsync *version *\([0-9\.]*\).*$|\1|' | tr -d '\n' args: @@ -12,7 +12,7 @@ check_mode: no register: rsync_version delegate_to: localhost -- name: Abort when modern rsync >= 3.1.2 is missing on control host. +- name: 'Abort when modern rsync >= 3.1.2 is missing on control host.' debug: msg: "FATAL: Need rsync >= 3.1.2 on the control host, but detected {{ rsync_version.stdout }}." when: 'rsync_version is failed or (rsync_version.stdout is version_compare("3.1.2", operator="<"))' @@ -47,7 +47,7 @@ check_mode: no register: slurm_version -- name: Get Lmod version from UI. +- name: 'Get Lmod version from UI.' # # Example output: # Modules based on Lua: Version 6.5.8 2016-09-03 13:41 -05:00 (CDT) @@ -68,7 +68,7 @@ check_mode: no register: lmod_version -- name: Install libselinux-python +- name: 'Install libselinux-python.' yum: state: latest update_cache: yes @@ -77,13 +77,13 @@ when: ansible_facts['os_family'] == "RedHat" and ansible_facts['distribution_major_version'] == "6" become: true -- name: Set selinux in permissive mode +- name: 'Set selinux in permissive mode.' selinux: policy: targeted state: permissive become: true -- name: Install EPEL repo and rsync. +- name: 'Install EPEL repo and rsync.' yum: state: latest update_cache: yes @@ -92,17 +92,18 @@ - rsync become: true -- name: Install webserver. +- name: 'Install webserver and php.' yum: state: latest update_cache: yes name: + - php - httpd notify: - restart_httpd become: true -- name: Enable webserver. +- name: 'Enable webserver.' service: name: "{{ item }}" enabled: yes @@ -111,37 +112,15 @@ - httpd become: true -- name: Install Python 3 for CentOS 6. - yum: - state: latest - update_cache: yes - name: - - python34 - - python34-setuptools - when: ansible_facts['os_family'] == "RedHat" and ansible_facts['distribution_major_version'] == "6" - become: true - -- name: Download get-pip.py for CentOS 6. - get_url: - url: https://bootstrap.pypa.io/get-pip.py - dest: /root/get-pip.py - mode: 0744 - when: ansible_facts['os_family'] == "RedHat" and ansible_facts['distribution_major_version'] == "6" - become: true - -- name: Execute get-pip.py for Python 3 on CentOS 6. - shell: | - python3 /root/get-pip.py --no-setuptools --no-wheel +- name: 'Install MkDocs on RedHat 6.x.' + import_tasks: mkdocs-for-redhat6.yml when: ansible_facts['os_family'] == "RedHat" and ansible_facts['distribution_major_version'] == "6" - become: true -- name: Install MkDocs and deps using pip. - shell: | - python3 -m pip install mkdocs - when: ansible_facts['os_family'] == "RedHat" and ansible_facts['distribution_major_version'] == "6" - become: true +- name: 'Install MkDocs on RedHat 7.x.' + import_tasks: mkdocs-for-redhat7.yml + when: ansible_facts['os_family'] == "RedHat" and ansible_facts['distribution_major_version'] == "7" -- name: Create base directories for MarkDown and HTML files on webserver. +- name: 'Create base directories for MarkDown and HTML files on webserver.' file: path: "{{ item }}" state: directory @@ -153,7 +132,38 @@ - "/var/www/html/{{ slurm_cluster_name }}/" become: true -- name: Create sub directory structure for MarkDown files on webserver. +- name: 'Create static files for MarkDown on webserver.' + synchronize: + src: "{{ playbook_dir }}/roles/online_docs/files/index//./{{ item.src }}" + dest: "/var/www/html/" + owner: 'no' + group: 'no' + use_ssh_args: 'yes' + rsync_opts: + # --omit-dir-times Is required to prevent "sync error: some files/attrs were not transferred" + # for file systems like NFS mounts that cannot handle setting dir times properly. + # --chmod Is required to prevent errors when the perms on the source are not what is required/expected on the destination. + # Fixing perms on the source would be good, but that may be out of our control. + # In that case --chmod ensures we get what we want on the destination. + # Works only when combined with --perms. + # --force Is required when symlinks have changed into dirs/files or vice versa. + # In that case the wrong outdated stuff has to be deleted on the destination first before the new stuff can be created. + # Deleting the outdated stuff may fail without --force. + # --relative In combination with a "source_server:some/path/not/created/on/destination/./path/created/on/destination/some_file" (dot dir) + # recreates a partial dir structure on the destination relative to the /./ dir, when it does not already exist. + # Without this combination of --relative and dot dir rsync will error when the path does not exist on the destination. + # IMPORTANT: src and dest paths must be absolute paths. Otherwise Ansible will expand the path itself which will remove the /./ dir. + - '--relative' + - '--omit-dir-times' + - '--chmod=Du=rwx,Dgo=rx,Fu=rw,Fgo=r' + - '--perms' + - '--force' + with_items: + - src: 'index.php' + - src: 'sitemap.php' + become: true + +- name: 'Create sub directory structure for MarkDown files on webserver.' file: path: "/srv/mkdocs/{{ slurm_cluster_name }}/{{ item.path }}" state: directory @@ -166,7 +176,7 @@ - build_mkdocs become: true -- name: Create static files for MarkDown on webserver. +- name: 'Create static files for MarkDown on webserver.' synchronize: src: "{{ playbook_dir }}/roles/online_docs/files/mkdocs/docs/./{{ item.src }}" dest: "/srv/mkdocs/{{ slurm_cluster_name }}/docs/" @@ -201,7 +211,7 @@ when: ansible_facts['os_family'] == "RedHat" and ansible_facts['distribution_major_version'] < "7" become: true -- name: Create static files for MarkDown on webserver. +- name: 'Create static files for MarkDown on webserver.' synchronize: src: "{{ playbook_dir }}/roles/online_docs/files/mkdocs/docs/./{{ item.src }}" dest: "/srv/mkdocs/{{ slurm_cluster_name }}/docs/" @@ -236,7 +246,7 @@ when: ansible_facts['os_family'] == "RedHat" and ansible_facts['distribution_major_version'] >= "7" become: true -- name: Create MarkDown files based on templates on webserver. +- name: 'Create MarkDown files based on templates on webserver.' template: src: "{{ item.src }}" dest: "/srv/mkdocs/{{ slurm_cluster_name }}/{{ item.path }}" diff --git a/roles/online_docs/tasks/mkdocs-for-redhat6.yml b/roles/online_docs/tasks/mkdocs-for-redhat6.yml new file mode 100644 index 000000000..7706b2216 --- /dev/null +++ b/roles/online_docs/tasks/mkdocs-for-redhat6.yml @@ -0,0 +1,27 @@ +--- +- name: Install Python 3 for CentOS 6. + yum: + state: latest + update_cache: yes + name: + - python34 + - python34-setuptools + become: true + +- name: Download get-pip.py for CentOS 6. + get_url: + url: https://bootstrap.pypa.io/get-pip.py + dest: /root/get-pip.py + mode: 0744 + become: true + +- name: Execute get-pip.py for Python 3 on CentOS 6. + shell: | + python3 /root/get-pip.py --no-setuptools --no-wheel + become: true + +- name: Install MkDocs and deps using pip on CentOS 6. + shell: | + python3 -m pip install mkdocs + become: true +... \ No newline at end of file diff --git a/roles/online_docs/tasks/mkdocs-for-redhat7.yml b/roles/online_docs/tasks/mkdocs-for-redhat7.yml new file mode 100644 index 000000000..63ef542dc --- /dev/null +++ b/roles/online_docs/tasks/mkdocs-for-redhat7.yml @@ -0,0 +1,16 @@ +--- +- name: Install Python 3 for CentOS 7. + yum: + state: latest + update_cache: yes + name: + - python36 + - python36-setuptools + - python36-pip + become: true + +- name: Install MkDocs and deps using pip on CentOS 7. + shell: | + python3 -m pip install mkdocs + become: true +... \ No newline at end of file diff --git a/roles/online_docs/templates/mkdocs/docs/index.md b/roles/online_docs/templates/mkdocs/docs/index.md index 95668475e..118ed8cc1 100644 --- a/roles/online_docs/templates/mkdocs/docs/index.md +++ b/roles/online_docs/templates/mkdocs/docs/index.md @@ -18,4 +18,12 @@ in collaboration with and as part of several research projects including See [cluster](cluster/) for an overview of cluster components and features. +Quickstart for new users: + +* To request access to {{ slurm_cluster_name | capitalize }} click [here](accounts/#request-an-account) +* To login on {{ slurm_cluster_name | capitalize }} for Mac or Unix users click [here](logins/#how-to-start-a-session-and-connect-to-a-user-interface-server) +* To login on {{ slurm_cluster_name | capitalize }} for Windows users click [here](logins/#ssh-config-and-login-to-ui-via-jumphost-for-users-on-windows) +* For a user tutorial for computing on {{ slurm_cluster_name | capitalize }} click [here](analysis/) +* For additional questions [contact the helpdesk](contact/) + ![RUG-UMCG](img/RUGUMCGduobrand.png) diff --git a/roles/online_docs/templates/mkdocs/docs/logins.md b/roles/online_docs/templates/mkdocs/docs/logins.md index d4f6a69c8..ee15848f6 100644 --- a/roles/online_docs/templates/mkdocs/docs/logins.md +++ b/roles/online_docs/templates/mkdocs/docs/logins.md @@ -259,10 +259,39 @@ The following assumes: You can now connect to for example UI {{ groups['user-interface'] | first | regex_replace('^' + ai_jumphost + '\\+','') }} via jumphost {{ groups['jumphost'] | first | regex_replace('^' + ai_jumphost + '\\+','') }} using a double hop like this: +{% if public_ip_addresses is defined and public_ip_addresses | length %}{% for jumphost in groups['jumphost'] %} + * In a _**Putty**_ configuration window supply the _hostname_ _**{{ public_ip_addresses[jumphost] }}**_, your **accountname** and +{% endfor %}{% else %} * In a _**Putty**_ configuration window supply the _hostname_ _**{{ groups['jumphost'] | first | regex_replace('^' + ai_jumphost + '\\+','') }}**_, your **accountname** and +{% endif %} * Click the _**Connect**_ button... * Once the connection is established type the following command in a terminal: ssh youraccount@{{ groups['user-interface'] | first | regex_replace('^' + ai_jumphost + '\\+','') }} -Please have a look at [these instructions to automate such a double hop on Windows](http://mikelococo.com/2008/01/multihop-ssh/) +#### 5. Connecting to {{ groups['user-interface'] | first | regex_replace('^' + ai_jumphost + '\\+','') }} via jumphost {{ groups['jumphost'] | first | regex_replace('^' + ai_jumphost + '\\+','') }} using MobaXterm. + +MobaXterm for windows is a great toolbox for remote computing. has It has a user friendly interface for supporting drag and drop file transfers directly into the virtual hpc cluster, +but also a UNIX terminal functionality to support basic commands (bash, grep, awk, sed, rsync, etc etc ) or SFTP support. +MobaXterm makes it easy to connect to _**{{ groups['user-interface'] | first | regex_replace('^' + ai_jumphost + '\\+','') }}**_ via a jumphost. + +To set up a connection to {{ groups['user-interface'] | first | regex_replace('^' + ai_jumphost + '\\+','') }} in MobaXterm you do the following: + + * Download and install [MobaXterm](https://mobaxterm.mobatek.net/download.html) + * create a new SSH, session + * put _**{{ groups['user-interface'] | first | regex_replace('^' + ai_jumphost + '\\+','') }}**_ in the "remote host" field + * open the "advanced SSH settings" section and import your private key. + * open the "Network settings" section + * check "Connect through SSH gateway \(jump host\)" +{% if public_ip_addresses is defined and public_ip_addresses | length %}{% for jumphost in groups['jumphost'] %} +* fill-in _**{{ public_ip_addresses[jumphost] }}**_ in order to connect to _**{{ groups['jumphost'] | first | regex_replace('^' + ai_jumphost + '\\+','') }}**_ +{% endfor %}{% else %} + * fill-in _**{{ groups['jumphost'] | first | regex_replace('^' + ai_jumphost + '\\+','') }}**_ in order to connect to _**{{ groups['jumphost'] | first | regex_replace('^' + ai_jumphost + '\\+','') }}**_ +{% endif %} + * This will silently create an encrypted SSH tunnel to _**{{ groups['jumphost'] | first | regex_replace('^' + ai_jumphost + '\\+','') }}**_ and then use this tunnel in order to connect to _**{{ groups['user-interface'] | first | regex_replace('^' + ai_jumphost + '\\+','') }}**_. + * Use the 'browser or sftp' tab for the more windows drag and drop interface, or the 'Shell' tab to make se of a terminal interface. + + + + +Fore more advanced information about MobaXterm please have a look at [these instructions to automate such a double hop on Windows](https://mobaxterm.mobatek.net/documentation.html#2_1_5) diff --git a/roles/online_docs/templates/mkdocs/docs/specifications.md b/roles/online_docs/templates/mkdocs/docs/specifications.md index 0264d389d..b436e4de9 100644 --- a/roles/online_docs/templates/mkdocs/docs/specifications.md +++ b/roles/online_docs/templates/mkdocs/docs/specifications.md @@ -35,6 +35,6 @@ In addition to LFS-ses for _home dirs_ and the centrally deployed _software_ an | Compute nodes | {{ vcompute_hostnames }} | | Cores/node | {{ vcompute_max_cpus_per_node }} | | RAM/node \(MB\) | {{ vcompute_max_mem_per_node }} | -| Storage/node \(GB\) | {{ vcompute_local_disk }} | +| Storage/node \(MB\) | {{ vcompute_local_disk }} | | Node features | {{ vcompute_features }} | diff --git a/roles/openldap/tasks/main.yml b/roles/openldap/tasks/main.yml index 98b0470e5..55a060d97 100644 --- a/roles/openldap/tasks/main.yml +++ b/roles/openldap/tasks/main.yml @@ -9,6 +9,7 @@ with_items: - openldap.service - phpldapadmin.service + become: true - name: make directory for the openldap ldif volume. file: @@ -16,6 +17,7 @@ state: directory owner: root group: root + become: true - name: install ldif file for "member of" copy: @@ -24,9 +26,11 @@ mode: 644 owner: root group: root + become: true - name: Daemon reload (the inplicit doesn't work) command: bash -c "systemctl daemon-reload" + become: true - name: make sure service is started systemd: @@ -36,11 +40,12 @@ with_items: - openldap.service - phpldapadmin.service + become: true - name: start service at boot. command: systemctl reenable "{{ item }}" with_items: - openldap.service - phpldapadmin.service - - + become: true +... diff --git a/roles/prom_proxy/tasks/main.yml b/roles/prom_proxy/tasks/main.yml index 953d2bbc3..4e7c587e9 100644 --- a/roles/prom_proxy/tasks/main.yml +++ b/roles/prom_proxy/tasks/main.yml @@ -1,24 +1,33 @@ --- -- name: Install nginx - yum: name=nginx state=latest update_cache=yes +- name: Install nginx. + yum: + name: nginx + state: latest + update_cache: yes + become: true -- name: nginx.conf - copy: +- name: Deploy nginx.conf. + template: src: templates/nginx.conf dest: /etc/nginx/nginx.conf mode: 0644 owner: root group: root + become: true -- name: .htpasswd +- name: Add .htpasswd copy: - src: templates/.htpasswd + content: "{{ prom_proxy_htpasswd }}" dest: /etc/nginx/.htpasswd mode: 0600 owner: nginx group: nginx + become: true -- name: make sure nginx is restarted +- name: Make sure nginx is enabled and restarted. systemd: name: nginx.service - state: restarted + state: 'restarted' + enabled: 'yes' + become: true +... diff --git a/roles/prom_proxy/templates/.htpasswd b/roles/prom_proxy/templates/.htpasswd deleted file mode 100644 index a0cb310a1..000000000 --- a/roles/prom_proxy/templates/.htpasswd +++ /dev/null @@ -1,8 +0,0 @@ -$ANSIBLE_VAULT;1.1;AES256 -65386265656631303366393632613564353635326134343666636239306238343836366234646131 -3731613138613836666661363566666464636337393534660a356666313364653865623838363964 -31303463623738346363303235633164353863333064373662353233613836366433613738376562 -3830366531333730390a653039363732303064313665396638373134353536663261666333643834 -65383561633765333330366532616665636631353231626439303636623632303438613335366366 -30383434653939623634663431653839333034613337366539316365396233393939613562346462 -623930636535303561343932333333656561 diff --git a/roles/prom_proxy/templates/nginx.conf b/roles/prom_proxy/templates/nginx.conf index 071b32af3..e30511b51 100644 --- a/roles/prom_proxy/templates/nginx.conf +++ b/roles/prom_proxy/templates/nginx.conf @@ -37,10 +37,10 @@ http { server { listen 9090 default_server; - server_name airlock; + server_name {{ ansible_hostname }}; location / { - proxy_pass http://imperator:9090; + proxy_pass http://{{ groups['slurm-management'] | first | regex_replace('^' + ai_jumphost + '\\+','') }}:9090; auth_basic "Restricted Content"; auth_basic_user_file /etc/nginx/.htpasswd; diff --git a/roles/prom_server/handlers/main.yml b/roles/prom_server/handlers/main.yml new file mode 100644 index 000000000..de5e2e7a2 --- /dev/null +++ b/roles/prom_server/handlers/main.yml @@ -0,0 +1,17 @@ +--- +# +# Important: maintain correct handler order. +# Handlers are executed in the order in which they are defined +# and not in the order in whch they are listed in a "notify: handler_name" statement! +# +# Restart before reload: an reload after a restart may be redundant but should not fail, +# but the other way around may fail when the impact of changes was too large for a reload. +# +- name: Restart prometheus service. + systemd: + name: 'prometheus.service' + state: restarted + daemon_reload: yes + become: true + listen: restart_prometheus +... diff --git a/roles/prom_server/meta/main.yml b/roles/prom_server/meta/main.yml index 79cbd2976..0c0c5a4a9 100644 --- a/roles/prom_server/meta/main.yml +++ b/roles/prom_server/meta/main.yml @@ -1,3 +1,4 @@ --- dependencies: - { role: docker } +... diff --git a/roles/prom_server/tasks/main.yml b/roles/prom_server/tasks/main.yml index 70bd4d320..c1d24419b 100644 --- a/roles/prom_server/tasks/main.yml +++ b/roles/prom_server/tasks/main.yml @@ -1,56 +1,62 @@ --- -- file: +- name: Create directories for Prometheus. + file: path: "{{ item }}" state: directory mode: 0755 - owner: 65534 + owner: '65534' with_items: - - /srv/prometheus/etc/prometheus - - /srv/prometheus/prometheus + - '/srv/prometheus/etc/prometheus' + - '/srv/prometheus/prometheus' + notify: + - restart_prometheus + become: true - name: Install settings files. copy: - src: templates/etc/{{ item }} - dest: /srv/prometheus/etc/prometheus/{{ item }} + src: "templates/etc/{{ item }}" + dest: "/srv/prometheus/etc/prometheus/{{ item }}" mode: 0644 owner: root group: root with_items: - alerting.rules - targets.json + notify: + - restart_prometheus + become: true -- name: Install settings files. +- name: Install settings files based on templates. template: - src: templates/etc/prometheus.yml - dest: /srv/prometheus/etc/prometheus/prometheus.yml + src: 'templates/etc/prometheus.yml' + dest: '/srv/prometheus/etc/prometheus/prometheus.yml' mode: 0644 owner: root group: root - - tags: - - service-files + notify: + - restart_prometheus + become: true - name: Install service files. template: - src: templates/prometheus.service - dest: /etc/systemd/system/prometheus.service + src: 'templates/prometheus.service' + dest: '/etc/systemd/system/prometheus.service' mode: 644 owner: root group: root tags: - service-files + notify: + - restart_prometheus + become: true -- name: install service files - command: systemctl daemon-reload - -- name: enable service at boot +- name: Make sure prometheus service is started and enabled on (re)boot. systemd: name: prometheus.service enabled: yes - -- name: make sure servcies are started. - systemd: - name: prometheus.service - state: restarted + state: started + daemon_reload: yes tags: - start-service + become: true +... \ No newline at end of file diff --git a/roles/regular-users/tasks/ldap-regular-users.yml b/roles/regular-users/tasks/ldap-regular-users.yml new file mode 100644 index 000000000..5cde1b266 --- /dev/null +++ b/roles/regular-users/tasks/ldap-regular-users.yml @@ -0,0 +1,66 @@ +--- +- name: 'Make sure we have a parent entry for users.' + ldap_entry: + dn: "ou=users,{{ ldap_base }}" + objectClass: 'organizationalUnit' + bind_dn: "{{ ldap_binddn }}" + bind_pw: "{{ bindpw }}" + server_uri: 'ldap:///' + +- name: 'Make sure we have a parent entry for groups.' + ldap_entry: + dn: "ou=groups,{{ ldap_base }}" + objectClass: 'organizationalUnit' + bind_dn: "{{ ldap_binddn }}" + bind_pw: "{{ bindpw }}" + server_uri: 'ldap:///' + +- name: 'Add groups to parent entry for groups.' + ldap_entry: + dn: "cn={{ item }},ou=groups,{{ ldap_base }}" + objectClass: 'posixGroup' + state: present + server_uri: 'ldap:///' + bind_dn: "{{ ldap_binddn }}" + bind_pw: "{{ bindpw }}" + attributes: + gidNumber: "{{ auth_groups[item].gid }}" + with_items: "{{ regular_groups }}" + +- name: 'Add users to parent entry for users.' + ldap_entry: + dn: "cn={{ item.user }},ou=users,{{ ldap_base }}" + state: present + server_uri: 'ldap:///' + objectClass: + - 'inetOrgPerson' + - 'posixAccount' + - 'top' + - 'ldapPublicKey' + bind_dn: "{{ ldap_binddn }}" + bind_pw: "{{ bindpw }}" + attributes: + sn: "{{ item.user }}" + givenName: "{{ auth_users[item.user].comment }}" + cn: "{{ item.user }}" + uid: "{{ item.user }}" + uidNumber: "{{ auth_users[item.user].uid }}" + gidNumber: "{{ auth_groups['users'].gid }}" + homeDirectory: "/home/{{ item.user }}" + loginShell: '/bin/bash' + sshPublicKey: "{{ auth_users[item.user].pub_keys }}" + with_items: "{{ regular_users }}" + +- name: 'Add users to groups.' + ldap_attr: + dn: "cn={{ item.1 }},ou=groups,{{ ldap_base }}" + state: present + server_uri: 'ldap:///' + bind_dn: "{{ ldap_binddn }}" + bind_pw: "{{ bindpw }}" + name: 'memberUid' + values: "{{ item.0.user }}" + with_subelements: + - "{{ regular_users }}" + - 'groups' +... diff --git a/roles/regular-users/tasks/local-regular-users.yml b/roles/regular-users/tasks/local-regular-users.yml new file mode 100644 index 000000000..f9726d133 --- /dev/null +++ b/roles/regular-users/tasks/local-regular-users.yml @@ -0,0 +1,38 @@ +--- +- name: 'Check if required groups are present.' + group: + name: "{{ item }}" + gid: "{{ auth_groups[item].gid }}" + state: present + with_items: "{{ regular_groups }}" + become: true + +- name: "Check if required private groups for user's home dir are present." + group: + name: "{{ item.user }}" # Use same name as user's account name for user's private group. + gid: "{{ auth_users[item.user].uid }}" # Use same GID as user's UID for user's private group. + state: present + with_items: "{{ regular_users }}" + become: true + +- name: 'Create local regular users and append them to relevant groups.' + user: + name: "{{ item.user }}" + uid: "{{ auth_users[item.user].uid }}" + comment: "{{ auth_users[item.user].comment }}" + group: "{{ item.user }}" + groups: "{{ item.groups }}" + home: "/home/{{ item.user }}" + append: no + with_items: "{{ regular_users }}" + become: true + +- name: 'Deploy authorized keys for local regular users.' + authorized_key: + user: "{{ item.user }}" + key: "{{ auth_users[item.user].pub_keys }}" + state: present + exclusive: yes + with_items: "{{ regular_users }}" + become: true +... diff --git a/roles/regular-users/tasks/main.yml b/roles/regular-users/tasks/main.yml new file mode 100644 index 000000000..3614b05d2 --- /dev/null +++ b/roles/regular-users/tasks/main.yml @@ -0,0 +1,16 @@ +--- +- name: 'Create regular users & groups in cluster LDAP.' + include_tasks: + file: "{{ playbook_dir }}/roles/regular-users/tasks/ldap-regular-users.yml" + when: + - use_ldap | default(true, true) | bool + - create_ldap | default(false, true) | bool + - inventory_hostname in groups['ldap-server'] | default([]) + +- name: 'Create local regular users & groups.' + include_tasks: + file: "{{ playbook_dir }}/roles/regular-users/tasks/local-regular-users.yml" + when: + - not use_ldap | default(true, true) | bool + - inventory_hostname in groups['cluster'] | default([]) or inventory_hostname in groups['jumphost'] | default([]) +... \ No newline at end of file diff --git a/roles/rsyslogclient/tasks/main.yml b/roles/rsyslogclient/tasks/main.yml index 5c29bd3d8..2e00e6193 100644 --- a/roles/rsyslogclient/tasks/main.yml +++ b/roles/rsyslogclient/tasks/main.yml @@ -2,16 +2,21 @@ - name: Install rsyslog on centos yum: name=rsyslog state=latest update_cache=yes when: ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux' + become: true - name: Install rsyslog on ubuntu apt: name=rsyslog state=latest update_cache=yes when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu' + become: true - name: configure rsyslog server. lineinfile: dest: /etc/rsyslog.conf line: "*.* @{{ item }}:514" with_items: "{{ rsyslog_remote_servers }}" + become: true - name: restart rsyslog systemd: name=rsyslog state=restarted + become: true +... \ No newline at end of file diff --git a/roles/shared_storage/tasks/main.yml b/roles/shared_storage/tasks/main.yml index c40df168f..df79faac6 100644 --- a/roles/shared_storage/tasks/main.yml +++ b/roles/shared_storage/tasks/main.yml @@ -18,7 +18,7 @@ state: 'mounted' with_items: "{{ pfs_mounts }}" when: inventory_hostname in groups['sys-admin-interface'] - become: True + become: true - name: 'Create "home" Logical File System (LFS) on Physical File Systems (PFSs) mounted on SAIs.' file: @@ -29,7 +29,7 @@ state: 'directory' with_items: "{{ lfs_mounts | selectattr('lfs', 'match', '^home$') | list }}" when: inventory_hostname in groups['sys-admin-interface'] - become: True + become: true - name: 'Create root groups folder for "tmp" and "prm" Logical File Systems (LFSs) on Physical File Systems (PFSs) mounted on SAIs.' file: @@ -41,7 +41,7 @@ with_items: - "{{ lfs_mounts | selectattr('lfs', 'search', '(tmp)|(prm)[0-9]+$') | list }}" when: inventory_hostname in groups['sys-admin-interface'] - become: True + become: true - name: 'Create folder for each group on Physical File Systems (PFSs) mounted on SAIs.' file: @@ -54,7 +54,7 @@ - "{{ lfs_mounts | selectattr('lfs', 'search', '((tmp)|(prm))[0-9]+$') | list }}" - 'groups' when: inventory_hostname in groups['sys-admin-interface'] - become: True + become: true - name: 'Create "tmp" Logical File Systems (LFSs) for each group on Physical File Systems (PFSs) mounted on SAIs.' file: @@ -67,7 +67,7 @@ - "{{ lfs_mounts | selectattr('lfs', 'search', 'tmp[0-9]+$') | list }}" - 'groups' when: inventory_hostname in groups['sys-admin-interface'] - become: True + become: true - name: 'Create "prm" Logical File Systems (LFSs) for each group on Physical File Systems (PFSs) mounted on SAIs.' file: @@ -80,7 +80,7 @@ - "{{ lfs_mounts | selectattr('lfs', 'search', 'prm[0-9]+$') | list }}" - 'groups' when: inventory_hostname in groups['sys-admin-interface'] - become: True + become: true - name: 'Create "apps" Logical File Systems (LFSs) on Physical File Systems (PFSs) mounted on SAIs.' file: @@ -92,7 +92,7 @@ with_items: - "{{ lfs_mounts | selectattr('lfs', 'search', 'env[0-9]+$') | list }}" when: inventory_hostname in groups['sys-admin-interface'] - become: True + become: true - name: 'Mount "home" Logical File System (LFS) from shared storage.' mount: @@ -102,7 +102,7 @@ opts: "{{ pfs_mounts | selectattr('pfs', 'match', item.pfs) | map(attribute='rw_options') | first }}" state: 'mounted' with_items: "{{ lfs_mounts | selectattr('lfs', 'match', '^home$') | list }}" - when: inventory_hostname in groups['cluster'] + when: inventory_hostname in groups['cluster'] and not inventory_hostname in groups['nfs-server']|default([]) become: True - name: 'Mount "tmp" Logical File Systems (LFSs) per group from shared storage.' @@ -116,7 +116,7 @@ - "{{ lfs_mounts | selectattr('lfs', 'search', 'tmp[0-9]+$') | list }}" - 'groups' when: inventory_hostname in groups['compute-vm'] or inventory_hostname in groups['user-interface'] or inventory_hostname in groups['deploy-admin-interface'] - become: True + become: true - name: 'Mount "prm" Logical File Systems (LFSs) per group from shared storage.' mount: @@ -129,7 +129,7 @@ - "{{ lfs_mounts | selectattr('lfs', 'search', 'prm[0-9]+$') | list }}" - 'groups' when: inventory_hostname in groups['user-interface'] - become: True + become: true - name: 'Mount "env" Logical File Systems (LFSs) from shared storage read-write on DAIs.' mount: @@ -140,7 +140,7 @@ state: 'mounted' with_items: "{{ lfs_mounts | selectattr('lfs', 'search', 'env[0-9]+$') | list}}" when: inventory_hostname in groups['deploy-admin-interface'] - become: True + become: true - name: 'Mount "apps" from one "env" Logical File System (LFS) from shared storage read-only as /apps on UIs and vcompute nodes.' mount: @@ -152,5 +152,5 @@ with_items: - "{{ lfs_mounts | selectattr('lfs', 'search', 'env[0-9]+$') | list }}" when: inventory_hostname in item.machines - become: True + become: true ... diff --git a/roles/slurm-client/handlers/main.yml b/roles/slurm-client/handlers/main.yml index e394ea12e..cf4afb71c 100644 --- a/roles/slurm-client/handlers/main.yml +++ b/roles/slurm-client/handlers/main.yml @@ -10,14 +10,16 @@ - name: Restart munge service. systemd: name: 'munge.service' - state: restarted + state: 'restarted' + daemon_reload: 'yes' become: true listen: restart_munge - name: Restart slurmd service. systemd: name: 'slurmd.service' - state: reloaded + state: 'restarted' + daemon_reload: 'yes' become: true listen: restart_slurmd # @@ -26,14 +28,14 @@ - name: Reload munge service. systemd: name: 'munge.service' - state: reloaded + state: 'reloaded' become: true listen: reload_munge - name: Reload slurmd service. systemd: name: 'slurmd.service' - state: reloaded + state: 'reloaded' become: true listen: reload_slurmd ... diff --git a/roles/slurm-client/tasks/main.yml b/roles/slurm-client/tasks/main.yml index 9daf4bfea..4454a2aba 100644 --- a/roles/slurm-client/tasks/main.yml +++ b/roles/slurm-client/tasks/main.yml @@ -10,7 +10,7 @@ file: ../../slurm-management/defaults/main.yml name: slurm -- name: Add Slurm group +- name: Add Slurm group. group: name: slurm gid: "{{ slurm['slurm_gid'] }}" @@ -18,7 +18,7 @@ - restart_slurmd become: true -- name: Add Munge group +- name: Add Munge group. group: name: munge gid: "{{ slurm['munge_gid'] }}" @@ -27,7 +27,7 @@ - restart_slurmd become: true -- name: Add Slurm user +- name: Add Slurm user. user: name: slurm uid: "{{ slurm['slurm_uid'] }}" @@ -36,7 +36,7 @@ - restart_slurmd become: true -- name: Add Munge user +- name: Add Munge user. user: name: munge uid: "{{ slurm['munge_uid'] }}" @@ -46,20 +46,41 @@ - restart_slurmd become: true -- name: Install the Slurm client and NHC with yum. +- name: Install the Slurm client with yum. yum: - state: latest + state: installed update_cache: yes + allow_downgrade: yes name: - - slurm - - slurm-slurmd - - warewulf-nhc + - "slurm*{{ slurm_version }}" + - "slurm-slurmd*{{ slurm_version }}" notify: - restart_munge - restart_slurmd become: true -- name: Install munge_keyfile +- name: Patch slurm daemon systemd service files to use custom sub dir for PID files. + lineinfile: + path: "/usr/lib/systemd/system/{{ item }}.service" + regexp: '^PIDFile=' + line: "PIDFile=/var/run/slurm/{{ item }}.pid" + with_items: + - 'slurmd' + notify: + - restart_slurmd + become: true + +- name: Install NHC with yum. + yum: + state: latest + update_cache: yes + name: + - 'lbnl-nhc' + notify: + - restart_slurmd + become: true + +- name: Install munge_keyfile. copy: src: roles/slurm-management/files/{{ slurm_cluster_name }}_munge.key owner: munge @@ -71,7 +92,7 @@ - restart_slurmd become: true -- name: Create folders for Slurm and NHC +- name: Create folders for Slurm and NHC. file: name: "{{ item.name }}" owner: "{{ item.owner }}" @@ -99,6 +120,10 @@ owner: root group: root mode: '0755' + - name: '/var/run/slurm' + owner: 'slurm' + group: 'root' + mode: '0775' become: true - name: Deploy slurm prolog/epilog scripts. @@ -114,7 +139,7 @@ - slurm.taskprolog become: true -- name: Deploy slurm.conf +- name: Deploy slurm.conf. template: src: roles/slurm-management/templates/slurm.conf dest: /etc/slurm/slurm.conf @@ -125,7 +150,7 @@ - reload_slurmd become: true -- name: Configure cgroups +- name: Configure cgroups. copy: src: roles/slurm-management/files/cgroup.conf dest: /etc/slurm/cgroup.conf @@ -136,7 +161,7 @@ - reload_slurmd become: true -- name: Deploy UI nhc.conf +- name: Deploy UI nhc.conf. template: src: templates/user-interface_nhc.conf dest: /etc/nhc/nhc.conf @@ -146,7 +171,7 @@ when: inventory_hostname in groups['user-interface'] become: true -- name: Deploy compute-vm nhc.conf +- name: Deploy compute-vm nhc.conf. template: src: templates/compute-vm_nhc.conf dest: /etc/nhc/nhc.conf @@ -156,11 +181,12 @@ when: inventory_hostname in groups['compute-vm'] become: true -- name: Start slurm and munge services +- name: Start slurm and munge services. systemd: name: "{{ item }}" - enabled: yes - state: started + enabled: 'yes' + state: 'started' + daemon_reload: 'yes' with_items: - munge.service - slurmd.service diff --git a/roles/slurm-management/files/job_submit.lua b/roles/slurm-management/files/job_submit.lua index 1c7c23baf..a6a8c4125 100644 --- a/roles/slurm-management/files/job_submit.lua +++ b/roles/slurm-management/files/job_submit.lua @@ -276,9 +276,8 @@ function slurm_job_submit(job_desc, part_list, submit_uid) -- slurm.log_debug("No QoS level specified for job named %s from user %s (uid=%u). Will try to lookup default QoS...", tostring(job_desc.name), tostring(submit_user.name), job_desc.user_id) if job_desc.default_qos == nil then - slurm.log_error("Failed to assign a default QoS for job named %s from user %s (uid=%u).", tostring(job_desc.name), tostring(submit_user.name), job_desc.user_id) - slurm.log_user("Failed to assign a default QoS for job named %s from user %s (uid=%u).", tostring(job_desc.name), tostring(submit_user.name), job_desc.user_id) - return slurm.ERROR + slurm.log_warn("Failed to fetch a default QoS for job named %s from user %s (uid=%u); will use QoS 'regular'.", tostring(job_desc.name), tostring(submit_user.name), job_desc.user_id) + job_desc.qos = 'regular' else job_desc.qos = job_desc.default_qos slurm.log_debug("Found QoS %s for job named %s from user %s (uid=%u).", tostring(job_desc.qos), tostring(job_desc.name), tostring(submit_user.name), job_desc.user_id) diff --git a/roles/slurm-management/files/nibbler_munge.key b/roles/slurm-management/files/nibbler_munge.key new file mode 100644 index 000000000..8fb0c4c4f --- /dev/null +++ b/roles/slurm-management/files/nibbler_munge.key @@ -0,0 +1,57 @@ +$ANSIBLE_VAULT;1.1;AES256 +36336339393135386661613066333134653034343065616566626330303763356464333437656565 +6333373530653230396362323661643538623237613636390a343766633765326662353966336464 +34313232313164383234376562363061353430626438663339646237636138333137666636343561 +3839616138613737360a306163376438343738396266336334653666323961346165343664386666 +36383139353962303439333237653135626161653436313337356634353061383361623238316663 +64306165643938393865336564623865626436373539333963373061353766636664666331353936 +36616433633132383437613964343865323761356434666161346339396330373439303437323764 +66633034303864653935663133613232353234356235393334623539333962323735633135663930 +37383239643533663736633166336263333535303561366364376262326534343534336230396336 +35343632323130333361316435346432386161633039376539366665663065643961663262613835 +62373563663734613837363137333163393234623064636466613864306232303865316361656562 +62383733623830396461356635363433663639383137666435353539626630613865636530336430 +65363866316431656538393462373435373963363833373764313566323266363439313139353562 +31323438333837323536343433346165346664663531353339316232646566336136303939613565 +39386664356234346166643163633139376361643831303262323631643837653735666539396230 +32343937616665653636343934653063663066386233613464643636616332663730343439656365 +35333362346536626135393432646133346430326533643164353466383334323766653163623837 +32363761313934333637333362636461323165316661346230393836373861343532343939623962 +38326235383664386234393963666132323833633738376663316561346236323266666130656661 +30356134343036376435373436633235383634393932386430313533386337653333343264316131 +34623830633164636565623631356363633537316239386335616635303466303563343361663331 +38643638323739333333643838653930303962313863656565353736376533343432346632656236 +64316130613263666430303263623031306536663633626535346132643266373162326164656333 +38353233393830613330333330363535346439626263383939333361326664623561376535656635 +36373765313566643564653464353237366466303966363663653030636161373636636430326531 +61326138376631353238323065323139656133383533303861353165623564353162363666613735 +32646431303534333732643931376237366231313233613939303232316561356465636464366530 +30336361613138623832363938626531333239396534313663636639306664636138333964613637 +62626637636637363031356237623261333264363164303963366434396564373365326565386138 +35303637336230353231353934373230386164323138303961633266343435666266343963396639 +66316137323136303032633662643737373031663565386633393431303536646339323337316433 +35373937626339313138363566333630306264363739366139643335643737393137646536316331 +34383766613562663639653562613630623839343531313732383363623036646366646363313438 +38323633343564643265313632383366343564653330623539383130636131626566303163346639 +63336462363737353935313730386661636337333332656533643533313665333733636662393363 +33336230656130643063323665353466303736306361623765313536303861366164356161313938 +30333635643738303633323639363239323635333834353534326466376637323439383934353163 +32363264633461363566316233303338646134616663353361336464343132653436653939333235 +32306430306162336463623662396331386563373733616261396335346633303333646235663833 +65343962323866396139386339613064393964303134323733376632626633633236353064633139 +64363737393962326636653761386234363739376365656431663330343738366234663062333935 +30613865633131373137323034636333666637663665366334393830613039666461633966313463 +36346635343662303161366461376537663934636561373764393265646336633161633563613834 +31373332613636663439356231613433613864333334343439383834643933396434643636393232 +37376233323962326239306638636231343964623935653861623631646436623061343363356266 +30343131333164663435333630643135393864623561343233643332373562323464363266373539 +39633030353566386363383335386231313330616139636132646435653633663036666235373238 +36323665363263633365666566613161303235333637613531626365663236393737636665663839 +37663530373666663839646466316237316363383535363236386464376139386166356561366235 +37646130323939623264366332616333306361626462623039333630613034636638356265633361 +38613665303266626339656262383538363734343935613630376334633964646436383864363737 +66333137393238323832313630373861353731666530633737613866373032656530656430343735 +61633864366634333961323035363866396232383131663938356264313363646264353730383330 +32376331353937373364363835386162643230336538313461353863643165356563653364336633 +37306436306563333032636531633330323333336666633036626633656336613666613664323065 +62353332643564616161 diff --git a/roles/slurm-management/handlers/main.yml b/roles/slurm-management/handlers/main.yml index 434e5fc7d..154e4af89 100644 --- a/roles/slurm-management/handlers/main.yml +++ b/roles/slurm-management/handlers/main.yml @@ -10,21 +10,24 @@ - name: Restart munge service. systemd: name: 'munge.service' - state: restarted + state: 'restarted' + daemon_reload: 'yes' become: true listen: restart_munge - name: Restart slurmdbd service. systemd: name: 'slurmdbd.service' - state: restarted + state: 'restarted' + daemon_reload: 'yes' become: true listen: restart_slurmdbd - name: Restart slurmctld service. systemd: name: 'slurmctld.service' - state: restarted + state: 'restarted' + daemon_reload: 'yes' become: true listen: restart_slurmctld # diff --git a/roles/slurm-management/meta/main.yml b/roles/slurm-management/meta/main.yml index 1d60ad0f8..d4e3df4aa 100644 --- a/roles/slurm-management/meta/main.yml +++ b/roles/slurm-management/meta/main.yml @@ -1,4 +1,5 @@ --- dependencies: + - { role: docker } - { role: mariadb } ... diff --git a/roles/slurm-management/tasks/main.yml b/roles/slurm-management/tasks/main.yml index 4b2b0ca5b..cdfb47ed0 100644 --- a/roles/slurm-management/tasks/main.yml +++ b/roles/slurm-management/tasks/main.yml @@ -40,6 +40,14 @@ - restart_slurmctld become: true +- name: Install munge + yum: + state: latest + update_cache: yes + name: + - munge + become: true + - name: Install munge.key file. copy: src: "files/{{ slurm_cluster_name }}_munge.key" @@ -53,50 +61,69 @@ - restart_slurmctld become: true -- name: Install Slurm management deamons and their dependencies with yum. +- name: Install Slurm management dependencies with yum. yum: state: latest update_cache: yes name: - - MySQL-python - - lua-posix - - slurm - - slurm-slurmctld - - slurm-slurmdbd - - slurm-perlapi + - 'MySQL-python' + - 'lua-posix' notify: - restart_munge - restart_slurmdbd - restart_slurmctld become: true -- name: Make sure the database root user is present and grant privileges. - mysql_user: +- name: Install Slurm management deamons with yum. + yum: + state: installed + update_cache: yes + allow_downgrade: yes + name: + - "slurm*{{ slurm_version }}" + - "slurm-slurmctld*{{ slurm_version }}" + - "slurm-slurmdbd*{{ slurm_version }}" + - "slurm-perlapi*{{ slurm_version }}" + notify: + - restart_munge + - restart_slurmdbd + - restart_slurmctld + become: true + +- name: Patch slurm daemon systemd service files to use custom sub dir for PID files. + lineinfile: + path: "/usr/lib/systemd/system/{{ item }}.service" + regexp: '^PIDFile=' + line: "PIDFile=/var/run/slurm/{{ item }}.pid" + with_items: + - 'slurmctld' + - 'slurmdbd' + notify: + - restart_slurmdbd + - restart_slurmctld + become: true + +- name: Create a database for Slurm accounting. + mysql_db: login_host: 127.0.0.1 login_user: 'root' login_password: "{{ MYSQL_ROOT_PASSWORD }}" - name: "{{ slurm_storage_user }}" - password: "{{ slurm_storage_pass }}" - host: '%' - priv: '*.*:ALL' + name: "{{ slurm_database_name }}" + state: 'present' no_log: True - register: result - until: result is succeeded - # sometimes the initial connect fails. - # Retry until it succeeds. - retries: 7 - delay: 3 - ignore_errors: yes notify: - restart_slurmdbd -- name: Create a database for Slurm accounting. - mysql_db: +- name: Make sure the slurm database user is present and grant privileges on the Slurm accounting DB. + mysql_user: login_host: 127.0.0.1 login_user: 'root' login_password: "{{ MYSQL_ROOT_PASSWORD }}" - name: 'slurm_acct_db' - state: 'present' + name: "{{ slurm_storage_user }}" + password: "{{ slurm_storage_pass }}" + host: '%' + priv: "{{ slurm_database_name }}.*:ALL" + connect_timeout: 120 no_log: True notify: - restart_slurmdbd @@ -121,6 +148,10 @@ owner: 'slurm' group: 'root' mode: '0750' + - name: '/var/run/slurm' + owner: 'slurm' + group: 'root' + mode: '0775' become: true - name: Install Slurm config file. @@ -132,6 +163,8 @@ mode: '0644' notify: reload_slurmctld become: true + tags: + - slurm.conf - name: Install Slurm DBD config file. template: @@ -159,6 +192,7 @@ name: "{{item}}" state: 'started' enabled: 'yes' + daemon_reload: 'yes' with_items: - 'munge.service' - 'slurmdbd.service' @@ -184,20 +218,24 @@ tags: - create_database register: command_result - retries: 2 - delay: 1 - until: command_result == '' + retries: 3 + delay: 5 + until: + - command_result.stderr == '' + - command_result.stdout != '' # NOTE: cannot use command_result.rc to check for the exit value of script in failed_when or changed_when # as the sacctmgr commands used in the script may return exit code 1 when trying to create/modify # something that already exists. This results in "Nothing new added." on STDOUT, but no message on STDERR. # In case something is really wrong there will be messags printed to STDERR. - failed_when: "command_result.stderr != ''" + failed_when: command_result.stderr != '' + become: true - name: Make sure slurmctld service is enabled and started now that the cluster DB is present. systemd: name: 'slurmctld.service' state: 'started' enabled: 'yes' + daemon_reload: yes become: true - name: Make backup dir. diff --git a/roles/slurm-management/templates/slurm.conf b/roles/slurm-management/templates/slurm.conf index 774da2c5f..e67612a87 100644 --- a/roles/slurm-management/templates/slurm.conf +++ b/roles/slurm-management/templates/slurm.conf @@ -15,8 +15,8 @@ SlurmdSpoolDir=/var/spool/slurmd SwitchType=switch/none MpiDefault=none MpiParams=ports=12000-12999 -SlurmctldPidFile=/var/run/slurmctld.pid -SlurmdPidFile=/var/run/slurmd.pid +SlurmctldPidFile=/var/run/slurm/slurmctld.pid +SlurmdPidFile=/var/run/slurm/slurmd.pid ProctrackType=proctrack/cgroup #PluginDir= CacheGroups=0 @@ -39,6 +39,7 @@ JobSubmitPlugins=lua #TrackWCKey=no #TreeWidth=50 TmpFS=/local +UnkillableStepTimeout=180 #UsePAM= #CheckpointType=checkpoint/blcr #JobCheckpointDir=/var/slurm/checkpoint diff --git a/roles/slurm-management/templates/slurmdbd.conf b/roles/slurm-management/templates/slurmdbd.conf index de03af1d4..557bdf51b 100644 --- a/roles/slurm-management/templates/slurmdbd.conf +++ b/roles/slurm-management/templates/slurmdbd.conf @@ -16,11 +16,11 @@ PurgeResvAfter=1month PurgeStepAfter=3months PurgeSuspendAfter=1month LogFile=/var/log/slurm/slurmdbd.log -PidFile=/var/run/slurmdbd.pid +PidFile=/var/run/slurm/slurmdbd.pid SlurmUser=slurm StorageHost=127.0.0.1 StoragePort=3306 StoragePass={{ slurm_storage_pass }} StorageType=accounting_storage/mysql StorageUser={{ slurm_storage_user }} -StorageLoc={{ slurm_table_name }} +StorageLoc={{ slurm_database_name }} diff --git a/roles/slurm_exporter/tasks/main.yml b/roles/slurm_exporter/tasks/main.yml index dddb2d95f..89710afbc 100644 --- a/roles/slurm_exporter/tasks/main.yml +++ b/roles/slurm_exporter/tasks/main.yml @@ -5,12 +5,18 @@ path: /usr/local/prometheus state: directory mode: 0755 + owner: root + group: root + become: true - name: Install binary copy: src: "{{ playbook_dir }}/promtools/results/{{ service_name }}" dest: "/usr/local/prometheus/{{ service_name }}" mode: 0755 + owner: root + group: root + become: true - name: Install service files. template: @@ -21,14 +27,17 @@ group: root tags: - service-files + become: true - name: install service files command: systemctl daemon-reload + become: true - name: enable service at boot systemd: name: "{{ service_name }}.service" enabled: yes + become: true - name: make sure servcies are started. systemd: @@ -36,3 +45,5 @@ state: restarted tags: - start-service + become: true +... \ No newline at end of file diff --git a/roles/spacewalk_client/defaults/main.yml b/roles/spacewalk_client/defaults/main.yml index 978d80bac..bf53a31a7 100644 --- a/roles/spacewalk_client/defaults/main.yml +++ b/roles/spacewalk_client/defaults/main.yml @@ -1,4 +1,4 @@ --- -spacewalk_server_url: 'http://spacewalk.hpc.rug.nl/XMLRPC' +spacewalk_server_url: 'http://spacewalk02.hpc.rug.nl/XMLRPC' rhn_channels: - - centos7_gearshift + - centos7_umcg diff --git a/roles/spacewalk_client/handlers/main.yml b/roles/spacewalk_client/handlers/main.yml index f0db8780e..1ed86f5fe 100644 --- a/roles/spacewalk_client/handlers/main.yml +++ b/roles/spacewalk_client/handlers/main.yml @@ -8,6 +8,6 @@ service: name: rhnsd state: restarted - become: yes + become: true listen: restart_rhnsd ... \ No newline at end of file diff --git a/roles/spacewalk_client/tasks/main.yml b/roles/spacewalk_client/tasks/main.yml index 4f31b1fcf..e8e475e84 100644 --- a/roles/spacewalk_client/tasks/main.yml +++ b/roles/spacewalk_client/tasks/main.yml @@ -3,6 +3,7 @@ yum: name: https://copr-be.cloud.fedoraproject.org/results/@spacewalkproject/spacewalk-2.8-client/epel-7-x86_64/00742644-spacewalk-repo/spacewalk-client-repo-2.8-11.el7.centos.noarch.rpm state: present + become: true - name: Install spacewalk client packages. yum: @@ -15,6 +16,7 @@ - yum-rhn-plugin notify: - restart_rhnsd + become: true - name: Enable spacewalk service. systemd: @@ -25,6 +27,7 @@ - rhnsd.service notify: - restart_rhnsd + become: true - meta: flush_handlers @@ -40,26 +43,32 @@ delay: 3 ignore_errors: yes no_log: True + become: true - name: Disable gpgcheck for spacewalk repo. lineinfile: path: '/etc/yum/pluginconf.d/rhnplugin.conf' regexp: '^gpgcheck = [0-9].*' line: 'gpgcheck = 0' + become: true - name: Remove all (non-spacewalk) repo config files from /etc/yum.repos.d/. shell: "rm -rf /etc/yum.repos.d/*" args: warn: false + become: true - name: Clear the yum cache. command: "yum clean all" args: warn: false ignore_errors: yes + become: true - name: Upgrade all packages to version specified in spacewalk channel. yum: name: '*' state: latest + exclude: slurm* # Specific Slurm versions configured in slurm-* roles, because we use a custom patched version. + become: true ... diff --git a/roles/ssh_host_signer/tasks/main.yml b/roles/ssh_host_signer/tasks/main.yml index dab1b6e1a..f2eac5690 100644 --- a/roles/ssh_host_signer/tasks/main.yml +++ b/roles/ssh_host_signer/tasks/main.yml @@ -14,6 +14,7 @@ state: directory changed_when: false register: temporary_directory + become: false - name: Fetch public keys. fetch: diff --git a/roles/cluster/defaults/main.yml b/roles/sshd/defaults/main.yml similarity index 100% rename from roles/cluster/defaults/main.yml rename to roles/sshd/defaults/main.yml diff --git a/roles/cluster/handlers/main.yml b/roles/sshd/handlers/main.yml similarity index 87% rename from roles/cluster/handlers/main.yml rename to roles/sshd/handlers/main.yml index 6a3f8639e..c7df39b53 100644 --- a/roles/cluster/handlers/main.yml +++ b/roles/sshd/handlers/main.yml @@ -4,6 +4,6 @@ service: name: sshd state: restarted - become: yes + become: true listen: restart_sshd ... diff --git a/roles/sshd/tasks/main.yml b/roles/sshd/tasks/main.yml new file mode 100644 index 000000000..08aa31845 --- /dev/null +++ b/roles/sshd/tasks/main.yml @@ -0,0 +1,22 @@ +--- +- name: Deploy sshd config. + template: + src: templates/sshd_config + dest: /etc/ssh/sshd_config + validate: '/usr/sbin/sshd -T -f %s' + notify: restart_sshd + become: true + +- name: Check if /etc/ssh/moduli contains weak (small) values. + shell: awk '$5 < {{ sshd_moduli_minimum }}' /etc/ssh/moduli + register: sshd_register_moduli + changed_when: false + check_mode: no + +- name: Remove weak (small) values from /etc/ssh/moduli. + shell: awk '$5 >= {{ sshd_moduli_minimum }}' /etc/ssh/moduli > /etc/ssh/moduli.new ; + [ -r /etc/ssh/moduli.new -a -s /etc/ssh/moduli.new ] && mv /etc/ssh/moduli.new /etc/ssh/moduli || true + when: sshd_register_moduli.stdout + notify: restart_sshd + become: true +... \ No newline at end of file diff --git a/roles/cluster/templates/sshd_config b/roles/sshd/templates/sshd_config similarity index 97% rename from roles/cluster/templates/sshd_config rename to roles/sshd/templates/sshd_config index e6d6e7766..8fd1d5966 100644 --- a/roles/cluster/templates/sshd_config +++ b/roles/sshd/templates/sshd_config @@ -73,17 +73,6 @@ ChallengeResponseAuthentication no GSSAPIAuthentication no GSSAPICleanupCredentials no PubkeyAuthentication yes -{% if use_ldap %} -AuthorizedKeysCommand /usr/libexec/openssh/ssh-ldap-wrapper -AuthorizedKeysCommandUser root - -AuthorizedKeysFile /dev/null -Match Group admin - AuthorizedKeysFile .ssh/authorized_keys -Match all -{% else %} -AuthorizedKeysFile .ssh/authorized_keys -{% endif %} # # Connection settings. @@ -97,4 +86,14 @@ ClientAliveInterval 300 # Subsystem sftp /usr/libexec/openssh/sftp-server -f AUTHPRIV -l INFO +{% if use_ldap %} +AuthorizedKeysCommand /usr/libexec/openssh/ssh_ldap_wrapper.py +AuthorizedKeysCommandUser root +AuthorizedKeysFile /dev/null +Match Group admin + AuthorizedKeysFile .ssh/authorized_keys + +{% else %} +AuthorizedKeysFile .ssh/authorized_keys +{% endif %} diff --git a/roles/static-hostname-lookup/tasks/main.yml b/roles/static-hostname-lookup/tasks/main.yml new file mode 100644 index 000000000..09a589fa1 --- /dev/null +++ b/roles/static-hostname-lookup/tasks/main.yml @@ -0,0 +1,12 @@ +--- +- name: Set /etc/hosts + template: + src: templates/{{ slurm_cluster_name }}_hosts + dest: /etc/hosts + mode: 0644 + owner: root + group: root + backup: yes + become: true + tags: ['etc_hosts'] +... \ No newline at end of file diff --git a/roles/static-hostname-lookup/templates/fender_hosts b/roles/static-hostname-lookup/templates/fender_hosts new file mode 100644 index 000000000..67b7ed83d --- /dev/null +++ b/roles/static-hostname-lookup/templates/fender_hosts @@ -0,0 +1,54 @@ +# +## +### /etc/hosts file for Solve-RD research clusters. +## +# + +# +# localhost +# +127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 +::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 + +# +# Jumphost servers. +# +192.168.0.8 corridor + +# +# Admin / Management machines. +# DAI = Deploy Admin Interface +# SAI = Sys Admin Interface +# +192.168.0.22 fd-sai +192.168.0.21 fd-dai + +# +# Cluster User Interfaces (UIs). +# +192.168.0.16 fender + +# +# Shared network storage servers. +# + +# +# Cluster nodes. +# +192.168.0.13 fd-vcompute01 +192.168.0.11 fd-vcompute02 +192.168.0.5 fd-vcompute03 +192.168.0.24 fd-vcompute04 +192.168.0.9 fd-vcompute05 +192.168.0.14 fd-vcompute06 +192.168.0.28 fd-vcompute07 +192.168.0.31 fd-vcompute08 +192.168.0.25 fd-vcompute09 +192.168.0.26 fd-vcompute10 +192.168.0.15 fd-vcompute11 +192.168.0.19 fd-vcompute12 + +# +# Documentation webserver. +# +195.169.22.76 docs diff --git a/roles/cluster/templates/gearshift_hosts b/roles/static-hostname-lookup/templates/gearshift_hosts similarity index 89% rename from roles/cluster/templates/gearshift_hosts rename to roles/static-hostname-lookup/templates/gearshift_hosts index c6f25a089..d93ccc463 100644 --- a/roles/cluster/templates/gearshift_hosts +++ b/roles/static-hostname-lookup/templates/gearshift_hosts @@ -69,14 +69,19 @@ 172.23.40.96 tl-vcompute02 tl-vcompute02.hpc.local 172.23.40.97 tl-vcompute03 tl-vcompute03.hpc.local +# +# Documentation webserver. +# +195.169.22.76 docs + # # To prevent excessive dns lookups: # -129.125.60.195 gearshift.hpc.rug.nl -129.125.60.86 boxy.hpc.rug.nl -195.169.22.247 calculon.gcc.rug.nl -195.169.22.95 leucine-zipper.gcc.rug.nl -195.169.22.8 zinc-finger.gcc.rug.nl +129.125.60.195 gearshift.hpc.rug.nl +129.125.60.86 boxy.hpc.rug.nl +195.169.22.247 calculon.gcc.rug.nl +195.169.22.95 leucine-zipper.gcc.rug.nl +195.169.22.8 zinc-finger.gcc.rug.nl {% if additional_etc_hosts is defined %} {{ additional_etc_hosts }} diff --git a/roles/cluster/templates/hyperchicken_hosts b/roles/static-hostname-lookup/templates/hyperchicken_hosts similarity index 69% rename from roles/cluster/templates/hyperchicken_hosts rename to roles/static-hostname-lookup/templates/hyperchicken_hosts index 86a9ec085..3799bef03 100644 --- a/roles/cluster/templates/hyperchicken_hosts +++ b/roles/static-hostname-lookup/templates/hyperchicken_hosts @@ -13,20 +13,20 @@ # # Jumphost servers. # -192.168.0.18 portal +192.168.0.33 portal # # Admin / Management machines. # DAI = Deploy Admin Interface # SAI = Sys Admin Interface # -192.168.0.7 hc-sai -192.168.0.6 hc-dai +192.168.0.32 hc-sai +192.168.0.10 hc-dai # # Cluster User Interfaces (UIs). # -192.168.0.12 hyperchicken +192.168.0.7 hyperchicken # # Shared network storage servers. @@ -35,4 +35,9 @@ # # Cluster nodes. # -192.168.0.10 hc-vcompute01 +192.168.0.27 hc-vcompute01 + +# +# Documentation webserver. +# +195.169.22.76 docs diff --git a/roles/cluster/templates/talos_hosts b/roles/static-hostname-lookup/templates/talos_hosts similarity index 100% rename from roles/cluster/templates/talos_hosts rename to roles/static-hostname-lookup/templates/talos_hosts diff --git a/roles/sudoers/tasks/main.yml b/roles/sudoers/tasks/main.yml new file mode 100644 index 000000000..953535567 --- /dev/null +++ b/roles/sudoers/tasks/main.yml @@ -0,0 +1,14 @@ +--- +# +# Allow passwordless sudo to the datamanager users for indivual users or %groups. +# This can be specified in the groupvars regular_users. +# +- name: 'Allow passwordless sudo to the datamanager users.' + lineinfile: + dest: '/etc/sudoers' + line: "{{ item.1 }} ALL=({{ item.0.user }}) NOPASSWD:ALL" + become: true + with_subelements: + - "{{ regular_users | default([]) | selectattr('sudoers', 'defined') | list }}" + - 'sudoers' +... diff --git a/roles/swap/defaults/main.yml b/roles/swap/defaults/main.yml new file mode 100644 index 000000000..c84688015 --- /dev/null +++ b/roles/swap/defaults/main.yml @@ -0,0 +1,2 @@ +--- +swap_space: 4 # 4 GiB diff --git a/roles/swap/tasks/main.yml b/roles/swap/tasks/main.yml new file mode 100644 index 000000000..2625b7b1c --- /dev/null +++ b/roles/swap/tasks/main.yml @@ -0,0 +1,47 @@ +--- +# https://gist.github.com/manuelmeurer/a2c0a8c24a0bb5092250 + +- name: set swap_file variable + set_fact: + swap_file: /swapfile.swap + +- name: check if swap file exists + stat: + path: "{{ swap_file }}" + register: swap_file_check + + +# fallocate doesn't work on centos7, see +# https://unix.stackexchange.com/questions/294600/i-cant-enable-swap-space-on-centos-7 +- name: create swap file + sudo: yes + command: dd if=/dev/zero bs=1MiB count={{ swap_space * 1024 }} of={{ swap_file }} + when: not swap_file_check.stat.exists + +- name: set permissions on swap file + sudo: yes + file: + path: "{{ swap_file }}" + mode: 0600 + +- name: format swap file + sudo: yes + command: mkswap {{ swap_file }} + when: not swap_file_check.stat.exists + +- name: add to fstab + sudo: yes + lineinfile: + dest: /etc/fstab + regexp: "{{ swap_file }}" + line: "{{ swap_file }} none swap sw 0 0" + +- name: turn on swap + sudo: yes + command: swapon -a + +- name: set swapiness + sudo: yes + sysctl: + name: vm.swappiness + value: "1" diff --git a/roles/yum-repos/tasks/main.yml b/roles/yum-repos/tasks/main.yml new file mode 100644 index 000000000..66e1691f8 --- /dev/null +++ b/roles/yum-repos/tasks/main.yml @@ -0,0 +1,10 @@ +--- +- name: "Add custom yum repos." + yum_repository: + name: "{{ item }}" + description: "{{ yum_repos[item].description }}" + baseurl: "{{ yum_repos[item].baseurl }}" + gpgcheck: no + with_items: "{{ yum_repos }}" + become: true +... \ No newline at end of file diff --git a/single_role_playbooks/admin-users.yml b/single_role_playbooks/admin-users.yml new file mode 100644 index 000000000..923d87545 --- /dev/null +++ b/single_role_playbooks/admin-users.yml @@ -0,0 +1,8 @@ +--- +- hosts: jumphost + roles: + - admin-users +- hosts: cluster,docs + roles: + - admin-users +... \ No newline at end of file diff --git a/single_role_playbooks/build-environment.yml b/single_role_playbooks/build-environment.yml new file mode 100644 index 000000000..32320981a --- /dev/null +++ b/single_role_playbooks/build-environment.yml @@ -0,0 +1,7 @@ +--- +- hosts: + - deploy-admin-interface + - user-interface + roles: + - build-environment +... diff --git a/single_role_playbooks/cluster.yml b/single_role_playbooks/cluster.yml index c56ee0ae1..540535b88 100644 --- a/single_role_playbooks/cluster.yml +++ b/single_role_playbooks/cluster.yml @@ -1,6 +1,5 @@ --- - hosts: cluster - become: true roles: - cluster ... diff --git a/single_role_playbooks/dai.yml b/single_role_playbooks/dai.yml deleted file mode 100644 index 51f327775..000000000 --- a/single_role_playbooks/dai.yml +++ /dev/null @@ -1,81 +0,0 @@ ---- -- hosts: deploy-admin-interface - become: true - tasks: - - name: Install OS depedencies (with yum). - yum: - state: latest - update_cache: yes - name: - # - # 'Development tools' package group and other common deps. - # - - "@Development tools" - - libselinux-devel - - kernel-devel - - gcc-c++ - # - # Slurm dependencies. - # - - readline-devel - - pkgconfig - - perl-ExtUtils-MakeMaker - - perl - - pam-devel - - openssl-devel - - numactl-devel - - nss-softokn-freebl - - ncurses-devel - - mysql-devel - - munge-libs - - munge-devel - - mariadb-devel - - man2html - - lua-devel - - hwloc-devel - - hdf5-devel - - blcr-devel - - blcr - # - # Ansible dependencies. - # - - python2-devel - - python-nose - - python-coverage - - python-mock - - python-boto3 - - python-botocore - - python-ldap - - python-passlib - - python2-sphinx-theme-alabaster - - pytest - # - # Lua, Lmod, EasyBuild dependencies. - # - - rdma-core-devel - - libxml2-devel - - libXext-devel - - libX11-devel - - - name: Set lustre client source url. - set_fact: - lustre_rpm_url: https://downloads.whamcloud.com/public/lustre/lustre-2.10.4/el7/client/SRPMS - lustre_src_rpm_name: lustre-2.10.4-1.src.rpm - lustre_client_rpm_name: lustre-client-2.10.4-1.el7.x86_64.rpm - - - name: check if the buildserver has already built the client. - stat: - path: /root/rpmbuild/RPMS/x86_64/{{ lustre_client_rpm_name }} - register: remote_file - - - name: build the lustre client. - block: - - name: Fetch the lustre client source - get_url: - url: "{{ lustre_rpm_url }}/{{ lustre_src_rpm_name }}" - dest: /tmp/{{ lustre_src_rpm_name }} - - - name: build the lustre client. - command: rpmbuild --rebuild --without servers /tmp/{{ lustre_src_rpm_name }} - become: true - when: remote_file.stat.exists == false diff --git a/single_role_playbooks/figlet.yml b/single_role_playbooks/figlet.yml index 91dd89ed6..ef6c16d61 100644 --- a/single_role_playbooks/figlet.yml +++ b/single_role_playbooks/figlet.yml @@ -1,4 +1,5 @@ --- -- hosts: all +- hosts: cluster roles: - figlet_hostname +... diff --git a/single_role_playbooks/firewall.yml b/single_role_playbooks/firewall.yml index 41461a124..be62d9e19 100644 --- a/single_role_playbooks/firewall.yml +++ b/single_role_playbooks/firewall.yml @@ -1,7 +1,6 @@ --- - name: Install the common role from the hpc-cloud repo. hosts: all - become: true roles: -# - firewall - - geerlingguy.firewall + - { role: geerlingguy.firewall, become: true } +... \ No newline at end of file diff --git a/single_role_playbooks/fuse-layer.yml b/single_role_playbooks/fuse-layer.yml new file mode 100644 index 000000000..0038542f0 --- /dev/null +++ b/single_role_playbooks/fuse-layer.yml @@ -0,0 +1,4 @@ +--- +- hosts: deploy-admin-interface + roles: + - fuse-layer diff --git a/single_role_playbooks/interfaces.yml b/single_role_playbooks/interfaces.yml new file mode 100644 index 000000000..620d95c6b --- /dev/null +++ b/single_role_playbooks/interfaces.yml @@ -0,0 +1,4 @@ +--- +- hosts: cluster + roles: + - interfaces diff --git a/single_role_playbooks/ldap.yml b/single_role_playbooks/ldap.yml index fd3b4c569..1c98f58b4 100644 --- a/single_role_playbooks/ldap.yml +++ b/single_role_playbooks/ldap.yml @@ -1,8 +1,6 @@ --- - - name: Install ldap role. - hosts: cluster, jumphost - become: true - tasks: + hosts: jumphost, cluster roles: - ldap +... \ No newline at end of file diff --git a/single_role_playbooks/logins.yml b/single_role_playbooks/logins.yml new file mode 100644 index 000000000..ab2eb678f --- /dev/null +++ b/single_role_playbooks/logins.yml @@ -0,0 +1,5 @@ +--- +- hosts: cluster + roles: + - logins +... diff --git a/single_role_playbooks/mount-volume.yml b/single_role_playbooks/mount-volume.yml index a10cef0da..a64fbf209 100644 --- a/single_role_playbooks/mount-volume.yml +++ b/single_role_playbooks/mount-volume.yml @@ -3,6 +3,6 @@ - compute-vm - sys-admin-interface - deploy-admin-interface - become: True roles: - mount-volume +... diff --git a/single_role_playbooks/nfs_home_dirs.yml b/single_role_playbooks/nfs_home_dirs.yml index 2dc465ff7..0283895d5 100644 --- a/single_role_playbooks/nfs_home_dirs.yml +++ b/single_role_playbooks/nfs_home_dirs.yml @@ -4,13 +4,11 @@ --- - name: Export /home on NFS server. hosts: user-interface - become: true roles: - nfs_home_server - name: Mount /home on NFS clients. hosts: compute-vm - become: true roles: - nfs_home_client ... \ No newline at end of file diff --git a/single_role_playbooks/openldap.yml b/single_role_playbooks/openldap.yml index 11ae583b5..cfe15fcd4 100644 --- a/single_role_playbooks/openldap.yml +++ b/single_role_playbooks/openldap.yml @@ -1,8 +1,7 @@ --- - - name: Install ldap role. hosts: ldap-server - become: true tasks: roles: - openldap +... \ No newline at end of file diff --git a/single_role_playbooks/prom_proxy.yml b/single_role_playbooks/prom_proxy.yml new file mode 100644 index 000000000..2485f9a50 --- /dev/null +++ b/single_role_playbooks/prom_proxy.yml @@ -0,0 +1,5 @@ +--- +- hosts: jumphost + roles: + - prom_proxy +... diff --git a/single_role_playbooks/prom_server.yml b/single_role_playbooks/prom_server.yml new file mode 100644 index 000000000..03174f789 --- /dev/null +++ b/single_role_playbooks/prom_server.yml @@ -0,0 +1,5 @@ +--- +- hosts: slurm-management + roles: + - prom_server +... diff --git a/single_role_playbooks/regular-users.yml b/single_role_playbooks/regular-users.yml new file mode 100644 index 000000000..7bf84c7c4 --- /dev/null +++ b/single_role_playbooks/regular-users.yml @@ -0,0 +1,6 @@ +--- +- name: Install regular-users role. + hosts: jumphost, cluster + roles: + - regular-users +... \ No newline at end of file diff --git a/single_role_playbooks/rsyslog.yml b/single_role_playbooks/rsyslog.yml index 911c34126..022d3ca2a 100644 --- a/single_role_playbooks/rsyslog.yml +++ b/single_role_playbooks/rsyslog.yml @@ -1,8 +1,8 @@ --- - hosts: all - become: true roles: - roles/rsyslogclient vars: rsyslog_remote_servers: - 172.23.47.250 +... \ No newline at end of file diff --git a/single_role_playbooks/slurm-client.yml b/single_role_playbooks/slurm-client.yml index 07a8a58f2..463f2779f 100644 --- a/single_role_playbooks/slurm-client.yml +++ b/single_role_playbooks/slurm-client.yml @@ -5,14 +5,12 @@ - name: Install virtual compute nodes hosts: compute-vm - become: true tasks: roles: - slurm-client - name: Install user interface hosts: user-interface - become: true tasks: roles: - slurm-client diff --git a/single_role_playbooks/slurm-management.yml b/single_role_playbooks/slurm-management.yml index 2b7d61f0e..316cc7965 100644 --- a/single_role_playbooks/slurm-management.yml +++ b/single_role_playbooks/slurm-management.yml @@ -1,6 +1,5 @@ --- - hosts: slurm-management - become: true roles: - docker - mariadb diff --git a/single_role_playbooks/spacewalk_client.yml b/single_role_playbooks/spacewalk_client.yml new file mode 100644 index 000000000..bf72da316 --- /dev/null +++ b/single_role_playbooks/spacewalk_client.yml @@ -0,0 +1,5 @@ +--- +- hosts: cluster + roles: + - spacewalk_client +... diff --git a/single_role_playbooks/sshd.yml b/single_role_playbooks/sshd.yml new file mode 100644 index 000000000..9f30eba5b --- /dev/null +++ b/single_role_playbooks/sshd.yml @@ -0,0 +1,9 @@ +--- +- hosts: jumphost + roles: + - sshd + +- hosts: cluster + roles: + - sshd +... diff --git a/single_role_playbooks/static-hostname-lookup.yml b/single_role_playbooks/static-hostname-lookup.yml new file mode 100644 index 000000000..812d3e3ea --- /dev/null +++ b/single_role_playbooks/static-hostname-lookup.yml @@ -0,0 +1,9 @@ +--- +- hosts: jumphost + roles: + - static-hostname-lookup + +- hosts: cluster + roles: + - static-hostname-lookup +... diff --git a/single_role_playbooks/sudoers.yml b/single_role_playbooks/sudoers.yml new file mode 100644 index 000000000..2daab2431 --- /dev/null +++ b/single_role_playbooks/sudoers.yml @@ -0,0 +1,5 @@ +--- +- hosts: user-interface + roles: + - sudoers +... diff --git a/single_role_playbooks/swap.yml b/single_role_playbooks/swap.yml new file mode 100644 index 000000000..61ce56bff --- /dev/null +++ b/single_role_playbooks/swap.yml @@ -0,0 +1,4 @@ +--- +- hosts: deploy-admin-interface + roles: + - swap diff --git a/ssh-host-ca/umcg-hpc-ca.pub b/ssh-host-ca/umcg-hpc-ca.pub new file mode 100644 index 000000000..5bd3b12c8 --- /dev/null +++ b/ssh-host-ca/umcg-hpc-ca.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDN8m3uPzwVJxsW3gvXTwc7f2WRwHFQ9aBXTGRRgdW/qVZydDC+rBTR1ZdapGtOqnOJ6VNzI7c2ziYWfx7kfYhFjhDZ3dv9XuOn1827Ktw5M0w8Y47bHfX+E/D9xMX1htdHGgja/yh0mTbs7Ponn3zOne8e8oUTUd7q/w/kO4KVsXaBsUz1ZG9wXjOA8TacwdoqMhzdhhQkhhKKGLArYeQ4gsa6N2MnXqd3glkhITQGOUQvFHxKP8nArfYeOK15UgzhkitcBsi4lkx1THuOu+u/oGskmacSaBWSUObP7LHKdw4v15/5S8qjD6NSm6ezfEtw1ltO3eVA6ZD5NbhHMZ3IkCeMlRKmVqQUmNqkcMSPwi91K5rcfduL4EYLT5nq+Z0Kv2UO8QXH9zBCb0K8zSdwtpoABfk0rbbdxtZXZD1y20DkRlbC3WMS79O9HsWAkugnwJ8LANGS3odY6spDAF6Rt7By/bcS+TobBLCUA6eQ+W1oml5hCCLPSsa0BPvIR1YxYxWbD6Gb/PDsTwZJ7ZDgEHd67ylrdL+aQvnJXVC3V0uEjyQbLN2txjgO3okFpzcOz9ERWEvz6fQgi387Idyy8fsmFOJ4RjEPlnUs/T4PfThZgo2hZYlYWMmRFxUK1PzC0zHcTnaTS9qoHogRZYJUn1kiiF6dB7atu1julDJzTw== UMCG HPC CA diff --git a/talos_hosts.ini b/talos_hosts.ini index cb7eab966..7d2ce4d1b 100644 --- a/talos_hosts.ini +++ b/talos_hosts.ini @@ -2,7 +2,7 @@ reception [docs] -molgenis42 +docs [slurm-management] tl-sai