summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--install.yml18
-rw-r--r--inventories/ipe.erb3
-rw-r--r--pods.yml7
-rw-r--r--roles/ands_pods/tasks/compute.yml6
-rw-r--r--roles/ands_pods/tasks/main.yml24
-rw-r--r--roles/ands_pods/templates/services/distcc.service17
-rw-r--r--roles/ands_scripts/defaults/main.yml1
-rw-r--r--roles/ands_scripts/tasks/main.yml29
-rw-r--r--roles/ands_scripts/templates/all/cron/maintain.j24
-rw-r--r--roles/ands_scripts/templates/all/scripts/subids.sh19
-rw-r--r--roles/ands_storage/tasks/nfs.yml2
-rw-r--r--roles/common/tasks/install.yml3
-rw-r--r--roles/common/tasks/main.yml2
-rw-r--r--roles/common/tasks/software.yml1
-rw-r--r--roles/devel/defaults/main.yml2
-rw-r--r--roles/devel/tasks/dnf.yml9
-rw-r--r--roles/devel/tasks/main.yml10
-rw-r--r--roles/devel/vars/centos-7.yml1
-rw-r--r--roles/devel/vars/main.yml1
-rw-r--r--roles/docker/tasks/install_podman.yml15
-rw-r--r--scripts.yml6
21 files changed, 168 insertions, 12 deletions
diff --git a/install.yml b/install.yml
index 802dc10..e675815 100644
--- a/install.yml
+++ b/install.yml
@@ -10,6 +10,12 @@
roles:
- role: ands_idm
+- name: Devel Packages
+ hosts: devel
+ remote_user: root
+ roles:
+ - role: devel
+
- name: Infiniband
hosts: ib
remote_user: root
@@ -46,3 +52,15 @@
remote_user: root
roles:
- role: ands_storage
+
+- name: Ands Scripts
+ hosts: all
+ remote_user: root
+ roles:
+ - role: ands_scripts
+
+- name: Docker Containers (Pods)
+ hosts: all
+ remote_user: root
+ roles:
+ - role: ands_pods
diff --git a/inventories/ipe.erb b/inventories/ipe.erb
index 2ff9e24..1041e21 100644
--- a/inventories/ipe.erb
+++ b/inventories/ipe.erb
@@ -41,3 +41,6 @@ student
[ipaclients:children]
vm
compute
+
+[devel:children]
+compute
diff --git a/pods.yml b/pods.yml
new file mode 100644
index 0000000..c4bb25b
--- /dev/null
+++ b/pods.yml
@@ -0,0 +1,7 @@
+- name: Docker Containers (Pods)
+ hosts: all
+ remote_user: root
+ roles:
+ - role: ands_pods
+
+
diff --git a/roles/ands_pods/tasks/compute.yml b/roles/ands_pods/tasks/compute.yml
new file mode 100644
index 0000000..649a6e0
--- /dev/null
+++ b/roles/ands_pods/tasks/compute.yml
@@ -0,0 +1,6 @@
+- name: Start DistCC daemon
+ systemd: name="distcc" daemon_reload="yes" state="restarted" enabled="yes"
+ become: yes
+
+- name: Open DistCC port
+ firewalld: port="3632/tcp" state="enabled" permanent="true" immediate="true"
diff --git a/roles/ands_pods/tasks/main.yml b/roles/ands_pods/tasks/main.yml
new file mode 100644
index 0000000..755377e
--- /dev/null
+++ b/roles/ands_pods/tasks/main.yml
@@ -0,0 +1,24 @@
+#- name: Install monitoring applications
+# package: name={{item}} state=present
+# with_items:
+# - sysstat
+
+- name: "Deploy services"
+ copy: src="{{ item | quote }}" dest="/etc/systemd/system/{{ item | basename | quote }}" owner=root group=root mode=0755
+ with_fileglob:
+ - "{{ role_path }}/templates/services/*.service"
+
+- name: "Deploy service templates"
+ template: src="{{ item | quote }}" dest="/etc/systemd/system/{{ script_name }}" owner=root group=root mode=0755
+ vars:
+ script_name: "{{ item | basename | regex_replace('\\.j2','') }}"
+ with_fileglob:
+ - "{{ role_path }}/templates/services/*.j2"
+
+- name: Configure services on compute nodes
+ include_tasks: compute.yml
+ when: "'compute' in group_names"
+
+- name: Reload SystemD service
+ systemd: daemon_reload="yes"
+ become: yes
diff --git a/roles/ands_pods/templates/services/distcc.service b/roles/ands_pods/templates/services/distcc.service
new file mode 100644
index 0000000..a754fb4
--- /dev/null
+++ b/roles/ands_pods/templates/services/distcc.service
@@ -0,0 +1,17 @@
+[Unit]
+Description=DistCC Podman Container
+After=network.target
+
+[Service]
+Type=simple
+TimeoutStartSec=5m
+ExecStartPre=-/usr/bin/podman rm "distcc"
+ExecStart=/usr/bin/podman run --name distcc -p 3632:3632 chsa/distcc:latest
+ExecReload=-/usr/bin/podman stop "distcc"
+ExecReload=-/usr/bin/podman rm "distcc"
+ExecStop=-/usr/bin/podman stop "distcc"
+Restart=always
+RestartSec=30
+
+[Install]
+WantedBy=multi-user.target
diff --git a/roles/ands_scripts/defaults/main.yml b/roles/ands_scripts/defaults/main.yml
new file mode 100644
index 0000000..ee3cb7b
--- /dev/null
+++ b/roles/ands_scripts/defaults/main.yml
@@ -0,0 +1 @@
+ands_script_path: "/opt/scripts"
diff --git a/roles/ands_scripts/tasks/main.yml b/roles/ands_scripts/tasks/main.yml
new file mode 100644
index 0000000..048b0da
--- /dev/null
+++ b/roles/ands_scripts/tasks/main.yml
@@ -0,0 +1,29 @@
+#- name: Install monitoring applications
+# package: name={{item}} state=present
+# with_items:
+# - sysstat
+
+- name: Create scripts directory
+ file: path="{{ ands_script_path }}" state=directory
+
+- name: "Deploy scripts"
+ copy: src="{{ item | quote }}" dest="{{ ands_script_path }}/{{ item | basename | quote }}" owner=root group=root mode=0755
+ with_fileglob:
+ - "{{ role_path }}/templates/all/scripts/*.sh"
+ - "{{ role_path }}/templates/{{ inventory_hostname }}/scripts/*.sh"
+
+- name: "Deploy script templates"
+ template: src="{{ item | quote }}" dest="{{ ands_script_path }}/{{ script_name }}" owner=root group=root mode=0755
+ vars:
+ script_name: "{{ item | basename | regex_replace('\\.j2','') }}"
+ with_fileglob:
+ - "{{ role_path }}/templates/all/scripts/*.j2"
+ - "{{ role_path }}/templates/{{ inventory_hostname }}/scripts/*.j2"
+
+- name: "Deploy cron jobs"
+ template: src="{{ item | quote }}" dest="/etc/cron.d/{{ cron_name }}" owner=root group=root mode=0644
+ vars:
+ cron_name: "{{ item | basename | regex_replace('\\.j2','') }}"
+ with_fileglob:
+ - "{{ role_path }}/templates/all/cron/*.j2"
+ - "{{ role_path }}/templates/{{ inventory_hostname }}/cron/*.j2"
diff --git a/roles/ands_scripts/templates/all/cron/maintain.j2 b/roles/ands_scripts/templates/all/cron/maintain.j2
new file mode 100644
index 0000000..fdd4231
--- /dev/null
+++ b/roles/ands_scripts/templates/all/cron/maintain.j2
@@ -0,0 +1,4 @@
+SHELL=/bin/bash
+PATH=/sbin:/bin:/usr/sbin:/usr/bin
+MAILTO=csa-darkserv@suren.me
+*/15 * * * * root {{ ands_script_path }}/subids.sh
diff --git a/roles/ands_scripts/templates/all/scripts/subids.sh b/roles/ands_scripts/templates/all/scripts/subids.sh
new file mode 100644
index 0000000..a83baa0
--- /dev/null
+++ b/roles/ands_scripts/templates/all/scripts/subids.sh
@@ -0,0 +1,19 @@
+#! /bin/bash
+
+[ -f /etc/subuid ] || exit
+[ -f /etc/subgid ] || exit
+
+users=$(getent group ipeusers | awk 'BEGIN { FS=":" } { print $4 }' | sed -e 's/,/\n/')
+subuid=$(cat /etc/subuid | awk 'BEGIN { FS=":" } { print $1 }')
+subgid=$(cat /etc/subgid | awk 'BEGIN { FS=":" } { print $1 }')
+
+subuid=$(echo -e "$users\n$subuid\n$subuid" | sort | uniq -u)
+subgid=$(echo -e "$users\n$subgid\n$subgid" | sort | uniq -u)
+
+for user in $subuid; do
+ grep -qxF "$user" /etc/subuid || sed -i'' -e "\$a$user:100000:65536" /etc/subuid
+done
+
+for user in $subgid; do
+ grep -qxF "$user" /etc/subgid || sed -i'' -e "\$a$user:100000:65536" /etc/subgid
+done
diff --git a/roles/ands_storage/tasks/nfs.yml b/roles/ands_storage/tasks/nfs.yml
index f8bb310..111992e 100644
--- a/roles/ands_storage/tasks/nfs.yml
+++ b/roles/ands_storage/tasks/nfs.yml
@@ -10,6 +10,6 @@
when: ands_nfs_server is defined
- name: set mountpoints
- mount: name=/mnt/pdv src="{{ ands_pdv_server }}:/pdv" fstype=nfs opts=defaults,_netdev,nofail,soft,nodiratime,noatime dump=0 passno=0 state=mounted
+ mount: name=/mnt/pdv src="{{ ands_pdv_server }}:/mnt/pdv" fstype=nfs opts=defaults,_netdev,nofail,soft,nodiratime,noatime dump=0 passno=0 state=mounted
when: ands_pdv_server is defined
diff --git a/roles/common/tasks/install.yml b/roles/common/tasks/install.yml
index 9f3cf79..53c4a00 100644
--- a/roles/common/tasks/install.yml
+++ b/roles/common/tasks/install.yml
@@ -14,6 +14,9 @@
- name: Install additional software
include_tasks: software.yml
+- name: Ensure csa user can login using public key auth
+ file: path="/home/csa/.ssh" owner="csa" group="csa" recurse=true
+
- name: Configure git
shell: |
git config --global http.sslVerify false
diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml
index 9f0b72c..086c952 100644
--- a/roles/common/tasks/main.yml
+++ b/roles/common/tasks/main.yml
@@ -1,3 +1,3 @@
---
-- name: "Configuring OpenShift"
+- name: "Running {{ subrole | default('install') }}"
include_tasks: "{{ subrole | default('install') }}.yml"
diff --git a/roles/common/tasks/software.yml b/roles/common/tasks/software.yml
index 3a1a5c1..add70d6 100644
--- a/roles/common/tasks/software.yml
+++ b/roles/common/tasks/software.yml
@@ -7,6 +7,7 @@
- strace
- git
- pciutils
+ - htop
- name: Ensure all extra packages are installed
package: name={{item}} state=present
diff --git a/roles/devel/defaults/main.yml b/roles/devel/defaults/main.yml
new file mode 100644
index 0000000..18215c8
--- /dev/null
+++ b/roles/devel/defaults/main.yml
@@ -0,0 +1,2 @@
+common_packages: [ cmake, libdb-devel, libnl3-devel, elfutils-devel, numactl-devel, boost-devel, tcl, tk ]
+extra_packages: []
diff --git a/roles/devel/tasks/dnf.yml b/roles/devel/tasks/dnf.yml
index 350108a..bd6e452 100644
--- a/roles/devel/tasks/dnf.yml
+++ b/roles/devel/tasks/dnf.yml
@@ -1,5 +1,6 @@
- name: Install development package groups
- dnf: name={{item}} state=present
- with_items:
- - "@Development and Creative Workstation"
-
+ dnf:
+ state: present
+ name:
+ - "@Development Tools"
+ - "@RPM Development Tools"
diff --git a/roles/devel/tasks/main.yml b/roles/devel/tasks/main.yml
index d42dd31..7d08a15 100644
--- a/roles/devel/tasks/main.yml
+++ b/roles/devel/tasks/main.yml
@@ -8,12 +8,12 @@
- "{{ ansible_distribution|lower }}.yml"
- "{{ ansible_os_family|lower }}.yml"
-- include_tasks: dnf.yml
- when: ansible_distribution | lower == 'fedora'
-
- include_tasks: yum.yml
- when: (ansible_os_family | lower == 'redhat') and (ansible_distribution | lower != 'fedora')
+ when: ansible_pkg_mgr == 'yum'
+
+- include_tasks: dnf.yml
+ when: ansible_pkg_mgr == 'dnf'
- name: Install various development packages
package: name={{item}} state=present
- with_items: "{{ common_packages | union(packages | default([])) }}"
+ with_items: "{{ common_packages | union ( extra_packages | default([]) ) | union(packages | default([])) }}"
diff --git a/roles/devel/vars/centos-7.yml b/roles/devel/vars/centos-7.yml
new file mode 100644
index 0000000..a276957
--- /dev/null
+++ b/roles/devel/vars/centos-7.yml
@@ -0,0 +1 @@
+extra_packages: [ doxygen, libmnl-devel, libconfig-devel, iptables-devel ]
diff --git a/roles/devel/vars/main.yml b/roles/devel/vars/main.yml
deleted file mode 100644
index 9024160..0000000
--- a/roles/devel/vars/main.yml
+++ /dev/null
@@ -1 +0,0 @@
-common_packages: [ cmake, doxygen, libdb-devel, libnl3-devel, libmnl-devel, elfutils-devel, iptables-devel, numactl-devel, boost-devel, tcl, tk, libconfig-devel ] \ No newline at end of file
diff --git a/roles/docker/tasks/install_podman.yml b/roles/docker/tasks/install_podman.yml
index 3498aa7..f59e778 100644
--- a/roles/docker/tasks/install_podman.yml
+++ b/roles/docker/tasks/install_podman.yml
@@ -10,3 +10,18 @@
with_items:
- nvidia-container-runtime
when: "'cuda' in group_names"
+
+- name: Use vfs storage for system services (as overlay is still problematic)
+ lineinfile: dest="/etc/containers/storage.conf" regexp="driver\s*=" line="driver = \"vfs\"" state="present"
+ register: storage
+
+- name: Adapt storage
+ when: storage is changed
+ block:
+ - name: stat /var/lib/containers/storage
+ stat: path=/var/lib/containers/storage
+ register: storage_folder
+
+ - name: Rename and set aside storage folder using older driver
+ command: mv /var/lib/containers/storage /var/lib/containers/storage~
+ when: storage_folder.stat.exists
diff --git a/scripts.yml b/scripts.yml
new file mode 100644
index 0000000..8c0aa4c
--- /dev/null
+++ b/scripts.yml
@@ -0,0 +1,6 @@
+- name: Common Software
+ hosts: all
+ remote_user: root
+ roles:
+ - role: ands_scripts
+