diff options
-rw-r--r-- | install.yml | 18 | ||||
-rw-r--r-- | inventories/ipe.erb | 3 | ||||
-rw-r--r-- | pods.yml | 7 | ||||
-rw-r--r-- | roles/ands_pods/tasks/compute.yml | 6 | ||||
-rw-r--r-- | roles/ands_pods/tasks/main.yml | 24 | ||||
-rw-r--r-- | roles/ands_pods/templates/services/distcc.service | 17 | ||||
-rw-r--r-- | roles/ands_scripts/defaults/main.yml | 1 | ||||
-rw-r--r-- | roles/ands_scripts/tasks/main.yml | 29 | ||||
-rw-r--r-- | roles/ands_scripts/templates/all/cron/maintain.j2 | 4 | ||||
-rw-r--r-- | roles/ands_scripts/templates/all/scripts/subids.sh | 19 | ||||
-rw-r--r-- | roles/ands_storage/tasks/nfs.yml | 2 | ||||
-rw-r--r-- | roles/common/tasks/install.yml | 3 | ||||
-rw-r--r-- | roles/common/tasks/main.yml | 2 | ||||
-rw-r--r-- | roles/common/tasks/software.yml | 1 | ||||
-rw-r--r-- | roles/devel/defaults/main.yml | 2 | ||||
-rw-r--r-- | roles/devel/tasks/dnf.yml | 9 | ||||
-rw-r--r-- | roles/devel/tasks/main.yml | 10 | ||||
-rw-r--r-- | roles/devel/vars/centos-7.yml | 1 | ||||
-rw-r--r-- | roles/devel/vars/main.yml | 1 | ||||
-rw-r--r-- | roles/docker/tasks/install_podman.yml | 15 | ||||
-rw-r--r-- | scripts.yml | 6 |
21 files changed, 168 insertions, 12 deletions
diff --git a/install.yml b/install.yml index 802dc10..e675815 100644 --- a/install.yml +++ b/install.yml @@ -10,6 +10,12 @@ roles: - role: ands_idm +- name: Devel Packages + hosts: devel + remote_user: root + roles: + - role: devel + - name: Infiniband hosts: ib remote_user: root @@ -46,3 +52,15 @@ remote_user: root roles: - role: ands_storage + +- name: Ands Scripts + hosts: all + remote_user: root + roles: + - role: ands_scripts + +- name: Docker Containers (Pods) + hosts: all + remote_user: root + roles: + - role: ands_pods diff --git a/inventories/ipe.erb b/inventories/ipe.erb index 2ff9e24..1041e21 100644 --- a/inventories/ipe.erb +++ b/inventories/ipe.erb @@ -41,3 +41,6 @@ student [ipaclients:children] vm compute + +[devel:children] +compute diff --git a/pods.yml b/pods.yml new file mode 100644 index 0000000..c4bb25b --- /dev/null +++ b/pods.yml @@ -0,0 +1,7 @@ +- name: Docker Containers (Pods) + hosts: all + remote_user: root + roles: + - role: ands_pods + + diff --git a/roles/ands_pods/tasks/compute.yml b/roles/ands_pods/tasks/compute.yml new file mode 100644 index 0000000..649a6e0 --- /dev/null +++ b/roles/ands_pods/tasks/compute.yml @@ -0,0 +1,6 @@ +- name: Start DistCC daemon + systemd: name="distcc" daemon_reload="yes" state="restarted" enabled="yes" + become: yes + +- name: Open DistCC port + firewalld: port="3632/tcp" state="enabled" permanent="true" immediate="true" diff --git a/roles/ands_pods/tasks/main.yml b/roles/ands_pods/tasks/main.yml new file mode 100644 index 0000000..755377e --- /dev/null +++ b/roles/ands_pods/tasks/main.yml @@ -0,0 +1,24 @@ +#- name: Install monitoring applications +# package: name={{item}} state=present +# with_items: +# - sysstat + +- name: "Deploy services" + copy: src="{{ item | quote }}" dest="/etc/systemd/system/{{ item | basename | quote }}" owner=root group=root mode=0755 + with_fileglob: + - "{{ role_path }}/templates/services/*.service" + +- name: "Deploy service templates" + template: src="{{ item | quote }}" dest="/etc/systemd/system/{{ script_name }}" owner=root group=root mode=0755 + vars: + script_name: "{{ item | basename | regex_replace('\\.j2','') }}" + with_fileglob: + - "{{ role_path }}/templates/services/*.j2" + +- name: Configure services on compute nodes + include_tasks: compute.yml + when: "'compute' in group_names" + +- name: Reload SystemD service + systemd: daemon_reload="yes" + become: yes diff --git a/roles/ands_pods/templates/services/distcc.service b/roles/ands_pods/templates/services/distcc.service new file mode 100644 index 0000000..a754fb4 --- /dev/null +++ b/roles/ands_pods/templates/services/distcc.service @@ -0,0 +1,17 @@ +[Unit] +Description=DistCC Podman Container +After=network.target + +[Service] +Type=simple +TimeoutStartSec=5m +ExecStartPre=-/usr/bin/podman rm "distcc" +ExecStart=/usr/bin/podman run --name distcc -p 3632:3632 chsa/distcc:latest +ExecReload=-/usr/bin/podman stop "distcc" +ExecReload=-/usr/bin/podman rm "distcc" +ExecStop=-/usr/bin/podman stop "distcc" +Restart=always +RestartSec=30 + +[Install] +WantedBy=multi-user.target diff --git a/roles/ands_scripts/defaults/main.yml b/roles/ands_scripts/defaults/main.yml new file mode 100644 index 0000000..ee3cb7b --- /dev/null +++ b/roles/ands_scripts/defaults/main.yml @@ -0,0 +1 @@ +ands_script_path: "/opt/scripts" diff --git a/roles/ands_scripts/tasks/main.yml b/roles/ands_scripts/tasks/main.yml new file mode 100644 index 0000000..048b0da --- /dev/null +++ b/roles/ands_scripts/tasks/main.yml @@ -0,0 +1,29 @@ +#- name: Install monitoring applications +# package: name={{item}} state=present +# with_items: +# - sysstat + +- name: Create scripts directory + file: path="{{ ands_script_path }}" state=directory + +- name: "Deploy scripts" + copy: src="{{ item | quote }}" dest="{{ ands_script_path }}/{{ item | basename | quote }}" owner=root group=root mode=0755 + with_fileglob: + - "{{ role_path }}/templates/all/scripts/*.sh" + - "{{ role_path }}/templates/{{ inventory_hostname }}/scripts/*.sh" + +- name: "Deploy script templates" + template: src="{{ item | quote }}" dest="{{ ands_script_path }}/{{ script_name }}" owner=root group=root mode=0755 + vars: + script_name: "{{ item | basename | regex_replace('\\.j2','') }}" + with_fileglob: + - "{{ role_path }}/templates/all/scripts/*.j2" + - "{{ role_path }}/templates/{{ inventory_hostname }}/scripts/*.j2" + +- name: "Deploy cron jobs" + template: src="{{ item | quote }}" dest="/etc/cron.d/{{ cron_name }}" owner=root group=root mode=0644 + vars: + cron_name: "{{ item | basename | regex_replace('\\.j2','') }}" + with_fileglob: + - "{{ role_path }}/templates/all/cron/*.j2" + - "{{ role_path }}/templates/{{ inventory_hostname }}/cron/*.j2" diff --git a/roles/ands_scripts/templates/all/cron/maintain.j2 b/roles/ands_scripts/templates/all/cron/maintain.j2 new file mode 100644 index 0000000..fdd4231 --- /dev/null +++ b/roles/ands_scripts/templates/all/cron/maintain.j2 @@ -0,0 +1,4 @@ +SHELL=/bin/bash +PATH=/sbin:/bin:/usr/sbin:/usr/bin +MAILTO=csa-darkserv@suren.me +*/15 * * * * root {{ ands_script_path }}/subids.sh diff --git a/roles/ands_scripts/templates/all/scripts/subids.sh b/roles/ands_scripts/templates/all/scripts/subids.sh new file mode 100644 index 0000000..a83baa0 --- /dev/null +++ b/roles/ands_scripts/templates/all/scripts/subids.sh @@ -0,0 +1,19 @@ +#! /bin/bash + +[ -f /etc/subuid ] || exit +[ -f /etc/subgid ] || exit + +users=$(getent group ipeusers | awk 'BEGIN { FS=":" } { print $4 }' | sed -e 's/,/\n/') +subuid=$(cat /etc/subuid | awk 'BEGIN { FS=":" } { print $1 }') +subgid=$(cat /etc/subgid | awk 'BEGIN { FS=":" } { print $1 }') + +subuid=$(echo -e "$users\n$subuid\n$subuid" | sort | uniq -u) +subgid=$(echo -e "$users\n$subgid\n$subgid" | sort | uniq -u) + +for user in $subuid; do + grep -qxF "$user" /etc/subuid || sed -i'' -e "\$a$user:100000:65536" /etc/subuid +done + +for user in $subgid; do + grep -qxF "$user" /etc/subgid || sed -i'' -e "\$a$user:100000:65536" /etc/subgid +done diff --git a/roles/ands_storage/tasks/nfs.yml b/roles/ands_storage/tasks/nfs.yml index f8bb310..111992e 100644 --- a/roles/ands_storage/tasks/nfs.yml +++ b/roles/ands_storage/tasks/nfs.yml @@ -10,6 +10,6 @@ when: ands_nfs_server is defined - name: set mountpoints - mount: name=/mnt/pdv src="{{ ands_pdv_server }}:/pdv" fstype=nfs opts=defaults,_netdev,nofail,soft,nodiratime,noatime dump=0 passno=0 state=mounted + mount: name=/mnt/pdv src="{{ ands_pdv_server }}:/mnt/pdv" fstype=nfs opts=defaults,_netdev,nofail,soft,nodiratime,noatime dump=0 passno=0 state=mounted when: ands_pdv_server is defined diff --git a/roles/common/tasks/install.yml b/roles/common/tasks/install.yml index 9f3cf79..53c4a00 100644 --- a/roles/common/tasks/install.yml +++ b/roles/common/tasks/install.yml @@ -14,6 +14,9 @@ - name: Install additional software include_tasks: software.yml +- name: Ensure csa user can login using public key auth + file: path="/home/csa/.ssh" owner="csa" group="csa" recurse=true + - name: Configure git shell: | git config --global http.sslVerify false diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml index 9f0b72c..086c952 100644 --- a/roles/common/tasks/main.yml +++ b/roles/common/tasks/main.yml @@ -1,3 +1,3 @@ --- -- name: "Configuring OpenShift" +- name: "Running {{ subrole | default('install') }}" include_tasks: "{{ subrole | default('install') }}.yml" diff --git a/roles/common/tasks/software.yml b/roles/common/tasks/software.yml index 3a1a5c1..add70d6 100644 --- a/roles/common/tasks/software.yml +++ b/roles/common/tasks/software.yml @@ -7,6 +7,7 @@ - strace - git - pciutils + - htop - name: Ensure all extra packages are installed package: name={{item}} state=present diff --git a/roles/devel/defaults/main.yml b/roles/devel/defaults/main.yml new file mode 100644 index 0000000..18215c8 --- /dev/null +++ b/roles/devel/defaults/main.yml @@ -0,0 +1,2 @@ +common_packages: [ cmake, libdb-devel, libnl3-devel, elfutils-devel, numactl-devel, boost-devel, tcl, tk ] +extra_packages: [] diff --git a/roles/devel/tasks/dnf.yml b/roles/devel/tasks/dnf.yml index 350108a..bd6e452 100644 --- a/roles/devel/tasks/dnf.yml +++ b/roles/devel/tasks/dnf.yml @@ -1,5 +1,6 @@ - name: Install development package groups - dnf: name={{item}} state=present - with_items: - - "@Development and Creative Workstation" - + dnf: + state: present + name: + - "@Development Tools" + - "@RPM Development Tools" diff --git a/roles/devel/tasks/main.yml b/roles/devel/tasks/main.yml index d42dd31..7d08a15 100644 --- a/roles/devel/tasks/main.yml +++ b/roles/devel/tasks/main.yml @@ -8,12 +8,12 @@ - "{{ ansible_distribution|lower }}.yml" - "{{ ansible_os_family|lower }}.yml" -- include_tasks: dnf.yml - when: ansible_distribution | lower == 'fedora' - - include_tasks: yum.yml - when: (ansible_os_family | lower == 'redhat') and (ansible_distribution | lower != 'fedora') + when: ansible_pkg_mgr == 'yum' + +- include_tasks: dnf.yml + when: ansible_pkg_mgr == 'dnf' - name: Install various development packages package: name={{item}} state=present - with_items: "{{ common_packages | union(packages | default([])) }}" + with_items: "{{ common_packages | union ( extra_packages | default([]) ) | union(packages | default([])) }}" diff --git a/roles/devel/vars/centos-7.yml b/roles/devel/vars/centos-7.yml new file mode 100644 index 0000000..a276957 --- /dev/null +++ b/roles/devel/vars/centos-7.yml @@ -0,0 +1 @@ +extra_packages: [ doxygen, libmnl-devel, libconfig-devel, iptables-devel ] diff --git a/roles/devel/vars/main.yml b/roles/devel/vars/main.yml deleted file mode 100644 index 9024160..0000000 --- a/roles/devel/vars/main.yml +++ /dev/null @@ -1 +0,0 @@ -common_packages: [ cmake, doxygen, libdb-devel, libnl3-devel, libmnl-devel, elfutils-devel, iptables-devel, numactl-devel, boost-devel, tcl, tk, libconfig-devel ]
\ No newline at end of file diff --git a/roles/docker/tasks/install_podman.yml b/roles/docker/tasks/install_podman.yml index 3498aa7..f59e778 100644 --- a/roles/docker/tasks/install_podman.yml +++ b/roles/docker/tasks/install_podman.yml @@ -10,3 +10,18 @@ with_items: - nvidia-container-runtime when: "'cuda' in group_names" + +- name: Use vfs storage for system services (as overlay is still problematic) + lineinfile: dest="/etc/containers/storage.conf" regexp="driver\s*=" line="driver = \"vfs\"" state="present" + register: storage + +- name: Adapt storage + when: storage is changed + block: + - name: stat /var/lib/containers/storage + stat: path=/var/lib/containers/storage + register: storage_folder + + - name: Rename and set aside storage folder using older driver + command: mv /var/lib/containers/storage /var/lib/containers/storage~ + when: storage_folder.stat.exists diff --git a/scripts.yml b/scripts.yml new file mode 100644 index 0000000..8c0aa4c --- /dev/null +++ b/scripts.yml @@ -0,0 +1,6 @@ +- name: Common Software + hosts: all + remote_user: root + roles: + - role: ands_scripts + |