From a0749d12b1a22fe3cec01244e13369938a401caa Mon Sep 17 00:00:00 2001 From: scimerman Date: Tue, 19 Jul 2022 13:37:23 +0200 Subject: [PATCH 01/17] BB: first test deploy --- group_vars/all/vars.yml | 22 ++++++++++ .../betabarrel_cluster/ip_addresses.yml | 16 +++++++- group_vars/betabarrel_cluster/vars.yml | 16 +++++--- roles/cluster/tasks/main.yml | 41 ++----------------- roles/yum_local/defaults/main.yml | 2 +- roles/yum_local/tasks/main.yml | 4 +- roles/yum_repos/tasks/main.yml | 25 +++++++++-- single_group_playbooks/cluster_part1.yml | 3 +- static_inventories/betabarrel_cluster.yml | 1 + 9 files changed, 77 insertions(+), 53 deletions(-) diff --git a/group_vars/all/vars.yml b/group_vars/all/vars.yml index f85ca7e3a..fe1742898 100644 --- a/group_vars/all/vars.yml +++ b/group_vars/all/vars.yml @@ -106,4 +106,26 @@ pulp_repos: description: 'Lustre client Long Term Support (LTS) releases for Enterprise Linux 7.' remote_url: https://downloads.whamcloud.com/public/lustre/latest-2.12-release/el7/client/ client_baseurl: "https://{{ stack_prefix }}-repo/pulp/content/{{ slurm_cluster_name }}/lustre7/" +# +# List of repos for machines that do not use Pulp or Spacewalk +# +yum_repos: + - name: centos7-base + description: 'CentOS-7 - Base.' + baseurl: http://mirror.centos.org/centos/7/os/x86_64/ + - name: centos7-updates + description: 'CentOS-7 - Updates.' + baseurl: http://mirror.centos.org/centos/7/updates/x86_64/ + - name: centos7-extras + description: 'CentOS-7 - Extras.' + baseurl: http://mirror.centos.org/centos/7/extras/x86_64/ + - name: epel7 + description: 'Extra Packages for Enterprise Linux 7 (EPEL).' + baseurl: https://download.fedoraproject.org/pub/epel/7/x86_64/ + - name: irods7 + description: 'RENCI iRODS Repository for Enterprise Linux 7.' + baseurl: https://packages.irods.org/yum/pool/centos7/x86_64/ + - name: lustre7 + description: 'Lustre client Long Term Support (LTS) releases for Enterprise Linux 7.' + baseurl: https://downloads.whamcloud.com/public/lustre/latest-2.12-release/el7/client/ ... diff --git a/group_vars/betabarrel_cluster/ip_addresses.yml b/group_vars/betabarrel_cluster/ip_addresses.yml index 08ec03951..2b7a5b793 100644 --- a/group_vars/betabarrel_cluster/ip_addresses.yml +++ b/group_vars/betabarrel_cluster/ip_addresses.yml @@ -1,7 +1,19 @@ --- ip_addresses: betabarrel: - vlan983: - address: 172.23.41.225 + bb_internal_management: + address: 192.168.122.193 netmask: /32 +# bb_internal_storage: +# address: 10.10.2.192 +# netmask: /32 + porch: + bb_internal_management: + address: 10.10.1.148 + netmask: /32 + publicly_exposed: true # This internal IP is linked to a public (floating) IP. + vlan16: + address: 195.169.22.170 + netmask: /32 + fqdn: 'NXDOMAIN' ... diff --git a/group_vars/betabarrel_cluster/vars.yml b/group_vars/betabarrel_cluster/vars.yml index 6fcd9c91f..9ae1487dd 100644 --- a/group_vars/betabarrel_cluster/vars.yml +++ b/group_vars/betabarrel_cluster/vars.yml @@ -29,7 +29,7 @@ use_ldap: yes create_ldap: no use_sssd: yes ldap_domains: - grunn: + default_domain: uri: ldaps://svrs.id.rug.nl search_base: ou=gd,o=asds schema: rfc2307 @@ -55,6 +55,11 @@ nameservers: [ '8.8.4.4', # Google DNS. '8.8.8.8', # Google DNS. ] +network_private_management_id: "{{ stack_prefix }}_internal_management" +network_private_management_cidr: '10.10.1.0/24' +network_private_management_gw: '10.10.1.1' +#network_private_storage_id: "{{ stack_prefix }}_internal_storage" +#network_private_storage_cidr: '10.10.2.0/24' local_admin_groups: - 'admin' - 'docker' @@ -134,10 +139,11 @@ regular_users: # pfs_mounts: - pfs: local_raid - source: - type: - rw_options: - ro_options: + device: /dev/sdb1 + source: 'localhost:/mnt' + type: nfs4 + rw_options: 'defaults,_netdev,noatime,nodiratime,local_lock=flock' + ro_options: 'defaults,_netdev,noatime,nodiratime,ro' machines: "{{ groups['sys_admin_interface'] }}" - pfs: 'medgen_zincfinger$' source: '//storage3.umcg.nl' diff --git a/roles/cluster/tasks/main.yml b/roles/cluster/tasks/main.yml index 204baf760..cdf7a7724 100644 --- a/roles/cluster/tasks/main.yml +++ b/roles/cluster/tasks/main.yml @@ -5,47 +5,12 @@ state: permissive become: true -- name: Install some standard software +- name: Install some additional packages ansible.builtin.yum: state: latest update_cache: true - name: - - bash-completion - - bc - - bcc-tools - - bind-utils - - bzip2 - - cargo - - curl - - dos2unix - - figlet - - git - - git-core - - gnutls - - irods-icommands - - libsodium - - lsof - - nano - - ncdu - - ncurses-static - - net-tools - - openssl - - qt5-qtbase - - qt5-qtxmlpatterns - - readline-static - - rsync - - screen - - singularity-runtime - - singularity - - strace - - tcl-devel - - telnet - - tmux - - tree - - unzip - - urw-base35-fonts - - vim - - wget + name: '{{ item }}' + with_list: '{{ cluster_packages }}' tags: - software become: true diff --git a/roles/yum_local/defaults/main.yml b/roles/yum_local/defaults/main.yml index d0f867b0c..cb25e4cf6 100644 --- a/roles/yum_local/defaults/main.yml +++ b/roles/yum_local/defaults/main.yml @@ -1,4 +1,4 @@ --- local_yum_repository: "false" -lyr_dir_path: "/var/local/repo/" +lyr_dir_path: "/usr/local/repo/" ... diff --git a/roles/yum_local/tasks/main.yml b/roles/yum_local/tasks/main.yml index 7c82a5379..215b81606 100644 --- a/roles/yum_local/tasks/main.yml +++ b/roles/yum_local/tasks/main.yml @@ -1,9 +1,9 @@ --- - name: Create a local yum repository ansible.builtin.include: lyr.yml - when: local_yum_repository == true + when: local_yum_repository | bool is true - name: Remove a local yum repository ansible.builtin.include: lyr_remove.yml - when: local_yum_repository == false + when: local_yum_repository | bool is false ... diff --git a/roles/yum_repos/tasks/main.yml b/roles/yum_repos/tasks/main.yml index 2164af8ee..56906be33 100644 --- a/roles/yum_repos/tasks/main.yml +++ b/roles/yum_repos/tasks/main.yml @@ -1,9 +1,26 @@ --- -- name: "Add custom yum repos." +- name: Remove default system packages + ansible.builtin.file: + path: "/etc/yum.repos.d/{{ item }}" + state: absent + with_items: + - CentOS-CR.repo + - CentOS-fasttrack.repo + - CentOS-Sources.repo + - CentOS-x86_64-kernel.repo + - CentOS-Base.repo + - CentOS-Debuginfo.repo + - CentOS-Media.repo + - CentOS-Vault.repo + - epel.repo + - epel-testing.repo + become: true + +- name: Add custom yum repos. yum_repository: - name: "{{ item }}" - description: "{{ yum_repos[item].description }}" - baseurl: "{{ yum_repos[item].baseurl }}" + name: "{{ item.name }}" + description: "{{ item.description }}" + baseurl: "{{ item.baseurl }}" gpgcheck: false with_items: "{{ yum_repos }}" become: true diff --git a/single_group_playbooks/cluster_part1.yml b/single_group_playbooks/cluster_part1.yml index 93861ab96..2aa623962 100644 --- a/single_group_playbooks/cluster_part1.yml +++ b/single_group_playbooks/cluster_part1.yml @@ -11,7 +11,8 @@ - swap - {role: spacewalk_client, when: repo_manager == 'spacewalk'} - {role: pulp_client, when: repo_manager == 'pulp'} - - {role: yum_local, when: local_yum_repository == 'true' } + - {role: yum_repos, when: repo_manager == 'none'} + - {role: yum_local, when: local_yum_repository is defined} - static_hostname_lookup - logrotate - remove diff --git a/static_inventories/betabarrel_cluster.yml b/static_inventories/betabarrel_cluster.yml index a4a794d05..1742a8918 100644 --- a/static_inventories/betabarrel_cluster.yml +++ b/static_inventories/betabarrel_cluster.yml @@ -15,6 +15,7 @@ all: hosts: betabarrel: local_yum_repository: true # enable local yum repository + ansible_host: 192.168.122.193 deploy_admin_interface: hosts: betabarrel: From 82e1a3ebdd537d1e6e708568a2a02318606594f1 Mon Sep 17 00:00:00 2001 From: scimerman Date: Tue, 26 Jul 2022 13:28:29 +0200 Subject: [PATCH 02/17] BB: first test deploy --- cluster.yml | 2 +- group_vars/betabarrel_cluster/vars.yml | 10 +++++----- roles/cluster/tasks/main.yml | 3 +-- roles/docker/tasks/main.yml | 17 ++++++++++++----- roles/yum_repos/tasks/main.yml | 2 +- single_group_playbooks/cluster_part1.yml | 2 +- static_inventories/betabarrel_cluster.yml | 11 ++++++++++- 7 files changed, 31 insertions(+), 16 deletions(-) diff --git a/cluster.yml b/cluster.yml index c510e2783..5d0d2f2a2 100644 --- a/cluster.yml +++ b/cluster.yml @@ -12,7 +12,7 @@ - import_playbook: single_group_playbooks/pre_deploy_checks.yml -- import_playbook: single_group_playbooks/jumphost.yml +#- import_playbook: single_group_playbooks/jumphost.yml - import_playbook: single_group_playbooks/repo.yml diff --git a/group_vars/betabarrel_cluster/vars.yml b/group_vars/betabarrel_cluster/vars.yml index 9ae1487dd..bc767aac0 100644 --- a/group_vars/betabarrel_cluster/vars.yml +++ b/group_vars/betabarrel_cluster/vars.yml @@ -139,11 +139,11 @@ regular_users: # pfs_mounts: - pfs: local_raid - device: /dev/sdb1 - source: 'localhost:/mnt' - type: nfs4 - rw_options: 'defaults,_netdev,noatime,nodiratime,local_lock=flock' - ro_options: 'defaults,_netdev,noatime,nodiratime,ro' + device: /local_raid # needs to be already mounted on system (f.e. /dev/sdc1 > /local_raid) + source: '/mnt' + type: 'none' + rw_options: 'bind' + ro_options: 'bind,ro' machines: "{{ groups['sys_admin_interface'] }}" - pfs: 'medgen_zincfinger$' source: '//storage3.umcg.nl' diff --git a/roles/cluster/tasks/main.yml b/roles/cluster/tasks/main.yml index cdf7a7724..f5be6e164 100644 --- a/roles/cluster/tasks/main.yml +++ b/roles/cluster/tasks/main.yml @@ -9,8 +9,7 @@ ansible.builtin.yum: state: latest update_cache: true - name: '{{ item }}' - with_list: '{{ cluster_packages }}' + name: '{{ cluster_packages }}' tags: - software become: true diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml index 2af4270bb..c66969e6c 100644 --- a/roles/docker/tasks/main.yml +++ b/roles/docker/tasks/main.yml @@ -3,18 +3,25 @@ ansible.builtin.yum: name: - docker - - python2-pip + - python3-pip - docker-compose state: latest update_cache: true become: true -- name: Upgrade pip to latest version that still supports Python 2.7 - ansible.builtin.command: pip install pip==20.3.4 +#- name: Upgrade pip to latest version +# ansible.builtin.command: pip3 install -U pip +# become: true +- name: Upgrade pip3 to latest version + ansible.builtin.pip: + name: pip + state: latest + executable: pip3 become: true -- name: Install docker-py (supported by python 2.7) +- name: Install docker-py (supported by python 3) ansible.builtin.pip: - name: docker==4.4.4 + name: docker + executable: pip3 become: true ... \ No newline at end of file diff --git a/roles/yum_repos/tasks/main.yml b/roles/yum_repos/tasks/main.yml index 56906be33..f2581d097 100644 --- a/roles/yum_repos/tasks/main.yml +++ b/roles/yum_repos/tasks/main.yml @@ -22,6 +22,6 @@ description: "{{ item.description }}" baseurl: "{{ item.baseurl }}" gpgcheck: false - with_items: "{{ yum_repos }}" + with_list: "{{ yum_repos }}" become: true ... diff --git a/single_group_playbooks/cluster_part1.yml b/single_group_playbooks/cluster_part1.yml index 2aa623962..322f1f57f 100644 --- a/single_group_playbooks/cluster_part1.yml +++ b/single_group_playbooks/cluster_part1.yml @@ -18,7 +18,7 @@ - remove - update - logins - - figlet_motd +# - figlet_motd - node_exporter - cluster - resolver diff --git a/static_inventories/betabarrel_cluster.yml b/static_inventories/betabarrel_cluster.yml index 1742a8918..693e24584 100644 --- a/static_inventories/betabarrel_cluster.yml +++ b/static_inventories/betabarrel_cluster.yml @@ -15,10 +15,19 @@ all: hosts: betabarrel: local_yum_repository: true # enable local yum repository - ansible_host: 192.168.122.193 + # ansible_host: 192.168.122.223 + ansible_host: 20.229.178.85 deploy_admin_interface: hosts: betabarrel: + volumes: + - mount_point: '/apps' + device: '/mnt/env06/apps/' + mounted_owner: root + mounted_group: "{{ envsync_group }}" + mounted_mode: '2775' + mount_options: 'bind' + type: none user_interface: hosts: betabarrel: From 9ed3e39302eed2fb3e9d771e6e3608a8bf53882d Mon Sep 17 00:00:00 2001 From: scimerman Date: Tue, 26 Jul 2022 13:29:44 +0200 Subject: [PATCH 03/17] BB: first test deploy --- cluster.yml | 2 +- single_group_playbooks/cluster_part1.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/cluster.yml b/cluster.yml index 5d0d2f2a2..c510e2783 100644 --- a/cluster.yml +++ b/cluster.yml @@ -12,7 +12,7 @@ - import_playbook: single_group_playbooks/pre_deploy_checks.yml -#- import_playbook: single_group_playbooks/jumphost.yml +- import_playbook: single_group_playbooks/jumphost.yml - import_playbook: single_group_playbooks/repo.yml diff --git a/single_group_playbooks/cluster_part1.yml b/single_group_playbooks/cluster_part1.yml index 322f1f57f..2aa623962 100644 --- a/single_group_playbooks/cluster_part1.yml +++ b/single_group_playbooks/cluster_part1.yml @@ -18,7 +18,7 @@ - remove - update - logins -# - figlet_motd + - figlet_motd - node_exporter - cluster - resolver From 871b0b777be62fe4afbd19ddbcfa3a9327029606 Mon Sep 17 00:00:00 2001 From: scimerman Date: Tue, 26 Jul 2022 17:54:44 +0200 Subject: [PATCH 04/17] BB: test config --- cluster.yml | 2 +- single_group_playbooks/cluster_part1.yml | 2 +- static_inventories/betabarrel_cluster.yml | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/cluster.yml b/cluster.yml index c510e2783..5d0d2f2a2 100644 --- a/cluster.yml +++ b/cluster.yml @@ -12,7 +12,7 @@ - import_playbook: single_group_playbooks/pre_deploy_checks.yml -- import_playbook: single_group_playbooks/jumphost.yml +#- import_playbook: single_group_playbooks/jumphost.yml - import_playbook: single_group_playbooks/repo.yml diff --git a/single_group_playbooks/cluster_part1.yml b/single_group_playbooks/cluster_part1.yml index 2aa623962..322f1f57f 100644 --- a/single_group_playbooks/cluster_part1.yml +++ b/single_group_playbooks/cluster_part1.yml @@ -18,7 +18,7 @@ - remove - update - logins - - figlet_motd +# - figlet_motd - node_exporter - cluster - resolver diff --git a/static_inventories/betabarrel_cluster.yml b/static_inventories/betabarrel_cluster.yml index 693e24584..c0fa01bb1 100644 --- a/static_inventories/betabarrel_cluster.yml +++ b/static_inventories/betabarrel_cluster.yml @@ -15,8 +15,8 @@ all: hosts: betabarrel: local_yum_repository: true # enable local yum repository - # ansible_host: 192.168.122.223 - ansible_host: 20.229.178.85 + ansible_host: 192.168.122.223 +# ansible_host: 20.229.178.85 deploy_admin_interface: hosts: betabarrel: From 5d482a6138126718208ed41288c174f647b4180c Mon Sep 17 00:00:00 2001 From: scimerman Date: Mon, 5 Sep 2022 11:26:46 +0200 Subject: [PATCH 05/17] bettabarrel fix --- cluster.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cluster.yml b/cluster.yml index 5d0d2f2a2..c510e2783 100644 --- a/cluster.yml +++ b/cluster.yml @@ -12,7 +12,7 @@ - import_playbook: single_group_playbooks/pre_deploy_checks.yml -#- import_playbook: single_group_playbooks/jumphost.yml +- import_playbook: single_group_playbooks/jumphost.yml - import_playbook: single_group_playbooks/repo.yml From 6df2c257f7fbc6a3e5a6cca3391bc4c59e8db18d Mon Sep 17 00:00:00 2001 From: scimerman Date: Mon, 5 Sep 2022 11:27:47 +0200 Subject: [PATCH 06/17] bettabarrel fix --- single_group_playbooks/cluster_part1.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/single_group_playbooks/cluster_part1.yml b/single_group_playbooks/cluster_part1.yml index 33cd6b83c..74a8a8e83 100644 --- a/single_group_playbooks/cluster_part1.yml +++ b/single_group_playbooks/cluster_part1.yml @@ -19,7 +19,7 @@ - remove - update - logins -# - figlet_motd + - figlet_motd - node_exporter - cluster - resolver From 60d83cc7b3140efa2152a1036368cd4f8a2a9fde Mon Sep 17 00:00:00 2001 From: scimerman Date: Mon, 5 Sep 2022 20:36:48 +0200 Subject: [PATCH 07/17] betabarrel test deploy update --- group_vars/all/vars.yml | 12 ++++++++ .../betabarrel_cluster/ip_addresses.yml | 9 ------ group_vars/betabarrel_cluster/vars.yml | 2 +- roles/cluster/tasks/main.yml | 2 +- roles/yum_repos/tasks/main.yml | 30 ++++++++++--------- static_inventories/betabarrel_cluster.yml | 6 ---- 6 files changed, 30 insertions(+), 31 deletions(-) diff --git a/group_vars/all/vars.yml b/group_vars/all/vars.yml index c217d6d09..da1fc0cef 100644 --- a/group_vars/all/vars.yml +++ b/group_vars/all/vars.yml @@ -112,19 +112,31 @@ yum_repos: - name: centos7-base description: 'CentOS-7 - Base.' baseurl: http://mirror.centos.org/centos/7/os/x86_64/ + gpgcheck: 'true' + gpgkey: 'file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7' - name: centos7-updates description: 'CentOS-7 - Updates.' baseurl: http://mirror.centos.org/centos/7/updates/x86_64/ + gpgcheck: 'true' + gpgkey: 'file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7' - name: centos7-extras description: 'CentOS-7 - Extras.' baseurl: http://mirror.centos.org/centos/7/extras/x86_64/ + gpgcheck: 'true' + gpgkey: 'file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7' - name: epel7 description: 'Extra Packages for Enterprise Linux 7 (EPEL).' baseurl: https://download.fedoraproject.org/pub/epel/7/x86_64/ + gpgcheck: 'true' + gpgkey: 'file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7' # comes preinstalled with epel-release - name: irods7 description: 'RENCI iRODS Repository for Enterprise Linux 7.' baseurl: https://packages.irods.org/yum/pool/centos7/x86_64/ + gpgcheck: 'false' + gpgkey: '' - name: lustre7 description: 'Lustre client Long Term Support (LTS) releases for Enterprise Linux 7.' baseurl: https://downloads.whamcloud.com/public/lustre/latest-2.12-release/el7/client/ + gpgcheck: 'false' + gpgkey: '' ... diff --git a/group_vars/betabarrel_cluster/ip_addresses.yml b/group_vars/betabarrel_cluster/ip_addresses.yml index 2b7a5b793..20f29635c 100644 --- a/group_vars/betabarrel_cluster/ip_addresses.yml +++ b/group_vars/betabarrel_cluster/ip_addresses.yml @@ -7,13 +7,4 @@ ip_addresses: # bb_internal_storage: # address: 10.10.2.192 # netmask: /32 - porch: - bb_internal_management: - address: 10.10.1.148 - netmask: /32 - publicly_exposed: true # This internal IP is linked to a public (floating) IP. - vlan16: - address: 195.169.22.170 - netmask: /32 - fqdn: 'NXDOMAIN' ... diff --git a/group_vars/betabarrel_cluster/vars.yml b/group_vars/betabarrel_cluster/vars.yml index f276b0fa3..2c8e24695 100644 --- a/group_vars/betabarrel_cluster/vars.yml +++ b/group_vars/betabarrel_cluster/vars.yml @@ -138,7 +138,7 @@ regular_users: # pfs_mounts: - pfs: local_raid - device: /local_raid # needs to be already mounted on system (f.e. /dev/sdc1 > /local_raid) + device: /data # needs to be already mounted on system (f.e. /dev/sdc1 > /data) source: '/mnt' type: 'none' rw_options: 'bind' diff --git a/roles/cluster/tasks/main.yml b/roles/cluster/tasks/main.yml index 5ab1068db..43e2bbe52 100644 --- a/roles/cluster/tasks/main.yml +++ b/roles/cluster/tasks/main.yml @@ -5,7 +5,7 @@ state: permissive become: true -- name: Install some additional packages +- name: Install some standard software ansible.builtin.yum: state: latest update_cache: true diff --git a/roles/yum_repos/tasks/main.yml b/roles/yum_repos/tasks/main.yml index f2581d097..f3aae75d8 100644 --- a/roles/yum_repos/tasks/main.yml +++ b/roles/yum_repos/tasks/main.yml @@ -1,19 +1,20 @@ --- -- name: Remove default system packages +- name: Flush handlers. + ansible.builtin.meta: flush_handlers + +- name: Find all *.repo files in /etc/yum.repos.d/. + ansible.builtin.find: + paths: '/etc/yum.repos.d/' + use_regex: false + patterns: '*.repo' + register: yum_existing_repos + +- name: Remove *.repo files from /etc/yum.repos.d/ that do not correspond to our repos. ansible.builtin.file: - path: "/etc/yum.repos.d/{{ item }}" + path: "{{ item }}" state: absent - with_items: - - CentOS-CR.repo - - CentOS-fasttrack.repo - - CentOS-Sources.repo - - CentOS-x86_64-kernel.repo - - CentOS-Base.repo - - CentOS-Debuginfo.repo - - CentOS-Media.repo - - CentOS-Vault.repo - - epel.repo - - epel-testing.repo + with_items: "{{ yum_existing_repos.files | map (attribute='path') | list }}" + when: item | basename | regex_replace('.repo$','') not in yum_repos | map(attribute='name') | list become: true - name: Add custom yum repos. @@ -21,7 +22,8 @@ name: "{{ item.name }}" description: "{{ item.description }}" baseurl: "{{ item.baseurl }}" - gpgcheck: false + gpgcheck: "{{ item.gpgcheck }}" + gpgkey: "{{ item.gpgkey }}" with_list: "{{ yum_repos }}" become: true ... diff --git a/static_inventories/betabarrel_cluster.yml b/static_inventories/betabarrel_cluster.yml index c0fa01bb1..6305fc02a 100644 --- a/static_inventories/betabarrel_cluster.yml +++ b/static_inventories/betabarrel_cluster.yml @@ -4,10 +4,6 @@ all: openstack_api: hosts: localhost: - jumphost: - hosts: - porch: - cloud_flavor: m1.small docs: hosts: docs_on_merlin: @@ -15,8 +11,6 @@ all: hosts: betabarrel: local_yum_repository: true # enable local yum repository - ansible_host: 192.168.122.223 -# ansible_host: 20.229.178.85 deploy_admin_interface: hosts: betabarrel: From 1792fa6ff781bf8d96a424c0ff2a1ba9e21b3567 Mon Sep 17 00:00:00 2001 From: scimerman Date: Wed, 7 Sep 2022 18:24:40 +0200 Subject: [PATCH 08/17] betabarrel: deployed --- .../betabarrel_cluster/ip_addresses.yml | 2 +- group_vars/betabarrel_cluster/vars.yml | 39 ++++++++++++++----- group_vars/wingedhelix_cluster/vars.yml | 8 ++++ roles/sssd/templates/sssd.conf | 4 +- static_inventories/betabarrel_cluster.yml | 3 +- 5 files changed, 42 insertions(+), 14 deletions(-) diff --git a/group_vars/betabarrel_cluster/ip_addresses.yml b/group_vars/betabarrel_cluster/ip_addresses.yml index 20f29635c..6253aba3c 100644 --- a/group_vars/betabarrel_cluster/ip_addresses.yml +++ b/group_vars/betabarrel_cluster/ip_addresses.yml @@ -2,7 +2,7 @@ ip_addresses: betabarrel: bb_internal_management: - address: 192.168.122.193 + address: 129.125.55.13 netmask: /32 # bb_internal_storage: # address: 10.10.2.192 diff --git a/group_vars/betabarrel_cluster/vars.yml b/group_vars/betabarrel_cluster/vars.yml index cd0c487bb..fb2242c3c 100644 --- a/group_vars/betabarrel_cluster/vars.yml +++ b/group_vars/betabarrel_cluster/vars.yml @@ -20,17 +20,18 @@ motd: | ========================================================= Welcome to {{ slurm_cluster_name | capitalize }} ========================================================= -additional_etc_hosts: - - group: docs_library - nodes: - - name: docs_on_merlin - network: vlan16 +# additional_etc_hosts: +# - group: docs_library +# nodes: +# - name: docs_on_merlin +# network: vlan16 use_ldap: yes create_ldap: no use_sssd: yes ldap_domains: default_domain: - uri: ldaps://svrs.id.rug.nl + uri: ldaps://172.23.40.249 + ldap_tls_reqcert: allow search_base: ou=gd,o=asds schema: rfc2307 min_id: 50100000 @@ -43,6 +44,7 @@ ldap_domains: group_object_class: groupofnames group_quota_soft_limit_template: ruggroupumcgquotaLFSsoft group_quota_hard_limit_template: ruggroupumcgquotaLFS +ssh_host_signer_hostnames: "{{ ansible_fqdn }},{{ ansible_hostname }},{{ inventory_hostname }}" totp: machines: "{{ groups['jumphost'] }}" excluded: @@ -56,11 +58,28 @@ nameservers: [ '8.8.8.8', # Google DNS. ] network_private_management_id: "{{ stack_prefix }}_internal_management" -network_private_management_cidr: '10.10.1.0/24' -network_private_management_gw: '10.10.1.1' +network_private_management_cidr: '172.23.41.225/24' #network_private_storage_id: "{{ stack_prefix }}_internal_storage" #network_private_storage_cidr: '10.10.2.0/24' +iptables_allow_icmp_inbound: + - "{{ all.ip_addresses['umcg']['net1'] }}" + - "{{ all.ip_addresses['umcg']['net2'] }}" + - "{{ all.ip_addresses['umcg']['net3'] }}" + - "{{ all.ip_addresses['umcg']['net4'] }}" + - "{{ all.ip_addresses['rug']['bwp_net'] }}" + - "{{ all.ip_addresses['rug']['operator'] }}" + - "{{ all.ip_addresses['gcc']['cloud_net'] }}" + - "{{ wingedhelix_cluster.ip_addresses['porch']['vlan16'] }}" +iptables_allow_ssh_inbound: + - "{{ all.ip_addresses['umcg']['net1'] }}" + - "{{ all.ip_addresses['umcg']['net2'] }}" + - "{{ all.ip_addresses['umcg']['net3'] }}" + - "{{ all.ip_addresses['umcg']['net4'] }}" + - "{{ wingedhelix_cluster.ip_addresses['porch']['vlan16'] }}" +iptables_allow_ssh_outbound: + - "{{ wingedhelix_cluster.ip_addresses['porch']['vlan16'] }}" + local_backups: # list of folders for cron to make daily backup - name: apps # don't modify after once deployed! src_path: '/apps' @@ -173,7 +192,7 @@ lfs_mounts: - lfs: home pfs: local_raid rw_machines: "{{ groups['cluster'] }}" - - lfs: tmp06 + - lfs: tmp05 pfs: local_raid groups: - name: umcg-atd @@ -247,7 +266,7 @@ lfs_mounts: - name: umcg-gst - name: umcg-vipt rw_machines: "{{ groups['chaperone'] }}" - - lfs: env06 + - lfs: env05 pfs: local_raid ro_machines: "{{ groups['compute_vm'] + groups['user_interface'] }}" rw_machines: "{{ groups['deploy_admin_interface'] }}" diff --git a/group_vars/wingedhelix_cluster/vars.yml b/group_vars/wingedhelix_cluster/vars.yml index 49fc863f5..540140479 100644 --- a/group_vars/wingedhelix_cluster/vars.yml +++ b/group_vars/wingedhelix_cluster/vars.yml @@ -40,6 +40,14 @@ additional_etc_hosts: network: public - name: gattaca02 network: public + - group: betabarrel_cluster + nodes: + - name: betabarrel + network: bb_internal_management + - group: copperfist_cluster + nodes: + - name: copperfist + network: cf_internal_management use_ldap: true create_ldap: false use_sssd: true diff --git a/roles/sssd/templates/sssd.conf b/roles/sssd/templates/sssd.conf index ad01bde13..383d5aea6 100644 --- a/roles/sssd/templates/sssd.conf +++ b/roles/sssd/templates/sssd.conf @@ -70,8 +70,8 @@ min_id = {{ ldap_config.min_id }} max_id = {{ ldap_config.max_id }} enumerate = true cache_credentials = false -ldap_tls_reqcert = demand +ldap_tls_reqcert = {{ ldap_config.ldap_tls_reqcert | default('demand', true) }} ldap_tls_cacert = /etc/pki/tls/certs/ca-bundle.trust.crt #ldap_tls_cipher_suite = HIGH:MEDIUM # SSSD uses OpenSSL style cipher suites. debug_level = 3 -{% endfor %} \ No newline at end of file +{% endfor %} diff --git a/static_inventories/betabarrel_cluster.yml b/static_inventories/betabarrel_cluster.yml index 6305fc02a..7d716712a 100644 --- a/static_inventories/betabarrel_cluster.yml +++ b/static_inventories/betabarrel_cluster.yml @@ -10,13 +10,14 @@ all: sys_admin_interface: hosts: betabarrel: +# ansible_host: betabarrel.hpc.rug.nl local_yum_repository: true # enable local yum repository deploy_admin_interface: hosts: betabarrel: volumes: - mount_point: '/apps' - device: '/mnt/env06/apps/' + device: '/mnt/env05/apps/' mounted_owner: root mounted_group: "{{ envsync_group }}" mounted_mode: '2775' From 5d0b09dc1f08882a337445ebd09c9c638eebb534 Mon Sep 17 00:00:00 2001 From: scimerman Date: Thu, 8 Sep 2022 13:22:51 +0200 Subject: [PATCH 09/17] betabarrel: after succesull deploy --- group_vars/betabarrel_cluster/vars.yml | 10 +++++----- roles/yum_repos/tasks/main.yml | 1 + static_inventories/betabarrel_cluster.yml | 1 - 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/group_vars/betabarrel_cluster/vars.yml b/group_vars/betabarrel_cluster/vars.yml index fb2242c3c..5515d91d2 100644 --- a/group_vars/betabarrel_cluster/vars.yml +++ b/group_vars/betabarrel_cluster/vars.yml @@ -20,11 +20,11 @@ motd: | ========================================================= Welcome to {{ slurm_cluster_name | capitalize }} ========================================================= -# additional_etc_hosts: -# - group: docs_library -# nodes: -# - name: docs_on_merlin -# network: vlan16 +additional_etc_hosts: + - group: docs_library + nodes: + - name: docs_on_merlin + network: vlan16 use_ldap: yes create_ldap: no use_sssd: yes diff --git a/roles/yum_repos/tasks/main.yml b/roles/yum_repos/tasks/main.yml index f3aae75d8..ba1dc57db 100644 --- a/roles/yum_repos/tasks/main.yml +++ b/roles/yum_repos/tasks/main.yml @@ -7,6 +7,7 @@ paths: '/etc/yum.repos.d/' use_regex: false patterns: '*.repo' + excludes: 'local_yum.repo' register: yum_existing_repos - name: Remove *.repo files from /etc/yum.repos.d/ that do not correspond to our repos. diff --git a/static_inventories/betabarrel_cluster.yml b/static_inventories/betabarrel_cluster.yml index 7d716712a..5d7c04cd8 100644 --- a/static_inventories/betabarrel_cluster.yml +++ b/static_inventories/betabarrel_cluster.yml @@ -10,7 +10,6 @@ all: sys_admin_interface: hosts: betabarrel: -# ansible_host: betabarrel.hpc.rug.nl local_yum_repository: true # enable local yum repository deploy_admin_interface: hosts: From 7ec5753a4f15e65ebe76bb01eedecdebea85a11f Mon Sep 17 00:00:00 2001 From: scimerman Date: Thu, 8 Sep 2022 13:37:32 +0200 Subject: [PATCH 10/17] bb: remove option for ldaps certificate allow --- group_vars/betabarrel_cluster/vars.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/group_vars/betabarrel_cluster/vars.yml b/group_vars/betabarrel_cluster/vars.yml index 5515d91d2..c14affa5d 100644 --- a/group_vars/betabarrel_cluster/vars.yml +++ b/group_vars/betabarrel_cluster/vars.yml @@ -31,7 +31,7 @@ use_sssd: yes ldap_domains: default_domain: uri: ldaps://172.23.40.249 - ldap_tls_reqcert: allow + ldap_tls_reqcert: demand search_base: ou=gd,o=asds schema: rfc2307 min_id: 50100000 From 2f4502bb6343435f9b0b1185b6df88483823e489 Mon Sep 17 00:00:00 2001 From: scimerman Date: Thu, 8 Sep 2022 13:38:29 +0200 Subject: [PATCH 11/17] bb: remove option for ldaps certificate allow --- group_vars/betabarrel_cluster/vars.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/group_vars/betabarrel_cluster/vars.yml b/group_vars/betabarrel_cluster/vars.yml index c14affa5d..d8baebc43 100644 --- a/group_vars/betabarrel_cluster/vars.yml +++ b/group_vars/betabarrel_cluster/vars.yml @@ -31,7 +31,6 @@ use_sssd: yes ldap_domains: default_domain: uri: ldaps://172.23.40.249 - ldap_tls_reqcert: demand search_base: ou=gd,o=asds schema: rfc2307 min_id: 50100000 From c3919bd362bf728764311e11d57a76ad746f4211 Mon Sep 17 00:00:00 2001 From: scimerman Date: Fri, 9 Sep 2022 15:41:51 +0200 Subject: [PATCH 12/17] yum_repos: fqcn --- roles/yum_repos/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/yum_repos/tasks/main.yml b/roles/yum_repos/tasks/main.yml index ba1dc57db..b4f6e90de 100644 --- a/roles/yum_repos/tasks/main.yml +++ b/roles/yum_repos/tasks/main.yml @@ -19,7 +19,7 @@ become: true - name: Add custom yum repos. - yum_repository: + ansible.builtin.yum_repository: name: "{{ item.name }}" description: "{{ item.description }}" baseurl: "{{ item.baseurl }}" From df1372a48cf545e5569d4fff516da0cdf5aea464 Mon Sep 17 00:00:00 2001 From: scimerman <80223690+scimerman@users.noreply.github.com> Date: Mon, 12 Sep 2022 11:33:39 +0200 Subject: [PATCH 13/17] Update group_vars/betabarrel_cluster/vars.yml Co-authored-by: Pieter Neerincx --- group_vars/betabarrel_cluster/vars.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/group_vars/betabarrel_cluster/vars.yml b/group_vars/betabarrel_cluster/vars.yml index d8baebc43..6c12728ad 100644 --- a/group_vars/betabarrel_cluster/vars.yml +++ b/group_vars/betabarrel_cluster/vars.yml @@ -56,7 +56,7 @@ nameservers: [ '8.8.4.4', # Google DNS. '8.8.8.8', # Google DNS. ] -network_private_management_id: "{{ stack_prefix }}_internal_management" +network_private_management_id: "vlan983" network_private_management_cidr: '172.23.41.225/24' #network_private_storage_id: "{{ stack_prefix }}_internal_storage" #network_private_storage_cidr: '10.10.2.0/24' From 4ff76090d12805e3ab9658b8b567658558e84461 Mon Sep 17 00:00:00 2001 From: scimerman <80223690+scimerman@users.noreply.github.com> Date: Mon, 12 Sep 2022 11:35:33 +0200 Subject: [PATCH 14/17] Update group_vars/wingedhelix_cluster/vars.yml Co-authored-by: Pieter Neerincx --- group_vars/wingedhelix_cluster/vars.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/group_vars/wingedhelix_cluster/vars.yml b/group_vars/wingedhelix_cluster/vars.yml index 540140479..4a007de0a 100644 --- a/group_vars/wingedhelix_cluster/vars.yml +++ b/group_vars/wingedhelix_cluster/vars.yml @@ -43,7 +43,7 @@ additional_etc_hosts: - group: betabarrel_cluster nodes: - name: betabarrel - network: bb_internal_management + network: vlan13 - group: copperfist_cluster nodes: - name: copperfist From 28c7b77321573e5f1e9acdc7be7ebdf3fe93f633 Mon Sep 17 00:00:00 2001 From: scimerman <80223690+scimerman@users.noreply.github.com> Date: Mon, 12 Sep 2022 11:35:42 +0200 Subject: [PATCH 15/17] Update group_vars/wingedhelix_cluster/vars.yml Co-authored-by: Pieter Neerincx --- group_vars/wingedhelix_cluster/vars.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/group_vars/wingedhelix_cluster/vars.yml b/group_vars/wingedhelix_cluster/vars.yml index 4a007de0a..793a537c3 100644 --- a/group_vars/wingedhelix_cluster/vars.yml +++ b/group_vars/wingedhelix_cluster/vars.yml @@ -47,7 +47,7 @@ additional_etc_hosts: - group: copperfist_cluster nodes: - name: copperfist - network: cf_internal_management + network: vlan13 use_ldap: true create_ldap: false use_sssd: true From 1c04ea4efce2f2f50097398e06f268aa2afc2e78 Mon Sep 17 00:00:00 2001 From: scimerman Date: Mon, 12 Sep 2022 11:38:36 +0200 Subject: [PATCH 16/17] bb: updated ip addresses to reflect the correct situation --- group_vars/betabarrel_cluster/ip_addresses.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/group_vars/betabarrel_cluster/ip_addresses.yml b/group_vars/betabarrel_cluster/ip_addresses.yml index 6253aba3c..94846725a 100644 --- a/group_vars/betabarrel_cluster/ip_addresses.yml +++ b/group_vars/betabarrel_cluster/ip_addresses.yml @@ -1,10 +1,10 @@ --- ip_addresses: betabarrel: - bb_internal_management: + vlan983: + address: 172.23.41.225 + netmask: /23 + vlan13: address: 129.125.55.13 - netmask: /32 -# bb_internal_storage: -# address: 10.10.2.192 -# netmask: /32 + netmask: /24 ... From dece4afcd50ad2a7b219b03d54f700339a293222 Mon Sep 17 00:00:00 2001 From: scimerman Date: Mon, 12 Sep 2022 11:44:44 +0200 Subject: [PATCH 17/17] removed sssd allow option --- roles/sssd/templates/sssd.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/sssd/templates/sssd.conf b/roles/sssd/templates/sssd.conf index 383d5aea6..c1813f847 100644 --- a/roles/sssd/templates/sssd.conf +++ b/roles/sssd/templates/sssd.conf @@ -70,7 +70,7 @@ min_id = {{ ldap_config.min_id }} max_id = {{ ldap_config.max_id }} enumerate = true cache_credentials = false -ldap_tls_reqcert = {{ ldap_config.ldap_tls_reqcert | default('demand', true) }} +ldap_tls_reqcert = demand ldap_tls_cacert = /etc/pki/tls/certs/ca-bundle.trust.crt #ldap_tls_cipher_suite = HIGH:MEDIUM # SSSD uses OpenSSL style cipher suites. debug_level = 3