Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix and cleanup #303

Merged
merged 31 commits into from
Aug 10, 2020
Merged

Fix and cleanup #303

merged 31 commits into from
Aug 10, 2020

Conversation

pneerincx
Copy link
Contributor

@pneerincx pneerincx commented Aug 6, 2020
edited
Loading

Tested:

  • On both Talos and Hyperchicken development cluster sites:
    main cluster.yml play runs all the way from start until the end :)

Changes:

  • Fix: made spacewalk_client role idempotent.
  • Cleanup: Removed geerlingguy.postfix dependency that is no longer used.
  • Cleanup: Removed unnecessary slurm-management host group; use sys-admin-interface instead for slurm-management role as well as various monitoring roles all of which are deployed on SAIs.
  • Fix: Updated README.md for static inventories that got relocated to a subdir some time ago.
  • Updated main cluster.yml playbook:
    • Added dummy play at beginning to ping jumphost and establish a persistent SSH connection
      before trying to connect to the machines behind the jumphost,
      which may otherwise fail when connection multiplexing is used.
    • Workaround: Only deploy grafany-proxy on airlock as it will crash the playbook on other jumphosts due to hard-coded values for airlock
    • Re-organised and grouped common role used by all cluster machines, so they are deployed in parallel for faster deployments
    • Fix: Inserted missing ldap-server role in the right place, so roles that depend on regular accounts and groups being present do not crash
    • Fix: Added missing subgroup_directories and fuse-layer roles for UIs.
  • Cleanup and fixes for LDAP related code:
    • Consistent use op ldap_* variable names.
    • Deleted separate variable for LDAPS URIs.
    • Added protocol (ldap:// or ldaps://) to ldap_uri variable,
      so it is a real URI and we do not need hardcoded protocols in plays anymore.
    • Create private groups for users with GID == UID and groupname == accountname
      just like for local users and make this private groups the primary group of a user.
    • Fixed permissions for config files created by openldap role.
    • Removed wrong local users/groups created on Hyperchicken that were conflicting with with LDAP entries.
  • Fixed lots of ansible-linter errors, lowered allowed number of ansible-linter errors 18 -> 1 and disable check rule 701 related to Ansible Galaxy, which we do not use.
  • Fixed issue ssh client config for admin users #302

pneerincx added 15 commits August 3, 2020 14:30
@pneerincx
Removed dependency that is no longer used.
7d831b4
@pneerincx
Updated README for static inventories relocated to subdir.
9de4ede
@pneerincx
Removed unnecessary slurm-management host group: use sys-admin-interf…
611c664 
…ace instead.
@pneerincx
Updated main cluster.yml playbook: Only deploy grafany-proxy on airlo…
0ba59ac 
…ck as it will crash the playbook on other jumphosts due to hard-coded values for airlock, re-organised and grouped common role used by all cluster machines, so they are deployed in parallel for faster deployments, inserted ldap-server role in the right place, so roles that depend on regular accounts and groups being present do not crash, added missing subgroup_directories and fuse-layer roles for UIs, use sys-admin-interface host group instead of removed slurm-management host group.
@pneerincx
Removed dependency that is no longer used.
3129a7a
@pneerincx
Updated README for static inventories relocated to subdir.
6e26743
@pneerincx
Removed unnecessary slurm-management host group: use sys-admin-interf…
0a9563f 
…ace instead.
@pneerincx
Updated main cluster.yml playbook: Only deploy grafany-proxy on airlo…
4c053c0 
…ck as it will crash the playbook on other jumphosts due to hard-coded values for airlock, re-organised and grouped common role used by all cluster machines, so they are deployed in parallel for faster deployments, inserted ldap-server role in the right place, so roles that depend on regular accounts and groups being present do not crash, added missing subgroup_directories and fuse-layer roles for UIs, use sys-admin-interface host group instead of removed slurm-management host group.
@pneerincx
Fixed typos / syntax issues.
2c5c552
@pneerincx
Fix: made spacewalk_client role idempotent.
08597d2
@pneerincx
Fixed merge conflict.
c585406
@pneerincx
Added dummy play at beginning to ping jumphost and establish a persis…
6561ec6 
…tent SSH connection.
@pneerincx
Consistent use of ldap_* variable names, ldap_uri now includes the pr…
f86d02d 
…otocol to make it a real URI and remove hardcoded ldap:// or ldaps:// in various places, removed ldaps_uri variable, create private and primary groups for the home dirs of LDAP users just like for local users and fixed wrong local users/groups created on Hyperchicken that were conflicting with with LDAP entries.
@pneerincx
Fixed permissions for config files created by openldap role.
b158389
@pneerincx
Fixed syntax error.
ff1229d
pneerincx added 10 commits August 6, 2020 18:46
marieke-bijlsma
marieke-bijlsma reviewed Aug 10, 2020
View reviewed changes
roles/openldap/templates/phpldapadmin.service
@@ -10,7 +10,7 @@ ExecStartPre=-/usr/bin/docker kill %n
ExecStartPre=-/usr/bin/docker rm %n
ExecStartPre=/usr/bin/docker pull osixia/phpldapadmin:0.7.2
ExecStart=/usr/bin/docker run -i --name %n --network host \
--env PHPLDAPADMIN_LDAP_HOSTS={{ uri_ldap }} \
--env PHPLDAPADMIN_LDAP_HOSTS={{ ldap_uri | regex_replace('^ldaps?://','')}} \
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not sure, but shouldn't this be "ldap" instead of "ldaps" in the regex pattern?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The ? after the s from ldaps in the regex means match zero or one time, so the regex will match both ldap:// as well as ldaps:// and we do not need separate ldap_uri and ldaps_uri variables anymore: just ldap_uri is enough and can use both plain and encrypted ldap traffic.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ok, thanks for the explanation :-)

@marieke-bijlsma marieke-bijlsma merged commit 51c3a95 into rug-cit-hpc:develop Aug 10, 2020
@pneerincx pneerincx deleted the fix/cleanup branch August 10, 2020 13:52
This was referenced Aug 10, 2020
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@marieke-bijlsma marieke-bijlsma marieke-bijlsma approved these changes

@erijpkema erijpkema Awaiting requested review from erijpkema

@Gerbenvandervries Gerbenvandervries Awaiting requested review from Gerbenvandervries

@mheijkoop mheijkoop Awaiting requested review from mheijkoop

@rasmanen rasmanen Awaiting requested review from rasmanen

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@pneerincx @marieke-bijlsma