From 2cc186edd0bc1a3491ae38e7ac3f04174725d103 Mon Sep 17 00:00:00 2001
From: Eesaan Atluri <atlurie@uab.edu>
Date: Fri, 6 Sep 2024 11:53:51 -0400
Subject: [PATCH 001/172] refactor: Modify roles in cheaha.yml to enable a
proxy
This will enable a standalone VM to interact with cluster so it can act
as a proxy for services. eg. OOD,SSH etc.
---
ansible/group_vars/all | 13 ++++-
ansible/group_vars/proxy | 10 ++++
ansible/roles/cheaha.node/tasks/main.yml | 5 +-
ansible/roles/ldap_config/tasks/main.yml | 3 +-
ansible/roles/nfs_mounts/tasks/autofs.yml | 66 +++++++++++++++++++++
ansible/roles/nfs_mounts/tasks/fstab.yml | 18 ++++++
ansible/roles/nfs_mounts/tasks/main.yml | 70 ++---------------------
7 files changed, 116 insertions(+), 69 deletions(-)
create mode 100644 ansible/group_vars/proxy
create mode 100644 ansible/roles/nfs_mounts/tasks/autofs.yml
create mode 100644 ansible/roles/nfs_mounts/tasks/fstab.yml
diff --git a/ansible/group_vars/all b/ansible/group_vars/all
index e55be3c..7ab5405 100644
--- a/ansible/group_vars/all
+++ b/ansible/group_vars/all
@@ -4,9 +4,20 @@
yum_repo_files: []
pkg_list: []
slurm_version: 18.08.9
-
+
# NHC related
nhc_download_url: "https://github.com/mej/nhc/releases/download/1.4.3/lbnl-nhc-1.4.3-1.el7.noarch.rpm"
nhc_download_path: "/tmp"
nhc_git_repo: "https://gitlab.rc.uab.edu/rc/nhc.git"
nhc_git_repo_path: "/tmp/nhc"
+
+ root_ssh_key: ""
+
+ hostname_lookup_table:
+ - "172.20.0.24 cheaha-master02.cm.cluster cheaha-master02"
+ - "172.20.0.22 cheaha-master01.cm.cluster cheaha-master01"
+ - "172.20.0.25 master.cm.cluster master localmaster.cm.cluster localmaster ldapserver.cm.cluster ldapserver"
+
+ bright_openldap_path: "/cm/local/apps/openldap"
+ ldap_cert_path: "{{bright_openldap_path}}/etc/certs"
+
diff --git a/ansible/group_vars/proxy b/ansible/group_vars/proxy
new file mode 100644
index 0000000..819e47c
--- /dev/null
+++ b/ansible/group_vars/proxy
@@ -0,0 +1,10 @@
+---
+ hostname_lookup_table:
+ - "10.141.255.254 master.cm.cluster master localmaster.cm.cluster localmaster ldapserver.cm.cluster ldapserver"
+
+ ldap_cert_path: "/etc/openldap/certs"
+
+ mount_points:
+ - /gpfs4
+ - /gpfs5
+
diff --git a/ansible/roles/cheaha.node/tasks/main.yml b/ansible/roles/cheaha.node/tasks/main.yml
index 99ca7f3..c5a171f 100644
--- a/ansible/roles/cheaha.node/tasks/main.yml
+++ b/ansible/roles/cheaha.node/tasks/main.yml
@@ -4,9 +4,7 @@
path: /etc/hosts
line: "{{ item }}"
loop:
- - "172.20.0.24 cheaha-master02.cm.cluster cheaha-master02"
- - "172.20.0.22 cheaha-master01.cm.cluster cheaha-master01"
- - "172.20.0.25 master.cm.cluster master localmaster.cm.cluster localmaster ldapserver.cm.cluster ldapserver"
+ "{{ hostname_lookup_table }}"
- name: Add proper DNS search to lookup other nodes on the cluster
ansible.builtin.lineinfile:
@@ -25,6 +23,7 @@
owner: root
group: root
mode: 0644
+ when: "'cm.repo' in yum_repo_files"
- name: Add ssh key for root access
ansible.posix.authorized_key:
diff --git a/ansible/roles/ldap_config/tasks/main.yml b/ansible/roles/ldap_config/tasks/main.yml
index 1832610..5b3332f 100644
--- a/ansible/roles/ldap_config/tasks/main.yml
+++ b/ansible/roles/ldap_config/tasks/main.yml
@@ -25,7 +25,7 @@
- name: Copy ldap cert(s) into place
ansible.builtin.copy:
src: "{{ item.src }}"
- dest: "/cm/local/apps/openldap/etc/certs/{{ item.src }}"
+ dest: "{{ ldap_cert_path }}/{{ item.src }}"
owner: ldap
group: ldap
mode: 0440
@@ -46,5 +46,6 @@
ansible.builtin.service:
name: "{{ item }}"
enabled: yes
+ state: restarted
loop:
- nslcd
diff --git a/ansible/roles/nfs_mounts/tasks/autofs.yml b/ansible/roles/nfs_mounts/tasks/autofs.yml
new file mode 100644
index 0000000..39ba56e
--- /dev/null
+++ b/ansible/roles/nfs_mounts/tasks/autofs.yml
@@ -0,0 +1,66 @@
+---
+- name: Create base directories
+ ansible.builtin.file:
+ path: "{{ item.dir }}"
+ state: directory
+ mode: "{{ item.mode }}"
+ loop:
+ - { dir: /local, mode: '0777' }
+ - { dir: /scratch, mode: '0755' }
+ - { dir: /share, mode: '0755' }
+ - { dir: /data/rc/apps, mode: '0755' } # this is only required for the symlink to be happy
+ - { dir: /data/user, mode: '0755' }
+ - { dir: /data/project, mode: '0755' }
+
+- name: Remove unused entry in master map
+ ansible.builtin.replace:
+ dest: /etc/auto.master
+ regexp: '{{ item.regexp }}'
+ replace: '{{ item.replace }}'
+ backup: true
+ loop:
+ - { regexp: '^(/misc)', replace: '#\1' }
+ - { regexp: '^(/net)', replace: '#\1' }
+ - { regexp: '^(\+auto.master)', replace: '#\1' }
+
+- name: Add master map file
+ ansible.builtin.lineinfile:
+ path: "/etc/auto.master.d/gpfs.autofs"
+ line: "{{ item.mount_point }} /etc/auto.{{ item.map_name }}"
+ create: yes
+ loop:
+ - { mount_point: "/cm/shared", map_name: "cm-share" }
+ - { mount_point: "/data/project", map_name: "data-project" }
+ - { mount_point: "/data/user", map_name: "data-user" }
+ - { mount_point: "/data/rc/apps", map_name: "data-rc-apps" }
+ - { mount_point: "/-", map_name: "scratch" }
+ - { mount_point: "/home", map_name: "home" }
+
+- name: Set up autofs map files
+ ansible.builtin.lineinfile:
+ path: "/etc/auto.{{ item.map_name }}"
+ line: "{{ item.key }} -{{ item.opts }} {{ item.src }}"
+ create: true
+ loop:
+ - { map_name: "cm-share", key: "*", src: "gpfs.rc.uab.edu:/data/cm/shared-8.2/&", opts: "fstype=nfs,vers=3,_netdev,defaults" }
+ - { map_name: "data-project", key: "*", src: "gpfs.rc.uab.edu:/data/project/&", opts: "fstype=nfs,vers=3,_netdev,defaults" }
+ - { map_name: "data-user", key: "*", src: "gpfs.rc.uab.edu:/data/user/&", opts: "fstype=nfs,vers=3,_netdev,local_lock=posix,defaults" }
+ - { map_name: "data-rc-apps", key: "*", src: "gpfs.rc.uab.edu:/data/rc/apps/&", opts: "fstype=nfs,vers=3,_netdev,defaults" }
+ - { map_name: "scratch", key: "/scratch", src: "gpfs.rc.uab.edu:/scratch", opts: "fstype=nfs,vers=3,_netdev,local_lock=posix,defaults" }
+ - { map_name: "home", key: "*", src: ":/data/user/home/&", opts: 'fstype=bind' }
+
+- name: Create symbolic links
+ ansible.builtin.file:
+ src: "{{ item.src }}"
+ dest: "{{ item.dest }}"
+ owner: root
+ group: root
+ force: yes
+ state: link
+ loop:
+ - { src: /data/rc/apps, dest: /share/apps }
+
+- name: Enable autofs service
+ ansible.builtin.service:
+ name: autofs
+ enabled: true
diff --git a/ansible/roles/nfs_mounts/tasks/fstab.yml b/ansible/roles/nfs_mounts/tasks/fstab.yml
new file mode 100644
index 0000000..44c3124
--- /dev/null
+++ b/ansible/roles/nfs_mounts/tasks/fstab.yml
@@ -0,0 +1,18 @@
+---
+- name: Create base directories
+ ansible.builtin.file:
+ path: "{{ item }}"
+ state: directory
+ mode: '0755'
+ loop:
+ "{{ mount_points }}"
+
+- name: Make an entry in the fstab
+ ansible.posix.mount:
+ src: "master:{{ item }}"
+ path: "{{ item }}"
+ opts: rw,sync,hard
+ state: present
+ fstype: nfs
+ loop:
+ "{{ mount_points }}"
diff --git a/ansible/roles/nfs_mounts/tasks/main.yml b/ansible/roles/nfs_mounts/tasks/main.yml
index 39ba56e..d99aefe 100644
--- a/ansible/roles/nfs_mounts/tasks/main.yml
+++ b/ansible/roles/nfs_mounts/tasks/main.yml
@@ -1,66 +1,8 @@
---
-- name: Create base directories
- ansible.builtin.file:
- path: "{{ item.dir }}"
- state: directory
- mode: "{{ item.mode }}"
- loop:
- - { dir: /local, mode: '0777' }
- - { dir: /scratch, mode: '0755' }
- - { dir: /share, mode: '0755' }
- - { dir: /data/rc/apps, mode: '0755' } # this is only required for the symlink to be happy
- - { dir: /data/user, mode: '0755' }
- - { dir: /data/project, mode: '0755' }
+- name: nfs_mounts using fstab
+ include_tasks: fstab.yml
+ when: "'proxy' in group_names"
-- name: Remove unused entry in master map
- ansible.builtin.replace:
- dest: /etc/auto.master
- regexp: '{{ item.regexp }}'
- replace: '{{ item.replace }}'
- backup: true
- loop:
- - { regexp: '^(/misc)', replace: '#\1' }
- - { regexp: '^(/net)', replace: '#\1' }
- - { regexp: '^(\+auto.master)', replace: '#\1' }
-
-- name: Add master map file
- ansible.builtin.lineinfile:
- path: "/etc/auto.master.d/gpfs.autofs"
- line: "{{ item.mount_point }} /etc/auto.{{ item.map_name }}"
- create: yes
- loop:
- - { mount_point: "/cm/shared", map_name: "cm-share" }
- - { mount_point: "/data/project", map_name: "data-project" }
- - { mount_point: "/data/user", map_name: "data-user" }
- - { mount_point: "/data/rc/apps", map_name: "data-rc-apps" }
- - { mount_point: "/-", map_name: "scratch" }
- - { mount_point: "/home", map_name: "home" }
-
-- name: Set up autofs map files
- ansible.builtin.lineinfile:
- path: "/etc/auto.{{ item.map_name }}"
- line: "{{ item.key }} -{{ item.opts }} {{ item.src }}"
- create: true
- loop:
- - { map_name: "cm-share", key: "*", src: "gpfs.rc.uab.edu:/data/cm/shared-8.2/&", opts: "fstype=nfs,vers=3,_netdev,defaults" }
- - { map_name: "data-project", key: "*", src: "gpfs.rc.uab.edu:/data/project/&", opts: "fstype=nfs,vers=3,_netdev,defaults" }
- - { map_name: "data-user", key: "*", src: "gpfs.rc.uab.edu:/data/user/&", opts: "fstype=nfs,vers=3,_netdev,local_lock=posix,defaults" }
- - { map_name: "data-rc-apps", key: "*", src: "gpfs.rc.uab.edu:/data/rc/apps/&", opts: "fstype=nfs,vers=3,_netdev,defaults" }
- - { map_name: "scratch", key: "/scratch", src: "gpfs.rc.uab.edu:/scratch", opts: "fstype=nfs,vers=3,_netdev,local_lock=posix,defaults" }
- - { map_name: "home", key: "*", src: ":/data/user/home/&", opts: 'fstype=bind' }
-
-- name: Create symbolic links
- ansible.builtin.file:
- src: "{{ item.src }}"
- dest: "{{ item.dest }}"
- owner: root
- group: root
- force: yes
- state: link
- loop:
- - { src: /data/rc/apps, dest: /share/apps }
-
-- name: Enable autofs service
- ansible.builtin.service:
- name: autofs
- enabled: true
+- name: nfs_mounts using autofs
+ include_tasks: autofs.yml
+ when: "'proxy' not in group_names"
--
GitLab
From f0c770b96c2a0a8a3092831295976255d58a99db Mon Sep 17 00:00:00 2001
From: Krish Moodbidri <krish94@uab.edu>
Date: Thu, 17 Oct 2024 18:41:24 -0500
Subject: [PATCH 002/172] Refactor CI/CD pipeline to include workflow rules and
retain only deploy jobs
- Removed all jobs except for deploy_ood_proxy_node and deploy_ssh_proxy_node
- Added workflow rules to trigger pipeline based on source (web, schedule, manual)
- Updated scripts and environment variables for the remaining jobs
---
.gitlab-ci.yml | 498 ++++---------------------------------------------
1 file changed, 36 insertions(+), 462 deletions(-)
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 4bd9f80..745e699 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -8,520 +8,94 @@ variables:
ANSIBLE_REMOTE_TMP: "/tmp"
AWS_DEFAULT_REGION: "bhm"
AWS_HOST: "s3.lts.rc.uab.edu"
- FF_SCRIPT_SECTIONS: "true"
OS_AUTH_TYPE: "v3applicationcredential"
OS_AUTH_URL: "https://keystone.cloud.rc.uab.edu:5000/v3"
OS_IDENTITY_API_VERSION: "3"
OS_INTERFACE: "public"
OS_REGION_NAME: "bhm1"
- OOD_INSTANCE_NETWORK: "knightly-network"
- PKR_VAR_flavor: "m1.medium-ruffner"
- PKR_VAR_source_image: "CentOS-7-x86_64-GenericCloud-2009"
- PKR_VAR_floating_ip_network: "uab-campus"
- PKR_VAR_security_groups: '["allow-ssh"]'
- PKR_VAR_skip_create_image: "false"
- PKR_VAR_ssh_username: "centos"
- PKR_VAR_networks: '["8cf2f12e-905d-46d9-bc70-b0897c65f75a"]'
- PKR_VAR_image_membership: '["cf6fa1e53d4c40a49f4e0e469c440359"]'
+ OOD_PROXY_NETWORK: "proxy-net"
GIT_AUTHOR_NAME: "Gitlab runner"
GIT_AUTHOR_EMAIL: "gitlab@runner"
- NUM_SERVER_TO_KEEP: 1
- NUM_IMAGE_TO_KEEP: 30
- TIMESTAMP_REGEXP: '[0-9]{4}-[0-9]{2}-[0-9]{2}T[0-9]{6}'
- PKR_VAR_root_ssh_key: "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBAFqqWgmYpEaGtHBeTu27ntVJpYjwq/x5aBefrvfhk8Z9lE3cuZ26vJ9n/9tGE4Zn2Pew1mpZgi6PzfJ3vMt8yA= root@master"
- DEV_KEY: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCpncAcYosVHt7HsUcE2XOYDuCi4HQnmFJv279LOcpZgXtZ6o0BM1fe5FgJS0X1ohBXQUFRuYJuJSW/GSmC1K8T+wCrKjZLJdMbqrubHV27diUZfdoVkoJy1vcAQF5nEcoTC7MpAFbBomdn2rsrpgQe8DGiURV7+soqybXV1OsIR3FFf6npnUaskHYT/oVtG9eBOnscyBxoVgbxzlmyoBLXED/sHKFw4nQSF/glYKEFiDu6TRTsBBEGvv23Qo/66QpQiFJ6TNfApNiyY9L1X+Dy8EWU6lozmNgwGDjXQ70Lr6xHnA0QGVALJlHXa6QjpgtpC5Nefsdvtf1hpfFo2VutpbSB+aq9jk3gWNN+XkhrWN5PiwP7YYJNw/WozyfL+IhwjfHZGxkuws+wGR6ZKxlX9W9Vrsq9ncYNKuhy2SdsR6s2XECQtrEQ6ZlX5jRt6Yh5M9ls5fMsWEqknDPmr1Ui6wV7NxprYngo9fLSdYO/ETIO3S6PB0aEHOZOyGitGaM06EmNpvjQn/QkkaVgt/O8wKL1o1AVzXhDMAFvtG6ejppV6kuTUHXFgSGZF6N9fnP91HuytyzC09F+NMWcmnRdrgXlHapjuuL3zzi+XLCQvk8+aYTzBKx1nU2FPMDRZ9sInGmqdTuM002E7qVbaCy4OxcWaAS/L2UVhGnHr+egYw== louistw@uab.edu"
+ DEV_KEY: "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBBXBfBmQDq1HK8U0zK6gDF0jyfWChuFYEPiRp1Wgl0XFJU7JoUngqkE/GAic8kCzKW0hPMiweSjmWdKlAapv/dk= krishmoodbidri@krishs-MacBook-Pro-3.local"
+ BUILT_OOD_IMAGE_ID: ${BUILT_OOD_IMAGE_ID}
+ INSTANCE_FLAVOR: ${INSTANCE_FLAVOR}
+ PROXY_IP: ${PROXY_IP}
stages:
- - pre-build
- - build
- - test
- deploy
- - cleanup
workflow:
rules:
- - if: $CI_PIPELINE_SOURCE == 'merge_request_event'
- - if: $CI_PIPELINE_SOURCE == 'schedule'
-
-.get_build_date: &get_build_date
- - export BUILD_DATE=$(TZ=America/Chicago date +%Y-%m-%dT%H%M%S)
- - echo BUILD_DATE=${BUILD_DATE}
-
-.update_ansible_repo: &update_ansible_repo
- - *get_build_date
- - |
- if [ ! -d $CI_PROJECT_DIR/CRI_XCBC ]; then
- git clone https://github.com/uabrc/CRI_XCBC.git
- cd CRI_XCBC
- git remote add upstream https://github.com/jprorama/CRI_XCBC.git
- cd ..
- fi
- - cd CRI_XCBC
- - git config user.name "${GIT_AUTHOR_NAME}"
- - git config user.email "${GIT_AUTHOR_EMAIL}"
- - git fetch origin uab-prod
- - git fetch upstream dev
- - git checkout uab-prod
- - git merge origin/uab-prod
- - git checkout -b integration
- - git merge upstream/dev
- - export CRI_XCBC_HEAD=$(git rev-parse --short HEAD)
- - export CRI_XCBC_dev=$(git rev-parse --short upstream/dev)
- - export CRI_XCBC_prod=$(git rev-parse --short origin/uab-prod)
- - cd ..
- - export PACKER_IMAGE_HEAD=$(git rev-parse --short HEAD)
- - echo CRI_XCBC_HEAD=${CRI_XCBC_HEAD} | tee -a $CI_PROJECT_DIR/image.env
- - echo CRI_XCBC_dev=${CRI_XCBC_dev} | tee -a $CI_PROJECT_DIR/image.env
- - echo CRI_XCBC_prod=${CRI_XCBC_prod} | tee -a $CI_PROJECT_DIR/image.env
- - echo PACKER_IMAGE_HEAD=${PACKER_IMAGE_HEAD} | tee -a $CI_PROJECT_DIR/image.env
-
-.get_ansible_files: &get_ansible_files
- - s3cmd get --force -r --host=$AWS_HOST --host-bucket=$AWS_HOST s3://cheaha-cloud-ansible-files/ ansible/files/
-
-build_docker_image:
- image: docker:20.10.17
- stage: pre-build
- services:
- - docker:20.10.16-dind
- tags:
- - dind
- before_script:
- - *get_build_date
- - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
- script:
- - docker build -t $CI_REGISTRY_IMAGE:$BUILD_DATE -t $CI_REGISTRY_IMAGE:latest .
- - >
- docker run --rm $CI_REGISTRY_IMAGE bash -c
- 'ansible --version &&
- openstack --version &&
- packer version &&
- s3cmd --version &&
- terraform --version'
- - docker push --all-tags $CI_REGISTRY_IMAGE
- rules:
- - if: $CI_PIPELINE_SOURCE == "merge_request_event"
- changes:
- - Dockerfile
- allow_failure: true
-
-build_base_image:
- stage: build
- tags:
- - build
- script:
- - |
- if [ -n "${BUILT_BASE_IMAGE_ID}" ]; then
- exit 0
- fi
- - *update_ansible_repo
- - *get_ansible_files
- - export REPO_HEAD=$(git rev-parse --short HEAD)
- - export PKR_VAR_flavor="${BASE_BUILD_FLAVOR:-$PKR_VAR_flavor}"
- - export PKR_VAR_build_instance_name="base-${REPO_HEAD}"
- - export PKR_VAR_image_date_suffix=false
- - |
- if [ $CI_PIPELINE_SOURCE == 'merge_request_event' ]; then
- export PKR_VAR_image_name="base-PR-${CI_MERGE_REQUEST_IID}"
- elif [ $CI_PIPELINE_SOURCE == 'schedule' ]; then
- export PKR_VAR_image_name="base-${BUILD_DATE}"
- fi
- - packer init openstack
- - packer validate openstack
- - packer build -machine-readable openstack | tee base_build.log
- - export BUILT_BASE_IMAGE_ID=$(grep 'Image:' base_build.log | awk '{print $4}')
- - echo BUILT_BASE_IMAGE_ID=${BUILT_BASE_IMAGE_ID} | tee -a $CI_PROJECT_DIR/image.env
- - openstack image unset --property signature_verified $BUILT_BASE_IMAGE_ID
- artifacts:
- reports:
- dotenv: image.env
- expire_in: 30 days
-
-build_compute_image:
- stage: build
- needs: [build_base_image]
- tags:
- - build
- script:
- - *update_ansible_repo
- - *get_ansible_files
- - export PKR_VAR_source_image=${BUILT_BASE_IMAGE_ID}
- - export REPO_HEAD=$(git rev-parse --short HEAD)
- - export PKR_VAR_flavor="${COMPUTE_BUILD_FLAVOR:-$PKR_VAR_flavor}"
- - export PKR_VAR_build_instance_name="compute-${REPO_HEAD}"
- - export PKR_VAR_image_date_suffix=false
- - |
- if [ $CI_PIPELINE_SOURCE == 'merge_request_event' ]; then
- export PKR_VAR_image_name="compute-PR-${CI_MERGE_REQUEST_IID}"
- elif [ $CI_PIPELINE_SOURCE == 'schedule' ]; then
- export PKR_VAR_image_name="compute-${BUILD_DATE}"
- fi
- - packer init openstack-compute
- - packer validate openstack-compute
- - packer build -machine-readable openstack-compute | tee compute_build.log
-
-build_gpu_image:
- stage: build
- needs: [build_base_image]
- tags:
- - build
- script:
- - *update_ansible_repo
- - *get_ansible_files
- - FAILED=false
- - export GPU_PLACEHOLDER_NAME="gpu1-placeholder"
- - export GPU_PLACEHOLDER_FLAVOR="gpu1.medium"
- - export GPU_PLACEHOLDER_IMAGE="CentOS-7-x86_64-GenericCloud-2009"
- - export PKR_VAR_source_image=${BUILT_BASE_IMAGE_ID}
- - export REPO_HEAD=$(git rev-parse --short HEAD)
- - export PKR_VAR_flavor="${GPU_BUILD_FLAVOR:-gpu1.medium}"
- - export PKR_VAR_build_instance_name="gpu-${REPO_HEAD}"
- - export PKR_VAR_image_date_suffix=false
- - |
- if [ $CI_PIPELINE_SOURCE == 'merge_request_event' ]; then
- export PKR_VAR_image_name="gpu-PR-${CI_MERGE_REQUEST_IID}"
- elif [ $CI_PIPELINE_SOURCE == 'schedule' ]; then
- export PKR_VAR_image_name="gpu-${BUILD_DATE}"
- fi
- - packer init openstack-gpu
- - packer validate openstack-gpu
- - openstack server delete --wait $GPU_PLACEHOLDER_NAME
- - packer build -machine-readable openstack-gpu | tee gpu_build.log || FAILED=true
- - openstack server create --image $GPU_PLACEHOLDER_IMAGE --network cicd-net --flavor $GPU_PLACEHOLDER_FLAVOR $GPU_PLACEHOLDER_NAME
- - |
- if [ "$FAILED" = true ]; then
- exit 1
- fi
- rules:
- - if: $SKIP_GPU_BUILD == "true"
- when: never
- - when: always
-
-build_ood_image:
- stage: build
- tags:
- - build
- script:
- - *update_ansible_repo
- - *get_ansible_files
- - >
- curl --header "PRIVATE-TOKEN: ${ANSIBLE_VAR_TOKEN}"
- "${CI_API_V4_URL}/projects/2836/repository/files/knightly/raw?ref=main"
- -o CRI_XCBC/group_vars/knightly
- - 'sed -i -E "s/(lts_access_key: ).*/\1\"${AWS_ACCESS_KEY_ID}\"/" CRI_XCBC/group_vars/knightly'
- - 'sed -i -E "s/(lts_secret_key: ).*/\1\"${AWS_SECRET_ACCESS_KEY}\"/" CRI_XCBC/group_vars/knightly'
- - 'sed -i -E "s/(user_register_app_key: ).*/\1\"${SELF_REG_APP_KEY}\"/" CRI_XCBC/group_vars/knightly'
- - 'sed -i -E "s/(celery_user_password: ).*/\1\"${CELERY_PASSWD}\"/" CRI_XCBC/group_vars/knightly'
- - 'sed -i -E "s|(ssh_pub_key: ).*|\1\"{{ lookup(''file'', ''${SSH_PUB_KEY}'') }}\"|" CRI_XCBC/group_vars/knightly'
- - export PKR_VAR_flavor="${OOD_BUILD_FLAVOR:-$PKR_VAR_flavor}"
- - packer init openstack-ood
- - packer validate openstack-ood
- - |
- if [ $CI_PIPELINE_SOURCE == 'merge_request_event' ]; then
- export PKR_VAR_image_name="ood-PR-${CI_MERGE_REQUEST_IID}"
- echo INSTANCE_FLAVOR="${PKR_VAR_flavor}" | tee -a $CI_PROJECT_DIR/image.env
- echo OOD_INSTANCE_NAME="ood-PR-${CI_MERGE_REQUEST_IID}" | tee -a $CI_PROJECT_DIR/image.env
- export FLOATING_IP=$(openstack floating ip create uab-campus -f value -c floating_ip_address)
- echo FLOATING_IP=$FLOATING_IP | tee -a $CI_PROJECT_DIR/image.env
- sed -i -E "s/(ood_servername: ).*/\1\"$CI_COMMIT_REF_SLUG.$FLOATING_IP.nip.io\"/" CRI_XCBC/group_vars/knightly
- elif [ $CI_PIPELINE_SOURCE == 'schedule' ]; then
- export PKR_VAR_image_name="ood-${BUILD_DATE}"
- echo INSTANCE_FLAVOR="${OOD_INSTANCE_FLAVOR:-cpu16-64g}" | tee -a $CI_PROJECT_DIR/image.env
- echo OOD_INSTANCE_NAME="ood-knightly" | tee -a $CI_PROJECT_DIR/image.env
- echo FLOATING_IP=$TEST_IP | tee -a $CI_PROJECT_DIR/image.env
- fi
- - >
- PKR_VAR_build_instance_name="ood-${CRI_XCBC_HEAD}"
- PKR_VAR_image_date_suffix=false
- packer build -machine-readable openstack-ood | tee ood_build.log
- - export BUILT_OOD_IMAGE_ID=$(grep 'Image:' ood_build.log | awk '{print $4}')
- - echo BUILT_OOD_IMAGE_ID=${BUILT_OOD_IMAGE_ID} | tee -a $CI_PROJECT_DIR/image.env
- - openstack image set --property CRI_XCBC_prod=${CRI_XCBC_prod} --property CRI_XCBC_dev=${CRI_XCBC_dev} --property PACKER_IMAGE_HEAD=${PACKER_IMAGE_HEAD} ${BUILT_OOD_IMAGE_ID}
- artifacts:
- reports:
- dotenv: image.env
+ - if: $CI_PIPELINE_SOURCE == "web"
+ - if: $CI_PIPELINE_SOURCE == "schedule"
+ - if: $CI_PIPELINE_SOURCE == "manual"
-test_ood_image:
- stage: test
- needs: [build_ood_image]
+deploy_ood_proxy_node:
+ stage: deploy
environment:
name: knightly
tags:
- build
script:
- - openstack image set --accept $BUILT_OOD_IMAGE_ID
+ - openstack image set --accept $PROXY_OOD_IMAGE_ID
- FAILED=false
- |
- eval $(ssh-agent -s)
- chmod 400 "$SSH_PRIV_KEY"
- ssh-add "$SSH_PRIV_KEY"
- mkdir ~/.ssh
- chmod 700 ~/.ssh
- - OLD_INSTANCE_IP=$(openstack floating ip list --floating-ip-address $CHEAHA_IP -c "Fixed IP Address" -f value)
- - echo $OLD_INSTANCE_IP
- - |
- if [ ! -z $OLD_INSTANCE_IP ]; then
- export OLD_INSTANCE_ID=$(openstack server list --name $OOD_INSTANCE_NAME --ip $OLD_INSTANCE_IP -c ID -f value)
- fi
- - echo OLD_INSTANCE_ID=$OLD_INSTANCE_ID | tee -a instance.env
- - |
- cat > user_data.txt << OEOF
- #!/bin/bash
- echo "Starting user_data: \$(date)"
- cat > /etc/resolv.conf << EOF
- search openstack.internal cm.cluster rc.uab.edu ib.cluster drac.cluster eth.cluster ib-hdr.cluster
- nameserver 172.20.0.25
- EOF
+ cat > user_data.txt <<
echo "$DEV_KEY" >> /root/.ssh/authorized_keys
- mkdir -p /run/shibboleth
- chown shibd:shibd /run/shibboleth
- echo "Installing s3cmd: \$(date)"
- pip3 install s3cmd
- echo "Downloading hostkey via s3cmd: \$(date)"
- s3cmd get --force -r --access_key=$AWS_ACCESS_KEY_ID --secret_key=$AWS_SECRET_ACCESS_KEY --host=$AWS_HOST --host-bucket=$AWS_HOST s3://knightly-key/ /etc/ssh/
- echo "Download completed: \$(date)"
- OEOF
- - >
+ - |
export NEW_INSTANCE_ID=$(openstack server create
- -c id -f value --image $BUILT_OOD_IMAGE_ID
- --network $OOD_INSTANCE_NETWORK
+ -c id -f value --image $PROXY_OOD_IMAGE_ID
+ --network $OOD_PROXY_NETWORK
--security-group ood-https-ports
--security-group node-exporter
--security-group allow-ssh
--user-data user_data.txt
--flavor $INSTANCE_FLAVOR
--wait
- $OOD_INSTANCE_NAME)
- - echo NEW_INSTANCE_ID=$NEW_INSTANCE_ID | tee -a instance.env
- - openstack server add floating ip $NEW_INSTANCE_ID $FLOATING_IP
- - >
- curl --retry 10 --retry-delay 20 --retry-connrefused https://knightly.rc.uab.edu/Shibboleth.sso/Metadata --resolve knightly.rc.uab.edu:443:$FLOATING_IP -kf
- || FAILED=true
- - |
- cp "$SSH_KNOWN_HOSTS" ~/.ssh/known_hosts
- chmod 644 ~/.ssh/known_hosts
- until ssh acctsvc@$FLOATING_IP hostname; do sleep 5; done
- ssh acctsvc@$FLOATING_IP '[ $(mount | grep "etc/auto" | wc -l) -eq 6 ]' || FAILED=true
- - |
- if [ "$FAILED" = true ]; then
- if [ "${DELETE_WHEN_FAILED-true}" = true ]; then
- openstack server delete $NEW_INSTANCE_ID
- echo "DELETE_BUILT_IMAGE=true" | tee -a instance.env
- fi
- false
- fi
- - openstack server remove floating ip $NEW_INSTANCE_ID $FLOATING_IP
+ $OOD_PROXY_INSTANCE_NAME)
+ - openstack server add floating ip $OOD_PROXY_INSTANCE_NAME $FLOATING_IP
artifacts:
reports:
dotenv: instance.env
rules:
- if: $CI_PIPELINE_SOURCE == "schedule"
when: always
+ - if: $CI_PIPELINE_SOURCE == "manual"
+ when: manual
+ - if: $CI_PIPELINE_SOURCE == "web"
+ when: always
-test_ood_image_mr:
- stage: test
- needs: [build_ood_image]
+deploy_ssh_proxy_node:
+ stage: deploy
+ environment:
+ name: knightly
tags:
- build
script:
- - export OOD_INSTANCE_NETWORK="cicd-net"
+ - openstack image set --accept $PROXY_SSH_IMAGE_ID
- FAILED=false
- |
- eval $(ssh-agent -s)
- chmod 400 "$SSH_PRIV_KEY"
- ssh-add "$SSH_PRIV_KEY"
- mkdir ~/.ssh
- chmod 700 ~/.ssh
- - |
- cat > user_data.txt << OEOF
- #!/bin/bash
- cat > /etc/resolv.conf << EOF
- search openstack.internal cm.cluster rc.uab.edu ib.cluster drac.cluster eth.cluster ib-hdr.cluster
- nameserver 172.20.0.25
- EOF
+ cat > user_data.txt <<
echo "$DEV_KEY" >> /root/.ssh/authorized_keys
- mkdir -p /run/shibboleth
- chown shibd:shibd /run/shibboleth
- OEOF
- - >
+ - |
export NEW_INSTANCE_ID=$(openstack server create
- -c id -f value --image $BUILT_OOD_IMAGE_ID
- --network $OOD_INSTANCE_NETWORK
+ -c id -f value --image $PROXY_SSH_IMAGE_ID
+ --network $OOD_PROXY_NETWORK
--security-group ood-https-ports
+ --security-group node-exporter
--security-group allow-ssh
--user-data user_data.txt
--flavor $INSTANCE_FLAVOR
--wait
- $OOD_INSTANCE_NAME)
- - echo NEW_INSTANCE_ID=$NEW_INSTANCE_ID | tee -a instance.env
- - openstack server add floating ip $NEW_INSTANCE_ID $FLOATING_IP
- - >
- curl --retry 10 --retry-delay 20 --retry-connrefused https://knightly.rc.uab.edu/Shibboleth.sso/Metadata --resolve knightly.rc.uab.edu:443:$FLOATING_IP -kf
- || FAILED=true
- - ssh -o StrictHostKeyChecking=no acctsvc@$FLOATING_IP '[ $(mount | grep "etc/auto" | wc -l) -eq 6 ]' || FAILED=true
- - |
- if [ "$FAILED" = true ]; then
- if [ "${DELETE_WHEN_FAILED-true}" = true ]; then
- openstack server delete $NEW_INSTANCE_ID
- openstack image delete $BUILT_OOD_IMAGE_ID
- fi
- false
- fi
+ $SSH_PROXY_INSTANCE_NAME)
+ - openstack server add floating ip $SSH_PROXY_INSTANCE_NAME $FLOATING_IP
artifacts:
reports:
dotenv: instance.env
- rules:
- - if: $CI_MERGE_REQUEST_ID
-
-deploy_review:
- stage: deploy
- script:
- - echo "Deploy Review App"
- environment:
- name: review/$CI_COMMIT_REF_SLUG
- url: https://$CI_COMMIT_REF_SLUG.$FLOATING_IP.nip.io
- on_stop: stop_review
- auto_stop_in: 2 days
- tags:
- - build
- rules:
- - if: $CI_MERGE_REQUEST_ID
-
-stop_review:
- stage: deploy
- script:
- - openstack server delete $NEW_INSTANCE_ID
- - openstack image delete $BUILT_OOD_IMAGE_ID
- - openstack floating ip delete $FLOATING_IP
- environment:
- name: review/$CI_COMMIT_REF_SLUG
- action: stop
- tags:
- - build
- rules:
- - if: $CI_MERGE_REQUEST_ID
- when: manual
-
-deploy_knightly:
- stage: deploy
- environment:
- name: knightly
- tags:
- - build
- script:
- - |
- if [ ! -z $OLD_INSTANCE_ID ]; then
- openstack server remove floating ip $OLD_INSTANCE_ID $CAMPUS_IP
- openstack server remove floating ip $OLD_INSTANCE_ID $CHEAHA_IP
- fi
- - |
- if [ ! -z $NEW_INSTANCE_ID ]; then
- openstack server add floating ip $NEW_INSTANCE_ID $CAMPUS_IP
- openstack server add floating ip $NEW_INSTANCE_ID $CHEAHA_IP
- fi
- only:
- - schedules
-
-deploy_cheaha:
- stage: deploy
- environment:
- name: cheaha
- tags:
- - build
- script:
- - echo "Job placeholder to deploy to Cheaha"
- when: manual
- only:
- - main
-
-cleanup_knightly:
- stage: cleanup
- environment:
- name: knightly
- tags:
- - build
- script:
- - >
- SERVER_TO_BE_DELETE=($(openstack server list --name $OOD_INSTANCE_NAME --sort-column Image --sort-descending -f value -c ID
- | awk -v NSTK=$NUM_SERVER_TO_KEEP -v OID=$OLD_INSTANCE_ID '$0 != OID {count++}
- $0 != OID && count>NSTK {print}'))
- - |
- for svr in ${SERVER_TO_BE_DELETE[@]}; do
- echo "Deleting server $svr"
- openstack server delete ${svr}
- done
rules:
- if: $CI_PIPELINE_SOURCE == "schedule"
when: always
-
-cleanup_integration:
- stage: cleanup
- tags:
- - build
- script:
- - OS_PROJECT_ID=$(openstack application credential show $OS_APPLICATION_CREDENTIAL_ID -f value -c project_id)
- - openstack image list --sort-column Name --sort-descending -f value -c Name -c ID --property owner=$OS_PROJECT_ID > images.txt
- - |
- if [ "${DELETE_BUILT_IMAGE-false}" = true ]; then
- openstack image delete $BUILT_OOD_IMAGE_ID
- fi
- - >
- OOD_IMAGE_TO_BE_DELETE=($(cat images.txt
- | awk -v NITK=$NUM_IMAGE_TO_KEEP -v REGEX=ood-$TIMESTAMP_REGEX
- '{if ($0 ~ REGEX) result[count++] = $1}
- END {for(i=NITK;i<count;i++) print result[i]}'))
- - >
- BASE_IMAGE_TO_BE_DELETE=($(cat images.txt
- | awk -v NITK=$NUM_IMAGE_TO_KEEP -v REGEX=base-$TIMESTAMP_REGEX
- '{if ($0 ~ REGEX) result[count++] = $1}
- END {for(i=NITK;i<count;i++) print result[i]}'))
- - >
- COMPUTE_IMAGE_TO_BE_DELETE=($(cat images.txt
- | awk -v NITK=$NUM_IMAGE_TO_KEEP -v REGEX=compute-$TIMESTAMP_REGEX
- '{if ($0 ~ REGEX) result[count++] = $1}
- END {for(i=NITK;i<count;i++) print result[i]}'))
- - >
- GPU_IMAGE_TO_BE_DELETE=($(cat images.txt
- | awk -v NITK=$NUM_IMAGE_TO_KEEP -v REGEX=gpu-$TIMESTAMP_REGEX
- '{if ($0 ~ REGEX) result[count++] = $1}
- END {for(i=NITK;i<count;i++) print result[i]}'))
- - |
- for img in ${OOD_IMAGE_TO_BE_DELETE[@]}; do
- echo "Deleting image $img"
- openstack image delete ${img}
- done
- - |
- for img in ${BASE_IMAGE_TO_BE_DELETE[@]}; do
- echo "Deleting image $img"
- openstack image delete ${img}
- done
- - |
- for img in ${COMPUTE_IMAGE_TO_BE_DELETE[@]}; do
- echo "Deleting image $img"
- openstack image delete ${img}
- done
- - |
- for img in ${GPU_IMAGE_TO_BE_DELETE[@]}; do
- echo "Deleting image $img"
- openstack image delete ${img}
- done
- rules:
- - if: $CI_PIPELINE_SOURCE == "schedule"
- when: always
-
-cleanup_mr:
- stage: cleanup
- tags:
- - build
- script:
- - OS_PROJECT_ID=$(openstack application credential show $OS_APPLICATION_CREDENTIAL_ID -f value -c project_id)
- - >
- IMAGE_TO_BE_DELETE=($(openstack image list --sort-column Name --sort-descending -f value -c Name -c ID --property owner=$OS_PROJECT_ID
- | awk -v REGEX="(ood|base|compute|gpu)-PR-$CI_MERGE_REQUEST_IID" '{if ($0 ~ REGEX) print $1}'))
- - |
- for img in ${IMAGE_TO_BE_DELETE[@]}; do
- echo "Deleting image $img"
- openstack image delete ${img}
- done
- rules:
- - if: $CI_PIPELINE_SOURCE == "merge_request_event"
+ - if: $CI_PIPELINE_SOURCE == "manual"
+ when: manual
+ - if: $CI_PIPELINE_SOURCE == "web"
when: always
--
GitLab
From f9d6ebca15d060e9b5a6575a4ffca55d73db524d Mon Sep 17 00:00:00 2001
From: Krish Moodbidri <krish94@uab.edu>
Date: Thu, 17 Oct 2024 18:45:39 -0500
Subject: [PATCH 003/172] removed artifacts re. to instance.env
---
.gitlab-ci.yml | 6 ------
1 file changed, 6 deletions(-)
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 745e699..b8ece56 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -54,9 +54,6 @@ deploy_ood_proxy_node:
--wait
$OOD_PROXY_INSTANCE_NAME)
- openstack server add floating ip $OOD_PROXY_INSTANCE_NAME $FLOATING_IP
- artifacts:
- reports:
- dotenv: instance.env
rules:
- if: $CI_PIPELINE_SOURCE == "schedule"
when: always
@@ -89,9 +86,6 @@ deploy_ssh_proxy_node:
--wait
$SSH_PROXY_INSTANCE_NAME)
- openstack server add floating ip $SSH_PROXY_INSTANCE_NAME $FLOATING_IP
- artifacts:
- reports:
- dotenv: instance.env
rules:
- if: $CI_PIPELINE_SOURCE == "schedule"
when: always
--
GitLab
From e22a00e05fbd7fe26af56c8e32906d97409e6c95 Mon Sep 17 00:00:00 2001
From: Krish Moodbidri <krish94@uab.edu>
Date: Thu, 17 Oct 2024 18:52:59 -0500
Subject: [PATCH 004/172] Correct CI/CD pipeline syntax in .gitlab-ci.yml
---
.gitlab-ci.yml | 44 ++++++++++++++++++++++++--------------------
1 file changed, 24 insertions(+), 20 deletions(-)
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index b8ece56..108f72a 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -40,18 +40,20 @@ deploy_ood_proxy_node:
- openstack image set --accept $PROXY_OOD_IMAGE_ID
- FAILED=false
- |
- cat > user_data.txt <<
+ cat > user_data.txt <<EOF
+ #!/bin/bash
echo "$DEV_KEY" >> /root/.ssh/authorized_keys
+ EOF
- |
- export NEW_INSTANCE_ID=$(openstack server create
- -c id -f value --image $PROXY_OOD_IMAGE_ID
- --network $OOD_PROXY_NETWORK
- --security-group ood-https-ports
- --security-group node-exporter
- --security-group allow-ssh
- --user-data user_data.txt
- --flavor $INSTANCE_FLAVOR
- --wait
+ export NEW_INSTANCE_ID=$(openstack server create \
+ -c id -f value --image $PROXY_OOD_IMAGE_ID \
+ --network $OOD_PROXY_NETWORK \
+ --security-group ood-https-ports \
+ --security-group node-exporter \
+ --security-group allow-ssh \
+ --user-data user_data.txt \
+ --flavor $INSTANCE_FLAVOR \
+ --wait \
$OOD_PROXY_INSTANCE_NAME)
- openstack server add floating ip $OOD_PROXY_INSTANCE_NAME $FLOATING_IP
rules:
@@ -72,18 +74,20 @@ deploy_ssh_proxy_node:
- openstack image set --accept $PROXY_SSH_IMAGE_ID
- FAILED=false
- |
- cat > user_data.txt <<
+ cat > user_data.txt <<EOF
+ #!/bin/bash
echo "$DEV_KEY" >> /root/.ssh/authorized_keys
+ EOF
- |
- export NEW_INSTANCE_ID=$(openstack server create
- -c id -f value --image $PROXY_SSH_IMAGE_ID
- --network $OOD_PROXY_NETWORK
- --security-group ood-https-ports
- --security-group node-exporter
- --security-group allow-ssh
- --user-data user_data.txt
- --flavor $INSTANCE_FLAVOR
- --wait
+ export NEW_INSTANCE_ID=$(openstack server create \
+ -c id -f value --image $PROXY_SSH_IMAGE_ID \
+ --network $OOD_PROXY_NETWORK \
+ --security-group ood-https-ports \
+ --security-group node-exporter \
+ --security-group allow-ssh \
+ --user-data user_data.txt \
+ --flavor $INSTANCE_FLAVOR \
+ --wait \
$SSH_PROXY_INSTANCE_NAME)
- openstack server add floating ip $SSH_PROXY_INSTANCE_NAME $FLOATING_IP
rules:
--
GitLab
From 6ce25af3a8a371c05e8ca2529505605e832e1c70 Mon Sep 17 00:00:00 2001
From: Bo-Chun Louis Chen <louistw@uab.edu>
Date: Thu, 17 Oct 2024 22:21:22 -0500
Subject: [PATCH 005/172] style: use yaml folded multiline block
---
.gitlab-ci.yml | 40 ++++++++++++++++++++--------------------
1 file changed, 20 insertions(+), 20 deletions(-)
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 108f72a..b19e023 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -44,16 +44,16 @@ deploy_ood_proxy_node:
#!/bin/bash
echo "$DEV_KEY" >> /root/.ssh/authorized_keys
EOF
- - |
- export NEW_INSTANCE_ID=$(openstack server create \
- -c id -f value --image $PROXY_OOD_IMAGE_ID \
- --network $OOD_PROXY_NETWORK \
- --security-group ood-https-ports \
- --security-group node-exporter \
- --security-group allow-ssh \
- --user-data user_data.txt \
- --flavor $INSTANCE_FLAVOR \
- --wait \
+ - >
+ export NEW_INSTANCE_ID=$(openstack server create
+ -c id -f value --image $PROXY_OOD_IMAGE_ID
+ --network $OOD_PROXY_NETWORK
+ --security-group ood-https-ports
+ --security-group node-exporter
+ --security-group allow-ssh
+ --user-data user_data.txt
+ --flavor $INSTANCE_FLAVOR
+ --wait
$OOD_PROXY_INSTANCE_NAME)
- openstack server add floating ip $OOD_PROXY_INSTANCE_NAME $FLOATING_IP
rules:
@@ -78,16 +78,16 @@ deploy_ssh_proxy_node:
#!/bin/bash
echo "$DEV_KEY" >> /root/.ssh/authorized_keys
EOF
- - |
- export NEW_INSTANCE_ID=$(openstack server create \
- -c id -f value --image $PROXY_SSH_IMAGE_ID \
- --network $OOD_PROXY_NETWORK \
- --security-group ood-https-ports \
- --security-group node-exporter \
- --security-group allow-ssh \
- --user-data user_data.txt \
- --flavor $INSTANCE_FLAVOR \
- --wait \
+ - >
+ export NEW_INSTANCE_ID=$(openstack server create
+ -c id -f value --image $PROXY_SSH_IMAGE_ID
+ --network $OOD_PROXY_NETWORK
+ --security-group ood-https-ports
+ --security-group node-exporter
+ --security-group allow-ssh
+ --user-data user_data.txt
+ --flavor $INSTANCE_FLAVOR
+ --wait
$SSH_PROXY_INSTANCE_NAME)
- openstack server add floating ip $SSH_PROXY_INSTANCE_NAME $FLOATING_IP
rules:
--
GitLab
From 7a70af578abe5ab82824047f7b3253ea5ae90e2b Mon Sep 17 00:00:00 2001
From: Bo-Chun Louis Chen <louistw@uab.edu>
Date: Thu, 17 Oct 2024 22:24:47 -0500
Subject: [PATCH 006/172] fix: remove invalid pipeline source
---
.gitlab-ci.yml | 5 -----
1 file changed, 5 deletions(-)
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index b19e023..d87a109 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -28,7 +28,6 @@ workflow:
rules:
- if: $CI_PIPELINE_SOURCE == "web"
- if: $CI_PIPELINE_SOURCE == "schedule"
- - if: $CI_PIPELINE_SOURCE == "manual"
deploy_ood_proxy_node:
stage: deploy
@@ -59,8 +58,6 @@ deploy_ood_proxy_node:
rules:
- if: $CI_PIPELINE_SOURCE == "schedule"
when: always
- - if: $CI_PIPELINE_SOURCE == "manual"
- when: manual
- if: $CI_PIPELINE_SOURCE == "web"
when: always
@@ -93,7 +90,5 @@ deploy_ssh_proxy_node:
rules:
- if: $CI_PIPELINE_SOURCE == "schedule"
when: always
- - if: $CI_PIPELINE_SOURCE == "manual"
- when: manual
- if: $CI_PIPELINE_SOURCE == "web"
when: always
--
GitLab
From 20364932c3da71621c03393b7c85b5bcf9dc826e Mon Sep 17 00:00:00 2001
From: Bo-Chun Louis Chen <louistw@uab.edu>
Date: Fri, 18 Oct 2024 00:24:59 -0500
Subject: [PATCH 007/172] style: remove unused variables
---
.gitlab-ci.yml | 2 --
1 file changed, 2 deletions(-)
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index d87a109..54fd4f2 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -17,9 +17,7 @@ variables:
GIT_AUTHOR_NAME: "Gitlab runner"
GIT_AUTHOR_EMAIL: "gitlab@runner"
DEV_KEY: "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBBXBfBmQDq1HK8U0zK6gDF0jyfWChuFYEPiRp1Wgl0XFJU7JoUngqkE/GAic8kCzKW0hPMiweSjmWdKlAapv/dk= krishmoodbidri@krishs-MacBook-Pro-3.local"
- BUILT_OOD_IMAGE_ID: ${BUILT_OOD_IMAGE_ID}
INSTANCE_FLAVOR: ${INSTANCE_FLAVOR}
- PROXY_IP: ${PROXY_IP}
stages:
- deploy
--
GitLab
From d7f6778d4c243889f9c3e2ec4f8aa984f85876c2 Mon Sep 17 00:00:00 2001
From: Bo-Chun Louis Chen <louistw@uab.edu>
Date: Fri, 18 Oct 2024 00:26:04 -0500
Subject: [PATCH 008/172] refactor: set default instance flavor
---
.gitlab-ci.yml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 54fd4f2..25124e6 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -17,7 +17,7 @@ variables:
GIT_AUTHOR_NAME: "Gitlab runner"
GIT_AUTHOR_EMAIL: "gitlab@runner"
DEV_KEY: "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBBXBfBmQDq1HK8U0zK6gDF0jyfWChuFYEPiRp1Wgl0XFJU7JoUngqkE/GAic8kCzKW0hPMiweSjmWdKlAapv/dk= krishmoodbidri@krishs-MacBook-Pro-3.local"
- INSTANCE_FLAVOR: ${INSTANCE_FLAVOR}
+ INSTANCE_FLAVOR: "m1.medium-ruffner"
stages:
- deploy
--
GitLab
From 86cfedcb37d50439f27e028fadcc6059d2137e36 Mon Sep 17 00:00:00 2001
From: Krish Moodbidri <krish94@uab.edu>
Date: Fri, 18 Oct 2024 10:20:29 -0500
Subject: [PATCH 009/172] added unique floatingip variables for both instances
---
.gitlab-ci.yml | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 25124e6..7697741 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -52,8 +52,7 @@ deploy_ood_proxy_node:
--flavor $INSTANCE_FLAVOR
--wait
$OOD_PROXY_INSTANCE_NAME)
- - openstack server add floating ip $OOD_PROXY_INSTANCE_NAME $FLOATING_IP
- rules:
+ - openstack server add floating ip $OOD_PROXY_INSTANCE_NAME $OOD_PROXY_FLOATING_IP
- if: $CI_PIPELINE_SOURCE == "schedule"
when: always
- if: $CI_PIPELINE_SOURCE == "web"
@@ -84,7 +83,7 @@ deploy_ssh_proxy_node:
--flavor $INSTANCE_FLAVOR
--wait
$SSH_PROXY_INSTANCE_NAME)
- - openstack server add floating ip $SSH_PROXY_INSTANCE_NAME $FLOATING_IP
+ - openstack server add floating ip $NEW_INSTANCE_ID $SSH_PROXY_FLOATING_IP
rules:
- if: $CI_PIPELINE_SOURCE == "schedule"
when: always
--
GitLab
From 864e35486dca56c15ef7d80114af10023b717825 Mon Sep 17 00:00:00 2001
From: Krish Moodbidri <krish94@uab.edu>
Date: Fri, 18 Oct 2024 10:21:25 -0500
Subject: [PATCH 010/172] fixed syntax error
---
.gitlab-ci.yml | 1 +
1 file changed, 1 insertion(+)
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 7697741..31bcdc9 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -53,6 +53,7 @@ deploy_ood_proxy_node:
--wait
$OOD_PROXY_INSTANCE_NAME)
- openstack server add floating ip $OOD_PROXY_INSTANCE_NAME $OOD_PROXY_FLOATING_IP
+ rules:
- if: $CI_PIPELINE_SOURCE == "schedule"
when: always
- if: $CI_PIPELINE_SOURCE == "web"
--
GitLab
From 6d40d904a84c4ebe52a46ee0ead619b302dbe93c Mon Sep 17 00:00:00 2001
From: Krish Moodbidri <krish94@uab.edu>
Date: Fri, 18 Oct 2024 10:26:42 -0500
Subject: [PATCH 011/172] removed not used security group
---
.gitlab-ci.yml | 2 --
1 file changed, 2 deletions(-)
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 31bcdc9..c2cfe93 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -46,7 +46,6 @@ deploy_ood_proxy_node:
-c id -f value --image $PROXY_OOD_IMAGE_ID
--network $OOD_PROXY_NETWORK
--security-group ood-https-ports
- --security-group node-exporter
--security-group allow-ssh
--user-data user_data.txt
--flavor $INSTANCE_FLAVOR
@@ -78,7 +77,6 @@ deploy_ssh_proxy_node:
-c id -f value --image $PROXY_SSH_IMAGE_ID
--network $OOD_PROXY_NETWORK
--security-group ood-https-ports
- --security-group node-exporter
--security-group allow-ssh
--user-data user_data.txt
--flavor $INSTANCE_FLAVOR
--
GitLab
From a05f469c70bc12f650197333ffdb18332f690344 Mon Sep 17 00:00:00 2001
From: Krish Moodbidri <krish94@uab.edu>
Date: Fri, 18 Oct 2024 10:38:13 -0500
Subject: [PATCH 012/172] fixed security group names
---
.gitlab-ci.yml | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index c2cfe93..f70a5b6 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -45,7 +45,8 @@ deploy_ood_proxy_node:
export NEW_INSTANCE_ID=$(openstack server create
-c id -f value --image $PROXY_OOD_IMAGE_ID
--network $OOD_PROXY_NETWORK
- --security-group ood-https-ports
+ --security-group https-port
+ --security-group http-port
--security-group allow-ssh
--user-data user_data.txt
--flavor $INSTANCE_FLAVOR
@@ -76,7 +77,6 @@ deploy_ssh_proxy_node:
export NEW_INSTANCE_ID=$(openstack server create
-c id -f value --image $PROXY_SSH_IMAGE_ID
--network $OOD_PROXY_NETWORK
- --security-group ood-https-ports
--security-group allow-ssh
--user-data user_data.txt
--flavor $INSTANCE_FLAVOR
--
GitLab
From 543c233d81d624ab5b122a4cf72967c2a4026c2e Mon Sep 17 00:00:00 2001
From: Krish Moodbidri <krish94@uab.edu>
Date: Fri, 18 Oct 2024 10:45:35 -0500
Subject: [PATCH 013/172] created floating ip for both instances
---
.gitlab-ci.yml | 18 ++++++++++++++----
1 file changed, 14 insertions(+), 4 deletions(-)
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index f70a5b6..d178eed 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -42,7 +42,7 @@ deploy_ood_proxy_node:
echo "$DEV_KEY" >> /root/.ssh/authorized_keys
EOF
- >
- export NEW_INSTANCE_ID=$(openstack server create
+ export PROXY_OOD_INSTANCE_ID=$(openstack server create
-c id -f value --image $PROXY_OOD_IMAGE_ID
--network $OOD_PROXY_NETWORK
--security-group https-port
@@ -52,7 +52,12 @@ deploy_ood_proxy_node:
--flavor $INSTANCE_FLAVOR
--wait
$OOD_PROXY_INSTANCE_NAME)
- - openstack server add floating ip $OOD_PROXY_INSTANCE_NAME $OOD_PROXY_FLOATING_IP
+ # Create and assign a floating IP
+ PROXY_OOD_FLOATING_IP=$(openstack floating ip create $PKR_VAR_floating_ip_network -f value -c floating_ip_address)
+ echo "Created FLOATING_IP: $PROXY_OOD_FLOATING_IP"
+ # Associate the floating IP with the ood proxy instance
+ openstack server add floating ip $PROXY_OOD_INSTANCE_ID $PROXY_OOD_FLOATING_IP
+ echo "Associated FLOATING_IP $PROXY_OOD_FLOATING_IP with PROXY_OOD_INSTANCE_ID $PROXY_OOD_INSTANCE_ID"
rules:
- if: $CI_PIPELINE_SOURCE == "schedule"
when: always
@@ -74,7 +79,7 @@ deploy_ssh_proxy_node:
echo "$DEV_KEY" >> /root/.ssh/authorized_keys
EOF
- >
- export NEW_INSTANCE_ID=$(openstack server create
+ export PROXY_SSH_INSTANCE_ID=$(openstack server create
-c id -f value --image $PROXY_SSH_IMAGE_ID
--network $OOD_PROXY_NETWORK
--security-group allow-ssh
@@ -82,7 +87,12 @@ deploy_ssh_proxy_node:
--flavor $INSTANCE_FLAVOR
--wait
$SSH_PROXY_INSTANCE_NAME)
- - openstack server add floating ip $NEW_INSTANCE_ID $SSH_PROXY_FLOATING_IP
+ # Create and assign a proxy ssh floating IP
+ PROXY_SSH_FLOATING_IP=$(openstack floating ip create $PKR_VAR_floating_ip_network -f value -c floating_ip_address)
+ echo "Created PROXY_SSH_FLOATING_IP: $PROXY_SSH_FLOATING_IP"
+ # Associate the floating IP with the ssh proxy instance
+ openstack server add floating ip $PROXY_SSH_INSTANCE_ID $PROXY_SSH_FLOATING_IP
+ echo "Associated FLOATING_IP $PROXY_SSH_FLOATING_IP with PROXY_SSH_INSTANCE_ID $PROXY_SSH_INSTANCE_ID"
rules:
- if: $CI_PIPELINE_SOURCE == "schedule"
when: always
--
GitLab
From 969227df90da7a9de83120b8bb26dc03dc7c2b81 Mon Sep 17 00:00:00 2001
From: Krish Moodbidri <krish94@uab.edu>
Date: Fri, 18 Oct 2024 10:51:43 -0500
Subject: [PATCH 014/172] rename variables for consistency in proxy deployment
---
.gitlab-ci.yml | 42 +++++++++++++++++++++---------------------
1 file changed, 21 insertions(+), 21 deletions(-)
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index d178eed..d3549bf 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -27,14 +27,14 @@ workflow:
- if: $CI_PIPELINE_SOURCE == "web"
- if: $CI_PIPELINE_SOURCE == "schedule"
-deploy_ood_proxy_node:
+deploy_http_proxy_node:
stage: deploy
environment:
name: knightly
tags:
- build
script:
- - openstack image set --accept $PROXY_OOD_IMAGE_ID
+ - openstack image set --accept $HTTP_PROXY_IMAGE_ID
- FAILED=false
- |
cat > user_data.txt <<EOF
@@ -42,8 +42,8 @@ deploy_ood_proxy_node:
echo "$DEV_KEY" >> /root/.ssh/authorized_keys
EOF
- >
- export PROXY_OOD_INSTANCE_ID=$(openstack server create
- -c id -f value --image $PROXY_OOD_IMAGE_ID
+ export HTTP_PROXY_INSTANCE_ID=$(openstack server create
+ -c id -f value --image $HTTP_PROXY_IMAGE_ID
--network $OOD_PROXY_NETWORK
--security-group https-port
--security-group http-port
@@ -51,13 +51,13 @@ deploy_ood_proxy_node:
--user-data user_data.txt
--flavor $INSTANCE_FLAVOR
--wait
- $OOD_PROXY_INSTANCE_NAME)
- # Create and assign a floating IP
- PROXY_OOD_FLOATING_IP=$(openstack floating ip create $PKR_VAR_floating_ip_network -f value -c floating_ip_address)
- echo "Created FLOATING_IP: $PROXY_OOD_FLOATING_IP"
- # Associate the floating IP with the ood proxy instance
- openstack server add floating ip $PROXY_OOD_INSTANCE_ID $PROXY_OOD_FLOATING_IP
- echo "Associated FLOATING_IP $PROXY_OOD_FLOATING_IP with PROXY_OOD_INSTANCE_ID $PROXY_OOD_INSTANCE_ID"
+ $HTTP_PROXY_INSTANCE_NAME)
+ # Create and assign a floating IP to the HTTP Proxy instance
+ HTTP_PROXY_FLOATING_IP=$(openstack floating ip create $PKR_VAR_floating_ip_network -f value -c floating_ip_address)
+ echo "Created FLOATING_IP: $HTTP_PROXY_FLOATING_IP"
+ # Associate the floating IP with the HTTP Proxy instance
+ openstack server add floating ip $HTTP_PROXY_INSTANCE_ID $HTTP_PROXY_FLOATING_IP
+ echo "Associated FLOATING_IP $HTTP_PROXY_FLOATING_IP with HTTP_PROXY_INSTANCE_ID $HTTP_PROXY_INSTANCE_ID"
rules:
- if: $CI_PIPELINE_SOURCE == "schedule"
when: always
@@ -71,7 +71,7 @@ deploy_ssh_proxy_node:
tags:
- build
script:
- - openstack image set --accept $PROXY_SSH_IMAGE_ID
+ - openstack image set --accept $SSH_PROXY_IMAGE_ID
- FAILED=false
- |
cat > user_data.txt <<EOF
@@ -79,22 +79,22 @@ deploy_ssh_proxy_node:
echo "$DEV_KEY" >> /root/.ssh/authorized_keys
EOF
- >
- export PROXY_SSH_INSTANCE_ID=$(openstack server create
- -c id -f value --image $PROXY_SSH_IMAGE_ID
+ export SSH_PROXY_INSTANCE_ID=$(openstack server create
+ -c id -f value --image $SSH_PROXY_IMAGE_ID
--network $OOD_PROXY_NETWORK
--security-group allow-ssh
--user-data user_data.txt
--flavor $INSTANCE_FLAVOR
--wait
$SSH_PROXY_INSTANCE_NAME)
- # Create and assign a proxy ssh floating IP
- PROXY_SSH_FLOATING_IP=$(openstack floating ip create $PKR_VAR_floating_ip_network -f value -c floating_ip_address)
- echo "Created PROXY_SSH_FLOATING_IP: $PROXY_SSH_FLOATING_IP"
- # Associate the floating IP with the ssh proxy instance
- openstack server add floating ip $PROXY_SSH_INSTANCE_ID $PROXY_SSH_FLOATING_IP
- echo "Associated FLOATING_IP $PROXY_SSH_FLOATING_IP with PROXY_SSH_INSTANCE_ID $PROXY_SSH_INSTANCE_ID"
+ # Create and assign a floating IP to the SSH Proxy instance
+ SSH_PROXY_FLOATING_IP=$(openstack floating ip create $PKR_VAR_floating_ip_network -f value -c floating_ip_address)
+ echo "Created SSH_PROXY_FLOATING_IP: $SSH_PROXY_FLOATING_IP"
+ # Associate the floating IP with the SSH Proxy instance
+ openstack server add floating ip $SSH_PROXY_INSTANCE_ID $SSH_PROXY_FLOATING_IP
+ echo "Associated FLOATING_IP $SSH_PROXY_FLOATING_IP with SSH_PROXY_INSTANCE_ID $SSH_PROXY_INSTANCE_ID"
rules:
- if: $CI_PIPELINE_SOURCE == "schedule"
when: always
- if: $CI_PIPELINE_SOURCE == "web"
- when: always
+ when: always
\ No newline at end of file
--
GitLab
From 114d5bcd0427d8d56c85f200b936b062977c667b Mon Sep 17 00:00:00 2001
From: Krish Moodbidri <krish94@uab.edu>
Date: Fri, 18 Oct 2024 10:56:02 -0500
Subject: [PATCH 015/172] changed network variable to PROXY_NETWORK
---
.gitlab-ci.yml | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index d3549bf..0250ecc 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -13,7 +13,7 @@ variables:
OS_IDENTITY_API_VERSION: "3"
OS_INTERFACE: "public"
OS_REGION_NAME: "bhm1"
- OOD_PROXY_NETWORK: "proxy-net"
+ PROXY_NETWORK: "proxy-net"
GIT_AUTHOR_NAME: "Gitlab runner"
GIT_AUTHOR_EMAIL: "gitlab@runner"
DEV_KEY: "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBBXBfBmQDq1HK8U0zK6gDF0jyfWChuFYEPiRp1Wgl0XFJU7JoUngqkE/GAic8kCzKW0hPMiweSjmWdKlAapv/dk= krishmoodbidri@krishs-MacBook-Pro-3.local"
@@ -44,7 +44,7 @@ deploy_http_proxy_node:
- >
export HTTP_PROXY_INSTANCE_ID=$(openstack server create
-c id -f value --image $HTTP_PROXY_IMAGE_ID
- --network $OOD_PROXY_NETWORK
+ --network $PROXY_NETWORK
--security-group https-port
--security-group http-port
--security-group allow-ssh
@@ -81,7 +81,7 @@ deploy_ssh_proxy_node:
- >
export SSH_PROXY_INSTANCE_ID=$(openstack server create
-c id -f value --image $SSH_PROXY_IMAGE_ID
- --network $OOD_PROXY_NETWORK
+ --network $PROXY_NETWORK
--security-group allow-ssh
--user-data user_data.txt
--flavor $INSTANCE_FLAVOR
--
GitLab
From e7d9064a59c3fafc4261dbbab0003d6bb9ab3cc7 Mon Sep 17 00:00:00 2001
From: Krish Moodbidri <krish94@uab.edu>
Date: Fri, 18 Oct 2024 11:05:47 -0500
Subject: [PATCH 016/172] added default instance names for both proxy instances
---
.gitlab-ci.yml | 2 ++
1 file changed, 2 insertions(+)
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 0250ecc..5a2e43e 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -18,6 +18,8 @@ variables:
GIT_AUTHOR_EMAIL: "gitlab@runner"
DEV_KEY: "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBBXBfBmQDq1HK8U0zK6gDF0jyfWChuFYEPiRp1Wgl0XFJU7JoUngqkE/GAic8kCzKW0hPMiweSjmWdKlAapv/dk= krishmoodbidri@krishs-MacBook-Pro-3.local"
INSTANCE_FLAVOR: "m1.medium-ruffner"
+ HTTP_PROXY_INSTANCE_NAME: "http-proxy"
+ SSH_PROXY_INSTANCE_NAME: "ssh-proxy"
stages:
- deploy
--
GitLab
From 411eeffd8c9b5590c3ae75b26ddc95876ed57af9 Mon Sep 17 00:00:00 2001
From: Krish Moodbidri <krish94@uab.edu>
Date: Fri, 18 Oct 2024 11:09:10 -0500
Subject: [PATCH 017/172] fixed synatx for floating ip allocation for proxy
instances
---
.gitlab-ci.yml | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 5a2e43e..5ad2828 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -54,9 +54,11 @@ deploy_http_proxy_node:
--flavor $INSTANCE_FLAVOR
--wait
$HTTP_PROXY_INSTANCE_NAME)
+ - |
# Create and assign a floating IP to the HTTP Proxy instance
HTTP_PROXY_FLOATING_IP=$(openstack floating ip create $PKR_VAR_floating_ip_network -f value -c floating_ip_address)
echo "Created FLOATING_IP: $HTTP_PROXY_FLOATING_IP"
+ - |
# Associate the floating IP with the HTTP Proxy instance
openstack server add floating ip $HTTP_PROXY_INSTANCE_ID $HTTP_PROXY_FLOATING_IP
echo "Associated FLOATING_IP $HTTP_PROXY_FLOATING_IP with HTTP_PROXY_INSTANCE_ID $HTTP_PROXY_INSTANCE_ID"
@@ -89,9 +91,11 @@ deploy_ssh_proxy_node:
--flavor $INSTANCE_FLAVOR
--wait
$SSH_PROXY_INSTANCE_NAME)
+ - |
# Create and assign a floating IP to the SSH Proxy instance
SSH_PROXY_FLOATING_IP=$(openstack floating ip create $PKR_VAR_floating_ip_network -f value -c floating_ip_address)
echo "Created SSH_PROXY_FLOATING_IP: $SSH_PROXY_FLOATING_IP"
+ - |
# Associate the floating IP with the SSH Proxy instance
openstack server add floating ip $SSH_PROXY_INSTANCE_ID $SSH_PROXY_FLOATING_IP
echo "Associated FLOATING_IP $SSH_PROXY_FLOATING_IP with SSH_PROXY_INSTANCE_ID $SSH_PROXY_INSTANCE_ID"
--
GitLab
From 53bc639cf7703f0a914ba09d5837fe5eec4772c0 Mon Sep 17 00:00:00 2001
From: Krish Moodbidri <krish94@uab.edu>
Date: Fri, 18 Oct 2024 11:11:13 -0500
Subject: [PATCH 018/172] added PKR_VAR_floating_ip_network variable
---
.gitlab-ci.yml | 1 +
1 file changed, 1 insertion(+)
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 5ad2828..087f894 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -16,6 +16,7 @@ variables:
PROXY_NETWORK: "proxy-net"
GIT_AUTHOR_NAME: "Gitlab runner"
GIT_AUTHOR_EMAIL: "gitlab@runner"
+ PKR_VAR_floating_ip_network: "uab-campus"
DEV_KEY: "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBBXBfBmQDq1HK8U0zK6gDF0jyfWChuFYEPiRp1Wgl0XFJU7JoUngqkE/GAic8kCzKW0hPMiweSjmWdKlAapv/dk= krishmoodbidri@krishs-MacBook-Pro-3.local"
INSTANCE_FLAVOR: "m1.medium-ruffner"
HTTP_PROXY_INSTANCE_NAME: "http-proxy"
--
GitLab
From e920950b9cd547eef940f0ebbf754ad0b11b99c9 Mon Sep 17 00:00:00 2001
From: Bo-Chun Louis Chen <louistw@uab.edu>
Date: Fri, 18 Oct 2024 11:34:26 -0500
Subject: [PATCH 019/172] feat: only run deploy jobs when image id present
---
.gitlab-ci.yml | 8 ++------
1 file changed, 2 insertions(+), 6 deletions(-)
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 087f894..4f83d1e 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -64,9 +64,7 @@ deploy_http_proxy_node:
openstack server add floating ip $HTTP_PROXY_INSTANCE_ID $HTTP_PROXY_FLOATING_IP
echo "Associated FLOATING_IP $HTTP_PROXY_FLOATING_IP with HTTP_PROXY_INSTANCE_ID $HTTP_PROXY_INSTANCE_ID"
rules:
- - if: $CI_PIPELINE_SOURCE == "schedule"
- when: always
- - if: $CI_PIPELINE_SOURCE == "web"
+ - if: $PIPELINE_TARGET == "deploy" && $HTTP_PROXY_IMAGE_ID
when: always
deploy_ssh_proxy_node:
@@ -101,7 +99,5 @@ deploy_ssh_proxy_node:
openstack server add floating ip $SSH_PROXY_INSTANCE_ID $SSH_PROXY_FLOATING_IP
echo "Associated FLOATING_IP $SSH_PROXY_FLOATING_IP with SSH_PROXY_INSTANCE_ID $SSH_PROXY_INSTANCE_ID"
rules:
- - if: $CI_PIPELINE_SOURCE == "schedule"
+ - if: $PIPELINE_TARGET == "deploy" && $SSH_PROXY_IMAGE_ID
when: always
- - if: $CI_PIPELINE_SOURCE == "web"
- when: always
\ No newline at end of file
--
GitLab
From 1299d8f1cb8769ab08b7ec548cd8c213ffda94e8 Mon Sep 17 00:00:00 2001
From: Bo-Chun Louis Chen <louistw@uab.edu>
Date: Fri, 18 Oct 2024 11:35:44 -0500
Subject: [PATCH 020/172] style: remove trailing whitespace
---
.gitlab-ci.yml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 4f83d1e..8dc795d 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -49,7 +49,7 @@ deploy_http_proxy_node:
-c id -f value --image $HTTP_PROXY_IMAGE_ID
--network $PROXY_NETWORK
--security-group https-port
- --security-group http-port
+ --security-group http-port
--security-group allow-ssh
--user-data user_data.txt
--flavor $INSTANCE_FLAVOR
--
GitLab
From 286aae2127fced9f458cdc49de7fd70e2bfcf100 Mon Sep 17 00:00:00 2001
From: Krish Moodbidri <krish94@uab.edu>
Date: Fri, 18 Oct 2024 12:02:07 -0500
Subject: [PATCH 021/172] changed sec group to webserver_sec_group for http
proxy
---
.gitlab-ci.yml | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 8dc795d..6015932 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -48,8 +48,7 @@ deploy_http_proxy_node:
export HTTP_PROXY_INSTANCE_ID=$(openstack server create
-c id -f value --image $HTTP_PROXY_IMAGE_ID
--network $PROXY_NETWORK
- --security-group https-port
- --security-group http-port
+ --security-group webserver_sec_group
--security-group allow-ssh
--user-data user_data.txt
--flavor $INSTANCE_FLAVOR
--
GitLab
From 9a880dc0422a14eca221a8f4b413a6724ecaf8f9 Mon Sep 17 00:00:00 2001
From: Bo-Chun Louis Chen <louistw@uab.edu>
Date: Fri, 18 Oct 2024 12:12:49 -0500
Subject: [PATCH 022/172] fix: deploy to staging env instead of knightly
---
.gitlab-ci.yml | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 6015932..19956ed 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -33,7 +33,7 @@ workflow:
deploy_http_proxy_node:
stage: deploy
environment:
- name: knightly
+ name: staging
tags:
- build
script:
@@ -69,7 +69,7 @@ deploy_http_proxy_node:
deploy_ssh_proxy_node:
stage: deploy
environment:
- name: knightly
+ name: staging
tags:
- build
script:
--
GitLab
From add47dcd9bab1dbd753604765d8c2f940149e0d7 Mon Sep 17 00:00:00 2001
From: Bo-Chun Louis Chen <louistw@uab.edu>
Date: Fri, 18 Oct 2024 12:52:44 -0500
Subject: [PATCH 023/172] fix: ignore issue when accept image
---
.gitlab-ci.yml | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 19956ed..6936a9d 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -37,7 +37,7 @@ deploy_http_proxy_node:
tags:
- build
script:
- - openstack image set --accept $HTTP_PROXY_IMAGE_ID
+ - openstack image set --accept $HTTP_PROXY_IMAGE_ID || true
- FAILED=false
- |
cat > user_data.txt <<EOF
@@ -73,7 +73,7 @@ deploy_ssh_proxy_node:
tags:
- build
script:
- - openstack image set --accept $SSH_PROXY_IMAGE_ID
+ - openstack image set --accept $SSH_PROXY_IMAGE_ID || true
- FAILED=false
- |
cat > user_data.txt <<EOF
--
GitLab
From 7068e3bdaa69ec3e59e50cab2c57f470ed63ca7d Mon Sep 17 00:00:00 2001
From: Eesaan Atluri <atlurie@uab.edu>
Date: Wed, 2 Oct 2024 18:23:30 -0500
Subject: [PATCH 024/172] feat(proxy): Add packer template for proxy build
---
openstack-proxy/README.md | 1 +
openstack-proxy/nodeimage.pkr.hcl | 58 +++++++++++++++++
openstack-proxy/variables.pkr.hcl | 101 ++++++++++++++++++++++++++++++
3 files changed, 160 insertions(+)
create mode 100644 openstack-proxy/README.md
create mode 100644 openstack-proxy/nodeimage.pkr.hcl
create mode 100644 openstack-proxy/variables.pkr.hcl
diff --git a/openstack-proxy/README.md b/openstack-proxy/README.md
new file mode 100644
index 0000000..d9287a3
--- /dev/null
+++ b/openstack-proxy/README.md
@@ -0,0 +1 @@
+This contains packer hcl files for creating images. For documentation on packer, see [here](https://www.packer.io/docs); for information about the openstack-specific builder, see [here](https://www.packer.io/plugins/builders/openstack)
diff --git a/openstack-proxy/nodeimage.pkr.hcl b/openstack-proxy/nodeimage.pkr.hcl
new file mode 100644
index 0000000..ec858cb
--- /dev/null
+++ b/openstack-proxy/nodeimage.pkr.hcl
@@ -0,0 +1,58 @@
+packer {
+ required_plugins {
+ openstack = {
+ version = "~> 1"
+ source = "github.com/hashicorp/openstack"
+ }
+ ansible = {
+ version = "~> 1"
+ source = "github.com/hashicorp/ansible"
+ }
+ }
+}
+
+locals {
+ local_image_name = "${var.image_name}${var.image_date_suffix ? formatdate("-YYYYMMDDHHmm", timestamp()) : ""}"
+}
+
+source "openstack" "image" {
+ skip_create_image = var.skip_create_image
+ image_name = local.local_image_name
+ source_image = var.source_image
+ image_members = var.image_membership
+ image_auto_accept_members = var.auto_accept_members
+ image_tags = var.image_tags
+ image_disk_format = var.image_format
+ volume_size = var.volume_size
+ flavor = var.flavor
+ instance_name = var.build_instance_name
+ use_blockstorage_volume = true
+ floating_ip_network = var.floating_ip_network
+ networks = var.networks
+ security_groups = var.security_groups
+ ssh_username = var.ssh_username
+}
+
+build {
+ sources = ["source.openstack.image"]
+
+ provisioner "ansible" {
+ use_proxy = false
+ user = var.ssh_username
+ groups = ["proxy"]
+ playbook_file = "./ansible/cheaha.yml"
+ roles_path = "./ansible/roles"
+ ansible_env_vars = ["ANSIBLE_TIMEOUT=60"]
+ extra_arguments = [
+ "--extra-vars", "root_ssh_key='${var.root_ssh_key}'"
+ ]
+ }
+
+ provisioner "ansible" {
+ use_proxy = false
+ user = var.ssh_username
+ groups = ["proxy"]
+ ansible_env_vars = ["ANSIBLE_HOST_KEY_CHECKING=False", "ANSIBLE_RUN_TAGS=var.ANSIBLE_RUN_TAGS"]
+ playbook_file = "./CRI_XCBC/proxy.yaml"
+ }
+}
diff --git a/openstack-proxy/variables.pkr.hcl b/openstack-proxy/variables.pkr.hcl
new file mode 100644
index 0000000..c57d279
--- /dev/null
+++ b/openstack-proxy/variables.pkr.hcl
@@ -0,0 +1,101 @@
+variable "root_ssh_key" {
+ type = string
+ default = ""
+ description = "The root key to use for ssh"
+}
+
+variable "image_name" {
+ type = string
+ default = "cluster-image"
+ description = "Name of the image in openstack"
+}
+
+variable "image_format" {
+ type = string
+ default = "qcow2"
+ description = "The format of the resulting image"
+}
+
+variable "image_date_suffix" {
+ type = bool
+ default = false
+ description = "Append a date to the image name (in YYYYMMDDHHMMSS format)"
+}
+
+variable "image_tags" {
+ type = list(string)
+ default = []
+ description = "List of tags to be associated to the resulting image"
+}
+
+variable "image_membership" {
+ type = list(string)
+ default = []
+ description = "Projects/tenants to share the image in openstack with"
+}
+
+variable "auto_accept_members" {
+ type = bool
+ default = false
+ description = "A boolean value for auto accepting image in the projects/tenants defined in image_membership."
+}
+
+variable "skip_create_image" {
+ type = bool
+ default = false
+ description = "A boolean value for skipping image creation at the end of the build"
+}
+
+variable "source_image" {
+ type = string
+ default = ""
+ description = "The name of the source image to use"
+}
+
+variable "flavor" {
+ type = string
+ default = ""
+ description = "The name of the flavor to use"
+}
+
+variable "floating_ip_network" {
+ type = string
+ default = "uab-campus"
+ description = "floating ip network to use with (temporary) ip assignmnet to a vm"
+}
+
+variable "networks" {
+ type = list(string)
+ default = []
+ description = "List of network UUIDs to assign to the network"
+}
+
+variable "security_groups" {
+ type = list(string)
+ default = []
+ description = "A list of security groups to add - you should make sure ssh access is open to the machine"
+}
+
+variable "build_instance_name" {
+ type = string
+ default = "ood"
+ description = "A name of build instance used for image build"
+}
+
+variable "ssh_username" {
+ type = string
+ default = "centos"
+ description = "The default username to use for SSH"
+}
+
+variable "volume_size" {
+ type = number
+ default = 20
+ description = "The default volume size for building iamge"
+}
+
+variable "ANSIBLE_RUN_TAGS" {
+ type = list(string)
+ default = ["sshpiper"]
+ description = "Run selective roles based on the tags"
+}
--
GitLab
From a6eafaffc7f05c67fe1c57bf701671e34482995a Mon Sep 17 00:00:00 2001
From: Eesaan Atluri <atlurie@uab.edu>
Date: Sat, 5 Oct 2024 01:27:38 -0500
Subject: [PATCH 025/172] refactor: Remove tags as we use playbook for proxy
---
openstack-proxy/nodeimage.pkr.hcl | 2 +-
openstack-proxy/variables.pkr.hcl | 5 -----
2 files changed, 1 insertion(+), 6 deletions(-)
diff --git a/openstack-proxy/nodeimage.pkr.hcl b/openstack-proxy/nodeimage.pkr.hcl
index ec858cb..7dbcbbf 100644
--- a/openstack-proxy/nodeimage.pkr.hcl
+++ b/openstack-proxy/nodeimage.pkr.hcl
@@ -52,7 +52,7 @@ build {
use_proxy = false
user = var.ssh_username
groups = ["proxy"]
- ansible_env_vars = ["ANSIBLE_HOST_KEY_CHECKING=False", "ANSIBLE_RUN_TAGS=var.ANSIBLE_RUN_TAGS"]
+ ansible_env_vars = ["ANSIBLE_HOST_KEY_CHECKING=False"]
playbook_file = "./CRI_XCBC/proxy.yaml"
}
}
diff --git a/openstack-proxy/variables.pkr.hcl b/openstack-proxy/variables.pkr.hcl
index c57d279..8e78a5d 100644
--- a/openstack-proxy/variables.pkr.hcl
+++ b/openstack-proxy/variables.pkr.hcl
@@ -94,8 +94,3 @@ variable "volume_size" {
description = "The default volume size for building iamge"
}
-variable "ANSIBLE_RUN_TAGS" {
- type = list(string)
- default = ["sshpiper"]
- description = "Run selective roles based on the tags"
-}
--
GitLab
From c95aa3b09e503f18ad9d58b224e4398859223a04 Mon Sep 17 00:00:00 2001
From: Eesaan Atluri <atlurie@uab.edu>
Date: Mon, 21 Oct 2024 19:12:35 -0500
Subject: [PATCH 026/172] fix(build): Add ansible timeout for failing yum
installs
Change the default timeout from 10 secs to 60 secs to accomodate the delay for slurm pkg yum install tasks after running ldap_config role
Refer #125
---
openstack-proxy/nodeimage.pkr.hcl | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/openstack-proxy/nodeimage.pkr.hcl b/openstack-proxy/nodeimage.pkr.hcl
index 7dbcbbf..5927b83 100644
--- a/openstack-proxy/nodeimage.pkr.hcl
+++ b/openstack-proxy/nodeimage.pkr.hcl
@@ -52,7 +52,7 @@ build {
use_proxy = false
user = var.ssh_username
groups = ["proxy"]
- ansible_env_vars = ["ANSIBLE_HOST_KEY_CHECKING=False"]
+ ansible_env_vars = ["ANSIBLE_TIMEOUT=60", "ANSIBLE_HOST_KEY_CHECKING=False"]
playbook_file = "./CRI_XCBC/proxy.yaml"
}
}
--
GitLab
From 17ff86bd5909c76de8ffada59971c00ce3e289b2 Mon Sep 17 00:00:00 2001
From: Eesaan Atluri <atlurie@uab.edu>
Date: Mon, 7 Oct 2024 22:21:12 -0500
Subject: [PATCH 027/172] refactor: Move vars to appropriate group_var files
We parameterized a few tasks in the cheaha.yml and put the vars in
group_vars/all so that the existing knightly builds won't break.
We added values required for the CoD deploy in group_vars/proxy. Now if
we put the proxy nodes in proxy group they will inherit values meant for
CoD deploy which is not desired in production.
We later realized that the appropriate file is group_vars/knightly and
it gives flexibility to put proxy nodes in knightly group to override
the vars meant for CoD in group_vars/all.
---
ansible/group_vars/all | 15 ++++++++++-----
ansible/group_vars/knightly | 9 +++++++++
ansible/group_vars/proxy | 10 ----------
3 files changed, 19 insertions(+), 15 deletions(-)
create mode 100644 ansible/group_vars/knightly
delete mode 100644 ansible/group_vars/proxy
diff --git a/ansible/group_vars/all b/ansible/group_vars/all
index 7ab5405..c0b71fc 100644
--- a/ansible/group_vars/all
+++ b/ansible/group_vars/all
@@ -13,11 +13,16 @@
root_ssh_key: ""
+# cheaha.node related
hostname_lookup_table:
- - "172.20.0.24 cheaha-master02.cm.cluster cheaha-master02"
- - "172.20.0.22 cheaha-master01.cm.cluster cheaha-master01"
- - "172.20.0.25 master.cm.cluster master localmaster.cm.cluster localmaster ldapserver.cm.cluster ldapserver"
+ - "10.141.255.254 master.cm.cluster master localmaster.cm.cluster localmaster ldapserver.cm.cluster ldapserver"
- bright_openldap_path: "/cm/local/apps/openldap"
- ldap_cert_path: "{{bright_openldap_path}}/etc/certs"
+# ldap_config related
+ ldap_cert_path: "/etc/openldap/certs"
+ ldap_uri: "ldap://ldapserver"
+
+# nfs_mounts related
+ mount_points:
+ - /gpfs4
+ - /gpfs5
diff --git a/ansible/group_vars/knightly b/ansible/group_vars/knightly
new file mode 100644
index 0000000..ee662aa
--- /dev/null
+++ b/ansible/group_vars/knightly
@@ -0,0 +1,9 @@
+---
+ hostname_lookup_table:
+ - "172.20.0.24 cheaha-master02.cm.cluster cheaha-master02"
+ - "172.20.0.22 cheaha-master01.cm.cluster cheaha-master01"
+ - "172.20.0.25 master.cm.cluster master localmaster.cm.cluster localmaster ldapserver.cm.cluster ldapserver"
+
+ bright_openldap_path: "/cm/local/apps/openldap"
+ ldap_cert_path: "{{bright_openldap_path}}/etc/certs"
+ ldap_uri: "ldaps://ldapserver"
diff --git a/ansible/group_vars/proxy b/ansible/group_vars/proxy
deleted file mode 100644
index 819e47c..0000000
--- a/ansible/group_vars/proxy
+++ /dev/null
@@ -1,10 +0,0 @@
----
- hostname_lookup_table:
- - "10.141.255.254 master.cm.cluster master localmaster.cm.cluster localmaster ldapserver.cm.cluster ldapserver"
-
- ldap_cert_path: "/etc/openldap/certs"
-
- mount_points:
- - /gpfs4
- - /gpfs5
-
--
GitLab
From 673a8ebd3041d678dd9bb2abd19544363c17852a Mon Sep 17 00:00:00 2001
From: Eesaan Atluri <atlurie@uab.edu>
Date: Wed, 18 Sep 2024 21:54:29 -0500
Subject: [PATCH 028/172] refactor: Modify placeholder set for hosts during
development
We changed it to "all" because that's the convention we follow.
When running ansible playbook you need to limit the hosts with -l
so that it doesn't run on all hosts.
Some background on why it was set to default in the first place,
`hosts: default` is used as a placeholder during development
to indicate where actual host groups will later be defined.
You can define specific host groups within the inventory
file with names that are more relevant to your infrastructure,
replacing the "default" placeholder.
---
ansible/cheaha.yml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/ansible/cheaha.yml b/ansible/cheaha.yml
index bfb1af1..79b50be 100644
--- a/ansible/cheaha.yml
+++ b/ansible/cheaha.yml
@@ -1,6 +1,6 @@
---
- name: Setup node for use as a virtual cheaha node
- hosts: default
+ hosts: all
become: true
roles:
- { name: 'cheaha.node', tags: 'cheaha.node' }
--
GitLab
From 783892c154112790cdacfc9e2c7c757402e75b59 Mon Sep 17 00:00:00 2001
From: Eesaan Atluri <atlurie@uab.edu>
Date: Wed, 18 Sep 2024 22:11:12 -0500
Subject: [PATCH 029/172] feat: Add conditional in cheaha.yml for a proxy node
A proxy node need not be a slurm client so we don't run this role
---
ansible/cheaha.yml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/ansible/cheaha.yml b/ansible/cheaha.yml
index 79b50be..bd876b1 100644
--- a/ansible/cheaha.yml
+++ b/ansible/cheaha.yml
@@ -6,4 +6,4 @@
- { name: 'cheaha.node', tags: 'cheaha.node' }
- { name: 'nfs_mounts', tags: 'nfs_mounts' }
- { name: 'ldap_config', tags: 'ldap_config' }
- - { name: 'slurm_client', tags: 'slurm_client' }
+ - { name: 'slurm_client', tags: 'slurm_client', when: "'proxy' not in group_names" }
--
GitLab
From 4c1e9daf7929fd96d7d9cf7c06f4339853b144f8 Mon Sep 17 00:00:00 2001
From: Eesaan Atluri <atlurie@uab.edu>
Date: Wed, 18 Sep 2024 22:22:40 -0500
Subject: [PATCH 030/172] feat: Enable TLS in ldap depending on ldap_uri var
Enable TLS only if the ldap_uri var is having https substring in the
value
---
ansible/roles/ldap_config/tasks/main.yml | 5 +-
.../roles/ldap_config/templates/nslcd.conf.j2 | 148 ++++++++++++++++++
2 files changed, 151 insertions(+), 2 deletions(-)
create mode 100644 ansible/roles/ldap_config/templates/nslcd.conf.j2
diff --git a/ansible/roles/ldap_config/tasks/main.yml b/ansible/roles/ldap_config/tasks/main.yml
index 5b3332f..0f8db2a 100644
--- a/ansible/roles/ldap_config/tasks/main.yml
+++ b/ansible/roles/ldap_config/tasks/main.yml
@@ -33,10 +33,11 @@
- { src: ca.pem }
- { src: ldap.key }
- { src: ldap.pem }
+ when: ldap_uri | regex_search('^ldaps://')
- name: Copy ldap config into place
- ansible.builtin.copy:
- src: nslcd.conf
+ ansible.builtin.template:
+ src: nslcd.conf.j2
dest: /etc/nslcd.conf
owner: root
group: root
diff --git a/ansible/roles/ldap_config/templates/nslcd.conf.j2 b/ansible/roles/ldap_config/templates/nslcd.conf.j2
new file mode 100644
index 0000000..0d03cdf
--- /dev/null
+++ b/ansible/roles/ldap_config/templates/nslcd.conf.j2
@@ -0,0 +1,148 @@
+# This is the configuration file for the LDAP nameservice
+# switch library's nslcd daemon. It configures the mapping
+# between NSS names (see /etc/nsswitch.conf) and LDAP
+# information in the directory.
+# See the manual page nslcd.conf(5) for more information.
+
+# The user and group nslcd should run as.
+uid nslcd
+gid ldap
+
+# The uri pointing to the LDAP server to use for name lookups.
+# Multiple entries may be specified. The address that is used
+# here should be resolvable without using LDAP (obviously).
+#uri ldap://127.0.0.1/
+#uri ldaps://127.0.0.1/
+#uri ldapi://%2fvar%2frun%2fldapi_sock/
+# Note: %2f encodes the '/' used as directory separator
+uri {{ ldap_uri }}
+
+# The LDAP version to use (defaults to 3
+# if supported by client library)
+#ldap_version 3
+
+# The distinguished name of the search base.
+base dc=cm,dc=cluster
+
+# The distinguished name to bind to the server with.
+# Optional: default is to bind anonymously.
+#binddn cn=proxyuser,dc=example,dc=com
+
+# The credentials to bind with.
+# Optional: default is no credentials.
+# Note that if you set a bindpw you should check the permissions of this file.
+#bindpw secret
+
+# The distinguished name to perform password modifications by root by.
+#rootpwmoddn cn=admin,dc=example,dc=com
+
+# The default search scope.
+#scope sub
+#scope one
+#scope base
+
+# Customize certain database lookups.
+#base group ou=Groups,dc=example,dc=com
+#base passwd ou=People,dc=example,dc=com
+#base shadow ou=People,dc=example,dc=com
+#scope group onelevel
+#scope hosts sub
+
+# Bind/connect timelimit.
+#bind_timelimit 30
+
+# Search timelimit.
+#timelimit 30
+
+# Idle timelimit. nslcd will close connections if the
+# server has not been contacted for the number of seconds.
+idle_timelimit 240
+
+# Use StartTLS without verifying the server certificate.
+#ssl start_tls
+#tls_reqcert never
+
+{% if ldap_uri | regex_search('^ldaps://') %}
+ssl on
+tls_reqcert demand
+
+# CA certificates for server certificate verification
+#tls_cacertdir /etc/ssl/certs
+tls_cacertfile /cm/local/apps/openldap/etc/certs/ca.pem
+tls_cert /cm/local/apps/openldap/etc/certs/ldap.pem
+tls_key /cm/local/apps/openldap/etc/certs/ldap.key
+{% endif %}
+
+# Seed the PRNG if /dev/urandom is not provided
+#tls_randfile /var/run/egd-pool
+
+# SSL cipher suite
+# See man ciphers for syntax
+#tls_ciphers TLSv1
+
+# Client certificate and key
+# Use these, if your server requires client authentication.
+
+# Mappings for Services for UNIX 3.5
+#filter passwd (objectClass=User)
+#map passwd uid msSFU30Name
+#map passwd userPassword msSFU30Password
+#map passwd homeDirectory msSFU30HomeDirectory
+#map passwd homeDirectory msSFUHomeDirectory
+#filter shadow (objectClass=User)
+#map shadow uid msSFU30Name
+#map shadow userPassword msSFU30Password
+#filter group (objectClass=Group)
+#map group member msSFU30PosixMember
+
+# Mappings for Services for UNIX 2.0
+#filter passwd (objectClass=User)
+#map passwd uid msSFUName
+#map passwd userPassword msSFUPassword
+#map passwd homeDirectory msSFUHomeDirectory
+#map passwd gecos msSFUName
+#filter shadow (objectClass=User)
+#map shadow uid msSFUName
+#map shadow userPassword msSFUPassword
+#map shadow shadowLastChange pwdLastSet
+#filter group (objectClass=Group)
+#map group member posixMember
+
+# Mappings for Active Directory
+#pagesize 1000
+#referrals off
+#idle_timelimit 800
+#filter passwd (&(objectClass=user)(!(objectClass=computer))(uidNumber=*)(unixHomeDirectory=*))
+#map passwd uid sAMAccountName
+#map passwd homeDirectory unixHomeDirectory
+#map passwd gecos displayName
+#filter shadow (&(objectClass=user)(!(objectClass=computer))(uidNumber=*)(unixHomeDirectory=*))
+#map shadow uid sAMAccountName
+#map shadow shadowLastChange pwdLastSet
+#filter group (objectClass=group)
+
+# Alternative mappings for Active Directory
+# (replace the SIDs in the objectSid mappings with the value for your domain)
+#pagesize 1000
+#referrals off
+#idle_timelimit 800
+#filter passwd (&(objectClass=user)(objectClass=person)(!(objectClass=computer)))
+#map passwd uid cn
+#map passwd uidNumber objectSid:S-1-5-21-3623811015-3361044348-30300820
+#map passwd gidNumber objectSid:S-1-5-21-3623811015-3361044348-30300820
+#map passwd homeDirectory "/home/$cn"
+#map passwd gecos displayName
+#map passwd loginShell "/bin/bash"
+#filter group (|(objectClass=group)(objectClass=person))
+#map group gidNumber objectSid:S-1-5-21-3623811015-3361044348-30300820
+
+# Mappings for AIX SecureWay
+#filter passwd (objectClass=aixAccount)
+#map passwd uid userName
+#map passwd userPassword passwordChar
+#map passwd uidNumber uid
+#map passwd gidNumber gid
+#filter group (objectClass=aixAccessGroup)
+#map group cn groupName
+#map group gidNumber gid
+# This comment prevents repeated auto-migration of settings.
--
GitLab
From 229f0e19d59c44a15b810819c48cd126a2b6afec Mon Sep 17 00:00:00 2001
From: Eesaan Atluri <atlurie@uab.edu>
Date: Sat, 5 Oct 2024 01:23:02 -0500
Subject: [PATCH 031/172] fix(proxy): add role to fix yum failures
---
ansible/cheaha.yml | 1 +
1 file changed, 1 insertion(+)
diff --git a/ansible/cheaha.yml b/ansible/cheaha.yml
index bd876b1..0f283d2 100644
--- a/ansible/cheaha.yml
+++ b/ansible/cheaha.yml
@@ -3,6 +3,7 @@
hosts: all
become: true
roles:
+ - { name: 'fix_centos_repo', tags: 'fix_centos_repo' }
- { name: 'cheaha.node', tags: 'cheaha.node' }
- { name: 'nfs_mounts', tags: 'nfs_mounts' }
- { name: 'ldap_config', tags: 'ldap_config' }
--
GitLab
From 423e686eb9e1b8ae3ebd9af22da952d5976941fa Mon Sep 17 00:00:00 2001
From: Eesaan Atluri <atlurie@uab.edu>
Date: Tue, 22 Oct 2024 18:14:41 -0500
Subject: [PATCH 032/172] refactor: knightly is specific to OOD, so rename file
---
ansible/group_vars/{knightly => prod} | 0
1 file changed, 0 insertions(+), 0 deletions(-)
rename ansible/group_vars/{knightly => prod} (100%)
diff --git a/ansible/group_vars/knightly b/ansible/group_vars/prod
similarity index 100%
rename from ansible/group_vars/knightly
rename to ansible/group_vars/prod
--
GitLab
From 856ba0f9c2a25331ec5fe95dcf8002bd64f66485 Mon Sep 17 00:00:00 2001
From: Eesaan Atluri <atlurie@uab.edu>
Date: Wed, 23 Oct 2024 11:50:13 -0500
Subject: [PATCH 033/172] feat: Move clusterhooks to deploy stage
---
openstack-proxy/nodeimage.pkr.hcl | 12 ------------
1 file changed, 12 deletions(-)
diff --git a/openstack-proxy/nodeimage.pkr.hcl b/openstack-proxy/nodeimage.pkr.hcl
index 5927b83..02e94da 100644
--- a/openstack-proxy/nodeimage.pkr.hcl
+++ b/openstack-proxy/nodeimage.pkr.hcl
@@ -36,18 +36,6 @@ source "openstack" "image" {
build {
sources = ["source.openstack.image"]
- provisioner "ansible" {
- use_proxy = false
- user = var.ssh_username
- groups = ["proxy"]
- playbook_file = "./ansible/cheaha.yml"
- roles_path = "./ansible/roles"
- ansible_env_vars = ["ANSIBLE_TIMEOUT=60"]
- extra_arguments = [
- "--extra-vars", "root_ssh_key='${var.root_ssh_key}'"
- ]
- }
-
provisioner "ansible" {
use_proxy = false
user = var.ssh_username
--
GitLab
From 377beaa7106c9ac0ec568e62efc8ff52c24d7dfc Mon Sep 17 00:00:00 2001
From: Bo-Chun Louis Chen <louistw@uab.edu>
Date: Wed, 23 Oct 2024 12:03:47 -0500
Subject: [PATCH 034/172] refactor: use variable to decide if we want autofs
mount
---
ansible/group_vars/all | 1 +
ansible/roles/nfs_mounts/tasks/main.yml | 4 ++--
2 files changed, 3 insertions(+), 2 deletions(-)
diff --git a/ansible/group_vars/all b/ansible/group_vars/all
index c0b71fc..c3cb579 100644
--- a/ansible/group_vars/all
+++ b/ansible/group_vars/all
@@ -22,6 +22,7 @@
ldap_uri: "ldap://ldapserver"
# nfs_mounts related
+ use_autofs: false
mount_points:
- /gpfs4
- /gpfs5
diff --git a/ansible/roles/nfs_mounts/tasks/main.yml b/ansible/roles/nfs_mounts/tasks/main.yml
index d99aefe..507f4c6 100644
--- a/ansible/roles/nfs_mounts/tasks/main.yml
+++ b/ansible/roles/nfs_mounts/tasks/main.yml
@@ -1,8 +1,8 @@
---
- name: nfs_mounts using fstab
include_tasks: fstab.yml
- when: "'proxy' in group_names"
+ when: not use_autofs
- name: nfs_mounts using autofs
include_tasks: autofs.yml
- when: "'proxy' not in group_names"
+ when: use_autofs
--
GitLab
From 72d760441d57aed9af1090749f50df3182aeb997 Mon Sep 17 00:00:00 2001
From: Bo-Chun Louis Chen <louistw@uab.edu>
Date: Wed, 23 Oct 2024 12:09:33 -0500
Subject: [PATCH 035/172] refactor: use variable to decide if we want slurm
client
---
ansible/cheaha.yml | 2 +-
ansible/group_vars/all | 1 +
2 files changed, 2 insertions(+), 1 deletion(-)
diff --git a/ansible/cheaha.yml b/ansible/cheaha.yml
index 0f283d2..910268e 100644
--- a/ansible/cheaha.yml
+++ b/ansible/cheaha.yml
@@ -7,4 +7,4 @@
- { name: 'cheaha.node', tags: 'cheaha.node' }
- { name: 'nfs_mounts', tags: 'nfs_mounts' }
- { name: 'ldap_config', tags: 'ldap_config' }
- - { name: 'slurm_client', tags: 'slurm_client', when: "'proxy' not in group_names" }
+ - { name: 'slurm_client', tags: 'slurm_client', when: enable_slurm_client }
diff --git a/ansible/group_vars/all b/ansible/group_vars/all
index c3cb579..d1d270f 100644
--- a/ansible/group_vars/all
+++ b/ansible/group_vars/all
@@ -4,6 +4,7 @@
yum_repo_files: []
pkg_list: []
slurm_version: 18.08.9
+ enable_slurm_client: false
# NHC related
nhc_download_url: "https://github.com/mej/nhc/releases/download/1.4.3/lbnl-nhc-1.4.3-1.el7.noarch.rpm"
--
GitLab
From ad7cd6fd3b583b09fcbbcc751f4acd54fbc17a41 Mon Sep 17 00:00:00 2001
From: Eesaan Atluri <atlurie@uab.edu>
Date: Wed, 23 Oct 2024 00:43:48 -0500
Subject: [PATCH 036/172] ci: Add ci jobs to build http and ssh proxy images
---
.gitlab-ci.yml | 109 ++++++++++++++++++++++++++++++++++++++++++++++++-
1 file changed, 108 insertions(+), 1 deletion(-)
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 6936a9d..c430636 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -14,15 +14,23 @@ variables:
OS_INTERFACE: "public"
OS_REGION_NAME: "bhm1"
PROXY_NETWORK: "proxy-net"
+ PKR_VAR_flavor: "m1.medium-ruffner"
+ PKR_VAR_source_image: "CentOS-7-x86_64-GenericCloud-2009"
+ PKR_VAR_floating_ip_network: "uab-campus"
+ PKR_VAR_security_groups: '["allow-ssh"]'
+ PKR_VAR_skip_create_image: "false"
+ PKR_VAR_ssh_username: "centos"
+ PKR_VAR_networks: '["8cf2f12e-905d-46d9-bc70-b0897c65f75a"]'
GIT_AUTHOR_NAME: "Gitlab runner"
GIT_AUTHOR_EMAIL: "gitlab@runner"
- PKR_VAR_floating_ip_network: "uab-campus"
+ PKR_VAR_root_ssh_key: "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBAFqqWgmYpEaGtHBeTu27ntVJpYjwq/x5aBefrvfhk8Z9lE3cuZ26vJ9n/9tGE4Zn2Pew1mpZgi6PzfJ3vMt8yA= root@master"
DEV_KEY: "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBBXBfBmQDq1HK8U0zK6gDF0jyfWChuFYEPiRp1Wgl0XFJU7JoUngqkE/GAic8kCzKW0hPMiweSjmWdKlAapv/dk= krishmoodbidri@krishs-MacBook-Pro-3.local"
INSTANCE_FLAVOR: "m1.medium-ruffner"
HTTP_PROXY_INSTANCE_NAME: "http-proxy"
SSH_PROXY_INSTANCE_NAME: "ssh-proxy"
stages:
+ - build
- deploy
workflow:
@@ -30,6 +38,105 @@ workflow:
- if: $CI_PIPELINE_SOURCE == "web"
- if: $CI_PIPELINE_SOURCE == "schedule"
+.get_build_date: &get_build_date
+ - export BUILD_DATE=$(TZ=America/Chicago date +%Y-%m-%dT%H%M%S)
+ - echo BUILD_DATE=${BUILD_DATE}
+
+.update_ansible_repo: &update_ansible_repo
+ - *get_build_date
+ - |
+ if [ ! -d $CI_PROJECT_DIR/CRI_XCBC ]; then
+ git clone https://github.com/uabrc/CRI_XCBC.git
+ cd CRI_XCBC
+ git remote add upstream https://github.com/jprorama/CRI_XCBC.git
+ cd ..
+ fi
+ - cd CRI_XCBC
+ - git config user.name "${GIT_AUTHOR_NAME}"
+ - git config user.email "${GIT_AUTHOR_EMAIL}"
+ - git fetch origin uab-prod
+ - git fetch upstream dev
+ - git checkout uab-prod
+ - git merge origin/uab-prod
+ - git checkout -b integration
+ - git merge upstream/dev
+ - export CRI_XCBC_HEAD=$(git rev-parse --short HEAD)
+ - export CRI_XCBC_dev=$(git rev-parse --short upstream/dev)
+ - export CRI_XCBC_prod=$(git rev-parse --short origin/uab-prod)
+ - cd ..
+ - export PACKER_IMAGE_HEAD=$(git rev-parse --short HEAD)
+ - echo CRI_XCBC_HEAD=${CRI_XCBC_HEAD} | tee -a $CI_PROJECT_DIR/image.env
+ - echo CRI_XCBC_dev=${CRI_XCBC_dev} | tee -a $CI_PROJECT_DIR/image.env
+ - echo CRI_XCBC_prod=${CRI_XCBC_prod} | tee -a $CI_PROJECT_DIR/image.env
+ - echo PACKER_IMAGE_HEAD=${PACKER_IMAGE_HEAD} | tee -a $CI_PROJECT_DIR/image.env
+
+.get_ansible_files: &get_ansible_files
+ - s3cmd get --force -r --host=$AWS_HOST --host-bucket=$AWS_HOST s3://cheaha-cloud-ansible-files/ ansible/files/
+
+.build_proxy_image_template: &build_proxy_image_template
+ script:
+ - *update_ansible_repo
+ - *get_ansible_files
+ # packer vars for job env
+ - export PKR_VAR_flavor="${PROXY_BUILD_FLAVOR:-$PKR_VAR_flavor}"
+ - export PKR_VAR_build_instance_name="${PROXY_NAME}-${CRI_XCBC_HEAD}"
+ - export PKR_VAR_image_date_suffix=false
+ - |
+ if [ $CI_PIPELINE_SOURCE == 'merge_request_event' ]; then
+ export PKR_VAR_image_name="${PROXY_NAME}-PR-${CI_MERGE_REQUEST_IID}"
+ elif [ $CI_PIPELINE_SOURCE == 'schedule' ]; then
+ export PKR_VAR_image_name="PROXY-${BUILD_DATE}"
+ fi
+ # Ansible var overrides
+ - |
+ if [ -n "${PROXY_ENABLE_VAR}" ]; then
+ sed -i -E "s/(${PROXY_ENABLE_VAR}: ).*/\1true/" CRI_XCBC/group_vars/all
+ fi
+ - 'sed -i -E "s|(s3_endpoint: ).*|\1\"${S3_ENDPOINT}\"|" CRI_XCBC/group_vars/all'
+ - 'sed -i -E "s/(lts_access_key: ).*/\1\"${AWS_ACCESS_KEY_ID}\"/" CRI_XCBC/group_vars/all'
+ - 'sed -i -E "s/(lts_secret_key: ).*/\1\"${AWS_SECRET_ACCESS_KEY}\"/" CRI_XCBC/group_vars/all'
+ - 'sed -i -E "s/(s3_shibboleth_bucket_name: ).*/\1\"${S3_SHIBBOLETH_BUCKET_NAME}\"/" CRI_XCBC/group_vars/all'
+ - 'sed -i -E "s/(s3_shibboleth_object_name: ).*/\1\"${S3_SHIBBOLETH_OBJECT_NAME}\"/" CRI_XCBC/group_vars/all'
+ - 'sed -i -E "s|(ssh_pub_key: ).*|\1\"{{ lookup(''file'', ''${SSH_PUB_KEY}'') }}\"|" CRI_XCBC/group_vars/all'
+ # packer commands
+ - packer init openstack-proxy
+ - packer validate openstack-proxy
+ - packer build -machine-readable openstack-proxy | tee proxy_build.log
+ - export BUILT_PROXY_IMAGE_ID=$(grep 'Image:' proxy_build.log | awk '{print $4}')
+ - echo BUILT_PROXY_IMAGE_ID=${BUILT_PROXY_IMAGE_ID} | tee -a $CI_PROJECT_DIR/image.env
+ - openstack image set --property CRI_XCBC_prod=${CRI_XCBC_prod} --property CRI_XCBC_dev=${CRI_XCBC_dev} --property PACKER_IMAGE_HEAD=${PACKER_IMAGE_HEAD} ${BUILT_PROXY_IMAGE_ID}
+ artifacts:
+ reports:
+ dotenv: image.env
+
+build_http_proxy_image:
+ stage: build
+ environment:
+ name: $ENV
+ tags:
+ - build
+ variables:
+ PROXY_NAME: "http-proxy"
+ PROXY_ENABLE_VAR: "enable_ood_proxy"
+ <<: *build_proxy_image_template
+ rules:
+ - if: $PIPELINE_TARGET == "build" && $BUILD_TARGET
+ when: always
+
+build_ssh_proxy_image:
+ stage: build
+ environment:
+ name: $ENV
+ tags:
+ - build
+ variables:
+ PROXY_NAME: "ssh-proxy"
+ PROXY_ENABLE_VAR: "enable_sshpiper"
+ <<: *build_proxy_image_template
+ rules:
+ - if: $PIPELINE_TARGET == "build" && $BUILD_TARGET
+ when: always
+
deploy_http_proxy_node:
stage: deploy
environment:
--
GitLab
From 76fd6246b68f0611fb5330599499b67ae792142d Mon Sep 17 00:00:00 2001
From: Eesaan Atluri <atlurie@uab.edu>
Date: Thu, 24 Oct 2024 19:05:04 -0500
Subject: [PATCH 037/172] feat: Improve naming for image built via schedule
---
.gitlab-ci.yml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index c430636..e4d6eff 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -85,7 +85,7 @@ workflow:
if [ $CI_PIPELINE_SOURCE == 'merge_request_event' ]; then
export PKR_VAR_image_name="${PROXY_NAME}-PR-${CI_MERGE_REQUEST_IID}"
elif [ $CI_PIPELINE_SOURCE == 'schedule' ]; then
- export PKR_VAR_image_name="PROXY-${BUILD_DATE}"
+ export PKR_VAR_image_name="${PROXY_NAME}-${BUILD_DATE}"
fi
# Ansible var overrides
- |
--
GitLab
From 8694aded656d2390eb784f3c9a578cab975ba05c Mon Sep 17 00:00:00 2001
From: Eesaan Atluri <atlurie@uab.edu>
Date: Wed, 23 Oct 2024 15:58:22 -0500
Subject: [PATCH 038/172] feat: Add shell provisioner to fix yum base url
fix yum install failures by fixing the baseurl via shell provisioners
temporarily until we upgrade the base OS
---
openstack-proxy/nodeimage.pkr.hcl | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/openstack-proxy/nodeimage.pkr.hcl b/openstack-proxy/nodeimage.pkr.hcl
index 02e94da..8d700c0 100644
--- a/openstack-proxy/nodeimage.pkr.hcl
+++ b/openstack-proxy/nodeimage.pkr.hcl
@@ -36,6 +36,13 @@ source "openstack" "image" {
build {
sources = ["source.openstack.image"]
+ provisioner "shell" {
+ inline = [
+ "sed -i 's/^mirrorlist/#mirrorlist/g' /etc/yum.repos.d/CentOS-*",
+ "sed -i 's|#baseurl=http://mirror.centos.org|baseurl=http://vault.centos.org|g' /etc/yum.repos.d/CentOS-*"
+ ]
+ }
+
provisioner "ansible" {
use_proxy = false
user = var.ssh_username
--
GitLab
From e59f35f9fcdd6fab2377df7872aa19615f53df8b Mon Sep 17 00:00:00 2001
From: Eesaan Atluri <atlurie@uab.edu>
Date: Thu, 24 Oct 2024 11:35:24 -0500
Subject: [PATCH 039/172] feat: Options for verbosity,debug ansible provisioner
---
openstack-proxy/nodeimage.pkr.hcl | 8 +++++++-
openstack-proxy/variables.pkr.hcl | 12 ++++++++++++
2 files changed, 19 insertions(+), 1 deletion(-)
diff --git a/openstack-proxy/nodeimage.pkr.hcl b/openstack-proxy/nodeimage.pkr.hcl
index 8d700c0..18c195e 100644
--- a/openstack-proxy/nodeimage.pkr.hcl
+++ b/openstack-proxy/nodeimage.pkr.hcl
@@ -47,7 +47,13 @@ build {
use_proxy = false
user = var.ssh_username
groups = ["proxy"]
- ansible_env_vars = ["ANSIBLE_TIMEOUT=60", "ANSIBLE_HOST_KEY_CHECKING=False"]
+ ansible_env_vars = [
+ "ANSIBLE_TIMEOUT=60",
+ "ANSIBLE_HOST_KEY_CHECKING=False",
+ "ANSIBLE_VERBOSITY=${var.ANSIBLE_VERBOSITY}",
+ "ANSIBLE_DEBUG=${var.ANSIBLE_DEBUG}",
+ "ANSIBLE_FORCE_COLOR=true"
+ ]
playbook_file = "./CRI_XCBC/proxy.yaml"
}
}
diff --git a/openstack-proxy/variables.pkr.hcl b/openstack-proxy/variables.pkr.hcl
index 8e78a5d..9215362 100644
--- a/openstack-proxy/variables.pkr.hcl
+++ b/openstack-proxy/variables.pkr.hcl
@@ -94,3 +94,15 @@ variable "volume_size" {
description = "The default volume size for building iamge"
}
+variable "ANSIBLE_DEBUG" {
+ type = string
+ default = "false"
+ description = "to turn on debugging"
+}
+
+variable "ANSIBLE_VERBOSITY" {
+ type = string
+ default = "0"
+ description = "to increase verbosity - 0|1|2|3|4"
+}
+
--
GitLab
From adbace7ed19935c63e86e1398d276708f45720f5 Mon Sep 17 00:00:00 2001
From: Eesaan Atluri <atlurie@uab.edu>
Date: Thu, 24 Oct 2024 18:41:05 -0500
Subject: [PATCH 040/172] feat: Allow editing yum repo file by adding sudo
---
openstack-proxy/nodeimage.pkr.hcl | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/openstack-proxy/nodeimage.pkr.hcl b/openstack-proxy/nodeimage.pkr.hcl
index 18c195e..d20c2c7 100644
--- a/openstack-proxy/nodeimage.pkr.hcl
+++ b/openstack-proxy/nodeimage.pkr.hcl
@@ -38,8 +38,8 @@ build {
provisioner "shell" {
inline = [
- "sed -i 's/^mirrorlist/#mirrorlist/g' /etc/yum.repos.d/CentOS-*",
- "sed -i 's|#baseurl=http://mirror.centos.org|baseurl=http://vault.centos.org|g' /etc/yum.repos.d/CentOS-*"
+ "sudo sed -i 's/^mirrorlist/#mirrorlist/g' /etc/yum.repos.d/CentOS-*",
+ "sudo sed -i 's|#baseurl=http://mirror.centos.org|baseurl=http://vault.centos.org|g' /etc/yum.repos.d/CentOS-*"
]
}
--
GitLab
From 14ce98438a104ee903e2b63a2034802832306cb9 Mon Sep 17 00:00:00 2001
From: Eesaan Atluri <atlurie@uab.edu>
Date: Thu, 24 Oct 2024 21:33:16 -0500
Subject: [PATCH 041/172] feat: Install packages used in depoy pipeline
---
openstack-proxy/nodeimage.pkr.hcl | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/openstack-proxy/nodeimage.pkr.hcl b/openstack-proxy/nodeimage.pkr.hcl
index d20c2c7..54967da 100644
--- a/openstack-proxy/nodeimage.pkr.hcl
+++ b/openstack-proxy/nodeimage.pkr.hcl
@@ -39,7 +39,11 @@ build {
provisioner "shell" {
inline = [
"sudo sed -i 's/^mirrorlist/#mirrorlist/g' /etc/yum.repos.d/CentOS-*",
- "sudo sed -i 's|#baseurl=http://mirror.centos.org|baseurl=http://vault.centos.org|g' /etc/yum.repos.d/CentOS-*"
+ "sudo sed -i 's|#baseurl=http://mirror.centos.org|baseurl=http://vault.centos.org|g' /etc/yum.repos.d/CentOS-*",
+ "sudo yum install -y epel-release",
+ "sudo yum install -y libselinux-python3 python3 tmux vim git bash-completion curl wget unzip",
+ "sudo python3 -m pip install --upgrade pip",
+ "sudo pip3 install s3cmd==2.3.0 ansible==4.10.0 python-openstackclient==5.8.0"
]
}
--
GitLab
From 915a28a769bc275a62857559f9d7f544d1f1b1a7 Mon Sep 17 00:00:00 2001
From: Eesaan Atluri <atlurie@uab.edu>
Date: Fri, 25 Oct 2024 12:11:57 -0500
Subject: [PATCH 042/172] refactor: Remove root pub key as it's deploy time var
---
.gitlab-ci.yml | 1 -
1 file changed, 1 deletion(-)
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index e4d6eff..092d212 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -23,7 +23,6 @@ variables:
PKR_VAR_networks: '["8cf2f12e-905d-46d9-bc70-b0897c65f75a"]'
GIT_AUTHOR_NAME: "Gitlab runner"
GIT_AUTHOR_EMAIL: "gitlab@runner"
- PKR_VAR_root_ssh_key: "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBAFqqWgmYpEaGtHBeTu27ntVJpYjwq/x5aBefrvfhk8Z9lE3cuZ26vJ9n/9tGE4Zn2Pew1mpZgi6PzfJ3vMt8yA= root@master"
DEV_KEY: "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBBXBfBmQDq1HK8U0zK6gDF0jyfWChuFYEPiRp1Wgl0XFJU7JoUngqkE/GAic8kCzKW0hPMiweSjmWdKlAapv/dk= krishmoodbidri@krishs-MacBook-Pro-3.local"
INSTANCE_FLAVOR: "m1.medium-ruffner"
HTTP_PROXY_INSTANCE_NAME: "http-proxy"
--
GitLab
From 985552c9956048617c206b351aef7d155cb1567f Mon Sep 17 00:00:00 2001
From: Eesaan Atluri <atlurie@uab.edu>
Date: Tue, 29 Oct 2024 02:43:51 -0400
Subject: [PATCH 043/172] feat: Run clusterhooks at deploy time for proxies
We are providing hooks into the cluster we need at deploy time rather
than baking them at build time.
This will enable us to build once and deploy across multiple clusters.
Otherwise, we need to build image whenever you need to deploy to a
different cluster.
---
.gitlab-ci.yml | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 092d212..e52aa29 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -149,6 +149,11 @@ deploy_http_proxy_node:
cat > user_data.txt <<EOF
#!/bin/bash
echo "$DEV_KEY" >> /root/.ssh/authorized_keys
+ git clone ${CI_REPOSITORY_URL} /tmp/${CI_PROJECT_NAME}
+ cd /tmp/${CI_PROJECT_NAME}
+ git checkout ${CI_COMMIT_REF_NAME}
+ ansible-playbook -c local -i 127.0.0.1, ansible/cheaha.yml | tee -a ansible.log
+ rm -rf /tmp/${CI_PROJECT_NAME}
EOF
- >
export HTTP_PROXY_INSTANCE_ID=$(openstack server create
@@ -185,6 +190,11 @@ deploy_ssh_proxy_node:
cat > user_data.txt <<EOF
#!/bin/bash
echo "$DEV_KEY" >> /root/.ssh/authorized_keys
+ git clone ${CI_REPOSITORY_URL} /tmp/${CI_PROJECT_NAME}
+ cd /tmp/${CI_PROJECT_NAME}
+ git checkout ${CI_COMMIT_REF_NAME}
+ ansible-playbook -c local -i 127.0.0.1, ansible/cheaha.yml | tee -a ansible.log
+ rm -rf /tmp/${CI_PROJECT_NAME}
EOF
- >
export SSH_PROXY_INSTANCE_ID=$(openstack server create
--
GitLab
From eded233bdc7b71c241849a5dd4c8477822f12475 Mon Sep 17 00:00:00 2001
From: Eesaan Atluri <atlurie@uab.edu>
Date: Tue, 29 Oct 2024 21:18:55 -0400
Subject: [PATCH 044/172] feat: Retry task until success
---
ansible/roles/cheaha.node/tasks/main.yml | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/ansible/roles/cheaha.node/tasks/main.yml b/ansible/roles/cheaha.node/tasks/main.yml
index c5a171f..12f098d 100644
--- a/ansible/roles/cheaha.node/tasks/main.yml
+++ b/ansible/roles/cheaha.node/tasks/main.yml
@@ -34,3 +34,7 @@
- name: Set timezone to America/Chicago
community.general.timezone:
name: America/Chicago
+ retries: 3
+ delay: 3
+ register: result
+ until: not result.failed
--
GitLab
From 66e10ea9229c75de194e1497e9c93ec1208786c3 Mon Sep 17 00:00:00 2001
From: Eesaan Atluri <atlurie@uab.edu>
Date: Wed, 30 Oct 2024 22:14:26 -0400
Subject: [PATCH 045/172] feat: Change path to avoid ansible log deletion
---
.gitlab-ci.yml | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index e52aa29..b626cd1 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -152,7 +152,7 @@ deploy_http_proxy_node:
git clone ${CI_REPOSITORY_URL} /tmp/${CI_PROJECT_NAME}
cd /tmp/${CI_PROJECT_NAME}
git checkout ${CI_COMMIT_REF_NAME}
- ansible-playbook -c local -i 127.0.0.1, ansible/cheaha.yml | tee -a ansible.log
+ ansible-playbook -c local -i 127.0.0.1, ansible/cheaha.yml | tee -a /tmp/ansible.log
rm -rf /tmp/${CI_PROJECT_NAME}
EOF
- >
@@ -193,7 +193,7 @@ deploy_ssh_proxy_node:
git clone ${CI_REPOSITORY_URL} /tmp/${CI_PROJECT_NAME}
cd /tmp/${CI_PROJECT_NAME}
git checkout ${CI_COMMIT_REF_NAME}
- ansible-playbook -c local -i 127.0.0.1, ansible/cheaha.yml | tee -a ansible.log
+ ansible-playbook -c local -i 127.0.0.1, ansible/cheaha.yml | tee -a /tmp/ansible.log
rm -rf /tmp/${CI_PROJECT_NAME}
EOF
- >
--
GitLab
From 5d6b1f151ce01b32b495ecf1b7354ff561b73089 Mon Sep 17 00:00:00 2001
From: Eesaan Atluri <atlurie@uab.edu>
Date: Thu, 31 Oct 2024 00:10:39 -0400
Subject: [PATCH 046/172] feat: Create multi homed proxy with fixed internal IP
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
We wanted to create a multi-homed instance connected to proxy-net and
internal-net because the nfs-mounts are shared via internal net by the server.
However, the NIC on internal-net wasn’t getting an IP assigned automatically
and this was creating an issue for NFS server to communicate with the clients.
So we created a port and assigned that port during instance creation
---
.gitlab-ci.yml | 14 ++++++++++++++
1 file changed, 14 insertions(+)
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index b626cd1..5d0c81b 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -155,10 +155,17 @@ deploy_http_proxy_node:
ansible-playbook -c local -i 127.0.0.1, ansible/cheaha.yml | tee -a /tmp/ansible.log
rm -rf /tmp/${CI_PROJECT_NAME}
EOF
+ - >
+ export HTTP_PROXY_INSTANCE_PORT=$(openstack port create
+ -c id -f value --network $INTERNALNET
+ --fixed-ip subnet=$INTERNALNET_SN,ip-address=$INTERNALNET_IP
+ --disable-port-security
+ ${HTTP_PROXY_INSTANCE_NAME}_internal_port)
- >
export HTTP_PROXY_INSTANCE_ID=$(openstack server create
-c id -f value --image $HTTP_PROXY_IMAGE_ID
--network $PROXY_NETWORK
+ --port $HTTP_PROXY_INSTANCE_PORT
--security-group webserver_sec_group
--security-group allow-ssh
--user-data user_data.txt
@@ -196,10 +203,17 @@ deploy_ssh_proxy_node:
ansible-playbook -c local -i 127.0.0.1, ansible/cheaha.yml | tee -a /tmp/ansible.log
rm -rf /tmp/${CI_PROJECT_NAME}
EOF
+ - >
+ export SSH_PROXY_INSTANCE_PORT=$(openstack port create
+ -c id -f value --network $INTERNALNET
+ --fixed-ip subnet=$INTERNALNET_SN,ip-address=$INTERNALNET_IP
+ --disable-port-security
+ ${SSH_PROXY_INSTANCE_NAME}_internal_port)
- >
export SSH_PROXY_INSTANCE_ID=$(openstack server create
-c id -f value --image $SSH_PROXY_IMAGE_ID
--network $PROXY_NETWORK
+ --port $SSH_PROXY_INSTANCE_PORT
--security-group allow-ssh
--user-data user_data.txt
--flavor $INSTANCE_FLAVOR
--
GitLab
From d58a3531ed59dd56bd49f452a73a092149feceb3 Mon Sep 17 00:00:00 2001
From: Eesaan Atluri <atlurie@uab.edu>
Date: Thu, 31 Oct 2024 15:13:16 -0400
Subject: [PATCH 047/172] feat: Replace default gateway to allow login
The instance creation with internal port attached was causing issues
with login because the default gateway was set to internal network
gateway. This will only allow login via headnode but not the host.
This commit will fix that issue by giving a way to define the gw ip
for default route.
---
.gitlab-ci.yml | 2 ++
1 file changed, 2 insertions(+)
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 5d0c81b..98fb237 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -149,6 +149,7 @@ deploy_http_proxy_node:
cat > user_data.txt <<EOF
#!/bin/bash
echo "$DEV_KEY" >> /root/.ssh/authorized_keys
+ ip route replace default via ${DEFAULT_GATEWAY_IP} dev eth0
git clone ${CI_REPOSITORY_URL} /tmp/${CI_PROJECT_NAME}
cd /tmp/${CI_PROJECT_NAME}
git checkout ${CI_COMMIT_REF_NAME}
@@ -197,6 +198,7 @@ deploy_ssh_proxy_node:
cat > user_data.txt <<EOF
#!/bin/bash
echo "$DEV_KEY" >> /root/.ssh/authorized_keys
+ ip route replace default via ${DEFAULT_GATEWAY_IP} dev eth0
git clone ${CI_REPOSITORY_URL} /tmp/${CI_PROJECT_NAME}
cd /tmp/${CI_PROJECT_NAME}
git checkout ${CI_COMMIT_REF_NAME}
--
GitLab
From 957416cc458b12c557027236e27568c62108782a Mon Sep 17 00:00:00 2001
From: Eesaan Atluri <atlurie@uab.edu>
Date: Thu, 31 Oct 2024 18:22:07 -0400
Subject: [PATCH 048/172] feat: Remove fixed IP assignment
Avoids error that the IP has already been assigned while trying multiple
proxy deploys
---
.gitlab-ci.yml | 2 --
1 file changed, 2 deletions(-)
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 98fb237..65d92bb 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -159,7 +159,6 @@ deploy_http_proxy_node:
- >
export HTTP_PROXY_INSTANCE_PORT=$(openstack port create
-c id -f value --network $INTERNALNET
- --fixed-ip subnet=$INTERNALNET_SN,ip-address=$INTERNALNET_IP
--disable-port-security
${HTTP_PROXY_INSTANCE_NAME}_internal_port)
- >
@@ -208,7 +207,6 @@ deploy_ssh_proxy_node:
- >
export SSH_PROXY_INSTANCE_PORT=$(openstack port create
-c id -f value --network $INTERNALNET
- --fixed-ip subnet=$INTERNALNET_SN,ip-address=$INTERNALNET_IP
--disable-port-security
${SSH_PROXY_INSTANCE_NAME}_internal_port)
- >
--
GitLab
From 6ebcc501f9d3a50f624a641c694ce2507dc945de Mon Sep 17 00:00:00 2001
From: Krish Moodbidri <krish94@uab.edu>
Date: Fri, 1 Nov 2024 13:02:18 -0500
Subject: [PATCH 049/172] removed dev_key to move var to gitlab pipeline var
---
.gitlab-ci.yml | 1 -
1 file changed, 1 deletion(-)
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index b626cd1..d209cdc 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -23,7 +23,6 @@ variables:
PKR_VAR_networks: '["8cf2f12e-905d-46d9-bc70-b0897c65f75a"]'
GIT_AUTHOR_NAME: "Gitlab runner"
GIT_AUTHOR_EMAIL: "gitlab@runner"
- DEV_KEY: "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBBXBfBmQDq1HK8U0zK6gDF0jyfWChuFYEPiRp1Wgl0XFJU7JoUngqkE/GAic8kCzKW0hPMiweSjmWdKlAapv/dk= krishmoodbidri@krishs-MacBook-Pro-3.local"
INSTANCE_FLAVOR: "m1.medium-ruffner"
HTTP_PROXY_INSTANCE_NAME: "http-proxy"
SSH_PROXY_INSTANCE_NAME: "ssh-proxy"
--
GitLab
From b0403a5f1965c834abb11cdf88fe3e84903d7b97 Mon Sep 17 00:00:00 2001
From: Eesaan Atluri <atlurie@uab.edu>
Date: Mon, 4 Nov 2024 12:20:40 -0600
Subject: [PATCH 050/172] fix: Mount dirs besides adding them to fstab
Otherwise, since we run this role in deploy the dirs won't be mounted
and cause unexpected behavior of applications.
---
ansible/roles/nfs_mounts/tasks/fstab.yml | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/ansible/roles/nfs_mounts/tasks/fstab.yml b/ansible/roles/nfs_mounts/tasks/fstab.yml
index 44c3124..100c042 100644
--- a/ansible/roles/nfs_mounts/tasks/fstab.yml
+++ b/ansible/roles/nfs_mounts/tasks/fstab.yml
@@ -7,12 +7,12 @@
loop:
"{{ mount_points }}"
-- name: Make an entry in the fstab
+- name: Mount the directories
ansible.posix.mount:
src: "master:{{ item }}"
path: "{{ item }}"
opts: rw,sync,hard
- state: present
+ state: mounted
fstype: nfs
loop:
"{{ mount_points }}"
--
GitLab
From 95fb35d749aaeaebbdb7eaf475d96ce59054a515 Mon Sep 17 00:00:00 2001
From: Eesaan Atluri <atlurie@uab.edu>
Date: Mon, 4 Nov 2024 16:26:32 -0600
Subject: [PATCH 051/172] feat: Add a task to template DNS config
---
ansible/group_vars/all | 5 +++++
ansible/roles/cheaha.node/tasks/main.yml | 9 +++++++++
ansible/roles/cheaha.node/templates/resolv.conf.j2 | 4 ++++
3 files changed, 18 insertions(+)
create mode 100644 ansible/roles/cheaha.node/templates/resolv.conf.j2
diff --git a/ansible/group_vars/all b/ansible/group_vars/all
index d1d270f..e95c617 100644
--- a/ansible/group_vars/all
+++ b/ansible/group_vars/all
@@ -17,6 +17,11 @@
# cheaha.node related
hostname_lookup_table:
- "10.141.255.254 master.cm.cluster master localmaster.cm.cluster localmaster ldapserver.cm.cluster ldapserver"
+ domain_search_list:
+ - openstack.internal
+ - cm.cluster
+ nameserver_list:
+ - 10.141.255.254
# ldap_config related
ldap_cert_path: "/etc/openldap/certs"
diff --git a/ansible/roles/cheaha.node/tasks/main.yml b/ansible/roles/cheaha.node/tasks/main.yml
index 12f098d..f5beccc 100644
--- a/ansible/roles/cheaha.node/tasks/main.yml
+++ b/ansible/roles/cheaha.node/tasks/main.yml
@@ -12,6 +12,15 @@
insertbefore: BOF
line: 'append domain-name " cm.cluster rc.uab.edu ib.cluster drac.cluster eth.cluster ib-hdr.cluster";'
+- name: Template resolv.conf
+ ansible.builtin.template:
+ src: resolv.conf.j2
+ dest: /etc/resolv.conf
+ owner: root
+ group: root
+ mode: 0644
+ backup: true
+
- name: Disable SELinux
ansible.posix.selinux:
state: disabled
diff --git a/ansible/roles/cheaha.node/templates/resolv.conf.j2 b/ansible/roles/cheaha.node/templates/resolv.conf.j2
new file mode 100644
index 0000000..be59430
--- /dev/null
+++ b/ansible/roles/cheaha.node/templates/resolv.conf.j2
@@ -0,0 +1,4 @@
+search {{ domain_search_list | join(' ') }}
+{% for name_server in nameserver_list %}
+nameserver {{ name_server }}
+{% endfor %}
--
GitLab
From b9a3ea9fdfbe68bf424ea61fc4d0323781d6c348 Mon Sep 17 00:00:00 2001
From: Eesaan Atluri <atlurie@uab.edu>
Date: Mon, 4 Nov 2024 17:43:36 -0600
Subject: [PATCH 052/172] feat: Add --extra-vars option defined by variable
This will allow you to define the variables during runtime whose values
you may want to override. In this case, we want to override the DNS
config related to nameserver and search domain
---
.gitlab-ci.yml | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 107b611..bcacba9 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -152,7 +152,7 @@ deploy_http_proxy_node:
git clone ${CI_REPOSITORY_URL} /tmp/${CI_PROJECT_NAME}
cd /tmp/${CI_PROJECT_NAME}
git checkout ${CI_COMMIT_REF_NAME}
- ansible-playbook -c local -i 127.0.0.1, ansible/cheaha.yml | tee -a /tmp/ansible.log
+ ansible-playbook -c local -i 127.0.0.1, --extra-vars="$EXTRA_VARS" ansible/cheaha.yml | tee -a /tmp/ansible.log
rm -rf /tmp/${CI_PROJECT_NAME}
EOF
- >
@@ -200,7 +200,7 @@ deploy_ssh_proxy_node:
git clone ${CI_REPOSITORY_URL} /tmp/${CI_PROJECT_NAME}
cd /tmp/${CI_PROJECT_NAME}
git checkout ${CI_COMMIT_REF_NAME}
- ansible-playbook -c local -i 127.0.0.1, ansible/cheaha.yml | tee -a /tmp/ansible.log
+ ansible-playbook -c local -i 127.0.0.1, --extra-vars="$EXTRA_VARS" ansible/cheaha.yml | tee -a /tmp/ansible.log
rm -rf /tmp/${CI_PROJECT_NAME}
EOF
- >
--
GitLab
From 77ccf63b01fff8554658f9fe6510e8d45c6e66f7 Mon Sep 17 00:00:00 2001
From: Eesaan Atluri <atlurie@uab.edu>
Date: Mon, 4 Nov 2024 20:11:48 -0600
Subject: [PATCH 053/172] feat: Rename playbook to cluster.yml
Rename it because cheaha is not the only cluster we deploy against. So
give it a generic name.
---
ansible/cheaha.yml => cluster.yml | 0
1 file changed, 0 insertions(+), 0 deletions(-)
rename ansible/cheaha.yml => cluster.yml (100%)
diff --git a/ansible/cheaha.yml b/cluster.yml
similarity index 100%
rename from ansible/cheaha.yml
rename to cluster.yml
--
GitLab
From 9727aa22292276b6d06305c0d09a818172c14382 Mon Sep 17 00:00:00 2001
From: Bo-Chun Louis Chen <louistw@uab.edu>
Date: Wed, 6 Nov 2024 14:58:36 -0600
Subject: [PATCH 054/172] feat: enable individual build with BUILD_TARGET
---
.gitlab-ci.yml | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index bcacba9..2309e1f 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -118,7 +118,7 @@ build_http_proxy_image:
PROXY_ENABLE_VAR: "enable_ood_proxy"
<<: *build_proxy_image_template
rules:
- - if: $PIPELINE_TARGET == "build" && $BUILD_TARGET
+ - if: $PIPELINE_TARGET == "build" && $BUILD_TARGET == "http-proxy"
when: always
build_ssh_proxy_image:
@@ -132,7 +132,7 @@ build_ssh_proxy_image:
PROXY_ENABLE_VAR: "enable_sshpiper"
<<: *build_proxy_image_template
rules:
- - if: $PIPELINE_TARGET == "build" && $BUILD_TARGET
+ - if: $PIPELINE_TARGET == "build" && $BUILD_TARGET == "ssh-proxy"
when: always
deploy_http_proxy_node:
--
GitLab
From dfc09250ce55745e9a4f08e6008c3e0a09d78475 Mon Sep 17 00:00:00 2001
From: Bo-Chun Louis Chen <louistw@uab.edu>
Date: Wed, 6 Nov 2024 14:59:22 -0600
Subject: [PATCH 055/172] refactor: reuse BUILD_TARGET variable
---
.gitlab-ci.yml | 8 +++-----
1 file changed, 3 insertions(+), 5 deletions(-)
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 2309e1f..3301d40 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -77,13 +77,13 @@ workflow:
- *get_ansible_files
# packer vars for job env
- export PKR_VAR_flavor="${PROXY_BUILD_FLAVOR:-$PKR_VAR_flavor}"
- - export PKR_VAR_build_instance_name="${PROXY_NAME}-${CRI_XCBC_HEAD}"
+ - export PKR_VAR_build_instance_name="${BUILD_TARGET}-${CRI_XCBC_HEAD}"
- export PKR_VAR_image_date_suffix=false
- |
if [ $CI_PIPELINE_SOURCE == 'merge_request_event' ]; then
- export PKR_VAR_image_name="${PROXY_NAME}-PR-${CI_MERGE_REQUEST_IID}"
+ export PKR_VAR_image_name="${BUILD_TARGET}-PR-${CI_MERGE_REQUEST_IID}"
elif [ $CI_PIPELINE_SOURCE == 'schedule' ]; then
- export PKR_VAR_image_name="${PROXY_NAME}-${BUILD_DATE}"
+ export PKR_VAR_image_name="${BUILD_TARGET}-${BUILD_DATE}"
fi
# Ansible var overrides
- |
@@ -114,7 +114,6 @@ build_http_proxy_image:
tags:
- build
variables:
- PROXY_NAME: "http-proxy"
PROXY_ENABLE_VAR: "enable_ood_proxy"
<<: *build_proxy_image_template
rules:
@@ -128,7 +127,6 @@ build_ssh_proxy_image:
tags:
- build
variables:
- PROXY_NAME: "ssh-proxy"
PROXY_ENABLE_VAR: "enable_sshpiper"
<<: *build_proxy_image_template
rules:
--
GitLab
From 95cc85e183d7d2a3c39f0674dcdcab66310994fc Mon Sep 17 00:00:00 2001
From: Eesaan Atluri <atlurie@uab.edu>
Date: Sat, 9 Nov 2024 01:03:02 -0600
Subject: [PATCH 056/172] fix: move cluster.yml to correct location
---
.gitlab-ci.yml | 2 +-
cluster.yml => ansible/cluster.yml | 0
2 files changed, 1 insertion(+), 1 deletion(-)
rename cluster.yml => ansible/cluster.yml (100%)
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 3301d40..ff6bc5c 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -150,7 +150,7 @@ deploy_http_proxy_node:
git clone ${CI_REPOSITORY_URL} /tmp/${CI_PROJECT_NAME}
cd /tmp/${CI_PROJECT_NAME}
git checkout ${CI_COMMIT_REF_NAME}
- ansible-playbook -c local -i 127.0.0.1, --extra-vars="$EXTRA_VARS" ansible/cheaha.yml | tee -a /tmp/ansible.log
+ ansible-playbook -c local -i 127.0.0.1, --extra-vars="$EXTRA_VARS" ansible/cluster.yml | tee -a /tmp/ansible.log
rm -rf /tmp/${CI_PROJECT_NAME}
EOF
- >
diff --git a/cluster.yml b/ansible/cluster.yml
similarity index 100%
rename from cluster.yml
rename to ansible/cluster.yml
--
GitLab
From 318a305ace1b1aa95f28a33a25277be161fce997 Mon Sep 17 00:00:00 2001
From: Eesaan Atluri <atlurie@uab.edu>
Date: Fri, 8 Nov 2024 21:21:39 -0600
Subject: [PATCH 057/172] fix: Remove irrelevant cmds as we move to Alma
---
openstack-proxy/nodeimage.pkr.hcl | 2 --
1 file changed, 2 deletions(-)
diff --git a/openstack-proxy/nodeimage.pkr.hcl b/openstack-proxy/nodeimage.pkr.hcl
index 54967da..af74d59 100644
--- a/openstack-proxy/nodeimage.pkr.hcl
+++ b/openstack-proxy/nodeimage.pkr.hcl
@@ -38,8 +38,6 @@ build {
provisioner "shell" {
inline = [
- "sudo sed -i 's/^mirrorlist/#mirrorlist/g' /etc/yum.repos.d/CentOS-*",
- "sudo sed -i 's|#baseurl=http://mirror.centos.org|baseurl=http://vault.centos.org|g' /etc/yum.repos.d/CentOS-*",
"sudo yum install -y epel-release",
"sudo yum install -y libselinux-python3 python3 tmux vim git bash-completion curl wget unzip",
"sudo python3 -m pip install --upgrade pip",
--
GitLab
From 78639e0f3f1bb496932d37befaf5c4263dc02f86 Mon Sep 17 00:00:00 2001
From: Eesaan Atluri <atlurie@uab.edu>
Date: Fri, 8 Nov 2024 21:27:05 -0600
Subject: [PATCH 058/172] feat: Install pip3 as its not available by default
---
openstack-proxy/nodeimage.pkr.hcl | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/openstack-proxy/nodeimage.pkr.hcl b/openstack-proxy/nodeimage.pkr.hcl
index af74d59..e3629e1 100644
--- a/openstack-proxy/nodeimage.pkr.hcl
+++ b/openstack-proxy/nodeimage.pkr.hcl
@@ -39,7 +39,7 @@ build {
provisioner "shell" {
inline = [
"sudo yum install -y epel-release",
- "sudo yum install -y libselinux-python3 python3 tmux vim git bash-completion curl wget unzip",
+ "sudo yum install -y libselinux-python3 python3 python3-pip tmux vim git bash-completion curl wget unzip",
"sudo python3 -m pip install --upgrade pip",
"sudo pip3 install s3cmd==2.3.0 ansible==4.10.0 python-openstackclient==5.8.0"
]
--
GitLab
From c7d2b924d9463abe272296244c96985373b8eac0 Mon Sep 17 00:00:00 2001
From: Eesaan Atluri <atlurie@uab.edu>
Date: Fri, 8 Nov 2024 23:51:48 -0600
Subject: [PATCH 059/172] feat: Enable CRB repository in almalinux for epel
Many EPEL packages require the CodeReady Builder (CRB) repository
It is recommended that you run /usr/bin/crb enable to enable the
CRB repository.
---
openstack-proxy/nodeimage.pkr.hcl | 1 +
1 file changed, 1 insertion(+)
diff --git a/openstack-proxy/nodeimage.pkr.hcl b/openstack-proxy/nodeimage.pkr.hcl
index e3629e1..fc1a471 100644
--- a/openstack-proxy/nodeimage.pkr.hcl
+++ b/openstack-proxy/nodeimage.pkr.hcl
@@ -39,6 +39,7 @@ build {
provisioner "shell" {
inline = [
"sudo yum install -y epel-release",
+ "sudo dnf config-manager --set-enabled crb",
"sudo yum install -y libselinux-python3 python3 python3-pip tmux vim git bash-completion curl wget unzip",
"sudo python3 -m pip install --upgrade pip",
"sudo pip3 install s3cmd==2.3.0 ansible==4.10.0 python-openstackclient==5.8.0"
--
GitLab
From 499418996875299aad6cedfd2872d1e26f6921be Mon Sep 17 00:00:00 2001
From: Eesaan Atluri <atlurie@uab.edu>
Date: Sat, 9 Nov 2024 01:27:02 -0600
Subject: [PATCH 060/172] refactor: Remove irrrelevant role as we move to Alma
---
ansible/cluster.yml | 1 -
1 file changed, 1 deletion(-)
diff --git a/ansible/cluster.yml b/ansible/cluster.yml
index 910268e..ef6c952 100644
--- a/ansible/cluster.yml
+++ b/ansible/cluster.yml
@@ -3,7 +3,6 @@
hosts: all
become: true
roles:
- - { name: 'fix_centos_repo', tags: 'fix_centos_repo' }
- { name: 'cheaha.node', tags: 'cheaha.node' }
- { name: 'nfs_mounts', tags: 'nfs_mounts' }
- { name: 'ldap_config', tags: 'ldap_config' }
--
GitLab
From a99fd3927007dc34439414f0137dd70233813308 Mon Sep 17 00:00:00 2001
From: Bo-Chun Louis Chen <louistw@uab.edu>
Date: Wed, 13 Nov 2024 09:41:51 -0600
Subject: [PATCH 061/172] feat: deploy environment as variable
---
.gitlab-ci.yml | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index ff6bc5c..d2bf24f 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -136,7 +136,7 @@ build_ssh_proxy_image:
deploy_http_proxy_node:
stage: deploy
environment:
- name: staging
+ name: $ENV
tags:
- build
script:
@@ -184,7 +184,7 @@ deploy_http_proxy_node:
deploy_ssh_proxy_node:
stage: deploy
environment:
- name: staging
+ name: $ENV
tags:
- build
script:
--
GitLab
From 1b062024e336ac40617b52a33a4bd11412371c67 Mon Sep 17 00:00:00 2001
From: Bo-Chun Louis Chen <louistw@uab.edu>
Date: Wed, 13 Nov 2024 16:04:37 -0600
Subject: [PATCH 062/172] fix: create dhclient.conf if not exists
---
ansible/roles/cheaha.node/tasks/main.yml | 2 ++
1 file changed, 2 insertions(+)
diff --git a/ansible/roles/cheaha.node/tasks/main.yml b/ansible/roles/cheaha.node/tasks/main.yml
index f5beccc..c4c9335 100644
--- a/ansible/roles/cheaha.node/tasks/main.yml
+++ b/ansible/roles/cheaha.node/tasks/main.yml
@@ -11,6 +11,8 @@
path: /etc/dhcp/dhclient.conf
insertbefore: BOF
line: 'append domain-name " cm.cluster rc.uab.edu ib.cluster drac.cluster eth.cluster ib-hdr.cluster";'
+ create: true
+ state: present
- name: Template resolv.conf
ansible.builtin.template:
--
GitLab
From 35a69ddb0fb8118deed5d9bf3ae0ad8b1eb8f0aa Mon Sep 17 00:00:00 2001
From: Bo-Chun Louis Chen <louistw@uab.edu>
Date: Thu, 14 Nov 2024 15:12:47 -0600
Subject: [PATCH 063/172] feat: remove auto create floating ip
---
.gitlab-ci.yml | 8 --------
1 file changed, 8 deletions(-)
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index d2bf24f..72218d1 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -169,10 +169,6 @@ deploy_http_proxy_node:
--flavor $INSTANCE_FLAVOR
--wait
$HTTP_PROXY_INSTANCE_NAME)
- - |
- # Create and assign a floating IP to the HTTP Proxy instance
- HTTP_PROXY_FLOATING_IP=$(openstack floating ip create $PKR_VAR_floating_ip_network -f value -c floating_ip_address)
- echo "Created FLOATING_IP: $HTTP_PROXY_FLOATING_IP"
- |
# Associate the floating IP with the HTTP Proxy instance
openstack server add floating ip $HTTP_PROXY_INSTANCE_ID $HTTP_PROXY_FLOATING_IP
@@ -216,10 +212,6 @@ deploy_ssh_proxy_node:
--flavor $INSTANCE_FLAVOR
--wait
$SSH_PROXY_INSTANCE_NAME)
- - |
- # Create and assign a floating IP to the SSH Proxy instance
- SSH_PROXY_FLOATING_IP=$(openstack floating ip create $PKR_VAR_floating_ip_network -f value -c floating_ip_address)
- echo "Created SSH_PROXY_FLOATING_IP: $SSH_PROXY_FLOATING_IP"
- |
# Associate the floating IP with the SSH Proxy instance
openstack server add floating ip $SSH_PROXY_INSTANCE_ID $SSH_PROXY_FLOATING_IP
--
GitLab
From 1049ecd993b53872e6bedac83e927cf17bbe4c9b Mon Sep 17 00:00:00 2001
From: Krish Moodbidri <krish94@uab.edu>
Date: Thu, 14 Nov 2024 15:24:00 -0600
Subject: [PATCH 064/172] feat(ssh_host_keys): add role for managing SSH host
keys
- Ensure the `/tmp/ssh_keys` directory exists.
- Download SSH host keys from S3 and unpack them to `/etc/ssh`.
- Restart the SSH service to apply the new keys.
- Add necessary variables for S3 and AWS credentials in `groupvars/all`.
- Include `ssh_host_keys` role in `cluster.yml` playbook.
---
ansible/cluster.yml | 1 +
ansible/group_vars/all | 9 ++++++
ansible/roles/ssh_host_keys/tasks/main.yml | 33 ++++++++++++++++++++++
3 files changed, 43 insertions(+)
create mode 100644 ansible/roles/ssh_host_keys/tasks/main.yml
diff --git a/ansible/cluster.yml b/ansible/cluster.yml
index ef6c952..3197a11 100644
--- a/ansible/cluster.yml
+++ b/ansible/cluster.yml
@@ -7,3 +7,4 @@
- { name: 'nfs_mounts', tags: 'nfs_mounts' }
- { name: 'ldap_config', tags: 'ldap_config' }
- { name: 'slurm_client', tags: 'slurm_client', when: enable_slurm_client }
+ - { name: 'ssh_host_keys', tags: 'ssh_host_keys' }
diff --git a/ansible/group_vars/all b/ansible/group_vars/all
index e95c617..f1b531b 100644
--- a/ansible/group_vars/all
+++ b/ansible/group_vars/all
@@ -33,3 +33,12 @@
- /gpfs4
- /gpfs5
+#SSH Host Keys
+ s3_endpoint: ""
+ ssh_host_keys_s3_bucket: ""
+ ssh_host_keys_s3_object: ""
+
+# AWS credentials
+ lts_access_key: ""
+ lts_secret_key: ""
+
diff --git a/ansible/roles/ssh_host_keys/tasks/main.yml b/ansible/roles/ssh_host_keys/tasks/main.yml
new file mode 100644
index 0000000..cec0cb1
--- /dev/null
+++ b/ansible/roles/ssh_host_keys/tasks/main.yml
@@ -0,0 +1,33 @@
+---
+- name: Ensure destination directory exists only if not present
+ file:
+ path: /tmp/ssh_keys
+ state: directory
+ mode: '0755'
+ args:
+ creates: /tmp/ssh_keys
+
+- name: Download SSH host keys tar.gz from S3
+ aws_s3:
+ mode: get
+ s3_url: "{{ s3_endpoint }}"
+ bucket: "{{ ssh_host_keys_s3_bucket }}"
+ object: "{{ ssh_host_keys_s3_object }}"
+ dest: "/tmp/ssh_keys/{{ ssh_host_keys_s3_object }}"
+ aws_access_key: "{{ lts_access_key }}"
+ aws_secret_key: "{{ lts_secret_key }}"
+ vars:
+ ansible_python_interpreter: /usr/bin/python3
+
+- name: Unpack SSH host keys to /etc/ssh
+ unarchive:
+ src: "/tmp/ssh_keys/{{ ssh_host_keys_s3_object }}"
+ dest: "/etc/ssh"
+ remote_src: yes
+ become: true
+
+- name: Restart SSH service
+ ansible.builtin.service:
+ name: sshd
+ state: restarted
+ become: true
\ No newline at end of file
--
GitLab
From 3e3aa063ba4912bca06187b4e3f61e845946ba0b Mon Sep 17 00:00:00 2001
From: Bo-Chun Louis Chen <louistw@uab.edu>
Date: Thu, 14 Nov 2024 16:20:54 -0600
Subject: [PATCH 065/172] feat: remove auto create internal net port
---
.gitlab-ci.yml | 52 ++++++++++++++++++++------------------------------
1 file changed, 21 insertions(+), 31 deletions(-)
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 72218d1..993cc48 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -153,22 +153,17 @@ deploy_http_proxy_node:
ansible-playbook -c local -i 127.0.0.1, --extra-vars="$EXTRA_VARS" ansible/cluster.yml | tee -a /tmp/ansible.log
rm -rf /tmp/${CI_PROJECT_NAME}
EOF
- - >
- export HTTP_PROXY_INSTANCE_PORT=$(openstack port create
- -c id -f value --network $INTERNALNET
- --disable-port-security
- ${HTTP_PROXY_INSTANCE_NAME}_internal_port)
- - >
- export HTTP_PROXY_INSTANCE_ID=$(openstack server create
- -c id -f value --image $HTTP_PROXY_IMAGE_ID
- --network $PROXY_NETWORK
- --port $HTTP_PROXY_INSTANCE_PORT
- --security-group webserver_sec_group
- --security-group allow-ssh
- --user-data user_data.txt
- --flavor $INSTANCE_FLAVOR
- --wait
- $HTTP_PROXY_INSTANCE_NAME)
+ - |
+ export cmd="openstack server create"
+ cmd+=" -c id -f value --image $HTTP_PROXY_IMAGE_ID"
+ cmd+=" --flavor $INSTANCE_FLAVOR"
+ cmd+=" --network $PROXY_NETWORK"
+ cmd+=" --security-group webserver_sec_group"
+ cmd+=" --security-group allow-ssh"
+ cmd+=" --user-data user_data.txt"
+ if [ -n $HTTP_PROXY_PORT ];then cmd+=" --port $HTTP_PROXY_PORT" fi
+ cmd+=" --wait $HTTP_PROXY_INSTANCE_NAME"
+ - export HTTP_PROXY_INSTANCE_ID=$(bash -c "$cmd")
- |
# Associate the floating IP with the HTTP Proxy instance
openstack server add floating ip $HTTP_PROXY_INSTANCE_ID $HTTP_PROXY_FLOATING_IP
@@ -197,21 +192,16 @@ deploy_ssh_proxy_node:
ansible-playbook -c local -i 127.0.0.1, --extra-vars="$EXTRA_VARS" ansible/cheaha.yml | tee -a /tmp/ansible.log
rm -rf /tmp/${CI_PROJECT_NAME}
EOF
- - >
- export SSH_PROXY_INSTANCE_PORT=$(openstack port create
- -c id -f value --network $INTERNALNET
- --disable-port-security
- ${SSH_PROXY_INSTANCE_NAME}_internal_port)
- - >
- export SSH_PROXY_INSTANCE_ID=$(openstack server create
- -c id -f value --image $SSH_PROXY_IMAGE_ID
- --network $PROXY_NETWORK
- --port $SSH_PROXY_INSTANCE_PORT
- --security-group allow-ssh
- --user-data user_data.txt
- --flavor $INSTANCE_FLAVOR
- --wait
- $SSH_PROXY_INSTANCE_NAME)
+ - |
+ export cmd="openstack server create"
+ cmd+=" -c id -f value --image $SSH_PROXY_IMAGE_ID"
+ cmd+=" --flavor $INSTANCE_FLAVOR"
+ cmd+=" --network $PROXY_NETWORK"
+ cmd+=" --security-group allow-ssh"
+ cmd+=" --user-data user_data.txt"
+ if [ -n $SSH_PROXY_PORT ];then cmd+=" --port $SSH_PROXY_PORT" fi
+ cmd+=" --wait $SSH_PROXY_INSTANCE_NAME"
+ - export SSH_PROXY_INSTANCE_ID=$(bash -c "$cmd")
- |
# Associate the floating IP with the SSH Proxy instance
openstack server add floating ip $SSH_PROXY_INSTANCE_ID $SSH_PROXY_FLOATING_IP
--
GitLab
From d10875b8e5078254924b91a820e0e434b0cc6fcb Mon Sep 17 00:00:00 2001
From: Bo-Chun Louis Chen <louistw@uab.edu>
Date: Thu, 14 Nov 2024 18:43:08 -0600
Subject: [PATCH 066/172] fix: add missing semicolon
---
.gitlab-ci.yml | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 993cc48..4aaf749 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -161,7 +161,7 @@ deploy_http_proxy_node:
cmd+=" --security-group webserver_sec_group"
cmd+=" --security-group allow-ssh"
cmd+=" --user-data user_data.txt"
- if [ -n $HTTP_PROXY_PORT ];then cmd+=" --port $HTTP_PROXY_PORT" fi
+ if [ -n $HTTP_PROXY_PORT ];then cmd+=" --port $HTTP_PROXY_PORT"; fi
cmd+=" --wait $HTTP_PROXY_INSTANCE_NAME"
- export HTTP_PROXY_INSTANCE_ID=$(bash -c "$cmd")
- |
@@ -199,7 +199,7 @@ deploy_ssh_proxy_node:
cmd+=" --network $PROXY_NETWORK"
cmd+=" --security-group allow-ssh"
cmd+=" --user-data user_data.txt"
- if [ -n $SSH_PROXY_PORT ];then cmd+=" --port $SSH_PROXY_PORT" fi
+ if [ -n $SSH_PROXY_PORT ];then cmd+=" --port $SSH_PROXY_PORT"; fi
cmd+=" --wait $SSH_PROXY_INSTANCE_NAME"
- export SSH_PROXY_INSTANCE_ID=$(bash -c "$cmd")
- |
--
GitLab
From 1160137d907f1097260cffcf1d91fe3aadc5db97 Mon Sep 17 00:00:00 2001
From: Bo-Chun Louis Chen <louistw@uab.edu>
Date: Thu, 14 Nov 2024 19:25:20 -0600
Subject: [PATCH 067/172] fix: add missing quote around variable
---
.gitlab-ci.yml | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 4aaf749..157a200 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -161,7 +161,7 @@ deploy_http_proxy_node:
cmd+=" --security-group webserver_sec_group"
cmd+=" --security-group allow-ssh"
cmd+=" --user-data user_data.txt"
- if [ -n $HTTP_PROXY_PORT ];then cmd+=" --port $HTTP_PROXY_PORT"; fi
+ if [ -n "$HTTP_PROXY_PORT" ];then cmd+=" --port $HTTP_PROXY_PORT"; fi
cmd+=" --wait $HTTP_PROXY_INSTANCE_NAME"
- export HTTP_PROXY_INSTANCE_ID=$(bash -c "$cmd")
- |
@@ -199,7 +199,7 @@ deploy_ssh_proxy_node:
cmd+=" --network $PROXY_NETWORK"
cmd+=" --security-group allow-ssh"
cmd+=" --user-data user_data.txt"
- if [ -n $SSH_PROXY_PORT ];then cmd+=" --port $SSH_PROXY_PORT"; fi
+ if [ -n "$SSH_PROXY_PORT" ];then cmd+=" --port $SSH_PROXY_PORT"; fi
cmd+=" --wait $SSH_PROXY_INSTANCE_NAME"
- export SSH_PROXY_INSTANCE_ID=$(bash -c "$cmd")
- |
--
GitLab
From db3e4cf2eb3caa9fd55da87b12d3bf23692a52a2 Mon Sep 17 00:00:00 2001
From: Bo-Chun Louis Chen <louistw@uab.edu>
Date: Thu, 14 Nov 2024 20:08:05 -0600
Subject: [PATCH 068/172] fix: change variable for enable proxy build
---
.gitlab-ci.yml | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index d2bf24f..0d879fa 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -114,7 +114,7 @@ build_http_proxy_image:
tags:
- build
variables:
- PROXY_ENABLE_VAR: "enable_ood_proxy"
+ PROXY_ENABLE_VAR: "enable_http_proxy"
<<: *build_proxy_image_template
rules:
- if: $PIPELINE_TARGET == "build" && $BUILD_TARGET == "http-proxy"
@@ -127,7 +127,7 @@ build_ssh_proxy_image:
tags:
- build
variables:
- PROXY_ENABLE_VAR: "enable_sshpiper"
+ PROXY_ENABLE_VAR: "enable_ssh_proxy"
<<: *build_proxy_image_template
rules:
- if: $PIPELINE_TARGET == "build" && $BUILD_TARGET == "ssh-proxy"
--
GitLab
From 1e56b08603993d1721430024002ada4f651d41bb Mon Sep 17 00:00:00 2001
From: Bo-Chun Louis Chen <louistw@uab.edu>
Date: Fri, 15 Nov 2024 11:53:39 -0600
Subject: [PATCH 069/172] fix: update cluster hook playbook name
---
.gitlab-ci.yml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 0d879fa..f2a62ee 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -198,7 +198,7 @@ deploy_ssh_proxy_node:
git clone ${CI_REPOSITORY_URL} /tmp/${CI_PROJECT_NAME}
cd /tmp/${CI_PROJECT_NAME}
git checkout ${CI_COMMIT_REF_NAME}
- ansible-playbook -c local -i 127.0.0.1, --extra-vars="$EXTRA_VARS" ansible/cheaha.yml | tee -a /tmp/ansible.log
+ ansible-playbook -c local -i 127.0.0.1, --extra-vars="$EXTRA_VARS" ansible/cluster.yml | tee -a /tmp/ansible.log
rm -rf /tmp/${CI_PROJECT_NAME}
EOF
- >
--
GitLab
From ca6753c06a3a327cd499283d8f2e7399c344d064 Mon Sep 17 00:00:00 2001
From: Krish Moodbidri <krish94@uab.edu>
Date: Fri, 15 Nov 2024 12:07:28 -0600
Subject: [PATCH 070/172] change variable names to uppercase for consistency
---
ansible/group_vars/all | 11 +++++------
ansible/roles/ssh_host_keys/tasks/main.yml | 16 ++++++++--------
2 files changed, 13 insertions(+), 14 deletions(-)
diff --git a/ansible/group_vars/all b/ansible/group_vars/all
index f1b531b..59f6612 100644
--- a/ansible/group_vars/all
+++ b/ansible/group_vars/all
@@ -34,11 +34,10 @@
- /gpfs5
#SSH Host Keys
- s3_endpoint: ""
- ssh_host_keys_s3_bucket: ""
- ssh_host_keys_s3_object: ""
+ S3_ENDPOINT: ""
+ SSH_HOST_KEYS_S3_BUCKET: ""
+ SSH_HOST_KEYS_S3_OBJECT: ""
# AWS credentials
- lts_access_key: ""
- lts_secret_key: ""
-
+ LTS_ACCESS_KEY: ""
+ LTS_SECRET_KEY: ""
diff --git a/ansible/roles/ssh_host_keys/tasks/main.yml b/ansible/roles/ssh_host_keys/tasks/main.yml
index cec0cb1..aed8c62 100644
--- a/ansible/roles/ssh_host_keys/tasks/main.yml
+++ b/ansible/roles/ssh_host_keys/tasks/main.yml
@@ -10,18 +10,18 @@
- name: Download SSH host keys tar.gz from S3
aws_s3:
mode: get
- s3_url: "{{ s3_endpoint }}"
- bucket: "{{ ssh_host_keys_s3_bucket }}"
- object: "{{ ssh_host_keys_s3_object }}"
- dest: "/tmp/ssh_keys/{{ ssh_host_keys_s3_object }}"
- aws_access_key: "{{ lts_access_key }}"
- aws_secret_key: "{{ lts_secret_key }}"
+ s3_url: "{{ S3_ENDPOINT }}"
+ bucket: "{{ SSH_HOST_KEYS_S3_BUCKET }}"
+ object: "{{ SSH_HOST_KEYS_S3_OBJECT }}"
+ dest: "/tmp/ssh_keys/{{ SSH_HOST_KEYS_S3_OBJECT }}"
+ aws_access_key: "{{ LTS_ACCESS_KEY }}"
+ aws_secret_key: "{{ LTS_SECRET_KEY }}"
vars:
ansible_python_interpreter: /usr/bin/python3
- name: Unpack SSH host keys to /etc/ssh
unarchive:
- src: "/tmp/ssh_keys/{{ ssh_host_keys_s3_object }}"
+ src: "/tmp/ssh_keys/{{ SSH_HOST_KEYS_S3_OBJECT }}"
dest: "/etc/ssh"
remote_src: yes
become: true
@@ -30,4 +30,4 @@
ansible.builtin.service:
name: sshd
state: restarted
- become: true
\ No newline at end of file
+ become: true
--
GitLab
From 692379cbd1d1e56c78e9ab15c565abf9b568361c Mon Sep 17 00:00:00 2001
From: Bo-Chun Louis Chen <louistw@uab.edu>
Date: Fri, 15 Nov 2024 13:06:00 -0600
Subject: [PATCH 071/172] feat: dynamic create hosts inventory file
---
.gitlab-ci.yml | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 315d483..b51e4eb 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -189,7 +189,11 @@ deploy_ssh_proxy_node:
git clone ${CI_REPOSITORY_URL} /tmp/${CI_PROJECT_NAME}
cd /tmp/${CI_PROJECT_NAME}
git checkout ${CI_COMMIT_REF_NAME}
- ansible-playbook -c local -i 127.0.0.1, --extra-vars="$EXTRA_VARS" ansible/cluster.yml | tee -a /tmp/ansible.log
+ cat >> ansible/hosts<<EEOF
+ [$ENV]
+ 127.0.0.1
+ EEOF
+ ansible-playbook -c local -i ansible/hosts --extra-vars="$EXTRA_VARS" ansible/cluster.yml | tee -a /tmp/ansible.log
rm -rf /tmp/${CI_PROJECT_NAME}
EOF
- |
--
GitLab
From fd4a29078a66c5d11becf9ec548ddeb3541539ac Mon Sep 17 00:00:00 2001
From: Bo-Chun Chen <louistw@uab.edu>
Date: Fri, 15 Nov 2024 13:54:54 -0600
Subject: [PATCH 072/172] fix: remove incorrect args
---
ansible/roles/ssh_host_keys/tasks/main.yml | 2 --
1 file changed, 2 deletions(-)
diff --git a/ansible/roles/ssh_host_keys/tasks/main.yml b/ansible/roles/ssh_host_keys/tasks/main.yml
index aed8c62..b163bc7 100644
--- a/ansible/roles/ssh_host_keys/tasks/main.yml
+++ b/ansible/roles/ssh_host_keys/tasks/main.yml
@@ -4,8 +4,6 @@
path: /tmp/ssh_keys
state: directory
mode: '0755'
- args:
- creates: /tmp/ssh_keys
- name: Download SSH host keys tar.gz from S3
aws_s3:
--
GitLab
From 483f2975663e681d39c030dd5b616eb108122774 Mon Sep 17 00:00:00 2001
From: Bo-Chun Louis Chen <louistw@uab.edu>
Date: Fri, 15 Nov 2024 14:44:00 -0600
Subject: [PATCH 073/172] fix: install boto3
---
ansible/roles/ssh_host_keys/tasks/main.yml | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/ansible/roles/ssh_host_keys/tasks/main.yml b/ansible/roles/ssh_host_keys/tasks/main.yml
index b163bc7..0a9632e 100644
--- a/ansible/roles/ssh_host_keys/tasks/main.yml
+++ b/ansible/roles/ssh_host_keys/tasks/main.yml
@@ -5,6 +5,12 @@
state: directory
mode: '0755'
+- name: Install require package
+ ansible.builtin.pip:
+ name: boto3
+ extra_args: "--extra-index-url https://pypi.python.org/simple"
+ executable: "/usr/bin/pip3"
+
- name: Download SSH host keys tar.gz from S3
aws_s3:
mode: get
--
GitLab
From 3365b04cfa665f11148d9bdc2adf7175cd7ab52a Mon Sep 17 00:00:00 2001
From: Bo-Chun Louis Chen <louistw@uab.edu>
Date: Fri, 15 Nov 2024 16:47:57 -0600
Subject: [PATCH 074/172] fix: disable dns for NetworkManager
---
.gitlab-ci.yml | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 315d483..8f5e55f 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -145,6 +145,11 @@ deploy_http_proxy_node:
- |
cat > user_data.txt <<EOF
#!/bin/bash
+ cat >> /etc/NetworkManager/conf.d/90-dns-none.conf<<EEOF
+ [main]
+ dns=none
+ EEOF
+ systemctl reload NetworkManager
echo "$DEV_KEY" >> /root/.ssh/authorized_keys
ip route replace default via ${DEFAULT_GATEWAY_IP} dev eth0
git clone ${CI_REPOSITORY_URL} /tmp/${CI_PROJECT_NAME}
@@ -184,6 +189,11 @@ deploy_ssh_proxy_node:
- |
cat > user_data.txt <<EOF
#!/bin/bash
+ cat >> /etc/NetworkManager/conf.d/90-dns-none.conf<<EEOF
+ [main]
+ dns=none
+ EEOF
+ systemctl reload NetworkManager
echo "$DEV_KEY" >> /root/.ssh/authorized_keys
ip route replace default via ${DEFAULT_GATEWAY_IP} dev eth0
git clone ${CI_REPOSITORY_URL} /tmp/${CI_PROJECT_NAME}
--
GitLab
From 62eaf4d8813cfb96e54395056d5c658f599b93c6 Mon Sep 17 00:00:00 2001
From: Bo-Chun Louis Chen <louistw@uab.edu>
Date: Fri, 22 Nov 2024 14:55:32 -0600
Subject: [PATCH 075/172] feat: add enable_nfs_mount variable
---
ansible/group_vars/all | 1 +
1 file changed, 1 insertion(+)
diff --git a/ansible/group_vars/all b/ansible/group_vars/all
index 59f6612..93553d5 100644
--- a/ansible/group_vars/all
+++ b/ansible/group_vars/all
@@ -28,6 +28,7 @@
ldap_uri: "ldap://ldapserver"
# nfs_mounts related
+ enable_nfs_mounts: false
use_autofs: false
mount_points:
- /gpfs4
--
GitLab
From 8b59b7646f6a86bc7d8295b60a8a269e980e2569 Mon Sep 17 00:00:00 2001
From: Bo-Chun Louis Chen <louistw@uab.edu>
Date: Fri, 22 Nov 2024 14:57:16 -0600
Subject: [PATCH 076/172] feat: add when condition to nfs mount in cluster hook
---
ansible/cluster.yml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/ansible/cluster.yml b/ansible/cluster.yml
index 3197a11..609d2fa 100644
--- a/ansible/cluster.yml
+++ b/ansible/cluster.yml
@@ -4,7 +4,7 @@
become: true
roles:
- { name: 'cheaha.node', tags: 'cheaha.node' }
- - { name: 'nfs_mounts', tags: 'nfs_mounts' }
+ - { name: 'nfs_mounts', tags: 'nfs_mounts', when: enable_nfs_mounts }
- { name: 'ldap_config', tags: 'ldap_config' }
- { name: 'slurm_client', tags: 'slurm_client', when: enable_slurm_client }
- { name: 'ssh_host_keys', tags: 'ssh_host_keys' }
--
GitLab
From b21010dd5f1304fdc7cb33791a960dbba3e2b399 Mon Sep 17 00:00:00 2001
From: Bo-Chun Louis Chen <louistw@uab.edu>
Date: Fri, 22 Nov 2024 15:00:55 -0600
Subject: [PATCH 077/172] refactor: change default of nfs switch to true
---
ansible/group_vars/all | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/ansible/group_vars/all b/ansible/group_vars/all
index 93553d5..4f9f406 100644
--- a/ansible/group_vars/all
+++ b/ansible/group_vars/all
@@ -28,7 +28,7 @@
ldap_uri: "ldap://ldapserver"
# nfs_mounts related
- enable_nfs_mounts: false
+ enable_nfs_mounts: ture
use_autofs: false
mount_points:
- /gpfs4
--
GitLab
From 6e1633d9d22f920e3e699cc37b0dd96e5da13a47 Mon Sep 17 00:00:00 2001
From: Eesaan Atluri <atlurie@uab.edu>
Date: Fri, 22 Nov 2024 16:15:24 -0500
Subject: [PATCH 078/172] feat: Define group based on var ENV for localhost
---
.gitlab-ci.yml | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index a0b3c43..5ce1f8c 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -155,7 +155,11 @@ deploy_http_proxy_node:
git clone ${CI_REPOSITORY_URL} /tmp/${CI_PROJECT_NAME}
cd /tmp/${CI_PROJECT_NAME}
git checkout ${CI_COMMIT_REF_NAME}
- ansible-playbook -c local -i 127.0.0.1, --extra-vars="$EXTRA_VARS" ansible/cluster.yml | tee -a /tmp/ansible.log
+ cat >> ansible/hosts<<EEOF
+ [$ENV]
+ 127.0.0.1
+ EEOF
+ ansible-playbook -c local -i ansible/hosts --extra-vars="$EXTRA_VARS" ansible/cluster.yml | tee -a /tmp/ansible.log
rm -rf /tmp/${CI_PROJECT_NAME}
EOF
- |
--
GitLab
From 771c2fc387bc5ba74979de7a596c5b21bf23cc5d Mon Sep 17 00:00:00 2001
From: Bo-Chun Louis Chen <louistw@uab.edu>
Date: Fri, 22 Nov 2024 15:23:17 -0600
Subject: [PATCH 079/172] fix: typo
---
ansible/group_vars/all | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/ansible/group_vars/all b/ansible/group_vars/all
index 4f9f406..3e4327a 100644
--- a/ansible/group_vars/all
+++ b/ansible/group_vars/all
@@ -28,7 +28,7 @@
ldap_uri: "ldap://ldapserver"
# nfs_mounts related
- enable_nfs_mounts: ture
+ enable_nfs_mounts: true
use_autofs: false
mount_points:
- /gpfs4
--
GitLab
From f9d73d57d8ea2581082ce177b88bc0e502f21b20 Mon Sep 17 00:00:00 2001
From: Bo-Chun Louis Chen <louistw@uab.edu>
Date: Fri, 22 Nov 2024 15:31:29 -0600
Subject: [PATCH 080/172] feat: update structure of mount_points variable
Now as a dictionary that includes:
- src: mount source
- path: mount path
- opts: mount options
---
ansible/group_vars/all | 4 ++--
ansible/roles/nfs_mounts/tasks/fstab.yml | 8 ++++----
2 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/ansible/group_vars/all b/ansible/group_vars/all
index 59f6612..48c6de8 100644
--- a/ansible/group_vars/all
+++ b/ansible/group_vars/all
@@ -30,8 +30,8 @@
# nfs_mounts related
use_autofs: false
mount_points:
- - /gpfs4
- - /gpfs5
+ - { "src": "master:/gpfs4", "path": "/gpfs4", "opts": "rw,sync,hard" }
+ - { "src": "master:/gpfs5", "path": "/gpfs5", "opts": "rw,sync,hard" }
#SSH Host Keys
S3_ENDPOINT: ""
diff --git a/ansible/roles/nfs_mounts/tasks/fstab.yml b/ansible/roles/nfs_mounts/tasks/fstab.yml
index 100c042..6b1a1d2 100644
--- a/ansible/roles/nfs_mounts/tasks/fstab.yml
+++ b/ansible/roles/nfs_mounts/tasks/fstab.yml
@@ -1,7 +1,7 @@
---
- name: Create base directories
ansible.builtin.file:
- path: "{{ item }}"
+ path: "{{ item.path }}"
state: directory
mode: '0755'
loop:
@@ -9,9 +9,9 @@
- name: Mount the directories
ansible.posix.mount:
- src: "master:{{ item }}"
- path: "{{ item }}"
- opts: rw,sync,hard
+ src: "{{ item.src }}"
+ path: "{{ item.path }}"
+ opts: "{{ item.opts }}"
state: mounted
fstype: nfs
loop:
--
GitLab
From a1fa74e93d5ecf80b4c927c1c19825b3258b0616 Mon Sep 17 00:00:00 2001
From: Bo-Chun Louis Chen <louistw@uab.edu>
Date: Fri, 22 Nov 2024 15:54:55 -0600
Subject: [PATCH 081/172] feat: make the nfs mount default to ro
---
ansible/group_vars/all | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/ansible/group_vars/all b/ansible/group_vars/all
index 48c6de8..d11412d 100644
--- a/ansible/group_vars/all
+++ b/ansible/group_vars/all
@@ -30,8 +30,8 @@
# nfs_mounts related
use_autofs: false
mount_points:
- - { "src": "master:/gpfs4", "path": "/gpfs4", "opts": "rw,sync,hard" }
- - { "src": "master:/gpfs5", "path": "/gpfs5", "opts": "rw,sync,hard" }
+ - { "src": "master:/gpfs4", "path": "/gpfs4", "opts": "ro,sync,hard" }
+ - { "src": "master:/gpfs5", "path": "/gpfs5", "opts": "ro,sync,hard" }
#SSH Host Keys
S3_ENDPOINT: ""
--
GitLab
From 929e9d2db64e99b97bab4217819204c118af9579 Mon Sep 17 00:00:00 2001
From: Bo-Chun Louis Chen <louistw@uab.edu>
Date: Fri, 22 Nov 2024 15:56:42 -0600
Subject: [PATCH 082/172] feat: add mode in variable
---
ansible/group_vars/all | 4 ++--
ansible/roles/nfs_mounts/tasks/fstab.yml | 2 +-
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/ansible/group_vars/all b/ansible/group_vars/all
index d11412d..a1356bb 100644
--- a/ansible/group_vars/all
+++ b/ansible/group_vars/all
@@ -30,8 +30,8 @@
# nfs_mounts related
use_autofs: false
mount_points:
- - { "src": "master:/gpfs4", "path": "/gpfs4", "opts": "ro,sync,hard" }
- - { "src": "master:/gpfs5", "path": "/gpfs5", "opts": "ro,sync,hard" }
+ - { "src": "master:/gpfs4", "path": "/gpfs4", "opts": "ro,sync,hard", "mode": "0755" }
+ - { "src": "master:/gpfs5", "path": "/gpfs5", "opts": "ro,sync,hard", "mode": "0755" }
#SSH Host Keys
S3_ENDPOINT: ""
diff --git a/ansible/roles/nfs_mounts/tasks/fstab.yml b/ansible/roles/nfs_mounts/tasks/fstab.yml
index 6b1a1d2..abfa827 100644
--- a/ansible/roles/nfs_mounts/tasks/fstab.yml
+++ b/ansible/roles/nfs_mounts/tasks/fstab.yml
@@ -3,7 +3,7 @@
ansible.builtin.file:
path: "{{ item.path }}"
state: directory
- mode: '0755'
+ mode: "{{ item.mode }}"
loop:
"{{ mount_points }}"
--
GitLab
From b1801275c5335ca2e39a943acd26b3a937eea370 Mon Sep 17 00:00:00 2001
From: Eesaan Atluri <atlurie@uab.edu>
Date: Fri, 22 Nov 2024 17:05:48 -0500
Subject: [PATCH 083/172] feat: Assign multiple Floating IPs when needed
Define Floating IPs as a list so that we can assign multiple
whenever needed like in prod
---
.gitlab-ci.yml | 18 ++++++++++++------
1 file changed, 12 insertions(+), 6 deletions(-)
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 5ce1f8c..2021b76 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -174,9 +174,12 @@ deploy_http_proxy_node:
cmd+=" --wait $HTTP_PROXY_INSTANCE_NAME"
- export HTTP_PROXY_INSTANCE_ID=$(bash -c "$cmd")
- |
- # Associate the floating IP with the HTTP Proxy instance
- openstack server add floating ip $HTTP_PROXY_INSTANCE_ID $HTTP_PROXY_FLOATING_IP
- echo "Associated FLOATING_IP $HTTP_PROXY_FLOATING_IP with HTTP_PROXY_INSTANCE_ID $HTTP_PROXY_INSTANCE_ID"
+ # Associate the floating IP(s) with the HTTP Proxy instance
+ for HTTP_PROXY_FLOATING_IP in ${HTTP_PROXY_FLOATING_IP_LIST[@]};
+ do
+ openstack server add floating ip $HTTP_PROXY_INSTANCE_ID $HTTP_PROXY_FLOATING_IP
+ echo "Associated FLOATING_IP $HTTP_PROXY_FLOATING_IP with HTTP_PROXY_INSTANCE_ID $HTTP_PROXY_INSTANCE_ID"
+ done
rules:
- if: $PIPELINE_TARGET == "deploy" && $HTTP_PROXY_IMAGE_ID
when: always
@@ -221,9 +224,12 @@ deploy_ssh_proxy_node:
cmd+=" --wait $SSH_PROXY_INSTANCE_NAME"
- export SSH_PROXY_INSTANCE_ID=$(bash -c "$cmd")
- |
- # Associate the floating IP with the SSH Proxy instance
- openstack server add floating ip $SSH_PROXY_INSTANCE_ID $SSH_PROXY_FLOATING_IP
- echo "Associated FLOATING_IP $SSH_PROXY_FLOATING_IP with SSH_PROXY_INSTANCE_ID $SSH_PROXY_INSTANCE_ID"
+ # Associate the floating IP(s) with the SSH Proxy instance
+ for SSH_PROXY_FLOATING_IP in ${SSH_PROXY_FLOATING_IP_LIST[@]};
+ do
+ openstack server add floating ip $SSH_PROXY_INSTANCE_ID $SSH_PROXY_FLOATING_IP
+ echo "Associated FLOATING_IP $SSH_PROXY_FLOATING_IP with SSH_PROXY_INSTANCE_ID $SSH_PROXY_INSTANCE_ID"
+ done
rules:
- if: $PIPELINE_TARGET == "deploy" && $SSH_PROXY_IMAGE_ID
when: always
--
GitLab
From 60780aca79907fedead02122a37398fe4dea4c0d Mon Sep 17 00:00:00 2001
From: Eesaan Atluri <atlurie@uab.edu>
Date: Sun, 24 Nov 2024 17:09:54 -0500
Subject: [PATCH 084/172] feat: Add search domains and nameserver for prod
---
ansible/group_vars/prod | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/ansible/group_vars/prod b/ansible/group_vars/prod
index ee662aa..7c7964e 100644
--- a/ansible/group_vars/prod
+++ b/ansible/group_vars/prod
@@ -1,8 +1,18 @@
---
+ # cheaha.node related
hostname_lookup_table:
- "172.20.0.24 cheaha-master02.cm.cluster cheaha-master02"
- "172.20.0.22 cheaha-master01.cm.cluster cheaha-master01"
- "172.20.0.25 master.cm.cluster master localmaster.cm.cluster localmaster ldapserver.cm.cluster ldapserver"
+ domain_search_list:
+ - cm.cluster
+ - rc.uab.edu
+ - ib.cluster
+ - drac.cluster
+ - eth.cluster
+ - ib-hdr.cluster
+ nameserver_list:
+ - 172.20.0.25
bright_openldap_path: "/cm/local/apps/openldap"
ldap_cert_path: "{{bright_openldap_path}}/etc/certs"
--
GitLab
From 2a014fd001bf5d06bc211a0bb5a40bfa77c4d193 Mon Sep 17 00:00:00 2001
From: Eesaan Atluri <atlurie@uab.edu>
Date: Fri, 8 Nov 2024 16:13:59 -0600
Subject: [PATCH 085/172] feat: Define src and target repos using vars
This will enable us to define the upstream and downstream repos hosted
external to gitlab (For eg. Github)
---
.gitlab-ci.yml | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 5ce1f8c..d5a4b3e 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -44,9 +44,9 @@ workflow:
- *get_build_date
- |
if [ ! -d $CI_PROJECT_DIR/CRI_XCBC ]; then
- git clone https://github.com/uabrc/CRI_XCBC.git
cd CRI_XCBC
- git remote add upstream https://github.com/jprorama/CRI_XCBC.git
+ git clone ${EXT_PR_TARGET_REPO} ${EXT_REPO_DIR}
+ git remote add upstream ${EXT_PR_SRC_REPO}
cd ..
fi
- cd CRI_XCBC
--
GitLab
From 02586d385ed48a057e74a4170008b641f17d6bd9 Mon Sep 17 00:00:00 2001
From: Eesaan Atluri <atlurie@uab.edu>
Date: Fri, 8 Nov 2024 16:20:30 -0600
Subject: [PATCH 086/172] feat: Define src and target branch using vars
This will let you define the branch name for the PR you want to test
from the src repo and target branch to merge into, in the target repo
---
.gitlab-ci.yml | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index d5a4b3e..10c64ca 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -52,15 +52,15 @@ workflow:
- cd CRI_XCBC
- git config user.name "${GIT_AUTHOR_NAME}"
- git config user.email "${GIT_AUTHOR_EMAIL}"
- - git fetch origin uab-prod
- - git fetch upstream dev
- - git checkout uab-prod
- - git merge origin/uab-prod
+ - git checkout ${EXT_PR_TARGET_BRANCH}
+ - git fetch origin ${EXT_PR_TARGET_BRANCH}
+ - git merge origin/${EXT_PR_TARGET_BRANCH}
- git checkout -b integration
- - git merge upstream/dev
- export CRI_XCBC_HEAD=$(git rev-parse --short HEAD)
- export CRI_XCBC_dev=$(git rev-parse --short upstream/dev)
- export CRI_XCBC_prod=$(git rev-parse --short origin/uab-prod)
+ - git fetch upstream ${EXT_PR_SRC_BRANCH}
+ - git merge upstream/${EXT_PR_SRC_BRANCH}
- cd ..
- export PACKER_IMAGE_HEAD=$(git rev-parse --short HEAD)
- echo CRI_XCBC_HEAD=${CRI_XCBC_HEAD} | tee -a $CI_PROJECT_DIR/image.env
--
GitLab
From d26d7f41ebf25a7fc065d6b5c35ebac57709103d Mon Sep 17 00:00:00 2001
From: Eesaan Atluri <atlurie@uab.edu>
Date: Fri, 8 Nov 2024 16:40:14 -0600
Subject: [PATCH 087/172] feat: Define external repo dir using var
Parse the target dir where the external repo will be cloned, from the
value of EXT_REPO_DIR var. Use this var to replace all instances where
the repo name is hardcoded.
---
.gitlab-ci.yml | 21 +++++++++++----------
1 file changed, 11 insertions(+), 10 deletions(-)
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 10c64ca..83275a8 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -43,13 +43,14 @@ workflow:
.update_ansible_repo: &update_ansible_repo
- *get_build_date
- |
- if [ ! -d $CI_PROJECT_DIR/CRI_XCBC ]; then
- cd CRI_XCBC
+ export EXT_REPO_DIR=$(basename -s .git $EXT_PR_TARGET_REPO)
+ if [ ! -d $CI_PROJECT_DIR/$EXT_REPO_DIR ]; then
git clone ${EXT_PR_TARGET_REPO} ${EXT_REPO_DIR}
+ cd ${EXT_REPO_DIR}
git remote add upstream ${EXT_PR_SRC_REPO}
cd ..
fi
- - cd CRI_XCBC
+ - cd ${EXT_REPO_DIR}
- git config user.name "${GIT_AUTHOR_NAME}"
- git config user.email "${GIT_AUTHOR_EMAIL}"
- git checkout ${EXT_PR_TARGET_BRANCH}
@@ -88,14 +89,14 @@ workflow:
# Ansible var overrides
- |
if [ -n "${PROXY_ENABLE_VAR}" ]; then
- sed -i -E "s/(${PROXY_ENABLE_VAR}: ).*/\1true/" CRI_XCBC/group_vars/all
+ sed -i -E "s/(${PROXY_ENABLE_VAR}: ).*/\1true/" $EXT_REPO_DIR/group_vars/all
fi
- - 'sed -i -E "s|(s3_endpoint: ).*|\1\"${S3_ENDPOINT}\"|" CRI_XCBC/group_vars/all'
- - 'sed -i -E "s/(lts_access_key: ).*/\1\"${AWS_ACCESS_KEY_ID}\"/" CRI_XCBC/group_vars/all'
- - 'sed -i -E "s/(lts_secret_key: ).*/\1\"${AWS_SECRET_ACCESS_KEY}\"/" CRI_XCBC/group_vars/all'
- - 'sed -i -E "s/(s3_shibboleth_bucket_name: ).*/\1\"${S3_SHIBBOLETH_BUCKET_NAME}\"/" CRI_XCBC/group_vars/all'
- - 'sed -i -E "s/(s3_shibboleth_object_name: ).*/\1\"${S3_SHIBBOLETH_OBJECT_NAME}\"/" CRI_XCBC/group_vars/all'
- - 'sed -i -E "s|(ssh_pub_key: ).*|\1\"{{ lookup(''file'', ''${SSH_PUB_KEY}'') }}\"|" CRI_XCBC/group_vars/all'
+ - 'sed -i -E "s|(s3_endpoint: ).*|\1\"${S3_ENDPOINT}\"|" $EXT_REPO_DIR/group_vars/all'
+ - 'sed -i -E "s/(lts_access_key: ).*/\1\"${AWS_ACCESS_KEY_ID}\"/" $EXT_REPO_DIR/group_vars/all'
+ - 'sed -i -E "s/(lts_secret_key: ).*/\1\"${AWS_SECRET_ACCESS_KEY}\"/" $EXT_REPO_DIR/group_vars/all'
+ - 'sed -i -E "s/(s3_shibboleth_bucket_name: ).*/\1\"${S3_SHIBBOLETH_BUCKET_NAME}\"/" $EXT_REPO_DIR/group_vars/all'
+ - 'sed -i -E "s/(s3_shibboleth_object_name: ).*/\1\"${S3_SHIBBOLETH_OBJECT_NAME}\"/" $EXT_REPO_DIR/group_vars/all'
+ - 'sed -i -E "s|(ssh_pub_key: ).*|\1\"{{ lookup(''file'', ''${SSH_PUB_KEY}'') }}\"|" $EXT_REPO_DIR/group_vars/all'
# packer commands
- packer init openstack-proxy
- packer validate openstack-proxy
--
GitLab
From ef66954060c8e66b1582a121e5e6abf880e70828 Mon Sep 17 00:00:00 2001
From: Eesaan Atluri <atlurie@uab.edu>
Date: Fri, 8 Nov 2024 16:42:50 -0600
Subject: [PATCH 088/172] feat: Add comment to describe var exports
---
.gitlab-ci.yml | 1 +
1 file changed, 1 insertion(+)
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 83275a8..4a266d6 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -62,6 +62,7 @@ workflow:
- export CRI_XCBC_prod=$(git rev-parse --short origin/uab-prod)
- git fetch upstream ${EXT_PR_SRC_BRANCH}
- git merge upstream/${EXT_PR_SRC_BRANCH}
+ # export vars into job artifacts
- cd ..
- export PACKER_IMAGE_HEAD=$(git rev-parse --short HEAD)
- echo CRI_XCBC_HEAD=${CRI_XCBC_HEAD} | tee -a $CI_PROJECT_DIR/image.env
--
GitLab
From 0d3bc3946ad7992716a1f5b1fa97ba3509571c04 Mon Sep 17 00:00:00 2001
From: Eesaan Atluri <atlurie@uab.edu>
Date: Fri, 8 Nov 2024 16:55:08 -0600
Subject: [PATCH 089/172] feat: Replace hardcoded repo name when exporting vars
---
.gitlab-ci.yml | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 4a266d6..9ff758c 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -57,17 +57,17 @@ workflow:
- git fetch origin ${EXT_PR_TARGET_BRANCH}
- git merge origin/${EXT_PR_TARGET_BRANCH}
- git checkout -b integration
- - export CRI_XCBC_HEAD=$(git rev-parse --short HEAD)
- - export CRI_XCBC_dev=$(git rev-parse --short upstream/dev)
- - export CRI_XCBC_prod=$(git rev-parse --short origin/uab-prod)
- git fetch upstream ${EXT_PR_SRC_BRANCH}
- git merge upstream/${EXT_PR_SRC_BRANCH}
# export vars into job artifacts
+ - export EXT_REPO_HEAD=$(git rev-parse --short HEAD)
+ - export EXT_REPO_dev=$(git rev-parse --short upstream/dev)
+ - export EXT_REPO_prod=$(git rev-parse --short origin/uab-prod)
- cd ..
- export PACKER_IMAGE_HEAD=$(git rev-parse --short HEAD)
- - echo CRI_XCBC_HEAD=${CRI_XCBC_HEAD} | tee -a $CI_PROJECT_DIR/image.env
- - echo CRI_XCBC_dev=${CRI_XCBC_dev} | tee -a $CI_PROJECT_DIR/image.env
- - echo CRI_XCBC_prod=${CRI_XCBC_prod} | tee -a $CI_PROJECT_DIR/image.env
+ - echo EXT_REPO_HEAD=${EXT_REPO_HEAD} | tee -a $CI_PROJECT_DIR/image.env
+ - echo EXT_REPO_dev=${EXT_REPO_dev} | tee -a $CI_PROJECT_DIR/image.env
+ - echo EXT_REPO_prod=${EXT_REPO_prod} | tee -a $CI_PROJECT_DIR/image.env
- echo PACKER_IMAGE_HEAD=${PACKER_IMAGE_HEAD} | tee -a $CI_PROJECT_DIR/image.env
.get_ansible_files: &get_ansible_files
@@ -104,7 +104,7 @@ workflow:
- packer build -machine-readable openstack-proxy | tee proxy_build.log
- export BUILT_PROXY_IMAGE_ID=$(grep 'Image:' proxy_build.log | awk '{print $4}')
- echo BUILT_PROXY_IMAGE_ID=${BUILT_PROXY_IMAGE_ID} | tee -a $CI_PROJECT_DIR/image.env
- - openstack image set --property CRI_XCBC_prod=${CRI_XCBC_prod} --property CRI_XCBC_dev=${CRI_XCBC_dev} --property PACKER_IMAGE_HEAD=${PACKER_IMAGE_HEAD} ${BUILT_PROXY_IMAGE_ID}
+ - openstack image set --property EXT_REPO_prod=${EXT_REPO_prod} --property EXT_REPO_dev=${EXT_REPO_dev} --property PACKER_IMAGE_HEAD=${PACKER_IMAGE_HEAD} ${BUILT_PROXY_IMAGE_ID}
artifacts:
reports:
dotenv: image.env
--
GitLab
From 9399b84b0f0f7fa9e356a38e1bdbeb0e84f90288 Mon Sep 17 00:00:00 2001
From: Eesaan Atluri <atlurie@uab.edu>
Date: Sun, 24 Nov 2024 15:50:52 -0500
Subject: [PATCH 090/172] feat: Remove references to the dev and prod
---
.gitlab-ci.yml | 13 +++++++------
1 file changed, 7 insertions(+), 6 deletions(-)
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 9ff758c..3c48ecb 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -61,13 +61,13 @@ workflow:
- git merge upstream/${EXT_PR_SRC_BRANCH}
# export vars into job artifacts
- export EXT_REPO_HEAD=$(git rev-parse --short HEAD)
- - export EXT_REPO_dev=$(git rev-parse --short upstream/dev)
- - export EXT_REPO_prod=$(git rev-parse --short origin/uab-prod)
+ - export EXT_PR_SRC_BRANCH_SHA=$(git rev-parse --short upstream/${EXT_PR_SRC_BRANCH})
+ - export EXT_PR_TARGET_BRANCH_SHA=$(git rev-parse --short origin/${EXT_PR_TARGET_BRANCH})
- cd ..
- export PACKER_IMAGE_HEAD=$(git rev-parse --short HEAD)
- echo EXT_REPO_HEAD=${EXT_REPO_HEAD} | tee -a $CI_PROJECT_DIR/image.env
- - echo EXT_REPO_dev=${EXT_REPO_dev} | tee -a $CI_PROJECT_DIR/image.env
- - echo EXT_REPO_prod=${EXT_REPO_prod} | tee -a $CI_PROJECT_DIR/image.env
+ - echo EXT_PR_SRC_BRANCH_SHA=${EXT_PR_SRC_BRANCH_SHA} | tee -a $CI_PROJECT_DIR/image.env
+ - echo EXT_PR_TARGET_BRANCH_SHA=${EXT_PR_TARGET_BRANCH_SHA} | tee -a $CI_PROJECT_DIR/image.env
- echo PACKER_IMAGE_HEAD=${PACKER_IMAGE_HEAD} | tee -a $CI_PROJECT_DIR/image.env
.get_ansible_files: &get_ansible_files
@@ -79,7 +79,7 @@ workflow:
- *get_ansible_files
# packer vars for job env
- export PKR_VAR_flavor="${PROXY_BUILD_FLAVOR:-$PKR_VAR_flavor}"
- - export PKR_VAR_build_instance_name="${BUILD_TARGET}-${CRI_XCBC_HEAD}"
+ - export PKR_VAR_build_instance_name="${BUILD_TARGET}-${EXT_REPO_HEAD}"
- export PKR_VAR_image_date_suffix=false
- |
if [ $CI_PIPELINE_SOURCE == 'merge_request_event' ]; then
@@ -104,7 +104,8 @@ workflow:
- packer build -machine-readable openstack-proxy | tee proxy_build.log
- export BUILT_PROXY_IMAGE_ID=$(grep 'Image:' proxy_build.log | awk '{print $4}')
- echo BUILT_PROXY_IMAGE_ID=${BUILT_PROXY_IMAGE_ID} | tee -a $CI_PROJECT_DIR/image.env
- - openstack image set --property EXT_REPO_prod=${EXT_REPO_prod} --property EXT_REPO_dev=${EXT_REPO_dev} --property PACKER_IMAGE_HEAD=${PACKER_IMAGE_HEAD} ${BUILT_PROXY_IMAGE_ID}
+ # set image properties with repo state
+ - openstack image set --property EXT_PR_SRC_REPO=${EXT_PR_SRC_REPO} --property EXT_PR_SRC_BRANCH_SHA=${EXT_PR_SRC_BRANCH_SHA} --property EXT_PR_TARGET_REPO=${EXT_PR_TARGET_REPO} --property EXT_PR_TARGET_BRANCH_SHA=${EXT_PR_TARGET_BRANCH_SHA} --property PACKER_IMAGE_HEAD=${PACKER_IMAGE_HEAD} ${BUILT_PROXY_IMAGE_ID}
artifacts:
reports:
dotenv: image.env
--
GitLab
From b5dfe3348806cc384d1edc88670f3a26384c8b2a Mon Sep 17 00:00:00 2001
From: Eesaan Atluri <atlurie@uab.edu>
Date: Tue, 26 Nov 2024 18:44:33 -0500
Subject: [PATCH 091/172] feat: Change order to test multiple FIP assignment
---
.gitlab-ci.yml | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 2021b76..b34605c 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -177,8 +177,8 @@ deploy_http_proxy_node:
# Associate the floating IP(s) with the HTTP Proxy instance
for HTTP_PROXY_FLOATING_IP in ${HTTP_PROXY_FLOATING_IP_LIST[@]};
do
+ echo "Associating FLOATING_IP $HTTP_PROXY_FLOATING_IP with HTTP_PROXY_INSTANCE_ID $HTTP_PROXY_INSTANCE_ID"
openstack server add floating ip $HTTP_PROXY_INSTANCE_ID $HTTP_PROXY_FLOATING_IP
- echo "Associated FLOATING_IP $HTTP_PROXY_FLOATING_IP with HTTP_PROXY_INSTANCE_ID $HTTP_PROXY_INSTANCE_ID"
done
rules:
- if: $PIPELINE_TARGET == "deploy" && $HTTP_PROXY_IMAGE_ID
@@ -227,8 +227,8 @@ deploy_ssh_proxy_node:
# Associate the floating IP(s) with the SSH Proxy instance
for SSH_PROXY_FLOATING_IP in ${SSH_PROXY_FLOATING_IP_LIST[@]};
do
+ echo "Associating FLOATING_IP $SSH_PROXY_FLOATING_IP with SSH_PROXY_INSTANCE_ID $SSH_PROXY_INSTANCE_ID"
openstack server add floating ip $SSH_PROXY_INSTANCE_ID $SSH_PROXY_FLOATING_IP
- echo "Associated FLOATING_IP $SSH_PROXY_FLOATING_IP with SSH_PROXY_INSTANCE_ID $SSH_PROXY_INSTANCE_ID"
done
rules:
- if: $PIPELINE_TARGET == "deploy" && $SSH_PROXY_IMAGE_ID
--
GitLab
From 5700ab7c64f5c776198cec33f671a91655b150f7 Mon Sep 17 00:00:00 2001
From: Eesaan Atluri <atlurie@uab.edu>
Date: Wed, 27 Nov 2024 13:56:10 -0600
Subject: [PATCH 092/172] feat: Add runtime config for ssh proxy
---
ansible/cluster.yml | 1 +
ansible/group_vars/all | 4 +++
ansible/group_vars/prod | 5 ++++
ansible/roles/ssh_proxy_config/tasks/main.yml | 13 +++++++++
.../templates/sshpiperd.yaml.j2 | 28 +++++++++++++++++++
5 files changed, 51 insertions(+)
create mode 100644 ansible/roles/ssh_proxy_config/tasks/main.yml
create mode 100644 ansible/roles/ssh_proxy_config/templates/sshpiperd.yaml.j2
diff --git a/ansible/cluster.yml b/ansible/cluster.yml
index 609d2fa..a84fec6 100644
--- a/ansible/cluster.yml
+++ b/ansible/cluster.yml
@@ -8,3 +8,4 @@
- { name: 'ldap_config', tags: 'ldap_config' }
- { name: 'slurm_client', tags: 'slurm_client', when: enable_slurm_client }
- { name: 'ssh_host_keys', tags: 'ssh_host_keys' }
+ - { name: 'ssh_proxy_config', tags: 'ssh_proxy_config', when: enable_ssh_proxy_config }
diff --git a/ansible/group_vars/all b/ansible/group_vars/all
index 78a9c64..2e8fa6c 100644
--- a/ansible/group_vars/all
+++ b/ansible/group_vars/all
@@ -42,3 +42,7 @@
# AWS credentials
LTS_ACCESS_KEY: ""
LTS_SECRET_KEY: ""
+
+# ssh proxy
+ enable_ssh_proxy_config: false
+ sshpiper_dest_dir: "/opt/sshpiper"
diff --git a/ansible/group_vars/prod b/ansible/group_vars/prod
index 7c7964e..5c694d2 100644
--- a/ansible/group_vars/prod
+++ b/ansible/group_vars/prod
@@ -17,3 +17,8 @@
bright_openldap_path: "/cm/local/apps/openldap"
ldap_cert_path: "{{bright_openldap_path}}/etc/certs"
ldap_uri: "ldaps://ldapserver"
+
+ # proxy_config
+ target_groups:
+ - {"name": "gpfs5", "host": "login002", "default": False, "authorized_keys":"/gpfs5/data/user/home/$DOWNSTREAM_USER/.ssh/authorized_keys", "private_key":"/gpfs5/data/user/home/$DOWNSTREAM_USER/.ssh/id_ecdsa"}
+ - {"name": "gpfs4", "host": "login001", "default": True, "authorized_keys":"/gpfs4/data/user/home/$DOWNSTREAM_USER/.ssh/authorized_keys", "private_key":"/gpfs4/data/user/home/$DOWNSTREAM_USER/.ssh/id_ecdsa"}
diff --git a/ansible/roles/ssh_proxy_config/tasks/main.yml b/ansible/roles/ssh_proxy_config/tasks/main.yml
new file mode 100644
index 0000000..d3ec3bd
--- /dev/null
+++ b/ansible/roles/ssh_proxy_config/tasks/main.yml
@@ -0,0 +1,13 @@
+---
+- name: Configure sshpiper yaml plugin
+ ansible.builtin.template:
+ src: sshpiperd.yaml.j2
+ dest: "{{ sshpiper_dest_dir }}/sshpiperd.yaml"
+ backup: true
+
+- name: Enable and start sshpiper service
+ ansible.builtin.service:
+ name: sshpiperd
+ enabled: true
+ state: restarted
+
diff --git a/ansible/roles/ssh_proxy_config/templates/sshpiperd.yaml.j2 b/ansible/roles/ssh_proxy_config/templates/sshpiperd.yaml.j2
new file mode 100644
index 0000000..4597108
--- /dev/null
+++ b/ansible/roles/ssh_proxy_config/templates/sshpiperd.yaml.j2
@@ -0,0 +1,28 @@
+# yaml-language-server: $schema=https://raw.githubusercontent.com/tg123/sshpiper/master/plugin/yaml/schema.json
+version: "1.0"
+pipes:
+{% for group in target_groups %}
+{% if not group.default %}
+- from:
+ - groupname: "{{ group.name }}"
+ authorized_keys: "{{ group.authorized_keys }}"
+ to:
+ host: "{{ group.host }}"
+ ignore_hostkey: true
+ private_key: "{{ group.private_key }}"
+- from:
+ - groupname: "{{ group.name }}"
+ to:
+ host: "{{ group.host }}"
+ ignore_hostkey: true
+{% else %}
+- from:
+ - username: ".*" # catch all
+ username_regex_match: true
+ authorized_keys: "{{ group.authorized_keys }}"
+ to:
+ host: "{{ group.host }}"
+ ignore_hostkey: true
+ private_key: "{{ group.private_key }}"
+{% endif %}
+{% endfor %}
--
GitLab
From d67bd0fd585b1fe2401f3d616d895c2da5b099d1 Mon Sep 17 00:00:00 2001
From: Eesaan Atluri <atlurie@uab.edu>
Date: Wed, 4 Dec 2024 15:52:11 -0500
Subject: [PATCH 093/172] feat: Add tasks to install and config fail2ban
---
ansible/group_vars/all | 1 +
ansible/roles/ssh_proxy_config/tasks/main.yml | 41 +++++++++++++++++++
.../ssh_proxy_config/templates/jail.local.j2 | 7 ++++
3 files changed, 49 insertions(+)
create mode 100644 ansible/roles/ssh_proxy_config/templates/jail.local.j2
diff --git a/ansible/group_vars/all b/ansible/group_vars/all
index 2e8fa6c..452daa7 100644
--- a/ansible/group_vars/all
+++ b/ansible/group_vars/all
@@ -46,3 +46,4 @@
# ssh proxy
enable_ssh_proxy_config: false
sshpiper_dest_dir: "/opt/sshpiper"
+ fail2ban_cidr_list: "127.0.0.1/8"
diff --git a/ansible/roles/ssh_proxy_config/tasks/main.yml b/ansible/roles/ssh_proxy_config/tasks/main.yml
index d3ec3bd..fb51f9f 100644
--- a/ansible/roles/ssh_proxy_config/tasks/main.yml
+++ b/ansible/roles/ssh_proxy_config/tasks/main.yml
@@ -11,3 +11,44 @@
enabled: true
state: restarted
+- name: Install firewalld
+ ansible.builtin.package:
+ name: firewalld
+ state: present
+
+- name: Configure firewalld
+ ansible.posix.firewalld:
+ port: 2222/tcp
+ zone: public
+ state: enabled
+ permanent: true
+
+- name: Enable and start firewalld
+ ansible.builtin.service:
+ name: firewalld
+ enabled: true
+ state: restarted
+
+- name: Install fail2ban
+ ansible.builtin.package:
+ name: "{{ item }}"
+ state: present
+ loop:
+ - fail2ban
+ - fail2ban-firewalld
+
+- name: Configure fail2ban
+ ansible.builtin.template:
+ src: jail.local.j2
+ dest: "/etc/fail2ban/jail.local"
+ backup: true
+
+- name: Activate the firewall support
+ ansible.builtin.command:
+ cmd: mv /etc/fail2ban/jail.d/00-firewalld.conf /etc/fail2ban/jail.d/00-firewalld.local
+
+- name: Enable and start fail2ban
+ ansible.builtin.service:
+ name: fail2ban
+ enabled: true
+ state: restarted
diff --git a/ansible/roles/ssh_proxy_config/templates/jail.local.j2 b/ansible/roles/ssh_proxy_config/templates/jail.local.j2
new file mode 100644
index 0000000..d5898e6
--- /dev/null
+++ b/ansible/roles/ssh_proxy_config/templates/jail.local.j2
@@ -0,0 +1,7 @@
+[DEFAULT]
+banaction = firewalld
+bantime = 1200
+ignoreip = {{ fail2ban_cidr_list }}
+
+[sshd]
+enabled = true
--
GitLab
From 7955206f522a8e43f5eb976c28fdf4be1bc05dc6 Mon Sep 17 00:00:00 2001
From: Eesaan Atluri <atlurie@uab.edu>
Date: Thu, 5 Dec 2024 14:15:18 -0500
Subject: [PATCH 094/172] feat: Configure rsyslog
---
ansible/group_vars/all | 3 +
ansible/roles/rsyslog_config/tasks/main.yml | 15 ++
.../rsyslog_config/templates/rsyslog.conf.j2 | 226 ++++++++++++++++++
3 files changed, 244 insertions(+)
create mode 100644 ansible/roles/rsyslog_config/tasks/main.yml
create mode 100644 ansible/roles/rsyslog_config/templates/rsyslog.conf.j2
diff --git a/ansible/group_vars/all b/ansible/group_vars/all
index 452daa7..4c97256 100644
--- a/ansible/group_vars/all
+++ b/ansible/group_vars/all
@@ -47,3 +47,6 @@
enable_ssh_proxy_config: false
sshpiper_dest_dir: "/opt/sshpiper"
fail2ban_cidr_list: "127.0.0.1/8"
+
+# rsyslog
+ rsyslog_target: "*.* @master:514"
diff --git a/ansible/roles/rsyslog_config/tasks/main.yml b/ansible/roles/rsyslog_config/tasks/main.yml
new file mode 100644
index 0000000..61c5029
--- /dev/null
+++ b/ansible/roles/rsyslog_config/tasks/main.yml
@@ -0,0 +1,15 @@
+---
+- name: Add rsyslog configuration
+ ansible.builtin.template:
+ src: rsyslog.conf.j2
+ dest: /etc/rsyslog.conf
+ mode: 0644
+ owner: root
+ group: root
+ backup: true
+
+- name: Enable and start rsyslog
+ ansible.builtin.service:
+ name: rsyslog
+ enabled: true
+ state: restarted
diff --git a/ansible/roles/rsyslog_config/templates/rsyslog.conf.j2 b/ansible/roles/rsyslog_config/templates/rsyslog.conf.j2
new file mode 100644
index 0000000..41ba61b
--- /dev/null
+++ b/ansible/roles/rsyslog_config/templates/rsyslog.conf.j2
@@ -0,0 +1,226 @@
+# rsyslog configuration file
+
+# For more information see /usr/share/doc/rsyslog-*/rsyslog_conf.html
+# If you experience problems, see http://www.rsyslog.com/doc/troubleshoot.html
+
+# Added for distro update >= 4 (7u4)
+global (
+net.enabledns="off"
+)
+
+#### MODULES ####
+
+# The imjournal module bellow is now used as a message source instead of imuxsock.
+$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
+$ModLoad imjournal # provides access to the systemd journal
+#$ModLoad imklog # reads kernel messages (the same are read from journald)
+#$ModLoad immark # provides --MARK-- message capability
+
+# Provides UDP syslog reception
+#$ModLoad imudp
+#$UDPServerRun 514
+
+# Provides TCP syslog reception
+#$ModLoad imtcp
+#$InputTCPServerRun 514
+
+
+#### GLOBAL DIRECTIVES ####
+
+# Where to place auxiliary files
+$WorkDirectory /var/lib/rsyslog
+
+# Use default timestamp format
+$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
+
+# File syncing capability is disabled by default. This feature is usually not required,
+# not useful and an extreme performance hit
+#$ActionFileEnableSync on
+
+# Include all config files in /etc/rsyslog.d/
+$IncludeConfig /etc/rsyslog.d/*.conf
+
+# Turn off message reception via local log socket;
+# local messages are retrieved through imjournal now.
+$OmitLocalLogging on
+
+# File to store the position in the journal
+$IMJournalStateFile imjournal.state
+
+
+#### RULES ####
+
+# Log all kernel messages to the console.
+# Logging much else clutters up the screen.
+#kern.* /dev/console
+
+# Filter nslcd ldap ldap_abandon and ldap_result messages.
+if $programname == 'nslcd' and $syslogseverity >= '3' and $msg contains ' failed: Can\'t contact LDAP server' then stop
+if $programname == 'nslcd' and $syslogseverity >= '3' and $msg contains 'ldap_abandon() failed to abandon search: Other (e.g., implementation specific) error' then stop
+if $programname == 'nslcd' and $syslogseverity >= '3' and $msg contains 'ldap_abandon() failed to abandon search: Can\'t contact LDAP server: Transport endpoint is not connected' then stop
+if $programname == 'nslcd' and $syslogseverity >= '3' and $msg contains 'no available LDAP server found, sleeping ' then stop
+if $programname == 'nslcd' and $syslogseverity >= '3' and $msg contains 'connected to LDAP server ldap://local' then stop
+
+# Filter sntp started messages.
+if $programname == 'sntp' and $syslogseverity > '3' and $msg contains 'Started sntp' then stop
+
+# MariaDB Galera
+# disabled, as these messages are being generated every few seconds
+:msg, contains, "START: cm-check-galera-status" stop
+:msg, contains, "EXIT: cm-check-galera-status" stop
+
+# HAProxy for OpenStack
+if $syslogfacility-text == 'local4' and ($programname == 'haproxy') then {
+ local4.* /var/log/haproxy.log
+ stop
+}
+
+# OpenStack specific
+if $syslogfacility-text == 'daemon' then {
+
+ # needed for proper handling of Python stack traces
+ $EscapeControlCharactersOnReceive off
+
+ if $programname startswith 'keystone' then {
+ *.* /var/log/keystone/keystone.log
+ }
+
+ if $programname startswith 'nova' then {
+ *.* /var/log/nova/nova.log
+
+ if $programname == 'nova-api' then {
+ *.* /var/log/nova/nova-api.log
+ }
+ if $programname == 'nova-scheduler' then {
+ *.* /var/log/nova/nova-scheduler.log
+ }
+ if $programname == 'nova-conductor' then {
+ *.* /var/log/nova/nova-conductor.log
+ }
+ if $programname == 'nova-novncproxy' then {
+ *.* /var/log/nova/nova-novncproxy.log
+ }
+ if $programname == 'nova-compute' then {
+ *.* /var/log/nova/nova-compute.log
+ }
+ }
+
+ if $programname startswith 'neutron' then {
+ *.* /var/log/neutron/neutron.log
+
+ if $programname == 'neutron-server' then {
+ *.* /var/log/neutron/neutron-server.log
+ }
+ if $programname == 'neutron-metadata-agent' then {
+ *.* /var/log/neutron/neutron-metadata-agent.log
+ }
+ if $programname == 'neutron-l3-agent' then {
+ *.* /var/log/neutron/neutron-l3-agent.log
+ }
+ if $programname == 'neutron-dhcp-agent' then {
+ *.* /var/log/neutron/neutron-dhcp-agent.log
+ }
+ if $programname == 'neutron-openvswitch-agent' then {
+ *.* /var/log/neutron/neutron-openvswitch-agent.log
+ }
+
+ }
+
+ if $programname startswith 'glance' then {
+ *.* /var/log/glance/glance.log
+
+ if $programname == 'glance-api' then {
+ *.* /var/log/glance/glance-api.log
+ }
+ if $programname == 'glance-registry' then {
+ *.* /var/log/glance/glance-registry.log
+ }
+
+ }
+
+ if $programname startswith 'cinder' then {
+ *.* /var/log/cinder/cinder.log
+
+ if $programname == 'cinder-api' then {
+ *.* /var/log/cinder/cinder-api.log
+ }
+ if $programname == 'cinder-scheduler' then {
+ *.* /var/log/cinder/cinder-scheduler.log
+ }
+ if $programname == 'cinder-volume' then {
+ *.* /var/log/cinder/cinder-volume.log
+ }
+ if $programname == 'cinder-backup' then {
+ *.* /var/log/cinder/cinder-backup.log
+ }
+ }
+
+ if $programname startswith 'heat' then {
+ *.* /var/log/heat/heat.log
+
+ if $programname == 'heat-api' then {
+ *.* /var/log/heat/heat-api.log
+ }
+ if $programname == 'heat-engine' then {
+ *.* /var/log/heat/heat-engine.log
+ }
+ }
+
+ if $programname startswith 'keystone' or \
+ $programname startswith 'nova' or \
+ $programname startswith 'neutron' or \
+ $programname startswith 'glance' or \
+ $programname startswith 'cinder' or \
+ $programname startswith 'heat' then {
+
+ *.* /var/log/openstack
+ *.* @master:514
+ stop
+ }
+}
+
+# Log anything (except mail) of level info or higher.
+# Don't log private authentication messages!
+*.info;mail.none;authpriv.none;cron.none;local5.none;local6.none /var/log/messages
+
+# The authpriv file has restricted access.
+authpriv.* /var/log/secure
+
+# Log all the mail messages in one place.
+mail.* -/var/log/maillog
+
+
+# Log cron stuff
+cron.* /var/log/cron
+
+# Everybody gets emergency messages
+*.emerg :omusrmsg:*
+
+# Save news errors of level crit and higher in a special file.
+uucp,news.crit /var/log/spooler
+
+# Save boot messages also to boot.log
+local7.* /var/log/boot.log
+
+# cm related log files:
+local5.* -/var/log/node-installer
+local6.* -/var/log/cmdaemon
+
+# ### begin forwarding rule ###
+# The statement between the begin ... end define a SINGLE forwarding
+# rule. They belong together, do NOT split them. If you create multiple
+# forwarding rules, duplicate the whole block!
+# Remote Logging (we use TCP for reliable delivery)
+#
+# An on-disk queue is created for this action. If the remote host is
+# down, messages are spooled to disk and sent when it is up again.
+#$ActionQueueFileName fwdRule1 # unique name prefix for spool files
+#$ActionQueueMaxDiskSpace 1g # 1gb space limit (use as much as possible)
+#$ActionQueueSaveOnShutdown on # save messages to disk on shutdown
+#$ActionQueueType LinkedList # run asynchronously
+#$ActionResumeRetryCount -1 # infinite retries if host is down
+# remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional
+#*.* @@remote-host:514
+#CM
+{{ rsyslog_target }}
+#### end of the forwarding rule ###
--
GitLab
From 6e1a58c4c4910fbe9da3ae870768aab7072227c4 Mon Sep 17 00:00:00 2001
From: Eesaan Atluri <atlurie@uab.edu>
Date: Thu, 5 Dec 2024 14:34:57 -0500
Subject: [PATCH 095/172] feat: Add rsyslog_config role to playbook cluster.yml
---
ansible/cluster.yml | 1 +
ansible/group_vars/all | 1 +
2 files changed, 2 insertions(+)
diff --git a/ansible/cluster.yml b/ansible/cluster.yml
index a84fec6..a131e1e 100644
--- a/ansible/cluster.yml
+++ b/ansible/cluster.yml
@@ -9,3 +9,4 @@
- { name: 'slurm_client', tags: 'slurm_client', when: enable_slurm_client }
- { name: 'ssh_host_keys', tags: 'ssh_host_keys' }
- { name: 'ssh_proxy_config', tags: 'ssh_proxy_config', when: enable_ssh_proxy_config }
+ - { name: 'rsyslog_config', tags: 'rsyslog_config', when: enable_rsyslog_config }
diff --git a/ansible/group_vars/all b/ansible/group_vars/all
index 4c97256..0f8cdbe 100644
--- a/ansible/group_vars/all
+++ b/ansible/group_vars/all
@@ -49,4 +49,5 @@
fail2ban_cidr_list: "127.0.0.1/8"
# rsyslog
+ enable_rsyslog_config: false
rsyslog_target: "*.* @master:514"
--
GitLab
From 8a799a3e9c4e04f3043d27cf7b068e1685559f11 Mon Sep 17 00:00:00 2001
From: Bo-Chun Louis Chen <louistw@uab.edu>
Date: Fri, 6 Dec 2024 13:08:19 -0600
Subject: [PATCH 096/172] feat: add ssl related variables
---
ansible/group_vars/all | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/ansible/group_vars/all b/ansible/group_vars/all
index 0f8cdbe..f68ae57 100644
--- a/ansible/group_vars/all
+++ b/ansible/group_vars/all
@@ -51,3 +51,13 @@
# rsyslog
enable_rsyslog_config: false
rsyslog_target: "*.* @master:514"
+
+# ssl certs
+ ssl_cert_s3_bucket: ""
+ ssl_cert_key_location: "/etc/pki/tls/private"
+ ssl_cert_file_location: "/etc/pki/tls/certs"
+ ssl_cert_key: ""
+ ssl_cert_file: ""
+ ssl_cert_chain_file: ""
+ ssl_apache_config: ""
+ apache_service: "httpd"
--
GitLab
From dcd97881b482f0111a3a0cffe42cf500698eb83f Mon Sep 17 00:00:00 2001
From: Bo-Chun Louis Chen <louistw@uab.edu>
Date: Fri, 6 Dec 2024 13:08:36 -0600
Subject: [PATCH 097/172] feat: add ssl_cert role
---
ansible/cluster.yml | 1 +
ansible/roles/ssl_cert/tasks/main.yaml | 46 ++++++++++++++++++++++++++
2 files changed, 47 insertions(+)
create mode 100644 ansible/roles/ssl_cert/tasks/main.yaml
diff --git a/ansible/cluster.yml b/ansible/cluster.yml
index a131e1e..9d4eaa3 100644
--- a/ansible/cluster.yml
+++ b/ansible/cluster.yml
@@ -9,4 +9,5 @@
- { name: 'slurm_client', tags: 'slurm_client', when: enable_slurm_client }
- { name: 'ssh_host_keys', tags: 'ssh_host_keys' }
- { name: 'ssh_proxy_config', tags: 'ssh_proxy_config', when: enable_ssh_proxy_config }
+ - { name: 'ssl_cert', tags: 'ssl_cert' }
- { name: 'rsyslog_config', tags: 'rsyslog_config', when: enable_rsyslog_config }
diff --git a/ansible/roles/ssl_cert/tasks/main.yaml b/ansible/roles/ssl_cert/tasks/main.yaml
new file mode 100644
index 0000000..7458957
--- /dev/null
+++ b/ansible/roles/ssl_cert/tasks/main.yaml
@@ -0,0 +1,46 @@
+---
+- name: Download SSL Certs from S3
+ aws_s3:
+ mode: get
+ s3_url: "{{ S3_ENDPOINT }}"
+ bucket: "{{ ssl_cert_s3_bucket }}"
+ object: "{{ item }}"
+ dest: "{{ ssl_cert_file_location }}/{{ item }}"
+ aws_access_key: "{{ LTS_ACCESS_KEY }}"
+ aws_secret_key: "{{ LTS_SECRET_KEY }}"
+ vars:
+ ansible_python_interpreter: /usr/bin/python3
+ when: ssl_cert_s3_bucket | length > 0 and item | length > 0
+ loop:
+ - "{{ ssl_cert_file }}"
+ - "{{ ssl_cert_chain_file }}"
+
+- name: Download SSL key from S3
+ aws_s3:
+ mode: get
+ s3_url: "{{ S3_ENDPOINT }}"
+ bucket: "{{ ssl_cert_s3_bucket }}"
+ object: "{{ ssl_cert_key }}"
+ dest: "{{ ssl_cert_key_location }}/{{ ssl_cert_key }}"
+ aws_access_key: "{{ LTS_ACCESS_KEY }}"
+ aws_secret_key: "{{ LTS_SECRET_KEY }}"
+ vars:
+ ansible_python_interpreter: /usr/bin/python3
+ when: ssl_cert_s3_bucket | length > 0 and ssl_cert_key | length > 0
+
+- name: Update SSL in Apache config
+ ansible.builtin.replace:
+ path: "{{ ssl_apache_config }}"
+ regexp: "{{ item.regexp }}"
+ replace: "\\1 {{ item.location }}/{{ item.value }}"
+ backup: true
+ when: ssl_apache_config | length > 0 and item.value | length > 0
+ loop:
+ - { regexp: "#?(SSLCertificateFile).*$", location: "{{ ssl_cert_file_location }}", value: "{{ ssl_cert_file }}" }
+ - { regexp: "#?(SSLCertificateChainFile).*$", location: "{{ ssl_cert_file_location }}", value: "{{ ssl_cert_chain_file }}" }
+ - { regexp: "#?(SSLCertificateKeyFile).*$", location: "{{ ssl_cert_key_location }}", value: "{{ ssl_cert_key }}" }
+
+- name: Restart apache service
+ ansible.builtin.service:
+ name: "{{ apache_service }}"
+ state: restarted
--
GitLab
From 63497598297681d4c01d5b8faf7ff5c0ce0d11b8 Mon Sep 17 00:00:00 2001
From: Bo-Chun Louis Chen <louistw@uab.edu>
Date: Tue, 10 Dec 2024 15:42:13 -0600
Subject: [PATCH 098/172] feat: ensure file permission of cert and key file
---
ansible/roles/ssl_cert/tasks/main.yaml | 19 +++++++++++++++++++
1 file changed, 19 insertions(+)
diff --git a/ansible/roles/ssl_cert/tasks/main.yaml b/ansible/roles/ssl_cert/tasks/main.yaml
index 7458957..aa562aa 100644
--- a/ansible/roles/ssl_cert/tasks/main.yaml
+++ b/ansible/roles/ssl_cert/tasks/main.yaml
@@ -15,6 +15,17 @@
- "{{ ssl_cert_file }}"
- "{{ ssl_cert_chain_file }}"
+- name: Change cert files permissions
+ ansible.builtin.file:
+ path: "{{ ssl_cert_file_location }}/{{ item }}"
+ owner: root
+ group: root
+ mode: '0600'
+ when: ssl_cert_s3_bucket | length > 0 and item | length > 0
+ loop:
+ - "{{ ssl_cert_file }}"
+ - "{{ ssl_cert_chain_file }}"
+
- name: Download SSL key from S3
aws_s3:
mode: get
@@ -28,6 +39,14 @@
ansible_python_interpreter: /usr/bin/python3
when: ssl_cert_s3_bucket | length > 0 and ssl_cert_key | length > 0
+- name: Change key file permissions
+ ansible.builtin.file:
+ path: "{{ ssl_cert_key_location }}/{{ ssl_cert_key }}"
+ owner: root
+ group: root
+ mode: '0400'
+ when: ssl_cert_s3_bucket | length > 0 and ssl_cert_key | length > 0
+
- name: Update SSL in Apache config
ansible.builtin.replace:
path: "{{ ssl_apache_config }}"
--
GitLab
From d4f320bbf1c6f7ba2c91e258d1765502062c8426 Mon Sep 17 00:00:00 2001
From: Bo-Chun Louis Chen <louistw@uab.edu>
Date: Tue, 10 Dec 2024 16:13:42 -0600
Subject: [PATCH 099/172] style: use FQCN module name
---
ansible/roles/ssh_host_keys/tasks/main.yml | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/ansible/roles/ssh_host_keys/tasks/main.yml b/ansible/roles/ssh_host_keys/tasks/main.yml
index 0a9632e..462c09a 100644
--- a/ansible/roles/ssh_host_keys/tasks/main.yml
+++ b/ansible/roles/ssh_host_keys/tasks/main.yml
@@ -1,6 +1,6 @@
---
- name: Ensure destination directory exists only if not present
- file:
+ ansible.builtin.file:
path: /tmp/ssh_keys
state: directory
mode: '0755'
@@ -24,7 +24,7 @@
ansible_python_interpreter: /usr/bin/python3
- name: Unpack SSH host keys to /etc/ssh
- unarchive:
+ ansible.builtin.unarchive:
src: "/tmp/ssh_keys/{{ SSH_HOST_KEYS_S3_OBJECT }}"
dest: "/etc/ssh"
remote_src: yes
--
GitLab
From d23b84990b9572926b01253bb746e7d6e8b92234 Mon Sep 17 00:00:00 2001
From: Bo-Chun Louis Chen <louistw@uab.edu>
Date: Tue, 10 Dec 2024 16:14:13 -0600
Subject: [PATCH 100/172] feat: ensure keys own by root
---
ansible/roles/ssh_host_keys/tasks/main.yml | 2 ++
1 file changed, 2 insertions(+)
diff --git a/ansible/roles/ssh_host_keys/tasks/main.yml b/ansible/roles/ssh_host_keys/tasks/main.yml
index 462c09a..b9b5b6b 100644
--- a/ansible/roles/ssh_host_keys/tasks/main.yml
+++ b/ansible/roles/ssh_host_keys/tasks/main.yml
@@ -27,6 +27,8 @@
ansible.builtin.unarchive:
src: "/tmp/ssh_keys/{{ SSH_HOST_KEYS_S3_OBJECT }}"
dest: "/etc/ssh"
+ group: root
+ owner: root
remote_src: yes
become: true
--
GitLab
From be66a996caddd19772309b1fe4fdd5f1d5277fdb Mon Sep 17 00:00:00 2001
From: Bo-Chun Louis Chen <louistw@uab.edu>
Date: Tue, 10 Dec 2024 16:14:37 -0600
Subject: [PATCH 101/172] feat: remove temporary folder is removed after the
task
---
ansible/roles/ssh_host_keys/tasks/main.yml | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/ansible/roles/ssh_host_keys/tasks/main.yml b/ansible/roles/ssh_host_keys/tasks/main.yml
index b9b5b6b..fa39838 100644
--- a/ansible/roles/ssh_host_keys/tasks/main.yml
+++ b/ansible/roles/ssh_host_keys/tasks/main.yml
@@ -32,6 +32,11 @@
remote_src: yes
become: true
+- name: Remove the temporary folder after put in place
+ ansible.builtin.file:
+ path: /tmp/ssh_keys
+ state: absent
+
- name: Restart SSH service
ansible.builtin.service:
name: sshd
--
GitLab
From 273d22132adecde4ff2d1ab771322c9e65ea3c60 Mon Sep 17 00:00:00 2001
From: Eesaan Atluri <atlurie@uab.edu>
Date: Wed, 11 Dec 2024 06:45:24 -0500
Subject: [PATCH 102/172] feat: Add conditional for ssl certs role
---
ansible/cluster.yml | 2 +-
ansible/group_vars/all | 1 +
2 files changed, 2 insertions(+), 1 deletion(-)
diff --git a/ansible/cluster.yml b/ansible/cluster.yml
index 9d4eaa3..a4240f6 100644
--- a/ansible/cluster.yml
+++ b/ansible/cluster.yml
@@ -9,5 +9,5 @@
- { name: 'slurm_client', tags: 'slurm_client', when: enable_slurm_client }
- { name: 'ssh_host_keys', tags: 'ssh_host_keys' }
- { name: 'ssh_proxy_config', tags: 'ssh_proxy_config', when: enable_ssh_proxy_config }
- - { name: 'ssl_cert', tags: 'ssl_cert' }
+ - { name: 'ssl_cert', tags: 'ssl_cert', when: enable_ssl_certs }
- { name: 'rsyslog_config', tags: 'rsyslog_config', when: enable_rsyslog_config }
diff --git a/ansible/group_vars/all b/ansible/group_vars/all
index f68ae57..f7b65c0 100644
--- a/ansible/group_vars/all
+++ b/ansible/group_vars/all
@@ -53,6 +53,7 @@
rsyslog_target: "*.* @master:514"
# ssl certs
+ enable_ssl_certs: false
ssl_cert_s3_bucket: ""
ssl_cert_key_location: "/etc/pki/tls/private"
ssl_cert_file_location: "/etc/pki/tls/certs"
--
GitLab
From 9351468c4263ba39c773a0b518f9e8623c542843 Mon Sep 17 00:00:00 2001
From: Eesaan Atluri <atlurie@uab.edu>
Date: Wed, 11 Dec 2024 07:19:22 -0500
Subject: [PATCH 103/172] feat: Install httpd not available default in Alma9
---
openstack-proxy/nodeimage.pkr.hcl | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/openstack-proxy/nodeimage.pkr.hcl b/openstack-proxy/nodeimage.pkr.hcl
index fc1a471..1410cbe 100644
--- a/openstack-proxy/nodeimage.pkr.hcl
+++ b/openstack-proxy/nodeimage.pkr.hcl
@@ -40,7 +40,7 @@ build {
inline = [
"sudo yum install -y epel-release",
"sudo dnf config-manager --set-enabled crb",
- "sudo yum install -y libselinux-python3 python3 python3-pip tmux vim git bash-completion curl wget unzip",
+ "sudo yum install -y libselinux-python3 python3 python3-pip tmux vim git bash-completion curl wget unzip httpd",
"sudo python3 -m pip install --upgrade pip",
"sudo pip3 install s3cmd==2.3.0 ansible==4.10.0 python-openstackclient==5.8.0"
]
--
GitLab
From acc625734b899c74b363438fec7c8688ab82a152 Mon Sep 17 00:00:00 2001
From: Bo-Chun Louis Chen <louistw@uab.edu>
Date: Thu, 12 Dec 2024 15:59:30 -0600
Subject: [PATCH 104/172] feat: add rewrite map config variable
---
ansible/group_vars/all | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/ansible/group_vars/all b/ansible/group_vars/all
index f7b65c0..f806c1f 100644
--- a/ansible/group_vars/all
+++ b/ansible/group_vars/all
@@ -62,3 +62,10 @@
ssl_cert_chain_file: ""
ssl_apache_config: ""
apache_service: "httpd"
+
+# rewrite map
+ enable_rewrite_map: false
+ target_groups:
+ - {"name": "gpfs4", "host": "login001", "default": True }
+ - {"name": "gpfs5", "host": "login002", "default": False }
+
--
GitLab
From bf72c6c6aeb0a042705dd503812b12f9e92de713 Mon Sep 17 00:00:00 2001
From: Bo-Chun Louis Chen <louistw@uab.edu>
Date: Thu, 12 Dec 2024 16:02:57 -0600
Subject: [PATCH 105/172] feat: add rewrite_map role
---
ansible/roles/rewrite_map/tasks/main.yaml | 8 ++++++++
.../rewrite_map/templates/rewrite_map_config_py.j2 | 11 +++++++++++
2 files changed, 19 insertions(+)
create mode 100644 ansible/roles/rewrite_map/tasks/main.yaml
create mode 100644 ansible/roles/rewrite_map/templates/rewrite_map_config_py.j2
diff --git a/ansible/roles/rewrite_map/tasks/main.yaml b/ansible/roles/rewrite_map/tasks/main.yaml
new file mode 100644
index 0000000..74c8778
--- /dev/null
+++ b/ansible/roles/rewrite_map/tasks/main.yaml
@@ -0,0 +1,8 @@
+---
+- name: Add apache rewritemap script config
+ ansible.builtin.template:
+ src: rewrite_map_config_py.j2
+ mode: '600'
+ user: root
+ group: root
+ dest: /var/www/rewrite_map_config.py
diff --git a/ansible/roles/rewrite_map/templates/rewrite_map_config_py.j2 b/ansible/roles/rewrite_map/templates/rewrite_map_config_py.j2
new file mode 100644
index 0000000..3d247e7
--- /dev/null
+++ b/ansible/roles/rewrite_map/templates/rewrite_map_config_py.j2
@@ -0,0 +1,11 @@
+DEBUG = False
+target_groups = {
+ {% for group in target_groups %}
+ "{{ group.name }}": "{{ group.host }}",
+ {% endfor %}
+}
+{% for group in target_groups %}
+{% if group.default %}
+default_hostname = "{{ group.host }}"
+{% endif %}
+{% endfor %}
--
GitLab
From 0a084d03ec2b50d2f73bf317cd6eaed1db23ae85 Mon Sep 17 00:00:00 2001
From: Bo-Chun Louis Chen <louistw@uab.edu>
Date: Thu, 12 Dec 2024 16:03:10 -0600
Subject: [PATCH 106/172] feat: add rewrite_map role in cluster.yaml
---
ansible/cluster.yml | 1 +
1 file changed, 1 insertion(+)
diff --git a/ansible/cluster.yml b/ansible/cluster.yml
index a4240f6..1a2c83e 100644
--- a/ansible/cluster.yml
+++ b/ansible/cluster.yml
@@ -11,3 +11,4 @@
- { name: 'ssh_proxy_config', tags: 'ssh_proxy_config', when: enable_ssh_proxy_config }
- { name: 'ssl_cert', tags: 'ssl_cert', when: enable_ssl_certs }
- { name: 'rsyslog_config', tags: 'rsyslog_config', when: enable_rsyslog_config }
+ - { name: 'rewrite_map', tags: 'rewrite_map', when: enable_rewrite_map }
--
GitLab
From 47b6c1b42471f3d5e8b7827bd26ebdd634849e33 Mon Sep 17 00:00:00 2001
From: Krish Moodbidri <krish94@uab.edu>
Date: Fri, 22 Nov 2024 09:47:12 -0600
Subject: [PATCH 107/172] Add compute build to ci pipeline
---
.gitlab-ci.yml | 24 ++++++++++++++++++++++++
1 file changed, 24 insertions(+)
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 18e0edb..5a3722a 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -110,6 +110,30 @@ workflow:
reports:
dotenv: image.env
+build_compute_image:
+ stage: build
+ needs: [build_base_image]
+ tags:
+ - build
+ script:
+ - *update_ansible_repo
+ - *get_ansible_files
+ - export PKR_VAR_source_image=${BUILT_BASE_IMAGE_ID}
+ - export REPO_HEAD=$(git rev-parse --short HEAD)
+ - export PKR_VAR_flavor="${COMPUTE_BUILD_FLAVOR:-$PKR_VAR_flavor}"
+ - export PKR_VAR_build_instance_name="compute-${REPO_HEAD}"
+ - export PKR_VAR_image_date_suffix=false
+ - |
+ if [ $CI_PIPELINE_SOURCE == 'merge_request_event' ]; then
+ export PKR_VAR_image_name="compute-PR-${CI_MERGE_REQUEST_IID}"
+ elif [ $CI_PIPELINE_SOURCE == 'schedule' ]; then
+ export PKR_VAR_image_name="compute-${BUILD_DATE}"
+ fi
+ - packer init openstack-compute
+ - packer validate openstack-compute
+ - packer build -machine-readable openstack-compute | tee compute_build.log
+
+
build_http_proxy_image:
stage: build
environment:
--
GitLab
From c951eb62cfb576a6c2e08ca60c64d7a5ed44ccf2 Mon Sep 17 00:00:00 2001
From: Krish Moodbidri <krish94@uab.edu>
Date: Tue, 3 Dec 2024 10:32:25 -0600
Subject: [PATCH 108/172] compute node deploy
---
.gitlab-ci.yml | 35 +++++++++++++++++++++++++++++++++++
1 file changed, 35 insertions(+)
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 5a3722a..cccac1c 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -160,6 +160,41 @@ build_ssh_proxy_image:
- if: $PIPELINE_TARGET == "build" && $BUILD_TARGET == "ssh-proxy"
when: always
+deploy_compute_node:
+ stage: deploy
+ environment:
+ name: $ENV
+ tags:
+ - build
+ script:
+ - openstack image set --accept $compute-${BUILD_DATE} || true
+ - FAILED=false
+ - |
+ cat > user_data.txt <<EOF
+ #!/bin/bash
+ cat >> /etc/NetworkManager/conf.d/90-dns-none.conf<<EEOF
+ [main]
+ dns=none
+ EEOF
+ systemctl reload NetworkManager
+ echo "$DEV_KEY" >> /root/.ssh/authorized_keys
+ ip route replace default via ${DEFAULT_GATEWAY_IP} dev eth0
+ git clone ${CI_REPOSITORY_URL} /tmp/${CI_PROJECT_NAME}
+ cd /tmp/${CI_PROJECT_NAME}
+ git checkout ${CI_COMMIT_REF_NAME}
+ cat >> ansible/hosts<<EEOF
+ [$ENV]
+ 127.0.0.1
+ EEOF
+ ansible-playbook -c local -i ansible/hosts --extra-vars="$EXTRA_VARS" ansible/cluster.yml | tee -a /tmp/ansible.log
+ rm -rf /tmp/${CI_PROJECT_NAME}
+ EOF
+ - |
+
+ rules:
+ - if: $PIPELINE_TARGET == "deploy"
+ when: always
+
deploy_http_proxy_node:
stage: deploy
environment:
--
GitLab
From 1529133bab4e5db31ef05f65e7f59405a3b6e0b8 Mon Sep 17 00:00:00 2001
From: Krish Moodbidri <krish94@uab.edu>
Date: Tue, 3 Dec 2024 14:01:36 -0600
Subject: [PATCH 109/172] fixed yaml syntax for build and added rule block
---
.gitlab-ci.yml | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index cccac1c..f293869 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -132,6 +132,11 @@ build_compute_image:
- packer init openstack-compute
- packer validate openstack-compute
- packer build -machine-readable openstack-compute | tee compute_build.log
+ - |
+
+ rules:
+ - if: $PIPELINE_TARGET == "build"
+ when: always
build_http_proxy_image:
--
GitLab
From 28aec52b18e7a2fb19c1de6b76743642be63edb8 Mon Sep 17 00:00:00 2001
From: Krish Moodbidri <krish94@uab.edu>
Date: Wed, 4 Dec 2024 09:16:30 -0600
Subject: [PATCH 110/172] removed needs condition from build_compute_image
---
.gitlab-ci.yml | 1 -
1 file changed, 1 deletion(-)
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index f293869..2349ecf 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -112,7 +112,6 @@ workflow:
build_compute_image:
stage: build
- needs: [build_base_image]
tags:
- build
script:
--
GitLab
From a5fdd6ac0403d29d1c2aa0ddb022fb308dd4b7ac Mon Sep 17 00:00:00 2001
From: Krish Moodbidri <krish94@uab.edu>
Date: Wed, 4 Dec 2024 09:34:47 -0600
Subject: [PATCH 111/172] changed compute build structure
---
.gitlab-ci.yml | 12 +++---------
1 file changed, 3 insertions(+), 9 deletions(-)
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 2349ecf..da4bff7 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -117,21 +117,15 @@ build_compute_image:
script:
- *update_ansible_repo
- *get_ansible_files
- - export PKR_VAR_source_image=${BUILT_BASE_IMAGE_ID}
- - export REPO_HEAD=$(git rev-parse --short HEAD)
- export PKR_VAR_flavor="${COMPUTE_BUILD_FLAVOR:-$PKR_VAR_flavor}"
- - export PKR_VAR_build_instance_name="compute-${REPO_HEAD}"
+ - export PKR_VAR_build_instance_name="${BUILD_TARGET}-${COMPUTE_XCBC_HEAD}"
- export PKR_VAR_image_date_suffix=false
- |
if [ $CI_PIPELINE_SOURCE == 'merge_request_event' ]; then
- export PKR_VAR_image_name="compute-PR-${CI_MERGE_REQUEST_IID}"
+ export PKR_VAR_image_name="${BUILD_TARGET}-PR-${CI_MERGE_REQUEST_IID}"
elif [ $CI_PIPELINE_SOURCE == 'schedule' ]; then
- export PKR_VAR_image_name="compute-${BUILD_DATE}"
+ export PKR_VAR_image_name="${BUILD_TARGET}-${BUILD_DATE}"
fi
- - packer init openstack-compute
- - packer validate openstack-compute
- - packer build -machine-readable openstack-compute | tee compute_build.log
- - |
rules:
- if: $PIPELINE_TARGET == "build"
--
GitLab
From 594c0df510b78aadf6680595547b9b06e8fa2698 Mon Sep 17 00:00:00 2001
From: Krish Moodbidri <krish94@uab.edu>
Date: Wed, 4 Dec 2024 10:08:24 -0600
Subject: [PATCH 112/172] Add packer command to compute build
---
.gitlab-ci.yml | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index da4bff7..61608a8 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -118,7 +118,7 @@ build_compute_image:
- *update_ansible_repo
- *get_ansible_files
- export PKR_VAR_flavor="${COMPUTE_BUILD_FLAVOR:-$PKR_VAR_flavor}"
- - export PKR_VAR_build_instance_name="${BUILD_TARGET}-${COMPUTE_XCBC_HEAD}"
+ - export PKR_VAR_build_instance_name="${BUILD_TARGET}-${CRI_XCBC_HEAD}"
- export PKR_VAR_image_date_suffix=false
- |
if [ $CI_PIPELINE_SOURCE == 'merge_request_event' ]; then
@@ -126,7 +126,13 @@ build_compute_image:
elif [ $CI_PIPELINE_SOURCE == 'schedule' ]; then
export PKR_VAR_image_name="${BUILD_TARGET}-${BUILD_DATE}"
fi
-
+ # packer commands
+ - packer init openstack-compute
+ - packer validate openstack-compute
+ - packer build -machine-readable openstack-compute | tee compute_build.log
+ - export BUILT_COMPUTE_IMAGE_ID=$(grep 'Image:' compute_build.log | awk '{print $4}')
+ - echo BUILT_COMPUTE_IMAGE_ID=${BUILT_COMPUTE_IMAGE_ID} | tee -a $CI_PROJECT_DIR/image.env
+ - openstack image set --property CRI_XCBC_prod=${CRI_XCBC_prod} --property CRI_XCBC_dev=${CRI_XCBC_dev} --property PACKER_IMAGE_HEAD=${PACKER_IMAGE_HEAD} ${BUILT_COMPUTE_IMAGE_ID}
rules:
- if: $PIPELINE_TARGET == "build"
when: always
--
GitLab
From d426ee314e5a7376d43188fe69622e27caad14cd Mon Sep 17 00:00:00 2001
From: Krish Moodbidri <krish94@uab.edu>
Date: Wed, 4 Dec 2024 12:58:51 -0600
Subject: [PATCH 113/172] changed compute built to be similar to proxy node
builds
---
.gitlab-ci.yml | 29 ++++++++++++++++++++---------
1 file changed, 20 insertions(+), 9 deletions(-)
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 61608a8..ebbfeef 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -110,15 +110,13 @@ workflow:
reports:
dotenv: image.env
-build_compute_image:
- stage: build
- tags:
- - build
+.build_compute_image_template: &build_compute_image_template
script:
- *update_ansible_repo
- *get_ansible_files
- - export PKR_VAR_flavor="${COMPUTE_BUILD_FLAVOR:-$PKR_VAR_flavor}"
- - export PKR_VAR_build_instance_name="${BUILD_TARGET}-${CRI_XCBC_HEAD}"
+ # packer vars for job env
+ - export PKR_VAR_flavor="${PROXY_BUILD_FLAVOR:-$PKR_VAR_flavor}"
+ - export PKR_VAR_build_instance_name="${BUILD_TARGET}-${EXT_REPO_HEAD}"
- export PKR_VAR_image_date_suffix=false
- |
if [ $CI_PIPELINE_SOURCE == 'merge_request_event' ]; then
@@ -132,12 +130,25 @@ build_compute_image:
- packer build -machine-readable openstack-compute | tee compute_build.log
- export BUILT_COMPUTE_IMAGE_ID=$(grep 'Image:' compute_build.log | awk '{print $4}')
- echo BUILT_COMPUTE_IMAGE_ID=${BUILT_COMPUTE_IMAGE_ID} | tee -a $CI_PROJECT_DIR/image.env
- - openstack image set --property CRI_XCBC_prod=${CRI_XCBC_prod} --property CRI_XCBC_dev=${CRI_XCBC_dev} --property PACKER_IMAGE_HEAD=${PACKER_IMAGE_HEAD} ${BUILT_COMPUTE_IMAGE_ID}
+ # set image properties with repo state
+ - openstack image set --property EXT_PR_SRC_REPO=${EXT_PR_SRC_REPO} --property EXT_PR_SRC_BRANCH_SHA=${EXT_PR_SRC_BRANCH_SHA} --property EXT_PR_TARGET_REPO=${EXT_PR_TARGET_REPO} --property EXT_PR_TARGET_BRANCH_SHA=${EXT_PR_TARGET_BRANCH_SHA} --property PACKER_IMAGE_HEAD=${PACKER_IMAGE_HEAD} ${BUILT_COMPUTE_IMAGE_ID}
+ artifacts:
+ reports:
+ dotenv: image.env
+
+build_compute_image:
+ stage: build
+ environment:
+ name: $ENV
+ tags:
+ - build
+ variables:
+ PROXY_ENABLE_VAR: "enable_compute"
+ <<: *build_compute_image_template
rules:
- - if: $PIPELINE_TARGET == "build"
+ - if: $PIPELINE_TARGET == "build" && $BUILD_TARGET == "http-proxy"
when: always
-
build_http_proxy_image:
stage: build
environment:
--
GitLab
From ad40f9c726eb0679cb1b3d8158ccbdda5ffe3673 Mon Sep 17 00:00:00 2001
From: Krish Moodbidri <krish94@uab.edu>
Date: Wed, 4 Dec 2024 13:41:44 -0600
Subject: [PATCH 114/172] added root_ssh_key for compute node build variable
---
openstack-compute/variables.pkr.hcl | 1 +
1 file changed, 1 insertion(+)
diff --git a/openstack-compute/variables.pkr.hcl b/openstack-compute/variables.pkr.hcl
index 20efd64..d368139 100644
--- a/openstack-compute/variables.pkr.hcl
+++ b/openstack-compute/variables.pkr.hcl
@@ -1,6 +1,7 @@
variable "root_ssh_key" {
type = string
description = "The root key to use for ssh"
+ default = ""
}
variable "image_name" {
--
GitLab
From 1dd27eca4e576a515ab829c6133f13f9e08ba7ec Mon Sep 17 00:00:00 2001
From: Krish Moodbidri <krish94@uab.edu>
Date: Wed, 4 Dec 2024 13:47:57 -0600
Subject: [PATCH 115/172] set build target to compute
---
.gitlab-ci.yml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index ebbfeef..af25bc5 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -146,7 +146,7 @@ build_compute_image:
PROXY_ENABLE_VAR: "enable_compute"
<<: *build_compute_image_template
rules:
- - if: $PIPELINE_TARGET == "build" && $BUILD_TARGET == "http-proxy"
+ - if: $PIPELINE_TARGET == "build" && $BUILD_TARGET == "compute"
when: always
build_http_proxy_image:
--
GitLab
From be42fff1ba6760b15ce6906c68717c3251047a0f Mon Sep 17 00:00:00 2001
From: Krish Moodbidri <krish94@uab.edu>
Date: Wed, 4 Dec 2024 14:39:02 -0600
Subject: [PATCH 116/172] Remove cluster hook from compute build
---
ansible/compute.yml | 2 --
1 file changed, 2 deletions(-)
diff --git a/ansible/compute.yml b/ansible/compute.yml
index 2907d08..4009929 100644
--- a/ansible/compute.yml
+++ b/ansible/compute.yml
@@ -8,5 +8,3 @@
- { name: 'pam_slurm_adopt', tags: 'pam_slurm_adopt' }
- { name: 'install_nhc', tags: 'install_nhc'}
-- name: Setup node for use as a virtual cheaha node
- ansible.builtin.import_playbook: cheaha.yml
--
GitLab
From 5ff24ed64184ce008f75effba325938e622d8629 Mon Sep 17 00:00:00 2001
From: Eesaan Atluri <atlurie@uab.edu>
Date: Fri, 6 Dec 2024 19:03:52 -0500
Subject: [PATCH 117/172] feat: Rearrange code for readability
---
.gitlab-ci.yml | 123 +++++++++++++++++++++++++------------------------
1 file changed, 62 insertions(+), 61 deletions(-)
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index af25bc5..1c9874c 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -110,6 +110,32 @@ workflow:
reports:
dotenv: image.env
+build_http_proxy_image:
+ stage: build
+ environment:
+ name: $ENV
+ tags:
+ - build
+ variables:
+ PROXY_ENABLE_VAR: "enable_http_proxy"
+ <<: *build_proxy_image_template
+ rules:
+ - if: $PIPELINE_TARGET == "build" && $BUILD_TARGET == "http-proxy"
+ when: always
+
+build_ssh_proxy_image:
+ stage: build
+ environment:
+ name: $ENV
+ tags:
+ - build
+ variables:
+ PROXY_ENABLE_VAR: "enable_ssh_proxy"
+ <<: *build_proxy_image_template
+ rules:
+ - if: $PIPELINE_TARGET == "build" && $BUILD_TARGET == "ssh-proxy"
+ when: always
+
.build_compute_image_template: &build_compute_image_template
script:
- *update_ansible_repo
@@ -149,67 +175,6 @@ build_compute_image:
- if: $PIPELINE_TARGET == "build" && $BUILD_TARGET == "compute"
when: always
-build_http_proxy_image:
- stage: build
- environment:
- name: $ENV
- tags:
- - build
- variables:
- PROXY_ENABLE_VAR: "enable_http_proxy"
- <<: *build_proxy_image_template
- rules:
- - if: $PIPELINE_TARGET == "build" && $BUILD_TARGET == "http-proxy"
- when: always
-
-build_ssh_proxy_image:
- stage: build
- environment:
- name: $ENV
- tags:
- - build
- variables:
- PROXY_ENABLE_VAR: "enable_ssh_proxy"
- <<: *build_proxy_image_template
- rules:
- - if: $PIPELINE_TARGET == "build" && $BUILD_TARGET == "ssh-proxy"
- when: always
-
-deploy_compute_node:
- stage: deploy
- environment:
- name: $ENV
- tags:
- - build
- script:
- - openstack image set --accept $compute-${BUILD_DATE} || true
- - FAILED=false
- - |
- cat > user_data.txt <<EOF
- #!/bin/bash
- cat >> /etc/NetworkManager/conf.d/90-dns-none.conf<<EEOF
- [main]
- dns=none
- EEOF
- systemctl reload NetworkManager
- echo "$DEV_KEY" >> /root/.ssh/authorized_keys
- ip route replace default via ${DEFAULT_GATEWAY_IP} dev eth0
- git clone ${CI_REPOSITORY_URL} /tmp/${CI_PROJECT_NAME}
- cd /tmp/${CI_PROJECT_NAME}
- git checkout ${CI_COMMIT_REF_NAME}
- cat >> ansible/hosts<<EEOF
- [$ENV]
- 127.0.0.1
- EEOF
- ansible-playbook -c local -i ansible/hosts --extra-vars="$EXTRA_VARS" ansible/cluster.yml | tee -a /tmp/ansible.log
- rm -rf /tmp/${CI_PROJECT_NAME}
- EOF
- - |
-
- rules:
- - if: $PIPELINE_TARGET == "deploy"
- when: always
-
deploy_http_proxy_node:
stage: deploy
environment:
@@ -310,3 +275,39 @@ deploy_ssh_proxy_node:
rules:
- if: $PIPELINE_TARGET == "deploy" && $SSH_PROXY_IMAGE_ID
when: always
+
+deploy_compute_node:
+ stage: deploy
+ environment:
+ name: $ENV
+ tags:
+ - build
+ script:
+ - openstack image set --accept $compute-${BUILD_DATE} || true
+ - FAILED=false
+ - |
+ cat > user_data.txt <<EOF
+ #!/bin/bash
+ cat >> /etc/NetworkManager/conf.d/90-dns-none.conf<<EEOF
+ [main]
+ dns=none
+ EEOF
+ systemctl reload NetworkManager
+ echo "$DEV_KEY" >> /root/.ssh/authorized_keys
+ ip route replace default via ${DEFAULT_GATEWAY_IP} dev eth0
+ git clone ${CI_REPOSITORY_URL} /tmp/${CI_PROJECT_NAME}
+ cd /tmp/${CI_PROJECT_NAME}
+ git checkout ${CI_COMMIT_REF_NAME}
+ cat >> ansible/hosts<<EEOF
+ [$ENV]
+ 127.0.0.1
+ EEOF
+ ansible-playbook -c local -i ansible/hosts --extra-vars="$EXTRA_VARS" ansible/cluster.yml | tee -a /tmp/ansible.log
+ rm -rf /tmp/${CI_PROJECT_NAME}
+ EOF
+ - |
+
+ rules:
+ - if: $PIPELINE_TARGET == "deploy"
+ when: always
+
--
GitLab
From 42ced718d6ee56775c3604c3f34c669f86c54c47 Mon Sep 17 00:00:00 2001
From: Eesaan Atluri <atlurie@uab.edu>
Date: Tue, 10 Dec 2024 16:18:06 -0500
Subject: [PATCH 118/172] Change compute reference to login
Because compute and login nodes are basically the same except login node
does not need slurmd and we don't use compute image anywhere. So use it
to build login image and change its references in CI script
---
.gitlab-ci.yml | 24 +++++++++----------
.../README.md | 0
.../nodeimage.pkr.hcl | 0
.../variables.pkr.hcl | 0
4 files changed, 12 insertions(+), 12 deletions(-)
rename {openstack-compute => openstack-login}/README.md (100%)
rename {openstack-compute => openstack-login}/nodeimage.pkr.hcl (100%)
rename {openstack-compute => openstack-login}/variables.pkr.hcl (100%)
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 1c9874c..2346bd9 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -136,7 +136,7 @@ build_ssh_proxy_image:
- if: $PIPELINE_TARGET == "build" && $BUILD_TARGET == "ssh-proxy"
when: always
-.build_compute_image_template: &build_compute_image_template
+.build_login_image_template: &build_login_image_template
script:
- *update_ansible_repo
- *get_ansible_files
@@ -151,18 +151,18 @@ build_ssh_proxy_image:
export PKR_VAR_image_name="${BUILD_TARGET}-${BUILD_DATE}"
fi
# packer commands
- - packer init openstack-compute
- - packer validate openstack-compute
- - packer build -machine-readable openstack-compute | tee compute_build.log
- - export BUILT_COMPUTE_IMAGE_ID=$(grep 'Image:' compute_build.log | awk '{print $4}')
- - echo BUILT_COMPUTE_IMAGE_ID=${BUILT_COMPUTE_IMAGE_ID} | tee -a $CI_PROJECT_DIR/image.env
+ - packer init openstack-login
+ - packer validate openstack-login
+ - packer build -machine-readable openstack-login | tee login_build.log
+ - export BUILT_LOGIN_IMAGE_ID=$(grep 'Image:' login_build.log | awk '{print $4}')
+ - echo BUILT_LOGIN_IMAGE_ID=${BUILT_LOGIN_IMAGE_ID} | tee -a $CI_PROJECT_DIR/image.env
# set image properties with repo state
- - openstack image set --property EXT_PR_SRC_REPO=${EXT_PR_SRC_REPO} --property EXT_PR_SRC_BRANCH_SHA=${EXT_PR_SRC_BRANCH_SHA} --property EXT_PR_TARGET_REPO=${EXT_PR_TARGET_REPO} --property EXT_PR_TARGET_BRANCH_SHA=${EXT_PR_TARGET_BRANCH_SHA} --property PACKER_IMAGE_HEAD=${PACKER_IMAGE_HEAD} ${BUILT_COMPUTE_IMAGE_ID}
+ - openstack image set --property EXT_PR_SRC_REPO=${EXT_PR_SRC_REPO} --property EXT_PR_SRC_BRANCH_SHA=${EXT_PR_SRC_BRANCH_SHA} --property EXT_PR_TARGET_REPO=${EXT_PR_TARGET_REPO} --property EXT_PR_TARGET_BRANCH_SHA=${EXT_PR_TARGET_BRANCH_SHA} --property PACKER_IMAGE_HEAD=${CI_COMMIT_SHORT_SHA} ${BUILT_LOGIN_IMAGE_ID}
artifacts:
reports:
dotenv: image.env
-build_compute_image:
+build_login_image:
stage: build
environment:
name: $ENV
@@ -170,9 +170,9 @@ build_compute_image:
- build
variables:
PROXY_ENABLE_VAR: "enable_compute"
- <<: *build_compute_image_template
+ <<: *build_login_image_template
rules:
- - if: $PIPELINE_TARGET == "build" && $BUILD_TARGET == "compute"
+ - if: $PIPELINE_TARGET == "build" && $BUILD_TARGET == "login"
when: always
deploy_http_proxy_node:
@@ -276,14 +276,14 @@ deploy_ssh_proxy_node:
- if: $PIPELINE_TARGET == "deploy" && $SSH_PROXY_IMAGE_ID
when: always
-deploy_compute_node:
+deploy_login_node:
stage: deploy
environment:
name: $ENV
tags:
- build
script:
- - openstack image set --accept $compute-${BUILD_DATE} || true
+ - openstack image set --accept $login-${BUILD_DATE} || true
- FAILED=false
- |
cat > user_data.txt <<EOF
diff --git a/openstack-compute/README.md b/openstack-login/README.md
similarity index 100%
rename from openstack-compute/README.md
rename to openstack-login/README.md
diff --git a/openstack-compute/nodeimage.pkr.hcl b/openstack-login/nodeimage.pkr.hcl
similarity index 100%
rename from openstack-compute/nodeimage.pkr.hcl
rename to openstack-login/nodeimage.pkr.hcl
diff --git a/openstack-compute/variables.pkr.hcl b/openstack-login/variables.pkr.hcl
similarity index 100%
rename from openstack-compute/variables.pkr.hcl
rename to openstack-login/variables.pkr.hcl
--
GitLab
From d9b8ad29cea6faebb61208e517d65f07aedb7026 Mon Sep 17 00:00:00 2001
From: Eesaan Atluri <atlurie@uab.edu>
Date: Tue, 10 Dec 2024 16:19:47 -0500
Subject: [PATCH 119/172] Remove unncessary vars
---
.gitlab-ci.yml | 2 --
1 file changed, 2 deletions(-)
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 2346bd9..8939464 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -168,8 +168,6 @@ build_login_image:
name: $ENV
tags:
- build
- variables:
- PROXY_ENABLE_VAR: "enable_compute"
<<: *build_login_image_template
rules:
- if: $PIPELINE_TARGET == "build" && $BUILD_TARGET == "login"
--
GitLab
From 5d0ff958ee1ef6ea99ee287dc9acedae4fc76a0d Mon Sep 17 00:00:00 2001
From: Eesaan Atluri <atlurie@uab.edu>
Date: Tue, 10 Dec 2024 16:39:41 -0500
Subject: [PATCH 120/172] Add missing code to create instance and associate FIP
---
.gitlab-ci.yml | 19 +++++++++++++++++--
1 file changed, 17 insertions(+), 2 deletions(-)
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 8939464..dae52c1 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -304,8 +304,23 @@ deploy_login_node:
rm -rf /tmp/${CI_PROJECT_NAME}
EOF
- |
-
+ export cmd="openstack server create"
+ cmd+=" -c id -f value --image $LOGIN_IMAGE_ID"
+ cmd+=" --flavor $INSTANCE_FLAVOR"
+ cmd+=" --network $INSTANCE_NETWORK"
+ cmd+=" --security-group allow-ssh"
+ cmd+=" --user-data user_data.txt"
+ if [ -n "$LOGIN_PORT" ];then cmd+=" --port $LOGIN_PORT"; fi
+ cmd+=" --wait $LOGIN_INSTANCE_NAME"
+ - export LOGIN_INSTANCE_ID=$(bash -c "$cmd")
+ - |
+ # Associate the floating IP(s) with the SSH Proxy instance
+ for LOGIN_FLOATING_IP in ${LOGIN_FLOATING_IP_LIST[@]};
+ do
+ echo "Associating FLOATING_IP $LOGIN_FLOATING_IP with LOGIN_INSTANCE_ID $LOGIN_INSTANCE_ID"
+ openstack server add floating ip $LOGIN_INSTANCE_ID $LOGIN_FLOATING_IP
+ done
rules:
- - if: $PIPELINE_TARGET == "deploy"
+ - if: $PIPELINE_TARGET == "deploy" && $LOGIN_IMAGE_ID
when: always
--
GitLab
From 21f2e2231d033272dbc3c297b3eec6d4346a335a Mon Sep 17 00:00:00 2001
From: Eesaan Atluri <atlurie@uab.edu>
Date: Wed, 11 Dec 2024 12:55:50 -0500
Subject: [PATCH 121/172] Install prerequisite packages
---
openstack-login/nodeimage.pkr.hcl | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/openstack-login/nodeimage.pkr.hcl b/openstack-login/nodeimage.pkr.hcl
index 15941ba..008b768 100644
--- a/openstack-login/nodeimage.pkr.hcl
+++ b/openstack-login/nodeimage.pkr.hcl
@@ -36,6 +36,14 @@ source "openstack" "image" {
build {
sources = ["source.openstack.image"]
+ provisioner "shell" {
+ inline = [
+ "sudo yum install -y libselinux-python3 python3 python3-pip tmux vim git bash-completion curl wget unzip",
+ "sudo python3 -m pip install --upgrade pip",
+ "sudo pip3 install s3cmd==2.3.0 ansible==4.10.0 python-openstackclient==5.8.0"
+ ]
+ }
+
provisioner "ansible" {
use_proxy = false
user = var.ssh_username
--
GitLab
From fb99e4eed47d132b0b2c99ccde6dfdcc98fb52ce Mon Sep 17 00:00:00 2001
From: Bo-Chun Louis Chen <louistw@uab.edu>
Date: Mon, 16 Dec 2024 09:52:45 -0600
Subject: [PATCH 122/172] fix: accept login image
---
.gitlab-ci.yml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index dae52c1..08675a2 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -281,7 +281,7 @@ deploy_login_node:
tags:
- build
script:
- - openstack image set --accept $login-${BUILD_DATE} || true
+ - openstack image set --accept $LOGIN_IMAGE_ID || true
- FAILED=false
- |
cat > user_data.txt <<EOF
--
GitLab
From c7a17a897c9d360c8f03a492abe8c085b3a5ebb5 Mon Sep 17 00:00:00 2001
From: Eesaan Atluri <atlurie@uab.edu>
Date: Tue, 17 Dec 2024 11:12:45 -0600
Subject: [PATCH 123/172] feat: Add conditional to support both autofs, fstab
mnts
Closes https://gitlab.rc.uab.edu/rc/hpc-factory/-/issues/175
---
ansible/group_vars/all | 1 +
ansible/roles/nfs_mounts/tasks/main.yml | 2 +-
2 files changed, 2 insertions(+), 1 deletion(-)
diff --git a/ansible/group_vars/all b/ansible/group_vars/all
index f7b65c0..d1b1c9a 100644
--- a/ansible/group_vars/all
+++ b/ansible/group_vars/all
@@ -30,6 +30,7 @@
# nfs_mounts related
enable_nfs_mounts: true
use_autofs: false
+ use_fstab: false
mount_points:
- { "src": "master:/gpfs4", "path": "/gpfs4", "opts": "ro,sync,hard", "mode": "0755" }
- { "src": "master:/gpfs5", "path": "/gpfs5", "opts": "ro,sync,hard", "mode": "0755" }
diff --git a/ansible/roles/nfs_mounts/tasks/main.yml b/ansible/roles/nfs_mounts/tasks/main.yml
index 507f4c6..96a76ff 100644
--- a/ansible/roles/nfs_mounts/tasks/main.yml
+++ b/ansible/roles/nfs_mounts/tasks/main.yml
@@ -1,7 +1,7 @@
---
- name: nfs_mounts using fstab
include_tasks: fstab.yml
- when: not use_autofs
+ when: use_fstab
- name: nfs_mounts using autofs
include_tasks: autofs.yml
--
GitLab
From fadfb001bf29f9340ff53882c26d97bd364136fa Mon Sep 17 00:00:00 2001
From: Eesaan Atluri <atlurie@uab.edu>
Date: Thu, 19 Dec 2024 12:24:54 -0600
Subject: [PATCH 124/172] feat: Download ansible files for cluster.yml
Closes https://gitlab.rc.uab.edu/rc/hpc-factory/-/issues/176
---
.gitlab-ci.yml | 1 +
1 file changed, 1 insertion(+)
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 08675a2..e10ff28 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -300,6 +300,7 @@ deploy_login_node:
[$ENV]
127.0.0.1
EEOF
+ s3cmd get --force -r --host=$AWS_HOST --host-bucket=$AWS_HOST s3://cheaha-cloud-ansible-files/ /tmp/${CI_PROJECT_NAME}/ansible/files/
ansible-playbook -c local -i ansible/hosts --extra-vars="$EXTRA_VARS" ansible/cluster.yml | tee -a /tmp/ansible.log
rm -rf /tmp/${CI_PROJECT_NAME}
EOF
--
GitLab
From 2b70839e4bcbf92b2e823cfb0052dd6df62fef75 Mon Sep 17 00:00:00 2001
From: Eesaan Atluri <atlurie@uab.edu>
Date: Thu, 19 Dec 2024 14:34:38 -0600
Subject: [PATCH 125/172] feat: Add credentials for the s3cmd
---
.gitlab-ci.yml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index e10ff28..e2956f7 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -300,7 +300,7 @@ deploy_login_node:
[$ENV]
127.0.0.1
EEOF
- s3cmd get --force -r --host=$AWS_HOST --host-bucket=$AWS_HOST s3://cheaha-cloud-ansible-files/ /tmp/${CI_PROJECT_NAME}/ansible/files/
+ s3cmd get --force -r --access_key=$AWS_ACCESS_KEY_ID --secret_key=$AWS_SECRET_ACCESS_KEY --host=$AWS_HOST --host-bucket=$AWS_HOST s3://cheaha-cloud-ansible-files/ /tmp/${CI_PROJECT_NAME}/ansible/files/
ansible-playbook -c local -i ansible/hosts --extra-vars="$EXTRA_VARS" ansible/cluster.yml | tee -a /tmp/ansible.log
rm -rf /tmp/${CI_PROJECT_NAME}
EOF
--
GitLab
From 96e0db225ed30068f6a52c46b880ecad2db653d0 Mon Sep 17 00:00:00 2001
From: Eesaan Atluri <atlurie@uab.edu>
Date: Mon, 16 Dec 2024 12:33:28 -0600
Subject: [PATCH 126/172] feat: Add params to define the autofs mountpoints
Closes https://gitlab.rc.uab.edu/rc/hpc-factory/-/issues/173
---
ansible/group_vars/all | 8 +++++++
ansible/roles/nfs_mounts/tasks/autofs.yml | 26 +++++++++--------------
2 files changed, 18 insertions(+), 16 deletions(-)
diff --git a/ansible/group_vars/all b/ansible/group_vars/all
index d1b1c9a..9b6b230 100644
--- a/ansible/group_vars/all
+++ b/ansible/group_vars/all
@@ -34,6 +34,14 @@
mount_points:
- { "src": "master:/gpfs4", "path": "/gpfs4", "opts": "ro,sync,hard", "mode": "0755" }
- { "src": "master:/gpfs5", "path": "/gpfs5", "opts": "ro,sync,hard", "mode": "0755" }
+ autofs_mounts:
+ - { mount_point: "/cm/shared", map_name: "cm-share", dir: "/cm/shared", mode: '0755', key: "*", src: "gpfs.rc.uab.edu:/data/cm/shared-8.2/&", opts: "fstype=nfs,vers=3,_netdev,defaults" }
+ - { mount_point: "/data/project", map_name: "data-project", dir: "/data/project", mode: '0755', key: "*", src: "gpfs.rc.uab.edu:/data/project/&", opts: "fstype=nfs,vers=3,_netdev,defaults" }
+ - { mount_point: "/data/user", map_name: "data-user", dir: "/data/user", mode: '0755', key: "*", src: "gpfs.rc.uab.edu:/data/user/&", opts: "fstype=nfs,vers=3,_netdev,local_lock=posix,defaults" }
+ - { mount_point: "/data/rc/apps", map_name: "data-rc-apps", dir: "/data/rc/apps", mode: '0755', key: "*", src: "gpfs.rc.uab.edu:/data/rc/apps/&", opts: "fstype=nfs,vers=3,_netdev,defaults" }
+ - { mount_point: "/-", map_name: "scratch", dir: "/scratch", mode: '0755', key: "/scratch", src: "gpfs.rc.uab.edu:/scratch", opts: "fstype=nfs,vers=3,_netdev,local_lock=posix,defaults" }
+ - { mount_point: "/home", map_name: "home", dir: "/data/user/home", mode: '0755', key: "*", src: ":/data/user/home/&", opts: 'fstype=bind' }
+
#SSH Host Keys
S3_ENDPOINT: ""
diff --git a/ansible/roles/nfs_mounts/tasks/autofs.yml b/ansible/roles/nfs_mounts/tasks/autofs.yml
index 39ba56e..daf9f01 100644
--- a/ansible/roles/nfs_mounts/tasks/autofs.yml
+++ b/ansible/roles/nfs_mounts/tasks/autofs.yml
@@ -6,11 +6,15 @@
mode: "{{ item.mode }}"
loop:
- { dir: /local, mode: '0777' }
- - { dir: /scratch, mode: '0755' }
- { dir: /share, mode: '0755' }
- - { dir: /data/rc/apps, mode: '0755' } # this is only required for the symlink to be happy
- - { dir: /data/user, mode: '0755' }
- - { dir: /data/project, mode: '0755' }
+
+- name: Create mountpoint dirs
+ ansible.builtin.file:
+ path: "{{ item.dir }}"
+ state: directory
+ mode: "{{ item.mode }}"
+ loop:
+ "{{ autofs_mounts }}"
- name: Remove unused entry in master map
ansible.builtin.replace:
@@ -29,12 +33,7 @@
line: "{{ item.mount_point }} /etc/auto.{{ item.map_name }}"
create: yes
loop:
- - { mount_point: "/cm/shared", map_name: "cm-share" }
- - { mount_point: "/data/project", map_name: "data-project" }
- - { mount_point: "/data/user", map_name: "data-user" }
- - { mount_point: "/data/rc/apps", map_name: "data-rc-apps" }
- - { mount_point: "/-", map_name: "scratch" }
- - { mount_point: "/home", map_name: "home" }
+ "{{ autofs_mounts }}"
- name: Set up autofs map files
ansible.builtin.lineinfile:
@@ -42,12 +41,7 @@
line: "{{ item.key }} -{{ item.opts }} {{ item.src }}"
create: true
loop:
- - { map_name: "cm-share", key: "*", src: "gpfs.rc.uab.edu:/data/cm/shared-8.2/&", opts: "fstype=nfs,vers=3,_netdev,defaults" }
- - { map_name: "data-project", key: "*", src: "gpfs.rc.uab.edu:/data/project/&", opts: "fstype=nfs,vers=3,_netdev,defaults" }
- - { map_name: "data-user", key: "*", src: "gpfs.rc.uab.edu:/data/user/&", opts: "fstype=nfs,vers=3,_netdev,local_lock=posix,defaults" }
- - { map_name: "data-rc-apps", key: "*", src: "gpfs.rc.uab.edu:/data/rc/apps/&", opts: "fstype=nfs,vers=3,_netdev,defaults" }
- - { map_name: "scratch", key: "/scratch", src: "gpfs.rc.uab.edu:/scratch", opts: "fstype=nfs,vers=3,_netdev,local_lock=posix,defaults" }
- - { map_name: "home", key: "*", src: ":/data/user/home/&", opts: 'fstype=bind' }
+ "{{ autofs_mounts }}"
- name: Create symbolic links
ansible.builtin.file:
--
GitLab
From b2495d56b7aefce468b1acddb8fe6e705c507186 Mon Sep 17 00:00:00 2001
From: Eesaan Atluri <atlurie@uab.edu>
Date: Wed, 18 Dec 2024 16:33:56 -0600
Subject: [PATCH 127/172] feat: Change the default paths mounted with autofs
The values used in prod will be defined at runtime so replacing them
with default values
---
ansible/group_vars/all | 9 ++-------
1 file changed, 2 insertions(+), 7 deletions(-)
diff --git a/ansible/group_vars/all b/ansible/group_vars/all
index 9b6b230..2dabea2 100644
--- a/ansible/group_vars/all
+++ b/ansible/group_vars/all
@@ -35,13 +35,8 @@
- { "src": "master:/gpfs4", "path": "/gpfs4", "opts": "ro,sync,hard", "mode": "0755" }
- { "src": "master:/gpfs5", "path": "/gpfs5", "opts": "ro,sync,hard", "mode": "0755" }
autofs_mounts:
- - { mount_point: "/cm/shared", map_name: "cm-share", dir: "/cm/shared", mode: '0755', key: "*", src: "gpfs.rc.uab.edu:/data/cm/shared-8.2/&", opts: "fstype=nfs,vers=3,_netdev,defaults" }
- - { mount_point: "/data/project", map_name: "data-project", dir: "/data/project", mode: '0755', key: "*", src: "gpfs.rc.uab.edu:/data/project/&", opts: "fstype=nfs,vers=3,_netdev,defaults" }
- - { mount_point: "/data/user", map_name: "data-user", dir: "/data/user", mode: '0755', key: "*", src: "gpfs.rc.uab.edu:/data/user/&", opts: "fstype=nfs,vers=3,_netdev,local_lock=posix,defaults" }
- - { mount_point: "/data/rc/apps", map_name: "data-rc-apps", dir: "/data/rc/apps", mode: '0755', key: "*", src: "gpfs.rc.uab.edu:/data/rc/apps/&", opts: "fstype=nfs,vers=3,_netdev,defaults" }
- - { mount_point: "/-", map_name: "scratch", dir: "/scratch", mode: '0755', key: "/scratch", src: "gpfs.rc.uab.edu:/scratch", opts: "fstype=nfs,vers=3,_netdev,local_lock=posix,defaults" }
- - { mount_point: "/home", map_name: "home", dir: "/data/user/home", mode: '0755', key: "*", src: ":/data/user/home/&", opts: 'fstype=bind' }
-
+ - { "src": "master:/gpfs4/&", "path": "/gpfs4", "opts": "fstype=nfs,vers=3,_netdev,default", "mode": '0755', "mount_point": "/gpfs4", "map_name": "gpfs4", key: "*" }
+ - { "src": "master:/gpfs5/&", "path": "/gpfs5", "opts": "fstype=nfs,vers=3,_netdev,default", "mode": '0755', "mount_point": "/gpfs5", "map_name": "gpfs5", key: "*" }
#SSH Host Keys
S3_ENDPOINT: ""
--
GitLab
From 96764f6a5858c7cb9ca7e10b3a4f554e4047fd24 Mon Sep 17 00:00:00 2001
From: Eesaan Atluri <atlurie@uab.edu>
Date: Thu, 19 Dec 2024 10:12:09 -0600
Subject: [PATCH 128/172] style: Change the key name in autofs_mounts dict
So that we can have same key names for both dicts used in autofs.yml and fstab.yml roles
---
ansible/roles/nfs_mounts/tasks/autofs.yml | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/ansible/roles/nfs_mounts/tasks/autofs.yml b/ansible/roles/nfs_mounts/tasks/autofs.yml
index daf9f01..301c266 100644
--- a/ansible/roles/nfs_mounts/tasks/autofs.yml
+++ b/ansible/roles/nfs_mounts/tasks/autofs.yml
@@ -1,16 +1,16 @@
---
- name: Create base directories
ansible.builtin.file:
- path: "{{ item.dir }}"
+ path: "{{ item.path }}"
state: directory
mode: "{{ item.mode }}"
loop:
- - { dir: /local, mode: '0777' }
- - { dir: /share, mode: '0755' }
+ - { path: /local, mode: '0777' }
+ - { path: /share, mode: '0755' }
- name: Create mountpoint dirs
ansible.builtin.file:
- path: "{{ item.dir }}"
+ path: "{{ item.path }}"
state: directory
mode: "{{ item.mode }}"
loop:
--
GitLab
From 180e8eabb503b91bf6d0dad8ed3a29514a3748a2 Mon Sep 17 00:00:00 2001
From: Eesaan Atluri <atlurie@uab.edu>
Date: Mon, 23 Dec 2024 10:53:00 -0500
Subject: [PATCH 129/172] feat: Rename compute.yml to login.yml for login build
Change the references to compute.yml in the packer template to use
login.yml
---
ansible/{compute.yml => login.yml} | 0
openstack-login/nodeimage.pkr.hcl | 2 +-
2 files changed, 1 insertion(+), 1 deletion(-)
rename ansible/{compute.yml => login.yml} (100%)
diff --git a/ansible/compute.yml b/ansible/login.yml
similarity index 100%
rename from ansible/compute.yml
rename to ansible/login.yml
diff --git a/openstack-login/nodeimage.pkr.hcl b/openstack-login/nodeimage.pkr.hcl
index 008b768..fd6b35e 100644
--- a/openstack-login/nodeimage.pkr.hcl
+++ b/openstack-login/nodeimage.pkr.hcl
@@ -48,7 +48,7 @@ build {
use_proxy = false
user = var.ssh_username
groups = ["compute"]
- playbook_file = "./ansible/compute.yml"
+ playbook_file = "./ansible/login.yml"
roles_path = "./ansible/roles"
extra_arguments = [
"--extra-vars", "root_ssh_key='${var.root_ssh_key}'"
--
GitLab
From 10f7c135599ec344b175189f4c079c8d90931e65 Mon Sep 17 00:00:00 2001
From: Eesaan Atluri <atlurie@uab.edu>
Date: Mon, 23 Dec 2024 10:59:23 -0500
Subject: [PATCH 130/172] fix: Remove pam_slurm config causing ssh denial
pam_slurm config denies ssh if there is no slurm job on the compute node
A login node is not expected to run jobs so we removed this config from
the login playbook
---
ansible/login.yml | 1 -
1 file changed, 1 deletion(-)
diff --git a/ansible/login.yml b/ansible/login.yml
index 4009929..9d7dd23 100644
--- a/ansible/login.yml
+++ b/ansible/login.yml
@@ -5,6 +5,5 @@
roles:
- { name: 'fix_centos_repo', tags: 'fix_centos_repo' }
- { name: 'install_packages', tags: 'install_packages' }
- - { name: 'pam_slurm_adopt', tags: 'pam_slurm_adopt' }
- { name: 'install_nhc', tags: 'install_nhc'}
--
GitLab
From 0ec2bcda9f4a92d981141966f1862c2892e42349 Mon Sep 17 00:00:00 2001
From: Bo-Chun Chen <louistw@uab.edu>
Date: Fri, 27 Dec 2024 14:14:11 -0600
Subject: [PATCH 131/172] fix: add when condition to ssh_host_keys role
Follow the same approach in ssl_cert role, to avoid missing host key issue during deploy
---
ansible/roles/ssh_host_keys/tasks/main.yml | 2 ++
1 file changed, 2 insertions(+)
diff --git a/ansible/roles/ssh_host_keys/tasks/main.yml b/ansible/roles/ssh_host_keys/tasks/main.yml
index fa39838..59beb02 100644
--- a/ansible/roles/ssh_host_keys/tasks/main.yml
+++ b/ansible/roles/ssh_host_keys/tasks/main.yml
@@ -22,6 +22,7 @@
aws_secret_key: "{{ LTS_SECRET_KEY }}"
vars:
ansible_python_interpreter: /usr/bin/python3
+ when: SSH_HOST_KEYS_S3_BUCKET | length > 0 and SSH_HOST_KEYS_S3_OBJECT | length > 0
- name: Unpack SSH host keys to /etc/ssh
ansible.builtin.unarchive:
@@ -31,6 +32,7 @@
owner: root
remote_src: yes
become: true
+ when: SSH_HOST_KEYS_S3_BUCKET | length > 0 and SSH_HOST_KEYS_S3_OBJECT | length > 0
- name: Remove the temporary folder after put in place
ansible.builtin.file:
--
GitLab
From 6019778c76eb696c7b72d4131f46791a937aa3b5 Mon Sep 17 00:00:00 2001
From: Bo-Chun Chen <louistw@uab.edu>
Date: Fri, 27 Dec 2024 15:25:17 -0600
Subject: [PATCH 132/172] fix: use owner instead of user in template ansible
module
---
ansible/roles/rewrite_map/tasks/main.yaml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/ansible/roles/rewrite_map/tasks/main.yaml b/ansible/roles/rewrite_map/tasks/main.yaml
index 74c8778..36c671a 100644
--- a/ansible/roles/rewrite_map/tasks/main.yaml
+++ b/ansible/roles/rewrite_map/tasks/main.yaml
@@ -3,6 +3,6 @@
ansible.builtin.template:
src: rewrite_map_config_py.j2
mode: '600'
- user: root
+ owner: root
group: root
dest: /var/www/rewrite_map_config.py
--
GitLab
From 68ac825f990e9aa426c9a8506dd08ebcf73ec6ca Mon Sep 17 00:00:00 2001
From: Eesaan Atluri <atlurie@uab.edu>
Date: Thu, 2 Jan 2025 09:58:22 -0500
Subject: [PATCH 133/172] fix: Add missing autofs service start
---
ansible/roles/nfs_mounts/tasks/autofs.yml | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/ansible/roles/nfs_mounts/tasks/autofs.yml b/ansible/roles/nfs_mounts/tasks/autofs.yml
index 301c266..642a02e 100644
--- a/ansible/roles/nfs_mounts/tasks/autofs.yml
+++ b/ansible/roles/nfs_mounts/tasks/autofs.yml
@@ -54,7 +54,8 @@
loop:
- { src: /data/rc/apps, dest: /share/apps }
-- name: Enable autofs service
+- name: Enable and start autofs service
ansible.builtin.service:
name: autofs
enabled: true
+ state: restarted
--
GitLab
From ba397c1c2ec0634813360432aec2c23d9ef74249 Mon Sep 17 00:00:00 2001
From: Eesaan Atluri <atlurie@uab.edu>
Date: Thu, 2 Jan 2025 16:14:07 -0500
Subject: [PATCH 134/172] fix: Skip creating home dir for slurm user
The home dir for slurm user is available as a mount from master so there
is no need to create a local home dir for it.
---
ansible/roles/slurm_client/tasks/main.yml | 1 +
1 file changed, 1 insertion(+)
diff --git a/ansible/roles/slurm_client/tasks/main.yml b/ansible/roles/slurm_client/tasks/main.yml
index 9751720..e2c1d78 100644
--- a/ansible/roles/slurm_client/tasks/main.yml
+++ b/ansible/roles/slurm_client/tasks/main.yml
@@ -19,6 +19,7 @@
state: present
uid: 450
group: slurm
+ create_home: false
- name: Copy munge key
ansible.builtin.copy:
--
GitLab
From d5f0f8e87242e4b6dcc4c609023e30dedb20c34b Mon Sep 17 00:00:00 2001
From: Bo-Chun Louis Chen <louistw@uab.edu>
Date: Fri, 3 Jan 2025 20:15:22 -0600
Subject: [PATCH 135/172] feat: add extra_vars variable in packer templates
---
openstack-login/variables.pkr.hcl | 8 +++++++-
openstack-ood/variables.pkr.hcl | 8 +++++++-
openstack-proxy/variables.pkr.hcl | 5 +++++
3 files changed, 19 insertions(+), 2 deletions(-)
diff --git a/openstack-login/variables.pkr.hcl b/openstack-login/variables.pkr.hcl
index d368139..6cef95c 100644
--- a/openstack-login/variables.pkr.hcl
+++ b/openstack-login/variables.pkr.hcl
@@ -88,4 +88,10 @@ variable "volume_size" {
type = number
default = 20
description = "The default volume size for building iamge"
-}
\ No newline at end of file
+}
+
+variable "extra_vars" {
+ type = string
+ default = ""
+ description = "Extra vars to pass to ansible playbook command"
+}
diff --git a/openstack-ood/variables.pkr.hcl b/openstack-ood/variables.pkr.hcl
index 5a6f608..b87cb6d 100644
--- a/openstack-ood/variables.pkr.hcl
+++ b/openstack-ood/variables.pkr.hcl
@@ -87,4 +87,10 @@ variable "volume_size" {
type = number
default = 20
description = "The default volume size for building iamge"
-}
\ No newline at end of file
+}
+
+variable "extra_vars" {
+ type = string
+ default = ""
+ description = "Extra vars to pass to ansible playbook command"
+}
diff --git a/openstack-proxy/variables.pkr.hcl b/openstack-proxy/variables.pkr.hcl
index 9215362..6ab03ba 100644
--- a/openstack-proxy/variables.pkr.hcl
+++ b/openstack-proxy/variables.pkr.hcl
@@ -106,3 +106,8 @@ variable "ANSIBLE_VERBOSITY" {
description = "to increase verbosity - 0|1|2|3|4"
}
+variable "extra_vars" {
+ type = string
+ default = ""
+ description = "Extra vars to pass to ansible playbook command"
+}
--
GitLab
From fd96d27a73be5ce5bf7af7c55f3017d8dd25dec0 Mon Sep 17 00:00:00 2001
From: Bo-Chun Louis Chen <louistw@uab.edu>
Date: Fri, 3 Jan 2025 20:22:39 -0600
Subject: [PATCH 136/172] feat: pass extra_vars to packer template
---
openstack-login/nodeimage.pkr.hcl | 3 +++
openstack-ood/nodeimage.pkr.hcl | 3 +++
openstack-proxy/nodeimage.pkr.hcl | 3 +++
3 files changed, 9 insertions(+)
diff --git a/openstack-login/nodeimage.pkr.hcl b/openstack-login/nodeimage.pkr.hcl
index fd6b35e..e770d3e 100644
--- a/openstack-login/nodeimage.pkr.hcl
+++ b/openstack-login/nodeimage.pkr.hcl
@@ -61,5 +61,8 @@ build {
groups = ["compute"]
ansible_env_vars = ["ANSIBLE_HOST_KEY_CHECKING=False"]
playbook_file = "./CRI_XCBC/compute-packer.yaml"
+ extra_arguments = [
+ "--extra-vars", "${var.extra_vars}"
+ ]
}
}
diff --git a/openstack-ood/nodeimage.pkr.hcl b/openstack-ood/nodeimage.pkr.hcl
index b31d7a1..61b05ef 100644
--- a/openstack-ood/nodeimage.pkr.hcl
+++ b/openstack-ood/nodeimage.pkr.hcl
@@ -53,5 +53,8 @@ build {
groups = ["ood", "knightly"]
ansible_env_vars = ["ANSIBLE_HOST_KEY_CHECKING=False"]
playbook_file = "./CRI_XCBC/ood-packer.yaml"
+ extra_arguments = [
+ "--extra-vars", "${var.extra_vars}"
+ ]
}
}
diff --git a/openstack-proxy/nodeimage.pkr.hcl b/openstack-proxy/nodeimage.pkr.hcl
index 1410cbe..b9480f2 100644
--- a/openstack-proxy/nodeimage.pkr.hcl
+++ b/openstack-proxy/nodeimage.pkr.hcl
@@ -58,5 +58,8 @@ build {
"ANSIBLE_FORCE_COLOR=true"
]
playbook_file = "./CRI_XCBC/proxy.yaml"
+ extra_arguments = [
+ "--extra-vars", "${var.extra_vars}"
+ ]
}
}
--
GitLab
From ecbd2287adff9451d46acc077a92ff72c89f24e2 Mon Sep 17 00:00:00 2001
From: Krish Moodbidri <krish94@uab.edu>
Date: Tue, 7 Jan 2025 11:44:08 -0600
Subject: [PATCH 137/172] Update Apache configuration for OOD rewrite rules
during deploy phase
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
We lookup the value of the placeholder (RewriteCond %{HTTP:REMOTE_USER} \’^(.+)$\’) in this case in the apache conf during build and replace it with the rewrite conditions during deploy phase.
---
ansible/roles/rewrite_map/tasks/main.yaml | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/ansible/roles/rewrite_map/tasks/main.yaml b/ansible/roles/rewrite_map/tasks/main.yaml
index 36c671a..ed79cc8 100644
--- a/ansible/roles/rewrite_map/tasks/main.yaml
+++ b/ansible/roles/rewrite_map/tasks/main.yaml
@@ -6,3 +6,11 @@
owner: root
group: root
dest: /var/www/rewrite_map_config.py
+
+- name: Replace OOD rewrite placeholder in Apache configuration
+ ansible.builtin.replace:
+ path: /etc/httpd/conf.d/front-end.conf
+ regexp: "RewriteCond %{HTTP:REMOTE_USER} '\\^\\(\\.\\+\\)\\$'"
+ replace: |
+ RewriteCond %{HTTP:REMOTE_USER} '([a-zA-Z0-9_.+-]+)@uab.edu$' [OR]
+ RewriteCond %{HTTP:REMOTE_USER} 'urn:mace:incommon:uab.edu!https://uabgrid.uab.edu/shibboleth!(.+)$'
--
GitLab
From b8f68f374313b5df7aa7e4323c455681329aedf4 Mon Sep 17 00:00:00 2001
From: Krish Moodbidri <krish94@uab.edu>
Date: Tue, 7 Jan 2025 12:23:19 -0600
Subject: [PATCH 138/172] fixed task name to reflect functionality
previously it reflected a placeholder but it actually is the value in file from build that we're looking for and replacing in deploy phase
---
ansible/roles/rewrite_map/tasks/main.yaml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/ansible/roles/rewrite_map/tasks/main.yaml b/ansible/roles/rewrite_map/tasks/main.yaml
index ed79cc8..ffd4f6f 100644
--- a/ansible/roles/rewrite_map/tasks/main.yaml
+++ b/ansible/roles/rewrite_map/tasks/main.yaml
@@ -7,7 +7,7 @@
group: root
dest: /var/www/rewrite_map_config.py
-- name: Replace OOD rewrite placeholder in Apache configuration
+- name: Replace OOD rewrite condition regex in Apache configuration
ansible.builtin.replace:
path: /etc/httpd/conf.d/front-end.conf
regexp: "RewriteCond %{HTTP:REMOTE_USER} '\\^\\(\\.\\+\\)\\$'"
--
GitLab
From 4deca31396621d781fd0e74894d7865a041f57e0 Mon Sep 17 00:00:00 2001
From: Krish Moodbidri <krish94@uab.edu>
Date: Tue, 7 Jan 2025 16:34:17 -0600
Subject: [PATCH 139/172] Added 4 extra spaces for apache file consistency. The
4 extra saces do not affect functionality
---
ansible/roles/rewrite_map/tasks/main.yaml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/ansible/roles/rewrite_map/tasks/main.yaml b/ansible/roles/rewrite_map/tasks/main.yaml
index ffd4f6f..8dab4d5 100644
--- a/ansible/roles/rewrite_map/tasks/main.yaml
+++ b/ansible/roles/rewrite_map/tasks/main.yaml
@@ -13,4 +13,4 @@
regexp: "RewriteCond %{HTTP:REMOTE_USER} '\\^\\(\\.\\+\\)\\$'"
replace: |
RewriteCond %{HTTP:REMOTE_USER} '([a-zA-Z0-9_.+-]+)@uab.edu$' [OR]
- RewriteCond %{HTTP:REMOTE_USER} 'urn:mace:incommon:uab.edu!https://uabgrid.uab.edu/shibboleth!(.+)$'
+ RewriteCond %{HTTP:REMOTE_USER} 'urn:mace:incommon:uab.edu!https://uabgrid.uab.edu/shibboleth!(.+)$'
--
GitLab
From e1367527d4773f2310cc727347527f3bf49e0e82 Mon Sep 17 00:00:00 2001
From: Bo-Chun Louis Chen <louistw@uab.edu>
Date: Tue, 7 Jan 2025 17:13:26 -0600
Subject: [PATCH 140/172] fix: restart httpd service after update
---
ansible/roles/rewrite_map/tasks/main.yaml | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/ansible/roles/rewrite_map/tasks/main.yaml b/ansible/roles/rewrite_map/tasks/main.yaml
index 8dab4d5..d990565 100644
--- a/ansible/roles/rewrite_map/tasks/main.yaml
+++ b/ansible/roles/rewrite_map/tasks/main.yaml
@@ -14,3 +14,9 @@
replace: |
RewriteCond %{HTTP:REMOTE_USER} '([a-zA-Z0-9_.+-]+)@uab.edu$' [OR]
RewriteCond %{HTTP:REMOTE_USER} 'urn:mace:incommon:uab.edu!https://uabgrid.uab.edu/shibboleth!(.+)$'
+
+- name: Restart httpd services
+ ansible.builtin.service:
+ name: httpd
+ enabled: true
+ state: restarted
--
GitLab
From 17f0d7c5b73b6ea77633ff5d599c4563a6842cdd Mon Sep 17 00:00:00 2001
From: Eesaan Atluri <atlurie@uab.edu>
Date: Mon, 6 Jan 2025 13:40:36 -0500
Subject: [PATCH 141/172] ci: Add OOD image build job to gitlab CI
---
.gitlab-ci.yml | 41 +++++++++++++++++++++++++++++++++++++++++
1 file changed, 41 insertions(+)
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index e2956f7..fe63fba 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -173,6 +173,47 @@ build_login_image:
- if: $PIPELINE_TARGET == "build" && $BUILD_TARGET == "login"
when: always
+build_ood_image:
+ stage: build
+ tags:
+ - build
+ script:
+ - *update_ansible_repo
+ - *get_ansible_files
+ # packer vars for job env
+ - export PKR_VAR_flavor="${OOD_BUILD_FLAVOR:-$PKR_VAR_flavor}"
+ - export PKR_VAR_build_instance_name="${BUILD_TARGET}-${EXT_REPO_HEAD}"
+ - export PKR_VAR_image_date_suffix=false
+ - >
+ curl --header "PRIVATE-TOKEN: ${ANSIBLE_VAR_TOKEN}"
+ "${CI_API_V4_URL}/projects/2836/repository/files/knightly/raw?ref=main"
+ -o CRI_XCBC/group_vars/knightly
+ - 'sed -i -E "s/(lts_access_key: ).*/\1\"${AWS_ACCESS_KEY_ID}\"/" CRI_XCBC/group_vars/knightly'
+ - 'sed -i -E "s/(lts_secret_key: ).*/\1\"${AWS_SECRET_ACCESS_KEY}\"/" CRI_XCBC/group_vars/knightly'
+ - 'sed -i -E "s/(user_register_app_key: ).*/\1\"${SELF_REG_APP_KEY}\"/" CRI_XCBC/group_vars/knightly'
+ - 'sed -i -E "s/(celery_user_password: ).*/\1\"${CELERY_PASSWD}\"/" CRI_XCBC/group_vars/knightly'
+ - 'sed -i -E "s|(ssh_pub_key: ).*|\1\"{{ lookup(''file'', ''${SSH_PUB_KEY}'') }}\"|" CRI_XCBC/group_vars/knightly'
+ - |
+ if [ $CI_PIPELINE_SOURCE == 'merge_request_event' ]; then
+ export PKR_VAR_image_name="ood-PR-${CI_MERGE_REQUEST_IID}"
+ elif [ $CI_PIPELINE_SOURCE == 'schedule' ]; then
+ export PKR_VAR_image_name="ood-${BUILD_DATE}"
+ fi
+ # packer commands
+ - packer init openstack-ood
+ - packer validate openstack-ood
+ - packer build -machine-readable openstack-ood | tee ood_build.log
+ - export BUILT_OOD_IMAGE_ID=$(grep 'Image:' ood_build.log | awk '{print $4}')
+ - echo BUILT_OOD_IMAGE_ID=${BUILT_OOD_IMAGE_ID} | tee -a $CI_PROJECT_DIR/image.env
+ # set image properties with repo state
+ - openstack image set --property EXT_PR_SRC_REPO=${EXT_PR_SRC_REPO} --property EXT_PR_SRC_BRANCH_SHA=${EXT_PR_SRC_BRANCH_SHA} --property EXT_PR_TARGET_REPO=${EXT_PR_TARGET_REPO} --property EXT_PR_TARGET_BRANCH_SHA=${EXT_PR_TARGET_BRANCH_SHA} --property PACKER_IMAGE_HEAD=${CI_COMMIT_SHORT_SHA} ${BUILT_OOD_IMAGE_ID}
+ artifacts:
+ reports:
+ dotenv: image.env
+ rules:
+ - if: $PIPELINE_TARGET == "build" && $BUILD_TARGET == "ood"
+ when: always
+
deploy_http_proxy_node:
stage: deploy
environment:
--
GitLab
From d78a2612e4862cd5224fbb01aef5c09cbcb2369c Mon Sep 17 00:00:00 2001
From: Eesaan Atluri <atlurie@uab.edu>
Date: Tue, 7 Jan 2025 12:11:04 -0500
Subject: [PATCH 142/172] fix: Define a default value for root ssh pub key
to avoid error when a value is not provided for root_ssh_key
---
openstack-ood/variables.pkr.hcl | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/openstack-ood/variables.pkr.hcl b/openstack-ood/variables.pkr.hcl
index 5a6f608..a97e327 100644
--- a/openstack-ood/variables.pkr.hcl
+++ b/openstack-ood/variables.pkr.hcl
@@ -1,5 +1,6 @@
variable "root_ssh_key" {
type = string
+ default = ""
description = "The root key to use for ssh"
}
@@ -87,4 +88,4 @@ variable "volume_size" {
type = number
default = 20
description = "The default volume size for building iamge"
-}
\ No newline at end of file
+}
--
GitLab
From 6a74a89ce71abec1611ba32e726de22e26c2109c Mon Sep 17 00:00:00 2001
From: Eesaan Atluri <atlurie@uab.edu>
Date: Tue, 7 Jan 2025 12:30:37 -0500
Subject: [PATCH 143/172] fix: Delete cheaha.yml call from ood.yml playbook
We moved cheaha.yml playbook to run during deploy time
---
ansible/ood.yml | 3 ---
1 file changed, 3 deletions(-)
diff --git a/ansible/ood.yml b/ansible/ood.yml
index 089ffd3..37c09aa 100644
--- a/ansible/ood.yml
+++ b/ansible/ood.yml
@@ -6,6 +6,3 @@
- { name: 'fix_centos_repo', tags: 'fix_centos_repo' }
- { name: 'install_packages', tags: 'install_packages' }
- { name: 'install_zsh', tags: 'install_zsh' }
-
-- name: Setup node for use as a virtual cheaha node
- ansible.builtin.import_playbook: cheaha.yml
--
GitLab
From 93b58dd8a5c79e5c103ec832808a4a899c9c9ed0 Mon Sep 17 00:00:00 2001
From: Eesaan Atluri <atlurie@uab.edu>
Date: Tue, 7 Jan 2025 13:27:49 -0500
Subject: [PATCH 144/172] feat: Add environment to the ood image build ci job
---
.gitlab-ci.yml | 2 ++
1 file changed, 2 insertions(+)
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index fe63fba..8b441ee 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -175,6 +175,8 @@ build_login_image:
build_ood_image:
stage: build
+ environment:
+ name: $ENV
tags:
- build
script:
--
GitLab
From ffb9f2382987c7194fc76a87067d6066e8d2e450 Mon Sep 17 00:00:00 2001
From: Eesaan Atluri <atlurie@uab.edu>
Date: Wed, 8 Jan 2025 15:38:13 -0500
Subject: [PATCH 145/172] feat: Add pkgs required during deploy
---
openstack-ood/nodeimage.pkr.hcl | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/openstack-ood/nodeimage.pkr.hcl b/openstack-ood/nodeimage.pkr.hcl
index b31d7a1..2b516be 100644
--- a/openstack-ood/nodeimage.pkr.hcl
+++ b/openstack-ood/nodeimage.pkr.hcl
@@ -54,4 +54,13 @@ build {
ansible_env_vars = ["ANSIBLE_HOST_KEY_CHECKING=False"]
playbook_file = "./CRI_XCBC/ood-packer.yaml"
}
+
+ provisioner "shell" {
+ inline = [
+ "sudo yum install -y libselinux-python3 python3 python3-pip tmux vim git bash-completion curl wget unzip",
+ "sudo python3 -m pip install --upgrade pip",
+ "sudo pip3 install s3cmd==2.3.0 ansible==4.10.0 python-openstackclient==5.8.0"
+ ]
+ }
+
}
--
GitLab
From 056ba88eccd317cb79a099d28483a3b1ed3bed2e Mon Sep 17 00:00:00 2001
From: Bo-Chun Louis Chen <louistw@uab.edu>
Date: Tue, 14 Jan 2025 12:54:35 -0600
Subject: [PATCH 146/172] feat: update account app port
---
ansible/group_vars/all | 2 ++
ansible/roles/rewrite_map/tasks/main.yaml | 6 ++++++
2 files changed, 8 insertions(+)
diff --git a/ansible/group_vars/all b/ansible/group_vars/all
index eaef961..7055312 100644
--- a/ansible/group_vars/all
+++ b/ansible/group_vars/all
@@ -73,3 +73,5 @@
- {"name": "gpfs4", "host": "login001", "default": True }
- {"name": "gpfs5", "host": "login002", "default": False }
+# account app
+ account_app_port: 8000
diff --git a/ansible/roles/rewrite_map/tasks/main.yaml b/ansible/roles/rewrite_map/tasks/main.yaml
index d990565..8b08eb6 100644
--- a/ansible/roles/rewrite_map/tasks/main.yaml
+++ b/ansible/roles/rewrite_map/tasks/main.yaml
@@ -15,6 +15,12 @@
RewriteCond %{HTTP:REMOTE_USER} '([a-zA-Z0-9_.+-]+)@uab.edu$' [OR]
RewriteCond %{HTTP:REMOTE_USER} 'urn:mace:incommon:uab.edu!https://uabgrid.uab.edu/shibboleth!(.+)$'
+- name: Replace account app port in Apache configuration
+ ansible.builtin.replace:
+ path: /etc/httpd/conf.d/front-end.conf
+ regexp: "account-app:8000"
+ replace: "account-app:{{ account_app_port }}"
+
- name: Restart httpd services
ansible.builtin.service:
name: httpd
--
GitLab
From 2a76eae35dfad9b5ecafd8f46f71afb4b97437e1 Mon Sep 17 00:00:00 2001
From: Eesaan Atluri <atlurie@uab.edu>
Date: Fri, 10 Jan 2025 16:29:59 -0500
Subject: [PATCH 147/172] feat: Download group_vars based on conditional for
knightly and prod
Download group_vars/knightly or group_vars/prod for knightly or prod
environments respectively.
Note: For all other environments like dev or staging just use the
default values from group_vars/all
---
.gitlab-ci.yml | 29 ++++++++++++++++++++---------
1 file changed, 20 insertions(+), 9 deletions(-)
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 8b441ee..fd17b81 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -186,15 +186,26 @@ build_ood_image:
- export PKR_VAR_flavor="${OOD_BUILD_FLAVOR:-$PKR_VAR_flavor}"
- export PKR_VAR_build_instance_name="${BUILD_TARGET}-${EXT_REPO_HEAD}"
- export PKR_VAR_image_date_suffix=false
- - >
- curl --header "PRIVATE-TOKEN: ${ANSIBLE_VAR_TOKEN}"
- "${CI_API_V4_URL}/projects/2836/repository/files/knightly/raw?ref=main"
- -o CRI_XCBC/group_vars/knightly
- - 'sed -i -E "s/(lts_access_key: ).*/\1\"${AWS_ACCESS_KEY_ID}\"/" CRI_XCBC/group_vars/knightly'
- - 'sed -i -E "s/(lts_secret_key: ).*/\1\"${AWS_SECRET_ACCESS_KEY}\"/" CRI_XCBC/group_vars/knightly'
- - 'sed -i -E "s/(user_register_app_key: ).*/\1\"${SELF_REG_APP_KEY}\"/" CRI_XCBC/group_vars/knightly'
- - 'sed -i -E "s/(celery_user_password: ).*/\1\"${CELERY_PASSWD}\"/" CRI_XCBC/group_vars/knightly'
- - 'sed -i -E "s|(ssh_pub_key: ).*|\1\"{{ lookup(''file'', ''${SSH_PUB_KEY}'') }}\"|" CRI_XCBC/group_vars/knightly'
+ - |
+ if [[ $ENV == 'knightly' ]]; then
+ curl --header "PRIVATE-TOKEN: ${ANSIBLE_VAR_TOKEN}" \
+ "${CI_API_V4_URL}/projects/2836/repository/files/knightly/raw?ref=main" \
+ -o CRI_XCBC/group_vars/$ENV
+ 'sed -i -E "s/(lts_access_key: ).*/\1\"${AWS_ACCESS_KEY_ID}\"/" CRI_XCBC/group_vars/$ENV'
+ 'sed -i -E "s/(lts_secret_key: ).*/\1\"${AWS_SECRET_ACCESS_KEY}\"/" CRI_XCBC/group_vars/$ENV'
+ 'sed -i -E "s/(user_register_app_key: ).*/\1\"${SELF_REG_APP_KEY}\"/" CRI_XCBC/group_vars/$ENV'
+ 'sed -i -E "s/(celery_user_password: ).*/\1\"${CELERY_PASSWD}\"/" CRI_XCBC/group_vars/$ENV'
+ 'sed -i -E "s|(ssh_pub_key: ).*|\1\"{{ lookup(''file'', ''${SSH_PUB_KEY}'') }}\"|" CRI_XCBC/group_vars/$ENV'
+ elif [[ $ENV == 'prod' ]]; then
+ curl --header "PRIVATE-TOKEN: ${ANSIBLE_VAR_TOKEN}" \
+ "${CI_API_V4_URL}/projects/2836/repository/files/prod/raw?ref=main" \
+ -o CRI_XCBC/group_vars/$ENV
+ 'sed -i -E "s/(lts_access_key: ).*/\1\"${AWS_ACCESS_KEY_ID}\"/" CRI_XCBC/group_vars/$ENV'
+ 'sed -i -E "s/(lts_secret_key: ).*/\1\"${AWS_SECRET_ACCESS_KEY}\"/" CRI_XCBC/group_vars/$ENV'
+ 'sed -i -E "s/(user_register_app_key: ).*/\1\"${SELF_REG_APP_KEY}\"/" CRI_XCBC/group_vars/$ENV'
+ 'sed -i -E "s/(celery_user_password: ).*/\1\"${CELERY_PASSWD}\"/" CRI_XCBC/group_vars/$ENV'
+ 'sed -i -E "s|(ssh_pub_key: ).*|\1\"{{ lookup(''file'', ''${SSH_PUB_KEY}'') }}\"|" CRI_XCBC/group_vars/$ENV'
+ fi
- |
if [ $CI_PIPELINE_SOURCE == 'merge_request_event' ]; then
export PKR_VAR_image_name="ood-PR-${CI_MERGE_REQUEST_IID}"
--
GitLab
From 0685dcb8c5d8b76df2b217b93c5fcf0e8807c384 Mon Sep 17 00:00:00 2001
From: Eesaan Atluri <atlurie@uab.edu>
Date: Wed, 15 Jan 2025 00:39:19 -0500
Subject: [PATCH 148/172] feat: Add a way to define multiple security groups
Closes https://gitlab.rc.uab.edu/rc/hpc-factory/-/issues/203
---
.gitlab-ci.yml | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index e2956f7..cc90b82 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -309,7 +309,10 @@ deploy_login_node:
cmd+=" -c id -f value --image $LOGIN_IMAGE_ID"
cmd+=" --flavor $INSTANCE_FLAVOR"
cmd+=" --network $INSTANCE_NETWORK"
- cmd+=" --security-group allow-ssh"
+ for security_group in ${SECURITY_GROUP_LIST[@]};
+ do
+ cmd+=" --security-group $security_group"
+ done
cmd+=" --user-data user_data.txt"
if [ -n "$LOGIN_PORT" ];then cmd+=" --port $LOGIN_PORT"; fi
cmd+=" --wait $LOGIN_INSTANCE_NAME"
--
GitLab
From 822bb0f20182676b8e8bd62e77899f7e28b951a6 Mon Sep 17 00:00:00 2001
From: Krish Moodbidri <krish94@uab.edu>
Date: Fri, 24 Jan 2025 12:59:15 -0600
Subject: [PATCH 149/172] Add symbolic links for Slurm config files
Created symlinks for `slurm.conf`, `gres.conf`, `slurmdbd.conf`, and `cgroup.conf` in `/etc/slurm`.
To ensure consistency with the current production environment where these symlinks already exist.
---
ansible/roles/slurm_client/tasks/main.yml | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/ansible/roles/slurm_client/tasks/main.yml b/ansible/roles/slurm_client/tasks/main.yml
index e2c1d78..44edcbc 100644
--- a/ansible/roles/slurm_client/tasks/main.yml
+++ b/ansible/roles/slurm_client/tasks/main.yml
@@ -29,6 +29,17 @@
group: root
mode: 0400
+- name: Create symbolic links for Slurm config files
+ ansible.builtin.file:
+ src: "{{ item.src }}"
+ dest: "{{ item.dest }}"
+ state: link
+ loop:
+ - { src: "/cm/shared/apps/slurm/var/etc/cgroup.conf", dest: "/etc/slurm/cgroup.conf" }
+ - { src: "/cm/shared/apps/slurm/var/etc/gres.conf", dest: "/etc/slurm/gres.conf" }
+ - { src: "/cm/shared/apps/slurm/var/etc/slurm.conf", dest: "/etc/slurm/slurm.conf" }
+ - { src: "/cm/shared/apps/slurm/var/etc/slurmdbd.conf", dest: "/etc/slurm/slurmdbd.conf" }
+
- name: Enable services
ansible.builtin.service:
name: "{{ item }}"
--
GitLab
From 637be235d277016d1346d2c4bc9c0e7fac100077 Mon Sep 17 00:00:00 2001
From: Krish Moodbidri <krish94@uab.edu>
Date: Fri, 24 Jan 2025 14:20:10 -0600
Subject: [PATCH 150/172] Force creation of symbolic links for Slurm config
files
---
ansible/roles/slurm_client/tasks/main.yml | 1 +
1 file changed, 1 insertion(+)
diff --git a/ansible/roles/slurm_client/tasks/main.yml b/ansible/roles/slurm_client/tasks/main.yml
index 44edcbc..d1233ed 100644
--- a/ansible/roles/slurm_client/tasks/main.yml
+++ b/ansible/roles/slurm_client/tasks/main.yml
@@ -34,6 +34,7 @@
src: "{{ item.src }}"
dest: "{{ item.dest }}"
state: link
+ force: yes # Force the creation of the symlinks even if source files do not exist yet
loop:
- { src: "/cm/shared/apps/slurm/var/etc/cgroup.conf", dest: "/etc/slurm/cgroup.conf" }
- { src: "/cm/shared/apps/slurm/var/etc/gres.conf", dest: "/etc/slurm/gres.conf" }
--
GitLab
From 2d919ff80175e015ed6a0488d3f7205760280d45 Mon Sep 17 00:00:00 2001
From: Krish Moodbidri <krish94@uab.edu>
Date: Fri, 24 Jan 2025 14:24:55 -0600
Subject: [PATCH 151/172] Add symbolic link for job_submit.lua configuration
file
---
ansible/roles/slurm_client/tasks/main.yml | 1 +
1 file changed, 1 insertion(+)
diff --git a/ansible/roles/slurm_client/tasks/main.yml b/ansible/roles/slurm_client/tasks/main.yml
index d1233ed..64612ed 100644
--- a/ansible/roles/slurm_client/tasks/main.yml
+++ b/ansible/roles/slurm_client/tasks/main.yml
@@ -40,6 +40,7 @@
- { src: "/cm/shared/apps/slurm/var/etc/gres.conf", dest: "/etc/slurm/gres.conf" }
- { src: "/cm/shared/apps/slurm/var/etc/slurm.conf", dest: "/etc/slurm/slurm.conf" }
- { src: "/cm/shared/apps/slurm/var/etc/slurmdbd.conf", dest: "/etc/slurm/slurmdbd.conf" }
+ - { src: "/cm/shared/apps/slurm/var/etc/job_submit.lua", dest: "/etc/slurm/job_submit.lua" }
- name: Enable services
ansible.builtin.service:
--
GitLab
From 28a835da8f7f2158375cf3a1ed57d16489a48b17 Mon Sep 17 00:00:00 2001
From: Eesaan Atluri <atlurie@uab.edu>
Date: Fri, 24 Jan 2025 14:34:35 -0500
Subject: [PATCH 152/172] refactor: Move the fail2ban tasks out of
ssh_proxy_config
---
ansible/roles/fail2ban/tasks/main.yml | 46 +++++++++++++++++++
ansible/roles/ssh_proxy_config/tasks/main.yml | 42 -----------------
.../ssh_proxy_config/templates/jail.local.j2 | 7 ---
3 files changed, 46 insertions(+), 49 deletions(-)
create mode 100644 ansible/roles/fail2ban/tasks/main.yml
delete mode 100644 ansible/roles/ssh_proxy_config/templates/jail.local.j2
diff --git a/ansible/roles/fail2ban/tasks/main.yml b/ansible/roles/fail2ban/tasks/main.yml
new file mode 100644
index 0000000..2f7d96e
--- /dev/null
+++ b/ansible/roles/fail2ban/tasks/main.yml
@@ -0,0 +1,46 @@
+---
+
+- name: Install fail2ban
+ ansible.builtin.package:
+ name: "{{ item }}"
+ state: present
+ loop:
+ - fail2ban
+ - fail2ban-firewalld
+
+- name: Configure fail2ban
+ ansible.builtin.template:
+ src: "{{ item.src }}"
+ dest: "{{ item.dest }}"
+ backup: true
+ loop:
+ - { src: 'jail.local.j2', dest: '/etc/fail2ban/jail.local' }
+ - { src: 'sshpiperd_filter.local.j2', dest: '/etc/fail2ban/filter.d/sshpiperd.local' }
+ - { src: 'sshpiperd_jail.local.j2', dest: '/etc/fail2ban/jail.d/sshpiperd.local' }
+
+- name: Activate the firewalld support for fail2ban
+ ansible.builtin.command:
+ cmd: mv /etc/fail2ban/jail.d/00-firewalld.conf /etc/fail2ban/jail.d/00-firewalld.local
+
+- name: Configure firewalld to allow ssh and sshpiper traffic
+ ansible.posix.firewalld:
+ port: "{{ item }}"
+ zone: public
+ state: enabled
+ permanent: true
+ loop:
+ - 2222/tcp
+ - 22/tcp
+
+- name: Enable and start firewalld
+ ansible.builtin.service:
+ name: firewalld
+ enabled: true
+ state: restarted
+
+- name: Enable and start fail2ban
+ ansible.builtin.service:
+ name: fail2ban
+ enabled: true
+ state: restarted
+
diff --git a/ansible/roles/ssh_proxy_config/tasks/main.yml b/ansible/roles/ssh_proxy_config/tasks/main.yml
index fb51f9f..30bac2a 100644
--- a/ansible/roles/ssh_proxy_config/tasks/main.yml
+++ b/ansible/roles/ssh_proxy_config/tasks/main.yml
@@ -10,45 +10,3 @@
name: sshpiperd
enabled: true
state: restarted
-
-- name: Install firewalld
- ansible.builtin.package:
- name: firewalld
- state: present
-
-- name: Configure firewalld
- ansible.posix.firewalld:
- port: 2222/tcp
- zone: public
- state: enabled
- permanent: true
-
-- name: Enable and start firewalld
- ansible.builtin.service:
- name: firewalld
- enabled: true
- state: restarted
-
-- name: Install fail2ban
- ansible.builtin.package:
- name: "{{ item }}"
- state: present
- loop:
- - fail2ban
- - fail2ban-firewalld
-
-- name: Configure fail2ban
- ansible.builtin.template:
- src: jail.local.j2
- dest: "/etc/fail2ban/jail.local"
- backup: true
-
-- name: Activate the firewall support
- ansible.builtin.command:
- cmd: mv /etc/fail2ban/jail.d/00-firewalld.conf /etc/fail2ban/jail.d/00-firewalld.local
-
-- name: Enable and start fail2ban
- ansible.builtin.service:
- name: fail2ban
- enabled: true
- state: restarted
diff --git a/ansible/roles/ssh_proxy_config/templates/jail.local.j2 b/ansible/roles/ssh_proxy_config/templates/jail.local.j2
deleted file mode 100644
index d5898e6..0000000
--- a/ansible/roles/ssh_proxy_config/templates/jail.local.j2
+++ /dev/null
@@ -1,7 +0,0 @@
-[DEFAULT]
-banaction = firewalld
-bantime = 1200
-ignoreip = {{ fail2ban_cidr_list }}
-
-[sshd]
-enabled = true
--
GitLab
From a9dcf73cc1f2ef49befb2e243013e776d74963a2 Mon Sep 17 00:00:00 2001
From: Eesaan Atluri <atlurie@uab.edu>
Date: Fri, 24 Jan 2025 19:13:38 -0500
Subject: [PATCH 153/172] feat: Add fail2ban config files as templates
Adds fail2ban filter and jail configs
---
ansible/group_vars/all | 6 +++++
.../roles/fail2ban/templates/jail.local.j2 | 7 ++++++
.../templates/sshpiperd_filter.local.j2 | 22 +++++++++++++++++++
.../templates/sshpiperd_jail.local.j2 | 9 ++++++++
4 files changed, 44 insertions(+)
create mode 100644 ansible/roles/fail2ban/templates/jail.local.j2
create mode 100644 ansible/roles/fail2ban/templates/sshpiperd_filter.local.j2
create mode 100644 ansible/roles/fail2ban/templates/sshpiperd_jail.local.j2
diff --git a/ansible/group_vars/all b/ansible/group_vars/all
index 7055312..357ce7b 100644
--- a/ansible/group_vars/all
+++ b/ansible/group_vars/all
@@ -75,3 +75,9 @@
# account app
account_app_port: 8000
+
+# fail2ban
+ enable_fail2ban: true
+ maxretry: 1
+ findtime: 600
+ bantime: 1200
diff --git a/ansible/roles/fail2ban/templates/jail.local.j2 b/ansible/roles/fail2ban/templates/jail.local.j2
new file mode 100644
index 0000000..af6ae66
--- /dev/null
+++ b/ansible/roles/fail2ban/templates/jail.local.j2
@@ -0,0 +1,7 @@
+[DEFAULT]
+banaction = firewalld
+bantime = {{ bantime }}
+ignoreip = {{ fail2ban_cidr_list }}
+
+[sshd]
+enabled = true
diff --git a/ansible/roles/fail2ban/templates/sshpiperd_filter.local.j2 b/ansible/roles/fail2ban/templates/sshpiperd_filter.local.j2
new file mode 100644
index 0000000..f5a6081
--- /dev/null
+++ b/ansible/roles/fail2ban/templates/sshpiperd_filter.local.j2
@@ -0,0 +1,22 @@
+# Refer to https://github.com/fail2ban/fail2ban/wiki/Developing-Regex-in-Fail2ban for developing regex using fail2ban
+#
+[INCLUDES]
+before = common.conf
+
+[DEFAULT]
+_daemon = sshpiperd
+__iso_datetime = "\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}(?:[+-]\d{2}:\d{2}|Z)"
+__pref = time=%(__iso_datetime)s level=(?:debug|error)
+
+[Definition]
+# Define the prefix regex for the log lines
+prefregex = ^<F-MLFID>%(__prefix_line)s%(__pref)s</F-MLFID>\s+<F-CONTENT>.+</F-CONTENT>$
+
+# Failregex to match the specific failure log lines (prefregex is automatically included)
+failregex = ^msg="connection from .*failtoban: ip <HOST> too auth many failures"$
+
+ignoreregex =
+
+mode = normal
+
+maxlines = 1
diff --git a/ansible/roles/fail2ban/templates/sshpiperd_jail.local.j2 b/ansible/roles/fail2ban/templates/sshpiperd_jail.local.j2
new file mode 100644
index 0000000..681212c
--- /dev/null
+++ b/ansible/roles/fail2ban/templates/sshpiperd_jail.local.j2
@@ -0,0 +1,9 @@
+# This configuration will block the remote host after {{maxretry}} failed SSH login attempts.
+[sshpiperd]
+enabled = true
+filter = sshpiperd
+logpath = /var/log/messages
+port = 22
+maxretry = {{ maxretry }}
+backend = auto
+findtime = {{ findtime }}
--
GitLab
From 0c0cadb44add1129fe07a7115f34da0cff4a57ad Mon Sep 17 00:00:00 2001
From: Eesaan Atluri <atlurie@uab.edu>
Date: Mon, 27 Jan 2025 16:31:15 -0500
Subject: [PATCH 154/172] feat: Use appropriate variable name for fail2ban
whitelist ips
---
ansible/group_vars/all | 2 +-
ansible/roles/fail2ban/templates/jail.local.j2 | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/ansible/group_vars/all b/ansible/group_vars/all
index 357ce7b..51a889a 100644
--- a/ansible/group_vars/all
+++ b/ansible/group_vars/all
@@ -50,7 +50,6 @@
# ssh proxy
enable_ssh_proxy_config: false
sshpiper_dest_dir: "/opt/sshpiper"
- fail2ban_cidr_list: "127.0.0.1/8"
# rsyslog
enable_rsyslog_config: false
@@ -81,3 +80,4 @@
maxretry: 1
findtime: 600
bantime: 1200
+ fail2ban_white_list: "127.0.0.1/8"
diff --git a/ansible/roles/fail2ban/templates/jail.local.j2 b/ansible/roles/fail2ban/templates/jail.local.j2
index af6ae66..87f9e4f 100644
--- a/ansible/roles/fail2ban/templates/jail.local.j2
+++ b/ansible/roles/fail2ban/templates/jail.local.j2
@@ -1,7 +1,7 @@
[DEFAULT]
banaction = firewalld
bantime = {{ bantime }}
-ignoreip = {{ fail2ban_cidr_list }}
+ignoreip = {{ fail2ban_white_list }}
[sshd]
enabled = true
--
GitLab
From f8785f2f6cc371264b45dd3cfb5a12ea9b6abe0e Mon Sep 17 00:00:00 2001
From: Eesaan Atluri <atlurie@uab.edu>
Date: Wed, 29 Jan 2025 14:13:57 -0500
Subject: [PATCH 155/172] feat: Add fail2ban role to cluster.yml playbook
---
ansible/cluster.yml | 1 +
1 file changed, 1 insertion(+)
diff --git a/ansible/cluster.yml b/ansible/cluster.yml
index 1a2c83e..1e05580 100644
--- a/ansible/cluster.yml
+++ b/ansible/cluster.yml
@@ -12,3 +12,4 @@
- { name: 'ssl_cert', tags: 'ssl_cert', when: enable_ssl_certs }
- { name: 'rsyslog_config', tags: 'rsyslog_config', when: enable_rsyslog_config }
- { name: 'rewrite_map', tags: 'rewrite_map', when: enable_rewrite_map }
+ - { name: 'fail2ban', tags: 'fail2ban', when: enable_fail2ban }
--
GitLab
From 16ba256a00102d3d139588e0ce9b17711ff5717a Mon Sep 17 00:00:00 2001
From: Eesaan Atluri <atlurie@uab.edu>
Date: Wed, 29 Jan 2025 21:16:16 -0500
Subject: [PATCH 156/172] feat: fixup
---
.gitlab-ci.yml | 11 ++++++++---
1 file changed, 8 insertions(+), 3 deletions(-)
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index cc90b82..8915b12 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -207,8 +207,10 @@ deploy_http_proxy_node:
cmd+=" -c id -f value --image $HTTP_PROXY_IMAGE_ID"
cmd+=" --flavor $INSTANCE_FLAVOR"
cmd+=" --network $PROXY_NETWORK"
- cmd+=" --security-group webserver_sec_group"
- cmd+=" --security-group allow-ssh"
+ for security_group in ${SECURITY_GROUP_LIST[@]};
+ do
+ cmd+=" --security-group $security_group"
+ done
cmd+=" --user-data user_data.txt"
if [ -n "$HTTP_PROXY_PORT" ];then cmd+=" --port $HTTP_PROXY_PORT"; fi
cmd+=" --wait $HTTP_PROXY_INSTANCE_NAME"
@@ -258,7 +260,10 @@ deploy_ssh_proxy_node:
cmd+=" -c id -f value --image $SSH_PROXY_IMAGE_ID"
cmd+=" --flavor $INSTANCE_FLAVOR"
cmd+=" --network $PROXY_NETWORK"
- cmd+=" --security-group allow-ssh"
+ for security_group in ${SECURITY_GROUP_LIST[@]};
+ do
+ cmd+=" --security-group $security_group"
+ done
cmd+=" --user-data user_data.txt"
if [ -n "$SSH_PROXY_PORT" ];then cmd+=" --port $SSH_PROXY_PORT"; fi
cmd+=" --wait $SSH_PROXY_INSTANCE_NAME"
--
GitLab
From 1b9577e973fe416772ac6c31661e4de9a112178e Mon Sep 17 00:00:00 2001
From: Bo-Chun Louis Chen <louistw@uab.edu>
Date: Tue, 4 Feb 2025 16:10:57 -0600
Subject: [PATCH 157/172] feat: disable fail2ban by default
---
ansible/group_vars/all | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/ansible/group_vars/all b/ansible/group_vars/all
index 51a889a..b980d46 100644
--- a/ansible/group_vars/all
+++ b/ansible/group_vars/all
@@ -76,7 +76,7 @@
account_app_port: 8000
# fail2ban
- enable_fail2ban: true
+ enable_fail2ban: false
maxretry: 1
findtime: 600
bantime: 1200
--
GitLab
From 420230b4f7a4222cdf43c0bc18492376b3396de9 Mon Sep 17 00:00:00 2001
From: Krish Moodbidri <krish94@uab.edu>
Date: Wed, 19 Feb 2025 13:24:58 -0600
Subject: [PATCH 158/172] Enable rsyslog configuration by default
Changed the 'enable_rsyslog_config' variable from false to true
This should be the default behavior for all nodes unless explicitly turned off by the developer.
---
ansible/group_vars/all | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/ansible/group_vars/all b/ansible/group_vars/all
index b980d46..6be1a75 100644
--- a/ansible/group_vars/all
+++ b/ansible/group_vars/all
@@ -52,7 +52,7 @@
sshpiper_dest_dir: "/opt/sshpiper"
# rsyslog
- enable_rsyslog_config: false
+ enable_rsyslog_config: true
rsyslog_target: "*.* @master:514"
# ssl certs
--
GitLab
From 6c10564578fa8d0c1dad63aa56ce7ad1e7c68eec Mon Sep 17 00:00:00 2001
From: Bo-Chun Louis Chen <louistw@uab.edu>
Date: Wed, 26 Feb 2025 16:29:28 -0600
Subject: [PATCH 159/172] feat(node_exporter): add variables in group_vars
---
ansible/group_vars/all | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/ansible/group_vars/all b/ansible/group_vars/all
index b980d46..7cea2c9 100644
--- a/ansible/group_vars/all
+++ b/ansible/group_vars/all
@@ -81,3 +81,11 @@
findtime: 600
bantime: 1200
fail2ban_white_list: "127.0.0.1/8"
+
+# Node Exporter
+ enable_node_exporter: false
+ node_exporter_ver: "1.8.2"
+ node_exporter_filename: "node_exporter-{{ node_exporter_ver }}.linux-amd64"
+ node_exporter_user: node_exporter
+ node_exporter_group: node_exporter
+ node_exporter_port: 9100
--
GitLab
From 38b7fd3d8994ad066da363693269cad6a3474712 Mon Sep 17 00:00:00 2001
From: Bo-Chun Louis Chen <louistw@uab.edu>
Date: Wed, 26 Feb 2025 16:30:52 -0600
Subject: [PATCH 160/172] feat: add install_node_exporter role
---
.../install_node_exporter/tasks/main.yaml | 60 +++++++++++++++++++
.../templates/node_exporter.service.j2 | 12 ++++
2 files changed, 72 insertions(+)
create mode 100644 ansible/roles/install_node_exporter/tasks/main.yaml
create mode 100644 ansible/roles/install_node_exporter/templates/node_exporter.service.j2
diff --git a/ansible/roles/install_node_exporter/tasks/main.yaml b/ansible/roles/install_node_exporter/tasks/main.yaml
new file mode 100644
index 0000000..3bee4a7
--- /dev/null
+++ b/ansible/roles/install_node_exporter/tasks/main.yaml
@@ -0,0 +1,60 @@
+---
+- name: Download node_exporter binary
+ ansible.builtin.get_url:
+ url: "https://github.com/prometheus/node_exporter/releases/download/v{{ node_exporter_ver }}/{{ node_exporter_filename }}.tar.gz"
+ dest: "/tmp/{{ node_exporter_filename }}.tar.gz"
+
+- name: Extract node_exporter
+ ansible.builtin.unarchive:
+ src: "/tmp/{{ node_exporter_filename }}.tar.gz"
+ dest: "/tmp"
+ remote_src: yes
+
+- name: Create system group for user account {{ node_exporter_group }}
+ ansible.builtin.group:
+ name: "{{ node_exporter_group }}"
+ system: true
+ state: present
+
+- name: Create system user account {{ node_exporter_user }}
+ ansible.builtin.user:
+ name: "{{ node_exporter_user }}"
+ comment: Prometheus node_exporter system account
+ group: "{{ node_exporter_group }}"
+ system: true
+ home: /var/lib/node_exporter
+ create_home: false
+ shell: /sbin/nologin
+ state: present
+
+- name: Copy node_exporter binary
+ ansible.builtin.copy:
+ src: "/tmp/{{ node_exporter_filename }}/node_exporter"
+ dest: /usr/local/bin/node_exporter
+ remote_src: yes
+ owner: root
+ group: root
+ mode: 0755
+
+- name: Copy systemd unit file
+ ansible.builtin.template:
+ src: node_exporter.service.j2
+ dest: /etc/systemd/system/node_exporter.service
+ owner: root
+ group: root
+ mode: '0644'
+
+- name: Clean up /tmp
+ ansible.builtin.file:
+ path: "/tmp/{{ item }}"
+ state: absent
+ loop:
+ - "{{ node_exporter_filename }}.tar.gz"
+ - "{{ node_exporter_filename }}"
+
+- name: Restart node_exporter service
+ ansible.builtin.systemd:
+ daemon_reload: yes
+ name: node_exporter
+ state: restarted
+ enabled: true
diff --git a/ansible/roles/install_node_exporter/templates/node_exporter.service.j2 b/ansible/roles/install_node_exporter/templates/node_exporter.service.j2
new file mode 100644
index 0000000..fddb82d
--- /dev/null
+++ b/ansible/roles/install_node_exporter/templates/node_exporter.service.j2
@@ -0,0 +1,12 @@
+[Unit]
+Description=Node Exporter
+After=network.target
+
+[Service]
+User={{ node_exporter_user }}
+Group={{ node_exporter_group }}
+Type=simple
+ExecStart=/usr/local/bin/node_exporter --web.listen-address=:{{ node_exporter_port }} --collector.filesystem.mount-points-exclude "^/(dev|proc|run/user/.+|run/credentials/.+|sys|var/lib/docker/.+)($|/)" --collector.filesystem.fs-types-exclude "^(autofs|binfmt_misc|bpf|cgroup|tmpfs|sunrpc|cgroup2?|configfs|debugfs|devpts|devtmpfs|fusectl|hugetlbfs|iso9660|mqueue|nsfs|overlay|proc|procfs|pstore|rpc_pipefs|securityfs|selinuxfs|squashfs|sysfs|tracefs)$"
+
+[Install]
+WantedBy=multi-user.target
--
GitLab
From 982be05a075cfbf665bbfae96b72770748789980 Mon Sep 17 00:00:00 2001
From: Bo-Chun Louis Chen <louistw@uab.edu>
Date: Wed, 26 Feb 2025 16:33:05 -0600
Subject: [PATCH 161/172] feat: add install_node_exporter in cluster.yml
---
ansible/cluster.yml | 1 +
1 file changed, 1 insertion(+)
diff --git a/ansible/cluster.yml b/ansible/cluster.yml
index 1e05580..9664bf9 100644
--- a/ansible/cluster.yml
+++ b/ansible/cluster.yml
@@ -13,3 +13,4 @@
- { name: 'rsyslog_config', tags: 'rsyslog_config', when: enable_rsyslog_config }
- { name: 'rewrite_map', tags: 'rewrite_map', when: enable_rewrite_map }
- { name: 'fail2ban', tags: 'fail2ban', when: enable_fail2ban }
+ - { name: 'install_node_exporter', tags: 'install_node_exporter', when: enable_node_exporter }
--
GitLab
From a96a7c84b35a62d1da621d57c0bb540b7c571f6d Mon Sep 17 00:00:00 2001
From: Bo-Chun Louis Chen <louistw@uab.edu>
Date: Wed, 5 Mar 2025 10:40:27 -0600
Subject: [PATCH 162/172] feat: open node exporter port in firewalld
---
ansible/roles/install_node_exporter/tasks/main.yaml | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/ansible/roles/install_node_exporter/tasks/main.yaml b/ansible/roles/install_node_exporter/tasks/main.yaml
index 3bee4a7..cb52fd3 100644
--- a/ansible/roles/install_node_exporter/tasks/main.yaml
+++ b/ansible/roles/install_node_exporter/tasks/main.yaml
@@ -58,3 +58,16 @@
name: node_exporter
state: restarted
enabled: true
+
+- name: Collect facts about system services
+ ansible.builtin.service_facts:
+
+- name: Configure firewalld to allow prometheus
+ ansible.posix.firewalld:
+ port: "{{ node_exporter_port }}/tcp"
+ zone: public
+ state: enabled
+ permanent: true
+ when:
+ - "'firewalld.service' in ansible_facts.services"
+ - ansible_facts.services["firewalld.service"].state == "running"
--
GitLab
From e7ae10b883b62168b20b562ab31b164bc66e14f1 Mon Sep 17 00:00:00 2001
From: Bo-Chun Louis Chen <louistw@uab.edu>
Date: Wed, 5 Mar 2025 11:27:23 -0600
Subject: [PATCH 163/172] fix: restart firewalld after change
---
ansible/roles/install_node_exporter/tasks/main.yaml | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/ansible/roles/install_node_exporter/tasks/main.yaml b/ansible/roles/install_node_exporter/tasks/main.yaml
index cb52fd3..4d9fe61 100644
--- a/ansible/roles/install_node_exporter/tasks/main.yaml
+++ b/ansible/roles/install_node_exporter/tasks/main.yaml
@@ -71,3 +71,9 @@
when:
- "'firewalld.service' in ansible_facts.services"
- ansible_facts.services["firewalld.service"].state == "running"
+
+- name: Enable and start firewalld
+ ansible.builtin.service:
+ name: firewalld
+ enabled: true
+ state: restarted
--
GitLab
From 815ced555fd3387bef85c089bdad3b0be0b418b5 Mon Sep 17 00:00:00 2001
From: Bo-Chun Louis Chen <louistw@uab.edu>
Date: Fri, 7 Mar 2025 10:28:00 -0600
Subject: [PATCH 164/172] fix: restart firewalld only when it was running
---
ansible/roles/install_node_exporter/tasks/main.yaml | 3 +++
1 file changed, 3 insertions(+)
diff --git a/ansible/roles/install_node_exporter/tasks/main.yaml b/ansible/roles/install_node_exporter/tasks/main.yaml
index 4d9fe61..205904b 100644
--- a/ansible/roles/install_node_exporter/tasks/main.yaml
+++ b/ansible/roles/install_node_exporter/tasks/main.yaml
@@ -77,3 +77,6 @@
name: firewalld
enabled: true
state: restarted
+ when:
+ - "'firewalld.service' in ansible_facts.services"
+ - ansible_facts.services["firewalld.service"].state == "running"
--
GitLab
From 09717c19594edc11da6b69f640ab55815178941b Mon Sep 17 00:00:00 2001
From: Eesaan Atluri <atlurie@uab.edu>
Date: Tue, 14 Jan 2025 21:53:09 -0500
Subject: [PATCH 165/172] feat: Use conditional to make --network optional
Closes https://gitlab.rc.uab.edu/rc/hpc-factory/-/issues/181
Defining a network can be optional when a port is already defined when
deploying a VM.
This commit adds flexibility where you can either use --port or
--network options to define a network during the deployment.
Alternatively, you can define both but the port cannot be from the same
network you used in the --network option. Otherwise, you will have two
ips from the same network which will cause network reachability issues.
---
.gitlab-ci.yml | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 8915b12..44e6bfa 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -206,12 +206,12 @@ deploy_http_proxy_node:
export cmd="openstack server create"
cmd+=" -c id -f value --image $HTTP_PROXY_IMAGE_ID"
cmd+=" --flavor $INSTANCE_FLAVOR"
- cmd+=" --network $PROXY_NETWORK"
for security_group in ${SECURITY_GROUP_LIST[@]};
do
cmd+=" --security-group $security_group"
done
cmd+=" --user-data user_data.txt"
+ if [ -n "$PROXY_NETWORK" ];then cmd+=" --network $PROXY_NETWORK"; fi
if [ -n "$HTTP_PROXY_PORT" ];then cmd+=" --port $HTTP_PROXY_PORT"; fi
cmd+=" --wait $HTTP_PROXY_INSTANCE_NAME"
- export HTTP_PROXY_INSTANCE_ID=$(bash -c "$cmd")
@@ -259,12 +259,12 @@ deploy_ssh_proxy_node:
export cmd="openstack server create"
cmd+=" -c id -f value --image $SSH_PROXY_IMAGE_ID"
cmd+=" --flavor $INSTANCE_FLAVOR"
- cmd+=" --network $PROXY_NETWORK"
for security_group in ${SECURITY_GROUP_LIST[@]};
do
cmd+=" --security-group $security_group"
done
cmd+=" --user-data user_data.txt"
+ if [ -n "$PROXY_NETWORK" ];then cmd+=" --network $PROXY_NETWORK"; fi
if [ -n "$SSH_PROXY_PORT" ];then cmd+=" --port $SSH_PROXY_PORT"; fi
cmd+=" --wait $SSH_PROXY_INSTANCE_NAME"
- export SSH_PROXY_INSTANCE_ID=$(bash -c "$cmd")
@@ -313,12 +313,12 @@ deploy_login_node:
export cmd="openstack server create"
cmd+=" -c id -f value --image $LOGIN_IMAGE_ID"
cmd+=" --flavor $INSTANCE_FLAVOR"
- cmd+=" --network $INSTANCE_NETWORK"
for security_group in ${SECURITY_GROUP_LIST[@]};
do
cmd+=" --security-group $security_group"
done
cmd+=" --user-data user_data.txt"
+ if [ -n "$INSTANCE_NETWORK" ];then cmd+=" --network $INSTANCE_NETWORK"; fi
if [ -n "$LOGIN_PORT" ];then cmd+=" --port $LOGIN_PORT"; fi
cmd+=" --wait $LOGIN_INSTANCE_NAME"
- export LOGIN_INSTANCE_ID=$(bash -c "$cmd")
--
GitLab
From b94d83eb19393bf0140a794521f82d921e3bf41d Mon Sep 17 00:00:00 2001
From: Bo-Chun Louis Chen <louistw@uab.edu>
Date: Fri, 14 Mar 2025 20:03:35 -0500
Subject: [PATCH 166/172] refactor: remove repeating code
---
.gitlab-ci.yml | 12 +-----------
1 file changed, 1 insertion(+), 11 deletions(-)
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index fd17b81..372147a 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -187,7 +187,7 @@ build_ood_image:
- export PKR_VAR_build_instance_name="${BUILD_TARGET}-${EXT_REPO_HEAD}"
- export PKR_VAR_image_date_suffix=false
- |
- if [[ $ENV == 'knightly' ]]; then
+ if [ $ENV = 'knightly' || $ENV = 'prod' ]; then
curl --header "PRIVATE-TOKEN: ${ANSIBLE_VAR_TOKEN}" \
"${CI_API_V4_URL}/projects/2836/repository/files/knightly/raw?ref=main" \
-o CRI_XCBC/group_vars/$ENV
@@ -196,16 +196,6 @@ build_ood_image:
'sed -i -E "s/(user_register_app_key: ).*/\1\"${SELF_REG_APP_KEY}\"/" CRI_XCBC/group_vars/$ENV'
'sed -i -E "s/(celery_user_password: ).*/\1\"${CELERY_PASSWD}\"/" CRI_XCBC/group_vars/$ENV'
'sed -i -E "s|(ssh_pub_key: ).*|\1\"{{ lookup(''file'', ''${SSH_PUB_KEY}'') }}\"|" CRI_XCBC/group_vars/$ENV'
- elif [[ $ENV == 'prod' ]]; then
- curl --header "PRIVATE-TOKEN: ${ANSIBLE_VAR_TOKEN}" \
- "${CI_API_V4_URL}/projects/2836/repository/files/prod/raw?ref=main" \
- -o CRI_XCBC/group_vars/$ENV
- 'sed -i -E "s/(lts_access_key: ).*/\1\"${AWS_ACCESS_KEY_ID}\"/" CRI_XCBC/group_vars/$ENV'
- 'sed -i -E "s/(lts_secret_key: ).*/\1\"${AWS_SECRET_ACCESS_KEY}\"/" CRI_XCBC/group_vars/$ENV'
- 'sed -i -E "s/(user_register_app_key: ).*/\1\"${SELF_REG_APP_KEY}\"/" CRI_XCBC/group_vars/$ENV'
- 'sed -i -E "s/(celery_user_password: ).*/\1\"${CELERY_PASSWD}\"/" CRI_XCBC/group_vars/$ENV'
- 'sed -i -E "s|(ssh_pub_key: ).*|\1\"{{ lookup(''file'', ''${SSH_PUB_KEY}'') }}\"|" CRI_XCBC/group_vars/$ENV'
- fi
- |
if [ $CI_PIPELINE_SOURCE == 'merge_request_event' ]; then
export PKR_VAR_image_name="ood-PR-${CI_MERGE_REQUEST_IID}"
--
GitLab
From c24c138cc101a297c1617d574454c7defdfacf14 Mon Sep 17 00:00:00 2001
From: Bo-Chun Louis Chen <louistw@uab.edu>
Date: Fri, 14 Mar 2025 20:30:31 -0500
Subject: [PATCH 167/172] refactor: remove unused condition
We do not run merge request pipeline, so no need to check for it
---
.gitlab-ci.yml | 6 +-----
1 file changed, 1 insertion(+), 5 deletions(-)
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 372147a..9a6a693 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -186,6 +186,7 @@ build_ood_image:
- export PKR_VAR_flavor="${OOD_BUILD_FLAVOR:-$PKR_VAR_flavor}"
- export PKR_VAR_build_instance_name="${BUILD_TARGET}-${EXT_REPO_HEAD}"
- export PKR_VAR_image_date_suffix=false
+ - export PKR_VAR_image_name="${BUILD_TARGET}-${BUILD_DATE}"
- |
if [ $ENV = 'knightly' || $ENV = 'prod' ]; then
curl --header "PRIVATE-TOKEN: ${ANSIBLE_VAR_TOKEN}" \
@@ -196,11 +197,6 @@ build_ood_image:
'sed -i -E "s/(user_register_app_key: ).*/\1\"${SELF_REG_APP_KEY}\"/" CRI_XCBC/group_vars/$ENV'
'sed -i -E "s/(celery_user_password: ).*/\1\"${CELERY_PASSWD}\"/" CRI_XCBC/group_vars/$ENV'
'sed -i -E "s|(ssh_pub_key: ).*|\1\"{{ lookup(''file'', ''${SSH_PUB_KEY}'') }}\"|" CRI_XCBC/group_vars/$ENV'
- - |
- if [ $CI_PIPELINE_SOURCE == 'merge_request_event' ]; then
- export PKR_VAR_image_name="ood-PR-${CI_MERGE_REQUEST_IID}"
- elif [ $CI_PIPELINE_SOURCE == 'schedule' ]; then
- export PKR_VAR_image_name="ood-${BUILD_DATE}"
fi
# packer commands
- packer init openstack-ood
--
GitLab
From 97e1f7f53384301db908cbe2df81412d5c9d1eec Mon Sep 17 00:00:00 2001
From: Bo-Chun Louis Chen <louistw@uab.edu>
Date: Tue, 18 Mar 2025 17:32:11 -0500
Subject: [PATCH 168/172] refactor: only run build pipeline in build
environment
Since build env is setup for building images, it makes more sense to
have all build jobs in that environment.
---
.gitlab-ci.yml | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 2873657..623ec22 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -113,7 +113,7 @@ workflow:
build_http_proxy_image:
stage: build
environment:
- name: $ENV
+ name: build
tags:
- build
variables:
@@ -126,7 +126,7 @@ build_http_proxy_image:
build_ssh_proxy_image:
stage: build
environment:
- name: $ENV
+ name: build
tags:
- build
variables:
@@ -165,7 +165,7 @@ build_ssh_proxy_image:
build_login_image:
stage: build
environment:
- name: $ENV
+ name: build
tags:
- build
<<: *build_login_image_template
@@ -176,7 +176,7 @@ build_login_image:
build_ood_image:
stage: build
environment:
- name: $ENV
+ name: build
tags:
- build
script:
--
GitLab
From c6391491af6507a27b7713249a974a2e8be16da1 Mon Sep 17 00:00:00 2001
From: Bo-Chun Louis Chen <louistw@uab.edu>
Date: Tue, 18 Mar 2025 19:05:50 -0500
Subject: [PATCH 169/172] style: bash test missing close square bracket
---
.gitlab-ci.yml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 623ec22..c976ebd 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -188,7 +188,7 @@ build_ood_image:
- export PKR_VAR_image_date_suffix=false
- export PKR_VAR_image_name="${BUILD_TARGET}-${BUILD_DATE}"
- |
- if [ $ENV = 'knightly' || $ENV = 'prod' ]; then
+ if [ $ENV = 'knightly' ] || [ $ENV = 'prod' ]; then
curl --header "PRIVATE-TOKEN: ${ANSIBLE_VAR_TOKEN}" \
"${CI_API_V4_URL}/projects/2836/repository/files/knightly/raw?ref=main" \
-o CRI_XCBC/group_vars/$ENV
--
GitLab
From 2e966d7b902af9c04d8336a73c625ba7f1a56e36 Mon Sep 17 00:00:00 2001
From: Bo-Chun Louis Chen <louistw@uab.edu>
Date: Wed, 19 Mar 2025 08:45:58 -0500
Subject: [PATCH 170/172] style: remove single quote around the command
---
.gitlab-ci.yml | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index c976ebd..deb2662 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -192,11 +192,11 @@ build_ood_image:
curl --header "PRIVATE-TOKEN: ${ANSIBLE_VAR_TOKEN}" \
"${CI_API_V4_URL}/projects/2836/repository/files/knightly/raw?ref=main" \
-o CRI_XCBC/group_vars/$ENV
- 'sed -i -E "s/(lts_access_key: ).*/\1\"${AWS_ACCESS_KEY_ID}\"/" CRI_XCBC/group_vars/$ENV'
- 'sed -i -E "s/(lts_secret_key: ).*/\1\"${AWS_SECRET_ACCESS_KEY}\"/" CRI_XCBC/group_vars/$ENV'
- 'sed -i -E "s/(user_register_app_key: ).*/\1\"${SELF_REG_APP_KEY}\"/" CRI_XCBC/group_vars/$ENV'
- 'sed -i -E "s/(celery_user_password: ).*/\1\"${CELERY_PASSWD}\"/" CRI_XCBC/group_vars/$ENV'
- 'sed -i -E "s|(ssh_pub_key: ).*|\1\"{{ lookup(''file'', ''${SSH_PUB_KEY}'') }}\"|" CRI_XCBC/group_vars/$ENV'
+ sed -i -E "s/(lts_access_key: ).*/\1\"${AWS_ACCESS_KEY_ID}\"/" CRI_XCBC/group_vars/$ENV
+ sed -i -E "s/(lts_secret_key: ).*/\1\"${AWS_SECRET_ACCESS_KEY}\"/" CRI_XCBC/group_vars/$ENV
+ sed -i -E "s/(user_register_app_key: ).*/\1\"${SELF_REG_APP_KEY}\"/" CRI_XCBC/group_vars/$ENV
+ sed -i -E "s/(celery_user_password: ).*/\1\"${CELERY_PASSWD}\"/" CRI_XCBC/group_vars/$ENV
+ sed -i -E "s|(ssh_pub_key: ).*|\1\"{{ lookup('file', '${SSH_PUB_KEY}') }}\"|" CRI_XCBC/group_vars/$ENV
fi
# packer commands
- packer init openstack-ood
--
GitLab
From 16a9c1646326840eed2cec9f60babe698f41f2ea Mon Sep 17 00:00:00 2001
From: Bo-Chun Louis Chen <louistw@uab.edu>
Date: Fri, 21 Mar 2025 19:14:47 -0500
Subject: [PATCH 171/172] fix: use ENV variable in ansible var url
---
.gitlab-ci.yml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index deb2662..3428c7a 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -190,7 +190,7 @@ build_ood_image:
- |
if [ $ENV = 'knightly' ] || [ $ENV = 'prod' ]; then
curl --header "PRIVATE-TOKEN: ${ANSIBLE_VAR_TOKEN}" \
- "${CI_API_V4_URL}/projects/2836/repository/files/knightly/raw?ref=main" \
+ "${CI_API_V4_URL}/projects/2836/repository/files/$ENV/raw?ref=main" \
-o CRI_XCBC/group_vars/$ENV
sed -i -E "s/(lts_access_key: ).*/\1\"${AWS_ACCESS_KEY_ID}\"/" CRI_XCBC/group_vars/$ENV
sed -i -E "s/(lts_secret_key: ).*/\1\"${AWS_SECRET_ACCESS_KEY}\"/" CRI_XCBC/group_vars/$ENV
--
GitLab
From df94461653e73f2737baf1dd432b2000deaa93f6 Mon Sep 17 00:00:00 2001
From: Krish Moodbidri <krish94@uab.edu>
Date: Wed, 26 Mar 2025 01:23:33 -0500
Subject: [PATCH 172/172] Use BUILD_TAG for image build prefix if set, else
fallback to BUILD_DATE
---
.gitlab-ci.yml | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 3428c7a..db544ce 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -85,7 +85,7 @@ workflow:
if [ $CI_PIPELINE_SOURCE == 'merge_request_event' ]; then
export PKR_VAR_image_name="${BUILD_TARGET}-PR-${CI_MERGE_REQUEST_IID}"
elif [ $CI_PIPELINE_SOURCE == 'schedule' ]; then
- export PKR_VAR_image_name="${BUILD_TARGET}-${BUILD_DATE}"
+ export PKR_VAR_image_name="${BUILD_TARGET}-${BUILD_TAG:-${BUILD_DATE}}"
fi
# Ansible var overrides
- |
@@ -148,7 +148,7 @@ build_ssh_proxy_image:
if [ $CI_PIPELINE_SOURCE == 'merge_request_event' ]; then
export PKR_VAR_image_name="${BUILD_TARGET}-PR-${CI_MERGE_REQUEST_IID}"
elif [ $CI_PIPELINE_SOURCE == 'schedule' ]; then
- export PKR_VAR_image_name="${BUILD_TARGET}-${BUILD_DATE}"
+ export PKR_VAR_image_name="${BUILD_TARGET}-${BUILD_TAG:-${BUILD_DATE}}"
fi
# packer commands
- packer init openstack-login
@@ -186,7 +186,7 @@ build_ood_image:
- export PKR_VAR_flavor="${OOD_BUILD_FLAVOR:-$PKR_VAR_flavor}"
- export PKR_VAR_build_instance_name="${BUILD_TARGET}-${EXT_REPO_HEAD}"
- export PKR_VAR_image_date_suffix=false
- - export PKR_VAR_image_name="${BUILD_TARGET}-${BUILD_DATE}"
+ - export PKR_VAR_image_name="${BUILD_TARGET}-${BUILD_TAG:-${BUILD_DATE}}"
- |
if [ $ENV = 'knightly' ] || [ $ENV = 'prod' ]; then
curl --header "PRIVATE-TOKEN: ${ANSIBLE_VAR_TOKEN}" \
--
GitLab