Initial commit

b815f993 · Chris King · b815f993 · b815f993 · b815f993 · b815f993
Commit b815f993 authored 3 years ago by Chris King
--- a/.gitignore
+++ b/.gitignore
+### Ansible ###
+*.retry
+
+### Packer ###
+# Cache objects
+packer_cache/
+
+# Crash log
+crash.log
+
+# https://www.packer.io/guides/hcl/variables
+# Exclude all .pkrvars.hcl files, which are likely to contain sensitive data,
+# such as password, private keys, and other secrets. These should not be part of
+# version control as they are data points which are potentially sensitive and
+# subject to change depending on the environment.
+#
+*.pkrvars.hcl
+
+# For built boxes
+*.box
+
+### Packer Patch ###
+# ignore temporary output files
+output-*/
+
+### Python ###
+# pyenv
+#   For a library or package, you might want to ignore these files since the code is
+#   intended to run in multiple environments; otherwise, check them in:
+# .python-version
+
+# Environments
+.env
+.venv
+env/
+venv/
+ENV/
+env.bak/
+venv.bak/
--- a/ansible/files/.gitignore
+++ b/ansible/files/.gitignore
+RPM-GPG-KEY-cm
+ca.pem
+cm.repo
+ldap.key
+ldap.pem
+munge.key
+nslcd.conf
--- a/ansible/node.yml
+++ b/ansible/node.yml
+---
+- name: Setup node for use as a cluster host
+  hosts: default
+  become: true
+
+  tasks:
+    - name: Update /etc/hosts with cluster addressing
+      ansible.builtin.lineinfile:
+        path: /etc/hosts
+        line: "{{ item }}"
+      loop:
+        - "172.20.0.24 cheaha-master02.cm.cluster cheaha-master02"
+        - "172.20.0.22 cheaha-master01.cm.cluster cheaha-master01"
+        - "172.20.0.25 master.cm.cluster master localmaster.cm.cluster localmaster ldapserver.cm.cluster ldapserver"
+    - name: Install prerequisite packages
+      yum:
+        name: epel-release
+        state: present
+    - name: Disable SELinux
+      ansible.posix.selinux:
+        state: disabled
+    - name: Copy cm.repo into place (consider making this a template)
+      ansible.builtin.copy:
+        src: cm.repo
+        dest: /etc/yum.repos.d/cm.repo
+        owner: root
+        group: root
+        mode: 0644
+    - name: Copy CM repo GPG key
+      ansible.builtin.copy:
+        src: RPM-GPG-KEY-cm
+        dest: /etc/pki/rpm-gpg/RPM-GPG-KEY-cm
+        owner: root
+        group: root
+        mode: 0644
+    - name: Create slurm group
+      ansible.builtin.group:
+        name: slurm
+        state: present
+        gid: 450
+    - name: Create slurm user
+      ansible.builtin.user:
+        name: slurm
+        state: present
+        uid: 450
+        group: slurm
+    - name: Install required packages
+      yum:
+        name:
+          - slurm-client-18.08.9-100463_cm8.2_a522576834.x86_64
+          - munge-0.5.13-139_cm8.2.x86_64
+          - openldap-servers-2.4.48-290_cm8.2
+          - Lmod-7.7.14-100054_cm8.2_4cb5624f0b.noarch
+          - cm-modules-init-client-8.2-70_cm8.2.noarch
+          - cmdaemon
+          - nss-pam-ldapd
+          - openldap-servers
+        state: present
+    - name: Update nsswitch.conf to look for ldap
+      ansible.builtin.replace:
+        dest: /etc/nsswitch.conf
+        regexp: '^({{ item }}:(?!.*\bldap\b).*)$'
+        replace: '\1 ldap'
+      loop:
+        - passwd
+        - shadow
+        - group
+        - netgroup
+        - automount 
+    - name: Set up NFS GPFS mount point(s)
+      ansible.posix.mount:
+        path: "{{ item.path }}"
+        src: "{{ item.src }}" 
+        fstype: "{{ item.fstype }}"
+        opts: "{{ item.opts }}" 
+        state: present
+      loop:
+        - { path: /cm/shared, src: "gpfs.rc.uab.edu:/data/cm/shared-8.2", fstype: nfs, opts: _netdev,defaults }
+        - { path: /data, src: "gpfs.rc.uab.edu:/data", fstype: nfs, opts: _netdev,defaults }
+        - { path: /home, src: "gpfs.rc.uab.edu:/data/user/home", fstype: nfs, opts: _netdev,defaults }
+    - name: Add ssh key for root access
+      ansible.posix.authorized_key:
+        user: root
+        state: present
+        key: "{{ root_ssh_key }}"
+    - name: Copy munge key
+      ansible.builtin.copy:
+        src: munge.key
+        dest: /etc/munge/munge.key
+        owner: daemon
+        group: root
+        mode: 0400
+    - name: Copy ldap cert(s) into place
+      ansible.builtin.copy:
+        src: "{{ item.src }}"
+        dest: "/cm/local/apps/openldap/etc/certs/{{ item.src }}"
+        owner: ldap
+        group: ldap
+        mode: 0440
+      loop:
+        - { src: ca.pem }
+        - { src: ldap.key }
+        - { src: ldap.pem }
+    - name: Copy ldap config into place
+      ansible.builtin.copy:
+        src: nslcd.conf 
+        dest: /etc/nslcd.conf
+        owner: root
+        group: root
+        mode: 0600
+    - name: Enable services
+      ansible.builtin.service:
+        name: "{{ item }}"
+        enabled: yes
+      loop:
+        - munge
+        - slurmd
+        - nslcd
+    - name: Create base directories
+      ansible.builtin.file:
+        path: "{{ item.dir }}"
+        state: directory
+        mode: "{{ item.mode }}"
+      loop:
+        - { dir: /local, mode: '0777' }
+        - { dir: /scratch, mode: '0755' }
+    - name: Create symbolic link from /scratch/local to /local
+      ansible.builtin.file:
+        src: /local
+        dest: /scratch/local
+        owner: root
+        group: root
+        state: link
+
+
--- a/openstack/nodeimage.pkr.hcl
+++ b/openstack/nodeimage.pkr.hcl
+locals {
+    local_image_name = "${var.image_name}${var.image_date_suffix ? formatdate("YYYYMMDDHHmm", timestamp()): ""}"
+}
+
+source "openstack" "image" {
+  image_name        = local.local_image_name
+  source_image_name = var.source_image
+  flavor            = var.flavor
+
+  floating_ip_network = var.floating_ip_network
+  networks = var.networks
+  security_groups = var.security_groups
+
+  ssh_username = var.ssh_username
+}
+
+build {
+  sources = ["source.openstack.image"]
+
+  provisioner "ansible" {
+    playbook_file = "./ansible/node.yml"
+    extra_arguments = [
+      "--extra-vars", "root_ssh_key='${var.root_ssh_key}'"
+    ]
+  }
+}
--- a/openstack/variables.pkr.hcl
+++ b/openstack/variables.pkr.hcl
+variable "root_ssh_key" {
+  type = string
+  description = "The root key to use for ssh"
+}
+
+variable "image_name" {
+  type        = string
+  default     = "cluster-image"
+  description = "Name of the image in openstack"
+}
+
+variable "image_date_suffix" {
+  type        = bool
+  default     = false
+  description = "Append a date to the image name (in YYYYMMDDHHMMSS format)"
+}
+
+variable "source_image" {
+  type        = string
+  description = "The name of the source image to use"
+}
+
+variable "flavor" {
+  type        = string
+  description = "The name of the flavor to use"
+}
+
+variable "ssh_username" {
+  type = string
+  default = "centos"
+  description = "The default username to use for SSH"
+}
+
+variable "floating_ip_network" {
+  type = string
+  description = "floating ip network to use with (temporary) ip assignmnet to a vm"
+}
+
+variable "networks" {
+  type = list(string)
+  description = "List of network UUIDs to assign to the network"
+}
+
+variable "security_groups" {
+  type = list(string)
+  default = []
+  description = "A list of security groups to add - you should make sure ssh access is open to the machine"
+}