Compare revisions

127d04c7 · 4eb28b87 · 1e73bee1 · 2d7e50d8 · 482f708e · 039aa18f
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
-image:
+default:
-  name: python:3.6
+  image: $CI_REGISTRY_IMAGE:latest
 variables:
-  PIP_CACHE_DIR: "$CI_PROJECT_DIR/.cache/pip"
+  CAMPUS_IP: 138.26.48.47
+  CHEAHA_IP: 172.20.10.9
+  TEST_IP: 138.26.49.134
  ANSIBLE_REMOTE_TMP: "/tmp"
-  PKR_VAR_flavor: "m1.small"
+  AWS_DEFAULT_REGION: "bhm"
+  AWS_HOST: "s3.lts.rc.uab.edu"
+  OS_AUTH_TYPE: "v3applicationcredential"
+  OS_AUTH_URL: "https://keystone.cloud.rc.uab.edu:5000/v3"
+  OS_IDENTITY_API_VERSION: "3"
+  OS_INTERFACE: "public"
+  OS_REGION_NAME: "bhm1"
+  PROXY_NETWORK: "proxy-net"
+  PKR_VAR_flavor: "m1.medium-ruffner"
  PKR_VAR_source_image: "CentOS-7-x86_64-GenericCloud-2009"
  PKR_VAR_floating_ip_network: "uab-campus"
-  PKR_VAR_security_groups: '["ssh-secgrp"]'
+  PKR_VAR_security_groups: '["allow-ssh"]'
  PKR_VAR_skip_create_image: "false"
  PKR_VAR_ssh_username: "centos"
-  PKR_VAR_networks: '["7ac7d980-20bc-4e53-8528-6809e139fdcc"]'
+  PKR_VAR_networks: '["8cf2f12e-905d-46d9-bc70-b0897c65f75a"]'
-  PKR_VAR_build_instance_name: "ood-${CI_COMMIT_SHORT_SHA}"
  GIT_AUTHOR_NAME: "Gitlab runner"
  GIT_AUTHOR_EMAIL: "gitlab@runner"
+  INSTANCE_FLAVOR: "m1.medium-ruffner"
-cache:
+  HTTP_PROXY_INSTANCE_NAME: "http-proxy"
-  paths:
+  SSH_PROXY_INSTANCE_NAME: "ssh-proxy"
-    - bin/
+  NUM_IMAGES_TO_KEEP: 5
-    - .cache/pip
-    - venv/
-    - CRI_XCBC/
 stages:
  - build
+  - deploy
  - cleanup
-setup_environment:
+workflow:
+  rules:
+    - if: $CI_PIPELINE_SOURCE == "web"
+    - if: $CI_PIPELINE_SOURCE == "schedule"
+.get_build_date: &get_build_date
+  - export BUILD_DATE=$(TZ=America/Chicago date +%Y-%m-%dT%H%M%S)
+  - echo BUILD_DATE=${BUILD_DATE}
+.update_ansible_repo: &update_ansible_repo
+  - *get_build_date
+  - |
+    export EXT_REPO_DIR=$(basename -s .git $EXT_PR_TARGET_REPO)
+    if [ ! -d $CI_PROJECT_DIR/$EXT_REPO_DIR ]; then
+      git clone ${EXT_PR_TARGET_REPO} ${EXT_REPO_DIR}
+      cd ${EXT_REPO_DIR}
+      git remote add upstream ${EXT_PR_SRC_REPO}
+      cd ..
+    fi
+  - cd ${EXT_REPO_DIR}
+  - git config user.name "${GIT_AUTHOR_NAME}"
+  - git config user.email "${GIT_AUTHOR_EMAIL}"
+  - git checkout ${EXT_PR_TARGET_BRANCH}
+  - git fetch origin ${EXT_PR_TARGET_BRANCH}
+  - git merge origin/${EXT_PR_TARGET_BRANCH}
+  - git checkout -b integration
+  - git fetch upstream ${EXT_PR_SRC_BRANCH}
+  - git merge upstream/${EXT_PR_SRC_BRANCH}
+  # export vars into job artifacts
+  - export EXT_REPO_HEAD=$(git rev-parse --short HEAD)
+  - export EXT_PR_SRC_BRANCH_SHA=$(git rev-parse --short upstream/${EXT_PR_SRC_BRANCH})
+  - export EXT_PR_TARGET_BRANCH_SHA=$(git rev-parse --short origin/${EXT_PR_TARGET_BRANCH})
+  - cd ..
+  - export PACKER_IMAGE_HEAD=$(git rev-parse --short HEAD)
+  - echo EXT_REPO_HEAD=${EXT_REPO_HEAD} | tee -a $CI_PROJECT_DIR/image.env
+  - echo EXT_PR_SRC_BRANCH_SHA=${EXT_PR_SRC_BRANCH_SHA} | tee -a $CI_PROJECT_DIR/image.env
+  - echo EXT_PR_TARGET_BRANCH_SHA=${EXT_PR_TARGET_BRANCH_SHA} | tee -a $CI_PROJECT_DIR/image.env
+  - echo PACKER_IMAGE_HEAD=${PACKER_IMAGE_HEAD} | tee -a $CI_PROJECT_DIR/image.env
+.get_ansible_files: &get_ansible_files
+  - s3cmd get --force -r --host=$AWS_HOST --host-bucket=$AWS_HOST s3://cheaha-cloud-ansible-files/ ansible/files/
+.build_proxy_image_template: &build_proxy_image_template
+  script:
+    - *update_ansible_repo
+    - *get_ansible_files
+    - |
+      image_tag=${BUILD_TARGET}\
+      ${BUILD_TAG:+-${BUILD_TAG}}\
+      ${CI_MERGE_REQUEST_IID:+-PR-${CI_MERGE_REQUEST_IID}}-\
+      ${ENV}
+    # packer vars for job env
+    - export PKR_VAR_flavor="${PROXY_BUILD_FLAVOR:-$PKR_VAR_flavor}"
+    - export PKR_VAR_build_instance_name="${BUILD_TARGET}-${EXT_REPO_HEAD}"
+    - export PKR_VAR_image_date_suffix=false
+    - export PKR_VAR_image_tags="[\"${image_tag}\"]"
+    - export PKR_VAR_image_name=${image_tag}-${BUILD_DATE}
+    # packer commands
+    - packer init openstack-proxy
+    - packer validate openstack-proxy
+    - packer build -machine-readable openstack-proxy | tee proxy_build.log
+    - export BUILT_PROXY_IMAGE_ID=$(grep 'Image:' proxy_build.log | awk '{print $4}')
+    - echo BUILT_PROXY_IMAGE_ID=${BUILT_PROXY_IMAGE_ID} | tee -a $CI_PROJECT_DIR/image.env
+    - echo image_tag=${image_tag} | tee -a $CI_PROJECT_DIR/image.env
+    # set image properties with repo state
+    - openstack image set --property EXT_PR_SRC_REPO=${EXT_PR_SRC_REPO} --property EXT_PR_SRC_BRANCH_SHA=${EXT_PR_SRC_BRANCH_SHA} --property EXT_PR_TARGET_REPO=${EXT_PR_TARGET_REPO} --property EXT_PR_TARGET_BRANCH_SHA=${EXT_PR_TARGET_BRANCH_SHA} --property PACKER_IMAGE_HEAD=${PACKER_IMAGE_HEAD} ${BUILT_PROXY_IMAGE_ID}
+  artifacts:
+    reports:
+      dotenv: image.env
+build_http_proxy_image:
  stage: build
+  environment:
+    name: build
  tags:
    - build
-  script:
+  variables:
-    - >
+    PROXY_ENABLE_VAR: "enable_http_proxy"
-      if [ ! -f $CI_PROJECT_DIR/bin/packer ]; then
+  <<: *build_proxy_image_template
-        wget https://releases.hashicorp.com/packer/1.8.3/packer_1.8.3_linux_amd64.zip
+  rules:
-        unzip packer_1.8.3_linux_amd64.zip -d bin
+    - if: $PIPELINE_TARGET == "build" && $BUILD_TARGET == "http-proxy"
-        rm -vf *.zip
+      when: always
-      fi
-    - $CI_PROJECT_DIR/bin/packer --version
+build_ssh_proxy_image:
-    - python --version
-    - python3 -m venv venv
-    - source venv/bin/activate
-    - pip install --upgrade pip
-    - pip install s3cmd ansible
-    - >
-      if cd CRI_XCBC; then
-        git checkout uab-prod; git pull;
-        git fetch origin '+refs/pull/*/head:refs/remotes/origin/pr/*';
-      else
-        git clone https://github.com/uabrc/CRI_XCBC.git;
-        cd CRI_XCBC;
-        git remote add upstream https://github.com/jprorama/CRI_XCBC.git
-      fi
-    - >
-      git config user.name "${GIT_AUTHOR_NAME}";
-      git config user.email "${GIT_AUTHOR_EMAIL}";
-      git fetch upstream;
-      git fetch upstream '+refs/pull/*/head:refs/remotes/upstream/pr/*';
-      git checkout -b integration;
-      git merge upstream/uab-dev;
-      cd ..;
-    - s3cmd get --force --host=$AWS_HOST --host-bucket=$AWS_HOST s3://ood-config/group_vars/all CRI_XCBC/group_vars/prod
-    - s3cmd get --force -r --host=$AWS_HOST --host-bucket=$AWS_HOST s3://cheaha-cloud-ansible-files/ ansible/files/
-validate:
  stage: build
-  needs:
+  environment:
-    - setup_environment
+    name: build
  tags:
    - build
+  variables:
+    PROXY_ENABLE_VAR: "enable_ssh_proxy"
+  <<: *build_proxy_image_template
+  rules:
+    - if: $PIPELINE_TARGET == "build" && $BUILD_TARGET == "ssh-proxy"
+      when: always
+.build_login_image_template: &build_login_image_template
  script:
-    - source venv/bin/activate
+    - *update_ansible_repo
-    - $CI_PROJECT_DIR/bin/packer validate openstack
+    - *get_ansible_files
+    - |
+      image_tag=${BUILD_TARGET}\
+      ${BUILD_TAG:+-${BUILD_TAG}}\
+      ${CI_MERGE_REQUEST_IID:+-PR-${CI_MERGE_REQUEST_IID}}-\
+      ${ENV}
+    # packer vars for job env
+    - export PKR_VAR_flavor="${PROXY_BUILD_FLAVOR:-$PKR_VAR_flavor}"
+    - export PKR_VAR_build_instance_name="${BUILD_TARGET}-${EXT_REPO_HEAD}"
+    - export PKR_VAR_image_date_suffix=false
+    - export PKR_VAR_image_tags="[\"${image_tag}\"]"
+    - export PKR_VAR_image_name=${image_tag}-${BUILD_DATE}
+    # packer commands
+    - packer init openstack-login
+    - packer validate openstack-login
+    - packer build -machine-readable openstack-login | tee login_build.log
+    - export BUILT_LOGIN_IMAGE_ID=$(grep 'Image:' login_build.log | awk '{print $4}')
+    - echo BUILT_LOGIN_IMAGE_ID=${BUILT_LOGIN_IMAGE_ID} | tee -a $CI_PROJECT_DIR/image.env
+    - echo image_tag=${image_tag} | tee -a $CI_PROJECT_DIR/image.env
+    # set image properties with repo state
+    - openstack image set --property EXT_PR_SRC_REPO=${EXT_PR_SRC_REPO} --property EXT_PR_SRC_BRANCH_SHA=${EXT_PR_SRC_BRANCH_SHA} --property EXT_PR_TARGET_REPO=${EXT_PR_TARGET_REPO} --property EXT_PR_TARGET_BRANCH_SHA=${EXT_PR_TARGET_BRANCH_SHA} --property PACKER_IMAGE_HEAD=${CI_COMMIT_SHORT_SHA} ${BUILT_LOGIN_IMAGE_ID}
+  artifacts:
+    reports:
+      dotenv: image.env
-build_image:
+build_login_image:
  stage: build
-  needs:
+  environment:
-    - validate
+    name: build
+  tags:
+    - build
+  <<: *build_login_image_template
+  rules:
+    - if: $PIPELINE_TARGET == "build" && $BUILD_TARGET == "login"
+      when: always
+build_ood_image:
+  stage: build
+  environment:
+    name: build
+  tags:
+    - build
+  script:
+    - *update_ansible_repo
+    - *get_ansible_files
+    - |
+      image_tag=${BUILD_TARGET}\
+      ${BUILD_TAG:+-${BUILD_TAG}}\
+      ${CI_MERGE_REQUEST_IID:+-PR-${CI_MERGE_REQUEST_IID}}-\
+      ${ENV}
+    # packer vars for job env
+    - export PKR_VAR_flavor="${OOD_BUILD_FLAVOR:-$PKR_VAR_flavor}"
+    - export PKR_VAR_build_instance_name="${BUILD_TARGET}-${EXT_REPO_HEAD}"
+    - export PKR_VAR_image_date_suffix=false
+    - export PKR_VAR_image_tags="[\"${image_tag}\"]"
+    - export PKR_VAR_image_name=${image_tag}-${BUILD_DATE}
+    - |
+      if [ $ENV = 'knightly' ] || [ $ENV = 'prod' ]; then
+        curl --header "PRIVATE-TOKEN: ${ANSIBLE_VAR_TOKEN}" \
+        "${CI_API_V4_URL}/projects/2836/repository/files/$ENV/raw?ref=main" \
+        -o CRI_XCBC/group_vars/$ENV
+      fi
+    # packer commands
+    - packer init openstack-ood
+    - packer validate openstack-ood
+    - packer build -machine-readable openstack-ood | tee ood_build.log
+    - export BUILT_OOD_IMAGE_ID=$(grep 'Image:' ood_build.log | awk '{print $4}')
+    - echo BUILT_OOD_IMAGE_ID=${BUILT_OOD_IMAGE_ID} | tee -a $CI_PROJECT_DIR/image.env
+    - echo image_tag=${image_tag} | tee -a $CI_PROJECT_DIR/image.env
+    # set image properties with repo state
+    - openstack image set --property EXT_PR_SRC_REPO=${EXT_PR_SRC_REPO} --property EXT_PR_SRC_BRANCH_SHA=${EXT_PR_SRC_BRANCH_SHA} --property EXT_PR_TARGET_REPO=${EXT_PR_TARGET_REPO} --property EXT_PR_TARGET_BRANCH_SHA=${EXT_PR_TARGET_BRANCH_SHA} --property PACKER_IMAGE_HEAD=${CI_COMMIT_SHORT_SHA} ${BUILT_OOD_IMAGE_ID}
+  artifacts:
+    reports:
+      dotenv: image.env
+  rules:
+    - if: $BUILD_TARGET == "ood"
+      when: always
+deploy_http_proxy_node:
+  stage: deploy
+  environment:
+    name: $ENV
+  tags:
+    - build
+  script:
+    - openstack image set --accept $HTTP_PROXY_IMAGE_ID || true
+    - FAILED=false
+    - |
+      cat > user_data.txt <<EOF
+      #!/bin/bash
+      cat >> /etc/NetworkManager/conf.d/90-dns-none.conf<<EEOF
+      [main]
+      dns=none
+      EEOF
+      systemctl reload NetworkManager
+      echo "$DEV_KEY" >> /root/.ssh/authorized_keys
+      ip route replace default via ${DEFAULT_GATEWAY_IP} dev eth0
+      git clone ${CI_REPOSITORY_URL} /tmp/${CI_PROJECT_NAME}
+      cd /tmp/${CI_PROJECT_NAME}
+      git checkout ${CI_COMMIT_REF_NAME}
+      cat >> ansible/hosts<<EEOF
+      [$ENV]
+      127.0.0.1
+      EEOF
+      ansible-playbook -c local -i ansible/hosts --extra-vars="$EXTRA_VARS" ansible/cluster.yml | tee -a /tmp/ansible.log
+      rm -rf /tmp/${CI_PROJECT_NAME}
+      EOF
+    - |
+      export cmd="openstack server create"
+      cmd+=" -c id -f value --image $HTTP_PROXY_IMAGE_ID"
+      cmd+=" --flavor $INSTANCE_FLAVOR"
+      for security_group in ${SECURITY_GROUP_LIST[@]};
+      do
+        cmd+=" --security-group $security_group"
+      done
+      cmd+=" --user-data user_data.txt"
+      if [ -n "$PROXY_NETWORK" ];then cmd+=" --network $PROXY_NETWORK"; fi
+      if [ -n "$HTTP_PROXY_PORT" ];then cmd+=" --port $HTTP_PROXY_PORT"; fi
+      cmd+=" --wait $HTTP_PROXY_INSTANCE_NAME"
+    - export HTTP_PROXY_INSTANCE_ID=$(bash -c "$cmd")
+    - |
+      # Associate the floating IP(s) with the HTTP Proxy instance
+      for HTTP_PROXY_FLOATING_IP in ${HTTP_PROXY_FLOATING_IP_LIST[@]};
+      do
+        echo "Associating FLOATING_IP $HTTP_PROXY_FLOATING_IP with HTTP_PROXY_INSTANCE_ID $HTTP_PROXY_INSTANCE_ID"
+        openstack server add floating ip $HTTP_PROXY_INSTANCE_ID $HTTP_PROXY_FLOATING_IP
+      done
+  rules:
+    - if: $PIPELINE_TARGET == "deploy" && $HTTP_PROXY_IMAGE_ID
+      when: always
+deploy_ssh_proxy_node:
+  stage: deploy
+  environment:
+    name: $ENV
+  tags:
+    - build
+  script:
+    - openstack image set --accept $SSH_PROXY_IMAGE_ID || true
+    - FAILED=false
+    - |
+      cat > user_data.txt <<EOF
+      #!/bin/bash
+      cat >> /etc/NetworkManager/conf.d/90-dns-none.conf<<EEOF
+      [main]
+      dns=none
+      EEOF
+      systemctl reload NetworkManager
+      echo "$DEV_KEY" >> /root/.ssh/authorized_keys
+      ip route replace default via ${DEFAULT_GATEWAY_IP} dev eth0
+      git clone ${CI_REPOSITORY_URL} /tmp/${CI_PROJECT_NAME}
+      cd /tmp/${CI_PROJECT_NAME}
+      git checkout ${CI_COMMIT_REF_NAME}
+      cat >> ansible/hosts<<EEOF
+      [$ENV]
+      127.0.0.1
+      EEOF
+      ansible-playbook -c local -i ansible/hosts --extra-vars="$EXTRA_VARS" ansible/cluster.yml | tee -a /tmp/ansible.log
+      rm -rf /tmp/${CI_PROJECT_NAME}
+      EOF
+    - |
+      export cmd="openstack server create"
+      cmd+=" -c id -f value --image $SSH_PROXY_IMAGE_ID"
+      cmd+=" --flavor $INSTANCE_FLAVOR"
+      for security_group in ${SECURITY_GROUP_LIST[@]};
+      do
+        cmd+=" --security-group $security_group"
+      done
+      cmd+=" --user-data user_data.txt"
+      if [ -n "$PROXY_NETWORK" ];then cmd+=" --network $PROXY_NETWORK"; fi
+      if [ -n "$SSH_PROXY_PORT" ];then cmd+=" --port $SSH_PROXY_PORT"; fi
+      cmd+=" --wait $SSH_PROXY_INSTANCE_NAME"
+    - export SSH_PROXY_INSTANCE_ID=$(bash -c "$cmd")
+    - |
+      # Associate the floating IP(s) with the SSH Proxy instance
+      for SSH_PROXY_FLOATING_IP in ${SSH_PROXY_FLOATING_IP_LIST[@]};
+      do
+        echo "Associating FLOATING_IP $SSH_PROXY_FLOATING_IP with SSH_PROXY_INSTANCE_ID $SSH_PROXY_INSTANCE_ID"
+        openstack server add floating ip $SSH_PROXY_INSTANCE_ID $SSH_PROXY_FLOATING_IP
+      done
+  rules:
+    - if: $PIPELINE_TARGET == "deploy" && $SSH_PROXY_IMAGE_ID
+      when: always
+deploy_login_node:
+  stage: deploy
+  environment:
+    name: $ENV
  tags:
    - build
  script:
-    - "sed -i 's/hosts:.*$/hosts: default/' CRI_XCBC/ood-packer.yaml"
+    - openstack image set --accept $LOGIN_IMAGE_ID || true
-    - cat CRI_XCBC/ood-packer.yaml
+    - FAILED=false
-    - source venv/bin/activate
+    - |
-    - sed -i 's/\(\"--extra-vars\)/\"-vvv\", \1/' openstack/nodeimage.pkr.hcl
+      cat > user_data.txt <<EOF
-    - sed -i 's/inventory_file.*/extra_arguments=[\"-vvv\"]/' openstack/nodeimage.pkr.hcl
+      #!/bin/bash
-    - cat openstack/nodeimage.pkr.hcl
+      cat >> /etc/NetworkManager/conf.d/90-dns-none.conf<<EEOF
-    - >
+      [main]
-      PKR_VAR_image_date_suffix=true PKR_VAR_image_name=ood $CI_PROJECT_DIR/bin/packer build openstack
+      dns=none
+      EEOF
-cleanup:
+      systemctl reload NetworkManager
-  when: always
+      echo "$DEV_KEY" >> /root/.ssh/authorized_keys
+      ip route replace default via ${DEFAULT_GATEWAY_IP} dev eth0
+      git clone ${CI_REPOSITORY_URL} /tmp/${CI_PROJECT_NAME}
+      cd /tmp/${CI_PROJECT_NAME}
+      git checkout ${CI_COMMIT_REF_NAME}
+      cat >> ansible/hosts<<EEOF
+      [$ENV]
+      127.0.0.1
+      EEOF
+      s3cmd get --force -r --access_key=$AWS_ACCESS_KEY_ID --secret_key=$AWS_SECRET_ACCESS_KEY --host=$AWS_HOST --host-bucket=$AWS_HOST s3://cheaha-cloud-ansible-files/ /tmp/${CI_PROJECT_NAME}/ansible/files/ 
+      ansible-playbook -c local -i ansible/hosts --extra-vars="$EXTRA_VARS" ansible/cluster.yml | tee -a /tmp/ansible.log
+      rm -rf /tmp/${CI_PROJECT_NAME}
+      EOF
+    - |
+      export cmd="openstack server create"
+      cmd+=" -c id -f value --image $LOGIN_IMAGE_ID"
+      cmd+=" --flavor $INSTANCE_FLAVOR"
+      for security_group in ${SECURITY_GROUP_LIST[@]};
+      do
+        cmd+=" --security-group $security_group"
+      done
+      cmd+=" --user-data user_data.txt"
+      if [ -n "$INSTANCE_NETWORK" ];then cmd+=" --network $INSTANCE_NETWORK"; fi
+      if [ -n "$LOGIN_PORT" ];then cmd+=" --port $LOGIN_PORT"; fi
+      cmd+=" --wait $LOGIN_INSTANCE_NAME"
+    - export LOGIN_INSTANCE_ID=$(bash -c "$cmd")
+    - |
+      # Associate the floating IP(s) with the SSH Proxy instance
+      for LOGIN_FLOATING_IP in ${LOGIN_FLOATING_IP_LIST[@]};
+      do
+        echo "Associating FLOATING_IP $LOGIN_FLOATING_IP with LOGIN_INSTANCE_ID $LOGIN_INSTANCE_ID"
+        openstack server add floating ip $LOGIN_INSTANCE_ID $LOGIN_FLOATING_IP
+      done
+  rules:
+    - if: $PIPELINE_TARGET == "deploy" && $LOGIN_IMAGE_ID
+      when: always
+deploy_ood_node:
+  stage: deploy
+  environment:
+    name: $ENV
+  tags:
+    - build
+  before_script:
+    - |
+      for OOD_FLOATING_IP in ${OOD_FLOATING_IP_LIST[@]}; do
+        OOD_FIXED_IP=$(
+          openstack floating ip list \
+          --floating-ip-address $OOD_FLOATING_IP -c "Fixed IP Address" -f value)
+        CURRENT_INSTANCE_ID=$(
+          openstack server list \
+          --name $OOD_INSTANCE_NAME --ip $OOD_FIXED_IP -c ID -f value)
+        openstack server remove floating ip $CURRENT_INSTANCE_ID $OOD_FLOATING_IP
+      done
+    - |
+      if [ -n "$OOD_PORT" ];then
+        openstack server remove port $CURRENT_INSTANCE_ID $OOD_PORT
+      fi
+  script:
+    - OOD_IMAGE_ID="${BUILT_OOD_IMAGE_ID:-$OOD_IMAGE_ID}"
+    - openstack image set --accept $OOD_IMAGE_ID || true
+    - FAILED=false
+    - |
+      cat > user_data.txt <<EOF
+      #!/bin/bash
+      cat >> /etc/NetworkManager/conf.d/90-dns-none.conf<<EEOF
+      [main]
+      dns=none
+      EEOF
+      systemctl reload NetworkManager
+      echo "$DEV_KEY" >> /root/.ssh/authorized_keys
+      ip route replace default via ${DEFAULT_GATEWAY_IP} dev eth0
+      git clone ${CI_REPOSITORY_URL} /tmp/${CI_PROJECT_NAME}
+      cd /tmp/${CI_PROJECT_NAME}
+      git checkout ${CI_COMMIT_REF_NAME}
+      cat >> ansible/hosts<<EEOF
+      [$ENV]
+      127.0.0.1
+      EEOF
+      s3cmd get --force -r --access_key=$AWS_ACCESS_KEY_ID --secret_key=$AWS_SECRET_ACCESS_KEY --host=$AWS_HOST --host-bucket=$AWS_HOST s3://cheaha-cloud-ansible-files/ /tmp/${CI_PROJECT_NAME}/ansible/files/
+      ansible-playbook -c local -i ansible/hosts --extra-vars="$EXTRA_VARS" ansible/cluster.yml | tee -a /tmp/ansible.log
+      rm -rf /tmp/${CI_PROJECT_NAME}
+      EOF
+    - |
+      export cmd="openstack server create"
+      cmd+=" -c id -f value --image $OOD_IMAGE_ID"
+      cmd+=" --flavor $INSTANCE_FLAVOR"
+      for security_group in ${SECURITY_GROUP_LIST[@]};
+      do
+        cmd+=" --security-group $security_group"
+      done
+      cmd+=" --user-data user_data.txt"
+      if [ -n "$INSTANCE_NETWORK" ];then cmd+=" --network $INSTANCE_NETWORK"; fi
+      if [ -n "$OOD_PORT" ];then cmd+=" --port $OOD_PORT"; fi
+      cmd+=" --wait $OOD_INSTANCE_NAME"
+    - export OOD_INSTANCE_ID=$(bash -c "$cmd")
+    - |
+      # Associate the floating IP(s) with the SSH Proxy instance
+      for OOD_FLOATING_IP in ${OOD_FLOATING_IP_LIST[@]};
+      do
+        echo "Associating FLOATING_IP $OOD_FLOATING_IP with OOD_INSTANCE_ID $OOD_INSTANCE_ID"
+        openstack server add floating ip $OOD_INSTANCE_ID $OOD_FLOATING_IP
+      done
+  rules:
+    - if: $DEPLOY_TARGET == "ood"
+      when: always
+cleanup_img:
  stage: cleanup
+  environment:
+    name: $ENV
  tags:
    - build
  script:
-    - >
+    - |
-      cd CRI_XCBC;
+      OS_PROJECT_ID=$(
-      git reset --hard;
+        openstack application credential \
-      git checkout uab-prod;
+        show $OS_APPLICATION_CREDENTIAL_ID -f value -c project_id
-      git branch -D integration;
+      )
+    - |
+      IMAGES_TO_DELETE=($(
+        openstack image list --tag ${image_tag} \
+        --sort created_at:desc -f value -c ID \
+        --property owner=$OS_PROJECT_ID | tail -n +$((NUM_IMAGES_TO_KEEP+1))
+      ))
+    - |
+      for img in ${IMAGES_TO_DELETE[@]}; do
+        echo "Deleting image $img"
+        openstack image delete ${img}
+      done
+  rules:
+    - if: $NUM_IMAGES_TO_KEEP =~ /^(-\d+|0)$/
+      when: never
+    - if: $BUILD_TARGET
--- a/Dockerfile
+++ b/Dockerfile
+FROM python:3.8-slim
+ENV S3CMD_VER=2.3.0
+ENV ANSIBLE_VER=4.10.0
+ENV OSC_VER=5.8.0
+ENV TF_VER=1.4.6
+ENV PACKER_VER=1.9.4
+RUN apt-get update && apt-get install --no-install-recommends -y \
+    git \
+    ssh \
+    curl \
+    wget \
+    unzip \
+ && rm -rf /var/lib/apt/lists/*
+RUN wget https://releases.hashicorp.com/packer/${PACKER_VER}/packer_${PACKER_VER}_linux_amd64.zip \
+    && unzip packer_${PACKER_VER}_linux_amd64.zip -d /usr/local/bin \
+    && rm packer_${PACKER_VER}_linux_amd64.zip
+RUN wget https://releases.hashicorp.com/terraform/${TF_VER}/terraform_${TF_VER}_linux_amd64.zip \
+    && unzip terraform_${TF_VER}_linux_amd64.zip -d /usr/local/bin \
+    && rm terraform_${TF_VER}_linux_amd64.zip
+RUN pip install --no-cache-dir --upgrade pip \
+ && pip install --no-cache-dir \
+    s3cmd==$S3CMD_VER \
+    ansible==$ANSIBLE_VER \
+    python-openstackclient==$OSC_VER
--- a/ansible/ansible.cfg
+++ b/ansible/ansible.cfg
+[defaults]
+# change the default callback, you can only have one 'stdout' type  enabled at a time.
+#stdout_callback = skippy
+stdout_callback = yaml
+## Ansible ships with some plugins that require whitelisting,
+## this is done to avoid running all of a type by default.
+## These setting lists those that you want enabled for your system.
+## Custom plugins should not need this unless plugin author specifies it.
+# enable callback plugins, they can output to stdout but cannot be 'stdout' type.
+callbacks_enabled = timer, debug, profile_roles, profile_tasks, minimal
+# Force color
+force_color = true
--- a/ansible/base.yml
+++ b/ansible/base.yml
+---
+- name: Install base packages
+  hosts: default
+  become: true
+  roles:
+    - { name: 'fix_centos_repo', tags: 'fix_centos_repo' }
+    - { name: 'install_packages', tags: 'install_packages' }
--- a/ansible/cheaha-compute-yum-pkg-list.txt
+++ b/ansible/cheaha-compute-yum-pkg-list.txt
--- a/ansible/cluster.yml
+++ b/ansible/cluster.yml
+---
+- name: Setup node for use as a virtual cheaha node
+  hosts: all
+  become: true
+  roles:
+    - { name: 'cheaha.node', tags: 'cheaha.node' }
+    - { name: 'nfs_mounts', tags: 'nfs_mounts', when: enable_nfs_mounts }
+    - { name: 'ldap_config', tags: 'ldap_config' }
+    - { name: 'slurm_client', tags: 'slurm_client', when: enable_slurm_client }
+    - { name: 'ssh_host_keys', tags: 'ssh_host_keys' }
+    - { name: 'ssh_proxy_config', tags: 'ssh_proxy_config', when: enable_ssh_proxy_config }
+    - { name: 'ssl_cert', tags: 'ssl_cert', when: enable_ssl_certs }
+    - { name: 'rsyslog_config', tags: 'rsyslog_config', when: enable_rsyslog_config }
+    - { name: 'rewrite_map', tags: 'rewrite_map', when: enable_rewrite_map }
+    - { name: 'fail2ban', tags: 'fail2ban', when: enable_fail2ban }
+    - { name: 'install_node_exporter', tags: 'install_node_exporter', when: enable_node_exporter }
+    - { name: 'ood_config', tags: 'ood_config', when: enable_ood_config }
--- a/ansible/files/build-zsh.sh
+++ b/ansible/files/build-zsh.sh
+#!/bin/bash
+name=zsh
+version=5.9
+mkdir -p BUILD RPMS SOURCES SPECS SRPMS
+prereqs="git epel-release bzip2 xz gzip tar"
+rpm -q $prereqs
+if [ $? -ne 0 ]; then sudo yum -y install $prereqs; fi
+git clone https://src.fedoraproject.org/rpms/${name}.git
+cp ${name}/${name}.spec SPECS/
+cp ${name}/*.rhs SOURCES/
+cp ${name}/dot* SOURCES/
+# Perl may not be available, switching to sed
+#perl -pi -e 's/^(BuildRequires: glibc-langpack-ja)/#$1/g;' ${name}/${name}.spec
+sed -i '/BuildRequires: glibc-langpack-ja/s/^/#/' SPECS/${name}.spec
+pkgs="rpm-build $(grep -E '^BuildRequires|^Requires' SPECS/${name}.spec | awk '{print $2}' | tr '\n' ' ')"; echo $pkgs
+rpm -q $pkgs
+if [ $? -ne 0 ]; then sudo yum install -y $pkgs; fi
+if [ ! -f SOURCES/${name}-${version}.tar.xz ] ; then
+  curl -L -o SOURCES/${name}-${version}.tar.xz https://downloads.sourceforge.net/${name}/${name}-${version}.tar.xz
+fi
+if [ ! -f SOURCES/${name}-${version}.tar.xz.asc ] ; then
+  curl -L -o SOURCES/${name}-${version}.tar.xz.asc https://downloads.sourceforge.net/${name}/${name}-${version}.tar.xz.asc
+fi
+cd SOURCES
+sha512sum -c ../${name}/sources
+retval=$?
+cd -
+if [ $retval -ne 0 ]; then
+#  echo "SOURCES/${name}-${version}.tar.gz did not match checksum in ${name}/source"
+  exit 1
+fi
+rpmbuild --define "_topdir `pwd`" -bb SPECS/${name}.spec
--- a/ansible/files/nux-dextop.repo
+++ b/ansible/files/nux-dextop.repo
 [nux-dextop]
 name=Nux.Ro RPMs for general desktop use
-baseurl=http://li.nux.ro/download/nux/dextop/el7/$basearch/ http://mirror.li.nux.ro/li.nux.ro/nux/dextop/el7/$basearch/
+baseurl=http://li.nux.ro/download/nux/dextop/el7/$basearch/
 enabled=1
 gpgcheck=1
 gpgkey=http://li.nux.ro/download/nux/RPM-GPG-KEY-nux.ro

--- a/ansible/gpu.yml
+++ b/ansible/gpu.yml
+---
+- name: Setup node for use as a cluster host with gpu drivers/pkgs
+  hosts: default
+  become: true
+  roles:
+    - { name: 'fix_centos_repo', tags: 'fix_centos_repo' }
+    - { name: 'install_packages', tags: 'install_packages' }
+    - { name: 'cuda_driver', tags: 'cuda_driver' }
+    - { name: 'pam_slurm_adopt', tags: 'pam_slurm_adopt' }
+    - { name: 'install_nhc', tags: 'install_nhc'}
+- name: Setup node for use as a virtual cheaha node
+  ansible.builtin.import_playbook: cheaha.yml
--- a/ansible/group_vars/all
+++ b/ansible/group_vars/all
 ---
-  #This file path is relative to the ansible playbook.
+  zsh_ver: 5.7.1
-  pkg_list_file: "cheaha-compute-yum-pkg-list.txt"
+  zsh_src_url: "https://www.zsh.org/pub/old/zsh-{{ zsh_ver }}.tar.xz"
+  yum_repo_files: []
+  pkg_list: []
+  slurm_version: 18.08.9
+  enable_slurm_client: false
-  lmod_db_host_machine: "ohpc"
+# NHC related
-  driver_run_file_link: "https://developer.download.nvidia.com/compute/cuda/11.8.0/local_installers/cuda_11.8.0_520.61.05_linux.run"
+  nhc_download_url: "https://github.com/mej/nhc/releases/download/1.4.3/lbnl-nhc-1.4.3-1.el7.noarch.rpm"
+  nhc_download_path: "/tmp"
+  nhc_git_repo: "https://gitlab.rc.uab.edu/rc/nhc.git"
+  nhc_git_repo_path: "/tmp/nhc"
+  root_ssh_key: ""
+# cheaha.node related
+  hostname_lookup_table:
+    - "10.141.255.254 master.cm.cluster master localmaster.cm.cluster localmaster ldapserver.cm.cluster ldapserver"
+  domain_search_list:
+    - openstack.internal
+    - cm.cluster
+  nameserver_list:
+    - 10.141.255.254
+# ldap_config related
+  ldap_cert_path: "/etc/openldap/certs"
+  ldap_uri: "ldap://ldapserver"
+# nfs_mounts related
+  enable_nfs_mounts: true
+  use_autofs: false
+  use_fstab: false
+  mount_points:
+    - { "src": "master:/gpfs4", "path": "/gpfs4", "opts": "ro,sync,hard", "mode": "0755" }
+    - { "src": "master:/gpfs5", "path": "/gpfs5", "opts": "ro,sync,hard", "mode": "0755" }
+  autofs_mounts:
+    - { "src": "master:/gpfs4/&", "path": "/gpfs4", "opts": "fstype=nfs,vers=3,_netdev,default", "mode": '0755', "mount_point": "/gpfs4", "map_name": "gpfs4", key: "*" }
+    - { "src": "master:/gpfs5/&", "path": "/gpfs5", "opts": "fstype=nfs,vers=3,_netdev,default", "mode": '0755', "mount_point": "/gpfs5", "map_name": "gpfs5", key: "*" }
+#SSH Host Keys
+  S3_ENDPOINT: ""
+  SSH_HOST_KEYS_S3_BUCKET: ""
+  SSH_HOST_KEYS_S3_OBJECT: ""
+# AWS credentials
+  LTS_ACCESS_KEY: ""
+  LTS_SECRET_KEY: ""
+# ssh proxy
+  enable_ssh_proxy_config: false
+  sshpiper_dest_dir: "/opt/sshpiper"
+# rsyslog
+  enable_rsyslog_config: true
+  rsyslog_target: "*.* @master:514"
+# ssl certs
+  enable_ssl_certs: false
+  ssl_cert_s3_bucket: ""
+  ssl_cert_key_location: "/etc/pki/tls/private"
+  ssl_cert_file_location: "/etc/pki/tls/certs"
+  ssl_cert_key: ""
+  ssl_cert_file: ""
+  ssl_cert_chain_file: ""
+  ssl_apache_config: ""
+  apache_service: "httpd"
+# rewrite map
+  enable_rewrite_map: false
+  target_groups:
+    - {"name": "gpfs4", "host": "login001", "default": True }
+    - {"name": "gpfs5", "host": "login002", "default": False }
+# account app
+  account_app_port: 8000
+# fail2ban
+  enable_fail2ban: false
+  maxretry: 1
+  findtime: 600
+  bantime: 1200
+  fail2ban_white_list: "127.0.0.1/8"
+# Node Exporter
+  enable_node_exporter: false
+  node_exporter_ver: "1.8.2"
+  node_exporter_filename: "node_exporter-{{ node_exporter_ver }}.linux-amd64"
+  node_exporter_user: node_exporter
+  node_exporter_group: node_exporter
+  node_exporter_port: 9100
+# CentOS Repo
+  centos_base_url: "http://vault.centos.org"
+# ood_config
+  enable_ood_config: false
+  ood_internal_ip: OOD_INTERNAL_IP
+  ood_hostname: ood-gpfs5
+  login_hostname: login001
+  ood_domain: https://rc.uab.edu
+  account_app: account
+  account_app_port: 8000
+  account_app_bind_address: ["0.0.0.0:{{account_app_port}}"]
+  ood_user_regex: "([^!]+?)(@uab.edu)?$"
+  cluster_name: CoD
--- a/ansible/group_vars/base
+++ b/ansible/group_vars/base
--- a/ansible/group_vars/compute
+++ b/ansible/group_vars/compute
+---
+  yum_repo_files:
+    - TurboVNC.repo
+    - cm.repo
+  pkg_list:
+    - "Lmod-7.8.11"
+    - "atftp-server"
+    - "cluster-tools-dell"
+    - "cluster-tools-slave"
+    - "cm-boost"
+    - "cm-config-ceph-release-luminous"
+    - "cm-config-cm"
+    - "cm-config-dhclient"
+    - "cm-config-dracut-slave"
+    - "cm-config-grub"
+    - "cm-config-ldap-client"
+    - "cm-config-limits"
+    - "cm-config-man"
+    - "cm-config-named"
+    - "cm-config-network-slave"
+    - "cm-config-nfsclient"
+    - "cm-config-rootfiles-slave"
+    - "cm-config-selinux"
+    - "cm-config-ssh-slave"
+    - "cm-config-sysctl-slave"
+    - "cm-config-syslog-slave"
+    - "cm-config-systemd"
+    - "cm-config-xntp-slave"
+    - "cm-config-yum"
+    - "cm-curl"
+    - "cm-dhcp"
+    - "cm-freeipmi"
+    - "cm-ipmitool"
+    - "cm-ipxe-slave"
+    - "cm-libpam"
+    - "cm-libprometheus"
+    - "cm-lua"
+    - "cm-mariadb-libs"
+    - "cm-openssl"
+    - "cm-python2"
+    - "cm-python36"
+    - "cm-slave"
+    - "cm-uge-client"
+    - "cmburn"
+    - "cmburn-slave"
+    - "cmdaemon"
+    - "cmdaemon-remotecm"
+    - "confuse"
+    - "gcc-recent"
+    - "gdb-recent"
+    - "lshw"
+    - "lua-bit32"
+    - "lua-filesystem"
+    - "lua-json"
+    - "lua-lpeg"
+    - "lua-posix"
+    - "lua-term"
+    - "mysql++"
+    - "net-snmp-recent"
+    - "node-installer-slave"
+    - "openvpn"
+    - "perl-Config-IniFiles"
+    - "python-dogpile-cache"
+    - "python-isodate"
+    - "python-netaddr"
+    - "python-netifaces"
+    - "python-setuptools_scm"
+    - "python-testtools"
+    - "python-websockify"
+    - "python2-cliff"
+    - "python2-debtcollector"
+    - "python2-deprecation"
+    - "python2-fixtures"
+    - "python2-funcsigs"
+    - "python2-ipaddress"
+    - "python2-pbr"
+    - "python2-positional"
+    - "python2-pysocks"
+    - "python2-pyyaml"
+    - "python2-requests-oauthlib"
+    - "python2-requestsexceptions"
+    - "python2-rfc3986"
+    - "python2-six"
+    - "python2-stevedore"
+    - "sdparm"
+    - "sshpass"
+    - "swig"
+    - "turbovnc-2.2.6*"
--- a/ansible/group_vars/gpu
+++ b/ansible/group_vars/gpu
+---
+  yum_repo_files:
+    - TurboVNC.repo
+    - cm.repo
+  pkg_list:
+    - "Lmod-7.8.11"
+    - "atftp-server"
+    - "cluster-tools-dell"
+    - "cluster-tools-slave"
+    - "cm-boost"
+    - "cm-config-ceph-release-luminous"
+    - "cm-config-cm"
+    - "cm-config-dhclient"
+    - "cm-config-dracut-slave"
+    - "cm-config-grub"
+    - "cm-config-ldap-client"
+    - "cm-config-limits"
+    - "cm-config-man"
+    - "cm-config-named"
+    - "cm-config-network-slave"
+    - "cm-config-nfsclient"
+    - "cm-config-rootfiles-slave"
+    - "cm-config-selinux"
+    - "cm-config-ssh-slave"
+    - "cm-config-sysctl-slave"
+    - "cm-config-syslog-slave"
+    - "cm-config-systemd"
+    - "cm-config-xntp-slave"
+    - "cm-config-yum"
+    - "cm-curl"
+    - "cm-dhcp"
+    - "cm-freeipmi"
+    - "cm-ipmitool"
+    - "cm-ipxe-slave"
+    - "cm-libpam"
+    - "cm-libprometheus"
+    - "cm-lua"
+    - "cm-mariadb-libs"
+    - "cm-openssl"
+    - "cm-python2"
+    - "cm-python36"
+    - "cm-slave"
+    - "cm-uge-client"
+    - "cmburn"
+    - "cmburn-slave"
+    - "cmdaemon"
+    - "cmdaemon-remotecm"
+    - "confuse"
+    - "gcc-recent"
+    - "gdb-recent"
+    - "lshw"
+    - "lua-bit32"
+    - "lua-filesystem"
+    - "lua-json"
+    - "lua-lpeg"
+    - "lua-posix"
+    - "lua-term"
+    - "mysql++"
+    - "net-snmp-recent"
+    - "node-installer-slave"
+    - "openvpn"
+    - "perl-Config-IniFiles"
+    - "python-dogpile-cache"
+    - "python-isodate"
+    - "python-netaddr"
+    - "python-netifaces"
+    - "python-setuptools_scm"
+    - "python-testtools"
+    - "python-websockify"
+    - "python2-cliff"
+    - "python2-debtcollector"
+    - "python2-deprecation"
+    - "python2-fixtures"
+    - "python2-funcsigs"
+    - "python2-ipaddress"
+    - "python2-pbr"
+    - "python2-positional"
+    - "python2-pysocks"
+    - "python2-pyyaml"
+    - "python2-requests-oauthlib"
+    - "python2-requestsexceptions"
+    - "python2-rfc3986"
+    - "python2-six"
+    - "python2-stevedore"
+    - "sdparm"
+    - "sshpass"
+    - "swig"
+    - "turbovnc-2.2.6*"
+    - "cuda-dcgm"
+    - "cuda-dcgm-libs"
+    - "cuda-dcgm-nvvs"
+    - "cuda-driver"
--- a/ansible/group_vars/ood
+++ b/ansible/group_vars/ood
+---
+  yum_repo_files:
+    - cm.repo
+  pkg_list:
+    - autofs
+    - Lmod
+    - tmux
+    - vim
--- a/ansible/group_vars/prod
+++ b/ansible/group_vars/prod
+---
+  # cheaha.node related
+  hostname_lookup_table:
+    - "172.20.0.24 cheaha-master02.cm.cluster cheaha-master02"
+    - "172.20.0.22 cheaha-master01.cm.cluster cheaha-master01"
+    - "172.20.0.25 master.cm.cluster master localmaster.cm.cluster localmaster ldapserver.cm.cluster ldapserver"
+  domain_search_list:
+    - cm.cluster
+    - rc.uab.edu
+    - ib.cluster
+    - drac.cluster
+    - eth.cluster
+    - ib-hdr.cluster
+  nameserver_list:
+    - 172.20.0.25
+  bright_openldap_path: "/cm/local/apps/openldap"
+  ldap_cert_path: "{{bright_openldap_path}}/etc/certs"
+  ldap_uri: "ldaps://ldapserver"
+  # proxy_config
+  target_groups:
+    - {"name": "gpfs5", "host": "login002", "default": False, "authorized_keys":"/gpfs5/data/user/home/$DOWNSTREAM_USER/.ssh/authorized_keys", "private_key":"/gpfs5/data/user/home/$DOWNSTREAM_USER/.ssh/id_ecdsa"}
+    - {"name": "gpfs4", "host": "login001", "default": True, "authorized_keys":"/gpfs4/data/user/home/$DOWNSTREAM_USER/.ssh/authorized_keys", "private_key":"/gpfs4/data/user/home/$DOWNSTREAM_USER/.ssh/id_ecdsa"}
--- a/ansible/node-compute.yml
+++ b/ansible/node-compute.yml
 ---
- name: Run a play
-  ansible.builtin.import_playbook: node.yml
 - name: Setup node for use as a virtual compute node
  hosts: default
  become: true
  roles:
-    - { name: 'compute_packages', tags: 'compute_packages' }
+    - { name: 'fix_centos_repo', tags: 'fix_centos_repo' }
-    - { name: 'pam_slurm_adopt', tags: 'pam_slurm_adopt' }
+    - { name: 'install_packages', tags: 'install_packages' }
+    - { name: 'install_nhc', tags: 'install_nhc'}
--- a/ansible/node-gpu.yml
+++ b/ansible/node-gpu.yml
---
- name: Run a play
-  ansible.builtin.import_playbook: node-compute.yml
- name: Setup node for use as a cluster host with gpu drivers/pkgs
-  hosts: default
-  become: true
-  roles:
-    - { name: 'nvidia_driver', tags: 'nvidia_driver' }
--- a/ansible/node.yml
+++ b/ansible/node.yml
---
- name: Setup node for use as a cluster host
-  hosts: default
-  become: true
-  roles:
-    - { name: 'cheaha.node', tags: 'cheaha.node' }
-    - { name: 'lmod_user', tags: 'lmod_user' }
--- a/ansible/ood.yml
+++ b/ansible/ood.yml
+---
+- name: Setup node for use as a virtual ood node
+  hosts: default
+  become: true
+  roles:
+    - { name: 'fix_centos_repo', tags: 'fix_centos_repo' }
+    - { name: 'install_packages', tags: 'install_packages' }
+    - { name: 'install_zsh', tags: 'install_zsh' }
--- a/ansible/roles/cheaha.node/tasks/main.yml
+++ b/ansible/roles/cheaha.node/tasks/main.yml
 ---
-# tasks file for cheaha.node
 - name: Update /etc/hosts with cluster addressing
  ansible.builtin.lineinfile:
    path: /etc/hosts
    line: "{{ item }}"
  loop:
-    - "172.20.0.24 cheaha-master02.cm.cluster cheaha-master02"
+    "{{ hostname_lookup_table }}"
-    - "172.20.0.22 cheaha-master01.cm.cluster cheaha-master01"
-    - "172.20.0.25 master.cm.cluster master localmaster.cm.cluster localmaster ldapserver.cm.cluster ldapserver"
 - name: Add proper DNS search to lookup other nodes on the cluster
  ansible.builtin.lineinfile:
    path: /etc/dhcp/dhclient.conf
    insertbefore: BOF
    line: 'append domain-name " cm.cluster rc.uab.edu ib.cluster drac.cluster eth.cluster ib-hdr.cluster";'
- name: Install prerequisite packages
+    create: true
-  yum:
-    name: epel-release
    state: present
- name: Disable SELinux
-  ansible.posix.selinux:
+- name: Template resolv.conf
-    state: disabled
+  ansible.builtin.template:
- name: Copy cm.repo into place (consider making this a template)
+    src: resolv.conf.j2
-  ansible.builtin.copy:
+    dest: /etc/resolv.conf
-    src: cm.repo
-    dest: /etc/yum.repos.d/cm.repo
    owner: root
    group: root
    mode: 0644
+    backup: true
+- name: Disable SELinux
+  ansible.posix.selinux:
+    state: disabled
 - name: Copy CM repo GPG key
  ansible.builtin.copy:
    src: RPM-GPG-KEY-cm
@@ -34,118 +34,18 @@
    owner: root
    group: root
    mode: 0644
- name: Create slurm group
+  when: "'cm.repo' in yum_repo_files"
-  ansible.builtin.group:
-    name: slurm
-    state: present
-    gid: 450
- name: Create slurm user
-  ansible.builtin.user:
-    name: slurm
-    state: present
-    uid: 450
-    group: slurm
- name: Install required packages
-  yum:
-    name:
-      - slurm-client-18.08.9
-      - munge-0.5.13
-      - openldap-servers-2.4.48
-      - Lmod-7.7.14
-      - cm-modules-init-client-8.2
-      - cmdaemon
-      - nss-pam-ldapd
-      - ruby
-      - python3
-    state: present
- name: Update nsswitch.conf to look for ldap
-  ansible.builtin.replace:
-    dest: /etc/nsswitch.conf
-    regexp: '^({{ item }}:(?!.*\bldap\b).*)$'
-    replace: '\1 ldap'
-  loop:
-    - passwd
-    - shadow
-    - group
-    - netgroup
-    - automount 
- name: Create base directories
-  ansible.builtin.file:
-    path: "{{ item.dir }}"
-    state: directory
-    mode: "{{ item.mode }}"
-  loop:
-    - { dir: /local, mode: '0777' }
-    - { dir: /scratch, mode: '0755' }
-    - { dir: /share, mode: '0755' }
-    - { dir: /data/rc/apps, mode: '0755' } # this is only required for the symlink to be happy
-    - { dir: /data/user, mode: '0755' }
-    - { dir: /data/project, mode: '0755' }
- name: Set up NFS GPFS mount point(s)
-  ansible.posix.mount:
-    path: "{{ item.path }}"
-    src: "{{ item.src }}" 
-    fstype: "{{ item.fstype }}"
-    opts: "{{ item.opts }}" 
-    state: present
-  loop:
-    - { path: /cm/shared, src: "gpfs.rc.uab.edu:/data/cm/shared-8.2", fstype: nfs, opts: "_netdev,defaults" }
-    - { path: /data/project, src: "gpfs.rc.uab.edu:/data/project", fstype: nfs, opts: "_netdev,defaults" }
-    - { path: /data/user, src: "gpfs.rc.uab.edu:/data/user", fstype: nfs, opts: "_netdev,local_lock=posix,defaults" }
-    - { path: /home, src: "/data/user/home", fstype: none, opts: bind }
-    - { path: /data/rc/apps, src: "gpfs.rc.uab.edu:/data/rc/apps", fstype: nfs, opts: "_netdev,defaults" }
- name: Create symbolic links
-  ansible.builtin.file:
-    src: "{{ item.src }}"
-    dest: "{{ item.dest }}"
-    owner: root
-    group: root
-    force: yes
-    state: link
-  loop:
-    - { src: /local, dest: /scratch/local }
-    - { src: /data/rc/apps, dest: /share/apps }
 - name: Add ssh key for root access
  ansible.posix.authorized_key:
    user: root
    state: present
    key: "{{ root_ssh_key }}"
- name: Copy munge key
-  ansible.builtin.copy:
-    src: munge.key
-    dest: /etc/munge/munge.key
-    owner: daemon
-    group: root
-    mode: 0400
- name: Copy ldap cert(s) into place
-  ansible.builtin.copy:
-    src: "{{ item.src }}"
-    dest: "/cm/local/apps/openldap/etc/certs/{{ item.src }}"
-    owner: ldap
-    group: ldap
-    mode: 0440
-  loop:
-    - { src: ca.pem }
-    - { src: ldap.key }
-    - { src: ldap.pem }
- name: Copy ldap config into place
-  ansible.builtin.copy:
-    src: nslcd.conf 
-    dest: /etc/nslcd.conf
-    owner: root
-    group: root
-    mode: 0600
- name: Enable services
-  ansible.builtin.service:
-    name: "{{ item }}"
-    enabled: yes
-  loop:
-    - munge
-    - slurmd
-    - nslcd
 - name: Set timezone to America/Chicago
  community.general.timezone:
    name: America/Chicago
+  retries: 3
- name: Install zsh
+  delay: 3
-  import_tasks: zsh.yml
+  register: result
+  until: not result.failed
No results found