Commit 859420a8 authored by Simon Michnowicz's avatar Simon Michnowicz
Browse files
parents aca531bb 9a2346f8
#!/usr/bin/python
import ldap
import traceback
import os
import stat
import subprocess
class ldapSearchConfig:
def __init__(self):
self.ldapserver=""
self.binddn=""
self.bindpw=""
self.baseDN=""
self.searchFilter=""
self.cacertfile=''
class genericUser:
def __init__(self):
self.dn=""
self.cn=""
self.entry=""
self.uid=""
def get_users(server):
# ldap.set_option(ldap.OPT_X_TLS_CACERTFILE,server.cacertfile)
ldap.set_option( ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER )
l=ldap.initialize(server.ldapserver)
l.simple_bind_s(server.binddn,server.bindpw)
retrieveAttributes = ["*"]
searchScope=ldap.SCOPE_SUBTREE
try:
ldap_result_id = l.search(server.baseDN,searchScope,server.searchFilter,retrieveAttributes)
except ldap.LDAPError, e:
pass
rtype,rdata = l.result(ldap_result_id,1)
allusers={}
for user in rdata:
dn=user[0]
attrs=user[1]
allusers[dn]=genericUser()
allusers[dn].dn=dn
allusers[dn].entry=attrs
return allusers
def mk_slurmaccount(acct):
output=subprocess.check_output(["{{ slurm_dir }}/bin/sacctmgr","--noheader","list","account",acct])
if acct in output:
return
else:
subprocess.call(["{{ slurm_dir }}/bin/sacctmgr","-i","create","account",acct])
def mk_slurmuser(user,acct):
output=subprocess.check_output(["{{ slurm_dir }}/bin/sacctmgr","--noheader","list","Association","user=%s"%user,"format=account"])
if acct in output.splitlines():
return
else:
subprocess.call(["{{ slurm_dir }}/bin/sacctmgr","-i","create","user",user,"account=%s"%acct,"DefaultAccount=%s"%acct])
s=ldapSearchConfig()
s.ldapserver="{{ ldapURI }}"
s.binddn="{{ ldapBindDN }}"
s.bindpw="{{ ldapBindDNPassword }}"
s.baseDN="{{ ldapBase }}"
s.searchFilter = "{{ search_filter }}"
users=get_users(s)
mk_slurmaccount("default")
for user in users:
try:
mk_slurmuser(users[user].entry['uid'][0],"default")
except:
print traceback.format_exc()
pass
---
use_active_directory: False
provision_slurm: /usr/local/sbin/provision_slurm.py
search_filter: "{% if use_active_directory %}(unixHomeDirectory=*){% else %} (objectClass=posixAccount) {% endif %}"
---
- name: install deps
yum: name={{ item }} state=installed
sudo: true
with_items:
- gcc
- rpm-build
- wget
- openssl-devel
- readline-devel
- pam-devel
- perl-ExtUtils-MakeMaker
- bzip2-devel
- mysql
- mysql-devel
when: ansible_os_family == "RedHat"
- name: install deps
apt: name={{ item }} state=installed update_cache=yes
sudo: true
with_items:
- gcc
- wget
- libssl-dev
- libpam0g-dev
- libbz2-dev
when: ansible_os_family == "Debian"
- name: get munge
shell: wget https://munge.googlecode.com/files/munge-{{ munge_version }}.tar.bz2
args:
chdir: /tmp
creates: /tmp/munge-{{ munge_version }}.tar.bz2
- name: make munge rpms
shell: rpmbuild -ta --clean munge-{{ munge_version }}.tar.bz2
sudo: true
args:
chdir: /tmp
creates: /root/rpmbuild/RPMS/x86_64/munge-{{ munge_version }}-1.el6.x86_64.rpm
when: ansible_os_family == "RedHat"
- name: untar munge
shell: tar jxf /tmp/munge-{{ munge_version }}.tar.bz2
sudo: true
args:
chdir: /tmp
creates: /tmp/munge-{{ munge_version }}
when: ansible_os_family == "Debian"
- name: build munge
shell: configure && make && make install
sudo: true
args:
chdir: /tmp/munge-{{ munge_version }}
when: ansible_os_family == "Debian"
- name: get slurm
shell: wget http://www.schedmd.com/download/latest/slurm-{{ slurm_version }}.tar.bz2
args:
chdir: /tmp
creates: /tmp/slurm-{{ slurm_version }}.tar.bz2
- name: check munge installation
shell: rpm -qa munge
register: munge_installed
when: ansible_os_family == "RedHat"
- name: install munge deps
shell: rpm -i /root/rpmbuild/RPMS/x86_64/munge-libs-{{ munge_version }}-1.el6.x86_64.rpm /root/rpmbuild/RPMS/x86_64/munge-{{ munge_version }}-1.el6.x86_64.rpm /root/rpmbuild/RPMS/x86_64/munge-devel-{{ munge_version }}-1.el6.x86_64.rpm
sudo: true
when: munge_installed.stdout.find("munge") == -1
- name: make slurm rpms
shell: rpmbuild -ta --clean slurm-{{ slurm_version }}.tar.bz2
sudo: true
args:
chdir: /tmp
creates: /root/rpmbuild/RPMS/x86_64/slurm-{{ slurm_version }}-1.el6.x86_64.rpm
- name: copy rpms
shell: cp -r /root/rpmbuild /tmp
sudo: true
args:
creates: /tmp/rpmbuild/RPMS/x86_64/slurm-{{ slurm_version }}-1.el6.x86_64.rpm
- name: retrieve rpms 1
shell: scp -o StrictHostKeyChecking=no -r {{ hostvars[ansible_hostname]['ansible_user_id'] }}@{{ ansible_ssh_host }}:/tmp/rpmbuild/ /tmp
delegate_to: 127.0.0.1
when: ansible_ssh_host is defined
- name: retrieve rpms 2
shell: scp -r {{ hostvars[ansible_hostname]['ansible_user_id'] }}@{{ ansible_hostname }}:/tmp/rpmbuild/ /tmp
delegate_to: 127.0.0.1
when: ansible_ssh_host is not defined
......@@ -23,18 +23,22 @@
chdir: /tmp/munge-{{ munge_version }}
creates: "{{ munge_dir }}/bin/munge"
- name: set use_systemd
set_fact:
use_systemd: True
when: (ansible_distribution == "CentOS" or ansible_distribution == "RedHat") and ( ansible_distribution_major_version == "7")
- name: copy init script
template: dest=/etc/init.d/munge src=munge.initd.j2 mode=755
sudo: true
when: use_systemd is not defined
- name: copy slurm init script if OS contains systemd
template: dest=/etc/systemd/system/munge.service src=munge.service.j2 mode=755
sudo: true
when: (ansible_distribution == "CentOS" or ansible_distribution == "RedHat") and
( ansible_distribution_major_version == "7")
when: use_systemd is defined
- name: reload systemd
shell: systemctl daemon-reload
sudo: true
when: (ansible_distribution == "CentOS" or ansible_distribution == "RedHat") and
( ansible_distribution_major_version == "7")
when: use_systemd is defined
......@@ -19,6 +19,7 @@
shell: tar jxf /tmp/slurm-{{ slurm_version }}.tar.bz2
args:
chdir: /tmp
creates: /tmp/slumr-{{ slurm_version }}
- name: build slurm
shell: ./configure --prefix={{ slurm_dir }} --with-munge={{ munge_dir }} && make
......
......@@ -28,16 +28,31 @@
sudo: true
when: slurmdatadir is defined
- name: stat run directory
stat: path={{ slurmpiddir }}
register: runstat
when: slurmpiddir is defined
- name: create run directory
file: path={{ slurmpiddir }} state=directory owner=root group=root mode=750
sudo: true
when: slurmpiddir is defined
when: slurmpiddir is defined and not runstat.stat.exists
- name: create shared state directory
file: path={{slurmsharedstatedir }} state=directory owner=slurm group=slurm mode=750
sudo: true
run_once: true
when: usesharedstatedir
- name: symlink shared state dir
file: path={{ slurmstatedir }} src={{ slurmsharedstatedir }} state=link
sudo: true
when: usesharedstatedir
- name: create state directory
file: path={{ slurmstatedir }} state=directory owner=slurm group=slurm mode=750
sudo: true
when: slurmstatedir is defined
when: slurmstatedir is defined and not usesharedstatedir
- name: create log directory
file: path={{ slurmlogdir }} state=directory owner=slurm group=slurm mode=750
......@@ -49,7 +64,7 @@
sudo: true
- name: install deps
yum: name={{ item }} state=latest
yum: name={{ item }} state=present
with_items:
- perl
- perl-DBI
......@@ -124,11 +139,11 @@
when: slurm_gres_list is defined
- name: install slurm prolog
template: src=slurm.prolog.j2 dest={{ slurm_dir }}/bin/slurm.prolog
template: src=slurm.prolog.j2 dest={{ slurm_dir }}/bin/slurm.prolog mode=755
sudo: true
- name: install slurm epilog
template: src=slurm.epilog.j2 dest={{ slurm_dir }}/bin/slurm.epilog
template: src=slurm.epilog.j2 dest={{ slurm_dir }}/bin/slurm.epilog mode=755
sudo: true
- name: install slurm.conf
......
......@@ -9,13 +9,6 @@
when: ansible_distribution == "CentOS" and ansible_distribution_major_version == "7"
ignore_errors: true
- name: add epel on CentOS 7
shell: yum -y update
sudo: true
when: ansible_distribution == "CentOS" and ansible_distribution_major_version == "7"
- name: install system packages apt
apt: name={{ item }} state=installed update_cache=true
......
[
[
"GenericDesktops"
{% for partition in slurmqueues %}
"{{ partition.name }}"{% if not loop.last %},{% endif %}
{% endfor %}
],
{
"GenericDesktops": {
{% for partition in slurmqueues %}
"{{ partition.name }}": {
"__class__": "siteConfig",
"__module__": "siteConfig",
"agent": {
......@@ -268,7 +271,7 @@
"__class__": "cmdRegEx",
"__module__": "siteConfig",
"async": false,
"cmd": "\"mkdir ~/.vnc ; rm -f ~/.vnc/clearpass ; touch ~/.vnc/clearpass ; chmod 600 ~/.vnc/clearpass ; passwd=\"'$'\"( dd if=/dev/urandom bs=1 count=8 2>/dev/null | md5sum | cut -b 1-8 ) ; echo \"'$'\"passwd > ~/.vnc/clearpass ; cat ~/.vnc/clearpass | vncpasswd -f > ~/.vnc/passwd ; chmod 600 ~/.vnc/passwd ; echo -e '#!/bin/bash\\nvncserver ; sleep 36000000 ' | {{slurm_dir}}/bin/sbatch -p batch -N {nodes} -n {ppn} --time={hours}:00:00 -J desktop_{username} -o .vnc/slurm-%j.out \"",
"cmd": "\"mkdir ~/.vnc ; rm -f ~/.vnc/clearpass ; touch ~/.vnc/clearpass ; chmod 600 ~/.vnc/clearpass ; passwd=\"'$'\"( dd if=/dev/urandom bs=1 count=8 2>/dev/null | md5sum | cut -b 1-8 ) ; echo \"'$'\"passwd > ~/.vnc/clearpass ; cat ~/.vnc/clearpass | vncpasswd -f > ~/.vnc/passwd ; chmod 600 ~/.vnc/passwd ; echo -e '#!/bin/bash\\nexport PATH=\"'$'\"PATH:/bin ; vncserver ; sleep 36000000 ' | {{slurm_dir}}/bin/sbatch -p {{ partition.name }} -N {nodes} -n {ppn} --time={hours}:00:00 -J desktop_{username} -o .vnc/slurm-%j.out \"",
"failFatal": true,
"formatFatal": false,
"host": "login",
......@@ -345,7 +348,7 @@
"host": "exec",
"loop": false,
"regex": [
"^.*?New 'X' desktop is \\S+(?P<vncDisplay>:[0-9]+)\\s*$"
"^.*?New .* desktop is \\S+(?P<vncDisplay>:[0-9]+)\\s*$"
],
"requireMatch": true
},
......@@ -447,6 +450,7 @@
],
"requireMatch": true
}
}
}{% if not loop.last %},{% endif %}
{% endfor %}
}
]
......@@ -23,20 +23,30 @@
when: ansible_distribution == "CentOS" and ansible_distribution_major_version == "7"
ignore_errors: true
- name: add epel on CentOS 7
shell: yum -y update
sudo: true
when: ansible_distribution == "CentOS" and ansible_distribution_major_version == "7"
- name: install system packages apt
apt: name={{ item }} state=installed update_cache=true force=yes
apt: name={{ item }} state=present update_cache=true force=yes
sudo: true
with_items: system_packages
when: ansible_os_family == 'Debian'
- name: yum group installs
shell: yum -y group install {{ item }}
sudo: true
with_items: system_group_packages
when: system_group_packages is defined
- name: install system packages yum
yum: name={{ item }} state=installed update_cache=yes
yum: name={{ item }} state=present update_cache=yes
sudo: true
with_items: system_packages
when: ansible_os_family == 'RedHat'
- name: force the use of mate desktop
template: src=vncserver.centos dest=/bin/vncserver
sudo: true
when: ansible_os_family == 'RedHat'
- name: force the use of mate desktop
template: src=vncserver.ubuntu dest=/usr/bin/vncserver
sudo: true
when: ansible_os_family == 'Debian'
#!/usr/bin/perl
#
# Copyright (C) 2009-2010 D. R. Commander. All Rights Reserved.
# Copyright (C) 2005-2006 Sun Microsystems, Inc. All Rights Reserved.
# Copyright (C) 2002-2003 Constantin Kaplinsky. All Rights Reserved.
# Copyright (C) 2002-2005 RealVNC Ltd.
# Copyright (C) 1999 AT&T Laboratories Cambridge. All Rights Reserved.
#
# This is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This software is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this software; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
# USA.
#
#
# vncserver - wrapper script to start an X VNC server.
#
#
# First make sure we're operating in a sane environment.
#
$exedir = "";
$slashndx = rindex($0, "/");
if($slashndx>=0) {
$exedir = substr($0, 0, $slashndx+1);
}
$vncClasses = "";
$xauth = "xauth";
&SanityCheck();
#
# Global variables. You may want to configure some of these for your site.
#
$geometry = "1024x768";
#$depth = 16;
$vncJavaFiles = (((-d "$vncClasses") && "$vncClasses") ||
((-d "/usr/share/vnc/classes") && "/usr/share/vnc/classes") ||
((-d "/usr/local/vnc/classes") && "/usr/local/vnc/classes"));
$vncUserDir = "$ENV{HOME}/.vnc";
$xauthorityFile = "$ENV{XAUTHORITY}" || "$ENV{HOME}/.Xauthority";
$defaultXStartup
= ("#!/bin/sh\n\n".
"unset SESSION_MANAGER\n".
"unset DBUS_SESSION_BUS_ADDRESS\n".
"exec mate-session\n");
chop($host = `uname -n`);
if (-d "/etc/X11/fontpath.d") {
$fontPath = "catalogue:/etc/X11/fontpath.d";
}
@fontpaths = ('/usr/share/X11/fonts', '/usr/share/fonts', '/usr/share/fonts/X11/');
if (! -l "/usr/lib/X11") {push(@fontpaths, '/usr/lib/X11/fonts');}
if (! -l "/usr/X11") {push(@fontpaths, '/usr/X11/lib/X11/fonts');}
if (! -l "/usr/X11R6") {push(@fontpaths, '/usr/X11R6/lib/X11/fonts');}
push(@fontpaths, '/usr/share/fonts/default');
@fonttypes = ('misc',
'75dpi',
'100dpi',
'Speedo',
'Type1');
foreach $_fpath (@fontpaths) {
foreach $_ftype (@fonttypes) {
if (-f "$_fpath/$_ftype/fonts.dir") {
if (! -l "$_fpath/$_ftype") {
$defFontPath .= "$_fpath/$_ftype,";
}
}
}
}
if ($defFontPath) {
if (substr($defFontPath, -1, 1) == ',') {
chop $defFontPath;
}
}
if ($fontPath eq "") {
$fontPath = $defFontPath;
}
# Check command line options
&ParseOptions("-geometry",1,"-depth",1,"-pixelformat",1,"-name",1,"-kill",1,
"-help",0,"-h",0,"--help",0,"-fp",1,"-list",0,"-fg",0,"-autokill",0);
&Usage() if ($opt{'-help'} || $opt{'-h'} || $opt{'--help'});
&Kill() if ($opt{'-kill'});
&List() if ($opt{'-list'});
# Uncomment this line if you want default geometry, depth and pixelformat
# to match the current X display:
# &GetXDisplayDefaults();
if ($opt{'-geometry'}) {
$geometry = $opt{'-geometry'};
}
if ($opt{'-depth'}) {
$depth = $opt{'-depth'};
$pixelformat = "";
}
if ($opt{'-pixelformat'}) {
$pixelformat = $opt{'-pixelformat'};
}
if ($opt{'-fp'}) {
$fontPath = $opt{'-fp'};
$fpArgSpecified = 1;
}
&CheckGeometryAndDepth();
# Create the user's vnc directory if necessary.
if (!(-e $vncUserDir)) {
if (!mkdir($vncUserDir,0755)) {
die "$prog: Could not create $vncUserDir.\n";
}
}
# Check whether VNC authentication is enabled, and if so, prompt the user to
# create a VNC password if they don't already have one.
$securityTypeArgSpecified = 0;
$vncAuthEnabled = 0;
$passwordArgSpecified = 0;
for ($i = 0; $i < @ARGV; ++$i) {
# -SecurityTypes can be followed by a space or "="
my @splitargs = split('=', $ARGV[$i]);
if (@splitargs <= 1 && $i < @ARGV - 1) {
push(@splitargs, $ARGV[$i + 1]);
}
if (lc(@splitargs[0]) eq "-securitytypes") {
if (@splitargs > 1) {
$securityTypeArgSpecified = 1;
}
foreach $arg2 (split(',', @splitargs[1])) {
if (lc($arg2) eq "vncauth" || lc($arg2) eq "tlsvnc"
|| lc($arg2) eq "x509vnc") {
$vncAuthEnabled = 1;
}
}
}
if ((lc(@splitargs[0]) eq "-password")
|| (lc(@splitargs[0]) eq "-passwordfile"
|| (lc(@splitargs[0]) eq "-rfbauth"))) {
$passwordArgSpecified = 1;
}
}
if ((!$securityTypeArgSpecified || $vncAuthEnabled) && !$passwordArgSpecified) {
($z,$z,$mode) = stat("$vncUserDir/passwd");
if (!(-e "$vncUserDir/passwd") || ($mode & 077)) {
warn "\nYou will require a password to access your desktops.\n\n";
system($exedir."vncpasswd -q $vncUserDir/passwd");
if (($? >> 8) != 0) {
exit 1;
}
}
}
# Find display number.
if ((@ARGV > 0) && ($ARGV[0] =~ /^:(\d+)$/)) {
$displayNumber = $1;
shift(@ARGV);
if (!&CheckDisplayNumber($displayNumber)) {
die "A VNC server is already running as :$displayNumber\n";
}
} elsif ((@ARGV > 0) && ($ARGV[0] !~ /^-/) && ($ARGV[0] !~ /^\+/)) {
&Usage();
} else {
$displayNumber = &GetDisplayNumber();
}
$vncPort = 5900 + $displayNumber;
$desktopLog = "$vncUserDir/$host:$displayNumber.log";
unlink($desktopLog);
# Make an X server cookie - use mcookie
$cookie = `/usr/bin/mcookie`;
open (XAUTH, "|xauth -f $xauthorityFile source -");
print XAUTH "add $host:$displayNumber . $cookie\n";
print XAUTH "add $host/unix:$displayNumber . $cookie\n";
close XAUTH;
if ($opt{'-name'}) {
$desktopName = $opt{'-name'};
} else {
$desktopName = "$host:$displayNumber ($ENV{USER})";
}
# Now start the X VNC Server
$cmd = $exedir."Xvnc :$displayNumber";
$cmd .= " -desktop " . &quotedString($desktopName);
$cmd .= " -httpd $vncJavaFiles" if ($vncJavaFiles);
$cmd .= " -auth $xauthorityFile";
$cmd .= " -geometry $geometry" if ($geometry);
$cmd .= " -depth $depth" if ($depth);
$cmd .= " -pixelformat $pixelformat" if ($pixelformat);
$cmd .= " -rfbwait 30000";
$cmd .= " -rfbauth $vncUserDir/passwd";
$cmd .= " -rfbport $vncPort";
$cmd .= " -fp $fontPath" if ($fontPath);
$cmd .= " -pn";
# Add color database stuff here, e.g.:
#
# $cmd .= " -co /usr/lib/X11/rgb";
#
foreach $arg (@ARGV) {
$cmd .= " " . &quotedString($arg);