diff --git a/roles/OpenVPN-Server/tasks/copyCerts.yml b/roles/OpenVPN-Server/tasks/copyCerts.yml
deleted file mode 100644
index c0a99622227b16d3465b8694e625f874246524ef..0000000000000000000000000000000000000000
--- a/roles/OpenVPN-Server/tasks/copyCerts.yml
+++ /dev/null
@@ -1,22 +0,0 @@
----
-- name: "Copying CA and server certificate"
- shell: "cp -pvf /etc/easy-rsa/2.0/keys/ca.crt /etc/openvpn/; cp -pvf /etc/easy-rsa/2.0/keys/{{ inventory_hostname }}.crt /etc/openvpn/; cp -pvf /etc/easy-rsa/2.0/keys/{{ inventory_hostname }}.key /etc/openvpn/"
- args:
- creates: /etc/openvpn/ca.crt
-- name: "Create symlink for Diffie Hellman"
- file: "src=/etc/easy-rsa/2.0/keys/dh512.pem dest=/etc/openvpn/dh512.pem state=link"
-- name: "Copying server.conf to the OpenVPN server"
- template: src={{ item }} dest=/etc/openvpn/server.conf
- with_first_found:
- - files:
- - server.conf.j2
- - userConfig
- - defaultConfig
- paths:
- - ../templates/
- - ../files/
- notify: restart openvpn
-
-- name: "Start OpenVPN"
- service: name=openvpn state=started
- sudo: true
diff --git a/roles/nfs-client/defaults/main.yml b/roles/nfs-client/defaults/main.yml
index 60ca9c1121024edab84bedf7029f8a54423cb685..d201130985c95100cc8a7eb11b63fa87a5879af6 100644
--- a/roles/nfs-client/defaults/main.yml
+++ b/roles/nfs-client/defaults/main.yml
@@ -1,4 +1,6 @@
---
-nfs_server: "nfsserver.edu"
-nfs_type: "nfs"
-nfs_options: "vers=3,noatime,rsize=16384,wsize=16384,hard,intr,tcp,nolock"
+nfsClientSrcDir: '/mnt'
+nfsClientDestDir: '/mnt/test-nfs'
+nfs_server: 'nfsserver.edu'
+nfs_type: 'nfs'
+nfs_options: 'vers=3,noatime,rsize=16384,wsize=16384,hard,intr,tcp,nolock'
diff --git a/roles/nfs-client/tasks/mountFileSystem.yml b/roles/nfs-client/tasks/mountFileSystem.yml
index 66da94c12ec13c774fb31784f62165ac457ec744..0dd914dff6afc551bf9cf02d815382c5da7aebb3 100644
--- a/roles/nfs-client/tasks/mountFileSystem.yml
+++ b/roles/nfs-client/tasks/mountFileSystem.yml
@@ -1,16 +1,6 @@
---
--
- name: "Get the NFS Network"
- setup: filter="ansible_tun0"
- register: nfsServer
- run_once: true
- delegate_to: "{{ nfs_server }}"
--
- mount: "name={{ item.0 }} src={{ nfsServer['ansible_facts']['ansible_tun0']['ipv4']['address'] }}:{{ item.1 }} fstype={{ nfs_type }} opts={{ nfs_options }} state=mounted"
- name: "Mounting NFS mounts"
- with_together:
- - destDir
- - srcDir
+- name: "Mounting NFS mounts"
+ mount: "name={{ nfsClientDestDir }} src={{ nfs_server }}:{{ nfsClientSrcDir }} fstype={{ nfs_type }} opts={{ nfs_options }} state=mounted"
notify: "restart authentication"
notify: "restart idmap"
sudo: true
diff --git a/roles/nfs-client/vars/main.yml b/roles/nfs-client/vars/main.yml
deleted file mode 100644
index 2a7137f29478b7cdbedecceda8e1ccfaa2e57565..0000000000000000000000000000000000000000
--- a/roles/nfs-client/vars/main.yml
+++ /dev/null
@@ -1,3 +0,0 @@
----
-srcDir: ['/mnt']
-destDir: ['/mnt/test-nfs']
diff --git a/roles/nfs-server/tasks/startServer.yml b/roles/nfs-server/tasks/startServer.yml
index 17211aff0bab88c5d6d1ff05f2ed9046aea03f19..b62b877ae6bc8ec0c144607791c590df857d738f 100644
--- a/roles/nfs-server/tasks/startServer.yml
+++ b/roles/nfs-server/tasks/startServer.yml
@@ -1,7 +1,10 @@
---
--
- name: "Starting rpcbind"
- service: "name=rpcbind state=started"
--
- name: "Start the Server"
- service: "name=nfs state=started"
+- name: "Copying /etc/exports template"
+ template: "src=exports.j2 dest=/etc/exports mode=0644 owner=root"
+ sudo: true
+- name: "Starting rpcbind"
+ service: "name=rpcbind state=restarted"
+ sudo: true
+- name: "Start the Server"
+ service: "name=nfs state=restarted"
+ sudo: true
diff --git a/roles/openLdapClient/handlers/main.yml b/roles/openLdapClient/handlers/main.yml
index d9a0a7d61f6aa04d738b605a9211d185629ef338..6005eec0b09c629769272934a285635147bb3e90 100644
--- a/roles/openLdapClient/handlers/main.yml
+++ b/roles/openLdapClient/handlers/main.yml
@@ -1,8 +1,4 @@
---
-- name: auth config
- shell: authconfig --updateall
- sudo: true
-
- name: restart sssd
service: name=sssd state=restarted
sudo: true
diff --git a/roles/openLdapClient/tasks/configLdapClient.yml b/roles/openLdapClient/tasks/configLdapClient.yml
index 0becac8d6a575d1deeaa704b34ef11ece736e330..9102faf3981c5e246f6fd84f936848a203ff4f68 100644
--- a/roles/openLdapClient/tasks/configLdapClient.yml
+++ b/roles/openLdapClient/tasks/configLdapClient.yml
@@ -19,7 +19,7 @@
lineinfile: dest=/etc/hosts line="{{ ldapServerHost }}" state=present insertafter=EOF
sudo: true
-- name: "Copy ldap.conf file "
+- name: "Copy ldap.conf file"
template: src=ldap.conf.j2 dest=/etc/openldap/ldap.conf
sudo: true
@@ -30,6 +30,6 @@
- name: "Copy sssd.conf to ldap client"
template: src=sssd.j2 dest=/etc/sssd/sssd.conf owner=root group=root mode=600
sudo: true
- notify: auth config
+ notify: restart sssd
diff --git a/roles/openLdapClient/tasks/main.yml b/roles/openLdapClient/tasks/main.yml
index 748236194d5ba6c9c64917b931b8594c56f15e93..4335800bef1c3529895fa56a3b4c5c6c2a4f2c8c 100644
--- a/roles/openLdapClient/tasks/main.yml
+++ b/roles/openLdapClient/tasks/main.yml
@@ -1,5 +1,5 @@
---
-
- include: installOpenLdap.yml
+ include: installOpenLdap.yml
-
- include: configLdapClient.yml
+ include: configLdapClient.yml
diff --git a/roles/openLdapClient/templates/idmapd.conf.j2 b/roles/openLdapClient/templates/idmapd.conf.j2
index ad560a27e09c95912e4e639c38f807e9fb3a109b..486b6b632d0f2fc0aab24620a6bea9833b8e0736 100644
--- a/roles/openLdapClient/templates/idmapd.conf.j2
+++ b/roles/openLdapClient/templates/idmapd.conf.j2
@@ -2,7 +2,7 @@
#Verbosity = 0
# The following should be set to the local NFSv4 domain name
# The default is the host's DNS domain name.
-Domain = {{ ldapDomain }}
+Domain = {{ ldapDomain }}
# The following is a comma-separated list of Kerberos realm
# names that should be considered to be equivalent to the
diff --git a/roles/openLdapClient/templates/ldap.conf.j2 b/roles/openLdapClient/templates/ldap.conf.j2
index cda2caf63e9bc11760c39cc52d27f2e372ba9b9e..31f04ade64ed84e5e5ccfa5ceae283e83eacd6e3 100644
--- a/roles/openLdapClient/templates/ldap.conf.j2
+++ b/roles/openLdapClient/templates/ldap.conf.j2
@@ -1,7 +1,7 @@
-TLS_CACERTDIR {{ tlsCaCertDirectory }}
+TLS_CACERTDIR {{ tlsCaCertDirectory }}
TLS_CACERT {{ tlsCaCertFile }}
URI {{ ldapUri }}
-BASE {{ ldapBase }}
+BASE {{ ldapBase }}
timelimit 120
bind_timelimit 120
diff --git a/roles/openLdapClient/templates/nsswitch.conf.j2 b/roles/openLdapClient/templates/nsswitch.conf.j2
index 31c299a3ad99a7f2f0d060b981717a7e3c34f552..6fd6a802a835f6405fc3ceec765b038427b84ed3 100644
--- a/roles/openLdapClient/templates/nsswitch.conf.j2
+++ b/roles/openLdapClient/templates/nsswitch.conf.j2
@@ -30,9 +30,9 @@
#shadow: db files nisplus nis
#group: db files nisplus nis
-passwd: files ldap
-shadow: files ldap
-group: files ldap
+passwd: files sss
+shadow: files sss
+group: files sss
#hosts: db files nisplus nis dns
hosts: files dns
@@ -52,9 +52,9 @@ netmasks: files
networks: files
protocols: files
rpc: files
-services: files
+services: files sss
-netgroup: files ldap
+netgroup: files sss
publickey: nisplus
diff --git a/roles/openLdapClient/templates/pam_ldap.conf.j2 b/roles/openLdapClient/templates/pam_ldap.conf.j2
index c3e11fc82d399229627df01c8ceeb147d0afa9a0..5a9804e48b6d4ee7f73f3701439becbafa64e6dc 100644
--- a/roles/openLdapClient/templates/pam_ldap.conf.j2
+++ b/roles/openLdapClient/templates/pam_ldap.conf.j2
@@ -17,7 +17,7 @@
#host 127.0.0.1
# The distinguished name of the search base.
-base {{ ldapBase }}
+base {{ ldapBase }}
# Another way to specify your LDAP server is to provide an
# uri with the server name. This allows to use
@@ -27,7 +27,7 @@ base {{ ldapBase }}
#uri ldapi://%2fvar%2frun%2fldapi_sock/
# Note: %2f encodes the '/' used as directory separator
# [aulmc used to be 11/10/2013 # uri ldap://m2-w.massive.org.au/
-uri {{ ldapDomain }}
+uri {{ ldapDomain }}
# The LDAP version to use (defaults to 3
# if supported by client library)
@@ -39,7 +39,7 @@ binddn {{ ldapDn }}
# The credentials to bind with.
# Optional: default is no credential.
-bindpw {{ ldapPassword }}
+bindpw {{ ldapPassword }}
# The distinguished name to bind to the server with
# if the effective user ID is root. Password is
@@ -300,7 +300,7 @@ pam_password md5
ssl no
#tls_cacertdir /etc/openldap/cacerts
#pam_password md5
-tls_cacertdir {{ tlsCaCertDirectory }}
+tls_cacertdir {{ tlsCaCertDirectory }}
tls_cacertfile {{ tlsCaCertFile }}
{{ ldapRfc2307Pam }}
diff --git a/roles/openLdapClient/templates/sssd.j2 b/roles/openLdapClient/templates/sssd.j2
index 01deb52e3f8826d9ff2b03dcbb07123dd887c67a..b534db4be5c4b9b7f09edc9d90ab3c6fa10f6968 100644
--- a/roles/openLdapClient/templates/sssd.j2
+++ b/roles/openLdapClient/templates/sssd.j2
@@ -2,18 +2,13 @@
config_file_version = 2
domains = {{ ldapDomain }}
services = nss, pam, autofs
-# SSSD will not start if you do not configure any domains.
-# Add new domain configurations as [domain/<NAME>] sections, and
-# then add the list of domains (in the order you want them to be
-# queried) to the "domains" attribute below and uncomment it.
-; domains = LDAP
[nss]
filter_users = root
[pam]
-[domain/{{ ldapDomain}}]
+[domain/{{ ldapDomain }}]
ldap_referrals = false
cache_credentials = false
entry_cache_timeout=3600
@@ -28,11 +23,11 @@ access_provider = ldap
ldap_uri = {{ ldapUri }}
ldap_id_use_start_tls = True
ldap_tls_reqcert = allow
-ldap_tls_cacertdir = {{ tlsCaCertDirectory }}
+ldap_tls_cacertdir = {{ tlsCaCertDirectory }}
ldap_tls_cacert = {{ cacertFile }}
-ldap_default_bind_dn = {{ ldapDn }}
+ldap_default_bind_dn = {{ ldapDn }}
ldap_default_authtok_type = password
-ldap_default_authtok = {{ ldapPassword }}
+ldap_default_authtok = {{ ldapPassword }}
{{ ldapRfc2307 }}
diff --git a/roles/slurm-build/tasks/main.yml b/roles/slurm-build/tasks/main.yml
index add696e828fee1eee49d2f241442a7aa44d42724..6868f089b21149335e58fd05f37b610a69401333 100644
--- a/roles/slurm-build/tasks/main.yml
+++ b/roles/slurm-build/tasks/main.yml
@@ -31,10 +31,15 @@
chdir: /tmp
creates: /tmp/slurm-{{ slurm_version }}.tar.bz2
+- name: check munge installation
+ shell: rpm -qa munge
+ register: munge_installed
+
- name: install munge deps
shell: rpm -i /root/rpmbuild/RPMS/x86_64/munge-libs-{{ munge_version }}-1.el6.x86_64.rpm /root/rpmbuild/RPMS/x86_64/munge-{{ munge_version }}-1.el6.x86_64.rpm /root/rpmbuild/RPMS/x86_64/munge-devel-{{ munge_version }}-1.el6.x86_64.rpm
sudo: true
- ignore_errors: true
+# ignore_errors: true
+ when: munge_installed | failed
- name: make slurm rpms
shell: rpmbuild -ta --clean slurm-{{ slurm_version }}.tar.bz2
@@ -49,7 +54,15 @@
args:
creates: /tmp/rpmbuild/RPMS/x86_64/slurm-{{ slurm_version }}-1.el6.x86_64.rpm
+#- name: retrieve rpms
+# shell: scp -r {{ hostvars[ansible_hostname]['ansible_user_id'] }}@{{ ansible_ssh_host }}:/tmp/rpmbuild/ /tmp
+# delegate_to: 127.0.0.1
+# when: ansible_ssh_host | defined
+# when: ansible_ssh_host | defined
+# sudo: true
+
- name: retrieve rpms
- shell: scp -r {{ hostvars[ansible_hostname]['ansible_user_id'] }}@{{ ansible_ssh_host }}:/tmp/rpmbuild/ /tmp
+ shell: scp -r {{ hostvars[ansible_hostname]['ansible_user_id'] }}@{{ ansible_hostname }}:/tmp/rpmbuild/ /tmp
delegate_to: 127.0.0.1
+# when: ansible_ssh_host | not defined
diff --git a/scripts/make_passwords.py b/scripts/make_passwords.py
index f9fd8a9aef1e4476f9f779d58d8915fc9e3bd7c9..9cc0ec346e68f6c5cbe2d271c59ab2f17f58dd2c 100644
--- a/scripts/make_passwords.py
+++ b/scripts/make_passwords.py
@@ -25,13 +25,10 @@ try:
f=open(pwpath,'r')
data=yaml.load(f.read())
f.close()
+ print data
except Exception as e:
- pass
-if data==None:
data={}
-print data
-
for pw in required_passwords.keys():
if data.has_key(pw):
pass
diff --git a/topplay.yml b/topplay.yml
index 9591c9be74c23c504c491dbaba3163475cb602d9..3e67293f4d20fa387e08f88557880ec69ef0a26e 100644
--- a/topplay.yml
+++ b/topplay.yml
@@ -58,8 +58,6 @@
- hosts: ComputeNodes:ManagmentNodes:LoginNodes
vars:
- slurm_version: 14.11.0
- munge_version: 0.5.11
slurmqueues:
- {name: batch, group: ComputeNodes}
slurmctrl: "{{ groups['ManagmentNodes'][0] }}"