diff --git a/playbook/cvl2.yml b/playbook/cvl2.yml
index 4dc5df2daed2bb72874faf991c7755ca8a59562f..d333fbe7e8c16ba8391178592b0a9154c42cccbe 100644
--- a/playbook/cvl2.yml
+++ b/playbook/cvl2.yml
@@ -22,13 +22,23 @@
slurmctrl: "{{ groups['ManagementNodes'][0] }}"
slurmqueues:
- {name: batch, group: ComputeNodes, default: true}
+ - {name: debug, group: ComputeNodesDebug, default: false}
+ - {name: multicore, group: ComputeNodesLarge, default: false}
+ mkFileSystems:
+ - {fstype : 'ext4', dev: '/dev/vdc1', opts: '', name: '/scrach'}
+ - {fstype : 'ext4', dev: '/dev/vdc2', opts: '', name: '/cvl_home'}
+ - {fstype : 'ext4', dev: '/dev/vdc3', opts: '', name: '/usr/local'}
+ mountFileSystems:
+ - {fstype : 'ext4', dev: '/dev/vdc1', opts: 'defaults,nofail', name: '/scrach'}
+ - {fstype : 'ext4', dev: '/dev/vdc2', opts: 'defaults,nofail', name: '/cvl_home'}
+ - {fstype : 'ext4', dev: '/dev/vdc3', opts: 'defaults,nofail', name: '/usr/local'}
roles:
- { role: easy-rsa-CA }
- - { role: OpenVPN-Server, configDiskDevice: true, mkFileSystems: {fstype : 'ext4', dev: '/dev/vdc', opts: 'defaults,nofail'} }
+ - { role: OpenVPN-Server }
- { role: ntp }
- { role: openLdapClient }
- { role: slurm-build }
- - { role: nfs-server, configDiskDevice: false }
+ - { role: nfs-server, configDiskDevice: true }
- { role: slurm, slurm_use_vpn: true}
- { role: installPackage, yumGroupPackageList: ['CVL Pre-installation', 'CVL Base Packages'], cliCopy: {'run': 'cp -r /usr/local/Modules/modulefiles/cvl /usr/local/Modules/modulefiles/massive', 'check': '/usr/local/Modules/modulefiles/massive'} }
tasks:
@@ -40,6 +50,32 @@
roles:
- { role: etcHosts, domain: "{{ ldapDomain }}" }
+- hosts: 'ComputeNodes*'
+ vars_files:
+ - massive_var/main.yml
+ - massive_var/passwords.yml
+ - massive_var/package.yml
+ vars:
+ openvpn_servers: "{{ groups['ManagementNodes'] }}"
+ roles:
+ - { role: OpenVPN-Client }
+
+- hosts: 'LoginNodes'
+ vars_files:
+ - massive_var/main.yml
+ - massive_var/passwords.yml
+ - massive_var/package.yml
+ vars:
+ openvpn_servers: "{{ groups['ManagementNodes'] }}"
+ roles:
+ - { role: OpenVPN-Client }
+
+- hosts: all
+ vars_files:
+ - massive_var/main.yml
+ roles:
+ - { role: etcHosts, domain: "{{ ldapDomain }}" }
+
- hosts: 'ComputeNodes'
vars_files:
- massive_var/main.yml
@@ -54,21 +90,42 @@
nfs_server: "{{ groups['ManagementNodes'][0] }}"
groupList:
- { name : 'ComputeNodes', interface : 'tun0' }
+ exportList:
+ - { name: '/usr/local', src: '/usr/local', fstype: 'nfs4', opts: 'defaults,ro,nofail', interface : 'tun0', srvopts: 'ro,fsid=0,sync' }
+ - { name: '/home', src: '/cvl_home', fstype: 'nfs4', opts: 'defaults,nofail', interface : 'tun0', srvopts: 'rw,root_squash,fsid=0,sync' }
+ - { name: '/scratch', src: '/scratch', fstype: 'nfs4', opts: 'defaults,nofail', interface : 'tun0', srvopts: 'rw,root_squash,fsid=0,sync' }
roles:
- - { role: OpenVPN-Client, x509_ca_server: "cvlm2management1" }
- { role: ntp }
- { role: openLdapClient }
- - { role: syncExports, nfs_server: "cvlm2management1", exportList: [{ name: '/', src: '/usr/local', fstype: 'nfs4', opts: 'defaults,ro,nofail', nfsServerIp: "{{ hostvars['cvlm2management1']['ansible_tun0']['ipv4']['address'] }}", srvopts: 'ro,fsid=0,sync' }] }
- - { role: nfs-client, exportList: "[{ 'name': '/home', 'src': '/', 'fstype': 'nfs4', 'opts': 'defaults,nofail', 'nfsServerIp': '{{ nfsServerIpAddress }}', 'nfsClientIp': '{{ ansible_tun0.ipv4.address }}', 'srvopts': 'rw,root_squash,fsid=0,sync' }]" }
- - { role: nfs-client, exportList: "[ { 'name': '/usr/local', 'src': '/', 'fstype': 'nfs4', 'opts': 'defaults,ro,nofail', 'nfsServerIp': '{{ hostvars[nfs_server]['ansible_tun0']['ipv4']['address'] }}', 'srvopts': 'ro,fsid=0,sync' }]" }
+ - { role: syncExports }
+ - { role: nfs-client }
- { role: slurm, slurm_use_vpn: true}
- { role: installPackage, preInstallation: "umount /usr/local", postInstallation: "mount /usr/local", yumGroupPackageList: ["CVL Pre-installation", "CVL Base Packages"], cliFileCopy: {'src': '/tmp/gconf_path', 'dest': '/etc/gconf/2/path'} }
-- hosts: all
+- hosts: 'ComputeNodesDev'
vars_files:
- massive_var/main.yml
+ - massive_var/passwords.yml
+ - massive_var/package.yml
+ vars:
+ x509_ca_server: "{{ groups['ManagementNodes'][0] }}"
+ openvpn_servers: "{{ groups['ManagementNodes'] }}"
+ slurmctrl: "{{ groups['ManagementNodes'][0] }}"
+ slurmqueues:
+ - {name: debug, group: ComputeNodesDebug, default: false}
+ nfs_server: "{{ groups['ManagementNodes'][0] }}"
+ groupList:
+ - { name : 'ComputeNodes', interface : 'tun0' }
+ exportList:
+ - { name: '/home', src: '/cvl_home', fstype: 'nfs4', opts: 'defaults,nofail', interface : 'tun0', srvopts: 'rw,root_squash,fsid=0,sync' }
+ - { name: '/scratch', src: '/scratch', fstype: 'nfs4', opts: 'defaults,nofail', interface : 'tun0', srvopts: 'rw,root_squash,fsid=0,sync' }
roles:
- - { role: etcHosts, domain: "{{ ldapDomain }}" }
+ - { role: ntp }
+ - { role: openLdapClient }
+ - { role: syncExports }
+ - { role: nfs-client }
+ - { role: slurm, slurm_use_vpn: true}
+ - { role: installPackage, preInstallation: "umount /usr/local", postInstallation: "mount /usr/local", yumGroupPackageList: ["CVL Pre-installation", "CVL Base Packages"], cliFileCopy: {'src': '/tmp/gconf_path', 'dest': '/etc/gconf/2/path'} }
- hosts: 'ComputeNodesLarge'
vars_files:
@@ -80,26 +137,22 @@
openvpn_servers: "{{ groups['ManagementNodes'] }}"
slurmctrl: "{{ groups['ManagementNodes'][0] }}"
slurmqueues:
- - {name: multicore, group: ComputeNodesLarge, default: true}
+ - {name: multicore, group: ComputeNodesLarge, default: false}
nfs_server: "{{ groups['ManagementNodes'][0] }}"
groupList:
- { name : 'ComputeNodes', interface : 'tun0' }
+ exportList:
+ - { name: '/usr/local', src: '/usr/local', fstype: 'nfs4', opts: 'defaults,ro,nofail', interface : 'tun0', srvopts: 'ro,fsid=0,sync' }
+ - { name: '/home', src: '/cvl_home', fstype: 'nfs4', opts: 'defaults,nofail', interface : 'tun0', srvopts: 'rw,root_squash,fsid=0,sync' }
+ - { name: '/scratch', src: '/scratch', fstype: 'nfs4', opts: 'defaults,nofail', interface : 'tun0', srvopts: 'rw,root_squash,fsid=0,sync' }
roles:
- - { role: OpenVPN-Client, x509_ca_server: "cvlm2management1" }
- { role: ntp }
- { role: openLdapClient }
- - { role: syncExports, nfs_server: "cvlm2management1", exportList: [{ name: '/', src: '/usr/local', fstype: 'nfs4', opts: 'defaults,ro,nofail', nfsServerIp: "{{ hostvars['cvlm2management1']['ansible_tun0']['ipv4']['address'] }}", srvopts: 'ro,fsid=0,sync' }] }
- - { role: nfs-client, exportList: "[{ 'name': '/home', 'src': '/', 'fstype': 'nfs4', 'opts': 'defaults,nofail', 'nfsServerIp': '{{ nfsServerIpAddress }}', 'nfsClientIp': '{{ ansible_tun0.ipv4.address }}', 'srvopts': 'rw,root_squash,fsid=0,sync' }]" }
- - { role: nfs-client, exportList: "[ { 'name': '/usr/local', 'src': '/', 'fstype': 'nfs4', 'opts': 'defaults,ro,nofail', 'nfsServerIp': '{{ hostvars[nfs_server]['ansible_tun0']['ipv4']['address'] }}', 'srvopts': 'ro,fsid=0,sync' }]" }
+ - { role: syncExports }
+ - { role: nfs-client }
- { role: slurm, slurm_use_vpn: true}
- { role: installPackage, preInstallation: "umount /usr/local", postInstallation: "mount /usr/local", yumGroupPackageList: ["CVL Pre-installation", "CVL Base Packages"], cliFileCopy: {'src': '/tmp/gconf_path', 'dest': '/etc/gconf/2/path'} }
-- hosts: all
- vars_files:
- - massive_var/main.yml
- roles:
- - { role: etcHosts, domain: "{{ ldapDomain }}" }
-
- hosts: 'LoginNodes'
vars_files:
- massive_var/main.yml
@@ -112,12 +165,27 @@
slurmctrl: "{{ groups['ManagementNodes'][0] }}"
slurmqueues:
- {name: batch, group: ComputeNodes, default: true}
-# - {name: vis, group: ComputeNodes, default: false}
+ exportList:
+ - { name: '/home', src: '/cvl_home', fstype: 'nfs4', opts: 'defaults,nofail', interface : 'tun0', srvopts: 'rw,root_squash,fsid=0,sync' }
roles:
- - { role: OpenVPN-Client }
+ - { role: syncExports }
+# - { role: OpenVPN-Client }
- { role: ntp }
- { role: openLdapClient }
- - { role: nfs-client, exportList: "[{ 'name': '/home', 'src': '/', 'fstype': 'nfs4', 'opts': 'defaults,nofail', 'nfsServerIp': '{{ nfsServerIpAddress }}', 'nfsClientIp': '{{ ansible_tun0.ipv4.address }}', 'srvopts': 'rw,root_squash,fsid=0,sync' }]" }
+ - { role: nfs-client }
- { role: slurm, slurm_use_vpn: true}
- { role: installPackage, importRepo: { command: "wget http://cvlrepo.massive.org.au/repo/cvl.repo -O", destination: "/etc/yum.repos.d/cvl.repo" }, yumGroupPackageList: ['CVL Pre-installation', 'CVL Base Packages'], cliCopy: {'run': 'cp -r /usr/local/Modules/modulefiles/cvl /usr/local/Modules/modulefiles/massive', 'check': '/usr/local/Modules/modulefiles/massive'} }
+- hosts: "'ComputeNodes*' 'LoginNodes'"
+ vars_files:
+ - massive_var/main.yml
+ - massive_var/passwords.yml
+ - massive_var/package.yml
+ vars:
+ exportList:
+ - { name: '/usr/local', src: '/usr/local', fstype: 'nfs4', opts: 'defaults,ro,nofail', interface : 'tun0', srvopts: 'ro,fsid=0,sync' }
+ - { name: '/home', src: '/cvl_home', fstype: 'nfs4', opts: 'defaults,nofail', interface : 'tun0', srvopts: 'rw,root_squash,fsid=0,sync' }
+ - { name: '/scratch', src: '/scratch', fstype: 'nfs4', opts: 'defaults,nofail', interface : 'tun0', srvopts: 'rw,root_squash,fsid=0,sync' }
+ roles:
+ - { role: syncExports }
+
diff --git a/playbook/massive_var/main.yml b/playbook/massive_var/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..22b784529a43f4a50abc243f365b9d0328b4f288
--- /dev/null
+++ b/playbook/massive_var/main.yml
@@ -0,0 +1,71 @@
+---
+ldapServerHostIpLine: "130.220.209.234 m2-w.massive.org.au"
+ldapCaCertSrc: "/tmp/m1-w-ca.pem"
+countryName: "AU"
+reginalName: "Victoria"
+cityName: "Melbourne"
+organizationName: "Monash University"
+emailAddress: "help@massive.org.au"
+organizationUnit: "MASSIVE"
+nfsServerIpAddress: m2-login3.massive.org.au
+
+x509_cert_file: "/etc/openvpn/certs/{{ x509_ca_server }}.crt"
+x509_key_file: "/etc/openvpn/private/{{ x509_ca_server }}.key"
+x509_cacert_file: "/etc/ssl/certs/ca_{{ x509_ca_server }}.crt"
+###x509_common_name: "{{ x509_ca_server }}CommonName"
+x509_common_name: "{{ inventory_hostname }}"
+x509_csr_args: "--server"
+x509_sign_args: "{{ x509_csr_args }}"
+dhparms_file: "/etc/openvpn/private/dh.pem"
+server_network: "10.8.0.0"
+server_netmask: "255.255.255.0"
+
+slurm_version: 14.11.2
+munge_version: 0.5.11
+userRelocationName: "ec2-user"
+userNewHome: "/local_home"
+#nfs_type: "nfs4"
+#nfs_options: "defaults"
+#nfs_server: "m2-login3.massive.org.au"
+ldapServerHost: "130.220.209.234 m2-w.massive.org.au"
+ldapDomain: "massive.org.au"
+ldapURI: "ldaps://m2-w.massive.org.au:1637/"
+ldapBindDN: "cn=ldapbind,cn=users,dc=massive,dc=org,dc=au"
+ldapBase: "cn=users,dc=massive,dc=org,dc=au"
+ldapUserClass: "user"
+ldapUserHomeDirectory: "unixHomeDirectory"
+ldapUserPricipal: "userPrincipalName"
+ldapGroupBase: "ou=groups,dc=massive,dc=org,dc=au"
+tlsCaCertDirectory: "/etc/openldap/certs"
+ldapCaCertFile: "/etc/openldap/certs/m1-w-ca.pem"
+ldapCaCertFileSource: "/tmp/cvl2server/m1-w-ca.pem"
+cacertFile: "cacert.pem"
+#domain: "cvl.massive.org.au"
+domain: "massive.org.au"
+ldapRfc2307: |
+ ldap_schema = rfc2307
+ ldap_search_base = cn=users,dc=massive,dc=org,dc=au
+ ldap_user_search_base = cn=users,dc=massive,dc=org,dc=au
+ ldap_user_object_class = user
+ ldap_user_home_directory = unixHomeDirectory
+ ldap_user_principal = userPrincipalName
+ ldap_user_name = uid
+ ldap_group_search_base = ou=groups,dc=massive,dc=org,dc=au
+ ldap_group_object_class = group
+ ldap_access_order = expire
+ ldap_account_expire_policy = ad
+
+ldapRfc2307Pam: |
+ scope sub
+ nss_base_passwd cn=users,dc=massive,dc=org,dc=au?sub
+ nss_base_shadow cn=users,dc=massive,dc=org,dc=au?sub
+ nss_base_group cn=users,dc=massive,dc=org,dc=au?sub
+ nss_map_objectclass posixAccount user
+ nss_map_objectclass shadowAccount user
+ nss_map_objectclass posixGroup group
+ nss_map_attribute homeDirectory unixHomeDirectory
+ nss_map_attribute uniqueMember member
+ nss_map_attribute shadowLastChange pwdLastSet
+ pam_login_attribute sAMAccountName
+ pam_filter objectClass=User
+ pam_password ad
diff --git a/playbook/massive_var/package.yml b/playbook/massive_var/package.yml
new file mode 100644
index 0000000000000000000000000000000000000000..26d13db3708730b0ab3500e97c4b3346b3bd6641
--- /dev/null
+++ b/playbook/massive_var/package.yml
@@ -0,0 +1,8 @@
+---
+importRepo: { command: "wget http://cvlrepo.massive.org.au/repo/cvl.repo -O", destination: "/etc/yum.repos.d/cvl.repo" }
+#yumGroupPackageList:
+# - CVL Pre-installation
+# - CVL Base Packages
+# - CVL System
+# - CVL System Extension
+# - CVL General Imaging Tools