add massive var

287727fa · jupiter · 4f5eed5a · 287727fa · 287727fa · 287727fa
Commit 287727fa authored 10 years ago by jupiter
--- a/playbook/cvl2.yml
+++ b/playbook/cvl2.yml
@@ -22,13 +22,23 @@
    slurmctrl: "{{ groups['ManagementNodes'][0] }}"
    slurmqueues:
      - {name: batch, group: ComputeNodes, default: true}
+      - {name: debug, group: ComputeNodesDebug, default: false}
+      - {name: multicore, group: ComputeNodesLarge, default: false}
+    mkFileSystems:
+        - {fstype : 'ext4', dev: '/dev/vdc1', opts: '', name: '/scrach'}
+        - {fstype : 'ext4', dev: '/dev/vdc2', opts: '', name: '/cvl_home'}
+        - {fstype : 'ext4', dev: '/dev/vdc3', opts: '', name: '/usr/local'}
+    mountFileSystems:
+        - {fstype : 'ext4', dev: '/dev/vdc1', opts: 'defaults,nofail', name: '/scrach'}
+        - {fstype : 'ext4', dev: '/dev/vdc2', opts: 'defaults,nofail', name: '/cvl_home'}
+        - {fstype : 'ext4', dev: '/dev/vdc3', opts: 'defaults,nofail', name: '/usr/local'}
  roles:
    - { role: easy-rsa-CA }
-    - { role: OpenVPN-Server, configDiskDevice: true, mkFileSystems: {fstype : 'ext4', dev: '/dev/vdc', opts: 'defaults,nofail'} }
+    - { role: OpenVPN-Server }
    - { role: ntp }
    - { role: openLdapClient }
    - { role: slurm-build }
-    - { role: nfs-server, configDiskDevice: false }
+    - { role: nfs-server, configDiskDevice: true }
    - { role: slurm, slurm_use_vpn: true}
    - { role: installPackage, yumGroupPackageList: ['CVL Pre-installation', 'CVL Base Packages'], cliCopy: {'run': 'cp -r /usr/local/Modules/modulefiles/cvl /usr/local/Modules/modulefiles/massive', 'check': '/usr/local/Modules/modulefiles/massive'} }
  tasks:
@@ -40,6 +50,32 @@
  roles:
    - { role: etcHosts, domain: "{{ ldapDomain }}" }

+- hosts: 'ComputeNodes*'
+  vars_files:
+    - massive_var/main.yml
+    - massive_var/passwords.yml
+    - massive_var/package.yml
+  vars:
+    openvpn_servers: "{{ groups['ManagementNodes'] }}"
+  roles:
+    - { role: OpenVPN-Client }
+
+- hosts: 'LoginNodes'
+  vars_files:
+    - massive_var/main.yml
+    - massive_var/passwords.yml
+    - massive_var/package.yml
+  vars:
+    openvpn_servers: "{{ groups['ManagementNodes'] }}"
+  roles:
+    - { role: OpenVPN-Client }
+
+- hosts: all 
+  vars_files:
+    - massive_var/main.yml
+  roles:
+    - { role: etcHosts, domain: "{{ ldapDomain }}" }
+
 - hosts: 'ComputeNodes'
  vars_files:
    - massive_var/main.yml
@@ -54,21 +90,42 @@
    nfs_server: "{{ groups['ManagementNodes'][0] }}"
    groupList:
      - { name : 'ComputeNodes', interface : 'tun0' }
+    exportList: 
+      - { name: '/usr/local', src: '/usr/local', fstype: 'nfs4', opts: 'defaults,ro,nofail', interface : 'tun0', srvopts: 'ro,fsid=0,sync' } 
+      - { name: '/home', src: '/cvl_home', fstype: 'nfs4', opts: 'defaults,nofail', interface : 'tun0', srvopts: 'rw,root_squash,fsid=0,sync' } 
+      - { name: '/scratch', src: '/scratch', fstype: 'nfs4', opts: 'defaults,nofail', interface : 'tun0', srvopts: 'rw,root_squash,fsid=0,sync' }
  roles:
-    - { role: OpenVPN-Client, x509_ca_server: "cvlm2management1" }
    - { role: ntp }
    - { role: openLdapClient }
-    - { role: syncExports, nfs_server: "cvlm2management1", exportList: [{ name: '/', src: '/usr/local', fstype: 'nfs4', opts: 'defaults,ro,nofail', nfsServerIp: "{{ hostvars['cvlm2management1']['ansible_tun0']['ipv4']['address'] }}", srvopts: 'ro,fsid=0,sync' }] }
-    - { role: nfs-client, exportList: "[{ 'name': '/home', 'src': '/', 'fstype': 'nfs4', 'opts': 'defaults,nofail', 'nfsServerIp': '{{ nfsServerIpAddress }}', 'nfsClientIp': '{{ ansible_tun0.ipv4.address }}', 'srvopts': 'rw,root_squash,fsid=0,sync' }]" }
-    - { role: nfs-client, exportList: "[ { 'name': '/usr/local', 'src': '/', 'fstype': 'nfs4', 'opts': 'defaults,ro,nofail', 'nfsServerIp': '{{ hostvars[nfs_server]['ansible_tun0']['ipv4']['address'] }}', 'srvopts': 'ro,fsid=0,sync' }]" }
+    - { role: syncExports }
+    - { role: nfs-client }
    - { role: slurm, slurm_use_vpn: true}
    - { role: installPackage, preInstallation: "umount /usr/local", postInstallation: "mount /usr/local", yumGroupPackageList: ["CVL Pre-installation", "CVL Base Packages"], cliFileCopy: {'src': '/tmp/gconf_path', 'dest': '/etc/gconf/2/path'} }

- hosts: all 
+- hosts: 'ComputeNodesDev'
  vars_files:
    - massive_var/main.yml
+    - massive_var/passwords.yml
+    - massive_var/package.yml
+  vars:
+    x509_ca_server: "{{ groups['ManagementNodes'][0] }}"
+    openvpn_servers: "{{ groups['ManagementNodes'] }}"
+    slurmctrl: "{{ groups['ManagementNodes'][0] }}"
+    slurmqueues:
+      - {name: debug, group: ComputeNodesDebug, default: false}
+    nfs_server: "{{ groups['ManagementNodes'][0] }}"
+    groupList:
+      - { name : 'ComputeNodes', interface : 'tun0' }
+    exportList: 
+      - { name: '/home', src: '/cvl_home', fstype: 'nfs4', opts: 'defaults,nofail', interface : 'tun0', srvopts: 'rw,root_squash,fsid=0,sync' } 
+      - { name: '/scratch', src: '/scratch', fstype: 'nfs4', opts: 'defaults,nofail', interface : 'tun0', srvopts: 'rw,root_squash,fsid=0,sync' }
  roles:
-    - { role: etcHosts, domain: "{{ ldapDomain }}" }
+    - { role: ntp }
+    - { role: openLdapClient }
+    - { role: syncExports }
+    - { role: nfs-client }
+    - { role: slurm, slurm_use_vpn: true}
+    - { role: installPackage, preInstallation: "umount /usr/local", postInstallation: "mount /usr/local", yumGroupPackageList: ["CVL Pre-installation", "CVL Base Packages"], cliFileCopy: {'src': '/tmp/gconf_path', 'dest': '/etc/gconf/2/path'} }

 - hosts: 'ComputeNodesLarge'
  vars_files:
@@ -80,26 +137,22 @@
    openvpn_servers: "{{ groups['ManagementNodes'] }}"
    slurmctrl: "{{ groups['ManagementNodes'][0] }}"
    slurmqueues:
-      - {name: multicore, group: ComputeNodesLarge, default: true}
+      - {name: multicore, group: ComputeNodesLarge, default: false}
    nfs_server: "{{ groups['ManagementNodes'][0] }}"
    groupList:
      - { name : 'ComputeNodes', interface : 'tun0' }
+    exportList: 
+      - { name: '/usr/local', src: '/usr/local', fstype: 'nfs4', opts: 'defaults,ro,nofail', interface : 'tun0', srvopts: 'ro,fsid=0,sync' }
+      - { name: '/home', src: '/cvl_home', fstype: 'nfs4', opts: 'defaults,nofail', interface : 'tun0', srvopts: 'rw,root_squash,fsid=0,sync' } 
+      - { name: '/scratch', src: '/scratch', fstype: 'nfs4', opts: 'defaults,nofail', interface : 'tun0', srvopts: 'rw,root_squash,fsid=0,sync' }
  roles:
-    - { role: OpenVPN-Client, x509_ca_server: "cvlm2management1" }
    - { role: ntp }
    - { role: openLdapClient }
-    - { role: syncExports, nfs_server: "cvlm2management1", exportList: [{ name: '/', src: '/usr/local', fstype: 'nfs4', opts: 'defaults,ro,nofail', nfsServerIp: "{{ hostvars['cvlm2management1']['ansible_tun0']['ipv4']['address'] }}", srvopts: 'ro,fsid=0,sync' }] }
-    - { role: nfs-client, exportList: "[{ 'name': '/home', 'src': '/', 'fstype': 'nfs4', 'opts': 'defaults,nofail', 'nfsServerIp': '{{ nfsServerIpAddress }}', 'nfsClientIp': '{{ ansible_tun0.ipv4.address }}', 'srvopts': 'rw,root_squash,fsid=0,sync' }]" }
-    - { role: nfs-client, exportList: "[ { 'name': '/usr/local', 'src': '/', 'fstype': 'nfs4', 'opts': 'defaults,ro,nofail', 'nfsServerIp': '{{ hostvars[nfs_server]['ansible_tun0']['ipv4']['address'] }}', 'srvopts': 'ro,fsid=0,sync' }]" }
+    - { role: syncExports }
+    - { role: nfs-client }
    - { role: slurm, slurm_use_vpn: true}
    - { role: installPackage, preInstallation: "umount /usr/local", postInstallation: "mount /usr/local", yumGroupPackageList: ["CVL Pre-installation", "CVL Base Packages"], cliFileCopy: {'src': '/tmp/gconf_path', 'dest': '/etc/gconf/2/path'} }

- hosts: all 
-  vars_files:
-    - massive_var/main.yml
-  roles:
-    - { role: etcHosts, domain: "{{ ldapDomain }}" }
-
 - hosts: 'LoginNodes'
  vars_files:
    - massive_var/main.yml
@@ -112,12 +165,27 @@
    slurmctrl: "{{ groups['ManagementNodes'][0] }}"
    slurmqueues:
      - {name: batch, group: ComputeNodes, default: true}
-#      - {name: vis, group: ComputeNodes, default: false}
+    exportList: 
+      - { name: '/home', src: '/cvl_home', fstype: 'nfs4', opts: 'defaults,nofail', interface : 'tun0', srvopts: 'rw,root_squash,fsid=0,sync' } 
  roles:
-    - { role: OpenVPN-Client }
+    - { role: syncExports }
+#    - { role: OpenVPN-Client }
    - { role: ntp }
    - { role: openLdapClient }
-    - { role: nfs-client, exportList: "[{ 'name': '/home', 'src': '/', 'fstype': 'nfs4', 'opts': 'defaults,nofail', 'nfsServerIp': '{{ nfsServerIpAddress }}', 'nfsClientIp': '{{ ansible_tun0.ipv4.address }}', 'srvopts': 'rw,root_squash,fsid=0,sync' }]" }
+    - { role: nfs-client }
    - { role: slurm, slurm_use_vpn: true}
    - { role: installPackage, importRepo: { command: "wget http://cvlrepo.massive.org.au/repo/cvl.repo -O", destination: "/etc/yum.repos.d/cvl.repo" }, yumGroupPackageList: ['CVL Pre-installation', 'CVL Base Packages'], cliCopy: {'run': 'cp -r /usr/local/Modules/modulefiles/cvl /usr/local/Modules/modulefiles/massive', 'check': '/usr/local/Modules/modulefiles/massive'} }

+- hosts: "'ComputeNodes*' 'LoginNodes'"
+  vars_files:
+    - massive_var/main.yml
+    - massive_var/passwords.yml
+    - massive_var/package.yml
+  vars:
+    exportList: 
+      - { name: '/usr/local', src: '/usr/local', fstype: 'nfs4', opts: 'defaults,ro,nofail', interface : 'tun0', srvopts: 'ro,fsid=0,sync' } 
+      - { name: '/home', src: '/cvl_home', fstype: 'nfs4', opts: 'defaults,nofail', interface : 'tun0', srvopts: 'rw,root_squash,fsid=0,sync' } 
+      - { name: '/scratch', src: '/scratch', fstype: 'nfs4', opts: 'defaults,nofail', interface : 'tun0', srvopts: 'rw,root_squash,fsid=0,sync' }
+  roles:
+    - { role: syncExports }
+
--- a/playbook/massive_var/main.yml
+++ b/playbook/massive_var/main.yml
+---
+ldapServerHostIpLine: "130.220.209.234 m2-w.massive.org.au"
+ldapCaCertSrc: "/tmp/m1-w-ca.pem" 
+countryName: "AU"
+reginalName: "Victoria"
+cityName: "Melbourne"
+organizationName: "Monash University"
+emailAddress: "help@massive.org.au"
+organizationUnit: "MASSIVE"
+nfsServerIpAddress: m2-login3.massive.org.au
+
+x509_cert_file: "/etc/openvpn/certs/{{ x509_ca_server }}.crt"
+x509_key_file: "/etc/openvpn/private/{{ x509_ca_server }}.key"
+x509_cacert_file: "/etc/ssl/certs/ca_{{ x509_ca_server }}.crt"
+###x509_common_name: "{{ x509_ca_server }}CommonName"
+x509_common_name: "{{ inventory_hostname }}"
+x509_csr_args: "--server"
+x509_sign_args: "{{ x509_csr_args }}"
+dhparms_file: "/etc/openvpn/private/dh.pem"
+server_network: "10.8.0.0"
+server_netmask: "255.255.255.0"
+
+slurm_version: 14.11.2
+munge_version: 0.5.11
+userRelocationName: "ec2-user"
+userNewHome: "/local_home"
+#nfs_type: "nfs4"
+#nfs_options: "defaults"
+#nfs_server: "m2-login3.massive.org.au"
+ldapServerHost: "130.220.209.234 m2-w.massive.org.au"
+ldapDomain: "massive.org.au"
+ldapURI: "ldaps://m2-w.massive.org.au:1637/"
+ldapBindDN: "cn=ldapbind,cn=users,dc=massive,dc=org,dc=au" 
+ldapBase: "cn=users,dc=massive,dc=org,dc=au"
+ldapUserClass: "user"
+ldapUserHomeDirectory: "unixHomeDirectory"
+ldapUserPricipal: "userPrincipalName"
+ldapGroupBase: "ou=groups,dc=massive,dc=org,dc=au"
+tlsCaCertDirectory: "/etc/openldap/certs"
+ldapCaCertFile: "/etc/openldap/certs/m1-w-ca.pem"
+ldapCaCertFileSource: "/tmp/cvl2server/m1-w-ca.pem"
+cacertFile: "cacert.pem"
+#domain: "cvl.massive.org.au"
+domain: "massive.org.au"
+ldapRfc2307: |
+  ldap_schema = rfc2307
+  ldap_search_base = cn=users,dc=massive,dc=org,dc=au
+  ldap_user_search_base = cn=users,dc=massive,dc=org,dc=au
+  ldap_user_object_class = user
+  ldap_user_home_directory = unixHomeDirectory
+  ldap_user_principal = userPrincipalName
+  ldap_user_name = uid
+  ldap_group_search_base = ou=groups,dc=massive,dc=org,dc=au
+  ldap_group_object_class = group
+  ldap_access_order = expire
+  ldap_account_expire_policy = ad
+
+ldapRfc2307Pam: |
+  scope sub
+  nss_base_passwd cn=users,dc=massive,dc=org,dc=au?sub
+  nss_base_shadow cn=users,dc=massive,dc=org,dc=au?sub
+  nss_base_group cn=users,dc=massive,dc=org,dc=au?sub
+  nss_map_objectclass posixAccount user
+  nss_map_objectclass shadowAccount user
+  nss_map_objectclass posixGroup group
+  nss_map_attribute homeDirectory unixHomeDirectory
+  nss_map_attribute uniqueMember member
+  nss_map_attribute shadowLastChange pwdLastSet
+  pam_login_attribute sAMAccountName
+  pam_filter objectClass=User
+  pam_password ad
--- a/playbook/massive_var/package.yml
+++ b/playbook/massive_var/package.yml
+---
+importRepo: { command: "wget http://cvlrepo.massive.org.au/repo/cvl.repo -O", destination: "/etc/yum.repos.d/cvl.repo" }
+#yumGroupPackageList:
+#  - CVL Pre-installation
+#  - CVL Base Packages
+#  - CVL System
+#  - CVL System Extension
+#  - CVL General Imaging Tools