From 5b04d13149bdb7e0f089d5fe178eed88fb89898b Mon Sep 17 00:00:00 2001
From: handreas <andreas.hamacher@monash.edu>
Date: Thu, 23 Apr 2020 06:10:20 +0000
Subject: [PATCH] Revert "removing dead code"
This reverts commit 194f75bf5a70453122b3b1e3a4503ca23534aaab [formerly d506d5da5ed639d97f918fb87a2368db2ef34db0].
Former-commit-id: 35f5f8a14091b7a6a1240d50f8074a93f94aef35
---
buildCert.yml | 88 ++++++
buildKaraage3.x.yml | 216 +++++++++++++++
createNode | 157 +++++++++++
dynamicInventory-mcc2 | 76 ++++++
extra_packages/tasks/main.yml | 20 ++
extra_packages/vars/main.yml | 254 ++++++++++++++++++
headNode.yaml | 44 +++
installNFS.yml | 24 ++
playbook/cvl2.yml | 192 +++++++++++++
playbook/massive_var/main.yml | 71 +++++
playbook/massive_var/package.yml | 8 +
playbook/readme.txt | 1 +
roles/commonVars/vars/readme.txt | 2 +
roles/enable_root/tasks/main.yml | 3 +
.../enable_root/templates/authorized_keys.j2 | 11 +
...DIA-Linux-x86_64-352.93.run.REMOVED.git-id | 1 +
scripts/get_or_make_passwd.py | 28 ++
scripts/userData.sh | 5 +
syncNFS.yml | 14 +
templates/easy-rsa/vars.j2 | 80 ++++++
20 files changed, 1295 insertions(+)
create mode 100644 buildCert.yml
create mode 100644 buildKaraage3.x.yml
create mode 100644 createNode
create mode 100755 dynamicInventory-mcc2
create mode 100644 extra_packages/tasks/main.yml
create mode 100644 extra_packages/vars/main.yml
create mode 100644 headNode.yaml
create mode 100644 installNFS.yml
create mode 100644 playbook/cvl2.yml
create mode 100644 playbook/massive_var/main.yml
create mode 100644 playbook/massive_var/package.yml
create mode 100644 playbook/readme.txt
create mode 100644 roles/commonVars/vars/readme.txt
create mode 100644 roles/enable_root/tasks/main.yml
create mode 100644 roles/enable_root/templates/authorized_keys.j2
create mode 100644 roles/gpu_update/files/NVIDIA-Linux-x86_64-352.93.run.REMOVED.git-id
create mode 100755 scripts/get_or_make_passwd.py
create mode 100644 scripts/userData.sh
create mode 100644 syncNFS.yml
create mode 100644 templates/easy-rsa/vars.j2
diff --git a/buildCert.yml b/buildCert.yml
new file mode 100644
index 00000000..eb6a72f3
--- /dev/null
+++ b/buildCert.yml
@@ -0,0 +1,88 @@
+---
+- name: "Check client ca certificate"
+ register: ca_cert
+ stat: "path={{ x509_cacert_file }}"
+
+- name: "Check certificate and key"
+ shell: (openssl x509 -noout -modulus -in {{ x509_cert_file }} | openssl md5 ; openssl rsa -noout -modulus -in {{ x509_key_file }} | openssl md5) | uniq | wc -l
+ register: certcheck
+
+- name: "Check certificate"
+ register: cert
+ stat: "path={{ x509_cert_file }}"
+
+- name: "Check key"
+ register: key
+ stat: "path={{ x509_key_file }}"
+ become: true
+
+- name: "Default: we don't need a new certificate"
+ set_fact: needcert=False
+
+- name: "Set need cert if key is missing"
+ set_fact: needcert=True
+ when: key.stat.exists == false
+
+- name: "set needcert if cert is missing"
+ set_fact: needcert=True
+ when: cert.stat.exists == false
+
+- name: "set needcert if cert doesn't match key"
+ set_fact: needcert=True
+ when: certcheck.stdout == '2'
+
+
+- name: "Creating Keypair"
+ shell: "echo noop when using easy-rsa"
+ when: needcert
+
+- name: "Creating CSR"
+ shell: " cd /etc/easy-rsa/2.0; source ./vars; export EASY_RSA=\"${EASY_RSA:-.}\"; \"$EASY_RSA\"/pkitool --csr {{ x509_csr_args }} {{ common_name }}"
+ when: needcert
+ become: true
+
+- name: "Copy CSR to ansible host"
+ fetch: "src=/etc/easy-rsa/2.0/keys/{{ common_name }}.csr dest=/tmp/{{ common_name }}/ fail_on_missing=yes validate_md5=yes flat=yes"
+ become: true
+ when: needcert
+
+- name: "Copy CSR to CA"
+ delegate_to: "{{ x509_ca_server }}"
+ copy: "src=/tmp/{{ ansible_fqdn }}/{{ common_name }}.csr dest=/etc/easy-rsa/2.0/keys/{{ common_name }}.csr force=yes"
+ when: needcert
+ become: true
+
+- name: "Sign Certificate"
+ delegate_to: "{{ x509_ca_server }}"
+ shell: "source ./vars; export EASY_RSA=\"${EASY_RSA:-.}\" ;\"$EASY_RSA\"/pkitool --sign {{ common_name }}"
+ args:
+ chdir: "/etc/easy-rsa/2.0"
+ become: true
+ when: needcert
+
+- name: "Copy the Certificate to ansible host"
+ delegate_to: "{{ x509_ca_server }}"
+ fetch: "src=/etc/easy-rsa/2.0/keys/{{ common_name }}.crt dest=/tmp/{{ common_name }}/ fail_on_missing=yes validate_md5=yes flat=yes"
+ become: true
+ when: needcert
+
+- name: "Copy the CA Certificate to the ansible host"
+ delegate_to: "{{ x509_ca_server }}"
+ fetch: "src=/etc/easy-rsa/2.0/keys/ca.crt dest=/tmp/ca.crt fail_on_missing=yes validate_md5=yes flat=yes"
+ become: true
+ when: "ca_cert.stat.exists == false"
+
+- name: "Copy the certificate to the node"
+ copy: "src=/tmp/{{ common_name }}/{{ common_name }}.crt dest={{ x509_cert_file }} force=yes"
+ become: true
+ when: needcert
+
+- name: "Copy the CA certificate to the node"
+ copy: "src=/tmp/ca.crt dest={{ x509_cacert_file }}"
+ become: true
+ when: "ca_cert.stat.exists == false"
+
+- name: "Copy the key to the correct location"
+ shell: "mkdir -p `dirname {{ x509_key_file }}` ; chmod 700 `dirname {{ x509_key_file }}` ; cp /etc/easy-rsa/2.0/keys/{{ common_name }}.key {{ x509_key_file }}"
+ become: true
+ when: needcert
diff --git a/buildKaraage3.x.yml b/buildKaraage3.x.yml
new file mode 100644
index 00000000..fcd33602
--- /dev/null
+++ b/buildKaraage3.x.yml
@@ -0,0 +1,216 @@
+---
+-
+ hosts: ldap-server
+ pre_tasks:
+ - sysctl: name=kernel.hostname value={{ inventory_hostname }} state=present
+ ignore_errors: yes
+ - service: name=network state=restarted
+ when: ansible_os_family == 'RedHat'
+ roles:
+ - etcHosts
+ - easy-rsa-CA
+ - easy-rsa-certificate
+ - ldapserver
+ become: true
+ vars:
+ - x509_ca_server: "{% for host in groups['ldap-server'] %}{{ hostvars[host]['ansible_fqdn'] }}{% endfor %}"
+ - countryName: "AU"
+ - reginalName: "Victoria"
+ - cityName: "Melbourne"
+ - organizationName: "Monash University"
+ - emailAddress: "shahaan@gmail.com"
+ - organizationUnit: "defaultUnit"
+ - ldapDomain: "dc=monash,dc=edu,dc=au"
+ - ldapManager: "cn=Manager,dc=monash,dc=edu,dc=au"
+ - ldapBindDN: "cn=ldapuser,ou=users,dc=monash,dc=edu,dc=au"
+ - ldapUserBase: "ou=users,dc=monash,dc=edu,dc=au"
+ - ldapGroupBase: "ou=groups,dc=monash,dc=edu,dc=au"
+ - ldapBase: "dc=monash,dc=edu,dc=au"
+ - ldapURI: "{% for host in groups['ldap-server'] %}ldaps://{{ hostvars[host]['ansible_fqdn'] }}{% endfor %}"
+ - smtp_smarthost: "{{ ansible_hostname }}"
+ - ldapManagerPassword: "imldap"
+ - ldapBindDNPassword: "imbinddn"
+ - domain: ""
+ - karaage_sql_password: "imkaraage"
+ - mysql_root_password: "immysql"
+ - x509_key_file: "/etc/ssl/private/server.key"
+ - x509_cert_file: "/etc/ssl/certs/server.crt"
+ - x509_cacert_file: "/etc/ssl/certs/ca.crt"
+ - x509_csr_args: ""
+ - x509_sign_args: "{{ x509_csr_args }}"
+ - x509_common_name: "{{ inventory_hostname }}"
+-
+ hosts: karaage-server
+ pre_tasks:
+ - sysctl: name=kernel.hostname value={{ inventory_hostname }} state=present
+ ignore_errors: yes
+ - service: name=network state=restarted
+ when: ansible_os_family == 'RedHat'
+ roles:
+ - etcHosts
+ - easy-rsa-certificate
+ - karaage3.1.17
+ - shibboleth-sp
+ become: true
+ vars:
+ - x509_ca_server: "{% for host in groups['ldap-server'] %}{{ hostvars[host]['ansible_fqdn'] }}{% endfor %}"
+ - countryName: "AU"
+ - reginalName: "Victoria"
+ - cityName: "Melbourne"
+ - organizationName: "Monash University"
+ - emailAddress: "shahaan@gmail.com"
+ - organizationUnit: "defaultUnit"
+ - ldapDomain: "dc=monash,dc=edu,dc=au"
+ - ldapManager: "cn=Manager,dc=monash,dc=edu,dc=au"
+ - ldapBindDN: "cn=ldapuser,ou=users,dc=monash,dc=edu,dc=au"
+ - ldapUserBase: "ou=users,dc=monash,dc=edu,dc=au"
+ - ldapGroupBase: "ou=groups,dc=monash,dc=edu,dc=au"
+ - ldapBase: "dc=monash,dc=edu,dc=au"
+ - ldapURI: "{% for host in groups['ldap-server'] %}ldaps://{{ hostvars[host]['ansible_fqdn'] }}{% endfor %}"
+ - smtp_smarthost: "{{ ansible_hostname }}"
+ - ldapManagerPassword: "imldap"
+ - ldapBindDNPassword: "imbinddn"
+ - domain: ""
+ - karaage_sql_password: "imkaraage"
+ - mysql_root_password: "immysql"
+ - x509_key_file: "/etc/ssl/private/server.key"
+ - x509_cert_file: "/etc/ssl/certs/server.crt"
+ - x509_cacert_file: "/etc/ssl/certs/ca.crt"
+ - x509_csr_args: ""
+ - x509_sign_args: "{{ x509_csr_args }}"
+ - x509_common_name: "{{ inventory_hostname }}"
+ - aaf_federation_url: "https://ds.test.aaf.edu.au/distribution/metadata"
+ - aaf_discovery_url: "https://ds.test.aaf.edu.au/discovery/DS"
+ - admin_email: "shahaan@gmail.com"
+ - aaf_metadata_xml: '<EntityDescriptor entityID="https://vm-118-138-241-159.erc.monash.edu.au/shibboleth" xmlns="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xsi:schemaLocation="urn:oasis:names:tc:SAML:2.0:metadata saml-schema-metadata-2.0.xsd urn:mace:shibboleth:metadata:1.0 shibboleth-metadata-1.0.xsd http://www.w3.org/2000/09/xmldsig# xmldsig-core-schema.xsd">
+ <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
+ <Extensions>
+ <dsr:DiscoveryResponse xmlns:dsr="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Binding="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Location="https://vm-118-138-241-159.erc.monash.edu.au/Shibboleth.sso/Login" index="0" isDefault="true" />
+ </Extensions>
+ <KeyDescriptor use="signing">
+ <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <ds:X509Data>
+ <ds:X509Certificate>
+MIIFDDCCA/SgAwIBAgIJALO1/Blx64tvMA0GCSqGSIb3DQEBCwUAMIG0MQswCQYD
+VQQGEwJBVTEMMAoGA1UECBMDVklDMRIwEAYDVQQHEwlNZWxib3VybmUxDTALBgNV
+BAoTBE1lUkMxETAPBgNVBAsTCG9wZW5sZGFwMS0wKwYDVQQDEyR2bS0xMTgtMTM4
+LTI0MS0xNTkuZXJjLm1vbmFzaC5lZHUuYXUxEDAOBgNVBCkTB0Vhc3lSU0ExIDAe
+BgkqhkiG9w0BCQEWEXNoYWhhYW5AZ21haWwuY29tMB4XDTE1MDMyMzEyMjYzOFoX
+DTI1MDMyMDEyMjYzOFowgbQxCzAJBgNVBAYTAkFVMQwwCgYDVQQIEwNWSUMxEjAQ
+BgNVBAcTCU1lbGJvdXJuZTENMAsGA1UEChMETWVSQzERMA8GA1UECxMIb3Blbmxk
+YXAxLTArBgNVBAMTJHZtLTExOC0xMzgtMjQxLTE1OS5lcmMubW9uYXNoLmVkdS5h
+dTEQMA4GA1UEKRMHRWFzeVJTQTEgMB4GCSqGSIb3DQEJARYRc2hhaGFhbkBnbWFp
+bC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDTcsIqn/HKgeRK
+gj4rXYu8V/kTkv63d2Rtmv6zSlRwtjKBCvePEo/4ZpwOK235kBfX9KZKU9wlyFhf
+DdmOvIBYvhrLqtIYNfMWLt8iUFkdt2N/dNmftu7WUXuZezsRXMqbPG7dLjMLyJ7D
+7UCox1IB2SYzHx0K9w7PtCleV5A/o9Eg/7G8/FvOCB5askY/YywzEWLrxIYYn6Cr
+Gsioh5hXxac9p3KuO6dvbMLIMHVZ4u7mbLrdp/e6TZTlyZN+Tfbjta0VYBw0beuS
+KpwZc8Toow2B22O3K15o6tr0nvVSTEj2Qrd+LPolFSFBKVaD+9G/i0FMLHNOuQVP
+Cw/62vEnAgMBAAGjggEdMIIBGTAdBgNVHQ4EFgQUouRhu/Wc+jU1rfUd+kiqbtg/
+q3cwgekGA1UdIwSB4TCB3oAUouRhu/Wc+jU1rfUd+kiqbtg/q3ehgbqkgbcwgbQx
+CzAJBgNVBAYTAkFVMQwwCgYDVQQIEwNWSUMxEjAQBgNVBAcTCU1lbGJvdXJuZTEN
+MAsGA1UEChMETWVSQzERMA8GA1UECxMIb3BlbmxkYXAxLTArBgNVBAMTJHZtLTEx
+OC0xMzgtMjQxLTE1OS5lcmMubW9uYXNoLmVkdS5hdTEQMA4GA1UEKRMHRWFzeVJT
+QTEgMB4GCSqGSIb3DQEJARYRc2hhaGFhbkBnbWFpbC5jb22CCQCztfwZceuLbzAM
+BgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQDFKPmj1TGpUZsdviOwMjU/
+IHqZ+3RwFcvkfBu8JmwxaO86GrC1mwZyQExvQLQF6LLaGHyVlZa3PxUkmcqq1for
+ZcYYyVRip4fgtOI6WcKg+nWI9+rDX5fU5gZAYm3er4MNZ/R7sTmgHEemOcuSiatQ
+hDoUkv9GOZKoxw4uJJq/yUumAkziAIuMWoTHYrR9cqOkoKQiFUjqmhI3m4phtoV4
+OaeVf3hkhXakbk1OkAAAzPxsrpAaUM5eLC75SV5Hopid9ltpFjpD457TXKdE+IyB
+oBDUnCaHSkrDmbeX6iSUHLWjjcOs0MI0UOXH+XNKNR3kUUvS+0ZCwRIPXc11/AFN
+</ds:X509Certificate>
+ </ds:X509Data>
+ </ds:KeyInfo>
+ </KeyDescriptor>
+ <KeyDescriptor use="encryption">
+ <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <ds:X509Data>
+ <ds:X509Certificate>
+MIIFDDCCA/SgAwIBAgIJALO1/Blx64tvMA0GCSqGSIb3DQEBCwUAMIG0MQswCQYD
+VQQGEwJBVTEMMAoGA1UECBMDVklDMRIwEAYDVQQHEwlNZWxib3VybmUxDTALBgNV
+BAoTBE1lUkMxETAPBgNVBAsTCG9wZW5sZGFwMS0wKwYDVQQDEyR2bS0xMTgtMTM4
+LTI0MS0xNTkuZXJjLm1vbmFzaC5lZHUuYXUxEDAOBgNVBCkTB0Vhc3lSU0ExIDAe
+BgkqhkiG9w0BCQEWEXNoYWhhYW5AZ21haWwuY29tMB4XDTE1MDMyMzEyMjYzOFoX
+DTI1MDMyMDEyMjYzOFowgbQxCzAJBgNVBAYTAkFVMQwwCgYDVQQIEwNWSUMxEjAQ
+BgNVBAcTCU1lbGJvdXJuZTENMAsGA1UEChMETWVSQzERMA8GA1UECxMIb3Blbmxk
+YXAxLTArBgNVBAMTJHZtLTExOC0xMzgtMjQxLTE1OS5lcmMubW9uYXNoLmVkdS5h
+dTEQMA4GA1UEKRMHRWFzeVJTQTEgMB4GCSqGSIb3DQEJARYRc2hhaGFhbkBnbWFp
+bC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDTcsIqn/HKgeRK
+gj4rXYu8V/kTkv63d2Rtmv6zSlRwtjKBCvePEo/4ZpwOK235kBfX9KZKU9wlyFhf
+DdmOvIBYvhrLqtIYNfMWLt8iUFkdt2N/dNmftu7WUXuZezsRXMqbPG7dLjMLyJ7D
+7UCox1IB2SYzHx0K9w7PtCleV5A/o9Eg/7G8/FvOCB5askY/YywzEWLrxIYYn6Cr
+Gsioh5hXxac9p3KuO6dvbMLIMHVZ4u7mbLrdp/e6TZTlyZN+Tfbjta0VYBw0beuS
+KpwZc8Toow2B22O3K15o6tr0nvVSTEj2Qrd+LPolFSFBKVaD+9G/i0FMLHNOuQVP
+Cw/62vEnAgMBAAGjggEdMIIBGTAdBgNVHQ4EFgQUouRhu/Wc+jU1rfUd+kiqbtg/
+q3cwgekGA1UdIwSB4TCB3oAUouRhu/Wc+jU1rfUd+kiqbtg/q3ehgbqkgbcwgbQx
+CzAJBgNVBAYTAkFVMQwwCgYDVQQIEwNWSUMxEjAQBgNVBAcTCU1lbGJvdXJuZTEN
+MAsGA1UEChMETWVSQzERMA8GA1UECxMIb3BlbmxkYXAxLTArBgNVBAMTJHZtLTEx
+OC0xMzgtMjQxLTE1OS5lcmMubW9uYXNoLmVkdS5hdTEQMA4GA1UEKRMHRWFzeVJT
+QTEgMB4GCSqGSIb3DQEJARYRc2hhaGFhbkBnbWFpbC5jb22CCQCztfwZceuLbzAM
+BgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQDFKPmj1TGpUZsdviOwMjU/
+IHqZ+3RwFcvkfBu8JmwxaO86GrC1mwZyQExvQLQF6LLaGHyVlZa3PxUkmcqq1for
+ZcYYyVRip4fgtOI6WcKg+nWI9+rDX5fU5gZAYm3er4MNZ/R7sTmgHEemOcuSiatQ
+hDoUkv9GOZKoxw4uJJq/yUumAkziAIuMWoTHYrR9cqOkoKQiFUjqmhI3m4phtoV4
+OaeVf3hkhXakbk1OkAAAzPxsrpAaUM5eLC75SV5Hopid9ltpFjpD457TXKdE+IyB
+oBDUnCaHSkrDmbeX6iSUHLWjjcOs0MI0UOXH+XNKNR3kUUvS+0ZCwRIPXc11/AFN
+</ds:X509Certificate>
+ </ds:X509Data>
+ </ds:KeyInfo>
+ </KeyDescriptor>
+ <ContactPerson contactType="technical">
+ <Company>Monash University</Company>
+ <GivenName>Shahaan</GivenName>
+ <SurName>Ayyub</SurName>
+ <EmailAddress>mailto:shahaan.ayyub@monash.edu</EmailAddress>
+ </ContactPerson>
+ <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="https://vm-118-138-241-159.erc.monash.edu.au/Shibboleth.sso/SLO/Artifact" />
+ <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://vm-118-138-241-159.erc.monash.edu.au/Shibboleth.sso/SLO/POST" />
+ <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://vm-118-138-241-159.erc.monash.edu.au/Shibboleth.sso/SLO/SOAP" />
+ <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://vm-118-138-241-159.erc.monash.edu.au/Shibboleth.sso/SLO/Redirect" />
+ <ManageNameIDService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://vm-118-138-241-159.erc.monash.edu.au/Shibboleth.sso/NIM/POST" />
+ <ManageNameIDService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://vm-118-138-241-159.erc.monash.edu.au/Shibboleth.sso/NIM/Redirect" />
+ <ManageNameIDService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://vm-118-138-241-159.erc.monash.edu.au/Shibboleth.sso/NIM/SOAP" />
+ <ManageNameIDService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="https://vm-118-138-241-159.erc.monash.edu.au/Shibboleth.sso/NIM/Artifact" />
+ <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>
+ <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="https://vm-118-138-241-159.erc.monash.edu.au/Shibboleth.sso/SAML2/Artifact" index="3" isDefault="false" />
+ <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://vm-118-138-241-159.erc.monash.edu.au/Shibboleth.sso/SAML2/POST" index="1" isDefault="true" />
+ <AttributeConsumingService index="1" isDefault="false">
+ <ServiceName xml:lang="en">vm-118-138-241-159.erc.monash.edu.au</ServiceName>
+ <RequestedAttribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" Name="urn:oid:2.5.4.3" FriendlyName="commonName" isRequired="true" />
+ <RequestedAttribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" Name="urn:oid:0.9.2342.19200300.100.1.3" FriendlyName="email" isRequired="true" />
+ <RequestedAttribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" Name="urn:oid:2.5.4.42" FriendlyName="givenName" isRequired="false" />
+ <RequestedAttribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" Name="urn:oid:2.5.4.4" FriendlyName="surname" isRequired="true" />
+ </AttributeConsumingService>
+ </SPSSODescriptor>
+ <Organization>
+ <OrganizationName xml:lang="en">monash.edu.au</OrganizationName>
+ <OrganizationDisplayName xml:lang="en">Monash University</OrganizationDisplayName>
+ <OrganizationURL xml:lang="en">https://manager.aaf.edu.au/support</OrganizationURL>
+ </Organization>
+</EntityDescriptor>'
+ - aaf_metadata_cert: '-----BEGIN CERTIFICATE-----
+MIIEbDCCA1SgAwIBAgIESWrmGDANBgkqhkiG9w0BAQUFADCB9zEQMA4GA1UEBhMH
+VW5rbm93bjEQMA4GA1UECBMHVW5rbm93bjEQMA4GA1UEBxMHVW5rbm93bjEQMA4G
+A1UEChMHVW5rbm93bjFaMFgGA1UECxNRb3BlbnNzbCB4NTA5IC1vdXQgbWV0YWRh
+dGEtY2VydC5wZW0gLW91dGZvcm0gcGVtIC1pbiBtZXRhZGF0YS1kZXIuY3J0IC1p
+bmZvcm0gZGVyMVEwTwYDVQQDDEhrZXl0b29sIC1rZXlzdG9yZSBrZXlzdG9yZS5r
+cyAtZXhwb3J0IC1hbGlhcyBtZXRhZGF0YSA+IG1ldGFkYXRhLWRlci5jcnQwHhcN
+MDkwMTEyMDY0MTI4WhcNMTQwMTExMDY0MTI4WjCB9zEQMA4GA1UEBhMHVW5rbm93
+bjEQMA4GA1UECBMHVW5rbm93bjEQMA4GA1UEBxMHVW5rbm93bjEQMA4GA1UEChMH
+VW5rbm93bjFaMFgGA1UECxNRb3BlbnNzbCB4NTA5IC1vdXQgbWV0YWRhdGEtY2Vy
+dC5wZW0gLW91dGZvcm0gcGVtIC1pbiBtZXRhZGF0YS1kZXIuY3J0IC1pbmZvcm0g
+ZGVyMVEwTwYDVQQDDEhrZXl0b29sIC1rZXlzdG9yZSBrZXlzdG9yZS5rcyAtZXhw
+b3J0IC1hbGlhcyBtZXRhZGF0YSA+IG1ldGFkYXRhLWRlci5jcnQwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZgh/InL2LixNtzuA+dNXSn19/W4IMbD6+
+Zzysk/jMi4Sgr4FrEfMeTi2G2/rpf32TeSG1P4MZqqyy5yuhNX7RQTFSZyl5D9cs
+98dE7FY/g7uySGv7oao1rkJfEmFmcZQIvRkLs89PQqKok2/m807DnzF1zCAt+YcY
+wqHyXyTrzxr4hMDDB2Ij8PeDZeSIB3s/CK2F6hIg13VeYEZjAWf4KPwsOteuzR4Y
+uuuGDlNFjcJGu+97N4LTnOBb6uW8qNtAAq6UWtA28A4KQejrzBZrfBGPLGbe6KHs
+WrziN2uk8kEY1TQw0cp+Am/ph8nl00KU+oVrswjS8oUklL98C5LnAgMBAAEwDQYJ
+KoZIhvcNAQEFBQADggEBAEy0xLMJBneC+DQ0cSNH3kXaW9cdqzsoD/UawJHaDqIJ
+UjIslR38p5H3pRQ7rZ1+c7z0lUaBqQO/i+MZUEMHCpbhEcZK0Ep5dlWc80DFGSxS
+ItbghQ5loS4JOgKYZZdRSzCxV3PAqlzqXoZrFeaeJL7xFIRglpphN06joOlX0zQM
+0iN8qn7oTTaR3U2Kxkh6NQ2qTH3IvP71YJnjSzljqZHFughhTpl8cA8i9ijcmeyP
+Y5TYJTbtwQ0X+435LTX8xxW/B4E8XnH7iEOykvfZMYxt5cSrtzF1eAMQ/ln2r54O
+bk0oX1BGue0XcgeMObQrs/eC+2uspENHKtUdYDU0OK4=
+-----END CERTIFICATE-----'
diff --git a/createNode b/createNode
new file mode 100644
index 00000000..779ebebe
--- /dev/null
+++ b/createNode
@@ -0,0 +1,157 @@
+#!/usr/bin/env python
+import sys, os, string, subprocess, socket, ansible.runner, re
+import copy, shlex,uuid, random, multiprocessing, time, shutil
+import novaclient.v1_1.client as nvclient
+import novaclient.exceptions as nvexceptions
+import glanceclient.v2.client as glclient
+import keystoneclient.v2_0.client as ksclient
+
+class Authenticate:
+
+ def __init__(self, username, passwd):
+ self.username=username
+ self.passwd=passwd
+ self.tenantName= os.environ['OS_TENANT_NAME']
+ self.authUrl="https://keystone.rc.nectar.org.au:5000/v2.0"
+ kc = ksclient.Client( auth_url=self.authUrl,
+ username=self.username,
+ password=self.passwd)
+ self.tenantList=kc.tenants.list()
+ self.novaSemaphore = multiprocessing.BoundedSemaphore(value=1)
+
+ def createNovaObject(self,tenantName):
+ for tenant in self.tenantList:
+ if tenant.name == tenantName:
+ try:
+ nc = nvclient.Client( auth_url=self.authUrl,
+ username=self.username,
+ api_key=self.passwd,
+ project_id=tenant.name,
+ tenant_id=tenant.id,
+ service_type="compute"
+ )
+ return nc
+ except nvexceptions.ClientException:
+ raise
+
+ def gatherInfo(self):
+
+ for tenant in self.tenantList: print tenant.name
+ tenantName = raw_input("Please select a project: (Default MCC-On-R@CMON):")
+ if not tenantName or tenantName not in [tenant.name for tenant in self.tenantList]:
+ tenantName = "MCC_On_R@CMON"
+ print tenantName,"selected\n"
+
+ ## Fetch the Nova Object
+
+ nc = self.createNovaObject(tenantName)
+
+ ## Get the Flavor
+ flavorList = nc.flavors.list()
+ for flavor in flavorList: print flavor.name
+ flavorName = raw_input("Please select a Flavor Name: (Default m1.xxlarge):")
+ if not flavorName or flavorName not in [flavor.name for flavor in flavorList]:
+ flavorName = "m1.xxlarge"
+ print flavorName,"selected\n"
+
+
+ ## Get the Availability Zones
+ az_p1 = subprocess.Popen(shlex.split\
+ ("nova availability-zone-list"),stdout=subprocess.PIPE)
+ az_p2 = subprocess.Popen(shlex.split\
+ ("""awk '{if ($2 && $2 != "Name")print $2}'"""),\
+ stdin=az_p1.stdout,stdout=subprocess.PIPE)
+ availabilityZonesList = subprocess.Popen(shlex.split\
+ ("sort"),stdin=az_p2.stdout,stdout=subprocess.PIPE).communicate()[0]
+ print availabilityZonesList
+ availabilityZone = raw_input("Please select an availability zone: (Default monash-01):")
+ if not availabilityZone or \
+ availabilityZone not in [ zone for zone in availabilityZonesList.split()]:
+ availabilityZone = "monash-01"
+ print availabilityZone,"selected\n"
+
+ ## Get the number of instances to spawn
+ numberOfInstances = raw_input\
+ ("Please specify the number of instances to launch: (Default 1):")
+ if not numberOfInstances or \
+ not isinstance(int(numberOfInstances), int):
+ numberOfInstances = 1
+ subprocess.call(['clear'])
+ flavorObj = nc.flavors.find(name=flavorName)
+ print "Creating",numberOfInstances,\
+ "instance(s) in",availabilityZone,"zone..."
+ instanceList = []
+ for counter in range(0,int(numberOfInstances)):
+ nodeName = "MCC-Node"+str(random.randrange(1,1000))
+ try:
+ novaInstance = nc.servers.create\
+ (name=nodeName,image="ddc13ccd-483c-4f5d-a5fb-4b968aaf385b",\
+ flavor=flavorObj,key_name="shahaan",\
+ availability_zone=availabilityZone)
+ instanceList.append(novaInstance)
+ except nvexceptions.ClientException:
+ raise
+ continue
+
+ while 'BUILD' in [novaInstance.status \
+ for novaInstance in instanceList]:
+ for count in range(0,len(instanceList)):
+ time.sleep(5)
+ if instanceList[count].status != 'BUILD':
+ continue
+ else:
+ try:
+ instanceList[count] = nc.servers.get(instanceList[count].id)
+ except nvexceptions.ClientException or \
+ nvexceptions.ConnectionRefused or \
+ nvexceptions.InstanceInErrorState:
+ raise
+ del instanceList[count]
+ continue
+ activeHostsList = []
+ SSHports = []
+ for novaInstance in instanceList:
+ if novaInstance.status == 'ACTIVE':
+ hostname = socket.gethostbyaddr(novaInstance.networks.values()[0][0])[0]
+ activeHostsList.append(hostname)
+ SSHDict = {}
+ SSHDict['IP'] = novaInstance.networks.values()[0][0]
+ SSHDict['status'] = 'CLOSED'
+ SSHports.append(SSHDict)
+ print "Scanning if port 22 is open..."
+ sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+ while 'CLOSED' in [host['status'] for host in SSHports]:
+ for instance in range(0,len(SSHports)):
+ sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+ if SSHports[instance]['status'] == 'CLOSED' and not sock.connect_ex((SSHports[instance]['IP'], 22)):
+ SSHports[instance]['status'] = 'OPEN'
+ print "Port 22, opened for IP:",SSHports[instance]['IP']
+ else:
+ time.sleep(5)
+ sock.close()
+
+ fr = open('/etc/ansible/hosts.rpmsave','r+')
+ fw = open('hosts.temp','w+')
+ lines = fr.readlines()
+ for line in lines:
+ fw.write(line)
+ if re.search('\[new-servers\]',line):
+ for host in activeHostsList: fw.write(host+'\n')
+ fr.close()
+ fw.close()
+ shutil.move('hosts.temp','/etc/ansible/hosts')
+ print "Building the Nodes now..."
+ subprocess.call(shlex.split("/mnt/nectar-nfs/root/swStack/ansible/bin/ansible-playbook /mnt/nectar-nfs/root/ansible-config-root/mcc-nectar-dev/buildNew.yml -v"))
+
+if __name__ == "__main__":
+ username = os.environ['OS_USERNAME']
+ passwd = os.environ['OS_PASSWORD']
+ choice = raw_input(username + " ? (y/n):")
+ while choice and choice not in ("n","y"):
+ print "y or n please"
+ choice = raw_input()
+ if choice == "n":
+ username = raw_input("username :")
+ passwd = raw_input("password :")
+ auth = Authenticate(username, passwd)
+ auth.gatherInfo()
diff --git a/dynamicInventory-mcc2 b/dynamicInventory-mcc2
new file mode 100755
index 00000000..dd761641
--- /dev/null
+++ b/dynamicInventory-mcc2
@@ -0,0 +1,76 @@
+#!/usr/bin/env python
+import sys, os, string, socket, re
+import shlex, multiprocessing, time, shutil, json
+from novaclient import client as nvclient
+import novaclient.exceptions as nvexceptions
+import keystoneclient.v2_0.client as ksclient
+from joblib import Parallel, delayed
+from multiprocessing import Process, Manager, Pool
+from libnmap.process import NmapProcess
+from libnmap.parser import NmapParser, NmapParserException
+
+def gatherInfo(tenantName, tenantID, userName, passwd, authUrl, inventory):
+ ## Fetch the Nova Object
+ projectName = os.path.basename(sys.argv[0])
+ nc = nvclient.Client( auth_url=authUrl,
+ username=userName,
+ api_key=passwd,
+ project_id=tenantName,
+ tenant_id=tenantID,
+ version="2"
+ )
+ for server in nc.servers.list():
+ if server.metadata and \
+ 'ansible_host_groups' in server.metadata and \
+ 'project_name' in server.metadata:
+ if server.metadata['project_name'].strip() != projectName.strip(): continue
+ unwantedChars = """][")("""
+ rgx = re.compile('[%s]' % unwantedChars)
+ ansible_groups = rgx.sub('', server.metadata['ansible_host_groups']).split(',')
+ hostname = socket.gethostbyaddr(server.networks.values()[0][0])[0]
+ novaVolumes = nc.volumes.get_server_volumes(server.id)
+ # Let's do some port scanning using nmap
+ nmproc = NmapProcess(hostname, "-p 22 -sV -Pn")
+ rc = nmproc.run()
+ if rc != 0: continue
+ parsed = NmapParser.parse(nmproc.stdout)
+ # Set Ansible Host Group
+ for group in ansible_groups:
+ groupName = group.strip()
+ if groupName not in inventory: inventory[groupName] = []
+ inventory[groupName].append(hostname)
+ # Add other metadata
+ for key, value in server.metadata.iteritems():
+ if key not in ('project_name','ansible_host_groups'):
+ inventory['_meta']['hostvars'][hostname] = { key:value }
+ if novaVolumes:
+ inventory['_meta']['hostvars'][hostname]['volumeList'] = [ volume.id for volume in novaVolumes ]
+ inventory['_meta']['hostvars'][hostname]['status'] = parsed.hosts[0].status
+ else:
+ continue
+ #print inventory
+
+if __name__ == "__main__":
+ inventory = {}
+ inventory['_meta'] = { 'hostvars': {} }
+ try:
+ authUrl = os.environ['OS_AUTH_URL']
+ userName = os.environ['OS_USERNAME']
+ passwd = os.environ['OS_PASSWORD']
+ except KeyError:
+ print "Env Variables not set, Please run: source <openstack rc file>"
+ sys.exit()
+ kc = ksclient.Client(auth_url=authUrl, username=userName, password=passwd)
+ tenancies = kc.tenants.list()
+ Parallel(n_jobs=len(tenancies), backend="threading")(delayed(gatherInfo)
+ (tenant.name, tenant.id, userName, passwd, authUrl, inventory)
+ for tenant in tenancies)
+ if not inventory['_meta']['hostvars']:
+ print "I could not find any project called ", os.path.basename(sys.argv[0]), "in any of "
+ for tenancy in tenancies: print tenancy.name
+ print "\n1. You can select a project by symlinking to it, for example if you have a project called myProject do ln -s dynamicInventory-mcc2 myProject\n and then run ./myProject"
+ print "2. It is also possible that none of your VMs are allocated to myProject, please add them to the project: e.g. by running"
+ print 'nova --os-tenant-name TF_NNF --os-tenant-id 033asdda60d7046b6affdf31d14asdasb meta nodex set project_name="myProject"'
+ sys.exit()
+ else:
+ print json.dumps(inventory)
diff --git a/extra_packages/tasks/main.yml b/extra_packages/tasks/main.yml
new file mode 100644
index 00000000..5a8c8764
--- /dev/null
+++ b/extra_packages/tasks/main.yml
@@ -0,0 +1,20 @@
+---
+- name: "Install extra packages"
+ yum: "name={{ item }} state=present"
+ with_items: "{{ pkgs }}"
+ become: true
+ ignore_errors: true
+ when: ansible_os_family == 'RedHat'
+
+- name: "Check fusermount user access permission"
+ shell: fusermount --version
+ ignore_errors: true
+ register: fusermount_user_access_error
+ when: ansible_os_family == 'RedHat'
+
+- name: "Fix fusermount user access permission"
+ file: path=/bin/fusermount mode="o=rx"
+ become: true
+ when: ansible_os_family == 'RedHat' and fusermount_user_access_error.failed
+
+
diff --git a/extra_packages/vars/main.yml b/extra_packages/vars/main.yml
new file mode 100644
index 00000000..b70d611e
--- /dev/null
+++ b/extra_packages/vars/main.yml
@@ -0,0 +1,254 @@
+pkgs:
+ - atlas
+ - babel
+ - bc
+ - bitmap-console-fonts
+ - bitmap-fangsongti-fonts
+ - bitmap-fixed-fonts
+ - bitmap-fonts-compat
+ - bitmap-lucida-typewriter-fonts
+ - bitmap-miscfixed-fonts
+ - blas
+ - compiz-gnome
+ - db4-cxx
+ - db4-devel
+ - dejavu-sans-fonts
+ - enchant
+ - eog
+ - evince
+ - finger
+ - fftw
+ - file-roller
+ - firefox
+ - firstboot
+ - fltk
+ - fontconfig
+ - fontpackages-filesystem
+ - freeglut
+ - ftgl
+ - fuse-sshfs
+ - gd
+ - gdbm-devel
+ - gdm
+ - gedit
+ - gettext
+ - gettext-libs
+ - ghostscript-fonts
+ - giflib
+ - giflib
+ - glibc
+ - glibc
+ - glx-utils
+ - gnome-applets
+ - gnome-backgrounds
+ - gnome-bluetooth-libs
+ - gnome-desktop
+ - gnome-disk-utility
+ - gnome-disk-utility-libs
+ - gnome-disk-utility-ui-libs
+ - gnome-doc-utils-stylesheets
+ - gnome-icon-theme
+ - gnome-keyring
+ - gnome-keyring-pam
+ - gnome-mag
+ - gnome-media
+ - gnome-media-libs
+ - gnome-menus
+ - gnome-panel
+ - gnome-panel-libs
+ - gnome-python2
+ - gnome-python2-applet
+ - gnome-python2-bonobo
+ - gnome-python2-canvas
+ - gnome-python2-desktop
+ - gnome-python2-extras
+ - gnome-python2-gconf
+ - gnome-python2-gnome
+ - gnome-python2-gnomevfs
+ - gnome-python2-libegg
+ - gnome-python2-libwnck
+ - gnome-screensaver
+ - gnome-session
+ - gnome-session-xsession
+ - gnome-settings-daemon
+ - gnome-speech
+ - gnome-system-monitor
+ - gnome-terminal
+ - gnome-themes
+ - gnome-user-docs
+ - gnome-user-share
+ - gnome-utils
+ - gnome-utils-libs
+ - gnome-vfs2
+ - gnome-vfs2-smb
+ - graphviz
+ - gsl
+ - gtkglext-libs
+ - gtksourceview2
+ - gvfs-fuse
+ - hal
+ - hdf
+ - hdf
+ - hdf5
+ - ImageMagick
+ - ImageMagick-c++
+ - inotify-tools
+ - java-1.7.0-openjdk
+ - jline
+ - lapack
+ - leafpad
+ - libblkid
+ - libdrm
+ - libfontenc
+ - libgail-gnome
+ - libgnome
+ - libgnomecanvas
+ - libgnomekbd
+ - libgnomeui
+ - libICE
+ - libjpeg
+ - libopenraw-gnome
+ - libSM
+ - libuuid
+ - libX11
+ - libXau
+ - libXaw
+ - libxcb
+ - libXext
+ - libXext-devel
+ - libXfont
+ - libXi
+ - libXinerama
+ - libxml2
+ - libxml2-python
+ - libXp
+ - libXpm
+ - libXt
+ - libXtst
+ - mailx
+ - man
+ - mod_ssl
+ - mysql-server
+ - nagios-plugins
+ - nagios-plugins-disk
+ - nagios-plugins-load
+ - nagios-plugins-nrpe
+ - nagios-plugins-perl
+ - nagios-plugins-users
+ - nautilus
+ - nautilus-open-terminal
+ - neon
+ - nrpe
+ - nss-softokn-freebl
+ - numactl
+ - numpy
+ - numpy-f2py
+ - openmotif
+ - openssh-askpass
+ - openssl098e
+ - oxygen-icon-theme
+ - perl-devel
+ - perl-ExtUtils-MakeMaker
+ - perl-ExtUtils-ParseXS
+ - perl-HTML-Parser
+ - perl-HTML-Tagset
+ - perl-Test-Harness
+ - perl-Time-HiRes
+ - pexpect
+ - php
+ - php-cli
+ - php-common
+ - php-ldap
+ - php-mysql
+ - php-pdo
+ - php-pear
+ - pinentry-gtk
+ - plymouth-system-theme
+ - polkit-gnome
+ - postgresql
+ - postgresql-contrib
+ - postgresql-devel
+ - postgresql-libs
+ - postgresql-server
+ - PyGreSQL
+ - pygtksourceview
+ - python-babel
+ - python-dateutil
+ - python-devel
+ - python-ldap
+ - python-matplotlib
+ - python-nose
+ - python-paramiko
+ - python-pmw
+ - python-setuptools
+ - python-psycopg2
+ - pytz
+ - qhull
+ - qt
+ - qt3
+ - qt-sqlite
+ - qt-x11
+ - rhino
+ - rsync
+ - samba-client
+ - scipy
+ - spice-vdagent
+ - suitesparse
+ - system-gnome-theme
+ - tcl
+ - tcsh
+ - Terminal
+ - texlive-texmf-errata-fonts
+ - texlive-texmf-fonts
+ - tk
+ - tkinter
+ - tumbler
+ - tzdata-java
+ - unixODBC
+ - unzip
+ - util-linux-ng
+ - uuid
+ - vim-X11
+ - vim-common
+ - vim-enhanced
+ - vim-minimal
+ - wacomexpresskeys
+ - wdaemon
+ - wxBase
+ - wxGTK
+ - wxGTK-gl
+ - wxGTK-media
+ - wxpropgrid
+ - wxPython
+ - xml-common
+ - xml-commons-apis
+ - xml-commons-resolver
+ - xmlrpc-c
+ - xmlrpc-c-client
+ - xorg-x11-drivers
+ - xorg-x11-fonts-100dpi
+ - xorg-x11-fonts-75dpi
+ - xorg-x11-fonts-cyrillic
+ - xorg-x11-fonts-ethiopic
+ - xorg-x11-fonts-ISO8859-1-100dpi
+ - xorg-x11-fonts-ISO8859-14-100dpi
+ - xorg-x11-fonts-ISO8859-14-75dpi
+ - xorg-x11-fonts-ISO8859-15-100dpi
+ - xorg-x11-fonts-ISO8859-15-75dpi
+ - xorg-x11-fonts-ISO8859-1-75dpi
+ - xorg-x11-fonts-ISO8859-2-100dpi
+ - xorg-x11-fonts-ISO8859-2-75dpi
+ - xorg-x11-fonts-ISO8859-9-100dpi
+ - xorg-x11-fonts-ISO8859-9-75dpi
+ - xorg-x11-fonts-misc
+ - xorg-x11-fonts-Type1
+ - xorg-x11-font-utils
+ - xorg-x11-server-utils
+ - xorg-x11-server-Xorg
+ - xorg-x11-util-macros
+ - xorg-x11-utils
+ - xorg-x11-xauth
+ - xorg-x11-xinit
+ - xvattr
+ - yum-utils
+ - zip
diff --git a/headNode.yaml b/headNode.yaml
new file mode 100644
index 00000000..d8fc004d
--- /dev/null
+++ b/headNode.yaml
@@ -0,0 +1,44 @@
+---
+description: " A simple template to boot a 3 node cluster"
+heat_template_version: 2013-05-23
+parameters:
+ image_id:
+ type: string
+ label: Image ID
+ description: Image to be used for compute instance
+ default: a5e74703-f343-415a-aa23-bd0f0aacfc9e
+ key_name:
+ type: string
+ label: Key Name
+ description: Name of key-pair to be used for compute instance
+ default: shahaan
+ availability_z:
+ type: string
+ label: Availability Zone
+ description: Availability Zone to be used for launching compute instance
+ default: monash-01
+resources:
+ headNode:
+ type: "OS::Nova::Server"
+ properties:
+ availability_zone: { get_param: availability_z }
+ flavor: m1.small
+ image: { get_param: image_id }
+ key_name: { get_param: key_name }
+ security_groups: [OpenVPN, NSF, default]
+ metadata:
+ ansible_host_group: headNode
+ ansible_ssh_user: ec2-user
+ ansible_ssh_private_key_file: /home/sgeadmin/.ssh/shahaan.pem
+ headVolume:
+ type: OS::Cinder::Volume
+ properties:
+ availability_zone: { get_param: availability_z }
+ description: Volume that will attach the headNode
+ name: headNodeVolume
+ size: 50
+ volumeAttachment:
+ type: OS::Cinder::VolumeAttachment
+ properties:
+ instance_uuid: { get_resource: headNode }
+ volume_id: { get_resource: headVolume }
diff --git a/installNFS.yml b/installNFS.yml
new file mode 100644
index 00000000..6568c450
--- /dev/null
+++ b/installNFS.yml
@@ -0,0 +1,24 @@
+---
+-
+ hosts: openvpn-servers
+ remote_user: ec2-user
+ roles:
+ #- OpenVPN-Server
+ - nfs-server
+ become: true
+ vars:
+ x509_ca_server: vm-118-138-240-224.erc.monash.edu.au
+-
+ hosts: openvpn-clients
+ remote_user: ec2-user
+ roles:
+ #- easy-rsa-common
+ #- easy-rsa-certificate
+ #- OpenVPN-Client
+ - syncExports
+ - nfs-client
+ become: true
+ vars:
+ x509_ca_server: vm-118-138-240-224.erc.monash.edu.au
+ openvpn_servers: ['vm-118-138-240-224.erc.monash.edu.au']
+ nfs_server: "vm-118-138-240-224.erc.monash.edu.au"
diff --git a/playbook/cvl2.yml b/playbook/cvl2.yml
new file mode 100644
index 00000000..908e3af3
--- /dev/null
+++ b/playbook/cvl2.yml
@@ -0,0 +1,192 @@
+---
+- hosts: all
+ vars_files:
+ - massive_var/main.yml
+ vars:
+ x509_ca_server: "{{ groups['ManagementNodes'][0] }}"
+ openvpn_servers: "{{ groups['ManagementNodes'] }}"
+ slurmctrl: "{{ groups['ManagementNodes'][0] }}"
+ slurmqueues:
+ - {name: batch, group: ComputeNodes, default: true}
+ roles:
+ - { role: etcHosts, domain: "{{ ldapDomain }}" }
+
+- hosts: 'ManagementNodes'
+ vars_files:
+ - massive_var/main.yml
+ - massive_var/package.yml
+ - massive_var/passwords.yml
+ vars:
+ x509_ca_server: "{{ groups['ManagementNodes'][0] }}"
+ openvpn_servers: "{{ groups['ManagementNodes'] }}"
+ slurmctrl: "{{ groups['ManagementNodes'][0] }}"
+ slurmqueues:
+ - {name: batch, group: ComputeNodes, default: true}
+ - {name: dev, group: ComputeNodesDev, default: false}
+ - {name: multicore, group: ComputeNodesLarge, default: false}
+ mkFileSystems:
+ - {fstype : 'ext4', dev: '/dev/vdc1', opts: ''}
+ - {fstype : 'ext4', dev: '/dev/vdc2', opts: ''}
+ - {fstype : 'ext4', dev: '/dev/vdc3', opts: ''}
+ mountFileSystems:
+ - {fstype : 'ext4', dev: '/dev/vdc1', opts: 'defaults,nofail', name: '/cvl/scratch'}
+ - {fstype : 'ext4', dev: '/dev/vdc2', opts: 'defaults,nofail', name: '/cvl/home'}
+ - {fstype : 'ext4', dev: '/dev/vdc3', opts: 'defaults,nofail', name: '/cvl/local'}
+ roles:
+ - { role: easy-rsa-CA }
+ - { role: OpenVPN-Server }
+ - { role: ntp }
+ - { role: openLdapClient }
+ - { role: slurm-build }
+ - { role: nfs-server, configDiskDevice: true }
+ - { role: slurm, slurm_use_vpn: true}
+ - { role: installPackage, yumGroupPackageList: ['CVL Pre-installation', 'CVL Base Packages'], cliCopy: {'run': 'cp -r /usr/local/Modules/modulefiles/cvl /usr/local/Modules/modulefiles/massive', 'check': '/usr/local/Modules/modulefiles/massive'} }
+
+- hosts: all
+ vars_files:
+ - massive_var/main.yml
+ vars:
+ x509_ca_server: "{{ groups['ManagementNodes'][0] }}"
+ openvpn_servers: "{{ groups['ManagementNodes'] }}"
+ roles:
+ - { role: etcHosts, domain: "{{ ldapDomain }}" }
+
+- hosts: 'ComputeNodes*'
+ vars_files:
+ - massive_var/main.yml
+ - massive_var/passwords.yml
+ - massive_var/package.yml
+ vars:
+ x509_ca_server: "{{ groups['ManagementNodes'][0] }}"
+ openvpn_servers: "{{ groups['ManagementNodes'] }}"
+ roles:
+ - { role: OpenVPN-Client }
+
+- hosts: 'LoginNodes'
+ vars_files:
+ - massive_var/main.yml
+ - massive_var/passwords.yml
+ - massive_var/package.yml
+ vars:
+ x509_ca_server: "{{ groups['ManagementNodes'][0] }}"
+ openvpn_servers: "{{ groups['ManagementNodes'] }}"
+ roles:
+ - { role: OpenVPN-Client }
+
+- hosts: all
+ vars_files:
+ - massive_var/main.yml
+ - massive_var/passwords.yml
+ - massive_var/package.yml
+ vars:
+ x509_ca_server: "{{ groups['ManagementNodes'][0] }}"
+ nfs_server: "{{ groups['ManagementNodes'][0] }}"
+ openvpn_servers: "{{ groups['ManagementNodes'] }}"
+ groupList:
+ - { name : 'ComputeNodes', interface : 'tun0' }
+ - { name : 'ComputeNodesDev', interface : 'tun0' }
+ - { name : 'ComputeNodesLarge', interface : 'tun0' }
+ - { name : 'LoginNodes', interface : 'tun0' }
+ exportList:
+ - { name: '/usr/local', src: '/cvl/local', fstype: 'nfs4', opts: 'defaults,ro,nofail', interface : 'tun0', srvopts: 'ro,sync' }
+ - { name: '/home', src: '/cvl/home', fstype: 'nfs4', opts: 'defaults,nofail', interface : 'tun0', srvopts: 'rw,root_squash,sync' }
+ - { name: '/scratch', src: '/cvl/scratch', fstype: 'nfs4', opts: 'defaults,nofail', interface : 'tun0', srvopts: 'rw,root_squash,sync' }
+ roles:
+ - { role: etcHosts, domain: "{{ ldapDomain }}" }
+ - { role: syncExports }
+
+- hosts: 'ComputeNodes'
+ vars_files:
+ - massive_var/main.yml
+ - massive_var/passwords.yml
+ - massive_var/package.yml
+ vars:
+ x509_ca_server: "{{ groups['ManagementNodes'][0] }}"
+ openvpn_servers: "{{ groups['ManagementNodes'] }}"
+ slurmctrl: "{{ groups['ManagementNodes'][0] }}"
+ slurmqueues:
+ - {name: batch, group: ComputeNodes, default: true}
+ nfs_server: "{{ groups['ManagementNodes'][0] }}"
+ groupList:
+ - { name : 'ComputeNodes', interface : 'tun0' }
+ exportList:
+ - { name: '/usr/local', src: '/cvl/local', fstype: 'nfs4', opts: 'defaults,ro,nofail', interface : 'tun0', srvopts: 'ro,sync' }
+ - { name: '/home', src: '/cvl/home', fstype: 'nfs4', opts: 'defaults,nofail', interface : 'tun0', srvopts: 'rw,root_squash,sync' }
+ - { name: '/scratch', src: '/cvl/scratch', fstype: 'nfs4', opts: 'defaults,nofail', interface : 'tun0', srvopts: 'rw,root_squash,sync' }
+ roles:
+ - { role: ntp }
+ - { role: openLdapClient }
+ - { role: nfs-client }
+ - { role: slurm, slurm_use_vpn: true}
+ - { role: installPackage, preInstallation: "umount /usr/local", postInstallation: "mount /usr/local", yumGroupPackageList: ["CVL Pre-installation", "CVL Base Packages"], cliFileCopy: {'src': '/tmp/gconf_path', 'dest': '/etc/gconf/2/path'} }
+
+- hosts: 'ComputeNodesDev'
+ vars_files:
+ - massive_var/main.yml
+ - massive_var/passwords.yml
+ - massive_var/package.yml
+ vars:
+ x509_ca_server: "{{ groups['ManagementNodes'][0] }}"
+ openvpn_servers: "{{ groups['ManagementNodes'] }}"
+ slurmctrl: "{{ groups['ManagementNodes'][0] }}"
+ slurmqueues:
+ - {name: dev, group: ComputeNodesDev, default: false}
+ nfs_server: "{{ groups['ManagementNodes'][0] }}"
+ groupList:
+ - { name : 'ComputeNodes', interface : 'tun0' }
+ exportList:
+ - { name: '/home', src: '/cvl/home', fstype: 'nfs4', opts: 'defaults,nofail', interface : 'tun0', srvopts: 'rw,root_squash,sync' }
+ - { name: '/scratch', src: '/cvl/scratch', fstype: 'nfs4', opts: 'defaults,nofail', interface : 'tun0', srvopts: 'rw,root_squash,sync' }
+ roles:
+ - { role: ntp }
+ - { role: openLdapClient }
+ - { role: nfs-client }
+ - { role: slurm, slurm_use_vpn: true}
+ - { role: installPackage, preInstallation: "umount /usr/local", postInstallation: "mount /usr/local", yumGroupPackageList: ["CVL Pre-installation", "CVL Base Packages"], cliFileCopy: {'src': '/tmp/gconf_path', 'dest': '/etc/gconf/2/path'} }
+
+- hosts: 'ComputeNodesLarge'
+ vars_files:
+ - massive_var/main.yml
+ - massive_var/passwords.yml
+ - massive_var/package.yml
+ vars:
+ x509_ca_server: "{{ groups['ManagementNodes'][0] }}"
+ openvpn_servers: "{{ groups['ManagementNodes'] }}"
+ slurmctrl: "{{ groups['ManagementNodes'][0] }}"
+ slurmqueues:
+ - {name: multicore, group: ComputeNodesLarge, default: false}
+ nfs_server: "{{ groups['ManagementNodes'][0] }}"
+ groupList:
+ - { name : 'ComputeNodes', interface : 'tun0' }
+ exportList:
+ - { name: '/usr/local', src: '/cvl/local', fstype: 'nfs4', opts: 'defaults,ro,nofail', interface : 'tun0', srvopts: 'ro,sync' }
+ - { name: '/home', src: '/cvl/home', fstype: 'nfs4', opts: 'defaults,nofail', interface : 'tun0', srvopts: 'rw,root_squash,sync' }
+ - { name: '/scratch', src: '/cvl/scratch', fstype: 'nfs4', opts: 'defaults,nofail', interface : 'tun0', srvopts: 'rw,root_squash,sync' }
+ roles:
+ - { role: ntp }
+ - { role: openLdapClient }
+ - { role: nfs-client }
+ - { role: slurm, slurm_use_vpn: true}
+ - { role: installPackage, preInstallation: "umount /usr/local", postInstallation: "mount /usr/local", yumGroupPackageList: ["CVL Pre-installation", "CVL Base Packages"], cliFileCopy: {'src': '/tmp/gconf_path', 'dest': '/etc/gconf/2/path'} }
+
+- hosts: 'LoginNodes'
+ vars_files:
+ - massive_var/main.yml
+ - massive_var/passwords.yml
+ vars:
+ groupList:
+ - { name : 'ComputeNodes', interface : 'tun0' }
+ x509_ca_server: "{{ groups['ManagementNodes'][0] }}"
+ openvpn_servers: "{{ groups['ManagementNodes'] }}"
+ slurmctrl: "{{ groups['ManagementNodes'][0] }}"
+ slurmqueues:
+ - {name: batch, group: ComputeNodes, default: true}
+ exportList:
+ - { name: '/home', src: '/cvl/home', fstype: 'nfs4', opts: 'defaults,nofail', interface : 'tun0', srvopts: 'rw,root_squash,sync' }
+ roles:
+ - { role: ntp }
+ - { role: openLdapClient }
+ - { role: nfs-client }
+ - { role: slurm, slurm_use_vpn: true}
+ - { role: installPackage, importRepo: { command: "wget http://cvlrepo.massive.org.au/repo/cvl.repo -O", destination: "/etc/yum.repos.d/cvl.repo" }, yumGroupPackageList: ['CVL Pre-installation', 'CVL Base Packages'], cliCopy: {'run': 'cp -r /usr/local/Modules/modulefiles/cvl /usr/local/Modules/modulefiles/massive', 'check': '/usr/local/Modules/modulefiles/massive'} }
+
diff --git a/playbook/massive_var/main.yml b/playbook/massive_var/main.yml
new file mode 100644
index 00000000..22b78452
--- /dev/null
+++ b/playbook/massive_var/main.yml
@@ -0,0 +1,71 @@
+---
+ldapServerHostIpLine: "130.220.209.234 m2-w.massive.org.au"
+ldapCaCertSrc: "/tmp/m1-w-ca.pem"
+countryName: "AU"
+reginalName: "Victoria"
+cityName: "Melbourne"
+organizationName: "Monash University"
+emailAddress: "help@massive.org.au"
+organizationUnit: "MASSIVE"
+nfsServerIpAddress: m2-login3.massive.org.au
+
+x509_cert_file: "/etc/openvpn/certs/{{ x509_ca_server }}.crt"
+x509_key_file: "/etc/openvpn/private/{{ x509_ca_server }}.key"
+x509_cacert_file: "/etc/ssl/certs/ca_{{ x509_ca_server }}.crt"
+###x509_common_name: "{{ x509_ca_server }}CommonName"
+x509_common_name: "{{ inventory_hostname }}"
+x509_csr_args: "--server"
+x509_sign_args: "{{ x509_csr_args }}"
+dhparms_file: "/etc/openvpn/private/dh.pem"
+server_network: "10.8.0.0"
+server_netmask: "255.255.255.0"
+
+slurm_version: 14.11.2
+munge_version: 0.5.11
+userRelocationName: "ec2-user"
+userNewHome: "/local_home"
+#nfs_type: "nfs4"
+#nfs_options: "defaults"
+#nfs_server: "m2-login3.massive.org.au"
+ldapServerHost: "130.220.209.234 m2-w.massive.org.au"
+ldapDomain: "massive.org.au"
+ldapURI: "ldaps://m2-w.massive.org.au:1637/"
+ldapBindDN: "cn=ldapbind,cn=users,dc=massive,dc=org,dc=au"
+ldapBase: "cn=users,dc=massive,dc=org,dc=au"
+ldapUserClass: "user"
+ldapUserHomeDirectory: "unixHomeDirectory"
+ldapUserPricipal: "userPrincipalName"
+ldapGroupBase: "ou=groups,dc=massive,dc=org,dc=au"
+tlsCaCertDirectory: "/etc/openldap/certs"
+ldapCaCertFile: "/etc/openldap/certs/m1-w-ca.pem"
+ldapCaCertFileSource: "/tmp/cvl2server/m1-w-ca.pem"
+cacertFile: "cacert.pem"
+#domain: "cvl.massive.org.au"
+domain: "massive.org.au"
+ldapRfc2307: |
+ ldap_schema = rfc2307
+ ldap_search_base = cn=users,dc=massive,dc=org,dc=au
+ ldap_user_search_base = cn=users,dc=massive,dc=org,dc=au
+ ldap_user_object_class = user
+ ldap_user_home_directory = unixHomeDirectory
+ ldap_user_principal = userPrincipalName
+ ldap_user_name = uid
+ ldap_group_search_base = ou=groups,dc=massive,dc=org,dc=au
+ ldap_group_object_class = group
+ ldap_access_order = expire
+ ldap_account_expire_policy = ad
+
+ldapRfc2307Pam: |
+ scope sub
+ nss_base_passwd cn=users,dc=massive,dc=org,dc=au?sub
+ nss_base_shadow cn=users,dc=massive,dc=org,dc=au?sub
+ nss_base_group cn=users,dc=massive,dc=org,dc=au?sub
+ nss_map_objectclass posixAccount user
+ nss_map_objectclass shadowAccount user
+ nss_map_objectclass posixGroup group
+ nss_map_attribute homeDirectory unixHomeDirectory
+ nss_map_attribute uniqueMember member
+ nss_map_attribute shadowLastChange pwdLastSet
+ pam_login_attribute sAMAccountName
+ pam_filter objectClass=User
+ pam_password ad
diff --git a/playbook/massive_var/package.yml b/playbook/massive_var/package.yml
new file mode 100644
index 00000000..26d13db3
--- /dev/null
+++ b/playbook/massive_var/package.yml
@@ -0,0 +1,8 @@
+---
+importRepo: { command: "wget http://cvlrepo.massive.org.au/repo/cvl.repo -O", destination: "/etc/yum.repos.d/cvl.repo" }
+#yumGroupPackageList:
+# - CVL Pre-installation
+# - CVL Base Packages
+# - CVL System
+# - CVL System Extension
+# - CVL General Imaging Tools
diff --git a/playbook/readme.txt b/playbook/readme.txt
new file mode 100644
index 00000000..59ab5815
--- /dev/null
+++ b/playbook/readme.txt
@@ -0,0 +1 @@
+Files in the playbook directory should be used as examples for the reference only.
diff --git a/roles/commonVars/vars/readme.txt b/roles/commonVars/vars/readme.txt
new file mode 100644
index 00000000..8faa3c3c
--- /dev/null
+++ b/roles/commonVars/vars/readme.txt
@@ -0,0 +1,2 @@
+---
+domain: testdomain.massive.org.au
diff --git a/roles/enable_root/tasks/main.yml b/roles/enable_root/tasks/main.yml
new file mode 100644
index 00000000..660c74f2
--- /dev/null
+++ b/roles/enable_root/tasks/main.yml
@@ -0,0 +1,3 @@
+- name: add key to root ssh
+ template: dest=/root/.ssh/authorized_keys mode=600 owner=root group=root src=authorized_keys.j2
+ become: true
diff --git a/roles/enable_root/templates/authorized_keys.j2 b/roles/enable_root/templates/authorized_keys.j2
new file mode 100644
index 00000000..f7eff2cc
--- /dev/null
+++ b/roles/enable_root/templates/authorized_keys.j2
@@ -0,0 +1,11 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAvjn5cQuMkqTo04ZnkuDXfUBeAt7oZ6xrT4phfMemqx12dDqLyFrMgUWOoVMFj+TNyR5M8WOCI6CRT6EXOMtqaxhPtWB1QlDNo0Ml8xTzSKckUO0EhdqNKh+nlQfVeaVIx0DZZeWWNpPCrKPCM4TSAXXiwtZuImd6/Zo4RI1x+oTcFR9zQulUGUuX8rf7+4c/oKr58B+La8bXP8QujtfLm29pl1kawSouCfdxt93wRfbISM7mGs/WqzttRXL9m5AeOMuo5S4Ia0GPMcIEUfsQhEyEU7tiTpEq5lDdf6H7a9SlHXzhd9f2Dn3mlv3mmQHaGBJvUuWmVwydxkdtCRQhOQ== root@m2-m
+ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA2xrAkFRdYBpYs14AYSzdPFcIOt2zKXIgjPpyj/6eg/yl3y8N84T9VNw9ATRzb3+PJEw1lOfah6xLkFl7FueT6359y14c7wkNByGHgcL022SludkhM2zBe/3ebhcBs11L4Z725rqVnGDSKdKuwZjbCmUtu/nHwGYU/BnLKbQXMVyq53L5cbIyWGfvItPnwCF2ZMy1v0lmnFs1O3qDK9U/qcwc/77MTB0Z/ey0zsoXvmxjkdYr+zgQLRNm2+fkCXn+ZorbeDwWjhHE21arhMym5x3VG0XU2Ob9nL1Z2xEGQVSnBVWeadTMNzkfM8U07Md2tSOIC5B3ePETxk97puxbEQ== root@m2-m
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDPijQ597uLqEPAvVZXQlSjrUfFl2h7SRBTCRhH4hQJMVu55dhFYiojJZ0tjjV3jTcgWs1AsyRp3wDtNp8iQxbwEY2JPxCOjNuH0et4I/y3y6VUjcVWanSaIkdPf5AFNb9KIXo3Hvdyvav8SfFpioRQ0FKp8SZs1JYXpuQ0mZY26oKCKcNsWXv9ZN7knUN0xvYNMycpCnI2Nl666Zrs0gGyJ6e+Xq5bpk1lm8nuK9q52bTRjxqtdEBuSGwkZea+NBJzpYw5rEucteQI66y6tzFuYJk2WC4bUifffIxnkQXKYVynJg1MJ2CGI69r9hXt9eUtH3WrDxrJGmCau8jD3lib hines@sparge
+ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAnakq6Lgq2n6yjcMaC7xQXMDMRdN33T6mPCqRy+TPdu0aPvVty0UFeAWsCyTxHeVfst9Vr0HwRRBvNihp1CJuOWGbk0H5a8yALDhLqoHazv2jlMQcLDgTktw0Jgo38+tcBShJyey1iHh8X5WgsS5/hgxR3OzoNBEzqzHUidMO/EI0ahNlM60l8EYL8Ww799NmPgqdPbwxK9nHsoFmx/NKhnUdronSg33L0CJZT3t2fccXAq+4Pbm7uYEkL3T/NgMdgpG5mKS3mKDtKyyKm2gOf3fVzExFew2etBxB3ANPEWvSuJ2XwXQv8sFE1722XQVR4RFgilCWUqXSN7EmqoHkNQ== jupiter@cvlproject
+ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAsBtPRJtDJzyW+Utu0v03wklUpvzS5c1E34ysGDMepGU8VT1phJQ2EwRPWVLdRjVHnuhrEeeUHMyQwOtLEdvTPFnw5u/4bHQ+37iwtAeTV6oyPARJVzJLRGuDUuFdkQbXN7xxi/0KUljWgswLN34UV+p5PL79kQlErh1QCN06z5k=
+
+ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA2xrAkFRdYBpYs14AYSzdPFcIOt2zKXIgjPpyj/6eg/yl3y8N84T9VNw9ATRzb3+PJEw1lOfah6xLkFl7FueT6359y14c7wkNByGHgcL022SludkhM2zBe/3ebhcBs11L4Z725rqVnGDSKdKuwZjbCmUtu/nHwGYU/BnLKbQXMVyq53L5cbIyWGfvItPnwCF2ZMy1v0lmnFs1O3qDK9U/qcwc/77MTB0Z/ey0zsoXvmxjkdYr+zgQLRNm2+fkCXn+ZorbeDwWjhHE21arhMym5x3VG0XU2Ob9nL1Z2xEGQVSnBVWeadTMNzkfM8U07Md2tSOIC5B3ePETxk97puxbEQ== root@m2-m
+
+ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEApJTDPfappcYbNE3Z0+5Vsm4Sw2xD3PdcW+V1w6X6tpebG/bpUhnn9XsALkZYyKttql2vV3bqL6Fx5ZAFhHRhH0exdQEgc8hSvpX5gCCCUNqrL+mP8f4S59E0ha5+nBmMaf4WABHiZYfeoGhn7HHNQY0Up/qfzDPSvWo+ZaVQAqXcYLGTxaP70yywHOYABakJtBVKKkI1YPu83HFDVfw1PoYVaS5GAmEscq6nwoyC0Jm/pDirUtMoRibG2iiV6uYKQDvWrO9fBrGmavpmUT/ECtmcnrWj7V9zXzSi17HJhkq6gYc68iu6h8TBNJrIUE9Kgi07aWFRM9fbIM1ZVD/aEQ== ec2-user@cvl23server
+
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCpuXUhr1Vzl1WljuFYSFIArU8wtlKWpkVLF4hCUb4dVWNEPU/FM1gkg4hPH+rTNPManRAJ8vxiCtMgLtvae2j1elO0edkM6BZReVDFMYo0fZVBbVR8fzvXRWD5ArXJeNI2uZ4fYTil3SoC3N0n+ySjqFriIkcBpxthKVcoOlK+yccOvCPGNWgqcSGFfMEKTR8P18ED83i7sOF2nzpH0RBo2/N7ry5Gzvfw859W7KScw/3uI7fzog6hW/P4niOQIZfG56enHHos0l7oymxeQRiYITqvf9Es1VatEfybk+tJhTVf1LcIqoM9v9bc0yd6QqST0+6ZiTJXCQCthmS0JVX1 hines@tun
diff --git a/roles/gpu_update/files/NVIDIA-Linux-x86_64-352.93.run.REMOVED.git-id b/roles/gpu_update/files/NVIDIA-Linux-x86_64-352.93.run.REMOVED.git-id
new file mode 100644
index 00000000..38a7bca1
--- /dev/null
+++ b/roles/gpu_update/files/NVIDIA-Linux-x86_64-352.93.run.REMOVED.git-id
@@ -0,0 +1 @@
+48758c1a73f2a27c14f351a99923c3aa6e4c0cdf
\ No newline at end of file
diff --git a/scripts/get_or_make_passwd.py b/scripts/get_or_make_passwd.py
new file mode 100755
index 00000000..5242f1f9
--- /dev/null
+++ b/scripts/get_or_make_passwd.py
@@ -0,0 +1,28 @@
+#!/usr/bin/python
+import random
+import sys
+import string
+def get_passwd(f,passname):
+ f.seek(0)
+ for line in f.readlines():
+ (key,passwd)=line.split(':')
+ if key==passname:
+ f.close()
+ return passwd.rstrip()
+ return None
+
+def mk_passwd(f,passname):
+ passwd=''.join(random.choice(string.ascii_uppercase + string.digits+string.ascii_lowercase) for _ in range(16))
+ f.write("%s:%s\n"%(passname,passwd))
+ return passwd
+
+try:
+ f=open('../passwd.txt','at+')
+except:
+ f=open('./passwd.txt','at+')
+passname = sys.argv[1]
+passwd = get_passwd(f,passname)
+if passwd == None:
+ passwd = mk_passwd(f,passname)
+print passwd
+f.close()
diff --git a/scripts/userData.sh b/scripts/userData.sh
new file mode 100644
index 00000000..545e9224
--- /dev/null
+++ b/scripts/userData.sh
@@ -0,0 +1,5 @@
+#!/bin/sh
+
+mkdir /local_home
+usermod -m -d /local_home/ec2-user ec2-user
+
diff --git a/syncNFS.yml b/syncNFS.yml
new file mode 100644
index 00000000..9095bfc8
--- /dev/null
+++ b/syncNFS.yml
@@ -0,0 +1,14 @@
+---
+-
+ hosts: openvpn-clients
+ remote_user: ec2-user
+ roles:
+ - syncExports
+ - nfs-client
+ become: true
+ vars:
+ nfs_server: "vm-118-138-240-224.erc.monash.edu.au"
+ openvpn_servers:
+ - vm-118-138-240-224.erc.monash.edu.au
+ x509_ca_server: vm-118-138-240-224.erc.monash.edu.au
+
diff --git a/templates/easy-rsa/vars.j2 b/templates/easy-rsa/vars.j2
new file mode 100644
index 00000000..77adaead
--- /dev/null
+++ b/templates/easy-rsa/vars.j2
@@ -0,0 +1,80 @@
+# easy-rsa parameter settings
+
+# NOTE: If you installed from an RPM,
+# don't edit this file in place in
+# /usr/share/openvpn/easy-rsa --
+# instead, you should copy the whole
+# easy-rsa directory to another location
+# (such as /etc/openvpn) so that your
+# edits will not be wiped out by a future
+# OpenVPN package upgrade.
+
+# This variable should point to
+# the top level of the easy-rsa
+# tree.
+export EASY_RSA="/etc/easy-rsa/2.0"
+
+#
+# This variable should point to
+# the requested executables
+#
+export OPENSSL="openssl"
+export PKCS11TOOL="pkcs11-tool"
+export GREP="grep"
+
+
+# This variable should point to
+# the openssl.cnf file included
+# with easy-rsa.
+export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`
+
+# Edit this variable to point to
+# your soon-to-be-created key
+# directory.
+#
+# WARNING: clean-all will do
+# a rm -rf on this directory
+# so make sure you define
+# it correctly!
+export KEY_DIR="$EASY_RSA/keys"
+
+# Issue rm -rf warning
+echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR
+
+# PKCS11 fixes
+export PKCS11_MODULE_PATH="dummy"
+export PKCS11_PIN="dummy"
+
+# Increase this to 2048 if you
+# are paranoid. This will slow
+# down TLS negotiation performance
+# as well as the one-time DH parms
+# generation process.
+export KEY_SIZE={{ keySize }}
+
+# In how many days should the root CA key expire?
+export CA_EXPIRE=3650
+
+# In how many days should certificates expire?
+export KEY_EXPIRE=3650
+
+# These are the default values for fields
+# which will be placed in the certificate.
+# Don't leave any of these fields blank.
+export KEY_COUNTRY={{ countryName }}
+export KEY_PROVINCE={{ reginalName }}
+export KEY_CITY={{ cityName }}
+export KEY_ORG={{ organizationName }}
+export KEY_EMAIL={{ emailAddress }}
+export KEY_OU={{ organizationUnit }}
+
+# X509 Subject Field
+export KEY_NAME="EasyRSA"
+
+# PKCS11 Smart Card
+# export PKCS11_MODULE_PATH="/usr/lib/changeme.so"
+# export PKCS11_PIN=1234
+
+# If you'd like to sign all keys with the same Common Name, uncomment the KEY_CN export below
+# You will also need to make sure your OpenVPN server config has the duplicate-cn option set
+# export KEY_CN="CommonName"
--
GitLab