diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 0b2dbd98d52679686308295b77859b2ea0a98166..c6f3e6bf1014df5c9a418e5f6a984155524272f5 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -14,7 +14,7 @@ stages:
- push_button_spawn_cluster
- tests
- integration_test #https://docs.gitlab.com/ee/ci/triggers/
- - clean
+ #- clean
#- testlustre
#- clean_testlustre
@@ -244,19 +244,6 @@ manual_cluster_spawn:
refs:
- "cicd"
-clean:
- stage: clean
- tags:
- - heat
- before_script:
- - echo "cleanup stack"
- - sleep 30
- - echo "$HPCCICD_openrc" > ./$NECTAR_ALLOCATION-openrc.sh
- script:
- - source ./$NECTAR_ALLOCATION-openrc.sh
- - bash -x ./CICD/heat/heatcicdwrapper.sh delete_if_exists $STACKNAME
-
-
# heat_test:
# stage: heat_test
# allow_failure: false
diff --git a/CICD/plays/allnodes.yml b/CICD/plays/allnodes.yml
index dd901dc04306d2fdb6083192432b9ab88bc48082..58fc01d131287bc34a90b9f91e078d9f79fdb27c 100644
--- a/CICD/plays/allnodes.yml
+++ b/CICD/plays/allnodes.yml
@@ -48,5 +48,6 @@
- { role: move_homedir }
- { role: calculateKnownHosts, tags: [ calculateKnownHosts ] }
- { role: SSHKnownHosts, tags: [ known_hosts ] }
+ - { role: hpcid_ca, tags: [ certificateAuthority ] } # this should be removed for/by collaborators
- { role: jasons_ssh_ca, tags: [ ssh_ca ] }
diff --git a/CICD/vars/u18packages.yml b/CICD/vars/u18packages.yml
new file mode 100644
index 0000000000000000000000000000000000000000..613f792baa135d72557fbb322c62d8a3fa79ea37
--- /dev/null
+++ b/CICD/vars/u18packages.yml
@@ -0,0 +1,518 @@
+extra_packages:
+ - mate-notification-daemon
+ - pluma
+ - caja-sendto
+ - mate-applets
+ - mate-system-monitor
+ - mate-icon-theme
+ - mate-desktop
+ - mate-terminal
+ - mate-calc
+ - xl2tpd
+ - fortune-mod
+ - atril
+ - filezilla
+ - openconnect
+ - mate-user-guide
+ - mate-settings-daemon
+ - transmission-gtk
+ - simple-scan
+ - p7zip
+ - lightdm
+ - marco
+ - caja-extensions-common
+ - gparted
+ - gtk2-engines
+ - libmatekbd
+ - mate-session-manager
+ - liblz4-1
+ - liblz4-dev
+ - mate-control-center
+ - vpnc
+ - mate-panel
+ - mate-themes
+ - mate-utils-common
+ - caja
+ - engrampa
+ - caja-open-terminal
+ - mozo
+ - mate-polkit
+ - transmission-common
+ - mate-media
+ - eom
+ - mate-backgrounds
+ - mate-menus
+ - mate-screensaver
+ - caja-image-converter
+ - mate-power-manager
+ - accountsservice
+ - acl
+ - acpid
+ - adcli
+ - adwaita-icon-theme
+ - alsa-utils
+ - ark
+ - at
+ - atop
+ - at-spi2-core
+ - attr
+ - autoconf
+ - autofs
+ - automake
+ - avahi-autoipd
+ - baobab
+ - bash
+ - bash-completion
+ - bc
+ - binutils
+ - bison
+ - blktrace
+ - bluedevil
+ - bluez
+ - brasero
+ - bridge-utils
+ - btrfs-progs
+ - byacc
+ - bzip2
+ - ca-certificates
+ - caribou
+ - cdparanoia
+ - cdrdao
+ - certmonger
+ - check
+ - checkpolicy
+ - cheese
+ - chrony
+ - cifs-utils
+ - cloud-init
+ - cloud-utils
+ - colord
+ - colord-kde
+ - coreutils
+ - cpio
+ - cpp
+ - crash
+ - crda
+ - cryptsetup
+ - cscope
+ - ctags
+ - cups
+ - cups-client
+ - cups-filters
+ - cups-pk-helper
+ - curl
+ - dbus
+ - dbus-x11
+ - dconf-editor
+ - dejagnu
+ - desktop-file-utils
+ - diffstat
+ - diffutils
+ - dleyna-server
+ - dmidecode
+# - dmraid
+ - dnsmasq
+ - dosfstools
+ - doxygen
+ - dracut
+ - dracut-config-rescue
+ - dracut-network
+ - dwz
+ - e2fsprogs
+ - ebtables
+ - ed
+ - elfutils
+ - emacs
+ - emacs25-common
+ - empathy
+ - enchant
+ - enscript
+ - environment-modules
+ - eog
+ - espeak
+ - ethtool
+ - evince
+ - evolution-data-server
+ - exempi
+ - expat
+ - expect
+ - fcoe-utils
+ - festival
+ - festival-freebsoft-utils
+ - file
+ - file-roller
+ - findutils
+ - finger
+ - firefox
+ - flex
+ - flite
+ - fontconfig
+ - fprintd
+ - frei0r-plugins
+ - fuse
+ - fxload
+ - gamin
+ - gawk
+ - gcc
+ - gconf2
+ - gcr
+ - gdb
+ - gdisk
+ - gedit
+ - genisoimage
+ - gettext
+ - ghostscript
+ - ghostscript-cups
+ - git
+ - gjs
+ - glib-networking
+ - gnome-backgrounds
+ - gnome-bluetooth
+ - gnome-boxes
+ - gnome-calculator
+ - gnome-clocks
+ - gnome-color-manager
+ - gnome-contacts
+ - gnome-dictionary
+ - gnome-disk-utility
+ - gnome-documents
+ - gnome-font-viewer
+ - gnome-getting-started-docs
+ - gnome-icon-theme
+ - gnome-icon-theme-symbolic
+ - gnome-initial-setup
+ - gnome-keyring
+ - gnome-menus
+ - gnome-online-accounts
+ - gnome-online-miners
+ - gnome-packagekit
+ - gnome-screenshot
+ - gnome-session
+ - gnome-settings-daemon
+ - gnome-shell
+ - gnome-software
+ - gnome-system-log
+ - gnome-system-monitor
+ - gnome-terminal
+ - gnome-themes-standard
+ - gnome-tweak-tool
+ - gnome-user-docs
+ - gnome-video-effects
+ - gnome-weather
+ - gnote
+ - gnupg2
+ - gobject-introspection
+ - gom
+ - grep
+ - groff-base
+ - grub2
+ - gsettings-desktop-schemas
+ - gssproxy
+ - gucharmap
+ - gvfs
+ - gvfs-fuse
+ - gwenview
+ - gzip
+ - hardlink
+ - heat-cfntools
+ - hesiod
+ - hicolor-icon-theme
+ - hostname
+ - htop
+ - hunspell
+ - hunspell-en-gb
+ - hunspell-en-us
+ - hwdata
+ - hwloc
+ - ibus
+ - ibus-chewing
+ - ibus-gtk3
+ - ibus-hangul
+ - ibus-kkc
+ - ibus-libpinyin
+ - ibus-m17n
+ - ibus-table
+ - icedax
+ - icoutils
+ - imagemagick
+ - indent
+ - info
+ - intltool
+ - iotop
+ - ipset
+ - iptables
+ - iptraf-ng
+ - irqbalance
+ - iso-codes
+ - isomd5sum
+ - iw
+ - kamera
+ - kbd
+ - kcalc
+ - kcharselect
+ - kcolorchooser
+ - kdeaccessibility
+ - kdeadmin
+ - kde-baseapps
+ - kdegraphics-thumbnailers
+ - kdepim
+ - kdepim-runtime
+ - kdf
+ - kexec-tools
+ - keyutils
+ - kgpg
+ - khotkeys
+ - kinfocenter
+ - kmag
+ - kmenuedit
+ - kmix
+ - kmod
+ - konsole
+ - kpartx
+ - kpatch
+ - kruler
+ - kscreen
+ - ksshaskpass
+ - ksysguard
+ - ksysguardd
+ - ktimer
+ - kwin
+ - kwrite
+ - ledmon
+ - less
+ - lftp
+ - libchewing
+ - libdnet
+ - libiptcdata
+ - libkkc-common
+ - libkkc-data
+ - libpinyin
+ - libpinyin-data
+ - librados2
+ - librbd1
+ - libreoffice-calc
+ - libreoffice-core
+ - libreoffice-draw
+ - libreoffice-impress
+ - libreoffice-pdfimport
+ - libreoffice-writer
+ - libreswan
+ - libsane-hpaio
+ - libsmbclient
+ - libtar
+ - libtool
+ - libuser
+ - libvirt-daemon
+# - libvirt-daemon-driver-qemu
+ - libxml2
+ - linux-firmware
+ - lksctp-tools
+ - lldpad
+ - logrotate
+ - lrzsz
+ - lsof
+ - lsscsi
+ - lynx
+ - lvm2
+ - lzop
+ - m17n-db
+ - m4
+# - mailx
+ - make
+ - man-db
+ - mariadb-server
+ - marisa
+ - mdadm
+ - media-player-info
+ - metacity
+ - mlocate
+ - mokutil
+ - moreutils
+ - mousetweaks
+ - mtools
+ - mtr
+ - mutter
+ - nano
+ - nasm
+ - nautilus
+ - nautilus-sendto
+ - ncdu
+ - ncompress
+ - ncurses-base
+ - net-tools
+ - nfs4-acl-tools
+ - nmap
+ - nodejs
+ - ntp
+ - ntpdate
+ - numad
+ - oce-draw
+ - oddjob
+ - oddjob-mkhomedir
+ - okular
+ - opencc
+ - openssh-server
+ - openssl
+ - open-vm-tools
+ - open-vm-tools-desktop
+ - orca
+ - os-prober
+ - oxygen-icon-theme
+ - p11-kit
+ - packagekit
+ - packagekit-command-not-found
+ - packagekit-gtk3-module
+ - paps
+ - parted
+ - passwd
+ - patch
+ - patchutils
+ - pciutils
+ - perl
+ - pinentry-qt
+ - pinfo
+ - plymouth
+ - pm-utils
+ - policycoreutils
+ - poppler-data
+ - poppler-utils
+ - postfix
+ - ppp
+ - psmisc
+ - pulseaudio
+ - pulseaudio-module-bluetooth
+ - pulseaudio-utils
+ - python
+ - python-babel
+ - python-cffi
+ - python-chardet
+ - python-cheetah
+ - python-coverage
+ - python-cryptography
+ - python-dateutil
+ - python-decorator
+ - python-enum34
+ - python-jinja2
+ - python-lxml
+ - python-mako
+ - python-markdown
+ - python-markupsafe
+ - python-netaddr
+ - python-nose
+ - python-pillow
+ - python-ply
+ - python-psutil
+ - python-pycparser
+ - python-pycurl
+ - python-pygments
+ - python-setuptools
+ - python-six
+ - qemu-guest-agent
+ - qemu-kvm
+ - quota
+ - radvd
+ - rcs
+ - rdate
+ - realmd
+ - recode
+ - rfkill
+ - rhino
+ - rhythmbox
+ - rng-tools
+ - rpcbind
+ - rpm
+ - rsync
+ - rsyslog
+ - rtkit
+ - ruby
+ - rubygems
+# - ruby-irb
+ - samba-client
+ - samba-common
+ - samba-libs
+ - screen
+ - seahorse
+ - sed
+ - setserial
+ - shared-mime-info
+ - skkdic
+ - smartmontools
+ - sound-theme-freedesktop
+ - sox
+ - speech-dispatcher
+ - speex
+ - spice-vdagent
+ - sqlite
+ - sssd
+ - sssd-ad
+ - sssd-common
+ - sssd-ipa
+ - sssd-krb5
+ - sssd-krb5-common
+ - sssd-ldap
+ - sssd-proxy
+ - strace
+ - subversion
+ - sudo
+ - sweeper
+ - swig
+ - sysstat
+ - system-config-printer
+ - system-config-printer-udev
+ - systemd
+ - systemd-sysv
+ - systemtap
+ - systemtap-client
+ - systemtap-runtime
+ - tar
+ - tcl
+ - tcpdump
+ - tcsh
+ - teamd
+ - telepathy-gabble
+ - telepathy-logger
+ - telnet
+ - texinfo
+ - texlive
+ - texlive-base
+ - time
+ - tix
+ - tk
+ - tmux
+ - totem
+ - traceroute
+ - tracker
+ - tree
+ - trousers
+ - tuned
+ - tzdata
+ - udisks2
+ - unoconv
+ - unzip
+ - upower
+ - usbutils
+ - usermode
+ - util-linux
+ - vim-common
+ - vinagre
+ - vino
+ - virtuoso-opensource
+ - virt-what
+ - vorbis-tools
+ - wavpack
+ - wget
+ - wodim
+ - wvdial
+ - xchat
+ - xdg-user-dirs
+ - xdg-user-dirs-gtk
+ - xdg-utils
+ - xfsdump
+ - xfsprogs
+ - xterm
+ - xvattr
+ - yelp
+ - yelp-xsl
+ - zenity
+ - zip
+ - zsh
diff --git a/CICD/vars/u20packages.yml b/CICD/vars/u20packages.yml
new file mode 100644
index 0000000000000000000000000000000000000000..8f4fbc2ecf27bd811903975ad0edb3edaf80f59c
--- /dev/null
+++ b/CICD/vars/u20packages.yml
@@ -0,0 +1,517 @@
+extra_packages:
+ - mate-notification-daemon
+ - pluma
+ - caja-sendto
+ - mate-applets
+ - mate-system-monitor
+ - mate-icon-theme
+ - mate-desktop
+ - mate-terminal
+ - mate-calc
+ - xl2tpd
+ - fortune-mod
+ - atril
+ - filezilla
+ - openconnect
+ - mate-user-guide
+ - mate-settings-daemon
+ - transmission-gtk
+ - simple-scan
+ - p7zip
+ - lightdm
+ - marco
+ - caja-extensions-common
+ - gparted
+ - gtk2-engines
+ - libmatekbd
+ - mate-session-manager
+ - liblz4-1
+ - liblz4-dev
+ - mate-control-center
+ - vpnc
+ - mate-panel
+ - mate-themes
+ - mate-utils-common
+ - caja
+ - engrampa
+ - caja-open-terminal
+ - mozo
+ - mate-polkit
+ - transmission-common
+ - mate-media
+ - eom
+ - mate-backgrounds
+ - mate-menus
+ - mate-screensaver
+ - caja-image-converter
+ - mate-power-manager
+ - accountsservice
+ - acl
+ - acpid
+ - adcli
+ - adwaita-icon-theme
+ - alsa-utils
+ - ark
+ - at
+ - atop
+ - at-spi2-core
+ - attr
+ - autoconf
+ - autofs
+ - automake
+ - avahi-autoipd
+ - baobab
+ - bash
+ - bash-completion
+ - bc
+ - binutils
+ - bison
+ - blktrace
+ - bluedevil
+ - bluez
+ - brasero
+ - bridge-utils
+ - btrfs-progs
+ - byacc
+ - bzip2
+ - ca-certificates
+ - caribou
+ - cdparanoia
+ - cdrdao
+ - certmonger
+ - check
+ - checkpolicy
+ - cheese
+ - cifs-utils
+ - cloud-init
+ - cloud-utils
+ - colord
+ - colord-kde
+ - coreutils
+ - cpio
+ - cpp
+ - crash
+ - crda
+ - cryptsetup
+ - cscope
+ - ctags
+ - cups
+ - cups-client
+ - cups-filters
+ - cups-pk-helper
+ - curl
+ - dbus
+ - dbus-x11
+ - dconf-editor
+ - dejagnu
+ - desktop-file-utils
+ - diffstat
+ - diffutils
+ - dleyna-server
+ - dmidecode
+# - dmraid
+ - dnsmasq
+ - dosfstools
+ - doxygen
+ - dracut
+ - dracut-config-rescue
+ - dracut-network
+ - dwz
+ - e2fsprogs
+ - ebtables
+ - ed
+ - elfutils
+ - emacs
+ - emacs-common
+ - empathy
+ - enchant
+ - enscript
+ - eog
+ - espeak
+ - ethtool
+ - evince
+ - evolution-data-server
+ - exempi
+ - expat
+ - expect
+ - fcoe-utils
+ - festival
+ - festival-freebsoft-utils
+ - file
+ - file-roller
+ - findutils
+ - finger
+ - firefox
+ - flex
+ - flite
+ - fontconfig
+ - fprintd
+ - frei0r-plugins
+ - fuse
+ - fxload
+ - gamin
+ - gawk
+ - gcc
+ - gconf2
+ - gcr
+ - gdb
+ - gdisk
+ - gedit
+ - genisoimage
+ - gettext
+ - ghostscript
+ - ghostscript-cups
+ - git
+ - gjs
+ - glib-networking
+ - gnome-backgrounds
+ - gnome-bluetooth
+ - gnome-boxes
+ - gnome-calculator
+ - gnome-clocks
+ - gnome-color-manager
+ - gnome-contacts
+ - gnome-dictionary
+ - gnome-disk-utility
+ - gnome-documents
+ - gnome-font-viewer
+ - gnome-getting-started-docs
+ - gnome-icon-theme
+ - gnome-icon-theme-symbolic
+ - gnome-initial-setup
+ - gnome-keyring
+ - gnome-menus
+ - gnome-online-accounts
+ - gnome-online-miners
+ - gnome-packagekit
+ - gnome-screenshot
+ - gnome-session
+ - gnome-settings-daemon
+ - gnome-shell
+ - gnome-software
+ - gnome-system-log
+ - gnome-system-monitor
+ - gnome-terminal
+ - gnome-themes-standard
+ - gnome-tweak-tool
+ - gnome-user-docs
+ - gnome-video-effects
+ - gnome-weather
+ - gnote
+ - gnupg2
+ - gobject-introspection
+ - gom
+ - grep
+ - groff-base
+ - grub2
+ - gsettings-desktop-schemas
+ - gssproxy
+ - gucharmap
+ - gvfs
+ - gvfs-fuse
+ - gwenview
+ - gzip
+ - hardlink
+ - heat-cfntools
+ - hesiod
+ - hicolor-icon-theme
+ - hostname
+ - htop
+ - hunspell
+ - hunspell-en-gb
+ - hunspell-en-us
+ - hwdata
+ - hwloc
+ - ibus
+ - ibus-chewing
+ - ibus-gtk3
+ - ibus-hangul
+ - ibus-kkc
+ - ibus-libpinyin
+ - ibus-m17n
+ - ibus-table
+ - icedax
+ - icoutils
+ - imagemagick
+ - indent
+ - info
+ - intltool
+ - iotop
+ - ipset
+ - iptables
+ - iptraf-ng
+ - irqbalance
+ - iso-codes
+ - isomd5sum
+ - iw
+ - kamera
+ - kbd
+ - kcalc
+ - kcharselect
+ - kcolorchooser
+ - kdeaccessibility
+ - kdeadmin
+ - kde-baseapps
+ - kdegraphics-thumbnailers
+ - kdepim
+ - kdepim-runtime
+ - kdf
+ - kexec-tools
+ - keyutils
+ - kgpg
+ - khotkeys
+ - kinfocenter
+ - kmag
+ - kmenuedit
+ - kmix
+ - kmod
+ - konsole
+ - kpartx
+ - kpatch
+ - kruler
+ - kscreen
+ - ksshaskpass
+ - ksysguard
+ - ksysguardd
+ - ktimer
+ - kwin
+ - kwrite
+ - ledmon
+ - less
+ - lftp
+ - libchewing
+ - libdnet
+ - libiptcdata
+ - liblapack3
+ - libkkc-common
+ - libkkc-data
+ - libpinyin
+ - libpinyin-data
+ - librados2
+ - librbd1
+ - libreoffice-calc
+ - libreoffice-core
+ - libreoffice-draw
+ - libreoffice-impress
+ - libreoffice-pdfimport
+ - libreoffice-writer
+ - libreswan
+ - libsane-hpaio
+ - libsmbclient
+ - libtar
+ - libtool
+ - libuser
+ - libvirt-daemon
+# - libvirt-daemon-driver-qemu
+ - libxml2
+ - linux-firmware
+ - lksctp-tools
+ - lldpad
+ - logrotate
+ - lrzsz
+ - lsof
+ - lsscsi
+ - lynx
+ - lvm2
+ - lzop
+ - m17n-db
+ - m4
+# - mailx
+ - make
+ - man-db
+ - mariadb-server
+ - marisa
+ - mdadm
+ - media-player-info
+ - metacity
+ - mlocate
+ - mokutil
+ - moreutils
+ - mousetweaks
+ - mtools
+ - mtr
+ - mutter
+ - nano
+ - nasm
+ - nautilus
+ - nautilus-sendto
+ - ncdu
+ - ncompress
+ - ncurses-base
+ - net-tools
+ - nfs4-acl-tools
+ - nmap
+ - nodejs
+ - ntpdate
+ - numad
+ - oce-draw
+ - oddjob
+ - oddjob-mkhomedir
+ - okular
+ - opencc
+ - openssh-server
+ - openssl
+ - open-vm-tools
+ - open-vm-tools-desktop
+ - orca
+ - os-prober
+ - oxygen-icon-theme
+ - p11-kit
+ - packagekit
+ - packagekit-command-not-found
+ - packagekit-gtk3-module
+ - paps
+ - parted
+ - passwd
+ - patch
+ - patchutils
+ - pciutils
+ - perl
+ - pinentry-qt
+ - pinfo
+ - plymouth
+ - pm-utils
+ - policycoreutils
+ - poppler-data
+ - poppler-utils
+ - postfix
+ - ppp
+ - psmisc
+ - pulseaudio
+ - pulseaudio-module-bluetooth
+ - pulseaudio-utils
+ - python
+ - python-apt #allows ansible to check packages in check mode
+ - python-babel
+ - python-cffi
+ - python-chardet
+ - python-cheetah
+ - python-coverage
+ - python-cryptography
+ - python-dateutil
+ - python-decorator
+ - python-enum34
+ - python-jinja2
+ - python-lxml
+ - python-mako
+ - python-markdown
+ - python-markupsafe
+ - python-netaddr
+ - python-nose
+ - python-pillow
+ - python-ply
+ - python-psutil
+ - python-pycparser
+ - python-pycurl
+ - python-pygments
+ - python-setuptools
+ - python-six
+ - qemu-guest-agent
+ - qemu-kvm
+ - quota
+ - radvd
+ - rcs
+ - rdate
+ - realmd
+ - recode
+ - rfkill
+ - rhino
+ - rhythmbox
+ - rng-tools
+ - rpcbind
+ - rpm
+ - rsync
+ - rsyslog
+ - rtkit
+ - ruby
+ - rubygems
+# - ruby-irb
+ - samba-client
+ - samba-common
+ - samba-libs
+ - screen
+ - seahorse
+ - sed
+ - setserial
+ - shared-mime-info
+ - skkdic
+ - smartmontools
+ - sound-theme-freedesktop
+ - sox
+ - speech-dispatcher
+ - speex
+ - spice-vdagent
+ - sqlite
+ - sssd
+ - sssd-ad
+ - sssd-common
+ - sssd-ipa
+ - sssd-krb5
+ - sssd-krb5-common
+ - sssd-ldap
+ - sssd-proxy
+ - strace
+ - subversion
+ - sudo
+ - sweeper
+ - swig
+ - sysstat
+ - system-config-printer
+ - system-config-printer-udev
+ - systemd
+ - systemd-sysv
+ - systemtap
+ - systemtap-client
+ - systemtap-runtime
+ - tar
+ - tcl
+ - tcpdump
+ - tcsh
+ - teamd
+ - telepathy-gabble
+ - telepathy-logger
+ - telnet
+ - texinfo
+ - texlive
+ - texlive-base
+ - time
+ - tix
+ - tk
+ - tmux
+ - totem
+ - traceroute
+ - tracker
+ - tree
+ - trousers
+ - tuned
+ - tzdata
+ - udisks2
+ - unoconv
+ - unzip
+ - upower
+ - usbutils
+ - usermode
+ - util-linux
+ - vim-common
+ - vinagre
+ - vino
+ - virtuoso-opensource
+ - virt-what
+ - vorbis-tools
+ - wavpack
+ - wget
+ - wodim
+ - wvdial
+ - xchat
+ - xdg-user-dirs
+ - xdg-user-dirs-gtk
+ - xdg-utils
+ - xfsdump
+ - xfsprogs
+ - xterm
+ - xvattr
+ - yelp
+ - yelp-xsl
+ - zenity
+ - zip
+ - zsh
diff --git a/CICD/vars/vars_ubuntu18.yml b/CICD/vars/vars_ubuntu18.yml
new file mode 100644
index 0000000000000000000000000000000000000000..52fb07e13556408445d1930cfeb6be369d25bfab
--- /dev/null
+++ b/CICD/vars/vars_ubuntu18.yml
@@ -0,0 +1,6 @@
+---
+KERNEL_VERSION: 4.15.0-118-generic # this is just the output of uname -ar
+LUSTRE_VERSION: v2_12_6
+MELLANOX_DRIVER_SRC: MLNX_OFED_LINUX-4.9-2.2.4.0-ubuntu18.04-x86_64
+#repopath: 7.8.2003
+
diff --git a/CICD/vars/vars_ubuntu20.yml b/CICD/vars/vars_ubuntu20.yml
new file mode 100644
index 0000000000000000000000000000000000000000..4bca02fc08d91927c67ec805d750ecb1331bbd84
--- /dev/null
+++ b/CICD/vars/vars_ubuntu20.yml
@@ -0,0 +1,7 @@
+---
+#KERNEL_VERSION: 5.4.0-67-generic # this is just the output of uname -ar
+KERNEL_VERSION: 5.4.0-70-generic
+LUSTRE_VERSION: v2_14_50
+MELLANOX_DRIVER_SRC: MLNX_OFED_LINUX-4.9-2.2.4.0-ubuntu20.04-x86_64
+#repopath: 7.8.2003
+
diff --git a/roles/buildLustreClient/tasks/main.yml b/roles/buildLustreClient/tasks/main.yml
index cf8436400d1081191a4fe9e60a0b76a3bc87394a..d75dfdb98a70c825ef1dc598880237a29756f3f2 100644
--- a/roles/buildLustreClient/tasks/main.yml
+++ b/roles/buildLustreClient/tasks/main.yml
@@ -27,6 +27,27 @@
become: true
when: ansible_os_family == 'RedHat'
+- name: install dependencies
+ package: #libelf-dev, libelf-devel or elfutils-libelf-devel
+ name:
+ #- libyaml
+ - libyaml-dev
+ - libtool
+ #- elfutils-libelf-devel
+ - libselinux1-dev
+ - libpython3.8-dev #unconfirmed
+ #- kernel-abi-whitelists
+ - zlib1g-dev
+ - libssl-dev
+ - libiberty-dev
+ - module-assistant
+ - libreadline-dev
+ - libsnmp-dev
+ - mpi-default-dev
+ state: present
+ become: true
+ when: ansible_os_family == 'Debian'
+
- name: autogen
command:
cmd: '/bin/sh ./autogen.sh'
@@ -49,3 +70,10 @@
make:
target: rpms
chdir: /tmp/lustre-release
+ when: ansible_os_family == 'RedHat'
+
+- name: make debs
+ make:
+ target: debs
+ chdir: /tmp/lustre-release
+ when: ansible_os_family == 'Debian'
\ No newline at end of file
diff --git a/roles/extra_packages/tasks/main.yml b/roles/extra_packages/tasks/main.yml
index 491d4e97919fd704768244eef881b3c7abb14f25..0e2ccbc048c5442adc711c127d0a748286cf6f0e 100644
--- a/roles/extra_packages/tasks/main.yml
+++ b/roles/extra_packages/tasks/main.yml
@@ -57,8 +57,7 @@
- name: "Install extra packages"
- apt: "name={{ item }} update_cache=yes state=present"
- with_items: "{{ extra_packages }}"
+ apt: "name={{ extra_packages }} update_cache=yes state=present"
become: true
become_user: root
when: ansible_os_family == 'Debian'
diff --git a/roles/ldapclient/tasks/configLdapClient.yml b/roles/ldapclient/tasks/configLdapClient.yml
index 2b9356d5d3a9f4af86966a5e1ef8de066cd9a642..8f414a902cd1f21dfb05b35e277b39d44d5adc22 100644
--- a/roles/ldapclient/tasks/configLdapClient.yml
+++ b/roles/ldapclient/tasks/configLdapClient.yml
@@ -29,11 +29,13 @@
template: src=system-auth.j2 dest=/etc/pam.d/system-auth-ac
become: true
become_user: root
+ when: ansible_os_family == 'RedHat'
- name: "Copy password auth"
template: src=password-auth.j2 dest=/etc/pam.d/password-auth-ac
become: true
become_user: root
+ when: ansible_os_family == 'RedHat'
- name: "Add LDAP server IP address to /etc/hosts"
lineinfile: dest=/etc/hosts line="{{ ldapServerHostIpLine }}" state=present insertafter=EOF
diff --git a/roles/mellanox_drivers/tasks/main.yml b/roles/mellanox_drivers/tasks/main.yml
index 03d1bf792b8a9c9a6d7ca62478e50463217cf9dd..a5ce37a5634e9c223b2e2ea56c1ce0286e49a35e 100644
--- a/roles/mellanox_drivers/tasks/main.yml
+++ b/roles/mellanox_drivers/tasks/main.yml
@@ -1,5 +1,4 @@
---
-
- name: "Force this role to fail if no Mellanox hardware is present"
#Exclude the role via tags ans ansible-playbook --skip-tags mlx
shell: "/usr/sbin/lspci | grep Mellanox"
@@ -13,18 +12,106 @@
check_mode: yes
when: ansible_os_family == "Debian"
-
-- name: yum install dependencies
- yum: name=perl,pciutils,gtk2,atk,cairo,gcc-gfortran,libxml2-python,tcsh,libnl,lsof,tcl,tk,kernel-devel,python-devel,createrepo,rpm-build
+- name: install dependencies centos 7
+ package:
+ name:
+ - atk
+ - cairo
+ - createrepo
+ - gcc-gfortran
+ - gtk2
+ - libxml2-python
+ - lsof
+ - pciutils
+ - perl
+ - python-devel
+ - rpm-build
+ - tcl
+ - tcsh
+ - libnl
+ - tk
+ # kernel devel removed for because we might need to pin the version
become: true
become_user: root
when: ansible_os_family == "RedHat"
+- name: install dependencies ubuntu18
+ package:
+ name:
+ - autoconf
+ - automake
+ - autotools-dev
+ - bison
+ - build-essential
+ - bzip2
+ - chrpath
+ - debhelper
+ - dh-autoreconf
+ - dpatch
+ - ethtool
+ - flex
+ - gcc
+ - gfortran
+ - graphviz
+ - libgfortran4
+ - libltdl-dev
+ - libnl-route-3-200
+ - m4
+ - make
+ - pkg-config
+ - quilt
+ - swig
+ - tcl
+ - tk
+ state: present
+ become: true
+ become_user: root
+ when: ansible_distribution == "Ubuntu" and ansible_distribution_major_version == 18
+
+- name: install dependencies ubuntu20
+ package:
+ name:
+ - autoconf
+ - automake
+ - autotools-dev
+ - bison
+ - debhelper
+ - dkms
+ - dpatch
+ - ethtool
+ - flex
+ - gcc
+ - gfortran
+ - graphviz
+ - libgfortran4
+ - libltdl-dev
+ - libnl-3-dev
+ - libnl-route-3-dev
+ - m4
+ - make
+ - pkg-config
+ - quilt
+ - swig
+ - tcl
+ - tkchrpath
+ state: present
+ become: true
+ become_user: root
+ when: ansible_distribution == "Ubuntu" and ansible_distribution_major_version == 20
+
- name: test for existing installation of drivers
stat:
path: /bin/ibv_devinfo
become: true
register: drivers_installed
+ when: ansible_os_family == "RedHat"
+
+- name: test for existing installation of drivers
+ stat:
+ path: /usr/bin/ibv_devinfo
+ become: true
+ register: drivers_installed
+ when: ansible_os_family == "Debian"
- name: debug - print out installed driver
debug: var=drivers_installed
@@ -35,7 +122,7 @@
reboot_now: false
- name: get driver version
- shell: '/bin/ofed_info -l | head -n 1 | cut -f 1 -d " "'
+ shell: 'ofed_info -l | head -n 1 | cut -f 1 -d " "'
register: driver_version
check_mode: no
changed_when: False
@@ -67,25 +154,33 @@
- name: debug - print out value of install_now
debug: var=install_now
+# since this is supposed to be a public role, this IP should not be here. consistency0 is not publicly accessible anymore
+# alternatively use #https://content.mellanox.com/ofed/MLNX_OFED-4.9-2.2.4.0/MLNX_OFED_LINUX-4.9-2.2.4.0-rhel7.8-x86_64.tgz
- name: copy driver source from consistency0
- unarchive: copy=no src="http://consistency0/src/{{ MELLANOX_DRIVER_SRC }}.tgz" dest=/tmp
+ unarchive: copy=no src="http://{{ reposerverip }}/src/{{ MELLANOX_DRIVER_SRC }}.tgz" dest=/tmp
become: true
become_user: root
when: install_now and mlx_driver_url is undefined
- #https://content.mellanox.com/ofed/MLNX_OFED-4.9-2.2.4.0/MLNX_OFED_LINUX-4.9-2.2.4.0-rhel7.8-x86_64.tgz
+
- name: copy driver source from mellanox
- unarchive: copy=no src="{{ mlx_driver_url }}" dest=/tmp
+ unarchive:
+ copy: no
+ src: "{{ mlx_driver_url }}"
+ dest: '/tmp'
become: true
become_user: root
when: install_now and mlx_driver_url is defined
+- name: Populate service facts
+ service_facts:
+
#remove old mellanox drivers as they may interfere with an update
- name: stop lustre
service: name=lustre-client state=stopped
become: true
become_user: root
- when: install_now and drivers_installed.stat.exists
+ when: install_now and drivers_installed.stat.exists and services["lustre-client.service"] is defined
- name: remove ipa stuff
package:
@@ -110,38 +205,49 @@
when: install_now
- name: remove mellanox rpms
- yum:
+ package:
state: absent
name:
- mlnx-ofa_kernel
- mlnx-ofa_kernel-devel
- mlnx-ofa_kernel-modules
+ - mlnx-ofed-kernel-dkms
+ - mlnx-ofed-kernel-utils
+ - ofed-scripts
become: true
when: install_now
-- name: install drivers
- shell: ./mlnxofedinstall -q --skip-repo --without-fw-update #--force --add-kernel-support
+- name: install drivers Debian
+ shell: ./mlnxofedinstall -q --skip-repo --without-fw-update --hpc --dkms
+ args:
+ chdir: "/tmp/{{ MELLANOX_DRIVER_SRC }}"
+ become: true
+ become_user: root
+ when: install_now and buildKMOD!=True and ansible_os_family == "Debian"
+
+- name: install drivers Redhat
+ shell: ./mlnxofedinstall -q --skip-repo --without-fw-update
args:
chdir: "/tmp/{{ MELLANOX_DRIVER_SRC }}"
become: true
become_user: root
- when: install_now and buildKMOD!=True
+ when: install_now and buildKMOD!=True and ansible_os_family == "Redhat"
-- name: install drivers
+- name: build and install drivers Redhat
shell: ./mlnxofedinstall -q --skip-repo --without-fw-update --add-kernel-support --hpc --kmp --all
args:
chdir: "/tmp/{{ MELLANOX_DRIVER_SRC }}"
become: true
become_user: root
- when: install_now and buildKMOD==True
-
-#- name: install ofa_kernel # this will be installed by mlnxofedinstall
-# yum:
-# name: kmod-mlnx-ofa_kernel-{{ MELLANOX_VERSION }} #required by lustre client but installed by mlnxofedinstall with a "whitespace" version change
-# kmod-mlnx-ofa_kernel.x86_64 4.5-OFED.4.5.1.0.1.1.gb4fdfac.rhel7u6 vs MELLANOX_VERSION: 4.5-OFED.4.5.1.0.1.1.gb4fdfac
-# state: present
-# allow_downgrade: yes
-# become: true
+ when: install_now and buildKMOD==True and ansible_os_family == "Redhat"
+
+- name: build and install drivers Debian
+ shell: ./mlnxofedinstall -q --skip-repo --without-fw-update --hpc --dkms
+ args:
+ chdir: "/tmp/{{ MELLANOX_DRIVER_SRC }}"
+ become: true
+ become_user: root
+ when: install_now and buildKMOD==True and ansible_os_family == "Debian"
- name: Copy roce_mode.service file
copy: dest=/etc/systemd/system src=files/roce_mode.service owner=root group=root mode=0644
diff --git a/roles/nfs-client/tasks/mountFileSystem.yml b/roles/nfs-client/tasks/mountFileSystem.yml
index c36db919646c24bb6877b9540d8fc27723bb3cbf..37056e14a282869684d12dd292e7306ee77cbd57 100644
--- a/roles/nfs-client/tasks/mountFileSystem.yml
+++ b/roles/nfs-client/tasks/mountFileSystem.yml
@@ -3,6 +3,7 @@
mount: name={{ item.name }} src="{{ item.ipv4 }}:{{ item.src }}" fstype={{ item.fstype }} opts={{ item.opts }} state=mounted
with_items: "{{ nfsMounts }}"
become: true
+ become_user: root
ignore_errors: false
register: firstMount
when: nfsMounts is defined
diff --git a/roles/pam_sshd/tasks/main.yml b/roles/pam_sshd/tasks/main.yml
index ef2a609372326295b18db1ad7db6c9b34c5d9bbe..c60e10c7b55428c511f03ef00b346fa963b6fa11 100644
--- a/roles/pam_sshd/tasks/main.yml
+++ b/roles/pam_sshd/tasks/main.yml
@@ -4,12 +4,17 @@
become: true
become_user: root
-- name: "Copy loginnode password sshd pam config"
- template: src=loginnodes_sshd.j2 dest=/etc/pam.d/sshd
+- name: "Copy loginnode password sshd pam config RedHat"
+ template: src=loginnodes_sshd_centos.j2 dest=/etc/pam.d/sshd
become: true
become_user: root
- when: computenodepam is undefined or not computenodepam
+ when: inventory_hostname in groups.LoginNodes and ansible_os_family=="RedHat"
+- name: "Copy loginnode password sshd pam config Debian"
+ template: src=loginnodes_sshd_ubuntu.j2 dest=/etc/pam.d/sshd
+ become: true
+ become_user: root
+ when: inventory_hostname in groups.LoginNodes and ansible_os_family=="Debian" # Jaf should review this !
- name: "Copy computenode password sshd pam config"
template: src=computenodes_sshd.j2 dest=/etc/pam.d/sshd
diff --git a/roles/pam_sshd/templates/loginnodes_sshd.j2 b/roles/pam_sshd/templates/loginnodes_sshd.j2
index b22b0bbf48e20d017775386ebe213732c954b612..238b55f3f83e4d186fdc2dbdcd1b1dc86f5adf31 100644
--- a/roles/pam_sshd/templates/loginnodes_sshd.j2
+++ b/roles/pam_sshd/templates/loginnodes_sshd.j2
@@ -15,7 +15,5 @@ session required pam_loginuid.so
session required pam_selinux.so open env_params
session required pam_namespace.so
session optional pam_keyinit.so force revoke
-session include password-auth
-session include postlogin
# Used with polkit to reauthorize users in remote sessions
-session optional pam_reauthorize.so prepare
diff --git a/roles/pam_sshd/templates/loginnodes_sshd_centos.j2 b/roles/pam_sshd/templates/loginnodes_sshd_centos.j2
new file mode 100644
index 0000000000000000000000000000000000000000..b22b0bbf48e20d017775386ebe213732c954b612
--- /dev/null
+++ b/roles/pam_sshd/templates/loginnodes_sshd_centos.j2
@@ -0,0 +1,21 @@
+#%PAM-1.0
+auth required pam_sepermit.so
+auth substack password-auth
+auth include postlogin
+# Used with polkit to reauthorize users in remote sessions
+-auth optional pam_reauthorize.so prepare
+account sufficient pam_access.so
+account required pam_nologin.so
+account include password-auth
+password include password-auth
+# pam_selinux.so close should be the first session rule
+session required pam_selinux.so close
+session required pam_loginuid.so
+# pam_selinux.so open should only be followed by sessions to be executed in the user context
+session required pam_selinux.so open env_params
+session required pam_namespace.so
+session optional pam_keyinit.so force revoke
+session include password-auth
+session include postlogin
+# Used with polkit to reauthorize users in remote sessions
+-session optional pam_reauthorize.so prepare
diff --git a/roles/pam_sshd/templates/loginnodes_sshd_ubuntu.j2 b/roles/pam_sshd/templates/loginnodes_sshd_ubuntu.j2
new file mode 100644
index 0000000000000000000000000000000000000000..2b3a5f61603ba33be0023903a65b3fc4d2e7d3ed
--- /dev/null
+++ b/roles/pam_sshd/templates/loginnodes_sshd_ubuntu.j2
@@ -0,0 +1,58 @@
+# PAM configuration for the Secure Shell service
+
+# Standard Un*x authentication.
+@include common-auth
+
+# Allow systems user even when /etc/nologin exists
+account sufficient pam_access.so
+
+# Disallow non-root logins when /etc/nologin exists.
+account required pam_nologin.so
+
+# Uncomment and edit /etc/security/access.conf if you need to set complex
+# access limits that are hard to express in sshd_config.
+# account required pam_access.so
+
+# Standard Un*x authorization.
+@include common-account
+
+# SELinux needs to be the first session rule. This ensures that any
+# lingering context has been cleared. Without this it is possible that a
+# module could execute code in the wrong domain.
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
+
+# Set the loginuid process attribute.
+session required pam_loginuid.so
+
+# Create a new session keyring.
+session optional pam_keyinit.so force revoke
+
+# Standard Un*x session setup and teardown.
+@include common-session
+
+# Print the message of the day upon successful login.
+# This includes a dynamically generated part from /run/motd.dynamic
+# and a static (admin-editable) part from /etc/motd.
+session optional pam_motd.so motd=/run/motd.dynamic
+session optional pam_motd.so noupdate
+
+# Print the status of the user's mailbox upon successful login.
+session optional pam_mail.so standard noenv # [1]
+
+# Set up user limits from /etc/security/limits.conf.
+session required pam_limits.so
+
+# Read environment variables from /etc/environment and
+# /etc/security/pam_env.conf.
+session required pam_env.so # [1]
+# In Debian 4.0 (etch), locale-related environment variables were moved to
+# /etc/default/locale, so read that as well.
+session required pam_env.so user_readenv=1 envfile=/etc/default/locale
+
+# SELinux needs to intervene at login time to ensure that the process starts
+# in the proper default security context. Only sessions which are intended
+# to run in the user's context should be run after this.
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
+
+# Standard Un*x password updating.
+@include common-password
diff --git a/roles/telegraf/tasks/main.yml b/roles/telegraf/tasks/main.yml
index 8442bd3926b961d3b535f15f73f051e56eaf5d25..af25f19b059752095d288f3fb5307a9b5f3dd895 100644
--- a/roles/telegraf/tasks/main.yml
+++ b/roles/telegraf/tasks/main.yml
@@ -17,7 +17,7 @@
- name: Install Telegraf package
apt:
deb: /tmp/telegraf-ansible-download.deb
- state: latest
+ state: present
when: ansible_os_family == "Debian"
become: true
become_user: root
@@ -138,4 +138,4 @@
- configuration
- gpu
when: "'VisNodes' in group_names or 'DGXRHELNodes' in group_names"
-
+
diff --git a/roles/vncserver/tasks/main.yml b/roles/vncserver/tasks/main.yml
index d955ea1c8eb1e4886a81507d1efcd73223bc5214..da8bd327350e8d0256aa52ceaf11853dd480aa3b 100644
--- a/roles/vncserver/tasks/main.yml
+++ b/roles/vncserver/tasks/main.yml
@@ -5,8 +5,7 @@
when: ansible_distribution == "CentOS" and ansible_distribution_major_version == "7"
- name: install system packages apt
- apt: name={{ item }} state=present update_cache=true force=yes
- with_items: "{{ system_packages }}"
+ apt: name={{ system_packages }} state=present update_cache=true force=yes
become: true
when: ansible_os_family == 'Debian'