Merge pull request #38 from CVL-GitHub/systemSoftware

System software installation

Merge pull request #38 from CVL-GitHub/systemSoftware
System software installation
82e9fa6e · Chris Hines · eca2013a · 98ad12ea · 82e9fa6e · 82e9fa6e
Commit 82e9fa6e authored 10 years ago by Chris Hines
--- a/playbook/cvl2.yml
+++ b/playbook/cvl2.yml
+---
+- hosts: all 
+  vars_files:
+    - massive_var/main.yml
+  vars:
+    x509_ca_server: "{{ groups['OpenvpnServer'][0] }}"
+    openvpn_servers: "{{ groups['OpenvpnServer'] }}"
+    slurmctrl: "{{ groups['OpenvpnServer'][0] }}"
+    slurmqueues:
+      - {name: batch, group: ComputeNodes, default: true}
+      - {name: vis, group: ComputeNodes, default: false}
+  roles:
+    - { role: etcHosts,  domain: "{{ ldapDomain }}" }
+
+- hosts: 'OpenvpnServer'
+  vars_files:
+    - massive_var/main.yml
+    - massive_var/package.yml
+    - massive_var/passwords.yml
+  vars:
+    x509_ca_server: "{{ groups['OpenvpnServer'][0] }}"
+    openvpn_servers: "{{ groups['OpenvpnServer'] }}"
+    slurmctrl: "{{ groups['OpenvpnServer'][0] }}"
+    slurmqueues:
+      - {name: batch, group: ComputeNodes, default: true}
+  roles:
+    - { role: easy-rsa-CA }
+    - { role: OpenVPN-Server }
+    - { role: ntp }
+    - { role: openLdapClient }
+    - { role: slurm-build }
+    - { role: nfs-server, configDiskDevice: false }
+    - { role: slurm, slurm_use_vpn: true}
+    - { role: installPackage, cliCopy: {'run': 'cp -r /usr/local/Modules/modulefiles/cvl /usr/local/Modules/modulefiles/massive', 'check': '/usr/local/Modules/modulefiles/massive'} }
+  tasks:
+    setup:
+
+- hosts: all 
+  vars_files:
+    - massive_var/main.yml
+  roles:
+    - { role: etcHosts, domain: "{{ ldapDomain }}" }
+
+- hosts: 'ComputeNodes'
+  vars_files:
+    - massive_var/main.yml
+    - massive_var/passwords.yml
+    - massive_var/package.yml
+  vars:
+    x509_ca_server: "{{ groups['OpenvpnServer'][0] }}"
+    openvpn_servers: "{{ groups['OpenvpnServer'] }}"
+    slurmctrl: "{{ groups['OpenvpnServer'][0] }}"
+    slurmqueues:
+      - {name: batch, group: ComputeNodes, default: true}
+    nfs_server: "{{ groups['OpenvpnServer'][0] }}"
+    groupList:
+      - { name : 'ComputeNodes', interface : 'tun0' }
+  roles:
+    - { role: OpenVPN-Client, x509_ca_server: "cvl23server" }
+    - { role: ntp }
+    - { role: openLdapClient }
+    - { role: syncExports, nfs_server: "cvl23server", exportList: [{ name: '/', src: '/usr/local', fstype: 'nfs4', opts: 'defaults,ro,nofail', nfsServerIp: "{{ hostvars['cvl23server']['ansible_tun0']['ipv4']['address'] }}", srvopts: 'ro,fsid=0,sync' }] }
+    - { role: nfs-client, exportList: "[{ 'name': '/home', 'src': '/', 'fstype': 'nfs4', 'opts': 'defaults,nofail', 'nfsServerIp': '{{ nfsServerIpAddress }}', 'nfsClientIp': '{{ ansible_tun0.ipv4.address }}', 'srvopts': 'rw,root_squash,fsid=0,sync' }]" }
+    - { role: nfs-client, exportList: "[ { 'name': '/usr/local', 'src': '/', 'fstype': 'nfs4', 'opts': 'defaults,ro,nofail', 'nfsServerIp': '{{ hostvars[nfs_server]['ansible_tun0']['ipv4']['address'] }}', 'srvopts': 'ro,fsid=0,sync' }]" }
+    - { role: slurm, slurm_use_vpn: true}
+    - { role: installPackage, preInstallation: "umount /usr/local", postInstallation: "mount /usr/local", yumGroupPackageList: ["CVL Pre-installation", "CVL Base Packages", "CVL System", "CVL System Extension"] }
+
+- hosts: all 
+  vars_files:
+    - massive_var/main.yml
+  roles:
+    - { role: etcHosts, domain: "{{ ldapDomain }}" }
+
+- hosts: 'LoginNode'
+  vars_files:
+    - massive_var/main.yml
+    - massive_var/passwords.yml
+  vars:
+    groupList:
+      - { name : 'ComputeNodes', interface : 'tun0' }
+    x509_ca_server: "{{ groups['OpenvpnServer'][0] }}"
+    openvpn_servers: "{{ groups['OpenvpnServer'] }}"
+    slurmctrl: "{{ groups['OpenvpnServer'][0] }}"
+    slurmqueues:
+      - {name: batch, group: ComputeNodes, default: true}
+#      - {name: vis, group: ComputeNodes, default: false}
+  roles:
+    - { role: OpenVPN-Client }
+    - { role: ntp }
+    - { role: openLdapClient }
+    - { role: nfs-client, exportList: "[{ 'name': '/home', 'src': '/', 'fstype': 'nfs4', 'opts': 'defaults,nofail', 'nfsServerIp': '{{ nfsServerIpAddress }}', 'nfsClientIp': '{{ ansible_tun0.ipv4.address }}', 'srvopts': 'rw,root_squash,fsid=0,sync' }]" }
+    - { role: slurm, slurm_use_vpn: true}
+    - { role: installPackage, importRepo: { command: "wget http://cvlrepo.massive.org.au/repo/cvl.repo -O", destination: "/etc/yum.repos.d/cvl.repo" }, yumGroupPackageList: ['CVL Pre-installation', 'CVL Base Packages', 'CVL System', 'CVL System Extension'], cliCopy: {'run': 'cp -r /usr/local/Modules/modulefiles/cvl /usr/local/Modules/modulefiles/massive', 'check': '/usr/local/Modules/modulefiles/massive'} }
+
--- a/playbook/readme.txt
+++ b/playbook/readme.txt
+Files in the playbook directory should be used as examples for the reference only.
--- a/roles/easy-rsa-certificate/tasks/buildCert.yml
+++ b/roles/easy-rsa-certificate/tasks/buildCert.yml
@@ -50,15 +50,15 @@
  when: needcert
  sudo: true

+- name: "Create node tmp directory"
+  delegate_to: 127.0.0.1
+  shell: "mkdir -p /tmp/{{ inventory_hostname }} ; chmod 755 /tmp/{{ inventory_hostname }}"
+
 - name: "Copy CSR to ansible host"
  fetch: "src=/etc/easy-rsa/2.0/keys/{{ x509_common_name }}.csr dest=/tmp/{{ inventory_hostname }}/{{ inventory_hostname }}.csr fail_on_missing=yes validate_md5=yes flat=yes"
  sudo: true
  when: needcert

- name: "Create node tmp directory"
-  delegate_to: 127.0.0.1
-  shell: "mkdir -p /tmp/{{ inventory_hostname }} ; chmod 755 /tmp/{{ inventory_hostname }}"
-
 - name: "Copy CSR to CA"
  remote_user: "{{ hostvars[x509_ca_server]['ansible_ssh_user'] }}"
  delegate_to: "{{ x509_ca_server }}"

--- a/roles/installPackage/tasks/main.yml
+++ b/roles/installPackage/tasks/main.yml
+---
+- name: Pre installation
+  shell: "{{ preInstallation }}" 
+  sudo: true
+  when: ansible_distribution == 'CentOS' and preInstallation is defined
+  
+- name: Add new repo file 
+  shell: "{{ importRepo.command }} {{ importRepo.destination }}"
+  sudo: true
+  run_once: true
+  args:
+    creates: "{{ importRepo.destination }}"
+  when: ansible_distribution == 'CentOS' and importRepo is defined
+
+- name: Install yum packages 
+  yum: name={{ item }} state=latest
+  with_items: yumPackageList
+  sudo: true
+  when: ansible_distribution == 'CentOS' and yumPackageList is defined
+
+- name: Install yum group packages 
+  shell: yum --setopt=protected_multilib=false -y groupinstall "{{ item }}"
+  with_items: yumGroupPackageList
+  sudo: true
+  when: ansible_distribution == 'CentOS' and yumGroupPackageList is defined
+
+- name: Post installation
+  shell: "{{ postInstallation }}" 
+  sudo: true
+  when: ansible_distribution == 'CentOS' and postInstallation is defined
+ 
+- name: conditional shell copy command 
+  shell: "{{ cliCopy.run }}"
+  sudo: true
+  run_once: true
+  args:
+    creates: "{{ cliCopy.check }}"
+  when: ansible_distribution == 'CentOS' and cliAction is defined
+
+
--- a/roles/nfs-client/handlers/main.yml
+++ b/roles/nfs-client/handlers/main.yml
@@ -4,5 +4,4 @@
  with_items:
    - rpcbind
    - rpcidmapd
-  when: nfs_type == "nfs4"
  sudo: true
--- a/roles/nfs-client/tasks/mountFileSystem.yml
+++ b/roles/nfs-client/tasks/mountFileSystem.yml
 --- 
- name: "Get the NFS Network"
-  setup: 
-  register: nfsServer
-  run_once: true
-  delegate_to: "{{ nfs_server }}"
-  when: nfsServer is not defined
-
+- name: "Check mount"
+  shell: mount | grep "{{ item.name }}"
+  with_items: exportList
+  register: result 
+  
 - name: "Mounting NFS mounts"
-  mount: "name={{ item.name }} src={{ nfsServer['ansible_facts']['ansible_'+item.interface]['ipv4']['address'] }}:{{ item.src }} fstype={{ item.fstype }} opts={{ item.opts }} state=mounted"
+  mount: "name={{ item.name }} src={{ item.nfsServerIp }}:{{ item.src }} fstype={{ item.fstype }} opts={{ item.opts }} state=mounted"
  with_items: exportList 
  notify: "restart authentication"
  notify: "restart idmap"
  sudo: true 
+  when: exportList is defined and result | failed 
--- a/roles/nfs-common/templates/idmapd.conf.j2
+++ b/roles/nfs-common/templates/idmapd.conf.j2
@@ -2,7 +2,7 @@
 #Verbosity = 0
 # The following should be set to the local NFSv4 domain name
 # The default is the host's DNS domain name.
-Domain = {{ ansible_fqdn }} 
+Domain = {{ ansible_domain }} 

 # The following is a comma-separated list of Kerberos realm
 # names that should be considered to be equivalent to the

--- a/roles/openLdapClient/tasks/configLdapClient.yml
+++ b/roles/openLdapClient/tasks/configLdapClient.yml
@@ -23,6 +23,11 @@
  template: src=ldap.conf.j2 dest=/etc/openldap/ldap.conf
  sudo: true

+- name: "Add LDAP server IP address to /etc/hosts"
+  lineinfile: dest=/etc/hosts line="{{ ldapServerHostIpLine }}" state=present insertafter=EOF
+  sudo: true
+  when: ldapServerHostIpLine is defined
+
 - name: "Copy sssd.conf to ldap client"
  template: src=sssd.j2 dest=/etc/sssd/sssd.conf owner=root group=root mode=600
  sudo: true

--- a/roles/syncExports/handlers/main.yml
+++ b/roles/syncExports/handlers/main.yml
 ---
- name: Reload exports 
+- name: "Reload exports" 
  command: exportfs -ra
  delegate_to: "{{ nfs_server }}"
-  run_once: true
  sudo: true