Skip to content
Snippets Groups Projects
Commit 8baeda50 authored by Simon Michnowicz (Monash University)'s avatar Simon Michnowicz (Monash University)
Browse files

Merge branch 'master' of gitlab.erc.monash.edu.au:hpc-team/ansible_cluster_in_a_box into numa-check

parents d21ed3f0 f4429bd8
No related branches found
No related tags found
1 merge request!101Numa check
......@@ -13,25 +13,25 @@
when: default_modules == "lmod"
- name: remove modulecmd bash
file: path=/etc/profile.d/modulecmd.sh state=absent
file: path=/etc/profile.d/zz_modulecmd.sh state=absent
become: true
become_user: root
when: default_modules == "lmod"
- name: remove modulcmd csh
file: path=/etc/profile.d/modulecmd.csh state=absent
file: path=/etc/profile.d/zz_modulecmd.csh state=absent
become: true
become_user: root
when: default_modules == "lmod"
- name: template modulecmd bash
template: src=modulecmd.sh.j2 dest=/etc/profile.d/modulecmd.sh
template: src=modulecmd.sh.j2 dest=/etc/profile.d/zz_modulecmd.sh
become: true
become_user: root
when: default_modules == "modulecmd"
- name: template modulecmd csh
template: src=modulecmd.csh.j2 dest=/etc/profile.d/modulecmd.csh
template: src=modulecmd.csh.j2 dest=/etc/profile.d/zz_modulecmd.csh
become: true
become_user: root
when: default_modules == "modulecmd"
......
module() { eval `/usr/bin/modulecmd bash $*`; /usr/local/hpcusr/latest/bin/modulelog $*;}
module() { eval `/usr/bin/modulecmd bash $*`; /usr/local/bin/modulelog $*;}
export -f module
MODULESHOME=/usr/share/Modules
......
......@@ -21,7 +21,10 @@
when: ansible_distribution == "Debian" and ansible_distribution_major_version == "8"
- name: set preserve hostname on CentOS
lineinfile: dest=/etc/cloud/cloud.cfg line='preserve_hostname=True'
lineinfile:
args:
dest: /etc/cloud/cloud.cfg
line: "preserve_hostname: True"
sudo: true
when: ansible_distribution == "CentOS" and ansible_distribution_major_version == "7"
......
......@@ -8,11 +8,6 @@
sudo: true
when: ansible_os_family == 'RedHat'
- name: "Make yum cache"
command: yum makecache
sudo: true
when: ansible_os_family == 'RedHat'
- name: "Install extra packages"
yum: "name={{ item }} exclude={{ excludes|join(',') }} update_cache=yes state=present"
with_items: "{{ extra_packages }}"
......
......@@ -73,6 +73,6 @@
when: reboot_now
- name: waiting for server to come back
local_action: wait_for host={{ ansible_host }} state=started port=22 delay=10 search_regex=OpenSSH
local_action: wait_for host={{ ansible_host }} state=started port=22 delay=60 timeout=600 search_regex=OpenSSH
sudo: false
when: reboot_now
# apache configuration for nagios 3.x
# note to users of nagios 1.x and 2.x:
# throughout this file are commented out sections which preserve
# backwards compatibility with bookmarks/config for older nagios versios.
# simply look for lines following "nagios 1.x:" and "nagios 2.x" comments.
ScriptAlias /cgi-bin/nagios3 /usr/lib/cgi-bin/nagios3
ScriptAlias /nagios3/cgi-bin /usr/lib/cgi-bin/nagios3
# nagios 1.x:
#ScriptAlias /cgi-bin/nagios /usr/lib/cgi-bin/nagios3
#ScriptAlias /nagios/cgi-bin /usr/lib/cgi-bin/nagios3
# nagios 2.x:
#ScriptAlias /cgi-bin/nagios2 /usr/lib/cgi-bin/nagios3
#ScriptAlias /nagios2/cgi-bin /usr/lib/cgi-bin/nagios3
Alias /nagios3/stylesheets /etc/nagios3/stylesheets
# nagios 1.x:
#Alias /nagios/stylesheets /etc/nagios3/stylesheets
# nagios 2.x:
#Alias /nagios2/stylesheets /etc/nagios3/stylesheets
# Where the HTML pages live
Alias /nagios3 /usr/share/nagios3/htdocs
# nagios 2.x:
#Alias /nagios2 /usr/share/nagios3/htdocs
# nagios 1.x:
#Alias /nagios /usr/share/nagios3/htdocs
LDAPTrustedGlobalCert CA_BASE64 /etc/ssl/certs/cacert.crt
<DirectoryMatch (/usr/share/nagios3/htdocs|/usr/lib/cgi-bin/nagios3|/etc/nagios3/stylesheets)>
Options FollowSymLinks
DirectoryIndex index.php index.html
AllowOverride AuthConfig
<IfVersion < 2.3>
Order Allow,Deny
Allow From All
</IfVersion>
<IfVersion >= 2.3>
Require all denied
</IfVersion>
AuthType Basic
AuthName "Authentication"
AuthBasicProvider ldap
AuthLDAPURL {{ ldapURI }}/{{ ldapBase }}?uid?sub?{{ ldap_access_filter }}
AuthLDAPBindDN {{ ldapBindDN }}
AuthLDAPBindPassword {{ ldapBindDNPassword }}
AuthLDAPBindAuthoritative off
AuthLDAPGroupAttributeIsDN off
AuthLDAPGroupAttribute memberUid
<RequireAll>
Require valid-user
Require ldap-group cn={{ sudo_group }},{{ ldapGroupBase }}
</RequireAll>
</DirectoryMatch>
<Directory /usr/share/nagios3/htdocs>
Options +ExecCGI
</Directory>
# Enable this ScriptAlias if you want to enable the grouplist patch.
# See http://apan.sourceforge.net/download.html for more info
# It allows you to see a clickable list of all hostgroups in the
# left pane of the Nagios web interface
# XXX This is not tested for nagios 2.x use at your own peril
#ScriptAlias /nagios3/side.html /usr/lib/cgi-bin/nagios3/grouplist.cgi
# nagios 1.x:
#ScriptAlias /nagios/side.html /usr/lib/cgi-bin/nagios3/grouplist.cgi
---
# make sure firewalld is not installed
- name: make sure firewalld is not installed
yum: name={{ item }} state=absent
become: true
become_user: root
with_items:
- firewalld
- firewall-config
# make sure iptables is installed
- name: make sure iptables-services is installed
yum: name=iptables-services state=present
become: true
become_user: root
- name: make sure iptables service is running
service: name=iptables state=started enabled=yes
become: true
become_user: root
# template ip tables rules or add rules on startup?
- name: template rules
template: dest=/etc/sysconfig/iptables src=iptables.j2
become: true
become_user: root
register: rule_changed
- name: restore rules
shell: iptables-restore
become: true
become_user: root
when: rule_changed | changed
# make sure ip forwarding is enabled
# Generated by iptables-save v1.4.21 on Mon Nov 7 16:34:03 2016
*mangle
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -o virbr0 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
COMMIT
# Completed on Mon Nov 7 16:34:03 2016
# Generated by iptables-save v1.4.21 on Mon Nov 7 16:34:03 2016
*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -o eth2 -j MASQUERADE
COMMIT
# Completed on Mon Nov 7 16:34:03 2016
# Generated by iptables-save v1.4.21 on Mon Nov 7 16:34:03 2016
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -i mlx0 -j ACCEPT
-A FORWARD -i eth1 -j ACCEPT
COMMIT
# Completed on Mon Nov 7 16:34:03 2016
......@@ -53,6 +53,7 @@ def mk_homedir(path,uidNumber,gidNumber):
if 'No such file or directory' in e:
shutil.copytree(skelpath, path)
statinfo = os.stat(path)
os.chown(path,uidNumber,gidNumber)
recursive_chown(path, uidNumber, gidNumber)
# adapted from http://stackoverflow.com/questions/5994840/how-to-change-the-user-and-group-permissions-for-a-directory-by-name
......@@ -67,13 +68,23 @@ def recursive_chown(path,uidNumber,gidNumber):
for fname in files:
os.chown(os.path.join(root, fname), uidNumber, gidNumber)
def check_homedir(path,uidNumber,gidNumber):
try:
si = os.stat(path)
if si.st_uid != uidNumber or si.st_gid != gidNumber:
raise Exception("user home %s uid %d != %d, gid %d != %d mismatch" % (path,si.st_uid,uidNumber,si.st_gid,gidNumber))
return True
except:
return False
s=ldapSearchConfig()
s.ldapserver="{{ ldapURI }}"
s.binddn="{{ ldapBindDN }}"
s.bindpw="{{ ldapBindDNPassword }}"
s.baseDN="{{ ldapBase }}"
s.searchFilter = "{{ search_filter }}"
s.searchFilter = "{{ ldap_access_filter }}"
homeDirEntry= "{{ homeDirEntry }}"
mnthome = "{{ mnthome }}"
......@@ -84,7 +95,8 @@ for user in users:
path=mnthome+"/"+users[user].entry[homeDirEntry][0].rsplit("/",1)[1]
else:
path=users[user].entry[homeDirEntry][0]
mk_homedir(path,int(users[user].entry['uidNumber'][0]),int(users[user].entry['gidNumber'][0]))
if not check_homedir(path,int(users[user].entry['uidNumber'][0]),int(users[user].entry['gidNumber'][0])):
mk_homedir(path,int(users[user].entry['uidNumber'][0]),int(users[user].entry['gidNumber'][0]))
except:
print traceback.format_exc()
pass
......@@ -67,7 +67,7 @@ s.ldapserver="{{ ldapURI }}"
s.binddn="{{ ldapBindDN }}"
s.bindpw="{{ ldapBindDNPassword }}"
s.baseDN="{{ ldapBase }}"
s.searchFilter = "{{ search_filter }}"
s.searchFilter = "{{ ldap_access_filter }}"
users=get_users(s)
mk_slurmaccount("default")
......
---
- name: install slurm.conf
copy: src=files/slurm.conf dest={{ slurm_dir }}/etc/slurm.conf
sudo: true
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment