Compare revisions

cae6bd7b · cae6bd7b · cae6bd7b · cae6bd7b · cae6bd7b · cae6bd7b
--- a/roles/slurm_sql_bk/tasks/main.yml
+++ b/roles/slurm_sql_bk/tasks/main.yml
+---
+  #
+  #first generate ssh keys Gif the variable "create_key" is defined.
+  #
+  - name: delete any existing local private key
+    local_action: command rm -f  ./slm_db_backup
+    when: create_key is defined and create_key=="True"
+  - name: delete any existing local public keys
+    local_action: command rm -f ./slm_db_backup.pub
+    when: create_key is defined and create_key=="True"
+  - name: generate ssh keys if necessary
+    #this command will create a two files "slm_db_backup" and "slm_db_backup.pub"
+    local_action: command ssh-keygen -t rsa -f slm_db_backup -P ""
+    when: create_key is defined and create_key=="True"
+  - name: copy private key to management node
+    copy:
+      src: "./slm_db_backup"
+      dest: "/root/.ssh"
+      owner: root
+      group: root
+      mode: '600'
+    become: True
+    become_user: root
+    when: create_key is defined and create_key=="True"
+  - name: copy public key to authorised key file of backup volume machine
+    local_action: command  ssh-copy-id -i ./slm_db_backup.pub  {{ SQL_BK_DEST_HOST }}
+    when: create_key is defined and create_key=="True"
+  #
+  # It is possible to use pre-existing key if "copy_key" is defined
+  #
+  - assert: { msg: "You must define the PRIVATE KEY", that:   PRIVATE_KEY  is defined  }
+    when: copy_key is defined and copy_key =="True"
+  - assert: { msg: "You must define the PUBLIC KEY", that:  PUBLIC_KEY is defined }
+    when: copy_key is defined and copy_key =="True"
+  - name: copy private key to management node
+    copy: 
+      src: "{{ PRIVATE_KEY }}"
+      dest: "/root/.ssh/slm_db_backup"
+      owner: root
+      group: root
+      mode: '600'
+    become: True
+    become_user: root
+    when: copy_key is defined and copy_key =="True"
+  - name: copy public key to authorised key file of backup volume machine
+    local_action: command  ssh-copy-id -i {{ PUBLIC_KEY }}  {{ SQL_BK_DEST_HOST }}
+    when: copy_key is defined and copy_key =="True"
+  #
+  # now setup cronjob on management node
+  #
+  - name: ensure {{ MGMT_BIN_DIR }} exists
+    file:
+      path: "{{ MGMT_BIN_DIR }}"
+      state: directory
+    become: true
+    become_user: root
+  - name: "template sql backupscript to  {{ MGMT_BIN_DIR }}"
+    template: src="backup_mysql_for_slurm.sh.j2" dest="{{ MGMT_BIN_DIR }}/backup_mysql_for_slurm.sh"  mode="700"
+    become: true
+    become_user: root
+  - name: Make a daily crontab entry
+    cron:
+      name: "Backup of MySQL Database for Slurm"
+      job: "{{ MGMT_BIN_DIR }}/backup_mysql_for_slurm.sh"
+      hour: 23
+      minute: 55
+    become: true
+    become_user: root
+  - name: Create directory {{ SQL_BK_DATA_DIR }} to store initial mysql dump
+    file: path={{ SQL_BK_DATA_DIR }} state=directory
+    become: true
+    become_user: root
+  - name: template mysql config file to server
+    template: src="mysql.conf.j2" dest="{{ MGMT_BIN_DIR }}/mysql.conf" mode="600"
+    become: true
+    become_user: root
+  #
+  # template delete file to localhost.then copy to remote host
+  #
+  - name: make a unique name for the backup script
+    set_fact:
+        unique_name: "delete_old_mysql_bk_{{ SQL_BK_DEST_DIR | basename }}.sh"
+  - name: Unique filename is
+    debug: var=unique_name
+  - name: delete local del file
+    local_action: command rm -f  ./{{ unique_name }}
+  - name: template delete script to local dir
+    local_action: template src=delete_old_mysql_bk.sh.j2 dest=./{{ unique_name }}
+  - name: copy backup script to server ec2-user@{{ SQL_BK_DEST_HOST }}
+    local_action: command scp -i ./slm_db_backup ./{{ unique_name }}  "ec2-user@{{ SQL_BK_DEST_HOST }}:"
+  - name: insert delete cron job entry on remote server
+    local_action: command ssh -i ./slm_db_backup ec2-user@{{ SQL_BK_DEST_HOST }}  "{ crontab -l ; echo '#delete old slurm backups' ; echo '00 23 * * * /home/ec2-user/{{ unique_name }}' ; } | crontab  -  "
--- a/roles/slurm_sql_bk/templates/backup_mysql_for_slurm.sh.j2
+++ b/roles/slurm_sql_bk/templates/backup_mysql_for_slurm.sh.j2
+#!/bin/sh
+#
+# mysql dump for slurm. 
+#
+TIME=$(date '+%y-%m-%d')
+BIN_DIR={{ MGMT_BIN_DIR }}
+DATA_DIR={{ SQL_BK_DATA_DIR }}
+NAME="$DATA_DIR/mysql_dump_20${TIME}.sql"
+cd $DATA_DIR
+sudo mysqldump --defaults-file=$BIN_DIR/mysql.conf --single-transaction --host={{ SQL_IP }}   slurm_acct_db > $NAME
+sudo chmod go-r $NAME
+sudo gzip -f $NAME
+#scp file to   dummy user @ Destination Node and Directory
+scp -i ~/.ssh/slm_db_backup ${NAME}.gz  {{ SQL_USER }}@{{ SQL_BK_DEST_HOST }}:{{ SQL_BK_DEST_DIR }}
+rm -f  ${NAME}.gz 
--- a/roles/slurm_sql_bk/templates/delete_old_mysql_bk.sh.j2
+++ b/roles/slurm_sql_bk/templates/delete_old_mysql_bk.sh.j2
+#!/bin/sh
+#
+# delete old backups from slurm mysql
+# S.Michnowicz
+#
+#  2 day timeframe specified by -mtime +2
+#  also includes email check
+#find  {{ SQL_BK_DEST_DIR }} -type f -mtime +2 -name 'mysql_dump_*.gz' -execdir   mail -s "Deleting {}" simon.michnowicz@monash.edu < /dev/null  \; -execdir rm -f {} \;
+find  {{ SQL_BK_DEST_DIR }} -type f -mtime +7 -name 'mysql_dump_*.gz' -execdir rm -f {} \;
--- a/roles/slurm_sql_bk/templates/mysql.conf.j2
+++ b/roles/slurm_sql_bk/templates/mysql.conf.j2
+[client]
+password="{{ sqlPasswd }}"
+user="{{ sqlUsername }}"
--- a/roles/slurmdb-config/handlers/main.yml
+++ b/roles/slurmdb-config/handlers/main.yml
--- a/roles/slurmdb-config/readme.md
+++ b/roles/slurmdb-config/readme.md
+If the database is already up and running, running this role will not work.
+To make a change to the log file size without data loss before applying the config.
+1. While mariadb is still runing 
+   MySQL> SET GLOBAL innodb_fast_shutdown=0;
+2. Stop mariadb
+   systemctl stop mariadb
+3. Run this role to copy the config to /etc/my.cnf.d
+4. Go to /var/lib/mysql
+   mv ib_logfile0 ib_logfile0_orig
+   mv ib_logfile1 ib_logfile1_orig
+5. systemctl start mariadb
--- a/roles/slurmdb-config/tasks/main.yml
+++ b/roles/slurmdb-config/tasks/main.yml
+---
+- name: install deps in control node
+  package:
+    state: present
+    name:
+      - mysql
+      - mysql-devel
+      - MySQL-python
+  become: true
+  when: ansible_os_family == "RedHat"
+- name: install deps in control node ubuntu18
+  package:
+    name:
+      - mysql-client
+      - libmysqlclient-dev
+      - python-mysqldb # remove 3 for Ubuntu 18
+    state: present
+  become: true
+  when: ansible_os_family == "Debian" and ansible_distribution_major_version == "18"
+- name: install deps in control node ubuntu 20
+  package:
+    name:
+      - mysql-client
+      - libmysqlclient-dev
+      - python3-mysqldb # remove 3 for Ubuntu 18
+    state: present
+  become: true
+  when: ansible_os_family == "Debian" and ansible_distribution_major_version == "20"
+- name: make sure config dir exists
+  file: path="{{ slurm_dir }}/etc" state=directory
+  become: true
+- name: create slurm group
+  group: name=slurm system=yes gid=497
+  become: true
+- name: create slurm user # this is duplicated from slurm-common
+  user:
+    name: slurm
+    group: slurm
+    system: yes
+    createhome: no
+    uid: 497
+  become: true
+- name: install slurmdb.conf
+  template:
+    src: files/slurmdbd.conf
+    dest: "{{ slurm_dir }}/etc/slurmdbd.conf"
+    owner: slurm
+    group: slurm
+    mode: u+rw,g-rwx,o-rwx
+  become: true
+  when: slurm_dir is defined
+- name: install slurmdbd.conf
+  copy:
+    src: slurmdbd.conf
+    dest: /etc/slurm/slurmdbd.conf
+    owner: slurm
+    group: slurm
+    mode: u+rw,g-wx,o-rwx
+  become: true
+  when: slurm_dir is not defined
+- name: add slurm db log rotate config
+  template: src=slurmdblog.j2 dest=/etc/logrotate.d/slurmdb mode=644
+  become: true
--- a/roles/slurmdb-config/templates/slurmdblog.j2
+++ b/roles/slurmdb-config/templates/slurmdblog.j2
+{{ slurmdbdlog.log }}
+{
+ compress
+ missingok 
+ nocopytruncate 
+ nocreate 
+ nodelaycompress 
+ nomail  
+ notifempty 
+ noolddir 
+ rotate 5 
+ sharedscripts 
+ size=5M 
+ create 640 slurm root 
+{% if ansible_os_family == 'RedHat' and ansible_distribution_version >= '7' %}
+  postrotate
+        pkill -x --signal SIGUSR2 slurmdbd
+{% else %}
+ postrotate /etc/init.d/slurmdbd reconfig 
+{% endif %}
+ endscript
+}
--- a/roles/slurmdb/handlers/main.yml
+++ b/roles/slurmdb/handlers/main.yml
---
-  - name: restart slurmdbd
-    service: name={{ item }} state=restarted
-    with_items:
-      - slurmdbd
-      - slurm
-    sudo: true
--- a/roles/slurmdb/tasks/main.yml
+++ b/roles/slurmdb/tasks/main.yml
---
- name: install deps in control node
-  yum: name={{ item }} state=installed
-  sudo: true
-  with_items:
-    - mysql
-    - mysql-server
-    - mysql-devel
-    - MySQL-python
- name: "Start the Server"
-  service: "name=mysqld enabled=yes state=started"
-  sudo: true
- name: install mysql local root password 
-  mysql_user: check_implicit_admin=True login_user=root login_password="{{ sqlrootPasswd }}" name=root password="{{ sqlrootPasswd }}" state=present
-  sudo: true
- name: install slurmdbd.conf
-  template: src=slurmdbd.conf.j2 dest=/etc/slurm/slurmdbd.conf
-  sudo: true
- name: configure database slurmdb localhost
-  mysql_user: login_user=root login_password="{{ sqlrootPasswd }}" name=slurmdb password="{{ slurmdb_passwd }}" host=localhost priv=*.*:ALL,GRANT state=present
-  sudo: true
- name: configure database slurmdb domain 
-  mysql_user: login_user=root login_password="{{ sqlrootPasswd }}" name=slurmdb password="{{ slurmdb_passwd }}" host="{{ ansible_hostname }}"."{{ ansible_domain }}" priv=*.*:ALL,GRANT state=present
-  sudo: true
-#  notify: restart slurmdb
- name: sanity check slrumdbd service
-  service: "name=slurmdbd enabled=yes state=started"
-  sudo: true
- name: sanity check slurm service
-  service: "name=slurm enabled=yes state=started"
-  sudo: true
--- a/roles/smb_config/files/smb.conf
+++ b/roles/smb_config/files/smb.conf
+# See smb.conf.example for a more detailed config file or
+# read the smb.conf manpage.
+# Run 'testparm' to verify the config is correct after
+# you modified it.
+[global]
+	security = user
+        client max protocol = SMB3
+	passdb backend = tdbsam
+	printing = cups
+	printcap name = cups
+	load printers = yes
+	cups options = raw
+[homes]
+	comment = Home Directories
+	valid users = %S, %D%w%S
+	browseable = No
+	read only = No
+	inherit acls = Yes
+[printers]
+	comment = All Printers
+	path = /var/tmp
+	printable = Yes
+	create mask = 0600
+	browseable = No
+[print$]
+	comment = Printer Drivers
+	path = /var/lib/samba/drivers
+	write list = root
+	create mask = 0664
+	directory mask = 0775
--- a/roles/smb_config/tasks/main.yml
+++ b/roles/smb_config/tasks/main.yml
+---
+- name: Config smb.conf parameter added to prevent SMB1 connections to RDS
+  copy:
+     src: files/smb.conf
+     dest: /etc/samba/smb.conf
+     owner: root
+     group: root
+     mode: 0644
+  become: yes
+  tags: smb_config
--- a/roles/smux/README.md
+++ b/roles/smux/README.md
+A role to setup smux
+use
+- { role: smux }
--- a/roles/smux/tasks/main.yml
+++ b/roles/smux/tasks/main.yml
+---
+- name: install tmux
+  yum: name=tmux state=present
+  become: true
+  when: ansible_os_family == "RedHat"
--- a/roles/ssh-keepalive/handlers/main.yml
+++ b/roles/ssh-keepalive/handlers/main.yml
+- name: "sshkeepalive restart sshd"
+  service: name=sshd state=restarted
+  become: true
+  when: ansible_os_family == "RedHat"
+- name: "sshkeepalive restart ssh"
+  service: name=ssh state=restarted
+  become: true
+  when: ansible_os_family == "Debian"
--- a/roles/ssh-keepalive/tasks/main.yml
+++ b/roles/ssh-keepalive/tasks/main.yml
+- name: "Set ClientAliveInterval"
+  lineinfile:
+  args:
+    dest: /etc/ssh/sshd_config
+    regexp: "#?ClientAliveInterval [0-9]+"
+    line: "ClientAliveInterval 60"
+    backrefs: yes
+  become: true
+  notify:
+  - sshkeepalive restart sshd
+  - sshkeepalive restart ssh
+- name: "SetClientAliveCountMax"
+  lineinfile:
+  args:
+    dest: /etc/ssh/sshd_config
+    regexp: "#?ClientAliveCountMax [0-9]+"
+    line: "ClientAliveCountMax 5"
+    backrefs: yes
+  become: true
+  notify:
+  - sshkeepalive restart sshd
+  - sshkeepalive restart ssh
--- a/roles/ssh-nopassword-login/handlers/main.yml
+++ b/roles/ssh-nopassword-login/handlers/main.yml
+- name: "restart sshd"
+  service: name=sshd state=restarted
+  become: true
+  when: ansible_os_family == "RedHat"
+- name: "restart ssh"
+  service: name=ssh state=restarted
+  become: true
+  when: ansible_os_family == "Debian"
--- a/roles/ssh-nopassword-login/tasks/main.yml
+++ b/roles/ssh-nopassword-login/tasks/main.yml
+- name: "Disable Challenge Response"
+  lineinfile:
+  args:
+    dest: /etc/ssh/sshd_config
+    regexp: "ChallengeResponseAuthentication yes"
+    line: "ChallengeResponseAuthentication no"
+    backrefs: yes
+  become: true
+  notify:
+  - restart sshd
+  - restart ssh
+- name: "Disable Password"
+  lineinfile:
+  args:
+    dest: /etc/ssh/sshd_config
+    regexp: "PasswordAuthentication yes"
+    line: "PasswordAuthentication no"
+    backrefs: yes
+  become: true
+  notify:
+  - restart sshd
+  - restart ssh
--- a/roles/ssh-password-login/handlers/main.yml
+++ b/roles/ssh-password-login/handlers/main.yml
 - name: "restart sshd"
  service: name=sshd state=restarted
-  sudo: true
+  become: true
+  when: ansible_os_family == "RedHat"
+- name: "restart ssh"
+  service: name=ssh state=restarted
+  become: true
+  when: ansible_os_family == "Debian"
--- a/roles/ssh-password-login/tasks/main.yml
+++ b/roles/ssh-password-login/tasks/main.yml
@@ -3,18 +3,22 @@
  args:
    dest: /etc/ssh/sshd_config
    regexp: "ChallengeResponseAuthentication no"
-    line: "ChallengeResponseAuthentication yes" 
+    line: "ChallengeResponseAuthentication yes"
    backrefs: yes
-  sudo: true
+  become: true
-  notify: restart sshd
+  notify:
+  - restart sshd
+  - restart ssh
- name: "Enable Challenge Response"
+- name: "Disable Password"
  lineinfile:
  args:
    dest: /etc/ssh/sshd_config
-    regexp: "PasswordAuthentication no"
+    regexp: "PasswordAuthentication yes"
-    line: "PasswordAuthentication yes"
+    line: "PasswordAuthentication no"
    backrefs: yes
-  sudo: true
+  become: true
-  notify: restart sshd
+  notify:
+  - restart sshd
+  - restart ssh
No results found