Skip to content
Snippets Groups Projects

Compare revisions

Changes are shown as if the source revision was being merged into the target revision. Learn more about comparing revisions.

Source

Select target project
No results found

Target

Select target project
  • hpc-team/HPCasCode
  • chines/ansible_cluster_in_a_box
2 results
Show changes
Hide whitespace changes
Inline Side-by-side
Showing
with 160 additions and 158 deletions
playbook/massive_var/main.yml deleted 100644 → 0
View file @ 31f81930
---
ldapServerHostIpLine: "130.220.209.234 m2-w.massive.org.au"
ldapCaCertSrc: "/tmp/m1-w-ca.pem"
countryName: "AU"
reginalName: "Victoria"
cityName: "Melbourne"
organizationName: "Monash University"
emailAddress: "help@massive.org.au"
organizationUnit: "MASSIVE"
nfsServerIpAddress: m2-login3.massive.org.au
x509_cert_file: "/etc/openvpn/certs/{{ x509_ca_server }}.crt"
x509_key_file: "/etc/openvpn/private/{{ x509_ca_server }}.key"
x509_cacert_file: "/etc/ssl/certs/ca_{{ x509_ca_server }}.crt"
###x509_common_name: "{{ x509_ca_server }}CommonName"
x509_common_name: "{{ inventory_hostname }}"
x509_csr_args: "--server"
x509_sign_args: "{{ x509_csr_args }}"
dhparms_file: "/etc/openvpn/private/dh.pem"
server_network: "10.8.0.0"
server_netmask: "255.255.255.0"
slurm_version: 14.11.2
munge_version: 0.5.11
userRelocationName: "ec2-user"
userNewHome: "/local_home"
#nfs_type: "nfs4"
#nfs_options: "defaults"
#nfs_server: "m2-login3.massive.org.au"
ldapServerHost: "130.220.209.234 m2-w.massive.org.au"
ldapDomain: "massive.org.au"
ldapURI: "ldaps://m2-w.massive.org.au:1637/"
ldapBindDN: "cn=ldapbind,cn=users,dc=massive,dc=org,dc=au"
ldapBase: "cn=users,dc=massive,dc=org,dc=au"
ldapUserClass: "user"
ldapUserHomeDirectory: "unixHomeDirectory"
ldapUserPricipal: "userPrincipalName"
ldapGroupBase: "ou=groups,dc=massive,dc=org,dc=au"
tlsCaCertDirectory: "/etc/openldap/certs"
ldapCaCertFile: "/etc/openldap/certs/m1-w-ca.pem"
ldapCaCertFileSource: "/tmp/cvl2server/m1-w-ca.pem"
cacertFile: "cacert.pem"
#domain: "cvl.massive.org.au"
domain: "massive.org.au"
ldapRfc2307: |
ldap_schema = rfc2307
ldap_search_base = cn=users,dc=massive,dc=org,dc=au
ldap_user_search_base = cn=users,dc=massive,dc=org,dc=au
ldap_user_object_class = user
ldap_user_home_directory = unixHomeDirectory
ldap_user_principal = userPrincipalName
ldap_user_name = uid
ldap_group_search_base = ou=groups,dc=massive,dc=org,dc=au
ldap_group_object_class = group
ldap_access_order = expire
ldap_account_expire_policy = ad
ldapRfc2307Pam: |
scope sub
nss_base_passwd cn=users,dc=massive,dc=org,dc=au?sub
nss_base_shadow cn=users,dc=massive,dc=org,dc=au?sub
nss_base_group cn=users,dc=massive,dc=org,dc=au?sub
nss_map_objectclass posixAccount user
nss_map_objectclass shadowAccount user
nss_map_objectclass posixGroup group
nss_map_attribute homeDirectory unixHomeDirectory
nss_map_attribute uniqueMember member
nss_map_attribute shadowLastChange pwdLastSet
pam_login_attribute sAMAccountName
pam_filter objectClass=User
pam_password ad
playbook/massive_var/package.yml deleted 100644 → 0
View file @ 31f81930
---
importRepo: { command: "wget http://cvlrepo.massive.org.au/repo/cvl.repo -O", destination: "/etc/yum.repos.d/cvl.repo" }
#yumGroupPackageList:
# - CVL Pre-installation
# - CVL Base Packages
# - CVL System
# - CVL System Extension
# - CVL General Imaging Tools
playbook/readme.txt deleted 100644 → 0
View file @ 31f81930
Files in the playbook directory should be used as examples for the reference only.
provisionCluster.yaml deleted 100644 → 0
View file @ 31f81930
---
description: " A simple template to boot a 3 node cluster"
heat_template_version: 2013-05-23
parameters:
image_id:
type: string
label: Image ID
description: Image to be used for compute instance
default: a5e74703-f343-415a-aa23-bd0f0aacfc9e
key_name:
type: string
label: Key Name
description: Name of key-pair to be used for compute instance
default: shahaan
availability_z:
type: string
label: Availability Zone
description: Availability Zone to be used for launching compute instance
default: monash-01
resources:
computeNodes:
type: "OS::Heat::ResourceGroup"
properties:
count: 2
resource_def:
type: "OS::Nova::Server"
properties:
availability_zone: { get_param: availability_z }
flavor: m1.small
image: { get_param: image_id }
key_name: { get_param: key_name }
metadata:
ansible_host_group: computeNodes
ansible_ssh_user: ec2-user
ansible_ssh_private_key_file: /home/sgeadmin/.ssh/shahaan.pem
headNodes:
type: "OS::Heat::ResourceGroup"
properties:
count: 1
resource_def:
type: headNode.yaml
qa.yml 0 → 100644
View file @ cae6bd7b
#- hosts: 'all'
#gather_facts: false # not sure if false is clever here
#tasks:
#- include_vars: vars/ldapConfig.yml
#- include_vars: vars/filesystems.yml
#- include_vars: vars/slurm.yml
#- include_vars: vars/vars.yml
#- { name: set use shared state, set_fact: usesharedstatedir=False }
#tags: [ always ]
# this playbook is roughly sorted by
# - hostgroupstopics like ComputeNodes or ComputeNodes,LoginNodes, last VisNodes
# - "tag_groups" each starting after a #comment see #misc or misc tag
- hosts: 'ComputeNodes'
gather_facts: false
tasks:
# these are just templates.
#Note the tag never! Everything with never is only executed if called explicitly aka ansible-playbook --tags=foo,bar OR -tags=tag_group
- { name: template_shell, shell: ls, tags: [never,tag_group,uniquetag_foo] }
- { name: template_command, command: uname chdir=/bin, tags: [never,tag_group,uniquetag_bar] }
- { name: template_scipt, script: ./scripts/qa/test.sh, tags: [never,tag_group,uniquetag_script] }
#mpi stuff
- { name: run mpi on one computenode, command: ls, args: {chdir: "/tmp"} , failed_when: "TODO is TRUE", tags: [never,mpi,mpi_local,TODO] }
- { name: run mpi on two computenode, command: ls, args: {chdir: "/tmp"} , failed_when: "TODO is TRUE", tags: [never,mpi,mpi_local_two,TODO] }
#- { name: run mpi via sbatch, command: cmd=ls chdir="/tmp" , failed_when: "TODO is TRUE", tags: [never,mpi,slurm_mpi,TODO] }
#- { name: mpi_pinging, command: cmd=ls chdir="/tmp" , failed_when: "TODO is TRUE", tags: [never,mpi,mpi_ping,TODO] }
#module load openmpi/3.1.6-ucx;mpirun --mca btl self --mca pml ucx -x UCX_TLS=mm -n 24 /projects/pMOSP/mpi/parallel_mandelbrot/parallel/mandelbrot
#module load openmpi/3.1.6-ucx;srun mpirun --mca btl self --mca pml ucx -x UCX_TLS=mm -n 24 /projects/pMOSP/mpi/parallel_mandelbrot/parallel/mandelbrot
#slurm
- { name: slurmd should be running, service: name=slurmd state=started, tags: [never,slurm,slurmd] }
- { name: munged should be running, service: name=munged state=started, tags: [never,slurm,munged] }
- { name: ensure connectivity to the controller, shell: scontrol ping, tags: [never,slurm,scontrol_ping] }
- { name: the most simple srun test, shell: srun --reservation=AWX hostname, tags: [never,slurm,srun_hostname] }
#nhc, manually run nhc because it contains many tests
- { name: run nhc explicitly, command: /opt/nhc-1.4.2/sbin/nhc -c /opt/nhc-1.4.2/etc/nhc/nhc.conf, become: true , tags: [never,slurm,nhc] }
# networking
- { name: ping license server, shell: ls, tags: [never,network,ping_license] }
- { name: ping something outside monash, command: ping -c 1 8.8.8.8, tags: [never,network,ping_external] }
#mounts
- hosts: 'ComputeNodes,LoginNodes'
gather_facts: false
tasks:
- { name: check mount for usr_local, shell: "mount | grep -q local", tags: [never,mountpoints,mountpoints_local] }
- { name: check mount for projects, shell: "lfs df -h", tags: [never,mountpoints_projects] }
- { name: check mount for home, shell: "mount | grep -q home", tags: [never,mountpoints,mountpoints_home] }
- { name: check mount for scratch, shell: "mount | grep -q scratch" , tags: [never,mountpoints_scratch] }
#misc
- { name: check singularity, shell: module load octave && octave --version, tags: [never,misc,singularity3] }
- { name: module test, shell: cmd="module load gcc" executable="/bin/bash", tags: [never,misc,modulecmd] }
- { name: contact ldap, shell: maybe test ldapsearch, failed_when: "TODO is TRUE", tags: [never,misc,ldap,TODO] }
#gpu
- hosts: 'VisNodes'
gather_facts: false
tasks:
- { name: run nvida-smi to see if a gpu driver is present, command: "/bin/nvidia-smi", tags: [never,gpu,smi] }
- { name: run gpu burn defaults to 30 seconds, command: "/usr/local/gpu_burn/1.0/run_silent.sh", tags: [never,gpu,long,gpuburn] }
# extended time-consuming tests
# relion see https://docs.massive.org.au/communities/cryo-em/tuning/tuning.html
# linpack
#module load openmpi/1.10.7-mlx;ldd /usr/local/openmpi/1.10.7-mlx/bin/* | grep -ic found
roles/MonashBioinformaticsPlatform_node_allocation/tasks/main.yml
View file @ cae6bd7b
--- ---
- name: make sure /usr/local/bin exists - name: make sure /usr/local/bin exists
file: path=/usr/local/bin state=directory mode=755 owner=root file: path=/usr/local/bin state=directory mode=755 owner=root
sudo: true become: true
- name: install get_node.py - name: install get_node.py
copy: src=get_node.py dest=/usr/local/bin/get_node.py mode=755 owner=root copy: src=get_node.py dest=/usr/local/bin/get_node.py mode=755 owner=root
sudo: true become: true
- name: install mbp_node - name: install mbp_node
copy: src=mbp_node dest=/usr/local/bin/mbp_node mode=755 owner=root copy: src=mbp_node dest=/usr/local/bin/mbp_node mode=755 owner=root
sudo: true become: true
roles/OSImageBugfix/tasks/main.yml 0 → 100644
View file @ cae6bd7b
---
# This role is to fix a misconfiguration of some OpenStack Base images at Monash University.
# the misconfiguration is dev/vdb mounted in fstab of the Image and the Openstack Flavour not providing a second disk.
- name: unmount vdb if absent
mount:
path: "/mnt"
src: "/dev/vdb"
state: absent
become: true
when: 'hostvars[inventory_hostname]["ansible_devices"]["vdb"] is not defined'
- name: keep mnt present
file:
path: "/mnt"
owner: root
group: root
mode: "u=rwx,g=rx,o=rx"
state: directory
become: true
when: 'hostvars[inventory_hostname]["ansible_devices"]["vdb"] is not defined'
roles/OpenVPN-Client/handlers/main.yml
View file @ cae6bd7b
--- ---
- name: restart openvpn - name: restart openvpn
service: name=openvpn state=restarted service: name=openvpn state=restarted
sudo: true become: true
roles/OpenVPN-Client/tasks/copyCerts.yml
View file @ cae6bd7b
--- ---
- -
copy: "src=/tmp/{{ inventory_hostname }}/ca.crt dest=/etc/openvpn/ca.crt mode=644 owner=root group=root" copy: "src=/tmp/{{ inventory_hostname }}/ca.crt dest=/etc/openvpn/ca.crt mode=644 owner=root group=root"
name: "Copying CA certificate" name: "Copying CA certificate"
when: "client_ca_cert.stat.exists == false" when: "client_ca_cert.stat.exists == false"
- -
copy: "src=/tmp/{{ inventory_hostname }}/{{ inventory_hostname }}.crt dest=/etc/openvpn/{{ inventory_hostname }}.crt mode=644 owner=root group=root" copy: "src=/tmp/{{ inventory_hostname }}/{{ inventory_hostname }}.crt dest=/etc/openvpn/{{ inventory_hostname }}.crt mode=644 owner=root group=root"
name: "Copying Client certificate" name: "Copying Client certificate"
when: "client_sign_cert.stat.exists == false" when: "client_sign_cert.stat.exists == false"
- -
copy: "src=/tmp/{{ inventory_hostname }}/{{ inventory_hostname }}.key dest=/etc/openvpn/{{ inventory_hostname }}.key mode=600 owner=root group=root" copy: "src=/tmp/{{ inventory_hostname }}/{{ inventory_hostname }}.key dest=/etc/openvpn/{{ inventory_hostname }}.key mode=600 owner=root group=root"
name: "Copying Client key" name: "Copying Client key"
when: "client_key.stat.exists == false" when: "client_key.stat.exists == false"
......
roles/OpenVPN-Client/tasks/installOpenVPN.yml
View file @ cae6bd7b
--- ---
- name: "Install OpenVPN" - name: "Install OpenVPN"
yum: "name=openvpn state=present" yum: "name=openvpn state=present"
sudo: true become: true
notify: restart openvpn notify: restart openvpn
- name: "Copying client.conf to the OpenVPN client" - name: "Copying client.conf to the OpenVPN client"
template: "src=client.conf.j2 dest=/etc/openvpn/client.conf" template: "src=client.conf.j2 dest=/etc/openvpn/client.conf"
sudo: true become: true
notify: restart openvpn notify: restart openvpn
roles/OpenVPN-Client/tasks/main.yml
View file @ cae6bd7b
...@@ -3,6 +3,6 @@ ...@@ -3,6 +3,6 @@
include: installOpenVPN.yml include: installOpenVPN.yml
- name: "Start OpenVPN" - name: "Start OpenVPN"
service: name=openvpn state=started service: name=openvpn state=started enabled=yes
sudo: true become: true
roles/OpenVPN-Server/handlers/main.yml
View file @ cae6bd7b
--- ---
- name: restart openvpn - name: restart openvpn
service: name=openvpn state=restarted service: name=openvpn state=restarted
sudo: true become: true
roles/OpenVPN-Server/tasks/installOpenVPN.yml
View file @ cae6bd7b
--- ---
- name: "Install OpenVPN" - name: "Install OpenVPN"
yum: "name=openvpn state=present" yum: "name=openvpn state=present"
notify: "restart openvpn" notify: "restart openvpn"
sudo: true become: true
- name: Create path - name: Create path
shell: mkdir -p {{ dhparms_file | dirname }} shell: mkdir -p {{ dhparms_file | dirname }}
args: args:
creates: "{{ dhparms_file | dirname }}" creates: "{{ dhparms_file | dirname }}"
sudo: true become: true
- name: "Generate DH parameters" - name: "Generate DH parameters"
shell: openssl dhparam -out {{ dhparms_file }} 512 shell: openssl dhparam -out {{ dhparms_file }} 512
args: args:
creates: "{{ dhparms_file }}" creates: "{{ dhparms_file }}"
sudo: true become: true
- name: "Configure OpenVPN Server" - name: "Configure OpenVPN Server"
template: "src=server.conf.j2 dest=/etc/openvpn/server.conf" template: "src=server.conf.j2 dest=/etc/openvpn/server.conf"
notify: "restart openvpn" notify: "restart openvpn"
sudo: true become: true
roles/OpenVPN-Server/tasks/main.yml
View file @ cae6bd7b
...@@ -3,5 +3,5 @@ ...@@ -3,5 +3,5 @@
include: installOpenVPN.yml include: installOpenVPN.yml
- name: "Start OpenVPN" - name: "Start OpenVPN"
service: name=openvpn state=started service: name=openvpn state=started enabled=yes
sudo: true become: true
roles/SSHKnownHosts/tasks/main.yml 0 → 100644
View file @ cae6bd7b
- name: install known hosts file
copy: src=files/ssh_known_hosts dest=/etc/ssh/ssh_known_hosts owner=root mode=644
become: true
become_user: root
roles/additional_paths/tasks/main.yml 0 → 100644
View file @ cae6bd7b
- name: setup additiona PATHs in /etc/profile.d
template:
src: additional_paths.sh.j2
dest: /etc/profile.d/additional_paths.sh
become: true
when: additional_paths is defined
roles/additional_paths/templates/additional_paths.sh.j2 0 → 100644
View file @ cae6bd7b
export PATH=$PATH:{{ additional_paths|join(":") }}
roles/allow_stale_nfs/tasks/main.yml 0 → 100644
View file @ cae6bd7b
---
- name: place /usr/local/ last in the PATH in /etc/profile
lineinfile:
args:
dest: "/etc/profile"
insertbefore: BOF
line: "PATH=/bin:/usr/bin:/usr/local/bin"
become: true
become_user: root
- name: remove old line
lineinfile:
args:
dest: "/etc/profile"
regexp: "^PATH=/usr/local/bin:/bin:/usr/bin$"
state: absent
become: true
become_user: root
- name: remove /usr/local/ from the PATH in /etc/profile
lineinfile:
args:
dest: "/etc/profile"
regexp: ".*pathmunge /usr/local.*"
state: absent
become: true
become_user: root
- name: dont execute abrt-cli on login
file: path=/etc/profile.d/abrt-console-notification.sh state=absent
become: true
become_user: root
roles/apache2/tasks/apacheDebian.yml
View file @ cae6bd7b
...@@ -5,30 +5,26 @@ ...@@ -5,30 +5,26 @@
with_items: with_items:
- apache2 - apache2
- apache2-dev - apache2-dev
sudo: true become: true
- -
name: "Templating default-ssl site" name: "Templating default-ssl site"
template: src=default-ssl.j2 dest=/etc/apache2/sites-available/default-ssl.conf owner=www-data group=www-data template: src=default-ssl.j2 dest=/etc/apache2/sites-available/default-ssl.conf owner=www-data group=www-data
sudo: true become: true
- -
name: "Templating default site" name: "Templating default site"
template: src=default.j2 dest=/etc/apache2/sites-available/000-default.conf owner=www-data group=www-data template: src=default.j2 dest=/etc/apache2/sites-available/000-default.conf owner=www-data group=www-data
sudo: true become: true
- -
name: "Enable ssl module" name: "Enable ssl module"
apache2_module: state=present name=ssl apache2_module: state=present name=ssl
sudo: true become: true
- -
name: "Enable default-ssl site" name: "Enable default-ssl site"
shell: a2ensite default-ssl shell: a2ensite default-ssl
sudo: true become: true
notify: restart apache2 notify: restart apache2
-
name: "Starting Apache2"
service: name=apache2 state=started
sudo: true
roles/apache2/tasks/apacheRedHat.yml
View file @ cae6bd7b
...@@ -2,29 +2,29 @@ ...@@ -2,29 +2,29 @@
- -
name: "Installing Apache" name: "Installing Apache"
sudo: true become: true
yum: name={{ item }} state=latest yum: name={{ item }} state=present
with_items: with_items:
- mod_ssl - mod_ssl
- mod_wsgi - mod_wsgi
- openssl - openssl
- httpd - httpd
- httpd-devel - httpd-devel
- -
name: Setting httpd.conf name: Setting httpd.conf
sudo: true become: true
replace: dest=/etc/httpd/conf/httpd.conf regexp="^#ServerName www.example.com:80" replace="ServerName {{ ansible_fqdn }}" replace: dest=/etc/httpd/conf/httpd.conf regexp="^#ServerName www.example.com:80" replace="ServerName {{ ansible_fqdn }}"
- -
name: "Templating default-ssl site" name: "Templating default-ssl site"
template: src=default-ssl.j2 dest=/etc/httpd/conf.d/ssl.conf owner=apache group=apache template: src=default-ssl.j2 dest=/etc/httpd/conf.d/ssl.conf owner=apache group=apache
sudo: true become: true
- -
name: Templating wsgi.conf name: Templating wsgi.conf
sudo: true become: true
template: src=wsgi.conf.j2 dest=/etc/httpd/conf.d/wsgi.conf owner=root group=root template: src=wsgi.conf.j2 dest=/etc/httpd/conf.d/wsgi.conf owner=root group=root
- -
name: Restarting Apache name: Restarting Apache
sudo: true become: true
service: name=httpd state=restarted service: name=httpd state=restarted