Compare revisions

cae6bd7b · cae6bd7b · cae6bd7b · cae6bd7b · cae6bd7b · cae6bd7b
--- a/roles/config_repos_upstream/files/monashhpc_others.repo
+++ b/roles/config_repos_upstream/files/monashhpc_others.repo
+# Place this file in your /etc/yum.repos.d/ directory
+
+[monashhpc_otherstuff]
+name=MonashHPC base repository mirrored to control the update process
+baseurl=https://consistency0/centos/hpcsystems/$releasever/$basearch/
+enabled=1
+sslverify=false
+gpgcheck=0
--- a/roles/config_repos_upstream/tasks/main.yml
+++ b/roles/config_repos_upstream/tasks/main.yml
+---
+- name: add gluster repo
+  copy: src=glusterfs-epel.repo dest=/etc/yum.repos.d/glusterfs-epel.repo
+  become: true
+  when: ansible_distribution == "CentOS" and ansible_distribution_major_version == "7"
+
+- name: enable epel
+  yum: name=epel-release state='latest'
+  become: true
+  when: ansible_distribution == "CentOS" and ansible_distribution_major_version == "7"
+
+
+- name: Enable epel
+  command: yum-config-manager --enable epel
+  become: true
+  when: ansible_distribution == "CentOS" and ansible_distribution_major_version == "7"
+
+# Use mate DE on systems that have moved to gnome3, since there is no gpu acceleration by default on NeCTAR openstack
+# Trusty (Ubuntu 14.04 LTS) needs repos added. Wheezy (Debian Stable) gets mate from backports, Utopic (Ubuntu 14.10) Jessie (Debian testing) and Sid (Debian unstable) get it by default
+- name: add repos apt
+  shell: "add-apt-repository -y ppa:ubuntu-mate-dev/ppa"
+  become: true
+  when: ansible_distribution_release == 'trusty'
+
+- name: add repos apt
+  shell: "add-apt-repository -y ppa:ubuntu-mate-dev/trusty-mate"
+  become: true
+  when: ansible_distribution_release == 'trusty'
+
+- name: add repos apt
+  shell: "add-apt-repository -y ppa:gluster/glusterfs-3.7"
+  become: true
+  when: ansible_distribution == 'Ubuntu'
+
+- name: apt-get update
+  apt: update_cache=True
+  become: true
+  when: ansible_os_family=="Debian"
--- a/roles/cron-access/tasks/main.yml
+++ b/roles/cron-access/tasks/main.yml
+- name: Adding pamd access for users who can run cron jobs
+  lineinfile:
+    path: /etc/security/access.conf
+    state: present
+    insertbefore: '^-:ALL EXCEPT root systems ec2-user debian ubuntu admin :ALL'
+    line: '+: cron-users : cron crond :0'
+  become: true
+  become_user: root
--- a/roles/cron/tasks/main.yml
+++ b/roles/cron/tasks/main.yml
+- cron:
+        name: "Lustre Projects Directory Backup Script"
+        minute: 10
+        hour: 6
+        user: 'root'
+        job: "/usr/bin/flock -x -n /mnt/m3-local/scripts/lustreBkp.lck -c /mnt/m3-local/scripts/startBkp.sh"
--- a/roles/cvl-menus/files/cvl.menu
+++ b/roles/cvl-menus/files/cvl.menu
+<!DOCTYPE Menu PUBLIC "-//freedesktop//DTD Menu 1.0//EN" "http://www.freedesktop.org/standards/menu-spec/1.0/menu.dtd">
+<Menu>
+    <Name>Applications</Name>
+    <Layout>
+        <Merge type="menus" />
+        <Menuname>Characterisation Virtual Laboratory</Menuname>
+    </Layout>
+    <Menu>
+        <Name>Characterisation Virtual Laboratory</Name>
+        <Directory>cvl.directory</Directory>
+        <MergeDir>/usr/local/share/xdg/menus/applications-merged/application</MergeDir>
+    </Menu>
+</Menu>
\ No newline at end of file
--- a/roles/cvl-menus/files/cvl_desktop.svg
+++ b/roles/cvl-menus/files/cvl_desktop.svg
--- a/roles/cvl-menus/files/default.xml
+++ b/roles/cvl-menus/files/default.xml
+<background>
+  <starttime>
+    <year>2010</year>
+    <month>11</month>
+    <day>11</day>
+    <hour>00</hour>
+    <minute>00</minute>
+    <second>00</second>
+  </starttime>
+
+<static>
+<duration>10000000000.0</duration>
+<file>
+	<!-- Wide 16:10 -->
+	<size width="1920" height="1200">/usr/share/backgrounds/cvl_desktop.svg</size>
+	<!-- Standard 4:3 -->
+	<size width="1920" height="1440">/usr/share/backgrounds/cvl_desktop.svg</size>
+</file>
+</static>
+
+</background>
--- a/roles/cvl-menus/tasks/main.yml
+++ b/roles/cvl-menus/tasks/main.yml
+- name: Sanity check menu directory
+  shell: mkdir -p /etc/xdg/menus/applications-merged
+  args:
+    creates: "/etc/xdg/menus/applications-merged"
+  become: true
+
+- name: configure the cvl menues
+  copy: src=cvl.menu dest=/etc/xdg/menus/applications-merged/cvl.menu mode=644 owner=root group=root
+  become: true
+
+- name: configure the cvl backgroud image
+  copy: src={{ item }} dest=/usr/share/backgrounds/{{ item }} mode=644 owner=root group=root
+  with_items:
+    - cvl_desktop.svg
+    - default.xml
+  become: true
+
+
--- a/roles/cvlExtraFiles/tasks/main.yml
+++ b/roles/cvlExtraFiles/tasks/main.yml
+---
+- name: extra file symbolic links
+  file: src={{ item.src }} path={{ item.dest }} state={{ item.type }} force=yes
+  with_items: "{{ extraFiles }}"
+  become: true
+  when: extraFiles is defined
--- a/roles/cvlExtraFiles/vars/readme.txt
+++ b/roles/cvlExtraFiles/vars/readme.txt
+---
+extraFiles:
+  - {src: '/usr/local/etc/vnc/turbovncserver-auth.conf', dest: '/etc/turbovncserver-auth.conf', type: 'link'}
+  - {src: '/usr/local/etc/vnc/turbovncserver.conf', dest: '/etc/turbovncserver.conf', type: 'link'}
+  - {src: '/usr/local/etc/profile.d/modules.sh', dest: '/etc/profile.d/modules.sh', type: 'link'}
+  - {src: '/usr/local/etc/profile.d/modules.csh', dest: '/etc/profile.d/modules.csh', type: 'link'}
+  - {src: '/usr/local/etc/profile.d/cvl.sh', dest: '/etc/profile.d/cvl.sh', type: 'link'}
+
--- a/roles/cvlFijiCronJob/tasks/main.yml
+++ b/roles/cvlFijiCronJob/tasks/main.yml
+---
+- name: Check CVL cron job
+  shell: ls /cvl/local/bin/fiji_daily_update.sh
+  ignore_errors: true
+  register: fijiupdatescript
+
+- name: CVL fiji cron job
+  cron: name=fijiupdate job=/cvl/local/bin/fiji_daily_update.sh user=root hour=5 state=present
+  become: true
+  when: fijiupdatescript | success
--- a/roles/deploy-xorg/files/xorg.conf.j2
+++ b/roles/deploy-xorg/files/xorg.conf.j2
+# nvidia-xconfig: X configuration file generated by nvidia-xconfig
+# nvidia-xconfig:  version 375.66  (buildmeister@swio-display-x86-rhel47-06)  Mon May  1 15:45:32 PDT 2017
+Section "DRI"
+    Mode 0666
+EndSection
+
+Section "ServerLayout"
+
+    #InputDevice    "Keyboard0" "CoreKeyboard"
+    #InputDevice    "Mouse0" "CorePointer"
+    Identifier      "Layout0"
+    {% for screen in screens %}
+    {% if screens.index(screen) == 0 %}
+    Screen 0        "Screen{{screens.index(screen)}}"
+    {% else %}
+    Screen {{screens.index(screen)}}        "Screen{{screens.index(screen)}}" RightOf "Screen{{screens.index(screen)-1}}"
+    {% endif %}
+    {% endfor %}
+    #InputDevice    "Keyboard0" "CoreKeyboard"
+    #InputDevice    "Mouse0" "CorePointer"
+EndSection
+
+Section "Files"
+    FontPath        "/usr/share/fonts/default/Type1"
+EndSection
+
+Section "InputDevice"
+
+    # generated from default
+    Identifier     "Mouse0"
+    Driver         "mouse"
+    Option         "Protocol" "auto"
+    Option         "Device" "/dev/input/mice"
+    Option         "Emulate3Buttons" "no"
+    Option         "ZAxisMapping" "4 5"
+EndSection
+
+Section "InputDevice"
+
+    # generated from default
+    Identifier     "Keyboard0"
+    Driver         "kbd"
+EndSection
+{% for monitor in monitors %}
+Section "Monitor"
+    Identifier     "{{monitor}}"
+    VendorName     "Unknown"
+    ModelName      "Unknown"
+    HorizSync       28.0 - 33.0
+    VertRefresh     43.0 - 72.0
+    Option         "DPMS"
+EndSection
+{% endfor %}
+{% for device in devices %}
+Section "Device"
+    Identifier     "Device{{devices.index(device)}}"
+    Driver         "nvidia"
+    VendorName     "NVIDIA Corporation"
+    boardname      "{{boardname}}"
+    BusID          "{{device}}"
+{% if boardname != 'GRID K1' %}
+    Option "HardDPMS" "false"
+{% endif %}
+EndSection
+{% endfor %}
+{% for screen in screens %}
+Section "Screen"
+    Identifier     "Screen{{screens.index(screen)}}"
+    Device         "Device{{screens.index(screen)}}"
+    Monitor        "Monitor{{screens.index(screen)}}"
+    DefaultDepth    24
+    Option         "ProbeAllGpus" "false"
+{% if boardname == 'GRID K1' %}
+    Option         "UseDisplayDevice" "None"
+{% endif %}
+    SubSection     "Display"
+        Virtual     1920 1200
+        Depth       24
+    EndSubSection
+EndSection
+{% endfor -%}
+
+
--- a/roles/deploy-xorg/tasks/main.yml
+++ b/roles/deploy-xorg/tasks/main.yml
+---
+- name: install dependencies
+  yum:
+    name: python-jinja2
+    state: present
+  become: true
+  when: 'ansible_os_family=="RedHat" and "python" in discovered_interpreter_python'
+
+- name: install dependencies
+  yum:
+    name: python36-jinja2
+    enablerepo: monashhpc_epel
+    state: present
+  become: true
+  when: 'ansible_os_family=="RedHat" and "python3" in discovered_interpreter_python'
+
+- name: install dependencies
+  yum:
+    name: python3-jinja2
+    state: present
+  become: true
+  when: ansible_os_family=="Debian"
+
+- name: create /opt/generate-xorg and template dirs
+  become: yes
+  file:
+   path: /opt/generate-xorg/template
+   state: directory
+   mode: '0755'
+
+- name: copy nvidia-xconf-gen.py
+  become: yes
+  copy:
+   src: ../../scripts/nvidia-xconf-gen.py
+   dest: /opt/generate-xorg/nvidia-xconf-gen.py
+   owner: root
+   mode: '0755'
+  register: gen
+
+- name: copy xorg.conf.j2 template
+  become: yes
+  copy:
+   src: xorg.conf.j2
+   dest: /opt/generate-xorg/template/xorg.conf.j2
+   owner: root
+   mode: '0644'
+  register: xorg_template
+
+- name: Creates ansible-generate-xorg file under /etc/cron.d
+  become: yes
+  cron:
+   name: cron job to generate xorg after reboot
+   special_time: reboot
+   user: root
+   job: "/opt/generate-xorg/nvidia-xconf-gen.py"
+   cron_file: ansible-generate-xorg
+
+- name: call the script once if necessary
+  become: yes
+  command: '/opt/generate-xorg/nvidia-xconf-gen.py'
+  when: xorg_template.changed or gen.changed
+
+- name: deploy desktop related packages
+  package:
+    name:
+      #- python-is-python2 # compatibility package for get-xorg.py
+      - python-tk #this is to get the Desktop Walltime script to work
+      - python-pexpect #this is to make the ansible expect module work
+    state: present
+  become: true
+  when: ansible_os_family=="Debian"
+
+- name: change allowed_user variable in Xwrapper.config
+  replace:
+    path: /etc/X11/Xwrapper.config
+    regexp:  'allowed_users=console'
+    replace: 'allowed_users=anybody'
+  become: true
+  register: xwrapperalloweduser
+  when: ansible_os_family=="Debian"
+
+- name: "Run `dpkg-reconfigure xserver-xorg-legacy` to make sure /etc/X11/Xwrapper.config doesn't get overridden during update"
+  expect:
+    command: 'dpkg-reconfigure -freadline xserver-xorg-legacy'
+    responses:
+      '(.*)Users allowed to start the X server(.*)': 3
+  when: xwrapperalloweduser.changed
+  become: true
+
--- a/roles/disableIPv6/tasks/main.yml
+++ b/roles/disableIPv6/tasks/main.yml
+---
+- { name: disable ip v6, lineinfile: { path: '/etc/sysctl.conf', line: 'net.ipv6.conf.all.disable_ipv6 = 1'}, become: true }
+- { name: disable ip v6, lineinfile: { path: '/etc/sysctl.conf', line: 'net.ipv6.conf.default.disable_ipv6 = 1'}, become: true, register: ipv6changed }
+- { name: disable ip v6, command: 'sysctl -p', become: true, when: ipv6changed.changed  }
--- a/roles/disableUnattendedUpgrades/tasks/main.yml
+++ b/roles/disableUnattendedUpgrades/tasks/main.yml
+- name:
+  package:
+    name: unattended-upgrades
+    state: absent
+  become: true
--- a/roles/disable_interface/README.md
+++ b/roles/disable_interface/README.md
+This role permanently turns off a network interface. This is needed for baremetal
+machines, which may have a management interface (i.e. e1p1) that needs to
+be disabled for security reasons. We use `ip link set <Name> down` to disable the interface.
+
+To survive a reboot, this role sets up a service file and enables it for starting upon an OS start.
+
+Usage
+ - {role: disable_interface, interface_name : "eth5" }
+ - {role: disable_interface  }
+
+{{ interface_name }} if not defined, defaults to "e1p1"
--- a/roles/disable_interface/tasks/main.yml
+++ b/roles/disable_interface/tasks/main.yml
+---
+
+# This role adds a sytemd services file and enables it
+# It disables the {{ interface_name }} interface  (Management port) on Baremetal nodes
+- set_fact: interface_name="e1p1"
+  when: interface_name is undefined
+
+- name: Create service file for turning off interace name
+  template: src=disable_interface.service.j2 dest=/etc/systemd/system/disable_interface.service mode="u=rw,g=r,o=r"
+  become: true
+  become_user: root
+
+- name: enable and start device_off service
+  service: name=disable_interface.service state=started enabled=yes
+  become: true
+  become_user: root
--- a/roles/disable_interface/templates/disable_interface.service.j2
+++ b/roles/disable_interface/templates/disable_interface.service.j2
+[Unit]
+Description=Turn off {{ interface_name }} interface (management port)
+After=network.target network-online.target openibd.service
+Wants=network-online.target
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+ExecStart=/sbin/ip link set {{ interface_name }}  down
+#'ip link show {{ interface_name }} ' is either UP or DOWN
+
+[Install]
+WantedBy=multi-user.target
+WantedBy=final.target
+
--- a/roles/disable_selinux/tasks/main.yml
+++ b/roles/disable_selinux/tasks/main.yml
+---
+- block:
+  - name: disable selinux
+    selinux: state=disabled
+    become: true
+    register: selinuxvar
+    
+  - name: reboot if needed
+    reboot:
+    when: selinuxvar is defined and selinuxvar.reboot_required
+    become: true
+  when: ansible_os_family=="RedHat"
--- a/roles/dump_ldap_config/tasks/main.yml
+++ b/roles/dump_ldap_config/tasks/main.yml
+---
+- name: grab cacert
+  shell: cat {{ ldapCARootDest }}
+  register: ldapCaCertContents
+
+- name: dump vars
+  template: src=ldapConfig.j2 dest=/tmp/ldapConfig.out
+
+- name: fetch vars
+  fetch: src=/tmp/ldapConfig.out dest=/tmp/ldapConfig.out flat=yes
+
No results found