Compare revisions

cae6bd7b · cae6bd7b · cae6bd7b · cae6bd7b · cae6bd7b · cae6bd7b
--- a/roles/deploy-xorg/files/xorg.conf.j2
+++ b/roles/deploy-xorg/files/xorg.conf.j2
+# nvidia-xconfig: X configuration file generated by nvidia-xconfig
+# nvidia-xconfig:  version 375.66  (buildmeister@swio-display-x86-rhel47-06)  Mon May  1 15:45:32 PDT 2017
+Section "DRI"
+    Mode 0666
+EndSection
+
+Section "ServerLayout"
+
+    #InputDevice    "Keyboard0" "CoreKeyboard"
+    #InputDevice    "Mouse0" "CorePointer"
+    Identifier      "Layout0"
+    {% for screen in screens %}
+    {% if screens.index(screen) == 0 %}
+    Screen 0        "Screen{{screens.index(screen)}}"
+    {% else %}
+    Screen {{screens.index(screen)}}        "Screen{{screens.index(screen)}}" RightOf "Screen{{screens.index(screen)-1}}"
+    {% endif %}
+    {% endfor %}
+    #InputDevice    "Keyboard0" "CoreKeyboard"
+    #InputDevice    "Mouse0" "CorePointer"
+EndSection
+
+Section "Files"
+    FontPath        "/usr/share/fonts/default/Type1"
+EndSection
+
+Section "InputDevice"
+
+    # generated from default
+    Identifier     "Mouse0"
+    Driver         "mouse"
+    Option         "Protocol" "auto"
+    Option         "Device" "/dev/input/mice"
+    Option         "Emulate3Buttons" "no"
+    Option         "ZAxisMapping" "4 5"
+EndSection
+
+Section "InputDevice"
+
+    # generated from default
+    Identifier     "Keyboard0"
+    Driver         "kbd"
+EndSection
+{% for monitor in monitors %}
+Section "Monitor"
+    Identifier     "{{monitor}}"
+    VendorName     "Unknown"
+    ModelName      "Unknown"
+    HorizSync       28.0 - 33.0
+    VertRefresh     43.0 - 72.0
+    Option         "DPMS"
+EndSection
+{% endfor %}
+{% for device in devices %}
+Section "Device"
+    Identifier     "Device{{devices.index(device)}}"
+    Driver         "nvidia"
+    VendorName     "NVIDIA Corporation"
+    boardname      "{{boardname}}"
+    BusID          "{{device}}"
+{% if boardname != 'GRID K1' %}
+    Option "HardDPMS" "false"
+{% endif %}
+EndSection
+{% endfor %}
+{% for screen in screens %}
+Section "Screen"
+    Identifier     "Screen{{screens.index(screen)}}"
+    Device         "Device{{screens.index(screen)}}"
+    Monitor        "Monitor{{screens.index(screen)}}"
+    DefaultDepth    24
+    Option         "ProbeAllGpus" "false"
+{% if boardname == 'GRID K1' %}
+    Option         "UseDisplayDevice" "None"
+{% endif %}
+    SubSection     "Display"
+        Virtual     1920 1200
+        Depth       24
+    EndSubSection
+EndSection
+{% endfor -%}
+
+
--- a/roles/deploy-xorg/tasks/main.yml
+++ b/roles/deploy-xorg/tasks/main.yml
+---
+- name: install dependencies
+  yum:
+    name: python-jinja2
+    state: present
+  become: true
+  when: 'ansible_os_family=="RedHat" and "python" in discovered_interpreter_python'
+
+- name: install dependencies
+  yum:
+    name: python36-jinja2
+    enablerepo: monashhpc_epel
+    state: present
+  become: true
+  when: 'ansible_os_family=="RedHat" and "python3" in discovered_interpreter_python'
+
+- name: install dependencies
+  yum:
+    name: python3-jinja2
+    state: present
+  become: true
+  when: ansible_os_family=="Debian"
+
+- name: create /opt/generate-xorg and template dirs
+  become: yes
+  file:
+   path: /opt/generate-xorg/template
+   state: directory
+   mode: '0755'
+
+- name: copy nvidia-xconf-gen.py
+  become: yes
+  copy:
+   src: ../../scripts/nvidia-xconf-gen.py
+   dest: /opt/generate-xorg/nvidia-xconf-gen.py
+   owner: root
+   mode: '0755'
+  register: gen
+
+- name: copy xorg.conf.j2 template
+  become: yes
+  copy:
+   src: xorg.conf.j2
+   dest: /opt/generate-xorg/template/xorg.conf.j2
+   owner: root
+   mode: '0644'
+  register: xorg_template
+
+- name: Creates ansible-generate-xorg file under /etc/cron.d
+  become: yes
+  cron:
+   name: cron job to generate xorg after reboot
+   special_time: reboot
+   user: root
+   job: "/opt/generate-xorg/nvidia-xconf-gen.py"
+   cron_file: ansible-generate-xorg
+
+- name: call the script once if necessary
+  become: yes
+  command: '/opt/generate-xorg/nvidia-xconf-gen.py'
+  when: xorg_template.changed or gen.changed
+
+- name: deploy desktop related packages
+  package:
+    name:
+      #- python-is-python2 # compatibility package for get-xorg.py
+      - python-tk #this is to get the Desktop Walltime script to work
+      - python-pexpect #this is to make the ansible expect module work
+    state: present
+  become: true
+  when: ansible_os_family=="Debian"
+
+- name: change allowed_user variable in Xwrapper.config
+  replace:
+    path: /etc/X11/Xwrapper.config
+    regexp:  'allowed_users=console'
+    replace: 'allowed_users=anybody'
+  become: true
+  register: xwrapperalloweduser
+  when: ansible_os_family=="Debian"
+
+- name: "Run `dpkg-reconfigure xserver-xorg-legacy` to make sure /etc/X11/Xwrapper.config doesn't get overridden during update"
+  expect:
+    command: 'dpkg-reconfigure -freadline xserver-xorg-legacy'
+    responses:
+      '(.*)Users allowed to start the X server(.*)': 3
+  when: xwrapperalloweduser.changed
+  become: true
+
--- a/roles/disableIPv6/tasks/main.yml
+++ b/roles/disableIPv6/tasks/main.yml
+---
+- { name: disable ip v6, lineinfile: { path: '/etc/sysctl.conf', line: 'net.ipv6.conf.all.disable_ipv6 = 1'}, become: true }
+- { name: disable ip v6, lineinfile: { path: '/etc/sysctl.conf', line: 'net.ipv6.conf.default.disable_ipv6 = 1'}, become: true, register: ipv6changed }
+- { name: disable ip v6, command: 'sysctl -p', become: true, when: ipv6changed.changed  }
--- a/roles/disableUnattendedUpgrades/tasks/main.yml
+++ b/roles/disableUnattendedUpgrades/tasks/main.yml
+- name:
+  package:
+    name: unattended-upgrades
+    state: absent
+  become: true
--- a/roles/disable_interface/README.md
+++ b/roles/disable_interface/README.md
+This role permanently turns off a network interface. This is needed for baremetal
+machines, which may have a management interface (i.e. e1p1) that needs to
+be disabled for security reasons. We use `ip link set <Name> down` to disable the interface.
+
+To survive a reboot, this role sets up a service file and enables it for starting upon an OS start.
+
+Usage
+ - {role: disable_interface, interface_name : "eth5" }
+ - {role: disable_interface  }
+
+{{ interface_name }} if not defined, defaults to "e1p1"
--- a/roles/disable_interface/tasks/main.yml
+++ b/roles/disable_interface/tasks/main.yml
+---
+
+# This role adds a sytemd services file and enables it
+# It disables the {{ interface_name }} interface  (Management port) on Baremetal nodes
+- set_fact: interface_name="e1p1"
+  when: interface_name is undefined
+
+- name: Create service file for turning off interace name
+  template: src=disable_interface.service.j2 dest=/etc/systemd/system/disable_interface.service mode="u=rw,g=r,o=r"
+  become: true
+  become_user: root
+
+- name: enable and start device_off service
+  service: name=disable_interface.service state=started enabled=yes
+  become: true
+  become_user: root
--- a/roles/disable_interface/templates/disable_interface.service.j2
+++ b/roles/disable_interface/templates/disable_interface.service.j2
+[Unit]
+Description=Turn off {{ interface_name }} interface (management port)
+After=network.target network-online.target openibd.service
+Wants=network-online.target
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+ExecStart=/sbin/ip link set {{ interface_name }}  down
+#'ip link show {{ interface_name }} ' is either UP or DOWN
+
+[Install]
+WantedBy=multi-user.target
+WantedBy=final.target
+
--- a/roles/disable_selinux/tasks/main.yml
+++ b/roles/disable_selinux/tasks/main.yml
+---
+- block:
+  - name: disable selinux
+    selinux: state=disabled
+    become: true
+    register: selinuxvar
+    
+  - name: reboot if needed
+    reboot:
+    when: selinuxvar is defined and selinuxvar.reboot_required
+    become: true
+  when: ansible_os_family=="RedHat"
--- a/roles/dump_ldap_config/tasks/main.yml
+++ b/roles/dump_ldap_config/tasks/main.yml
 ---
 - name: grab cacert
-  shell: cat {{ ldapCARootDest }} 
+  shell: cat {{ ldapCARootDest }}
  register: ldapCaCertContents

 - name: dump vars

--- a/roles/easy-rsa-CA/tasks/buildCA.yml
+++ b/roles/easy-rsa-CA/tasks/buildCA.yml
--- 
- 
+---
+-
  name: "Building the CA Certificate"
  shell: ' bash -c " cd /etc/easy-rsa/2.0; source ./vars; ./clean-all;  export EASY_RSA=/etc/easy-rsa/2.0; /etc/easy-rsa/2.0/pkitool --initca $* "'
  args:

--- a/roles/easy-rsa-CA/tasks/main.yml
+++ b/roles/easy-rsa-CA/tasks/main.yml
--- 
- 
+---
+-
  include: buildCA.yml
--- a/roles/easy-rsa-certificate/tasks/buildCert.yml
+++ b/roles/easy-rsa-certificate/tasks/buildCert.yml
--- 
+---
 - name: "Check client ca certificate"
  register: ca_cert
  stat: "path={{ x509_cacert_file }}"
-  sudo: true
+  become: true

 - name: "Check certificate and key"
  shell: (openssl x509 -noout -modulus -in {{ x509_cert_file }}  | openssl md5 ; openssl rsa -noout -modulus -in {{ x509_key_file }} | openssl md5) | uniq | wc -l
  register: certcheck
-  sudo: true
+  become: true

 - name: "Check certificate"
  register: cert
  stat: "path={{ x509_cert_file }}"
-  sudo: true
+  become: true

 - name: "Check key"
  register: key
  stat: "path={{ x509_key_file }}"
-  sudo: true
+  become: true

 - name: "Default: we don't need a new certificate"
  set_fact: needcert=False
@@ -31,11 +31,11 @@
  when: cert.stat.exists == false or cert.stat.size == 0

 - name: "Delete Zero Sized Ceritificates"
-  remote_user: "{{ hostvars[x509_ca_server]['ansible_ssh_user'] }}"
+  remote_user: "{{ hostvars[x509_ca_server]['ansible_user'] }}"
  delegate_to: "{{ x509_ca_server }}"
  shell: rm -rf /etc/easy-rsa/2.0/keys/{{ x509_common_name }}.*
  when: cert is defined and cert.stat.size == 0
-  sudo: true
+  become: true

 - name: "set needcert if cert doesn't match key"
  set_fact: needcert=True
@@ -49,7 +49,7 @@
 - name: "Creating CSR"
  shell: "cd /etc/easy-rsa/2.0; . ./vars; export EASY_RSA=\"${EASY_RSA:-.}\"; \"$EASY_RSA\"/pkitool --csr {{ x509_csr_args }} {{ x509_common_name }}"
  when: needcert
-  sudo: true
+  become: true

 - name: "Create node tmp directory"
  delegate_to: 127.0.0.1
@@ -57,57 +57,57 @@

 - name: "Copy CSR to ansible host"
  fetch: "src=/etc/easy-rsa/2.0/keys/{{ x509_common_name }}.csr dest=/tmp/{{ inventory_hostname }}/{{ inventory_hostname }}.csr fail_on_missing=yes validate_md5=yes flat=yes"
-  sudo: true
+  become: true
  when: needcert

 - name: "Copy CSR to CA"
-  remote_user: "{{ hostvars[x509_ca_server]['ansible_ssh_user'] }}"
+  remote_user: "{{ hostvars[x509_ca_server]['ansible_user'] }}"
  delegate_to: "{{ x509_ca_server }}"
  copy: "src=/tmp/{{ inventory_hostname }}/{{ inventory_hostname }}.csr dest=/etc/easy-rsa/2.0/keys/{{ x509_common_name }}.csr force=yes"
  when: needcert
-  sudo: true
+  become: true

 - name: "Sign Certificate"
-  remote_user: "{{ hostvars[x509_ca_server]['ansible_ssh_user'] }}"
+  remote_user: "{{ hostvars[x509_ca_server]['ansible_user'] }}"
  delegate_to: "{{ x509_ca_server }}"
  shell:    "cd /etc/easy-rsa/2.0; . ./vars; export EASY_RSA=\"${EASY_RSA:-.}\" ;\"$EASY_RSA\"/pkitool --sign {{ x509_sign_args }} {{ x509_common_name }}"
  when: needcert
-  sudo: true
+  become: true

 - name: "Copy the Certificate to ansible host"
-  remote_user: "{{ hostvars[x509_ca_server]['ansible_ssh_user'] }}"
+  remote_user: "{{ hostvars[x509_ca_server]['ansible_user'] }}"
  delegate_to: "{{ x509_ca_server }}"
  fetch: "src=/etc/easy-rsa/2.0/keys/{{ x509_common_name }}.crt dest=/tmp/{{ inventory_hostname }}/{{ x509_common_name }}.crt fail_on_missing=yes validate_md5=yes flat=yes"
-  sudo: true
+  become: true
  when: needcert

 - name: "Copy the CA Certificate to the ansible host"
-  remote_user: "{{ hostvars[x509_ca_server]['ansible_ssh_user'] }}"
+  remote_user: "{{ hostvars[x509_ca_server]['ansible_user'] }}"
  delegate_to: "{{ x509_ca_server }}"
  fetch: "src=/etc/easy-rsa/2.0/keys/ca.crt dest=/tmp/{{ inventory_hostname }}/ca.crt fail_on_missing=yes validate_md5=yes flat=yes"
-  sudo: true
+  become: true
  when: "ca_cert.stat.exists == false"

 - name: "Make sure the path to the certificate exists"
  shell: "mkdir -p `dirname {{ x509_cert_file }}` ; chmod 755  `dirname {{ x509_cert_file }}`"
-  sudo: true
+  become: true

 - name: "Copy the certificate to the node"
  copy: "src=/tmp/{{ inventory_hostname }}/{{ x509_common_name }}.crt dest=/tmp/{{ x509_common_name }}.crt force=yes"
-  sudo: true
+  become: true
  when: needcert

 - name: "Copy the certificate to the right location"
  shell: "cp -f /tmp/{{ x509_common_name }}.crt {{ x509_cert_file }}"
-  sudo: true
+  become: true
  when: needcert

 - name: "Copy the CA certificate to the node"
  copy: "src=/tmp/{{ inventory_hostname }}/ca.crt dest={{ x509_cacert_file }}"
-  sudo: true
+  become: true
  when: "ca_cert.stat.exists == false"

 - name: "Copy the key to the correct location"
  shell: "mkdir -p `dirname {{ x509_key_file }}` ; chmod 700 `dirname {{ x509_key_file }}` ; cp /etc/easy-rsa/2.0/keys/{{ x509_common_name }}.key {{ x509_key_file }}"
-  sudo: true
+  become: true
  when: needcert
--- a/roles/easy-rsa-certificate/tasks/main.yml
+++ b/roles/easy-rsa-certificate/tasks/main.yml
--- 
- 
+---
+-
  include: buildCert.yml
--- a/roles/easy-rsa-common/tasks/copyConfigurationFile.yml
+++ b/roles/easy-rsa-common/tasks/copyConfigurationFile.yml
--- 
+---
 - name: "Copy the configuration file"
  template: src={{ item }} dest=/etc/easy-rsa/2.0/vars mode=0644 owner=root
  with_first_found:
@@ -17,4 +17,4 @@
  args:
    chdir: "/etc/easy-rsa/2.0"
    creates: "/etc/easy-rsa/2.0/keys"
-  sudo: true
+  become: true
--- a/roles/easy-rsa-common/tasks/installEasyRsaSource.yml
+++ b/roles/easy-rsa-common/tasks/installEasyRsaSource.yml
@@ -6,7 +6,7 @@
 -
 name: Untar the source
 shell: tar xvfz 2.2.2.tar.gz chdir=/tmp creates=/tmp/easy-rsa-2.2.2
- 
+-
  name: "Moving easy-rsa to /etc"
  shell: cp -rf /tmp/easy-rsa-2.2.2/easy-rsa /etc/ creates=/etc/easy-rsa
  sudo: True
@@ -17,5 +17,5 @@
  args:
    creates: "/etc/easy-rsa/2.0/keys/"
  when: installed|changed
-  sudo: true
- 
+  become: true
+
--- a/roles/easy-rsa-common/tasks/yumList.yml
+++ b/roles/easy-rsa-common/tasks/yumList.yml
@@ -7,10 +7,10 @@
    - tcsh
    - bind-utils
  yum: "name={{ item }} state=present"
-  sudo: true
+  become: true
 -
  name: "Setting hostname"
-  shell: sysctl kernel.hostname={{ inventory_hostname }} 
+  shell: sysctl kernel.hostname={{ inventory_hostname }}
  sudo: True
 -
  name: "Restarting Network"

--- a/roles/ec2-user/tasks/main.yml
+++ b/roles/ec2-user/tasks/main.yml
+- name: Add ansible_user to systems group locally
+  user:
+    name: "{{ ansible_user }}"
+    groups: systems
+    append: yes
+  become: true
+  become_user: root
--- a/roles/enable_lmod/tasks/main.yml
+++ b/roles/enable_lmod/tasks/main.yml
---
- include_vars: "{{ ansible_os_family }}.yml"
-
- name: Install epel-release 
-  yum: name=epel-release-7-5.noarch state=present 
-  sudo: true 
-  when: ansible_distribution == "CentOS" and ansible_distribution_major_version == "7"
-
- name: Enable epel 
-  command: yum-config-manager --enable epel 
-  sudo: true
-  when: ansible_distribution == "CentOS" and ansible_distribution_major_version == "7"
-
- name: install lua
-  yum: name={{ item }} state=installed
-  with_items:
-    - lua
-    - lua-filesystem
-    - lua-posix
-  sudo: true
-  when: ansible_os_family == 'RedHat'
-
- name: install lua
-  apt: name={{ item }} state=installed
-  with_items:
-    - lua5.2
-    - lua5.2
-    - lua-filesystem
-    - lua-bitop
-    - lua-posix
-    - liblua5.2-0
-    - liblua5.2-dev
-    - tcl
-  sudo: true
-  when: ansible_os_family == 'Debian'
-
- name: link bash
-  file: src={{ soft_dir }}/lmod/lmod/init/bash dest=/etc/profile.d/lmod.sh state=link
-  sudo: true
-
- name: link csh
-  file: src={{ soft_dir }}/lmod/lmod/init/cshrc dest=/etc/profile.d/lmod.csh state=link
-  sudo: true
--- a/roles/enable_lmod/vars/Debian.yml
+++ b/roles/enable_lmod/vars/Debian.yml
---
-lua_include: /usr/include/lua5.2
--- a/roles/enable_lmod/vars/RedHat.yml
+++ b/roles/enable_lmod/vars/RedHat.yml
---
-lua_include: /usr/local
No results found