Merge pull request #134 from oci-hpc/2.10.3_an_ol8_fixes

2.10.3 an ol8 fixes

Author: arnaudfroidmont

autoscaling/tf_init/inventory.tpl

@@ -1,5 +1,5 @@
 [bastion]
-${bastion_name} ansible_host=${bastion_ip} ansible_user=${bastion_username} role=bastion
+${bastion_name} ansible_host=${bastion_ip} ansible_user=${bastion_username} role=bastion ansible_python_interpreter=/usr/bin/python
 [slurm_backup]
 %{ if backup_name != "" }${backup_name} ansible_host=${backup_ip} ansible_user=${bastion_username} role=bastion%{ endif }
 [login]

bin/bastion.sh

@@ -38,12 +38,21 @@ if [ $ID == "ol" ] || [ $ID == "centos" ] ; then
     sudo yum install --enablerepo=$repo -y ansible python-netaddr
   elif [ $vid == 8 ] ; then
     sudo yum makecache --enablerepo=$repo
-    sudo yum install --enablerepo=$repo -y ansible python3-netaddr
+    sudo yum install --enablerepo=$repo -y python38.x86_64
+    sudo python3.8 -m pip install ansible cryptography netaddr
+    sudo mkdir /etc/ansible
+    sudo ln -s /usr/local/bin/ansible-playbook /bin/ansible-playbook
+    sudo ln -s /usr/local/bin/ansible /bin/ansible
+    sudo python3 -m pip install -U pip
+    sudo python3 -m pip install netaddr --upgrade
+    sudo python3 -m pip install setuptools_rust --upgrade
+    sudo python3 -m pip install requests --upgrade
+    sudo python3 -m pip install urllib3 --upgrade
   fi
   sudo yum-config-manager --add-repo https://rpm.releases.hashicorp.com/RHEL/hashicorp.repo
   sudo yum install -y terraform
+   sudo python3 -m pip install oci-cli --upgrade
 
-  sudo pip3 install oci-cli --upgrade
 
 elif [ $ID == "debian" ] || [ $ID == "ubuntu" ] ; then 
   # checking here as well to be sure that the lock file is not being held
@@ -66,16 +75,13 @@ elif [ $ID == "debian" ] || [ $ID == "ubuntu" ] ; then
     sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 93C4A3FD7BB9C367
   fi 
 
-
   sudo sed -i 's/"1"/"0"/g' /etc/apt/apt.conf.d/20auto-upgrades
   sudo apt purge -y --auto-remove unattended-upgrades
   sudo systemctl disable apt-daily-upgrade.timer
   sudo systemctl mask apt-daily-upgrade.service
   sudo systemctl disable apt-daily.timer
   sudo systemctl mask apt-daily.service
 
-
-
   sleep 10s
 
   sudo apt-mark hold linux-oracle linux-headers-oracle linux-image-oracle
@@ -141,7 +147,8 @@ fi
 
 ansible-galaxy collection install ansible.netcommon:=2.5.1 --force > /dev/null
 ansible-galaxy collection install community.general:=4.8.1 --force > /dev/null
-ansible-galaxy collection install ansible.posix > /dev/null
+ansible-galaxy collection install ansible.posix --force > /dev/null
+ansible-galaxy collection install community.crypto --force > /dev/null
 
 threads=$(nproc)
 forks=$(($threads * 8))

inventory.tpl

@@ -1,5 +1,5 @@
 [bastion]
-${bastion_name} ansible_host=${bastion_ip} ansible_user=${bastion_username} role=bastion
+${bastion_name} ansible_host=${bastion_ip} ansible_user=${bastion_username} role=bastion ansible_python_interpreter=/usr/bin/python
 [slurm_backup]
 %{ if backup_name != "" }${backup_name} ansible_host=${backup_ip} ansible_user=${compute_username} role=bastion%{ endif }
 [login]
@@ -73,5 +73,4 @@ tenancy_ocid = ${tenancy_ocid}
 inst_prin = ${inst_prin}
 api_fingerprint = ${api_fingerprint}
 api_user_ocid = ${api_user_ocid}
-sacct_limits=${sacct_limits}
-
+sacct_limits=${sacct_limits}

playbooks/group_vars/all.yml

@@ -1,3 +1,3 @@
 ssl_cert_path: '/etc/ssl/certs'
 ssl_ca_cert: '{{ ssl_cert_path }}/cluster-ca.crt'
-ssl_cert_group: ssl
+ssl_cert_group: ssl

playbooks/roles/grafana/tasks/el.yml

@@ -15,7 +15,7 @@
 - name: install grafana
   vars: 
     package_name: 
-      - https://dl.grafana.com/oss/release/grafana-8.5.21-1.x86_64.rpm
+      - grafana
     package_state: present
   include_role: 
     name: safe_yum

playbooks/roles/openldap/tasks/el.yml

@@ -1,6 +1,5 @@
 ---
 # tasks file for openldap
-
 - name: Create /etc/opt/oci-hpc/passwords/openldap
   become: true
   file:

playbooks/roles/packages/tasks/ol-7.yml

@@ -12,7 +12,7 @@
       - pdsh
       - python3-pip
     package_state: latest
-    package_repo: "epel,ol7_developer_EPEL"
+    package_repo: "ol7_developer_EPEL"
   include_role: 
     name: safe_yum
 

playbooks/roles/ssh/tasks/common.yml

@@ -18,7 +18,7 @@
     - cluster.key
 
 - name: Generate an OpenSSL public key in OpenSSH v2 format
-  openssl_publickey:
+  community.crypto.openssl_publickey:
     path: "/home/{{ ansible_user }}/.ssh/id_rsa.pub"
     privatekey_path: "/home/{{ ansible_user }}/.ssh/id_rsa"
     format: OpenSSH

playbooks/roles/sssd/tasks/debian.yml

@@ -16,6 +16,17 @@
     group: 'root'
     mode: '0600'
   notify: restart sssd
+  when: not pam | bool
+
+- name: Add configuration file to /etc/sssd/sssd.conf
+  template:
+    src: 'sssd_ubuntu.conf.j2'
+    dest: '/etc/sssd/sssd.conf'
+    owner: 'root'
+    group: 'root'
+    mode: '0600'
+  notify: restart sssd
+  when: pam | bool
 
 - name: Copy CA certificate
   copy:

playbooks/roles/sssd/templates/sssd.conf.j2

@@ -5,33 +5,25 @@ services = nss, pam
 domains = cluster
 
 [nss]
-
 filter_users = root
 entry_negative_timeout = 5
 
 [pam]
-
 pam_verbosity = 2
 pam_account_expired_message = 'Your account has expired. Please contact a system administrator'
 
 [domain/cluster]
-
 ldap_schema = rfc2307bis
-
 id_provider = ldap
 auth_provider = ldap
 access_provider = ldap
 chpass_provider = ldap
-
 cache_credentials = true
 entry_cache_timeout = 600
-
 ldap_uri = ldaps://{{ hostvars[groups['bastion'][0]]['ansible_fqdn'] }}
-
 ldap_search_base = dc=local
 ldap_network_timeout = 30
-
 ldap_access_order = expire
 ldap_access_filter = (&(objectclass=inetOrgPerson))
 ldap_account_expire_policy = shadow
-enumerate = true
+enumerate = true