Skip to content

Commit 5866357

Browse files
bertiethorpebertiethorpe
authored
Merge branch 'main' into feat/sssd-sshd-compute-init
2 parents 3fbdff4 + 8b04846 commit 5866357

File tree

1 file changed

+69
-64
lines changed

1 file changed

+69
-64
lines changed

ansible/roles/compute_init/README.md

Lines changed: 69 additions & 64 deletions
Original file line numberDiff line numberDiff line change
@@ -27,76 +27,81 @@ To enable this:
2727

2828
## Supported appliance functionalities
2929

30-
The string "compute" must be present in the `compute_init_enable` flag to enable
31-
this functionality. The table below shows which other appliance functionalities
32-
are currently supported - use the name in the role column to enable these.
33-
34-
| Playbook | Role (or functionality) | Support |
35-
| -------------------------|-------------------------|-----------------|
36-
| hooks/pre.yml | ? | None at present |
37-
| validate.yml | n/a | Not relevant during boot |
38-
| bootstrap.yml | (wait for ansible-init) | Not relevant during boot |
39-
| bootstrap.yml | resolv_conf | Fully supported |
40-
| bootstrap.yml | etc_hosts | Fully supported |
41-
| bootstrap.yml | proxy | None at present |
42-
| bootstrap.yml | (/etc permissions) | None required - use image build |
43-
| bootstrap.yml | (ssh /home fix) | None required - use image build |
44-
| bootstrap.yml | (system users) | None required - use image build |
45-
| bootstrap.yml | systemd | None required - use image build |
46-
| bootstrap.yml | selinux | None required - use image build |
47-
| bootstrap.yml | sshd | None at present |
48-
| bootstrap.yml | dnf_repos | None at present (requirement TBD) |
49-
| bootstrap.yml | squid | Not relevant for compute nodes |
50-
| bootstrap.yml | tuned | None |
51-
| bootstrap.yml | freeipa_server | Not relevant for compute nodes |
52-
| bootstrap.yml | cockpit | None required - use image build |
53-
| bootstrap.yml | firewalld | Not relevant for compute nodes |
54-
| bootstrap.yml | fail2ban | Not relevant for compute nodes |
55-
| bootstrap.yml | podman | Not relevant for compute nodes |
56-
| bootstrap.yml | update | Not relevant during boot |
57-
| bootstrap.yml | reboot | Not relevant for compute nodes |
58-
| bootstrap.yml | ofed | Not relevant during boot |
59-
| bootstrap.yml | ansible_init (install) | Not relevant during boot |
60-
| bootstrap.yml | k3s (install) | Not relevant during boot |
61-
| hooks/post-bootstrap.yml | ? | None at present |
62-
| iam.yml | freeipa_client | None at present [1] |
63-
| iam.yml | freeipa_server | Not relevant for compute nodes |
64-
| iam.yml | sssd | None at present |
65-
| filesystems.yml | block_devices | None required - role deprecated |
66-
| filesystems.yml | nfs | All client functionality |
67-
| filesystems.yml | manila | All functionality |
68-
| filesystems.yml | lustre | None at present |
69-
| extras.yml | basic_users | All functionality [2] |
70-
| extras.yml | eessi | All functionality [3] |
71-
| extras.yml | cuda | None required - use image build [4] |
72-
| extras.yml | persist_hostkeys | Not expected to be required for compute nodes |
73-
| extras.yml | compute_init (export) | Not relevant for compute nodes |
74-
| extras.yml | k9s (install) | Not relevant during boot |
75-
| extras.yml | extra_packages | None at present. Would require dnf_repos |
76-
| slurm.yml | mysql | Not relevant for compute nodes |
77-
| slurm.yml | rebuild | Not relevant for compute nodes |
78-
| slurm.yml | openhpc [5] | All slurmd-related functionality |
79-
| slurm.yml | (set memory limits) | None at present |
80-
| slurm.yml | (block ssh) | None at present |
81-
| portal.yml | (openondemand server) | Not relevant for compute nodes |
82-
| portal.yml | (openondemand vnc desktop) | None required - use image build |
83-
| portal.yml | (openondemand jupyter server) | None required - use image build |
84-
| monitoring.yml | (all monitoring) | None at present [6] |
85-
| disable-repos.yml | dnf_repos | None at present (requirement TBD) |
86-
| hooks/post.yml | ? | None at present |
30+
In the table below, if a role is marked as supported then its functionality
31+
can be enabled during boot by adding the role name to the `compute_init_enable`
32+
property described above. If a role is marked as requiring a custom image then
33+
it also requires an image build with the role name added to the
34+
[Packer inventory_groups variable](../../../docs/image-build.md).
35+
36+
| Playbook | Role (or functionality) | Support | Custom image reqd.? |
37+
| -------------------------|-------------------------|---------------------------------|---------------------|
38+
| hooks/pre.yml | ? | None at present | n/a |
39+
| validate.yml | n/a | Not relevant during boot | n/a |
40+
| bootstrap.yml | (wait for ansible-init) | Not relevant during boot | n/a |
41+
| bootstrap.yml | resolv_conf | Fully supported | No |
42+
| bootstrap.yml | etc_hosts | Fully supported | No |
43+
| bootstrap.yml | proxy | None at present | No |
44+
| bootstrap.yml | (/etc permissions) | None required - use image build | No |
45+
| bootstrap.yml | (ssh /home fix) | None required - use image build | No |
46+
| bootstrap.yml | (system users) | None required - use image build | No |
47+
| bootstrap.yml | systemd | None required - use image build | No |
48+
| bootstrap.yml | selinux | None required - use image build | Maybe [1] |
49+
| bootstrap.yml | sshd | None at present | No |
50+
| bootstrap.yml | dnf_repos | None at present [2] | - |
51+
| bootstrap.yml | squid | Not relevant for compute nodes | n/a |
52+
| bootstrap.yml | tuned | None | - |
53+
| bootstrap.yml | freeipa_server | Not relevant for compute nodes | n/a |
54+
| bootstrap.yml | cockpit | None required - use image build | No |
55+
| bootstrap.yml | firewalld | Not relevant for compute nodes | n/a |
56+
| bootstrap.yml | fail2ban | Not relevant for compute nodes | n/a |
57+
| bootstrap.yml | podman | Not relevant for compute nodes | n/a |
58+
| bootstrap.yml | update | Not relevant during boot | n/a |
59+
| bootstrap.yml | reboot | Not relevant for compute nodes | n/a |
60+
| bootstrap.yml | ofed | Not relevant during boot | Yes |
61+
| bootstrap.yml | ansible_init (install) | Not relevant during boot | n/a |
62+
| bootstrap.yml | k3s (install) | Not relevant during boot | n/a |
63+
| hooks/post-bootstrap.yml | ? | None at present | n/a |
64+
| iam.yml | freeipa_client | None at present [3] | Yes |
65+
| iam.yml | freeipa_server | Not relevant for compute nodes | n/a |
66+
| iam.yml | sssd | None at present | No |
67+
| filesystems.yml | block_devices | None required - role deprecated | n/a |
68+
| filesystems.yml | nfs | All client functionality | No |
69+
| filesystems.yml | manila | All functionality | No [4] |
70+
| filesystems.yml | lustre | None at present | Yes |
71+
| extras.yml | basic_users | All functionality [5] | No |
72+
| extras.yml | eessi | All functionality [6] | No |
73+
| extras.yml | cuda | None required - use image build | Yes [7] |
74+
| extras.yml | persist_hostkeys | Not relevant for compute nodes | n/a |
75+
| extras.yml | compute_init (export) | Not relevant for compute nodes | n/a |
76+
| extras.yml | k9s (install) | Not relevant during boot | n/a |
77+
| extras.yml | extra_packages | None at present [8] | - |
78+
| slurm.yml | mysql | Not relevant for compute nodes | n/a |
79+
| slurm.yml | rebuild | Not relevant for compute nodes | n/a |
80+
| slurm.yml | openhpc [9] | All slurmd functionality | No |
81+
| slurm.yml | (set memory limits) | None at present | - |
82+
| slurm.yml | (block ssh) | None at present | - |
83+
| portal.yml | (openondemand server) | Not relevant for compute nodes | n/a |
84+
| portal.yml | (openondemand vnc desktop) | None required - use image build | No |
85+
| portal.yml | (openondemand jupyter server) | None required - use image build | No |
86+
| monitoring.yml | node_exporter | None required - use image build | No |
87+
| monitoring.yml | (other monitoring) | Not relevant for compute nodes | - |
88+
| disable-repos.yml | dnf_repos | None at present [2] | - |
89+
| hooks/post.yml | ? | None at present | - |
8790

8891

8992
Notes:
90-
1. FreeIPA client functionality would be better provided using a client fork
93+
1. `selinux` is set to disabled in StackHPC images.
94+
2. Requirement for this functionality is TBD.
95+
3. FreeIPA client functionality would be better provided using a client fork
9196
which uses pkinit keys rather than OTP to reenrol nodes.
92-
2. Assumes home directory already exists on shared storage.
93-
3. Assumes `cvmfs_config` is the same on control node and all compute nodes
94-
4. If `cuda` role was run during build, the nvidia-persistenced is enabled
97+
4. Assuming default Ceph client version.
98+
5. Assumes home directory already exists on shared storage.
99+
6. Assumes `cvmfs_config` is the same on control node and all compute nodes.
100+
7. If `cuda` role was run during build, the nvidia-persistenced is enabled
95101
and will start during boot.
96-
5. `openhpc` does not need to be added to `compute_init_enable`, this is
102+
8. Would require `dnf_repos`.
103+
9. `openhpc` does not need to be added to `compute_init_enable`, this is
97104
automatically enabled by adding `compute`.
98-
5. Only node-exporter tasks are relevant, and will be done via k3s in a future release.
99-
100105

101106
## Approach
102107
This works as follows:

0 commit comments

Comments
 (0)