Merge branch 'main' into docs/terraform-to-tofu

Author: bertiethorpe

README.md

@@ -89,14 +89,19 @@ Create an OpenTofu variables file to define the required infrastructure, e.g.:
     cluster_subnet = "some_subnet" # *
     key_pair = "my_key" # *
     control_node_flavor = "some_flavor_name"
-    login_nodes = {
-        login-0: "login_flavor_name"
+    login = {
+        # Arbitrary group name for these login nodes
+        interactive = {
+            nodes: ["login-0"]
+            flavor: "login_flavor_name" # *
+        }
     }
     cluster_image_id = "rocky_linux_9_image_uuid"
     compute = {
+        # Group name used for compute node partition definition
         general = {
             nodes: ["compute-0", "compute-1"]
-            flavor: "compute_flavor_name"
+            flavor: "compute_flavor_name" # *
         }
     }
 

ansible/bootstrap.yml

@@ -127,21 +127,35 @@
       that: dnf_repos_password is undefined
       fail_msg: Passwords should not be templated into repofiles during configure, unset 'dnf_repos_password'
     when: appliances_mode == 'configure'
-  - name: Replace system repos with pulp repos 
-    ansible.builtin.include_role:
-      name: dnf_repos
-      tasks_from: set_repos.yml
 
-# --- tasks after here require access to package repos ---
 - hosts: squid
   tags: squid
   gather_facts: yes
   become: yes
   tasks:
+    # - Installing squid requires working dnf repos
+    # - Configuring dnf_repos itself requires working dnf repos to install epel
+    # - Hence do this on squid nodes first in case they are proxying others
+    - name: Replace system repos with pulp repos
+      ansible.builtin.include_role:
+        name: dnf_repos
+        tasks_from: set_repos.yml
+      when: "'dnf_repos' in group_names"
     - name: Configure squid proxy
       import_role:
         name: squid
 
+- hosts: dnf_repos
+  tags: dnf_repos
+  gather_facts: yes
+  become: yes
+  tasks:
+  - name: Replace system repos with pulp repos 
+    ansible.builtin.include_role:
+      name: dnf_repos
+      tasks_from: set_repos.yml
+
+# --- tasks after here require general access to package repos ---
 - hosts: tuned
   tags: tuned
   gather_facts: yes

ansible/ci/check_slurm.yml

@@ -6,7 +6,7 @@
       shell: 'sinfo --noheader --format="%N %P %a %l %D %t" | sort' # using --format ensures we control whitespace: Partition,partition_state,max_jobtime,num_nodes,node_state,node_name
       register: sinfo
       changed_when: false
-      until: not ("boot" in sinfo.stdout or "idle*" in sinfo.stdout)
+      until: not ("boot" in sinfo.stdout or "idle*" in sinfo.stdout or "down" in sinfo.stdout)
       retries: 10
       delay: 5
     - name: Check nodes have expected slurm state

docs/experimental/compute-init.md

@@ -2,6 +2,18 @@
 
 See the role README.md
 
+# Changes to image / tofu state
+
+When a compute group has the `ignore_image_changes` parameter set to true,
+changes to the `image_id` parameter (which defaults to `cluster_image_id`) are
+ignored by OpenTofu.
+
+Regardless of whether `ignore_image_changes` is set, OpenTofu templates out the
+`image_id` into the Ansible inventory for each compute node. The `compute_init`
+role templates out hostvars to the control node, which means the "target" image
+ID is then available on the control node. Subsequent work will use this to
+rebuild the node via slurm.
+
 # CI workflow
 
 The compute node rebuild is tested in CI after the tests for rebuilding the

environments/.stackhpc/tofu/cluster_image.auto.tfvars.json

@@ -1,6 +1,6 @@
 {
     "cluster_image": {
-        "RL8": "openhpc-RL8-250115-1510-99f67c6d",
-        "RL9": "openhpc-RL9-250115-1510-99f67c6d"
+        "RL8": "openhpc-RL8-250122-1150-a0899ef8",
+        "RL9": "openhpc-RL9-250122-1150-a0899ef8"
     }
 }

environments/.stackhpc/tofu/main.tf

@@ -73,14 +73,18 @@ module "cluster" {
     # are not in the same environment for stackhpc
     inventory_secrets_path = "${path.module}/../inventory/group_vars/all/secrets.yml"
 
-    login_nodes = {
-        login-0: var.other_node_flavor
+    login = {
+        login: {
+            nodes: ["login-0"]
+            flavor: var.other_node_flavor
+        }
     }
     compute = {
         standard: { # NB: can't call this default!
             nodes: ["compute-0", "compute-1"]
             flavor: var.other_node_flavor
             compute_init_enable: ["compute", "etc_hosts", "nfs", "basic_users", "eessi"]
+            # ignore_image_changes: true
         }
         # Example of how to add another partition:
         # extra: {

environments/skeleton/{{cookiecutter.environment}}/tofu/compute.tf

@@ -1,5 +1,5 @@
 module "compute" {
-  source = "./compute"
+  source = "./node_group"
 
   for_each = var.compute
 
@@ -21,6 +21,7 @@ module "compute" {
   extra_volumes = lookup(each.value, "extra_volumes", {})
 
   compute_init_enable = lookup(each.value, "compute_init_enable", [])
+  ignore_image_changes = lookup(each.value, "ignore_image_changes", false)
 
   key_pair = var.key_pair
   environment_root = var.environment_root

…cookiecutter.environment}}/tofu/nodes.tf …okiecutter.environment}}/tofu/control.tfenvironments/skeleton/{{cookiecutter.environment}}/tofu/nodes.tf renamed to environments/skeleton/{{cookiecutter.environment}}/tofu/control.tf environments/skeleton/{{cookiecutter.environment}}/tofu/nodes.tf renamed to environments/skeleton/{{cookiecutter.environment}}/tofu/control.tf

@@ -2,26 +2,6 @@ locals {
   control_volumes = concat([openstack_blockstorage_volume_v3.state], var.home_volume_size > 0 ? [openstack_blockstorage_volume_v3.home][0] : [])
 }
 
-resource "openstack_networking_port_v2" "login" {
-
-  for_each = var.login_nodes
-
-  name = "${var.cluster_name}-${each.key}"
-  network_id = data.openstack_networking_network_v2.cluster_net.id
-  admin_state_up = "true"
-
-  fixed_ip {
-    subnet_id = data.openstack_networking_subnet_v2.cluster_subnet.id
-  }
-
-  security_group_ids = [for o in data.openstack_networking_secgroup_v2.login: o.id]
-
-  binding {
-    vnic_type = var.vnic_type
-    profile = var.vnic_profile
-  }
-}
-
 resource "openstack_networking_port_v2" "control" {
 
   name = "${var.cluster_name}-control"
@@ -96,42 +76,3 @@ resource "openstack_compute_instance_v2" "control" {
   EOF
 
 }
-
-resource "openstack_compute_instance_v2" "login" {
-
-  for_each = var.login_nodes
-  
-  name = "${var.cluster_name}-${each.key}"
-  image_id = var.cluster_image_id
-  flavor_name = each.value
-  key_pair = var.key_pair
-
-  dynamic "block_device" {
-    for_each = var.volume_backed_instances ? [1]: []
-    content {
-      uuid = var.cluster_image_id
-      source_type  = "image"
-      destination_type = "volume"
-      volume_size = var.root_volume_size
-      boot_index = 0
-      delete_on_termination = true
-    }
-  }
-  
-  network {
-    port = openstack_networking_port_v2.login[each.key].id
-    access_network = true
-  }
-
-  metadata = {
-    environment_root = var.environment_root
-    k3s_token = local.k3s_token
-    control_address = [for n in openstack_compute_instance_v2.control["control"].network: n.fixed_ip_v4 if n.access_network][0]
-  }
-
-  user_data = <<-EOF
-    #cloud-config
-    fqdn: ${var.cluster_name}-${each.key}.${var.cluster_name}.${var.cluster_domain_suffix}
-  EOF
-
-}

environments/skeleton/{{cookiecutter.environment}}/tofu/inventory.tf

@@ -4,7 +4,7 @@ resource "local_file" "hosts" {
                             "cluster_name": var.cluster_name,
                             "cluster_domain_suffix": var.cluster_domain_suffix,
                             "control_instances": openstack_compute_instance_v2.control
-                            "login_instances": openstack_compute_instance_v2.login
+                            "login_groups": module.login
                             "compute_groups": module.compute
                             "state_dir": var.state_dir
                           },

environments/skeleton/{{cookiecutter.environment}}/tofu/inventory.tpl

@@ -13,12 +13,22 @@ control:
     vars:
         appliances_state_dir: ${state_dir} # NB needs to be set on group not host otherwise it is ignored in packer build!
 
-login:
+
+%{ for group_name in keys(login_groups) ~}
+${cluster_name}_${group_name}:
     hosts:
-%{ for login in login_instances ~}
-        ${ login.name }:
-            ansible_host: ${[for n in login.network: n.fixed_ip_v4 if n.access_network][0]}
-            instance_id: ${ login.id }
+%{ for node in login_groups[group_name]["compute_instances"] ~}
+        ${ node.name }:
+            ansible_host: ${node.access_ip_v4}
+            instance_id: ${ node.id }
+            image_id: ${ node.image_id }
+%{ endfor ~}
+%{ endfor ~}
+
+login:
+    children:
+%{ for group_name in keys(login_groups) ~}
+        ${cluster_name}_${group_name}:
 %{ endfor ~}
 
 %{ for group_name in keys(compute_groups) ~}
@@ -28,6 +38,7 @@ ${cluster_name}_${group_name}:
         ${ node.name }:
             ansible_host: ${node.access_ip_v4}
             instance_id: ${ node.id }
+            image_id: ${ node.image_id }
 %{ endfor ~}
 %{ endfor ~}