add manila to compute script

bertiethorpe · bertiethorpe · commit c1065b3dcd4e · 2024-11-06T11:47:14.000Z
diff --git a/ansible/roles/compute_init/files/compute-init.yml b/ansible/roles/compute_init/files/compute-init.yml
@@ -5,8 +5,55 @@
   become: yes
   vars:
     control_node_ip: "172.16.1.228"
-    nfs_export: "/exports/hosts"
-    resolv_conf_nameservers: []
+    nfs_export_hosts: "/exports/hosts"
+    resolv_conf_nameservers: [1.1.1.1, 8.8.8.8]
+
+    # block device (disk) on which to create the exported filesystem.
+    # if the disk is not defined, formatting and mounting will not be done.
+    nfs_disk_location:
+
+    # Path to exported filesystem mountpoint on nfs servers
+    nfs_export: "/exports/home"
+
+    # nfs client mount options
+    nfs_client_mnt_options:
+
+    # Path to mountpoint on nfs clients
+    nfs_client_mnt_point: "/home"
+    nfs_client_mnt_state: mounted
+
+    nfs_server: "{{ control_node_ip }}"
+
+
+    os_manila_mount_shares: []
+    os_manila_mount_state: mounted
+    os_manila_mount_opts:
+      - x-systemd.device-timeout=30
+      - x-systemd.mount-timeout=30
+      - noatime
+      - _netdev # prevents mount blocking early boot before networking available
+      - rw
+    os_manila_mount_share_info: [] # populated by lookup mode
+    os_manila_mount_ceph_conf_path: /etc/ceph
+
+
+    basic_users_manage_homedir: false
+
+    basic_users_userdefaults:
+      state: present
+      create_home: "{{ basic_users_manage_homedir }}"
+      generate_ssh_key: "{{ basic_users_manage_homedir }}"
+      ssh_key_comment: "{{ item.name }}"
+
+    test_user_password: "zXpcWyGQL7jtZnqylQra4g=="
+
+    basic_users_users:
+      - name: testuser # can't use rocky as $HOME isn't shared!
+        password: "{{ test_user_password | password_hash('sha512', 65534 | random(seed=inventory_hostname) | string) }}" # idempotent
+        uid: 1005
+        state: present
+
+    basic_users_groups: []
 
   tasks:
     - name: Configure resolve.conf
@@ -34,6 +81,7 @@
             state: reloaded
           when: _copy_nm_config.changed | default(false)
 
+
     - name: Mount /etc/hosts on compute nodes
       block:
         - name: Ensure the mount directory exists
@@ -42,18 +90,131 @@
             state: directory
             mode: 0755
         
-        - name: Mount NFS export
+        - name: Mount /mnt/hosts
           mount:
             path: /mnt/hosts
-            src: "{{ vars.control_node_ip }}:{{ nfs_export }}"
+            src: "{{ vars.control_node_ip }}:{{ nfs_export_hosts }}"
             fstype: nfs
             opts: rw,sync
             state: mounted
 
-        - name: Copy /exports/hosts contents to /etc/hosts
+        - name: Copy /mnt/hosts/hosts contents to /etc/hosts
           copy:
             src: /mnt/hosts/hosts
             dest: /etc/hosts
             owner: root
             group: root
             mode: 0644
+
+
+    - name: NFS client mount
+      block:
+        - name: ensure mount directory exists
+          file:
+            path: "{{ nfs_client_mnt_point }}"
+            state: directory
+
+        - name: mount the filesystem
+          mount:
+            path: "{{ nfs_client_mnt_point }}"
+            src: "{{ nfs_server }}:{{ nfs_export }}"
+            fstype: nfs
+            state: "{{ nfs_client_mnt_state }}"
+
+
+    - name: Manila mount
+      block:
+        - name: Read manila share from nfs file
+          slurp:
+            src: "/mnt/cluster/manila_share_info.yml"
+          register: manila_share_info_file
+
+        - name: Parse and set fact for manila share info
+          set_fact:
+            os_manila_mount_share_info: "{{ manila_share_info_file.content | b64decode | from_yaml }}"
+
+        - name: Ensure Ceph configuration directory exists
+          ansible.builtin.file:
+            path: "{{ os_manila_mount_ceph_conf_path }}"
+            state: directory
+            mode: "0755"
+            owner: root
+            group: root
+
+        - name: Configure ceph.conf using os_manila_mount_host
+          ansible.builtin.template:
+            src: /etc/ansible-init/templates/ceph.conf.j2
+            dest: "{{ os_manila_mount_ceph_conf_path }}/ceph.conf"
+            owner: root
+            group: root
+            mode: "0600"
+
+        - name: Ensure mount directory exists
+          ansible.builtin.file:
+            path: "{{ item.mount_path }}"
+            state: directory
+            owner: "{{ item.mount_user | default(omit) }}"
+            group: "{{ item.mount_group | default(omit) }}"
+            mode: "{{ item.mount_mode | default(omit) }}"
+          loop: "{{ os_manila_mount_shares }}"
+          loop_control:
+            label: "{{ item.share_name }}"
+
+        - name: Write Ceph client keyring
+          ansible.builtin.template:
+            src: /etc/ansible-init/templates/ceph.keyring.j2
+            dest: "{{ os_manila_mount_ceph_conf_path }}/ceph.client.{{ item.share_user }}.keyring"
+            mode: "0600"
+            owner: root
+            group: root
+          loop: "{{ os_manila_mount_share_info }}"
+          loop_control:
+            label: "{{ item.share_name }}"
+
+        - name: Mount the Ceph share
+          ansible.posix.mount:
+            path: "{{ item[0].mount_path }}"
+            src: "{{ item[1].host }}:{{ item[1].export }}"
+            fstype: ceph
+            opts: "name={{ item[1].share_user }},{{ (item[0].mount_opts | default(os_manila_mount_opts)) | join(',') }}"
+            # NB share_user is looked up here in case of autodetection
+            state: "{{ item[0].mount_state | default(os_manila_mount_state) }}"
+          loop: "{{ os_manila_mount_shares | zip(os_manila_mount_share_info) }}"
+          loop_control:
+            label: "{{ item[0].share_name }}"
+
+        - name: Ensure mounted directory has correct permissions
+          ansible.builtin.file:
+            path: "{{ item.mount_path }}"
+            state: directory
+            owner: "{{ item.mount_user | default(omit) }}"
+            group: "{{ item.mount_group | default(omit) }}"
+            mode: "{{ item.mount_mode | default(omit) }}"
+          loop: "{{ os_manila_mount_shares }}"
+          loop_control:
+            label: "{{ item.share_name }}"
+          when: item.mount_state | default(os_manila_mount_state) in ['mounted' or 'ephemeral']
+
+
+    - name: Basic users setup
+      block:
+        - name: Create groups
+          ansible.builtin.group: "{{ item }}"
+          loop:  "{{ basic_users_groups }}"
+
+        - name: Create users
+          user: "{{ basic_users_userdefaults | combine(item) | filter_user_params() }}"
+          loop: "{{ basic_users_users }}"
+          loop_control:
+            label: "{{ item.name }} [{{ item.state | default('present') }}]"
+          register: basic_users_info
+
+        - name: Write sudo rules
+          blockinfile:
+            path: /etc/sudoers.d/80-{{ item.name}}-user
+            block: "{{ item.sudo }}"
+            create: true
+          loop: "{{ basic_users_users }}"
+          loop_control:
+            label: "{{ item.name }}"
+          when: "'sudo' in item"
diff --git a/ansible/roles/compute_init/tasks/main.yml b/ansible/roles/compute_init/tasks/main.yml
@@ -17,6 +17,8 @@
     mode: 0644
   loop:
     - ../../resolv_conf/templates/resolv.conf.j2
+    - ../../stackhpc.os-manila-mount/templates/ceph.conf.j2
+    - ../../stackhpc.os-manila-mount/templates/ceph.keyring.j2
 
 - name: Ensure files directory exists
   file: 
@@ -36,6 +38,52 @@
   loop:
     - ../../resolv_conf/files/NetworkManager-dns-none.conf
 
+- name: Ensure library directory exists
+  file: 
+    path: /etc/ansible-init/library
+    state: directory
+    owner: root
+    group: root
+    mode: 0644
+
+- name: Inject files
+  copy:
+    src: '{{ item }}'
+    dest: '/etc/ansible-init/library/{{ item | basename }}'
+    owner: root
+    group: root
+    mode: 0644
+  loop:
+    - ../../basic_users/library/terminate_user_sessions.py
+    - ../../stackhpc.os-manila-mount/library/os_manila_share.py
+
+- name: Ensure filter_plugins directory exists
+  file: 
+    path: /etc/ansible-init/filter_plugins
+    state: directory
+    owner: root
+    group: root
+    mode: 0644
+
+- name: Inject filter_plugins
+  copy:
+    src: '{{ item }}'
+    dest: '/etc/ansible-init/filter_plugins/{{ item | basename }}'
+    owner: root
+    group: root
+    mode: 0644
+  loop:
+    - ../../basic_users/filter_plugins/filter_keys.py
+
+- name: Add filter_plugins ansible.cfg
+  lineinfile:
+    path: /etc/ansible-init/ansible.cfg
+    line: "filter_plugins = /etc/ansible-init/filter_plugins"
+    state: present
+    owner: root
+    group: root
+    mode: 0644
+
 - name: Inject compute initialisation playbook
   copy:
     src: compute-init.yml
diff --git a/environments/common/inventory/group_vars/all/nfs.yml b/environments/common/inventory/group_vars/all/nfs.yml
@@ -18,6 +18,13 @@ nfs_configurations:
 
   - comment: Export /etc/hosts copy from Slurm control node
     nfs_enable:
-        server:  "{{ inventory_hostname in groups['control'] }}"
+        server: "{{ inventory_hostname in groups['control'] }}"
         clients: false
-    nfs_export: "/exports/hosts" # control node has to copy in /etc/hosts to here
+    nfs_export: "/exports/hosts" # control node has to copy in /etc/hosts to here
+
+  - comment: Export cluster info from control node
+    nfs_enable:
+      server: "{{ inventory_hostname in groups['control']}}"
+      clients: "{{ inventory_hostname in groups['cluster'] and inventory_hostname not in groups['control'] }}"
+    nfs_server: "{{ nfs_server_default }}"
+    nfs_export: "/exports/cluster"
