From 40d9e1fe108b146c9d7b680d5834c10c940b9191 Mon Sep 17 00:00:00 2001 From: wtripp180901 Date: Fri, 22 Nov 2024 16:09:47 +0000 Subject: [PATCH 01/45] replaces system repos with ark repos during ci --- .github/workflows/fatimage.yml | 2 + .github/workflows/nightlybuild.yml | 2 + ansible/.gitignore | 2 + ansible/roles/release_train/defaults/main.yml | 8 ++ .../release_train/tasks/revert_repos.yml | 19 ++++ .../roles/release_train/tasks/set_repos.yml | 22 +++++ .../templates/rocky-extras.repo.j2 | 65 +++++++++++++ .../release_train/templates/rocky.repo.j2 | 93 +++++++++++++++++++ environments/.stackhpc/hooks/post.yml | 10 +- environments/.stackhpc/hooks/pre.yml | 8 ++ packer/openstack.pkr.hcl | 6 ++ 11 files changed, 236 insertions(+), 1 deletion(-) create mode 100644 ansible/roles/release_train/defaults/main.yml create mode 100644 ansible/roles/release_train/tasks/revert_repos.yml create mode 100644 ansible/roles/release_train/tasks/set_repos.yml create mode 100644 ansible/roles/release_train/templates/rocky-extras.repo.j2 create mode 100644 ansible/roles/release_train/templates/rocky.repo.j2 diff --git a/.github/workflows/fatimage.yml b/.github/workflows/fatimage.yml index a8d3dbe29..cca652ef6 100644 --- a/.github/workflows/fatimage.yml +++ b/.github/workflows/fatimage.yml @@ -39,6 +39,7 @@ jobs: "openstack.openhpc": "rocky-latest-RL9" } } + ARK_PASSWORD: ${{ secrets.ARK_PASSWORD }} steps: - uses: actions/checkout@v2 @@ -87,6 +88,7 @@ jobs: -only=${{ matrix.build }} \ -var-file=$PKR_VAR_environment_root/${{ env.CI_CLOUD }}.pkrvars.hcl \ -var "source_image_name=${{ env.SOURCE_IMAGE }}" \ + -var "ark_password=${ARK_PASSWORD}" \ openstack.pkr.hcl env: PKR_VAR_os_version: ${{ matrix.os_version }} diff --git a/.github/workflows/nightlybuild.yml b/.github/workflows/nightlybuild.yml index da3de4ea5..7fab8ebec 100644 --- a/.github/workflows/nightlybuild.yml +++ b/.github/workflows/nightlybuild.yml @@ -37,6 +37,7 @@ jobs: "RL8": "Rocky-8-GenericCloud-Base-8.9-20231119.0.x86_64.qcow2", "RL9": "Rocky-9-GenericCloud-Base-9.4-20240523.0.x86_64.qcow2" } + ARK_PASSWORD: ${{ secrets.ARK_PASSWORD }} steps: - uses: actions/checkout@v2 @@ -85,6 +86,7 @@ jobs: -only=${{ matrix.build }} \ -var-file=$PKR_VAR_environment_root/${{ env.CI_CLOUD }}.pkrvars.hcl \ -var "source_image_name=${{ env.SOURCE_IMAGE }}" \ + -var "ark_password=${ARK_PASSWORD}" \ openstack.pkr.hcl env: diff --git a/ansible/.gitignore b/ansible/.gitignore index 8edcc4360..ad841dc38 100644 --- a/ansible/.gitignore +++ b/ansible/.gitignore @@ -64,3 +64,5 @@ roles/* !roles/k9s/** !roles/lustre/ !roles/lustre/** +!roles/release_train/ +!roles/release_train/** diff --git a/ansible/roles/release_train/defaults/main.yml b/ansible/roles/release_train/defaults/main.yml new file mode 100644 index 000000000..dbae5e3b9 --- /dev/null +++ b/ansible/roles/release_train/defaults/main.yml @@ -0,0 +1,8 @@ +release_train_url_prefix: https://ark.stackhpc.com/pulp/content/rocky/9.4 +release_train_url_suffix: "x86_64/os/{{ release_train_timestamp }}/" +# most stable from https://github.com/stackhpc/stackhpc-kayobe-config/blob/stackhpc/2024.1/etc/kayobe/pulp-repo-versions.yml +# note that some timestamps can't be used because not all repos have snapshots for them +release_train_timestamp: 20240816T002610 +release_train_auth: | + username = slurm-app-ci + password = {{ _github_secrets_ark_password }} \ No newline at end of file diff --git a/ansible/roles/release_train/tasks/revert_repos.yml b/ansible/roles/release_train/tasks/revert_repos.yml new file mode 100644 index 000000000..8780ac13c --- /dev/null +++ b/ansible/roles/release_train/tasks/revert_repos.yml @@ -0,0 +1,19 @@ +--- + +- name: Check for backup folder exists + stat: + path: /etc/yum.repos.d.backup + register: _stat_yum_backup_file + +- name: Fail if backup folder doesn't exist + assert: + that: _stat_yum_backup_file.stat.exists + +- name: Remove ark repos + ansible.builtin.file: + state: absent + path: /etc/yum.repos.d + +- name: Restore backup repos + ansible.builtin.shell: + cmd: mv /etc/yum.repos.d.backup /etc/yum.repos.d diff --git a/ansible/roles/release_train/tasks/set_repos.yml b/ansible/roles/release_train/tasks/set_repos.yml new file mode 100644 index 000000000..f527a85d8 --- /dev/null +++ b/ansible/roles/release_train/tasks/set_repos.yml @@ -0,0 +1,22 @@ +--- + +- name: Check for existing backup folder + stat: + path: /etc/yum.repos.d.backup + register: _stat_yum_backup_file + +- name: Backup existing package repos + ansible.builtin.copy: + remote_src: true + src: /etc/yum.repos.d/ + dest: /etc/yum.repos.d.backup + when: not _stat_yum_backup_file.stat.exists + +- name: Replace package repos with release train repos + no_log: true + ansible.builtin.template: + src: "{{ item }}.j2" + dest: /etc/yum.repos.d/{{ item }} + loop: + - rocky-extras.repo + - rocky.repo \ No newline at end of file diff --git a/ansible/roles/release_train/templates/rocky-extras.repo.j2 b/ansible/roles/release_train/templates/rocky-extras.repo.j2 new file mode 100644 index 000000000..78bed03d5 --- /dev/null +++ b/ansible/roles/release_train/templates/rocky-extras.repo.j2 @@ -0,0 +1,65 @@ +# rocky-extras.repo +# +# The mirrorlist system uses the connecting IP address of the client and the +# update status of each mirror to pick current mirrors that are geographically +# close to the client. You should use this for Rocky updates unless you are +# manually picking other mirrors. +# +# If the mirrorlist does not work for you, you can try the commented out +# baseurl line instead. + +[extras] +name=Rocky Linux $releasever - Extras +baseurl={{ release_train_url_prefix }}/extras/{{ release_train_url_suffix }} +gpgcheck=1 +enabled=1 +countme=1 +metadata_expire=6h +gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Rocky-9 +{{ release_train_auth }} + +[extras-debuginfo] +name=Rocky Linux $releasever - Extras Debug +mirrorlist=https://mirrors.rockylinux.org/mirrorlist?arch=$basearch&repo=extras-$releasever-debug$rltype +#baseurl=http://dl.rockylinux.org/$contentdir/$releasever/extras/$basearch/debug/tree/ +gpgcheck=1 +enabled=0 +metadata_expire=6h +gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Rocky-9 + +[extras-source] +name=Rocky Linux $releasever - Extras Source +mirrorlist=https://mirrors.rockylinux.org/mirrorlist?arch=$basearch&repo=extras-$releasever-source$rltype +#baseurl=http://dl.rockylinux.org/$contentdir/$releasever/extras/source/tree/ +gpgcheck=1 +enabled=0 +metadata_expire=6h +gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Rocky-9 + +[plus] +name=Rocky Linux $releasever - Plus +mirrorlist=https://mirrors.rockylinux.org/mirrorlist?arch=$basearch&repo=plus-$releasever$rltype +#baseurl=http://dl.rockylinux.org/$contentdir/$releasever/plus/$basearch/os/ +gpgcheck=1 +enabled=0 +countme=1 +metadata_expire=6h +gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Rocky-9 + +[plus-debuginfo] +name=Rocky Linux $releasever - Plus - Debug +mirrorlist=https://mirrors.rockylinux.org/mirrorlist?arch=$basearch&repo=plus-$releasever-debug$rltype +#baseurl=http://dl.rockylinux.org/$contentdir/$releasever/plus/$basearch/debug/tree/ +gpgcheck=1 +enabled=0 +metadata_expire=6h +gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Rocky-9 + +[plus-source] +name=Rocky Linux $releasever - Plus - Source +mirrorlist=https://mirrors.rockylinux.org/mirrorlist?arch=source&repo=plus-$releasever-source$rltype +#baseurl=http://dl.rockylinux.org/$contentdir/$releasever/plus/source/tree/ +gpgcheck=1 +enabled=0 +metadata_expire=6h +gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Rocky-9 diff --git a/ansible/roles/release_train/templates/rocky.repo.j2 b/ansible/roles/release_train/templates/rocky.repo.j2 new file mode 100644 index 000000000..29d6aee42 --- /dev/null +++ b/ansible/roles/release_train/templates/rocky.repo.j2 @@ -0,0 +1,93 @@ +# rocky.repo +# +# The mirrorlist system uses the connecting IP address of the client and the +# update status of each mirror to pick current mirrors that are geographically +# close to the client. You should use this for Rocky updates unless you are +# manually picking other mirrors. +# +# If the mirrorlist does not work for you, you can try the commented out +# baseurl line instead. + +[baseos] +name=Rocky Linux $releasever - BaseOS +baseurl={{ release_train_url_prefix }}/BaseOS/{{ release_train_url_suffix }} +gpgcheck=1 +enabled=1 +countme=1 +metadata_expire=6h +gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Rocky-9 +{{ release_train_auth }} + +[baseos-debuginfo] +name=Rocky Linux $releasever - BaseOS - Debug +mirrorlist=https://mirrors.rockylinux.org/mirrorlist?arch=$basearch&repo=BaseOS-$releasever-debug$rltype +#baseurl=http://dl.rockylinux.org/$contentdir/$releasever/BaseOS/$basearch/debug/tree/ +gpgcheck=1 +enabled=0 +metadata_expire=6h +gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Rocky-9 + +[baseos-source] +name=Rocky Linux $releasever - BaseOS - Source +mirrorlist=https://mirrors.rockylinux.org/mirrorlist?arch=source&repo=BaseOS-$releasever-source$rltype +#baseurl=http://dl.rockylinux.org/$contentdir/$releasever/BaseOS/source/tree/ +gpgcheck=1 +enabled=0 +metadata_expire=6h +gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Rocky-9 + +[appstream] +name=Rocky Linux $releasever - AppStream +baseurl={{ release_train_url_prefix }}/AppStream/{{ release_train_url_suffix }} +gpgcheck=1 +enabled=1 +countme=1 +metadata_expire=6h +gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Rocky-9 +{{ release_train_auth }} + +[appstream-debuginfo] +name=Rocky Linux $releasever - AppStream - Debug +mirrorlist=https://mirrors.rockylinux.org/mirrorlist?arch=$basearch&repo=AppStream-$releasever-debug$rltype +#baseurl=http://dl.rockylinux.org/$contentdir/$releasever/AppStream/$basearch/debug/tree/ +gpgcheck=1 +enabled=0 +metadata_expire=6h +gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Rocky-9 + +[appstream-source] +name=Rocky Linux $releasever - AppStream - Source +mirrorlist=https://mirrors.rockylinux.org/mirrorlist?arch=source&repo=AppStream-$releasever-source$rltype +#baseurl=http://dl.rockylinux.org/$contentdir/$releasever/AppStream/source/tree/ +gpgcheck=1 +enabled=0 +metadata_expire=6h +gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Rocky-9 + +[crb] +name=Rocky Linux $releasever - CRB +baseurl={{ release_train_url_prefix }}/CRB/{{ release_train_url_suffix }} +gpgcheck=1 +enabled=0 +countme=1 +metadata_expire=6h +gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Rocky-9 +{{ release_train_auth }} + +[crb-debuginfo] +name=Rocky Linux $releasever - CRB - Debug +mirrorlist=https://mirrors.rockylinux.org/mirrorlist?arch=$basearch&repo=CRB-$releasever-debug$rltype +#baseurl=http://dl.rockylinux.org/$contentdir/$releasever/CRB/$basearch/debug/tree/ +gpgcheck=1 +enabled=0 +metadata_expire=6h +gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Rocky-9 + +[crb-source] +name=Rocky Linux $releasever - CRB - Source +mirrorlist=https://mirrors.rockylinux.org/mirrorlist?arch=source&repo=CRB-$releasever-source$rltype +#baseurl=http://dl.rockylinux.org/$contentdir/$releasever/CRB/source/tree/ +gpgcheck=1 +enabled=0 +metadata_expire=6h +gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Rocky-9 diff --git a/environments/.stackhpc/hooks/post.yml b/environments/.stackhpc/hooks/post.yml index bd60015d9..71ed02af8 100644 --- a/environments/.stackhpc/hooks/post.yml +++ b/environments/.stackhpc/hooks/post.yml @@ -11,4 +11,12 @@ with_items: - "/opt/ood/ondemand/root/usr/share/gems/3.1/ondemand/{{ ondemand_package_version }}-1/gems/bootstrap_form-2.7.0/test/dummy/Gemfile.lock" - "/opt/ood/ondemand/root/usr/share/gems/3.1/ondemand/{{ ondemand_package_version }}-1/gems/bootstrap_form-4.5.0/demo/yarn.lock" - - /var/www/ood/apps/sys/dashboard/node_modules/data-confirm-modal/Gemfile.lock \ No newline at end of file + - /var/www/ood/apps/sys/dashboard/node_modules/data-confirm-modal/Gemfile.lock + +- hosts: builder + become: yes + tasks: + - name: Revert ark repos + ansible.builtin.include_role: + name: release_train + tasks_from: revert_repos.yml diff --git a/environments/.stackhpc/hooks/pre.yml b/environments/.stackhpc/hooks/pre.yml index 0fdbf9f60..51e4bb5f0 100644 --- a/environments/.stackhpc/hooks/pre.yml +++ b/environments/.stackhpc/hooks/pre.yml @@ -17,3 +17,11 @@ - "{{ lookup('env', 'APPLIANCES_ENVIRONMENT_ROOT') }}/inventory/hosts.yml" - "{{ lookup('env', 'APPLIANCES_ENVIRONMENT_ROOT') }}/inventory/group_vars/all/secrets.yml" - "{{ lookup('env', 'APPLIANCES_ENVIRONMENT_ROOT') }}/inventory/group_vars/all/test_user.yml" + +- hosts: builder + become: yes + tasks: + - name: Replace system repos with ark + ansible.builtin.include_role: + name: release_train + tasks_from: set_repos.yml diff --git a/packer/openstack.pkr.hcl b/packer/openstack.pkr.hcl index 52202ead1..b5e6e4790 100644 --- a/packer/openstack.pkr.hcl +++ b/packer/openstack.pkr.hcl @@ -167,6 +167,11 @@ variable "extra_build_image_name" { default = "extra" } +variable "ark_password" { + type = string + default = "none" +} + source "openstack" "openhpc" { # Build VM: flavor = var.flavor @@ -228,6 +233,7 @@ build { "-i", "${var.repo_root}/packer/ansible-inventory.sh", "-vv", "-e", "@${var.repo_root}/packer/openhpc_extravars.yml", # not overridable by environments + "-e", "_github_secrets_ark_password=${var.ark_password}", ] } From 9ef7d69563c39c86c0791a5b327ca1cb898fe10f Mon Sep 17 00:00:00 2001 From: wtripp180901 Date: Mon, 25 Nov 2024 08:45:01 +0000 Subject: [PATCH 02/45] now uses lookup instead of packer args --- .github/workflows/fatimage.yml | 1 - .github/workflows/nightlybuild.yml | 1 - ansible/roles/release_train/defaults/main.yml | 2 +- packer/openstack.pkr.hcl | 6 ------ 4 files changed, 1 insertion(+), 9 deletions(-) diff --git a/.github/workflows/fatimage.yml b/.github/workflows/fatimage.yml index cca652ef6..217b09c22 100644 --- a/.github/workflows/fatimage.yml +++ b/.github/workflows/fatimage.yml @@ -88,7 +88,6 @@ jobs: -only=${{ matrix.build }} \ -var-file=$PKR_VAR_environment_root/${{ env.CI_CLOUD }}.pkrvars.hcl \ -var "source_image_name=${{ env.SOURCE_IMAGE }}" \ - -var "ark_password=${ARK_PASSWORD}" \ openstack.pkr.hcl env: PKR_VAR_os_version: ${{ matrix.os_version }} diff --git a/.github/workflows/nightlybuild.yml b/.github/workflows/nightlybuild.yml index 7fab8ebec..9f45b0890 100644 --- a/.github/workflows/nightlybuild.yml +++ b/.github/workflows/nightlybuild.yml @@ -86,7 +86,6 @@ jobs: -only=${{ matrix.build }} \ -var-file=$PKR_VAR_environment_root/${{ env.CI_CLOUD }}.pkrvars.hcl \ -var "source_image_name=${{ env.SOURCE_IMAGE }}" \ - -var "ark_password=${ARK_PASSWORD}" \ openstack.pkr.hcl env: diff --git a/ansible/roles/release_train/defaults/main.yml b/ansible/roles/release_train/defaults/main.yml index dbae5e3b9..7c007c59a 100644 --- a/ansible/roles/release_train/defaults/main.yml +++ b/ansible/roles/release_train/defaults/main.yml @@ -5,4 +5,4 @@ release_train_url_suffix: "x86_64/os/{{ release_train_timestamp }}/" release_train_timestamp: 20240816T002610 release_train_auth: | username = slurm-app-ci - password = {{ _github_secrets_ark_password }} \ No newline at end of file + password = {{ lookup('ansible.builtin.env', 'ARK_PASSWORD') }} diff --git a/packer/openstack.pkr.hcl b/packer/openstack.pkr.hcl index b5e6e4790..52202ead1 100644 --- a/packer/openstack.pkr.hcl +++ b/packer/openstack.pkr.hcl @@ -167,11 +167,6 @@ variable "extra_build_image_name" { default = "extra" } -variable "ark_password" { - type = string - default = "none" -} - source "openstack" "openhpc" { # Build VM: flavor = var.flavor @@ -233,7 +228,6 @@ build { "-i", "${var.repo_root}/packer/ansible-inventory.sh", "-vv", "-e", "@${var.repo_root}/packer/openhpc_extravars.yml", # not overridable by environments - "-e", "_github_secrets_ark_password=${var.ark_password}", ] } From a6e12438d2920f3b2d928441f3e57f01dfb78ec7 Mon Sep 17 00:00:00 2001 From: wtripp180901 Date: Mon, 25 Nov 2024 08:55:04 +0000 Subject: [PATCH 03/45] only applies to RL9 for now --- environments/.stackhpc/hooks/post.yml | 1 + environments/.stackhpc/hooks/pre.yml | 1 + 2 files changed, 2 insertions(+) diff --git a/environments/.stackhpc/hooks/post.yml b/environments/.stackhpc/hooks/post.yml index 71ed02af8..9622797ef 100644 --- a/environments/.stackhpc/hooks/post.yml +++ b/environments/.stackhpc/hooks/post.yml @@ -20,3 +20,4 @@ ansible.builtin.include_role: name: release_train tasks_from: revert_repos.yml + when: ansible_distribution_major_version == "9" #TODO update role once RL8 config decided diff --git a/environments/.stackhpc/hooks/pre.yml b/environments/.stackhpc/hooks/pre.yml index 51e4bb5f0..a15df2cd4 100644 --- a/environments/.stackhpc/hooks/pre.yml +++ b/environments/.stackhpc/hooks/pre.yml @@ -25,3 +25,4 @@ ansible.builtin.include_role: name: release_train tasks_from: set_repos.yml + when: ansible_distribution_major_version == "9" #TODO update role once RL8 config decided From 6faf91958fefdd424a0330956a70c0aca2d1a53c Mon Sep 17 00:00:00 2001 From: wtripp180901 Date: Fri, 29 Nov 2024 15:48:07 +0000 Subject: [PATCH 04/45] refactored ark role, disabled repos at end of build and modified site to work with disabled repos --- ansible/.gitignore | 4 +- ansible/fatimage.yml | 4 + ansible/roles/dnf_repos/defaults/main.yml | 24 +++++ .../roles/dnf_repos/tasks/disable_repos.yml | 18 ++++ ansible/roles/dnf_repos/tasks/set_repos.yml | 25 +++++ ansible/roles/openondemand/tasks/main.yml | 1 + ansible/roles/openondemand/tasks/pam_auth.yml | 3 - ansible/roles/release_train/defaults/main.yml | 8 -- .../release_train/tasks/revert_repos.yml | 19 ---- .../roles/release_train/tasks/set_repos.yml | 22 ----- .../templates/rocky-extras.repo.j2 | 65 ------------- .../release_train/templates/rocky.repo.j2 | 93 ------------------- ansible/slurm.yml | 1 + environments/.stackhpc/hooks/post.yml | 6 +- environments/.stackhpc/hooks/pre.yml | 2 +- .../inventory/group_vars/all/defaults.yml | 1 + .../inventory/group_vars/all/openhpc.yml | 10 ++ packer/openhpc_extravars.yml | 1 + 18 files changed, 91 insertions(+), 216 deletions(-) create mode 100644 ansible/roles/dnf_repos/defaults/main.yml create mode 100644 ansible/roles/dnf_repos/tasks/disable_repos.yml create mode 100644 ansible/roles/dnf_repos/tasks/set_repos.yml delete mode 100644 ansible/roles/release_train/defaults/main.yml delete mode 100644 ansible/roles/release_train/tasks/revert_repos.yml delete mode 100644 ansible/roles/release_train/tasks/set_repos.yml delete mode 100644 ansible/roles/release_train/templates/rocky-extras.repo.j2 delete mode 100644 ansible/roles/release_train/templates/rocky.repo.j2 diff --git a/ansible/.gitignore b/ansible/.gitignore index ad841dc38..48c917c4f 100644 --- a/ansible/.gitignore +++ b/ansible/.gitignore @@ -64,5 +64,5 @@ roles/* !roles/k9s/** !roles/lustre/ !roles/lustre/** -!roles/release_train/ -!roles/release_train/** +!roles/dnf_repos/ +!roles/dnf_repos/** diff --git a/ansible/fatimage.yml b/ansible/fatimage.yml index 7cad2dc59..ec0d4dd74 100644 --- a/ansible/fatimage.yml +++ b/ansible/fatimage.yml @@ -69,6 +69,10 @@ tasks_from: install.yml when: "'openhpc' in group_names" + - name: Install Apache PAM module # Extracted from start of roles/openondemand/tasks/pam_auth.yml to ensure only installed during build + yum: + name: mod_authnz_pam + # - import_playbook: portal.yml - name: Open Ondemand server (packages) include_role: diff --git a/ansible/roles/dnf_repos/defaults/main.yml b/ansible/roles/dnf_repos/defaults/main.yml new file mode 100644 index 000000000..00778533c --- /dev/null +++ b/ansible/roles/dnf_repos/defaults/main.yml @@ -0,0 +1,24 @@ +dnf_repos_rocky_ark_prefix: https://ark.stackhpc.com/pulp/content/{{ ansible_distribution | lower }}/9.4 +dnf_repos_rocky_ark_suffix: "{{ ansible_architecture }}/os/{{ dnf_repos_ark_timestamp }}/" +# most stable from https://github.com/stackhpc/stackhpc-kayobe-config/blob/stackhpc/2024.1/etc/kayobe/pulp-repo-versions.yml +# note that some timestamps can't be used because not all repos have snapshots for them +dnf_repos_ark_timestamp: 20240816T002610 +dnf_repos_username: slurm-app-ci +dnf_repos_password: "{{ lookup('ansible.builtin.env', 'ARK_PASSWORD') }}" + +# epel installed separately +dnf_repos_repolist: +- file: rocky + name: baseos + base_url: "{{ dnf_repos_rocky_ark_prefix }}/BaseOS/{{ dnf_repos_rocky_ark_suffix }}" +- file: rocky + name: appstream + base_url: "{{ dnf_repos_rocky_ark_prefix }}/AppStream/{{ dnf_repos_rocky_ark_suffix }}" +- file: rocky + name: crb + base_url: "{{ dnf_repos_rocky_ark_prefix }}/AppStream/{{ dnf_repos_rocky_ark_suffix }}" +- file: rocky-extras + name: extras + base_url: "{{ dnf_repos_rocky_ark_prefix }}/extras/{{ dnf_repos_rocky_ark_suffix }}" + +dnf_repos_epel_baseurl: https://ark.stackhpc.com/pulp/content/epel/9/Everything/x86_64/20240902T080424 diff --git a/ansible/roles/dnf_repos/tasks/disable_repos.yml b/ansible/roles/dnf_repos/tasks/disable_repos.yml new file mode 100644 index 000000000..f8997b741 --- /dev/null +++ b/ansible/roles/dnf_repos/tasks/disable_repos.yml @@ -0,0 +1,18 @@ +--- +- name: Disable Pulp repos and remove creds + ansible.builtin.yum_repository: + file: "{{ item.file }}" + name: "{{ item.name }}" + baseurl: "{{ item.base_url }}" + description: "{{ item.name }}" + enabled: false + loop: "{{ dnf_repos_repolist }}" + +- name: Disable EPEL repo and remove creds + ansible.builtin.yum_repository: + name: epel + file: epel + description: epel + baseurl: "{{ dnf_repos_epel_baseurl }}" + gpgcheck: false + enabled: false diff --git a/ansible/roles/dnf_repos/tasks/set_repos.yml b/ansible/roles/dnf_repos/tasks/set_repos.yml new file mode 100644 index 000000000..2c51b96ae --- /dev/null +++ b/ansible/roles/dnf_repos/tasks/set_repos.yml @@ -0,0 +1,25 @@ +--- + +- name: Replace system repos with Pulp repos + ansible.builtin.yum_repository: + file: "{{ item.file }}" + name: "{{ item.name }}" + baseurl: "{{ item.base_url }}" + description: "{{ item.name }}" + username: "{{ dnf_repos_username }}" + password: "{{ dnf_repos_password }}" + loop: "{{ dnf_repos_repolist }}" + +- name: Install epel-release + ansible.builtin.dnf: + name: epel-release + +- name: Use Pulp EPEL repo + ansible.builtin.yum_repository: + name: epel + file: epel + description: epel + gpgcheck: false + username: "{{ dnf_repos_username }}" + password: "{{ dnf_repos_password }}" + baseurl: "{{ dnf_repos_epel_baseurl }}" diff --git a/ansible/roles/openondemand/tasks/main.yml b/ansible/roles/openondemand/tasks/main.yml index 86184f13c..a9b975c5b 100644 --- a/ansible/roles/openondemand/tasks/main.yml +++ b/ansible/roles/openondemand/tasks/main.yml @@ -12,6 +12,7 @@ tasks_from: install-package.yml vars_from: "Rocky/{{ ansible_distribution_major_version }}.yml" public: yes # Expose the vars from this role to the rest of the play + when: appliances_mode != 'configure' # can't set vars: from a dict hence the workaround above - include_tasks: diff --git a/ansible/roles/openondemand/tasks/pam_auth.yml b/ansible/roles/openondemand/tasks/pam_auth.yml index 0edce622f..3ede2d3ce 100644 --- a/ansible/roles/openondemand/tasks/pam_auth.yml +++ b/ansible/roles/openondemand/tasks/pam_auth.yml @@ -1,8 +1,5 @@ # https://osc.github.io/ood-documentation/latest/authentication/pam.html --- -- name: Install Apache PAM module - yum: - name: mod_authnz_pam - name: Enable Apache PAM module lineinfile: diff --git a/ansible/roles/release_train/defaults/main.yml b/ansible/roles/release_train/defaults/main.yml deleted file mode 100644 index 7c007c59a..000000000 --- a/ansible/roles/release_train/defaults/main.yml +++ /dev/null @@ -1,8 +0,0 @@ -release_train_url_prefix: https://ark.stackhpc.com/pulp/content/rocky/9.4 -release_train_url_suffix: "x86_64/os/{{ release_train_timestamp }}/" -# most stable from https://github.com/stackhpc/stackhpc-kayobe-config/blob/stackhpc/2024.1/etc/kayobe/pulp-repo-versions.yml -# note that some timestamps can't be used because not all repos have snapshots for them -release_train_timestamp: 20240816T002610 -release_train_auth: | - username = slurm-app-ci - password = {{ lookup('ansible.builtin.env', 'ARK_PASSWORD') }} diff --git a/ansible/roles/release_train/tasks/revert_repos.yml b/ansible/roles/release_train/tasks/revert_repos.yml deleted file mode 100644 index 8780ac13c..000000000 --- a/ansible/roles/release_train/tasks/revert_repos.yml +++ /dev/null @@ -1,19 +0,0 @@ ---- - -- name: Check for backup folder exists - stat: - path: /etc/yum.repos.d.backup - register: _stat_yum_backup_file - -- name: Fail if backup folder doesn't exist - assert: - that: _stat_yum_backup_file.stat.exists - -- name: Remove ark repos - ansible.builtin.file: - state: absent - path: /etc/yum.repos.d - -- name: Restore backup repos - ansible.builtin.shell: - cmd: mv /etc/yum.repos.d.backup /etc/yum.repos.d diff --git a/ansible/roles/release_train/tasks/set_repos.yml b/ansible/roles/release_train/tasks/set_repos.yml deleted file mode 100644 index f527a85d8..000000000 --- a/ansible/roles/release_train/tasks/set_repos.yml +++ /dev/null @@ -1,22 +0,0 @@ ---- - -- name: Check for existing backup folder - stat: - path: /etc/yum.repos.d.backup - register: _stat_yum_backup_file - -- name: Backup existing package repos - ansible.builtin.copy: - remote_src: true - src: /etc/yum.repos.d/ - dest: /etc/yum.repos.d.backup - when: not _stat_yum_backup_file.stat.exists - -- name: Replace package repos with release train repos - no_log: true - ansible.builtin.template: - src: "{{ item }}.j2" - dest: /etc/yum.repos.d/{{ item }} - loop: - - rocky-extras.repo - - rocky.repo \ No newline at end of file diff --git a/ansible/roles/release_train/templates/rocky-extras.repo.j2 b/ansible/roles/release_train/templates/rocky-extras.repo.j2 deleted file mode 100644 index 78bed03d5..000000000 --- a/ansible/roles/release_train/templates/rocky-extras.repo.j2 +++ /dev/null @@ -1,65 +0,0 @@ -# rocky-extras.repo -# -# The mirrorlist system uses the connecting IP address of the client and the -# update status of each mirror to pick current mirrors that are geographically -# close to the client. You should use this for Rocky updates unless you are -# manually picking other mirrors. -# -# If the mirrorlist does not work for you, you can try the commented out -# baseurl line instead. - -[extras] -name=Rocky Linux $releasever - Extras -baseurl={{ release_train_url_prefix }}/extras/{{ release_train_url_suffix }} -gpgcheck=1 -enabled=1 -countme=1 -metadata_expire=6h -gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Rocky-9 -{{ release_train_auth }} - -[extras-debuginfo] -name=Rocky Linux $releasever - Extras Debug -mirrorlist=https://mirrors.rockylinux.org/mirrorlist?arch=$basearch&repo=extras-$releasever-debug$rltype -#baseurl=http://dl.rockylinux.org/$contentdir/$releasever/extras/$basearch/debug/tree/ -gpgcheck=1 -enabled=0 -metadata_expire=6h -gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Rocky-9 - -[extras-source] -name=Rocky Linux $releasever - Extras Source -mirrorlist=https://mirrors.rockylinux.org/mirrorlist?arch=$basearch&repo=extras-$releasever-source$rltype -#baseurl=http://dl.rockylinux.org/$contentdir/$releasever/extras/source/tree/ -gpgcheck=1 -enabled=0 -metadata_expire=6h -gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Rocky-9 - -[plus] -name=Rocky Linux $releasever - Plus -mirrorlist=https://mirrors.rockylinux.org/mirrorlist?arch=$basearch&repo=plus-$releasever$rltype -#baseurl=http://dl.rockylinux.org/$contentdir/$releasever/plus/$basearch/os/ -gpgcheck=1 -enabled=0 -countme=1 -metadata_expire=6h -gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Rocky-9 - -[plus-debuginfo] -name=Rocky Linux $releasever - Plus - Debug -mirrorlist=https://mirrors.rockylinux.org/mirrorlist?arch=$basearch&repo=plus-$releasever-debug$rltype -#baseurl=http://dl.rockylinux.org/$contentdir/$releasever/plus/$basearch/debug/tree/ -gpgcheck=1 -enabled=0 -metadata_expire=6h -gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Rocky-9 - -[plus-source] -name=Rocky Linux $releasever - Plus - Source -mirrorlist=https://mirrors.rockylinux.org/mirrorlist?arch=source&repo=plus-$releasever-source$rltype -#baseurl=http://dl.rockylinux.org/$contentdir/$releasever/plus/source/tree/ -gpgcheck=1 -enabled=0 -metadata_expire=6h -gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Rocky-9 diff --git a/ansible/roles/release_train/templates/rocky.repo.j2 b/ansible/roles/release_train/templates/rocky.repo.j2 deleted file mode 100644 index 29d6aee42..000000000 --- a/ansible/roles/release_train/templates/rocky.repo.j2 +++ /dev/null @@ -1,93 +0,0 @@ -# rocky.repo -# -# The mirrorlist system uses the connecting IP address of the client and the -# update status of each mirror to pick current mirrors that are geographically -# close to the client. You should use this for Rocky updates unless you are -# manually picking other mirrors. -# -# If the mirrorlist does not work for you, you can try the commented out -# baseurl line instead. - -[baseos] -name=Rocky Linux $releasever - BaseOS -baseurl={{ release_train_url_prefix }}/BaseOS/{{ release_train_url_suffix }} -gpgcheck=1 -enabled=1 -countme=1 -metadata_expire=6h -gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Rocky-9 -{{ release_train_auth }} - -[baseos-debuginfo] -name=Rocky Linux $releasever - BaseOS - Debug -mirrorlist=https://mirrors.rockylinux.org/mirrorlist?arch=$basearch&repo=BaseOS-$releasever-debug$rltype -#baseurl=http://dl.rockylinux.org/$contentdir/$releasever/BaseOS/$basearch/debug/tree/ -gpgcheck=1 -enabled=0 -metadata_expire=6h -gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Rocky-9 - -[baseos-source] -name=Rocky Linux $releasever - BaseOS - Source -mirrorlist=https://mirrors.rockylinux.org/mirrorlist?arch=source&repo=BaseOS-$releasever-source$rltype -#baseurl=http://dl.rockylinux.org/$contentdir/$releasever/BaseOS/source/tree/ -gpgcheck=1 -enabled=0 -metadata_expire=6h -gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Rocky-9 - -[appstream] -name=Rocky Linux $releasever - AppStream -baseurl={{ release_train_url_prefix }}/AppStream/{{ release_train_url_suffix }} -gpgcheck=1 -enabled=1 -countme=1 -metadata_expire=6h -gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Rocky-9 -{{ release_train_auth }} - -[appstream-debuginfo] -name=Rocky Linux $releasever - AppStream - Debug -mirrorlist=https://mirrors.rockylinux.org/mirrorlist?arch=$basearch&repo=AppStream-$releasever-debug$rltype -#baseurl=http://dl.rockylinux.org/$contentdir/$releasever/AppStream/$basearch/debug/tree/ -gpgcheck=1 -enabled=0 -metadata_expire=6h -gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Rocky-9 - -[appstream-source] -name=Rocky Linux $releasever - AppStream - Source -mirrorlist=https://mirrors.rockylinux.org/mirrorlist?arch=source&repo=AppStream-$releasever-source$rltype -#baseurl=http://dl.rockylinux.org/$contentdir/$releasever/AppStream/source/tree/ -gpgcheck=1 -enabled=0 -metadata_expire=6h -gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Rocky-9 - -[crb] -name=Rocky Linux $releasever - CRB -baseurl={{ release_train_url_prefix }}/CRB/{{ release_train_url_suffix }} -gpgcheck=1 -enabled=0 -countme=1 -metadata_expire=6h -gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Rocky-9 -{{ release_train_auth }} - -[crb-debuginfo] -name=Rocky Linux $releasever - CRB - Debug -mirrorlist=https://mirrors.rockylinux.org/mirrorlist?arch=$basearch&repo=CRB-$releasever-debug$rltype -#baseurl=http://dl.rockylinux.org/$contentdir/$releasever/CRB/$basearch/debug/tree/ -gpgcheck=1 -enabled=0 -metadata_expire=6h -gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Rocky-9 - -[crb-source] -name=Rocky Linux $releasever - CRB - Source -mirrorlist=https://mirrors.rockylinux.org/mirrorlist?arch=source&repo=CRB-$releasever-source$rltype -#baseurl=http://dl.rockylinux.org/$contentdir/$releasever/CRB/source/tree/ -gpgcheck=1 -enabled=0 -metadata_expire=6h -gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Rocky-9 diff --git a/ansible/slurm.yml b/ansible/slurm.yml index 0b7397242..f2d37a60c 100644 --- a/ansible/slurm.yml +++ b/ansible/slurm.yml @@ -27,6 +27,7 @@ tasks: - import_role: name: stackhpc.openhpc + tasks_from: "{{ 'runtime.yml' if appliances_mode == 'configure' else 'main.yml' }}" - name: Set locked memory limits on user-facing nodes hosts: diff --git a/environments/.stackhpc/hooks/post.yml b/environments/.stackhpc/hooks/post.yml index 9622797ef..98e366304 100644 --- a/environments/.stackhpc/hooks/post.yml +++ b/environments/.stackhpc/hooks/post.yml @@ -16,8 +16,8 @@ - hosts: builder become: yes tasks: - - name: Revert ark repos + - name: Disable ark repos ansible.builtin.include_role: - name: release_train - tasks_from: revert_repos.yml + name: dnf_repos + tasks_from: disable_repos.yml when: ansible_distribution_major_version == "9" #TODO update role once RL8 config decided diff --git a/environments/.stackhpc/hooks/pre.yml b/environments/.stackhpc/hooks/pre.yml index a15df2cd4..9ea84740d 100644 --- a/environments/.stackhpc/hooks/pre.yml +++ b/environments/.stackhpc/hooks/pre.yml @@ -23,6 +23,6 @@ tasks: - name: Replace system repos with ark ansible.builtin.include_role: - name: release_train + name: dnf_repos tasks_from: set_repos.yml when: ansible_distribution_major_version == "9" #TODO update role once RL8 config decided diff --git a/environments/common/inventory/group_vars/all/defaults.yml b/environments/common/inventory/group_vars/all/defaults.yml index 15340820f..2a88f035d 100644 --- a/environments/common/inventory/group_vars/all/defaults.yml +++ b/environments/common/inventory/group_vars/all/defaults.yml @@ -6,6 +6,7 @@ appliances_environment_root: "{{ lookup('env', 'APPLIANCES_ENVIRONMENT_ROOT') }} appliances_environment_name: "{{ appliances_environment_root | basename | regex_replace('\\W+', '') }}" # [a-zA-Z0-9_] only appliances_cockpit_state: absent # RHEL cockpit installed but not enabled in genericcloud images; appliance defaults to removing it #appliances_state_dir: # define an absolute path here to use for persistent state: NB: This is defined as /var/lib/state in inventory by the default Terraform +appliances_mode: configure # Address(ip/dns) for internal communication between services. This is # normally traffic you do no want to expose to users. diff --git a/environments/common/inventory/group_vars/all/openhpc.yml b/environments/common/inventory/group_vars/all/openhpc.yml index c613fc697..a23bc77ba 100644 --- a/environments/common/inventory/group_vars/all/openhpc.yml +++ b/environments/common/inventory/group_vars/all/openhpc.yml @@ -38,3 +38,13 @@ openhpc_config_default: openhpc_config_extra: {} openhpc_config: "{{ openhpc_config_default | combine(openhpc_config_extra, list_merge='append') }}" openhpc_state_save_location: "{{ appliances_state_dir + '/slurmctld' if appliances_state_dir is defined else '/var/spool' }}" + +ohpc_default_extra_repos: + "9": [] #overriding to ensure doesn't overwrite ark epel repo + "8": + - name: epel + file: epel + description: "Extra Packages for Enterprise Linux 8 - $basearch" + metalink: "https://mirrors.fedoraproject.org/metalink?repo=epel-8&arch=$basearch&infra=$infra&content=$contentdir" + gpgcheck: true + gpgkey: "https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-8" diff --git a/packer/openhpc_extravars.yml b/packer/openhpc_extravars.yml index 66f668649..e68741c01 100644 --- a/packer/openhpc_extravars.yml +++ b/packer/openhpc_extravars.yml @@ -1 +1,2 @@ workaround_ansible_issue_61497: yes # extravars files can't be empty +appliances_mode: "build" From 0bc473c27b5c29fa15d87da059ef88d438d58766 Mon Sep 17 00:00:00 2001 From: wtripp180901 Date: Tue, 3 Dec 2024 14:12:42 +0000 Subject: [PATCH 05/45] fixed ood install with disbaled repos + fixed ark CRB typo --- ansible/fatimage.yml | 8 ++++---- ansible/roles/dnf_repos/defaults/main.yml | 2 +- ansible/roles/openondemand/tasks/main.yml | 8 +++++++- ansible/roles/openondemand/tasks/pam_auth.yml | 3 +++ ansible/roles/openondemand/tasks/vnc_compute.yml | 1 + 5 files changed, 16 insertions(+), 6 deletions(-) diff --git a/ansible/fatimage.yml b/ansible/fatimage.yml index ec0d4dd74..b28e4f308 100644 --- a/ansible/fatimage.yml +++ b/ansible/fatimage.yml @@ -69,10 +69,6 @@ tasks_from: install.yml when: "'openhpc' in group_names" - - name: Install Apache PAM module # Extracted from start of roles/openondemand/tasks/pam_auth.yml to ensure only installed during build - yum: - name: mod_authnz_pam - # - import_playbook: portal.yml - name: Open Ondemand server (packages) include_role: @@ -102,6 +98,10 @@ tasks_from: jupyter_compute.yml when: "'openondemand_jupyter' in group_names" + - name: Install Apache PAM module # Extracted from start of roles/openondemand/tasks/pam_auth.yml to ensure only installed during build + yum: + name: mod_authnz_pam + # - import_playbook: monitoring.yml: - import_role: name: opensearch diff --git a/ansible/roles/dnf_repos/defaults/main.yml b/ansible/roles/dnf_repos/defaults/main.yml index 00778533c..000ae3524 100644 --- a/ansible/roles/dnf_repos/defaults/main.yml +++ b/ansible/roles/dnf_repos/defaults/main.yml @@ -16,7 +16,7 @@ dnf_repos_repolist: base_url: "{{ dnf_repos_rocky_ark_prefix }}/AppStream/{{ dnf_repos_rocky_ark_suffix }}" - file: rocky name: crb - base_url: "{{ dnf_repos_rocky_ark_prefix }}/AppStream/{{ dnf_repos_rocky_ark_suffix }}" + base_url: "{{ dnf_repos_rocky_ark_prefix }}/CRB/{{ dnf_repos_rocky_ark_suffix }}" - file: rocky-extras name: extras base_url: "{{ dnf_repos_rocky_ark_prefix }}/extras/{{ dnf_repos_rocky_ark_suffix }}" diff --git a/ansible/roles/openondemand/tasks/main.yml b/ansible/roles/openondemand/tasks/main.yml index a9b975c5b..bd5706ecb 100644 --- a/ansible/roles/openondemand/tasks/main.yml +++ b/ansible/roles/openondemand/tasks/main.yml @@ -6,12 +6,18 @@ loop: "{{ openondemand_osc_ood_defaults | dict2items }}" when: (item.key in hostvars[inventory_hostname]) or (item.value) +# osc.ood variables are exposed to play here instead of setting 'public' in include role so that they will still be exposed during runtime +- ansible.builtin.include_vars: + dir: "{{ playbook_dir }}/roles/osc.ood/defaults/main" + +- ansible.builtin.include_vars: + file: "{{ playbook_dir }}/roles/osc.ood/vars/Rocky/{{ ansible_distribution_major_version }}.yml" + # if using PAM auth we need apache installed but NOT started so split the osc.ood role up: - include_role: name: osc.ood tasks_from: install-package.yml vars_from: "Rocky/{{ ansible_distribution_major_version }}.yml" - public: yes # Expose the vars from this role to the rest of the play when: appliances_mode != 'configure' # can't set vars: from a dict hence the workaround above diff --git a/ansible/roles/openondemand/tasks/pam_auth.yml b/ansible/roles/openondemand/tasks/pam_auth.yml index 3ede2d3ce..6bc4bda36 100644 --- a/ansible/roles/openondemand/tasks/pam_auth.yml +++ b/ansible/roles/openondemand/tasks/pam_auth.yml @@ -1,5 +1,8 @@ # https://osc.github.io/ood-documentation/latest/authentication/pam.html --- +- name: Install Apache PAM module # Extracted from start of roles/openondemand/tasks/pam_auth.yml to ensure only installed during build + yum: + name: mod_authnz_pam - name: Enable Apache PAM module lineinfile: diff --git a/ansible/roles/openondemand/tasks/vnc_compute.yml b/ansible/roles/openondemand/tasks/vnc_compute.yml index 388e3b3c5..6ec340249 100644 --- a/ansible/roles/openondemand/tasks/vnc_compute.yml +++ b/ansible/roles/openondemand/tasks/vnc_compute.yml @@ -48,6 +48,7 @@ tags: install yum: name: '@Xfce' + when: appliances_mode != 'configure' # dnf group/module installs aren't idempotent so only run during build # - name: Ensure python3.9 installed # dnf: From 364ec79252f11d707b8705068676e23e876357aa Mon Sep 17 00:00:00 2001 From: wtripp180901 Date: Tue, 3 Dec 2024 16:12:18 +0000 Subject: [PATCH 06/45] fixed eessi install and slurm not loading appliances_mode --- ansible/roles/eessi/tasks/main.yaml | 1 + ansible/slurm.yml | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/ansible/roles/eessi/tasks/main.yaml b/ansible/roles/eessi/tasks/main.yaml index d121b6fdd..c61625b0e 100644 --- a/ansible/roles/eessi/tasks/main.yaml +++ b/ansible/roles/eessi/tasks/main.yaml @@ -10,6 +10,7 @@ - name: Add CVMFS repo dnf: name: https://ecsft.cern.ch/dist/cvmfs/cvmfs-release/cvmfs-release-latest.noarch.rpm + disable_gpg_check: true - name: Install CVMFS dnf: diff --git a/ansible/slurm.yml b/ansible/slurm.yml index f2d37a60c..cf282f786 100644 --- a/ansible/slurm.yml +++ b/ansible/slurm.yml @@ -25,7 +25,7 @@ tags: - openhpc tasks: - - import_role: + - include_role: name: stackhpc.openhpc tasks_from: "{{ 'runtime.yml' if appliances_mode == 'configure' else 'main.yml' }}" From b0558b95a162064d3a058d43fa012da2d3660a5a Mon Sep 17 00:00:00 2001 From: wtripp180901 Date: Tue, 3 Dec 2024 16:29:57 +0000 Subject: [PATCH 07/45] variables renames + more ansible facts in dnf_repos --- ansible/roles/dnf_repos/defaults/main.yml | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/ansible/roles/dnf_repos/defaults/main.yml b/ansible/roles/dnf_repos/defaults/main.yml index 000ae3524..a3e05d0e1 100644 --- a/ansible/roles/dnf_repos/defaults/main.yml +++ b/ansible/roles/dnf_repos/defaults/main.yml @@ -1,8 +1,8 @@ -dnf_repos_rocky_ark_prefix: https://ark.stackhpc.com/pulp/content/{{ ansible_distribution | lower }}/9.4 -dnf_repos_rocky_ark_suffix: "{{ ansible_architecture }}/os/{{ dnf_repos_ark_timestamp }}/" +dnf_repos_rocky_ark_prefix: https://ark.stackhpc.com/pulp/content/{{ ansible_distribution | lower }}/{{ ansible_distribution_version }} +dnf_repos_rocky_ark_suffix: "{{ ansible_architecture }}/os/{{ dnf_repos_rocky_ark_timestamp }}/" # most stable from https://github.com/stackhpc/stackhpc-kayobe-config/blob/stackhpc/2024.1/etc/kayobe/pulp-repo-versions.yml # note that some timestamps can't be used because not all repos have snapshots for them -dnf_repos_ark_timestamp: 20240816T002610 +dnf_repos_rocky_ark_timestamp: 20240816T002610 dnf_repos_username: slurm-app-ci dnf_repos_password: "{{ lookup('ansible.builtin.env', 'ARK_PASSWORD') }}" @@ -21,4 +21,5 @@ dnf_repos_repolist: name: extras base_url: "{{ dnf_repos_rocky_ark_prefix }}/extras/{{ dnf_repos_rocky_ark_suffix }}" -dnf_repos_epel_baseurl: https://ark.stackhpc.com/pulp/content/epel/9/Everything/x86_64/20240902T080424 +dnf_repos_epel_timestamp: 20240902T080424 +dnf_repos_epel_baseurl: "https://ark.stackhpc.com/pulp/content/epel/{{ ansible_distribution_major_version }}/Everything/{{ ansible_architecture }}/{{ dnf_repos_epel_timestamp }}" From 3131bd6d600c13f73bcd2336c3f74bda07d65af9 Mon Sep 17 00:00:00 2001 From: wtripp180901 <78219569+wtripp180901@users.noreply.github.com> Date: Tue, 3 Dec 2024 18:17:33 +0000 Subject: [PATCH 08/45] bump images --- .../.stackhpc/terraform/cluster_image.auto.tfvars.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/environments/.stackhpc/terraform/cluster_image.auto.tfvars.json b/environments/.stackhpc/terraform/cluster_image.auto.tfvars.json index f9a2087c8..14c997596 100644 --- a/environments/.stackhpc/terraform/cluster_image.auto.tfvars.json +++ b/environments/.stackhpc/terraform/cluster_image.auto.tfvars.json @@ -1,6 +1,6 @@ { "cluster_image": { - "RL8": "openhpc-RL8-241118-0918-4538c6df", - "RL9": "openhpc-RL9-241118-0918-4538c6df" + "RL8": "openhpc-RL8-241203-1659-b0558b95", + "RL9": "openhpc-RL9-241203-1659-b0558b95" } } From 1be9c6b7697e1d0a292f27ca4ee5f2702c8612fd Mon Sep 17 00:00:00 2001 From: wtripp180901 <78219569+wtripp180901@users.noreply.github.com> Date: Wed, 4 Dec 2024 10:00:44 +0000 Subject: [PATCH 09/45] added review comment Co-authored-by: Steve Brasier <33413598+sjpb@users.noreply.github.com> --- ansible/roles/dnf_repos/tasks/set_repos.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/ansible/roles/dnf_repos/tasks/set_repos.yml b/ansible/roles/dnf_repos/tasks/set_repos.yml index 2c51b96ae..f8cca5600 100644 --- a/ansible/roles/dnf_repos/tasks/set_repos.yml +++ b/ansible/roles/dnf_repos/tasks/set_repos.yml @@ -11,6 +11,7 @@ loop: "{{ dnf_repos_repolist }}" - name: Install epel-release + # done so that roles installing epel via epel-release don't over-write our changes to the epel repo ansible.builtin.dnf: name: epel-release From b7670e94d371118f0eb1c5084d1a7a4044f6665a Mon Sep 17 00:00:00 2001 From: wtripp180901 Date: Wed, 4 Dec 2024 10:10:00 +0000 Subject: [PATCH 10/45] moved config into builder and .stackhpc --- .../inventory/group_vars/openhpc/overrides.yml | 10 ++++++++++ .../common/inventory/group_vars/all/openhpc.yml | 10 ---------- .../common/inventory/group_vars/builder/defaults.yml | 1 + packer/openhpc_extravars.yml | 1 - 4 files changed, 11 insertions(+), 11 deletions(-) diff --git a/environments/.stackhpc/inventory/group_vars/openhpc/overrides.yml b/environments/.stackhpc/inventory/group_vars/openhpc/overrides.yml index 5aac5f8ad..858dfd9d3 100644 --- a/environments/.stackhpc/inventory/group_vars/openhpc/overrides.yml +++ b/environments/.stackhpc/inventory/group_vars/openhpc/overrides.yml @@ -1,3 +1,13 @@ openhpc_config_extra: SlurmctldDebug: debug SlurmdDebug: debug + +ohpc_default_extra_repos: + "9": [] #overriding to ensure doesn't overwrite ark epel repo + "8": + - name: epel + file: epel + description: "Extra Packages for Enterprise Linux 8 - $basearch" + metalink: "https://mirrors.fedoraproject.org/metalink?repo=epel-8&arch=$basearch&infra=$infra&content=$contentdir" + gpgcheck: true + gpgkey: "https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-8" diff --git a/environments/common/inventory/group_vars/all/openhpc.yml b/environments/common/inventory/group_vars/all/openhpc.yml index a23bc77ba..c613fc697 100644 --- a/environments/common/inventory/group_vars/all/openhpc.yml +++ b/environments/common/inventory/group_vars/all/openhpc.yml @@ -38,13 +38,3 @@ openhpc_config_default: openhpc_config_extra: {} openhpc_config: "{{ openhpc_config_default | combine(openhpc_config_extra, list_merge='append') }}" openhpc_state_save_location: "{{ appliances_state_dir + '/slurmctld' if appliances_state_dir is defined else '/var/spool' }}" - -ohpc_default_extra_repos: - "9": [] #overriding to ensure doesn't overwrite ark epel repo - "8": - - name: epel - file: epel - description: "Extra Packages for Enterprise Linux 8 - $basearch" - metalink: "https://mirrors.fedoraproject.org/metalink?repo=epel-8&arch=$basearch&infra=$infra&content=$contentdir" - gpgcheck: true - gpgkey: "https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-8" diff --git a/environments/common/inventory/group_vars/builder/defaults.yml b/environments/common/inventory/group_vars/builder/defaults.yml index 22042c1bf..b43d9f03c 100644 --- a/environments/common/inventory/group_vars/builder/defaults.yml +++ b/environments/common/inventory/group_vars/builder/defaults.yml @@ -22,3 +22,4 @@ squid_cache_disk: 0 # just needs to be defined squid_cache_mem: 0 tuned_started: false tuned_enabled: false +appliances_mode: build diff --git a/packer/openhpc_extravars.yml b/packer/openhpc_extravars.yml index e68741c01..66f668649 100644 --- a/packer/openhpc_extravars.yml +++ b/packer/openhpc_extravars.yml @@ -1,2 +1 @@ workaround_ansible_issue_61497: yes # extravars files can't be empty -appliances_mode: "build" From 2230bb8af6b8bede2ea1f712913d76e59a70f79b Mon Sep 17 00:00:00 2001 From: wtripp180901 Date: Wed, 4 Dec 2024 10:17:26 +0000 Subject: [PATCH 11/45] overriding openhpc extra repos in common --- .../inventory/group_vars/openhpc/overrides.yml | 10 ---------- .../common/inventory/group_vars/all/openhpc.yml | 10 ++++++++++ 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/environments/.stackhpc/inventory/group_vars/openhpc/overrides.yml b/environments/.stackhpc/inventory/group_vars/openhpc/overrides.yml index 858dfd9d3..5aac5f8ad 100644 --- a/environments/.stackhpc/inventory/group_vars/openhpc/overrides.yml +++ b/environments/.stackhpc/inventory/group_vars/openhpc/overrides.yml @@ -1,13 +1,3 @@ openhpc_config_extra: SlurmctldDebug: debug SlurmdDebug: debug - -ohpc_default_extra_repos: - "9": [] #overriding to ensure doesn't overwrite ark epel repo - "8": - - name: epel - file: epel - description: "Extra Packages for Enterprise Linux 8 - $basearch" - metalink: "https://mirrors.fedoraproject.org/metalink?repo=epel-8&arch=$basearch&infra=$infra&content=$contentdir" - gpgcheck: true - gpgkey: "https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-8" diff --git a/environments/common/inventory/group_vars/all/openhpc.yml b/environments/common/inventory/group_vars/all/openhpc.yml index c613fc697..a23bc77ba 100644 --- a/environments/common/inventory/group_vars/all/openhpc.yml +++ b/environments/common/inventory/group_vars/all/openhpc.yml @@ -38,3 +38,13 @@ openhpc_config_default: openhpc_config_extra: {} openhpc_config: "{{ openhpc_config_default | combine(openhpc_config_extra, list_merge='append') }}" openhpc_state_save_location: "{{ appliances_state_dir + '/slurmctld' if appliances_state_dir is defined else '/var/spool' }}" + +ohpc_default_extra_repos: + "9": [] #overriding to ensure doesn't overwrite ark epel repo + "8": + - name: epel + file: epel + description: "Extra Packages for Enterprise Linux 8 - $basearch" + metalink: "https://mirrors.fedoraproject.org/metalink?repo=epel-8&arch=$basearch&infra=$infra&content=$contentdir" + gpgcheck: true + gpgkey: "https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-8" From 9723782e7fcb284945e67a17aec1a756f708f89b Mon Sep 17 00:00:00 2001 From: wtripp180901 Date: Fri, 6 Dec 2024 13:04:29 +0000 Subject: [PATCH 12/45] testing builds with leafcloud pulp --- ansible/roles/dnf_repos/defaults/main.yml | 48 ++++++++++++++----- ansible/roles/dnf_repos/tasks/set_repos.yml | 4 -- .../inventory/group_vars/builder.yml | 1 + 3 files changed, 36 insertions(+), 17 deletions(-) diff --git a/ansible/roles/dnf_repos/defaults/main.yml b/ansible/roles/dnf_repos/defaults/main.yml index a3e05d0e1..b997605ea 100644 --- a/ansible/roles/dnf_repos/defaults/main.yml +++ b/ansible/roles/dnf_repos/defaults/main.yml @@ -1,25 +1,47 @@ -dnf_repos_rocky_ark_prefix: https://ark.stackhpc.com/pulp/content/{{ ansible_distribution | lower }}/{{ ansible_distribution_version }} -dnf_repos_rocky_ark_suffix: "{{ ansible_architecture }}/os/{{ dnf_repos_rocky_ark_timestamp }}/" -# most stable from https://github.com/stackhpc/stackhpc-kayobe-config/blob/stackhpc/2024.1/etc/kayobe/pulp-repo-versions.yml -# note that some timestamps can't be used because not all repos have snapshots for them -dnf_repos_rocky_ark_timestamp: 20240816T002610 -dnf_repos_username: slurm-app-ci -dnf_repos_password: "{{ lookup('ansible.builtin.env', 'ARK_PASSWORD') }}" +# dnf_repos_rocky_ark_prefix: https://ark.stackhpc.com/pulp/content/{{ ansible_distribution | lower }}/{{ ansible_distribution_version }} +# dnf_repos_rocky_ark_suffix: "{{ ansible_architecture }}/os/{{ dnf_repos_rocky_ark_timestamp }}/" +# # most stable from https://github.com/stackhpc/stackhpc-kayobe-config/blob/stackhpc/2024.1/etc/kayobe/pulp-repo-versions.yml +# # note that some timestamps can't be used because not all repos have snapshots for them +# dnf_repos_rocky_ark_timestamp: 20240816T002610 +# dnf_repos_username: slurm-app-ci +# dnf_repos_password: "{{ lookup('ansible.builtin.env', 'ARK_PASSWORD') }}" + +# # epel installed separately +# dnf_repos_repolist: +# - file: rocky +# name: baseos +# base_url: "{{ dnf_repos_rocky_ark_prefix }}/BaseOS/{{ dnf_repos_rocky_ark_suffix }}" +# - file: rocky +# name: appstream +# base_url: "{{ dnf_repos_rocky_ark_prefix }}/AppStream/{{ dnf_repos_rocky_ark_suffix }}" +# - file: rocky +# name: crb +# base_url: "{{ dnf_repos_rocky_ark_prefix }}/CRB/{{ dnf_repos_rocky_ark_suffix }}" +# - file: rocky-extras +# name: extras +# base_url: "{{ dnf_repos_rocky_ark_prefix }}/extras/{{ dnf_repos_rocky_ark_suffix }}" + +# dnf_repos_epel_timestamp: 20240902T080424 +# dnf_repos_epel_baseurl: "https://ark.stackhpc.com/pulp/content/epel/{{ ansible_distribution_major_version }}/Everything/{{ ansible_architecture }}/{{ dnf_repos_epel_timestamp }}" + +dnf_repos_pulp_url: # required +dnf_repos_pulp_content_url: "{{ dnf_repos_pulp_url }}/pulp/content" +dnf_repos_rocky_prefix: "{{ ansible_distribution | lower }}/{{ ansible_distribution_version }}" +dnf_repos_epel_prefix: "epel/{{ ansible_distribution_major_version }}" # epel installed separately dnf_repos_repolist: - file: rocky name: baseos - base_url: "{{ dnf_repos_rocky_ark_prefix }}/BaseOS/{{ dnf_repos_rocky_ark_suffix }}" + base_url: "{{ dnf_repos_pulp_content_url }}/{{ dnf_repos_rocky_prefix }}/baseos" - file: rocky name: appstream - base_url: "{{ dnf_repos_rocky_ark_prefix }}/AppStream/{{ dnf_repos_rocky_ark_suffix }}" + base_url: "{{ dnf_repos_pulp_content_url }}/{{ dnf_repos_rocky_prefix }}/appstream" - file: rocky name: crb - base_url: "{{ dnf_repos_rocky_ark_prefix }}/CRB/{{ dnf_repos_rocky_ark_suffix }}" + base_url: "{{ dnf_repos_pulp_content_url }}/{{ dnf_repos_rocky_prefix }}/crb" - file: rocky-extras name: extras - base_url: "{{ dnf_repos_rocky_ark_prefix }}/extras/{{ dnf_repos_rocky_ark_suffix }}" + base_url: "{{ dnf_repos_pulp_content_url }}/{{ dnf_repos_rocky_prefix }}/extras" -dnf_repos_epel_timestamp: 20240902T080424 -dnf_repos_epel_baseurl: "https://ark.stackhpc.com/pulp/content/epel/{{ ansible_distribution_major_version }}/Everything/{{ ansible_architecture }}/{{ dnf_repos_epel_timestamp }}" +dnf_repos_epel_baseurl: "{{ dnf_repos_pulp_content_url }}/epel/{{ ansible_distribution_major_version }}" diff --git a/ansible/roles/dnf_repos/tasks/set_repos.yml b/ansible/roles/dnf_repos/tasks/set_repos.yml index f8cca5600..8a8364097 100644 --- a/ansible/roles/dnf_repos/tasks/set_repos.yml +++ b/ansible/roles/dnf_repos/tasks/set_repos.yml @@ -6,8 +6,6 @@ name: "{{ item.name }}" baseurl: "{{ item.base_url }}" description: "{{ item.name }}" - username: "{{ dnf_repos_username }}" - password: "{{ dnf_repos_password }}" loop: "{{ dnf_repos_repolist }}" - name: Install epel-release @@ -21,6 +19,4 @@ file: epel description: epel gpgcheck: false - username: "{{ dnf_repos_username }}" - password: "{{ dnf_repos_password }}" baseurl: "{{ dnf_repos_epel_baseurl }}" diff --git a/environments/.stackhpc/inventory/group_vars/builder.yml b/environments/.stackhpc/inventory/group_vars/builder.yml index 8d7ee98d2..1a65daa48 100644 --- a/environments/.stackhpc/inventory/group_vars/builder.yml +++ b/environments/.stackhpc/inventory/group_vars/builder.yml @@ -1 +1,2 @@ #update_enable: false # Can uncomment for speed debugging non-update related build issues +dnf_repos_pulp_url: http://192.168.10.157:8080 From 127b79210af6d806c82674d4a0cbe64eb07e3fff Mon Sep 17 00:00:00 2001 From: wtripp180901 Date: Fri, 6 Dec 2024 15:12:50 +0000 Subject: [PATCH 13/45] pulp integration --- ansible/.gitignore | 2 + ansible/adhoc/deploy-pulp.yml | 25 +++++++ ansible/bootstrap.yml | 17 +++++ ansible/roles/dnf_repos/defaults/main.yml | 28 +------ ansible/roles/passwords/defaults/main.yml | 1 + ansible/roles/pulp_site/defaults/main.yml | 75 +++++++++++++++++++ ansible/roles/pulp_site/tasks/install.yml | 43 +++++++++++ ansible/roles/pulp_site/tasks/sync.yml | 73 ++++++++++++++++++ ansible/roles/pulp_site/templates/cli.toml.j2 | 14 ++++ .../roles/pulp_site/templates/settings.py.j2 | 2 + ansible/site.yml | 9 +++ environments/.stackhpc/hooks/post.yml | 9 --- environments/.stackhpc/hooks/pre.yml | 9 --- .../inventory/group_vars/builder.yml | 2 +- .../inventory/group_vars/all/defaults.yml | 1 + environments/common/inventory/groups | 4 + requirements.txt | 3 +- requirements.yml | 2 + 18 files changed, 272 insertions(+), 47 deletions(-) create mode 100644 ansible/adhoc/deploy-pulp.yml create mode 100644 ansible/roles/pulp_site/defaults/main.yml create mode 100644 ansible/roles/pulp_site/tasks/install.yml create mode 100644 ansible/roles/pulp_site/tasks/sync.yml create mode 100644 ansible/roles/pulp_site/templates/cli.toml.j2 create mode 100644 ansible/roles/pulp_site/templates/settings.py.j2 diff --git a/ansible/.gitignore b/ansible/.gitignore index 48c917c4f..4eba25fa9 100644 --- a/ansible/.gitignore +++ b/ansible/.gitignore @@ -66,3 +66,5 @@ roles/* !roles/lustre/** !roles/dnf_repos/ !roles/dnf_repos/** +!roles/pulp_site/ +!roles/pulp_site/** diff --git a/ansible/adhoc/deploy-pulp.yml b/ansible/adhoc/deploy-pulp.yml new file mode 100644 index 000000000..291da7f59 --- /dev/null +++ b/ansible/adhoc/deploy-pulp.yml @@ -0,0 +1,25 @@ +# Usage: ansible-playbook ansible/adhoc/deploy-pulp.yml -e "pulp_server=" + +- name: Add temporary pulp server host + hosts: localhost + tasks: + - ansible.builtin.add_host: + name: "{{ pulp_server }}" + group: "_pulp_host" + +- name: Install pulp on server + become: yes + hosts: _pulp_host + tasks: + - ansible.builtin.import_role: + name: pulp_site + tasks_from: install.yml + +- name: Add pulp host to environment + hosts: localhost + tasks: + - ansible.builtin.copy: + dest: "{{ lookup('env', 'APPLIANCES_ENVIRONMENT_ROOT') }}/inventory/group_vars/all/pulp_server.yml" + content: | + # ansible managed + appliances_pulp_server: "http://{{ pulp_server }}" diff --git a/ansible/bootstrap.yml b/ansible/bootstrap.yml index 733d4b3f8..cc3cf7a12 100644 --- a/ansible/bootstrap.yml +++ b/ansible/bootstrap.yml @@ -110,6 +110,23 @@ policy: "{{ selinux_policy }}" register: sestatus +- name: Sync pulp repos with upstream + hosts: localhost + tasks: + - ansible.builtin.include_role: + name: pulp_site + tasks_from: sync.yml + when: appliances_mode != 'configure' + +- hosts: dnf_repos + become: yes + tasks: + - name: Replace system repos with pulp repos + ansible.builtin.include_role: + name: dnf_repos + tasks_from: set_repos.yml + when: appliances_mode != 'configure' and ansible_distribution_major_version == "9" #TODO update role once RL8 config decided + # --- tasks after here require access to package repos --- - hosts: squid tags: squid diff --git a/ansible/roles/dnf_repos/defaults/main.yml b/ansible/roles/dnf_repos/defaults/main.yml index b997605ea..24bb4852b 100644 --- a/ansible/roles/dnf_repos/defaults/main.yml +++ b/ansible/roles/dnf_repos/defaults/main.yml @@ -1,30 +1,4 @@ -# dnf_repos_rocky_ark_prefix: https://ark.stackhpc.com/pulp/content/{{ ansible_distribution | lower }}/{{ ansible_distribution_version }} -# dnf_repos_rocky_ark_suffix: "{{ ansible_architecture }}/os/{{ dnf_repos_rocky_ark_timestamp }}/" -# # most stable from https://github.com/stackhpc/stackhpc-kayobe-config/blob/stackhpc/2024.1/etc/kayobe/pulp-repo-versions.yml -# # note that some timestamps can't be used because not all repos have snapshots for them -# dnf_repos_rocky_ark_timestamp: 20240816T002610 -# dnf_repos_username: slurm-app-ci -# dnf_repos_password: "{{ lookup('ansible.builtin.env', 'ARK_PASSWORD') }}" - -# # epel installed separately -# dnf_repos_repolist: -# - file: rocky -# name: baseos -# base_url: "{{ dnf_repos_rocky_ark_prefix }}/BaseOS/{{ dnf_repos_rocky_ark_suffix }}" -# - file: rocky -# name: appstream -# base_url: "{{ dnf_repos_rocky_ark_prefix }}/AppStream/{{ dnf_repos_rocky_ark_suffix }}" -# - file: rocky -# name: crb -# base_url: "{{ dnf_repos_rocky_ark_prefix }}/CRB/{{ dnf_repos_rocky_ark_suffix }}" -# - file: rocky-extras -# name: extras -# base_url: "{{ dnf_repos_rocky_ark_prefix }}/extras/{{ dnf_repos_rocky_ark_suffix }}" - -# dnf_repos_epel_timestamp: 20240902T080424 -# dnf_repos_epel_baseurl: "https://ark.stackhpc.com/pulp/content/epel/{{ ansible_distribution_major_version }}/Everything/{{ ansible_architecture }}/{{ dnf_repos_epel_timestamp }}" - -dnf_repos_pulp_url: # required +dnf_repos_pulp_url: "{{ appliances_pulp_url }}" dnf_repos_pulp_content_url: "{{ dnf_repos_pulp_url }}/pulp/content" dnf_repos_rocky_prefix: "{{ ansible_distribution | lower }}/{{ ansible_distribution_version }}" dnf_repos_epel_prefix: "epel/{{ ansible_distribution_major_version }}" diff --git a/ansible/roles/passwords/defaults/main.yml b/ansible/roles/passwords/defaults/main.yml index d9a339efd..2587e8499 100644 --- a/ansible/roles/passwords/defaults/main.yml +++ b/ansible/roles/passwords/defaults/main.yml @@ -9,6 +9,7 @@ slurm_appliance_secrets: vault_freeipa_ds_password: "{{ vault_freeipa_ds_password | default(lookup('password', '/dev/null')) }}" vault_freeipa_admin_password: "{{ vault_freeipa_admin_password | default(lookup('password', '/dev/null')) }}" vault_k3s_token: "{{ vault_k3s_token | default(lookup('ansible.builtin.password', '/dev/null', length=64)) }}" + vault_pulp_admin_password: "{{ vault_pulp_admin_password | default(lookup('password', '/dev/null', chars=['ascii_letters', 'digits'])) }}" secrets_openhpc_mungekey_default: content: "{{ lookup('pipe', 'dd if=/dev/urandom bs=1 count=1024 2>/dev/null | base64') }}" diff --git a/ansible/roles/pulp_site/defaults/main.yml b/ansible/roles/pulp_site/defaults/main.yml new file mode 100644 index 000000000..077871263 --- /dev/null +++ b/ansible/roles/pulp_site/defaults/main.yml @@ -0,0 +1,75 @@ +pulp_site_url: "http://{{ appliances_pulp_url }}:{{ pulp_site_port }}" +pulp_site_port: 8080 +pulp_site_username: admin # shouldn't be changed +pulp_site_upstream_username: slurm-app-ci +pulp_site_upstream_password: "{{ lookup('ansible.builtin.env', 'ARK_PASSWORD') }}" +pulp_site_password: "{{ vault_pulp_admin_password }}" +pulp_site_validate_certs: false +pulp_site_install_dir: '/home/rocky/pulp' +pulp_site_selinux_suffix: "{{ ':Z' if ansible_selinux.status == 'enabled' else '' }}" + +pulp_site_rpm_repos: + - name: baseos + url: https://ark.stackhpc.com/pulp/content/rocky/9.4/BaseOS/x86_64/os/20240816T002610 + remote_username: "{{ pulp_site_upstream_username }}" + remote_password: "{{ pulp_site_upstream_password }}" + policy: on_demand + state: present + - name: appstream + url: https://ark.stackhpc.com/pulp/content/rocky/9.4/AppStream/x86_64/os/20240816T002610 + remote_username: "{{ pulp_site_upstream_username }}" + remote_password: "{{ pulp_site_upstream_password }}" + policy: on_demand + state: present + - name: crb + url: https://ark.stackhpc.com/pulp/content/rocky/9.4/CRB/x86_64/os/20240816T002610 + remote_username: "{{ pulp_site_upstream_username }}" + remote_password: "{{ pulp_site_upstream_password }}" + policy: on_demand + state: present + - name: extras + url: https://ark.stackhpc.com/pulp/content/rocky/9.4/extras/x86_64/os/20240816T002610 + remote_username: "{{ pulp_site_upstream_username }}" + remote_password: "{{ pulp_site_upstream_password }}" + policy: on_demand + state: present + - name: epel + url: https://ark.stackhpc.com/pulp/content/epel/9/Everything/x86_64/20240902T080424 + remote_username: "{{ pulp_site_upstream_username }}" + remote_password: "{{ pulp_site_upstream_password }}" + policy: on_demand + state: present + +pulp_site_rpm_publications: +- repository: baseos + state: present +- repository: appstream + state: present +- repository: crb + state: present +- repository: extras + state: present +- repository: epel + state: present + +pulp_site_rpm_distributions: +- name: baseos + base_path: rocky/9.4/baseos + repository: baseos + state: present +- name: appstream + base_path: rocky/9.4/appstream + repository: appstream + state: present +- name: crb + base_path: rocky/9.4/crb + repository: crb + state: present +- name: extras + base_path: rocky/9.4/extras + repository: extras + state: present +- name: epel + base_path: epel/9 + repository: epel + state: present diff --git a/ansible/roles/pulp_site/tasks/install.yml b/ansible/roles/pulp_site/tasks/install.yml new file mode 100644 index 000000000..39b4fcd97 --- /dev/null +++ b/ansible/roles/pulp_site/tasks/install.yml @@ -0,0 +1,43 @@ +--- + +- name: Install packages + dnf: + name: + - podman + +- name: Create install directories + ansible.builtin.file: + state: directory + path: "{{ pulp_site_install_dir }}/{{ item }}" + loop: + - settings/certs + - pulp_storage + - pgsql + - containers + +- name: Template settings file + ansible.builtin.template: + src: settings.py.j2 + dest: "{{ pulp_site_install_dir }}/settings/settings.py" + +- name: Install pulp podman container + containers.podman.podman_container: + name: pulp + publish: + - "{{ pulp_site_port }}:80" + volume: + - "{{ pulp_site_install_dir }}/settings:/etc/pulp{{ pulp_site_selinux_suffix }}" + - "{{ pulp_site_install_dir }}/pulp_storage:/var/lib/pulp{{ pulp_site_selinux_suffix }}" + - "{{ pulp_site_install_dir }}/pgsql:/var/lib/pgsql{{ pulp_site_selinux_suffix }}" + - "{{ pulp_site_install_dir }}/containers:/var/lib/containers{{ pulp_site_selinux_suffix }}" + device: /dev/fuse + image: docker.io/pulp/pulp:3.68.1 + +- name: Reset admin password once container has initialised + no_log: true + ansible.builtin.shell: + cmd: "podman exec pulp bash -c 'pulpcore-manager reset-admin-password -p {{ pulp_site_password }}'" + register: _admin_reset_output + until: 0 == _admin_reset_output.rc + retries: 6 + delay: 30 diff --git a/ansible/roles/pulp_site/tasks/sync.yml b/ansible/roles/pulp_site/tasks/sync.yml new file mode 100644 index 000000000..62395f0f3 --- /dev/null +++ b/ansible/roles/pulp_site/tasks/sync.yml @@ -0,0 +1,73 @@ +--- + +- name: Wait for Pulp server + pulp.squeezer.status: + pulp_url: "{{ pulp_site_url }}" + username: "{{ pulp_site_username }}" + password: "{{ pulp_site_password }}" + register: _pulp_status + until: _pulp_status.failed == false + retries: 30 + delay: 20 + +- name: Ensure Pulp CLI config directory exists + ansible.builtin.file: + path: ~/.config/pulp + state: directory + +- name: Create config file + no_log: true + ansible.builtin.template: + src: cli.toml.j2 + dest: ~/.config/pulp/cli.toml + mode: '0644' + +- block: + - name: Ensure squeezer cache exists + ansible.builtin.file: + path: "{{ _cache_dir }}" + state: directory + + - name: Check if squeezer cache is populated + ansible.builtin.stat: + path: "{{ _cache_dir }}/api.json" + register: _cache_stat + + - name: Prepopulate squeezer cache # workaround for race on the cache + ansible.builtin.get_url: + url: "{{ pulp_site_url }}/pulp/api/v3/docs/api.json" + dest: "{{ _cache_dir }}/api.json" + timeout: 40 + when: not _cache_stat.stat.exists + vars: + _cache_dir: "~/.cache/squeezer/{{ pulp_site_url | regex_replace( ':|/' , '_' ) }}" + +- name: Get Pulp repos from release train + ansible.builtin.include_role: + name: stackhpc.pulp.pulp_repository + tasks_from: rpm.yml + vars: + pulp_url: "{{ pulp_site_url }}" + pulp_username: "{{ pulp_site_username }}" + pulp_password: "{{ pulp_site_password }}" + pulp_repository_rpm_repos: "{{ pulp_site_rpm_repos }}" + +- name: Create Pulp publications + ansible.builtin.include_role: + name: stackhpc.pulp.pulp_publication + tasks_from: rpm.yml + vars: + pulp_url: "{{ pulp_site_url }}" + pulp_username: "{{ pulp_site_username }}" + pulp_password: "{{ pulp_site_password }}" + pulp_publication_rpm: "{{ pulp_site_rpm_publications }}" + +- name: Create Pulp distributions + ansible.builtin.include_role: + name: stackhpc.pulp.pulp_distribution + tasks_from: rpm.yml + vars: + pulp_url: "{{ pulp_site_url }}" + pulp_username: "{{ pulp_site_username }}" + pulp_password: "{{ pulp_site_password }}" + pulp_distribution_rpm: "{{ pulp_site_rpm_distributions }}" diff --git a/ansible/roles/pulp_site/templates/cli.toml.j2 b/ansible/roles/pulp_site/templates/cli.toml.j2 new file mode 100644 index 000000000..06867902f --- /dev/null +++ b/ansible/roles/pulp_site/templates/cli.toml.j2 @@ -0,0 +1,14 @@ +[cli] +base_url = "{{ pulp_site_url }}" +username = "{{ pulp_site_username }}" +password = "{{ pulp_site_password }}" +api_root = "/pulp/" +domain = "default" +headers = [] +cert = "" +key = "" +verify_ssl = true +format = "json" +dry_run = false +timeout = 0 +verbose = 0 diff --git a/ansible/roles/pulp_site/templates/settings.py.j2 b/ansible/roles/pulp_site/templates/settings.py.j2 new file mode 100644 index 000000000..200212e2c --- /dev/null +++ b/ansible/roles/pulp_site/templates/settings.py.j2 @@ -0,0 +1,2 @@ +CONTENT_ORIGIN='http://{{ ansible_fqdn }}:{{ pulp_site_port }}' +TOKEN_AUTH_DISABLED=True diff --git a/ansible/site.yml b/ansible/site.yml index bb379399d..a09d5a510 100644 --- a/ansible/site.yml +++ b/ansible/site.yml @@ -28,6 +28,15 @@ - import_playbook: portal.yml - import_playbook: monitoring.yml +- hosts: dnf_repos + become: yes + tasks: + - name: Disable pulp repos + ansible.builtin.include_role: + name: dnf_repos + tasks_from: disable_repos.yml + when: appliances_mode != 'configure' and ansible_distribution_major_version == "9" #TODO update role once RL8 config decided + - name: Run post.yml hook vars: # hostvars not available here, so have to recalculate environment root: diff --git a/environments/.stackhpc/hooks/post.yml b/environments/.stackhpc/hooks/post.yml index 98e366304..9d506d725 100644 --- a/environments/.stackhpc/hooks/post.yml +++ b/environments/.stackhpc/hooks/post.yml @@ -12,12 +12,3 @@ - "/opt/ood/ondemand/root/usr/share/gems/3.1/ondemand/{{ ondemand_package_version }}-1/gems/bootstrap_form-2.7.0/test/dummy/Gemfile.lock" - "/opt/ood/ondemand/root/usr/share/gems/3.1/ondemand/{{ ondemand_package_version }}-1/gems/bootstrap_form-4.5.0/demo/yarn.lock" - /var/www/ood/apps/sys/dashboard/node_modules/data-confirm-modal/Gemfile.lock - -- hosts: builder - become: yes - tasks: - - name: Disable ark repos - ansible.builtin.include_role: - name: dnf_repos - tasks_from: disable_repos.yml - when: ansible_distribution_major_version == "9" #TODO update role once RL8 config decided diff --git a/environments/.stackhpc/hooks/pre.yml b/environments/.stackhpc/hooks/pre.yml index 9ea84740d..0fdbf9f60 100644 --- a/environments/.stackhpc/hooks/pre.yml +++ b/environments/.stackhpc/hooks/pre.yml @@ -17,12 +17,3 @@ - "{{ lookup('env', 'APPLIANCES_ENVIRONMENT_ROOT') }}/inventory/hosts.yml" - "{{ lookup('env', 'APPLIANCES_ENVIRONMENT_ROOT') }}/inventory/group_vars/all/secrets.yml" - "{{ lookup('env', 'APPLIANCES_ENVIRONMENT_ROOT') }}/inventory/group_vars/all/test_user.yml" - -- hosts: builder - become: yes - tasks: - - name: Replace system repos with ark - ansible.builtin.include_role: - name: dnf_repos - tasks_from: set_repos.yml - when: ansible_distribution_major_version == "9" #TODO update role once RL8 config decided diff --git a/environments/.stackhpc/inventory/group_vars/builder.yml b/environments/.stackhpc/inventory/group_vars/builder.yml index 1a65daa48..50ef3d76c 100644 --- a/environments/.stackhpc/inventory/group_vars/builder.yml +++ b/environments/.stackhpc/inventory/group_vars/builder.yml @@ -1,2 +1,2 @@ #update_enable: false # Can uncomment for speed debugging non-update related build issues -dnf_repos_pulp_url: http://192.168.10.157:8080 +dnf_repos_pulp_url: http://192.168.10.157 diff --git a/environments/common/inventory/group_vars/all/defaults.yml b/environments/common/inventory/group_vars/all/defaults.yml index 2a88f035d..a7bb92ee3 100644 --- a/environments/common/inventory/group_vars/all/defaults.yml +++ b/environments/common/inventory/group_vars/all/defaults.yml @@ -7,6 +7,7 @@ appliances_environment_name: "{{ appliances_environment_root | basename | regex_ appliances_cockpit_state: absent # RHEL cockpit installed but not enabled in genericcloud images; appliance defaults to removing it #appliances_state_dir: # define an absolute path here to use for persistent state: NB: This is defined as /var/lib/state in inventory by the default Terraform appliances_mode: configure +#appliances_pulp_url: #override required # Address(ip/dns) for internal communication between services. This is # normally traffic you do no want to expose to users. diff --git a/environments/common/inventory/groups b/environments/common/inventory/groups index 9b9aa5bf0..a88ccf338 100644 --- a/environments/common/inventory/groups +++ b/environments/common/inventory/groups @@ -144,3 +144,7 @@ freeipa_client [lustre] # Hosts to run lustre client + +[dnf_repos:children] +# Hosts to replace system repos with Pulp repos +cluster diff --git a/requirements.txt b/requirements.txt index 6651506fb..7d81f3285 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,4 +1,4 @@ -ansible==6.0.0 +ansible==8.0.0 openstacksdk python-openstackclient==6.6.1 # v7.0.0 has a bug re. rebuild python-manilaclient @@ -9,3 +9,4 @@ cookiecutter selinux # this is a shim to avoid having to use --system-site-packages, you still need sudo yum install libselinux-python3 netaddr matplotlib +pulp-cli==0.29.2 diff --git a/requirements.yml b/requirements.yml index 3d8c44011..6a461a6fa 100644 --- a/requirements.yml +++ b/requirements.yml @@ -49,4 +49,6 @@ collections: - name: https://github.com/azimuth-cloud/ansible-collection-image-utils type: git version: 0.4.0 + - name: stackhpc.pulp + version: 0.5.5 ... From 0d8a440e742fdbe985925dd5073c341135999567 Mon Sep 17 00:00:00 2001 From: wtripp180901 Date: Fri, 6 Dec 2024 15:19:21 +0000 Subject: [PATCH 14/45] typos --- ansible/adhoc/deploy-pulp.yml | 2 +- environments/.stackhpc/inventory/group_vars/builder.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/ansible/adhoc/deploy-pulp.yml b/ansible/adhoc/deploy-pulp.yml index 291da7f59..cbb6bb6f6 100644 --- a/ansible/adhoc/deploy-pulp.yml +++ b/ansible/adhoc/deploy-pulp.yml @@ -22,4 +22,4 @@ dest: "{{ lookup('env', 'APPLIANCES_ENVIRONMENT_ROOT') }}/inventory/group_vars/all/pulp_server.yml" content: | # ansible managed - appliances_pulp_server: "http://{{ pulp_server }}" + appliances_pulp_url: "http://{{ pulp_server }}" diff --git a/environments/.stackhpc/inventory/group_vars/builder.yml b/environments/.stackhpc/inventory/group_vars/builder.yml index 50ef3d76c..f32bd2928 100644 --- a/environments/.stackhpc/inventory/group_vars/builder.yml +++ b/environments/.stackhpc/inventory/group_vars/builder.yml @@ -1,2 +1,2 @@ #update_enable: false # Can uncomment for speed debugging non-update related build issues -dnf_repos_pulp_url: http://192.168.10.157 +appliances_pulp_url: http://192.168.10.157 From 90a33fa3563c70c912dcaf821bfe91763c8cad9c Mon Sep 17 00:00:00 2001 From: wtripp180901 Date: Fri, 6 Dec 2024 15:26:58 +0000 Subject: [PATCH 15/45] missed merge conflict --- environments/.stackhpc/hooks/post.yml | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/environments/.stackhpc/hooks/post.yml b/environments/.stackhpc/hooks/post.yml index 31dafd8c1..9d506d725 100644 --- a/environments/.stackhpc/hooks/post.yml +++ b/environments/.stackhpc/hooks/post.yml @@ -12,15 +12,3 @@ - "/opt/ood/ondemand/root/usr/share/gems/3.1/ondemand/{{ ondemand_package_version }}-1/gems/bootstrap_form-2.7.0/test/dummy/Gemfile.lock" - "/opt/ood/ondemand/root/usr/share/gems/3.1/ondemand/{{ ondemand_package_version }}-1/gems/bootstrap_form-4.5.0/demo/yarn.lock" - /var/www/ood/apps/sys/dashboard/node_modules/data-confirm-modal/Gemfile.lock -<<<<<<< HEAD -======= - -- hosts: builder - become: yes - tasks: - - name: Disable ark repos - ansible.builtin.include_role: - name: dnf_repos - tasks_from: disable_repos.yml - when: ansible_distribution_major_version == "9" #TODO update role once RL8 config decided ->>>>>>> main From eaa3680596fb1a717b9fbca3342ce58e43a43ca9 Mon Sep 17 00:00:00 2001 From: wtripp180901 Date: Fri, 6 Dec 2024 15:39:00 +0000 Subject: [PATCH 16/45] moved pulp port into url --- ansible/roles/pulp_site/defaults/main.yml | 2 +- environments/.stackhpc/inventory/group_vars/builder.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/ansible/roles/pulp_site/defaults/main.yml b/ansible/roles/pulp_site/defaults/main.yml index 077871263..d4fa8aef6 100644 --- a/ansible/roles/pulp_site/defaults/main.yml +++ b/ansible/roles/pulp_site/defaults/main.yml @@ -1,4 +1,4 @@ -pulp_site_url: "http://{{ appliances_pulp_url }}:{{ pulp_site_port }}" +pulp_site_url: "http://{{ appliances_pulp_url }}" pulp_site_port: 8080 pulp_site_username: admin # shouldn't be changed pulp_site_upstream_username: slurm-app-ci diff --git a/environments/.stackhpc/inventory/group_vars/builder.yml b/environments/.stackhpc/inventory/group_vars/builder.yml index f32bd2928..609e5a0c4 100644 --- a/environments/.stackhpc/inventory/group_vars/builder.yml +++ b/environments/.stackhpc/inventory/group_vars/builder.yml @@ -1,2 +1,2 @@ #update_enable: false # Can uncomment for speed debugging non-update related build issues -appliances_pulp_url: http://192.168.10.157 +appliances_pulp_url: http://192.168.10.157:8080 From 9a75656497096cfc5acafbdb4bdefd1ac80e7b8e Mon Sep 17 00:00:00 2001 From: wtripp180901 Date: Fri, 6 Dec 2024 16:07:40 +0000 Subject: [PATCH 17/45] fixed port not getting added in adhoc --- ansible/adhoc/deploy-pulp.yml | 26 +++++++++++++++++++------- 1 file changed, 19 insertions(+), 7 deletions(-) diff --git a/ansible/adhoc/deploy-pulp.yml b/ansible/adhoc/deploy-pulp.yml index cbb6bb6f6..ad453e3f7 100644 --- a/ansible/adhoc/deploy-pulp.yml +++ b/ansible/adhoc/deploy-pulp.yml @@ -7,19 +7,31 @@ name: "{{ pulp_server }}" group: "_pulp_host" -- name: Install pulp on server +- name: Install pulp on server and add to config become: yes hosts: _pulp_host tasks: - - ansible.builtin.import_role: + + - name: Install pulp + ansible.builtin.include_role: name: pulp_site tasks_from: install.yml + public: true -- name: Add pulp host to environment - hosts: localhost - tasks: - - ansible.builtin.copy: + - name: Add pulp host to environment + become: no + delegate_to: localhost + ansible.builtin.copy: dest: "{{ lookup('env', 'APPLIANCES_ENVIRONMENT_ROOT') }}/inventory/group_vars/all/pulp_server.yml" content: | # ansible managed - appliances_pulp_url: "http://{{ pulp_server }}" + appliances_pulp_url: "http://{{ pulp_server }}:{{ pulp_site_port }}" + +# - name: Add pulp host to environment +# hosts: localhost +# tasks: +# - ansible.builtin.copy: +# dest: "{{ lookup('env', 'APPLIANCES_ENVIRONMENT_ROOT') }}/inventory/group_vars/all/pulp_server.yml" +# content: | +# # ansible managed +# appliances_pulp_url: "http://{{ pulp_server }}:{{ pulp_site_port }}" From 741872a7ee74e143241e5afd621b6442f99623e8 Mon Sep 17 00:00:00 2001 From: wtripp180901 Date: Fri, 6 Dec 2024 16:15:23 +0000 Subject: [PATCH 18/45] bump --- .../.stackhpc/terraform/cluster_image.auto.tfvars.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/environments/.stackhpc/terraform/cluster_image.auto.tfvars.json b/environments/.stackhpc/terraform/cluster_image.auto.tfvars.json index 14c997596..5e71beebd 100644 --- a/environments/.stackhpc/terraform/cluster_image.auto.tfvars.json +++ b/environments/.stackhpc/terraform/cluster_image.auto.tfvars.json @@ -1,6 +1,6 @@ { "cluster_image": { - "RL8": "openhpc-RL8-241203-1659-b0558b95", - "RL9": "openhpc-RL9-241203-1659-b0558b95" + "RL8": "openhpc-RL8-241206-1541-eaa36805", + "RL9": "openhpc-RL9-241206-1541-eaa36805" } } From 39cf55682d8324733fbe12cdd0d3291e6f312fed Mon Sep 17 00:00:00 2001 From: wtripp180901 Date: Fri, 6 Dec 2024 16:38:34 +0000 Subject: [PATCH 19/45] cleaned up disabling repos + now optional --- ansible/roles/dnf_repos/defaults/main.yml | 1 + .../roles/dnf_repos/tasks/disable_repos.yml | 20 ++++--------------- 2 files changed, 5 insertions(+), 16 deletions(-) diff --git a/ansible/roles/dnf_repos/defaults/main.yml b/ansible/roles/dnf_repos/defaults/main.yml index 24bb4852b..359814e47 100644 --- a/ansible/roles/dnf_repos/defaults/main.yml +++ b/ansible/roles/dnf_repos/defaults/main.yml @@ -2,6 +2,7 @@ dnf_repos_pulp_url: "{{ appliances_pulp_url }}" dnf_repos_pulp_content_url: "{{ dnf_repos_pulp_url }}/pulp/content" dnf_repos_rocky_prefix: "{{ ansible_distribution | lower }}/{{ ansible_distribution_version }}" dnf_repos_epel_prefix: "epel/{{ ansible_distribution_major_version }}" +dnf_repos_disable: true # epel installed separately dnf_repos_repolist: diff --git a/ansible/roles/dnf_repos/tasks/disable_repos.yml b/ansible/roles/dnf_repos/tasks/disable_repos.yml index f8997b741..69aed3b6b 100644 --- a/ansible/roles/dnf_repos/tasks/disable_repos.yml +++ b/ansible/roles/dnf_repos/tasks/disable_repos.yml @@ -1,18 +1,6 @@ --- - name: Disable Pulp repos and remove creds - ansible.builtin.yum_repository: - file: "{{ item.file }}" - name: "{{ item.name }}" - baseurl: "{{ item.base_url }}" - description: "{{ item.name }}" - enabled: false - loop: "{{ dnf_repos_repolist }}" - -- name: Disable EPEL repo and remove creds - ansible.builtin.yum_repository: - name: epel - file: epel - description: epel - baseurl: "{{ dnf_repos_epel_baseurl }}" - gpgcheck: false - enabled: false + ansible.builtin.yum: + disablerepo: "{{ item.name }}" + loop: "{{ dnf_repos_repolist + [epel] }}" + when: dnf_repos_disable From 25644c362b93e1a8242aaca3e992c79ecd01d3bc Mon Sep 17 00:00:00 2001 From: wtripp180901 Date: Mon, 9 Dec 2024 12:05:48 +0000 Subject: [PATCH 20/45] typo --- ansible/roles/pulp_site/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/roles/pulp_site/defaults/main.yml b/ansible/roles/pulp_site/defaults/main.yml index d4fa8aef6..f648696e3 100644 --- a/ansible/roles/pulp_site/defaults/main.yml +++ b/ansible/roles/pulp_site/defaults/main.yml @@ -1,4 +1,4 @@ -pulp_site_url: "http://{{ appliances_pulp_url }}" +pulp_site_url: "{{ appliances_pulp_url }}" pulp_site_port: 8080 pulp_site_username: admin # shouldn't be changed pulp_site_upstream_username: slurm-app-ci From fef3d566dcc40f1dad2cbab5fc2fb7d07d66eff3 Mon Sep 17 00:00:00 2001 From: wtripp180901 Date: Wed, 11 Dec 2024 14:53:15 +0000 Subject: [PATCH 21/45] repos now timestamped + synced at bootstrap --- .github/workflows/fatimage.yml | 1 + .github/workflows/nightlybuild.yml | 1 + ansible/adhoc/deploy-pulp.yml | 9 -- ansible/bootstrap.yml | 6 +- ansible/roles/dnf_repos/defaults/main.yml | 11 ++- ansible/roles/pulp_site/defaults/main.yml | 99 +++++++++---------- environments/.stackhpc/hooks/pre.yml | 9 -- .../inventory/group_vars/builder.yml | 10 +- .../inventory/group_vars/all/defaults.yml | 8 ++ environments/common/inventory/groups | 5 + 10 files changed, 82 insertions(+), 77 deletions(-) diff --git a/.github/workflows/fatimage.yml b/.github/workflows/fatimage.yml index 217b09c22..3a32f47b2 100644 --- a/.github/workflows/fatimage.yml +++ b/.github/workflows/fatimage.yml @@ -40,6 +40,7 @@ jobs: } } ARK_PASSWORD: ${{ secrets.ARK_PASSWORD }} + LEAFCLOUD_PULP_PASSWORD: ${{ secrets.LEAFCLOUD_PULP_PASSWORD }} steps: - uses: actions/checkout@v2 diff --git a/.github/workflows/nightlybuild.yml b/.github/workflows/nightlybuild.yml index 9f45b0890..ee2b4b6f8 100644 --- a/.github/workflows/nightlybuild.yml +++ b/.github/workflows/nightlybuild.yml @@ -38,6 +38,7 @@ jobs: "RL9": "Rocky-9-GenericCloud-Base-9.4-20240523.0.x86_64.qcow2" } ARK_PASSWORD: ${{ secrets.ARK_PASSWORD }} + LEAFCLOUD_PULP_PASSWORD: ${{ secrets.LEAFCLOUD_PULP_PASSWORD }} steps: - uses: actions/checkout@v2 diff --git a/ansible/adhoc/deploy-pulp.yml b/ansible/adhoc/deploy-pulp.yml index ad453e3f7..89c51922a 100644 --- a/ansible/adhoc/deploy-pulp.yml +++ b/ansible/adhoc/deploy-pulp.yml @@ -26,12 +26,3 @@ content: | # ansible managed appliances_pulp_url: "http://{{ pulp_server }}:{{ pulp_site_port }}" - -# - name: Add pulp host to environment -# hosts: localhost -# tasks: -# - ansible.builtin.copy: -# dest: "{{ lookup('env', 'APPLIANCES_ENVIRONMENT_ROOT') }}/inventory/group_vars/all/pulp_server.yml" -# content: | -# # ansible managed -# appliances_pulp_url: "http://{{ pulp_server }}:{{ pulp_site_port }}" diff --git a/ansible/bootstrap.yml b/ansible/bootstrap.yml index cc3cf7a12..dfe212d02 100644 --- a/ansible/bootstrap.yml +++ b/ansible/bootstrap.yml @@ -111,11 +111,15 @@ register: sestatus - name: Sync pulp repos with upstream - hosts: localhost + hosts: pulp tasks: + - debug: + var: hostvars[groups['builder'][0]]['ansible_facts'] - ansible.builtin.include_role: name: pulp_site tasks_from: sync.yml + apply: + delegate_to: localhost when: appliances_mode != 'configure' - hosts: dnf_repos diff --git a/ansible/roles/dnf_repos/defaults/main.yml b/ansible/roles/dnf_repos/defaults/main.yml index 359814e47..0a09e5f3a 100644 --- a/ansible/roles/dnf_repos/defaults/main.yml +++ b/ansible/roles/dnf_repos/defaults/main.yml @@ -3,20 +3,21 @@ dnf_repos_pulp_content_url: "{{ dnf_repos_pulp_url }}/pulp/content" dnf_repos_rocky_prefix: "{{ ansible_distribution | lower }}/{{ ansible_distribution_version }}" dnf_repos_epel_prefix: "epel/{{ ansible_distribution_major_version }}" dnf_repos_disable: true +dnf_repos_version_timestamps: "{{ appliances_repo_timestamps[ansible_distribution_version] }}" # epel installed separately dnf_repos_repolist: - file: rocky name: baseos - base_url: "{{ dnf_repos_pulp_content_url }}/{{ dnf_repos_rocky_prefix }}/baseos" + base_url: "{{ dnf_repos_pulp_content_url }}/{{ dnf_repos_rocky_prefix }}/baseos/{{ dnf_repos_version_timestamps.baseos }}" - file: rocky name: appstream - base_url: "{{ dnf_repos_pulp_content_url }}/{{ dnf_repos_rocky_prefix }}/appstream" + base_url: "{{ dnf_repos_pulp_content_url }}/{{ dnf_repos_rocky_prefix }}/appstream/{{ dnf_repos_version_timestamps.appstream }}" - file: rocky name: crb - base_url: "{{ dnf_repos_pulp_content_url }}/{{ dnf_repos_rocky_prefix }}/crb" + base_url: "{{ dnf_repos_pulp_content_url }}/{{ dnf_repos_rocky_prefix }}/crb/{{ dnf_repos_version_timestamps.crb }}" - file: rocky-extras name: extras - base_url: "{{ dnf_repos_pulp_content_url }}/{{ dnf_repos_rocky_prefix }}/extras" + base_url: "{{ dnf_repos_pulp_content_url }}/{{ dnf_repos_rocky_prefix }}/extras/{{ dnf_repos_version_timestamps.extras }}" -dnf_repos_epel_baseurl: "{{ dnf_repos_pulp_content_url }}/epel/{{ ansible_distribution_major_version }}" +dnf_repos_epel_baseurl: "{{ dnf_repos_pulp_content_url }}/epel/{{ ansible_distribution_version }}/{{ dnf_repos_version_timestamps.epel }}" diff --git a/ansible/roles/pulp_site/defaults/main.yml b/ansible/roles/pulp_site/defaults/main.yml index f648696e3..0fc92859a 100644 --- a/ansible/roles/pulp_site/defaults/main.yml +++ b/ansible/roles/pulp_site/defaults/main.yml @@ -3,73 +3,70 @@ pulp_site_port: 8080 pulp_site_username: admin # shouldn't be changed pulp_site_upstream_username: slurm-app-ci pulp_site_upstream_password: "{{ lookup('ansible.builtin.env', 'ARK_PASSWORD') }}" +pulp_site_default_upstream_prefix: "https://ark.stackhpc.com/pulp/content/{{ pulp_site_target_distribution }}/{{ pulp_site_target_distribution_version }}" +pulp_site_default_upstream_suffix: "{{ pulp_site_target_arch }}/os" pulp_site_password: "{{ vault_pulp_admin_password }}" pulp_site_validate_certs: false pulp_site_install_dir: '/home/rocky/pulp' pulp_site_selinux_suffix: "{{ ':Z' if ansible_selinux.status == 'enabled' else '' }}" +pulp_site_target_facts: "{{ hostvars[groups['builder'][0]]['ansible_facts'] }}" +pulp_site_target_arch: "{{ pulp_site_target_facts['architecture'] }}" +pulp_site_target_distribution: "{{ pulp_site_target_facts['distribution'] | lower }}" +pulp_site_target_distribution_version: "{{ pulp_site_target_facts['distribution_version'] }}" +pulp_site_target_distribution_version_major: "{{ pulp_site_target_facts['distribution_major_version'] }}" +pulp_site_version_timestamps: "{{ appliances_repo_timestamps[pulp_site_target_distribution_version] }}" -pulp_site_rpm_repos: - - name: baseos - url: https://ark.stackhpc.com/pulp/content/rocky/9.4/BaseOS/x86_64/os/20240816T002610 - remote_username: "{{ pulp_site_upstream_username }}" - remote_password: "{{ pulp_site_upstream_password }}" - policy: on_demand - state: present - - name: appstream - url: https://ark.stackhpc.com/pulp/content/rocky/9.4/AppStream/x86_64/os/20240816T002610 - remote_username: "{{ pulp_site_upstream_username }}" - remote_password: "{{ pulp_site_upstream_password }}" - policy: on_demand - state: present - - name: crb - url: https://ark.stackhpc.com/pulp/content/rocky/9.4/CRB/x86_64/os/20240816T002610 - remote_username: "{{ pulp_site_upstream_username }}" - remote_password: "{{ pulp_site_upstream_password }}" - policy: on_demand - state: present - - name: extras - url: https://ark.stackhpc.com/pulp/content/rocky/9.4/extras/x86_64/os/20240816T002610 - remote_username: "{{ pulp_site_upstream_username }}" - remote_password: "{{ pulp_site_upstream_password }}" - policy: on_demand - state: present - - name: epel - url: https://ark.stackhpc.com/pulp/content/epel/9/Everything/x86_64/20240902T080424 - remote_username: "{{ pulp_site_upstream_username }}" - remote_password: "{{ pulp_site_upstream_password }}" - policy: on_demand - state: present + +pulp_site_rpm_repo_list: + - name: "baseos-{{ pulp_site_target_distribution_version }}-{{ pulp_site_version_timestamps.baseos }}" + url: "{{ pulp_site_default_upstream_prefix }}/BaseOS/{{ pulp_site_default_upstream_suffix }}/{{ pulp_site_version_timestamps.baseos }}" + - name: "appstream-{{ pulp_site_target_distribution_version }}-{{ pulp_site_version_timestamps.appstream }}" + url: "{{ pulp_site_default_upstream_prefix }}/AppStream/{{ pulp_site_default_upstream_suffix }}/{{ pulp_site_version_timestamps.appstream }}" + - name: "crb-{{ pulp_site_target_distribution_version }}-{{ pulp_site_version_timestamps.crb }}" + url: "{{ pulp_site_default_upstream_prefix }}/{{ 'PowerTools' if pulp_site_target_distribution_version_major == '8' else 'CRB' }}/{{ pulp_site_default_upstream_suffix }}/{{ pulp_site_version_timestamps.crb }}" + - name: "extras-{{ pulp_site_target_distribution_version }}-{{ pulp_site_version_timestamps.extras }}" + url: "{{ pulp_site_default_upstream_prefix }}/extras/{{ pulp_site_default_upstream_suffix }}/{{ pulp_site_version_timestamps.extras }}" + - name: "epel-{{ pulp_site_target_distribution_version }}-{{ pulp_site_version_timestamps.epel }}" + url: "https://ark.stackhpc.com/pulp/content/epel/{{ pulp_site_target_distribution_version_major }}/Everything/{{ pulp_site_target_arch }}/{{ pulp_site_version_timestamps.epel }}" + +pulp_site_defaults: + remote_username: "{{ pulp_site_upstream_username }}" + remote_password: "{{ pulp_site_upstream_password }}" + policy: on_demand + state: present + +pulp_site_rpm_repos: "{{ pulp_site_rpm_repo_list | map('combine', pulp_site_defaults) }}" pulp_site_rpm_publications: -- repository: baseos +- repository: "baseos-{{ pulp_site_target_distribution_version }}-{{ pulp_site_version_timestamps.baseos }}" state: present -- repository: appstream +- repository: "appstream-{{ pulp_site_target_distribution_version }}-{{ pulp_site_version_timestamps.appstream }}" state: present -- repository: crb +- repository: "crb-{{ pulp_site_target_distribution_version }}-{{ pulp_site_version_timestamps.crb }}" state: present -- repository: extras +- repository: "extras-{{ pulp_site_target_distribution_version }}-{{ pulp_site_version_timestamps.extras }}" state: present -- repository: epel +- repository: "epel-{{ pulp_site_target_distribution_version }}-{{ pulp_site_version_timestamps.epel }}" state: present pulp_site_rpm_distributions: -- name: baseos - base_path: rocky/9.4/baseos - repository: baseos +- name: "baseos-{{ pulp_site_target_distribution_version }}-{{ pulp_site_version_timestamps.baseos }}" + base_path: "rocky/{{ pulp_site_target_distribution_version }}/baseos/{{ pulp_site_version_timestamps.baseos }}" + repository: "baseos-{{ pulp_site_target_distribution_version }}-{{ pulp_site_version_timestamps.baseos }}" state: present -- name: appstream - base_path: rocky/9.4/appstream - repository: appstream +- name: "appstream-{{ pulp_site_target_distribution_version }}-{{ pulp_site_version_timestamps.appstream }}" + base_path: "rocky/{{ pulp_site_target_distribution_version }}/appstream/{{ pulp_site_version_timestamps.appstream }}" + repository: "appstream-{{ pulp_site_target_distribution_version }}-{{ pulp_site_version_timestamps.appstream }}" state: present -- name: crb - base_path: rocky/9.4/crb - repository: crb +- name: "crb-{{ pulp_site_target_distribution_version }}-{{ pulp_site_version_timestamps.crb }}" + base_path: "rocky/{{ pulp_site_target_distribution_version }}/crb/{{ pulp_site_version_timestamps.crb }}" + repository: "crb-{{ pulp_site_target_distribution_version }}-{{ pulp_site_version_timestamps.crb }}" state: present -- name: extras - base_path: rocky/9.4/extras - repository: extras +- name: "extras-{{ pulp_site_target_distribution_version }}-{{ pulp_site_version_timestamps.extras }}" + base_path: "rocky/{{ pulp_site_target_distribution_version }}/extras/{{ pulp_site_version_timestamps.extras }}" + repository: "extras-{{ pulp_site_target_distribution_version }}-{{ pulp_site_version_timestamps.extras }}" state: present -- name: epel - base_path: epel/9 - repository: epel +- name: "epel-{{ pulp_site_target_distribution_version }}-{{ pulp_site_version_timestamps.epel }}" + base_path: "epel/{{ pulp_site_target_distribution_version }}/{{ pulp_site_version_timestamps.epel }}" + repository: "epel-{{ pulp_site_target_distribution_version }}-{{ pulp_site_version_timestamps.epel }}" state: present diff --git a/environments/.stackhpc/hooks/pre.yml b/environments/.stackhpc/hooks/pre.yml index 9ea84740d..0fdbf9f60 100644 --- a/environments/.stackhpc/hooks/pre.yml +++ b/environments/.stackhpc/hooks/pre.yml @@ -17,12 +17,3 @@ - "{{ lookup('env', 'APPLIANCES_ENVIRONMENT_ROOT') }}/inventory/hosts.yml" - "{{ lookup('env', 'APPLIANCES_ENVIRONMENT_ROOT') }}/inventory/group_vars/all/secrets.yml" - "{{ lookup('env', 'APPLIANCES_ENVIRONMENT_ROOT') }}/inventory/group_vars/all/test_user.yml" - -- hosts: builder - become: yes - tasks: - - name: Replace system repos with ark - ansible.builtin.include_role: - name: dnf_repos - tasks_from: set_repos.yml - when: ansible_distribution_major_version == "9" #TODO update role once RL8 config decided diff --git a/environments/.stackhpc/inventory/group_vars/builder.yml b/environments/.stackhpc/inventory/group_vars/builder.yml index 609e5a0c4..0fd19e1f9 100644 --- a/environments/.stackhpc/inventory/group_vars/builder.yml +++ b/environments/.stackhpc/inventory/group_vars/builder.yml @@ -1,2 +1,8 @@ -#update_enable: false # Can uncomment for speed debugging non-update related build issues -appliances_pulp_url: http://192.168.10.157:8080 +# update_enable: false # Can uncomment for speed debugging non-update related build issues +pulp_server_config: + LEAFCLOUD: + url: http://192.168.10.157:8080 + password: lookup('env','LEAFCLOUD_PULP_PASSWORD') + +appliances_pulp_url: "{{ pulp_server_config[lookup('env','CI_CLOUD')].url }}" +pulp_site_password: "{{ pulp_server_config[lookup('env','CI_CLOUD')].password }}" diff --git a/environments/common/inventory/group_vars/all/defaults.yml b/environments/common/inventory/group_vars/all/defaults.yml index a7bb92ee3..9d8a7ab33 100644 --- a/environments/common/inventory/group_vars/all/defaults.yml +++ b/environments/common/inventory/group_vars/all/defaults.yml @@ -81,3 +81,11 @@ appliances_local_users_extra: [] # see format of appliances_local_users_default appliances_local_users: "{{ appliances_local_users_default + appliances_local_users_extra }}" ########################################################################################### + +appliances_repo_timestamps: + '9.4': + baseos: 20240816T002610 + appstream: 20240816T002610 + crb: 20240816T002610 + extras: 20240816T002610 + epel: 20240902T080424 diff --git a/environments/common/inventory/groups b/environments/common/inventory/groups index a88ccf338..fbfcfa0ca 100644 --- a/environments/common/inventory/groups +++ b/environments/common/inventory/groups @@ -148,3 +148,8 @@ freeipa_client [dnf_repos:children] # Hosts to replace system repos with Pulp repos cluster +builder + +[pulp:children] +# Hosts used to run Pulp API commands +builder From 1c4a511eeb9b7102941cf116fba78c978bd68c48 Mon Sep 17 00:00:00 2001 From: wtripp180901 Date: Wed, 11 Dec 2024 17:08:16 +0000 Subject: [PATCH 22/45] refactored pulp_site list --- ansible/roles/pulp_site/defaults/main.yml | 60 ++++++------------- .../filter_plugins/pulp-list-filters.py | 31 ++++++++++ 2 files changed, 48 insertions(+), 43 deletions(-) create mode 100644 ansible/roles/pulp_site/filter_plugins/pulp-list-filters.py diff --git a/ansible/roles/pulp_site/defaults/main.yml b/ansible/roles/pulp_site/defaults/main.yml index 0fc92859a..6a9e98d74 100644 --- a/ansible/roles/pulp_site/defaults/main.yml +++ b/ansible/roles/pulp_site/defaults/main.yml @@ -16,57 +16,31 @@ pulp_site_target_distribution_version: "{{ pulp_site_target_facts['distribution_ pulp_site_target_distribution_version_major: "{{ pulp_site_target_facts['distribution_major_version'] }}" pulp_site_version_timestamps: "{{ appliances_repo_timestamps[pulp_site_target_distribution_version] }}" - -pulp_site_rpm_repo_list: - - name: "baseos-{{ pulp_site_target_distribution_version }}-{{ pulp_site_version_timestamps.baseos }}" - url: "{{ pulp_site_default_upstream_prefix }}/BaseOS/{{ pulp_site_default_upstream_suffix }}/{{ pulp_site_version_timestamps.baseos }}" - - name: "appstream-{{ pulp_site_target_distribution_version }}-{{ pulp_site_version_timestamps.appstream }}" - url: "{{ pulp_site_default_upstream_prefix }}/AppStream/{{ pulp_site_default_upstream_suffix }}/{{ pulp_site_version_timestamps.appstream }}" - - name: "crb-{{ pulp_site_target_distribution_version }}-{{ pulp_site_version_timestamps.crb }}" - url: "{{ pulp_site_default_upstream_prefix }}/{{ 'PowerTools' if pulp_site_target_distribution_version_major == '8' else 'CRB' }}/{{ pulp_site_default_upstream_suffix }}/{{ pulp_site_version_timestamps.crb }}" - - name: "extras-{{ pulp_site_target_distribution_version }}-{{ pulp_site_version_timestamps.extras }}" - url: "{{ pulp_site_default_upstream_prefix }}/extras/{{ pulp_site_default_upstream_suffix }}/{{ pulp_site_version_timestamps.extras }}" - - name: "epel-{{ pulp_site_target_distribution_version }}-{{ pulp_site_version_timestamps.epel }}" - url: "https://ark.stackhpc.com/pulp/content/epel/{{ pulp_site_target_distribution_version_major }}/Everything/{{ pulp_site_target_arch }}/{{ pulp_site_version_timestamps.epel }}" - -pulp_site_defaults: - remote_username: "{{ pulp_site_upstream_username }}" - remote_password: "{{ pulp_site_upstream_password }}" - policy: on_demand - state: present - -pulp_site_rpm_repos: "{{ pulp_site_rpm_repo_list | map('combine', pulp_site_defaults) }}" - -pulp_site_rpm_publications: -- repository: "baseos-{{ pulp_site_target_distribution_version }}-{{ pulp_site_version_timestamps.baseos }}" - state: present -- repository: "appstream-{{ pulp_site_target_distribution_version }}-{{ pulp_site_version_timestamps.appstream }}" - state: present -- repository: "crb-{{ pulp_site_target_distribution_version }}-{{ pulp_site_version_timestamps.crb }}" - state: present -- repository: "extras-{{ pulp_site_target_distribution_version }}-{{ pulp_site_version_timestamps.extras }}" - state: present -- repository: "epel-{{ pulp_site_target_distribution_version }}-{{ pulp_site_version_timestamps.epel }}" - state: present - -pulp_site_rpm_distributions: +pulp_site_rpm_info: - name: "baseos-{{ pulp_site_target_distribution_version }}-{{ pulp_site_version_timestamps.baseos }}" + url: "{{ pulp_site_default_upstream_prefix }}/BaseOS/{{ pulp_site_default_upstream_suffix }}/{{ pulp_site_version_timestamps.baseos }}" base_path: "rocky/{{ pulp_site_target_distribution_version }}/baseos/{{ pulp_site_version_timestamps.baseos }}" - repository: "baseos-{{ pulp_site_target_distribution_version }}-{{ pulp_site_version_timestamps.baseos }}" - state: present - name: "appstream-{{ pulp_site_target_distribution_version }}-{{ pulp_site_version_timestamps.appstream }}" + url: "{{ pulp_site_default_upstream_prefix }}/AppStream/{{ pulp_site_default_upstream_suffix }}/{{ pulp_site_version_timestamps.appstream }}" base_path: "rocky/{{ pulp_site_target_distribution_version }}/appstream/{{ pulp_site_version_timestamps.appstream }}" - repository: "appstream-{{ pulp_site_target_distribution_version }}-{{ pulp_site_version_timestamps.appstream }}" - state: present - name: "crb-{{ pulp_site_target_distribution_version }}-{{ pulp_site_version_timestamps.crb }}" + url: "{{ pulp_site_default_upstream_prefix }}/{{ 'PowerTools' if pulp_site_target_distribution_version_major == '8' else 'CRB' }}/{{ pulp_site_default_upstream_suffix }}/{{ pulp_site_version_timestamps.crb }}" base_path: "rocky/{{ pulp_site_target_distribution_version }}/crb/{{ pulp_site_version_timestamps.crb }}" - repository: "crb-{{ pulp_site_target_distribution_version }}-{{ pulp_site_version_timestamps.crb }}" - state: present - name: "extras-{{ pulp_site_target_distribution_version }}-{{ pulp_site_version_timestamps.extras }}" + url: "{{ pulp_site_default_upstream_prefix }}/extras/{{ pulp_site_default_upstream_suffix }}/{{ pulp_site_version_timestamps.extras }}" base_path: "rocky/{{ pulp_site_target_distribution_version }}/extras/{{ pulp_site_version_timestamps.extras }}" - repository: "extras-{{ pulp_site_target_distribution_version }}-{{ pulp_site_version_timestamps.extras }}" - state: present - name: "epel-{{ pulp_site_target_distribution_version }}-{{ pulp_site_version_timestamps.epel }}" + url: "https://ark.stackhpc.com/pulp/content/epel/{{ pulp_site_target_distribution_version_major }}/Everything/{{ pulp_site_target_arch }}/{{ pulp_site_version_timestamps.epel }}" base_path: "epel/{{ pulp_site_target_distribution_version }}/{{ pulp_site_version_timestamps.epel }}" - repository: "epel-{{ pulp_site_target_distribution_version }}-{{ pulp_site_version_timestamps.epel }}" + +pulp_site_rpm_repo_defaults: + remote_username: "{{ pulp_site_upstream_username }}" + remote_password: "{{ pulp_site_upstream_password }}" + policy: on_demand state: present + +_pulp_site_rpm_info_all: "{{ pulp_site_rpm_info | map('combine', pulp_site_rpm_repo_defaults) }}" + +pulp_site_rpm_repos: "{{ _pulp_site_rpm_info_all | to_rpm_repos }}" +pulp_site_rpm_publications: "{{ _pulp_site_rpm_info_all | to_rpm_pubs }}" +pulp_site_rpm_distributions: "{{ _pulp_site_rpm_info_all | to_rpm_distros }}" diff --git a/ansible/roles/pulp_site/filter_plugins/pulp-list-filters.py b/ansible/roles/pulp_site/filter_plugins/pulp-list-filters.py new file mode 100644 index 000000000..94d89d184 --- /dev/null +++ b/ansible/roles/pulp_site/filter_plugins/pulp-list-filters.py @@ -0,0 +1,31 @@ +class FilterModule(object): + def filters(self): + return { + 'to_rpm_repos': self.to_rpm_repos, + 'to_rpm_pubs': self.to_rpm_pubs, + 'to_rpm_distros': self.to_rpm_distros + } + + def to_rpm_repos(self, list): + repo_list = map(lambda x: { + 'name': x['name'], + 'url': x['url'], + 'remote_username': x['remote_username'], + 'remote_password': x['remote_password'], + 'policy': x['policy'], + 'state': x['state'] }, list) + return repo_list + + def to_rpm_pubs(self, list): + pub_list = map(lambda x: { + 'repository': x['name'], + 'state': x['state'] }, list) + return pub_list + + def to_rpm_distros(self, list): + distro_list = map(lambda x: { + 'name': x['name'], + 'repository': x['name'], + 'base_path': x['base_path'], + 'state': x['state'] }, list) + return distro_list \ No newline at end of file From 187bc40b898b42f1cb67fea653687cb6c4499dd3 Mon Sep 17 00:00:00 2001 From: wtripp180901 Date: Thu, 12 Dec 2024 13:13:02 +0000 Subject: [PATCH 23/45] added pulp sync adhoc and temporarily moved out of ci --- ansible/adhoc/sync-pulp.yml | 11 +++++++++++ ansible/roles/pulp_site/tasks/sync.yml | 5 +++++ environments/.stackhpc/inventory/extra_groups | 2 ++ 3 files changed, 18 insertions(+) create mode 100644 ansible/adhoc/sync-pulp.yml diff --git a/ansible/adhoc/sync-pulp.yml b/ansible/adhoc/sync-pulp.yml new file mode 100644 index 000000000..9c7684445 --- /dev/null +++ b/ansible/adhoc/sync-pulp.yml @@ -0,0 +1,11 @@ +- hosts: localhost + tasks: + - ansible.builtin.include_role: + name: pulp_site + tasks_from: sync.yml + vars: + pulp_site_target_arch: "x86_64" + pulp_site_target_distribution: "rocky" + pulp_site_target_distribution_version: "9.4" + pulp_site_target_distribution_version_major: "9" + pulp_site_version_timestamps: "{{ appliances_repo_timestamps[pulp_site_target_distribution_version] }}" diff --git a/ansible/roles/pulp_site/tasks/sync.yml b/ansible/roles/pulp_site/tasks/sync.yml index 62395f0f3..5ef2bc5f1 100644 --- a/ansible/roles/pulp_site/tasks/sync.yml +++ b/ansible/roles/pulp_site/tasks/sync.yml @@ -1,5 +1,10 @@ --- +- ansible.builtin.assert: + that: pulp_site_upstream_password != '' + quiet: true + fail_msg: "Upstream password not set. Either set env var ARK_PASSWORD or override pulp_site_upstream_password." + - name: Wait for Pulp server pulp.squeezer.status: pulp_url: "{{ pulp_site_url }}" diff --git a/environments/.stackhpc/inventory/extra_groups b/environments/.stackhpc/inventory/extra_groups index 7c9a7c774..c2002c59f 100644 --- a/environments/.stackhpc/inventory/extra_groups +++ b/environments/.stackhpc/inventory/extra_groups @@ -31,3 +31,5 @@ compute [squid:children] # Install squid into fat image builder + +[pulp:children] From 580b0b3b943af7272c85f46950a8e3382cdbca34 Mon Sep 17 00:00:00 2001 From: wtripp180901 Date: Thu, 12 Dec 2024 13:28:39 +0000 Subject: [PATCH 24/45] fixed disabling for ci --- ansible/bootstrap.yml | 4 +--- environments/.stackhpc/inventory/extra_groups | 2 -- environments/.stackhpc/inventory/group_vars/builder.yml | 1 + environments/common/inventory/group_vars/all/defaults.yml | 1 + 4 files changed, 3 insertions(+), 5 deletions(-) diff --git a/ansible/bootstrap.yml b/ansible/bootstrap.yml index dfe212d02..8c46c5e24 100644 --- a/ansible/bootstrap.yml +++ b/ansible/bootstrap.yml @@ -113,14 +113,12 @@ - name: Sync pulp repos with upstream hosts: pulp tasks: - - debug: - var: hostvars[groups['builder'][0]]['ansible_facts'] - ansible.builtin.include_role: name: pulp_site tasks_from: sync.yml apply: delegate_to: localhost - when: appliances_mode != 'configure' + when: appliances_mode != 'configure' and appliances_sync_pulp_on_build - hosts: dnf_repos become: yes diff --git a/environments/.stackhpc/inventory/extra_groups b/environments/.stackhpc/inventory/extra_groups index c2002c59f..7c9a7c774 100644 --- a/environments/.stackhpc/inventory/extra_groups +++ b/environments/.stackhpc/inventory/extra_groups @@ -31,5 +31,3 @@ compute [squid:children] # Install squid into fat image builder - -[pulp:children] diff --git a/environments/.stackhpc/inventory/group_vars/builder.yml b/environments/.stackhpc/inventory/group_vars/builder.yml index 0fd19e1f9..c4b01b03f 100644 --- a/environments/.stackhpc/inventory/group_vars/builder.yml +++ b/environments/.stackhpc/inventory/group_vars/builder.yml @@ -6,3 +6,4 @@ pulp_server_config: appliances_pulp_url: "{{ pulp_server_config[lookup('env','CI_CLOUD')].url }}" pulp_site_password: "{{ pulp_server_config[lookup('env','CI_CLOUD')].password }}" +appliances_sync_pulp_on_build: false diff --git a/environments/common/inventory/group_vars/all/defaults.yml b/environments/common/inventory/group_vars/all/defaults.yml index 9d8a7ab33..f2a6723ad 100644 --- a/environments/common/inventory/group_vars/all/defaults.yml +++ b/environments/common/inventory/group_vars/all/defaults.yml @@ -82,6 +82,7 @@ appliances_local_users: "{{ appliances_local_users_default + appliances_local_us ########################################################################################### +appliances_sync_pulp_on_build: true appliances_repo_timestamps: '9.4': baseos: 20240816T002610 From 2ed66742bb9b665d879af8c0b5e6e6aa6d434163 Mon Sep 17 00:00:00 2001 From: wtripp180901 Date: Thu, 12 Dec 2024 13:39:54 +0000 Subject: [PATCH 25/45] made dnf epel repo more configurable --- ansible/roles/dnf_repos/defaults/main.yml | 1 + ansible/roles/dnf_repos/tasks/set_repos.yml | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/ansible/roles/dnf_repos/defaults/main.yml b/ansible/roles/dnf_repos/defaults/main.yml index 0a09e5f3a..d4c80b0c9 100644 --- a/ansible/roles/dnf_repos/defaults/main.yml +++ b/ansible/roles/dnf_repos/defaults/main.yml @@ -21,3 +21,4 @@ dnf_repos_repolist: base_url: "{{ dnf_repos_pulp_content_url }}/{{ dnf_repos_rocky_prefix }}/extras/{{ dnf_repos_version_timestamps.extras }}" dnf_repos_epel_baseurl: "{{ dnf_repos_pulp_content_url }}/epel/{{ ansible_distribution_version }}/{{ dnf_repos_version_timestamps.epel }}" +dnf_repos_epel_description: "epel" diff --git a/ansible/roles/dnf_repos/tasks/set_repos.yml b/ansible/roles/dnf_repos/tasks/set_repos.yml index 8a8364097..dea803902 100644 --- a/ansible/roles/dnf_repos/tasks/set_repos.yml +++ b/ansible/roles/dnf_repos/tasks/set_repos.yml @@ -17,6 +17,6 @@ ansible.builtin.yum_repository: name: epel file: epel - description: epel + description: "{{ dnf_repos_epel_description }}" gpgcheck: false baseurl: "{{ dnf_repos_epel_baseurl }}" From d12083a6953499ae8c116660ec45aca0183239b0 Mon Sep 17 00:00:00 2001 From: wtripp180901 Date: Thu, 12 Dec 2024 14:10:27 +0000 Subject: [PATCH 26/45] moved repo enable/disable into fatimage --- ansible/bootstrap.yml | 19 ------------------- ansible/fatimage.yml | 28 ++++++++++++++++++++++++++++ ansible/site.yml | 9 --------- 3 files changed, 28 insertions(+), 28 deletions(-) diff --git a/ansible/bootstrap.yml b/ansible/bootstrap.yml index 8c46c5e24..733d4b3f8 100644 --- a/ansible/bootstrap.yml +++ b/ansible/bootstrap.yml @@ -110,25 +110,6 @@ policy: "{{ selinux_policy }}" register: sestatus -- name: Sync pulp repos with upstream - hosts: pulp - tasks: - - ansible.builtin.include_role: - name: pulp_site - tasks_from: sync.yml - apply: - delegate_to: localhost - when: appliances_mode != 'configure' and appliances_sync_pulp_on_build - -- hosts: dnf_repos - become: yes - tasks: - - name: Replace system repos with pulp repos - ansible.builtin.include_role: - name: dnf_repos - tasks_from: set_repos.yml - when: appliances_mode != 'configure' and ansible_distribution_major_version == "9" #TODO update role once RL8 config decided - # --- tasks after here require access to package repos --- - hosts: squid tags: squid diff --git a/ansible/fatimage.yml b/ansible/fatimage.yml index b28e4f308..7c83fc2a2 100644 --- a/ansible/fatimage.yml +++ b/ansible/fatimage.yml @@ -14,6 +14,25 @@ import_playbook: "{{ hook_path if hook_path | exists else 'noop.yml' }}" when: hook_path | exists +- name: Sync pulp repos with upstream + hosts: pulp + tasks: + - ansible.builtin.include_role: + name: pulp_site + tasks_from: sync.yml + apply: + delegate_to: localhost + when: appliances_mode != 'configure' and appliances_sync_pulp_on_build + +- hosts: dnf_repos + become: yes + tasks: + - name: Replace system repos with pulp repos + ansible.builtin.include_role: + name: dnf_repos + tasks_from: set_repos.yml + when: appliances_mode != 'configure' and ansible_distribution_major_version == "9" #TODO update role once RL8 config decided + - import_playbook: bootstrap.yml - name: Run post-bootstrap.yml hook @@ -199,6 +218,15 @@ name: cloudalchemy.grafana tasks_from: install.yml +- hosts: dnf_repos + become: yes + tasks: + - name: Disable pulp repos + ansible.builtin.include_role: + name: dnf_repos + tasks_from: disable_repos.yml + when: appliances_mode != 'configure' and ansible_distribution_major_version == "9" #TODO update role once RL8 config decided + - name: Run post.yml hook vars: appliances_environment_root: "{{ lookup('env', 'APPLIANCES_ENVIRONMENT_ROOT') }}" diff --git a/ansible/site.yml b/ansible/site.yml index a09d5a510..bb379399d 100644 --- a/ansible/site.yml +++ b/ansible/site.yml @@ -28,15 +28,6 @@ - import_playbook: portal.yml - import_playbook: monitoring.yml -- hosts: dnf_repos - become: yes - tasks: - - name: Disable pulp repos - ansible.builtin.include_role: - name: dnf_repos - tasks_from: disable_repos.yml - when: appliances_mode != 'configure' and ansible_distribution_major_version == "9" #TODO update role once RL8 config decided - - name: Run post.yml hook vars: # hostvars not available here, so have to recalculate environment root: From 07dc9b796ff32002e83cae21b29ded39d688a750 Mon Sep 17 00:00:00 2001 From: wtripp180901 Date: Thu, 12 Dec 2024 14:28:31 +0000 Subject: [PATCH 27/45] fixed disable repos task --- ansible/roles/dnf_repos/tasks/disable_repos.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ansible/roles/dnf_repos/tasks/disable_repos.yml b/ansible/roles/dnf_repos/tasks/disable_repos.yml index 69aed3b6b..53459ce49 100644 --- a/ansible/roles/dnf_repos/tasks/disable_repos.yml +++ b/ansible/roles/dnf_repos/tasks/disable_repos.yml @@ -1,6 +1,6 @@ --- - name: Disable Pulp repos and remove creds ansible.builtin.yum: - disablerepo: "{{ item.name }}" - loop: "{{ dnf_repos_repolist + [epel] }}" + disablerepo: "{{ item }}" + loop: "{{ dnf_repos_repolist | map(attribute='name') + ['epel'] }}" when: dnf_repos_disable From 3088f8375dcd5e7b4bb98b7dab008f59f36fda1c Mon Sep 17 00:00:00 2001 From: wtripp180901 Date: Thu, 12 Dec 2024 15:28:08 +0000 Subject: [PATCH 28/45] reverted disable repos task --- .../roles/dnf_repos/tasks/disable_repos.yml | 22 ++++++++++++++----- 1 file changed, 17 insertions(+), 5 deletions(-) diff --git a/ansible/roles/dnf_repos/tasks/disable_repos.yml b/ansible/roles/dnf_repos/tasks/disable_repos.yml index 53459ce49..2dbacc262 100644 --- a/ansible/roles/dnf_repos/tasks/disable_repos.yml +++ b/ansible/roles/dnf_repos/tasks/disable_repos.yml @@ -1,6 +1,18 @@ --- -- name: Disable Pulp repos and remove creds - ansible.builtin.yum: - disablerepo: "{{ item }}" - loop: "{{ dnf_repos_repolist | map(attribute='name') + ['epel'] }}" - when: dnf_repos_disable +- name: Disable Pulp repos + ansible.builtin.yum_repository: + file: "{{ item.file }}" + name: "{{ item.name }}" + baseurl: "{{ item.base_url }}" + description: "{{ item.name }}" + enabled: false + loop: "{{ dnf_repos_repolist }}" + +- name: Disable EPEL repo + ansible.builtin.yum_repository: + name: epel + file: epel + description: "{{ dnf_repos_epel_description }}" + baseurl: "{{ dnf_repos_epel_baseurl }}" + gpgcheck: false + enabled: false From c74360bf325c615b11db342a367538da5467cc1d Mon Sep 17 00:00:00 2001 From: wtripp180901 Date: Thu, 12 Dec 2024 15:50:24 +0000 Subject: [PATCH 29/45] fatimage with test latest (REVERT LATER) --- .github/workflows/fatimage.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/fatimage.yml b/.github/workflows/fatimage.yml index 331035001..d368d86cd 100644 --- a/.github/workflows/fatimage.yml +++ b/.github/workflows/fatimage.yml @@ -26,7 +26,7 @@ jobs: source_image_name: rocky-latest-RL8 inventory_groups: control,compute,login - image_name: openhpc-RL9 - source_image_name: rocky-latest-RL9 + source_image_name: rocky-latest-RL9-241212-1532-3088f837 inventory_groups: control,compute,login env: ANSIBLE_FORCE_COLOR: True From 67ce24bc5dda26b1ab2539e2627f6dfb59eb1b3b Mon Sep 17 00:00:00 2001 From: wtripp180901 Date: Thu, 12 Dec 2024 16:36:45 +0000 Subject: [PATCH 30/45] refactored pulp deploy and added pulp docs --- README.md | 2 +- ansible/adhoc/deploy-pulp.yml | 13 ++++++------- docs/experimental/pulp.md | 17 +++++++++++++++++ .../common/inventory/group_vars/all/pulp.yml | 1 + 4 files changed, 25 insertions(+), 8 deletions(-) create mode 100644 docs/experimental/pulp.md create mode 100644 environments/common/inventory/group_vars/all/pulp.yml diff --git a/README.md b/README.md index f61bf8df4..f66441915 100644 --- a/README.md +++ b/README.md @@ -32,7 +32,7 @@ It requires an OpenStack cloud, and an Ansible "deploy host" with access to that Before starting ensure that: - You have root access on the deploy host. - You can create instances using a Rocky 9 GenericCloud image (or an image based on that). - - **NB**: In general it is recommended to use the [latest released image](https://github.com/stackhpc/ansible-slurm-appliance/releases) which already contains the required packages. This is built and tested in StackHPC's CI. However the appliance will install the necessary packages if a GenericCloud image is used. + - **NB**: In general it is recommended to use the [latest released image](https://github.com/stackhpc/ansible-slurm-appliance/releases) which already contains the required packages. This is built and tested in StackHPC's CI. - You have a SSH keypair defined in OpenStack, with the private key available on the deploy host. - Created instances have access to internet (note proxies can be setup through the appliance if necessary). - Created instances have accurate/synchronised time (for VM instances this is usually provided by the hypervisor; if not or for bare metal instances it may be necessary to configure a time service via the appliance). diff --git a/ansible/adhoc/deploy-pulp.yml b/ansible/adhoc/deploy-pulp.yml index 89c51922a..38cb79289 100644 --- a/ansible/adhoc/deploy-pulp.yml +++ b/ansible/adhoc/deploy-pulp.yml @@ -18,11 +18,10 @@ tasks_from: install.yml public: true - - name: Add pulp host to environment + - name: Print Pulp endpoint become: no - delegate_to: localhost - ansible.builtin.copy: - dest: "{{ lookup('env', 'APPLIANCES_ENVIRONMENT_ROOT') }}/inventory/group_vars/all/pulp_server.yml" - content: | - # ansible managed - appliances_pulp_url: "http://{{ pulp_server }}:{{ pulp_site_port }}" + debug: + msg: | + Server configured, override 'appliances_pulp_url' with + appliances_pulp_url: "http://{{ pulp_server }}:{{ pulp_site_port }}" + in your environments diff --git a/docs/experimental/pulp.md b/docs/experimental/pulp.md new file mode 100644 index 000000000..974803030 --- /dev/null +++ b/docs/experimental/pulp.md @@ -0,0 +1,17 @@ +# Pulp Server + +In order to ensure reproducible builds, the appliance can build images using repository mirrors from StackHPC's Ark Pulp server. The appliance will sync relevant repositories to local Pulp server which will be used for image builds. Using a local server can be enabled by adding `pulp` to the build groups and overriding `dnf_repos_repolist` to point at content hosted on the local server. + +## Deploying/configuring Pulp Server + +### Deploying a Pulp server +A playbook is provided to install and configure a Pulp server on a given host. Admin credentials for this server are automatically generated through the `ansible/adhoc/generate-passwords.yml' playbook. This can be run with +`ansible-playbook ansible/adhoc/deploy-pulp.yml -e "pulp_server="` +This will print a Pulp endpoint which can be copied to your environments as appropriate. Ensure that the server is accessible on the specified port. Note that this server's content isn't authenticated so assumes the server is deployed behind a secure network. + +### Using an existing Pulp server +An existing Pulp server can be used to host Ark repos by overriding `pulp_site_password` and `appliances_pulp_url` in the target environment. Note that this assumes the same configuration as the appliance deployed pulp i.e no content authentication. + +## Syncing Pulp content with Ark + +By default, the appliance will sync repos for the targetted distribution during build (can be disabled by setting `appliances_sync_pulp_on_build` to `false`). You must supply your Ark credentials, either by overriding `pulp_site_upstream_password` or setting environment variable `ARK_PASSWORD`. Content can also be synced by running `ansible/adhoc/sync-pulp.yml`, optionally setting extravars for `pulp_site_target_arch`, `pulp_site_target_distribution`, `pulp_site_target_distribution_version` and `pulp_site_target_distribution_version`. diff --git a/environments/common/inventory/group_vars/all/pulp.yml b/environments/common/inventory/group_vars/all/pulp.yml new file mode 100644 index 000000000..02b7aa816 --- /dev/null +++ b/environments/common/inventory/group_vars/all/pulp.yml @@ -0,0 +1 @@ +pulp_site_port: 8080 From c4336055ef0f641d2f210ca8e1c345e28ec7ed4d Mon Sep 17 00:00:00 2001 From: wtripp180901 Date: Thu, 12 Dec 2024 16:41:24 +0000 Subject: [PATCH 31/45] testing image using site pulp --- .github/workflows/fatimage.yml | 2 +- .../.stackhpc/terraform/cluster_image.auto.tfvars.json | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/fatimage.yml b/.github/workflows/fatimage.yml index d368d86cd..331035001 100644 --- a/.github/workflows/fatimage.yml +++ b/.github/workflows/fatimage.yml @@ -26,7 +26,7 @@ jobs: source_image_name: rocky-latest-RL8 inventory_groups: control,compute,login - image_name: openhpc-RL9 - source_image_name: rocky-latest-RL9-241212-1532-3088f837 + source_image_name: rocky-latest-RL9 inventory_groups: control,compute,login env: ANSIBLE_FORCE_COLOR: True diff --git a/environments/.stackhpc/terraform/cluster_image.auto.tfvars.json b/environments/.stackhpc/terraform/cluster_image.auto.tfvars.json index 5e71beebd..5c100f999 100644 --- a/environments/.stackhpc/terraform/cluster_image.auto.tfvars.json +++ b/environments/.stackhpc/terraform/cluster_image.auto.tfvars.json @@ -1,6 +1,6 @@ { "cluster_image": { - "RL8": "openhpc-RL8-241206-1541-eaa36805", - "RL9": "openhpc-RL9-241206-1541-eaa36805" + "RL8": "openhpc-RL8-241212-1553-c74360bf", + "RL9": "openhpc-RL9-241212-1554-c74360bf" } } From bda3f7e7568648d03bb50ede8f11ded5e933f0cb Mon Sep 17 00:00:00 2001 From: wtripp180901 Date: Fri, 13 Dec 2024 10:12:40 +0000 Subject: [PATCH 32/45] Pointed dnf repos back at ark for now + refactor --- ansible/adhoc/sync-pulp.yml | 1 - ansible/fatimage.yml | 2 +- ansible/roles/dnf_repos/defaults/main.yml | 15 ++++++------- ansible/roles/dnf_repos/tasks/set_repos.yml | 4 ++++ ansible/roles/pulp_site/defaults/main.yml | 5 +++-- docs/experimental/pulp.md | 2 +- .../inventory/group_vars/builder.yml | 21 ++++++++++++------- .../inventory/group_vars/all/defaults.yml | 8 ++++--- environments/common/inventory/groups | 2 -- 9 files changed, 35 insertions(+), 25 deletions(-) diff --git a/ansible/adhoc/sync-pulp.yml b/ansible/adhoc/sync-pulp.yml index 9c7684445..f26149bba 100644 --- a/ansible/adhoc/sync-pulp.yml +++ b/ansible/adhoc/sync-pulp.yml @@ -8,4 +8,3 @@ pulp_site_target_distribution: "rocky" pulp_site_target_distribution_version: "9.4" pulp_site_target_distribution_version_major: "9" - pulp_site_version_timestamps: "{{ appliances_repo_timestamps[pulp_site_target_distribution_version] }}" diff --git a/ansible/fatimage.yml b/ansible/fatimage.yml index eaa5215a5..5d84fcf90 100644 --- a/ansible/fatimage.yml +++ b/ansible/fatimage.yml @@ -25,7 +25,7 @@ tasks_from: sync.yml apply: delegate_to: localhost - when: appliances_mode != 'configure' and appliances_sync_pulp_on_build + when: appliances_mode != 'configure' - hosts: dnf_repos become: yes diff --git a/ansible/roles/dnf_repos/defaults/main.yml b/ansible/roles/dnf_repos/defaults/main.yml index d4c80b0c9..19a5d4986 100644 --- a/ansible/roles/dnf_repos/defaults/main.yml +++ b/ansible/roles/dnf_repos/defaults/main.yml @@ -2,23 +2,24 @@ dnf_repos_pulp_url: "{{ appliances_pulp_url }}" dnf_repos_pulp_content_url: "{{ dnf_repos_pulp_url }}/pulp/content" dnf_repos_rocky_prefix: "{{ ansible_distribution | lower }}/{{ ansible_distribution_version }}" dnf_repos_epel_prefix: "epel/{{ ansible_distribution_major_version }}" -dnf_repos_disable: true -dnf_repos_version_timestamps: "{{ appliances_repo_timestamps[ansible_distribution_version] }}" +dnf_repos_version_timestamps: "{{ appliances_repo_minor_timestamps[ansible_distribution_version] }}" +dnf_repos_username: "{{ omit }}" +dnf_repos_password: "{{ omit }}" # epel installed separately dnf_repos_repolist: - file: rocky name: baseos - base_url: "{{ dnf_repos_pulp_content_url }}/{{ dnf_repos_rocky_prefix }}/baseos/{{ dnf_repos_version_timestamps.baseos }}" + base_url: "{{ dnf_repos_pulp_content_url }}/{{ dnf_repos_rocky_prefix }}/BaseOS/{{ ansible_architecture }}/os/{{ appliances_repo_minor_timestamps[ansible_distribution_version].baseos }}" - file: rocky name: appstream - base_url: "{{ dnf_repos_pulp_content_url }}/{{ dnf_repos_rocky_prefix }}/appstream/{{ dnf_repos_version_timestamps.appstream }}" + base_url: "{{ dnf_repos_pulp_content_url }}/{{ dnf_repos_rocky_prefix }}/AppStream/{{ ansible_architecture }}/os/{{ appliances_repo_minor_timestamps[ansible_distribution_version].appstream }}" - file: rocky name: crb - base_url: "{{ dnf_repos_pulp_content_url }}/{{ dnf_repos_rocky_prefix }}/crb/{{ dnf_repos_version_timestamps.crb }}" + base_url: "{{ dnf_repos_pulp_content_url }}/{{ dnf_repos_rocky_prefix }}/CRB/{{ ansible_architecture }}/os/{{ appliances_repo_minor_timestamps[ansible_distribution_version].crb }}" - file: rocky-extras name: extras - base_url: "{{ dnf_repos_pulp_content_url }}/{{ dnf_repos_rocky_prefix }}/extras/{{ dnf_repos_version_timestamps.extras }}" + base_url: "{{ dnf_repos_pulp_content_url }}/{{ dnf_repos_rocky_prefix }}/extras/{{ ansible_architecture }}/os/{{ appliances_repo_minor_timestamps[ansible_distribution_version].extras }}" -dnf_repos_epel_baseurl: "{{ dnf_repos_pulp_content_url }}/epel/{{ ansible_distribution_version }}/{{ dnf_repos_version_timestamps.epel }}" +dnf_repos_epel_baseurl: "{{ dnf_repos_pulp_content_url }}/epel/{{ ansible_distribution_major_version }}/Everything/{{ ansible_architecture }}/{{ appliances_repo_major_timestamps[ansible_distribution_major_version].epel }}" dnf_repos_epel_description: "epel" diff --git a/ansible/roles/dnf_repos/tasks/set_repos.yml b/ansible/roles/dnf_repos/tasks/set_repos.yml index dea803902..fe5e2c02c 100644 --- a/ansible/roles/dnf_repos/tasks/set_repos.yml +++ b/ansible/roles/dnf_repos/tasks/set_repos.yml @@ -6,6 +6,8 @@ name: "{{ item.name }}" baseurl: "{{ item.base_url }}" description: "{{ item.name }}" + username: "{{ dnf_repos_username }}" + password: "{{ dnf_repos_password }}" loop: "{{ dnf_repos_repolist }}" - name: Install epel-release @@ -20,3 +22,5 @@ description: "{{ dnf_repos_epel_description }}" gpgcheck: false baseurl: "{{ dnf_repos_epel_baseurl }}" + username: "{{ dnf_repos_username }}" + password: "{{ dnf_repos_password }}" diff --git a/ansible/roles/pulp_site/defaults/main.yml b/ansible/roles/pulp_site/defaults/main.yml index 6a9e98d74..c342ea46f 100644 --- a/ansible/roles/pulp_site/defaults/main.yml +++ b/ansible/roles/pulp_site/defaults/main.yml @@ -14,7 +14,8 @@ pulp_site_target_arch: "{{ pulp_site_target_facts['architecture'] }}" pulp_site_target_distribution: "{{ pulp_site_target_facts['distribution'] | lower }}" pulp_site_target_distribution_version: "{{ pulp_site_target_facts['distribution_version'] }}" pulp_site_target_distribution_version_major: "{{ pulp_site_target_facts['distribution_major_version'] }}" -pulp_site_version_timestamps: "{{ appliances_repo_timestamps[pulp_site_target_distribution_version] }}" +pulp_site_version_timestamps: "{{ appliances_repo_minor_timestamps[pulp_site_target_distribution_version] }}" +pulp_site_major_version_timestamps: "{{ appliances_repo_major_timestamps[pulp_site_target_distribution_version_major] }}" pulp_site_rpm_info: - name: "baseos-{{ pulp_site_target_distribution_version }}-{{ pulp_site_version_timestamps.baseos }}" @@ -30,7 +31,7 @@ pulp_site_rpm_info: url: "{{ pulp_site_default_upstream_prefix }}/extras/{{ pulp_site_default_upstream_suffix }}/{{ pulp_site_version_timestamps.extras }}" base_path: "rocky/{{ pulp_site_target_distribution_version }}/extras/{{ pulp_site_version_timestamps.extras }}" - name: "epel-{{ pulp_site_target_distribution_version }}-{{ pulp_site_version_timestamps.epel }}" - url: "https://ark.stackhpc.com/pulp/content/epel/{{ pulp_site_target_distribution_version_major }}/Everything/{{ pulp_site_target_arch }}/{{ pulp_site_version_timestamps.epel }}" + url: "https://ark.stackhpc.com/pulp/content/epel/{{ pulp_site_target_distribution_version_major }}/Everything/{{ pulp_site_target_arch }}/{{ pulp_site_major_version_timestamps.epel }}" base_path: "epel/{{ pulp_site_target_distribution_version }}/{{ pulp_site_version_timestamps.epel }}" pulp_site_rpm_repo_defaults: diff --git a/docs/experimental/pulp.md b/docs/experimental/pulp.md index 974803030..d1a40ba52 100644 --- a/docs/experimental/pulp.md +++ b/docs/experimental/pulp.md @@ -14,4 +14,4 @@ An existing Pulp server can be used to host Ark repos by overriding `pulp_site_p ## Syncing Pulp content with Ark -By default, the appliance will sync repos for the targetted distribution during build (can be disabled by setting `appliances_sync_pulp_on_build` to `false`). You must supply your Ark credentials, either by overriding `pulp_site_upstream_password` or setting environment variable `ARK_PASSWORD`. Content can also be synced by running `ansible/adhoc/sync-pulp.yml`, optionally setting extravars for `pulp_site_target_arch`, `pulp_site_target_distribution`, `pulp_site_target_distribution_version` and `pulp_site_target_distribution_version`. +If the `pulp` group is added to the Packer build groups, the local Pulp server will be synced with Ark on build. You must supply your Ark credentials, either by overriding `pulp_site_upstream_password` or setting environment variable `ARK_PASSWORD`. Content can also be synced by running `ansible/adhoc/sync-pulp.yml`, optionally setting extravars for `pulp_site_target_arch`, `pulp_site_target_distribution`, `pulp_site_target_distribution_version` and `pulp_site_target_distribution_version`. diff --git a/environments/.stackhpc/inventory/group_vars/builder.yml b/environments/.stackhpc/inventory/group_vars/builder.yml index c4b01b03f..ce1666973 100644 --- a/environments/.stackhpc/inventory/group_vars/builder.yml +++ b/environments/.stackhpc/inventory/group_vars/builder.yml @@ -1,9 +1,14 @@ # update_enable: false # Can uncomment for speed debugging non-update related build issues -pulp_server_config: - LEAFCLOUD: - url: http://192.168.10.157:8080 - password: lookup('env','LEAFCLOUD_PULP_PASSWORD') - -appliances_pulp_url: "{{ pulp_server_config[lookup('env','CI_CLOUD')].url }}" -pulp_site_password: "{{ pulp_server_config[lookup('env','CI_CLOUD')].password }}" -appliances_sync_pulp_on_build: false + +# Uncomment below to use CI pulp servers + +# pulp_server_config: +# LEAFCLOUD: +# url: http://192.168.10.157:8080 +# password: lookup('env','LEAFCLOUD_PULP_PASSWORD') + +# appliances_pulp_url: "{{ pulp_server_config[lookup('env','CI_CLOUD')].url }}" +# pulp_site_password: "{{ pulp_server_config[lookup('env','CI_CLOUD')].password }}" + +dnf_repos_username: slurm-app-ci +dnf_repos_password: "{{ lookup('env','ARK_PASSWORD') }}" diff --git a/environments/common/inventory/group_vars/all/defaults.yml b/environments/common/inventory/group_vars/all/defaults.yml index f2a6723ad..e1acdf19b 100644 --- a/environments/common/inventory/group_vars/all/defaults.yml +++ b/environments/common/inventory/group_vars/all/defaults.yml @@ -7,7 +7,7 @@ appliances_environment_name: "{{ appliances_environment_root | basename | regex_ appliances_cockpit_state: absent # RHEL cockpit installed but not enabled in genericcloud images; appliance defaults to removing it #appliances_state_dir: # define an absolute path here to use for persistent state: NB: This is defined as /var/lib/state in inventory by the default Terraform appliances_mode: configure -#appliances_pulp_url: #override required +appliances_pulp_url: https://ark.stackhpc.com # Address(ip/dns) for internal communication between services. This is # normally traffic you do no want to expose to users. @@ -82,11 +82,13 @@ appliances_local_users: "{{ appliances_local_users_default + appliances_local_us ########################################################################################### -appliances_sync_pulp_on_build: true -appliances_repo_timestamps: +appliances_repo_minor_timestamps: '9.4': baseos: 20240816T002610 appstream: 20240816T002610 crb: 20240816T002610 extras: 20240816T002610 + +appliances_repo_major_timestamps: + '9': epel: 20240902T080424 diff --git a/environments/common/inventory/groups b/environments/common/inventory/groups index fbfcfa0ca..8f52477cd 100644 --- a/environments/common/inventory/groups +++ b/environments/common/inventory/groups @@ -147,9 +147,7 @@ freeipa_client [dnf_repos:children] # Hosts to replace system repos with Pulp repos -cluster builder [pulp:children] # Hosts used to run Pulp API commands -builder From d6eabe69270a8a3c7b15d0eb2628bb2393dc35b5 Mon Sep 17 00:00:00 2001 From: wtripp180901 Date: Fri, 13 Dec 2024 10:18:23 +0000 Subject: [PATCH 33/45] unused var --- ansible/roles/dnf_repos/defaults/main.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/ansible/roles/dnf_repos/defaults/main.yml b/ansible/roles/dnf_repos/defaults/main.yml index 19a5d4986..3701305b6 100644 --- a/ansible/roles/dnf_repos/defaults/main.yml +++ b/ansible/roles/dnf_repos/defaults/main.yml @@ -2,7 +2,6 @@ dnf_repos_pulp_url: "{{ appliances_pulp_url }}" dnf_repos_pulp_content_url: "{{ dnf_repos_pulp_url }}/pulp/content" dnf_repos_rocky_prefix: "{{ ansible_distribution | lower }}/{{ ansible_distribution_version }}" dnf_repos_epel_prefix: "epel/{{ ansible_distribution_major_version }}" -dnf_repos_version_timestamps: "{{ appliances_repo_minor_timestamps[ansible_distribution_version] }}" dnf_repos_username: "{{ omit }}" dnf_repos_password: "{{ omit }}" From f0e48b90a36b16ff6e5c80740ab07587d5fcd467 Mon Sep 17 00:00:00 2001 From: wtripp180901 Date: Fri, 13 Dec 2024 13:24:27 +0000 Subject: [PATCH 34/45] pulp sync now mirrors upstream subpaths --- ansible/roles/pulp_site/.gitignore | 1 + ansible/roles/pulp_site/defaults/main.yml | 22 ++++++++----------- .../filter_plugins/pulp-list-filters.py | 6 ++--- 3 files changed, 13 insertions(+), 16 deletions(-) create mode 100644 ansible/roles/pulp_site/.gitignore diff --git a/ansible/roles/pulp_site/.gitignore b/ansible/roles/pulp_site/.gitignore new file mode 100644 index 000000000..6738e49c1 --- /dev/null +++ b/ansible/roles/pulp_site/.gitignore @@ -0,0 +1 @@ +filter_plugins/__pycache__ \ No newline at end of file diff --git a/ansible/roles/pulp_site/defaults/main.yml b/ansible/roles/pulp_site/defaults/main.yml index c342ea46f..76ad14988 100644 --- a/ansible/roles/pulp_site/defaults/main.yml +++ b/ansible/roles/pulp_site/defaults/main.yml @@ -1,9 +1,10 @@ pulp_site_url: "{{ appliances_pulp_url }}" pulp_site_port: 8080 pulp_site_username: admin # shouldn't be changed +pulp_site_upstream_content_url: https://ark.stackhpc.com/pulp/content pulp_site_upstream_username: slurm-app-ci pulp_site_upstream_password: "{{ lookup('ansible.builtin.env', 'ARK_PASSWORD') }}" -pulp_site_default_upstream_prefix: "https://ark.stackhpc.com/pulp/content/{{ pulp_site_target_distribution }}/{{ pulp_site_target_distribution_version }}" +_pulp_site_rocky_prefix: "{{ pulp_site_target_distribution }}/{{ pulp_site_target_distribution_version }}" pulp_site_default_upstream_suffix: "{{ pulp_site_target_arch }}/os" pulp_site_password: "{{ vault_pulp_admin_password }}" pulp_site_validate_certs: false @@ -19,20 +20,15 @@ pulp_site_major_version_timestamps: "{{ appliances_repo_major_timestamps[pulp_si pulp_site_rpm_info: - name: "baseos-{{ pulp_site_target_distribution_version }}-{{ pulp_site_version_timestamps.baseos }}" - url: "{{ pulp_site_default_upstream_prefix }}/BaseOS/{{ pulp_site_default_upstream_suffix }}/{{ pulp_site_version_timestamps.baseos }}" - base_path: "rocky/{{ pulp_site_target_distribution_version }}/baseos/{{ pulp_site_version_timestamps.baseos }}" + subpath: "{{ _pulp_site_rocky_prefix }}/BaseOS/{{ pulp_site_default_upstream_suffix }}/{{ pulp_site_version_timestamps.baseos }}" - name: "appstream-{{ pulp_site_target_distribution_version }}-{{ pulp_site_version_timestamps.appstream }}" - url: "{{ pulp_site_default_upstream_prefix }}/AppStream/{{ pulp_site_default_upstream_suffix }}/{{ pulp_site_version_timestamps.appstream }}" - base_path: "rocky/{{ pulp_site_target_distribution_version }}/appstream/{{ pulp_site_version_timestamps.appstream }}" + subpath: "{{ _pulp_site_rocky_prefix }}/AppStream/{{ pulp_site_default_upstream_suffix }}/{{ pulp_site_version_timestamps.appstream }}" - name: "crb-{{ pulp_site_target_distribution_version }}-{{ pulp_site_version_timestamps.crb }}" - url: "{{ pulp_site_default_upstream_prefix }}/{{ 'PowerTools' if pulp_site_target_distribution_version_major == '8' else 'CRB' }}/{{ pulp_site_default_upstream_suffix }}/{{ pulp_site_version_timestamps.crb }}" - base_path: "rocky/{{ pulp_site_target_distribution_version }}/crb/{{ pulp_site_version_timestamps.crb }}" + subpath: "{{ _pulp_site_rocky_prefix }}/{{ 'PowerTools' if pulp_site_target_distribution_version_major == '8' else 'CRB' }}/{{ pulp_site_default_upstream_suffix }}/{{ pulp_site_version_timestamps.crb }}" - name: "extras-{{ pulp_site_target_distribution_version }}-{{ pulp_site_version_timestamps.extras }}" - url: "{{ pulp_site_default_upstream_prefix }}/extras/{{ pulp_site_default_upstream_suffix }}/{{ pulp_site_version_timestamps.extras }}" - base_path: "rocky/{{ pulp_site_target_distribution_version }}/extras/{{ pulp_site_version_timestamps.extras }}" -- name: "epel-{{ pulp_site_target_distribution_version }}-{{ pulp_site_version_timestamps.epel }}" - url: "https://ark.stackhpc.com/pulp/content/epel/{{ pulp_site_target_distribution_version_major }}/Everything/{{ pulp_site_target_arch }}/{{ pulp_site_major_version_timestamps.epel }}" - base_path: "epel/{{ pulp_site_target_distribution_version }}/{{ pulp_site_version_timestamps.epel }}" + subpath: "{{ _pulp_site_rocky_prefix }}/extras/{{ pulp_site_default_upstream_suffix }}/{{ pulp_site_version_timestamps.extras }}" +- name: "epel-{{ pulp_site_target_distribution_version_major }}-{{ pulp_site_major_version_timestamps.epel }}" + subpath: "epel/{{ pulp_site_target_distribution_version_major }}/Everything/{{ pulp_site_target_arch }}/{{ pulp_site_major_version_timestamps.epel }}" pulp_site_rpm_repo_defaults: remote_username: "{{ pulp_site_upstream_username }}" @@ -42,6 +38,6 @@ pulp_site_rpm_repo_defaults: _pulp_site_rpm_info_all: "{{ pulp_site_rpm_info | map('combine', pulp_site_rpm_repo_defaults) }}" -pulp_site_rpm_repos: "{{ _pulp_site_rpm_info_all | to_rpm_repos }}" +pulp_site_rpm_repos: "{{ _pulp_site_rpm_info_all | to_rpm_repos(pulp_site_upstream_content_url) }}" pulp_site_rpm_publications: "{{ _pulp_site_rpm_info_all | to_rpm_pubs }}" pulp_site_rpm_distributions: "{{ _pulp_site_rpm_info_all | to_rpm_distros }}" diff --git a/ansible/roles/pulp_site/filter_plugins/pulp-list-filters.py b/ansible/roles/pulp_site/filter_plugins/pulp-list-filters.py index 94d89d184..50e912685 100644 --- a/ansible/roles/pulp_site/filter_plugins/pulp-list-filters.py +++ b/ansible/roles/pulp_site/filter_plugins/pulp-list-filters.py @@ -6,10 +6,10 @@ def filters(self): 'to_rpm_distros': self.to_rpm_distros } - def to_rpm_repos(self, list): + def to_rpm_repos(self, list, pulp_url): repo_list = map(lambda x: { 'name': x['name'], - 'url': x['url'], + 'url': pulp_url+'/'+x['subpath'], 'remote_username': x['remote_username'], 'remote_password': x['remote_password'], 'policy': x['policy'], @@ -26,6 +26,6 @@ def to_rpm_distros(self, list): distro_list = map(lambda x: { 'name': x['name'], 'repository': x['name'], - 'base_path': x['base_path'], + 'base_path': x['subpath'], 'state': x['state'] }, list) return distro_list \ No newline at end of file From 309bd0bd659a73a73aa3152cdcba56b32cc261a0 Mon Sep 17 00:00:00 2001 From: wtripp180901 Date: Fri, 13 Dec 2024 13:30:41 +0000 Subject: [PATCH 35/45] removed intermediate var --- ansible/roles/dnf_repos/defaults/main.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/ansible/roles/dnf_repos/defaults/main.yml b/ansible/roles/dnf_repos/defaults/main.yml index 3701305b6..281a57c7e 100644 --- a/ansible/roles/dnf_repos/defaults/main.yml +++ b/ansible/roles/dnf_repos/defaults/main.yml @@ -1,5 +1,4 @@ -dnf_repos_pulp_url: "{{ appliances_pulp_url }}" -dnf_repos_pulp_content_url: "{{ dnf_repos_pulp_url }}/pulp/content" +dnf_repos_pulp_content_url: "{{ appliances_pulp_url }}/pulp/content" dnf_repos_rocky_prefix: "{{ ansible_distribution | lower }}/{{ ansible_distribution_version }}" dnf_repos_epel_prefix: "epel/{{ ansible_distribution_major_version }}" dnf_repos_username: "{{ omit }}" From 7d7bc7376fa81077e955dddc1a5a98eaf8956c62 Mon Sep 17 00:00:00 2001 From: wtripp180901 <78219569+wtripp180901@users.noreply.github.com> Date: Fri, 13 Dec 2024 14:35:56 +0000 Subject: [PATCH 36/45] bump images --- .../.stackhpc/terraform/cluster_image.auto.tfvars.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/environments/.stackhpc/terraform/cluster_image.auto.tfvars.json b/environments/.stackhpc/terraform/cluster_image.auto.tfvars.json index 5c100f999..8659f3e90 100644 --- a/environments/.stackhpc/terraform/cluster_image.auto.tfvars.json +++ b/environments/.stackhpc/terraform/cluster_image.auto.tfvars.json @@ -1,6 +1,6 @@ { "cluster_image": { - "RL8": "openhpc-RL8-241212-1553-c74360bf", - "RL9": "openhpc-RL9-241212-1554-c74360bf" + "RL8": "openhpc-RL8-241213-1402-a2a705c9", + "RL9": "openhpc-RL9-241213-1402-a2a705c9" } } From c162e18e447410487dd481abcf982477ac8b39b4 Mon Sep 17 00:00:00 2001 From: wtripp180901 Date: Mon, 16 Dec 2024 09:53:52 +0000 Subject: [PATCH 37/45] Refactored common repolist --- ansible/roles/dnf_repos/defaults/main.yml | 10 ++++----- ansible/roles/pulp_site/defaults/main.yml | 22 +++++++++---------- .../inventory/group_vars/all/defaults.yml | 21 +++++++++--------- 3 files changed, 26 insertions(+), 27 deletions(-) diff --git a/ansible/roles/dnf_repos/defaults/main.yml b/ansible/roles/dnf_repos/defaults/main.yml index 281a57c7e..4a0c9fd2a 100644 --- a/ansible/roles/dnf_repos/defaults/main.yml +++ b/ansible/roles/dnf_repos/defaults/main.yml @@ -8,16 +8,16 @@ dnf_repos_password: "{{ omit }}" dnf_repos_repolist: - file: rocky name: baseos - base_url: "{{ dnf_repos_pulp_content_url }}/{{ dnf_repos_rocky_prefix }}/BaseOS/{{ ansible_architecture }}/os/{{ appliances_repo_minor_timestamps[ansible_distribution_version].baseos }}" + base_url: "{{ dnf_repos_pulp_content_url }}/{{ dnf_repos_rocky_prefix }}/BaseOS/{{ ansible_architecture }}/os/{{ appliances_repo_timestamps.baseos[ansible_distribution_version] }}" - file: rocky name: appstream - base_url: "{{ dnf_repos_pulp_content_url }}/{{ dnf_repos_rocky_prefix }}/AppStream/{{ ansible_architecture }}/os/{{ appliances_repo_minor_timestamps[ansible_distribution_version].appstream }}" + base_url: "{{ dnf_repos_pulp_content_url }}/{{ dnf_repos_rocky_prefix }}/AppStream/{{ ansible_architecture }}/os/{{ appliances_repo_timestamps.appstream[ansible_distribution_version] }}" - file: rocky name: crb - base_url: "{{ dnf_repos_pulp_content_url }}/{{ dnf_repos_rocky_prefix }}/CRB/{{ ansible_architecture }}/os/{{ appliances_repo_minor_timestamps[ansible_distribution_version].crb }}" + base_url: "{{ dnf_repos_pulp_content_url }}/{{ dnf_repos_rocky_prefix }}/CRB/{{ ansible_architecture }}/os/{{ appliances_repo_timestamps.crb[ansible_distribution_version] }}" - file: rocky-extras name: extras - base_url: "{{ dnf_repos_pulp_content_url }}/{{ dnf_repos_rocky_prefix }}/extras/{{ ansible_architecture }}/os/{{ appliances_repo_minor_timestamps[ansible_distribution_version].extras }}" + base_url: "{{ dnf_repos_pulp_content_url }}/{{ dnf_repos_rocky_prefix }}/extras/{{ ansible_architecture }}/os/{{ appliances_repo_timestamps.extras[ansible_distribution_version] }}" -dnf_repos_epel_baseurl: "{{ dnf_repos_pulp_content_url }}/epel/{{ ansible_distribution_major_version }}/Everything/{{ ansible_architecture }}/{{ appliances_repo_major_timestamps[ansible_distribution_major_version].epel }}" +dnf_repos_epel_baseurl: "{{ dnf_repos_pulp_content_url }}/epel/{{ ansible_distribution_major_version }}/Everything/{{ ansible_architecture }}/{{ appliances_repo_timestamps.epel[ansible_distribution_major_version] }}" dnf_repos_epel_description: "epel" diff --git a/ansible/roles/pulp_site/defaults/main.yml b/ansible/roles/pulp_site/defaults/main.yml index 76ad14988..2c90d2968 100644 --- a/ansible/roles/pulp_site/defaults/main.yml +++ b/ansible/roles/pulp_site/defaults/main.yml @@ -15,20 +15,18 @@ pulp_site_target_arch: "{{ pulp_site_target_facts['architecture'] }}" pulp_site_target_distribution: "{{ pulp_site_target_facts['distribution'] | lower }}" pulp_site_target_distribution_version: "{{ pulp_site_target_facts['distribution_version'] }}" pulp_site_target_distribution_version_major: "{{ pulp_site_target_facts['distribution_major_version'] }}" -pulp_site_version_timestamps: "{{ appliances_repo_minor_timestamps[pulp_site_target_distribution_version] }}" -pulp_site_major_version_timestamps: "{{ appliances_repo_major_timestamps[pulp_site_target_distribution_version_major] }}" pulp_site_rpm_info: -- name: "baseos-{{ pulp_site_target_distribution_version }}-{{ pulp_site_version_timestamps.baseos }}" - subpath: "{{ _pulp_site_rocky_prefix }}/BaseOS/{{ pulp_site_default_upstream_suffix }}/{{ pulp_site_version_timestamps.baseos }}" -- name: "appstream-{{ pulp_site_target_distribution_version }}-{{ pulp_site_version_timestamps.appstream }}" - subpath: "{{ _pulp_site_rocky_prefix }}/AppStream/{{ pulp_site_default_upstream_suffix }}/{{ pulp_site_version_timestamps.appstream }}" -- name: "crb-{{ pulp_site_target_distribution_version }}-{{ pulp_site_version_timestamps.crb }}" - subpath: "{{ _pulp_site_rocky_prefix }}/{{ 'PowerTools' if pulp_site_target_distribution_version_major == '8' else 'CRB' }}/{{ pulp_site_default_upstream_suffix }}/{{ pulp_site_version_timestamps.crb }}" -- name: "extras-{{ pulp_site_target_distribution_version }}-{{ pulp_site_version_timestamps.extras }}" - subpath: "{{ _pulp_site_rocky_prefix }}/extras/{{ pulp_site_default_upstream_suffix }}/{{ pulp_site_version_timestamps.extras }}" -- name: "epel-{{ pulp_site_target_distribution_version_major }}-{{ pulp_site_major_version_timestamps.epel }}" - subpath: "epel/{{ pulp_site_target_distribution_version_major }}/Everything/{{ pulp_site_target_arch }}/{{ pulp_site_major_version_timestamps.epel }}" +- name: "baseos-{{ pulp_site_target_distribution_version }}-{{ appliances_repo_timestamps.baseos[pulp_site_target_distribution_version] }}" + subpath: "{{ _pulp_site_rocky_prefix }}/BaseOS/{{ pulp_site_default_upstream_suffix }}/{{ appliances_repo_timestamps.baseos[pulp_site_target_distribution_version] }}" +- name: "appstream-{{ pulp_site_target_distribution_version }}-{{ appliances_repo_timestamps.appstream[pulp_site_target_distribution_version] }}" + subpath: "{{ _pulp_site_rocky_prefix }}/AppStream/{{ pulp_site_default_upstream_suffix }}/{{ appliances_repo_timestamps.appstream[pulp_site_target_distribution_version] }}" +- name: "crb-{{ pulp_site_target_distribution_version }}-{{ appliances_repo_timestamps.crb[pulp_site_target_distribution_version] }}" + subpath: "{{ _pulp_site_rocky_prefix }}/{{ 'PowerTools' if pulp_site_target_distribution_version_major == '8' else 'CRB' }}/{{ pulp_site_default_upstream_suffix }}/{{ appliances_repo_timestamps.crb[pulp_site_target_distribution_version] }}" +- name: "extras-{{ pulp_site_target_distribution_version }}-{{ appliances_repo_timestamps.extras[pulp_site_target_distribution_version] }}" + subpath: "{{ _pulp_site_rocky_prefix }}/extras/{{ pulp_site_default_upstream_suffix }}/{{ appliances_repo_timestamps.extras[pulp_site_target_distribution_version] }}" +- name: "epel-{{ pulp_site_target_distribution_version_major }}-{{ appliances_repo_timestamps.epel[pulp_site_target_distribution_version_major] }}" + subpath: "epel/{{ pulp_site_target_distribution_version_major }}/Everything/{{ pulp_site_target_arch }}/{{ appliances_repo_timestamps.epel[pulp_site_target_distribution_version_major] }}" pulp_site_rpm_repo_defaults: remote_username: "{{ pulp_site_upstream_username }}" diff --git a/environments/common/inventory/group_vars/all/defaults.yml b/environments/common/inventory/group_vars/all/defaults.yml index e1acdf19b..1bac4590d 100644 --- a/environments/common/inventory/group_vars/all/defaults.yml +++ b/environments/common/inventory/group_vars/all/defaults.yml @@ -82,13 +82,14 @@ appliances_local_users: "{{ appliances_local_users_default + appliances_local_us ########################################################################################### -appliances_repo_minor_timestamps: - '9.4': - baseos: 20240816T002610 - appstream: 20240816T002610 - crb: 20240816T002610 - extras: 20240816T002610 - -appliances_repo_major_timestamps: - '9': - epel: 20240902T080424 +appliances_repo_timestamps: + baseos: + '9.4': 20240816T002610 + appstream: + '9.4': 20240816T002610 + crb: + '9.4': 20240816T002610 + extras: + '9.4': 20240816T002610 + epel: + '9': 20240902T080424 From bda3f0d5ad31e1c9e2faf1d6cbdfa0b293ce76c8 Mon Sep 17 00:00:00 2001 From: wtripp180901 <78219569+wtripp180901@users.noreply.github.com> Date: Mon, 16 Dec 2024 10:09:04 +0000 Subject: [PATCH 38/45] Code review doc/comment suggestions Co-authored-by: Steve Brasier <33413598+sjpb@users.noreply.github.com> --- ansible/adhoc/deploy-pulp.yml | 1 - docs/experimental/pulp.md | 4 ++-- environments/.stackhpc/inventory/group_vars/builder.yml | 2 +- environments/common/inventory/groups | 2 +- 4 files changed, 4 insertions(+), 5 deletions(-) diff --git a/ansible/adhoc/deploy-pulp.yml b/ansible/adhoc/deploy-pulp.yml index 38cb79289..2858d032b 100644 --- a/ansible/adhoc/deploy-pulp.yml +++ b/ansible/adhoc/deploy-pulp.yml @@ -11,7 +11,6 @@ become: yes hosts: _pulp_host tasks: - - name: Install pulp ansible.builtin.include_role: name: pulp_site diff --git a/docs/experimental/pulp.md b/docs/experimental/pulp.md index d1a40ba52..d2bc0db72 100644 --- a/docs/experimental/pulp.md +++ b/docs/experimental/pulp.md @@ -1,13 +1,13 @@ # Pulp Server -In order to ensure reproducible builds, the appliance can build images using repository mirrors from StackHPC's Ark Pulp server. The appliance will sync relevant repositories to local Pulp server which will be used for image builds. Using a local server can be enabled by adding `pulp` to the build groups and overriding `dnf_repos_repolist` to point at content hosted on the local server. +In order to ensure reproducible builds, the appliance can build images using repository mirrors from StackHPC's "Ark" Pulp server. The appliance can sync relevant repositories to a local Pulp server which will then be used instead of Ark. Using a local Pulp can be enabled by adding `pulp` to the build groups and overriding `dnf_repos_repolist` to point at content hosted on the local server. ## Deploying/configuring Pulp Server ### Deploying a Pulp server A playbook is provided to install and configure a Pulp server on a given host. Admin credentials for this server are automatically generated through the `ansible/adhoc/generate-passwords.yml' playbook. This can be run with `ansible-playbook ansible/adhoc/deploy-pulp.yml -e "pulp_server="` -This will print a Pulp endpoint which can be copied to your environments as appropriate. Ensure that the server is accessible on the specified port. Note that this server's content isn't authenticated so assumes the server is deployed behind a secure network. +This will print a Pulp endpoint which can be copied to your environments as appropriate. Ensure that the server is accessible on the specified port. Note access to this server's content isn't authenticated so assumes the server is deployed behind a secure network. ### Using an existing Pulp server An existing Pulp server can be used to host Ark repos by overriding `pulp_site_password` and `appliances_pulp_url` in the target environment. Note that this assumes the same configuration as the appliance deployed pulp i.e no content authentication. diff --git a/environments/.stackhpc/inventory/group_vars/builder.yml b/environments/.stackhpc/inventory/group_vars/builder.yml index ce1666973..8d4c8b3bb 100644 --- a/environments/.stackhpc/inventory/group_vars/builder.yml +++ b/environments/.stackhpc/inventory/group_vars/builder.yml @@ -9,6 +9,6 @@ # appliances_pulp_url: "{{ pulp_server_config[lookup('env','CI_CLOUD')].url }}" # pulp_site_password: "{{ pulp_server_config[lookup('env','CI_CLOUD')].password }}" - +# Alternatively, configure to use ark directly: dnf_repos_username: slurm-app-ci dnf_repos_password: "{{ lookup('env','ARK_PASSWORD') }}" diff --git a/environments/common/inventory/groups b/environments/common/inventory/groups index 8f52477cd..d49f3d6c1 100644 --- a/environments/common/inventory/groups +++ b/environments/common/inventory/groups @@ -150,4 +150,4 @@ freeipa_client builder [pulp:children] -# Hosts used to run Pulp API commands +# Add builder to this group to enable automatically syncing of pulp during image build From bc5e26efe139b50296cb9cd2a1fa47f98a9fecc7 Mon Sep 17 00:00:00 2001 From: wtripp180901 Date: Mon, 16 Dec 2024 10:51:18 +0000 Subject: [PATCH 39/45] docs/groups corrections --- docs/experimental/pulp.md | 6 +++--- environments/.stackhpc/inventory/group_vars/builder.yml | 1 + environments/common/inventory/groups | 3 ++- 3 files changed, 6 insertions(+), 4 deletions(-) diff --git a/docs/experimental/pulp.md b/docs/experimental/pulp.md index d2bc0db72..8c9bfd615 100644 --- a/docs/experimental/pulp.md +++ b/docs/experimental/pulp.md @@ -1,13 +1,13 @@ # Pulp Server -In order to ensure reproducible builds, the appliance can build images using repository mirrors from StackHPC's "Ark" Pulp server. The appliance can sync relevant repositories to a local Pulp server which will then be used instead of Ark. Using a local Pulp can be enabled by adding `pulp` to the build groups and overriding `dnf_repos_repolist` to point at content hosted on the local server. +In order to ensure reproducible builds, the appliance can build images using repository mirrors from StackHPC's "Ark" Pulp server. The appliance can sync relevant repositories to a local Pulp server which will then be used instead of Ark. Using a local Pulp can be enabled by adding `pulp` to the build groups and overriding `appliances_pulp_url` to point at the local Pulp's URL. ## Deploying/configuring Pulp Server ### Deploying a Pulp server A playbook is provided to install and configure a Pulp server on a given host. Admin credentials for this server are automatically generated through the `ansible/adhoc/generate-passwords.yml' playbook. This can be run with -`ansible-playbook ansible/adhoc/deploy-pulp.yml -e "pulp_server="` -This will print a Pulp endpoint which can be copied to your environments as appropriate. Ensure that the server is accessible on the specified port. Note access to this server's content isn't authenticated so assumes the server is deployed behind a secure network. +`ansible-playbook ansible/adhoc/deploy-pulp.yml -e "pulp_server="` +where `target_host` is any resolvable host. This will print a Pulp URL which can be copied to your environments as appropriate. Ensure that the server is accessible on the specified port. Note access to this server's content isn't authenticated so assumes the server is deployed behind a secure network. ### Using an existing Pulp server An existing Pulp server can be used to host Ark repos by overriding `pulp_site_password` and `appliances_pulp_url` in the target environment. Note that this assumes the same configuration as the appliance deployed pulp i.e no content authentication. diff --git a/environments/.stackhpc/inventory/group_vars/builder.yml b/environments/.stackhpc/inventory/group_vars/builder.yml index 8d4c8b3bb..b12e81826 100644 --- a/environments/.stackhpc/inventory/group_vars/builder.yml +++ b/environments/.stackhpc/inventory/group_vars/builder.yml @@ -9,6 +9,7 @@ # appliances_pulp_url: "{{ pulp_server_config[lookup('env','CI_CLOUD')].url }}" # pulp_site_password: "{{ pulp_server_config[lookup('env','CI_CLOUD')].password }}" + # Alternatively, configure to use ark directly: dnf_repos_username: slurm-app-ci dnf_repos_password: "{{ lookup('env','ARK_PASSWORD') }}" diff --git a/environments/common/inventory/groups b/environments/common/inventory/groups index d49f3d6c1..6f77eeab5 100644 --- a/environments/common/inventory/groups +++ b/environments/common/inventory/groups @@ -149,5 +149,6 @@ freeipa_client # Hosts to replace system repos with Pulp repos builder -[pulp:children] +[pulp] # Add builder to this group to enable automatically syncing of pulp during image build +# Warning: when using Ark directly rather than a local Pulp server, adding hosts other than `builder` risks leaking Ark creds From 18b220e1b54d991946ebba4dbd386ed96f392993 Mon Sep 17 00:00:00 2001 From: wtripp180901 Date: Mon, 16 Dec 2024 11:42:49 +0000 Subject: [PATCH 40/45] moved defaults to CI and updated docs --- ansible/roles/pulp_site/defaults/main.yml | 4 +--- docs/experimental/pulp.md | 2 +- docs/image-build.md | 9 +++++---- .../.stackhpc/inventory/group_vars/builder.yml | 4 ++++ environments/common/inventory/group_vars/all/pulp.yml | 10 ++++++++++ 5 files changed, 21 insertions(+), 8 deletions(-) diff --git a/ansible/roles/pulp_site/defaults/main.yml b/ansible/roles/pulp_site/defaults/main.yml index 2c90d2968..d343d4998 100644 --- a/ansible/roles/pulp_site/defaults/main.yml +++ b/ansible/roles/pulp_site/defaults/main.yml @@ -1,12 +1,10 @@ pulp_site_url: "{{ appliances_pulp_url }}" pulp_site_port: 8080 pulp_site_username: admin # shouldn't be changed +pulp_site_password: "{{ vault_pulp_admin_password }}" pulp_site_upstream_content_url: https://ark.stackhpc.com/pulp/content -pulp_site_upstream_username: slurm-app-ci -pulp_site_upstream_password: "{{ lookup('ansible.builtin.env', 'ARK_PASSWORD') }}" _pulp_site_rocky_prefix: "{{ pulp_site_target_distribution }}/{{ pulp_site_target_distribution_version }}" pulp_site_default_upstream_suffix: "{{ pulp_site_target_arch }}/os" -pulp_site_password: "{{ vault_pulp_admin_password }}" pulp_site_validate_certs: false pulp_site_install_dir: '/home/rocky/pulp' pulp_site_selinux_suffix: "{{ ':Z' if ansible_selinux.status == 'enabled' else '' }}" diff --git a/docs/experimental/pulp.md b/docs/experimental/pulp.md index 8c9bfd615..e0f32cdc1 100644 --- a/docs/experimental/pulp.md +++ b/docs/experimental/pulp.md @@ -14,4 +14,4 @@ An existing Pulp server can be used to host Ark repos by overriding `pulp_site_p ## Syncing Pulp content with Ark -If the `pulp` group is added to the Packer build groups, the local Pulp server will be synced with Ark on build. You must supply your Ark credentials, either by overriding `pulp_site_upstream_password` or setting environment variable `ARK_PASSWORD`. Content can also be synced by running `ansible/adhoc/sync-pulp.yml`, optionally setting extravars for `pulp_site_target_arch`, `pulp_site_target_distribution`, `pulp_site_target_distribution_version` and `pulp_site_target_distribution_version`. +If the `pulp` group is added to the Packer build groups, the local Pulp server will be synced with Ark on build. You must authenticate with Ark by overriding `pulp_site_upstream_username` and `pulp_site_upstream_password` with your vault encrypted Ark dev credentials. `dnf_repos_username` and `dnf_repos_password` must remain unset to access content from the local Pulp. Content can also be synced by running `ansible/adhoc/sync-pulp.yml`. By default this syncs repositories for Rocky 9.4 with x86_64 architecture, but can be overriden by setting extravars for `pulp_site_target_arch`, `pulp_site_target_distribution`, `pulp_site_target_distribution_version` and `pulp_site_target_distribution_version_major`. diff --git a/docs/image-build.md b/docs/image-build.md index a7d2e951b..db51265a3 100644 --- a/docs/image-build.md +++ b/docs/image-build.md @@ -17,7 +17,8 @@ The fat images StackHPC builds and tests in CI are available from [GitHub releas To build either a site-specific fat image from scratch, or to extend an existing StackHPC fat image: 1. Ensure the current OpenStack credentials have sufficient authorisation to upload images (this may or may not require the `member` role for an application credential, depending on your OpenStack configuration). -2. Create a Packer [variable definition file](https://developer.hashicorp.com/packer/docs/templates/hcl_templates/variables#assigning-values-to-input-variables) at e.g. `environments//builder.pkrvars.hcl` containing at a minimum: +2. The provided dev credentials for StackHPC's "Ark" Pulp server must be added to the target environments. This is done by overriding `dnf_repos_username` and `dnf_repos_password` with your vault encrypted credentials in `environments//inventory/group_vars/all/pulp.yml`. See the [experimental docs](experimental/pulp.md) if you wish instead wish to use a local Pulp server. +3. Create a Packer [variable definition file](https://developer.hashicorp.com/packer/docs/templates/hcl_templates/variables#assigning-values-to-input-variables) at e.g. `environments//builder.pkrvars.hcl` containing at a minimum: ```hcl flavor = "general.v1.small" # VM flavor to use for builder VMs @@ -35,9 +36,9 @@ To build either a site-specific fat image from scratch, or to extend an existing - `update,control,login,compute`: The resultant image has all packages in the source image updated, and then packages for all types of nodes in the cluster are added. When using a GenericCloud image for `source_image_name` this builds a site-specific fat image from scratch. - One or more specific groups which are not enabled in the appliance by default, e.g. `lustre`. When using a StackHPC fat image for `source_image_name` this extends the image with just this additional functionality. -3. Activate the venv and the relevant environment. +4. Activate the venv and the relevant environment. -4. Build images using the relevant variable definition file, e.g.: +5. Build images using the relevant variable definition file, e.g.: cd packer/ PACKER_LOG=1 /usr/bin/packer build -on-error=ask -var-file=$PKR_VAR_environment_root/builder.pkrvars.hcl openstack.pkr.hcl @@ -52,7 +53,7 @@ To build either a site-specific fat image from scratch, or to extend an existing then delete the failed volume, select cancelling the build when Packer queries, and then retry. This is [Openstack bug 1823445](https://bugs.launchpad.net/cinder/+bug/1823445). -5. The built image will be automatically uploaded to OpenStack with a name prefixed `openhpc` and including a timestamp and a shortened git hash. +6. The built image will be automatically uploaded to OpenStack with a name prefixed `openhpc` and including a timestamp and a shortened git hash. # Build Process diff --git a/environments/.stackhpc/inventory/group_vars/builder.yml b/environments/.stackhpc/inventory/group_vars/builder.yml index b12e81826..5130e9d84 100644 --- a/environments/.stackhpc/inventory/group_vars/builder.yml +++ b/environments/.stackhpc/inventory/group_vars/builder.yml @@ -13,3 +13,7 @@ # Alternatively, configure to use ark directly: dnf_repos_username: slurm-app-ci dnf_repos_password: "{{ lookup('env','ARK_PASSWORD') }}" + +# Can be set regardless of approach above: +pulp_site_upstream_username: slurm-app-ci +pulp_site_upstream_password: "{{ lookup('ansible.builtin.env', 'ARK_PASSWORD') }}" diff --git a/environments/common/inventory/group_vars/all/pulp.yml b/environments/common/inventory/group_vars/all/pulp.yml index 02b7aa816..22bb83216 100644 --- a/environments/common/inventory/group_vars/all/pulp.yml +++ b/environments/common/inventory/group_vars/all/pulp.yml @@ -1 +1,11 @@ pulp_site_port: 8080 + +# If using Ark directly (no local Pulp server), override the following with Ark creds + +# dnf_repos_username: +# dnf_repos_password: + +# If instead using local Pulp server, override below with Ark creds + +# pulp_site_upstream_username: +# pulp_site_upstream_password: From 9c41725c64d1a14bd4247bbd7c06daa4835e4240 Mon Sep 17 00:00:00 2001 From: wtripp180901 <78219569+wtripp180901@users.noreply.github.com> Date: Mon, 16 Dec 2024 12:29:58 +0000 Subject: [PATCH 41/45] bump images --- .../.stackhpc/terraform/cluster_image.auto.tfvars.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/environments/.stackhpc/terraform/cluster_image.auto.tfvars.json b/environments/.stackhpc/terraform/cluster_image.auto.tfvars.json index 8659f3e90..989b9f9bb 100644 --- a/environments/.stackhpc/terraform/cluster_image.auto.tfvars.json +++ b/environments/.stackhpc/terraform/cluster_image.auto.tfvars.json @@ -1,6 +1,6 @@ { "cluster_image": { - "RL8": "openhpc-RL8-241213-1402-a2a705c9", - "RL9": "openhpc-RL9-241213-1402-a2a705c9" + "RL8": "openhpc-RL8-241216-1146-18b220e1", + "RL9": "openhpc-RL9-241216-1146-18b220e1" } } From 6c74a1e15fcfe809b28a3bd7d5bc582b90175105 Mon Sep 17 00:00:00 2001 From: wtripp180901 Date: Mon, 16 Dec 2024 15:51:29 +0000 Subject: [PATCH 42/45] repos now controlled by groups + possible during configure + guarded against cred leaks --- ansible/bootstrap.yml | 14 ++++++++++++++ ansible/disable-repos.yml | 8 ++++++++ ansible/fatimage.yml | 18 +----------------- ansible/site.yml | 1 + environments/common/inventory/groups | 2 +- 5 files changed, 25 insertions(+), 18 deletions(-) create mode 100644 ansible/disable-repos.yml diff --git a/ansible/bootstrap.yml b/ansible/bootstrap.yml index 733d4b3f8..a504f3545 100644 --- a/ansible/bootstrap.yml +++ b/ansible/bootstrap.yml @@ -110,6 +110,20 @@ policy: "{{ selinux_policy }}" register: sestatus +- hosts: dnf_repos + become: yes + tasks: + - name: Check that creds won't be leaked to users + ansible.builtin.assert: + that: dnf_repos_password is undefined + fail_msg: Passwords should not be templated into repofiles during configure, unset 'dnf_repos_password' + when: appliances_mode == 'configure' + - name: Replace system repos with pulp repos + ansible.builtin.include_role: + name: dnf_repos + tasks_from: set_repos.yml + when: ansible_distribution_major_version == "9" #TODO update role once RL8 config decided + # --- tasks after here require access to package repos --- - hosts: squid tags: squid diff --git a/ansible/disable-repos.yml b/ansible/disable-repos.yml new file mode 100644 index 000000000..d7dc4fd55 --- /dev/null +++ b/ansible/disable-repos.yml @@ -0,0 +1,8 @@ +- hosts: dnf_repos + become: yes + tasks: + - name: Disable pulp repos + ansible.builtin.include_role: + name: dnf_repos + tasks_from: disable_repos.yml + when: ansible_distribution_major_version == "9" #TODO update role once RL8 config decided diff --git a/ansible/fatimage.yml b/ansible/fatimage.yml index 5d84fcf90..4c8367816 100644 --- a/ansible/fatimage.yml +++ b/ansible/fatimage.yml @@ -27,15 +27,6 @@ delegate_to: localhost when: appliances_mode != 'configure' -- hosts: dnf_repos - become: yes - tasks: - - name: Replace system repos with pulp repos - ansible.builtin.include_role: - name: dnf_repos - tasks_from: set_repos.yml - when: appliances_mode != 'configure' and ansible_distribution_major_version == "9" #TODO update role once RL8 config decided - - import_playbook: bootstrap.yml - name: Run post-bootstrap.yml hook @@ -229,14 +220,7 @@ import_role: name: doca -- hosts: dnf_repos - become: yes - tasks: - - name: Disable pulp repos - ansible.builtin.include_role: - name: dnf_repos - tasks_from: disable_repos.yml - when: appliances_mode != 'configure' and ansible_distribution_major_version == "9" #TODO update role once RL8 config decided +- import_playbook: disable_repos.yml - name: Run post.yml hook vars: diff --git a/ansible/site.yml b/ansible/site.yml index bb379399d..222ee8697 100644 --- a/ansible/site.yml +++ b/ansible/site.yml @@ -27,6 +27,7 @@ - import_playbook: slurm.yml - import_playbook: portal.yml - import_playbook: monitoring.yml +- import_playbook: disable_repos.yml - name: Run post.yml hook vars: diff --git a/environments/common/inventory/groups b/environments/common/inventory/groups index 6f77eeab5..062276f76 100644 --- a/environments/common/inventory/groups +++ b/environments/common/inventory/groups @@ -147,8 +147,8 @@ freeipa_client [dnf_repos:children] # Hosts to replace system repos with Pulp repos +# Warning: when using Ark directly rather than a local Pulp server, adding hosts other than `builder` will leak Ark creds to users builder [pulp] # Add builder to this group to enable automatically syncing of pulp during image build -# Warning: when using Ark directly rather than a local Pulp server, adding hosts other than `builder` risks leaking Ark creds From 2357a730d060ad43289d022024de118093984017 Mon Sep 17 00:00:00 2001 From: wtripp180901 Date: Mon, 16 Dec 2024 15:58:58 +0000 Subject: [PATCH 43/45] typo --- ansible/fatimage.yml | 2 +- ansible/site.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/ansible/fatimage.yml b/ansible/fatimage.yml index 4c8367816..55e56e612 100644 --- a/ansible/fatimage.yml +++ b/ansible/fatimage.yml @@ -220,7 +220,7 @@ import_role: name: doca -- import_playbook: disable_repos.yml +- import_playbook: disable-repos.yml - name: Run post.yml hook vars: diff --git a/ansible/site.yml b/ansible/site.yml index 222ee8697..d973d9cb3 100644 --- a/ansible/site.yml +++ b/ansible/site.yml @@ -27,7 +27,7 @@ - import_playbook: slurm.yml - import_playbook: portal.yml - import_playbook: monitoring.yml -- import_playbook: disable_repos.yml +- import_playbook: disable-repos.yml - name: Run post.yml hook vars: From bf6f3680ec49906cc48b170b003c67627e62aca4 Mon Sep 17 00:00:00 2001 From: wtripp180901 <78219569+wtripp180901@users.noreply.github.com> Date: Mon, 16 Dec 2024 17:59:43 +0000 Subject: [PATCH 44/45] bump --- .../.stackhpc/terraform/cluster_image.auto.tfvars.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/environments/.stackhpc/terraform/cluster_image.auto.tfvars.json b/environments/.stackhpc/terraform/cluster_image.auto.tfvars.json index 989b9f9bb..7c59abf36 100644 --- a/environments/.stackhpc/terraform/cluster_image.auto.tfvars.json +++ b/environments/.stackhpc/terraform/cluster_image.auto.tfvars.json @@ -1,6 +1,6 @@ { "cluster_image": { - "RL8": "openhpc-RL8-241216-1146-18b220e1", - "RL9": "openhpc-RL9-241216-1146-18b220e1" + "RL8": "openhpc-RL8-241216-1607-2357a730", + "RL9": "openhpc-RL9-241216-1607-2357a730" } } From 7fe3ca5b2b6ec7f005012f919c799bbe11257eec Mon Sep 17 00:00:00 2001 From: wtripp180901 <78219569+wtripp180901@users.noreply.github.com> Date: Tue, 17 Dec 2024 15:08:13 +0000 Subject: [PATCH 45/45] docs suggestions Co-authored-by: Steve Brasier <33413598+sjpb@users.noreply.github.com> --- docs/experimental/pulp.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/experimental/pulp.md b/docs/experimental/pulp.md index e0f32cdc1..6d30bec6b 100644 --- a/docs/experimental/pulp.md +++ b/docs/experimental/pulp.md @@ -1,11 +1,11 @@ # Pulp Server -In order to ensure reproducible builds, the appliance can build images using repository mirrors from StackHPC's "Ark" Pulp server. The appliance can sync relevant repositories to a local Pulp server which will then be used instead of Ark. Using a local Pulp can be enabled by adding `pulp` to the build groups and overriding `appliances_pulp_url` to point at the local Pulp's URL. +In order to ensure reproducible builds, the appliance can build images using repository mirrors from StackHPC's "Ark" Pulp server. The appliance can sync relevant repositories to a local Pulp server which will then be used instead of Ark. ## Deploying/configuring Pulp Server ### Deploying a Pulp server -A playbook is provided to install and configure a Pulp server on a given host. Admin credentials for this server are automatically generated through the `ansible/adhoc/generate-passwords.yml' playbook. This can be run with +A playbook is provided to install and configure a Pulp server on a given host. Admin credentials for this server are automatically generated through the `ansible/adhoc/generate-passwords.yml` playbook. This can be run with `ansible-playbook ansible/adhoc/deploy-pulp.yml -e "pulp_server="` where `target_host` is any resolvable host. This will print a Pulp URL which can be copied to your environments as appropriate. Ensure that the server is accessible on the specified port. Note access to this server's content isn't authenticated so assumes the server is deployed behind a secure network.