diff --git a/ansible/roles/compute_init/README.md b/ansible/roles/compute_init/README.md index 70fa82229..e18a3a7ee 100644 --- a/ansible/roles/compute_init/README.md +++ b/ansible/roles/compute_init/README.md @@ -46,7 +46,7 @@ it also requires an image build with the role name added to the | bootstrap.yml | (system users) | None required - use image build | No | | bootstrap.yml | systemd | None required - use image build | No | | bootstrap.yml | selinux | None required - use image build | Maybe [1] | -| bootstrap.yml | sshd | None at present | No | +| bootstrap.yml | sshd | Fully supported | No | | bootstrap.yml | dnf_repos | None at present [2] | - | | bootstrap.yml | squid | Not relevant for compute nodes | n/a | | bootstrap.yml | tuned | Fully supported | No | @@ -63,7 +63,7 @@ it also requires an image build with the role name added to the | hooks/post-bootstrap.yml | ? | None at present | n/a | | iam.yml | freeipa_client | None at present [3] | Yes | | iam.yml | freeipa_server | Not relevant for compute nodes | n/a | -| iam.yml | sssd | None at present | No | +| iam.yml | sssd | Fully supported | No | | filesystems.yml | block_devices | None required - role deprecated | n/a | | filesystems.yml | nfs | All client functionality | No | | filesystems.yml | manila | All functionality | No [4] | diff --git a/ansible/roles/compute_init/files/compute-init.yml b/ansible/roles/compute_init/files/compute-init.yml index 0d6d9fd86..4d95aede2 100644 --- a/ansible/roles/compute_init/files/compute-init.yml +++ b/ansible/roles/compute_init/files/compute-init.yml @@ -9,6 +9,8 @@ enable_compute: "{{ os_metadata.meta.compute | default(false) | bool }}" enable_resolv_conf: "{{ os_metadata.meta.resolv_conf | default(false) | bool }}" enable_etc_hosts: "{{ os_metadata.meta.etc_hosts | default(false) | bool }}" + enable_sssd: "{{ os_metadata.meta.sssd | default(false) | bool }}" + enable_sshd: "{{ os_metadata.meta.sshd | default(false) | bool }}" enable_tuned: "{{ os_metadata.meta.tuned | default(false) | bool }}" enable_nfs: "{{ os_metadata.meta.nfs | default(false) | bool }}" enable_manila: "{{ os_metadata.meta.manila | default(false) | bool }}" @@ -132,6 +134,21 @@ mode: 0644 when: enable_etc_hosts + - name: Configure sssd + ansible.builtin.include_role: + name: sssd + tasks_from: configure.yml + vars: + sssd_conf_src: "/mnt/cluster/hostconfig/{{ ansible_hostname }}/sssd.conf" + when: enable_sssd + + - name: Configure sshd + ansible.builtin.include_role: + name: sshd + vars: + sshd_conf_src: "/mnt/cluster/hostconfig/{{ ansible_hostname }}/sshd.conf" + when: enable_sshd + - name: Configure tuned include_tasks: tasks/tuned.yml when: enable_tuned diff --git a/ansible/roles/compute_init/tasks/export.yml b/ansible/roles/compute_init/tasks/export.yml index d1682208f..124a03510 100644 --- a/ansible/roles/compute_init/tasks/export.yml +++ b/ansible/roles/compute_init/tasks/export.yml @@ -71,3 +71,24 @@ remote_src: true run_once: true delegate_to: "{{ groups['control'] | first }}" + +- name: Create hostconfig directory + file: + path: "/exports/cluster/hostconfig/{{ inventory_hostname }}/" + state: directory + owner: root + group: root + mode: u=rw,go= + delegate_to: "{{ groups['control'] | first }}" + +- name: Template sssd config + import_role: + name: sssd + tasks_from: export.yml + when: "'sssd' in group_names" + +- name: Template sshd config + import_role: + name: sshd + tasks_from: export.yml + when: "'sshd' in group_names" diff --git a/ansible/roles/compute_init/tasks/install.yml b/ansible/roles/compute_init/tasks/install.yml index 77cddf0a8..292b2e57c 100644 --- a/ansible/roles/compute_init/tasks/install.yml +++ b/ansible/roles/compute_init/tasks/install.yml @@ -13,6 +13,7 @@ - library - filter_plugins - tasks + - roles - name: Inject files from roles copy: @@ -32,6 +33,10 @@ dest: files/NetworkManager-dns-none.conf - src: ../../basic_users/filter_plugins/filter_keys.py dest: filter_plugins/filter_keys.py + - src: ../../sssd + dest: roles/ + - src: ../../sshd + dest: roles/ - src: ../../tuned/tasks/configure.yml dest: tasks/tuned.yml - src: ../../stackhpc.nfs/tasks/nfs-clients.yml diff --git a/ansible/roles/sshd/tasks/export.yml b/ansible/roles/sshd/tasks/export.yml new file mode 100644 index 000000000..0c153ca94 --- /dev/null +++ b/ansible/roles/sshd/tasks/export.yml @@ -0,0 +1,9 @@ +# Exclusively used for compute-init +- name: Inject host specific config template + template: + src: "{{ sshd_conf_src }}" + dest: "/exports/cluster/hostconfig/{{ inventory_hostname }}/sshd.conf" + owner: root + group: root + mode: u=rw,go= + delegate_to: "{{ groups['control'] | first }}" diff --git a/ansible/roles/sssd/tasks/configure.yml b/ansible/roles/sssd/tasks/configure.yml index 94760730a..c8ebd829e 100644 --- a/ansible/roles/sssd/tasks/configure.yml +++ b/ansible/roles/sssd/tasks/configure.yml @@ -30,5 +30,6 @@ - name: "Ensure oddjob is started" service: name: oddjobd - state: "{{ sssd_enable_mkhomedir }}" - enabled: "{{ sssd_enable_mkhomedir }}" + state: 'started' + enabled: true + when: sssd_enable_mkhomedir | bool \ No newline at end of file diff --git a/ansible/roles/sssd/tasks/export.yml b/ansible/roles/sssd/tasks/export.yml new file mode 100644 index 000000000..0be66749e --- /dev/null +++ b/ansible/roles/sssd/tasks/export.yml @@ -0,0 +1,9 @@ +# Exclusively used for compute-init +- name: Inject host specific config template + template: + src: "{{ sssd_conf_src }}" + dest: "/exports/cluster/hostconfig/{{ inventory_hostname }}/sssd.conf" + owner: root + group: root + mode: u=rw,go= + delegate_to: "{{ groups['control'] | first }}" \ No newline at end of file