rc issueshttps://gitlab.rc.uab.edu/groups/rc/-/issues2020-03-20T15:53:15-05:00https://gitlab.rc.uab.edu/rc/rabbitmq_agents/-/issues/19Create prod agent stubs2020-03-20T15:53:15-05:00Ravi TripathiCreate prod agent stubs*Created by: rtripath89*
*Created by: rtripath89*
https://gitlab.rc.uab.edu/rc/rc-mail-template/-/issues/1Non-breaking space in `mail_config.py`2021-04-05T16:09:52-05:00William E WarrinerNon-breaking space in `mail_config.py`UTF-8 Character U+200B is present in the file `mail_config.py`. One way to remove it is by using notepad++.
1. Encoding > ANSI
2. Find the string `​` and replace with nothing
3. Encoding > UTF-8
4. SaveUTF-8 Character U+200B is present in the file `mail_config.py`. One way to remove it is by using notepad++.
1. Encoding > ANSI
2. Find the string `​` and replace with nothing
3. Encoding > UTF-8
4. Savehttps://gitlab.rc.uab.edu/rc/rabbitmq_agents/-/issues/108Lowercase User Accounts and Email Addresses2021-08-05T11:47:22-05:00Ravi TripathiLowercase User Accounts and Email Addresses*Created by: flakrat*
The code should lowercase user account names and Email addresses. Ex:
```shell
./create_account.py LoveCamelCase LoveCamelCase@MYDOM.COM "My Name" "I want to join your fabulous org"
```
The resulting user I...*Created by: flakrat*
The code should lowercase user account names and Email addresses. Ex:
```shell
./create_account.py LoveCamelCase LoveCamelCase@MYDOM.COM "My Name" "I want to join your fabulous org"
```
The resulting user ID should be: lovecamelcase
And Mail: lovecamelcase@mydom.comhttps://gitlab.rc.uab.edu/rc/devops/-/issues/1OOD 2.0 Deployment on virtual node2023-10-30T12:14:52-05:00Clyde Allan McClungOOD 2.0 Deployment on virtual node# 07/18/22 Deploy:
## Commands:
``` shell
pbook=ood; sudo ansible-playbook -i hosts -l "v007," ood.yaml -t ${pbook} -b -v | tee -a log/v007-${pbook}-$(date +"%Y%m%d_%H%M%S").out; unset pbook
pbook=ood_auth_regex; sudo ansible-playbook...# 07/18/22 Deploy:
## Commands:
``` shell
pbook=ood; sudo ansible-playbook -i hosts -l "v007," ood.yaml -t ${pbook} -b -v | tee -a log/v007-${pbook}-$(date +"%Y%m%d_%H%M%S").out; unset pbook
pbook=ood_auth_regex; sudo ansible-playbook -i hosts -l "v007," ood.yaml -t ${pbook} -b -v | tee -a log/v007-${pbook}-$(date +"%Y%m%d_%H%M%S").out; unset pbook
pbook=ood_uab_ui; sudo ansible-playbook -i hosts -l "v007," ood.yaml -t ${pbook} -b -v | tee -a log/v007-${pbook}-$(date +"%Y%m%d_%H%M%S").out; unset pbook
pbook=ood_easter_egg; sudo ansible-playbook -i hosts -l "v007," ood.yaml -t ${pbook} -b -v | tee -a log/v007-${pbook}-$(date +"%Y%m%d_%H%M%S").out; unset pbook
pbook=ood_shib_install; sudo ansible-playbook -i hosts -l "v007," ood-build.yaml -t ${pbook} -b -v | tee -a log/v007-${pbook}-$(date +"%Y%m%d_%H%M%S").out; unset pbook
pbook=ood_shib_config; sudo ansible-playbook -e 'ansible_python_interpreter=/usr/bin/python3' -i hosts -l "v007," ood-build.yaml -t ${pbook} -b -v | tee -a log/v007-${pbook}-$(date +"%Y%m%d_%H%M%S").out; unset pbook
pbook=ood_user_reg_cloud; sudo ansible-playbook -i hosts -l "v007," ood-build.yaml -t ${pbook} -b -v | tee -a log/v007-${pbook}-$(date +"%Y%m%d_%H%M%S").out; unset pbook
pbook=ood_vnc_form; sudo ansible-playbook -i hosts -l "v007," ood.yaml -t ${pbook} -b -v | tee -a log/v007-${pbook}-$(date +"%Y%m%d_%H%M%S").out; unset pbook
pbook=ood_jupyter; sudo ansible-playbook -i hosts -l "v007," ood.yaml -t ${pbook} -b -v | tee -a log/v007-${pbook}-$(date +"%Y%m%d_%H%M%S").out; unset pbook
pbook=ood_matlab; sudo ansible-playbook -i hosts -l "v007," ood.yaml -t ${pbook} -b -v | tee -a log/v007-${pbook}-$(date +"%Y%m%d_%H%M%S").out; unset pbook
pbook=ood_sas; sudo ansible-playbook -i hosts -l "v007," ood.yaml -t ${pbook} -b -v | tee -a log/v007-${pbook}-$(date +"%Y%m%d_%H%M%S").out; unset pbook
pbook=ood_ansys; sudo ansible-playbook -i hosts -l "v007," ood.yaml -t ${pbook} -b -v | tee -a log/v007-${pbook}-$(date +"%Y%m%d_%H%M%S").out; unset pbook
pbook=ood_igv; sudo ansible-playbook -i hosts -l "v007," ood.yaml -t ${pbook} -b -v | tee -a log/v007-${pbook}-$(date +"%Y%m%d_%H%M%S").out; unset pbook
pbook=ood_jupyter_lab; sudo ansible-playbook -i hosts -l "v007," ood.yaml -t ${pbook} -b -v | tee -a log/v007-${pbook}-$(date +"%Y%m%d_%H%M%S").out; unset pbook
```
---
## Changes to be made:
- install ruby, python3 on packer image
- ssl section of ood_portal.yml needs to go in a role
- fix dns search suffix on packer image (add to resolv.conf)
- add acctsvc user to v007
- change Cheaha logo & unhide easter egghttps://gitlab.rc.uab.edu/rc/devops/-/issues/3Create test domains for OOD deployments2023-02-28T10:02:19-06:00John-Paul RobinsonCreate test domains for OOD deploymentsWe need a domain for testing releases of our OOD. Ideally we would have something like:
* alpha.rc.uab.edu
* beta.rc.uab.edu
* rc.uab.edu dev.rc.uab.edu
* v165.rc.uab.edu
* v202.rc.uab.edu
* jpr.rc.uab.edu
* etc...
Where we can ha...We need a domain for testing releases of our OOD. Ideally we would have something like:
* alpha.rc.uab.edu
* beta.rc.uab.edu
* rc.uab.edu dev.rc.uab.edu
* v165.rc.uab.edu
* v202.rc.uab.edu
* jpr.rc.uab.edu
* etc...
Where we can have different deployments of our OOD app and switch between testing them easily as a team. This is an improvement on editing individual client /etc/hosts files.
This requires:
* DNS entries associated with statically allocated floating IP address
* SSL certs for the domains
* updates to the shib config to trust the domains
* etc...https://gitlab.rc.uab.edu/rc/devops/-/issues/10Install perfsonar-testpoint on all images2022-08-26T14:22:44-05:00John-Paul RobinsonInstall perfsonar-testpoint on all imagesWe want to make sure the perfsonar-testpoint bundle is installed on the images we maintain. This includes compute nodes, cloud instances (minimum those in cheaha-cloud), storage nodes (ceph), etc. This will facilitate running iperf3 t...We want to make sure the perfsonar-testpoint bundle is installed on the images we maintain. This includes compute nodes, cloud instances (minimum those in cheaha-cloud), storage nodes (ceph), etc. This will facilitate running iperf3 test between locations in our environment to gain an understanding of available network bandwidth between nodes.
We can use this for both monitoring through regular testing and for debugging in cases where performance seems slow.
The perfsonar-testpoint is bundle from the perfSonar project. Install described here:
https://docs.perfsonar.net/install_options.htmlhttps://gitlab.rc.uab.edu/rc/devops/-/issues/13Understand Bright domain search order2022-08-16T02:02:56-05:00Clyde Allan McClungUnderstand Bright domain search orderUnderstand Bright CM domain naming for the domains in the search string.
- Does the order matter?
- What is the most efficient order?Understand Bright CM domain naming for the domains in the search string.
- Does the order matter?
- What is the most efficient order?https://gitlab.rc.uab.edu/rc/devops/-/issues/14IB to Ethernet Storage routing2022-07-26T13:45:15-05:00Clyde Allan McClungIB to Ethernet Storage routingInvestigate getting Ceph to the IB interface of Cheaha compute nodes and consuming GPFS from the Ethernet segments used by the OpenStack Cheaha compute nodes.Investigate getting Ceph to the IB interface of Cheaha compute nodes and consuming GPFS from the Ethernet segments used by the OpenStack Cheaha compute nodes.https://gitlab.rc.uab.edu/rc/devops/-/issues/16Enable SSO for gitlab2022-07-26T09:32:03-05:00John-Paul RobinsonEnable SSO for gitlabWe need to enable SSO for gitlab to provide a more integrated experirence for rc.uab.edu users. A user who has an account in rc domain should be able to use gitlab with the same authn.
SSO is expected to auto-provision gitlab accounts...We need to enable SSO for gitlab to provide a more integrated experirence for rc.uab.edu users. A user who has an account in rc domain should be able to use gitlab with the same authn.
SSO is expected to auto-provision gitlab accounts. This should simplify support federated collaborator identities the use their native email domain as the account name.https://gitlab.rc.uab.edu/rc/devops/-/issues/19Deploy OOD2.0 to Production2022-08-23T10:14:06-05:00John-Paul RobinsonDeploy OOD2.0 to ProductionWe want to upgrade our production environment to OOD 2.0. It is currently at 1.6.5.
This requires:
- [ ] Do a deploy of 2.0 with all the apps currently in prod.
- [x] Figure out a plan to launch it on a separate machine from login005
- ...We want to upgrade our production environment to OOD 2.0. It is currently at 1.6.5.
This requires:
- [ ] Do a deploy of 2.0 with all the apps currently in prod.
- [x] Figure out a plan to launch it on a separate machine from login005
- [x] Bring up a target machine in Cheaha for OOD 2.0 deploy.
- [ ] Fix up the packer/ansible to get /share/apps (symlink) location in place
- [ ] env modules is missing
- [ ] File sys namespace in dev that matches prod
- [ ] IP address range restricted to RO
- [ ] Explore OSC ansible for OOD
- [ ] Create application Stubs:
- [ ] Jupyter - Pin EasyBuild release
- [ ] RStudio
- [ ] SSL section of ood_portal.yml needs to go in a role: https://github.com/jprorama/CRI_XCBC/issues/360 - @ravi89
- [ ] Add acctsvc user to v007: https://github.com/jprorama/CRI_XCBC/issues/361 @krish94
- [x] Change Cheaha logo & unhide easter egg: https://github.com/uabrc/CRI_XCBC/issues/107 @louistw
- [ ] Build packer image for CICD deployment of ood2x packer-openstack-hpc-image#8https://gitlab.rc.uab.edu/rc/devops/-/issues/21Method to support to get privileged access to fix issues in the tickets.2022-08-09T10:45:55-05:00John-Paul RobinsonMethod to support to get privileged access to fix issues in the tickets.Create docs site to track commands for sudo execution, e.g. extend jobs, add users to groups.
This is the pre-cursor to getting utilities written by documenting requirements.Create docs site to track commands for sudo execution, e.g. extend jobs, add users to groups.
This is the pre-cursor to getting utilities written by documenting requirements.https://gitlab.rc.uab.edu/rc/devops/-/issues/23Linting CI setup2022-07-26T13:04:24-05:00Bo-Chun ChenLinting CI setup- CRI_XCBC
- rabbitmq agents- CRI_XCBC
- rabbitmq agentshttps://gitlab.rc.uab.edu/rc/devops/-/issues/29Create templates for OOD app types to support app deployment2022-07-29T14:12:59-05:00John-Paul RobinsonCreate templates for OOD app types to support app deploymentWe have a number of OOD "apps" that we deploy to our instance like Matlab, Ansys, SaS and many others.
It would be good to have a template that we can use to instantiate new apps for different applications (eg. QGIS) that could be clone...We have a number of OOD "apps" that we deploy to our instance like Matlab, Ansys, SaS and many others.
It would be good to have a template that we can use to instantiate new apps for different applications (eg. QGIS) that could be cloned, customized, and pushed to it's own repo in gitlab or github.
We have been using the OSC Matlab app as a template for our desktop applications. It would be best if we had our own explicitly defined template that would serve as reference for how our apps should be written. This supports maintaining the template and getting the latest version for new apps. The new versions can be merged into existing apps as well after defined releases.
This also avoids the restrictions of explicit simple forks from an upstream on GitHub into a shared project space. You can only fork such a repo once which prevents the "templating" approach we have used.https://gitlab.rc.uab.edu/rc/devops/-/issues/31Define entitlement syntax to allow account sponsors to control resource access2022-08-30T10:48:15-05:00John-Paul RobinsonDefine entitlement syntax to allow account sponsors to control resource accessWe need a syntax to communicate entitlements for accounts. This will primarily control sponsored guest accounts, however, it could be a general mechanism to communicate access across research computing system services.
A proposal is to ...We need a syntax to communicate entitlements for accounts. This will primarily control sponsored guest accounts, however, it could be a general mechanism to communicate access across research computing system services.
A proposal is to use a URL like syntax for easy to read expressions. For example an entitlement syntax like:
uri://[service.]domain/[service|scope]/[action]
This allows an expression like the following that allows an account to use all of the services in our domain, potentially at a default authz level:
https://rc.uab.edu
It could allow a more constrained entitlement for a specific service like:
https://gitlab.rc.uab.edu
https://cheaha.rc.uab.edu
https://cloud.rc.uab.edu
The service and scope could also come into play as way to associate membership in a specific group on a specific service:
https://gitlab.rc.uab.edu/group/lab-abc
These are just some ideas, but the above examples can lead to some ambiguous expressions.
It may be helpful to understand how other systems express entitlements so that we build on a more precise foundation.
Here are some examples of entitlements used in:
* [Apple OSes](https://developer.apple.com/documentation/bundleresources/entitlements)
* [AWS Entitlement Service](https://docs.aws.amazon.com/marketplaceentitlement/latest/APIReference/Welcome.html)
* [NetIQ](https://www.netiq.com/documentation/identity-manager-47/entitlements/data/examples-for-writing-entitlements-in-identity-manager.html). These have a more XML flare that could be familiar to a SAML context.John-Paul RobinsonJohn-Paul Robinsonhttps://gitlab.rc.uab.edu/rc/devops/-/issues/33Match CoD auth with Cheaha environment.2022-09-28T09:58:48-05:00Eesaan AtluriMatch CoD auth with Cheaha environment.Issue description:
A user can still login after their account has been blocked because the cache has not been updated. This is observed on production with our account management app after we blocked or unblocked their account because of...Issue description:
A user can still login after their account has been blocked because the cache has not been updated. This is observed on production with our account management app after we blocked or unblocked their account because of the SSSD cache config updating after ~10 min.
We decided to replicate this in our CoD environment by doing the following:
- Add SSSD service in CoD
- Add LDAP authentication in CoD
- Investigate nslcd and pam-ldap.Eesaan AtluriEesaan Atlurihttps://gitlab.rc.uab.edu/rc/packer-openstack-hpc-image/-/issues/7Install perfsonar-testpoint to cloud compute packer image2022-10-07T14:22:31-05:00John-Paul RobinsonInstall perfsonar-testpoint to cloud compute packer imageClyde Allan McClungClyde Allan McClunghttps://gitlab.rc.uab.edu/rc/devops/-/issues/36Explore geofence extension for ssh2022-08-30T11:17:11-05:00John-Paul RobinsonExplore geofence extension for sshRavi TripathiRavi Tripathihttps://gitlab.rc.uab.edu/rc/devops/-/issues/43Showing jobscripts in xdmod2022-08-03T14:10:48-05:00Eesaan AtluriShowing jobscripts in xdmodhttps://gitlab.rc.uab.edu/rc/devops/-/issues/45Favicon not showing in Chrome2022-08-03T15:36:07-05:00Bo-Chun ChenFavicon not showing in Chromehttps://gitlab.rc.uab.edu/rc/devops/-/issues/58Method to track software install requests2022-08-09T13:10:11-05:00John-Paul RobinsonMethod to track software install requestsThis is about a way to request and prioritize application installs on the cluster. We have the build account for constructing builds via easybuild or by hand.
We need a way to initiate those builds and verify build task completion to d...This is about a way to request and prioritize application installs on the cluster. We have the build account for constructing builds via easybuild or by hand.
We need a way to initiate those builds and verify build task completion to deploy software.
We could maintain an issue in a build project and each issue initiates a CI pipeline that triggers the app build. If the app builds successfully the CI validates as a green checkmark.
This would let us merge the issue into the main branch that defines the current app release configuration of cheaha.