Install OpenOn Demand on login003
Initial Steps
- Clone the repo
mkdir -p ~/git/3rdparty/jprorama
cd ~/git/3rdparty/jprorama
git clone git@github.com:jprorama/CRI_XCBC.git
cd CRI_XCBC
git checkout vagrant-provision
- Change the
cluster_name
variable ingroup_vars/all
file to provide our Slurm cluster name
cluster_name: "SLURM_CLUSTER"
- Populate the
htpasswd
file
perl -pi -e 's/^vagrant.*//g;' htpasswd
for user in $(getent group atlab | awk -F: '{print $4}' | tr ',' ' ' | sed 's/\<puri\>//g; s/\<pavgi\>//g'); do
pass="$(rand_passwd.rb -l 12)";
echo "$user: $pass";
echo "$pass" | htpasswd -i ./roles/ood/files/htpasswd $user ;
done
- Edit the
hosts
file to add login003 to the ood group
[headnode]
ohpc ansible_connection=local
[headnode:vars]
sshgroup=headnode
[ood]
login003
[ood:vars]
sshgroup=ood
[compute]
c1
[compute:vars]
sshgroup=compute
- Test running the role
ood
sudo ansible-playbook -i hosts -l "login003," ood.yaml -t ood -b -v --check
- Run the
ood
role for real
sudo ansible-playbook -i hosts -l "login003," ood.yaml -t ood -b -v | tee -a login003.out
Post Processing
The following changes should be made on login003
References:
- https://osc.github.io/ood-documentation/master/installation/add-cluster-config.html
- https://osc.github.io/ood-documentation/master/installation/resource-manager/slurm.html
- https://osc.github.io/ood-documentation/master/enable-desktops.html
- https://osc.github.io/ood-documentation/master/app-development/interactive/setup.html#app-development-interactive-setup
Misc
- Change the
host_regex
in/etc/ood/config/ood_portal.yml
to reflect Cheaha compute node naming convention along with enabling reverse proxy:
host_regex: 'c\d+'
node_uri: '/node'
rnode_uri: '/rnode'
- Run the
/opt/ood/ood-portal-generator/sbin/update_ood_portal
script to update the reverse proxy
[root@login003 ~]# /opt/ood/ood-portal-generator/sbin/update_ood_portal
sudo systemctl stop httpd24-httpd.service
sleep 15
sudo systemctl start httpd24-httpd.service
- The resulting
/opt/rh/httpd24/root/etc/httpd/conf.d/ood-portal.conf
file produced byupdate_ood_portal
#
# Open OnDemand Portal
#
# Generated using ood-portal-generator version 0.7.1
#
# !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
# !! !!
# !! DO NOT EDIT THIS FILE !!
# !! !!
# !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
#
# This file is auto-generated by ood-portal-generator and will be over-written
# in future updates.
#
# 1. To modify this file, first update the global configuration file:
#
# /etc/ood/config/ood-portal.yml
#
# You can find more information about the ood-portal-generator configuration
# at:
#
# https://osc.github.io/ood-documentation/master/infrastructure/ood-portal-generator.html
#
# 2. Then build/install the updated Apache config with:
#
# sudo /opt/ood/ood-portal-generator/sbin/update_ood_portal
#
# 3. Finally, restart Apache to have the changes take effect:
#
# # For CentOS 6
# sudo service httpd24-httpd condrestart
# sudo service httpd24-htcacheclean condrestart
#
# # For CentOS 7
# sudo systemctl try-restart httpd24-httpd.service httpd24-htcacheclean.service
#
# The Open OnDemand portal VirtualHost
#
<VirtualHost *:80>
# Lua configuration
#
LuaRoot "/opt/ood/mod_ood_proxy/lib"
LogLevel lua_module:info
# Log authenticated user requests (requires min log level: info)
LuaHookLog logger.lua logger
# Authenticated-user to system-user mapping configuration
#
SetEnv OOD_USER_MAP_CMD "/opt/ood/ood_auth_map/bin/ood_auth_map.regex"
# Per-user Nginx (PUN) configuration
# NB: Apache will need sudo privs to control the PUNs
#
SetEnv OOD_PUN_STAGE_CMD "sudo /opt/ood/nginx_stage/sbin/nginx_stage"
#
# Below is used for sub-uri's this Open OnDemand portal supports
#
# Serve up publicly available assets from local file system:
#
# http://localhost:80/public/favicon.ico
# #=> /var/www/ood/public/favicon.ico
#
Alias "/public" "/var/www/ood/public"
<Directory "/var/www/ood/public">
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>
# Reverse proxy traffic to backend webserver through IP sockets:
#
# http://localhost:80/node/HOST/PORT/index.html
# #=> http://HOST:PORT/node/HOST/PORT/index.html
#
<LocationMatch "^/node/(?<host>c\d+)/(?<port>\d+)">
AuthType Basic
AuthName "Private"
AuthUserFile "/opt/rh/httpd24/root/etc/httpd/.htpasswd"
RequestHeader unset Authorization
Require valid-user
# ProxyPassReverse implementation
Header edit Location "^[^/]+//[^/]+" ""
# ProxyPassReverseCookieDomain implemenation
Header edit* Set-Cookie ";\s*(?i)Domain[^;]*" ""
# ProxyPassReverseCookiePath implementation
Header edit* Set-Cookie ";\s*(?i)Path[^;]*" ""
Header edit Set-Cookie "^([^;]+)" "$1; Path=/node/%{MATCH_HOST}e/%{MATCH_PORT}e"
LuaHookFixups node_proxy.lua node_proxy_handler
</LocationMatch>
# Reverse "relative" proxy traffic to backend webserver through IP sockets:
#
# http://localhost:80/rnode/HOST/PORT/index.html
# #=> http://HOST:PORT/index.html
#
<LocationMatch "^/rnode/(?<host>c\d+)/(?<port>\d+)(?<uri>/.*|)">
AuthType Basic
AuthName "Private"
AuthUserFile "/opt/rh/httpd24/root/etc/httpd/.htpasswd"
RequestHeader unset Authorization
Require valid-user
# ProxyPassReverse implementation
Header edit Location "^([^/]+//[^/]+)|(?=/)" "/rnode/%{MATCH_HOST}e/%{MATCH_PORT}e"
# ProxyPassReverseCookieDomain implemenation
Header edit* Set-Cookie ";\s*(?i)Domain[^;]*" ""
# ProxyPassReverseCookiePath implementation
Header edit* Set-Cookie ";\s*(?i)Path[^;]*" ""
Header edit Set-Cookie "^([^;]+)" "$1; Path=/rnode/%{MATCH_HOST}e/%{MATCH_PORT}e"
LuaHookFixups node_proxy.lua node_proxy_handler
</LocationMatch>
# Reverse proxy traffic to backend PUNs through Unix domain sockets:
#
# http://localhost:80/pun/dev/app/simulations/1
# #=> unix:/path/to/socket|http://localhost/pun/dev/app/simulations/1
#
SetEnv OOD_PUN_URI "/pun"
<Location "/pun">
AuthType Basic
AuthName "Private"
AuthUserFile "/opt/rh/httpd24/root/etc/httpd/.htpasswd"
RequestHeader unset Authorization
Require valid-user
ProxyPassReverse "http://localhost/pun"
# ProxyPassReverseCookieDomain implementation (strip domain)
Header edit* Set-Cookie ";\s*(?i)Domain[^;]*" ""
# ProxyPassReverseCookiePath implementation (less restrictive)
Header edit* Set-Cookie ";\s*(?i)Path\s*=(?-i)(?!\s*/pun)[^;]*" "; Path=/pun"
SetEnv OOD_PUN_SOCKET_ROOT "/var/run/nginx"
SetEnv OOD_PUN_MAX_RETRIES "5"
LuaHookFixups pun_proxy.lua pun_proxy_handler
</Location>
# Control backend PUN for authenticated user:
# NB: See mod_ood_proxy for more details.
#
# http://localhost:80/nginx/stop
# #=> stops the authenticated user's PUN
#
SetEnv OOD_NGINX_URI "/nginx"
<Location "/nginx">
AuthType Basic
AuthName "Private"
AuthUserFile "/opt/rh/httpd24/root/etc/httpd/.htpasswd"
RequestHeader unset Authorization
Require valid-user
LuaHookFixups nginx.lua nginx_handler
</Location>
# Redirect root URI to specified URI
#
# http://localhost:80/
# #=> http://localhost:80/pun/sys/dashboard
#
RedirectMatch ^/$ "/pun/sys/dashboard"
# Redirect logout URI to specified redirect URI
#
# http://localhost:80/logout
# #=> http://localhost:80/pun/sys/dashboard/logout
#
Redirect "/logout" "/pun/sys/dashboard/logout"
</VirtualHost>
Scheduler
- Edit the
/etc/ood/config/clusters.d/SLURM_CLUSTER.yml
as follows
---
v2:
metadata:
title: "Cheaha"
login:
host: "cheaha.rc.uab.edu"
job:
adapter: "slurm"
cluster: "SLURM_CLUSTER"
bin: "/cm/shared/apps/slurm/current/bin"
conf: "/etc/slurm/slurm.conf"
batch_connect:
basic:
script_wrapper: |
module purge
%s
set_host: "host=$(hostname -s)"
vnc:
script_wrapper: |
module purge
export PATH="/opt/TurboVNC/bin:$PATH"
export WEBSOCKIFY_CMD="/usr/bin/websockify"
%s
set_host: "host=$(hostname -s)"
Firewall
Update the Shorewall firewall script to open ports 80 and 443/tcp
--- /root/shorewall-rules 2018-11-05 16:59:36.892740618 -0600
+++ /etc/shorewall/rules 2018-11-03 01:07:02.716874943 -0500
@@ -50,6 +50,7 @@
#ACCEPT net fw udp 53
# -- Serve Web
-#ACCEPT net fw tcp 80 # CMWEBPORTAL
+ACCEPT net fw tcp 80 # CMWEBPORTAL
+ACCEPT net fw tcp 443 # CMWEBPORTAL
#
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
Enable Interactive Desktop
Run the following steps on the Cheaha master node
- Add the TurboVNC repo to the compute node images
cd /cm/images
for img in $(ls -d gpfs* | grep -v 74 | grep -v login); do
echo $img;
sudo wget https://turbovnc.org/pmwiki/uploads/Downloads/TurboVNC.repo -O /cm/images/$img/etc/yum.repos.d/TurboVNC.repo;
done
- Remove TigerVNC from the compute node images
cd /cm/images
for img in $(ls -d gpfs* | grep -v 74 | grep -v login); do
echo $img;
sudo sudo yum --installroot=/cm/images/$img remove -y tigervnc-server-minimal;
done
- Remove TigerVNC from the compute nodes
sudo ansible computenodes -m yum -a 'name=tigervnc-server-minimal state=absent'
- Install TurboVNC into the compute node images
cd /cm/images
for img in $(ls -d gpfs* | grep -v 74 | grep -v login); do
echo $img;
sudo sudo yum --installroot=/cm/images/$img install -y turbovnc;
done
- Install TurboVNC on the compute nodes
sudo ansible computenodes -m yum -a 'name=turbovnc state=present'
Install Websockify
-
Reference: https://github.com/novnc/websockify
-
Install python-websockify into the compute node images
cd /cm/images
for img in $(ls -d gpfs* | grep -v 74 | grep -v login); do
echo $img;
sudo sudo yum --installroot=/cm/images/$img install -y python-websockify;
done
- Install python-websockify on the compute nodes
sudo ansible computenodes -m yum -a 'name=python-websockify state=present'
Configure the Slurm Job Defaults
- Reference: https://osc.github.io/ood-documentation/master/enable-desktops/custom-job-submission.html
Configure the Desktop
-
If necessary, the HPC Desktop web form can be configured using these instructions: https://osc.github.io/ood-documentation/master/app-development/interactive/form.html#app-development-interactive-form
-
Install xfce into the compute node images
cd /cm/images
for img in $(ls -d gpfs* | grep -v 74 | grep -v login); do
echo $img;
sudo sudo yum --installroot=/cm/images/$img groupinstall -y xfce;
done
- Install xfce and the X Windows Subsystem on the compute nodes
sudo ansible computenodes -m shell -a 'yum -y groupinstall xfce'
sudo ansible computenodes -m shell -a 'yum -y groupinstall "X window system"'
Start Apache
- Start the
httpd24-httpd.service
service
[root@login003 ~]# systemctl start httpd24-httpd.service
[root@login003 ~]# systemctl status httpd24-httpd.service
● httpd24-httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd24-httpd.service; disabled; vendor preset: disabled)
Drop-In: /etc/systemd/system/httpd24-httpd.service.d
└─ood.conf
Active: active (running) since Wed 2018-10-31 15:45:01 CDT; 6s ago
Main PID: 30012 (httpd)
Status: "Processing requests..."
CGroup: /system.slice/httpd24-httpd.service
├─30012 /opt/rh/httpd24/root/usr/sbin/httpd -DFOREGROUND
├─30033 PassengerWatchdog
├─30036 PassengerHelperAgent
├─30042 PassengerLoggingAgent
├─30051 /opt/rh/httpd24/root/usr/sbin/httpd -DFOREGROUND
├─30052 /opt/rh/httpd24/root/usr/sbin/httpd -DFOREGROUND
├─30053 /opt/rh/httpd24/root/usr/sbin/httpd -DFOREGROUND
├─30054 /opt/rh/httpd24/root/usr/sbin/httpd -DFOREGROUND
└─30055 /opt/rh/httpd24/root/usr/sbin/httpd -DFOREGROUND
Oct 31 15:45:01 login003 systemd[1]: Starting The Apache HTTP Server...
Oct 31 15:45:01 login003 systemd[1]: Started The Apache HTTP Server.