.gitlab-ci.yml

+image:
+  name: docker:20.10.17
+
+variables:
+  CAMPUS_IP: 138.26.48.47
+  CHEAHA_IP: 172.20.10.9
+  TEST_IP: 138.26.49.134
+  ANSIBLE_REMOTE_TMP: "/tmp"
+  AWS_DEFAULT_REGION: "bhm"
+  AWS_HOST: "s3.lts.rc.uab.edu"
+  OS_AUTH_TYPE: "v3applicationcredential"
+  OS_AUTH_URL: "https://keystone.cloud.rc.uab.edu:5000/v3"
+  OS_IDENTITY_API_VERSION: "3"
+  OS_INTERFACE: "public"
+  OS_REGION_NAME: "bhm1"
+  PKR_VAR_flavor: "m1.small"
+  PKR_VAR_source_image: "CentOS-7-x86_64-GenericCloud-2009"
+  PKR_VAR_floating_ip_network: "uab-campus"
+  PKR_VAR_security_groups: '["allow-ssh"]'
+  PKR_VAR_skip_create_image: "false"
+  PKR_VAR_ssh_username: "centos"
+  PKR_VAR_networks: '["ec11e2be-8fac-46cf-8fa2-9dffb74ba5df"]'
+  GIT_AUTHOR_NAME: "Gitlab runner"
+  GIT_AUTHOR_EMAIL: "gitlab@runner"
+  NUM_SERVER_TO_KEEP: 5
+  NUM_IMAGE_TO_KEEP: 30
+  PACKER_VER: 1.8.3
+  PKR_VAR_root_ssh_key: "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBAFqqWgmYpEaGtHBeTu27ntVJpYjwq/x5aBefrvfhk8Z9lE3cuZ26vJ9n/9tGE4Zn2Pew1mpZgi6PzfJ3vMt8yA= root@master"
+  DEV_KEY: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCpncAcYosVHt7HsUcE2XOYDuCi4HQnmFJv279LOcpZgXtZ6o0BM1fe5FgJS0X1ohBXQUFRuYJuJSW/GSmC1K8T+wCrKjZLJdMbqrubHV27diUZfdoVkoJy1vcAQF5nEcoTC7MpAFbBomdn2rsrpgQe8DGiURV7+soqybXV1OsIR3FFf6npnUaskHYT/oVtG9eBOnscyBxoVgbxzlmyoBLXED/sHKFw4nQSF/glYKEFiDu6TRTsBBEGvv23Qo/66QpQiFJ6TNfApNiyY9L1X+Dy8EWU6lozmNgwGDjXQ70Lr6xHnA0QGVALJlHXa6QjpgtpC5Nefsdvtf1hpfFo2VutpbSB+aq9jk3gWNN+XkhrWN5PiwP7YYJNw/WozyfL+IhwjfHZGxkuws+wGR6ZKxlX9W9Vrsq9ncYNKuhy2SdsR6s2XECQtrEQ6ZlX5jRt6Yh5M9ls5fMsWEqknDPmr1Ui6wV7NxprYngo9fLSdYO/ETIO3S6PB0aEHOZOyGitGaM06EmNpvjQn/QkkaVgt/O8wKL1o1AVzXhDMAFvtG6ejppV6kuTUHXFgSGZF6N9fnP91HuytyzC09F+NMWcmnRdrgXlHapjuuL3zzi+XLCQvk8+aYTzBKx1nU2FPMDRZ9sInGmqdTuM002E7qVbaCy4OxcWaAS/L2UVhGnHr+egYw== louistw@uab.edu"
+
+stages:
+  - pre-build
+  - build
+  - test
+  - deploy
+
+workflow:
+  rules:
+    - if: $CI_PIPELINE_SOURCE == 'merge_request_event'
+    - if: $CI_PIPELINE_SOURCE == 'schedule'
+
+build_docker_image:
+  stage: pre-build
+  services:
+    - docker:20.10.16-dind
+  tags:
+    - dind
+  before_script:
+    - export BUILD_DATE=$(TZ=America/Chicago date +%Y%m%d)
+    - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
+  script:
+    - |
+      wget https://releases.hashicorp.com/packer/$PACKER_VER/packer_${PACKER_VER}_linux_amd64.zip -O packer.zip
+      unzip packer.zip
+      rm packer.zip
+    - docker build -t $CI_REGISTRY_IMAGE:$BUILD_DATE -t $CI_REGISTRY_IMAGE:latest .
+    - >
+      docker run --rm $CI_REGISTRY_IMAGE bash -c
+      'ansible --version &&
+      openstack --version &&
+      packer version &&
+      s3cmd --version'
+    - docker push --all-tags $CI_REGISTRY_IMAGE
+  rules:
+    - if: $CI_PIPELINE_SOURCE == "merge_request_event"
+      changes:
+        - Dockerfile
+      allow_failure: true
+
+build_image:
+  image: $CI_REGISTRY_IMAGE:latest
+  stage: build
+  environment:
+    name: knightly
+  tags:
+    - build
+  script:
+    - |
+      if [ ! -d $CI_PROJECT_DIR/CRI_XCBC ]; then
+        git clone https://github.com/uabrc/CRI_XCBC.git
+        cd CRI_XCBC
+        git remote add upstream https://github.com/jprorama/CRI_XCBC.git
+        cd ..
+      fi
+    - cd CRI_XCBC
+    - git config user.name "${GIT_AUTHOR_NAME}"
+    - git config user.email "${GIT_AUTHOR_EMAIL}"
+    - git fetch --all
+    - git fetch origin '+refs/pull/*/head:refs/remotes/origin/pr/*'
+    - git fetch upstream '+refs/pull/*/head:refs/remotes/upstream/pr/*'
+    - git checkout uab-prod
+    - git merge origin/uab-prod
+    - git checkout -b integration
+    - git merge upstream/dev
+    - export CRI_XCBC_HEAD=$(git rev-parse --short HEAD)
+    - export CRI_XCBC_dev=$(git rev-parse --short upstream/dev)
+    - export CRI_XCBC_prod=$(git rev-parse --short origin/uab-prod)
+    - cd ..
+    - export PACKER_IMAGE_HEAD=$(git rev-parse --short HEAD)
+    - export BUILD_DATE=$(TZ=America/Chicago date +%Y%m%d)
+    - echo CRI_XCBC_HEAD=${CRI_XCBC_HEAD} | tee -a $CI_PROJECT_DIR/image.env
+    - echo CRI_XCBC_dev=${CRI_XCBC_dev} | tee -a $CI_PROJECT_DIR/image.env
+    - echo CRI_XCBC_prod=${CRI_XCBC_prod} | tee -a $CI_PROJECT_DIR/image.env
+    - echo PACKER_IMAGE_HEAD=${PACKER_IMAGE_HEAD} | tee -a $CI_PROJECT_DIR/image.env
+    - echo BUILD_DATE=${BUILD_DATE} | tee -a $CI_PROJECT_DIR/image.env
+    - >
+      curl --header "PRIVATE-TOKEN: ${ANSIBLE_VAR_TOKEN}"
+      "${CI_API_V4_URL}/projects/2836/repository/files/knightly/raw?ref=main"
+      -o CRI_XCBC/group_vars/knightly
+    - s3cmd get --force -r --host=$AWS_HOST --host-bucket=$AWS_HOST s3://cheaha-cloud-ansible-files/ ansible/files/
+    - 'sed -i -E "s/(lts_access_key: ).*/\1\"${AWS_ACCESS_KEY_ID}\"/" CRI_XCBC/group_vars/knightly'
+    - 'sed -i -E "s/(lts_secret_key: ).*/\1\"${AWS_SECRET_ACCESS_KEY}\"/" CRI_XCBC/group_vars/knightly'
+    - 'sed -i -E "s/(user_register_app_key: ).*/\1\"${SELF_REG_APP_KEY}\"/" CRI_XCBC/group_vars/knightly'
+    - 'sed -i -E "s/(celery_user_password: ).*/\1\"${CELERY_PASSWD}\"/" CRI_XCBC/group_vars/knightly'
+    - packer validate openstack-ood
+    - |
+      if [ $CI_PIPELINE_SOURCE == 'merge_request_event' ]; then
+        export PKR_VAR_image_name="ood-PR-${CI_MERGE_REQUEST_IID}"
+        echo OOD_INSTANCE_NAME="ood-PR-${CI_MERGE_REQUEST_IID}" | tee -a $CI_PROJECT_DIR/image.env
+        export FLOATING_IP=$(openstack floating ip create uab-campus -f value -c floating_ip_address)
+        echo FLOATING_IP=$FLOATING_IP | tee -a $CI_PROJECT_DIR/image.env
+        sed -i -E "s/(ood_servername: ).*/\1\"$CI_COMMIT_REF_SLUG.$FLOATING_IP.nip.io\"/" CRI_XCBC/group_vars/knightly
+      elif [ $CI_PIPELINE_SOURCE == 'schedule' ]; then
+        export PKR_VAR_image_name="ood-${BUILD_DATE}"
+        echo OOD_INSTANCE_NAME="ood-knightly" | tee -a $CI_PROJECT_DIR/image.env
+        echo FLOATING_IP=$TEST_IP | tee -a $CI_PROJECT_DIR/image.env
+      fi
+    - >
+      PKR_VAR_build_instance_name="ood-${CRI_XCBC_HEAD}"
+      PKR_VAR_image_date_suffix=false
+      packer build -machine-readable openstack-ood | tee ood_build.log
+    - export BUILT_OOD_IMAGE_ID=$(grep 'Image:' ood_build.log | awk '{print $4}')
+    - echo BUILT_OOD_IMAGE_ID=${BUILT_OOD_IMAGE_ID} | tee -a $CI_PROJECT_DIR/image.env
+    - openstack image set --property CRI_XCBC_prod=${CRI_XCBC_prod} --property CRI_XCBC_dev=${CRI_XCBC_dev} --property PACKER_IMAGE_HEAD=${PACKER_IMAGE_HEAD} ${BUILT_OOD_IMAGE_ID}
+  artifacts:
+    reports:
+      dotenv: image.env
+
+test:
+  image: $CI_REGISTRY_IMAGE:latest
+  stage: test
+  environment:
+    name: knightly
+  tags:
+    - build
+  script:
+    - OLD_INSTANCE_IP=$(openstack floating ip list --floating-ip-address $CHEAHA_IP -c "Fixed IP Address" -f value)
+    - echo $OLD_INSTANCE_IP
+    - |
+      if [ ! -z $OLD_INSTANCE_IP ]; then
+        export OLD_INSTANCE_ID=$(openstack server list --name $OOD_INSTANCE_NAME --ip $OLD_INSTANCE_IP -c ID -f value)
+      fi
+    - echo OLD_INSTANCE_ID=$OLD_INSTANCE_ID | tee -a instance.env
+    - |
+      cat > user_data.txt << OEOF
+      #!/bin/bash
+      cat > /etc/resolv.conf << EOF
+      search openstack.internal cm.cluster rc.uab.edu ib.cluster drac.cluster eth.cluster ib-hdr.cluster
+      nameserver 172.20.0.25
+      EOF
+      echo "$DEV_KEY" >> /root/.ssh/authorized_keys
+      ip route replace default via 10.250.0.3 dev eth0
+      ip route add 172.20.0.0/16 via 10.250.0.1 dev eth0
+      mkdir -p /run/shibboleth
+      chown shibd:shibd /run/shibboleth
+      pip3 install s3cmd
+      s3cmd get --force -r --access_key=$AWS_ACCESS_KEY_ID --secret_key=$AWS_SECRET_ACCESS_KEY --host=$AWS_HOST --host-bucket=$AWS_HOST s3://knightly-key/ /etc/ssh/
+      mount | grep home || mount /home
+      OEOF
+    - >
+      export NEW_INSTANCE_ID=$(openstack server create
+      -c id -f value --image $BUILT_OOD_IMAGE_ID
+      --network openstack-cheaha-internal
+      --security-group ood-https-ports
+      --security-group allow-ssh
+      --user-data user_data.txt
+      --flavor m1.medium
+      --wait
+      $OOD_INSTANCE_NAME)
+    - echo NEW_INSTANCE_ID=$NEW_INSTANCE_ID | tee -a instance.env
+    - openstack server add floating ip $NEW_INSTANCE_ID $FLOATING_IP
+    - >
+      curl --retry 10 --retry-delay 20 --retry-connrefused https://knightly.rc.uab.edu/Shibboleth.sso/Metadata --resolve knightly.rc.uab.edu:443:$FLOATING_IP -kf
+      || (openstack server delete $NEW_INSTANCE_ID && openstack image delete $BUILT_OOD_IMAGE_ID && false)
+    - |
+      if [ $CI_PIPELINE_SOURCE = "schedule" ]; then
+        openstack server remove floating ip $NEW_INSTANCE_ID $FLOATING_IP
+      fi
+  artifacts:
+    reports:
+      dotenv: instance.env
+
+deploy_review:
+  image: $CI_REGISTRY_IMAGE:latest
+  stage: deploy
+  script:
+    - echo "Deploy Review App"
+  environment:
+    name: review/$CI_COMMIT_REF_SLUG
+    url: https://$CI_COMMIT_REF_SLUG.$FLOATING_IP.nip.io
+    on_stop: stop_review
+    auto_stop_in: 2 days
+  tags:
+    - build
+  rules:
+    - if: $CI_MERGE_REQUEST_ID
+
+stop_review:
+  image: $CI_REGISTRY_IMAGE:latest
+  stage: deploy
+  script:
+    - openstack server delete $NEW_INSTANCE_ID
+    - openstack image delete $BUILT_OOD_IMAGE_ID
+    - openstack floating ip delete $FLOATING_IP
+  environment:
+    name: review/$CI_COMMIT_REF_SLUG
+    action: stop
+  tags:
+    - build
+  rules:
+    - if: $CI_MERGE_REQUEST_ID
+      when: manual
+
+deploy_knightly:
+  image: $CI_REGISTRY_IMAGE:latest
+  stage: deploy
+  environment:
+    name: knightly
+  tags:
+    - build
+  script:
+    - |
+      if [ ! -z $OLD_INSTANCE_ID ]; then
+        openstack server remove floating ip $OLD_INSTANCE_ID $CAMPUS_IP
+        openstack server remove floating ip $OLD_INSTANCE_ID $CHEAHA_IP
+      fi
+    - |
+      if [ ! -z $NEW_INSTANCE_ID ]; then
+        openstack server add floating ip $NEW_INSTANCE_ID $CAMPUS_IP
+        openstack server add floating ip $NEW_INSTANCE_ID $CHEAHA_IP
+      fi
+    - |
+      SERVER_TO_BE_DELETE=($(openstack server list --name $OOD_INSTANCE_NAME --sort-column Image --sort-descending -f value -c ID | sed -n $(($NUM_SERVER_TO_KEEP+1))',$p'))
+      IMAGE_TO_BE_DELETE=($(openstack image list --sort-column Name --sort-descending -f value -c Name | grep -P '^ood-\d{8}$' | sed -n $(($NUM_IMAGE_TO_KEEP+1))',$p'))
+      for svr in ${SERVER_TO_BE_DELETE[@]}; do
+        openstack server delete ${svr}
+      done
+      for img in ${IMAGE_TO_BE_DELETE[@]}; do
+        openstack image delete ${img}
+      done
+  only:
+    - schedules
+
+deploy_cheaha:
+  stage: deploy
+  environment:
+    name: cheaha
+  tags:
+    - build
+  script:
+    - echo "Job placeholder to deploy to Cheaha"
+  when: manual
+  only:
+    - main
+

Dockerfile

+FROM python:3.8-slim
+
+ENV S3CMD_VER=2.3.0
+ENV ANSIBLE_VER=4.10.0
+ENV OSC_VER=5.8.0
+
+ADD ./packer /usr/local/bin
+RUN apt-get update && apt-get install --no-install-recommends -y \
+    git \
+    ssh \
+    curl \
+ && rm -rf /var/lib/apt/lists/*
+RUN pip install --no-cache-dir --upgrade pip \
+ && pip install --no-cache-dir \
+    s3cmd==$S3CMD_VER \
+    ansible==$ANSIBLE_VER \
+    python-openstackclient==$OSC_VER

ansible/node-gpu.yml → ansible/base.yml

 ---
-- name: Setup node for use as a cluster host with gpu packages
+- name: Install base packages
   hosts: default
   become: true
   roles:
-    - cheaha.node
+    - { name: 'install_packages', tags: 'install_packages' }

ansible/cheaha.yml

+---
+- name: Setup node for use as a virtual cheaha node
+  hosts: default
+  become: true
+  roles:
+    - { name: 'cheaha.node', tags: 'cheaha.node' }
+    - { name: 'nfs_mounts', tags: 'nfs_mounts' }
+    - { name: 'ldap_config', tags: 'ldap_config' }
+    - { name: 'slurm_client', tags: 'slurm_client' }

ansible/compute.yml

+---
+- name: Setup node for use as a virtual compute node
+  hosts: default
+  become: true
+  roles:
+    - { name: 'install_packages', tags: 'install_packages' }
+    - { name: 'pam_slurm_adopt', tags: 'pam_slurm_adopt' }
+    - { name: 'lmod_user', tags: 'lmod_user'}
+
+- name: Setup node for use as a virtual cheaha node
+  ansible.builtin.import_playbook: cheaha.yml

ansible/files/TurboVNC.repo

+[TurboVNC]
+name=TurboVNC official RPMs
+baseurl=https://sourceforge.net/projects/turbovnc/files
+gpgcheck=1
+gpgkey=https://sourceforge.net/projects/turbovnc/files/VGL-GPG-KEY
+       https://sourceforge.net/projects/turbovnc/files/VGL-GPG-KEY-1024
+enabled=1

ansible/files/build-zsh.sh

+#!/bin/bash
+name=zsh
+version=5.9
+
+mkdir -p BUILD RPMS SOURCES SPECS SRPMS
+
+prereqs="git epel-release bzip2 xz gzip tar"
+rpm -q $prereqs
+
+if [ $? -ne 0 ]; then sudo yum -y install $prereqs; fi
+
+git clone https://src.fedoraproject.org/rpms/${name}.git
+
+cp ${name}/${name}.spec SPECS/
+cp ${name}/*.rhs SOURCES/
+cp ${name}/dot* SOURCES/
+
+# Perl may not be available, switching to sed
+#perl -pi -e 's/^(BuildRequires: glibc-langpack-ja)/#$1/g;' ${name}/${name}.spec
+sed -i '/BuildRequires: glibc-langpack-ja/s/^/#/' SPECS/${name}.spec
+
+pkgs="rpm-build $(grep -E '^BuildRequires|^Requires' SPECS/${name}.spec | awk '{print $2}' | tr '\n' ' ')"; echo $pkgs
+rpm -q $pkgs
+
+if [ $? -ne 0 ]; then sudo yum install -y $pkgs; fi
+
+if [ ! -f SOURCES/${name}-${version}.tar.xz ] ; then
+  curl -L -o SOURCES/${name}-${version}.tar.xz https://downloads.sourceforge.net/${name}/${name}-${version}.tar.xz
+fi
+
+if [ ! -f SOURCES/${name}-${version}.tar.xz.asc ] ; then
+  curl -L -o SOURCES/${name}-${version}.tar.xz.asc https://downloads.sourceforge.net/${name}/${name}-${version}.tar.xz.asc
+fi
+
+cd SOURCES
+sha512sum -c ../${name}/sources
+retval=$?
+cd -
+if [ $retval -ne 0 ]; then
+#  echo "SOURCES/${name}-${version}.tar.gz did not match checksum in ${name}/source"
+  exit 1
+fi
+
+rpmbuild --define "_topdir `pwd`" -bb SPECS/${name}.spec

ansible/files/ceph.repo

+[Ceph]
+priority=1
+name=Ceph $basearch
+baseurl=https://download.ceph.com/rpm-octopus/el7/$basearch
+enabled=1
+gpgcheck=1
+gpgkey=https://download.ceph.com/keys/release.asc
+
+[Ceph-noarch]
+priority=1
+name=Ceph noarch
+baseurl=https://download.ceph.com/rpm-octopus/el7/noarch
+enabled=1
+gpgcheck=1
+gpgkey=https://download.ceph.com/keys/release.asc
+
+[Ceph-source]
+priority=1
+name=Ceph SRPMS
+baseurl=https://download.ceph.com/rpm-octopus/el7/SRPMS
+enabled=1
+gpgcheck=1
+gpgkey=https://download.ceph.com/keys/release.asc
+

ansible/files/dell-system-update.repo

+[dell-system-update_independent]
+name=dell-system-update_independent
+baseurl=https://linux.dell.com/repo/hardware/dsu/os_independent/
+gpgcheck=1
+gpgkey=https://linux.dell.com/repo/pgp_pubkeys/0x756ba70b1019ced6.asc
+      https://linux.dell.com/repo/pgp_pubkeys/0x1285491434D8786F.asc
+     https://linux.dell.com/repo/pgp_pubkeys/0xca77951d23b66a9d.asc
+                    https://linux.dell.com/repo/pgp_pubkeys/0x3CA66B4946770C59.asc
+enabled=1
+exclude=dell-system-update*.i386
+
+[dell-system-update_dependent]
+name=dell-system-update_dependent
+mirrorlist=https://linux.dell.com/repo/hardware/dsu/mirrors.cgi?osname=el$releasever&basearch=$basearch&native=1
+gpgcheck=1
+gpgkey=https://linux.dell.com/repo/pgp_pubkeys/0x756ba70b1019ced6.asc
+      https://linux.dell.com/repo/pgp_pubkeys/0x1285491434D8786F.asc
+     https://linux.dell.com/repo/pgp_pubkeys/0xca77951d23b66a9d.asc
+                    https://linux.dell.com/repo/pgp_pubkeys/0x3CA66B4946770C59.asc
+enabled=1

ansible/files/elastic.repo

+[elastic-7.x]
+name=Elastic repository for 7.x packages
+baseurl=https://artifacts.elastic.co/packages/7.x/yum
+gpgcheck=1
+gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
+enabled=1
+autorefresh=1
+type=rpm-md

ansible/files/nux-dextop.repo

+[nux-dextop]
+name=Nux.Ro RPMs for general desktop use
+baseurl=http://li.nux.ro/download/nux/dextop/el7/$basearch/ http://mirror.li.nux.ro/li.nux.ro/nux/dextop/el7/$basearch/
+enabled=1
+gpgcheck=1
+gpgkey=http://li.nux.ro/download/nux/RPM-GPG-KEY-nux.ro
+protect=0
+
+[nux-dextop-testing]
+name=Nux.Ro RPMs for general desktop use - testing
+baseurl=http://li.nux.ro/download/nux/dextop-testing/el7/$basearch/
+enabled=0
+gpgcheck=1
+gpgkey=http://li.nux.ro/download/nux/RPM-GPG-KEY-nux.ro
+protect=0

ansible/gpu.yml

+---
+- name: Setup node for use as a cluster host with gpu drivers/pkgs
+  hosts: default
+  become: true
+  roles:
+    - { name: 'install_packages', tags: 'install_packages' }
+    - { name: 'cuda_driver', tags: 'cuda_driver' }

ansible/group_vars/all

+---
+  zsh_ver: 5.7.1
+  zsh_src_url: "https://www.zsh.org/pub/old/zsh-{{ zsh_ver }}.tar.xz"
+  yum_repo_files: []
+  pkg_list: []
+  slurm_version: 18.08.9

ansible/group_vars/compute

+---
+  yum_repo_files:
+    - TurboVNC.repo
+    - cm.repo
+  pkg_list:
+    - "Lmod"
+    - "atftp-server"
+    - "cluster-tools-dell"
+    - "cluster-tools-slave"
+    - "cm-boost"
+    - "cm-config-ceph-release-luminous"
+    - "cm-config-cm"
+    - "cm-config-dhclient"
+    - "cm-config-dracut-slave"
+    - "cm-config-grub"
+    - "cm-config-ldap-client"
+    - "cm-config-limits"
+    - "cm-config-man"
+    - "cm-config-named"
+    - "cm-config-network-slave"
+    - "cm-config-nfsclient"
+    - "cm-config-rootfiles-slave"
+    - "cm-config-selinux"
+    - "cm-config-ssh-slave"
+    - "cm-config-sysctl-slave"
+    - "cm-config-syslog-slave"
+    - "cm-config-systemd"
+    - "cm-config-xntp-slave"
+    - "cm-config-yum"
+    - "cm-curl"
+    - "cm-dhcp"
+    - "cm-freeipmi"
+    - "cm-ipmitool"
+    - "cm-ipxe-slave"
+    - "cm-libpam"
+    - "cm-libprometheus"
+    - "cm-lua"
+    - "cm-mariadb-libs"
+    - "cm-modules-init-client"
+    - "cm-openssl"
+    - "cm-python2"
+    - "cm-python36"
+    - "cm-slave"
+    - "cm-uge-client"
+    - "cmburn"
+    - "cmburn-slave"
+    - "cmdaemon"
+    - "cmdaemon-remotecm"
+    - "confuse"
+    - "env-modules"
+    - "gcc-recent"
+    - "gdb-recent"
+    - "lshw"
+    - "lua-bit32"
+    - "lua-filesystem"
+    - "lua-json"
+    - "lua-lpeg"
+    - "lua-posix"
+    - "lua-term"
+    - "mysql++"
+    - "net-snmp-recent"
+    - "node-installer-slave"
+    - "openvpn"
+    - "pbspro-ce-client"
+    - "pbspro-client"
+    - "perl-Config-IniFiles"
+    - "python-azure-sdk"
+    - "python-dogpile-cache"
+    - "python-isodate"
+    - "python-netaddr"
+    - "python-netifaces"
+    - "python-oslo-i18n-lang"
+    - "python-oslo-utils-lang"
+    - "python-setuptools_scm"
+    - "python-testtools"
+    - "python-vcrpy"
+    - "python-websockify"
+    - "python2-cffi"
+    - "python2-cinderclient"
+    - "python2-cliff"
+    - "python2-debtcollector"
+    - "python2-deprecation"
+    - "python2-fixtures"
+    - "python2-funcsigs"
+    - "python2-glanceclient"
+    - "python2-heatclient"
+    - "python2-ipaddress"
+    - "python2-keystoneauth1"
+    - "python2-keystoneclient"
+    - "python2-novaclient"
+    - "python2-openstacksdk"
+    - "python2-os-client-config"
+    - "python2-osc-lib"
+    - "python2-oslo-config"
+    - "python2-oslo-i18n"
+    - "python2-oslo-serialization"
+    - "python2-oslo-utils"
+    - "python2-pbr"
+    - "python2-positional"
+    - "python2-pyOpenSSL"
+    - "python2-pysocks"
+    - "python2-pyyaml"
+    - "python2-requests-oauthlib"
+    - "python2-requestsexceptions"
+    - "python2-rfc3986"
+    - "python2-six"
+    - "python2-stevedore"
+    - "python2-swiftclient"
+    - "sdparm"
+    - "sge-client"
+    - "shorewall"
+    - "sshpass"
+    - "swig"
+    - "turbovnc"

ansible/group_vars/gpu

+---
+  yum_repo_files: []
+  pkg_list:
+    - "cuda-dcgm"
+    - "cuda-dcgm-libs"
+    - "cuda-dcgm-nvvs"
+    - "cuda-driver"

ansible/group_vars/ood

+---
+  yum_repo_files:
+    - cm.repo
+  pkg_list:
+    - Lmod
+    - tmux
+    - vim

ansible/node.yml

----
-- name: Setup node for use as a cluster host
-  hosts: default
-  become: true
-  roles:
-    - cheaha.node

ansible/ood.yml

+---
+- name: Setup node for use as a virtual ood node
+  hosts: default
+  become: true
+  roles:
+    - { name: 'install_packages', tags: 'install_packages' }
+    - { name: 'install_zsh', tags: 'install_zsh' }
+
+- name: Setup node for use as a virtual cheaha node
+  ansible.builtin.import_playbook: cheaha.yml

ansible/roles/cheaha.node/tasks/main.yml

 ---
-# tasks file for cheaha.node
 - name: Update /etc/hosts with cluster addressing
   ansible.builtin.lineinfile:
     path: /etc/hosts
@@ -8,130 +7,24 @@
     - "172.20.0.24 cheaha-master02.cm.cluster cheaha-master02"
     - "172.20.0.22 cheaha-master01.cm.cluster cheaha-master01"
     - "172.20.0.25 master.cm.cluster master localmaster.cm.cluster localmaster ldapserver.cm.cluster ldapserver"
-- name: Install prerequisite packages
-  yum:
-    name: epel-release
-    state: present
+
+- name: Add proper DNS search to lookup other nodes on the cluster
+  ansible.builtin.lineinfile:
+    path: /etc/dhcp/dhclient.conf
+    insertbefore: BOF
+    line: 'append domain-name " cm.cluster rc.uab.edu ib.cluster drac.cluster eth.cluster ib-hdr.cluster";'
+
 - name: Disable SELinux
   ansible.posix.selinux:
     state: disabled
-- name: Copy cm.repo into place (consider making this a template)
-  ansible.builtin.copy:
-    src: cm.repo
-    dest: /etc/yum.repos.d/cm.repo
-    owner: root
-    group: root
-    mode: 0644
-- name: Copy CM repo GPG key
-  ansible.builtin.copy:
-    src: RPM-GPG-KEY-cm
-    dest: /etc/pki/rpm-gpg/RPM-GPG-KEY-cm
-    owner: root
-    group: root
-    mode: 0644
-- name: Create slurm group
-  ansible.builtin.group:
-    name: slurm
-    state: present
-    gid: 450
-- name: Create slurm user
-  ansible.builtin.user:
-    name: slurm
-    state: present
-    uid: 450
-    group: slurm
-- name: Install required packages
-  yum:
-    name:
-      - slurm-client-18.08.9-100463_cm8.2_a522576834.x86_64
-      - munge-0.5.13-139_cm8.2.x86_64
-      - openldap-servers-2.4.48-290_cm8.2
-      - Lmod-7.7.14-100054_cm8.2_4cb5624f0b.noarch
-      - cm-modules-init-client-8.2-70_cm8.2.noarch
-      - cmdaemon
-      - nss-pam-ldapd
-      - openldap-servers
-    state: present
-- name: Update nsswitch.conf to look for ldap
-  ansible.builtin.replace:
-    dest: /etc/nsswitch.conf
-    regexp: '^({{ item }}:(?!.*\bldap\b).*)$'
-    replace: '\1 ldap'
-  loop:
-    - passwd
-    - shadow
-    - group
-    - netgroup
-    - automount 
-- name: Set up NFS GPFS mount point(s)
-  ansible.posix.mount:
-    path: "{{ item.path }}"
-    src: "{{ item.src }}" 
-    fstype: "{{ item.fstype }}"
-    opts: "{{ item.opts }}" 
-    state: present
-  loop:
-    - { path: /cm/shared, src: "gpfs.rc.uab.edu:/data/cm/shared-8.2", fstype: nfs, opts: _netdev,defaults }
-    - { path: /home, src: "gpfs.rc.uab.edu:/data/user/home", fstype: nfs, opts: _netdev,defaults }
-    - { path: /data/project, src: "gpfs.rc.uab.edu:/data/project", fstype: nfs, opts: _netdev,defaults }
-    - { path: /data/user, src: "gpfs.rc.uab.edu:/data/user", fstype: nfs, opts: _netdev,defaults }
-    - { path: /data/rc/apps, src: "gpfs.rc.uab.edu:/data/rc/apps", fstype: nfs, opts: _netdev,defaults }
+  when: ansible_os_family == "RedHat"
+
 - name: Add ssh key for root access
   ansible.posix.authorized_key:
     user: root
     state: present
     key: "{{ root_ssh_key }}"
-- name: Copy munge key
-  ansible.builtin.copy:
-    src: munge.key
-    dest: /etc/munge/munge.key
-    owner: daemon
-    group: root
-    mode: 0400
-- name: Copy ldap cert(s) into place
-  ansible.builtin.copy:
-    src: "{{ item.src }}"
-    dest: "/cm/local/apps/openldap/etc/certs/{{ item.src }}"
-    owner: ldap
-    group: ldap
-    mode: 0440
-  loop:
-    - { src: ca.pem }
-    - { src: ldap.key }
-    - { src: ldap.pem }
-- name: Copy ldap config into place
-  ansible.builtin.copy:
-    src: nslcd.conf 
-    dest: /etc/nslcd.conf
-    owner: root
-    group: root
-    mode: 0600
-- name: Enable services
-  ansible.builtin.service:
-    name: "{{ item }}"
-    enabled: yes
-  loop:
-    - munge
-    - slurmd
-    - nslcd
-- name: Create base directories
-  ansible.builtin.file:
-    path: "{{ item.dir }}"
-    state: directory
-    mode: "{{ item.mode }}"
-  loop:
-    - { dir: /local, mode: '0777' }
-    - { dir: /scratch, mode: '0755' }
-    - { dir: /share, mode: '0755' }
-    - { dir: /data/rc/apps, mode: '0755' } # this is only required for the symlink to be happy
-- name: Create symbolic links
-  ansible.builtin.file:
-    src: "{{ item.src }}"
-    dest: "{{ item.dest }}"
-    owner: root
-    group: root
-    force: yes
-    state: link
-  loop:
-    - { src: /local, dest: /scratch/local }
-    - { src: /share/apps, dest: /data/rc/apps }
+
+- name: Set timezone to America/Chicago
+  community.general.timezone:
+    name: America/Chicago