refactor: Modify roles in cheaha.yml to enable a proxy

This will enable a standalone VM to interact with cluster so it can act as a proxy for services. eg. OOD,SSH etc.

refactor: Modify roles in cheaha.yml to enable a proxy
This will enable a standalone VM to interact with cluster so it can act as a proxy for services. eg. OOD,SSH etc.
2cc186ed · Eesaan Atluri · 2818a776 · 2cc186ed · 2cc186ed · 2cc186ed
Commit 2cc186ed authored 6 months ago by Eesaan Atluri
--- a/ansible/group_vars/all
+++ b/ansible/group_vars/all
@@ -4,9 +4,20 @@
  yum_repo_files: []
  pkg_list: []
  slurm_version: 18.08.9
 # NHC related
  nhc_download_url: "https://github.com/mej/nhc/releases/download/1.4.3/lbnl-nhc-1.4.3-1.el7.noarch.rpm"
  nhc_download_path: "/tmp"
  nhc_git_repo: "https://gitlab.rc.uab.edu/rc/nhc.git"
  nhc_git_repo_path: "/tmp/nhc"
+  root_ssh_key: ""
+  hostname_lookup_table:
+    - "172.20.0.24 cheaha-master02.cm.cluster cheaha-master02"
+    - "172.20.0.22 cheaha-master01.cm.cluster cheaha-master01"
+    - "172.20.0.25 master.cm.cluster master localmaster.cm.cluster localmaster ldapserver.cm.cluster ldapserver"
+  bright_openldap_path: "/cm/local/apps/openldap"
+  ldap_cert_path: "{{bright_openldap_path}}/etc/certs"
--- a/ansible/group_vars/proxy
+++ b/ansible/group_vars/proxy
+---
+  hostname_lookup_table:
+    - "10.141.255.254 master.cm.cluster master localmaster.cm.cluster localmaster ldapserver.cm.cluster ldapserver"
+  ldap_cert_path: "/etc/openldap/certs"
+  mount_points:
+    - /gpfs4
+    - /gpfs5
--- a/ansible/roles/cheaha.node/tasks/main.yml
+++ b/ansible/roles/cheaha.node/tasks/main.yml
@@ -4,9 +4,7 @@
    path: /etc/hosts
    line: "{{ item }}"
  loop:
-    - "172.20.0.24 cheaha-master02.cm.cluster cheaha-master02"
+    "{{ hostname_lookup_table }}"
-    - "172.20.0.22 cheaha-master01.cm.cluster cheaha-master01"
-    - "172.20.0.25 master.cm.cluster master localmaster.cm.cluster localmaster ldapserver.cm.cluster ldapserver"
 - name: Add proper DNS search to lookup other nodes on the cluster
  ansible.builtin.lineinfile:
@@ -25,6 +23,7 @@
    owner: root
    group: root
    mode: 0644
+  when: "'cm.repo' in yum_repo_files"
 - name: Add ssh key for root access
  ansible.posix.authorized_key:

--- a/ansible/roles/ldap_config/tasks/main.yml
+++ b/ansible/roles/ldap_config/tasks/main.yml
@@ -25,7 +25,7 @@
 - name: Copy ldap cert(s) into place
  ansible.builtin.copy:
    src: "{{ item.src }}"
-    dest: "/cm/local/apps/openldap/etc/certs/{{ item.src }}"
+    dest: "{{ ldap_cert_path }}/{{ item.src }}"
    owner: ldap
    group: ldap
    mode: 0440
@@ -46,5 +46,6 @@
  ansible.builtin.service:
    name: "{{ item }}"
    enabled: yes
+    state: restarted
  loop:
    - nslcd
--- a/ansible/roles/nfs_mounts/tasks/autofs.yml
+++ b/ansible/roles/nfs_mounts/tasks/autofs.yml
+---
+- name: Create base directories
+  ansible.builtin.file:
+    path: "{{ item.dir }}"
+    state: directory
+    mode: "{{ item.mode }}"
+  loop:
+    - { dir: /local, mode: '0777' }
+    - { dir: /scratch, mode: '0755' }
+    - { dir: /share, mode: '0755' }
+    - { dir: /data/rc/apps, mode: '0755' } # this is only required for the symlink to be happy
+    - { dir: /data/user, mode: '0755' }
+    - { dir: /data/project, mode: '0755' }
+- name: Remove unused entry in master map
+  ansible.builtin.replace:
+    dest: /etc/auto.master
+    regexp: '{{ item.regexp }}'
+    replace: '{{ item.replace }}'
+    backup: true
+  loop:
+    - { regexp: '^(/misc)', replace: '#\1' }
+    - { regexp: '^(/net)', replace: '#\1' }
+    - { regexp: '^(\+auto.master)', replace: '#\1' }
+- name: Add master map file
+  ansible.builtin.lineinfile:
+    path: "/etc/auto.master.d/gpfs.autofs"
+    line: "{{ item.mount_point }} /etc/auto.{{ item.map_name }}"
+    create: yes
+  loop:
+    - { mount_point: "/cm/shared", map_name: "cm-share" }
+    - { mount_point: "/data/project", map_name: "data-project" }
+    - { mount_point: "/data/user", map_name: "data-user" }
+    - { mount_point: "/data/rc/apps", map_name: "data-rc-apps" }
+    - { mount_point: "/-", map_name: "scratch" }
+    - { mount_point: "/home", map_name: "home" }
+- name: Set up autofs map files
+  ansible.builtin.lineinfile:
+    path: "/etc/auto.{{ item.map_name }}"
+    line: "{{ item.key }} -{{ item.opts }} {{ item.src }}"
+    create: true
+  loop:
+    - { map_name: "cm-share", key: "*", src: "gpfs.rc.uab.edu:/data/cm/shared-8.2/&", opts: "fstype=nfs,vers=3,_netdev,defaults" }
+    - { map_name: "data-project", key: "*", src: "gpfs.rc.uab.edu:/data/project/&", opts: "fstype=nfs,vers=3,_netdev,defaults" }
+    - { map_name: "data-user", key: "*", src: "gpfs.rc.uab.edu:/data/user/&", opts: "fstype=nfs,vers=3,_netdev,local_lock=posix,defaults" }
+    - { map_name: "data-rc-apps", key: "*", src: "gpfs.rc.uab.edu:/data/rc/apps/&", opts: "fstype=nfs,vers=3,_netdev,defaults" }
+    - { map_name: "scratch", key: "/scratch", src: "gpfs.rc.uab.edu:/scratch", opts: "fstype=nfs,vers=3,_netdev,local_lock=posix,defaults" }
+    - { map_name: "home", key: "*", src: ":/data/user/home/&", opts: 'fstype=bind' }
+- name: Create symbolic links
+  ansible.builtin.file:
+    src: "{{ item.src }}"
+    dest: "{{ item.dest }}"
+    owner: root
+    group: root
+    force: yes
+    state: link
+  loop:
+    - { src: /data/rc/apps, dest: /share/apps }
+- name: Enable autofs service
+  ansible.builtin.service:
+    name: autofs
+    enabled: true
--- a/ansible/roles/nfs_mounts/tasks/fstab.yml
+++ b/ansible/roles/nfs_mounts/tasks/fstab.yml
+---
+- name: Create base directories
+  ansible.builtin.file:
+    path: "{{ item }}"
+    state: directory
+    mode: '0755'
+  loop:
+    "{{ mount_points }}"
+- name: Make an entry in the fstab
+  ansible.posix.mount:
+    src: "master:{{ item }}"
+    path: "{{ item }}"
+    opts: rw,sync,hard
+    state: present
+    fstype: nfs
+  loop:
+    "{{ mount_points }}"
--- a/ansible/roles/nfs_mounts/tasks/main.yml
+++ b/ansible/roles/nfs_mounts/tasks/main.yml
 ---
- name: Create base directories
+- name: nfs_mounts using fstab
-  ansible.builtin.file:
+  include_tasks: fstab.yml
-    path: "{{ item.dir }}"
+  when: "'proxy' in group_names"
-    state: directory
-    mode: "{{ item.mode }}"
-  loop:
-    - { dir: /local, mode: '0777' }
-    - { dir: /scratch, mode: '0755' }
-    - { dir: /share, mode: '0755' }
-    - { dir: /data/rc/apps, mode: '0755' } # this is only required for the symlink to be happy
-    - { dir: /data/user, mode: '0755' }
-    - { dir: /data/project, mode: '0755' }
- name: Remove unused entry in master map
+- name: nfs_mounts using autofs
-  ansible.builtin.replace:
+  include_tasks: autofs.yml
-    dest: /etc/auto.master
+  when: "'proxy' not in group_names"
-    regexp: '{{ item.regexp }}'
-    replace: '{{ item.replace }}'
-    backup: true
-  loop:
-    - { regexp: '^(/misc)', replace: '#\1' }
-    - { regexp: '^(/net)', replace: '#\1' }
-    - { regexp: '^(\+auto.master)', replace: '#\1' }
- name: Add master map file
-  ansible.builtin.lineinfile:
-    path: "/etc/auto.master.d/gpfs.autofs"
-    line: "{{ item.mount_point }} /etc/auto.{{ item.map_name }}"
-    create: yes
-  loop:
-    - { mount_point: "/cm/shared", map_name: "cm-share" }
-    - { mount_point: "/data/project", map_name: "data-project" }
-    - { mount_point: "/data/user", map_name: "data-user" }
-    - { mount_point: "/data/rc/apps", map_name: "data-rc-apps" }
-    - { mount_point: "/-", map_name: "scratch" }
-    - { mount_point: "/home", map_name: "home" }
- name: Set up autofs map files
-  ansible.builtin.lineinfile:
-    path: "/etc/auto.{{ item.map_name }}"
-    line: "{{ item.key }} -{{ item.opts }} {{ item.src }}"
-    create: true
-  loop:
-    - { map_name: "cm-share", key: "*", src: "gpfs.rc.uab.edu:/data/cm/shared-8.2/&", opts: "fstype=nfs,vers=3,_netdev,defaults" }
-    - { map_name: "data-project", key: "*", src: "gpfs.rc.uab.edu:/data/project/&", opts: "fstype=nfs,vers=3,_netdev,defaults" }
-    - { map_name: "data-user", key: "*", src: "gpfs.rc.uab.edu:/data/user/&", opts: "fstype=nfs,vers=3,_netdev,local_lock=posix,defaults" }
-    - { map_name: "data-rc-apps", key: "*", src: "gpfs.rc.uab.edu:/data/rc/apps/&", opts: "fstype=nfs,vers=3,_netdev,defaults" }
-    - { map_name: "scratch", key: "/scratch", src: "gpfs.rc.uab.edu:/scratch", opts: "fstype=nfs,vers=3,_netdev,local_lock=posix,defaults" }
-    - { map_name: "home", key: "*", src: ":/data/user/home/&", opts: 'fstype=bind' }
- name: Create symbolic links
-  ansible.builtin.file:
-    src: "{{ item.src }}"
-    dest: "{{ item.dest }}"
-    owner: root
-    group: root
-    force: yes
-    state: link
-  loop:
-    - { src: /data/rc/apps, dest: /share/apps }
- name: Enable autofs service
-  ansible.builtin.service:
-    name: autofs
-    enabled: true