From 2d1d92cfb05ae80f7065b5aea4976aa2a0f300fe Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Thorsten=20M=C3=BCller?= Date: Mon, 19 Apr 2021 15:02:38 +0200 Subject: [PATCH] cleanup --- .gitignore | 2 + docker_htcondor.yml | 98 +++++++++++++++++++++ docker_setup.yml | 56 ++++++++++++ inv.yml | 1 + play.yml | 205 ++++---------------------------------------- singularity.yml | 18 ++++ 6 files changed, 192 insertions(+), 188 deletions(-) create mode 100644 .gitignore create mode 100644 docker_htcondor.yml create mode 100644 docker_setup.yml create mode 100644 singularity.yml diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..d3d1782 --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +.*.swp +*.retry diff --git a/docker_htcondor.yml b/docker_htcondor.yml new file mode 100644 index 0000000..2e1d051 --- /dev/null +++ b/docker_htcondor.yml @@ -0,0 +1,98 @@ +- name: "htcondor docker image" + file: + path: "/container/docker-images/htcondor" + state: directory + owner: thoto + group: docker + mode: "u=rwx,g=rwx,o=rx" + +- copy: + dest: "/container/docker-images/htcondor/Dockerfile" + src: "htcondor.Dockerfile" + owner: thoto + group: docker + register: cp_dockerfile + +- docker_image: + name: "htcondor" +# pull: False + build: + pull: False + path: "/container/docker-images/htcondor" + source: build + force_source: "{{cp_dockerfile.changed}}" + +- name: "copy htcondor container configuration" + copy: + src: "conf/{{item}}/" + dest: "/container/volumes/{{item}}/" + owner: thoto + group: docker + mode: "u=rwx,g=rwx" + with_items: [ "cm", "exec", "sub", "common"] + +- name: "check if pool shared secret exists" + stat: + path: "/container/volumes/common/passwords.d/POOL" + register: pool_pw + +- block: + - name: "create temporary password store" + tempfile: + state: directory + register: pool_pw_tmp + + - name: "generate pool password" + copy: + dest: "{{pool_pw_tmp.path}}/poolpw" + content: "{{lookup('password','/dev/null')}}" + no_log: True + + - name: "install pool password" + docker_container: + name: "condor-common" + image: htcondor + state: started + volumes: + - "/container/volumes/common/:/etc/condor/:rw" + - "{{pool_pw_tmp.path}}:/tmp/poolpw:ro" + detach: False + cleanup: True + command: "condor_store_cred add -c -i /tmp/poolpw/poolpw" + + always: + - name: "remove temporary password store" + file: + path: "{{pool_pw_tmp.path}}" + state: absent + when: pool_pw_tmp is defined and pool_pw_tmp.path + when: not pool_pw.stat.exists + +- name: "sync common files to individual containers" + copy: + remote_src: True + force: True + src: "/container/volumes/common/" + dest: "/container/volumes/{{item}}/" + with_items: [ "cm", "exec", "sub"] + +- name: "run htcondor containers" + docker_container: + name: "condor-cm" + image: htcondor + state: started + detach: True + cleanup: True + volumes: + - "/container/volumes/cm/:/etc/condor/:rw" +# auto_remove: True +# mounts: +# src: /container/volumes/cm/ +# dest: /etc/condor/ + + +#- add_host: +# hostname: foo +# ansible_connection: docker_api +# docker_host: ssh://ed-c7-1.virt.magni.thoto.net + diff --git a/docker_setup.yml b/docker_setup.yml new file mode 100644 index 0000000..60c065a --- /dev/null +++ b/docker_setup.yml @@ -0,0 +1,56 @@ +- name: "install docker yum repository" + get_url: + url: "https://download.docker.com/linux/centos/docker-ce.repo" + dest: "/etc/yum.repos.d/docker-ce.repo" + checksum: sha256:8ab5599eef0afcac10cbd3e8670873efee20fcceb5fb3526a62edeade603cec7 + +- yum: + name: [ "docker-ce", "python-docker-py" ] # latter for ansible modules + state: present + +- name: "partition container image disk" + parted: + device: /dev/vdb + number: 1 + state: present +# fs_type: xfs + +- filesystem: + dev: /dev/vdb1 + fstype: xfs + opts: "-L image-store" + +- mount: + path: "/container" + src: "/dev/vdb1" + fstype: xfs + opts: "noatime" + state: mounted + +- file: + path: "/container/docker" + state: directory + owner: root + group: root + mode: "u=rwx,g=x,o=x" + +- name: "link docker configuration to new container partition" + file: + path: "/var/lib/docker" + src: "/container/docker" + state: link + owner: root + group: root + mode: "u=rwx,g=x,o=x" + +- name: "enable docker service in systemd" + service: + name: docker + enabled: True + state: started + +- name: "fix user privileges to run docker" + user: + name: thoto + groups: docker + append: True diff --git a/inv.yml b/inv.yml index 7a96607..102b3c7 100644 --- a/inv.yml +++ b/inv.yml @@ -3,4 +3,5 @@ all: ed-c7-1: ansible_user: root ansible_host: ed-c7-1.virt.magni.thoto.net + ssh_args: -o ControlMaster=auto -o ControlPersist=60s # ansible_host: 192.168.122.139 diff --git a/play.yml b/play.yml index deae3c4..a626f1b 100644 --- a/play.yml +++ b/play.yml @@ -1,200 +1,29 @@ --- - hosts: ed-c7-1 tasks: -# - copy: -# dest: /etc/profile.d/vim-alias.sh -# content: "alias vim=/usr/bin/vi" - - yum: - name: - - vim-enhanced - - htop - - screen + - name: "install tools" + yum: + name: [ "vim-enhanced", "htop", "screen" ] state: present - - yum: + - name: "install htcondor repo" + yum: name: https://research.cs.wisc.edu/htcondor/repo/8.9/htcondor-release-current.el7.noarch.rpm state: present - - yum: - name: htcondor-ce + - name: "install htcondor software and minicondor configuration" + yum: + name: [ "htcondor-ce", "minicondor" ] state: present - # FIXME - - yum: - name: minicondor - state: present + - name: "setup singularity" + import_tasks: "singularity.yml" + tags: singularity - - yum: - name: singularity - state: present - tags: "singularity" + - name: "setup docker" + import_tasks: "docker_setup.yml" + tags: docker - # enable fakeroot in singularity - - sysctl: - name: user.max_user_namespaces - value: "15000" - sysctl_file: /etc/sysctl.d/90-max_net_namespaces.conf - tags: "singularity" - -# - shell: -# command: singularity config fakeroot --add thoto - - name: "enable user thoto for fakeroot access" - lineinfile: - line: "thoto:4294836224:65536" - dest: "{{item}}" - with_items: ["/etc/subuid", "/etc/subgid"] - tags: "singularity" - - - block: - - get_url: - url: "https://download.docker.com/linux/centos/docker-ce.repo" - dest: "/etc/yum.repos.d/docker-ce.repo" - checksum: sha256:8ab5599eef0afcac10cbd3e8670873efee20fcceb5fb3526a62edeade603cec7 - - - yum: - name: docker-ce - state: present - - - parted: - device: /dev/vdb - number: 1 - state: present - # fs_type: xfs - - - filesystem: - dev: /dev/vdb1 - fstype: xfs - opts: "-L image-store" - - - mount: - path: "/container" - src: "/dev/vdb1" - fstype: xfs - opts: "noatime" - state: mounted - - - file: - path: "/container/docker" - state: directory - owner: root - group: root - mode: "u=rwx,g=x,o=x" - - - file: - path: "/var/lib/docker" - src: "/container/docker" - state: link - owner: root - group: root - mode: "u=rwx,g=x,o=x" - - - service: - name: docker - enabled: True - state: started - - - user: - name: thoto - groups: docker - append: True - - - yum: - name: python-docker-py - state: present - tags: "docker" - - - block: - - file: - path: "/container/docker-images/htcondor" - state: directory - owner: thoto - group: docker - mode: "u=rwx,g=rwx,o=rx" - - - copy: - dest: "/container/docker-images/htcondor/Dockerfile" - src: "htcondor.Dockerfile" - owner: thoto - group: docker - register: cp_dockerfile - - - docker_image: - name: "htcondor" -# pull: False - build: - pull: False - path: "/container/docker-images/htcondor" - source: build - force_source: "{{cp_dockerfile.changed}}" - - - copy: - src: "conf/{{item}}/" - dest: "/container/volumes/{{item}}/" - owner: thoto - group: docker - mode: "u=rwx,g=rwx" - with_items: [ "cm", "exec", "sub", "common"] - - - name: "check if pool shared secret exists" - stat: - path: "/container/volumes/common/passwords.d/POOL" - register: pool_pw - - - block: - - name: "create temporary password store" - tempfile: - state: directory - register: pool_pw_tmp - - - name: "generate pool password" - copy: - dest: "{{pool_pw_tmp.path}}/poolpw" - content: "{{lookup('password','/dev/null')}}" - no_log: True - - - name: "install pool password" - docker_container: - name: "condor-common" - image: htcondor - state: started - volumes: - - "/container/volumes/common/:/etc/condor/:rw" - - "{{pool_pw_tmp.path}}:/tmp/poolpw:ro" - detach: False - cleanup: True - command: "condor_store_cred add -c -i /tmp/poolpw/poolpw" - - always: - - file: - path: "{{pool_pw_tmp.path}}" - state: absent - when: pool_pw_tmp is defined and pool_pw_tmp.path - when: not pool_pw.stat.exists - - - name: "sync common files to individual containers" - copy: - remote_src: True - force: True - src: "/container/volumes/common/" - dest: "/container/volumes/{{item}}/" - with_items: [ "cm", "exec", "sub"] - - - docker_container: - name: "condor-cm" - image: htcondor - state: started - detach: True - cleanup: True - volumes: - - "/container/volumes/cm/:/etc/condor/:rw" -# auto_remove: True -# mounts: -# src: /container/volumes/cm/ -# dest: /etc/condor/ - - -# - add_host: -# hostname: foo -# ansible_connection: docker_api -# docker_host: ssh://ed-c7-1.virt.magni.thoto.net - tags: "docker-con" + - name: "setup htcondor test environment in docker containers" + import_tasks: "docker_htcondor.yml" + tags: docker-con diff --git a/singularity.yml b/singularity.yml new file mode 100644 index 0000000..57d2ee2 --- /dev/null +++ b/singularity.yml @@ -0,0 +1,18 @@ +- yum: + name: singularity + state: present + +- name: "enable user namespaces for singularity fakeroot function" + sysctl: + name: user.max_user_namespaces + value: "15000" + sysctl_file: /etc/sysctl.d/90-max_net_namespaces.conf + +- name: "enable user thoto for fakeroot access" + lineinfile: + line: "thoto:4294836224:65536" + dest: "{{item}}" + with_items: ["/etc/subuid", "/etc/subgid"] +# the task above idempotentially does the same as: +#- shell: +# command: singularity config fakeroot --add thoto