cleanup

.gitignore

@@ -0,0 +1,2 @@
+.*.swp
+*.retry

docker_htcondor.yml

@@ -0,0 +1,98 @@
+- name: "htcondor docker image"
+  file:
+    path: "/container/docker-images/htcondor"
+    state: directory
+    owner: thoto
+    group: docker
+    mode: "u=rwx,g=rwx,o=rx"
+
+- copy:
+    dest: "/container/docker-images/htcondor/Dockerfile"
+    src: "htcondor.Dockerfile"
+    owner: thoto
+    group: docker
+  register: cp_dockerfile
+
+- docker_image:
+    name: "htcondor"
+#    pull: False
+    build:
+      pull: False
+      path: "/container/docker-images/htcondor"
+    source: build
+    force_source: "{{cp_dockerfile.changed}}"
+
+- name: "copy htcondor container configuration"
+  copy:
+    src: "conf/{{item}}/"
+    dest: "/container/volumes/{{item}}/"
+    owner: thoto
+    group: docker
+    mode: "u=rwx,g=rwx"
+  with_items: [ "cm", "exec", "sub", "common"]
+
+- name: "check if pool shared secret exists"
+  stat:
+    path: "/container/volumes/common/passwords.d/POOL"
+  register: pool_pw
+
+- block:
+  - name: "create temporary password store"
+    tempfile:
+      state: directory
+    register: pool_pw_tmp
+
+  - name: "generate pool password"
+    copy:
+      dest: "{{pool_pw_tmp.path}}/poolpw"
+      content: "{{lookup('password','/dev/null')}}"
+    no_log: True
+
+  - name: "install pool password"
+    docker_container:
+      name: "condor-common"
+      image: htcondor
+      state: started
+      volumes:
+      - "/container/volumes/common/:/etc/condor/:rw"
+      - "{{pool_pw_tmp.path}}:/tmp/poolpw:ro"
+      detach: False
+      cleanup: True
+      command: "condor_store_cred add -c -i /tmp/poolpw/poolpw" 
+
+  always:
+  - name: "remove temporary password store"
+    file:
+      path: "{{pool_pw_tmp.path}}"
+      state: absent
+    when: pool_pw_tmp is defined and pool_pw_tmp.path
+  when: not pool_pw.stat.exists
+
+- name: "sync common files to individual containers"
+  copy:
+    remote_src: True
+    force: True
+    src: "/container/volumes/common/"
+    dest: "/container/volumes/{{item}}/"
+  with_items: [ "cm", "exec", "sub"]
+
+- name: "run htcondor containers"
+  docker_container:
+    name: "condor-cm"
+    image: htcondor
+    state: started
+    detach: True
+    cleanup: True
+    volumes:
+    - "/container/volumes/cm/:/etc/condor/:rw"
+#    auto_remove: True
+#    mounts:
+#      src: /container/volumes/cm/
+#      dest: /etc/condor/
+
+    
+#- add_host:
+#    hostname: foo
+#    ansible_connection: docker_api
+#    docker_host: ssh://ed-c7-1.virt.magni.thoto.net
+

docker_setup.yml

@@ -0,0 +1,56 @@
+- name: "install docker yum repository"
+  get_url:
+    url: "https://download.docker.com/linux/centos/docker-ce.repo"
+    dest: "/etc/yum.repos.d/docker-ce.repo"
+    checksum: sha256:8ab5599eef0afcac10cbd3e8670873efee20fcceb5fb3526a62edeade603cec7
+
+- yum:
+    name: [ "docker-ce", "python-docker-py" ] # latter for ansible modules
+    state: present
+
+- name: "partition container image disk"
+  parted:
+    device: /dev/vdb
+    number: 1
+    state: present
+#    fs_type: xfs
+
+- filesystem:
+    dev: /dev/vdb1
+    fstype: xfs
+    opts: "-L image-store"
+
+- mount: 
+    path: "/container"
+    src: "/dev/vdb1"
+    fstype: xfs
+    opts: "noatime"
+    state: mounted
+
+- file:
+    path: "/container/docker"
+    state: directory
+    owner: root
+    group: root
+    mode: "u=rwx,g=x,o=x"
+
+- name: "link docker configuration to new container partition"
+  file:
+    path: "/var/lib/docker"
+    src: "/container/docker"
+    state: link
+    owner: root
+    group: root
+    mode: "u=rwx,g=x,o=x"
+    
+- name: "enable docker service in systemd"
+  service:
+    name: docker
+    enabled: True
+    state: started
+
+- name: "fix user privileges to run docker"
+  user:
+    name: thoto
+    groups: docker
+    append: True

inv.yml

@@ -3,4 +3,5 @@ all:
     ed-c7-1:
       ansible_user: root
       ansible_host: ed-c7-1.virt.magni.thoto.net
+      ssh_args: -o ControlMaster=auto -o ControlPersist=60s
       # ansible_host: 192.168.122.139

play.yml

@@ -1,200 +1,29 @@
 ---
 - hosts: ed-c7-1
   tasks:
-#  - copy:
-#      dest: /etc/profile.d/vim-alias.sh
-#      content: "alias vim=/usr/bin/vi"
-  - yum:
-      name: 
-        - vim-enhanced
-        - htop
-        - screen
+  - name: "install tools"
+    yum:
+      name: [ "vim-enhanced", "htop", "screen" ]
       state: present
 
-  - yum:
+  - name: "install htcondor repo"
+    yum:
       name: https://research.cs.wisc.edu/htcondor/repo/8.9/htcondor-release-current.el7.noarch.rpm
       state: present
 
-  - yum:
-      name: htcondor-ce
+  - name: "install htcondor software and minicondor configuration"
+    yum:
+      name: [ "htcondor-ce", "minicondor" ]
       state: present
 
-  # FIXME
-  - yum:
-      name: minicondor
-      state: present
+  - name: "setup singularity"
+    import_tasks: "singularity.yml"
+    tags: singularity
 
-  - yum:
-      name: singularity
-      state: present
-    tags: "singularity"
+  - name: "setup docker"
+    import_tasks: "docker_setup.yml"
+    tags: docker
 
-  # enable fakeroot in singularity
-  - sysctl:
-      name: user.max_user_namespaces
-      value: "15000"
-      sysctl_file: /etc/sysctl.d/90-max_net_namespaces.conf
-    tags: "singularity"
-
-#  - shell:
-#      command: singularity config fakeroot --add thoto
-  - name: "enable user thoto for fakeroot access"
-    lineinfile:
-      line: "thoto:4294836224:65536"
-      dest: "{{item}}"
-    with_items: ["/etc/subuid", "/etc/subgid"]
-    tags: "singularity"
-
-  - block:
-    - get_url:
-        url: "https://download.docker.com/linux/centos/docker-ce.repo"
-        dest: "/etc/yum.repos.d/docker-ce.repo"
-        checksum: sha256:8ab5599eef0afcac10cbd3e8670873efee20fcceb5fb3526a62edeade603cec7
-
-    - yum:
-        name: docker-ce
-        state: present
-
-    - parted:
-        device: /dev/vdb
-        number: 1
-        state: present
-  #      fs_type: xfs
-
-    - filesystem:
-        dev: /dev/vdb1
-        fstype: xfs
-        opts: "-L image-store"
-
-    - mount: 
-        path: "/container"
-        src: "/dev/vdb1"
-        fstype: xfs
-        opts: "noatime"
-        state: mounted
-
-    - file:
-        path: "/container/docker"
-        state: directory
-        owner: root
-        group: root
-        mode: "u=rwx,g=x,o=x"
-
-    - file:
-        path: "/var/lib/docker"
-        src: "/container/docker"
-        state: link
-        owner: root
-        group: root
-        mode: "u=rwx,g=x,o=x"
-        
-    - service:
-        name: docker
-        enabled: True
-        state: started
-
-    - user:
-        name: thoto
-        groups: docker
-        append: True
-
-    - yum:
-        name: python-docker-py
-        state: present
-    tags: "docker"
-
-  - block:
-    - file:
-        path: "/container/docker-images/htcondor"
-        state: directory
-        owner: thoto
-        group: docker
-        mode: "u=rwx,g=rwx,o=rx"
-
-    - copy:
-        dest: "/container/docker-images/htcondor/Dockerfile"
-        src: "htcondor.Dockerfile"
-        owner: thoto
-        group: docker
-      register: cp_dockerfile
-
-    - docker_image:
-        name: "htcondor"
-#         pull: False
-        build:
-          pull: False
-          path: "/container/docker-images/htcondor"
-        source: build
-        force_source: "{{cp_dockerfile.changed}}"
-
-    - copy:
-        src: "conf/{{item}}/"
-        dest: "/container/volumes/{{item}}/"
-        owner: thoto
-        group: docker
-        mode: "u=rwx,g=rwx"
-      with_items: [ "cm", "exec", "sub", "common"]
-
-    - name: "check if pool shared secret exists"
-      stat:
-        path: "/container/volumes/common/passwords.d/POOL"
-      register: pool_pw
-
-    - block:
-      - name: "create temporary password store"
-        tempfile:
-          state: directory
-        register: pool_pw_tmp
-
-      - name: "generate pool password"
-        copy:
-          dest: "{{pool_pw_tmp.path}}/poolpw"
-          content: "{{lookup('password','/dev/null')}}"
-        no_log: True
-
-      - name: "install pool password"
-        docker_container:
-          name: "condor-common"
-          image: htcondor
-          state: started
-          volumes:
-          - "/container/volumes/common/:/etc/condor/:rw"
-          - "{{pool_pw_tmp.path}}:/tmp/poolpw:ro"
-          detach: False
-          cleanup: True
-          command: "condor_store_cred add -c -i /tmp/poolpw/poolpw" 
-
-      always:
-      - file:
-          path: "{{pool_pw_tmp.path}}"
-          state: absent
-        when: pool_pw_tmp is defined and pool_pw_tmp.path
-      when: not pool_pw.stat.exists
-
-    - name: "sync common files to individual containers"
-      copy:
-        remote_src: True
-        force: True
-        src: "/container/volumes/common/"
-        dest: "/container/volumes/{{item}}/"
-      with_items: [ "cm", "exec", "sub"]
-
-    - docker_container:
-        name: "condor-cm"
-        image: htcondor
-        state: started
-        detach: True
-        cleanup: True
-        volumes:
-        - "/container/volumes/cm/:/etc/condor/:rw"
-#        auto_remove: True
-#        mounts:
-#          src: /container/volumes/cm/
-#          dest: /etc/condor/
-
-        
-#    - add_host:
-#        hostname: foo
-#        ansible_connection: docker_api
-#        docker_host: ssh://ed-c7-1.virt.magni.thoto.net
-    tags: "docker-con"
+  - name: "setup htcondor test environment in docker containers"
+    import_tasks: "docker_htcondor.yml"
+    tags: docker-con

singularity.yml

@@ -0,0 +1,18 @@
+- yum:
+    name: singularity
+    state: present
+
+- name: "enable user namespaces for singularity fakeroot function"
+  sysctl:
+    name: user.max_user_namespaces
+    value: "15000"
+    sysctl_file: /etc/sysctl.d/90-max_net_namespaces.conf
+
+- name: "enable user thoto for fakeroot access"
+  lineinfile:
+    line: "thoto:4294836224:65536"
+    dest: "{{item}}"
+  with_items: ["/etc/subuid", "/etc/subgid"]
+# the task above idempotentially does the same as:
+#- shell:
+#    command: singularity config fakeroot --add thoto