diff --git a/discovery/roles/configure_ochami/templates/cloud_init/ci-group-login_compiler_node_aarch64.yaml.j2 b/discovery/roles/configure_ochami/templates/cloud_init/ci-group-login_compiler_node_aarch64.yaml.j2 index 50fd55f498..727eb70323 100644 --- a/discovery/roles/configure_ochami/templates/cloud_init/ci-group-login_compiler_node_aarch64.yaml.j2 +++ b/discovery/roles/configure_ochami/templates/cloud_init/ci-group-login_compiler_node_aarch64.yaml.j2 @@ -15,6 +15,11 @@ ssh_authorized_keys: "{{ read_ssh_key.stdout }}" lock_passwd: false hashed_passwd: "{{ hashed_password_output.stdout }}" + - name: {{ slurm_user }} + uid: {{ slurm_uid }} + system: true + no_create_home: true + shell: /sbin/nologin disable_root: false write_files: @@ -178,8 +183,6 @@ - bash /usr/local/bin/doca-install.sh - /usr/local/bin/set-ssh.sh - /usr/local/bin/install_cuda_toolkit.sh - - groupadd -r {{ slurm_group_name }} - - useradd -r -g {{ slurm_group_name }} -d {{ home_dir }} -s /sbin/nologin {{ user }} - mkdir -p /var/log/slurm /var/run/slurm /var/spool /var/lib/slurm /etc/slurm/epilog.d /etc/munge /var/log/track - echo "{{ cloud_init_nfs_path }}/$(hostname -s)/var/log/slurm /var/log/slurm nfs defaults,_netdev 0 0" >> /etc/fstab @@ -192,17 +195,17 @@ - mount -a - yes | cp /etc/slurm/epilog.d/slurmd.service /usr/lib/systemd/system/ - /usr/local/bin/check_slurm_controller_status.sh - - chown -R {{ user }}:{{ slurm_group_name }} /var/log/slurm - - chown -R {{ user }}:{{ slurm_group_name }} /var/run/slurm - - chown -R {{ user }}:{{ slurm_group_name }} /var/spool - - chown -R {{ user }}:{{ slurm_group_name }} /var/lib/slurm + - chown -R {{ slurm_user }}:{{ slurm_user }} /var/log/slurm + - chown -R {{ slurm_user }}:{{ slurm_user }} /var/run/slurm + - chown -R {{ slurm_user }}:{{ slurm_user }} /var/spool + - chown -R {{ slurm_user }}:{{ slurm_user }} /var/lib/slurm - chown -R {{ munge_user }}:{{ munge_group }} /etc/munge/munge.key - chmod {{ file_mode_755 }} /var/log/slurm /var/run/slurm /var/spool /var/lib/slurm - chmod {{ file_mode_400 }} /etc/munge/munge.key - chmod {{ file_mode_755 }} /etc/slurm/epilog.d/ - mkdir -p /var/spool/slurmd - chmod {{ file_mode_755 }} /var/spool/slurmd - - chown -R {{ user }}:{{ slurm_group_name }} /var/spool/slurmd + - chown -R {{ slurm_user }}:{{ slurm_user }} /var/spool/slurmd - setenforce 0 - systemctl enable firewalld - systemctl start firewalld diff --git a/discovery/roles/configure_ochami/templates/cloud_init/ci-group-login_compiler_node_x86_64.yaml.j2 b/discovery/roles/configure_ochami/templates/cloud_init/ci-group-login_compiler_node_x86_64.yaml.j2 index ae84d3b32a..0d82c75c23 100644 --- a/discovery/roles/configure_ochami/templates/cloud_init/ci-group-login_compiler_node_x86_64.yaml.j2 +++ b/discovery/roles/configure_ochami/templates/cloud_init/ci-group-login_compiler_node_x86_64.yaml.j2 @@ -15,6 +15,11 @@ ssh_authorized_keys: "{{ read_ssh_key.stdout }}" lock_passwd: false hashed_passwd: "{{ hashed_password_output.stdout }}" + - name: {{ slurm_user }} + uid: {{ slurm_uid }} + system: true + no_create_home: true + shell: /sbin/nologin disable_root: false write_files: @@ -180,8 +185,6 @@ - bash /usr/local/bin/doca-install.sh - /usr/local/bin/set-ssh.sh - /usr/local/bin/install_cuda_toolkit.sh - - groupadd -r {{ slurm_group_name }} - - useradd -r -g {{ slurm_group_name }} -d {{ home_dir }} -s /sbin/nologin {{ user }} - mkdir -p /var/log/slurm /var/run/slurm /var/spool /var/lib/slurm /etc/slurm/epilog.d /etc/munge /cert /var/log/track - echo "{{ cloud_init_nfs_path }}/cert /cert nfs defaults,_netdev 0 0" >> /etc/fstab @@ -195,17 +198,17 @@ - mount -a - yes | cp /etc/slurm/epilog.d/slurmd.service /usr/lib/systemd/system/ - /usr/local/bin/check_slurm_controller_status.sh - - chown -R {{ user }}:{{ slurm_group_name }} /var/log/slurm - - chown -R {{ user }}:{{ slurm_group_name }} /var/run/slurm - - chown -R {{ user }}:{{ slurm_group_name }} /var/spool - - chown -R {{ user }}:{{ slurm_group_name }} /var/lib/slurm + - chown -R {{ slurm_user }}:{{ slurm_user }} /var/log/slurm + - chown -R {{ slurm_user }}:{{ slurm_user }} /var/run/slurm + - chown -R {{ slurm_user }}:{{ slurm_user }} /var/spool + - chown -R {{ slurm_user }}:{{ slurm_user }} /var/lib/slurm - chown -R {{ munge_user }}:{{ munge_group }} /etc/munge/munge.key - chmod {{ file_mode_755 }} /var/log/slurm /var/run/slurm /var/spool /var/lib/slurm - chmod {{ file_mode_400 }} /etc/munge/munge.key - chmod {{ file_mode_755 }} /etc/slurm/epilog.d/ - mkdir -p /var/spool/slurmd - chmod {{ file_mode_755 }} /var/spool/slurmd - - chown -R {{ user }}:{{ slurm_group_name }} /var/spool/slurmd + - chown -R {{ slurm_user }}:{{ slurm_user }} /var/spool/slurmd - setenforce 0 - systemctl enable firewalld - systemctl start firewalld diff --git a/discovery/roles/configure_ochami/templates/cloud_init/ci-group-login_node_aarch64.yaml.j2 b/discovery/roles/configure_ochami/templates/cloud_init/ci-group-login_node_aarch64.yaml.j2 index abc1103242..3eeb555b9e 100644 --- a/discovery/roles/configure_ochami/templates/cloud_init/ci-group-login_node_aarch64.yaml.j2 +++ b/discovery/roles/configure_ochami/templates/cloud_init/ci-group-login_node_aarch64.yaml.j2 @@ -17,6 +17,11 @@ ssh_authorized_keys: "{{ read_ssh_key.stdout }}" lock_passwd: false hashed_passwd: "{{ hashed_password_output.stdout }}" + - name: {{ slurm_user }} + uid: {{ slurm_uid }} + system: true + no_create_home: true + shell: /sbin/nologin disable_root: false write_files: @@ -100,8 +105,6 @@ runcmd: - bash /usr/local/bin/doca-install.sh - /usr/local/bin/set-ssh.sh - - groupadd -r {{ slurm_group_name }} - - useradd -r -g {{ slurm_group_name }} -d {{ home_dir }} -s /sbin/nologin {{ user }} - mkdir -p /var/log/slurm /var/run/slurm /var/spool /var/lib/slurm /etc/slurm/epilog.d /etc/munge /var/log/track - echo "{{ cloud_init_nfs_path }}/$(hostname -s)/var/log/slurm /var/log/slurm nfs defaults,_netdev 0 0" >> /etc/fstab @@ -114,17 +117,17 @@ - mount -a - yes | cp /etc/slurm/epilog.d/slurmd.service /usr/lib/systemd/system/ - /usr/local/bin/check_slurm_controller_status.sh - - chown -R {{ user }}:{{ slurm_group_name }} /var/log/slurm - - chown -R {{ user }}:{{ slurm_group_name }} /var/run/slurm - - chown -R {{ user }}:{{ slurm_group_name }} /var/spool - - chown -R {{ user }}:{{ slurm_group_name }} /var/lib/slurm + - chown -R {{ slurm_user }}:{{ slurm_user }} /var/log/slurm + - chown -R {{ slurm_user }}:{{ slurm_user }} /var/run/slurm + - chown -R {{ slurm_user }}:{{ slurm_user }} /var/spool + - chown -R {{ slurm_user }}:{{ slurm_user }} /var/lib/slurm - chown -R {{ munge_user }}:{{ munge_group }} /etc/munge/munge.key - chmod {{ file_mode_755 }} /var/log/slurm /var/run/slurm /var/spool /var/lib/slurm - chmod {{ file_mode_400 }} /etc/munge/munge.key - chmod {{ file_mode_755 }} /etc/slurm/epilog.d/ - mkdir -p /var/spool/slurmd - chmod {{ file_mode_755 }} /var/spool/slurmd - - chown -R {{ user }}:{{ slurm_group_name }} /var/spool/slurmd + - chown -R {{ slurm_user }}:{{ slurm_user }} /var/spool/slurmd - setenforce 0 - systemctl enable firewalld - systemctl start firewalld diff --git a/discovery/roles/configure_ochami/templates/cloud_init/ci-group-login_node_x86_64.yaml.j2 b/discovery/roles/configure_ochami/templates/cloud_init/ci-group-login_node_x86_64.yaml.j2 index c921d3fe86..a6fcccea4f 100644 --- a/discovery/roles/configure_ochami/templates/cloud_init/ci-group-login_node_x86_64.yaml.j2 +++ b/discovery/roles/configure_ochami/templates/cloud_init/ci-group-login_node_x86_64.yaml.j2 @@ -17,6 +17,11 @@ ssh_authorized_keys: "{{ read_ssh_key.stdout }}" lock_passwd: false hashed_passwd: "{{ hashed_password_output.stdout }}" + - name: {{ slurm_user }} + uid: {{ slurm_uid }} + system: true + no_create_home: true + shell: /sbin/nologin disable_root: false write_files: @@ -99,8 +104,6 @@ runcmd: - bash /usr/local/bin/doca-install.sh - /usr/local/bin/set-ssh.sh - - groupadd -r {{ slurm_group_name }} - - useradd -r -g {{ slurm_group_name }} -d {{ home_dir }} -s /sbin/nologin {{ user }} - mkdir -p /var/log/slurm /var/run/slurm /var/spool /var/lib/slurm /etc/slurm/epilog.d /etc/munge /cert /var/log/track - echo "{{ cloud_init_nfs_path }}/cert /cert nfs defaults,_netdev 0 0" >> /etc/fstab @@ -114,17 +117,17 @@ - mount -a - yes | cp /etc/slurm/epilog.d/slurmd.service /usr/lib/systemd/system/ - /usr/local/bin/check_slurm_controller_status.sh - - chown -R {{ user }}:{{ slurm_group_name }} /var/log/slurm - - chown -R {{ user }}:{{ slurm_group_name }} /var/run/slurm - - chown -R {{ user }}:{{ slurm_group_name }} /var/spool - - chown -R {{ user }}:{{ slurm_group_name }} /var/lib/slurm + - chown -R {{ slurm_user }}:{{ slurm_user }} /var/log/slurm + - chown -R {{ slurm_user }}:{{ slurm_user }} /var/run/slurm + - chown -R {{ slurm_user }}:{{ slurm_user }} /var/spool + - chown -R {{ slurm_user }}:{{ slurm_user }} /var/lib/slurm - chown -R {{ munge_user }}:{{ munge_group }} /etc/munge/munge.key - chmod {{ file_mode_755 }} /var/log/slurm /var/run/slurm /var/spool /var/lib/slurm - chmod {{ file_mode_400 }} /etc/munge/munge.key - chmod {{ file_mode_755 }} /etc/slurm/epilog.d/ - mkdir -p /var/spool/slurmd - chmod {{ file_mode_755 }} /var/spool/slurmd - - chown -R {{ user }}:{{ slurm_group_name }} /var/spool/slurmd + - chown -R {{ slurm_user }}:{{ slurm_user }} /var/spool/slurmd - setenforce 0 - systemctl enable firewalld - systemctl start firewalld diff --git a/discovery/roles/configure_ochami/templates/cloud_init/ci-group-slurm_control_node_x86_64.yaml.j2 b/discovery/roles/configure_ochami/templates/cloud_init/ci-group-slurm_control_node_x86_64.yaml.j2 index ff64b8175f..1468f0fd17 100644 --- a/discovery/roles/configure_ochami/templates/cloud_init/ci-group-slurm_control_node_x86_64.yaml.j2 +++ b/discovery/roles/configure_ochami/templates/cloud_init/ci-group-slurm_control_node_x86_64.yaml.j2 @@ -17,6 +17,11 @@ ssh_authorized_keys: "{{ read_ssh_key.stdout }}" lock_passwd: false hashed_passwd: "{{ hashed_password_output.stdout }}" + - name: {{ slurm_user }} + uid: {{ slurm_uid }} + system: true + no_create_home: true + shell: /sbin/nologin disable_root: false write_files: @@ -114,8 +119,8 @@ content: | #!/bin/bash SLURMDBD_CONF="/etc/slurm/slurmdbd.conf" - SLURM_USER="{{ user }}" - SLURM_GROUP="{{ slurm_group_name }}" + SLURM_USER="{{ slurm_user }}" + SLURM_GROUP="{{ slurm_user }}" # Function to extract value from slurm.conf get_value_slurm_conf() { local key="$1" @@ -125,8 +130,8 @@ echo "${value:-$default}" } chown -R {{ mysql_user }}:{{ mysql_group }} /var/lib/mysql - chown -R {{ user }}:{{ slurm_group_name }} /var/log/mariadb - chown -R {{ user }}:{{ slurm_group_name }} /etc/my.cnf.d # Required? why slurm user for my.cnf?? + chown -R {{ slurm_user }}:{{ slurm_user }} /var/log/mariadb + chown -R {{ slurm_user }}:{{ slurm_user }} /etc/my.cnf.d # Required? why slurm user for my.cnf?? chmod {{ file_mode_755 }} /etc/my.cnf.d /var/lib/mysql /var/log/mariadb #firewall systemctl enable firewalld @@ -143,8 +148,8 @@ content: | #!/bin/bash SLURMDBD_CONF="/etc/slurm/slurmdbd.conf" - SLURM_USER="{{ user }}" - SLURM_GROUP="{{ slurm_group_name }}" + SLURM_USER="{{ slurm_user }}" + SLURM_GROUP="{{ slurm_user }}" # Function to extract value from slurm.conf get_value_slurm_conf() { local key="$1" @@ -154,7 +159,7 @@ echo "${value:-$default}" } chmod {{ file_mode_600 }} /etc/slurm/slurmdbd.conf - chown {{ user }}:{{ slurm_group_name }} /etc/slurm/slurmdbd.conf + chown {{ slurm_user }}:{{ slurm_user }} /etc/slurm/slurmdbd.conf #file PidFile PidFile=$(get_value_slurm_conf "PidFile" "/var/run/slurmdbd.pid") mkdir -pv $(dirname "$PidFile") @@ -181,8 +186,8 @@ content: | #!/bin/bash SLURM_CONF="/etc/slurm/slurm.conf" - SLURM_USER="{{ user }}" - SLURM_GROUP="{{ slurm_group_name }}" + SLURM_USER="{{ slurm_user }}" + SLURM_GROUP="{{ slurm_user }}" # Function to extract value from slurm.conf get_value_slurm_conf() { local key="$1" @@ -244,10 +249,8 @@ runcmd: - /usr/local/bin/set-ssh.sh - - useradd -mG wheel -p '$6$VHdSKZNm$O3iFYmRiaFQCemQJjhfrpqqV7DdHBi5YpY6Aq06JSQpABPw.3d8PQ8bNY9NuZSmDv7IL/TsrhRJ6btkgKaonT.' testuser # Required?? - - groupadd -r {{ slurm_group_name }} - - useradd -r -g {{ slurm_group_name }} -d {{ home_dir }} -s /sbin/nologin {{ user }} - + # slurm user and group created in the users module + # Create directories for nfs and mount all - mkdir -p /var/log/slurm /etc/slurm {{ home_dir }} /etc/my.cnf.d /etc/munge /var/lib/mysql /var/log/mariadb /cert /var/log/track /var/lib/packages - echo "{{ cloud_init_nfs_path }}/cert /cert nfs defaults,_netdev 0 0" >> /etc/fstab @@ -266,10 +269,10 @@ - sed -i 's/^gpgcheck=1/gpgcheck=0/' /etc/dnf/dnf.conf - bash /usr/local/bin/doca-install.sh - - chown -R {{ user }}:{{ slurm_group_name }} {{ home_dir }} + - chown -R {{ slurm_user }}:{{ slurm_user }} {{ home_dir }} - chmod {{ file_mode_755 }} {{ home_dir }} - - chown -R {{ user }}:{{ slurm_group_name }} /etc/slurm + - chown -R {{ slurm_user }}:{{ slurm_user }} /etc/slurm - chmod {{ file_mode_755 }} /etc/slurm - chmod {{ file_mode }} /etc/slurm/slurm.conf diff --git a/discovery/roles/configure_ochami/templates/cloud_init/ci-group-slurm_node_aarch64.yaml.j2 b/discovery/roles/configure_ochami/templates/cloud_init/ci-group-slurm_node_aarch64.yaml.j2 index 7b36e7fc87..addd0df64c 100644 --- a/discovery/roles/configure_ochami/templates/cloud_init/ci-group-slurm_node_aarch64.yaml.j2 +++ b/discovery/roles/configure_ochami/templates/cloud_init/ci-group-slurm_node_aarch64.yaml.j2 @@ -17,6 +17,11 @@ ssh_authorized_keys: "{{ read_ssh_key.stdout }}" lock_passwd: false hashed_passwd: "{{ hashed_password_output.stdout }}" + - name: {{ slurm_user }} + uid: {{ slurm_uid }} + system: true + no_create_home: true + shell: /sbin/nologin disable_root: false write_files: @@ -259,10 +264,10 @@ bash /usr/local/bin/check_slurm_controller_status.sh echo "[INFO] Setting ownership for Slurm directories" - chown -R {{ user }}:{{ slurm_group_name }} /var/log/slurm - chown -R {{ user }}:{{ slurm_group_name }} /var/run/slurm - chown -R {{ user }}:{{ slurm_group_name }} /var/spool - chown -R {{ user }}:{{ slurm_group_name }} /var/lib/slurm + chown -R {{ slurm_user }}:{{ slurm_user }} /var/log/slurm + chown -R {{ slurm_user }}:{{ slurm_user }} /var/run/slurm + chown -R {{ slurm_user }}:{{ slurm_user }} /var/spool + chown -R {{ slurm_user }}:{{ slurm_user }} /var/lib/slurm echo "[INFO] Setting permissions for Slurm directories" chmod {{ file_mode_755 }} /var/log/slurm /var/run/slurm /var/spool /var/lib/slurm @@ -274,7 +279,7 @@ echo "[INFO] Creating and configuring /var/spool/slurmd" mkdir -p /var/spool/slurmd chmod {{ file_mode_755 }} /var/spool/slurmd - chown -R {{ user }}:{{ slurm_group_name }} /var/spool/slurmd + chown -R {{ slurm_user }}:{{ slurm_user }} /var/spool/slurmd echo "[INFO] ===== Completed slurmd setup (aarch64) =====" @@ -380,9 +385,6 @@ runcmd: - /usr/local/bin/set-ssh.sh - /usr/local/bin/install_nvidia_driver.sh - - useradd -mG wheel -p '$6$VHdSKZNm$O3iFYmRiaFQCemQJjhfrpqqV7DdHBi5YpY6Aq06JSQpABPw.3d8PQ8bNY9NuZSmDv7IL/TsrhRJ6btkgKaonT.' testuser - - groupadd -r {{ slurm_group_name }} - - useradd -r -g {{ slurm_group_name }} -d {{ home_dir }} -s /sbin/nologin {{ user }} - /usr/local/bin/configure_dirs_and_mounts.sh - cp /cert/pulp_webserver.crt /etc/pki/ca-trust/source/anchors && update-ca-trust diff --git a/discovery/roles/configure_ochami/templates/cloud_init/ci-group-slurm_node_x86_64.yaml.j2 b/discovery/roles/configure_ochami/templates/cloud_init/ci-group-slurm_node_x86_64.yaml.j2 index 61424158d3..c503974343 100644 --- a/discovery/roles/configure_ochami/templates/cloud_init/ci-group-slurm_node_x86_64.yaml.j2 +++ b/discovery/roles/configure_ochami/templates/cloud_init/ci-group-slurm_node_x86_64.yaml.j2 @@ -17,6 +17,12 @@ ssh_authorized_keys: "{{ read_ssh_key.stdout }}" lock_passwd: false hashed_passwd: "{{ hashed_password_output.stdout }}" + - name: {{ slurm_user }} + uid: {{ slurm_uid }} + system: true + no_create_home: true + shell: /sbin/nologin + disable_root: false write_files: @@ -266,10 +272,10 @@ bash /usr/local/bin/check_slurm_controller_status.sh echo "[INFO] Setting ownership for Slurm directories" - chown -R {{ user }}:{{ slurm_group_name }} /var/log/slurm - chown -R {{ user }}:{{ slurm_group_name }} /var/run/slurm - chown -R {{ user }}:{{ slurm_group_name }} /var/spool - chown -R {{ user }}:{{ slurm_group_name }} /var/lib/slurm + chown -R {{ slurm_user }}:{{ slurm_user }} /var/log/slurm + chown -R {{ slurm_user }}:{{ slurm_user }} /var/run/slurm + chown -R {{ slurm_user }}:{{ slurm_user }} /var/spool + chown -R {{ slurm_user }}:{{ slurm_user }} /var/lib/slurm echo "[INFO] Setting permissions for Slurm directories" chmod {{ file_mode_755 }} /var/log/slurm /var/run/slurm /var/spool /var/lib/slurm @@ -281,7 +287,7 @@ echo "[INFO] Creating and configuring /var/spool/slurmd" mkdir -p /var/spool/slurmd chmod {{ file_mode_755 }} /var/spool/slurmd - chown -R {{ user }}:{{ slurm_group_name }} /var/spool/slurmd + chown -R {{ slurm_user }}:{{ slurm_user }} /var/spool/slurmd echo "[INFO] ===== Completed slurmd setup =====" @@ -381,13 +387,12 @@ runcmd: - /usr/local/bin/set-ssh.sh - /usr/local/bin/install_nvidia_driver.sh - - useradd -mG wheel -p '$6$VHdSKZNm$O3iFYmRiaFQCemQJjhfrpqqV7DdHBi5YpY6Aq06JSQpABPw.3d8PQ8bNY9NuZSmDv7IL/TsrhRJ6btkgKaonT.' testuser - - groupadd -r {{ slurm_group_name }} - - useradd -r -g {{ slurm_group_name }} -d {{ home_dir }} -s /sbin/nologin {{ user }} + # slurm user and group created in the users module - /usr/local/bin/configure_dirs_and_mounts.sh - cp /cert/pulp_webserver.crt /etc/pki/ca-trust/source/anchors && update-ca-trust - sed -i 's/^gpgcheck=1/gpgcheck=0/' /etc/dnf/dnf.conf + - bash /usr/local/bin/doca-install.sh - /usr/local/bin/configure_slurmd_setup.sh - /usr/local/bin/configure_munge_and_pam.sh diff --git a/discovery/roles/configure_ochami/vars/main.yml b/discovery/roles/configure_ochami/vars/main.yml index e705580e11..6ec3fe9d5d 100644 --- a/discovery/roles/configure_ochami/vars/main.yml +++ b/discovery/roles/configure_ochami/vars/main.yml @@ -74,7 +74,6 @@ ldap_starttls_port: 389 ldap_ssl_port: 636 # Usage: ci-group-slurm_control_node_x86_64.yaml.j2 -slurm_group_name: slurm home_dir: /var/lib/slurm user: slurm munge_user: munge