Merge pull request #56 from mira-miracoli/dev

Update to Rockylinux 9, tested

Makefile

@@ -17,7 +17,7 @@ endif
 ANSIBLE_DIR=ansible-roles
 # the "provisioning" flavor, expects a 'setup-<flavor>.yml' playbook
 # in the 'ansible-roles' submodule! This will likely change...
-FLAVORS = vgcn-bwcloud vgcn-bwcloud-gpu vgcn-bwcloud-secure jenkins generic
+FLAVORS = vgcn-bwcloud vgcn-bwcloud-gpu jenkins generic
 SUPPORTED_BUILDERS = qemu
 # check which hypervisors are available
 ifeq ($(shell which qemu-system-$(shell uname -m | sed 's/i686/i386/') 2>&1 > /dev/null && echo $$?), 0)
@@ -137,7 +137,7 @@ cloud_cleanup:
 
 deps:
 	mkdir -p $(ANSIBLE_DIR)
-	ansible-galaxy install -p $(ANSIBLE_DIR) -r requirements.yml
+	ansible-galaxy install -p $(ANSIBLE_DIR) --force -r requirements.yml
 	mkdir -p $(ANSIBLE_DIR)/collections
 	ansible-galaxy collection install -p $(ANSIBLE_DIR)/collections -r requirements.yml
 

README.md

@@ -88,6 +88,8 @@ We have listed the versions we use, but other versions may work.
 | qemu                                           | 2.5.0      |
 
 ## Building This Yourself
+Create a python virtual environment using python 3.9 and install the requirements.txt
+This ensures you get the correct ansible version, because some commands might fail otherwise.
 
 All of the images are designed to be as generic as possible so you can use them
 as-is. We will provide built images, but if you wish to build them yourself,

ansible-roles/files/daemon.json

@@ -1,4 +1,4 @@
 { 
-    "graph": "/scratch/docker",
+    "data-root": "/scratch/docker",
     "dns": ["8.8.8.8", "8.8.4.4"]
 }

ansible-roles/group_vars/all.yml

@@ -10,8 +10,7 @@ galaxy_gid: 999
 
 replace_non_galaxy_999: true
 
-telegraf_agent_version: 1.17.2
-telegraf_agent_output: {}
+telegraf_agent_package_state: latest
 telegraf_agent_tags:
   - tag_name: datacenter
     tag_value: rz
@@ -128,3 +127,6 @@ software_groups_to_install:
 
 ## kernel_5
 kernel_5_package: kernel-ml
+
+docker_daemon_options: {}
+

ansible-roles/group_vars/pulsar.yml

@@ -1,6 +1,7 @@
 pulsar_package_name: pulsar-app
 pulsar_package_version: 0.14.13
 
+pulsar_virtualenv_command: "python -m venv"
 pulsar_root: /opt/pulsar
 pulsar_persistence_dir: /data/share/persisted_data
 pulsar_staging_dir: /data/share/staging
@@ -15,7 +16,6 @@ pulsar_systemd: true
 pulsar_systemd_enabled: false
 pulsar_systemd_runner: webless
 
-pulsar_virtualenv_command: virtualenv-3
 
 pulsar_separate_privileges: false
 pulsar_create_user: true

ansible-roles/internal.yml

@@ -4,6 +4,7 @@
     internal: true
   vars_files:
     - "group_vars/all.yml"
+    - "secret_group_vars/internal.yml"
   pre_tasks:
     - name: Copy server key into VM temporarily
       copy:
@@ -22,5 +23,6 @@
         - ecdsa
         - ed25519
   roles:
+    - usegalaxy_eu.htcondor
     - lock-root
     - cloudinit

ansible-roles/run-playbook-only-internal.json

@@ -26,8 +26,8 @@
 	"provisioners": [{
 		"type": "ansible",
 		"playbook_file": "{{ template_dir }}/{{ user `playbook` }}",
-		"extra_arguments": [
-			"--vault-password-file=.vault_pass"
-		]
+		"ansible_env_vars": "ANSIBLE_SSH_ARGS='-oHostKeyAlgorithms=+ssh-rsa -oPubkeyAcceptedKeyTypes=ssh-rsa', ANSIBLE_HOST_KEY_CHECKING=False, ANSIBLE_SCP_EXTRA_ARGS = '-0'",
+		"user": "root",
+		"extra_arguments": ["--vault-password-file=.vault_pass"]
 	}]
 }

ansible-roles/run-playbook-only.json

@@ -30,8 +30,7 @@
       "type": "ansible",
       "playbook_file": "{{ template_dir }}/{{ user `playbook` }}",
       "ansible_env_vars": "ANSIBLE_SSH_ARGS='-oHostKeyAlgorithms=+ssh-rsa -oPubkeyAcceptedKeyTypes=ssh-rsa', ANSIBLE_HOST_KEY_CHECKING=False, ANSIBLE_SCP_EXTRA_ARGS = '-0'",
-      "user": "root",
-      "extra_arguments": ["--scp-extra-args", "'-O'"]
+      "user": "root"
     }
   ]
 }

ansible-roles/secret_group_vars/internal.yml

@@ -0,0 +1,13 @@
+$ANSIBLE_VAULT;1.1;AES256
+31306439663937383830663838653963623331666136333366336561376531316233336234616239
+6265353732363630336438343762656635653563666337340a636530393564353532623366343366
+63646135303233663863613838313963616537323061373534363037343639353132356236373637
+3330646132383339660a353031356462613663386262343730396665323466333931613731623837
+62643939366664626561396262666266343230353538313537356239623539333337653331313634
+39306639363666663765383032653765646531653733303432656537623937666538616332626435
+35313466626261346431663766636163346434393666373462353436343735313532363930343636
+30666333663662373434613163316564623261306263656630653965333736643061666666383764
+65356434656131626534343537323666373961393639313535336631633166303462663865326436
+39313864643565363930323930623865313533313663356538306236663135353630626334666136
+37633134376364303266306163623439396439666439316438613232656637643862313464306137
+64333938323730303036

ansible-roles/setup-generic.yml

@@ -39,5 +39,5 @@
     - geerlingguy.repo-epel # Install EPEL
     - usegalaxy-eu.autoupdates  # keep all of our packages up to date
     - usegalaxy-eu.dynmotd
-    - dj-wasabi.telegraf
     - influxdata.chrony
+    - dj-wasabi.telegraf

ansible-roles/setup-jenkins.yml

@@ -20,45 +20,56 @@
       ansible.builtin.dnf:
         name: '*'
         state: latest
-    - name: Install some dependencies
-      become: yes
-      ansible.builtin.dnf:
-        state: latest
+    - name: Install dependencies
+      package:
+        name:
+          - git
+          - virtualenv
+          - python3
+      become: true
+      when: ansible_os_family == 'Debian'
+    - name: Install dependencies
+      package:
+        name:
+          - git
+          - python36-virtualenv
+          - python3
+        state: present
+      become: true
+      when: ansible_os_family == 'RedHat' and ansible_distribution_major_version | int == 8
+    - name: Install dependencies
+      package:
         name:
           - git
-          - python38
-          - python3-devel
-          - python3-virtualenv
-          - gcc
-          - curl
           - libcurl-devel
-          - openssl-devel
-          - qemu-kvm
-          - qemu-img
-          - unzip
-          - seabios
+          - python-devel
+        state: present
+      become: true
+      when: ansible_os_family == 'RedHat' and ansible_distribution_major_version | int == 9
     - name: Set default version of Python
       ansible.builtin.alternatives:
         name: python
-        path: /usr/bin/python3.8
+        path: /usr/bin/python3
+        link: /usr/bin/python
     - name: Ensure SELinux is set to enforcing mode
       ansible.builtin.lineinfile:
         path: /etc/selinux/config
         regexp: '^SELINUX='
         line: SELINUX=enforcing
 
   post_tasks:
-    - name: Set default version of Python
+    - name: Set default version of Java
       ansible.builtin.alternatives:
         name: java
         link: /usr/bin/java
         path: /usr/lib/jvm/java-11-openjdk/bin/java
 
     - name: Download packer
-      ansible.builtin.shell: wget https://releases.hashicorp.com/packer/1.7.10/packer_1.7.10_linux_amd64.zip -O /tmp/packer.zip
+      ansible.builtin.command: yum-config-manager --add-repo https://rpm.releases.hashicorp.com/RHEL/hashicorp.repo
 
     - name: Extract packer
-      ansible.builtin.shell: unzip /tmp/packer.zip -d /usr/bin
+      ansible.builtin.yum:
+        name: packer
 
     - name: Adding existing user centos to group kvm
       ansible.builtin.user:
@@ -85,6 +96,6 @@
     - usegalaxy-eu.dynmotd
     - geerlingguy.java
     - geerlingguy.docker
-    - dj-wasabi.telegraf
     - influxdata.chrony
+    - dj-wasabi.telegraf
 

ansible-roles/setup-vgcn-bwcloud-gpu.yml

@@ -28,10 +28,23 @@
           - curl
           - libcurl-devel
           - openssl-devel
+      when: ansible_os_family == 'RedHat' and ansible_distribution_major_version | int == 8
+    - name: Install Pulsar dependencies
+      package:
+        name:
+          - gcc
+          - curl
+          - git
+          - libcurl-devel
+          - python-devel
+        state: present
+      become: true
+      when: ansible_os_family == 'RedHat' and ansible_distribution_major_version | int == 9
     - name: Set default version of Python
       ansible.builtin.alternatives:
         name: python
         path: /usr/bin/python3
+        link: /usr/bin/python
     - name: Put SELinux in permissive mode, logging actions that would be blocked.
       ansible.builtin.lineinfile:
         path: /etc/selinux/config
@@ -74,6 +87,11 @@
           - libcurl-devel
           - openssl-devel
       become: yes
+    - name: Ensure Docker directory extists
+      file:
+        state: directory
+        path: /etc/docker
+        mode: '0755'
     - name: Copy Docker daemon.json
       ansible.builtin.copy:
         src: daemon.json
@@ -83,11 +101,6 @@
       ansible.builtin.service:
         name: docker
         state: restarted
-    - name: Disable firewalld service
-      ansible.builtin.systemd:
-        name: firewalld
-        enabled: no
-        state: stopped
     - name: Deploy a signal emitter for telegraf
       ansible.builtin.copy:
         content: |
@@ -102,10 +115,10 @@
     - role: usegalaxy_eu.handy.os_setup
       vars:
         enable_powertools: true # geerlingguy.repo-epel role doesn't enable PowerTools repository
-        enable_remap_user: false
+        enable_remap_user: true
         enable_pam_limits: true
         enable_grub: true
-        enable_cgroups: true
+        enable_cgroups: false
         enable_journald: true
         enable_install_software: true
         enable_ansible_root_cron: false
@@ -116,16 +129,15 @@
     - geerlingguy.java
     - geerlingguy.docker
 
-    - usegalaxy_eu.htcondor
-
-    - dj-wasabi.telegraf
     - influxdata.chrony
+    - dj-wasabi.telegraf
 
     - galaxyproject.cvmfs
     - galaxyproject.pulsar
     - usegalaxy_eu.cuda
     - usegalaxy_eu.nvidia_container
 
+    - usegalaxy-eu.logrotate
     - role: usegalaxy_eu.handy.os_setup
       vars:
         enable_powertools: false # geerlingguy.repo-epel role doesn't enable PowerTools repository