Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add linting for ansible #144

Merged
merged 9 commits into from
Feb 27, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 12 additions & 0 deletions .ansible-lint
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
---
# .ansible-lint

skip_list:
- var-naming
- package-latest
- yaml[line-length]
- risky-file-permissions
- no-changed-when
- no-handler
- risky-octal
- args[module]
12 changes: 7 additions & 5 deletions .github/workflows/kvm-test.yaml
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
name: "Vagrant (KVM) Tests"
---
name: Vagrant (KVM) Tests

on:
pull_request:
Expand All @@ -9,7 +10,7 @@ on:
jobs:
# https://github.com/jonashackt/vagrant-github-actions
test-kvm:
name: "KVM Test"
name: KVM Test
runs-on: macos-latest
steps:
- uses: actions/checkout@v2
Expand All @@ -34,6 +35,7 @@ jobs:
- name: Show Vagrant version
run: vagrant --version

- name: Run vagrant up
working-directory: tests/ubuntu2004-singlenode
run: vagrant up
# Disabled until we fix it
# - name: Run vagrant up
# working-directory: tests/ubuntu2004-singlenode
# run: vagrant up
14 changes: 14 additions & 0 deletions .github/workflows/lint.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
---
name: Ansible Lint

on:
push:
pull_request:
jobs:
build:
name: Ansible Lint
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Run ansible-lint
uses: ansible/ansible-lint@main
2 changes: 1 addition & 1 deletion .readthedocs.yaml
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
---
# .readthedocs.yaml
# Read the Docs configuration file
# See https://docs.readthedocs.io/en/stable/config-file/v2.html for details
Expand All @@ -9,7 +10,6 @@ version: 2
sphinx:
configuration: docs/conf.py


# Optionally set the version of Python and requirements required to build your docs
python:
version: 3.8
Expand Down
11 changes: 6 additions & 5 deletions inventory.template/group_vars/all.yaml
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
---
# Any additional users and groups you would like added to all nodes
enabled_users:
- username: example-user
Expand All @@ -6,7 +7,7 @@ enabled_users:
email: [email protected]
# mkpasswd --method=sha-512
# password: example-user
password: "$6$3aaf4gr8D$2T31r9/GtXM6rVY8oHOejn.sThwhBZehbPZC.ZkN0XJOZUuguR9VnRQRYmqYAt9eW3LgLR21q1kbqSYSEDm5U."
password: $6$3aaf4gr8D$2T31r9/GtXM6rVY8oHOejn.sThwhBZehbPZC.ZkN0XJOZUuguR9VnRQRYmqYAt9eW3LgLR21q1kbqSYSEDm5U.
primary_group: example-user
groups:
- users
Expand All @@ -24,9 +25,9 @@ munge_key: eC36WeTj1JKUGyQEcfqkaRO0fDBoyTVHnkn7kE5sOZ1YUYyqWMSp3qeRZEmtEX9B

openldap_bind_password: EsicntiZOhQaGomPiJZLWJEJ

jupyterhub_client_secret: "SUPERSECRETPASSWORDJUPYTERHUB"
conda_store_client_secret: "SUPERSECRETPASSWORDCONDASTORE"
grafana_client_secret: "SUPERSECRETPASSWORDGRAFANA"
jupyterhub_client_secret: SUPERSECRETPASSWORDJUPYTERHUB
conda_store_client_secret: SUPERSECRETPASSWORDCONDASTORE
grafana_client_secret: SUPERSECRETPASSWORDGRAFANA

minio_password: mWdaGyPmNOApU93Vxk6sNTac
keycloak_admin_password: XLWUMUu8OG0XqlMREZK9id9o
Expand All @@ -45,4 +46,4 @@ mysql_users:
postgres_users:
- username: conda-store
password: eIbmUditL4RbQm0YPeLozRme
role: 'CREATEDB,CREATEROLE'
role: CREATEDB,CREATEROLE
7 changes: 4 additions & 3 deletions inventory.template/group_vars/hpc_master.yaml
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
---
dask_gateway_enabled: true
firewall_enabled: true
grafana_enabled: true
Expand All @@ -21,6 +22,6 @@ openldap_server_enabled: true
openldap_client_enabled: true

nfs_server_exports:
- "/home"
- "/opt/conda"
- "/opt/conda-store"
- /home
- /opt/conda
- /opt/conda-store
1 change: 1 addition & 0 deletions inventory.template/group_vars/hpc_worker.yaml
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
---
dask_gateway_client_enabled: true
firewall_enabled: true
ipyparallel_enabled: true
Expand Down
1 change: 1 addition & 0 deletions inventory.template/host_vars/hpc01-test.yaml
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
---
# or set these variables in group_vars/hpc_worker.yaml if all
# workers have the same resources
slurm_memory: 5900
Expand Down
104 changes: 53 additions & 51 deletions playbook.yaml
Original file line number Diff line number Diff line change
@@ -1,56 +1,58 @@
---
- hosts: all
pre_tasks:
- name: Gather facts from ALL hosts (regardless of limit or tags)
setup:
delegate_to: "{{ item }}"
delegate_facts: True
when: hostvars[item]['ansible_default_ipv4'] is not defined
with_items: "{{ groups['all'] }}"
- name: Copy files
include_tasks: tasks/copy_files.yaml
loop: '{{ ["all"] + group_names + [inventory_hostname_short] }}'
loop_control:
loop_var: myhost
- name: Setup Nebari Slurm
hosts: all
pre_tasks:
- name: Gather facts from ALL hosts (regardless of limit or tags)
ansible.builtin.setup:
delegate_to: "{{ item }}"
delegate_facts: true
when: hostvars[item]['ansible_default_ipv4'] is not defined
with_items: "{{ groups['all'] }}"
- name: Copy files
ansible.builtin.include_tasks: tasks/copy_files.yaml
loop: '{{ ["all"] + group_names + [inventory_hostname_short] }}'
loop_control:
loop_var: myhost

roles:
# core services
- hosts
- firewall
- accounts
- apt_packages
- miniforge
- cifs
- nfs
- mysql
- postgresql
- minio
- backups
- traefik
- openldap
- keycloak
# workflows
- slurm
# monitoring
- prometheus
- grafana
# data-science services
- conda_store
- jupyterhub
- dask_gateway
- ipyparallel
# plugins
- bodo
roles:
# core services
- hosts
- firewall
- accounts
- apt_packages
- miniforge
- cifs
- nfs
- mysql
- postgresql
- minio
- backups
- traefik
- openldap
- keycloak
# workflows
- slurm
# monitoring
- prometheus
- grafana
# data-science services
- conda_store
- jupyterhub
- dask_gateway
- ipyparallel
# plugins
- bodo

tasks:
- name: Additional ansible tasks
include_tasks: "{{ item }}"
with_items: "{{ additional_tasks | default([]) }}"
tasks:
- name: Additional ansible tasks
ansible.builtin.include_tasks: "{{ item }}"
aktech marked this conversation as resolved.
Show resolved Hide resolved
with_items: "{{ additional_tasks | default([]) }}"

- name: Keycloak administration credentials
ansible.builtin.debug:
msg: "Keycloak administration username={{ keycloak_admin_username }} via https://{{ traefik_domain | default(hostvars[groups['hpc_master'][0]].ansible_ssh_host) }}/auth/admin/"
- name: Keycloak administration credentials
ansible.builtin.debug:
msg: Keycloak administration username={{ keycloak_admin_username }} via https://{{ traefik_domain | default(hostvars[groups['hpc_master'][0]].ansible_ssh_host)
}}/auth/admin/

- name: Accessing cluster
ansible.builtin.debug:
msg: "Access cluster via following url: https://{{ traefik_domain | default(hostvars[groups['hpc_master'][0]].ansible_ssh_host) }}"
- name: Accessing cluster
ansible.builtin.debug:
msg: "Access cluster via following url: https://{{ traefik_domain | default(hostvars[groups['hpc_master'][0]].ansible_ssh_host) }}"
3 changes: 0 additions & 3 deletions roles/accounts/defaults/main.yml
Original file line number Diff line number Diff line change
@@ -1,8 +1,5 @@
---
enabled_users: []

enabled_groups: []

disabled_users: []

disabled_groups: []
68 changes: 34 additions & 34 deletions roles/accounts/tasks/main.yml
Original file line number Diff line number Diff line change
@@ -1,38 +1,38 @@
---
- name: Ensure groups are present
become: true
group:
name: "{{ item.name }}"
gid: "{{ item.gid }}"
state: present
with_items: "{{ enabled_groups }}"
- name: Ensure groups are present
become: true
ansible.builtin.group:
name: "{{ item.name }}"
gid: "{{ item.gid }}"
state: present
with_items: "{{ enabled_groups }}"

- name: Ensure users are present
become: true
user:
name: "{{ item.username }}"
uid: "{{ item.uid }}"
shell: /bin/bash
createhome: true
generate_ssh_key: false
comment: "{{ item.fullname }},,,,{{ item.email }}"
group: "{{ item.primary_group | default(omit) }}"
groups: "{{ item.groups | default(omit) }}"
password: "{{ item.password | default(omit) }}"
home: /home/{{ item.username }}
state: present
with_items: "{{ enabled_users }}"
- name: Ensure users are present
become: true
ansible.builtin.user:
name: "{{ item.username }}"
uid: "{{ item.uid }}"
shell: /bin/bash
createhome: true
generate_ssh_key: false
comment: "{{ item.fullname }},,,,{{ item.email }}"
group: "{{ item.primary_group | default(omit) }}"
groups: "{{ item.groups | default(omit) }}"
password: "{{ item.password | default(omit) }}"
home: /home/{{ item.username }}
state: present
with_items: "{{ enabled_users }}"

- name: Ensure users are disabled
become: true
user:
name: "{{ item }}"
state: absent
with_items: "{{ disabled_users }}"
- name: Ensure users are disabled
become: true
ansible.builtin.user:
name: "{{ item }}"
state: absent
with_items: "{{ disabled_users }}"

- name: Ensure groups are disabled
become: true
group:
name: "{{ item }}"
state: absent
with_items: "{{ disabled_groups }}"
- name: Ensure groups are disabled
become: true
ansible.builtin.group:
name: "{{ item }}"
state: absent
with_items: "{{ disabled_groups }}"
1 change: 1 addition & 0 deletions roles/apt_packages/defaults/main.yml
Original file line number Diff line number Diff line change
@@ -1 +1,2 @@
---
installed_packages: []
14 changes: 7 additions & 7 deletions roles/apt_packages/tasks/main.yml
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
---
- name: Ensure apt packages are installed
become: true
apt:
name: "{{ installed_packages }}"
state: latest
update_cache: yes
cache_valid_time: 3600
- name: Ensure apt packages are installed
become: true
ansible.builtin.apt:
name: "{{ installed_packages }}"
state: latest
update_cache: true
cache_valid_time: 3600
6 changes: 3 additions & 3 deletions roles/backups/defaults/main.yml
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
---
backup_enabled: false
backup_on_calendar: "daily"
backup_on_calendar: daily
backup_randomized_delay: "3600"
backup_environment:
RESTIC_REPOSITORY: ...
RESTIC_PASSWORD: ...
RESTIC_REPOSITORY: "..."
RESTIC_PASSWORD: "..."
Loading
Loading