Small updates on Slurm config and some linter small rollbacks

.gitignore

@@ -10,6 +10,9 @@ terraform.tfstate.backup
 # Environment/key files
 .envrc
 
+# VSCode
+.vscode
+
 # ssh
 id_rsa
 id_rsa.pub
@@ -21,4 +24,4 @@ inventory
 
 # nix
 .direnv
-shell.nix
+shell.nix

roles/cifs/handlers/main.yaml

@@ -5,6 +5,5 @@
     name: "{{ item }}"
     enabled: "yes"
     state: restarted
-    cmd: ""
   with_items:
     - smbd

roles/dask_gateway/handlers/main.yaml

@@ -5,6 +5,5 @@
     name: "{{ item }}"
     enabled: "yes"
     state: restarted
-    cmd: ""
   with_items:
     - dask-gateway

roles/dask_gateway/tasks/dask_gateway.yaml

@@ -49,7 +49,7 @@
     owner: dask
     group: dask
     mode: "0644"
-  notify: restart services dask-gateway
+  notify: Restart services dask-gateway
 
 - name: Copy the dask-gateway systemd service file
   become: true
@@ -77,7 +77,7 @@
     owner: root
     group: root
     mode: "0644"
-  notify: restart services dask-gateway
+  notify: Restart services dask-gateway
 
 - name: Ensure dask-gateway is enabled on boot
   become: true

roles/dask_gateway/templates/environments/dask-gateway.yaml

@@ -2,10 +2,6 @@ name: dask-gateway
 channels:
   - conda-forge
 dependencies:
-  # had to install dask-gateway-server via pip due to
-  # conda-forge install issue
-  # https://github.com/dask/dask-gateway/issues/366
-  - pip
-  - pip:
-    - dask-gateway-server
-    - sqlalchemy
+  - python
+  - dask-gateway-server-jobqueue
+  - sqlalchemy

roles/jupyterhub/handlers/main.yaml

@@ -5,7 +5,6 @@
     name: "{{ item }}"
     enabled: "yes"
     state: restarted
-    cmd: ""
   with_items:
     - jupyterhub
 
@@ -15,7 +14,6 @@
     name: "{{ item }}"
     enabled: "yes"
     state: restarted
-    cmd: ""
   with_items:
     - jupyterhub-proxy
 
@@ -25,6 +23,5 @@
     name: "{{ item }}"
     enabled: "yes"
     state: restarted
-    cmd: ""
   with_items:
     - jupyterhub-ssh

roles/mysql/handlers/main.yaml

@@ -5,6 +5,5 @@
     name: "{{ item }}"
     enabled: "yes"
     state: restarted
-    cmd: ""
   with_items:
     - mysql

roles/mysql/tasks/mysql.yaml

@@ -20,7 +20,7 @@
     mode: "0644"
     backup: true
   with_dict: "{{ mysql_config }}"
-  notify: restart services mysql
+  notify: Restart services mysql
 
 - name: Create mysql database
   become: true

roles/openldap/handlers/main.yaml

@@ -6,7 +6,6 @@
     name: "{{ item }}"
     enabled: "yes"
     state: restarted
-    cmd: ""
   with_items:
     - nscd
     - nslcd

roles/openldap/tasks/client.yaml

@@ -15,7 +15,7 @@
     regexp: pam_mkhomedir\.so
     line: session required pam_mkhomedir.so skel=/etc/skel/ umask=0022
     state: present
-  notify: restart services ldap
+  notify: Restart services ldap
 
 - name: LDAP Authentication | Query ldap in nsswitch.conf
   become: true
@@ -28,7 +28,7 @@
     - passwd
     - shadow
     - group
-  notify: restart services ldap
+  notify: Restart services ldap
 
 - name: LDAP Authentication | no cache for ldap in nscd.conf
   become: true
@@ -40,12 +40,12 @@
   with_items:
     - passwd
     - group
-  notify: restart services ldap
+  notify: Restart services ldap
 
 - name: LDAP Authentication | Configure /etc/nslcd.conf
   become: true
   ansible.builtin.template:
     src: nslcd.conf.j2
     dest: /etc/nslcd.conf
     mode: "0600"
-  notify: restart services ldap
+  notify: Restart services ldap

roles/openldap/tasks/openldap.yaml

@@ -47,6 +47,7 @@
 - name: Load ddbb template into ldap
   become: true
   ansible.builtin.command: ldapmodify -Y EXTERNAL -H ldapi:/// -f /tmp/db.ldif
+
 - name: Load ldap root entry
   community.general.ldap_entry:
     server_uri: "{{ openldap_server_uri }}"

roles/postgresql/handlers/main.yaml

@@ -5,6 +5,5 @@
     name: "{{ item }}"
     enabled: "yes"
     state: restarted
-    cmd: ""
   with_items:
     - postgresql

roles/slurm/defaults/main.yml

@@ -6,6 +6,8 @@ slurmd_enabled: false
 slurmctld_enabled: false
 slurmdbd_enabled: false
 
+SlurmConfigFileDIr: /etc/slurm-llnl
+
 slurm_config:
   ClusterName: cluster
   # slurmctld options

roles/slurm/tasks/main.yaml

@@ -15,7 +15,7 @@
 - name: Ensure that slurm configuration directory exists
   become: true
   ansible.builtin.file:
-    path: /etc/slurm
+    path: "{{ SlurmConfigFileDIr }}"
     state: directory
     mode: "0755"
     owner: root
@@ -25,10 +25,10 @@
   become: true
   ansible.builtin.template:
     src: templates/slurm.conf
-    dest: /etc/slurm/slurm.conf
+    dest: "{{ SlurmConfigFileDIr }}/slurm.conf"
     owner: root
     group: root
-    mode: "0444"
+    mode: "0755"
   register: _slurm_config
 
 - name: Install extra execution host configs
@@ -39,7 +39,7 @@
       ConstrainCores=yes
       ConstrainRAMSpace=yes
       ConstrainSwapSpace=yes
-    dest: /etc/slurm/cgroup.conf
+    dest: "{{ SlurmConfigFileDIr }}/cgroup.conf"
     owner: root
     group: root
     mode: "0444"

roles/slurm/tasks/slurm_exporter.yaml

@@ -1,6 +1,7 @@
 ---
 - name: Install golang
   ansible.builtin.include_tasks: golang.yaml
+
 - name: Check that the slurm exporter binary exists
   ansible.builtin.stat:
     path: /usr/local/bin/prometheus_slurm_exporter

roles/slurm/tasks/slurmctld.yaml

@@ -1,22 +1,28 @@
 ---
+# Must be writable by user SlurmUser.
+# The file must be accessible by the primary and backup control machines.
 - name: Ensure slurm state directory exists
   become: true
   ansible.builtin.file:
     path: "{{ slurm_config.StateSaveLocation }}"
     state: directory
-    mode: "0700"
+    mode: "0755"
     owner: slurm
     group: slurm
 
+# Must be writable by user SlurmUser.
+# The file must be accessible by the primary and backup control machines.
 - name: Ensure slurm log directory exists
   become: true
   ansible.builtin.file:
     path: "{{ slurm_config.SlurmctldLogFile | dirname }}"
     state: directory
-    mode: "0700"
+    mode: "0755"
     owner: slurm
     group: slurm
 
+# Must be writable by user root. Preferably writable and removable by SlurmUser.
+# The file must be accessible by the primary and backup control machines.
 - name: Ensure slurm pid directory exists
   become: true
   ansible.builtin.file:
@@ -33,7 +39,7 @@
       [Unit]
       Description=Slurm controller daemon
       After=network.target munge.service
-      ConditionPathExists=/etc/slurm/slurm.conf
+      ConditionPathExists={{ SlurmConfigFileDIr }}/slurm.conf
 
       [Service]
       Type=forking

roles/slurm/tasks/slurmd.yaml

@@ -1,4 +1,6 @@
 ---
+# Permissions must be set to 755 so that job scripts can be executed from this directory.
+# A distinct file must exist on each compute node.
 - name: Create slurm spool directory
   become: true
   ansible.builtin.file:
@@ -8,6 +10,8 @@
     mode: "0755"
     state: directory
 
+# Must be writable by user root.
+# A distinct file must exist on each compute node.
 - name: Create slurm log directory
   become: true
   ansible.builtin.file:
@@ -17,6 +21,8 @@
     mode: "0755"
     state: directory
 
+# Must be writable by user root.
+# A distinct file must exist on each compute node.
 - name: Ensure slurm pid directory exists
   become: true
   ansible.builtin.file:
@@ -33,7 +39,7 @@
       [Unit]
       Description=Slurm node daemon
       After=network.target munge.service remote-fs.target
-      ConditionPathExists=/etc/slurm/slurm.conf
+      ConditionPathExists={{ SlurmConfigFileDIr }}/slurm.conf
 
       [Service]
       Type=forking

roles/slurm/tasks/slurmdbd.yaml

@@ -1,13 +1,15 @@
 ---
+# Must be writable by user SlurmUser.
 - name: Ensure slurmdbd log directory exists
   become: true
   ansible.builtin.file:
     path: "{{ slurmdbd_config.LogFile | dirname }}"
     state: directory
-    mode: "0700"
+    mode: "0755"
     owner: slurm
     group: slurm
 
+# Must be writable by user SlurmUser.
 - name: Ensure slurm pid directory exists
   become: true
   ansible.builtin.file:
@@ -17,11 +19,15 @@
     owner: slurm
     group: slurm
 
+# This file should be only on the computer where SlurmDBD executes
+# and should only be readable by the user which executes SlurmDBD (e.g. "slurm").
+# This file should be protected from unauthorized access since
+# it contains a database password
 - name: Install slurmdbd.conf
   become: true
   ansible.builtin.template:
     src: templates/slurmdbd.conf
-    dest: /etc/slurm/slurmdbd.conf
+    dest: "{{ SlurmConfigFileDIr }}/slurmdbd.conf"
     owner: slurm
     group: slurm
     mode: "0600"
@@ -34,7 +40,7 @@
       [Unit]
       Description=Slurm DBD accounting daemon
       After=network.target munge.service
-      ConditionPathExists=/etc/slurm/slurmdbd.conf
+      ConditionPathExists={{ SlurmConfigFileDIr }}/slurmdbd.conf
 
       [Service]
       Type=forking

roles/traefik/handlers/main.yaml

@@ -5,6 +5,5 @@
     name: "{{ item }}"
     enabled: "yes"
     state: restarted
-    cmd: ""
   with_items:
     - traefik

roles/traefik/tasks/traefik.yaml

@@ -89,7 +89,7 @@
     owner: traefik
     group: traefik
   when: traefik_tls_certificate is defined
-  notify: restart services traefik
+  notify: Restart services traefik
   register: _traefik_tls_certificate
 
 - name: Copy TLS key if provided
@@ -102,7 +102,7 @@
     owner: traefik
     group: traefik
   when: traefik_tls_key is defined
-  notify: restart services traefik
+  notify: Restart services traefik
   register: _traefik_tls_key
 
 - name: Copy traefik configuration
@@ -113,7 +113,7 @@
     mode: "0600"
     owner: traefik
     group: traefik
-  notify: restart services traefik
+  notify: Restart services traefik
 
 - name: Copy traefik dynamic configuration
   become: true
@@ -123,7 +123,7 @@
     mode: "0600"
     owner: traefik
     group: traefik
-  notify: restart services traefik
+  notify: Restart services traefik
 
 - name: Copy the traefik systemd service file
   become: true
@@ -155,7 +155,7 @@
     owner: root
     group: root
     mode: "0644"
-  notify: restart services traefik
+  notify: Restart services traefik
 
 - name: Ensure Traefik is enabled on boot
   become: true