radiasoft / ansible-conf Goto Github PK
View Code? Open in Web Editor NEWRadiasoft playbooks
License: Apache License 2.0
Radiasoft playbooks
License: Apache License 2.0
Docker has deprecated container links for container networks.
Given the deprecation we should stop using links. We should try to leverage the software defined networking features as much as possible. We might be able to close more ports with this feature.
Write a new ansible role that will configure an MPI slave, using docker.
Required by #37.
Limit playbooks to configure one host at a time, e.g. hosts: <hostname>
. Depends on #31.
It seems that in Ansible 2.1.0 the docker_container
module has a bug, such that when some parameters are passed the module will always recreate the container. The culprit seems to be volumes
.
Start nginx serving a simple page on port 80 and 443 (SSL). Nginx should run on the NFS server.
In order to make jupyterhub
and jupyterhub_nfs
better suited for reusability, the should set their firewall settings and the values should be provided by the roles.
Ensure servers have the proper timezone
Requires #35 to be complete.
Required by #38.
Update READMEs for Ansible, Vagrant, Terraform.
Research the use user namespaces with docker.
Figure out how stable it is with Centos 7 since it is considered a technology preview feature.
Use the groovy API for configuration, see.
Required by #38.
Create role to disable services known to be superfluous.
SELinux will stop an nginx proxy from doing any traffic forwarding by default. Exceptions need to be configured within SELinux, and the current approach within ansible is very hacky: 1d899ca
Need to provide a better approach, either with an ansible module or with a bash script.
Ensure that logs generated by docker container are rotated.
Because we map the Jenkins uid
within the container to the uid
within the host, we have a situation, where Jenkins executes as a user that does not exist in /etc/passwd
, which triggers:
fatal: unable to look up current user in the passwd file: no such user
at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.launchCommandIn(CliGitAPIImpl.java:1723)
at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.launchCommandWithCredentials(CliGitAPIImpl.java:1459)
at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.access$300(CliGitAPIImpl.java:63)
at org.jenkinsci.plugins.gitclient.CliGitAPIImpl$1.execute(CliGitAPIImpl.java:314)
at hudson.plugins.git.GitSCM.fetchFrom(GitSCM.java:797)
... 8 more
GitHub has been notified of this commit’s build result
This happens, because git is trying to figure out the user name and email, for commits. One possibility is setting GIT_COMMITTER_NAME
and GIT_COMMITTER_EMAIL
environment variables. A better solution is to try to pass those settings to Jenkins somehow (The pipeline plugin does not seem to provide that).
Figure out how to organize the Ansible Master.
nginx.conf
conf.d
Part of #32.
Start the database once during setup, before the service starts.
Reference:
- init:
env:
- [ POSTGRES_PASSWORD, {{ pillar.postgresql_jupyterhub.admin_pass }} ]
- [ JPY_PSQL_PASSWORD, {{ pillar.jupyterhub.db_pass }} ]
cmd: bash /radia-init.sh
Prepare the AWS deployed image, as done with Vagrant.
.ssh
directory inside the Jupyter container with the keys.Required by #37.
Currently the jupyterhub_nfs roles configures the jupyterhub nfs shares and the jupyterhub nginx proxy. I think we might want to split them into different roles that could be applied to the same server.
Manage users and keys for access, as required by Ansible.
Use radiasoft/postgresql-jupyterhub
, run it as service.
Leverage the jupyterhub
and jupyterhub_nfs
roles to configure a single machine that will work as a JupyterHub provider and master of the MPI cluster.
Backup it up to NFS. Use the backup to setup new deployments.
Allow remote clients to configure docker; do not use the unix socket.
Right now for convenience the rs_channel
is automatically populated according to the group you are provisioning. We should a channel variable per role, e.g. jupyter_channel
.
Ensure all required configuration is available before provisioning slave hosts. Store all the information in an NFS share.
Required by #38.
This is with systemctl on fedora cloud. @elventear I'm not too concerned right now but wanted to note this was happening so we don't lose it.
Sep 29 02:14:12 ip-10-14-2-5.ec2.internal systemd[1]: celery-sirepo.service: Unit entered failed state.
Sep 29 02:14:12 ip-10-14-2-5.ec2.internal systemd[1]: celery-sirepo.service: Failed with result 'exit-code'.
Sep 29 02:14:23 ip-10-14-2-5.ec2.internal systemd[1]: celery-sirepo.service: Service hold-off time over, scheduling restart.
Sep 29 02:14:23 ip-10-14-2-5.ec2.internal systemd[1]: Started Celery Sirepo.
Sep 29 02:14:23 ip-10-14-2-5.ec2.internal systemd[1]: Starting Celery Sirepo...
Sep 29 02:14:23 ip-10-14-2-5.ec2.internal docker[1874]: /usr/bin/docker: Error response from daemon: Conflict. The name "/celery-sirepo" is already in use by container a3be7
Sep 29 02:14:23 ip-10-14-2-5.ec2.internal docker[1874]: See '/usr/bin/docker run --help'.
Sep 29 02:14:23 ip-10-14-2-5.ec2.internal systemd[1]: celery-sirepo.service: Main process exited, code=exited, status=125/n/a
Sep 29 02:14:23 ip-10-14-2-5.ec2.internal docker[1878]: celery-sirepo
Sep 29 02:14:23 ip-10-14-2-5.ec2.internal systemd[1]: celery-sirepo.service: Unit entered failed state.
Sep 29 02:14:23 ip-10-14-2-5.ec2.internal systemd[1]: celery-sirepo.service: Failed with result 'exit-code'.
Sep 29 02:14:33 ip-10-14-2-5.ec2.internal systemd[1]: celery-sirepo.service: Service hold-off time over, scheduling restart.
Sep 29 02:14:33 ip-10-14-2-5.ec2.internal systemd[1]: Started Celery Sirepo.
Sep 29 02:14:33 ip-10-14-2-5.ec2.internal systemd[1]: Starting Celery Sirepo...
Sep 29 02:14:33 ip-10-14-2-5.ec2.internal docker[1885]: /usr/bin/docker: Error response from daemon: Conflict. The name "/celery-sirepo" is already in use by container a3be7
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.