Skip to content

Commit

Permalink
Merge pull request #15 from stackhpc/ood
Browse files Browse the repository at this point in the history
Added Open OnDemand
  • Loading branch information
wtripp180901 authored Aug 15, 2023
2 parents 1c8f39a + 1a4a3e4 commit 8c4407c
Show file tree
Hide file tree
Showing 13 changed files with 742 additions and 4 deletions.
2 changes: 2 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,8 @@ On initial deployment ONLY, run
```
This generates a set of secrets. If these need to be regenerated, see "Reconfiguring the Cluster"

Be sure to take note of the Open Ondemand credentials, you will need them to access the cluster through a browser

### Connecting RWX Volume

A ReadWriteMany (RWX) volume is required, if a named volume exists, set `nfs.claimName` in the `values.yaml` file to its name. If not, manifests to deploy a Rook NFS volume are provided in the `/nfs` directory. You can deploy this by running
Expand Down
24 changes: 23 additions & 1 deletion generate-secrets.sh
Original file line number Diff line number Diff line change
Expand Up @@ -10,4 +10,26 @@ kubectl create secret generic munge-key-secret \
--dry-run=client \
--from-literal=munge.key=$(dd if=/dev/urandom bs=1 count=1024 2>/dev/null | base64 -w 0) \
-o yaml | \
kubectl apply -f -
kubectl apply -f -

mkdir -p ./temphostkeys/etc/ssh
ssh-keygen -A -f ./temphostkeys
kubectl create secret generic host-keys-secret \
--dry-run=client \
--from-file=./temphostkeys/etc/ssh \
-o yaml | \
kubectl apply -f -
rm -rf ./temphostkeys

OOD_PASS=$(tr -dc 'A-Za-z0-9' </dev/urandom | head -c 16)

kubectl create secret generic htdbm-secret \
--dry-run=client \
--from-literal=password=$OOD_PASS \
-o yaml | \
kubectl apply -f -

echo "Open Ondemand Credentials:"
echo "Username: rocky"
echo "Password: $OOD_PASS"
OOD_PASS=""
4 changes: 4 additions & 0 deletions image/Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,9 @@ RUN set -ex \
&& yum -y install dnf-plugins-core epel-release \
&& yum -y install dnf-plugins-core \
&& yum config-manager --set-enabled powertools \
&& yum -y module enable ruby:2.7 nodejs:14 \
&& yum -y install https://yum.osc.edu/ondemand/2.0/ondemand-release-web-2.0-1.noarch.rpm \
&& yum -y module install ruby nodejs \
&& yum -y install \
wget \
bzip2 \
Expand Down Expand Up @@ -42,6 +45,7 @@ RUN set -ex \
hwloc-devel \
openssh-server \
apptainer \
ondemand \
&& yum clean all \
&& rm -rf /var/cache/yum

Expand Down
35 changes: 33 additions & 2 deletions image/docker-entrypoint.sh
Original file line number Diff line number Diff line change
Expand Up @@ -86,6 +86,8 @@ then
chown root:root /home
chmod 755 /home

echo "---> Setting up ssh for user"

mkdir -p /home/rocky/.ssh
cp /tmp/authorized_keys /home/rocky/.ssh/authorized_keys

Expand All @@ -99,11 +101,40 @@ then
done
popd > /dev/null

echo "---> Complete"
echo "---> Starting sshd"
ssh-keygen -A
cp /tempmounts/etc/ssh/* /etc/ssh/
chmod 600 /etc/ssh/ssh_host_dsa_key
chmod 600 /etc/ssh/ssh_host_ecdsa_key
chmod 600 /etc/ssh/ssh_host_ed25519_key
chmod 600 /etc/ssh/ssh_host_rsa_key
/usr/sbin/sshd

start_munge --foreground
start_munge

echo "---> Setting up self ssh capabilities for OOD"

if [ -f /home/rocky/.ssh/id_rsa.pub ]; then
echo "ssh keys already found"
else
ssh-keygen -t rsa -f /home/rocky/.ssh/id_rsa -N ""
fi

ssh-keyscan localhost > /etc/ssh/ssh_known_hosts
echo "" >> /home/rocky/.ssh/authorized_keys #Adding newline to avoid breaking authorized_keys file
cat /home/rocky/.ssh/id_rsa.pub >> /home/rocky/.ssh/authorized_keys

echo "---> Starting Apache Server"

# mkdir --parents /etc/ood/config/apps/shell
# env > /etc/ood/config/apps/shell/env

/usr/libexec/httpd-ssl-gencerts
/opt/ood/ood-portal-generator/sbin/update_ood_portal
mkdir --parents /opt/rh/httpd24/root/etc/httpd/

/usr/bin/htdbm -cb /opt/rh/httpd24/root/etc/httpd/.htpasswd.dbm rocky $ROCKY_OOD_PASS
/usr/sbin/httpd -k start -X -e debug

elif [ "$1" = "check-queue-hook" ]
then
Expand Down
Loading

0 comments on commit 8c4407c

Please sign in to comment.