From 648db22317b8b045a6d9543775a73d84cafe972d Mon Sep 17 00:00:00 2001 From: Will Date: Fri, 14 Jul 2023 10:47:31 +0100 Subject: [PATCH 01/39] Added Open Ondemand to image --- Dockerfile | 3 +++ docker-entrypoint.sh | 6 +++++- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 167584b..bcc6231 100644 --- a/Dockerfile +++ b/Dockerfile @@ -15,6 +15,8 @@ RUN set -ex \ && yum -y install dnf-plugins-core epel-release \ && yum -y install dnf-plugins-core \ && yum config-manager --set-enabled powertools \ + && yum -y module enable ruby:2.7 nodejs:14 \ + && yum -y install https://yum.osc.edu/ondemand/2.0/ondemand-release-web-2.0-1.noarch.rpm \ && yum -y install \ wget \ bzip2 \ @@ -42,6 +44,7 @@ RUN set -ex \ hwloc-devel \ openssh-server \ apptainer \ + ondemand \ && yum clean all \ && rm -rf /var/cache/yum diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index ee12fab..eac6aa1 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -100,8 +100,12 @@ then /usr/sbin/sshd echo "---> Starting the MUNGE Authentication service (munged) ..." - gosu munge /usr/sbin/munged -F + gosu munge /usr/sbin/munged echo "---> MUNGE Complete" + + echo "---> Starting Apache Server" + /usr/libexec/httpd-ssl-gencerts + /usr/sbin/httpd -k start -X -e debug fi if [ "$1" = "check-queue-hook" ] From b241c36d985305e31ac276cefa46d988d6c3aed7 Mon Sep 17 00:00:00 2001 From: Will Date: Fri, 14 Jul 2023 15:38:38 +0100 Subject: [PATCH 02/39] Running ood portal generator --- docker-entrypoint.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index eac6aa1..e7b4505 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -105,6 +105,7 @@ then echo "---> Starting Apache Server" /usr/libexec/httpd-ssl-gencerts + /opt/ood/ood-portal-generator/sbin/update_ood_portal /usr/sbin/httpd -k start -X -e debug fi From 1995fd954ab064c914e44eaa513a856ea899fb1c Mon Sep 17 00:00:00 2001 From: Will Date: Fri, 14 Jul 2023 16:19:35 +0100 Subject: [PATCH 03/39] Trying adding ood user before starts --- docker-entrypoint.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index e7b4505..16a002d 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -106,6 +106,8 @@ then echo "---> Starting Apache Server" /usr/libexec/httpd-ssl-gencerts /opt/ood/ood-portal-generator/sbin/update_ood_portal + groupadd ood + useradd -d /home/ood -g ood -k /etc/skel -m ood /usr/sbin/httpd -k start -X -e debug fi From 26a475046835eb3a5a847d0033552cfbdd997e1a Mon Sep 17 00:00:00 2001 From: Will Date: Mon, 17 Jul 2023 09:10:26 +0100 Subject: [PATCH 04/39] Apache runs but auth errors --- slurm-cluster-chart/files/httpd.conf | 356 ++++++++++++++++++ slurm-cluster-chart/files/ood_portal.yaml | 246 ++++++++++++ .../templates/httpd-configmap.yaml | 8 + .../templates/login-deployment.yaml | 13 + .../templates/login-service.yaml | 4 + .../templates/ood-portal-configmap.yaml | 8 + slurm-cluster-chart/values.yaml | 2 +- 7 files changed, 636 insertions(+), 1 deletion(-) create mode 100644 slurm-cluster-chart/files/httpd.conf create mode 100644 slurm-cluster-chart/files/ood_portal.yaml create mode 100644 slurm-cluster-chart/templates/httpd-configmap.yaml create mode 100644 slurm-cluster-chart/templates/ood-portal-configmap.yaml diff --git a/slurm-cluster-chart/files/httpd.conf b/slurm-cluster-chart/files/httpd.conf new file mode 100644 index 0000000..6d3783a --- /dev/null +++ b/slurm-cluster-chart/files/httpd.conf @@ -0,0 +1,356 @@ +# +# This is the main Apache HTTP server configuration file. It contains the +# configuration directives that give the server its instructions. +# See for detailed information. +# In particular, see +# +# for a discussion of each configuration directive. +# +# See the httpd.conf(5) man page for more information on this configuration, +# and httpd.service(8) on using and configuring the httpd service. +# +# Do NOT simply read the instructions in here without understanding +# what they do. They're here only as hints or reminders. If you are unsure +# consult the online docs. You have been warned. +# +# Configuration and logfile names: If the filenames you specify for many +# of the server's control files begin with "/" (or "drive:/" for Win32), the +# server will use that explicit path. If the filenames do *not* begin +# with "/", the value of ServerRoot is prepended -- so 'log/access_log' +# with ServerRoot set to '/www' will be interpreted by the +# server as '/www/log/access_log', where as '/log/access_log' will be +# interpreted as '/log/access_log'. + +# +# ServerRoot: The top of the directory tree under which the server's +# configuration, error, and log files are kept. +# +# Do not add a slash at the end of the directory path. If you point +# ServerRoot at a non-local disk, be sure to specify a local disk on the +# Mutex directive, if file-based mutexes are used. If you wish to share the +# same ServerRoot for multiple httpd daemons, you will need to change at +# least PidFile. +# +ServerRoot "/etc/httpd" + +# +# Listen: Allows you to bind Apache to specific IP addresses and/or +# ports, instead of the default. See also the +# directive. +# +# Change this to Listen on specific IP addresses as shown below to +# prevent Apache from glomming onto all bound IP addresses. +# +#Listen 12.34.56.78:80 +Listen 80 + +# +# Dynamic Shared Object (DSO) Support +# +# To be able to use the functionality of a module which was built as a DSO you +# have to place corresponding `LoadModule' lines at this location so the +# directives contained in it are actually available _before_ they are used. +# Statically compiled modules (those listed by `httpd -l') do not need +# to be loaded here. +# +# Example: +# LoadModule foo_module modules/mod_foo.so +# +Include conf.modules.d/*.conf + +# +# If you wish httpd to run as a different user or group, you must run +# httpd as root initially and it will switch. +# +# User/Group: The name (or #number) of the user/group to run httpd as. +# It is usually good practice to create a dedicated user and group for +# running httpd, as with most system services. +# +User apache +Group apache + +# 'Main' server configuration +# +# The directives in this section set up the values used by the 'main' +# server, which responds to any requests that aren't handled by a +# definition. These values also provide defaults for +# any containers you may define later in the file. +# +# All of these directives may appear inside containers, +# in which case these default settings will be overridden for the +# virtual host being defined. +# + +# +# ServerAdmin: Your address, where problems with the server should be +# e-mailed. This address appears on some server-generated pages, such +# as error documents. e.g. admin@your-domain.com +# +ServerAdmin root@localhost + +# +# ServerName gives the name and port that the server uses to identify itself. +# This can often be determined automatically, but we recommend you specify +# it explicitly to prevent problems during startup. +# +# If your host doesn't have a registered DNS name, enter its IP address here. +# +#ServerName www.example.com:80 + +# +# Deny access to the entirety of your server's filesystem. You must +# explicitly permit access to web content directories in other +# blocks below. +# + + AllowOverride none + Require all denied + + +# +# Note that from this point forward you must specifically allow +# particular features to be enabled - so if something's not working as +# you might expect, make sure that you have specifically enabled it +# below. +# + +# +# DocumentRoot: The directory out of which you will serve your +# documents. By default, all requests are taken from this directory, but +# symbolic links and aliases may be used to point to other locations. +# +DocumentRoot "/var/www/html" + +# +# Relax access to content within /var/www. +# + + AllowOverride None + # Allow open access: + Require all granted + + +# Further relax access to the default document root: + + # + # Possible values for the Options directive are "None", "All", + # or any combination of: + # Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews + # + # Note that "MultiViews" must be named *explicitly* --- "Options All" + # doesn't give it to you. + # + # The Options directive is both complicated and important. Please see + # http://httpd.apache.org/docs/2.4/mod/core.html#options + # for more information. + # + Options Indexes FollowSymLinks + + # + # AllowOverride controls what directives may be placed in .htaccess files. + # It can be "All", "None", or any combination of the keywords: + # Options FileInfo AuthConfig Limit + # + AllowOverride None + + # + # Controls who can get stuff from this server. + # + Require all granted + + +# +# DirectoryIndex: sets the file that Apache will serve if a directory +# is requested. +# + + DirectoryIndex index.html + + +# +# The following lines prevent .htaccess and .htpasswd files from being +# viewed by Web clients. +# + + Require all denied + + +# +# ErrorLog: The location of the error log file. +# If you do not specify an ErrorLog directive within a +# container, error messages relating to that virtual host will be +# logged here. If you *do* define an error logfile for a +# container, that host's errors will be logged there and not here. +# +ErrorLog "logs/error_log" + +# +# LogLevel: Control the number of messages logged to the error_log. +# Possible values include: debug, info, notice, warn, error, crit, +# alert, emerg. +# +LogLevel debug + + + # + # The following directives define some format nicknames for use with + # a CustomLog directive (see below). + # + LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined + LogFormat "%h %l %u %t \"%r\" %>s %b" common + + + # You need to enable mod_logio.c to use %I and %O + LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio + + + # + # The location and format of the access logfile (Common Logfile Format). + # If you do not define any access logfiles within a + # container, they will be logged here. Contrariwise, if you *do* + # define per- access logfiles, transactions will be + # logged therein and *not* in this file. + # + #CustomLog "logs/access_log" common + + # + # If you prefer a logfile with access, agent, and referer information + # (Combined Logfile Format) you can use the following directive. + # + CustomLog "logs/access_log" combined + + + + # + # Redirect: Allows you to tell clients about documents that used to + # exist in your server's namespace, but do not anymore. The client + # will make a new request for the document at its new location. + # Example: + # Redirect permanent /foo http://www.example.com/bar + + # + # Alias: Maps web paths into filesystem paths and is used to + # access content that does not live under the DocumentRoot. + # Example: + # Alias /webpath /full/filesystem/path + # + # If you include a trailing / on /webpath then the server will + # require it to be present in the URL. You will also likely + # need to provide a section to allow access to + # the filesystem path. + + # + # ScriptAlias: This controls which directories contain server scripts. + # ScriptAliases are essentially the same as Aliases, except that + # documents in the target directory are treated as applications and + # run by the server when requested rather than as documents sent to the + # client. The same rules about trailing "/" apply to ScriptAlias + # directives as to Alias. + # + ScriptAlias /cgi-bin/ "/var/www/cgi-bin/" + + + +# +# "/var/www/cgi-bin" should be changed to whatever your ScriptAliased +# CGI directory exists, if you have that configured. +# + + AllowOverride None + Options None + Require all granted + + + + # + # TypesConfig points to the file containing the list of mappings from + # filename extension to MIME-type. + # + TypesConfig /etc/mime.types + + # + # AddType allows you to add to or override the MIME configuration + # file specified in TypesConfig for specific file types. + # + #AddType application/x-gzip .tgz + # + # AddEncoding allows you to have certain browsers uncompress + # information on the fly. Note: Not all browsers support this. + # + #AddEncoding x-compress .Z + #AddEncoding x-gzip .gz .tgz + # + # If the AddEncoding directives above are commented-out, then you + # probably should define those extensions to indicate media types: + # + AddType application/x-compress .Z + AddType application/x-gzip .gz .tgz + + # + # AddHandler allows you to map certain file extensions to "handlers": + # actions unrelated to filetype. These can be either built into the server + # or added with the Action directive (see below) + # + # To use CGI scripts outside of ScriptAliased directories: + # (You will also need to add "ExecCGI" to the "Options" directive.) + # + #AddHandler cgi-script .cgi + + # For type maps (negotiated resources): + #AddHandler type-map var + + # + # Filters allow you to process content before it is sent to the client. + # + # To parse .shtml files for server-side includes (SSI): + # (You will also need to add "Includes" to the "Options" directive.) + # + AddType text/html .shtml + AddOutputFilter INCLUDES .shtml + + +# +# Specify a default charset for all content served; this enables +# interpretation of all content as UTF-8 by default. To use the +# default browser choice (ISO-8859-1), or to allow the META tags +# in HTML content to override this choice, comment out this +# directive: +# +AddDefaultCharset UTF-8 + + + # + # The mod_mime_magic module allows the server to use various hints from the + # contents of the file itself to determine its type. The MIMEMagicFile + # directive tells the module where the hint definitions are located. + # + MIMEMagicFile conf/magic + + +# +# Customizable error responses come in three flavors: +# 1) plain text 2) local redirects 3) external redirects +# +# Some examples: +#ErrorDocument 500 "The server made a boo boo." +#ErrorDocument 404 /missing.html +#ErrorDocument 404 "/cgi-bin/missing_handler.pl" +#ErrorDocument 402 http://www.example.com/subscription_info.html +# + +# +# EnableMMAP and EnableSendfile: On systems that support it, +# memory-mapping or the sendfile syscall may be used to deliver +# files. This usually improves server performance, but must +# be turned off when serving from networked-mounted +# filesystems or if support for these functions is otherwise +# broken on your system. +# Defaults if commented: EnableMMAP On, EnableSendfile Off +# +#EnableMMAP off +EnableSendfile on + +# Supplemental configuration +# +# Load config files in the "/etc/httpd/conf.d" directory, if any. +IncludeOptional conf.d/*.conf \ No newline at end of file diff --git a/slurm-cluster-chart/files/ood_portal.yaml b/slurm-cluster-chart/files/ood_portal.yaml new file mode 100644 index 0000000..88b6ed4 --- /dev/null +++ b/slurm-cluster-chart/files/ood_portal.yaml @@ -0,0 +1,246 @@ +--- +# +# Portal configuration +# + +# The address and port to listen for connections on +# Example: +# listen_addr_port: 443 +# Default: null (don't add any more listen directives) +#listen_addr_port: 80 + +# The server name used for name-based Virtual Host +# Example: +# servername: 'www.example.com' +# Default: null (don't use name-based Virtual Host) +servername: 128.232.226.84 +#serverAlias: 128.232.226.84 + +# The port specification for the Virtual Host +# Example: +# port: 8080 +#Default: null (use default port 80 or 443 if SSL enabled) +#port: null + +# List of SSL Apache directives +# Example: +# ssl: +# - 'SSLCertificateFile "/etc/pki/tls/certs/www.example.com.crt"' +# - 'SSLCertificateKeyFile "/etc/pki/tls/private/www.example.com.key"' +# Default: null (no SSL support) +#ssl: null + +# Root directory of log files (can be relative ServerRoot) +# Example: +# logroot: '/path/to/my/logs' +# Default: 'logs' (this is relative to ServerRoot) +#logroot: 'logs' + +# Root directory of the Lua handler code +# Example: +# lua_root: '/path/to/lua/handlers' +# Default : '/opt/ood/mod_ood_proxy/lib' (default install directory of mod_ood_proxy) +#lua_root: '/opt/ood/mod_ood_proxy/lib' + +# Verbosity of the Lua module logging +# (see https://httpd.apache.org/docs/2.4/mod/core.html#loglevel) +# Example: +# lua_log_level: 'warn' +# Default: 'info' (get verbose logs) +#lua_log_level: 'info' + +# System command used to map authenticated-user to system-user +# Example: +# user_map_cmd: '/opt/ood/ood_auth_map/bin/ood_auth_map.regex --regex=''^(\w+)@example.com$''' +# Default: '/opt/ood/ood_auth_map/bin/ood_auth_map.regex' (this echo's back auth-user) +#user_map_cmd: '/opt/ood/ood_auth_map/bin/ood_auth_map.regex' + +# Use an alternative CGI environment variable instead of REMOTE_USER for +# determining the authenticated-user fed to the mapping script +# Example: +# user_env: 'OIDC_CLAIM_preferred_username' +# Default: null (use REMOTE_USER) +#user_env: null + +# Redirect user to the following URI if fail to map there authenticated-user to +# a system-user +# Example: +# map_fail_uri: '/register' +# Default: null (don't redirect, just display error message) +#map_fail_uri: null + +# System command used to run the `nginx_stage` script with sudo privileges +# Example: +# pun_stage_cmd: 'sudo /path/to/nginx_stage' +# Default: 'sudo /opt/ood/nginx_stage/sbin/nginx_stage' (don't forget sudo) +#pun_stage_cmd: 'sudo /opt/ood/nginx_stage/sbin/nginx_stage' + +# List of Apache authentication directives +# NB: Be sure the appropriate Apache module is installed for this +# Default: (see below, uses basic auth with an htpasswd file) +# auth: +# - 'AuthType Basic' +# - 'AuthName "private"' +# - 'AuthUserFile "/opt/rh/httpd24/root/etc/httpd/.htpasswd"' +# - 'RequestHeader unset Authorization' +# - 'Require valid-user' + +# Redirect user to the following URI when accessing root URI +# Example: +# root_uri: '/my_uri' +# # https://www.example.com/ => https://www.example.com/my_uri +# Default: '/pun/sys/dashboard' (default location of the OOD Dashboard app) +#root_uri: '/pun/sys/dashboard' + +# Track server-side analytics with a Google Analytics account and property +# (see https://github.com/OSC/mod_ood_proxy/blob/master/lib/analytics.lua for +# information on how to setup the GA property) +# Example: +# analytics: +# url: 'http://www.google-analytics.com/collect' +# id: 'UA-79331310-4' +# Default: null (do not track) +#analytics: null + +# +# Publicly available assets +# + +# Public sub-uri (available to public with no authentication) +# Example: +# public_uri: '/assets' +# Default: '/public' +#public_uri: '/public' + +# Root directory that serves the public sub-uri (be careful, everything under +# here is open to the public) +# Example: +# public_root: '/path/to/public/assets' +# Default: '/var/www/ood/public' +#public_root: '/var/www/ood/public' + +# +# Logout redirect helper +# + +# Logout sub-uri +# Example +# logout_uri: '/log_me_out' +# NB: If you change this, then modify the Dashboard app with the new sub-uri +# Default: '/logout' (the Dashboard app is by default going to expect this) +#logout_uri: '/logout' + +# Redirect user to the following URI when accessing logout URI +# Example: +# logout_redirect: '/oidc?logout=https%3A%2F%2Fwww.example.com' +# Default: '/pun/sys/dashboard/logout' (the Dashboard app provides a simple +# HTML page explaining logout to the user) +#logout_redirect: '/pun/sys/dashboard/logout' + +# +# Reverse proxy to backend nodes +# + +# Regular expression used for whitelisting allowed hostnames of nodes +# Example: +# host_regex: '[\w.-]+\.example\.com' +# Default: '[^/]+' (allow reverse proxying to all hosts, this allows external +# hosts as well) +#host_regex: '[^/]+' + +# Sub-uri used to reverse proxy to backend web server running on node that +# knows the full URI path +# Example: +# node_uri: '/node' +# Default: null (disable this feature) +#node_uri: null + +# Sub-uri used to reverse proxy to backend web server running on node that +# ONLY uses *relative* URI paths +# Example: +# rnode_uri: '/rnode' +# Default: null (disable this feature) +#rnode_uri: null + +# +# Per-user NGINX Passenger apps +# + +# Sub-uri used to control PUN processes +# Example: +# nginx_uri: '/my_pun_controller' +# Default: '/nginx' +#nginx_uri: '/nginx' + +# Sub-uri used to access the PUN processes +# Example: +# pun_uri: '/my_pun_apps' +# Default: '/pun' +#pun_uri: '/pun' + +# Root directory that contains the PUN Unix sockets that the proxy uses to +# connect to +# Example: +# pun_socket_root: '/path/to/pun/sockets' +# Default: '/var/run/ondemand-nginx' (default location set in nginx_stage) +#pun_socket_root: '/var/run/ondemand-nginx' + +# Number of times the proxy attempts to connect to the PUN Unix socket before +# giving up and displaying an error to the user +# Example: +# pun_max_retries: 25 +# Default: 5 (only try 5 times) +#pun_max_retries: 5 + +# +# Support for OpenID Connect +# + +# Sub-uri used by mod_auth_openidc for authentication +# Example: +# oidc_uri: '/oidc' +# Default: null (disable OpenID Connect support) +#oidc_uri: null + +# Sub-uri user is redirected to if they are not authenticated. This is used to +# *discover* what ID provider the user will login through. +# Example: +# oidc_discover_uri: '/discover' +# Default: null (disable support for discovering OpenID Connect IdP) +#oidc_discover_uri: null + +# Root directory on the filesystem that serves the HTML code used to display +# the discovery page +# Example: +# oidc_discover_root: '/var/www/ood/discover' +# Default: null (disable support for discovering OpenID Connect IdP) +#oidc_discover_root: null + +# +# Support for registering unmapped users +# +# (Not necessary if using regular expressions for mapping users) +# + +# Sub-uri user is redirected to if unable to map authenticated-user to +# system-user +# Example: +# register_uri: '/register' +# Default: null (display error to user if mapping fails) +#register_uri: null + +# Root directory on the filesystem that serves the HTML code used to register +# an unmapped user +# Example: +# register_root: '/var/www/ood/register' +# Default: null (display error to user if mapping fails) +#register_root: null + +host_regex: 'head' +auth: + - 'AuthType Basic' + - 'AuthName "private"' + - 'AuthBasicProvider dbm' + - 'AuthDBMUserFile "/opt/rh/httpd24/root/etc/httpd/.htpasswd.dbm"' + - 'RequestHeader unset Authorization' + - 'Require valid-user' \ No newline at end of file diff --git a/slurm-cluster-chart/templates/httpd-configmap.yaml b/slurm-cluster-chart/templates/httpd-configmap.yaml new file mode 100644 index 0000000..93eb6ea --- /dev/null +++ b/slurm-cluster-chart/templates/httpd-configmap.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: httpd-configmap +data: + httpd.conf: | + {{- .Files.Get "files/httpd.conf" | nindent 4 -}} + \ No newline at end of file diff --git a/slurm-cluster-chart/templates/login-deployment.yaml b/slurm-cluster-chart/templates/login-deployment.yaml index 2b49536..b27a1af 100644 --- a/slurm-cluster-chart/templates/login-deployment.yaml +++ b/slurm-cluster-chart/templates/login-deployment.yaml @@ -28,6 +28,7 @@ spec: name: login ports: - containerPort: 22 + - containerPort: 80 volumeMounts: - mountPath: {{ .Values.nfs.mountPath }} name: slurm-jobdir @@ -43,6 +44,12 @@ spec: - name: authorized-keys mountPath: /tempmounts/authorized_keys subPath: authorized_keys + - name: ood-portal + mountPath: /etc/ood/config/ood_portal.yml + subPath: ood_portal.yml + - name: httpd-config + mountPath: /etc/httpd/conf/httpd.conf + subPath: httpd.conf resources: {} hostname: login restartPolicy: Always @@ -62,3 +69,9 @@ spec: - name: authorized-keys configMap: name: {{ .Values.configmaps.authorizedKeys }} + - name: ood-portal + configMap: + name: ood-portal-configmap + - name: httpd-config + configMap: + name: httpd-configmap diff --git a/slurm-cluster-chart/templates/login-service.yaml b/slurm-cluster-chart/templates/login-service.yaml index 0a38ba4..fee3480 100644 --- a/slurm-cluster-chart/templates/login-service.yaml +++ b/slurm-cluster-chart/templates/login-service.yaml @@ -11,6 +11,10 @@ spec: - name: "ssh" port: 22 targetPort: 22 + - name: "apache" + port: 80 + targetPort: 80 + protocol: TCP type: LoadBalancer selector: app.kubernetes.io/name: slurm diff --git a/slurm-cluster-chart/templates/ood-portal-configmap.yaml b/slurm-cluster-chart/templates/ood-portal-configmap.yaml new file mode 100644 index 0000000..6770d82 --- /dev/null +++ b/slurm-cluster-chart/templates/ood-portal-configmap.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: ood-portal-configmap +data: + ood_portal.yml: | + {{- .Files.Get "files/ood_portal.yaml" | nindent 4 -}} + \ No newline at end of file diff --git a/slurm-cluster-chart/values.yaml b/slurm-cluster-chart/values.yaml index 92e5088..68c209b 100644 --- a/slurm-cluster-chart/values.yaml +++ b/slurm-cluster-chart/values.yaml @@ -1,4 +1,4 @@ -sdcImage: ghcr.io/stackhpc/slurm-docker-cluster:05bbb87 +sdcImage: ghcr.io/stackhpc/slurm-docker-cluster:1995fd9 replicas: slurmd: 2 From 6abcad04da63cc532eb15a58009477ec371f46fd Mon Sep 17 00:00:00 2001 From: Will Date: Mon, 17 Jul 2023 10:25:49 +0100 Subject: [PATCH 05/39] Creating htpasswd file and adding user on startup --- docker-entrypoint.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index 16a002d..0ff2dc8 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -106,8 +106,10 @@ then echo "---> Starting Apache Server" /usr/libexec/httpd-ssl-gencerts /opt/ood/ood-portal-generator/sbin/update_ood_portal + mkdir --parents /opt/rh/httpd24/root/etc/httpd/ groupadd ood useradd -d /home/ood -g ood -k /etc/skel -m ood + /usr/bin/htpasswd -cb /opt/rh/httpd24/root/etc/httpd/.htpasswd.dbm ood password /usr/sbin/httpd -k start -X -e debug fi From 494a7a522fda5a55e764e0aad895d4213006f2db Mon Sep 17 00:00:00 2001 From: Will Date: Mon, 17 Jul 2023 11:06:33 +0100 Subject: [PATCH 06/39] Now adds rocky as authenticated user and uses htdbm to generate auth file --- docker-entrypoint.sh | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index 0ff2dc8..951e8d0 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -107,9 +107,7 @@ then /usr/libexec/httpd-ssl-gencerts /opt/ood/ood-portal-generator/sbin/update_ood_portal mkdir --parents /opt/rh/httpd24/root/etc/httpd/ - groupadd ood - useradd -d /home/ood -g ood -k /etc/skel -m ood - /usr/bin/htpasswd -cb /opt/rh/httpd24/root/etc/httpd/.htpasswd.dbm ood password + /usr/bin/htdbm -cb /opt/rh/httpd24/root/etc/httpd/.htpasswd.dbm rocky password /usr/sbin/httpd -k start -X -e debug fi From 547428befb091bf32cd9ce49f7d3b8fc28c0f3f7 Mon Sep 17 00:00:00 2001 From: Will Date: Mon, 17 Jul 2023 13:50:09 +0100 Subject: [PATCH 07/39] Updated image + mounted cluster config --- slurm-cluster-chart/files/ood-cluster-config.yml | 6 ++++++ slurm-cluster-chart/files/ood_portal.yaml | 2 +- .../templates/cluster-config-configmap.yaml | 7 +++++++ slurm-cluster-chart/templates/login-deployment.yaml | 6 ++++++ slurm-cluster-chart/values.yaml | 2 +- 5 files changed, 21 insertions(+), 2 deletions(-) create mode 100644 slurm-cluster-chart/files/ood-cluster-config.yml create mode 100644 slurm-cluster-chart/templates/cluster-config-configmap.yaml diff --git a/slurm-cluster-chart/files/ood-cluster-config.yml b/slurm-cluster-chart/files/ood-cluster-config.yml new file mode 100644 index 0000000..c1b1905 --- /dev/null +++ b/slurm-cluster-chart/files/ood-cluster-config.yml @@ -0,0 +1,6 @@ +v2: + metadata: + title: "My Cluster" + login: + #host: www.example.com + host: 128.232.226.84 \ No newline at end of file diff --git a/slurm-cluster-chart/files/ood_portal.yaml b/slurm-cluster-chart/files/ood_portal.yaml index 88b6ed4..4eee040 100644 --- a/slurm-cluster-chart/files/ood_portal.yaml +++ b/slurm-cluster-chart/files/ood_portal.yaml @@ -13,7 +13,7 @@ # Example: # servername: 'www.example.com' # Default: null (don't use name-based Virtual Host) -servername: 128.232.226.84 +#servername: 128.232.226.84 #serverAlias: 128.232.226.84 # The port specification for the Virtual Host diff --git a/slurm-cluster-chart/templates/cluster-config-configmap.yaml b/slurm-cluster-chart/templates/cluster-config-configmap.yaml new file mode 100644 index 0000000..3076dc9 --- /dev/null +++ b/slurm-cluster-chart/templates/cluster-config-configmap.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: cluster-config +data: + httpd.conf: | + {{- .Files.Get "files/ood-cluster-config.yaml" | nindent 4 -}} \ No newline at end of file diff --git a/slurm-cluster-chart/templates/login-deployment.yaml b/slurm-cluster-chart/templates/login-deployment.yaml index b27a1af..ae3e91b 100644 --- a/slurm-cluster-chart/templates/login-deployment.yaml +++ b/slurm-cluster-chart/templates/login-deployment.yaml @@ -50,6 +50,9 @@ spec: - name: httpd-config mountPath: /etc/httpd/conf/httpd.conf subPath: httpd.conf + - name: cluster-config + mountPath: /etc/ood/config/cluster.d/ood-cluster-config.yml + subPath: ood-cluster-config.yml resources: {} hostname: login restartPolicy: Always @@ -69,6 +72,9 @@ spec: - name: authorized-keys configMap: name: {{ .Values.configmaps.authorizedKeys }} + - name: cluster-config + configMap: + name: cluster-config - name: ood-portal configMap: name: ood-portal-configmap diff --git a/slurm-cluster-chart/values.yaml b/slurm-cluster-chart/values.yaml index 68c209b..824d5da 100644 --- a/slurm-cluster-chart/values.yaml +++ b/slurm-cluster-chart/values.yaml @@ -1,4 +1,4 @@ -sdcImage: ghcr.io/stackhpc/slurm-docker-cluster:1995fd9 +sdcImage: ghcr.io/stackhpc/slurm-docker-cluster:494a7a5 replicas: slurmd: 2 From a1bd3706ed8fadd952d44fd15cee5c3651f04a77 Mon Sep 17 00:00:00 2001 From: Will Date: Mon, 17 Jul 2023 13:51:29 +0100 Subject: [PATCH 08/39] Trying creating shell directory on startup --- docker-entrypoint.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index 951e8d0..a228afb 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -107,6 +107,7 @@ then /usr/libexec/httpd-ssl-gencerts /opt/ood/ood-portal-generator/sbin/update_ood_portal mkdir --parents /opt/rh/httpd24/root/etc/httpd/ + mkdir --parents /etc/ood/config/apps/shell /usr/bin/htdbm -cb /opt/rh/httpd24/root/etc/httpd/.htpasswd.dbm rocky password /usr/sbin/httpd -k start -X -e debug fi From ee321c9ea55b27450d09238e1c99ca2e1c8c2a1b Mon Sep 17 00:00:00 2001 From: Will Date: Mon, 17 Jul 2023 14:27:42 +0100 Subject: [PATCH 09/39] Trying adding env file to shell directory --- docker-entrypoint.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index a228afb..8c37d2c 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -108,6 +108,7 @@ then /opt/ood/ood-portal-generator/sbin/update_ood_portal mkdir --parents /opt/rh/httpd24/root/etc/httpd/ mkdir --parents /etc/ood/config/apps/shell + touch /etc/ood/config/apps/shell/env /usr/bin/htdbm -cb /opt/rh/httpd24/root/etc/httpd/.htpasswd.dbm rocky password /usr/sbin/httpd -k start -X -e debug fi From d48976b87039c6c92cb77aa3392b8ed12dc2db04 Mon Sep 17 00:00:00 2001 From: Will Date: Mon, 17 Jul 2023 14:40:24 +0100 Subject: [PATCH 10/39] Bump values.yaml --- slurm-cluster-chart/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/slurm-cluster-chart/values.yaml b/slurm-cluster-chart/values.yaml index 824d5da..3a2ec3c 100644 --- a/slurm-cluster-chart/values.yaml +++ b/slurm-cluster-chart/values.yaml @@ -1,4 +1,4 @@ -sdcImage: ghcr.io/stackhpc/slurm-docker-cluster:494a7a5 +sdcImage: ghcr.io/stackhpc/slurm-docker-cluster:ee321c9 replicas: slurmd: 2 From e3b877436a67ac5611063a4bb9fb4d49f0ab61c1 Mon Sep 17 00:00:00 2001 From: Will Date: Tue, 18 Jul 2023 11:13:49 +0100 Subject: [PATCH 11/39] Trying installing modules in Dockerfile --- Dockerfile | 1 + 1 file changed, 1 insertion(+) diff --git a/Dockerfile b/Dockerfile index bcc6231..855a1cc 100644 --- a/Dockerfile +++ b/Dockerfile @@ -17,6 +17,7 @@ RUN set -ex \ && yum config-manager --set-enabled powertools \ && yum -y module enable ruby:2.7 nodejs:14 \ && yum -y install https://yum.osc.edu/ondemand/2.0/ondemand-release-web-2.0-1.noarch.rpm \ + && yum -y module install ruby nodejs \ && yum -y install \ wget \ bzip2 \ From 2172d7bec37e02ee865332a6741e44664a5735a7 Mon Sep 17 00:00:00 2001 From: Will Date: Tue, 18 Jul 2023 13:14:00 +0100 Subject: [PATCH 12/39] Trying to cinfugre clusters (not working) --- slurm-cluster-chart/files/ood-cluster-config.yml | 8 ++++++-- slurm-cluster-chart/values.yaml | 2 +- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/slurm-cluster-chart/files/ood-cluster-config.yml b/slurm-cluster-chart/files/ood-cluster-config.yml index c1b1905..c643189 100644 --- a/slurm-cluster-chart/files/ood-cluster-config.yml +++ b/slurm-cluster-chart/files/ood-cluster-config.yml @@ -2,5 +2,9 @@ v2: metadata: title: "My Cluster" login: - #host: www.example.com - host: 128.232.226.84 \ No newline at end of file + host: "localhost" + job: + cluster: "linux" + adapter: "slurm" + bin: "/usr/sbin" + conf: "/etc/slurm/slurm.conf" \ No newline at end of file diff --git a/slurm-cluster-chart/values.yaml b/slurm-cluster-chart/values.yaml index 3a2ec3c..f3d0e41 100644 --- a/slurm-cluster-chart/values.yaml +++ b/slurm-cluster-chart/values.yaml @@ -1,4 +1,4 @@ -sdcImage: ghcr.io/stackhpc/slurm-docker-cluster:ee321c9 +sdcImage: ghcr.io/stackhpc/slurm-docker-cluster:e3b8774 replicas: slurmd: 2 From 3f86fbe7853e977eb8099e00b2f52e99a271235a Mon Sep 17 00:00:00 2001 From: Will Date: Tue, 18 Jul 2023 14:00:53 +0100 Subject: [PATCH 13/39] Trying entrypoint tweaks --- docker-entrypoint.sh | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index 8c37d2c..ff8b5e2 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -104,11 +104,14 @@ then echo "---> MUNGE Complete" echo "---> Starting Apache Server" + + mkdir --parents /etc/ood/config/apps/shell + env > /etc/ood/config/apps/shell/env + /usr/libexec/httpd-ssl-gencerts /opt/ood/ood-portal-generator/sbin/update_ood_portal mkdir --parents /opt/rh/httpd24/root/etc/httpd/ - mkdir --parents /etc/ood/config/apps/shell - touch /etc/ood/config/apps/shell/env + /usr/bin/htdbm -cb /opt/rh/httpd24/root/etc/httpd/.htpasswd.dbm rocky password /usr/sbin/httpd -k start -X -e debug fi From 7c541b0b22efbed961f1d655d6bded1c0f0ed8b1 Mon Sep 17 00:00:00 2001 From: Will Date: Tue, 18 Jul 2023 15:06:02 +0100 Subject: [PATCH 14/39] Trying to configure cluster with the login nodes --- slurm-cluster-chart/files/ood-cluster-config.yml | 3 ++- slurm-cluster-chart/values.yaml | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/slurm-cluster-chart/files/ood-cluster-config.yml b/slurm-cluster-chart/files/ood-cluster-config.yml index c643189..d50a59b 100644 --- a/slurm-cluster-chart/files/ood-cluster-config.yml +++ b/slurm-cluster-chart/files/ood-cluster-config.yml @@ -1,8 +1,9 @@ +--- v2: metadata: title: "My Cluster" login: - host: "localhost" + host: "login" job: cluster: "linux" adapter: "slurm" diff --git a/slurm-cluster-chart/values.yaml b/slurm-cluster-chart/values.yaml index f3d0e41..c9c72c2 100644 --- a/slurm-cluster-chart/values.yaml +++ b/slurm-cluster-chart/values.yaml @@ -1,4 +1,4 @@ -sdcImage: ghcr.io/stackhpc/slurm-docker-cluster:e3b8774 +sdcImage: ghcr.io/stackhpc/slurm-docker-cluster:3f86fbe replicas: slurmd: 2 From c24c181a29f5f35c956dcd8ef43104ecf3a575df Mon Sep 17 00:00:00 2001 From: Will Date: Tue, 18 Jul 2023 15:16:57 +0100 Subject: [PATCH 15/39] Image now sets up rocky OOD password with env variable from secret --- docker-entrypoint.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index ff8b5e2..528b454 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -112,7 +112,7 @@ then /opt/ood/ood-portal-generator/sbin/update_ood_portal mkdir --parents /opt/rh/httpd24/root/etc/httpd/ - /usr/bin/htdbm -cb /opt/rh/httpd24/root/etc/httpd/.htpasswd.dbm rocky password + /usr/bin/htdbm -cb /opt/rh/httpd24/root/etc/httpd/.htpasswd.dbm rocky $ROCKY_OOD_PASS /usr/sbin/httpd -k start -X -e debug fi From ad79e16d07774696417f437ba1a16e6959cbf4a0 Mon Sep 17 00:00:00 2001 From: Will Date: Tue, 18 Jul 2023 15:30:05 +0100 Subject: [PATCH 16/39] Rocky OOD password now set as secret from generate-secrets.sh --- generate-secrets.sh | 15 ++++++++++++++- .../templates/login-deployment.yaml | 6 ++++++ slurm-cluster-chart/values.yaml | 2 +- 3 files changed, 21 insertions(+), 2 deletions(-) diff --git a/generate-secrets.sh b/generate-secrets.sh index db64a53..37fc2ef 100755 --- a/generate-secrets.sh +++ b/generate-secrets.sh @@ -10,4 +10,17 @@ kubectl create secret generic munge-key-secret \ --dry-run=client \ --from-literal=munge.key=$(dd if=/dev/urandom bs=1 count=1024 2>/dev/null | base64 -w 0) \ -o yaml | \ -kubectl apply -f - \ No newline at end of file +kubectl apply -f - + +OOD_PASS=$(tr -dc 'A-Za-z0-9' Date: Wed, 19 Jul 2023 09:44:17 +0100 Subject: [PATCH 17/39] Fixed broken mountpath for cluster config --- slurm-cluster-chart/templates/cluster-config-configmap.yaml | 4 ++-- slurm-cluster-chart/templates/login-deployment.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/slurm-cluster-chart/templates/cluster-config-configmap.yaml b/slurm-cluster-chart/templates/cluster-config-configmap.yaml index 3076dc9..914a456 100644 --- a/slurm-cluster-chart/templates/cluster-config-configmap.yaml +++ b/slurm-cluster-chart/templates/cluster-config-configmap.yaml @@ -3,5 +3,5 @@ kind: ConfigMap metadata: name: cluster-config data: - httpd.conf: | - {{- .Files.Get "files/ood-cluster-config.yaml" | nindent 4 -}} \ No newline at end of file + ood-cluster-config.yml: | + {{- .Files.Get "files/ood-cluster-config.yml" | nindent 4 -}} \ No newline at end of file diff --git a/slurm-cluster-chart/templates/login-deployment.yaml b/slurm-cluster-chart/templates/login-deployment.yaml index 95497a7..7631485 100644 --- a/slurm-cluster-chart/templates/login-deployment.yaml +++ b/slurm-cluster-chart/templates/login-deployment.yaml @@ -57,7 +57,7 @@ spec: mountPath: /etc/httpd/conf/httpd.conf subPath: httpd.conf - name: cluster-config - mountPath: /etc/ood/config/cluster.d/ood-cluster-config.yml + mountPath: /etc/ood/config/clusters.d/ood-cluster-config.yml subPath: ood-cluster-config.yml resources: {} hostname: login From 44e71b4d9ec62bde84f69e05aa4c3b4a45640e34 Mon Sep 17 00:00:00 2001 From: Will Date: Wed, 19 Jul 2023 10:06:55 +0100 Subject: [PATCH 18/39] Fixed incorrect slurm binaries path --- slurm-cluster-chart/files/ood-cluster-config.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/slurm-cluster-chart/files/ood-cluster-config.yml b/slurm-cluster-chart/files/ood-cluster-config.yml index d50a59b..336c0af 100644 --- a/slurm-cluster-chart/files/ood-cluster-config.yml +++ b/slurm-cluster-chart/files/ood-cluster-config.yml @@ -1,11 +1,11 @@ --- v2: metadata: - title: "My Cluster" + title: "Slurm Cluster" login: host: "login" job: cluster: "linux" adapter: "slurm" - bin: "/usr/sbin" + bin: "/usr/bin" conf: "/etc/slurm/slurm.conf" \ No newline at end of file From 804c74dc388bca8a3c68948483feeeacb09de567 Mon Sep 17 00:00:00 2001 From: Will Date: Wed, 19 Jul 2023 10:09:51 +0100 Subject: [PATCH 19/39] Updated docs --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 92183f5..a23317e 100644 --- a/README.md +++ b/README.md @@ -44,6 +44,8 @@ On initial deployment ONLY, run ``` This generates a set of secrets. If these need to be regenerated, see "Reconfiguring the Cluster" +Be sure to take note of the Open Ondemand credentials, you will need them to access the cluster through a browser + ### Connecting RWX Volume A ReadWriteMany (RWX) volume is required, if a named volume exists, set `nfs.claimName` in the `values.yaml` file to its name. If not, manifests to deploy a Rook NFS volume are provided in the `/nfs` directory. You can deploy this by running From 0e2666afe261ef4fb616bb45d62cd07ba93fa1b6 Mon Sep 17 00:00:00 2001 From: Will Date: Wed, 19 Jul 2023 11:10:39 +0100 Subject: [PATCH 20/39] Changed image to allow self-sshing --- docker-entrypoint.sh | 4 ++++ slurm-cluster-chart/files/ood-cluster-config.yml | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index 528b454..8a0cad5 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -103,6 +103,10 @@ then gosu munge /usr/sbin/munged echo "---> MUNGE Complete" + echo "---> Setting up self ssh capabilities for OOD" + ssh-keyscan localhost > /etc/ssh/ssh_known_hosts + cat /home/rocky/.ssh/id_rsa.pub >> /home/rocky/.ssh/known_hosts + echo "---> Starting Apache Server" mkdir --parents /etc/ood/config/apps/shell diff --git a/slurm-cluster-chart/files/ood-cluster-config.yml b/slurm-cluster-chart/files/ood-cluster-config.yml index 336c0af..cc0ab76 100644 --- a/slurm-cluster-chart/files/ood-cluster-config.yml +++ b/slurm-cluster-chart/files/ood-cluster-config.yml @@ -3,7 +3,7 @@ v2: metadata: title: "Slurm Cluster" login: - host: "login" + host: "localhost" job: cluster: "linux" adapter: "slurm" From 7513b720200a0615dc9f402dd5ac3abc93baa82a Mon Sep 17 00:00:00 2001 From: Will Date: Wed, 19 Jul 2023 11:16:17 +0100 Subject: [PATCH 21/39] Fixed incorrect path --- docker-entrypoint.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index 8a0cad5..2961a12 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -105,7 +105,7 @@ then echo "---> Setting up self ssh capabilities for OOD" ssh-keyscan localhost > /etc/ssh/ssh_known_hosts - cat /home/rocky/.ssh/id_rsa.pub >> /home/rocky/.ssh/known_hosts + cat /home/rocky/.ssh/id_rsa.pub >> /home/rocky/.ssh/authorized_keys echo "---> Starting Apache Server" From 4ba09915c728620098661ca9f4ddc8cea7ce54b4 Mon Sep 17 00:00:00 2001 From: Will Date: Wed, 19 Jul 2023 11:25:30 +0100 Subject: [PATCH 22/39] Added newline to avoid breaking authorized_keys file --- docker-entrypoint.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index 2961a12..039fc8d 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -105,6 +105,7 @@ then echo "---> Setting up self ssh capabilities for OOD" ssh-keyscan localhost > /etc/ssh/ssh_known_hosts + echo "" >> /home/rocky/.ssh/authorized_keys #Adding newline to avoid breaking authorized_keys file cat /home/rocky/.ssh/id_rsa.pub >> /home/rocky/.ssh/authorized_keys echo "---> Starting Apache Server" From 833b0d24cc55568cac3bdde440ada6e5f736c676 Mon Sep 17 00:00:00 2001 From: Will Date: Wed, 19 Jul 2023 12:16:21 +0100 Subject: [PATCH 23/39] Bumped image --- slurm-cluster-chart/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/slurm-cluster-chart/values.yaml b/slurm-cluster-chart/values.yaml index 739ae8d..6a669c7 100644 --- a/slurm-cluster-chart/values.yaml +++ b/slurm-cluster-chart/values.yaml @@ -1,4 +1,4 @@ -sdcImage: ghcr.io/stackhpc/slurm-docker-cluster:c24c181 +sdcImage: ghcr.io/stackhpc/slurm-docker-cluster:4ba0991 replicas: slurmd: 2 From d38e241e5dc0e7d239a3456173810a972aae3a2d Mon Sep 17 00:00:00 2001 From: Will Date: Wed, 19 Jul 2023 13:24:18 +0100 Subject: [PATCH 24/39] Removed host key generation from login image --- docker-entrypoint.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index 039fc8d..aa8506a 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -96,7 +96,6 @@ then done echo "---> Complete" echo "Starting sshd" - ssh-keygen -A /usr/sbin/sshd echo "---> Starting the MUNGE Authentication service (munged) ..." From a89e584a1d63028c090dcf127e653f4602fbb5fe Mon Sep 17 00:00:00 2001 From: Will Date: Wed, 19 Jul 2023 13:54:50 +0100 Subject: [PATCH 25/39] Updated image to copy and set permissions for host keys from mount --- docker-entrypoint.sh | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index aa8506a..75be39a 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -96,6 +96,11 @@ then done echo "---> Complete" echo "Starting sshd" + cp /tempmounts/etc/ssh/* /etc/ssh/ + chmod 600 /etc/ssh/ssh_host_dsa_key + chmod 600 /etc/ssh/ssh_host_ecdsa_key + chmod 600 /etc/ssh/ssh_host_ed25519_key + chmod 600 /etc/ssh/ssh_host_rsa_key /usr/sbin/sshd echo "---> Starting the MUNGE Authentication service (munged) ..." From a6c8e3840b0e39f34ab586deed5901497af9e92e Mon Sep 17 00:00:00 2001 From: Will Date: Wed, 19 Jul 2023 14:02:25 +0100 Subject: [PATCH 26/39] Server now has persistent set of host keys from mount --- generate-secrets.sh | 9 +++++ .../templates/login-deployment.yaml | 34 +++++++++++++++++++ slurm-cluster-chart/values.yaml | 2 +- 3 files changed, 44 insertions(+), 1 deletion(-) diff --git a/generate-secrets.sh b/generate-secrets.sh index 37fc2ef..e98b97e 100755 --- a/generate-secrets.sh +++ b/generate-secrets.sh @@ -12,6 +12,15 @@ kubectl create secret generic munge-key-secret \ -o yaml | \ kubectl apply -f - +mkdir -p ./temphostkeys/etc/ssh +ssh-keygen -A -f ./temphostkeys +kubectl create secret generic host-keys-secret \ +--dry-run=client \ +--from-file=./temphostkeys/etc/ssh \ +-o yaml | \ +kubectl apply -f - +rm -rf ./temphostkeys + OOD_PASS=$(tr -dc 'A-Za-z0-9' Date: Wed, 19 Jul 2023 14:03:03 +0100 Subject: [PATCH 27/39] Removed comments --- .../templates/login-deployment.yaml | 29 ------------------- 1 file changed, 29 deletions(-) diff --git a/slurm-cluster-chart/templates/login-deployment.yaml b/slurm-cluster-chart/templates/login-deployment.yaml index f0052e3..5d15550 100644 --- a/slurm-cluster-chart/templates/login-deployment.yaml +++ b/slurm-cluster-chart/templates/login-deployment.yaml @@ -61,35 +61,6 @@ spec: subPath: ood-cluster-config.yml - name: host-keys mountPath: /tempmounts/etc/ssh - #Host keys - # - name: host-keys - # mountPath: /etc/ssh/ssh_host_dsa_key - # subPath: ssh_host_dsa_key - # readOnly: true - # - name: host-keys - # mountPath: /etc/ssh/ssh_host_dsa_key.pub - # subPath: ssh_host_dsa_key.pub - # - name: host-keys - # mountPath: /etc/ssh/ssh_host_ecdsa_key - # subPath: ssh_host_ecdsa_key - # readOnly: true - # - name: host-keys - # mountPath: /etc/ssh/ssh_host_ecdsa_key.pub - # subPath: ssh_host_ecdsa_key.pub - # - name: host-keys - # mountPath: /etc/ssh/ssh_host_ed25519_key - # subPath: ssh_host_ed25519_key - # readOnly: true - # - name: host-keys - # mountPath: /etc/ssh/ssh_host_ed25519_key.pub - # subPath: ssh_host_ed25519_key.pub - # - name: host-keys - # mountPath: /etc/ssh/ssh_host_rsa_key - # subPath: ssh_host_rsa_key - # readOnly: true - # - name: host-keys - # mountPath: /etc/ssh/ssh_host_rsa_key.pub - # subPath: ssh_host_rsa_key.pub resources: {} hostname: login restartPolicy: Always From 1345a581f1fb5f8c1cf83315b9f8247d4a0fce06 Mon Sep 17 00:00:00 2001 From: Will Date: Wed, 19 Jul 2023 16:12:43 +0100 Subject: [PATCH 28/39] Added https (fixes job composer) --- slurm-cluster-chart/files/ood_portal.yaml | 3 +++ slurm-cluster-chart/templates/login-deployment.yaml | 1 + slurm-cluster-chart/templates/login-service.yaml | 4 ++++ 3 files changed, 8 insertions(+) diff --git a/slurm-cluster-chart/files/ood_portal.yaml b/slurm-cluster-chart/files/ood_portal.yaml index 4eee040..9be3295 100644 --- a/slurm-cluster-chart/files/ood_portal.yaml +++ b/slurm-cluster-chart/files/ood_portal.yaml @@ -29,6 +29,9 @@ # - 'SSLCertificateKeyFile "/etc/pki/tls/private/www.example.com.key"' # Default: null (no SSL support) #ssl: null +ssl: +- 'SSLCertificateFile "/etc/pki/tls/certs/localhost.crt"' +- 'SSLCertificateKeyFile "/etc/pki/tls/private/localhost.key"' # Root directory of log files (can be relative ServerRoot) # Example: diff --git a/slurm-cluster-chart/templates/login-deployment.yaml b/slurm-cluster-chart/templates/login-deployment.yaml index 5d15550..1f24e8a 100644 --- a/slurm-cluster-chart/templates/login-deployment.yaml +++ b/slurm-cluster-chart/templates/login-deployment.yaml @@ -35,6 +35,7 @@ spec: ports: - containerPort: 22 - containerPort: 80 + - containerPort: 443 volumeMounts: - mountPath: {{ .Values.nfs.mountPath }} name: slurm-jobdir diff --git a/slurm-cluster-chart/templates/login-service.yaml b/slurm-cluster-chart/templates/login-service.yaml index fee3480..fcc3e49 100644 --- a/slurm-cluster-chart/templates/login-service.yaml +++ b/slurm-cluster-chart/templates/login-service.yaml @@ -15,6 +15,10 @@ spec: port: 80 targetPort: 80 protocol: TCP + - name: "https" + port: 443 + targetPort: 443 + protocol: TCP type: LoadBalancer selector: app.kubernetes.io/name: slurm From 0f286ed3c67afd6dc4cce590d803767eb6316e18 Mon Sep 17 00:00:00 2001 From: Will Date: Thu, 20 Jul 2023 15:47:20 +0100 Subject: [PATCH 29/39] Now generates keys for rocky to self-ssh if don't already exist (in image) --- docker-entrypoint.sh | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index 75be39a..cba2464 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -84,9 +84,16 @@ fi if [ "$1" = "login" ] then + echo "---> Setting up ssh for user" mkdir -p /home/rocky/.ssh cp tempmounts/authorized_keys /home/rocky/.ssh/authorized_keys + if [ -f /home/rocky/.ssh/id_rsa.pub ]; then + echo "ssh keys already found" + else + ssh-keygen -t rsa -f /home/rocky/.ssh/id_rsa -N "" + fi + echo "---> Setting permissions for user home directories" cd /home for DIR in */; From c0947542a68868591b9ae19f7f58c9385ac81b90 Mon Sep 17 00:00:00 2001 From: Will Date: Thu, 20 Jul 2023 15:52:59 +0100 Subject: [PATCH 30/39] Updated image tag --- slurm-cluster-chart/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/slurm-cluster-chart/values.yaml b/slurm-cluster-chart/values.yaml index 93c606c..93964f0 100644 --- a/slurm-cluster-chart/values.yaml +++ b/slurm-cluster-chart/values.yaml @@ -1,4 +1,4 @@ -sdcImage: ghcr.io/stackhpc/slurm-docker-cluster:a89e584 +sdcImage: ghcr.io/stackhpc/slurm-docker-cluster:0f286ed replicas: slurmd: 2 From a5b71c24f4c57b939a1c37bea034d6bf0a8a2f80 Mon Sep 17 00:00:00 2001 From: Will Date: Thu, 20 Jul 2023 16:26:21 +0100 Subject: [PATCH 31/39] Updated image after merge --- slurm-cluster-chart/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/slurm-cluster-chart/values.yaml b/slurm-cluster-chart/values.yaml index a0e5fdc..1bef86e 100644 --- a/slurm-cluster-chart/values.yaml +++ b/slurm-cluster-chart/values.yaml @@ -1,4 +1,4 @@ -sdcImage: ghcr.io/stackhpc/slurm-docker-cluster:0f286ed #CHANGE AFTER REBUILD +sdcImage: ghcr.io/stackhpc/slurm-docker-cluster:3daa29f replicas: slurmd: 2 From f52e91848584aa261dda5ed5cb2c0b4211d0dc7a Mon Sep 17 00:00:00 2001 From: Will Date: Tue, 8 Aug 2023 16:47:25 +0100 Subject: [PATCH 32/39] Fixed munge --- image/docker-entrypoint.sh | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/image/docker-entrypoint.sh b/image/docker-entrypoint.sh index 9e6b085..14b511c 100755 --- a/image/docker-entrypoint.sh +++ b/image/docker-entrypoint.sh @@ -106,7 +106,7 @@ then chmod 600 $DIR/.ssh/authorized_keys || echo "Couldn't set permissions for .ssh/authorized_keys for $DIR" done popd > /dev/null - + echo "---> Complete" echo "---> Starting sshd" cp /tempmounts/etc/ssh/* /etc/ssh/ @@ -116,9 +116,7 @@ then chmod 600 /etc/ssh/ssh_host_rsa_key /usr/sbin/sshd - echo "---> Starting the MUNGE Authentication service (munged) ..." - gosu munge /usr/sbin/munged - echo "---> MUNGE Complete" + start_munge echo "---> Setting up self ssh capabilities for OOD" ssh-keyscan localhost > /etc/ssh/ssh_known_hosts From 303e6f0de44ba692c2b01d621596e4cb4cb7029b Mon Sep 17 00:00:00 2001 From: Will Date: Tue, 8 Aug 2023 16:51:13 +0100 Subject: [PATCH 33/39] Updated tag --- slurm-cluster-chart/values.yaml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/slurm-cluster-chart/values.yaml b/slurm-cluster-chart/values.yaml index f40ee09..6a394cb 100644 --- a/slurm-cluster-chart/values.yaml +++ b/slurm-cluster-chart/values.yaml @@ -1,5 +1,4 @@ -slurmImage: ghcr.io/stackhpc/slurm-docker-cluster:7f4d64e -#OUTDATED, CHANGE AFTER REBUILD +slurmImage: ghcr.io/stackhpc/slurm-docker-cluster:f52e918 replicas: slurmd: 2 From ca27405f537d3eff24f9d6201f0c614961ddaa7b Mon Sep 17 00:00:00 2001 From: wtripp180901 <78219569+wtripp180901@users.noreply.github.com> Date: Fri, 11 Aug 2023 10:54:02 +0100 Subject: [PATCH 34/39] Added source in slurm-cluster-chart/files/httpd.conf Co-authored-by: Steve Brasier <33413598+sjpb@users.noreply.github.com> --- slurm-cluster-chart/files/httpd.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/slurm-cluster-chart/files/httpd.conf b/slurm-cluster-chart/files/httpd.conf index 6d3783a..248afb2 100644 --- a/slurm-cluster-chart/files/httpd.conf +++ b/slurm-cluster-chart/files/httpd.conf @@ -1,4 +1,4 @@ -# +# Modified from file installed by httpd package # This is the main Apache HTTP server configuration file. It contains the # configuration directives that give the server its instructions. # See for detailed information. From 1a3c3adb269f6a2161942fe3000d5eeadf30b022 Mon Sep 17 00:00:00 2001 From: wtripp180901 <78219569+wtripp180901@users.noreply.github.com> Date: Fri, 11 Aug 2023 10:54:25 +0100 Subject: [PATCH 35/39] Added source in slurm-cluster-chart/files/ood_portal.yaml Co-authored-by: Steve Brasier <33413598+sjpb@users.noreply.github.com> --- slurm-cluster-chart/files/ood_portal.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/slurm-cluster-chart/files/ood_portal.yaml b/slurm-cluster-chart/files/ood_portal.yaml index 9be3295..d5227b2 100644 --- a/slurm-cluster-chart/files/ood_portal.yaml +++ b/slurm-cluster-chart/files/ood_portal.yaml @@ -1,3 +1,4 @@ +# Modified from file installed by ondemand package --- # # Portal configuration From a4727da91d175bf1a6a45264104a6b1045a8940f Mon Sep 17 00:00:00 2001 From: Will Date: Fri, 11 Aug 2023 13:51:58 +0100 Subject: [PATCH 36/39] Removed quotes --- slurm-cluster-chart/templates/login-service.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/slurm-cluster-chart/templates/login-service.yaml b/slurm-cluster-chart/templates/login-service.yaml index f5f8aa3..df8892d 100644 --- a/slurm-cluster-chart/templates/login-service.yaml +++ b/slurm-cluster-chart/templates/login-service.yaml @@ -11,11 +11,11 @@ spec: - name: ssh port: 22 targetPort: 22 - - name: "apache" + - name: apache port: 80 targetPort: 80 protocol: TCP - - name: "https" + - name: https port: 443 targetPort: 443 protocol: TCP From 62c6f3431740bb80d744666bc627ab0f5d738c43 Mon Sep 17 00:00:00 2001 From: Will Date: Fri, 11 Aug 2023 13:56:50 +0100 Subject: [PATCH 37/39] Testing without env file for shell --- image/docker-entrypoint.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/image/docker-entrypoint.sh b/image/docker-entrypoint.sh index 14b511c..c0f854d 100755 --- a/image/docker-entrypoint.sh +++ b/image/docker-entrypoint.sh @@ -125,8 +125,8 @@ then echo "---> Starting Apache Server" - mkdir --parents /etc/ood/config/apps/shell - env > /etc/ood/config/apps/shell/env + # mkdir --parents /etc/ood/config/apps/shell + # env > /etc/ood/config/apps/shell/env /usr/libexec/httpd-ssl-gencerts /opt/ood/ood-portal-generator/sbin/update_ood_portal From 4d90e24398aa3c8ab53d1c46e7f3eb83c0c30f8e Mon Sep 17 00:00:00 2001 From: Will Date: Fri, 11 Aug 2023 14:16:31 +0100 Subject: [PATCH 38/39] Moved rocky ssh generation to make purpose clearer --- image/docker-entrypoint.sh | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/image/docker-entrypoint.sh b/image/docker-entrypoint.sh index c0f854d..55bc66d 100755 --- a/image/docker-entrypoint.sh +++ b/image/docker-entrypoint.sh @@ -91,12 +91,6 @@ then mkdir -p /home/rocky/.ssh cp /tmp/authorized_keys /home/rocky/.ssh/authorized_keys - if [ -f /home/rocky/.ssh/id_rsa.pub ]; then - echo "ssh keys already found" - else - ssh-keygen -t rsa -f /home/rocky/.ssh/id_rsa -N "" - fi - echo "---> Setting permissions for user home directories" pushd /home > /dev/null for DIR in * @@ -119,6 +113,13 @@ then start_munge echo "---> Setting up self ssh capabilities for OOD" + + if [ -f /home/rocky/.ssh/id_rsa.pub ]; then + echo "ssh keys already found" + else + ssh-keygen -t rsa -f /home/rocky/.ssh/id_rsa -N "" + fi + ssh-keyscan localhost > /etc/ssh/ssh_known_hosts echo "" >> /home/rocky/.ssh/authorized_keys #Adding newline to avoid breaking authorized_keys file cat /home/rocky/.ssh/id_rsa.pub >> /home/rocky/.ssh/authorized_keys From 1a4a3e44ba23f0c2a1b817edbb2e17fff7476f74 Mon Sep 17 00:00:00 2001 From: Will Date: Fri, 11 Aug 2023 14:19:53 +0100 Subject: [PATCH 39/39] Updated tag --- slurm-cluster-chart/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/slurm-cluster-chart/values.yaml b/slurm-cluster-chart/values.yaml index 6a394cb..0ca35c9 100644 --- a/slurm-cluster-chart/values.yaml +++ b/slurm-cluster-chart/values.yaml @@ -1,4 +1,4 @@ -slurmImage: ghcr.io/stackhpc/slurm-docker-cluster:f52e918 +slurmImage: ghcr.io/stackhpc/slurm-docker-cluster:4d90e24 replicas: slurmd: 2