Merge branch 'main' into feature/helm-install-nfs

README.md

@@ -42,7 +42,9 @@ On initial deployment ONLY, run
 ```
 This generates a set of secrets in the target namespace to be used by the Slurm cluster. If these need to be regenerated, see "Reconfiguring the Cluster"
 
-### Connecting a RWX Volume
+Be sure to take note of the Open Ondemand credentials, you will need them to access the cluster through a browser
+
+### Connecting RWX Volume
 
 A ReadWriteMany (RWX) volume is required for shared storage across cluster nodes. By default, the Rook NFS Helm chart is installed as a dependency of the Slurm cluster chart in order to provide a RWX capable Storage Class for the required shared volume. If the target Kubernetes cluster has an existing storage class which should be used instead, then `storageClass` in `values.yaml` should be set to the name of this existing class and the RookNFS dependency should be disabled by setting `rooknfs.enabled = false`. In either case, the storage capacity of the provisioned RWX volume can be configured by setting the value of `storage.capacity`.
 

generate-secrets.sh

@@ -14,4 +14,26 @@ kubectl -n $NAMESPACE create secret generic munge-key-secret \
 --dry-run=client \
 --from-literal=munge.key=$(dd if=/dev/urandom bs=1 count=1024 2>/dev/null | base64) \
 -o yaml | \
-kubectl -n $NAMESPACE apply -f -
+kubectl -n $NAMESPACE apply -f -
+
+mkdir -p ./temphostkeys/etc/ssh
+ssh-keygen -A -f ./temphostkeys
+kubectl -n $NAMESPACE create secret generic host-keys-secret \
+--dry-run=client \
+--from-file=./temphostkeys/etc/ssh \
+-o yaml | \
+kubectl -n $NAMESPACE apply -f -
+rm -rf ./temphostkeys
+
+OOD_PASS=$(tr -dc 'A-Za-z0-9' </dev/urandom | head -c 16)
+
+kubectl -n $NAMESPACE create secret generic htdbm-secret \
+--dry-run=client \
+--from-literal=password=$OOD_PASS \
+-o yaml | \
+kubectl -n $NAMESPACE apply -f -
+
+echo "Open Ondemand Credentials:"
+echo "Username: rocky"
+echo "Password: $OOD_PASS"
+OOD_PASS=""

image/Dockerfile

@@ -15,6 +15,9 @@ RUN set -ex \
     && yum -y install dnf-plugins-core epel-release \
     && yum -y install dnf-plugins-core \
     && yum config-manager --set-enabled powertools \
+    && yum -y module enable ruby:2.7 nodejs:14 \
+    && yum -y install https://yum.osc.edu/ondemand/2.0/ondemand-release-web-2.0-1.noarch.rpm \
+    && yum -y module install ruby nodejs \
     && yum -y install \
        wget \
        bzip2 \
@@ -42,6 +45,7 @@ RUN set -ex \
        hwloc-devel \
        openssh-server \
        apptainer \
+       ondemand \
     && yum clean all \
     && rm -rf /var/cache/yum
 

image/docker-entrypoint.sh

@@ -86,6 +86,8 @@ then
     chown root:root /home
     chmod 755 /home
 
+    echo "---> Setting up ssh for user"
+
     mkdir -p /home/rocky/.ssh
     cp /tmp/authorized_keys /home/rocky/.ssh/authorized_keys
 
@@ -99,11 +101,41 @@ then
     done
     popd > /dev/null
 
+    echo "---> Complete"
     echo "---> Starting sshd"
-    ssh-keygen -A
+    cp /tempmounts/etc/ssh/* /etc/ssh/
+    chmod 600 /etc/ssh/ssh_host_dsa_key
+    chmod 600 /etc/ssh/ssh_host_ecdsa_key
+    chmod 600 /etc/ssh/ssh_host_ed25519_key
+    chmod 600 /etc/ssh/ssh_host_rsa_key
     /usr/sbin/sshd
 
-    start_munge --foreground
+    start_munge
+
+    echo "---> Setting up self ssh capabilities for OOD"
+
+    if [ -f /home/rocky/.ssh/id_rsa.pub ]; then
+        echo "ssh keys already found"
+    else
+            ssh-keygen -t rsa -f /home/rocky/.ssh/id_rsa -N ""
+            chown rocky:rocky /home/rocky/.ssh/id_rsa /home/rocky/.ssh/id_rsa.pub
+    fi
+
+    ssh-keyscan localhost > /etc/ssh/ssh_known_hosts
+    echo "" >> /home/rocky/.ssh/authorized_keys #Adding newline to avoid breaking authorized_keys file
+    cat /home/rocky/.ssh/id_rsa.pub >> /home/rocky/.ssh/authorized_keys
+
+    echo "---> Starting Apache Server"
+
+    # mkdir --parents /etc/ood/config/apps/shell
+    # env > /etc/ood/config/apps/shell/env
+
+    /usr/libexec/httpd-ssl-gencerts
+    /opt/ood/ood-portal-generator/sbin/update_ood_portal
+    mkdir --parents /opt/rh/httpd24/root/etc/httpd/
+
+    /usr/bin/htdbm -cb /opt/rh/httpd24/root/etc/httpd/.htpasswd.dbm rocky $ROCKY_OOD_PASS
+    /usr/sbin/httpd -k start -X -e debug
 
 elif [ "$1" = "check-queue-hook" ]
 then