-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathplaybook-image.yaml
208 lines (174 loc) · 6.19 KB
/
playbook-image.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
---
- name: Spawn instances
hosts: slurmscale_image_builders
gather_facts: no
environment:
OS_CLOUD: "{{ os_cloud_id }}"
OS_IDENTITY_API_VERSION: '3'
tasks:
- name: Spawn instance block
block:
- name: Initialize failure fact
ansible.builtin.set_fact:
task_failed_successfully: false
- name: Import openstack role
ansible.builtin.import_role:
name: galaxyproject.general.openstack
rescue:
- name: Destroy image instance
openstack.cloud.server:
name: "{{ inventory_hostname }}"
state: absent
environment:
OS_CLOUD: "{{ os_cloud_id }}"
OS_IDENTITY_API_VERSION: '3'
delegate_to: localhost
run_once: true
- name: Set failure fact to skip additional plays
ansible.builtin.set_fact:
task_failed_successfully: true
- name: Configure instance(s)
hosts: slurmscale_image_builders
environment:
HISTFILE: null
tasks:
- name: Configure instance block
when: not task_failed_successfully
block:
# We got the router blocked somehow, but it's ok since we don't need updates from ELRepo currently (but the
# repo config ships in Featured-RockyLinux8 currently)
# TODO: still necessary?
#- name: Disable ELRepo
# ansible.builtin.command: dnf config-manager --set-disabled ELRepo
#- name: Disable cgroupsv2
# ansible.builtin.lineinfile:
# path: /etc/default/grub
# regexp: '^GRUB_CMDLINE_LINUX_DEFAULT='
# line: GRUB_CMDLINE_LINUX_DEFAULT="systemd.unified_cgroup_hierarchy=0"
#- name: Update grub
# command: grub2-mkconfig -o /boot/grub2/grub.cfg
- name: Create groups
ansible.builtin.group:
name: "{{ item.name }}"
gid: "{{ item.gid }}"
loop: "{{ slurmscale_groups }}"
when: slurmscale_groups is defined
- name: Create users
ansible.builtin.user:
name: "{{ item.name }}"
uid: "{{ item.uid }}"
home: "/home/{{ item.name }}"
shell: /bin/bash
group: "{{ item.group }}"
groups: docker
create_home: true
loop: "{{ slurmscale_users }}"
when: slurmscale_users is defined
- name: Install Packages
ansible.builtin.package:
name: "{{ slurmscale_packages }}"
# sometimes mirrors are broken
register: __slurmscale_packages_installed
retries: 10
delay: 5
until: __slurmscale_packages_installed is success
when: slurmscale_packages is defined
- name: Include slurmscale image tasks role
ansible.builtin.include_role:
name: "{{ slurmscale_image_tasks_role }}"
when: slurmscale_image_tasks_role is defined
- name: Stop services for cleaning
ansible.builtin.service:
name: "{{ item }}"
state: stopped
loop: "{{ slurmscale_stop_services }}"
when: slurmscale_stop_services is defined
# unit auditd.service may be requested by dependency only (it is configured to refuse manual start/stop)
- name: Stop auditd
ansible.builtin.command: service auditd stop
- name: Clean dnf
ansible.builtin.command: dnf clean all
- name: Remove logs
ansible.builtin.file:
path: "/var/log/{{ item }}"
state: absent
loop:
- audit/audit.log
- tuned/tuned.log
- dmesg
- boot.log
- maillog
- btmp
- cloud-init-output.log
- cloud-init.log
- wtmp
- lastlog
- secure
- cron
- messages
- dnf.log
- name: Remove other files
ansible.builtin.file:
path: "{{ item }}"
state: absent
with_items:
- /root/.bash_history
- /etc/hostname
- name: Flush handlers
meta: flush_handlers
- name: Remove home directory files
ansible.builtin.file:
path: "~{{ ansible_user }}/{{ item }}"
state: absent
loop:
- .bash_history
# THIS HAS TO BE LAST unless control persist is actually working which for some reason it is not
- .ssh
rescue:
- name: Destroy image instance
openstack.cloud.server:
name: "{{ inventory_hostname }}"
state: absent
environment:
OS_CLOUD: "{{ os_cloud_id }}"
OS_IDENTITY_API_VERSION: '3'
delegate_to: localhost
run_once: true
- name: Set failure fact to skip additional plays
ansible.builtin.set_fact:
task_failed_successfully: true
- name: Finalize image
hosts: slurmscale_image_builders
gather_facts: no
environment:
OS_CLOUD: "{{ os_cloud_id }}"
OS_IDENTITY_API_VERSION: '3'
tasks:
- name: Finalize image block
when: not task_failed_successfully
delegate_to: localhost
run_once: true
block:
- name: Stop instance
openstack.cloud.server_action:
cloud: "{{ os_cloud_id }}"
server: "{{ inventory_hostname }}"
action: "stop"
- name: Collect old node image info
openstack.cloud.image_info:
image: "{{ usegalaxy_node_image_name }}"
register: __usegalaxy_node_image
- name: Rename existing node image
openstack.cloud.image:
name: "{{ item.id }}"
properties:
name: "{{ usegalaxy_node_image_name }}-{{ item.created_at }}"
loop: "{{ __usegalaxy_node_image.images }}"
# Can't believe there's no module for this
- name: Create an image from the instance
ansible.builtin.command: "openstack server image create --wait --name {{ usegalaxy_node_image_name }} {{ inventory_hostname }}"
always:
- name: Destroy image instance
openstack.cloud.server:
name: "{{ inventory_hostname }}"
state: absent