initial clone of the seperate trinityx repos into one repo

opencomputeproject · Feb 9, 2021 · 93018a9 · 93018a9
1 parent 97f5359
commit 93018a9
Show file tree

Hide file tree

Showing 554 changed files with 54,815 additions and 0 deletions.
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1,3 @@
+site/hosts
+site/group_vars/*.yml
+site/host_vars/*.yml
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
@@ -0,0 +1,17 @@
+---
+
+stages:
+  - lint
+
+yamllint:
+  image: sdesbure/yamllint
+  stage: lint
+  script:
+    - yamllint -v
+    - apk add --no-cache --wait 10 git
+    - git clone http://gitlab.clustervision.lan/trinityx/molecule.git molecule
+    - find . -name '*.yml' -exec yamllint -c molecule/default/yamllint.yml {} +
+    - find site/
+  allow_failure: true
+  variables:
+    GIT_SUBMODULE_STRATEGY: recursive
diff --git a/.gitmodules b/.gitmodules
@@ -0,0 +1,129 @@
+[submodule "site/roles/trinity/grafana"]
+	path = site/roles/trinity/grafana
+	url = http://gitlab.clustervision.lan/trinityx/role-grafana.git
+[submodule "site/roles/trinity/influxdb"]
+	path = site/roles/trinity/influxdb
+	url = http://gitlab.clustervision.lan/trinityx/role-influxdb.git
+[submodule "site/roles/trinity/telegraf"]
+	path = site/roles/trinity/telegraf
+	url = http://gitlab.clustervision.lan/trinityx/role-telegraf.git
+[submodule "site/roles/trinity/slurm"]
+	path = site/roles/trinity/slurm
+	url = http://gitlab.clustervision.lan/trinityx/role-slurm.git
+[submodule "site/roles/trinity/openhpc"]
+	path = site/roles/trinity/openhpc
+	url = http://gitlab.clustervision.lan/trinityx/role-openhpc.git
+[submodule "site/roles/trinity/pbspro"]
+	path = site/roles/trinity/pbspro
+	url = http://gitlab.clustervision.lan/trinityx/role-pbspro.git
+[submodule "site/roles/trinity/sssd"]
+	path = site/roles/trinity/sssd
+	url = http://gitlab.clustervision.lan/trinityx/role-sssd.git
+[submodule "site/roles/trinity/ood-portal"]
+	path = site/roles/trinity/ood-portal
+	url = http://gitlab.clustervision.lan/trinityx/role-ood-portal.git
+[submodule "site/roles/trinity/openldap"]
+	path = site/roles/trinity/openldap
+	url = http://gitlab.clustervision.lan/trinityx/role-openldap.git
+[submodule "site/roles/trinity/bind"]
+	path = site/roles/trinity/bind
+	url = http://gitlab.clustervision.lan/trinityx/role-bind.git
+[submodule "site/roles/trinity/luna"]
+	path = site/roles/trinity/luna
+	url = http://gitlab.clustervision.lan/trinityx/role-luna.git
+[submodule "site/roles/trinity/mongodb"]
+	path = site/roles/trinity/mongodb
+	url = http://gitlab.clustervision.lan/trinityx/role-mongodb.git
+[submodule "site/roles/trinity/chrony"]
+	path = site/roles/trinity/chrony
+	url = http://gitlab.clustervision.lan/trinityx/role-chrony.git
+[submodule "site/roles/trinity/firewalld"]
+	path = site/roles/trinity/firewalld
+	url = http://gitlab.clustervision.lan/trinityx/role-firewalld.git
+[submodule "site/roles/trinity/fail2ban"]
+	path = site/roles/trinity/fail2ban
+	url = http://gitlab.clustervision.lan/trinityx/role-fail2ban.git
+[submodule "site/roles/trinity/cv_support"]
+	path = site/roles/trinity/cv_support
+	url = http://gitlab.clustervision.lan/trinityx/role-cv_support.git
+[submodule "site/roles/trinity/init"]
+	path = site/roles/trinity/init
+	url = http://gitlab.clustervision.lan/trinityx/role-init.git
+[submodule "site/roles/trinity/local_repo"]
+	path = site/roles/trinity/local_repo
+	url = http://gitlab.clustervision.lan/trinityx/role-local_repo.git
+[submodule "site/roles/trinity/repos"]
+	path = site/roles/trinity/repos
+	url = http://gitlab.clustervision.lan/trinityx/role-repos.git
+[submodule "site/roles/trinity/packages"]
+	path = site/roles/trinity/packages
+	url = http://gitlab.clustervision.lan/trinityx/role-packages.git
+[submodule "site/roles/trinity/tunables"]
+	path = site/roles/trinity/tunables
+	url = http://gitlab.clustervision.lan/trinityx/role-tunables.git
+[submodule "site/roles/trinity/hostname"]
+	path = site/roles/trinity/hostname
+	url = http://gitlab.clustervision.lan/trinityx/role-hostname.git
+[submodule "site/roles/trinity/rdma-centos"]
+	path = site/roles/trinity/rdma-centos
+	url = http://gitlab.clustervision.lan/trinityx/role-rdma-centos.git
+[submodule "site/roles/trinity/ssh"]
+	path = site/roles/trinity/ssh
+	url = http://gitlab.clustervision.lan/trinityx/role-ssh.git
+[submodule "site/roles/trinity/pacemaker"]
+	path = site/roles/trinity/pacemaker
+	url = http://gitlab.clustervision.lan/trinityx/role-pacemaker.git
+[submodule "site/roles/trinity/drbd"]
+	path = site/roles/trinity/drbd
+	url = http://gitlab.clustervision.lan/trinityx/role-drbd.git
+[submodule "site/roles/trinity/trix-tree"]
+	path = site/roles/trinity/trix-tree
+	url = http://gitlab.clustervision.lan/trinityx/role-trix-tree.git
+[submodule "site/roles/trinity/nfs"]
+	path = site/roles/trinity/nfs
+	url = http://gitlab.clustervision.lan/trinityx/role-nfs.git
+[submodule "site/roles/trinity/ssl-cert"]
+	path = site/roles/trinity/ssl-cert
+	url = http://gitlab.clustervision.lan/trinityx/role-ssl-cert.git
+[submodule "site/roles/trinity/obol"]
+	path = site/roles/trinity/obol
+	url = http://gitlab.clustervision.lan/trinityx/role-obol.git
+[submodule "site/roles/trinity/mariadb"]
+	path = site/roles/trinity/mariadb
+	url = http://gitlab.clustervision.lan/trinityx/role-mariadb.git
+[submodule "site/roles/trinity/rsyslog"]
+	path = site/roles/trinity/rsyslog
+	url = http://gitlab.clustervision.lan/trinityx/role-rsyslog.git
+[submodule "site/roles/trinity/docker-registry"]
+	path = site/roles/trinity/docker-registry
+	url = http://gitlab.clustervision.lan/trinityx/role-docker-registry.git
+[submodule "site/roles/trinity/wrapup"]
+	path = site/roles/trinity/wrapup
+	url = http://gitlab.clustervision.lan/trinityx/role-wrapup.git
+[submodule "site/roles/trinity/check-latest-kernel"]
+	path = site/roles/trinity/check-latest-kernel
+	url = http://gitlab.clustervision.lan/trinityx/role-check-latest-kernel.git
+[submodule "site/roles/trinity/nginx"]
+	path = site/roles/trinity/nginx
+	url = http://gitlab.clustervision.lan/trinityx/role-nginx.git
+[submodule "site/roles/trinity/docker"]
+	path = site/roles/trinity/docker
+	url = http://gitlab.clustervision.lan/trinityx/role-docker.git
+[submodule "site/roles/trinity/environment-modules"]
+	path = site/roles/trinity/environment-modules
+	url = http://gitlab.clustervision.lan/trinityx/role-environment-modules.git
+[submodule "site/roles/trinity/nfs-mounts"]
+	path = site/roles/trinity/nfs-mounts
+	url = http://gitlab.clustervision.lan/trinityx/role-nfs-mounts.git
+[submodule "site/roles/trinity/init-nodes"]
+	path = site/roles/trinity/init-nodes
+	url = http://gitlab.clustervision.lan/trinityx/role-init-nodes.git
+[submodule "site/roles/trinity/wrapup-images"]
+	path = site/roles/trinity/wrapup-images
+	url = http://gitlab.clustervision.lan/trinityx/role-wrapup-images.git
+[submodule "site/roles/trinity/image-create"]
+	path = site/roles/trinity/image-create
+	url = http://gitlab.clustervision.lan/trinityx/role-image-create.git
+[submodule "site/roles/trinity/nscd"]
+	path = site/roles/trinity/nscd
+	url = http://gitlab.clustervision.lan/trinityx/role-nscd.git
diff --git a/Guidelines.rst b/Guidelines.rst
@@ -0,0 +1,90 @@
+Ansible
+=======
+
+#. `Variables`_
+#. `Passwords`_
+#. `Tags`_
+#. `Files`_
+#. `Execution flow`_
+
+Variables
+----------
+
+- Prepend role-level variable names with the name of the role::
+  
+    mariadb_packages:
+      - mariadb
+      - mariadb-server
+      - MySQL-python  
+    
+    mariadb_db_path: '/var/lib/mysql'
+  
+- To make roles portable and reusable, avoid relying on playbook-level and trinityX-specific variables. Define all the variables that are needed to run the role in ``defaults/main.yml``::
+  
+    # cat roles/drbd/defaults/main.yml
+    ---
+    
+    drbd_ctrl1_ip: '{{ trix_ctrl1_ip }}'
+    drbd_ctrl2_ip: '{{ trix_ctrl2_ip }}'
+    drbd_ctrl1_device: /dev/drbd1
+    drbd_ctrl2_device: '{{ drbd_ctrl1_device }}'
+    <...>
+  
+  
+- Sometimes it's okay to override the most frequently redefined variable directly in a playbook, still the playbook should be kept relatively clean::
+  
+    - role: slurm
+      slurmdbd_sql_user: 'slurm_accounting'
+      slurmdbd_sql_db: 'slurm_accounting'
+      tags: slurm
+  
+Passwords
+---------
+
+- Use the ``lookup()`` plugin to generate and retrieve stored passwords::
+  
+    - name: Acquire root password (generate or use one from /etc/trinity/passwords)
+      set_fact:
+        mysql_root_pwd: "{{ lookup('password',
+                        '/etc/trinity/passwords/mysql/root.txt
+                        chars=ascii_letters,digits,hexdigits') }}"
+  
+Tags
+----
+
+- Tag roles (and tasks if needed) to make their execution optional::
+  
+     roles:
+       - role: hostname
+           tags: hostname
+       - role: drbd
+           tags: drbd
+         <...>
+  
+  That makes it possible to run a particular subset of roles by either specifying a list of roles, e.g.::
+  
+  # ansible-playbook --tags hostname,drbd
+  
+  or excluding some of the roles, e.g.::
+  
+  # ansible-playbook --skip-tags firewalld
+  
+Files
+-----
+
+- When changing configuration files, make a backup of them using the ``backup:`` argument in modules like ``template``, ``lineinfile`` and so on.
+
+- Whenever possible, make use of the ``validate:`` argument to check the syntax first.
+
+- To trigger a service restart/reload when its configuration files get changedr, use handlers calling them with ``notify:``.
+
+- Prefer the ``blockinfile`` and ``template`` modules over ``lineinfile`` as they generally provide better idempotency.
+
+Execution flow
+--------------
+
+- A task should not report a change if nothing has been changed as a result of the task. For that reason, if you can’t avoid using ``command`` or ``shell`` modules, also use ``creates:`` or ``changed_when:`` or similar to control the task's ``changed`` status.
+
+- When enabling a systemd service, make sure to start it as well while specifying a condition ``when: ansible_connection not in 'lchroot'``. That would allow using the same role for both images and live nodes.
+
+- Instead of including one role in another, list it as a dependency in ``<role>/meta/main.yml``.