diff --git a/munge/defaults/main.yml b/munge/defaults/main.yml index f9f1ccd..12a3a0a 100644 --- a/munge/defaults/main.yml +++ b/munge/defaults/main.yml @@ -2,3 +2,9 @@ # defaults file for munge munge_key: "{{undef(hint='You must specify the munge key value')}}" munge_user: "munge" + +# Custom munge RPM repository settings +# Set munge_custom_repo_url to install from a custom repo URL directly +# (uses dnf --repofrompath, no .repo file is created on the target). +munge_custom_repo_url: "" +munge_custom_repo_gpgcheck: false diff --git a/munge/molecule/custom_repo/converge.yml b/munge/molecule/custom_repo/converge.yml new file mode 100644 index 0000000..f7ce1ce --- /dev/null +++ b/munge/molecule/custom_repo/converge.yml @@ -0,0 +1,11 @@ +--- +- name: Converge with custom repo + hosts: all + vars: + munge_key: "test-custom-repo-key-value-long-enough" + munge_custom_repo_url: "file:///opt/munge-repo" + munge_custom_repo_name: "munge-repo" + tasks: + - name: "Include munge" + ansible.builtin.include_role: + name: "munge" diff --git a/munge/molecule/custom_repo/molecule.yml b/munge/molecule/custom_repo/molecule.yml new file mode 100644 index 0000000..2da4a25 --- /dev/null +++ b/munge/molecule/custom_repo/molecule.yml @@ -0,0 +1,20 @@ +--- +dependency: + name: galaxy +driver: + name: podman +platforms: + - name: custom-repo-el9 + image: eniocarboni/docker-rockylinux-systemd:9 + privileged: true + volumes: + - "/sys/fs/cgroup:/sys/fs/cgroup:rw" + command: "/usr/sbin/init" + pre_build_image: true + cgroupns_mode: host +provisioner: + name: ansible + playbooks: + prepare: prepare.yml +verifier: + name: ansible diff --git a/munge/molecule/custom_repo/prepare.yml b/munge/molecule/custom_repo/prepare.yml new file mode 100644 index 0000000..b19b422 --- /dev/null +++ b/munge/molecule/custom_repo/prepare.yml @@ -0,0 +1,38 @@ +--- +- name: Prepare custom repo + hosts: all + gather_facts: false + tasks: + - name: Install python3 + raw: dnf install -y python3 + changed_when: false + + - name: Install createrepo_c and dnf-utils + ansible.builtin.dnf: + name: + - createrepo_c + - dnf-utils + - epel-release + state: present + + - name: Create local repo directory + ansible.builtin.file: + path: /opt/munge-repo + state: directory + mode: "0755" + + - name: Download munge RPMs from EPEL + ansible.builtin.shell: > + dnf download --destdir=/opt/munge-repo + --enablerepo=epel --enablerepo=crb + munge munge-devel munge-libs + changed_when: true + + - name: Create repo metadata + ansible.builtin.command: createrepo_c /opt/munge-repo + changed_when: true + + - name: Remove epel-release so it won't interfere + ansible.builtin.dnf: + name: epel-release + state: absent diff --git a/munge/molecule/custom_repo/verify.yml b/munge/molecule/custom_repo/verify.yml new file mode 100644 index 0000000..bcc0f71 --- /dev/null +++ b/munge/molecule/custom_repo/verify.yml @@ -0,0 +1,74 @@ +--- +- name: Verify custom repo install + hosts: all + gather_facts: false + tasks: + - name: Stat repo file + ansible.builtin.stat: + path: /etc/yum.repos.d/munge-repo.repo + register: repo_file + + - name: Assert repo file exists + ansible.builtin.assert: + that: + - repo_file.stat.exists + fail_msg: >- + Custom repo file not created at + /etc/yum.repos.d/munge-repo.repo + + - name: Read repo file content + ansible.builtin.slurp: + src: /etc/yum.repos.d/munge-repo.repo + register: repo_content + + - name: Assert repo file contains expected values + ansible.builtin.assert: + that: + - "'munge-repo' in content" + - "'file:///opt/munge-repo' in content" + fail_msg: "Repo file content does not match" + vars: + content: "{{ repo_content.content | b64decode }}" + + - name: Stat munge key file + ansible.builtin.stat: + path: /etc/munge/munge.key + register: keyfile + + - name: Assert key file permissions + ansible.builtin.assert: + that: + - keyfile.stat.exists + - keyfile.stat.pw_name == "munge" + - keyfile.stat.mode == "0400" + fail_msg: "munge.key missing or wrong owner/mode" + + - name: Get munge service facts + ansible.builtin.service_facts: + + - name: Assert munge service is running and enabled + ansible.builtin.assert: + that: + - svc.state == 'running' + - svc.status == 'enabled' + fail_msg: "munge service not running or not enabled" + vars: + svc: >- + {{ ansible_facts.services['munge.service'] }} + + - name: Verify munge encode/decode round-trip + ansible.builtin.command: munge -n + register: munge_encode + changed_when: false + + - name: Decode munge credential + ansible.builtin.command: unmunge + args: + stdin: "{{ munge_encode.stdout }}" + register: munge_decode + changed_when: false + + - name: Assert munge round-trip succeeded + ansible.builtin.assert: + that: munge_decode.rc == 0 + fail_msg: "munge encode/decode round-trip failed" diff --git a/munge/molecule/default/verify.yml b/munge/molecule/default/verify.yml index 8a7e5e4..9fa1085 100644 --- a/munge/molecule/default/verify.yml +++ b/munge/molecule/default/verify.yml @@ -1,15 +1,58 @@ --- -# This is an example playbook to execute Ansible tests. - - name: Verify hosts: all gather_facts: false tasks: - - name: Get munge service - ansible.builtin.service: - name: munge - register: munge_status + - name: Stat munge key file + ansible.builtin.stat: + path: /etc/munge/munge.key + register: keyfile + + - name: Assert key file permissions + ansible.builtin.assert: + that: + - keyfile.stat.exists + - keyfile.stat.pw_name == "munge" + - keyfile.stat.mode == "0400" + fail_msg: "munge.key missing or wrong owner/mode" + + - name: Get munge service facts + ansible.builtin.service_facts: + + - name: Assert munge service is running and enabled + ansible.builtin.assert: + that: + - svc.state == 'running' + - svc.status == 'enabled' + fail_msg: "munge service not running or not enabled" + vars: + svc: >- + {{ ansible_facts.services['munge.service'] }} + + - name: Verify munge encode/decode round-trip + ansible.builtin.command: munge -n + register: munge_encode + changed_when: false + + - name: Decode munge credential + ansible.builtin.command: unmunge + args: + stdin: "{{ munge_encode.stdout }}" + register: munge_decode + changed_when: false + + - name: Assert munge round-trip succeeded + ansible.builtin.assert: + that: munge_decode.rc == 0 + fail_msg: "munge encode/decode round-trip failed" + + - name: Stat custom repo file (should not exist) + ansible.builtin.stat: + path: /etc/yum.repos.d/munge-repo.repo + register: repo_file - - name: Verify status of munge + - name: Assert no custom repo file on default path ansible.builtin.assert: - that: munge_status.status.Result == "success" + that: + - not repo_file.stat.exists + fail_msg: "munge-repo.repo should not exist on default path" diff --git a/munge/tasks/main.yml b/munge/tasks/main.yml index 855597f..be6d044 100644 --- a/munge/tasks/main.yml +++ b/munge/tasks/main.yml @@ -2,30 +2,62 @@ # tasks file for munge # - name: Gather os specific variables - include_vars: "{{item}}" + ansible.builtin.include_vars: "{{ item }}" with_first_found: - files: - - "{{ansible_os_family}}.yaml" - - "{{ansible_os_family}}-{{ansible_distribution_major_version}}.yaml" + - "{{ansible_os_family}}.yaml" + - "{{ansible_os_family}}-{{ansible_distribution_major_version}}.yaml" paths: - - "{{role_path}}/vars" + - "{{ role_path }}/vars" tags: - munge -- name: Install munge-devel for EL8+ +# --- Default path: install from EPEL --- +- name: Install munge bootstrap packages (EPEL) + ansible.builtin.package: + name: "{{ item }}" + state: present + loop: "{{ munge_bootstrap_packages }}" + when: munge_custom_repo_url == "" + tags: + - munge + +- name: Install munge-devel for EL8+ (powertools/crb) ansible.builtin.dnf: name: munge-devel enablerepo: "{{ munge_el_repo }}" state: present - when: ansible_os_family == 'RedHat' and ansible_distribution_major_version >= '8' + when: + - munge_custom_repo_url == "" + - ansible_os_family == 'RedHat' + - ansible_distribution_major_version | int >= 8 tags: - munge -- name: Install packages for Munge +- name: Install munge packages (default repos) ansible.builtin.package: - name: "{{item}}" + name: "{{ item }}" state: present - loop: "{{munge_packages}}" + loop: "{{ munge_install_packages }}" + when: munge_custom_repo_url == "" + tags: + - munge + +# --- Custom repo path: install directly from URL (no .repo file created) --- +- name: Install munge packages (custom repo URL) + ansible.builtin.command: + argv: + - dnf + - install + - -y + - "--repofrompath=munge-custom,{{ munge_custom_repo_url }}" + - --repo=munge-custom + - "--setopt=munge-custom.gpgcheck={{ '1' if munge_custom_repo_gpgcheck else '0' }}" + - "{{ item }}" + loop: "{{ munge_install_packages }}" + register: dnf_custom_result + changed_when: "'Nothing to do' not in dnf_custom_result.stdout" + when: munge_custom_repo_url != "" tags: - munge diff --git a/munge/vars/RedHat-7.yaml b/munge/vars/RedHat-7.yaml index 8de68fb..52a4bda 100644 --- a/munge/vars/RedHat-7.yaml +++ b/munge/vars/RedHat-7.yaml @@ -1,4 +1,7 @@ -munge_packages: +--- +munge_bootstrap_packages: - epel-release + +munge_install_packages: - munge - munge-devel diff --git a/munge/vars/RedHat-8.yaml b/munge/vars/RedHat-8.yaml index 9123db6..6da8140 100644 --- a/munge/vars/RedHat-8.yaml +++ b/munge/vars/RedHat-8.yaml @@ -1,7 +1,9 @@ +--- munge_el_repo: powertools -munge_packages: +munge_bootstrap_packages: - epel-release + +munge_install_packages: - munge - munge-devel - #- munge-libs diff --git a/munge/vars/RedHat-9.yaml b/munge/vars/RedHat-9.yaml index 6ef3747..0e21571 100644 --- a/munge/vars/RedHat-9.yaml +++ b/munge/vars/RedHat-9.yaml @@ -1,7 +1,9 @@ +--- munge_el_repo: crb -munge_packages: +munge_bootstrap_packages: - epel-release + +munge_install_packages: - munge - munge-devel - #- munge-libs diff --git a/slurm/defaults/main.yml b/slurm/defaults/main.yml index af53b0e..14ab8dc 100644 --- a/slurm/defaults/main.yml +++ b/slurm/defaults/main.yml @@ -204,4 +204,10 @@ slurmdbd_conf_extra: {} slurm_rpm_check_path: "{{ slurm_rpmbuild_user_home }}/rpmbuild/RPMS/{{ ansible_architecture }}/slurm-{{ slurm_version }}-1.el{{ ansible_distribution_major_version }}.{{ ansible_architecture }}.rpm" -pmix_rpm_check_path: "{{ slurm_rpmbuild_user_home }}/rpmbuild/RPMS/{{ ansible_architecture }}/pmix-{{ slurm_pmix_version }}-1.el{{ ansible_distribution_major_version }}.{{ ansible_architecture }}.rpm" \ No newline at end of file +pmix_rpm_check_path: "{{ slurm_rpmbuild_user_home }}/rpmbuild/RPMS/{{ ansible_architecture }}/pmix-{{ slurm_pmix_version }}-1.el{{ ansible_distribution_major_version }}.{{ ansible_architecture }}.rpm" + +# Custom munge repo — when set, slurm pre-install will add this repo +# and use it for munge-devel/munge-libs installation. +# Should match the munge role's munge_custom_repo_* settings. +slurm_munge_repo_url: "" +slurm_munge_repo_name: "munge-repo" diff --git a/slurm/tasks/pre_install.yaml b/slurm/tasks/pre_install.yaml index 104216d..ab32825 100644 --- a/slurm/tasks/pre_install.yaml +++ b/slurm/tasks/pre_install.yaml @@ -71,13 +71,14 @@ slurm_required_devel_packages: "{{ slurm_required_devel_packages | difference(['libjwt-devel']) }}" when: slurm_enable_restd and slurm_build_jwt_source -- name: Install required development packages + +- name: Install required development packages ansible.builtin.dnf: - name: "{{item}}" + name: "{{ item }}" state: present enablerepo: "{{ slurm_el_repos }}" loop: "{{ slurm_required_devel_packages }}" - when: slurm_source_install + when: slurm_source_install tags: - slurm - slurm_install_controller