From 09a308996c59143ff4adcb6fb01d15c594cd46fc Mon Sep 17 00:00:00 2001 From: Chirs Ruihl Date: Thu, 26 Feb 2026 12:47:46 -0500 Subject: [PATCH 1/3] Add custom munge repo support to munge and slurm roles Munge role: split packages into bootstrap/install lists, add custom repo configuration (munge_custom_repo_url), use FQCN for include_vars, and add custom_repo Molecule scenario with improved verify.yml. Slurm role: add slurm_munge_repo_url/name defaults and pre-install task to configure the custom munge repo before building from source. Co-Authored-By: Claude Opus 4.6 --- munge/defaults/main.yml | 9 +++ munge/molecule/custom_repo/converge.yml | 11 ++++ munge/molecule/custom_repo/molecule.yml | 20 +++++++ munge/molecule/custom_repo/prepare.yml | 38 +++++++++++++ munge/molecule/custom_repo/verify.yml | 74 +++++++++++++++++++++++++ munge/molecule/default/verify.yml | 59 +++++++++++++++++--- munge/tasks/main.yml | 56 ++++++++++++++++--- munge/vars/RedHat-7.yaml | 5 +- munge/vars/RedHat-8.yaml | 6 +- munge/vars/RedHat-9.yaml | 6 +- slurm/defaults/main.yml | 8 ++- slurm/tasks/pre_install.yaml | 19 ++++++- 12 files changed, 285 insertions(+), 26 deletions(-) create mode 100644 munge/molecule/custom_repo/converge.yml create mode 100644 munge/molecule/custom_repo/molecule.yml create mode 100644 munge/molecule/custom_repo/prepare.yml create mode 100644 munge/molecule/custom_repo/verify.yml diff --git a/munge/defaults/main.yml b/munge/defaults/main.yml index f9f1ccd..0a480ed 100644 --- a/munge/defaults/main.yml +++ b/munge/defaults/main.yml @@ -2,3 +2,12 @@ # defaults file for munge munge_key: "{{undef(hint='You must specify the munge key value')}}" munge_user: "munge" + +# Custom munge RPM repository settings +# Set munge_custom_repo_url to enable installation from a custom repo. +# When set, the role creates a .repo file and installs munge from it. +munge_custom_repo_url: "" +munge_custom_repo_name: "munge-repo" +munge_custom_repo_description: "Custom Munge RPM Repository" +munge_custom_repo_gpgcheck: false +munge_custom_repo_gpgkey: "" diff --git a/munge/molecule/custom_repo/converge.yml b/munge/molecule/custom_repo/converge.yml new file mode 100644 index 0000000..f7ce1ce --- /dev/null +++ b/munge/molecule/custom_repo/converge.yml @@ -0,0 +1,11 @@ +--- +- name: Converge with custom repo + hosts: all + vars: + munge_key: "test-custom-repo-key-value-long-enough" + munge_custom_repo_url: "file:///opt/munge-repo" + munge_custom_repo_name: "munge-repo" + tasks: + - name: "Include munge" + ansible.builtin.include_role: + name: "munge" diff --git a/munge/molecule/custom_repo/molecule.yml b/munge/molecule/custom_repo/molecule.yml new file mode 100644 index 0000000..2da4a25 --- /dev/null +++ b/munge/molecule/custom_repo/molecule.yml @@ -0,0 +1,20 @@ +--- +dependency: + name: galaxy +driver: + name: podman +platforms: + - name: custom-repo-el9 + image: eniocarboni/docker-rockylinux-systemd:9 + privileged: true + volumes: + - "/sys/fs/cgroup:/sys/fs/cgroup:rw" + command: "/usr/sbin/init" + pre_build_image: true + cgroupns_mode: host +provisioner: + name: ansible + playbooks: + prepare: prepare.yml +verifier: + name: ansible diff --git a/munge/molecule/custom_repo/prepare.yml b/munge/molecule/custom_repo/prepare.yml new file mode 100644 index 0000000..b19b422 --- /dev/null +++ b/munge/molecule/custom_repo/prepare.yml @@ -0,0 +1,38 @@ +--- +- name: Prepare custom repo + hosts: all + gather_facts: false + tasks: + - name: Install python3 + raw: dnf install -y python3 + changed_when: false + + - name: Install createrepo_c and dnf-utils + ansible.builtin.dnf: + name: + - createrepo_c + - dnf-utils + - epel-release + state: present + + - name: Create local repo directory + ansible.builtin.file: + path: /opt/munge-repo + state: directory + mode: "0755" + + - name: Download munge RPMs from EPEL + ansible.builtin.shell: > + dnf download --destdir=/opt/munge-repo + --enablerepo=epel --enablerepo=crb + munge munge-devel munge-libs + changed_when: true + + - name: Create repo metadata + ansible.builtin.command: createrepo_c /opt/munge-repo + changed_when: true + + - name: Remove epel-release so it won't interfere + ansible.builtin.dnf: + name: epel-release + state: absent diff --git a/munge/molecule/custom_repo/verify.yml b/munge/molecule/custom_repo/verify.yml new file mode 100644 index 0000000..bcc0f71 --- /dev/null +++ b/munge/molecule/custom_repo/verify.yml @@ -0,0 +1,74 @@ +--- +- name: Verify custom repo install + hosts: all + gather_facts: false + tasks: + - name: Stat repo file + ansible.builtin.stat: + path: /etc/yum.repos.d/munge-repo.repo + register: repo_file + + - name: Assert repo file exists + ansible.builtin.assert: + that: + - repo_file.stat.exists + fail_msg: >- + Custom repo file not created at + /etc/yum.repos.d/munge-repo.repo + + - name: Read repo file content + ansible.builtin.slurp: + src: /etc/yum.repos.d/munge-repo.repo + register: repo_content + + - name: Assert repo file contains expected values + ansible.builtin.assert: + that: + - "'munge-repo' in content" + - "'file:///opt/munge-repo' in content" + fail_msg: "Repo file content does not match" + vars: + content: "{{ repo_content.content | b64decode }}" + + - name: Stat munge key file + ansible.builtin.stat: + path: /etc/munge/munge.key + register: keyfile + + - name: Assert key file permissions + ansible.builtin.assert: + that: + - keyfile.stat.exists + - keyfile.stat.pw_name == "munge" + - keyfile.stat.mode == "0400" + fail_msg: "munge.key missing or wrong owner/mode" + + - name: Get munge service facts + ansible.builtin.service_facts: + + - name: Assert munge service is running and enabled + ansible.builtin.assert: + that: + - svc.state == 'running' + - svc.status == 'enabled' + fail_msg: "munge service not running or not enabled" + vars: + svc: >- + {{ ansible_facts.services['munge.service'] }} + + - name: Verify munge encode/decode round-trip + ansible.builtin.command: munge -n + register: munge_encode + changed_when: false + + - name: Decode munge credential + ansible.builtin.command: unmunge + args: + stdin: "{{ munge_encode.stdout }}" + register: munge_decode + changed_when: false + + - name: Assert munge round-trip succeeded + ansible.builtin.assert: + that: munge_decode.rc == 0 + fail_msg: "munge encode/decode round-trip failed" diff --git a/munge/molecule/default/verify.yml b/munge/molecule/default/verify.yml index 8a7e5e4..9fa1085 100644 --- a/munge/molecule/default/verify.yml +++ b/munge/molecule/default/verify.yml @@ -1,15 +1,58 @@ --- -# This is an example playbook to execute Ansible tests. - - name: Verify hosts: all gather_facts: false tasks: - - name: Get munge service - ansible.builtin.service: - name: munge - register: munge_status + - name: Stat munge key file + ansible.builtin.stat: + path: /etc/munge/munge.key + register: keyfile + + - name: Assert key file permissions + ansible.builtin.assert: + that: + - keyfile.stat.exists + - keyfile.stat.pw_name == "munge" + - keyfile.stat.mode == "0400" + fail_msg: "munge.key missing or wrong owner/mode" + + - name: Get munge service facts + ansible.builtin.service_facts: + + - name: Assert munge service is running and enabled + ansible.builtin.assert: + that: + - svc.state == 'running' + - svc.status == 'enabled' + fail_msg: "munge service not running or not enabled" + vars: + svc: >- + {{ ansible_facts.services['munge.service'] }} + + - name: Verify munge encode/decode round-trip + ansible.builtin.command: munge -n + register: munge_encode + changed_when: false + + - name: Decode munge credential + ansible.builtin.command: unmunge + args: + stdin: "{{ munge_encode.stdout }}" + register: munge_decode + changed_when: false + + - name: Assert munge round-trip succeeded + ansible.builtin.assert: + that: munge_decode.rc == 0 + fail_msg: "munge encode/decode round-trip failed" + + - name: Stat custom repo file (should not exist) + ansible.builtin.stat: + path: /etc/yum.repos.d/munge-repo.repo + register: repo_file - - name: Verify status of munge + - name: Assert no custom repo file on default path ansible.builtin.assert: - that: munge_status.status.Result == "success" + that: + - not repo_file.stat.exists + fail_msg: "munge-repo.repo should not exist on default path" diff --git a/munge/tasks/main.yml b/munge/tasks/main.yml index 855597f..6b7daa0 100644 --- a/munge/tasks/main.yml +++ b/munge/tasks/main.yml @@ -2,30 +2,68 @@ # tasks file for munge # - name: Gather os specific variables - include_vars: "{{item}}" + ansible.builtin.include_vars: "{{ item }}" with_first_found: - files: - - "{{ansible_os_family}}.yaml" - - "{{ansible_os_family}}-{{ansible_distribution_major_version}}.yaml" + - "{{ansible_os_family}}.yaml" + - "{{ansible_os_family}}-{{ansible_distribution_major_version}}.yaml" paths: - - "{{role_path}}/vars" + - "{{ role_path }}/vars" tags: - munge -- name: Install munge-devel for EL8+ +# --- Custom repo setup (when munge_custom_repo_url is set) --- +- name: Configure custom munge RPM repository + ansible.builtin.yum_repository: + name: "{{ munge_custom_repo_name }}" + description: "{{ munge_custom_repo_description }}" + baseurl: "{{ munge_custom_repo_url }}" + gpgcheck: "{{ munge_custom_repo_gpgcheck }}" + gpgkey: "{{ munge_custom_repo_gpgkey | default(omit, true) }}" + enabled: true + when: munge_custom_repo_url != "" + tags: + - munge + +# --- Default path: install from EPEL --- +- name: Install munge bootstrap packages (EPEL) + ansible.builtin.package: + name: "{{ item }}" + state: present + loop: "{{ munge_bootstrap_packages }}" + when: munge_custom_repo_url == "" + tags: + - munge + +- name: Install munge-devel for EL8+ (powertools/crb) ansible.builtin.dnf: name: munge-devel enablerepo: "{{ munge_el_repo }}" state: present - when: ansible_os_family == 'RedHat' and ansible_distribution_major_version >= '8' + when: + - munge_custom_repo_url == "" + - ansible_os_family == 'RedHat' + - ansible_distribution_major_version | int >= 8 tags: - munge -- name: Install packages for Munge +- name: Install munge packages (default repos) ansible.builtin.package: - name: "{{item}}" + name: "{{ item }}" + state: present + loop: "{{ munge_install_packages }}" + when: munge_custom_repo_url == "" + tags: + - munge + +# --- Custom repo path: install from custom repo --- +- name: Install munge packages (custom repo) + ansible.builtin.dnf: + name: "{{ item }}" state: present - loop: "{{munge_packages}}" + enablerepo: "{{ munge_custom_repo_name }}" + loop: "{{ munge_install_packages }}" + when: munge_custom_repo_url != "" tags: - munge diff --git a/munge/vars/RedHat-7.yaml b/munge/vars/RedHat-7.yaml index 8de68fb..52a4bda 100644 --- a/munge/vars/RedHat-7.yaml +++ b/munge/vars/RedHat-7.yaml @@ -1,4 +1,7 @@ -munge_packages: +--- +munge_bootstrap_packages: - epel-release + +munge_install_packages: - munge - munge-devel diff --git a/munge/vars/RedHat-8.yaml b/munge/vars/RedHat-8.yaml index 9123db6..6da8140 100644 --- a/munge/vars/RedHat-8.yaml +++ b/munge/vars/RedHat-8.yaml @@ -1,7 +1,9 @@ +--- munge_el_repo: powertools -munge_packages: +munge_bootstrap_packages: - epel-release + +munge_install_packages: - munge - munge-devel - #- munge-libs diff --git a/munge/vars/RedHat-9.yaml b/munge/vars/RedHat-9.yaml index 6ef3747..0e21571 100644 --- a/munge/vars/RedHat-9.yaml +++ b/munge/vars/RedHat-9.yaml @@ -1,7 +1,9 @@ +--- munge_el_repo: crb -munge_packages: +munge_bootstrap_packages: - epel-release + +munge_install_packages: - munge - munge-devel - #- munge-libs diff --git a/slurm/defaults/main.yml b/slurm/defaults/main.yml index af53b0e..14ab8dc 100644 --- a/slurm/defaults/main.yml +++ b/slurm/defaults/main.yml @@ -204,4 +204,10 @@ slurmdbd_conf_extra: {} slurm_rpm_check_path: "{{ slurm_rpmbuild_user_home }}/rpmbuild/RPMS/{{ ansible_architecture }}/slurm-{{ slurm_version }}-1.el{{ ansible_distribution_major_version }}.{{ ansible_architecture }}.rpm" -pmix_rpm_check_path: "{{ slurm_rpmbuild_user_home }}/rpmbuild/RPMS/{{ ansible_architecture }}/pmix-{{ slurm_pmix_version }}-1.el{{ ansible_distribution_major_version }}.{{ ansible_architecture }}.rpm" \ No newline at end of file +pmix_rpm_check_path: "{{ slurm_rpmbuild_user_home }}/rpmbuild/RPMS/{{ ansible_architecture }}/pmix-{{ slurm_pmix_version }}-1.el{{ ansible_distribution_major_version }}.{{ ansible_architecture }}.rpm" + +# Custom munge repo — when set, slurm pre-install will add this repo +# and use it for munge-devel/munge-libs installation. +# Should match the munge role's munge_custom_repo_* settings. +slurm_munge_repo_url: "" +slurm_munge_repo_name: "munge-repo" diff --git a/slurm/tasks/pre_install.yaml b/slurm/tasks/pre_install.yaml index 104216d..9f25281 100644 --- a/slurm/tasks/pre_install.yaml +++ b/slurm/tasks/pre_install.yaml @@ -71,13 +71,26 @@ slurm_required_devel_packages: "{{ slurm_required_devel_packages | difference(['libjwt-devel']) }}" when: slurm_enable_restd and slurm_build_jwt_source -- name: Install required development packages +- name: Configure custom munge RPM repository for Slurm build + ansible.builtin.yum_repository: + name: "{{ slurm_munge_repo_name }}" + description: "Custom Munge RPM Repository" + baseurl: "{{ slurm_munge_repo_url }}" + gpgcheck: false + enabled: true + when: slurm_munge_repo_url != "" + tags: + - slurm + - slurm_install_controller + - slurm_install_slurmd + +- name: Install required development packages ansible.builtin.dnf: - name: "{{item}}" + name: "{{ item }}" state: present enablerepo: "{{ slurm_el_repos }}" loop: "{{ slurm_required_devel_packages }}" - when: slurm_source_install + when: slurm_source_install tags: - slurm - slurm_install_controller From f71729cf41224bafd6cd02ce736c612fb61c5ad8 Mon Sep 17 00:00:00 2001 From: Chirs Ruihl Date: Thu, 26 Feb 2026 13:37:28 -0500 Subject: [PATCH 2/3] remove new custom munge repo stanza --- slurm/tasks/pre_install.yaml | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/slurm/tasks/pre_install.yaml b/slurm/tasks/pre_install.yaml index 9f25281..ab32825 100644 --- a/slurm/tasks/pre_install.yaml +++ b/slurm/tasks/pre_install.yaml @@ -71,18 +71,6 @@ slurm_required_devel_packages: "{{ slurm_required_devel_packages | difference(['libjwt-devel']) }}" when: slurm_enable_restd and slurm_build_jwt_source -- name: Configure custom munge RPM repository for Slurm build - ansible.builtin.yum_repository: - name: "{{ slurm_munge_repo_name }}" - description: "Custom Munge RPM Repository" - baseurl: "{{ slurm_munge_repo_url }}" - gpgcheck: false - enabled: true - when: slurm_munge_repo_url != "" - tags: - - slurm - - slurm_install_controller - - slurm_install_slurmd - name: Install required development packages ansible.builtin.dnf: From 2bf4b9fdbef7400b99a10fa734e641b974e5ad2d Mon Sep 17 00:00:00 2001 From: Chirs Ruihl Date: Wed, 4 Mar 2026 10:17:35 -0500 Subject: [PATCH 3/3] remove customer repo build role --- munge/defaults/main.yml | 7 ++----- munge/tasks/main.yml | 32 +++++++++++++------------------- 2 files changed, 15 insertions(+), 24 deletions(-) diff --git a/munge/defaults/main.yml b/munge/defaults/main.yml index 0a480ed..12a3a0a 100644 --- a/munge/defaults/main.yml +++ b/munge/defaults/main.yml @@ -4,10 +4,7 @@ munge_key: "{{undef(hint='You must specify the munge key value')}}" munge_user: "munge" # Custom munge RPM repository settings -# Set munge_custom_repo_url to enable installation from a custom repo. -# When set, the role creates a .repo file and installs munge from it. +# Set munge_custom_repo_url to install from a custom repo URL directly +# (uses dnf --repofrompath, no .repo file is created on the target). munge_custom_repo_url: "" -munge_custom_repo_name: "munge-repo" -munge_custom_repo_description: "Custom Munge RPM Repository" munge_custom_repo_gpgcheck: false -munge_custom_repo_gpgkey: "" diff --git a/munge/tasks/main.yml b/munge/tasks/main.yml index 6b7daa0..be6d044 100644 --- a/munge/tasks/main.yml +++ b/munge/tasks/main.yml @@ -12,19 +12,6 @@ tags: - munge -# --- Custom repo setup (when munge_custom_repo_url is set) --- -- name: Configure custom munge RPM repository - ansible.builtin.yum_repository: - name: "{{ munge_custom_repo_name }}" - description: "{{ munge_custom_repo_description }}" - baseurl: "{{ munge_custom_repo_url }}" - gpgcheck: "{{ munge_custom_repo_gpgcheck }}" - gpgkey: "{{ munge_custom_repo_gpgkey | default(omit, true) }}" - enabled: true - when: munge_custom_repo_url != "" - tags: - - munge - # --- Default path: install from EPEL --- - name: Install munge bootstrap packages (EPEL) ansible.builtin.package: @@ -56,13 +43,20 @@ tags: - munge -# --- Custom repo path: install from custom repo --- -- name: Install munge packages (custom repo) - ansible.builtin.dnf: - name: "{{ item }}" - state: present - enablerepo: "{{ munge_custom_repo_name }}" +# --- Custom repo path: install directly from URL (no .repo file created) --- +- name: Install munge packages (custom repo URL) + ansible.builtin.command: + argv: + - dnf + - install + - -y + - "--repofrompath=munge-custom,{{ munge_custom_repo_url }}" + - --repo=munge-custom + - "--setopt=munge-custom.gpgcheck={{ '1' if munge_custom_repo_gpgcheck else '0' }}" + - "{{ item }}" loop: "{{ munge_install_packages }}" + register: dnf_custom_result + changed_when: "'Nothing to do' not in dnf_custom_result.stdout" when: munge_custom_repo_url != "" tags: - munge