Merge pull request #250 from stackhpc/feat/fatimage

Build fat image in appliance

Author: sjpb

.github/workflows/fatimage.yml

@@ -0,0 +1,64 @@
+
+name: Build fat image
+on:
+  workflow_dispatch:
+jobs:
+  openstack:
+    name: openstack-build-arcus
+    concurrency: ${{ github.ref }} # to branch/PR
+    runs-on: ubuntu-20.04
+    env:
+      ANSIBLE_FORCE_COLOR: True
+      OS_CLOUD: openstack
+    steps:
+      - uses: actions/checkout@v2
+
+      - name: Setup ssh
+        run: |
+          set -x
+          mkdir ~/.ssh
+          echo "${arcus_SSH_KEY}" > ~/.ssh/id_rsa
+          chmod 0600 ~/.ssh/id_rsa
+        env:
+          arcus_SSH_KEY: ${{ secrets.ARCUS_SSH_KEY }}
+
+      - name: Add bastion's ssh key to known_hosts
+        run: cat environments/.stackhpc/bastion_fingerprint >> ~/.ssh/known_hosts
+        shell: bash
+      
+      - name: Install ansible etc
+        run: dev/setup-env.sh
+      
+      - name: Write clouds.yaml
+        run: |
+          mkdir -p ~/.config/openstack/
+          echo "${arcus_CLOUDS_YAML}" > ~/.config/openstack/clouds.yaml
+        shell: bash
+        env:
+          arcus_CLOUDS_YAML: ${{ secrets.ARCUS_CLOUDS_YAML }}
+            
+      - name: Setup environment
+        run: |
+          . venv/bin/activate
+          . environments/.stackhpc/activate
+        
+      - name: Build fat image with packer
+        id: packer_build
+        run: |
+          . venv/bin/activate
+          . environments/.stackhpc/activate
+          cd packer/
+          packer init
+          PACKER_LOG=1 packer build -only openstack.openhpc -on-error=ask -var-file=$PKR_VAR_environment_root/builder.pkrvars.hcl openstack.pkr.hcl
+
+      - name: Get created image name from manifest
+        id: manifest
+        run: |
+          . venv/bin/activate
+          IMAGE_ID=$(jq --raw-output '.builds[-1].artifact_id' packer-manifest.json)
+          while ! openstack image show -f value -c name $IMAGE_ID; do
+            sleep 30
+          done
+          IMAGE_NAME=$(openstack image show -f value -c name $IMAGE_ID)
+          echo "::set-output name=IMAGE_ID::$IMAGE_ID"
+          echo "::set-output name=IMAGE_NAME::$IMAGE_NAME"

.github/workflows/stackhpc.yml

@@ -1,5 +1,5 @@
 
-name: Test deployment and image build on OpenStack
+name: Test deployment and reimage on OpenStack
 on:
   workflow_dispatch:
   push:
@@ -8,12 +8,7 @@ on:
   pull_request:
 jobs:
   openstack:
-    name: openstack-ci-${{ matrix.cloud }}
-    strategy:
-      matrix:
-        cloud:
-          - "arcus"   # Arcus OpenStack in rcp-cloud-portal-demo project, with RoCE
-      fail-fast: false # as want clouds to continue independently
+    name: openstack-ci-arcus # Arcus OpenStack in rcp-cloud-portal-demo project, with RoCE
     concurrency: ${{ github.ref }} # to branch/PR
     runs-on: ubuntu-20.04
     env:
@@ -27,13 +22,13 @@ jobs:
         run: |
           set -x
           mkdir ~/.ssh
-          echo "${${{ matrix.cloud }}_SSH_KEY}" > ~/.ssh/id_rsa
+          echo "${arcus_SSH_KEY}" > ~/.ssh/id_rsa
           chmod 0600 ~/.ssh/id_rsa
         env:
           arcus_SSH_KEY: ${{ secrets.ARCUS_SSH_KEY }}
 
       - name: Add bastion's ssh key to known_hosts
-        run: cat environments/${{ matrix.cloud }}/bastion_fingerprint >> ~/.ssh/known_hosts
+        run: cat environments/.stackhpc/bastion_fingerprint >> ~/.ssh/known_hosts
         shell: bash
 
       - name: Install ansible etc
@@ -44,38 +39,38 @@ jobs:
 
       - name: Initialise terraform
         run: terraform init
-        working-directory: ${{ github.workspace }}/environments/${{ matrix.cloud }}/terraform
+        working-directory: ${{ github.workspace }}/environments/.stackhpc/terraform
 
       - name: Write clouds.yaml
         run: |
           mkdir -p ~/.config/openstack/
-          echo "${${{ matrix.cloud }}_CLOUDS_YAML}" > ~/.config/openstack/clouds.yaml
+          echo "${arcus_CLOUDS_YAML}" > ~/.config/openstack/clouds.yaml
         shell: bash
         env:
           arcus_CLOUDS_YAML: ${{ secrets.ARCUS_CLOUDS_YAML }}
 
       - name: Setup environment-specific inventory/terraform inputs
         run: |
           . venv/bin/activate
-          . environments/${{ matrix.cloud }}/activate
+          . environments/.stackhpc/activate
           ansible-playbook ansible/adhoc/generate-passwords.yml
           echo vault_testuser_password: "$TESTUSER_PASSWORD" > $APPLIANCES_ENVIRONMENT_ROOT/inventory/group_vars/all/test_user.yml
         env:
           TESTUSER_PASSWORD: ${{ secrets.TEST_USER_PASSWORD }}
 
-      - name: Provision servers
+      - name: Provision nodes using fat image
         id: provision_servers
         run: |
           . venv/bin/activate
-          . environments/${{ matrix.cloud }}/activate
+          . environments/.stackhpc/activate
           cd $APPLIANCES_ENVIRONMENT_ROOT/terraform
           terraform apply -auto-approve
 
       - name: Get server provisioning failure messages
         id: provision_failure
         run: |
           . venv/bin/activate
-          . environments/${{ matrix.cloud }}/activate
+          . environments/.stackhpc/activate
           cd $APPLIANCES_ENVIRONMENT_ROOT/terraform
           TF_FAIL_MSGS="$(../../skeleton/\{\{cookiecutter.environment\}\}/terraform/getfaults.py  $PWD)"
           echo TF failure messages: $TF_FAIL_MSGS
@@ -85,29 +80,29 @@ jobs:
       - name: Delete infrastructure if failed due to lack of hosts
         run: |
           . venv/bin/activate
-          . environments/${{ matrix.cloud }}/activate
+          . environments/.stackhpc/activate
           cd $APPLIANCES_ENVIRONMENT_ROOT/terraform
           terraform destroy -auto-approve
         if: ${{ always() && steps.provision_servers.outcome == 'failure' && contains(steps.provision_failure.messages, 'not enough hosts available') }}
 
-      - name: Directly configure cluster
+      - name: Configure cluster
         run: |
           . venv/bin/activate
-          . environments/${{ matrix.cloud }}/activate
+          . environments/.stackhpc/activate
           ansible all -m wait_for_connection
           ansible-playbook -v ansible/site.yml
           ansible-playbook -v ansible/ci/check_slurm.yml
 
       - name: Run MPI-based tests
         run: |
           . venv/bin/activate
-          . environments/${{ matrix.cloud }}/activate
+          . environments/.stackhpc/activate
           ansible-playbook -vv ansible/adhoc/hpctests.yml
 
       - name: Confirm Open Ondemand is up (via SOCKS proxy)
         run: |
           . venv/bin/activate
-          . environments/${{ matrix.cloud }}/activate
+          . environments/.stackhpc/activate
           
           # load ansible variables into shell:
           ansible-playbook ansible/ci/output_vars.yml \
@@ -135,63 +130,55 @@ jobs:
         env:
           TESTUSER_PASSWORD: ${{ secrets.TEST_USER_PASSWORD }}
 
-      - name: Build packer images
-        id: packer_build
-        run: |
-          . venv/bin/activate
-          . environments/${{ matrix.cloud }}/activate
-          cd packer/
-          PACKER_LOG=1 packer build -on-error=ask -var-file=$PKR_VAR_environment_root/builder.pkrvars.hcl openstack.pkr.hcl
-          ../dev/output_manifest.py packer-manifest.json # Sets NEW_{COMPUTE,CONTROL,LOGIN}_IMAGE_ID outputs
-
-      - name: Test reimage of login nodes (via rebuild adhoc)
-        run: |
-          . venv/bin/activate
-          . environments/${{ matrix.cloud }}/activate
-          ansible-playbook -v --limit login ansible/adhoc/rebuild.yml -e rebuild_image=${{ steps.packer_build.outputs.NEW_LOGIN_IMAGE_ID }}
-          ansible login -m wait_for_connection -a 'delay=60 timeout=600' # delay allows node to go down
-          ansible-playbook -v ansible/ci/check_slurm.yml
-
-      - name: Test reimage of compute nodes (via slurm)
-        run: |
-          . venv/bin/activate
-          . environments/${{ matrix.cloud }}/activate
-          ansible login -v -a "sudo scontrol reboot ASAP nextstate=RESUME reason='rebuild image:${{ steps.packer_build.outputs.NEW_COMPUTE_IMAGE_ID }}' ${TF_VAR_cluster_name}-compute-[0-3]"
-          ansible compute -m wait_for_connection -a 'delay=60 timeout=600' # delay allows node to go down
-          ansible-playbook -v ansible/ci/check_slurm.yml
+      # - name: Build environment-specific compute image
+      #   id: packer_build
+      #   run: |
+      #     . venv/bin/activate
+      #     . environments/.stackhpc/activate
+      #     cd packer/
+      #     packer init
+      #     PACKER_LOG=1 packer build -except openstack.fatimage -on-error=ask -var-file=$PKR_VAR_environment_root/builder.pkrvars.hcl openstack.pkr.hcl
+      #     ../dev/output_manifest.py packer-manifest.json # Sets NEW_COMPUTE_IMAGE_ID outputs
+
+      # - name: Test reimage of compute nodes to new environment-specific image (via slurm)
+      #   run: |
+      #     . venv/bin/activate
+      #     . environments/.stackhpc/activate
+      #     ansible login -v -a "sudo scontrol reboot ASAP nextstate=RESUME reason='rebuild image:${{ steps.packer_build.outputs.NEW_COMPUTE_IMAGE_ID }}' ${TF_VAR_cluster_name}-compute-[0-3]"
+      #     ansible compute -m wait_for_connection -a 'delay=60 timeout=600' # delay allows node to go down
+      #     ansible-playbook -v ansible/ci/check_slurm.yml
 
-      - name: Test reimage of control node (via rebuild adhoc)
+      - name: Test reimage of all nodes (via rebuild adhoc)
         run: |
           . venv/bin/activate
-          . environments/${{ matrix.cloud }}/activate
-          ansible-playbook -v --limit control ansible/adhoc/rebuild.yml -e rebuild_image=${{ steps.packer_build.outputs.NEW_CONTROL_IMAGE_ID }}
-          ansible control -m wait_for_connection -a 'delay=60 timeout=600' # delay allows node to go down
-          ansible-playbook ansible/slurm.yml --tags openhpc # configures partitions
-          ansible-playbook ansible/monitoring.yml --tags prometheus # configures scrapes
+          . environments/.stackhpc/activate
+          ansible-playbook -v --limit control,login ansible/adhoc/rebuild.yml
+          ansible all -m wait_for_connection -a 'delay=60 timeout=600' # delay allows node to go down
+          ansible-playbook -v ansible/site.yml
           ansible-playbook -v ansible/ci/check_slurm.yml
       
       - name: Check sacct state survived reimage
         run: |
           . venv/bin/activate
-          . environments/${{ matrix.cloud }}/activate
+          . environments/.stackhpc/activate
           ansible-playbook -vv ansible/ci/check_sacct_hpctests.yml
 
       - name: Check MPI-based tests are shown in Grafana
         run: |
           . venv/bin/activate
-          . environments/${{ matrix.cloud }}/activate
+          . environments/.stackhpc/activate
           ansible-playbook -vv ansible/ci/check_grafana.yml
 
       - name: Delete infrastructure
         run: |
           . venv/bin/activate
-          . environments/${{ matrix.cloud }}/activate
+          . environments/.stackhpc/activate
           cd $APPLIANCES_ENVIRONMENT_ROOT/terraform
           terraform destroy -auto-approve
         if: ${{ success() || cancelled() }}
 
-      - name: Delete images
-        run: |
-          . venv/bin/activate
-          . environments/${{ matrix.cloud }}/activate
-          ansible-playbook -vv ansible/ci/delete_images.yml
+      # - name: Delete images
+      #   run: |
+      #     . venv/bin/activate
+      #     . environments/.stackhpc/activate
+      #     ansible-playbook -vv ansible/ci/delete_images.yml

ansible/cleanup.yml

@@ -0,0 +1,21 @@
+# Clean up a Packer build VM
+
+- meta: flush_handlers
+
+- name: Remove dnf caches
+  command: dnf clean all
+
+- name: Delete /etc/resolv.conf
+  # required as if cloud-init (rather than network manager) controls this on next boot it won't be entirely overrwritten
+  file:
+    path: /etc/resolv.conf
+    state: absent
+
+- name: Delete any injected ssh config for rocky
+  file:
+    path: /home/rocky/.ssh/
+    state: absent
+
+- name: Run cloud-init cleanup
+  command: cloud-init clean --logs --seed
+