cookiecutter environment now has working defaults

wtripp180901 · wtripp180901 · commit b7cfe9ae996a · 2024-11-11T15:00:57.000Z
diff --git a/ansible/roles/passwords/defaults/main.yml b/ansible/roles/passwords/defaults/main.yml
@@ -8,6 +8,7 @@ slurm_appliance_secrets:
   vault_openhpc_mungekey: "{{ secrets_openhpc_mungekey | default(vault_openhpc_mungekey | default(secrets_openhpc_mungekey_default)) }}"
   vault_freeipa_ds_password: "{{ vault_freeipa_ds_password | default(lookup('password', '/dev/null')) }}"
   vault_freeipa_admin_password: "{{ vault_freeipa_admin_password | default(lookup('password', '/dev/null')) }}"
+  vault_openondemand_default_user_password: "{{ vault_openondemand_default_user_password | default(lookup('password', '/dev/null')) }}"
   k3s_token: "{{ lookup('ansible.builtin.password', '/dev/null', length=64) }}"
 
 secrets_openhpc_mungekey_default:
diff --git a/environments/common/inventory/group_vars/all/basic_users.yml b/environments/common/inventory/group_vars/all/basic_users.yml
@@ -3,5 +3,10 @@
 # See: ansible/roles/basic_users/README.md 
 # for variable definitions.
 
+ondemand_user_password: "{{ vault_openondemand_default_user_password }}"
+
 basic_users_homedir: /home
-basic_users_users: []
+basic_users_users:
+  - name: ood_user
+    password: "{{ ondemand_user_password | password_hash('sha512', 65534 | random(seed=inventory_hostname) | string) }}" # idempotent
+    uid: 1006
diff --git a/environments/common/inventory/group_vars/all/openondemand.yml b/environments/common/inventory/group_vars/all/openondemand.yml
@@ -5,7 +5,12 @@
 
 # NB: Variables prefixed ood_ are all from https://github.com/OSC/ood-ansible
 
-# openondemand_servername: '' # Must be defined when using openondemand
+openondemand_servername: "{{ hostvars[groups['openondemand'].0].ansible_host if groups['openondemand'] else '' }}"
+
+openondemand_auth: basic_pam
+
+openondemand_jupyter_partition: "{{ openhpc_slurm_partitions[0]['name'] }}"
+openondemand_desktop_partition: "{{ openhpc_slurm_partitions[0]['name'] }}"
 
 # Regex defining hosts which openondemand can proxy; the default regex is compute nodes (for apps) and grafana host,
 # e.g. if the group `compute` has hosts `compute-{0,1,2,..}` this will be '(compute-\d+)|(control)'.
diff --git a/environments/common/layouts/everything b/environments/common/layouts/everything
@@ -27,8 +27,9 @@ login
 [block_devices:children]
 # Environment-specific so not defined here
 
-[basic_users]
+[basic_users:children]
 # Add `openhpc` group to add Slurm users via creation of users on each node.
+openhpc
 
 [openondemand:children]
 # Host to run Open Ondemand server on - subset of login
@@ -42,8 +43,9 @@ compute
 # Subset of compute to run a Jupyter Notebook servers on via Open Ondemand
 compute
 
-[etc_hosts]
+[etc_hosts:children]
 # Hosts to manage /etc/hosts e.g. if no internal DNS. See ansible/roles/etc_hosts/README.md
+cluster
 
 [cuda]
 # Hosts to install NVIDIA CUDA on - see ansible/roles/cuda/README.md
diff --git a/environments/skeleton/{{cookiecutter.environment}}/terraform/variables.tf b/environments/skeleton/{{cookiecutter.environment}}/terraform/variables.tf
@@ -6,7 +6,7 @@ variable "cluster_name" {
 variable "cluster_domain_suffix" {
     type = string
     description = "Domain suffix for cluster"
-    default = "invalid"
+    default = "internal"
 }
 
 variable "cluster_net" {

Original file line number	Diff line number	Diff line change
`@@ -6,7 +6,7 @@ variable "cluster_name" {`
`6`	`6`	`variable "cluster_domain_suffix" {`
`7`	`7`	`type = string`
`8`	`8`	`description = "Domain suffix for cluster"`
`9`		`- default = "invalid"`
	`9`	`+ default = "internal"`
`10`	`10`	`}`
`11`	`11`
`12`	`12`	`variable "cluster_net" {`