mirror of
https://github.com/ClusterCockpit/cc-docker.git
synced 2025-03-15 19:35:56 +01:00
227 lines
6.4 KiB
Bash
Executable File
227 lines
6.4 KiB
Bash
Executable File
#!/usr/bin/env bash
|
|
set -e
|
|
|
|
# Determine the system architecture dynamically
|
|
ARCH=$(uname -m)
|
|
SLURM_VERSION="24.05.3"
|
|
SLURM_JWT=daemon
|
|
SLURMRESTD_SECURITY=disable_user_check
|
|
|
|
_delete_secrets() {
|
|
if [ -f /.secret/munge.key ]; then
|
|
echo "Removing secrets"
|
|
sudo rm -rf /.secret/munge.key
|
|
sudo rm -rf /.secret/worker-secret.tar.gz
|
|
sudo rm -rf /.secret/setup-worker-ssh.sh
|
|
sudo rm -rf /.secret/jwt_hs256.key
|
|
sudo rm -rf /.secret/jwt_token.txt
|
|
|
|
echo "Done removing secrets"
|
|
ls /.secret/
|
|
fi
|
|
}
|
|
|
|
# start sshd server
|
|
_sshd_host() {
|
|
if [ ! -d /var/run/sshd ]; then
|
|
mkdir /var/run/sshd
|
|
ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N ''
|
|
fi
|
|
echo "Starting sshd"
|
|
/usr/sbin/sshd
|
|
}
|
|
|
|
# setup worker ssh to be passwordless
|
|
_ssh_worker() {
|
|
if [[ ! -d /home/worker ]]; then
|
|
mkdir -p /home/worker
|
|
chown -R worker:worker /home/worker
|
|
fi
|
|
cat >/home/worker/setup-worker-ssh.sh <<EOF2
|
|
mkdir -p ~/.ssh
|
|
chmod 0700 ~/.ssh
|
|
ssh-keygen -b 2048 -t rsa -f ~/.ssh/id_rsa -q -N "" -C "$(whoami)@$(hostname)-$(date -I)"
|
|
cat ~/.ssh/id_rsa.pub > ~/.ssh/authorized_keys
|
|
chmod 0640 ~/.ssh/authorized_keys
|
|
cat >> ~/.ssh/config <<EOF
|
|
Host *
|
|
StrictHostKeyChecking no
|
|
UserKnownHostsFile /dev/null
|
|
LogLevel QUIET
|
|
EOF
|
|
chmod 0644 ~/.ssh/config
|
|
cd ~/
|
|
tar -czvf ~/worker-secret.tar.gz .ssh
|
|
cd -
|
|
EOF2
|
|
chmod +x /home/worker/setup-worker-ssh.sh
|
|
chown worker: /home/worker/setup-worker-ssh.sh
|
|
sudo -u worker /home/worker/setup-worker-ssh.sh
|
|
}
|
|
|
|
# start munge and generate key
|
|
_munge_start() {
|
|
echo "Starting munge"
|
|
chown -R munge: /etc/munge /var/lib/munge /var/log/munge /var/run/munge
|
|
chmod 0700 /etc/munge
|
|
chmod 0711 /var/lib/munge
|
|
chmod 0700 /var/log/munge
|
|
chmod 0755 /var/run/munge
|
|
/sbin/create-munge-key -f
|
|
rngd -r /dev/urandom
|
|
/usr/sbin/create-munge-key -r -f
|
|
sh -c "dd if=/dev/urandom bs=1 count=1024 > /etc/munge/munge.key"
|
|
chown munge: /etc/munge/munge.key
|
|
chmod 600 /etc/munge/munge.key
|
|
sudo -u munge /sbin/munged
|
|
munge -n
|
|
munge -n | unmunge
|
|
remunge
|
|
}
|
|
|
|
# copy secrets to /.secret directory for other nodes
|
|
_copy_secrets() {
|
|
while [ ! -f /home/worker/worker-secret.tar.gz ]; do
|
|
echo -n "."
|
|
sleep 1
|
|
done
|
|
cp /home/worker/worker-secret.tar.gz /.secret/worker-secret.tar.gz
|
|
cp /home/worker/setup-worker-ssh.sh /.secret/setup-worker-ssh.sh
|
|
cp /etc/munge/munge.key /.secret/munge.key
|
|
rm -f /home/worker/worker-secret.tar.gz
|
|
rm -f /home/worker/setup-worker-ssh.sh
|
|
}
|
|
|
|
_openssl_jwt_key() {
|
|
|
|
mkdir -p /var/spool/slurm/statesave
|
|
dd if=/dev/random of=/var/spool/slurm/statesave/jwt_hs256.key bs=32 count=1
|
|
chown slurm:slurm /var/spool/slurm/statesave/jwt_hs256.key
|
|
chmod 0600 /var/spool/slurm/statesave/jwt_hs256.key
|
|
chown slurm:slurm /var/spool/slurm/statesave
|
|
chmod 0755 /var/spool/slurm/statesave
|
|
cp /var/spool/slurm/statesave/jwt_hs256.key /.secret/jwt_hs256.key
|
|
chmod 777 /.secret/jwt_hs256.key
|
|
}
|
|
|
|
_generate_jwt_token() {
|
|
|
|
secret_key=$(cat /var/spool/slurm/statesave/jwt_hs256.key)
|
|
start_time=$(date +%s)
|
|
exp_time=$((start_time + 100000000))
|
|
base64url() {
|
|
# Don't wrap, make URL-safe, delete trailer.
|
|
base64 -w 0 | tr '+/' '-_' | tr -d '='
|
|
}
|
|
|
|
jwt_header=$(echo -n '{"alg":"HS256","typ":"JWT"}' | base64url)
|
|
|
|
jwt_claims=$(cat <<EOF |
|
|
{
|
|
"sun": "root",
|
|
"exp": $exp_time,
|
|
"iat": $start_time
|
|
}
|
|
EOF
|
|
jq -Mcj '.' | base64url)
|
|
# jq -Mcj => Monochrome output, compact output, join lines
|
|
|
|
jwt_signature=$(echo -n "${jwt_header}.${jwt_claims}" |
|
|
openssl dgst -sha256 -hmac "$secret_key" -binary | base64url)
|
|
|
|
# Use the same colours as jwt.io, more-or-less.
|
|
echo "$(tput setaf 1)${jwt_header}$(tput sgr0).$(tput setaf 5)${jwt_claims}$(tput sgr0).$(tput setaf 6)${jwt_signature}$(tput sgr0)"
|
|
|
|
jwt="${jwt_header}.${jwt_claims}.${jwt_signature}"
|
|
|
|
echo $jwt | cat >/.secret/jwt_token.txt
|
|
chmod 777 /.secret/jwt_token.txt
|
|
}
|
|
|
|
# run slurmctld
|
|
_slurmctld() {
|
|
cd /root/rpmbuild/RPMS/$ARCH
|
|
|
|
yum -y --nogpgcheck localinstall slurm-$SLURM_VERSION*.$ARCH.rpm \
|
|
slurm-perlapi-$SLURM_VERSION*.$ARCH.rpm \
|
|
slurm-slurmd-$SLURM_VERSION*.$ARCH.rpm \
|
|
slurm-torque-$SLURM_VERSION*.$ARCH.rpm \
|
|
slurm-slurmctld-$SLURM_VERSION*.$ARCH.rpm
|
|
echo "checking for slurmdbd.conf"
|
|
while [ ! -f /.secret/slurmdbd.conf ]; do
|
|
echo "."
|
|
sleep 1
|
|
done
|
|
echo ""
|
|
mkdir -p /var/spool/slurm/ctld /var/spool/slurm/d /var/log/slurm /etc/slurm /var/run/slurm/d /var/run/slurm/ctld /var/lib/slurm/d /var/lib/slurm/ctld
|
|
chown -R slurm: /var/spool/slurm/ctld /var/spool/slurm/d /var/log/slurm /var/spool /var/lib /var/run/slurm/d /var/run/slurm/ctld /var/lib/slurm/d /var/lib/slurm/ctld
|
|
mkdir -p /etc/config
|
|
chown -R slurm: /etc/config
|
|
|
|
touch /var/log/slurmctld.log
|
|
chown -R slurm: /var/log/slurmctld.log
|
|
touch /var/log/slurmd.log
|
|
chown -R slurm: /var/log/slurmd.log
|
|
|
|
touch /var/lib/slurm/d/job_state
|
|
chown -R slurm: /var/lib/slurm/d/job_state
|
|
touch /var/lib/slurm/d/fed_mgr_state
|
|
chown -R slurm: /var/lib/slurm/d/fed_mgr_state
|
|
touch /var/run/slurm/d/slurmctld.pid
|
|
chown -R slurm: /var/run/slurm/d/slurmctld.pid
|
|
touch /var/run/slurm/d/slurmd.pid
|
|
chown -R slurm: /var/run/slurm/d/slurmd.pid
|
|
|
|
if [[ ! -f /home/config/slurm.conf ]]; then
|
|
echo "### Missing slurm.conf ###"
|
|
exit
|
|
else
|
|
echo "### use provided slurm.conf ###"
|
|
cp /home/config/slurm.conf /etc/slurm/slurm.conf
|
|
chown slurm: /etc/slurm/slurm.conf
|
|
chmod 600 /etc/slurm/slurm.conf
|
|
fi
|
|
|
|
sudo yum install -y nc
|
|
sudo yum install -y procps
|
|
sudo yum install -y iputils
|
|
sudo yum install -y lsof
|
|
sudo yum install -y jq
|
|
|
|
_openssl_jwt_key
|
|
|
|
if [ ! -f /.secret/jwt_hs256.key ]; then
|
|
echo "### Missing jwt.key ###"
|
|
exit 1
|
|
else
|
|
cp /.secret/jwt_hs256.key /etc/config/jwt_hs256.key
|
|
chown slurm: /etc/config/jwt_hs256.key
|
|
chmod 0600 /etc/config/jwt_hs256.key
|
|
fi
|
|
|
|
_generate_jwt_token
|
|
|
|
while ! nc -z slurmdbd 6819; do
|
|
echo "Waiting for slurmdbd to be ready..."
|
|
sleep 2
|
|
done
|
|
|
|
sacctmgr -i add cluster name=linux
|
|
sleep 2s
|
|
echo "Starting slurmctld"
|
|
cp -f /etc/slurm/slurm.conf /.secret/
|
|
/usr/sbin/slurmctld -Dvv
|
|
echo "Started slurmctld"
|
|
}
|
|
|
|
### main ###
|
|
_delete_secrets
|
|
_sshd_host
|
|
|
|
_ssh_worker
|
|
_munge_start
|
|
_copy_secrets
|
|
_slurmctld
|
|
|
|
tail -f /dev/null
|