diff --git a/.travis.yml b/.travis.yml index 5813c95..aca359a 100644 --- a/.travis.yml +++ b/.travis.yml @@ -9,37 +9,10 @@ script: bundle exec rake validate && bundle exec rake lint && bundle exec rake s matrix: fast_finish: true include: - - rvm: 1.9.3 - env: PUPPET_VERSION="~> 3.4.0" - - rvm: 1.9.3 - env: PUPPET_VERSION="~> 3.0" - - rvm: 1.9.3 - env: PUPPET_VERSION="~> 3.0" FUTURE_PARSER="yes" - - rvm: 1.9.3 - env: PUPPET_VERSION="~> 4.0" - - rvm: 2.0.0 - env: PUPPET_VERSION="~> 3.0" - - rvm: 2.0.0 - env: PUPPET_VERSION="~> 3.0" FUTURE_PARSER="yes" - - rvm: 2.0.0 - env: PUPPET_VERSION="~> 4.0" - - rvm: 2.1.5 - env: PUPPET_VERSION="~> 3.0" - - rvm: 2.1.5 - env: PUPPET_VERSION="~> 3.0" FUTURE_PARSER="yes" - - rvm: 2.1.5 - env: PUPPET_VERSION="~> 4.0" - - rvm: 2.1.5 - env: PUPPET_VERSION="~> 4.0" STRICT_VARIABLES="yes" - - rvm: 2.2.3 - env: PUPPET_VERSION="~> 4.0" - - rvm: default - sudo: required - dist: trusty - services: docker - env: BEAKER_set="centos-6-x86_64-docker" - bundler_args: - script: sudo service docker restart ; sleep 10 && bundle exec rake beaker + - rvm: 2.4.5 + env: PUPPET_GEM_VERSION="~> 5.0" + - rvm: 2.5.3 + env: PUPPET_GEM_VERSION="~> 6.0" - rvm: default sudo: required dist: trusty diff --git a/README.md b/README.md index 9d59a22..5d860e5 100644 --- a/README.md +++ b/README.md @@ -14,6 +14,7 @@ 1. [Reference - An under-the-hood peek at what the module is doing and how](#reference) 1. [Limitations - OS compatibility, etc.](#limitations) 1. [Development - Guide for contributing to the module](#development) +1. [GridPP Documentation](#GridPP-Documentation) ## Description @@ -84,3 +85,22 @@ know what the ground rules for contributing are. If you aren't using changelog, put your release notes here (though you should consider using changelog). You can also add any additional sections you feel are necessary or important to include here. Please use the `## ` header. + + +## GridPP Documentation + +- https://www.gridpp.ac.uk/wiki/Example_Build_of_an_HTCondor-CE_Cluster +- https://twiki.cern.ch/twiki/bin/view/LCG/HtCondorCeAccounting + +## Defining job routes + +```yaml +htcondor_ce::job_routes: + dice_centos7: + TargetUniverse: 5 + eval_set_AccountingGroup: 'strcat("group_u_", x509userproxyvoname, ".", Owner)' + delete_SUBMIT_Iwd: true + set_WantIOProxy: true + set_default_maxMemory: 3000 + set_Requirements: 'TARGET.OpSysAndVer == "CentOS7"' +``` diff --git a/Rakefile b/Rakefile index d1e11f7..b3561c1 100644 --- a/Rakefile +++ b/Rakefile @@ -2,6 +2,7 @@ require 'rubygems' require 'puppetlabs_spec_helper/rake_tasks' require 'puppet-lint/tasks/puppet-lint' PuppetLint.configuration.send('disable_80chars') +PuppetLint.configuration.send('disable_autoloader_layout') PuppetLint.configuration.ignore_paths = ["spec/**/*.pp", "pkg/**/*.pp"] desc "Validate manifests, templates, and ruby files" diff --git a/files/01-ce-auth.conf b/files/01-ce-auth.conf new file mode 100644 index 0000000..1f5e85c --- /dev/null +++ b/files/01-ce-auth.conf @@ -0,0 +1,20 @@ +############################################################################### +# +# HTCondor-CE common authorization configuration +# +# This file will NOT be overwritten upon RPM upgrade. +# +############################################################################### + +# Uncomment the following lines if your SciTokens or SSL clients use +# grid certificates or your HTCondor-CE's host certificate is located +# in the standard grid location +# +# https://htcondor-ce.readthedocs.io/en/latest/installation/htcondor-ce#configuring-certificates + +AUTH_SSL_SERVER_CERTFILE = /etc/grid-security/hostcert.pem +AUTH_SSL_SERVER_KEYFILE = /etc/grid-security/hostkey.pem +AUTH_SSL_SERVER_CADIR = /etc/grid-security/certificates +AUTH_SSL_CLIENT_CADIR = /etc/grid-security/certificates +# AUTH_SSL_SERVER_CAFILE = +# AUTH_SSL_CLIENT_CAFILE = \ No newline at end of file diff --git a/files/apel/cron_condor-ce_apel.sh b/files/apel/cron_condor-ce_apel.sh new file mode 100755 index 0000000..fa8ed31 --- /dev/null +++ b/files/apel/cron_condor-ce_apel.sh @@ -0,0 +1,14 @@ +#!/usr/bin/env bash +# accountingRun.sh +# sjones@hep.ph.liv.ac.uk, 2019 +# modified by kreczko@cern.ch +# 210331 modified by WL as per GGUS ticket #150995: "you need to run +# separately the scripts apelclient and ssmsend, so the first one will +# create the accounting records and the second one will send them." +# Run the processes of a HTCondor accounting run + +/usr/share/condor-ce/condor_blah.sh # Make the blah file (CE/Security data) +/usr/share/condor-ce/condor_batch.sh # Make the batch file (batch system job run times) +/usr/bin/apelparser # Read the blah and batch files in +/usr/bin/apelclient # Join blah and batch records to make job records +/usr/bin/ssmsend # Send job records into APEL system diff --git a/manifests/auth.pp b/manifests/auth.pp index 7f01215..f9d3428 100644 --- a/manifests/auth.pp +++ b/manifests/auth.pp @@ -15,4 +15,10 @@ } else { fail("This module currently doesn't support backends other than ARGUS.") } + + package {['ca-certificates']: + ensure => latest, + } + + include fetchcrl } diff --git a/manifests/auth/argus.pp b/manifests/auth/argus.pp index b4b75ca..2dd1df5 100644 --- a/manifests/auth/argus.pp +++ b/manifests/auth/argus.pp @@ -20,29 +20,39 @@ validate_integer($argus_port) validate_string($argus_resourceid) - package { 'argus-pep-api-c': ensure => present, } - - package { 'argus-gsi-pep-callout': - ensure => present, - require => Package['argus-pep-api-c'], + $argus_packages = [ + 'argus-gsi-pep-callout', + 'lcas-plugins-basic', + 'lcas-plugins-voms', + 'lcmaps-plugins-basic', + 'lcmaps-plugins-c-pep', + 'lcmaps-plugins-verify-proxy', + 'lcmaps-plugins-voms', + ] + package { $argus_packages: + ensure => present, + install_options => ['--enablerepo', 'epel,wlcg,UMD-4-base,UMD-4-updates'] } - - file { $pep_callout: + -> file { $pep_callout: ensure => file, owner => 'root', group => 'root', mode => '0644', content => template("${module_name}/gsi-pep-callout.erb"), require => Package['argus-gsi-pep-callout'], - } - - file { $gsi_authz: + } -> file { $gsi_authz: ensure => file, owner => 'root', group => 'root', mode => '0644', source => "puppet:///modules/${module_name}/gsi-authz.conf", require => Package['argus-gsi-pep-callout'], + } -> file{ '/etc/lcmaps/lcmaps.db': + ensure => file, + owner => 'root', + group => 'root', + mode => '0644', + content => template("${module_name}/lcmaps.db.erb"), + require => Package['argus-gsi-pep-callout'], } - } diff --git a/manifests/config.pp b/manifests/config.pp index fc62c7d..6c06038 100644 --- a/manifests/config.pp +++ b/manifests/config.pp @@ -7,16 +7,16 @@ class htcondor_ce::config { $site_security = '/etc/condor-ce/config.d/59-site-security.conf' $main_ce_config = '/etc/condor-ce/config.d/60-configured-attributes.conf' - $job_routes = '/etc/condor-ce/config.d/61-job-routes.conf' $condor_mapfile = '/etc/condor-ce/condor_mapfile' $ce_sysconfig = '/etc/sysconfig/condor-ce' # general parameters used in manifest or more than one template + $install_apel = $::htcondor_ce::install_apel $install_bdii = $::htcondor_ce::install_bdii - $job_routes_template = $::htcondor_ce::job_routes_template $uid_domain = $::htcondor_ce::uid_domain $use_static_shadow = $::htcondor_ce::use_static_shadow # $site_security $gsi_regex = $::htcondor_ce::gsi_regex + $host_dn = $::htcondor_ce::host_dn # $main_ce_config $condor_view_hosts = $::htcondor_ce::condor_view_hosts $pool_collectors = $::htcondor_ce::pool_collectors @@ -38,13 +38,7 @@ content => template("${module_name}/60-configured-attributes.conf.erb"), } - file { $job_routes: - ensure => file, - owner => 'condor', - group => 'condor', - mode => '0644', - content => template($job_routes_template), - } + class {'::htcondor_ce::config::job_routes': } file { $condor_mapfile: ensure => file, @@ -62,7 +56,7 @@ source => "puppet:///modules/${module_name}/sysconfig-condor-ce", } - $config_files = [File[$main_ce_config], File[$site_security], File[$job_routes], File[$condor_mapfile]] + $config_files = [File[$main_ce_config], File[$site_security], File[$condor_mapfile]] exec { '/usr/bin/condor_ce_reconfig': refreshonly => true, } @@ -76,4 +70,10 @@ class { '::htcondor_ce::config::shadow': } } + if $install_apel { + class { '::htcondor_ce::config::apel': } + } + + class { '::htcondor_ce::config::certs': } + } diff --git a/manifests/config/apel.pp b/manifests/config/apel.pp new file mode 100644 index 0000000..8e06c6d --- /dev/null +++ b/manifests/config/apel.pp @@ -0,0 +1,90 @@ +# class htcondor::config::apel +# +# This class configures the +# APEL Accounting for the HTCondor CE +# +# from https://twiki.cern.ch/twiki/bin/view/LCG/HtCondorCeAccounting +class htcondor_ce::config::apel{ + $apel_ce_config = $::htcondor_ce::apel_ce_config + $apel_condor_config = $::htcondor_ce::apel_condor_config + $apel_output_dir = $::htcondor_ce::apel_output_dir + $apel_scaling_attr = $::htcondor_ce::apel_scaling_attr + $apel_mysql_root_pw = $::htcondor_ce::apel_mysql_root_pw + $apel_mysql_db = $::htcondor_ce::apel_mysql_db + $apel_mysql_user = $::htcondor_ce::apel_mysql_user + $apel_mysql_password = $::htcondor_ce::apel_mysql_password + $apel_enable_ssm = $::htcondor_ce::apel_enable_ssm + $hepspec06 = $::htcondor_ce::hepspec06 + + $goc_site_name = $::htcondor_ce::goc_site_name + + + file{$apel_ce_config: + ensure => present, + owner => 'condor', + group => 'condor', + mode => '0644', + content => template("${module_name}/51-ce-apel.conf.erb"), + require => Package['htcondor-ce-apel'], + } + + file{$apel_condor_config: + ensure => present, + owner => 'condor', + group => 'condor', + mode => '0644', + content => template("${module_name}/51-condor-apel.conf.erb"), + require => Package['htcondor-ce-apel'], + } + + ## MySQL settings (apelparser) + class { '::mysql::server': + root_password => $mysql_root_pw, + remove_default_accounts => true, + restart => true + } + + mysql::db { $apel_mysql_db: + user => $apel_mysql_user, + password => $apel_mysql_password, + host => 'localhost', + grant => ['ALL'], + sql => '/usr/share/apel/client.sql' + } + + file{'/etc/apel/client.cfg': + ensure => present, + content => template("${module_name}/apel/client.cfg.erb"), + require => Package['htcondor-ce-apel'], + } + + file{'/etc/apel/parser.cfg': + ensure => present, + content => template("${module_name}/apel/parser.cfg.erb"), + require => Package['htcondor-ce-apel'], + } + + file{'/etc/apel/sender.cfg': + ensure => present, + content => template("${module_name}/apel/sender.cfg.erb"), + require => Package['htcondor-ce-apel'], + } + + file{'/etc/apel/cron_condor-ce_apel.sh': + ensure => present, + source => "puppet:///modules/${module_name}/apel/cron_condor-ce_apel.sh", + mode => '0755', + } + + class { '::cron': + manage_package => false, + } + + cron::job {'apel-processing': + minute => '31', + hour => '2', + command => '/etc/apel/cron_condor-ce_apel.sh', + description => 'APEL HTCondor-CE job parsing', + require => File['/etc/apel/cron_condor-ce_apel.sh'], + } +} diff --git a/manifests/config/bdii.pp b/manifests/config/bdii.pp index 7095261..0ffe3b4 100644 --- a/manifests/config/bdii.pp +++ b/manifests/config/bdii.pp @@ -1,6 +1,6 @@ -# Class: htcondor_ce::bdii +# Class: htcondor_ce::config bdii # -# This class installs and configures the +# This class configures the # Resource BDII for the HTCondor Computing Element # class htcondor_ce::config::bdii { @@ -10,6 +10,7 @@ $supported_vos = $::htcondor_ce::supported_vos $goc_site_name = $::htcondor_ce::goc_site_name $benchmark_result = $::htcondor_ce::benchmark_result + $hepspec06 = $::htcondor_ce::hepspec06 $execution_env_cores = $::htcondor_ce::execution_env_cores $election_type = $::htcondor_ce::election_type $election_hosts = $::htcondor_ce::election_hosts @@ -25,4 +26,12 @@ File[$bdii_ce_config] ~> Exec['/usr/bin/condor_ce_reconfig'] + service{'bdii': + ensure => running, + enable => true, + } + # make sure /etc/condor/config.d/99-ce-bdii.conf is removed + file {'/etc/condor/config.d/99-ce-bdii.conf': + ensure => absent, + } } diff --git a/manifests/config/certs.pp b/manifests/config/certs.pp new file mode 100644 index 0000000..6ae81d5 --- /dev/null +++ b/manifests/config/certs.pp @@ -0,0 +1,38 @@ +# Configures host certificate and key files +class htcondor_ce::config::certs{ + $hostcert_location = $::htcondor_ce::hostcert_location + $hostkey_location = $::htcondor_ce::hostkey_location + + + file {'/etc/grid-security/hostcert.pem': + ensure => file, + owner => 'root', + group => 'root', + mode => '0444', + source => $hostcert_location, + } + + file {'/etc/grid-security/hostkey.pem': + ensure => file, + owner => 'root', + group => 'root', + mode => '0400', + source => $hostkey_location, + } + + file {'/etc/grid-security/condorcert.pem': + ensure => file, + owner => 'condor', + group => 'condor', + mode => '0444', + source => $hostcert_location, + } + + file {'/etc/grid-security/condorkey.pem': + ensure => file, + owner => 'condor', + group => 'condor', + mode => '0400', + source => $hostkey_location, + } +} diff --git a/manifests/config/job_routes.pp b/manifests/config/job_routes.pp new file mode 100644 index 0000000..fc06438 --- /dev/null +++ b/manifests/config/job_routes.pp @@ -0,0 +1,17 @@ +# Generating job_routes for HTCondor CE +class htcondor_ce::config::job_routes{ + $job_routes_base_settings = $::htcondor_ce::job_routes_base_settings + $job_routes = $::htcondor_ce::job_routes + $job_routes_file = '/etc/condor-ce/config.d/61-job-routes.conf' + $job_routes_template = $::htcondor_ce::job_routes_template + + file { $job_routes_file: + ensure => file, + owner => 'condor', + group => 'condor', + mode => '0644', + content => template($job_routes_template), + } + + File[$job_routes_file] ~> Exec['/usr/bin/condor_ce_reconfig'] +} diff --git a/manifests/init.pp b/manifests/init.pp index 55c3517..d71a48f 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -8,12 +8,15 @@ $pool_collectors = $::htcondor_ce::params::pool_collectors, $condor_view_hosts = $::htcondor_ce::params::condor_view_hosts, $job_routes_template = $::htcondor_ce::params::job_routes_template, + $job_routes = $::htcondor_ce::params::job_routes, + $job_routes_base_settings = $::htcondor_ce::params::job_routes_base_settings, $ce_version = $::htcondor_ce::params::ce_version, $lrms = $::htcondor_ce::params::lrms, $lrms_version = $::htcondor_ce::params::lrms_version, $uid_domain = $::htcondor_ce::params::uid_domain, $gsi_regex = $::htcondor_ce::params::gsi_regex, $gsi_backend = $::htcondor_ce::params::gsi_backend, + $host_dn = $::htcondor_ce::params::host_dn, $use_static_shadow = $::htcondor_ce::params::use_static_shadow, $manage_service = $::htcondor_ce::params::manage_service, # for argus @@ -22,9 +25,21 @@ $argus_resourceid = $::htcondor_ce::params::argus_resourceid, # for bdii $install_bdii = $::htcondor_ce::params::install_bdii, + # APEL accounting + $install_apel = $::htcondor_ce::params::install_apel, + $apel_ce_config = $::htcondor_ce::params::apel_ce_config, + $apel_condor_config = $::htcondor_ce::params::apel_condor_config, + $apel_output_dir = $::htcondor_ce::params::apel_output_dir, + $apel_scaling_attr = $::htcondor_ce::params::apel_scaling_attr, + $apel_mysql_root_pw = $::htcondor_ce::params::apel_mysql_root_pw, + $apel_mysql_db = $::htcondor_ce::params::apel_mysql_db, + $apel_mysql_user = $::htcondor_ce::params::apel_mysql_user, + $apel_mysql_password = $::htcondor_ce::params::apel_mysql_password, + $apel_enable_ssm = $::htcondor_ce::params::apel_enable_ssm, $supported_vos = $::htcondor_ce::params::supported_vos, $goc_site_name = $::htcondor_ce::params::goc_site_name, $benchmark_result = $::htcondor_ce::params::benchmark_result, + $hepspec06 = '10.00', $execution_env_cores = $::htcondor_ce::params::execution_env_cores, $election_type = $::htcondor_ce::params::election_type, $election_hosts = $::htcondor_ce::params::election_hosts, diff --git a/manifests/install.pp b/manifests/install.pp index ad6ff07..b507ef9 100644 --- a/manifests/install.pp +++ b/manifests/install.pp @@ -9,21 +9,47 @@ $lrms = $::htcondor_ce::lrms $lrms_version = $::htcondor_ce::lrms_version $use_static_shadow = $::htcondor_ce::use_static_shadow + $install_apel = $::htcondor_ce::install_apel $install_bdii = $::htcondor_ce::install_bdii + $condor_view_hosts = $::htcondor_ce::condor_view_hosts - package { ['globus-rsl', 'blahp', 'empty-ca-certs']: ensure => present, } + include htcondor_ce::install::repositories + + package { ['globus-rsl']: ensure => present, } package { ['htcondor-ce', 'htcondor-ce-client', "htcondor-ce-${lrms}"]: - ensure => $ce_version, - require => Package['condor', 'blahp', 'globus-rsl', 'empty-ca-certs'], + ensure => $ce_version, + install_options => ['--enablerepo', 'epel,wlcg,htcondor-development'], } if $install_bdii { - package { 'htcondor-ce-bdii': ensure => $ce_version, } + package { 'htcondor-ce-bdii': + ensure => $ce_version, + install_options => ['--enablerepo', 'epel,wlcg,htcondor-development'], + } + } + + if $install_apel { + $apel_packages = ['apel-client', 'apel-parsers', 'htcondor-ce-apel'] + + package{$apel_packages: + ensure=> present, + install_options => ['--enablerepo', 'epel,UMD-4-updates,htcondor-development'] + } } if $use_static_shadow { package { 'condor-static-shadow': ensure => $lrms_version, } } + if !empty($condor_view_hosts) and member($condor_view_hosts, $::fqdn) { + package {'htcondor-ce-view': + ensure => present, + install_options => ['--enablerepo', 'epel,wlcg,htcondor-development'], + } + } + + + + } diff --git a/manifests/install/repositories.pp b/manifests/install/repositories.pp new file mode 100644 index 0000000..2b2ee8a --- /dev/null +++ b/manifests/install/repositories.pp @@ -0,0 +1,74 @@ +# Repositories needed for HTCondor installation +class htcondor_ce::install::repositories { + + case $::osfamily { + 'RedHat' : { + yumrepo { 'htcondor-stable': + descr => "HTCondor Stable RPM Repository for Redhat Enterprise Linux ${facts['os']['release']['major']}", + baseurl => 'https://research.cs.wisc.edu/htcondor/yum/stable/8.8/rhel7', + enabled => 0, + gpgcheck => 1, + gpgkey => 'http://research.cs.wisc.edu/htcondor/yum/RPM-GPG-KEY-HTCondor', + before => [Package['htcondor-ce']], + } + + yumrepo { 'htcondor-development': + descr => "HTCondor Development RPM Repository for ${facts['os']['release']['major']}", + baseurl => 'https://research.cs.wisc.edu/htcondor/yum/development/rhel7', + enabled => 0, + gpgcheck => 1, + gpgkey => 'http://research.cs.wisc.edu/htcondor/yum/RPM-GPG-KEY-HTCondor', + before => [Package['htcondor-ce']], + } + + yumrepo { 'wlcg': + descr => 'WLCG Repository', + baseurl => 'http://linuxsoft.cern.ch/wlcg/centos7/$basearch', + enabled => 0, + gpgcheck => 1, + gpgkey => 'http://linuxsoft.cern.ch/wlcg/RPM-GPG-KEY-wlcg', + before => [Package['htcondor-ce']], + } + + yumrepo { 'epel': + descr => 'Extra Packages for Enterprise Linux 7 - $basearch', + metalink => 'https://mirrors.fedoraproject.org/metalink?repo=epel-7&arch=$basearch', + # baseurl => 'http://download.fedoraproject.org/pub/epel/7/$basearch', + enabled => 0, + gpgcheck => 1, + gpgkey => 'https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-7', + before => [Package['htcondor-ce']], + } + + yumrepo { 'EGI-trustanchors': + descr => 'EGI-trustanchors', + baseurl => 'http://repository.egi.eu/sw/production/cas/1/current/', + enabled => 1, + gpgcheck => 1, + gpgkey => 'http://repository.egi.eu/sw/production/cas/1/current/GPG-KEY-EUGridPMA-RPM-3', + before => [Package['htcondor-ce']], + } + + yumrepo { 'UMD-4-base': + descr => "UMD-4-base (${facts['os']['release']['major']})", + baseurl => 'http://repository.egi.eu/sw/production/umd/4/centos7/$basearch/base', + enabled => 0, + gpgcheck => 1, + gpgkey => 'http://repository.egi.eu/sw/production/umd/UMD-RPM-PGP-KEY', + before => [Package['htcondor-ce']], + } + + yumrepo { 'UMD-4-updates': + descr => "UMD-4-updates (${facts['os']['release']['major']})", + baseurl => 'http://repository.egi.eu/sw/production/umd/4/centos7/$basearch/updates', + enabled => 0, + gpgcheck => 1, + gpgkey => 'http://repository.egi.eu/sw/production/umd/UMD-RPM-PGP-KEY', + before => [Package['htcondor-ce']], + } + } + default: { + fail("This module currently doesn't support OSes other than CentOS 7") + } + } +} diff --git a/manifests/params.pp b/manifests/params.pp index 1bca5d8..2973c5a 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -23,4 +23,32 @@ $execution_env_cores = 16 $election_type = 'leader' $election_hosts = $::fqdn + + # cert parameters + $hostcert_location = '/root/hostcert.pem' + $hostkey_location = '/root/hostkey.pem' + + # accounting parameters + $install_apel = true + $apel_ce_config = '/etc/condor-ce/config.d/51-ce-apel.conf' + $apel_condor_config = '/etc/condor/config.d/51-condor-apel.conf' + $apel_output_dir = '/var/lib/condor-ce/apel/' + $apel_scaling_attr = 'RalScaling' + + $apel_mysql_root_pw = '12345' + $apel_mysql_db = 'apel' + $apel_mysql_user = 'apelclient' + $apel_mysql_password = 'apel12345' + $apel_enable_ssm = false + + $job_routes = { + 'default_route' => { + 'TargetUniverse' => 5, + 'eval_set_AccountingGroup' => 'strcat("group_u_", x509userproxyvoname, ".", Owner)', + 'delete_SUBMIT_Iwd' => true, + 'set_WantIOProxy' => true, + 'set_default_maxMemory' => 3000 + } + } + $job_routes_base_settings = {} } diff --git a/metadata.json b/metadata.json index ac02642..3190bab 100644 --- a/metadata.json +++ b/metadata.json @@ -8,7 +8,11 @@ "project_page": "https://github.com/cernops/puppet-htcondor_ce", "issues_url": "https://github.com/cernops/puppet-htcondor_ce/issues", "dependencies": [ - {"name":"puppetlabs-stdlib","version_requirement":">= 1.0.0"} + {"name":"puppetlabs-stdlib","version_requirement":">= 1.0.0"}, + { + "name": "puppet-cron", + "version_requirement": ">= 2.0.0" + } ] } diff --git a/templates/06-ce-bdii.conf.erb b/templates/06-ce-bdii.conf.erb index 2537c07..d6c62f5 100644 --- a/templates/06-ce-bdii.conf.erb +++ b/templates/06-ce-bdii.conf.erb @@ -16,5 +16,6 @@ HTCONDORCE_BDII_LEADER = <%= @election_hosts %> # BDII Static Info and VOs HTCONDORCE_VONames = <%= @supported_vos.sort.join(', ') %> HTCONDORCE_SiteName = <%= @goc_site_name %> -HTCONDORCE_HEPSPEC_INFO = <%= @benchmark_result %> +HTCONDORCE_SPEC = <%= @benchmark_result %> # CPU Benchmarks +HTCONDORCE_HEPSPEC_INFO = <%= @hepspec06 %>-HEP-SPEC06 HTCONDORCE_CORES = <%= @execution_env_cores %> # cores per node diff --git a/templates/51-ce-apel.conf.erb b/templates/51-ce-apel.conf.erb new file mode 100644 index 0000000..710bf80 --- /dev/null +++ b/templates/51-ce-apel.conf.erb @@ -0,0 +1,13 @@ +############################################################################### +# +# HTCondor-CE APEL configuration file. +# +############################################################################### + +# Directory to write batch and blah records +APEL_OUTPUT_DIR = <%= @apel_output_dir -%> + +APEL_CE_HOST = $(CONDOR_HOST) +APEL_BATCH_HOST = $(CONDOR_HOST) + +APEL_SCALING_ATTR = MachineAttr<%= @apel_scaling_attr -%>0 diff --git a/templates/51-condor-apel.conf.erb b/templates/51-condor-apel.conf.erb new file mode 100644 index 0000000..5da94f2 --- /dev/null +++ b/templates/51-condor-apel.conf.erb @@ -0,0 +1,11 @@ +############################################################################### +# +# HTCondor configuration for APEL client reporting +# +# DO NOT EDIT THIS FILE! It will be overwritten upon RPM upgrade. +# If you wish to make changes to the HTCondor-CE configuration, create files +# in /etc/condor/config.d containing your changes. +# +############################################################################### + +SYSTEM_JOB_MACHINE_ATTRS = <%= @apel_scaling_attr -%> diff --git a/templates/apel/client.cfg.erb b/templates/apel/client.cfg.erb new file mode 100644 index 0000000..15e79f1 --- /dev/null +++ b/templates/apel/client.cfg.erb @@ -0,0 +1,83 @@ +# Information about the apel client database +[db] +hostname = localhost +port = 3306 +name = <%=@apel_mysql_db %> +username = <%=@apel_mysql_user %> +password = <%=@apel_mysql_password %> + +[spec_updater] +enabled = true +# The GOCDB site name +site_name = <%=@goc_site_name %> +ldap_host = lcg-bdii.cern.ch +ldap_port = 2170 + +## The following information is necessary for +## local jobs only. Provide an average value for +## machines which your batch system uses. +## Supported specs are HEPSPEC and Si2k +## Provide also a hostname for your batch system. +## This does not need to be a definitive hostname, +## but it should uniquely identify the batch system. +## Example: pbs.gridpp.rl.ac.uk +lrms_server = <%=@fqdn -%>:9619/<%=@fqdn -%>-condor +spec_type = HEPSPEC +spec_value = <%=@hepspec06 -%> + +## To manually set specs for all jobs (not just local ones), configure lines +## like the following named "manual_spec" followed by consecutive integers for +## however many batch systems are relevant. The value should be a unique name +## for the system, then the spec type ('HEPSPEC' or 'Si2k') and the spec value. +# manual_spec1 = grid10.uni.ac.uk:1234/grid10.uni.ac.uk-condor,HEPSPEC,10.0 +# manual_spec2 = grid22.uni.ac.uk:1234/grid22.uni.ac.uk-condor,HEPSPEC,15.0 +# manual_spec3 = grid35.uni.ac.uk:1234/grid35.uni.ac.uk-condor,HEPSPEC,15.0 +manual_spec1 = <%=@fqdn -%>:9619/<%=@fqdn -%>-condor,HEPSPEC,<%=@hepspec06 -%> + +[joiner] +enabled = true +local_jobs = false + +[unloader] +enabled = true +dir_location = /var/spool/apel/ + +# You may send only summaries of your data to the APEL server, +# rather than individual job records. +# This reduces the network load. +send_summaries = false + +# You may send 'withheld' instead of the user's DN in the +# GlobalUserName field. This is only valid for individual +# job records. +withhold_dns = false + +# Optional: send ONLY these VOs to the APEL server. +# This overrides exclude_vos. +#include_vos = atlas,cms,lhcb + +# Optional: do not send these VOs to the APEL server. +# This does not take effect if include_vos is set. +#exclude_vos = atlas,cms + +# Which records to send: +# latest - just send the new records to the server +# gap - send records from between the specified dates (inclusive) +# this is only for individual job records +# all - send all records to the server. Don't do this for individual +# job records without talking to the apel team! +interval = latest +## only used if interval = gap +#gap_start = 2012-01-01 +#gap_end = 2012-01-31 + +# Send CAR-format records - only for job records +send_ur = false + +[ssm] +enabled = <%=@apel_enable_ssm %> + +[logging] +logfile = /var/log/apel/client.log +level = INFO +console = true diff --git a/templates/apel/parser.cfg.erb b/templates/apel/parser.cfg.erb new file mode 100644 index 0000000..41382dc --- /dev/null +++ b/templates/apel/parser.cfg.erb @@ -0,0 +1,55 @@ +# Information about the apel client database +[db] +hostname = localhost +port = 3306 +name = <%=@apel_mysql_db %> +username = <%=@apel_mysql_user %> +password = <%=@apel_mysql_password %> + +[site_info] +# Specify the site name from GOCDB +site_name = <%=@goc_site_name %> +# Batch system hostname. This does not need to be a definitive hostname, +# but it should uniquely identify the batch system. +# Example: pbs.gridpp.rl.ac.uk +lrms_server = <%=@fqdn -%>:9619/<%=@fqdn -%>-condor + +[blah] +enabled = true +dir = /var/lib/condor-ce/apel +# typical logfile name is blahp.log-yyyymmdd +filename_prefix = blah +subdirs = false + +[batch] +enabled = true + +# Reparse all batch system log files and replace them in the database. +# Use with caution! +reparse = false + +# Batch system specific options. +# Valid types are LSF, PBS, SGE, SLURM, HTCondor +type = HTCondor +# Whether to try to parse multi-core details +parallel = false +# Directory to search for accounting logfiles +dir = /var/lib/condor-ce/apel +# Prefix shared by all log files to parse +filename_prefix = batch +# Whether to search subdirectories for logfiles +subdirs = false + +# LSF only: scale CPU and wall durations according to +# 'HostFactor' value in logfiles +#scale_host_factor = false + +# Univa Grid Engine timestamps changed from seconds to milliseconds in version +# 8.2.0, so for versions 8.2.0 onwards use 'true'. Other forks of Grid Engine +# are probably not affected and so should use 'false'. +ge_ms_timestamps = false + +[logging] +logfile = /var/log/apelparser.log +level = INFO +console = true diff --git a/templates/apel/sender.cfg.erb b/templates/apel/sender.cfg.erb new file mode 100644 index 0000000..3d46653 --- /dev/null +++ b/templates/apel/sender.cfg.erb @@ -0,0 +1,60 @@ +################################################################################ +# Required since AMS change: sender configuration options +# + +[sender] +# Either 'STOMP' for STOMP message brokers or 'AMS' for Argo Messaging Service +protocol: AMS + +################################################################################ +# Required: broker configuration options +# + +[broker] + +# The SSM will query a BDII to find brokers available. These details are for the +# EGI production broker network +# bdii: ldap://lcg-bdii.cern.ch:2170 +# network: PROD +# OR (these details will only be used if the broker network settings aren't used) +# host: test-msg02.afroditi.hellasgrid.gr +# port: 6163 +host: msg.argo.grnet.gr + +# broker authentication. If use_ssl is set, the certificates configured +# in the mandatory [certificates] section will be used. +use_ssl: true + + +################################################################################ +# Required: Certificate configuration + +[certificates] +certificate: /etc/grid-security/hostcert.pem +key: /etc/grid-security/hostkey.pem +capath: /etc/grid-security/certificates + +# If supplied, outgoing messages will be encrypted using this certificate. +# May be used in addition to 'use_ssl'. If used, it must be the certificate of +# the final server that's receiving your messages; not your own, nor the broker. +#server_cert: /etc/grid-security/servercert.pem + +################################################################################ +# Messaging configuration. +# +[messaging] +# If using AMS this is the project that SSM will connect to. Ignored for STOMP. +ams_project: accounting + +# Queue to which SSM will send messages +destination: gLite-APEL + +# Outgoing messages will be read and removed from this directory. +path: /var/spool/apel/outgoing + +[logging] +logfile: /var/log/apel/ssmsend.log +# Available logging levels: +# DEBUG, INFO, WARN, ERROR, CRITICAL +level: INFO +console: true \ No newline at end of file diff --git a/templates/condor_mapfile.erb b/templates/condor_mapfile.erb index 4c84d96..306cac2 100644 --- a/templates/condor_mapfile.erb +++ b/templates/condor_mapfile.erb @@ -3,7 +3,9 @@ GSI "^\/DC\=DigiCert-Grid\/DC\=com\/O=Open Science Grid\/OU\=Services\/CN\=(host GSI "^\/DC\=org\/DC\=opensciencegrid\/O=Open Science Grid\/OU\=Services\/CN\=(host\/)?([A-Za-z0-9.\-]*)$" \2@daemon.opensciencegrid.org GSI "^\/DC=ch\/DC=cern\/OU=computers\/CN=?([A-Za-z0-9.\-]*)$" \1@cern.ch GSI "<%= @gsi_regex -%>" \1@<%= @uid_domain %> +GSI "<%= @host_dn -%>" root GSI (.*) GSS_ASSIST_GRIDMAP GSI "(/CN=[-.A-Za-z0-9/= ]+)" \1@unmapped.opensciencegrid.org CLAIMTOBE .* anonymous@claimtobe +FS "^(root|condor)$" \1@daemon.htcondor.org FS (.*) \1 diff --git a/templates/job_routes.conf.erb b/templates/job_routes.conf.erb index 3073ff2..d3fb653 100644 --- a/templates/job_routes.conf.erb +++ b/templates/job_routes.conf.erb @@ -1,23 +1,17 @@ -##################################################### -# Example Job Route -# -# This is an extraordinarily simple job route. -# All it does is route local condor and set a -# simple Accounting Group and default RequestMemory. -##################################################### +##################################################################################### +# Documentation: https://opensciencegrid.org/docs/compute-element/job-router-recipes/ +##################################################################################### + +JOB_ROUTER_ENTRIES @=jre +<% @job_routes.each do |route_name, settings| %> +[ + name = "<%=route_name -%>"; +<% @job_routes_base_settings.each do |name, value| -%> + <%=name -%> = <%=value -%>; +<% end -%> +<% settings.each do |name, value| -%> + <%=name -%> = <%=value -%>; +<% end -%> +]<% end %> +@jre -# No custom functions for job router entries; these are causing crashes in 8.3.5. -# Can remove the eval_set_environment attribute below starting in 8.3.8. -JOB_ROUTER_ENTRIES = \ - [ \ - eval_set_environment = debug(strcat("HOME=/tmp CONDORCE_COLLECTOR_HOST=", CondorCECollectorHost, " ", \ - ifThenElse(orig_environment is undefined, osg_environment, \ - strcat(osg_environment, " ", orig_environment) \ - ))); \ - TargetUniverse = 5; \ - name = "Local_Condor"; \ - eval_set_AccountingGroup = strcat("group_u_", x509userproxyvoname, ".", Owner); \ - delete_SUBMIT_Iwd = true; \ - set_WantIOProxy = true; \ - set_default_maxMemory = 3000; \ - ] diff --git a/templates/lcmaps.db.erb b/templates/lcmaps.db.erb new file mode 100644 index 0000000..2415ee0 --- /dev/null +++ b/templates/lcmaps.db.erb @@ -0,0 +1,18 @@ +path = /usr/lib64/lcmaps + +verify_proxy = "lcmaps_verify_proxy.mod" + "-certdir /etc/grid-security/certificates" + "--discard_private_key_absence" + "--allow-limited-proxy" + +pepc = "lcmaps_c_pep.mod" + "--pep-daemon-endpoint-url https://<%= @argus_server -%>:<%= @argus_port -%>/authz" + "--resourceid <%= @argus_resourceid -%>" + "--actionid http://glite.org/xacml/action/execute" + "--capath /etc/grid-security/certificates/" + "--certificate /etc/grid-security/hostcert.pem" + "--key /etc/grid-security/hostkey.pem" + +# Policies: +arc: +verify_proxy -> pepc