├── IBMDCO.md ├── LICENSE ├── LSF_On_AWS ├── AWS │ ├── AWS-config.yml │ └── README.md ├── Cleanup.yml ├── IBMSpectrumLSF_onAWS.pdf ├── README.md ├── Step0-setup-prereqs.yml ├── Step1-make-vpc.yml ├── Step2-vpn-bring-up.yml ├── Step3-setup-env.yml ├── Step4-bring-up-ec2-hosts.yml ├── Step5-access-storage.yml ├── Step6-install-LSF.yml ├── Storage-config.yml ├── VPN │ ├── README │ ├── client.ovpn │ └── server.conf ├── group_vars │ └── all ├── make-lsf-server.yml ├── roles │ ├── deploy-cloud-lsf-master │ │ ├── files │ │ │ ├── awsprov_templates.json │ │ │ ├── bringupLSF.sh │ │ │ ├── change_clustername.sh │ │ │ ├── getAwsTokens.py │ │ │ └── hostProviders.json │ │ └── tasks │ │ │ ├── change-clustername.yml │ │ │ ├── config-multi-cluster.yml │ │ │ ├── config-rc.yml │ │ │ ├── export-lsf.yml │ │ │ ├── install-lsf.yml │ │ │ ├── main.yml │ │ │ ├── modify-vpc-subnet.yml │ │ │ ├── setup-ansible.yml │ │ │ └── setup-lsf-prereqs.yml │ ├── deploy-cloud-server-local │ │ ├── files │ │ │ └── change_clustername.sh │ │ └── tasks │ │ │ ├── change-clustername.yml │ │ │ ├── config-lsf-server.yml │ │ │ ├── install-lsf.yml │ │ │ ├── main.yml │ │ │ ├── setup-lsf-postreqs.yml │ │ │ └── setup-lsf-prereqs.yml │ ├── deploy-cloud-server │ │ ├── files │ │ │ └── register-host.sh │ │ └── tasks │ │ │ ├── config-lsf-server.yml │ │ │ ├── main.yml │ │ │ ├── restart-lsf.yml │ │ │ ├── setup-lsf-postreqs.yml │ │ │ └── setup-lsf-server.yml │ ├── deploy-lsf-master-vpn │ │ ├── tasks │ │ │ ├── main.yml │ │ │ └── setup-client-vpn.yml │ │ └── vars │ │ │ └── main.yml │ ├── deploy-lsf │ │ └── tasks │ │ │ ├── export-lsf.yml │ │ │ ├── main.yml │ │ │ └── setup-lsf-prereqs.yml │ ├── deploy-vpn │ │ ├── tasks │ │ │ ├── configure_vpn_server.yml │ │ │ ├── enable_root_ssh.yml │ │ │ └── main.yml │ │ └── vars │ │ │ └── main.yml │ ├── gather-local-env │ │ └── tasks │ │ │ ├── main.yml │ │ │ └── prep-env-files.yml │ ├── gather-lsf-rpms │ │ └── tasks │ │ │ ├── main.yml │ │ │ ├── setup-lsf-master-repo.yml │ │ │ └── setup-lsf-server-repo.yml │ ├── make-ec2-first-node │ │ └── tasks │ │ │ ├── main.yml │ │ │ ├── post-deploy-steps.yml │ │ │ ├── start_MC_ec2_node.yml │ │ │ └── start_SC_ec2_node.yml │ ├── make-ec2-server-nodes │ │ └── tasks │ │ │ ├── main.yml │ │ │ └── make-ec2-servers.yml │ ├── make-ec2-vpc │ │ ├── files │ │ │ └── mask2cidr.sh │ │ └── tasks │ │ │ ├── create_ec2_key_pairs.yml │ │ │ ├── create_nacls.yml │ │ │ ├── create_routes.yml │ │ │ ├── create_security_grp.yml │ │ │ ├── create_subnets.yml │ │ │ ├── create_vpc.yml │ │ │ ├── get_maskcidr.yml │ │ │ └── main.yml │ ├── make-iam-role │ │ ├── files │ │ │ └── permission-policy.json │ │ └── tasks │ │ │ ├── main.yml │ │ │ ├── make-role.yml │ │ │ └── permission-policy.json │ ├── prep-deployer │ │ └── tasks │ │ │ ├── main.yml │ │ │ └── setup-deployer.yml │ ├── prep-lsf-master-vpn │ │ └── tasks │ │ │ ├── install-vpn-prereqs.yml │ │ │ └── main.yml │ ├── prepare-ec2-servers │ │ └── tasks │ │ │ ├── configure-ec2-servers.yml │ │ │ ├── main.yml │ │ │ └── update-env-files.yml │ ├── reconfig-lsf-master │ │ └── tasks │ │ │ ├── config-lsf-master-multi-cluster.yml │ │ │ ├── config-lsf-master.yml │ │ │ ├── main.yml │ │ │ └── restart-lsf.yml │ └── update-remote-env │ │ └── tasks │ │ ├── main.yml │ │ └── update-env-files.yml └── template │ ├── dumpall.j2 │ ├── fstab.j2 │ ├── hosts-lsf.j2 │ ├── hosts.j2 │ ├── inventory-ec2servers.j2 │ ├── inventory-ec2vpn.j2 │ └── iptables ├── LSF_On_IBM_Cloud └── README.md ├── README.md ├── Spectrum_icon-small.png ├── Spectrum_icon.png └── Symphony_icon.png /IBMDCO.md: -------------------------------------------------------------------------------- 1 | # IBM Process For Accepting Third Party Code Contributions 2 | 3 | To improve tracking of contributions to this project we will use a process modeled on the modified DCO 1.1 and use a "sign-off" procedure on patches that are being emailed around or contributed in any other way. 4 | 5 | The sign-off is a simple line within the pull requests comments section, which certifies that you wrote it or otherwise have the right to pass it on as an open-source patch. The rules are pretty simple, if you can certify the below: 6 | 7 | By making a contribution to this project, I certify that: 8 | 9 | (a) The contribution was created in whole or in part by me and I have the right to submit it under the open source license indicated in the file; or 10 | 11 | (b) The contribution is based upon previous work that, to the best of my knowledge, is covered under an appropriate open source License and I have the right under that license to submit that work with modifications, whether created in whole or in part by me, under the same open source license (unless I am permitted to submit under a different license), as indicated in the file; or 12 | 13 | (c) The contribution was provided directly to me by some other person who certified (a), (b) or (c) and I have not modified it. 14 | 15 | (d) The contribution is made free of any other party's intellectual property claims or rights. 16 | 17 | (e) I understand and agree that this project and the contribution are public and that a record of the contribution (including all personal information I submit with it, including my sign-off) is maintained indefinitely and may be redistributed consistent with this project or the open source license(s) involved. 18 | 19 | Then you just add a line saying: 20 | 21 | Signed-off-by: Random J Developer random@developer.org> 22 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Apache License 2 | Version 2.0, January 2004 3 | http://www.apache.org/licenses/ 4 | 5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 6 | 7 | 1. Definitions. 8 | 9 | "License" shall mean the terms and conditions for use, reproduction, 10 | and distribution as defined by Sections 1 through 9 of this document. 11 | 12 | "Licensor" shall mean the copyright owner or entity authorized by 13 | the copyright owner that is granting the License. 14 | 15 | "Legal Entity" shall mean the union of the acting entity and all 16 | other entities that control, are controlled by, or are under common 17 | control with that entity. For the purposes of this definition, 18 | "control" means (i) the power, direct or indirect, to cause the 19 | direction or management of such entity, whether by contract or 20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 21 | outstanding shares, or (iii) beneficial ownership of such entity. 22 | 23 | "You" (or "Your") shall mean an individual or Legal Entity 24 | exercising permissions granted by this License. 25 | 26 | "Source" form shall mean the preferred form for making modifications, 27 | including but not limited to software source code, documentation 28 | source, and configuration files. 29 | 30 | "Object" form shall mean any form resulting from mechanical 31 | transformation or translation of a Source form, including but 32 | not limited to compiled object code, generated documentation, 33 | and conversions to other media types. 34 | 35 | "Work" shall mean the work of authorship, whether in Source or 36 | Object form, made available under the License, as indicated by a 37 | copyright notice that is included in or attached to the work 38 | (an example is provided in the Appendix below). 39 | 40 | "Derivative Works" shall mean any work, whether in Source or Object 41 | form, that is based on (or derived from) the Work and for which the 42 | editorial revisions, annotations, elaborations, or other modifications 43 | represent, as a whole, an original work of authorship. For the purposes 44 | of this License, Derivative Works shall not include works that remain 45 | separable from, or merely link (or bind by name) to the interfaces of, 46 | the Work and Derivative Works thereof. 47 | 48 | "Contribution" shall mean any work of authorship, including 49 | the original version of the Work and any modifications or additions 50 | to that Work or Derivative Works thereof, that is intentionally 51 | submitted to Licensor for inclusion in the Work by the copyright owner 52 | or by an individual or Legal Entity authorized to submit on behalf of 53 | the copyright owner. For the purposes of this definition, "submitted" 54 | means any form of electronic, verbal, or written communication sent 55 | to the Licensor or its representatives, including but not limited to 56 | communication on electronic mailing lists, source code control systems, 57 | and issue tracking systems that are managed by, or on behalf of, the 58 | Licensor for the purpose of discussing and improving the Work, but 59 | excluding communication that is conspicuously marked or otherwise 60 | designated in writing by the copyright owner as "Not a Contribution." 61 | 62 | "Contributor" shall mean Licensor and any individual or Legal Entity 63 | on behalf of whom a Contribution has been received by Licensor and 64 | subsequently incorporated within the Work. 65 | 66 | 2. Grant of Copyright License. Subject to the terms and conditions of 67 | this License, each Contributor hereby grants to You a perpetual, 68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 69 | copyright license to reproduce, prepare Derivative Works of, 70 | publicly display, publicly perform, sublicense, and distribute the 71 | Work and such Derivative Works in Source or Object form. 72 | 73 | 3. Grant of Patent License. Subject to the terms and conditions of 74 | this License, each Contributor hereby grants to You a perpetual, 75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 76 | (except as stated in this section) patent license to make, have made, 77 | use, offer to sell, sell, import, and otherwise transfer the Work, 78 | where such license applies only to those patent claims licensable 79 | by such Contributor that are necessarily infringed by their 80 | Contribution(s) alone or by combination of their Contribution(s) 81 | with the Work to which such Contribution(s) was submitted. If You 82 | institute patent litigation against any entity (including a 83 | cross-claim or counterclaim in a lawsuit) alleging that the Work 84 | or a Contribution incorporated within the Work constitutes direct 85 | or contributory patent infringement, then any patent licenses 86 | granted to You under this License for that Work shall terminate 87 | as of the date such litigation is filed. 88 | 89 | 4. Redistribution. You may reproduce and distribute copies of the 90 | Work or Derivative Works thereof in any medium, with or without 91 | modifications, and in Source or Object form, provided that You 92 | meet the following conditions: 93 | 94 | (a) You must give any other recipients of the Work or 95 | Derivative Works a copy of this License; and 96 | 97 | (b) You must cause any modified files to carry prominent notices 98 | stating that You changed the files; and 99 | 100 | (c) You must retain, in the Source form of any Derivative Works 101 | that You distribute, all copyright, patent, trademark, and 102 | attribution notices from the Source form of the Work, 103 | excluding those notices that do not pertain to any part of 104 | the Derivative Works; and 105 | 106 | (d) If the Work includes a "NOTICE" text file as part of its 107 | distribution, then any Derivative Works that You distribute must 108 | include a readable copy of the attribution notices contained 109 | within such NOTICE file, excluding those notices that do not 110 | pertain to any part of the Derivative Works, in at least one 111 | of the following places: within a NOTICE text file distributed 112 | as part of the Derivative Works; within the Source form or 113 | documentation, if provided along with the Derivative Works; or, 114 | within a display generated by the Derivative Works, if and 115 | wherever such third-party notices normally appear. The contents 116 | of the NOTICE file are for informational purposes only and 117 | do not modify the License. You may add Your own attribution 118 | notices within Derivative Works that You distribute, alongside 119 | or as an addendum to the NOTICE text from the Work, provided 120 | that such additional attribution notices cannot be construed 121 | as modifying the License. 122 | 123 | You may add Your own copyright statement to Your modifications and 124 | may provide additional or different license terms and conditions 125 | for use, reproduction, or distribution of Your modifications, or 126 | for any such Derivative Works as a whole, provided Your use, 127 | reproduction, and distribution of the Work otherwise complies with 128 | the conditions stated in this License. 129 | 130 | 5. Submission of Contributions. Unless You explicitly state otherwise, 131 | any Contribution intentionally submitted for inclusion in the Work 132 | by You to the Licensor shall be under the terms and conditions of 133 | this License, without any additional terms or conditions. 134 | Notwithstanding the above, nothing herein shall supersede or modify 135 | the terms of any separate license agreement you may have executed 136 | with Licensor regarding such Contributions. 137 | 138 | 6. Trademarks. This License does not grant permission to use the trade 139 | names, trademarks, service marks, or product names of the Licensor, 140 | except as required for reasonable and customary use in describing the 141 | origin of the Work and reproducing the content of the NOTICE file. 142 | 143 | 7. Disclaimer of Warranty. Unless required by applicable law or 144 | agreed to in writing, Licensor provides the Work (and each 145 | Contributor provides its Contributions) on an "AS IS" BASIS, 146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 147 | implied, including, without limitation, any warranties or conditions 148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 149 | PARTICULAR PURPOSE. You are solely responsible for determining the 150 | appropriateness of using or redistributing the Work and assume any 151 | risks associated with Your exercise of permissions under this License. 152 | 153 | 8. Limitation of Liability. In no event and under no legal theory, 154 | whether in tort (including negligence), contract, or otherwise, 155 | unless required by applicable law (such as deliberate and grossly 156 | negligent acts) or agreed to in writing, shall any Contributor be 157 | liable to You for damages, including any direct, indirect, special, 158 | incidental, or consequential damages of any character arising as a 159 | result of this License or out of the use or inability to use the 160 | Work (including but not limited to damages for loss of goodwill, 161 | work stoppage, computer failure or malfunction, or any and all 162 | other commercial damages or losses), even if such Contributor 163 | has been advised of the possibility of such damages. 164 | 165 | 9. Accepting Warranty or Additional Liability. While redistributing 166 | the Work or Derivative Works thereof, You may choose to offer, 167 | and charge a fee for, acceptance of support, warranty, indemnity, 168 | or other liability obligations and/or rights consistent with this 169 | License. However, in accepting such obligations, You may act only 170 | on Your own behalf and on Your sole responsibility, not on behalf 171 | of any other Contributor, and only if You agree to indemnify, 172 | defend, and hold each Contributor harmless for any liability 173 | incurred by, or claims asserted against, such Contributor by reason 174 | of your accepting any such warranty or additional liability. 175 | 176 | END OF TERMS AND CONDITIONS 177 | 178 | APPENDIX: How to apply the Apache License to your work. 179 | 180 | To apply the Apache License to your work, attach the following 181 | boilerplate notice, with the fields enclosed by brackets "{}" 182 | replaced with your own identifying information. (Don't include 183 | the brackets!) The text should be enclosed in the appropriate 184 | comment syntax for the file format. We also recommend that a 185 | file or class name and description of purpose be included on the 186 | same "printed page" as the copyright notice for easier 187 | identification within third-party archives. 188 | 189 | Copyright {yyyy} {name of copyright owner} 190 | 191 | Licensed under the Apache License, Version 2.0 (the "License"); 192 | you may not use this file except in compliance with the License. 193 | You may obtain a copy of the License at 194 | 195 | http://www.apache.org/licenses/LICENSE-2.0 196 | 197 | Unless required by applicable law or agreed to in writing, software 198 | distributed under the License is distributed on an "AS IS" BASIS, 199 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 200 | See the License for the specific language governing permissions and 201 | limitations under the License. 202 | 203 | -------------------------------------------------------------------------------- /LSF_On_AWS/AWS/AWS-config.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | # What type of cluster to deploy. Uncomment one of these 4 | # multi_cluster - Deploys a LSF master on the cloud and 5 | # configures the resource connector to 6 | # dynamically size cluster. 7 | # hybrid_cluster - Deploys additional machines in te cloud 8 | # that will join your on premises LSF cluster. 9 | #multi_cluster: true 10 | hybrid_cluster: true 11 | 12 | # Set region to the AWS region to deploy on 13 | AWS_Region: us-east-2 14 | 15 | # Set the access key and secret key for your root AWS account 16 | AWS_Access_Key: {Put your key here} 17 | AWS_Secret_Key: {Put your secret here} 18 | 19 | # The size of the instance to make 20 | AWS_Instance_Type: t2.micro 21 | 22 | # Set image to the AMI you want to build from. The default 23 | # provided is CentOS 7. Also set the default uses for the 24 | # image. 25 | AWS_Image: ami-77724e12 26 | AWS_Image_User: centos 27 | 28 | # The size of the volume for the EBS root disk in GBytes 29 | # Minimum is 8 GBytes 30 | AWS_Root_Disk_Size: 8 31 | 32 | # Set the CIDR block for the VPC. Note this block must not overlap with 33 | # any on premises networks, and the VPN network. 34 | AWS_VPC_CIDR: 10.1.0.0/16 35 | 36 | # Set the CIDR block for the Private subnet in the VPC. Note this block 37 | # must not overlap with VPC private subnet 38 | AWS_VPC_PRV_CIDR: 10.1.1.0/24 39 | 40 | # The URL of the AWS EC2 api 41 | AWS_EC2_URL: https://ec2.amazonaws.com 42 | 43 | # The on premises subnet that will be given access to the 44 | # cloud subnet. 45 | CLIENT_NET: 10.10.10.0 46 | CLIENT_MASK: 255.255.255.0 47 | 48 | # The VPN server private IP on the tun0 interface 49 | # This is not the cloud subnet, this is only for the VPN 50 | SERVER_IP: 10.0.11.1 51 | SERVER_NET: 10.0.11.0 52 | SERVER_MASK: 255.255.255.0 53 | 54 | 55 | # --------------------------------------------------------------------- 56 | # ----- WARNING ----- 57 | # --------------------------------------------------------------------- 58 | # The values below are set automatically by the "Step1-make-vpc.yml" 59 | # playbook as it runs the various tasks. If you are using an existing 60 | # VPC then override the values below. 61 | # If you are providing your own VPN set the AWS_VPN_PRV_IP below 62 | 63 | # This is the IP private subnet address of the VPN on the cloud. The 64 | # machines on the cloud will have this as a route to the on premises 65 | # subnet 66 | AWS_VPN_PRV_IP: none 67 | 68 | # This is the ID of the VPC to use for the LSF instances. 69 | # Starts with "vpc-". Initial value is "none" 70 | AWS_VPC: none 71 | 72 | # Set the VPC subnet id to the private subnet of the VPC 73 | # Starts with "subnet-". Initial value is "none" 74 | AWS_VPC_PRV_Subnet: none 75 | 76 | # Set to the VPC Internet Gateway ID value. 77 | # Starts with "igw-". Initial value is "none" 78 | AWS_VPC_IGW: none 79 | 80 | # Set to the VPC route ID. 81 | # starts with "rtb-". Initial value is "none" 82 | AWS_VPC_Routes: none 83 | 84 | # Set to the Network ACLs ID to use. 85 | # Starts with "acl-". Initial value is "none" 86 | AWS_VPC_NACLs: none 87 | 88 | # The group ID of the Security group that allows SSH in 89 | # As part of the VPC setup create a security group that allows 90 | # ssh in. Starts with "sg-". Initially set to: none 91 | AWS_VPC_Security_Group: none 92 | 93 | # When using the multi_cluster deployment this is the 94 | # name of the IAM Role that will be assigned to the LSF 95 | # master on the cloud. If "none" one will be generated 96 | # called "LSFRCRole" 97 | AWS_IAM_Role_Name: none 98 | 99 | # Set to the name of the SSH key you generated for your user 100 | # Remember to download the associated "*.pem" file and put it in the 101 | # AWS directory. 102 | AWS_Key_Name: MyAmazonKeyPair 103 | 104 | # The location of the "*.pem" file associated with above. 105 | AWS_Private_Key_File: "./AWS/{{ AWS_Key_Name }}.pem" 106 | -------------------------------------------------------------------------------- /LSF_On_AWS/AWS/README.md: -------------------------------------------------------------------------------- 1 | # AWS-config.yml 2 | 3 | The AWS-config.yml file contains the configuration parameters needed to create the LSF Cluster on AWS. Use the instructions below to set the values appropriate for your account. 4 | 5 | It is necessary to choose the type of LSF cluster to deploy early in the process. This is done by editing the AWS/AWS-config.yml file. For a LSF Stretch cluster change the file as follows: 6 | 7 | > \# What type of cluster to deploy. Uncomment one of these 8 | > 9 | > \#multi_cluster: true 10 | > 11 | > hybrid_cluster: true 12 | 13 | For a LSF Multi Cluster deployment change the file setting to: 14 | 15 | > \# What type of cluster to deploy. Uncomment one of these 16 | > 17 | > multi_cluster: true 18 | > 19 | > \#hybrid_cluster: true 20 | 21 | If these values are changed it will be necessary to use the Cleanup.yml playbook to reset the configuration. 22 | 23 | If you have an existing VPC, it is possible to skip this step by taking the related information and populating the AWS-config.yml file. 24 | Make a backup copy of the AWS/AWS-config.yml file. Edit the AWS/AWS-config.yml file, and set the appropriate values. 25 | 26 | ### AWS_Region 27 | 28 | Set this to the region you wish to deploy in 29 | 30 | ### AWS_Access_Key 31 | 32 | Set this to the Access Key for the AWS user account that is being used to deploy to the cloud. This is needed for the duration of the deployment. Once the cluster is deployed on the cloud these values can be deleted. Begins with: AK 33 | 34 | ### AWS_Secret_Key 35 | 36 | Set this to the Secret Key for the AWS user account that is being used to deploy to the cloud. This is needed for the duration of the deployment. Once the cluster is deployed on the cloud these values can be deleted. 37 | 38 | ### AWS_Instance_Type: 39 | 40 | Set this to the size of the instance you want to create e.g. t2.micro 41 | 42 | ### AMS_Image: 43 | 44 | Set this to AMI ID for the image you want to deploy. The default is a CentOS 7 image e.g. ami-77724e12 45 | 46 | ### AWS_VPC_CIDR: 47 | 48 | Set this to the IPv4 address block you wish to use for the VPC. This address block must not overlap with any addresses on the on-premises network, or the VPN network, e.g. 10.1.0.0/16 49 | 50 | ### AWS_VPC_PUB_CIDR: 51 | 52 | Set this to the IPv4 address block for the private network on EC2. This subnet must be inside the AWS_VPC_CIDR address block e.g. 10.1.0.0/24 53 | 54 | ### CLIENT_NET: 10.10.10.0 55 | 56 | ### CLIENT_MASK: 255.255.255.0 57 | 58 | Set these to the IPv4 network address and subnet mask for the on premises network that will be routed to the cloud servers. The LSF master must be part of this network. If Direct Connect is used this data is ignored. 59 | 60 | ### SERVER_IP: 10.0.11.1 61 | 62 | ### SERVER_NET: 10.0.11.0 63 | 64 | ### SERVER_MASK: 255.255.255.0 65 | 66 | These values are only used to control the VPN IP address of the on cloud instance providing the VPN. Make sure these values do not overlap with any other networks. If Direct Connect is used this data is ignored. 67 | 68 | The following values need to be set when an existing VPC is to be used: 69 | 70 | ### AWS_VPC: 71 | 72 | Set this to the VPC ID, or leave it as none to have the playbook generate it 73 | 74 | ### AWS_VPC_PRV_Subnet: 75 | 76 | Set this to the Subnet ID of the private network of the EC2 instances, or leave it as none to have the playbook generate it. 77 | 78 | ### AWS_VPC_IGW: 79 | 80 | Set this to the Internet Gateway ID in the VPC, or leave it as none to have the playbook generate it. 81 | 82 | ### AWS_VPC_Routes: 83 | 84 | Set this to the VPC Routes ID, or leave it as none to have the playbook generate it. 85 | 86 | ### AWS_VPC_NACLs: none 87 | 88 | Set this to the VPC Network ACLs ID, or leave it as none to have the playbook generate it. 89 | 90 | ### AWS_VPC_Security_Group: 91 | 92 | Set this to the VPC Security Group ID to use, or leave it as none to have the playbook generate it. 93 | 94 | ### AWS_Key_Name: 95 | 96 | Set this to the name of the SSH key that was generated in IAM for the AWS user you are using to deploy the LSF cluster. If you do not have one, one will be generated. The associated “.pem” file should be downloaded and placed in the AWS directory. 97 | 98 | -------------------------------------------------------------------------------- /LSF_On_AWS/Cleanup.yml: -------------------------------------------------------------------------------- 1 | # 2 | #----------------------------------- 3 | # Copyright IBM Corp. 1992, 2017. All rights reserved. 4 | # US Government Users Restricted Rights - Use, duplication or disclosure 5 | # restricted by GSA ADP Schedule Contract with IBM Corp. 6 | #----------------------------------- 7 | # 8 | --- 9 | 10 | - name: Delete the EC2 Instances 11 | hosts: localhost 12 | gather_facts: False 13 | vars_prompt: 14 | - name: user_del_vpc 15 | prompt: "\n**************************** Input Needed ****************************\n\nDo you want to delete the VPC [y/n] ?" 16 | default: "n" 17 | private: no 18 | 19 | tasks: 20 | - include_vars: "AWS/AWS-config.yml" 21 | 22 | - set_fact: 23 | del_vpc: "{{ user_del_vpc }}" 24 | 25 | - name: Check for inventory file 26 | stat: 27 | path: "{{ RC_PLAY_TOP }}/inventory_ec2servers.yml" 28 | register: have_inv 29 | 30 | - name: Reload EC2 server inventory 31 | include_vars: "{{ RC_PLAY_TOP }}/inventory_ec2servers.yml" 32 | when: have_inv.stat.exists == True 33 | 34 | - name: Make a hostgroup from EC2 Servers 35 | add_host: 36 | hostname: "{{ item.pub_ip }}" 37 | groupname: ec2servers 38 | with_items: "{{ ec2servers }}" 39 | when: have_inv.stat.exists == True 40 | 41 | - name: Check for inventory file 42 | stat: 43 | path: "{{ RC_PLAY_TOP }}/inventory_ec2.yml" 44 | register: have_vpninv 45 | 46 | - name: Reload EC2 VPN inventory 47 | include_vars: "{{ RC_PLAY_TOP }}/inventory_ec2.yml" 48 | when: have_vpninv.stat.exists == True 49 | 50 | - name: Make a hostgroup from the EC2 VPN node 51 | add_host: 52 | hostname: "{{ item.pub_ip }}" 53 | groupname: ec2vpn 54 | with_items: "{{ ec2vpn }}" 55 | when: have_vpninv.stat.exists == True 56 | 57 | - name: Delete Server Instances 58 | ec2: 59 | state: absent 60 | aws_access_key: "{{ AWS_Access_Key }}" 61 | aws_secret_key: "{{ AWS_Secret_Key }}" 62 | key_name: "{{ AWS_Key_Name }}" 63 | ec2_url: "{{ AWS_EC2_URL }}" 64 | region: "{{ AWS_Region }}" 65 | instance_ids: "{{ item.awsid }}" 66 | with_items: "{{ ec2servers }}" 67 | ignore_errors: True 68 | when: have_inv.stat.exists == True 69 | 70 | - name: Delete VPN Instance (Okay to fail) 71 | ec2: 72 | state: absent 73 | aws_access_key: "{{ AWS_Access_Key }}" 74 | aws_secret_key: "{{ AWS_Secret_Key }}" 75 | key_name: "{{ AWS_Key_Name }}" 76 | ec2_url: "{{ AWS_EC2_URL }}" 77 | region: "{{ AWS_Region }}" 78 | instance_ids: "{{ item.awsid }}" 79 | with_items: "{{ ec2vpn }}" 80 | ignore_errors: True 81 | when: have_vpninv.stat.exists == True 82 | 83 | - name: Wait for instances to terminate before deleting more 84 | pause: 85 | seconds: 180 86 | when: have_inv.stat.exists == True or have_vpninv.stat.exists == True 87 | 88 | - name: Delete Server volumes 89 | ec2_vol: 90 | id: "{{ item.awsvol }}" 91 | aws_access_key: "{{ AWS_Access_Key }}" 92 | aws_secret_key: "{{ AWS_Secret_Key }}" 93 | region: "{{ AWS_Region }}" 94 | ec2_url: "{{ AWS_EC2_URL }}" 95 | state: absent 96 | with_items: "{{ ec2servers }}" 97 | ignore_errors: True 98 | when: have_inv.stat.exists == True 99 | 100 | - name: Delete VPN volumes (Okay to fail) 101 | ec2_vol: 102 | id: "{{ item.awsvol }}" 103 | aws_access_key: "{{ AWS_Access_Key }}" 104 | aws_secret_key: "{{ AWS_Secret_Key }}" 105 | region: "{{ AWS_Region }}" 106 | ec2_url: "{{ AWS_EC2_URL }}" 107 | state: absent 108 | with_items: "{{ ec2vpn }}" 109 | ignore_errors: True 110 | when: have_vpninv.stat.exists == True 111 | 112 | - name: Remove the inventory files 113 | file: 114 | path: "{{ RC_PLAY_TOP }}/{{ item }}" 115 | state: absent 116 | with_items: 117 | - "inventory_ec2.yml" 118 | - "inventory_ec2servers.yml" 119 | - "deploy-lsf-server.tar" 120 | 121 | - name: Remove the support files 122 | file: 123 | path: "{{ RC_PLAY_TOP }}/files/{{ item }}" 124 | state: absent 125 | with_items: 126 | - "group" 127 | - "hosts" 128 | - "hosts.ec2" 129 | - "passwd" 130 | - "shadow" 131 | - "shadow.tmp" 132 | - "fstab.append" 133 | - "hosts-lsf" 134 | 135 | - name: Clean LSF hostcache 136 | lineinfile: 137 | dest: "/opt/ibm/lsfsuite/lsf/work/{{ CLOUD_LSF_CLUSTER_NAME }}/ego/lim/hostcache" 138 | regexp: '.*awshost.*' 139 | create: no 140 | state: absent 141 | 142 | - name: Clean LSF shared file 143 | lineinfile: 144 | dest: /opt/ibm/lsfsuite/lsf/conf/lsf.shared 145 | regexp: "^{{ CLOUD_LSF_CLUSTER_NAME }}.*" 146 | create: no 147 | state: absent 148 | 149 | - name: Reconfigure LSF 150 | shell: echo "y" | lsadmin reconfig 151 | ignore_errors: True 152 | 153 | - name: Reset AWS_VPN_PRV_IP value in file 154 | lineinfile: 155 | dest: "{{ RC_PLAY_TOP }}/AWS/AWS-config.yml" 156 | regexp: '^AWS_VPN_PRV_IP:.*' 157 | line: 'AWS_VPN_PRV_IP: none' 158 | when: 159 | - AWS_VPN_PRV_IP != "none" 160 | 161 | # ---------- Delete VPC ------------- 162 | - name: Delete VPC private subnet 163 | ec2_vpc_subnet: 164 | aws_access_key: "{{ AWS_Access_Key }}" 165 | aws_secret_key: "{{ AWS_Secret_Key }}" 166 | ec2_url: "{{ AWS_EC2_URL }}" 167 | region: "{{ AWS_Region }}" 168 | state: absent 169 | vpc_id: "{{ AWS_VPC }}" 170 | cidr: "{{ AWS_VPC_PRV_CIDR }}" 171 | when: 172 | - AWS_VPC_PRV_Subnet != "none" 173 | - del_vpc == "y" 174 | 175 | - name: Reset AWS_VPC_PRV_Subnet value in file 176 | lineinfile: 177 | dest: "{{ RC_PLAY_TOP }}/AWS/AWS-config.yml" 178 | regexp: '^AWS_VPC_PRV_Subnet:.*' 179 | line: 'AWS_VPC_PRV_Subnet: none' 180 | when: 181 | - AWS_VPC_PRV_Subnet != "none" 182 | - del_vpc == "y" 183 | 184 | - name: Delete VPC subnet routes 185 | ec2_vpc_route_table: 186 | aws_access_key: "{{ AWS_Access_Key }}" 187 | aws_secret_key: "{{ AWS_Secret_Key }}" 188 | ec2_url: "{{ AWS_EC2_URL }}" 189 | region: "{{ AWS_Region }}" 190 | state: absent 191 | vpc_id: "{{ AWS_VPC }}" 192 | lookup: id 193 | route_table_id: "{{ AWS_VPC_Routes }}" 194 | when: 195 | - AWS_VPC_Routes != "none" 196 | - del_vpc == "y" 197 | 198 | - name: Reset AWS_VPC_Routes value in file 199 | lineinfile: 200 | dest: "{{ RC_PLAY_TOP }}/AWS/AWS-config.yml" 201 | regexp: '^AWS_VPC_Routes:.*' 202 | line: 'AWS_VPC_Routes: none' 203 | when: 204 | - AWS_VPC_Routes != "none" 205 | - del_vpc == "y" 206 | 207 | - name: "Delete the Security Group" 208 | ec2_group: 209 | aws_access_key: "{{ AWS_Access_Key }}" 210 | aws_secret_key: "{{ AWS_Secret_Key }}" 211 | ec2_url: "{{ AWS_EC2_URL }}" 212 | region: "{{ AWS_Region }}" 213 | state: absent 214 | vpc_id: "{{ AWS_VPC }}" 215 | name: My_LSF_VPC_SEC_GRP 216 | description: Allow SSH and OpenVPN 217 | # group_id: "{{ AWS_VPC_Security_Group }}" 218 | when: 219 | - AWS_VPC_Security_Group != "none" 220 | - del_vpc == "y" 221 | 222 | - name: Reset AWS_VPC_Security_Group value in file 223 | lineinfile: 224 | dest: "{{ RC_PLAY_TOP }}/AWS/AWS-config.yml" 225 | regexp: '^AWS_VPC_Security_Group:.*' 226 | line: 'AWS_VPC_Security_Group: none' 227 | when: 228 | - AWS_VPC_Security_Group != "none" 229 | - del_vpc == "y" 230 | 231 | - name: Delete Internet Gateway 232 | ec2_vpc_igw: 233 | aws_access_key: "{{ AWS_Access_Key }}" 234 | aws_secret_key: "{{ AWS_Secret_Key }}" 235 | ec2_url: "{{ AWS_EC2_URL }}" 236 | region: "{{ AWS_Region }}" 237 | vpc_id: "{{ AWS_VPC }}" 238 | state: absent 239 | when: 240 | - AWS_VPC_IGW != "none" 241 | - del_vpc == "y" 242 | 243 | - name: Reset AWS_VPC_IGW value in file 244 | lineinfile: 245 | dest: "{{ RC_PLAY_TOP }}/AWS/AWS-config.yml" 246 | regexp: '^AWS_VPC_IGW:.*' 247 | line: 'AWS_VPC_IGW: none' 248 | when: 249 | - AWS_VPC_IGW != "none" 250 | - del_vpc == "y" 251 | 252 | - name: Delete Network ACL 253 | ec2_vpc_nacl: 254 | aws_access_key: "{{ AWS_Access_Key }}" 255 | aws_secret_key: "{{ AWS_Secret_Key }}" 256 | region: "{{ AWS_Region }}" 257 | state: absent 258 | name: My_LSF_VPC_NACL 259 | vpc_id: "{{ AWS_VPC }}" 260 | when: 261 | - AWS_VPC_NACLs != "none" 262 | - del_vpc == "y" 263 | 264 | - name: Reset AWS_VPC_NACLs value in file 265 | lineinfile: 266 | dest: "{{ RC_PLAY_TOP }}/AWS/AWS-config.yml" 267 | regexp: '^AWS_VPC_NACLs:.*' 268 | line: 'AWS_VPC_NACLs: none' 269 | when: 270 | - AWS_VPC_NACLs != "none" 271 | - del_vpc == "y" 272 | 273 | - name: Delete VPC 274 | ec2_vpc_net: 275 | name: My_LSF_VPC 276 | aws_access_key: "{{ AWS_Access_Key }}" 277 | aws_secret_key: "{{ AWS_Secret_Key }}" 278 | ec2_url: "{{ AWS_EC2_URL }}" 279 | region: "{{ AWS_Region }}" 280 | cidr_block: "{{ AWS_VPC_CIDR }}" 281 | state: absent 282 | when: 283 | - AWS_VPC != "none" 284 | - del_vpc == "y" 285 | 286 | - name: Reset AWS_VPC value in file 287 | lineinfile: 288 | dest: "{{ RC_PLAY_TOP }}/AWS/AWS-config.yml" 289 | regexp: '^AWS_VPC:.*' 290 | line: 'AWS_VPC: none' 291 | when: 292 | - AWS_VPC != "none" 293 | - del_vpc == "y" 294 | 295 | - name: Reset files directory contents 296 | shell: rm -rf "{{ RC_PLAY_TOP }}/files/rpms" 297 | when: 298 | - del_vpc == "y" 299 | 300 | - name: Delete the IAM Policy 301 | iam_policy: 302 | aws_access_key: "{{ AWS_Access_Key }}" 303 | aws_secret_key: "{{ AWS_Secret_Key }}" 304 | ec2_url: "{{ AWS_EC2_URL }}" 305 | region: "{{ AWS_Region }}" 306 | iam_type: role 307 | iam_name: LSFRCRole 308 | policy_name: "RC-Access" 309 | state: absent 310 | when: 311 | - AWS_IAM_Role_Name != "none" 312 | - del_vpc == "y" 313 | 314 | - name: Delete the IAM Role 315 | iam: 316 | aws_access_key: "{{ AWS_Access_Key }}" 317 | aws_secret_key: "{{ AWS_Secret_Key }}" 318 | ec2_url: "{{ AWS_EC2_URL }}" 319 | region: "{{ AWS_Region }}" 320 | iam_type: role 321 | name: LSFRCRole 322 | state: absent 323 | when: 324 | - AWS_IAM_Role_Name != "none" 325 | - del_vpc == "y" 326 | 327 | - name: Reset AWS_IAM_Role_Name value in file 328 | lineinfile: 329 | dest: "{{ RC_PLAY_TOP }}/AWS/AWS-config.yml" 330 | regexp: '^AWS_IAM_Role_Name:.*' 331 | line: 'AWS_IAM_Role_Name: none' 332 | when: 333 | - AWS_IAM_Role_Name != "none" 334 | - del_vpc == "y" 335 | 336 | -------------------------------------------------------------------------------- /LSF_On_AWS/IBMSpectrumLSF_onAWS.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/IBMSpectrumComputing/lsf-hybrid-cloud/46cce888f0e11031733ad94a9fd36374dff8db4f/LSF_On_AWS/IBMSpectrumLSF_onAWS.pdf -------------------------------------------------------------------------------- /LSF_On_AWS/README.md: -------------------------------------------------------------------------------- 1 | # lsf-hybrid-cloud 2 | 3 | ## Overview 4 | This repository contains sample code for building two varieties for LSF Hybrid Clouds. LSF Stretch Clusters for extending an on premises LSF cluster using on cloud resources, and LSF Multi Clusters, for creating a second dynamic LSF cluster on cloud that on premises workload can automatically be forwarded to. 5 | 6 | IBM® Spectrum LSF (formerly IBM® Platform™ LSF®) is a complete workload management solution for demanding HPC environments. Featuring intelligent, policy-driven scheduling and easy to use interfaces for job and workflow management, it helps organizations to improve competitiveness by accelerating research and design while controlling costs through superior resource utilization. 7 | 8 | Please note, Spectrum LSF is not itself an application in the traditional sense, but instead provides an environment and framework for other applications to be managed and run in a load balanced efficient manner. It is expected that you will install some kind of application(s) into this environment, or use application installed in your on premise environment to make proper evaluation use of the features and benefits of Spectrum LSF. 9 | 10 | Additional videos that explain how to use this code are detailed below. 11 | 12 | 13 | The sample Ansible playbooks will create the LSF Hybrid cluster on AWS. These playbooks should be taken and customized to meet your specific site requirements. 14 | 15 | ## Requirements 16 | To use these playbooks you will need the following: 17 | 1. IBM Spectrum Suite 10.2.x Enterprise, HPC, or Workgroup editions (Note: Workgroup does not support the Multi Cluster install) 18 | 2. LSF Master with a YUM repository containing CentOS 7.5, or RHEL 7.5. This is because of a dependency of the python2-boto3 package. 19 | 20 | ## Launching 21 | The LSF Stretch cluster and LSF Multi clusters are all created using a series of Ansible playbooks. These playbooks are used to perform the following steps in order: 22 | 1. Prepare the on premises LSF master to deploy the EC2 instances by installing the necessary software prerequisites. 23 | 2. Optionally creating a VPC from some minimal configuration 24 | 3. Optionally bringing up a VPN connection 25 | 4. Marshalling and preparing configuration files for the cloud machines 26 | 5. Launching EC2 instances for the LSF cluster 27 | 6. Optionally accessing on premises storage 28 | 7. Installing the LSF Stretch cluster or LSF Multi cluster 29 | 30 | These playbooks are provided as a framework for customization. Initially they can be run to create a simple on cloud cluster, but they are intended to be taken and customized to meet particular site needs. 31 | 32 | ## Prerequisites 33 | Before deploying the LSF cluster we recommend that you become familiar with the Cloud services that will be used, currently: 34 | 1. **Amazon EC2** - The Amazon EC2 service enables you to launch virtual machine instances with a variety of operating systems. 35 | 2. **Amazon VPC** - The Amazon VPC service lets you provision a private, isolated section of the AWS Cloud where you can launch AWS services and other resources in a virtual network that you define. 36 | 3. **IAM** - AWS Identity and Access Management (IAM) enables you to securely control access to AWS services and resources for your users. 37 | 38 | As you explore the configuration of the cluster other services may also be needed such as EBS, EFS, and the network connection services. 39 | 40 | ### Assumptions 41 | * You are familiar with LSF 42 | * LSF Suite is installed on premises 43 | * The running LSF cluster has applications, licenses, users, and project data available to it for executing tasks 44 | 45 | ## Deployment Options 46 | The code in this repository can deploy two types of LSF Cluster: 47 | 1. LSF Stretch Cluster 48 | 2. LSF Multi Cluster 49 | 50 | The type of cluster to deploy will depend greatly on the workload to run on the cloud and the number of machines. Some experimentation will be needed to determine which is best for you. 51 | Some factors to consider are: 52 | 1. Network latency between your on premise environment and the primary cloud environment being considered 53 | 2. The location of required services (Project data, user authentication, application binaries, etc) 54 | 3. Expected data traffic exiting the cloud over the internet 55 | 56 | 57 | ### LSF Stretch Clusters 58 | This architecture assumes that you have a cluster in another location – either on premise or even running in another cloud or cloud location. The “stretched cluster” architecture is defined as a single cluster stretched over a WAN so that compute nodes in the cloud communicate with a master scheduling host on the originating location. 59 | 60 | Generally, though much simpler in concept than “Multi-Cluster”, this means that all LSF daemon communication with the master scheduler happens over the WAN which can be a source of extra cost or lowered reliability. 61 | 62 | ### LSF Multi Cluster 63 | This is a more complex architecture which adds a master scheduler running in the cloud. By adding a master scheduler in the cloud, the architecture eliminates all the communication from cloud compute node to the on premise master. 64 | 65 | The two master schedulers instead exchange task meta-data in a “job forwarding” model. In this model, users on premise submit workload to a queue on premise, which in turn forwards that workload to the cloud for execution. Upon task completion, the master in the cloud communicates completion, and status with the on premise master and the user is notified. 66 | 67 | ## Instructional Videos 68 | These videos look at how to extent your on premises LSF clusters to the Cloud. In them we look at various topics you need to consider in constructing you Hybrid cloud solution. We show two different LSF configurations suitable for small and large clusters and discuss the benefits of each. We provide sample Ansible playbooks which you can take and customise for your site. Each video covers a different topic, and a different Ansible playbook. They are best viewed in order. 69 | 70 | ### [LSF Cloud Video 1 - Introduction](http://ibm.biz/LSFcloud_video1) 71 | This is the first of the video series on creating a hybrid LSF cluster. This video covers, what is LSF, why do users want to go to the cloud, and how we can help in that journey. We outline two different ways LSF can be configured. The first extends the on premises cluster by adding cloud servers to the cluster. The second constructs a second cluster on the cloud, and dynamically sizes that cluster based on the amount of workload. The subsequent videos provide additional details and live demonstrations on how to build them. 72 | 73 | ### [LSF Cloud Video 2 - What Type of Cluster](http://ibm.biz/LSFcloud_video2) 74 | This video provides details on different way LSF can be configured to use Cloud machines. We start from the simplest case, the LSF Stretch Cluster, which adds Cloud machines into an existing on premises cluster. We then show a LSF Multi Cluster, which creates a separate LSF cluster on the cloud that accepts workload from the on premises cluster and dynamically resizes based on policies. The uses cases of each one is outlined along with the benefits and issues. 75 | 76 | ### [LSF Cloud Video 3 - Installing Prerequisites](http://ibm.biz/LSFcloud_video3) 77 | In this video we start the process of building a LSF hybrid cluster. We start from an existing on premises LSF Suite cluster, and use that, along with some sample Ansible playbooks to deploy the LSF Stretch and LSF Multi clusters on to Amazon Elastic Compute Cloud (Amazon EC2) instances. This video discusses the prerequisites for the sample playbooks. It shows how to setup your AWS account and get the needed AWS keys and certificate that will be used later. It shows the git repository that hosts the code. It shows how to add the AWS keys to the playbooks and run the first playbook to setup you LSF Master to build the rest of the solution. 78 | 79 | ### [LSF Cloud Video 4 - Amazon VPC Configuration](http://ibm.biz/LSFcloud_video4) 80 | This video focuses specifically on Amazon Web Services and there Cloud environment. In it we show a playbook that will construct a Amazon VPC, along with associated subnets, routes, security groups, network ACLs, and internet gateways. We also show how to use an existing Amazon VPC with the playbooks. The LSF cluster will use this Amazon VPC to access the cloud instances. 81 | 82 | ### [LSF Cloud Video 5 - Network Connection](http://ibm.biz/LSFcloud_video5) 83 | The connection between the on premises cluster and the cloud instances is a critical part of the infrastructure. This video looks at different options available with AWS. It shows a sample playbook that will construct a VPN using OpenVPN. We also test the connection to verify it can work with LSF. 84 | 85 | ### [LSF Cloud Video 6 - Users and Groups](http://ibm.biz/LSFcloud_video6) 86 | In this video we discuss ways in which to resolve the issue of providing a consistent user experience with a hybrid cloud. We look at possible solutions for synchronising user, group and host configurations between the on premises and cloud machines. We show a playbook that synchronises the users, groups and hosts between the on premises LSF master and the cloud instances. 87 | 88 | ### [LSF Cloud Video 7 - Bringup LSF Cloud Instances](http://ibm.biz/LSFcloud_video7) 89 | This video uses a playbook to bring up additional cloud instances. The machines are configured so that they can be reached from the on premises LSF master and the users, groups, and host resolution is configured. 90 | 91 | ### [LSF Cloud Video 8 - Storage](http://ibm.biz/LSFcloud_video8) 92 | In this video we cover one of the more difficult issues to address in constructing an LSF hybrid cluster. The architecture of the storage will have a large impact on how the on cloud cluster performs. This video will cover some options, but it is strongly recommended that users perform there own experiments to see what storage configuration option works best for there workloads. We demonstrate a simple storage configuration. 93 | 94 | ### [LSF Cloud Video 9 - LSF Stretch Cluster deployment](http://ibm.biz/LSFcloud_video9) 95 | This video demonstrates the deployment of the LSF Stretch cluster. We take the machine(s) deployed in the previous videos and extent the existing on premises cluster to include additional cloud machines. We show how the LSF Master is reconfigured, and demonstrate jobs running on the cloud instances. 96 | 97 | ### [LSF Cloud Video 10 - LSF Multi Cluster deployment](http://ibm.biz/LSFcloud_video10) 98 | Here we demonstrate the deployment of the LSF Multi cluster. We take the machine(s) deployed in the previous videos and extent the existing on premises cluster to include additional cloud machines. We show how the LSF Master on premises and on cloud is reconfigured. We submit work to the cluster and see it dynamically create new machines on the cloud, and see it terminate those machines when the load drops. 99 | 100 | ### [LSF Cloud Video 11 - Decommissioning the Cluster](http://ibm.biz/LSFcloud_video11) 101 | This video demonstrates how to take down the on cloud cluster. It also shows what must be done to remove any hosts that were dynamically created by the resource connector in the LSF Multi cluster. It is **VERY** important to clean up fully, so a thorough review of this video is recommended. 102 | 103 | ## Extending the Code 104 | The Ansible playbooks used in these videos is hosted on Github here. They are public and freely available for you to take and customize. If you add a new feature you'd like to share with everyone, please post it. 105 | 106 | ## Known Issues 107 | You may encounter an installation issue with Step6-install-LSF for the Multi-Cluster installation where it complains with: 108 | ``` 109 | 2019-01-06 20:53:05,573 p=3555 u=root | failed: [10.1.1.187] (item=[u'ansible', 110 | u'python2-boto', u'python2-boto3']) => {"changed": true, "failed": true, "item" 111 | : ["ansible", "python2-boto", "python2-boto3"], "msg": "Error: Package: python2- 112 | boto3-1.4.6-1.el7.noarch (epel)\n Requires: python2-s3transfer >= 0.1. 113 | 10\n Available: python2-s3transfer-0.1.10-1.el7.noarch (epel)\n 114 | python2-s3transfer = 0.1.10-1.el7\n", "rc": 1, ... 115 | ``` 116 | The problem comes from a renamed python2-s3transfer package. It's now called python-s3transfer, however the python2-boto3 uses the old name in its dependency list. 117 | 118 | If you encounter this problem use the following proceedure to work around the issue until the dependency list is fixed. 119 | 120 | ### Login to LSF Master on Cloud 121 | Get the IP address of the LSF master on cloud from the inventory_ec2servers.yml file. It will typically be in: /opt/ibm/lsf-hybrid-cloud 122 | In the list of ec2servers take the IP address of the first occurance of "prv_ip". This is the private IP of the LSF master node, and should be reachable provided the VPN is running. SSH to this machine e.g. 123 | ``` 124 | # ssh {IP address from above} 125 | ``` 126 | 127 | ### Manually Install the Needed Packages 128 | Use the proceedure below to install the needed packages: 129 | ``` 130 | # yum -y install python2-s3transfer 131 | # yum -y install ansible python2-boto 132 | 133 | # mkdir rpms 134 | # cd rpms 135 | # yumdownloader --resolve python2-boto3 136 | 137 | # rpm -i python2-jmespath-0.9.0-3.el7.noarch.rpm 138 | # rpm -i python2-futures-3.1.1-5.el7.noarch.rpm 139 | # rpm -i python2-botocore-1.6.0-1.el7.noarch.rpm 140 | # rpm -i --nodeps python2-boto3-1.4.6-1.el7.noarch.rpm 141 | ``` 142 | Change the rpm names to match the current versions you downloaded. 143 | 144 | ### Restart the Installation Step 145 | Re-run the Step6-install-LSF playbook. 146 | -------------------------------------------------------------------------------- /LSF_On_AWS/Step0-setup-prereqs.yml: -------------------------------------------------------------------------------- 1 | #----------------------------------- 2 | # Copyright IBM Corp. 1992, 2017. All rights reserved. 3 | # US Government Users Restricted Rights - Use, duplication or disclosure 4 | # restricted by GSA ADP Schedule Contract with IBM Corp. 5 | #----------------------------------- 6 | # 7 | --- 8 | 9 | - name: Setup the AWS API prerequisites. NOTE... Needs Internet access 10 | hosts: LSF_Masters[0] 11 | gather_facts: false 12 | tasks: 13 | 14 | - include_vars: "AWS/AWS-config.yml" 15 | 16 | - name: Check AWS keys 17 | fail: 18 | msg: The AWS_Access_Key is undefined! Edit the AWS/AWS-config.yml and set it 19 | when: 20 | - ( AWS_Access_Key | length == 0 ) 21 | run_once: True 22 | 23 | - name: Determine the LSF cluster name by running lsid 24 | shell: lsid |grep 'cluster name is' |awk '{ print $5 }' 25 | register: LSFClusterName 26 | 27 | - name: Store clustername in variable 28 | set_fact: 29 | LSFClusterNameStr: "{{ LSFClusterName.stdout_lines[0] }}" 30 | 31 | - name: Update LSF lsf.conf add ENABLE_DYNAMIC_HOSTS 32 | lineinfile: 33 | dest: "{{ RC_PLAY_TOP }}/group_vars/all" 34 | state: present 35 | regexp: 'LOCAL_LSF_CLUSTER_NAME.*' 36 | line: "LOCAL_LSF_CLUSTER_NAME: {{ LSFClusterNameStr }}" 37 | 38 | - name: Output the discovered LSF cluster name 39 | debug: 40 | msg: "Set on premises cluster name as: {{ LSFClusterNameStr }}" 41 | 42 | - name: Setup the AWS API prerequisites. NOTE... Needs Internet access 43 | hosts: LSF_Masters[0] 44 | roles: 45 | - prep-deployer 46 | -------------------------------------------------------------------------------- /LSF_On_AWS/Step1-make-vpc.yml: -------------------------------------------------------------------------------- 1 | # 2 | #----------------------------------- 3 | # Copyright IBM Corp. 1992, 2017. All rights reserved. 4 | # US Government Users Restricted Rights - Use, duplication or disclosure 5 | # restricted by GSA ADP Schedule Contract with IBM Corp. 6 | #----------------------------------- 7 | # 8 | --- 9 | 10 | - name: Create all the AWS artifacts from the data in AWS/AWS-config.yml 11 | hosts: LSF_Masters[0] 12 | gather_facts: false 13 | roles: 14 | - make-ec2-vpc 15 | - make-iam-role 16 | -------------------------------------------------------------------------------- /LSF_On_AWS/Step2-vpn-bring-up.yml: -------------------------------------------------------------------------------- 1 | # 2 | #----------------------------------- 3 | # Copyright IBM Corp. 1992, 2017. All rights reserved. 4 | # US Government Users Restricted Rights - Use, duplication or disclosure 5 | # restricted by GSA ADP Schedule Contract with IBM Corp. 6 | #----------------------------------- 7 | # 8 | --- 9 | 10 | - name: Install the OpenVPN prerequisites first 11 | hosts: LSF_Masters[0] 12 | gather_facts: true 13 | roles: 14 | - prep-lsf-master-vpn 15 | 16 | - name: Check for needed VPN config files 17 | hosts: LSF_Masters[0] 18 | gather_facts: false 19 | tasks: 20 | - name: Check for client.ovpn file 21 | stat: 22 | path: "{{ RC_PLAY_TOP }}/VPN/client.ovpn" 23 | register: have_client 24 | 25 | - name: Check for server.conf file 26 | stat: 27 | path: "{{ RC_PLAY_TOP }}/VPN/server.conf" 28 | register: have_server 29 | 30 | - name: Check for myvpn.tlsauth file 31 | stat: 32 | path: "{{ RC_PLAY_TOP }}/VPN/myvpn.tlsauth" 33 | register: have_tlsauth 34 | 35 | - name: Check for server.key file 36 | stat: 37 | path: "{{ RC_PLAY_TOP }}/VPN/server.key" 38 | register: have_srvkey 39 | 40 | - name: Stop deployment so VPN keys and cert can be generated 41 | fail: 42 | msg: Generate the VPN config files and re-run this again. See the instructions in the VPN/README 43 | when: have_client.stat.exists == False or have_server.stat.exists == False or have_tlsauth.stat.exists == False or have_srvkey.stat.exists == False 44 | 45 | - name: Bring-up first EC2 node and configure on-prem side vpn 46 | hosts: LSF_Masters[0] 47 | gather_facts: true 48 | roles: 49 | - make-ec2-first-node 50 | - deploy-lsf-master-vpn 51 | 52 | - name: Configure EC2 main instance 53 | hosts: vpn_host 54 | gather_facts: true 55 | vars_files: 56 | - AWS/AWS-config.yml 57 | vars: 58 | ansible_ssh_private_key_file: "{{ AWS_Private_Key_File }}" 59 | user: "{{ AWS_Image_User }}" 60 | become: true 61 | roles: 62 | - deploy-vpn 63 | 64 | # Verify that the VPN connection is up 65 | - name: Test VPN connection 66 | hosts: LSF_Masters[0] 67 | gather_facts: false 68 | tasks: 69 | - include_vars: "AWS/AWS-config.yml" 70 | 71 | - name: Check VPN connection by pinging from on premises machine to EC2 machine 72 | ping: 73 | data: "{{ SERVER_IP }}" 74 | register: pinged 75 | until: pinged.ping.find("success") 76 | retries: 12 77 | delay: 5 78 | 79 | -------------------------------------------------------------------------------- /LSF_On_AWS/Step3-setup-env.yml: -------------------------------------------------------------------------------- 1 | # 2 | #----------------------------------- 3 | # Copyright IBM Corp. 1992, 2017. All rights reserved. 4 | # US Government Users Restricted Rights - Use, duplication or disclosure 5 | # restricted by GSA ADP Schedule Contract with IBM Corp. 6 | #----------------------------------- 7 | # 8 | --- 9 | 10 | - name: Gather the Users, Groups and Hosts from the LSF Master 11 | hosts: LSF_Masters[0] 12 | tasks: 13 | - include_vars: "AWS/AWS-config.yml" 14 | roles: 15 | - gather-local-env 16 | 17 | - name: Read in EC2 inventory file and assemble a host list 18 | hosts: LSF_Masters[0] 19 | tasks: 20 | - name: Load in playbook provided VPN data (ok to fail) 21 | include_vars: "inventory_ec2.yml" 22 | ignore_errors: True 23 | 24 | - name: Make the ec2vpn host list 25 | add_host: 26 | hostname: "{{ item.prv_ip }}" 27 | groupname: ec2vpn 28 | with_items: "{{ ec2vpn }}" 29 | when: 30 | - ec2vpn is defined 31 | 32 | - name: Push the config to the EC2 nodes 33 | hosts: ec2vpn 34 | vars_files: 35 | - AWS/AWS-config.yml 36 | gather_facts: true 37 | roles: 38 | - update-remote-env 39 | -------------------------------------------------------------------------------- /LSF_On_AWS/Step4-bring-up-ec2-hosts.yml: -------------------------------------------------------------------------------- 1 | # 2 | #----------------------------------- 3 | # Copyright IBM Corp. 1992, 2017. All rights reserved. 4 | # US Government Users Restricted Rights - Use, duplication or disclosure 5 | # restricted by GSA ADP Schedule Contract with IBM Corp. 6 | #----------------------------------- 7 | # 8 | --- 9 | 10 | # This playbook will bring up all the needed EC2 VMs and create a inventory file 11 | # for the next step in the process. 12 | 13 | - name: Should we use EC2 VPN node as part of the LSF Cluster 14 | hosts: LSF_Masters[0] 15 | vars_prompt: 16 | - name: use_vpn 17 | prompt: "\n**************************** Input Needed ****************************\n\nDo you want to use the EC2 VPN node as part of the LSF Cluster? \nIn a Multi-Cluster deployment this will become the LSF Master.\n[y/n]? " 18 | default: "y" 19 | private: no 20 | 21 | - name: num_ec2_vm 22 | prompt: "\n**************************** Input Needed ****************************\n\nHow many additional EC2 nodes would you like to configure as\npart of the LSF Cluster? " 23 | default: 0 24 | private: no 25 | 26 | tasks: 27 | - set_fact: 28 | num_ec2_vm: "{{ num_ec2_vm }}" 29 | 30 | - set_fact: 31 | use_vpn: "{{ use_vpn }}" 32 | 33 | - name: Validate input 34 | fail: 35 | msg: Either the VPN instance must be used for LSF or an additional EC2 instance must be started. Restart playbook and use the VPN instance for LSF, or start 1 additional EC2 insrance 36 | when: 37 | - num_ec2_vm == 0 38 | - use_vpn != y 39 | 40 | - name: Users response 41 | debug: 42 | msg: "The VPN node (if present) will {% set out = '' %}{% if use_vpn != 'y' %}{% set out = 'not ' %}{{ out }}{% endif %}be used as a LSF server host." 43 | 44 | - name: Users response 2 45 | debug: 46 | msg: "Going to start {{ num_ec2_vm }} EC2 VM to be LSF Servers." 47 | 48 | 49 | # -------------------------------------------------------------- 50 | # ------------------ Bring up more LSF Servers --------------- 51 | # -------------------------------------------------------------- 52 | - name: Setup Cloud machines 53 | hosts: LSF_Masters[0] 54 | gather_facts: false 55 | roles: 56 | - make-ec2-server-nodes 57 | tasks: 58 | - name: Reload EC2 server inventory 59 | include_vars: "inventory_ec2servers.yml" 60 | 61 | - name: Make a hostgroup from the private IPs for later testing 62 | add_host: 63 | hostname: "{{ item.prv_ip }}" 64 | groupname: prvec2grp 65 | with_items: "{{ ec2servers }}" 66 | 67 | - name: Make a hostgroup from the public IPs for configuration 68 | add_host: 69 | hostname: "{{ item.pub_ip }}" 70 | # Dont change the groupname. Needed within the tasks 71 | groupname: pubec2grp 72 | with_items: "{{ ec2servers }}" 73 | 74 | 75 | # -------------------------------------------------------------- 76 | # ------------------ Configure EC2 VMs -------------------- 77 | # -------------------------------------------------------------- 78 | - name: Configure the EC2 nodes for later LSF install 79 | hosts: pubec2grp 80 | vars_files: 81 | - AWS/AWS-config.yml 82 | user: "{{ AWS_Image_User }}" 83 | become: true 84 | gather_facts: true 85 | vars: 86 | ansible_ssh_private_key_file: "{{ AWS_Private_Key_File }}" 87 | 88 | roles: 89 | - prepare-ec2-servers 90 | 91 | 92 | # -------------------------------------------------------------- 93 | # ------------------ Test the EC2 nodes -------------------- 94 | # -------------------------------------------------------------- 95 | - name: Test ICMP ping of EC2 nodes private interface 96 | hosts: LSF_Masters[0] 97 | gather_facts: false 98 | tasks: 99 | - name: Try ICMP ping 100 | shell: ping -c 2 -w 5 "{{ item }}" 101 | with_items: "{{ groups.prvec2grp }}" 102 | 103 | - name: Test access to the EC2 VMs private interfaces 104 | hosts: prvec2grp 105 | gather_facts: false 106 | tasks: 107 | - name: Ping Private network interfaces 108 | ping: 109 | 110 | 111 | -------------------------------------------------------------------------------- /LSF_On_AWS/Step5-access-storage.yml: -------------------------------------------------------------------------------- 1 | # 2 | #----------------------------------- 3 | # Copyright IBM Corp. 1992, 2017. All rights reserved. 4 | # US Government Users Restricted Rights - Use, duplication or disclosure 5 | # restricted by GSA ADP Schedule Contract with IBM Corp. 6 | #----------------------------------- 7 | # 8 | --- 9 | 10 | # -------------------------------------------------------------------------------- 11 | # Storage Configuration 12 | # -------------------------------------------------------------------------------- 13 | - name: Generate the fstab file 14 | hosts: LSF_Masters[0] 15 | tags: config-storage 16 | tasks: 17 | - name: Load variables 18 | include_vars: Storage-config.yml 19 | 20 | - name: Create a fstab.append file 21 | template: 22 | src: "{{ RC_PLAY_TOP }}/template/fstab.j2" 23 | dest: "{{ RC_PLAY_TOP }}/files/fstab.append" 24 | 25 | - name: Reload EC2 server inventory 26 | include_vars: "{{ RC_PLAY_TOP }}/inventory_ec2servers.yml" 27 | 28 | - name: Make a hostgroup from the private IPs for ansible to connect to 29 | add_host: 30 | hostname: "{{ item.prv_ip }}" 31 | groupname: ec2servers 32 | with_items: "{{ ec2servers }}" 33 | ignore_errors: True 34 | 35 | 36 | - name: Copy the fstab to the Cloud nodes 37 | hosts: ec2servers 38 | vars_files: 39 | - AWS/AWS-config.yml 40 | gather_facts: true 41 | tags: config-storage 42 | vars: 43 | ansible_ssh_private_key_file: "{{ AWS_Private_Key_File }}" 44 | tasks: 45 | - name: Load variables 46 | include_vars: "{{ RC_PLAY_TOP }}/Storage-config.yml" 47 | ignore_errors: True 48 | 49 | - name: Copy the fstab extensions to the cloud machines 50 | copy: 51 | src: "{{ RC_PLAY_TOP }}/files/fstab.append" 52 | dest: /etc/fstab.append 53 | ignore_errors: True 54 | when: 55 | - sharedir is defined 56 | 57 | - name: Merge the fstab entries 58 | shell: grep -q Storage-config /etc/fstab || cat /etc/fstab.append >> /etc/fstab 59 | args: 60 | executable: /bin/bash 61 | warn: no 62 | ignore_errors: True 63 | when: 64 | - sharedir is defined 65 | 66 | - name: Make the needed directories 67 | shell: test -d "{{ item }}" || mkdir -p "{{ item }}" 68 | args: 69 | executable: /bin/bash 70 | warn: no 71 | with_items: 72 | - "{% set list1 = [] %}{% for i in sharedir %}{% if list1.append( i.mountpnt ) %}{% endif %}{% endfor %}{{ list1 }}" 73 | ignore_errors: True 74 | when: 75 | - sharedir is defined 76 | 77 | - name: Warning 78 | debug: 79 | msg: WARNING if there is a problem with the fstab entries it can cause the play to block indefinately! 80 | 81 | - name: Mounting Storage from on premises network 82 | shell: mount -a 83 | ignore_errors: True 84 | 85 | -------------------------------------------------------------------------------- /LSF_On_AWS/Step6-install-LSF.yml: -------------------------------------------------------------------------------- 1 | # 2 | #----------------------------------- 3 | # Copyright IBM Corp. 1992, 2017. All rights reserved. 4 | # US Government Users Restricted Rights - Use, duplication or disclosure 5 | # restricted by GSA ADP Schedule Contract with IBM Corp. 6 | #----------------------------------- 7 | # 8 | --- 9 | 10 | - name: Read in EC2 inventory file and assemble a host list 11 | hosts: LSF_Masters[0] 12 | tasks: 13 | - name: Reload EC2 server inventory 14 | include_vars: "{{ RC_PLAY_TOP }}/inventory_ec2servers.yml" 15 | 16 | - name: Make a hostgroup from the private IPs for ansible to connect to 17 | add_host: 18 | hostname: "{{ item.prv_ip }}" 19 | groupname: ec2servers 20 | prv_ip: "{{ item.prv_ip }}" 21 | pub_ip: "{{ item.pub_ip }}" 22 | awsid: "{{ item.awsid }}" 23 | awsname: "{{ item.name }}" 24 | prv_name: "{{ item.prv_name }}" 25 | isvpn: "{{ item.isvpn }}" 26 | with_items: "{{ ec2servers }}" 27 | 28 | - name: Reconfigure LSF Master 29 | hosts: LSF_Masters[0] 30 | roles: 31 | - gather-lsf-rpms 32 | - reconfig-lsf-master 33 | 34 | - name: Configure EC2 main instance as part of LSF Cluster 35 | hosts: ec2servers[0] 36 | gather_facts: true 37 | tasks: 38 | - include_vars: "AWS/AWS-config.yml" 39 | - include_vars: "{{ RC_PLAY_TOP }}/inventory_ec2servers.yml" 40 | 41 | - name: include deploy-lsf role 42 | include_role: 43 | name: deploy-lsf 44 | when: 45 | - hybrid_cluster is defined 46 | - hybrid_cluster == true 47 | 48 | - name: include deploy-cloud-lsf-master role 49 | include_role: 50 | name: deploy-cloud-lsf-master 51 | when: 52 | - multi_cluster is defined 53 | - multi_cluster == true 54 | 55 | - name: Configure Additional EC2 server instances to be LSF Servers 56 | hosts: ec2servers[1:] 57 | gather_facts: true 58 | tasks: 59 | - include_vars: "AWS/AWS-config.yml" 60 | 61 | - name: include deploy-cloud-server role 62 | include_role: 63 | name: deploy-cloud-server 64 | when: 65 | - hybrid_cluster is defined 66 | - hybrid_cluster == true 67 | -------------------------------------------------------------------------------- /LSF_On_AWS/Storage-config.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # This file contians the list of filesystems to mount on the 3 | # cloud machines. It is used to generate the contens of the 4 | # /etc/fstab 5 | # 6 | # NOTE: The NFS servers must allow machines on the cloud 7 | # subnets permission to mount the filesystem 8 | # 9 | sharedir: 10 | - export: 10.10.10.10:/export 11 | mountpnt: /nfs 12 | type: nfs 13 | args: defaults 14 | 15 | # Spectrum Scale would look something like: 16 | # 17 | # - export: gpfs 18 | # mountpnt: /some_mount_point 19 | # type: gpfs 20 | # args: rw,mtime,atime,dev=gpfs,noauto 21 | -------------------------------------------------------------------------------- /LSF_On_AWS/VPN/README: -------------------------------------------------------------------------------- 1 | This directory contains all of the keys/certificates needed to setup the VPN connection. They need to be generated before trying to setup the connection. 2 | The following files are expected: 3 | ca.crt client.csr client.ovpn myvpn.tlsauth server.crt 4 | client.crt client.key dh2048.pem server.conf server.key 5 | 6 | The instructions were derived from here: 7 | https://www.digitalocean.com/community/tutorials/how-to-set-up-and-configure-an-openvpn-server-on-centos-7 8 | 9 | Run the Step2-vpn-bring-up.yml playbook if you have not done so already. 10 | It will stop and say the VPN config files are missing. Use the steps below 11 | to generate them. 12 | 13 | 1. Go to the /etc/openvpn/easy-rsa. It will have been generated by running 14 | the Step2-vpn-bring-up.yml playbook. 15 | 16 | 2. Edit the /etc/openvpn/easy-rsa/vars file and set the following parameters: 17 | export KEY_COUNTRY="CA" 18 | export KEY_PROVINCE="ON" 19 | export KEY_CITY="Markham" 20 | export KEY_ORG="IBM" 21 | export KEY_EMAIL="me@myhost.mydomain" 22 | export KEY_CN=company.com 23 | export KEY_NAME=server 24 | export KEY_OU=IBM-Systems 25 | 26 | KEY_COUNTRY is a two letter country abbreviation. 27 | 28 | KEY_PROVINCE is an abbreviation of the state or province. 29 | 30 | KEY_CITY is the location city. 31 | 32 | KEY_ORG is the organization name. 33 | 34 | KEY_EMAIL is a email address associated with these certificates. 35 | 36 | KEY_CN is your domain or subdomain. 37 | 38 | KEY_NAME set this to "server" using any other name will require 39 | changes to the OpenVPN config. 40 | 41 | KEY_OU is the name of the Organizational Unit to which this will 42 | belong. 43 | 44 | 3. Source the vars file just edited. 45 | # . /etc/openvpn/easy-rsa/vars 46 | 47 | 4. Run: clean-all 48 | # ./clean-all 49 | 50 | 5. Run: build-ca 51 | # ./build-ca 52 | It will prompt for confirmation of the values you set in the vars file 53 | 54 | 6. Run: build-key-server server 55 | # ./build-key-server server 56 | It will prompt for confirmation of the values you set in the vars file. 57 | Dont set the challenge password. 58 | When asked to sign the certificate answer "y". 59 | 60 | 7. Run: build-dh 61 | # ./build-dh 62 | 63 | 8. Copy the server files into the /opt/ibm/lsf-hybrid-cloud/VPN directory 64 | # cd /etc/openvpn/easy-rsa/keys 65 | # cp dh2048.pem ca.crt server.crt server.key /opt/ibm/lsf-hybrid-cloud/VPN 66 | 67 | 9. Next build the client files. Run: build-key client 68 | # cd /etc/openvpn/easy-rsa 69 | # ./build-key client 70 | Leave the key name as client, otherwise you will need to modify the 71 | Ansible playbooks. 72 | Dont set the challenge password. 73 | When asked to sign the certificate answer "y". 74 | 75 | 10. Copy the client files 76 | # cd /etc/openvpn/easy-rsa/keys 77 | # cp client.crt client.csr client.key /opt/ibm/lsf-hybrid-cloud/VPN 78 | 79 | 11. Generate a static encryption key 80 | # openvpn --genkey --secret /opt/ibm/lsf-hybrid-cloud/VPN/myvpn.tlsauth 81 | 82 | That's it the keys are ready to be used. 83 | 84 | NOTE: If the VPN server is restarted it's public IP may change. When this happens 85 | it is necessary to modify the /etc/openvpn/client.conf and set the new "remote" 86 | address. 87 | -------------------------------------------------------------------------------- /LSF_On_AWS/VPN/client.ovpn: -------------------------------------------------------------------------------- 1 | client 2 | tls-client 3 | ca /etc/openvpn/keys/ca.crt 4 | cert /etc/openvpn/keys/client.crt 5 | key /etc/openvpn/keys/client.key 6 | tls-crypt /etc/openvpn/myvpn.tlsauth 7 | #remote-cert-eku "TLS Web Client Authentication" 8 | proto udp 9 | remote 99.99.99.99 1194 udp 10 | dev tun 11 | topology subnet 12 | pull 13 | user nobody 14 | group nobody 15 | -------------------------------------------------------------------------------- /LSF_On_AWS/VPN/server.conf: -------------------------------------------------------------------------------- 1 | ################################################# 2 | # Sample OpenVPN 2.0 config file for # 3 | # multi-client server. # 4 | # # 5 | # This file is for the server side # 6 | # of a many-clients <-> one-server # 7 | # OpenVPN configuration. # 8 | # # 9 | # OpenVPN also supports # 10 | # single-machine <-> single-machine # 11 | # configurations (See the Examples page # 12 | # on the web site for more info). # 13 | # # 14 | # This config should work on Windows # 15 | # or Linux/BSD systems. Remember on # 16 | # Windows to quote pathnames and use # 17 | # double backslashes, e.g.: # 18 | # "C:\\Program Files\\OpenVPN\\config\\foo.key" # 19 | # # 20 | # Comments are preceded with '#' or ';' # 21 | ################################################# 22 | 23 | # ---- Edited by Mark ----- 24 | 25 | 26 | remote-cert-eku "TLS Web Client Authentication" 27 | 28 | 29 | # Which local IP address should OpenVPN 30 | # listen on? (optional) 31 | ;local a.b.c.d 32 | 33 | # Which TCP/UDP port should OpenVPN listen on? 34 | # If you want to run multiple OpenVPN instances 35 | # on the same machine, use a different port 36 | # number for each one. You will need to 37 | # open up this port on your firewall. 38 | port 1194 39 | 40 | # TCP or UDP server? 41 | ;proto tcp 42 | proto udp 43 | 44 | # "dev tun" will create a routed IP tunnel, 45 | # "dev tap" will create an ethernet tunnel. 46 | # Use "dev tap0" if you are ethernet bridging 47 | # and have precreated a tap0 virtual interface 48 | # and bridged it with your ethernet interface. 49 | # If you want to control access policies 50 | # over the VPN, you must create firewall 51 | # rules for the the TUN/TAP interface. 52 | # On non-Windows systems, you can give 53 | # an explicit unit number, such as tun0. 54 | # On Windows, use "dev-node" for this. 55 | # On most systems, the VPN will not function 56 | # unless you partially or fully disable 57 | # the firewall for the TUN/TAP interface. 58 | ;dev tap 59 | dev tun 60 | 61 | # Windows needs the TAP-Win32 adapter name 62 | # from the Network Connections panel if you 63 | # have more than one. On XP SP2 or higher, 64 | # you may need to selectively disable the 65 | # Windows firewall for the TAP adapter. 66 | # Non-Windows systems usually don't need this. 67 | ;dev-node MyTap 68 | 69 | # SSL/TLS root certificate (ca), certificate 70 | # (cert), and private key (key). Each client 71 | # and the server must have their own cert and 72 | # key file. The server and all clients will 73 | # use the same ca file. 74 | # 75 | # See the "easy-rsa" directory for a series 76 | # of scripts for generating RSA certificates 77 | # and private keys. Remember to use 78 | # a unique Common Name for the server 79 | # and each of the client certificates. 80 | # 81 | # Any X509 key management system can be used. 82 | # OpenVPN can also use a PKCS #12 formatted key file 83 | # (see "pkcs12" directive in man page). 84 | ca /etc/openvpn/keys/ca.crt 85 | cert /etc/openvpn/keys/server.crt 86 | key /etc/openvpn/keys/server.key # This file should be kept secret 87 | 88 | # Diffie hellman parameters. 89 | # Generate your own with: 90 | # openssl dhparam -out dh2048.pem 2048 91 | dh /etc/openvpn/keys/dh2048.pem 92 | 93 | # Network topology 94 | # Should be subnet (addressing via IP) 95 | # unless Windows clients v2.0.9 and lower have to 96 | # be supported (then net30, i.e. a /30 per client) 97 | # Defaults to net30 (not recommended) 98 | topology subnet 99 | 100 | # Configure server mode and supply a VPN subnet 101 | # for OpenVPN to draw client addresses from. 102 | # The server will take 10.8.0.1 for itself, 103 | # the rest will be made available to clients. 104 | # Each client will be able to reach the server 105 | # on 10.8.0.1. Comment this line out if you are 106 | # ethernet bridging. See the man page for more info. 107 | 108 | # Maintain a record of client <-> virtual IP address 109 | # associations in this file. If OpenVPN goes down or 110 | # is restarted, reconnecting clients can be assigned 111 | # the same virtual IP address from the pool that was 112 | # previously assigned. 113 | ifconfig-pool-persist ipp.txt 114 | 115 | # Configure server mode for ethernet bridging. 116 | # You must first use your OS's bridging capability 117 | # to bridge the TAP interface with the ethernet 118 | # NIC interface. Then you must manually set the 119 | # IP/netmask on the bridge interface, here we 120 | # assume 10.8.0.4/255.255.255.0. Finally we 121 | # must set aside an IP range in this subnet 122 | # (start=10.8.0.50 end=10.8.0.100) to allocate 123 | # to connecting clients. Leave this line commented 124 | # out unless you are ethernet bridging. 125 | ;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100 126 | 127 | # Configure server mode for ethernet bridging 128 | # using a DHCP-proxy, where clients talk 129 | # to the OpenVPN server-side DHCP server 130 | # to receive their IP address allocation 131 | # and DNS server addresses. You must first use 132 | # your OS's bridging capability to bridge the TAP 133 | # interface with the ethernet NIC interface. 134 | # Note: this mode only works on clients (such as 135 | # Windows), where the client-side TAP adapter is 136 | # bound to a DHCP client. 137 | ;server-bridge 138 | 139 | # Push routes to the client to allow it 140 | # to reach other private subnets behind 141 | # the server. Remember that these 142 | # private subnets will also need 143 | # to know to route the OpenVPN client 144 | # address pool (10.8.0.0/255.255.255.0) 145 | # back to the OpenVPN server. 146 | ;push "route 192.168.10.0 255.255.255.0" 147 | ;push "route 192.168.20.0 255.255.255.0" 148 | 149 | # To assign specific IP addresses to specific 150 | # clients or if a connecting client has a private 151 | # subnet behind it that should also have VPN access, 152 | # use the subdirectory "ccd" for client-specific 153 | # configuration files (see man page for more info). 154 | 155 | # EXAMPLE: Suppose the client 156 | # having the certificate common name "Thelonious" 157 | # also has a small subnet behind his connecting 158 | # machine, such as 192.168.40.128/255.255.255.248. 159 | # First, uncomment out these lines: 160 | client-config-dir ccd 161 | ;route 192.168.40.128 255.255.255.248 162 | 163 | # Then create a file ccd/Thelonious with this line: 164 | # iroute 192.168.40.128 255.255.255.248 165 | # This will allow Thelonious' private subnet to 166 | # access the VPN. This example will only work 167 | # if you are routing, not bridging, i.e. you are 168 | # using "dev tun" and "server" directives. 169 | 170 | # EXAMPLE: Suppose you want to give 171 | # Thelonious a fixed VPN IP address of 10.9.0.1. 172 | # First uncomment out these lines: 173 | ;client-config-dir ccd 174 | ;route 10.9.0.0 255.255.255.252 175 | # Then add this line to ccd/Thelonious: 176 | # ifconfig-push 10.9.0.1 10.9.0.2 177 | 178 | # Suppose that you want to enable different 179 | # firewall access policies for different groups 180 | # of clients. There are two methods: 181 | # (1) Run multiple OpenVPN daemons, one for each 182 | # group, and firewall the TUN/TAP interface 183 | # for each group/daemon appropriately. 184 | # (2) (Advanced) Create a script to dynamically 185 | # modify the firewall in response to access 186 | # from different clients. See man 187 | # page for more info on learn-address script. 188 | ;learn-address ./script 189 | 190 | # If enabled, this directive will configure 191 | # all clients to redirect their default 192 | # network gateway through the VPN, causing 193 | # all IP traffic such as web browsing and 194 | # and DNS lookups to go through the VPN 195 | # (The OpenVPN server machine may need to NAT 196 | # or bridge the TUN/TAP interface to the internet 197 | # in order for this to work properly). 198 | ;push "redirect-gateway def1 bypass-dhcp" 199 | 200 | # Certain Windows-specific network settings 201 | # can be pushed to clients, such as DNS 202 | # or WINS server addresses. CAVEAT: 203 | # http://openvpn.net/faq.html#dhcpcaveats 204 | # The addresses below refer to the public 205 | # DNS servers provided by opendns.com. 206 | ;push "dhcp-option DNS 208.67.222.222" 207 | ;push "dhcp-option DNS 208.67.220.220" 208 | 209 | # Uncomment this directive to allow different 210 | # clients to be able to "see" each other. 211 | # By default, clients will only see the server. 212 | # To force clients to only see the server, you 213 | # will also need to appropriately firewall the 214 | # server's TUN/TAP interface. 215 | ;client-to-client 216 | 217 | # Uncomment this directive if multiple clients 218 | # might connect with the same certificate/key 219 | # files or common names. This is recommended 220 | # only for testing purposes. For production use, 221 | # each client should have its own certificate/key 222 | # pair. 223 | # 224 | # IF YOU HAVE NOT GENERATED INDIVIDUAL 225 | # CERTIFICATE/KEY PAIRS FOR EACH CLIENT, 226 | # EACH HAVING ITS OWN UNIQUE "COMMON NAME", 227 | # UNCOMMENT THIS LINE OUT. 228 | ;duplicate-cn 229 | 230 | # The keepalive directive causes ping-like 231 | # messages to be sent back and forth over 232 | # the link so that each side knows when 233 | # the other side has gone down. 234 | # Ping every 10 seconds, assume that remote 235 | # peer is down if no ping received during 236 | # a 120 second time period. 237 | keepalive 10 120 238 | 239 | # For extra security beyond that provided 240 | # by SSL/TLS, create an "HMAC firewall" 241 | # to help block DoS attacks and UDP port flooding. 242 | # 243 | # Generate with: 244 | # openvpn --genkey --secret ta.key 245 | # 246 | # The server and each client must have 247 | # a copy of this key. 248 | # The second parameter should be '0' 249 | # on the server and '1' on the clients. 250 | ;tls-auth ta.key 0 # This file is secret 251 | tls-crypt myvpn.tlsauth 252 | 253 | # Select a cryptographic cipher. 254 | # This config item must be copied to 255 | # the client config file as well. 256 | # Note that v2.4 client/server will automatically 257 | # negotiate AES-256-GCM in TLS mode. 258 | # See also the ncp-cipher option in the manpage 259 | cipher AES-256-CBC 260 | 261 | # Enable compression on the VPN link and push the 262 | # option to the client (v2.4+ only, for earlier 263 | # versions see below) 264 | ;compress lz4-v2 265 | ;push "compress lz4-v2" 266 | 267 | # For compression compatible with older clients use comp-lzo 268 | # If you enable it here, you must also 269 | # enable it in the client config file. 270 | ;comp-lzo 271 | 272 | # The maximum number of concurrently connected 273 | # clients we want to allow. 274 | ;max-clients 100 275 | 276 | # It's a good idea to reduce the OpenVPN 277 | # daemon's privileges after initialization. 278 | # 279 | # You can uncomment this out on 280 | # non-Windows systems. 281 | user nobody 282 | group nobody 283 | 284 | # The persist options will try to avoid 285 | # accessing certain resources on restart 286 | # that may no longer be accessible because 287 | # of the privilege downgrade. 288 | persist-key 289 | persist-tun 290 | 291 | # Output a short status file showing 292 | # current connections, truncated 293 | # and rewritten every minute. 294 | status openvpn-status.log 295 | 296 | # By default, log messages will go to the syslog (or 297 | # on Windows, if running as a service, they will go to 298 | # the "\Program Files\OpenVPN\log" directory). 299 | # Use log or log-append to override this default. 300 | # "log" will truncate the log file on OpenVPN startup, 301 | # while "log-append" will append to it. Use one 302 | # or the other (but not both). 303 | ;log openvpn.log 304 | ;log-append openvpn.log 305 | 306 | # Set the appropriate level of log 307 | # file verbosity. 308 | # 309 | # 0 is silent, except for fatal errors 310 | # 4 is reasonable for general usage 311 | # 5 and 6 can help to debug connection problems 312 | # 9 is extremely verbose 313 | verb 3 314 | 315 | # Silence repeating messages. At most 20 316 | # sequential messages of the same message 317 | # category will be output to the log. 318 | ;mute 20 319 | 320 | # Notify the client that when the server restarts so it 321 | # can automatically reconnect. 322 | explicit-exit-notify 1 323 | -------------------------------------------------------------------------------- /LSF_On_AWS/group_vars/all: -------------------------------------------------------------------------------- 1 | # Debug flag to turn on more variable debugging. 2 | # Turn off for real deployments!!! It shows passwords 3 | Debug_Tasks: true 4 | 5 | # LSF directories 6 | LSF_SUITE_TOP: /opt/ibm/lsfsuite 7 | LSF_TOP: "{{ LSF_SUITE_TOP }}/lsf" 8 | LSF_CONF_DIR: "{{ LSF_TOP }}/conf" 9 | LSF_WORK_DIR: "{{ LSF_TOP }}/work" 10 | LSF_LOG_DIR: /opt/ibm/lsflogs 11 | 12 | # Directories for the Resource COnnector playbooks 13 | RC_PLAY_TOP: /opt/ibm/lsf-hybrid-cloud 14 | 15 | # rpm packages location 16 | LSF_PACKAGES_DIR: /var/www/html/lsf_suite_pkgs/x86_64 17 | 18 | # LSF on-premise cluster name 19 | LOCAL_LSF_CLUSTER_NAME: myCluster 20 | 21 | # LSF on-cloud cluster name 22 | CLOUD_LSF_CLUSTER_NAME: myCloudCluster 23 | -------------------------------------------------------------------------------- /LSF_On_AWS/make-lsf-server.yml: -------------------------------------------------------------------------------- 1 | #----------------------------------- 2 | # Copyright IBM Corp. 1992, 2018. All rights reserved. 3 | # US Government Users Restricted Rights - Use, duplication or disclosure 4 | # restricted by GSA ADP Schedule Contract with IBM Corp. 5 | #----------------------------------- 6 | # 7 | --- 8 | 9 | - name: Gather ec2 instances from Resource Connector 10 | hosts: LSF_Masters[0] 11 | vars_files: 12 | - AWS/AWS-config.yml 13 | user: "{{ AWS_Image_User }}" 14 | become: true 15 | gather_facts: true 16 | vars: 17 | ansible_ssh_private_key_file: "{{ AWS_Private_Key_File }}" 18 | roles: 19 | - gather-local-env 20 | tasks: 21 | - name: Reload EC2 server inventory 22 | include_vars: "{{ RC_PLAY_TOP }}/inventory_ec2servers.yml" 23 | 24 | - name: Make a hostgroup from the private IPs for ansible to connect to 25 | add_host: 26 | hostname: "{{ item.prv_ip }}" 27 | groupname: ec2servers 28 | prv_ip: "{{ item.prv_ip }}" 29 | with_items: "{{ ec2servers }}" 30 | 31 | - name: Reload VPN server inventory 32 | include_vars: "inventory_ec2.yml" 33 | 34 | - name: Make the ec2vpn host list 35 | add_host: 36 | hostname: "{{ item.pub_ip }}" 37 | groupname: ec2vpn 38 | prv_ip: "{{ item.prv_ip }}" 39 | with_items: "{{ ec2vpn }}" 40 | 41 | - name: Reload the new ec2 server from rc results 42 | add_host: 43 | hostname: "{{ item.private_ip }}" 44 | groupname: ec2newservers 45 | with_items: "{{ ec2.instances }}" 46 | 47 | - name: Load variables 48 | include_vars: "{{ RC_PLAY_TOP }}/Storage-config.yml" 49 | 50 | - name: Create a fstab.append file 51 | template: 52 | src: "{{ RC_PLAY_TOP }}/template/fstab.j2" 53 | dest: "{{ RC_PLAY_TOP }}/files/fstab.append" 54 | 55 | - name: Wait for SSH to come up 56 | wait_for: 57 | host: "{{ item.public_dns_name }}" 58 | port: 22 59 | delay: 60 60 | timeout: 320 61 | state: started 62 | with_items: "{{ ec2.instances }}" 63 | 64 | 65 | 66 | - name: Configure EC2 main instance as part of LSF Cluster 67 | hosts: ec2newservers 68 | vars_files: 69 | - AWS/AWS-config.yml 70 | user: "{{ AWS_Image_User }}" 71 | become: true 72 | gather_facts: true 73 | vars: 74 | ansible_ssh_private_key_file: "{{ AWS_Private_Key_File }}" 75 | roles: 76 | - update-remote-env 77 | - deploy-cloud-server 78 | -------------------------------------------------------------------------------- /LSF_On_AWS/roles/deploy-cloud-lsf-master/files/awsprov_templates.json: -------------------------------------------------------------------------------- 1 | { 2 | "templates": [ 3 | { 4 | "templateId": "CENTOS-Template-VM-1", 5 | "maxNumber": 2, 6 | "attributes": { 7 | "type": ["String", "X86_64"], 8 | "ncores": ["Numeric", "1"], 9 | "ncpus": ["Numeric", "1"], 10 | "mem": ["Numeric", "1024"], 11 | "awshost": ["Boolean", "1"] 12 | }, 13 | "imageId": "{{ AWS_Image }}", 14 | "subnetId": "{{ AWS_VPC_PRV_Subnet }}", 15 | "keyName": "{{ AWS_Key_Name }}", 16 | "vmType": "{{ AWS_Instance_Type }}", 17 | "securityGroupIds": ["{{ AWS_VPC_Security_Group }}"], 18 | "userData": "zone={{ AWS_Region }}" 19 | } 20 | ] 21 | } 22 | -------------------------------------------------------------------------------- /LSF_On_AWS/roles/deploy-cloud-lsf-master/files/bringupLSF.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | inputFile=$1 3 | outputFile=$2 4 | 5 | count=$(cat $inputFile | jq '.machines[]' |grep 'name' | wc -l) 6 | 7 | a=0 8 | result="succeed" 9 | 10 | 11 | cat > /tmp/ec2_instances << END 12 | { 13 | "ec2": { 14 | "instances": [ 15 | ] 16 | } 17 | } 18 | END 19 | 20 | while [ $a -lt $count ] 21 | do 22 | hostName=$(cat $inputFile | jq '.machines['${a}'].name') 23 | publicIp=$(cat $inputFile | jq '.machines['${a}'].publicIpAddress') 24 | privateIp=$(cat $inputFile | jq '.machines['${a}'].privateIpAddress') 25 | instanceId=$(cat $inputFile | jq '.machines['${a}'].machineId') 26 | rcAccount=$(cat $inputFile | jq '.machines['${a}'].rc_account') 27 | 28 | #add your custom code here for each machine in the request 29 | #write the output of each machine to the output json file 30 | 31 | sed -i '/]/i {\"name\": '${hostName}', \"result\": \"'${result}'\", \"message\": \"'${message}'\" }' $outputFile 32 | sed -i '/]/i {\"public_dns_name\": '${publicIp}', \"public_ip\": '${publicIp}', \"id\": '${instanceId}', \"private_dns_name\": '${hostName}', \"private_ip\": '${privateIp}', \"block_device_mapping\": \"\"},' /tmp/ec2_instances 33 | a=`expr $a + 1` 34 | done 35 | 36 | #remove redundant comma to have a valid json file 37 | sed -i ':begin;$!N;s/},\n\s*]/}\n\t]/;tbegin;P;D' /tmp/ec2_instances 38 | 39 | cd /opt/ibm/lsf_installer/; nohup ansible-playbook -i lsf-inventory make-lsf-server.yml --extra-vars "@/tmp/ec2_instances" > /dev/null 2>&1 & 40 | -------------------------------------------------------------------------------- /LSF_On_AWS/roles/deploy-cloud-lsf-master/files/change_clustername.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | #----------------------------------- 3 | # Copyright IBM Corp. 1992, 2017. All rights reserved. 4 | # US Government Users Restricted Rights - Use, duplication or disclosure 5 | # restricted by GSA ADP Schedule Contract with IBM Corp. 6 | #----------------------------------- 7 | 8 | exitWithErr () 9 | { 10 | echo $* >&2 11 | exit 1 12 | 13 | } 14 | get_prev_cname() 15 | { 16 | 17 | local cname=`sed -n -e '/Begin Cluster/,/End Cluster/ {/Begin Cluster/b;/ClusterName/b;/End Cluster/b;s/^\([^#].*\)/\1/p }' /opt/ibm/lsfsuite/lsf/conf/lsf.shared` 18 | echo ${cname} 19 | } 20 | 21 | change_path_name() 22 | { 23 | 24 | local file=$1 25 | if [ -f $file ]; then 26 | 27 | sed -i -e 's@^\(.*/opt/ibm/lsfsuite/lsf/conf/ego/\)[^/].*\(/eservice.*\)@\1'"${curr_cname}\2@" $file 28 | sed -i -e 's@^\(.*/opt/ibm/lsfsuite/lsf/conf/ego/\)[^/].*\(/kernel.*\)@\1'"${curr_cname}\2@" $file 29 | sed -i -e 's@^\(.*${EGO_TOP}/conf/ego/\)[^/].*\(/eservice.*\)@\1'"${curr_cname}\2@" $file 30 | sed -i -e 's@^\(.*/opt/ibm/lsfsuite/lsf/work/\)[^/].*\(/ego.*\)@\1'"${curr_cname}\2@" $file 31 | sed -i -e 's@^\(.*/opt/ibm/lsfsuite/lsf/work/\)[^/].*\(/live_confdir.*\)@\1'"${curr_cname}\2@" $file 32 | sed -i -e 's@^\(.*/opt/ibm/lsfsuite/lsf/work/\)[^/].*\(/staging.*\)@\1'"${curr_cname}\2@" $file 33 | fi 34 | } 35 | 36 | change_ego_subdir() 37 | { 38 | 39 | local dir=${LSF_TOPDIR}/conf/ego 40 | if [ -f ${dir}/${curr_cname} ]; then 41 | : 42 | elif [ -f ${dir}/${prev_cname} ]; then 43 | mv -f ${dir}/${prev_cname} ${dir}/${curr_cname} 44 | else 45 | local subdirs=`ls ${dir}` 46 | for d in ${subdirs}; do 47 | if [ -d ${dir}/${d}/kernel ]; then 48 | mv -f ${dir}/${d} ${dir}/${curr_cname} 49 | break 50 | fi 51 | done 52 | fi 53 | } 54 | 55 | change_lsbatch_subdir() 56 | { 57 | 58 | local dir=${LSF_TOPDIR}/conf/lsbatch 59 | if [ -d ${dir}/${curr_cname} ]; then 60 | : 61 | elif [ -d ${dir}/${prev_cname} ]; then 62 | mv -f ${dir}/${prev_cname} ${dir}/${curr_cname} 63 | else 64 | local subdirs=`ls ${dir}` 65 | for d in ${subdirs}; do 66 | if [ -d ${dir}/${d}/configdir ]; then 67 | mv -f ${dir}/${d} ${dir}/${curr_cname} 68 | break 69 | fi 70 | done 71 | fi 72 | # PAC doesn't like multiple cluster names under /opt/ibm/lsfsuite/lsf/conf/lsbatch/ 73 | local subdirs=`ls ${dir}` 74 | for d in ${subdirs}; do 75 | if [ -d ${dir}/${d} -a "${d}" != "${curr_cname}" ]; then 76 | rm -rf ${dir}/${d} 77 | fi 78 | done 79 | 80 | } 81 | 82 | change_work_subdir() 83 | { 84 | 85 | # live_confdir/lsbatch/ 86 | local dir=${LSF_TOPDIR}/work/${curr_cname}/live_confdir/lsbatch/ 87 | if [ -d ${dir}/${curr_cname} ]; then 88 | : 89 | elif [ -d ${dir}/${prev_cname} ]; then 90 | mv -f ${dir}/${prev_cname} ${dir}/${curr_cname} 91 | else 92 | local subdirs=`ls ${dir}` 93 | for d in ${subdirs}; do 94 | if [ -d ${dir}/${d} ]; then 95 | mv -f ${dir}/${d} ${dir}/${curr_cname} 96 | break 97 | fi 98 | done 99 | fi 100 | 101 | local dir=${LSF_TOPDIR}/work 102 | if [ -f ${dir}/${curr_cname} ]; then 103 | : 104 | elif [ -f ${dir}/${prev_cname} ]; then 105 | mv -f ${dir}/${prev_cname} ${dir}/${curr_cname} 106 | else 107 | local subdirs=`ls ${dir}` 108 | for d in ${subdirs}; do 109 | if [ -d ${dir}/${d}/logdir ]; then 110 | mv -f ${dir}/${d} ${dir}/${curr_cname} 111 | break 112 | fi 113 | done 114 | fi 115 | } 116 | 117 | # this should be done before change lsf.shared 118 | change_conf_file_names() 119 | { 120 | local dir=${LSF_TOPDIR}/conf 121 | # lsf.datamanager file 122 | if [ -f ${dir}/lsf.datamanager.${curr_cname} ]; then 123 | : 124 | elif [ -f ${dir}/lsf.datamanager.${prev_cname} ]; then 125 | mv -f ${dir}/lsf.datamanager.${prev_cname} ${dir}/lsf.datamanager.${curr_cname} 126 | else 127 | for f in `ls ${dir}/lsf.datamanager.*`; do 128 | mv -f ${dir}/$(basename ${f}) ${dir}/lsf.datamanager.${curr_cname} 129 | break 130 | done 131 | fi 132 | # lsf.cluster file 133 | if [ -f ${dir}/lsf.cluster.${curr_cname} ]; then 134 | : 135 | elif [ -f ${dir}/lsf.cluster.${prev_cname} ]; then 136 | mv -f ${dir}/lsf.cluster.${prev_cname} ${dir}/lsf.cluster.${curr_cname} 137 | else 138 | for f in `ls $dir/lsf.cluster.*`; do 139 | mv -f ${dir}/$(basename ${f}) ${dir}/lsf.cluster.${curr_cname} 140 | break 141 | done 142 | fi 143 | 144 | } 145 | 146 | change_content_path() 147 | { 148 | local files="\ 149 | ${LSF_TOPDIR}/conf/profile.lsf \ 150 | ${LSF_TOPDIR}/conf/cshrc.lsf \ 151 | ${LSF_TOPDIR}/conf/ego/${curr_cname}/eservice/esc/conf/services/named.xml \ 152 | ${LSF_TOPDIR}/conf/ego/${curr_cname}/eservice/esd/conf/named/conf/named.conf \ 153 | ${LSF_TOPDIR}/conf/ego/${curr_cname}/kernel/ego.conf \ 154 | ${LSF_TOPDIR}/conf/lsf.conf \ 155 | ${LSF_TOPDIR}/conf/lsf.datamanager.${curr_cname} \ 156 | " 157 | 158 | for f in $files; do 159 | if [ -f $f ]; then 160 | change_path_name ${f} 161 | fi 162 | done; 163 | } 164 | 165 | change_content_name() 166 | { 167 | 168 | # lsf.licensescheduler 169 | local lsf_licensescheduler_file=${LSF_TOPDIR}/conf/lsf.licensescheduler 170 | sed -i -e "s/\(CLUSTER_DISTRIBUTION=LanServer(\)[^ ].*\( .*\)/\1${curr_cname}\2/" ${lsf_licensescheduler_file} 171 | #sed -i -e "/Begin Clusters/,/End Clusters/ {/Begin Clusters/b;/^CLUSTERS/b;/End Clusters/b;s/^[^#].*/${curr_cname}/ }" ${lsf_licensescheduler_file} 172 | 173 | if [ "${prev_cname}" = "myCluster" ]; then 174 | sed -i -e "/Begin Clusters/,/End Clusters/ {/Begin Clusters/b;/^CLUSTERS/b;/End Clusters/b; s/^[ \t]*\(${prev_cname}.*\)/#\1/ }" ${lsf_licensescheduler_file} 175 | else 176 | sed -i -e "/Begin Clusters/,/End Clusters/ {/Begin Clusters/b;/^CLUSTERS/b;/End Clusters/b; /^[ \t]*\(${prev_cname}.*\)/ d; }" ${lsf_licensescheduler_file} 177 | fi 178 | local hasOne=`sed -n -e "/Begin Clusters/,/End Clusters/ { /${curr_cname}/ p}" ${lsf_licensescheduler_file}` 179 | if [ "x${hasOne}" = "x" ]; then 180 | sed -i -e "/End Clusters/ i\ 181 | ${curr_cname}" ${lsf_licensescheduler_file} 182 | fi 183 | 184 | # lsf.shared 185 | sed -i -e "/Begin Cluster/,/End Cluster/ {/Begin Cluster/b;/^ClusterName/b;/End Cluster/b;s/^[^#].*/${curr_cname}/ }" ${LSF_TOPDIR}/conf/lsf.shared 186 | # lsf.datamanager 187 | if [ -f ${LSF_TOPDIR}/conf/lsf.datamanager.${curr_cname} ]; then 188 | sed -i -e "/Begin RemoteDataManagers/,/End RemoteDataManagers/ {/Begin RemoteDataManagers/b; /End RemoteDataManagers/b; /CLUSTERNAME/ b;/^#/b; s/^[^ ].*\([ ]\+[^ ].*\)\( .*\)/${curr_cname}\1\2/ }" ${LSF_TOPDIR}/conf/lsf.datamanager.${curr_cname} 189 | fi 190 | } 191 | 192 | change_cluster_name_datamgr_only() 193 | { 194 | local dir=${LSF_TOPDIR}/conf 195 | # lsf.datamanager file 196 | if [ -f ${dir}/lsf.datamanager.${curr_cname} ]; then 197 | : 198 | elif [ -f ${dir}/lsf.datamanager.${prev_cname} ]; then 199 | mv -f ${dir}/lsf.datamanager.${prev_cname} ${dir}/lsf.datamanager.${curr_cname} 200 | else 201 | for f in `ls ${dir}/lsf.datamanager.*`; do 202 | mv -f ${dir}/$(basename ${f}) ${dir}/lsf.datamanager.${curr_cname} 203 | break 204 | done 205 | fi 206 | change_path_name ${LSF_TOPDIR}/conf/lsf.datamanager.${curr_cname} 207 | if [ -f ${LSF_TOPDIR}/conf/lsf.datamanager.${curr_cname} ]; then 208 | sed -i -e "/Begin RemoteDataManagers/,/End RemoteDataManagers/ {/Begin RemoteDataManagers/b; /End RemoteDataManagers/b; /CLUSTERNAME/ b;/^#/b; s/^[^ ].*\([ ]\+[^ ].*\)\( .*\)/${curr_cname}\1\2/ }" ${LSF_TOPDIR}/conf/lsf.datamanager.${curr_cname} 209 | fi 210 | # staging dir 211 | if [ ! -d ${LSF_TOPDIR}/work/${curr_cname}/staging ]; then 212 | pushd ${LSF_TOPDIR}/work > /dev/null 2>&1 213 | for d in myCluster ${prev_cname}; do 214 | if [ -d ${d}/staging ]; then 215 | mv -f ${d}/staging ${curr_cname} 216 | break 217 | fi 218 | done 219 | popd > /dev/null 2>&1 220 | fi 221 | rm -f ${LSF_TOPDIR}/conf/.lsf.datamanager.clustername.${prev_cname}.changed 222 | touch ${LSF_TOPDIR}/conf/.lsf.datamanager.clustername.${curr_cname}.changed 223 | 224 | } 225 | 226 | curr_cname= 227 | datamgr_only=N 228 | LSF_TOPDIR=/opt/ibm/lsfsuite/lsf 229 | prev_cname=$(get_prev_cname) 230 | if [ "x${prev_cname}" = "x" ]; then 231 | exitWithErr "The cluster name cannot be found in lsf.shared." 232 | fi 233 | if [ $# -gt 1 ]; then 234 | while [[ $# -gt 1 ]]; do 235 | key="$1" 236 | case $key in 237 | -c) 238 | curr_cname="$2" 239 | shift 240 | ;; 241 | -d) 242 | datamgr_only="$2" 243 | shift 244 | ;; 245 | *) 246 | shift 247 | ;; 248 | esac 249 | shift 250 | done 251 | fi 252 | 253 | if [ "x${curr_cname}" = "x" ]; then 254 | exitWithErr "-c not specified." 255 | fi 256 | echo "curr_cname = $curr_cname" 257 | if [ "${datamgr_only}" = "Y" ]; then 258 | echo "change cluster name for DataManager" 259 | change_cluster_name_datamgr_only 260 | exit 0 261 | fi 262 | 263 | change_lsbatch_subdir 264 | change_work_subdir 265 | change_ego_subdir 266 | change_conf_file_names 267 | change_content_path 268 | change_content_name 269 | rm -f ${LSF_TOPDIR}/conf/.clustername.${prev_cname}.changed 270 | touch ${LSF_TOPDIR}/conf/.clustername.${curr_cname}.changed 271 | 272 | 273 | -------------------------------------------------------------------------------- /LSF_On_AWS/roles/deploy-cloud-lsf-master/files/getAwsTokens.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | 3 | import os 4 | import json 5 | import urllib 6 | 7 | URL='http://169.254.169.254/latest/meta-data/iam/security-credentials/{{ AWS_IAM_Role_Name }}' 8 | GOTFILE='role.perm' 9 | urllib.urlretrieve(URL, GOTFILE) 10 | 11 | fp=open(GOTFILE, 'r') 12 | rd=fp.read(-1) 13 | fp.close() 14 | jd=json.loads(rd) 15 | print("[default]") 16 | print("aws_access_key_id=" + jd['AccessKeyId']) 17 | print("aws_secret_access_key=" + jd['SecretAccessKey']) 18 | print("aws_session_token=" + jd['Token']) 19 | 20 | -------------------------------------------------------------------------------- /LSF_On_AWS/roles/deploy-cloud-lsf-master/files/hostProviders.json: -------------------------------------------------------------------------------- 1 | { 2 | "providers":[ 3 | { 4 | "name": "aws", 5 | "type": "awsProv", 6 | "confPath": "resource_connector/aws", 7 | "scriptPath": "resource_connector/aws", 8 | "preProvPath": "/opt/ibm/lsfsuite/lsf/10.1/resource_connector/aws/scripts/bringupLSF.sh", 9 | "provTimeOut": 10 10 | } 11 | ] 12 | } 13 | -------------------------------------------------------------------------------- /LSF_On_AWS/roles/deploy-cloud-lsf-master/tasks/change-clustername.yml: -------------------------------------------------------------------------------- 1 | --- 2 | #----------------------------------- 3 | # Copyright IBM Corp. 1992, 2017. All rights reserved. 4 | # US Government Users Restricted Rights - Use, duplication or disclosure 5 | # restricted by GSA ADP Schedule Contract with IBM Corp. 6 | #----------------------------------- 7 | # 8 | 9 | - name: Changing clustername 10 | debug: 11 | msg: "Changing from myCluster to {{ CLOUD_LSF_CLUSTER_NAME }}" 12 | 13 | - name: Change the cluster name in conf files 14 | script: "../files/change_clustername.sh -c {{ CLOUD_LSF_CLUSTER_NAME }}" 15 | args: 16 | creates: "{{ LSF_CONF_DIR }}/.clustername.{{ CLOUD_LSF_CLUSTER_NAME }}.changed" 17 | 18 | -------------------------------------------------------------------------------- /LSF_On_AWS/roles/deploy-cloud-lsf-master/tasks/config-multi-cluster.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # ----------------------------------- 3 | # Copyright IBM Corp. 1992, 2018. All rights reserved. 4 | # US Government Users Restricted Rights - Use, duplication or disclosure 5 | # restricted by GSA ADP Schedule Contract with IBM Corp. 6 | # ----------------------------------- 7 | 8 | # Modify the LSF lsf.shared file 9 | - name: Update lsf.shared to add Servers 10 | lineinfile: 11 | dest: "{{ LSF_CONF_DIR }}/lsf.shared" 12 | backrefs: yes 13 | state: present 14 | regexp: '^ClusterName.*' 15 | line: 'ClusterName Servers # Keyword' 16 | backup: yes 17 | 18 | - name: Update on-cloud cluster info with master host name into lsf.shared 19 | lineinfile: 20 | dest: "{{ LSF_CONF_DIR }}/lsf.shared" 21 | state: present 22 | backup: yes 23 | regexp: "^{{ CLOUD_LSF_CLUSTER_NAME | default('myCloudCluster') }}.*" 24 | line: '{{ CLOUD_LSF_CLUSTER_NAME | default("myCloudCluster") }} {{ ec2servers[0].prv_name}}' 25 | 26 | - name: Append on-premise cluster info to lsf.shared 27 | lineinfile: 28 | dest: "{{ LSF_CONF_DIR }}/lsf.shared" 29 | state: present 30 | insertbefore: "^End Cluster.*" 31 | line: '{{ LOCAL_LSF_CLUSTER_NAME }} {{ groups.LSF_Masters[0] }}' 32 | backup: yes 33 | 34 | - name: Update LSF cluster file 35 | lineinfile: 36 | dest: "{{ LSF_CONF_DIR }}/lsf.cluster.{{ CLOUD_LSF_CLUSTER_NAME | default('myCloudCluster') }}" 37 | state: present 38 | insertafter: "^Begin Parameters.*" 39 | backup: yes 40 | line: "PRODUCTS=LSF_Make LSF_Base LSF_Manager LSF_MultiCluster" 41 | 42 | #update lsb.queue to add receive request queue 43 | - name: Update the lsb.queue file 44 | blockinfile: 45 | dest: "{{ LSF_CONF_DIR }}/lsbatch/{{ CLOUD_LSF_CLUSTER_NAME | default('myCloudCluster') }}/configdir/lsb.queues" 46 | backup: yes 47 | block: | 48 | Begin Queue 49 | QUEUE_NAME = recOnprem 50 | PRIORITY = 40 51 | RCVJOBS_FROM = {{ LOCAL_LSF_CLUSTER_NAME }} 52 | RC_HOSTS = awshost 53 | DESCRIPTION = Sample Queue for receving onprem cluster request 54 | End Queue 55 | 56 | - name: Update lsf.conf 57 | lineinfile: 58 | dest: "{{ LSF_CONF_DIR }}/lsf.conf" 59 | backrefs: yes 60 | regexp: '^(ENABLE_DYNAMIC_HOSTS.*)' 61 | line: '# \1' 62 | backup: yes 63 | 64 | - name: Update LSF cluster file 65 | lineinfile: 66 | dest: "{{ LSF_CONF_DIR }}/lsf.cluster.{{ CLOUD_LSF_CLUSTER_NAME | default('myCloudCluster') }}" 67 | state: present 68 | insertbefore: "^End Parameters.*" 69 | backup: yes 70 | line: "LSF_HOST_ADDR_RANGE=*.*.*.*" 71 | 72 | - name: Start LSF Daemons 73 | systemd: 74 | name: lsfd 75 | state: restarted 76 | enabled: yes 77 | daemon_reload: yes 78 | 79 | -------------------------------------------------------------------------------- /LSF_On_AWS/roles/deploy-cloud-lsf-master/tasks/config-rc.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # ----------------------------------- 3 | # # Copyright IBM Corp. 1992, 2018. All rights reserved. 4 | # # US Government Users Restricted Rights - Use, duplication or disclosure 5 | # # restricted by GSA ADP Schedule Contract with IBM Corp. 6 | # # ----------------------------------- 7 | 8 | - name: Has the aws_enable script run before 9 | stat: 10 | path: "{{ LSF_TOP }}/10.1/install/.ranalready" 11 | register: rundone 12 | 13 | # Change aws_enable.config file 14 | - name: Update aws_enable.config to define AWS_IAM_CREDENTIAL_ID 15 | lineinfile: 16 | dest: "{{ LSF_TOP }}/10.1/install/aws_enable.config" 17 | state: present 18 | insertafter: "^# AWS_IAM_CREDENTIAL_ID.*" 19 | backup: yes 20 | line: "AWS_IAM_CREDENTIAL_ID=Booger" 21 | when: rundone.stat.exists is defined and rundone.stat.exists == False 22 | 23 | - name: Update aws_enable.config to define AWS_IAM_CREDENTIAL_KEY 24 | lineinfile: 25 | dest: "{{ LSF_TOP }}/10.1/install/aws_enable.config" 26 | state: present 27 | insertafter: "^# AWS_IAM_CREDENTIAL_KEY.*" 28 | backup: yes 29 | line: "AWS_IAM_CREDENTIAL_KEY=Nuggets" 30 | when: rundone.stat.exists is defined and rundone.stat.exists == False 31 | 32 | - name: Update aws_enable.config to define AWS_REGION 33 | lineinfile: 34 | dest: "{{ LSF_TOP }}/10.1/install/aws_enable.config" 35 | state: present 36 | insertafter: "^# AWS_REGION.*" 37 | backup: yes 38 | line: "AWS_REGION={{ AWS_Region }}" 39 | when: rundone.stat.exists is defined and rundone.stat.exists == False 40 | 41 | - name: Update aws_enable.config to define LSF_HOST_ADDR_RANGE 42 | lineinfile: 43 | dest: "{{ LSF_TOP }}/10.1/install/aws_enable.config" 44 | state: present 45 | insertafter: "^# LSF_HOST_ADDR_RANGE.*" 46 | backup: yes 47 | line: 'LSF_HOST_ADDR_RANGE=*.*.*.*' 48 | when: rundone.stat.exists is defined and rundone.stat.exists == False 49 | 50 | # Generate aws template file 51 | - name: Create an awsprov_templates.json file 52 | template: 53 | src: files/awsprov_templates.json 54 | dest: "{{ LSF_CONF_DIR }}/resource_connector/aws/conf" 55 | follow: yes 56 | backup: yes 57 | 58 | # Generate host provider file 59 | - name: Create a hostProviders.json file 60 | template: 61 | src: files/hostProviders.json 62 | dest: "{{ LSF_CONF_DIR }}/resource_connector/" 63 | follow: yes 64 | backup: yes 65 | 66 | - name: Create getAwsTokens.py file 67 | template: 68 | src: files/getAwsTokens.py 69 | dest: "{{ LSF_CONF_DIR }}/resource_connector/aws/conf" 70 | follow: yes 71 | backup: yes 72 | mode: '0755' 73 | owner: "lsfadmin" 74 | 75 | # Move the preProv file to /opt/ibm/lsfsuite/lsf/10.1/resource_connector/aws/scripts/ 76 | - name: Create a pre-provison file for ebroker 77 | template: 78 | src: files/bringupLSF.sh 79 | dest: "{{ LSF_TOP }}/10.1/resource_connector/aws/scripts/" 80 | follow: yes 81 | mode: '0755' 82 | owner: lsfadmin 83 | 84 | # Modify aws_enable.sh 85 | # line 400: support multi cluster case 86 | # line 520: comment AWS_LSF_TOP 87 | # line 1080: comment update_user_data 88 | - name: Fix aws_enable.sh in line 400 to support multi-cluster 89 | replace: 90 | dest: "{{ LSF_TOP }}/10.1/install/aws_enable.sh" 91 | regexp: '^LSF_CLUSTER_NAME=`.*' 92 | replace: "LSF_CLUSTER_NAME=`get_clusters_name \"$LSF_ENVDIR/lsf.shared\" | awk -F' ' '{ print $1 }'`" 93 | when: rundone.stat.exists is defined and rundone.stat.exists == False 94 | 95 | - name: Fix aws_enable.sh in line 520 to comment AWS_LSF_TOP 96 | replace: 97 | dest: "{{ LSF_TOP }}/10.1/install/aws_enable.sh" 98 | regexp: '^AWS_LSF_TOP=`.*' 99 | replace: "AWS_LSF_TOP=\"AWS_LSF_TOP\"" 100 | when: rundone.stat.exists is defined and rundone.stat.exists == False 101 | 102 | - name: Fix aws_enable.sh in line 1080 to comment update_user_data function 103 | lineinfile: 104 | dest: "{{ LSF_TOP }}/10.1/install/aws_enable.sh" 105 | backrefs: yes 106 | regexp: '^(update_user_data \"\$user_data_script\".*)' 107 | line: '# \1' 108 | when: rundone.stat.exists is defined and rundone.stat.exists == False 109 | 110 | # Copy amazon pem file to conf/resource_connector/aws/data 111 | - name: Copy amazon pem file 112 | copy: 113 | src: "{{ AWS_Private_Key_File }}" 114 | dest: "{{ LSF_CONF_DIR }}/resource_connector/aws/data/" 115 | 116 | # add LSF_MQ_BROKER_HOSTS into lsf.conf 117 | - name: Add LSF_MQ_BROKER_HOSTS in lsf.conf for mosquitto 118 | lineinfile: 119 | dest: "{{ LSF_CONF_DIR }}/lsf.conf" 120 | state: present 121 | line: "LSF_MQ_BROKER_HOSTS={{ ec2servers[0].prv_name }}" 122 | 123 | - name: Set the LSF_LOCAL_RESOURCES 124 | lineinfile: 125 | dest: "{{ LSF_TOP }}/conf/lsf.conf" 126 | state: present 127 | regexp: '^LSF_LOCAL_RESOURCES.*' 128 | line: LSF_LOCAL_RESOURCES="[resource awshost]" 129 | 130 | - name: Update LSF lsf.conf add LSB_RC_EXTERNAL_HOST_IDLE_TIME 131 | lineinfile: 132 | dest: "{{ LSF_TOP }}/conf/lsf.conf" 133 | state: present 134 | regexp: '^LSB_RC_EXTERNAL_HOST_IDLE_TIME.*' 135 | line: "LSB_RC_EXTERNAL_HOST_IDLE_TIME=1" 136 | 137 | - name: Update LSF lsf.conf add LSF_DYNAMIC_HOST_TIMEOUT 138 | lineinfile: 139 | dest: "{{ LSF_TOP }}/conf/lsf.conf" 140 | state: present 141 | regexp: '^LSF_DYNAMIC_HOST_TIMEOUT.*' 142 | line: "LSF_DYNAMIC_HOST_TIMEOUT=5m" 143 | 144 | - name: Enable aws by using aws_enable.sh 145 | shell: ./aws_enable.sh -f aws_enable.config 146 | args: 147 | chdir: "{{ LSF_TOP }}/10.1/install" 148 | warn: False 149 | when: rundone.stat.exists is defined and rundone.stat.exists == False 150 | 151 | - name: Create a flag file to only run aws_enable.sh -f aws_enable.config once 152 | shell: touch .ranalready 153 | args: 154 | chdir: "{{ LSF_TOP }}/10.1/install" 155 | warn: False 156 | when: rundone.stat.exists is defined and rundone.stat.exists == False 157 | 158 | - name: Switch to federated credentials 159 | lineinfile: 160 | dest: "{{ LSF_TOP }}/conf/resource_connector/aws/conf/awsprov_config.json" 161 | state: absent 162 | regexp: '.*AWS_CREDENTIAL_FILE.*' 163 | 164 | - name: Switch to federated credentials 165 | lineinfile: 166 | dest: "{{ LSF_TOP }}/conf/resource_connector/aws/conf/awsprov_config.json" 167 | state: present 168 | line: ' "AWS_CREDENTIAL_SCRIPT": "/opt/ibm/lsfsuite/lsf/conf/resource_connector/aws/conf/getAwsTokens.py",' 169 | insertafter: '^{.*' 170 | 171 | #- name: Temporary solution to replace java with /opt/ibm/jre/bin/java 172 | # shell: sed -i "s/java/\/opt\/ibm\/jre\/bin\/java/" *.sh 173 | # args: 174 | # chdir: "{{ LSF_TOP }}/10.1/resource_connector/aws/scripts/" 175 | # warn: False 176 | 177 | - name: Copy playbook to aws lsf master 178 | copy: 179 | src: "{{ RC_PLAY_TOP }}/deploy-lsf-server.tar" 180 | dest: "/opt/ibm/lsf_installer/" 181 | 182 | - name: Extract deploy-lsf-server.tar into /opt/ibm/lsf_installer/ 183 | unarchive: 184 | src: "{{ RC_PLAY_TOP }}/deploy-lsf-server.tar" 185 | dest: "/opt/ibm/lsf_installer/" 186 | 187 | - file: 188 | path: /opt/ibm/lsf_installer/AWS/ 189 | owner: lsfadmin 190 | group: lsfadmin 191 | recurse: yes 192 | 193 | - name: Change RC_PLAY_TOP to /opt/ibm/lsf_installer 194 | replace: 195 | dest: /opt/ibm/lsf_installer/group_vars/all 196 | regexp: '^RC_PLAY_TOP:.*' 197 | replace: 'RC_PLAY_TOP: /opt/ibm/lsf_installer' 198 | 199 | - name: Change LSF_Masters to cloud lsf master 200 | replace: 201 | dest: /opt/ibm/lsf_installer/lsf-inventory 202 | regexp: '{{ groups.LSF_Masters[0] }}' 203 | replace: '{{ groups.ec2servers[0] }}' 204 | 205 | - name: Enable VPC auto-assign public IP 206 | shell: ansible-playbook -i lsf-inventory roles/deploy-cloud-lsf-master/tasks/modify-vpc-subnet.yml 207 | args: 208 | warn: no 209 | chdir: /opt/ibm/lsf_installer 210 | 211 | -------------------------------------------------------------------------------- /LSF_On_AWS/roles/deploy-cloud-lsf-master/tasks/export-lsf.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # ----------------------------------- 3 | # Copyright IBM Corp. 1992, 2018. All rights reserved. 4 | # US Government Users Restricted Rights - Use, duplication or disclosure 5 | # restricted by GSA ADP Schedule Contract with IBM Corp. 6 | # ----------------------------------- 7 | 8 | - name: Make LSF package repo directory 9 | file: 10 | path: /opt/ibm/lsf-rpm-repo/ 11 | state: directory 12 | 13 | - name: Copy lsf-nfs*.rpm to /opt/ibm/lsf-rpm-repo/ 14 | shell: cp /var/www/html/lsf-rpm-repo/lsf-nfs*.rpm /opt/ibm/lsf-rpm-repo/ 15 | ignore_errors: True 16 | 17 | - name: Export LSF directories 18 | debug: 19 | msg: "Ansible OS is {{ ansible_os_family }}" 20 | 21 | - name: Set the exports 22 | lineinfile: 23 | dest: "/etc/exports" 24 | state: present 25 | line: "/opt/ibm {{ AWS_VPC_PRV_CIDR }}(rw,async,no_root_squash)" 26 | 27 | - name: Export filesystem 28 | systemd: 29 | name: nfs 30 | state: restarted 31 | enabled: yes 32 | daemon_reload: yes 33 | 34 | -------------------------------------------------------------------------------- /LSF_On_AWS/roles/deploy-cloud-lsf-master/tasks/install-lsf.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # ----------------------------------- 3 | # Copyright IBM Corp. 1992, 2018. All rights reserved. 4 | # US Government Users Restricted Rights - Use, duplication or disclosure 5 | # restricted by GSA ADP Schedule Contract with IBM Corp. 6 | # ----------------------------------- 7 | 8 | # The lsf-ego-server will pull in the lsf-server, lsf-client, lsf-conf 9 | # ebroker: getAvaiableTemplates requires java. so install ibm-jre 10 | - name: Install LSF packages 11 | yum: 12 | name: "{{ item }}" 13 | enablerepo: lsf 14 | state: present 15 | update_cache: yes 16 | with_items: 17 | - ibm-jre 18 | - lsf-devel 19 | - lsf-ego-master 20 | - lsf-master 21 | - lsf-release 22 | - lsf-resource-connector 23 | 24 | - name: Copy LSF entitlement file from on-premise cluster to on-cloud cluster 25 | copy: 26 | src: "{{ LSF_CONF_DIR }}/lsf.entitlement" 27 | dest: "{{ LSF_CONF_DIR }}/lsf.entitlement" 28 | mode: 0644 29 | 30 | - name: Set the LSF_SERVER_HOSTS 31 | lineinfile: 32 | dest: "{{ LSF_TOP }}/conf/lsf.conf" 33 | state: present 34 | line: 'LSF_SERVER_HOSTS="{{ ec2servers[0].prv_name }}"' 35 | 36 | - name: Allow LSF root user 37 | lineinfile: 38 | dest: "{{ LSF_TOP }}/conf/lsf.conf" 39 | state: present 40 | line: 'LSF_ROOT_USER=Y' 41 | 42 | -------------------------------------------------------------------------------- /LSF_On_AWS/roles/deploy-cloud-lsf-master/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # ----------------------------------- 3 | # Copyright IBM Corp. 1992, 2018. All rights reserved. 4 | # US Government Users Restricted Rights - Use, duplication or disclosure 5 | # restricted by GSA ADP Schedule Contract with IBM Corp. 6 | # ----------------------------------- 7 | 8 | - include: setup-lsf-prereqs.yml 9 | - include: install-lsf.yml 10 | - include: change-clustername.yml 11 | # ansible to be used by resource connect to bring up LSF environment 12 | - include: setup-ansible.yml 13 | - include: config-rc.yml 14 | - include: config-multi-cluster.yml 15 | - include: export-lsf.yml 16 | -------------------------------------------------------------------------------- /LSF_On_AWS/roles/deploy-cloud-lsf-master/tasks/modify-vpc-subnet.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # ----------------------------------- 3 | # # Copyright IBM Corp. 1992, 2018. All rights reserved. 4 | # # US Government Users Restricted Rights - Use, duplication or disclosure 5 | # # restricted by GSA ADP Schedule Contract with IBM Corp. 6 | # # ----------------------------------- 7 | # 8 | 9 | # ansible 2.2.3 cannot support create subnet with map_public. the map_public is supported since ansible 2.4 10 | # the created subnet cannot have public ip assigned automatically. 11 | # so that the ec2 host from rc cannot have public ip 12 | 13 | - name: Modify subnet to enable auto-assign public ip 14 | hosts: LSF_Masters[0] 15 | vars_files: 16 | - "{{ RC_PLAY_TOP }}/AWS/AWS-config.yml" 17 | user: "{{ AWS_Image_User }}" 18 | become: true 19 | vars: 20 | ansible_ssh_private_key_file: "{{ AWS_Private_Key_File }}" 21 | gather_facts: false 22 | tasks: 23 | - name: Enable auto-assign public ip 24 | ec2_vpc_subnet: 25 | state: present 26 | vpc_id: "{{ AWS_VPC }}" 27 | cidr: "{{ AWS_VPC_PRV_CIDR }}" 28 | map_public: true 29 | region: "{{ AWS_Region }}" 30 | aws_access_key: "{{ AWS_Access_Key }}" 31 | aws_secret_key: "{{ AWS_Secret_Key }}" 32 | wait: no 33 | -------------------------------------------------------------------------------- /LSF_On_AWS/roles/deploy-cloud-lsf-master/tasks/setup-ansible.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # ----------------------------------- 3 | # # Copyright IBM Corp. 1992, 2018. All rights reserved. 4 | # # US Government Users Restricted Rights - Use, duplication or disclosure 5 | # # restricted by GSA ADP Schedule Contract with IBM Corp. 6 | # # ----------------------------------- 7 | # 8 | 9 | # install ansible which is used to install LSF for new machines 10 | - name: Install ansible package 11 | package: 12 | name: "{{ item }}" 13 | state: latest 14 | with_items: 15 | - ansible 16 | when: ansible_os_family == "RedHat" 17 | 18 | - name: Install AWS API packages from EPEL 19 | package: 20 | name: "{{ item }}" 21 | state: latest 22 | with_items: 23 | - python2-boto 24 | when: ansible_os_family == "RedHat" 25 | 26 | # Appears to be a dependency bug in python2-boto3. It is not using the 27 | # new name for the python2-s3transfer package. 28 | - name: Install AWS API packages from EPEL part 2 29 | shell: | 30 | yum -y install python2-boto3 31 | register: boto3fail 32 | ignore_errors: True 33 | when: ansible_os_family == "RedHat" 34 | 35 | - name: Output result of python2-boto3 36 | debug: 37 | msg: python2-boto3 is NOT installed 38 | when: boto3fail.rc != 0 39 | 40 | - name: Attempt boto3 dependency bug work around (if needed) 41 | yum: 42 | name: "{{ item }}" 43 | state: installed 44 | with_items: 45 | - python2-jmespath 46 | - python2-futures 47 | - python2-botocore 48 | - python2-s3transfer 49 | ignore_errors: True 50 | when: boto3fail.rc != 0 51 | 52 | - name: Force install python2-boto3 (if needed) 53 | shell: | 54 | wget https://rpmfind.net/linux/epel/7/ppc64/Packages/p/python2-boto3-1.4.6-1.el7.noarch.rpm ; rpm -i --nodeps python2-boto3-1.4.6-1.el7.noarch.rpm 55 | args: 56 | chdir: /var/tmp 57 | creates: python2-boto3-1.4.6-1.el7.noarch.rpm 58 | when: boto3fail.rc != 0 59 | 60 | - name: Set forks as 50 in ansible.cft 61 | lineinfile: 62 | dest: "/etc/ansible/ansible.cfg" 63 | state: present 64 | insertafter: '^#forks' 65 | line: 'forks= 50' 66 | 67 | - name: Uncomment host_key_checking to disable SSH key host checking in ansible.cfg 68 | lineinfile: 69 | dest: "/etc/ansible/ansible.cfg" 70 | state: present 71 | regexp: '^#(host_key_checking.*)' 72 | line: '\1' 73 | backrefs: yes 74 | 75 | - name: Change the default callback 76 | lineinfile: 77 | dest: "/etc/ansible/ansible.cfg" 78 | state: present 79 | regexp: '^#(stdout_callback.*)' 80 | line: '\1' 81 | backrefs: yes 82 | 83 | - name: Enable ansible log 84 | lineinfile: 85 | dest: "/etc/ansible/ansible.cfg" 86 | state: present 87 | insertafter: '^#log_path' 88 | line: 'log_path=/tmp/ansible.log' 89 | 90 | - name: Create /tmp/ansible.log file 91 | file: 92 | path: /tmp/ansible.log 93 | state: touch 94 | mode: 0777 95 | 96 | - name: Disable retry files 97 | lineinfile: 98 | dest: "/etc/ansible/ansible.cfg" 99 | state: present 100 | regexp: '^#(retry_files_enabled.*)' 101 | line: '\1' 102 | backrefs: yes 103 | 104 | - name: ssh arguments to use 105 | lineinfile: 106 | dest: "/etc/ansible/ansible.cfg" 107 | state: present 108 | regexp: '^#(ssh_args.*)' 109 | line: '\1' 110 | backrefs: yes 111 | -------------------------------------------------------------------------------- /LSF_On_AWS/roles/deploy-cloud-lsf-master/tasks/setup-lsf-prereqs.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # ----------------------------------- 3 | # Copyright IBM Corp. 1992, 2018. All rights reserved. 4 | # US Government Users Restricted Rights - Use, duplication or disclosure 5 | # restricted by GSA ADP Schedule Contract with IBM Corp. 6 | # ----------------------------------- 7 | 8 | - name: Start installing LSF Prerequisites 9 | debug: 10 | msg: "Ansible OS is {{ ansible_os_family }}" 11 | 12 | # ed is required by aws_enable.sh 13 | # jq is required by bringupLSF.sh 14 | - name: Install Package Dependencies for LSF 15 | package: 16 | name: "{{ item }}" 17 | state: latest 18 | with_items: 19 | - lsof 20 | - which 21 | - nfs-utils 22 | - ed 23 | - httpd 24 | - createrepo 25 | - jq 26 | when: ansible_os_family == "RedHat" 27 | 28 | - name: Copy ssh key for deployer 29 | copy: 30 | src: files/id_rsa.pub 31 | dest: /root/.ssh/deployer-id_rsa.pub 32 | mode: 0644 33 | 34 | - name: Update Authoried Keys 35 | shell: cat /root/.ssh/deployer-id_rsa.pub >> /root/.ssh/authorized_keys 36 | 37 | - name: Ensure group "lsfadmin" exists 38 | group: 39 | name: lsfadmin 40 | gid: 495 #"{{ gid_obj.stdout }}" 41 | state: present 42 | 43 | - name: Add User lsfadmin 44 | user: 45 | name: lsfadmin 46 | comment: "lsfadmin" 47 | shell: /bin/bash 48 | home: /home/lsfadmin 49 | createhome: yes 50 | password: "!" 51 | uid: 495 #"{{ uid_obj.stdout }}" 52 | group: lsfadmin 53 | state: present 54 | update_password: always 55 | 56 | - name: Make LSF package repo directory 57 | file: 58 | path: /var/www/html/lsf-rpm-repo 59 | state: directory 60 | 61 | - name: Copy LSF rpms 62 | copy: 63 | src: "{{ item }}" 64 | dest: /var/www/html/lsf-rpm-repo 65 | owner: root 66 | mode: 644 67 | with_fileglob: 68 | - files/rpms/*rpm 69 | 70 | - name: Create a repository from the copied rpms 71 | shell: createrepo /var/www/html/lsf-rpm-repo 72 | 73 | - name: Create repository 74 | yum_repository: 75 | name: lsf 76 | description: LSF install repository 77 | baseurl: http://{{ groups.ec2servers[0] }}/lsf-rpm-repo 78 | enabled: yes 79 | gpgcheck: no 80 | keepcache: 0 81 | http_caching: none 82 | 83 | - name: Restart httpd 84 | systemd: 85 | name: httpd 86 | state: restarted 87 | 88 | -------------------------------------------------------------------------------- /LSF_On_AWS/roles/deploy-cloud-server-local/files/change_clustername.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | #----------------------------------- 3 | # Copyright IBM Corp. 1992, 2017. All rights reserved. 4 | # US Government Users Restricted Rights - Use, duplication or disclosure 5 | # restricted by GSA ADP Schedule Contract with IBM Corp. 6 | #----------------------------------- 7 | 8 | exitWithErr () 9 | { 10 | echo $* >&2 11 | exit 1 12 | 13 | } 14 | get_prev_cname() 15 | { 16 | 17 | local cname=`sed -n -e '/Begin Cluster/,/End Cluster/ {/Begin Cluster/b;/ClusterName/b;/End Cluster/b;s/^\([^#].*\)/\1/p }' /opt/ibm/lsfsuite/lsf/conf/lsf.shared` 18 | echo ${cname} 19 | } 20 | 21 | change_path_name() 22 | { 23 | 24 | local file=$1 25 | if [ -f $file ]; then 26 | 27 | sed -i -e 's@^\(.*/opt/ibm/lsfsuite/lsf/conf/ego/\)[^/].*\(/eservice.*\)@\1'"${curr_cname}\2@" $file 28 | sed -i -e 's@^\(.*/opt/ibm/lsfsuite/lsf/conf/ego/\)[^/].*\(/kernel.*\)@\1'"${curr_cname}\2@" $file 29 | sed -i -e 's@^\(.*${EGO_TOP}/conf/ego/\)[^/].*\(/eservice.*\)@\1'"${curr_cname}\2@" $file 30 | sed -i -e 's@^\(.*/opt/ibm/lsfsuite/lsf/work/\)[^/].*\(/ego.*\)@\1'"${curr_cname}\2@" $file 31 | sed -i -e 's@^\(.*/opt/ibm/lsfsuite/lsf/work/\)[^/].*\(/live_confdir.*\)@\1'"${curr_cname}\2@" $file 32 | sed -i -e 's@^\(.*/opt/ibm/lsfsuite/lsf/work/\)[^/].*\(/staging.*\)@\1'"${curr_cname}\2@" $file 33 | fi 34 | } 35 | 36 | change_ego_subdir() 37 | { 38 | 39 | local dir=${LSF_TOPDIR}/conf/ego 40 | if [ -f ${dir}/${curr_cname} ]; then 41 | : 42 | elif [ -f ${dir}/${prev_cname} ]; then 43 | mv -f ${dir}/${prev_cname} ${dir}/${curr_cname} 44 | else 45 | local subdirs=`ls ${dir}` 46 | for d in ${subdirs}; do 47 | if [ -d ${dir}/${d}/kernel ]; then 48 | mv -f ${dir}/${d} ${dir}/${curr_cname} 49 | break 50 | fi 51 | done 52 | fi 53 | } 54 | 55 | change_lsbatch_subdir() 56 | { 57 | 58 | local dir=${LSF_TOPDIR}/conf/lsbatch 59 | if [ -d ${dir}/${curr_cname} ]; then 60 | : 61 | elif [ -d ${dir}/${prev_cname} ]; then 62 | mv -f ${dir}/${prev_cname} ${dir}/${curr_cname} 63 | else 64 | local subdirs=`ls ${dir}` 65 | for d in ${subdirs}; do 66 | if [ -d ${dir}/${d}/configdir ]; then 67 | mv -f ${dir}/${d} ${dir}/${curr_cname} 68 | break 69 | fi 70 | done 71 | fi 72 | # PAC doesn't like multiple cluster names under /opt/ibm/lsfsuite/lsf/conf/lsbatch/ 73 | local subdirs=`ls ${dir}` 74 | for d in ${subdirs}; do 75 | if [ -d ${dir}/${d} -a "${d}" != "${curr_cname}" ]; then 76 | rm -rf ${dir}/${d} 77 | fi 78 | done 79 | 80 | } 81 | 82 | change_work_subdir() 83 | { 84 | 85 | # live_confdir/lsbatch/ 86 | local dir=${LSF_TOPDIR}/work/${curr_cname}/live_confdir/lsbatch/ 87 | if [ -d ${dir}/${curr_cname} ]; then 88 | : 89 | elif [ -d ${dir}/${prev_cname} ]; then 90 | mv -f ${dir}/${prev_cname} ${dir}/${curr_cname} 91 | else 92 | local subdirs=`ls ${dir}` 93 | for d in ${subdirs}; do 94 | if [ -d ${dir}/${d} ]; then 95 | mv -f ${dir}/${d} ${dir}/${curr_cname} 96 | break 97 | fi 98 | done 99 | fi 100 | 101 | local dir=${LSF_TOPDIR}/work 102 | if [ -f ${dir}/${curr_cname} ]; then 103 | : 104 | elif [ -f ${dir}/${prev_cname} ]; then 105 | mv -f ${dir}/${prev_cname} ${dir}/${curr_cname} 106 | else 107 | local subdirs=`ls ${dir}` 108 | for d in ${subdirs}; do 109 | if [ -d ${dir}/${d}/logdir ]; then 110 | mv -f ${dir}/${d} ${dir}/${curr_cname} 111 | break 112 | fi 113 | done 114 | fi 115 | } 116 | 117 | # this should be done before change lsf.shared 118 | change_conf_file_names() 119 | { 120 | local dir=${LSF_TOPDIR}/conf 121 | # lsf.datamanager file 122 | if [ -f ${dir}/lsf.datamanager.${curr_cname} ]; then 123 | : 124 | elif [ -f ${dir}/lsf.datamanager.${prev_cname} ]; then 125 | mv -f ${dir}/lsf.datamanager.${prev_cname} ${dir}/lsf.datamanager.${curr_cname} 126 | else 127 | for f in `ls ${dir}/lsf.datamanager.*`; do 128 | mv -f ${dir}/$(basename ${f}) ${dir}/lsf.datamanager.${curr_cname} 129 | break 130 | done 131 | fi 132 | # lsf.cluster file 133 | if [ -f ${dir}/lsf.cluster.${curr_cname} ]; then 134 | : 135 | elif [ -f ${dir}/lsf.cluster.${prev_cname} ]; then 136 | mv -f ${dir}/lsf.cluster.${prev_cname} ${dir}/lsf.cluster.${curr_cname} 137 | else 138 | for f in `ls $dir/lsf.cluster.*`; do 139 | mv -f ${dir}/$(basename ${f}) ${dir}/lsf.cluster.${curr_cname} 140 | break 141 | done 142 | fi 143 | 144 | } 145 | 146 | change_content_path() 147 | { 148 | local files="\ 149 | ${LSF_TOPDIR}/conf/profile.lsf \ 150 | ${LSF_TOPDIR}/conf/cshrc.lsf \ 151 | ${LSF_TOPDIR}/conf/ego/${curr_cname}/eservice/esc/conf/services/named.xml \ 152 | ${LSF_TOPDIR}/conf/ego/${curr_cname}/eservice/esd/conf/named/conf/named.conf \ 153 | ${LSF_TOPDIR}/conf/ego/${curr_cname}/kernel/ego.conf \ 154 | ${LSF_TOPDIR}/conf/lsf.conf \ 155 | ${LSF_TOPDIR}/conf/lsf.datamanager.${curr_cname} \ 156 | " 157 | 158 | for f in $files; do 159 | if [ -f $f ]; then 160 | change_path_name ${f} 161 | fi 162 | done; 163 | } 164 | 165 | change_content_name() 166 | { 167 | 168 | # lsf.licensescheduler 169 | local lsf_licensescheduler_file=${LSF_TOPDIR}/conf/lsf.licensescheduler 170 | sed -i -e "s/\(CLUSTER_DISTRIBUTION=LanServer(\)[^ ].*\( .*\)/\1${curr_cname}\2/" ${lsf_licensescheduler_file} 171 | #sed -i -e "/Begin Clusters/,/End Clusters/ {/Begin Clusters/b;/^CLUSTERS/b;/End Clusters/b;s/^[^#].*/${curr_cname}/ }" ${lsf_licensescheduler_file} 172 | 173 | if [ "${prev_cname}" = "myCluster" ]; then 174 | sed -i -e "/Begin Clusters/,/End Clusters/ {/Begin Clusters/b;/^CLUSTERS/b;/End Clusters/b; s/^[ \t]*\(${prev_cname}.*\)/#\1/ }" ${lsf_licensescheduler_file} 175 | else 176 | sed -i -e "/Begin Clusters/,/End Clusters/ {/Begin Clusters/b;/^CLUSTERS/b;/End Clusters/b; /^[ \t]*\(${prev_cname}.*\)/ d; }" ${lsf_licensescheduler_file} 177 | fi 178 | local hasOne=`sed -n -e "/Begin Clusters/,/End Clusters/ { /${curr_cname}/ p}" ${lsf_licensescheduler_file}` 179 | if [ "x${hasOne}" = "x" ]; then 180 | sed -i -e "/End Clusters/ i\ 181 | ${curr_cname}" ${lsf_licensescheduler_file} 182 | fi 183 | 184 | # lsf.shared 185 | sed -i -e "/Begin Cluster/,/End Cluster/ {/Begin Cluster/b;/^ClusterName/b;/End Cluster/b;s/^[^#].*/${curr_cname}/ }" ${LSF_TOPDIR}/conf/lsf.shared 186 | # lsf.datamanager 187 | if [ -f ${LSF_TOPDIR}/conf/lsf.datamanager.${curr_cname} ]; then 188 | sed -i -e "/Begin RemoteDataManagers/,/End RemoteDataManagers/ {/Begin RemoteDataManagers/b; /End RemoteDataManagers/b; /CLUSTERNAME/ b;/^#/b; s/^[^ ].*\([ ]\+[^ ].*\)\( .*\)/${curr_cname}\1\2/ }" ${LSF_TOPDIR}/conf/lsf.datamanager.${curr_cname} 189 | fi 190 | } 191 | 192 | change_cluster_name_datamgr_only() 193 | { 194 | local dir=${LSF_TOPDIR}/conf 195 | # lsf.datamanager file 196 | if [ -f ${dir}/lsf.datamanager.${curr_cname} ]; then 197 | : 198 | elif [ -f ${dir}/lsf.datamanager.${prev_cname} ]; then 199 | mv -f ${dir}/lsf.datamanager.${prev_cname} ${dir}/lsf.datamanager.${curr_cname} 200 | else 201 | for f in `ls ${dir}/lsf.datamanager.*`; do 202 | mv -f ${dir}/$(basename ${f}) ${dir}/lsf.datamanager.${curr_cname} 203 | break 204 | done 205 | fi 206 | change_path_name ${LSF_TOPDIR}/conf/lsf.datamanager.${curr_cname} 207 | if [ -f ${LSF_TOPDIR}/conf/lsf.datamanager.${curr_cname} ]; then 208 | sed -i -e "/Begin RemoteDataManagers/,/End RemoteDataManagers/ {/Begin RemoteDataManagers/b; /End RemoteDataManagers/b; /CLUSTERNAME/ b;/^#/b; s/^[^ ].*\([ ]\+[^ ].*\)\( .*\)/${curr_cname}\1\2/ }" ${LSF_TOPDIR}/conf/lsf.datamanager.${curr_cname} 209 | fi 210 | # staging dir 211 | if [ ! -d ${LSF_TOPDIR}/work/${curr_cname}/staging ]; then 212 | pushd ${LSF_TOPDIR}/work > /dev/null 2>&1 213 | for d in myCluster ${prev_cname}; do 214 | if [ -d ${d}/staging ]; then 215 | mv -f ${d}/staging ${curr_cname} 216 | break 217 | fi 218 | done 219 | popd > /dev/null 2>&1 220 | fi 221 | rm -f ${LSF_TOPDIR}/conf/.lsf.datamanager.clustername.${prev_cname}.changed 222 | touch ${LSF_TOPDIR}/conf/.lsf.datamanager.clustername.${curr_cname}.changed 223 | 224 | } 225 | 226 | curr_cname= 227 | datamgr_only=N 228 | LSF_TOPDIR=/opt/ibm/lsfsuite/lsf 229 | prev_cname=$(get_prev_cname) 230 | if [ "x${prev_cname}" = "x" ]; then 231 | exitWithErr "The cluster name cannot be found in lsf.shared." 232 | fi 233 | if [ $# -gt 1 ]; then 234 | while [[ $# -gt 1 ]]; do 235 | key="$1" 236 | case $key in 237 | -c) 238 | curr_cname="$2" 239 | shift 240 | ;; 241 | -d) 242 | datamgr_only="$2" 243 | shift 244 | ;; 245 | *) 246 | shift 247 | ;; 248 | esac 249 | shift 250 | done 251 | fi 252 | 253 | if [ "x${curr_cname}" = "x" ]; then 254 | exitWithErr "-c not specified." 255 | fi 256 | echo "curr_cname = $curr_cname" 257 | if [ "${datamgr_only}" = "Y" ]; then 258 | echo "change cluster name for DataManager" 259 | change_cluster_name_datamgr_only 260 | exit 0 261 | fi 262 | 263 | change_lsbatch_subdir 264 | change_work_subdir 265 | change_ego_subdir 266 | change_conf_file_names 267 | change_content_path 268 | change_content_name 269 | rm -f ${LSF_TOPDIR}/conf/.clustername.${prev_cname}.changed 270 | touch ${LSF_TOPDIR}/conf/.clustername.${curr_cname}.changed 271 | 272 | 273 | -------------------------------------------------------------------------------- /LSF_On_AWS/roles/deploy-cloud-server-local/tasks/change-clustername.yml: -------------------------------------------------------------------------------- 1 | --- 2 | #----------------------------------- 3 | # Copyright IBM Corp. 1992, 2017. All rights reserved. 4 | # US Government Users Restricted Rights - Use, duplication or disclosure 5 | # restricted by GSA ADP Schedule Contract with IBM Corp. 6 | #----------------------------------- 7 | # 8 | 9 | - name: Changing clustername 10 | debug: 11 | msg: "Changing from myCluster to {{ CLOUD_LSF_CLUSTER_NAME }}" 12 | 13 | - name: Change the cluster name in conf files 14 | script: "../files/change_clustername.sh -c {{ CLOUD_LSF_CLUSTER_NAME }}" 15 | args: 16 | creates: "{{ LSF_CONF_DIR }}/.clustername.{{ CLOUD_LSF_CLUSTER_NAME }}.changed" 17 | 18 | -------------------------------------------------------------------------------- /LSF_On_AWS/roles/deploy-cloud-server-local/tasks/config-lsf-server.yml: -------------------------------------------------------------------------------- 1 | --- 2 | #----------------------------------- 3 | # Copyright IBM Corp. 1992, 2017. All rights reserved. 4 | # US Government Users Restricted Rights - Use, duplication or disclosure 5 | # restricted by GSA ADP Schedule Contract with IBM Corp. 6 | #----------------------------------- 7 | 8 | # The following routes are NOT for the VPN node 9 | - name: Add Route to the on premises network 10 | shell: route add -net "{{ CLIENT_NET }}" netmask "{{ CLIENT_MASK }}" gw "{{ hostvars[groups.ec2vpn[0]]['prv_ip'] }}" 11 | when: 12 | hostvars[groups.ec2vpn[0]] is defined 13 | 14 | - name: Add Route to the VPN network 15 | shell: route add -net "{{ SERVER_NET }}" netmask "{{ SERVER_MASK }}" gw "{{ hostvars[groups.ec2vpn[0]]['prv_ip'] }}" 16 | when: 17 | hostvars[groups.ec2vpn[0]] is defined 18 | 19 | - name: Load variables 20 | include_vars: "{{ RC_PLAY_TOP }}/Storage-config.yml" 21 | 22 | - name: Copy the fstab extensions to the cloud machines 23 | copy: 24 | src: "{{ RC_PLAY_TOP }}/files/fstab.append" 25 | dest: /etc/fstab.append 26 | 27 | - name: Merge the fstab entries 28 | shell: grep -q Storage-config /etc/fstab || cat /etc/fstab.append >> /etc/fstab 29 | args: 30 | executable: /bin/bash 31 | warn: no 32 | 33 | - name: Make the needed directories 34 | shell: test -d "{{ item }}" || mkdir -p "{{ item }}" 35 | args: 36 | executable: /bin/bash 37 | warn: no 38 | with_items: 39 | - "{% set list1 = [] %}{% for i in sharedir %}{% if list1.append( i.mountpnt ) %}{% endif %}{% endfor %}{{ list1 }}" 40 | 41 | - name: Warning 42 | debug: 43 | msg: WARNING if there is a problem with the fstab entries it can cause the play to block indefinately! 44 | 45 | - name: Mounting Storage from on premises network 46 | shell: mount -a 47 | ignore_errors: yes 48 | -------------------------------------------------------------------------------- /LSF_On_AWS/roles/deploy-cloud-server-local/tasks/install-lsf.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # ----------------------------------- 3 | # Copyright IBM Corp. 1992, 2018. All rights reserved. 4 | # US Government Users Restricted Rights - Use, duplication or disclosure 5 | # restricted by GSA ADP Schedule Contract with IBM Corp. 6 | # ----------------------------------- 7 | 8 | # The lsf-ego-server will pull in the lsf-server, lsf-client, lsf-conf 9 | - name: Install LSF packages 10 | yum: 11 | name: lsf-ego-server 12 | enablerepo: lsf 13 | state: present 14 | 15 | -------------------------------------------------------------------------------- /LSF_On_AWS/roles/deploy-cloud-server-local/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # ----------------------------------- 3 | # Copyright IBM Corp. 1992, 2018. All rights reserved. 4 | # US Government Users Restricted Rights - Use, duplication or disclosure 5 | # restricted by GSA ADP Schedule Contract with IBM Corp. 6 | # ----------------------------------- 7 | 8 | - include: setup-lsf-prereqs.yml 9 | - include: install-lsf.yml 10 | - include: change-clustername.yml 11 | - include: setup-lsf-postreqs.yml 12 | - include: config-lsf-server.yml 13 | -------------------------------------------------------------------------------- /LSF_On_AWS/roles/deploy-cloud-server-local/tasks/setup-lsf-postreqs.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # ----------------------------------- 3 | # Copyright IBM Corp. 1992, 2018. All rights reserved. 4 | # US Government Users Restricted Rights - Use, duplication or disclosure 5 | # restricted by GSA ADP Schedule Contract with IBM Corp. 6 | # ----------------------------------- 7 | 8 | # Modify the LSF lsf.conf file 9 | - name: Set the LSF_MASTER_LIST 10 | lineinfile: 11 | dest: "{{ LSF_TOP }}/conf/lsf.conf" 12 | state: present 13 | regexp: '^LSF_MASTER_LIST.*' 14 | line: "{{ hostvars[groups.LSF_Masters[0]]['LSF_MASTER_LIST'] }}" 15 | 16 | - name: Set the LSF_LOCAL_RESOURCES 17 | lineinfile: 18 | dest: "{{ LSF_TOP }}/conf/lsf.conf" 19 | state: present 20 | regexp: '^LSF_LOCAL_RESOURCES.*' 21 | line: LSF_LOCAL_RESOURCES="[resource awshost]" 22 | 23 | - name: Set LSF_GET_CONF=lim 24 | lineinfile: 25 | dest: "{{ LSF_TOP }}/conf/lsf.conf" 26 | state: present 27 | regexp: '^LSF_GET_CONF.*' 28 | line: "LSF_GET_CONF=lim" 29 | 30 | - name: Set the EGO_MASTER_LIST 31 | lineinfile: 32 | dest: "{{ LSF_TOP }}/conf/ego/{{ CLOUD_LSF_CLUSTER_NAME | default('myCloudCluster') }}/kernel/ego.conf" 33 | state: present 34 | regexp: '^EGO_MASTER_LIST.*' 35 | line: "{{ hostvars[groups.LSF_Masters[0]]['EGO_MASTER_LIST'] }}" 36 | 37 | - name: Fix the master_hosts list 38 | lineinfile: 39 | dest: "{{ LSF_TOP }}/conf/lsbatch/{{ CLOUD_LSF_CLUSTER_NAME | default('myCloudCluster') }}/configdir/lsb.hosts" 40 | backup: yes 41 | backrefs: yes 42 | regexp: '^(master_hosts.*)' 43 | line: '# \1' 44 | 45 | - name: Start LSF Daemons 46 | systemd: 47 | name: lsfd 48 | state: restarted 49 | enabled: yes 50 | daemon_reload: yes 51 | 52 | -------------------------------------------------------------------------------- /LSF_On_AWS/roles/deploy-cloud-server-local/tasks/setup-lsf-prereqs.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # ----------------------------------- 3 | # Copyright IBM Corp. 1992, 2018. All rights reserved. 4 | # US Government Users Restricted Rights - Use, duplication or disclosure 5 | # restricted by GSA ADP Schedule Contract with IBM Corp. 6 | # ----------------------------------- 7 | 8 | - name: Start installing LSF Prerequisites 9 | debug: 10 | msg: "Ansible OS is {{ ansible_os_family }}" 11 | 12 | - name: Install Package Dependencies for LSF 13 | package: 14 | name: "{{ item }}" 15 | state: latest 16 | with_items: 17 | - lsof 18 | - which 19 | - nfs-utils 20 | - createrepo 21 | when: ansible_os_family == "RedHat" 22 | 23 | - name: Ensure group "lsfadmin" exists 24 | group: 25 | name: lsfadmin 26 | gid: 495 27 | state: present 28 | 29 | - name: Add User lsfadmin 30 | user: 31 | name: lsfadmin 32 | comment: "lsfadmin" 33 | shell: /bin/bash 34 | home: /home/lsfadmin 35 | createhome: yes 36 | password: "!" 37 | uid: 495 38 | group: lsfadmin 39 | state: present 40 | update_password: always 41 | 42 | - name: Create repository 43 | yum_repository: 44 | name: lsf 45 | description: LSF install repository 46 | baseurl: http://{{ groups.LSF_Masters[0] }}/lsf-rpm-repo 47 | enabled: yes 48 | gpgcheck: no 49 | keepcache: 0 50 | http_caching: none 51 | 52 | # The lsf-ego-server will pull in the lsf-server, lsf-client, lsf-conf 53 | - name: Enable LSF repo 54 | yum: 55 | name: lsf-ego-server 56 | enablerepo: lsf 57 | state: present 58 | 59 | -------------------------------------------------------------------------------- /LSF_On_AWS/roles/deploy-cloud-server/files/register-host.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | . /opt/ibm/lsfsuite/lsf/conf/profile.lsf 4 | 5 | MYIP=`ip addr |grep 'inet ' |grep eth0 |awk '{ print $2 }' |awk -F '/' '{ print $1 }'` 6 | HNAME=`hostname` 7 | 8 | echo "$MYIP $HNAME" > /root/hostregsetup 9 | 10 | lsreghost -s /root/hostregsetup 11 | 12 | exit 0 13 | -------------------------------------------------------------------------------- /LSF_On_AWS/roles/deploy-cloud-server/tasks/config-lsf-server.yml: -------------------------------------------------------------------------------- 1 | --- 2 | #----------------------------------- 3 | # Copyright IBM Corp. 1992, 2017. All rights reserved. 4 | # US Government Users Restricted Rights - Use, duplication or disclosure 5 | # restricted by GSA ADP Schedule Contract with IBM Corp. 6 | #----------------------------------- 7 | 8 | # The following routes are NOT for the VPN node 9 | - name: Add Route to the on premises network 10 | shell: route add -net "{{ CLIENT_NET }}" netmask "{{ CLIENT_MASK }}" gw "{{ hostvars[groups.ec2vpn[0]]['prv_ip'] }}" 11 | ignore_errors: True 12 | when: 13 | hostvars[groups.ec2vpn[0]] is defined 14 | 15 | - name: Add Route to the VPN network 16 | shell: route add -net "{{ SERVER_NET }}" netmask "{{ SERVER_MASK }}" gw "{{ hostvars[groups.ec2vpn[0]]['prv_ip'] }}" 17 | ignore_errors: True 18 | when: 19 | hostvars[groups.ec2vpn[0]] is defined 20 | 21 | - name: Load variables 22 | include_vars: "{{ RC_PLAY_TOP }}/Storage-config.yml" 23 | 24 | - name: Copy the fstab extensions to the cloud machines 25 | copy: 26 | src: "{{ RC_PLAY_TOP }}/files/fstab.append" 27 | dest: /etc/fstab.append 28 | 29 | - name: Merge the fstab entries 30 | shell: grep -q Storage-config /etc/fstab || cat /etc/fstab.append >> /etc/fstab 31 | args: 32 | executable: /bin/bash 33 | warn: no 34 | 35 | - name: Make the needed directories 36 | shell: test -d "{{ item }}" || mkdir -p "{{ item }}" 37 | args: 38 | executable: /bin/bash 39 | warn: no 40 | with_items: 41 | - "{% set list1 = [] %}{% for i in sharedir %}{% if list1.append( i.mountpnt ) %}{% endif %}{% endfor %}{{ list1 }}" 42 | when: 43 | - sharedir is defined 44 | 45 | - name: Warning 46 | debug: 47 | msg: WARNING if there is a problem with the fstab entries it can cause the play to block indefinately! 48 | 49 | - name: Mounting Storage from on premises network 50 | shell: mount -a 51 | ignore_errors: yes 52 | -------------------------------------------------------------------------------- /LSF_On_AWS/roles/deploy-cloud-server/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | #----------------------------------- 3 | # Copyright IBM Corp. 1992, 2017. All rights reserved. 4 | # US Government Users Restricted Rights - Use, duplication or disclosure 5 | # restricted by GSA ADP Schedule Contract with IBM Corp. 6 | #----------------------------------- 7 | 8 | # Load AWS variables 9 | - include_vars: "{{ RC_PLAY_TOP }}/AWS/AWS-config.yml" 10 | 11 | - include: config-lsf-server.yml 12 | when: 13 | - multi_cluster is defined 14 | - multi_cluster == true 15 | 16 | - include: setup-lsf-server.yml 17 | 18 | - include: setup-lsf-postreqs.yml 19 | when: 20 | - hybrid_cluster is defined 21 | - hybrid_cluster == true 22 | 23 | - include: restart-lsf.yml 24 | -------------------------------------------------------------------------------- /LSF_On_AWS/roles/deploy-cloud-server/tasks/restart-lsf.yml: -------------------------------------------------------------------------------- 1 | --- 2 | #----------------------------------- 3 | # Copyright IBM Corp. 1992, 2017. All rights reserved. 4 | # US Government Users Restricted Rights - Use, duplication or disclosure 5 | # restricted by GSA ADP Schedule Contract with IBM Corp. 6 | #----------------------------------- 7 | 8 | - name: Restart LSF daemons 9 | systemd: 10 | name: lsfd 11 | state: restarted 12 | -------------------------------------------------------------------------------- /LSF_On_AWS/roles/deploy-cloud-server/tasks/setup-lsf-postreqs.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # ----------------------------------- 3 | # Copyright IBM Corp. 1992, 2018. All rights reserved. 4 | # US Government Users Restricted Rights - Use, duplication or disclosure 5 | # restricted by GSA ADP Schedule Contract with IBM Corp. 6 | # ----------------------------------- 7 | 8 | - name: Copy the hosts file over 9 | copy: 10 | src: "{{ RC_PLAY_TOP }}/files/hosts.ec2" 11 | dest: /etc 12 | owner: root 13 | mode: 644 14 | 15 | - name: Update the hosts file 16 | copy: 17 | dest: "{{ LSF_CONF_DIR }}/hosts" 18 | src: "{{ RC_PLAY_TOP }}/files/hosts-lsf" 19 | follow: yes 20 | 21 | - name: Disable DNS hostname resolution on cloud machines 22 | # Having it on messes up LSF because private IP's overlap with Amazon private IPs 23 | lineinfile: 24 | dest: "/etc/nsswitch.conf" 25 | state: present 26 | regexp: '^hosts.*' 27 | line: 'hosts: files myhostname' 28 | 29 | - name: Register host with LSF Master 30 | script: ../files/register-host.sh 31 | args: 32 | executable: /bin/sh 33 | 34 | 35 | -------------------------------------------------------------------------------- /LSF_On_AWS/roles/deploy-cloud-server/tasks/setup-lsf-server.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # ----------------------------------- 3 | # Copyright IBM Corp. 1992, 2018. All rights reserved. 4 | # US Government Users Restricted Rights - Use, duplication or disclosure 5 | # restricted by GSA ADP Schedule Contract with IBM Corp. 6 | # ----------------------------------- 7 | 8 | - name: Start installing LSF Prerequisites 9 | debug: 10 | msg: "Ansible OS is {{ ansible_os_family }}" 11 | 12 | - name: Ensure group "lsfadmin" exists 13 | group: 14 | name: lsfadmin 15 | gid: 495 16 | state: present 17 | 18 | - name: Add User lsfadmin 19 | user: 20 | name: lsfadmin 21 | comment: "lsfadmin" 22 | shell: /bin/bash 23 | home: /home/lsfadmin 24 | createhome: yes 25 | password: "!" 26 | uid: 495 27 | group: lsfadmin 28 | state: present 29 | update_password: always 30 | 31 | - name: Make LSF directory 32 | file: 33 | path: /opt/ibm 34 | state: directory 35 | 36 | - name: Create fstab entry 37 | lineinfile: 38 | dest: /etc/fstab 39 | regexp: "^{{ hostvars[groups.ec2servers[0]]['prv_ip'] }}:/opt/ibm.*" 40 | line: "{{ hostvars[groups.ec2servers[0]]['prv_ip'] }}:/opt/ibm /opt/ibm nfs defaults 0 0" 41 | 42 | - name: Mount filesystem 43 | shell: mount /opt/ibm 44 | args: 45 | warn: no 46 | ignore_errors: yes 47 | 48 | - name: Install the lsf-nfs-support rpm 49 | shell: rpm -i /opt/ibm/lsf-rpm-repo/lsf-nfs*.rpm 50 | args: 51 | warn: no 52 | ignore_errors: yes 53 | 54 | 55 | 56 | -------------------------------------------------------------------------------- /LSF_On_AWS/roles/deploy-lsf-master-vpn/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | #----------------------------------- 3 | # Copyright IBM Corp. 1992, 2017. All rights reserved. 4 | # US Government Users Restricted Rights - Use, duplication or disclosure 5 | # restricted by GSA ADP Schedule Contract with IBM Corp. 6 | #----------------------------------- 7 | 8 | # Read variables for subnets 9 | - include_vars: "{{ RC_PLAY_TOP }}/AWS/AWS-config.yml" 10 | 11 | # The LSF master will have the client side VPN 12 | - include: setup-client-vpn.yml 13 | -------------------------------------------------------------------------------- /LSF_On_AWS/roles/deploy-lsf-master-vpn/tasks/setup-client-vpn.yml: -------------------------------------------------------------------------------- 1 | --- 2 | #----------------------------------- 3 | # Copyright IBM Corp. 1992, 2017. All rights reserved. 4 | # US Government Users Restricted Rights - Use, duplication or disclosure 5 | # restricted by GSA ADP Schedule Contract with IBM Corp. 6 | #----------------------------------- 7 | 8 | - name: Key directory 9 | file: 10 | path: "/etc/openvpn/keys" 11 | recurse: yes 12 | state: directory 13 | 14 | - name: Copy VPN client myvpn.tlsauth 15 | copy: 16 | src: "{{ RC_PLAY_TOP }}/VPN/myvpn.tlsauth" 17 | dest: /etc/openvpn/myvpn.tlsauth 18 | mode: 0400 19 | 20 | - name: Copy VPN client ca.crt 21 | copy: 22 | src: "{{ RC_PLAY_TOP }}/VPN/ca.crt" 23 | dest: /etc/openvpn/keys/ca.crt 24 | 25 | - name: Copy VPN client client.key 26 | copy: 27 | src: "{{ RC_PLAY_TOP }}/VPN/client.key" 28 | dest: /etc/openvpn/keys/client.key 29 | mode: 0400 30 | 31 | - name: Copy VPN client client.crt 32 | copy: 33 | src: "{{ RC_PLAY_TOP }}/VPN/client.crt" 34 | dest: /etc/openvpn/keys/client.crt 35 | 36 | - name: Copy VPN client client.ovpn 37 | copy: 38 | src: "{{ RC_PLAY_TOP }}/VPN/client.ovpn" 39 | dest: /etc/openvpn/client.conf 40 | 41 | - name: Update Client configuration file 42 | lineinfile: 43 | dest: /etc/openvpn/client.conf 44 | backrefs: yes 45 | regexp: '^(remote).*' 46 | line: '\1 {{ ec2.instances[0].public_ip }} 1194 udp' 47 | 48 | - name: Enable IP forwarding 49 | shell: echo 1 > /proc/sys/net/ipv4/ip_forward 50 | args: 51 | warn: False 52 | 53 | #- name: Enable TUN interface forwarding 54 | # shell: "{{ item }}" 55 | # args: 56 | # warn: False 57 | # with_items: 58 | # - iptables -A INPUT -i tun+ -j ACCEPT 59 | # - iptables -A FORWARD -i tun+ -j ACCEPT 60 | 61 | - name: Enable TUN interface input 62 | iptables: 63 | action: insert 64 | chain: INPUT 65 | in_interface: tun+ 66 | jump: ACCEPT 67 | 68 | - name: Enable TUN interface forwarding 69 | iptables: 70 | action: insert 71 | chain: FORWARD 72 | in_interface: tun+ 73 | jump: ACCEPT 74 | 75 | - name: Start the VP Client 76 | systemd: 77 | name: openvpn@client.service 78 | state: restarted 79 | enabled: True 80 | daemon_reload: yes 81 | 82 | - name: ----- WARNING Iptables have been modified!!!!!!!! 83 | debug: 84 | msg: "NOTE: Iptables has been modified to allow VPN subnet access!!!!" 85 | 86 | -------------------------------------------------------------------------------- /LSF_On_AWS/roles/deploy-lsf-master-vpn/vars/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | #----------------------------------- 3 | # Copyright IBM Corp. 1992, 2017. All rights reserved. 4 | # US Government Users Restricted Rights - Use, duplication or disclosure 5 | # restricted by GSA ADP Schedule Contract with IBM Corp. 6 | #----------------------------------- 7 | 8 | -------------------------------------------------------------------------------- /LSF_On_AWS/roles/deploy-lsf/tasks/export-lsf.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # ----------------------------------- 3 | # Copyright IBM Corp. 1992, 2018. All rights reserved. 4 | # US Government Users Restricted Rights - Use, duplication or disclosure 5 | # restricted by GSA ADP Schedule Contract with IBM Corp. 6 | # ----------------------------------- 7 | 8 | - name: Export LSF directories 9 | debug: 10 | msg: "Ansible OS is {{ ansible_os_family }}" 11 | 12 | - name: Set the exports 13 | lineinfile: 14 | dest: "/etc/exports" 15 | state: present 16 | line: "/opt/ibm {{ AWS_VPC_PRV_CIDR }}(rw,async,no_root_squash)" 17 | 18 | - name: Export filesystem 19 | systemd: 20 | name: nfs 21 | state: restarted 22 | enabled: yes 23 | daemon_reload: yes 24 | 25 | -------------------------------------------------------------------------------- /LSF_On_AWS/roles/deploy-lsf/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # ----------------------------------- 3 | # Copyright IBM Corp. 1992, 2018. All rights reserved. 4 | # US Government Users Restricted Rights - Use, duplication or disclosure 5 | # restricted by GSA ADP Schedule Contract with IBM Corp. 6 | # ----------------------------------- 7 | 8 | - include: setup-lsf-prereqs.yml 9 | 10 | - include: export-lsf.yml 11 | -------------------------------------------------------------------------------- /LSF_On_AWS/roles/deploy-lsf/tasks/setup-lsf-prereqs.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # ----------------------------------- 3 | # Copyright IBM Corp. 1992, 2018. All rights reserved. 4 | # US Government Users Restricted Rights - Use, duplication or disclosure 5 | # restricted by GSA ADP Schedule Contract with IBM Corp. 6 | # ----------------------------------- 7 | 8 | - name: Start installing LSF Prerequisites 9 | debug: 10 | msg: "Ansible OS is {{ ansible_os_family }}" 11 | 12 | - name: Ensure group "lsfadmin" exists 13 | group: 14 | name: lsfadmin 15 | gid: 495 16 | state: present 17 | 18 | - name: Add User lsfadmin 19 | user: 20 | name: lsfadmin 21 | comment: "lsfadmin" 22 | shell: /bin/bash 23 | home: /home/lsfadmin 24 | createhome: yes 25 | password: "!" 26 | uid: 495 27 | group: lsfadmin 28 | state: present 29 | update_password: always 30 | 31 | - name: Make LSF package repo directory 32 | shell: mkdir -p /opt/ibm/lsf-rpm-repo 33 | 34 | - name: Copy LSF Server rpms 35 | copy: 36 | src: "{{ item }}" 37 | dest: /opt/ibm/lsf-rpm-repo 38 | owner: root 39 | mode: 644 40 | with_fileglob: 41 | - files/rpms/*rpm 42 | 43 | - name: Create a repository from the copied rpms 44 | shell: createrepo /opt/ibm/lsf-rpm-repo 45 | 46 | - name: Configure the local LSF repo 47 | yum_repository: 48 | name: lsf 49 | description: Local LSF YUM repo 50 | baseurl: file:///opt/ibm/lsf-rpm-repo 51 | enabled: no 52 | gpgcheck: no 53 | 54 | # The lsf-ego-server will pull in the lsf-server, lsf-client, lsf-conf 55 | - name: Install LSF packages 56 | yum: 57 | name: lsf-ego-server 58 | enablerepo: lsf 59 | state: present 60 | 61 | - name: Change clustername in lsf.conf 62 | shell: sed -i -e s:myCluster:"{{ LOCAL_LSF_CLUSTER_NAME | default('myCluster') }}":g "{{ item }}" 63 | with_items: 64 | - "{{ LSF_CONF_DIR }}/lsf.conf" 65 | - "{{ LSF_CONF_DIR }}/cshrc.lsf" 66 | - "{{ LSF_CONF_DIR }}/profile.lsf" 67 | - "{{ LSF_CONF_DIR }}/lsf.shared" 68 | when: '"{{ LOCAL_LSF_CLUSTER_NAME }}" not in "myCluster"' 69 | 70 | - name: Check for lsf.cluster.(clustername) file 71 | stat: path="{{ LSF_CONF_DIR }}/lsf.cluster.{{ LOCAL_LSF_CLUSTER_NAME | default('myCluster') }}" 72 | register: lsfclusterfile 73 | 74 | - name: Rename lsf.cluster.(clustername) file 75 | shell: mv "{{ LSF_CONF_DIR }}/lsf.cluster.myCluster" "{{ LSF_CONF_DIR }}/lsf.cluster.{{ LOCAL_LSF_CLUSTER_NAME | default('myCluster') }}" 76 | when: lsfclusterfile.stat.exists == False 77 | 78 | - name: Check for lsbatch/(clustername) directory 79 | stat: path="{{ LSF_CONF_DIR }}/lsbatch/{{ LOCAL_LSF_CLUSTER_NAME | default('myCluster') }}" 80 | register: lsbatchdir 81 | 82 | - name: Rename lsbatch/(clustername) directory 83 | shell: mv "{{ LSF_CONF_DIR }}/lsbatch/myCluster" "{{ LSF_CONF_DIR }}/lsbatch/{{ LOCAL_LSF_CLUSTER_NAME | default('myCluster') }}" 84 | when: lsbatchdir.stat.exists == False 85 | 86 | - name: Check for ego/(clustername) directory 87 | stat: path="{{ LSF_CONF_DIR }}/ego/{{ LOCAL_LSF_CLUSTER_NAME | default('myCluster') }}" 88 | register: egodir 89 | 90 | - name: Rename ego/(clustername) directory 91 | shell: mv "{{ LSF_CONF_DIR }}/ego/myCluster" "{{ LSF_CONF_DIR }}/ego/{{ LOCAL_LSF_CLUSTER_NAME | default('myCluster') }}" 92 | when: egodir.stat.exists == False 93 | 94 | - name: Change clustername in ego conf files 95 | shell: sed -i -e s:myCluster:"{{ LOCAL_LSF_CLUSTER_NAME | default('myCluster') }}":g "{{ item }}" 96 | with_items: 97 | - "{{ LSF_CONF_DIR }}/ego/{{ LOCAL_LSF_CLUSTER_NAME }}/eservice/esc/conf/services/named.xml" 98 | - "{{ LSF_CONF_DIR }}/ego/{{ LOCAL_LSF_CLUSTER_NAME }}/eservice/esd/conf/named/conf/named.conf" 99 | - "{{ LSF_CONF_DIR }}/ego/{{ LOCAL_LSF_CLUSTER_NAME }}/kernel/ego.conf" 100 | when: 101 | - egodir.stat.exists == False 102 | - '"{{ LOCAL_LSF_CLUSTER_NAME }}" not in "myCluster"' 103 | 104 | # Modify the LSF lsf.conf file 105 | - name: Set the LSF_MASTER_LIST 106 | lineinfile: 107 | dest: "{{ LSF_TOP }}/conf/lsf.conf" 108 | state: present 109 | regexp: '^LSF_MASTER_LIST.*' 110 | line: "{{ hostvars[groups.LSF_Masters[0]]['LSF_MASTER_LIST'] }}" 111 | 112 | - name: Set the LSF_SERVER_HOSTS 113 | lineinfile: 114 | dest: "{{ LSF_TOP }}/conf/lsf.conf" 115 | state: present 116 | regexp: '^LSF_SERVER_HOSTS.*' 117 | line: "{{ hostvars[groups.LSF_Masters[0]]['LSF_SERVER_HOSTS'] }}" 118 | 119 | - name: Set the LSF_LOCAL_RESOURCES 120 | lineinfile: 121 | dest: "{{ LSF_TOP }}/conf/lsf.conf" 122 | state: present 123 | regexp: '^LSF_LOCAL_RESOURCES.*' 124 | line: LSF_LOCAL_RESOURCES="[resource awshost]" 125 | 126 | - name: Set LSF_GET_CONF=lim 127 | lineinfile: 128 | dest: "{{ LSF_TOP }}/conf/lsf.conf" 129 | state: present 130 | regexp: '^LSF_GET_CONF.*' 131 | line: "LSF_GET_CONF=lim" 132 | 133 | - name: Set the EGO_MASTER_LIST 134 | lineinfile: 135 | dest: "{{ LSF_TOP }}/conf/ego/{{ LOCAL_LSF_CLUSTER_NAME | default('myCluster') }}/kernel/ego.conf" 136 | state: present 137 | regexp: '^EGO_MASTER_LIST.*' 138 | line: "{{ hostvars[groups.LSF_Masters[0]]['EGO_MASTER_LIST'] }}" 139 | 140 | - name: Fix the master_hosts list 141 | lineinfile: 142 | dest: "{{ LSF_TOP }}/conf/lsbatch/{{ LOCAL_LSF_CLUSTER_NAME | default('myCluster') }}/configdir/lsb.hosts" 143 | backup: yes 144 | backrefs: yes 145 | regexp: '^(master_hosts.*)' 146 | line: '# \1' 147 | 148 | - name: Disable DNS hostname resolution on cloud machines 149 | # Having it on messes up LSF because private IP's overlap with Amazon private IPs 150 | lineinfile: 151 | dest: "/etc/nsswitch.conf" 152 | state: present 153 | regexp: '^hosts.*' 154 | line: 'hosts: files myhostname' 155 | 156 | - name: Copy LSF host file to a common location 157 | copy: 158 | dest: "{{ LSF_CONF_DIR }}/hosts" 159 | src: "{{ RC_PLAY_TOP }}/files/hosts-lsf" 160 | follow: yes 161 | 162 | - name: Disable DNS hostname resolution on cloud machines 163 | # Having it on messes up LSF because private IP's overlap with Amazon private IPs 164 | lineinfile: 165 | dest: "/etc/nsswitch.conf" 166 | state: present 167 | regexp: '^hosts.*' 168 | line: 'hosts: files myhostname' 169 | 170 | - name: Start LSF Daemons 171 | systemd: 172 | name: lsfd 173 | state: restarted 174 | enabled: yes 175 | daemon_reload: yes 176 | 177 | -------------------------------------------------------------------------------- /LSF_On_AWS/roles/deploy-vpn/tasks/configure_vpn_server.yml: -------------------------------------------------------------------------------- 1 | --- 2 | #----------------------------------- 3 | # Copyright IBM Corp. 1992, 2017. All rights reserved. 4 | # US Government Users Restricted Rights - Use, duplication or disclosure 5 | # restricted by GSA ADP Schedule Contract with IBM Corp. 6 | #----------------------------------- 7 | 8 | - name: Show OS 9 | debug: 10 | msg: "Ansible OS {{ ansible_os_family }}" 11 | 12 | - name: Get EPEL Repo rpm 13 | get_url: 14 | url: http://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm 15 | dest: /root/epel-release-latest-7.noarch.rpm 16 | force: no 17 | 18 | - name: Add EPEL Repo rpm 19 | shell: rpm -ivh epel-release-latest-7.noarch.rpm 20 | args: 21 | chdir: /root 22 | warn: False 23 | creates: /etc/yum.repos.d/epel.repo 24 | 25 | - name: Install Dependencies 26 | package: 27 | name: "{{ item }}" 28 | state: latest 29 | with_items: 30 | - openvpn 31 | - iptables-services 32 | - wireshark 33 | - lsof 34 | - which 35 | - nfs-utils 36 | - createrepo 37 | when: ansible_os_family == "RedHat" 38 | 39 | - name: Get easyrsa old version 40 | get_url: 41 | url: https://github.com/OpenVPN/easy-rsa-old/archive/2.3.3.tar.gz 42 | dest: /tmp/easyrsa 43 | force: no 44 | 45 | - name: Extract easyrsa 46 | shell: tar zxf /tmp/easyrsa 47 | args: 48 | chdir: /tmp/ 49 | creates: /tmp/easy-rsa-old-2.3.3/COPYRIGHT.GPL 50 | warn: False 51 | 52 | - name: Make the easyrsa openvpn dir 53 | shell: mkdir /etc/openvpn/easy-rsa 54 | args: 55 | warn: False 56 | 57 | - name: Copy contents to openvpn dir 58 | shell: cp -rf /tmp/easy-rsa-old-2.3.3/easy-rsa/2.0/* /etc/openvpn/easy-rsa 59 | args: 60 | warn: False 61 | 62 | - name: Create Key directory 63 | file: 64 | path: "/etc/openvpn/keys" 65 | recurse: yes 66 | state: directory 67 | 68 | - name: Create ccd directory 69 | file: 70 | path: "/etc/openvpn/ccd" 71 | recurse: yes 72 | state: directory 73 | 74 | - name: Add route to ccd file 75 | lineinfile: 76 | dest: /etc/openvpn/ccd/client 77 | # The clients CN is "client" 78 | state: present 79 | create: yes 80 | line: "iroute {{ CLIENT_NET }} {{ CLIENT_MASK }}" 81 | 82 | - name: Copy VPN file myvpn.tlsauth 83 | copy: 84 | src: "{{ RC_PLAY_TOP }}/VPN/myvpn.tlsauth" 85 | dest: /etc/openvpn/myvpn.tlsauth 86 | mode: 0400 87 | 88 | - name: Copy VPN server file ca.crt 89 | copy: 90 | src: "{{ RC_PLAY_TOP }}/VPN/ca.crt" 91 | dest: /etc/openvpn/keys/ca.crt 92 | 93 | - name: Copy VPN server file dh2048.pem 94 | copy: 95 | src: "{{ RC_PLAY_TOP }}/VPN/dh2048.pem" 96 | dest: /etc/openvpn/keys/dh2048.pem 97 | 98 | - name: Copy VPN server file server.key 99 | copy: 100 | src: "{{ RC_PLAY_TOP }}/VPN/server.key" 101 | dest: /etc/openvpn/keys/server.key 102 | mode: 0400 103 | 104 | - name: Copy VPN server file server.crt 105 | copy: 106 | src: "{{ RC_PLAY_TOP }}/VPN/server.crt" 107 | dest: /etc/openvpn/keys/server.crt 108 | 109 | - name: Copy VPN server file server.conf 110 | copy: 111 | src: "{{ RC_PLAY_TOP }}/VPN/server.conf" 112 | dest: /etc/openvpn/server.conf 113 | 114 | - name: Push route to client in OpenVPN config file 115 | blockinfile: 116 | dest: /etc/openvpn/server.conf 117 | backup: yes 118 | insertafter: '^;push "route 192.168.20.0 255.255.255.0"' 119 | block: | 120 | # LSF - Add a line for the VPN network 121 | push "route {{ SERVER_NET }} {{ SERVER_MASK }}" 122 | # LSF - Also add a line for the AWS private network 123 | push "route {{ AWS_VPC_PRV_CIDR | replace('/24', '') }} 255.255.255.0" 124 | 125 | - name: Config server mode and supply a VPN subnet to OpenVPN config file 126 | lineinfile: 127 | dest: /etc/openvpn/server.conf 128 | state: present 129 | line: "server {{ SERVER_NET }} {{ SERVER_MASK }}" 130 | 131 | - name: Add route to OpenVPN config file 132 | lineinfile: 133 | dest: /etc/openvpn/server.conf 134 | state: present 135 | line: "route {{ CLIENT_NET }} {{ CLIENT_MASK }}" 136 | 137 | 138 | - name: Enable IP forwarding 139 | shell: echo 1 > /proc/sys/net/ipv4/ip_forward 140 | args: 141 | warn: False 142 | 143 | - name: Copy IPtables config file. Iptables module is preview state 144 | template: 145 | src: "{{ RC_PLAY_TOP }}/template/iptables" 146 | dest: /etc/sysconfig/iptables 147 | 148 | #- name: Enable OpenVPN port 149 | # iptables: 150 | # action: insert 151 | # chain: INPUT 152 | # jump: ACCEPT 153 | # protocol: udp 154 | # destination_port: 1194 155 | 156 | #- name: Enable TUN interface input 157 | # iptables: 158 | # action: insert 159 | # chain: INPUT 160 | # in_interface: tun+ 161 | # jump: ACCEPT 162 | 163 | #- name: Enable TUN interface forwarding 164 | # iptables: 165 | # action: insert 166 | # chain: FORWARD 167 | # in_interface: tun+ 168 | # jump: ACCEPT 169 | 170 | - name: Startup the IPTables service 171 | systemd: 172 | state: restarted 173 | enabled: yes 174 | daemon_reload: yes 175 | name: iptables.service 176 | 177 | - name: Startup VPN service 178 | systemd: 179 | state: restarted 180 | enabled: yes 181 | daemon_reload: yes 182 | name: openvpn@server.service 183 | 184 | - name: Reconfigure SSH 185 | lineinfile: 186 | dest: /etc/ssh/sshd_config 187 | backrefs: yes 188 | regexp: '^(PasswordAuthentication).*' 189 | line: '\1 yes' 190 | 191 | - name: Restart Sshd 192 | systemd: 193 | name: sshd 194 | state: restarted 195 | -------------------------------------------------------------------------------- /LSF_On_AWS/roles/deploy-vpn/tasks/enable_root_ssh.yml: -------------------------------------------------------------------------------- 1 | --- 2 | #----------------------------------- 3 | # Copyright IBM Corp. 1992, 2017. All rights reserved. 4 | # US Government Users Restricted Rights - Use, duplication or disclosure 5 | # restricted by GSA ADP Schedule Contract with IBM Corp. 6 | #----------------------------------- 7 | 8 | - name: Check for existing authorized_keys 9 | stat: 10 | path: /root/authorized_keys 11 | register: have_authorized_keys 12 | 13 | - name: Copy ssh key from deployer 14 | copy: 15 | src: files/id_rsa.pub 16 | dest: /root/authorized_keys 17 | when: have_authorized_keys.stat.exists == False 18 | 19 | - name: Update Authoried Keys 20 | shell: cat /root/authorized_keys >> /root/.ssh/authorized_keys 21 | when: have_authorized_keys.stat.exists == False 22 | 23 | -------------------------------------------------------------------------------- /LSF_On_AWS/roles/deploy-vpn/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | #----------------------------------- 3 | # Copyright IBM Corp. 1992, 2017. All rights reserved. 4 | # US Government Users Restricted Rights - Use, duplication or disclosure 5 | # restricted by GSA ADP Schedule Contract with IBM Corp. 6 | #----------------------------------- 7 | 8 | # Load AWS variables 9 | - include_vars: "{{ RC_PLAY_TOP }}/AWS/AWS-config.yml" 10 | 11 | - include: enable_root_ssh.yml 12 | 13 | - include: configure_vpn_server.yml 14 | -------------------------------------------------------------------------------- /LSF_On_AWS/roles/deploy-vpn/vars/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | #----------------------------------- 3 | # Copyright IBM Corp. 1992, 2017. All rights reserved. 4 | # US Government Users Restricted Rights - Use, duplication or disclosure 5 | # restricted by GSA ADP Schedule Contract with IBM Corp. 6 | #----------------------------------- 7 | 8 | -------------------------------------------------------------------------------- /LSF_On_AWS/roles/gather-local-env/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # ----------------------------------- 3 | # Copyright IBM Corp. 1992, 2018. All rights reserved. 4 | # US Government Users Restricted Rights - Use, duplication or disclosure 5 | # restricted by GSA ADP Schedule Contract with IBM Corp. 6 | # ----------------------------------- 7 | 8 | # Harvest the Environment files 9 | - include: prep-env-files.yml 10 | -------------------------------------------------------------------------------- /LSF_On_AWS/roles/gather-local-env/tasks/prep-env-files.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # ----------------------------------- 3 | # Copyright IBM Corp. 1992, 2018. All rights reserved. 4 | # US Government Users Restricted Rights - Use, duplication or disclosure 5 | # restricted by GSA ADP Schedule Contract with IBM Corp. 6 | # ----------------------------------- 7 | 8 | - name: Make local files directory 9 | file: 10 | path: "{{ RC_PLAY_TOP }}/files" 11 | state: directory 12 | 13 | - name: Copy the SSH id_rsa.pub to our files directory 14 | copy: 15 | src: /root/.ssh/id_rsa.pub 16 | dest: "{{ RC_PLAY_TOP }}/files/id_rsa.pub" 17 | remote_src: yes 18 | 19 | - name: Gather the hosts entires 20 | shell: getent hosts | grep -v localhost > "{{ RC_PLAY_TOP }}/files/hosts" 21 | 22 | - name: Gather the users (passwd) entries 23 | shell: getent passwd |awk -F':' '$3 >= 1000 { print $0 }' |grep -v nfsnobody > "{{ RC_PLAY_TOP }}/files/passwd" ; echo "ok" 24 | 25 | - name: Gather the users (shadow) entries 26 | shell: getent shadow > "{{ RC_PLAY_TOP }}/files/shadow.tmp" ; cat /dev/null > "{{ RC_PLAY_TOP }}/files/shadow" ; echo "ok" 27 | 28 | - name: Extract the users (shadow) entries 29 | shell: for i in $(awk -F':' '{ print $1 }' {{ RC_PLAY_TOP }}/files/passwd |sort); do grep -e "^$i:" "{{ RC_PLAY_TOP }}/files/shadow.tmp" >> "{{ RC_PLAY_TOP }}/files/shadow" ; done ; echo "ok" 30 | 31 | - name: Gather the users (group) entries 32 | shell: getent group |awk -F':' '$3 >= 1000 { print $0 }' |grep -v nfsnobody > "{{ RC_PLAY_TOP }}/files/group" ; echo "ok" 33 | 34 | -------------------------------------------------------------------------------- /LSF_On_AWS/roles/gather-lsf-rpms/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | #----------------------------------- 3 | # Copyright IBM Corp. 1992, 2017. All rights reserved. 4 | # US Government Users Restricted Rights - Use, duplication or disclosure 5 | # restricted by GSA ADP Schedule Contract with IBM Corp. 6 | #----------------------------------- 7 | 8 | - include_vars: "{{ RC_PLAY_TOP }}/AWS/AWS-config.yml" 9 | 10 | # Prepare the Deployer with the LSF rpms 11 | - include: setup-lsf-master-repo.yml 12 | when: 13 | - multi_cluster is defined 14 | - multi_cluster == true 15 | 16 | - include: setup-lsf-server-repo.yml 17 | when: 18 | - hybrid_cluster is defined 19 | - hybrid_cluster == true 20 | -------------------------------------------------------------------------------- /LSF_On_AWS/roles/gather-lsf-rpms/tasks/setup-lsf-master-repo.yml: -------------------------------------------------------------------------------- 1 | --- 2 | #----------------------------------- 3 | # Copyright IBM Corp. 1992, 2017. All rights reserved. 4 | # US Government Users Restricted Rights - Use, duplication or disclosure 5 | # restricted by GSA ADP Schedule Contract with IBM Corp. 6 | #----------------------------------- 7 | 8 | - name: Make local rpm directory 9 | file: 10 | path: "{{ RC_PLAY_TOP }}/files/rpms" 11 | recurse: yes 12 | state: directory 13 | 14 | - name: Copy the needed rpms into the files directory 15 | copy: 16 | src: "{{ item }}" 17 | dest: "{{ RC_PLAY_TOP }}/files/rpms" 18 | force: no 19 | mode: 644 20 | with_fileglob: 21 | - "{{ LSF_PACKAGES_DIR }}/ibm-jre*rpm" 22 | - "{{ LSF_PACKAGES_DIR }}/lsf-nfs-support*rpm" 23 | - "{{ LSF_PACKAGES_DIR }}/lsf-client*rpm" 24 | - "{{ LSF_PACKAGES_DIR }}/lsf-conf*rpm" 25 | - "{{ LSF_PACKAGES_DIR }}/lsf-devel*rpm" 26 | - "{{ LSF_PACKAGES_DIR }}/lsf-ego-master*rpm" 27 | - "{{ LSF_PACKAGES_DIR }}/lsf-ego-server*rpm" 28 | - "{{ LSF_PACKAGES_DIR }}/lsf-integrations*rpm" 29 | - "{{ LSF_PACKAGES_DIR }}/lsf-man-pages*rpm" 30 | - "{{ LSF_PACKAGES_DIR }}/lsf-server*rpm" 31 | - "{{ LSF_PACKAGES_DIR }}/lsf-master*rpm" 32 | - "{{ LSF_PACKAGES_DIR }}/lsf-release*rpm" 33 | - "{{ LSF_PACKAGES_DIR }}/lsf-resource-connector*rpm" 34 | -------------------------------------------------------------------------------- /LSF_On_AWS/roles/gather-lsf-rpms/tasks/setup-lsf-server-repo.yml: -------------------------------------------------------------------------------- 1 | --- 2 | #----------------------------------- 3 | # Copyright IBM Corp. 1992, 2017. All rights reserved. 4 | # US Government Users Restricted Rights - Use, duplication or disclosure 5 | # restricted by GSA ADP Schedule Contract with IBM Corp. 6 | #----------------------------------- 7 | 8 | - name: Make local rpm directory 9 | file: 10 | path: "{{ RC_PLAY_TOP }}/files/rpms" 11 | recurse: yes 12 | state: directory 13 | 14 | - name: Copy the needed rpms into the files directory 15 | copy: 16 | src: "{{ item }}" 17 | dest: "{{ RC_PLAY_TOP }}/files/rpms" 18 | force: no 19 | mode: 644 20 | with_fileglob: 21 | - "{{ LSF_PACKAGES_DIR }}/lsf-nfs-support*rpm" 22 | - "{{ LSF_PACKAGES_DIR }}/lsf-client*rpm" 23 | - "{{ LSF_PACKAGES_DIR }}/lsf-conf*rpm" 24 | - "{{ LSF_PACKAGES_DIR }}/lsf-ego-server*rpm" 25 | - "{{ LSF_PACKAGES_DIR }}/lsf-man-pages*rpm" 26 | - "{{ LSF_PACKAGES_DIR }}/lsf-server*rpm" 27 | -------------------------------------------------------------------------------- /LSF_On_AWS/roles/make-ec2-first-node/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | #----------------------------------- 3 | # Copyright IBM Corp. 1992, 2017. All rights reserved. 4 | # US Government Users Restricted Rights - Use, duplication or disclosure 5 | # restricted by GSA ADP Schedule Contract with IBM Corp. 6 | #----------------------------------- 7 | 8 | - include_vars: "{{ RC_PLAY_TOP }}/AWS/AWS-config.yml" 9 | 10 | # Start a Multi-cluster VPN node 11 | - include: start_MC_ec2_node.yml 12 | when: 13 | - multi_cluster is defined 14 | - multi_cluster == true 15 | 16 | - name: Dump variables for debugging 17 | template: 18 | src: template/dumpall.j2 19 | dest: /tmp/ansible-variables-postMC 20 | when: Debug_Tasks == true 21 | 22 | # Start a Stretch Cluster VPN node 23 | - include: start_SC_ec2_node.yml 24 | when: 25 | - hybrid_cluster is defined 26 | - hybrid_cluster == true 27 | 28 | - name: Dump variables for debugging 29 | template: 30 | src: template/dumpall.j2 31 | dest: /tmp/ansible-variables-postSC 32 | when: Debug_Tasks == true 33 | 34 | - name: Store ec2 variable from MC instances 35 | set_fact: 36 | ec2: "{{ ec2_MC }}" 37 | when: 38 | - multi_cluster is defined 39 | - multi_cluster == true 40 | 41 | - name: Store ec2 variable from SC instances 42 | set_fact: 43 | ec2: "{{ ec2_SC }}" 44 | when: 45 | - hybrid_cluster is defined 46 | - hybrid_cluster == true 47 | 48 | - name: Dump variables for debugging 49 | template: 50 | src: template/dumpall.j2 51 | dest: /tmp/ansible-variables-postSC+MC 52 | when: Debug_Tasks == true 53 | 54 | - include: post-deploy-steps.yml 55 | -------------------------------------------------------------------------------- /LSF_On_AWS/roles/make-ec2-first-node/tasks/post-deploy-steps.yml: -------------------------------------------------------------------------------- 1 | # 2 | #----------------------------------- 3 | # Copyright IBM Corp. 1992, 2017. All rights reserved. 4 | # US Government Users Restricted Rights - Use, duplication or disclosure 5 | # restricted by GSA ADP Schedule Contract with IBM Corp. 6 | #----------------------------------- 7 | # 8 | --- 9 | 10 | - name: Add new instance to host group 11 | add_host: 12 | hostname: "{{ item.public_ip }}" 13 | groupname: vpn_host 14 | with_items: "{{ ec2.instances }}" 15 | 16 | - name: Create an inventory file 17 | template: 18 | src: "{{ RC_PLAY_TOP }}/template/inventory-ec2vpn.j2" 19 | dest: "{{ RC_PLAY_TOP }}/inventory_ec2.yml" 20 | follow: yes 21 | 22 | - name: Wait for SSH to come up 23 | wait_for: 24 | host: "{{ item.public_dns_name }}" 25 | port: 22 26 | delay: 60 27 | timeout: 320 28 | state: started 29 | with_items: "{{ ec2.instances }}" 30 | 31 | - name: Output results of starting EC2 instance 32 | debug: 33 | msg: "Our Instance is: {{ ec2.instances }}" 34 | 35 | - name: Dump variables for debugging 36 | template: 37 | src: template/dumpall.j2 38 | dest: /tmp/ansible-variables 39 | when: Debug_Tasks == true 40 | 41 | - name: Save the VPN Private IP address 42 | lineinfile: 43 | dest: "{{ RC_PLAY_TOP }}/AWS/AWS-config.yml" 44 | regexp: '^AWS_VPN_PRV_IP:.*' 45 | line: "AWS_VPN_PRV_IP: {{ hostvars[groups.LSF_Masters[0]]['ec2']['instances'][0]['private_ip'] }}" 46 | 47 | - name: Output 48 | debug: 49 | msg: "Debug: The VPN nodes private IP is {{ hostvars[groups.LSF_Masters[0]]['ec2']['instances'][0]['private_ip'] }}" 50 | 51 | -------------------------------------------------------------------------------- /LSF_On_AWS/roles/make-ec2-first-node/tasks/start_MC_ec2_node.yml: -------------------------------------------------------------------------------- 1 | # 2 | #----------------------------------- 3 | # Copyright IBM Corp. 1992, 2017. All rights reserved. 4 | # US Government Users Restricted Rights - Use, duplication or disclosure 5 | # restricted by GSA ADP Schedule Contract with IBM Corp. 6 | #----------------------------------- 7 | # 8 | --- 9 | 10 | - name: Provision the EC2 node that will be VPN and maybe LSF Master 11 | ec2: 12 | aws_access_key: "{{ AWS_Access_Key }}" 13 | aws_secret_key: "{{ AWS_Secret_Key }}" 14 | key_name: "{{ AWS_Key_Name }}" 15 | group_id: "{{ AWS_VPC_Security_Group }}" 16 | ec2_url: "{{ AWS_EC2_URL }}" 17 | instance_type: "{{ AWS_Instance_Type }}" 18 | region: "{{ AWS_Region }}" 19 | image: "{{ AWS_Image }}" 20 | vpc_subnet_id: "{{ AWS_VPC_PRV_Subnet }}" 21 | assign_public_ip: yes 22 | source_dest_check: no 23 | volumes: 24 | - device_name: /dev/sda1 25 | volume_type: gp2 26 | volume_size: "{{ AWS_Root_Disk_Size }}" 27 | delete_on_termination: yes 28 | wait: true 29 | exact_count: 1 30 | count_tag: foo 31 | instance_tags: 32 | Name: VPN-host-MC 33 | # Would prefer to set the instance profile later, but no API 34 | instance_profile_name: "{{ AWS_IAM_Role_Name }}" 35 | register: ec2_MC 36 | 37 | 38 | -------------------------------------------------------------------------------- /LSF_On_AWS/roles/make-ec2-first-node/tasks/start_SC_ec2_node.yml: -------------------------------------------------------------------------------- 1 | # 2 | #----------------------------------- 3 | # Copyright IBM Corp. 1992, 2017. All rights reserved. 4 | # US Government Users Restricted Rights - Use, duplication or disclosure 5 | # restricted by GSA ADP Schedule Contract with IBM Corp. 6 | #----------------------------------- 7 | # 8 | --- 9 | 10 | - name: Provision the EC2 node that will be VPN and maybe LSF server 11 | ec2: 12 | aws_access_key: "{{ AWS_Access_Key }}" 13 | aws_secret_key: "{{ AWS_Secret_Key }}" 14 | key_name: "{{ AWS_Key_Name }}" 15 | group_id: "{{ AWS_VPC_Security_Group }}" 16 | ec2_url: "{{ AWS_EC2_URL }}" 17 | instance_type: "{{ AWS_Instance_Type }}" 18 | region: "{{ AWS_Region }}" 19 | image: "{{ AWS_Image }}" 20 | vpc_subnet_id: "{{ AWS_VPC_PRV_Subnet }}" 21 | assign_public_ip: yes 22 | source_dest_check: no 23 | volumes: 24 | - device_name: /dev/sda1 25 | volume_type: gp2 26 | volume_size: "{{ AWS_Root_Disk_Size }}" 27 | delete_on_termination: yes 28 | wait: true 29 | exact_count: 1 30 | count_tag: foo 31 | instance_tags: 32 | Name: VPN-host-SC 33 | register: ec2_SC 34 | 35 | -------------------------------------------------------------------------------- /LSF_On_AWS/roles/make-ec2-server-nodes/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | #----------------------------------- 3 | # Copyright IBM Corp. 1992, 2017. All rights reserved. 4 | # US Government Users Restricted Rights - Use, duplication or disclosure 5 | # restricted by GSA ADP Schedule Contract with IBM Corp. 6 | #----------------------------------- 7 | 8 | # Load AWS variables 9 | - include_vars: "{{ RC_PLAY_TOP }}/AWS/AWS-config.yml" 10 | 11 | - include: make-ec2-servers.yml 12 | 13 | -------------------------------------------------------------------------------- /LSF_On_AWS/roles/make-ec2-server-nodes/tasks/make-ec2-servers.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # ----------------------------------- 3 | # Copyright IBM Corp. 1992, 2018. All rights reserved. 4 | # US Government Users Restricted Rights - Use, duplication or disclosure 5 | # restricted by GSA ADP Schedule Contract with IBM Corp. 6 | # ----------------------------------- 7 | 8 | - name: Provision the LSF Server Nodes 9 | ec2: 10 | aws_access_key: "{{ AWS_Access_Key }}" 11 | aws_secret_key: "{{ AWS_Secret_Key }}" 12 | key_name: "{{ AWS_Key_Name }}" 13 | # Security Group 14 | group_id: "{{ AWS_VPC_Security_Group }}" 15 | ec2_url: "{{ AWS_EC2_URL }}" 16 | instance_type: "{{ AWS_Instance_Type }}" 17 | region: "{{ AWS_Region }}" 18 | image: "{{ AWS_Image }}" 19 | vpc_subnet_id: "{{ AWS_VPC_PRV_Subnet }}" 20 | assign_public_ip: yes 21 | wait: true 22 | exact_count: "{{ num_ec2_vm }}" 23 | source_dest_check: no 24 | volumes: 25 | - device_name: /dev/sda1 26 | volume_type: gp2 27 | volume_size: "{{ AWS_Root_Disk_Size }}" 28 | delete_on_termination: yes 29 | count_tag: 30 | Name: DemoServer 31 | instance_tags: 32 | Name: LSF-host 33 | register: newec2servers 34 | when: num_ec2_vm > 0 35 | 36 | - name: Dump variables for debugging 37 | template: 38 | src: template/dumpall.j2 39 | dest: /tmp/ansible-variables3 40 | when: Debug_Tasks 41 | 42 | - name: Load in the playbook provided VPN data (ok to fail) 43 | include_vars: "inventory_ec2.yml" 44 | ignore_errors: True 45 | 46 | - name: Create an inventory file WARNING Assumes LSF_Master[0] is the Deployer 47 | template: 48 | src: "{{ RC_PLAY_TOP }}/template/inventory-ec2servers.j2" 49 | dest: "{{ RC_PLAY_TOP }}/inventory_ec2servers.yml" 50 | follow: yes 51 | 52 | - name: Wait for SSH to come up 53 | wait_for: 54 | host: "{{ item.public_dns_name }}" 55 | port: 22 56 | delay: 60 57 | timeout: 320 58 | state: started 59 | with_items: "{{ newec2servers.instances }}" 60 | 61 | - name: Create a host file for the Cloud Servers 62 | template: 63 | src: "{{ RC_PLAY_TOP }}/template/hosts.j2" 64 | dest: "{{ RC_PLAY_TOP }}/files/hosts.ec2" 65 | follow: yes 66 | 67 | -------------------------------------------------------------------------------- /LSF_On_AWS/roles/make-ec2-vpc/files/mask2cidr.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | #----------------------------------- 3 | # Copyright IBM Corp. 1992, 2017. All rights reserved. 4 | # US Government Users Restricted Rights - Use, duplication or disclosure 5 | # restricted by GSA ADP Schedule Contract with IBM Corp. 6 | #----------------------------------- 7 | 8 | # Function calculates number of bit in a netmask 9 | # See: https://www.linuxquestions.org/questions/programming-9/bash-cidr-calculator-646701/ 10 | # For original source of mask2cidr function 11 | mask2cidr() { 12 | nbits=0 13 | IFS=. 14 | for dec in $1 ; do 15 | case $dec in 16 | 255) let nbits+=8;; 17 | 254) let nbits+=7;; 18 | 252) let nbits+=6;; 19 | 248) let nbits+=5;; 20 | 240) let nbits+=4;; 21 | 224) let nbits+=3;; 22 | 192) let nbits+=2;; 23 | 128) let nbits+=1;; 24 | 0);; 25 | *) echo "Error: $dec is not recognised"; exit 1 26 | esac 27 | done 28 | echo "$nbits" 29 | } 30 | 31 | NET=$1 32 | MASK=$2 33 | if [ -z $MASK ]; then 34 | echo "Provide a subnet mask for conversion" 35 | exit 1 36 | fi 37 | 38 | bcnt=$(mask2cidr $MASK) 39 | echo "${NET}/${bcnt}" 40 | exit 0 41 | 42 | -------------------------------------------------------------------------------- /LSF_On_AWS/roles/make-ec2-vpc/tasks/create_ec2_key_pairs.yml: -------------------------------------------------------------------------------- 1 | --- 2 | #----------------------------------- 3 | # Copyright IBM Corp. 1992, 2017. All rights reserved. 4 | # US Government Users Restricted Rights - Use, duplication or disclosure 5 | # restricted by GSA ADP Schedule Contract with IBM Corp. 6 | #----------------------------------- 7 | 8 | - name: Running create_ec2_key_pairs.yml 9 | debug: 10 | msg: "The EC2 key file {{ AWS_Key_Name }}.pem was not found. Making one " 11 | 12 | - name: Remove any existing EC2 Key 13 | ec2_key: 14 | aws_access_key: "{{ AWS_Access_Key }}" 15 | aws_secret_key: "{{ AWS_Secret_Key }}" 16 | ec2_url: "{{ AWS_EC2_URL }}" 17 | region: "{{ AWS_Region }}" 18 | state: absent 19 | name: "{{ AWS_Key_Name }}" 20 | ignore_errors: True 21 | 22 | - name: Generate the EC2 Key 23 | ec2_key: 24 | aws_access_key: "{{ AWS_Access_Key }}" 25 | aws_secret_key: "{{ AWS_Secret_Key }}" 26 | ec2_url: "{{ AWS_EC2_URL }}" 27 | region: "{{ AWS_Region }}" 28 | state: present 29 | name: "{{ AWS_Key_Name }}" 30 | register: ec2key 31 | 32 | - name: Dump variables for debugging 33 | template: 34 | src: "{{ RC_PLAY_TOP }}/template/dumpall.j2" 35 | dest: /tmp/ansible-vpc-keys 36 | when: Debug_Tasks == true 37 | 38 | - name: Save the key into a pem file 39 | blockinfile: 40 | dest: "{{ RC_PLAY_TOP }}/AWS/{{ AWS_Key_Name }}.pem" 41 | block: "{{ec2key.key.private_key}}" 42 | create: yes 43 | mode: 0400 44 | marker: '' 45 | -------------------------------------------------------------------------------- /LSF_On_AWS/roles/make-ec2-vpc/tasks/create_nacls.yml: -------------------------------------------------------------------------------- 1 | --- 2 | #----------------------------------- 3 | # Copyright IBM Corp. 1992, 2017. All rights reserved. 4 | # US Government Users Restricted Rights - Use, duplication or disclosure 5 | # restricted by GSA ADP Schedule Contract with IBM Corp. 6 | #----------------------------------- 7 | 8 | - name: Running create_nacls.yml 9 | debug: 10 | msg: "Creating Network ACL in VPC {{ AWS_VPC }} for subnet {{ AWS_VPC_PRV_Subnet }} " 11 | 12 | # Creating the VPC seems to create a default NACL. If we create another 13 | # NACL it has the associated subnet, but is not the default. 14 | - name: Load the default Network ACL for VPC 15 | ec2_vpc_nacl_facts: 16 | aws_access_key: "{{ AWS_Access_Key }}" 17 | aws_secret_key: "{{ AWS_Secret_Key }}" 18 | region: "{{ AWS_Region }}" 19 | filters: 20 | 'default': 'true' 21 | register: default_nacls 22 | 23 | - name: Output the default NACL id 24 | debug: 25 | msg: "Found default NACL: {{ default_nacls.nacls[0].nacl_id }}" 26 | 27 | - name: "Create and associate private network with ACL" 28 | ec2_vpc_nacl: 29 | aws_access_key: "{{ AWS_Access_Key }}" 30 | aws_secret_key: "{{ AWS_Secret_Key }}" 31 | region: "{{ AWS_Region }}" 32 | state: present 33 | vpc_id: "{{ AWS_VPC }}" 34 | name: My_LSF_VPC_NACL 35 | subnets: "{{ AWS_VPC_PRV_Subnet }}" 36 | ingress: 37 | - [100, 'tcp', 'allow', '0.0.0.0/0', null, null, 22, 22] 38 | - [300, 'icmp', 'allow', '0.0.0.0/0', 0, 8] 39 | - [500, 'udp', 'allow', '0.0.0.0/0', null, null, 1194, 1194] 40 | - [600, 'tcp', 'allow', '0.0.0.0/0', null, null, 32768, 65535] 41 | egress: 42 | - [100, 'all', 'allow', '0.0.0.0/0', null, null, null, null] 43 | register: pub_nacl 44 | 45 | - name: Dump variables for debugging 46 | template: 47 | src: "{{ RC_PLAY_TOP }}/template/dumpall.j2" 48 | dest: /tmp/ansible-vpc-nacls 49 | when: Debug_Tasks == true 50 | 51 | - name: Set public subnet route value in file 52 | lineinfile: 53 | dest: "{{ RC_PLAY_TOP }}/AWS/AWS-config.yml" 54 | regexp: '^AWS_VPC_NACLs:.*' 55 | line: 'AWS_VPC_NACLs: {{ pub_nacl.nacl_id }}' 56 | -------------------------------------------------------------------------------- /LSF_On_AWS/roles/make-ec2-vpc/tasks/create_routes.yml: -------------------------------------------------------------------------------- 1 | --- 2 | #----------------------------------- 3 | # Copyright IBM Corp. 1992, 2017. All rights reserved. 4 | # US Government Users Restricted Rights - Use, duplication or disclosure 5 | # restricted by GSA ADP Schedule Contract with IBM Corp. 6 | #----------------------------------- 7 | 8 | - name: Running create_routes.yml 9 | debug: 10 | msg: "Creating routes in VPC {{ AWS_VPC }} for subnet {{ AWS_VPC_PRV_Subnet }} " 11 | 12 | - name: Enable an Internet Gateway for this VPC and get its id 13 | ec2_vpc_igw: 14 | aws_access_key: "{{ AWS_Access_Key }}" 15 | aws_secret_key: "{{ AWS_Secret_Key }}" 16 | ec2_url: "{{ AWS_EC2_URL }}" 17 | region: "{{ AWS_Region }}" 18 | vpc_id: "{{ AWS_VPC }}" 19 | state: present 20 | register: igw 21 | 22 | - name: Create a VPC subnet routes so we can install prerequisites from the internet 23 | ec2_vpc_route_table: 24 | aws_access_key: "{{ AWS_Access_Key }}" 25 | aws_secret_key: "{{ AWS_Secret_Key }}" 26 | ec2_url: "{{ AWS_EC2_URL }}" 27 | region: "{{ AWS_Region }}" 28 | state: present 29 | vpc_id: "{{ AWS_VPC }}" 30 | subnets: 31 | - "{{ AWS_VPC_PRV_Subnet }}" 32 | routes: 33 | - dest: 0.0.0.0/0 34 | gateway_id: "{{ igw.gateway_id }}" 35 | resource_tags: 36 | Name: Public subnet Routes 37 | register: pub_subnet_routes 38 | 39 | - name: Dump variables for debugging 40 | template: 41 | src: "{{ RC_PLAY_TOP }}/template/dumpall.j2" 42 | dest: /tmp/ansible-vpc-routes 43 | when: Debug_Tasks == true 44 | 45 | - name: Set public subnet route value in file 46 | lineinfile: 47 | dest: "{{ RC_PLAY_TOP }}/AWS/AWS-config.yml" 48 | regexp: '^AWS_VPC_Routes:.*' 49 | line: 'AWS_VPC_Routes: {{ pub_subnet_routes.route_table.id }}' 50 | 51 | - name: Set Internet Gateway value in file 52 | lineinfile: 53 | dest: "{{ RC_PLAY_TOP }}/AWS/AWS-config.yml" 54 | regexp: '^AWS_VPC_IGW:.*' 55 | line: 'AWS_VPC_IGW: {{ igw.gateway_id }}' 56 | 57 | -------------------------------------------------------------------------------- /LSF_On_AWS/roles/make-ec2-vpc/tasks/create_security_grp.yml: -------------------------------------------------------------------------------- 1 | --- 2 | #----------------------------------- 3 | # Copyright IBM Corp. 1992, 2017. All rights reserved. 4 | # US Government Users Restricted Rights - Use, duplication or disclosure 5 | # restricted by GSA ADP Schedule Contract with IBM Corp. 6 | #----------------------------------- 7 | 8 | - name: Running create_security_grp.yml 9 | debug: 10 | msg: "Creating Security Group in VPC {{ AWS_VPC }} for subnet {{ AWS_VPC_PRV_Subnet }} " 11 | 12 | - name: "Create the Security Group" 13 | ec2_group: 14 | aws_access_key: "{{ AWS_Access_Key }}" 15 | aws_secret_key: "{{ AWS_Secret_Key }}" 16 | ec2_url: "{{ AWS_EC2_URL }}" 17 | region: "{{ AWS_Region }}" 18 | state: present 19 | vpc_id: "{{ AWS_VPC }}" 20 | name: My_LSF_VPC_SEC_GRP 21 | description: Allow SSH and OpenVPN 22 | rules: 23 | - proto: tcp 24 | from_port: 22 25 | to_port: 22 26 | cidr_ip: 0.0.0.0/0 27 | # rule_desc: Allow SSH 28 | - proto: udp 29 | from_port: 1194 30 | to_port: 1194 31 | cidr_ip: 0.0.0.0/0 32 | # rule_desc: Allow OpenVPN 33 | - proto: icmp 34 | from_port: 8 # icmp type, -1 = any type 35 | to_port: -1 # icmp subtype, -1 = any subtype 36 | cidr_ip: 0.0.0.0/0 37 | - proto: icmp 38 | from_port: 3 # icmp type, -1 = any type 39 | to_port: -1 # icmp subtype, -1 = any subtype 40 | cidr_ip: "{{ client_cidr }}" 41 | - proto: icmp 42 | from_port: 3 # icmp type, -1 = any type 43 | to_port: -1 # icmp subtype, -1 = any subtype 44 | cidr_ip: "{{ server_cidr }}" 45 | - proto: tcp 46 | from_port: 0 47 | to_port: 65535 48 | cidr_ip: "{{ client_cidr }}" 49 | # rule_desc: Allow TCP from Client Net 50 | - proto: udp 51 | from_port: 0 52 | to_port: 65535 53 | cidr_ip: "{{ client_cidr }}" 54 | # rule_desc: Allow UDP from Client Net 55 | - proto: tcp 56 | from_port: 0 57 | to_port: 65535 58 | cidr_ip: "{{ server_cidr }}" 59 | # rule_desc: Allow TCP from VPN Net 60 | - proto: udp 61 | from_port: 0 62 | to_port: 65535 63 | cidr_ip: "{{ server_cidr }}" 64 | # rule_desc: Allow UDP from VPN Net 65 | - proto: tcp 66 | from_port: 0 67 | to_port: 65535 68 | cidr_ip: "{{ AWS_VPC_PRV_CIDR }}" 69 | # rule_desc: Allow TCP from EC2 subnet 70 | - proto: udp 71 | from_port: 0 72 | to_port: 65535 73 | cidr_ip: "{{ AWS_VPC_PRV_CIDR }}" 74 | # rule_desc: Allow UDP from EC2 subnet 75 | register: security_grp 76 | 77 | - name: Dump variables for debugging 78 | template: 79 | src: "{{ RC_PLAY_TOP }}/template/dumpall.j2" 80 | dest: /tmp/ansible-vpc-sec_grp 81 | when: Debug_Tasks == true 82 | 83 | - name: Set security group value in file 84 | lineinfile: 85 | dest: "{{ RC_PLAY_TOP }}/AWS/AWS-config.yml" 86 | regexp: '^AWS_VPC_Security_Group:.*' 87 | line: 'AWS_VPC_Security_Group: {{ security_grp.group_id }}' 88 | -------------------------------------------------------------------------------- /LSF_On_AWS/roles/make-ec2-vpc/tasks/create_subnets.yml: -------------------------------------------------------------------------------- 1 | --- 2 | #----------------------------------- 3 | # Copyright IBM Corp. 1992, 2017. All rights reserved. 4 | # US Government Users Restricted Rights - Use, duplication or disclosure 5 | # restricted by GSA ADP Schedule Contract with IBM Corp. 6 | #----------------------------------- 7 | 8 | - name: Running create_subnets.yml 9 | debug: 10 | msg: "Creating subnets in VPC {{ AWS_VPC }} " 11 | 12 | - name: Create a VPC private subnet 13 | ec2_vpc_subnet: 14 | aws_access_key: "{{ AWS_Access_Key }}" 15 | aws_secret_key: "{{ AWS_Secret_Key }}" 16 | ec2_url: "{{ AWS_EC2_URL }}" 17 | region: "{{ AWS_Region }}" 18 | state: present 19 | vpc_id: "{{ AWS_VPC }}" 20 | cidr: "{{ AWS_VPC_PRV_CIDR }}" 21 | #(added in ansible 2.4) 22 | # map_public:true 23 | resource_tags: 24 | Name: Private subnet 25 | register: private_subnet 26 | 27 | - name: Set pravate subnet ID value in file 28 | lineinfile: 29 | dest: "{{ RC_PLAY_TOP }}/AWS/AWS-config.yml" 30 | regexp: '^AWS_VPC_PRV_Subnet:.*' 31 | line: 'AWS_VPC_PRV_Subnet: {{ private_subnet.subnet.id }}' 32 | 33 | -------------------------------------------------------------------------------- /LSF_On_AWS/roles/make-ec2-vpc/tasks/create_vpc.yml: -------------------------------------------------------------------------------- 1 | --- 2 | #----------------------------------- 3 | # Copyright IBM Corp. 1992, 2017. All rights reserved. 4 | # US Government Users Restricted Rights - Use, duplication or disclosure 5 | # restricted by GSA ADP Schedule Contract with IBM Corp. 6 | #----------------------------------- 7 | 8 | - name: Running create_vpc.yml 9 | debug: 10 | msg: "Creating VPC in {{ AWS_Region }} with CIDR block {{ AWS_VPC_CIDR }} " 11 | 12 | - name: Create a VPC 13 | ec2_vpc_net: 14 | name: My_LSF_VPC 15 | aws_access_key: "{{ AWS_Access_Key }}" 16 | aws_secret_key: "{{ AWS_Secret_Key }}" 17 | ec2_url: "{{ AWS_EC2_URL }}" 18 | region: "{{ AWS_Region }}" 19 | cidr_block: "{{ AWS_VPC_CIDR }}" 20 | state: present 21 | register: vpc 22 | 23 | - name: Dump variables for debugging 24 | template: 25 | src: "{{ RC_PLAY_TOP }}/template/dumpall.j2" 26 | dest: /tmp/ansible-variables-vpc 27 | when: Debug_Tasks == true 28 | 29 | - name: Set vpc value in file 30 | lineinfile: 31 | dest: "{{ RC_PLAY_TOP }}/AWS/AWS-config.yml" 32 | regexp: '^AWS_VPC:.*' 33 | line: 'AWS_VPC: {{ vpc.vpc.id }}' 34 | 35 | 36 | -------------------------------------------------------------------------------- /LSF_On_AWS/roles/make-ec2-vpc/tasks/get_maskcidr.yml: -------------------------------------------------------------------------------- 1 | --- 2 | #----------------------------------- 3 | # Copyright IBM Corp. 1992, 2017. All rights reserved. 4 | # US Government Users Restricted Rights - Use, duplication or disclosure 5 | # restricted by GSA ADP Schedule Contract with IBM Corp. 6 | #----------------------------------- 7 | 8 | - name: Convert to CIDR range 9 | script: ../files/mask2cidr.sh "{{ CLIENT_NET }}" "{{ CLIENT_MASK }}" 10 | register: client_cidr_out 11 | 12 | - name: Store CIDR 13 | set_fact: 14 | client_cidr: "{{ client_cidr_out.stdout_lines[0] }}" 15 | 16 | - name: Debug client CIDR 17 | debug: 18 | msg: "Converted {{ CLIENT_NET }} {{ CLIENT_MASK }} to: {{ client_cidr }}" 19 | 20 | - name: Convert SERVER to CIDR range 21 | script: ../files/mask2cidr.sh "{{ SERVER_NET }}" "{{ SERVER_MASK }}" 22 | register: server_cidr_out 23 | 24 | - name: Store SERVER CIDR 25 | set_fact: 26 | server_cidr: "{{ server_cidr_out.stdout_lines[0] }}" 27 | 28 | - name: Debug server CIDR 29 | debug: 30 | msg: "Converted {{ SERVER_NET }} {{ SERVER_MASK }} to: {{ server_cidr }}" 31 | -------------------------------------------------------------------------------- /LSF_On_AWS/roles/make-ec2-vpc/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | #----------------------------------- 3 | # Copyright IBM Corp. 1992, 2017. All rights reserved. 4 | # US Government Users Restricted Rights - Use, duplication or disclosure 5 | # restricted by GSA ADP Schedule Contract with IBM Corp. 6 | #----------------------------------- 7 | 8 | - include_vars: "{{ RC_PLAY_TOP }}/AWS/AWS-config.yml" 9 | 10 | - local_action: stat path="{{ RC_PLAY_TOP }}/AWS/{{ AWS_Key_Name }}.pem" 11 | register: aws_key_file 12 | become: no 13 | 14 | - include: create_ec2_key_pairs.yml 15 | when: not aws_key_file.stat.exists 16 | 17 | - include: create_vpc.yml 18 | when: AWS_VPC == "none" 19 | 20 | # Reload variables to catch changes 21 | - include_vars: "{{ RC_PLAY_TOP }}/AWS/AWS-config.yml" 22 | 23 | - include: get_maskcidr.yml 24 | 25 | - include: create_subnets.yml 26 | when: AWS_VPC_PRV_Subnet == "none" 27 | 28 | # Reload variables to catch changes 29 | - include_vars: "{{ RC_PLAY_TOP }}/AWS/AWS-config.yml" 30 | 31 | - include: create_routes.yml 32 | when: AWS_VPC_Routes == "none" 33 | 34 | # Reload variables to catch changes 35 | - include_vars: "{{ RC_PLAY_TOP }}/AWS/AWS-config.yml" 36 | 37 | - include: create_security_grp.yml 38 | when: AWS_VPC_Security_Group == "none" 39 | 40 | # Reload variables to catch changes 41 | - include_vars: "{{ RC_PLAY_TOP }}/AWS/AWS-config.yml" 42 | 43 | - include: create_nacls.yml 44 | when: AWS_VPC_NACLs == "none" 45 | -------------------------------------------------------------------------------- /LSF_On_AWS/roles/make-iam-role/files/permission-policy.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Effect": "Allow", 6 | "Action": "iam:PassRole", 7 | "Resource": "*" 8 | }, 9 | { 10 | "Effect": "Allow", 11 | "Action": "iam:ListInstanceProfiles", 12 | "Resource": "*" 13 | }, 14 | { 15 | "Effect": "Allow", 16 | "Action": "ec2:*", 17 | "Resource": "*" 18 | } 19 | ] 20 | } 21 | -------------------------------------------------------------------------------- /LSF_On_AWS/roles/make-iam-role/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | #----------------------------------- 3 | # Copyright IBM Corp. 1992, 2017. All rights reserved. 4 | # US Government Users Restricted Rights - Use, duplication or disclosure 5 | # restricted by GSA ADP Schedule Contract with IBM Corp. 6 | #----------------------------------- 7 | 8 | - include_vars: "{{ RC_PLAY_TOP }}/AWS/AWS-config.yml" 9 | 10 | - include: make-role.yml 11 | when: 12 | - multi_cluster is defined 13 | - multi_cluster == true 14 | - AWS_IAM_Role_Name == "none" 15 | -------------------------------------------------------------------------------- /LSF_On_AWS/roles/make-iam-role/tasks/make-role.yml: -------------------------------------------------------------------------------- 1 | # 2 | #----------------------------------- 3 | # Copyright IBM Corp. 1992, 2017. All rights reserved. 4 | # US Government Users Restricted Rights - Use, duplication or disclosure 5 | # restricted by GSA ADP Schedule Contract with IBM Corp. 6 | #----------------------------------- 7 | # 8 | --- 9 | 10 | - name: Create IAM role 11 | iam: 12 | aws_access_key: "{{ AWS_Access_Key }}" 13 | aws_secret_key: "{{ AWS_Secret_Key }}" 14 | ec2_url: "{{ AWS_EC2_URL }}" 15 | region: "{{ AWS_Region }}" 16 | iam_type: role 17 | name: LSFRCRole 18 | state: present 19 | trust_policy: 20 | Version: '2012-10-17' 21 | Statement: 22 | - Action: sts:AssumeRole 23 | Effect: Allow 24 | Principal: 25 | Service: ec2.amazonaws.com 26 | 27 | - name: Apply policy to new role 28 | iam_policy: 29 | aws_access_key: "{{ AWS_Access_Key }}" 30 | aws_secret_key: "{{ AWS_Secret_Key }}" 31 | ec2_url: "{{ AWS_EC2_URL }}" 32 | region: "{{ AWS_Region }}" 33 | iam_type: role 34 | iam_name: LSFRCRole 35 | policy_name: "RC-Access" 36 | policy_document: "{{ RC_PLAY_TOP }}/roles/make-iam-role/tasks/permission-policy.json" 37 | state: present 38 | 39 | - name: Set IAM Role name 40 | lineinfile: 41 | dest: "{{ RC_PLAY_TOP }}/AWS/AWS-config.yml" 42 | regexp: '^AWS_IAM_Role_Name:.*' 43 | line: 'AWS_IAM_Role_Name: LSFRCRole' 44 | 45 | -------------------------------------------------------------------------------- /LSF_On_AWS/roles/make-iam-role/tasks/permission-policy.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Effect": "Allow", 6 | "Action": [ 7 | "ec2:DescribeInstances", 8 | "ec2:DescribeInstanceStatus", 9 | "ec2:DescribeKeyPairs", 10 | "ec2:RunInstances", 11 | "ec2:TerminateInstances", 12 | "ec2:CreateTags", 13 | "ec2:CreateKeyPair", 14 | "ec2:ModifyIdFormat", 15 | "iam:PassRole", 16 | "iam:ListInstanceProfiles", 17 | "ec2:AssociateIamInstanceProfile", 18 | "ec2:ReplaceIamInstanceProfileAssociation", 19 | "ec2:CancelSpotFleetRequests", 20 | "ec2:DescribeSpotFleetInstances", 21 | "ec2:DescribeSpotFleetRequests", 22 | "ec2:DescribeSpotFleetRequestHistory", 23 | "ec2:ModifySpotFleetRequest", 24 | "ec2:RequestSpotFleet" 25 | ], 26 | "Resource": "*" 27 | } 28 | ] 29 | } 30 | -------------------------------------------------------------------------------- /LSF_On_AWS/roles/prep-deployer/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | #----------------------------------- 3 | # Copyright IBM Corp. 1992, 2017. All rights reserved. 4 | # US Government Users Restricted Rights - Use, duplication or disclosure 5 | # restricted by GSA ADP Schedule Contract with IBM Corp. 6 | #----------------------------------- 7 | 8 | # Prepare the Deployer to install parts on AWS 9 | - include: setup-deployer.yml 10 | -------------------------------------------------------------------------------- /LSF_On_AWS/roles/prep-deployer/tasks/setup-deployer.yml: -------------------------------------------------------------------------------- 1 | --- 2 | #----------------------------------- 3 | # Copyright IBM Corp. 1992, 2017. All rights reserved. 4 | # US Government Users Restricted Rights - Use, duplication or disclosure 5 | # restricted by GSA ADP Schedule Contract with IBM Corp. 6 | #----------------------------------- 7 | 8 | - name: Check for boto packages 9 | shell: rpm -qa |grep -c python2-boto 10 | register: HaveBoto 11 | ignore_errors: True 12 | 13 | - name: Set HaveBoto fact 14 | set_fact: 15 | HaveBoto: "{{ HaveBoto.stdout_lines[0] |int }}" 16 | 17 | - name: Install Dependencies for getting boto packages 18 | package: 19 | name: "{{ item }}" 20 | state: latest 21 | with_items: 22 | - wget 23 | when: 24 | - ansible_os_family == "RedHat" 25 | - HaveBoto > 0 26 | 27 | - name: Get EPEL Repo rpm 28 | shell: wget http://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm 29 | args: 30 | chdir: /root 31 | creates: /root/epel-release-latest-7.noarch.rpm 32 | warn: false 33 | when: 34 | - ansible_os_family == "RedHat" 35 | - HaveBoto > 0 36 | 37 | - name: Add EPEL Repo rpm 38 | shell: rpm -ivh epel-release-latest-7.noarch.rpm 39 | args: 40 | chdir: /root 41 | warn: False 42 | creates: /etc/yum.repos.d/epel.repo 43 | when: 44 | - ansible_os_family == "RedHat" 45 | - HaveBoto > 0 46 | 47 | - name: Install boto packages 48 | package: 49 | name: "{{ item }}" 50 | state: latest 51 | with_items: 52 | - python2-boto 53 | - python2-boto3 54 | when: 55 | - ansible_os_family == "RedHat" 56 | - HaveBoto > 0 57 | 58 | - name: Make local files directory 59 | file: 60 | path: "{{ RC_PLAY_TOP }}/files" 61 | state: directory 62 | 63 | - name: Copy the SSH id_rsa.pub to our files directory 64 | copy: 65 | src: /root/.ssh/id_rsa.pub 66 | dest: "{{ RC_PLAY_TOP }}/files/id_rsa.pub" 67 | 68 | - name: Remove VPN Server tun0 IP from SSH knownhosts 69 | lineinfile: 70 | dest: /root/.ssh/known_hosts 71 | state: absent 72 | regexp: "^{{ SERVER_IP|regex_escape() }}.*" 73 | 74 | -------------------------------------------------------------------------------- /LSF_On_AWS/roles/prep-lsf-master-vpn/tasks/install-vpn-prereqs.yml: -------------------------------------------------------------------------------- 1 | --- 2 | #----------------------------------- 3 | # Copyright IBM Corp. 1992, 2017. All rights reserved. 4 | # US Government Users Restricted Rights - Use, duplication or disclosure 5 | # restricted by GSA ADP Schedule Contract with IBM Corp. 6 | #----------------------------------- 7 | 8 | - name: Get EPEL Repo rpm 9 | get_url: 10 | url: http://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm 11 | dest: /root/epel-release-latest-7.noarch.rpm 12 | force: no 13 | 14 | - name: Add EPEL Repo rpm 15 | shell: rpm -ivh epel-release-latest-7.noarch.rpm 16 | args: 17 | chdir: /root 18 | warn: False 19 | creates: /etc/yum.repos.d/epel.repo 20 | 21 | - name: Install OpenVPN package 22 | package: 23 | name: "{{ item }}" 24 | state: latest 25 | with_items: 26 | - openvpn 27 | when: ansible_os_family == "RedHat" 28 | 29 | - name: Get easyrsa old version 30 | get_url: 31 | url: https://github.com/OpenVPN/easy-rsa-old/archive/2.3.3.tar.gz 32 | dest: /tmp/easyrsa 33 | force: no 34 | 35 | - name: Extract easyrsa 36 | shell: tar zxf /tmp/easyrsa 37 | args: 38 | chdir: /tmp/ 39 | creates: /tmp/easy-rsa-old-2.3.3/COPYRIGHT.GPL 40 | warn: False 41 | 42 | - name: Make the easyrsa openvpn dir 43 | file: 44 | path: /etc/openvpn/easy-rsa 45 | state: directory 46 | mode: 0755 47 | 48 | - name: Copy contents to openvpn dir 49 | shell: cp -rf /tmp/easy-rsa-old-2.3.3/easy-rsa/2.0/* /etc/openvpn/easy-rsa 50 | args: 51 | warn: False 52 | creates: /etc/openvpn/easy-rsa/build-ca 53 | 54 | - name: Key directory 55 | file: 56 | path: "/etc/openvpn/keys" 57 | recurse: yes 58 | state: directory 59 | 60 | -------------------------------------------------------------------------------- /LSF_On_AWS/roles/prep-lsf-master-vpn/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | #----------------------------------- 3 | # Copyright IBM Corp. 1992, 2017. All rights reserved. 4 | # US Government Users Restricted Rights - Use, duplication or disclosure 5 | # restricted by GSA ADP Schedule Contract with IBM Corp. 6 | #----------------------------------- 7 | 8 | # Read variables for subnets 9 | - include_vars: "{{ RC_PLAY_TOP }}/AWS/AWS-config.yml" 10 | 11 | # The LSF master will have the client side VPN 12 | - include: install-vpn-prereqs.yml 13 | -------------------------------------------------------------------------------- /LSF_On_AWS/roles/prepare-ec2-servers/tasks/configure-ec2-servers.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # ----------------------------------- 3 | # Copyright IBM Corp. 1992, 2018. All rights reserved. 4 | # US Government Users Restricted Rights - Use, duplication or disclosure 5 | # restricted by GSA ADP Schedule Contract with IBM Corp. 6 | # ----------------------------------- 7 | 8 | - name: Get EPEL Repo rpm 9 | get_url: 10 | url: http://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm 11 | dest: /root/epel-release-latest-7.noarch.rpm 12 | force: no 13 | 14 | - name: Add EPEL Repo rpm 15 | shell: rpm -ivh epel-release-latest-7.noarch.rpm 16 | args: 17 | chdir: /root 18 | warn: False 19 | creates: /etc/yum.repos.d/epel.repo 20 | 21 | - name: Start installing LSF Prerequisites 22 | debug: 23 | msg: "Ansible OS is {{ ansible_os_family }}" 24 | 25 | - name: Install Package Dependencies for LSF 26 | package: 27 | name: "{{ item }}" 28 | state: latest 29 | with_items: 30 | - lsof 31 | - which 32 | - nfs-utils 33 | - strace 34 | - traceroute 35 | - wireshark 36 | - createrepo 37 | when: ansible_os_family == "RedHat" 38 | 39 | - name: Check for existing authorized_keys 40 | stat: 41 | path: /root/authorized_keys 42 | register: have_authorized_keys 43 | 44 | - name: Copy ssh key from deployer 45 | copy: 46 | src: files/id_rsa.pub 47 | dest: /root/authorized_keys 48 | when: have_authorized_keys.stat.exists == False 49 | 50 | - name: Update Authoried Keys 51 | shell: cat /root/authorized_keys >> /root/.ssh/authorized_keys 52 | when: have_authorized_keys.stat.exists == False 53 | 54 | - name: Check for root SSH keys 55 | stat: 56 | path: /root/.ssh/id_rsa 57 | register: id_rsa 58 | 59 | - name: Make root SSH keys 60 | shell: ssh-keygen -q -t rsa -f /root/.ssh/id_rsa -C "" -N "" 61 | args: 62 | creates: /root/.ssh/id_rsa 63 | chdir: /root 64 | when: id_rsa.stat.exists == False 65 | 66 | - name: Add roots key 67 | shell: cat /root/.ssh/id_rsa.pub >> /root/.ssh/authorized_keys 68 | args: 69 | chdir: /root 70 | when: id_rsa.stat.exists == False 71 | 72 | #- name: Disable DNS hostname resolution on cloud machines 73 | # Having it on messes up LSF because private IP's overlap with Amazon private IPs 74 | # lineinfile: 75 | # dest: "/etc/nsswitch.conf" 76 | # state: present 77 | # regexp: '^hosts.*' 78 | # line: 'hosts: files myhostname' 79 | 80 | - name: Reconfigure SSH 81 | lineinfile: 82 | dest: /etc/ssh/sshd_config 83 | backrefs: yes 84 | regexp: '^(PasswordAuthentication).*' 85 | line: '\1 yes' 86 | 87 | - name: Restart Sshd 88 | systemd: 89 | name: sshd 90 | state: restarted 91 | 92 | # The following routes are NOT for the VPN node 93 | - name: Add Route to the on premises network 94 | shell: route add -net "{{ CLIENT_NET }}" netmask "{{ CLIENT_MASK }}" gw "{{ AWS_VPN_PRV_IP }}" 95 | when: 96 | - inventory_hostname != ec2vpn[0].pub_ip 97 | 98 | - name: Add Route to the VPN network 99 | shell: route add -net "{{ SERVER_NET }}" netmask "{{ SERVER_MASK }}" gw "{{ AWS_VPN_PRV_IP }}" 100 | when: 101 | - inventory_hostname != ec2vpn[0].pub_ip 102 | 103 | # Make the routes perminant 104 | - name: Add route to /etc/sysconfig/network-scripts/route-eth0 part1 105 | lineinfile: 106 | dest: "/etc/sysconfig/network-scripts/route-eth0" 107 | create: yes 108 | regexp: 'ADDRESS0.*' 109 | line: 'ADDRESS0={{ CLIENT_NET }}' 110 | when: 111 | - inventory_hostname != ec2vpn[0].pub_ip 112 | 113 | - name: Add route to /etc/sysconfig/network-scripts/route-eth0 part2 114 | lineinfile: 115 | dest: "/etc/sysconfig/network-scripts/route-eth0" 116 | regexp: 'NETMASK0.*' 117 | line: 'NETMASK0={{ CLIENT_MASK }}' 118 | when: 119 | - inventory_hostname != ec2vpn[0].pub_ip 120 | 121 | - name: Add route to /etc/sysconfig/network-scripts/route-eth0 part3 122 | lineinfile: 123 | dest: "/etc/sysconfig/network-scripts/route-eth0" 124 | regexp: 'GATEWAY0.*' 125 | line: 'GATEWAY0={{ AWS_VPN_PRV_IP }}' 126 | when: 127 | - inventory_hostname != ec2vpn[0].pub_ip 128 | 129 | - name: Add route to /etc/sysconfig/network-scripts/route-eth0 part4 130 | lineinfile: 131 | dest: "/etc/sysconfig/network-scripts/route-eth0" 132 | create: yes 133 | regexp: 'ADDRESS1.*' 134 | line: 'ADDRESS1={{ SERVER_NET }}' 135 | when: 136 | - inventory_hostname != ec2vpn[0].pub_ip 137 | 138 | - name: Add route to /etc/sysconfig/network-scripts/route-eth0 part5 139 | lineinfile: 140 | dest: "/etc/sysconfig/network-scripts/route-eth0" 141 | regexp: 'NETMASK1.*' 142 | line: 'NETMASK1={{ SERVER_MASK }}' 143 | when: 144 | - inventory_hostname != ec2vpn[0].pub_ip 145 | 146 | - name: Add route to /etc/sysconfig/network-scripts/route-eth0 part6 147 | lineinfile: 148 | dest: "/etc/sysconfig/network-scripts/route-eth0" 149 | regexp: 'GATEWAY1.*' 150 | line: 'GATEWAY1={{ AWS_VPN_PRV_IP }}' 151 | when: 152 | - inventory_hostname != ec2vpn[0].pub_ip 153 | 154 | -------------------------------------------------------------------------------- /LSF_On_AWS/roles/prepare-ec2-servers/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | #----------------------------------- 3 | # Copyright IBM Corp. 1992, 2017. All rights reserved. 4 | # US Government Users Restricted Rights - Use, duplication or disclosure 5 | # restricted by GSA ADP Schedule Contract with IBM Corp. 6 | #----------------------------------- 7 | 8 | # Load AWS variables 9 | - include_vars: "{{ RC_PLAY_TOP }}/AWS/AWS-config.yml" 10 | 11 | # Load Inventory file for VPN 12 | - include_vars: "{{ RC_PLAY_TOP }}/inventory_ec2.yml" 13 | 14 | - include: update-env-files.yml 15 | 16 | - include: configure-ec2-servers.yml 17 | -------------------------------------------------------------------------------- /LSF_On_AWS/roles/prepare-ec2-servers/tasks/update-env-files.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # ----------------------------------- 3 | # Copyright IBM Corp. 1992, 2018. All rights reserved. 4 | # US Government Users Restricted Rights - Use, duplication or disclosure 5 | # restricted by GSA ADP Schedule Contract with IBM Corp. 6 | # ----------------------------------- 7 | 8 | - name: Copy the generated authentication files to the Cloud machine 9 | copy: 10 | src: "{{ RC_PLAY_TOP }}/files/{{ item.src }}" 11 | dest: "/etc/{{ item.dest }}" 12 | with_items: 13 | - { src: 'passwd', dest: 'passwd.append' } 14 | - { src: 'group', dest: 'group.append' } 15 | - { src: 'shadow', dest: 'shadow.append' } 16 | - { src: 'hosts', dest: 'hosts.append' } 17 | 18 | - name: Update the authentication files 19 | shell: cat "{{ item.src }}" >> "{{ item.dest }}" 20 | args: 21 | warn: False 22 | chdir: /etc 23 | creates: /etc/.passwd.updated 24 | with_items: 25 | - { src: 'passwd.append', dest: 'passwd' } 26 | - { src: 'group.append', dest: 'group' } 27 | - { src: 'shadow.append', dest: 'shadow' } 28 | - { src: 'hosts.append', dest: 'hosts' } 29 | - { src: 'passwd.append', dest: '.passwd.updated' } 30 | 31 | -------------------------------------------------------------------------------- /LSF_On_AWS/roles/reconfig-lsf-master/tasks/config-lsf-master-multi-cluster.yml: -------------------------------------------------------------------------------- 1 | 2 | --- 3 | # ----------------------------------- 4 | # Copyright IBM Corp. 1992, 2018. All rights reserved. 5 | # US Government Users Restricted Rights - Use, duplication or disclosure 6 | # restricted by GSA ADP Schedule Contract with IBM Corp. 7 | # ----------------------------------- 8 | 9 | # Modify the LSF lsf.shared file 10 | - name: Update lsf.shared to add Servers 11 | lineinfile: 12 | dest: "{{ LSF_CONF_DIR }}/lsf.shared" 13 | backrefs: yes 14 | state: present 15 | regexp: '^ClusterName.*' 16 | line: 'ClusterName Servers # Keyword' 17 | backup: yes 18 | 19 | - name: Update on-premise cluster info with master host name in lsf.shared 20 | lineinfile: 21 | dest: "{{ LSF_CONF_DIR }}/lsf.shared" 22 | state: present 23 | backrefs: yes 24 | regexp: "^{{ LOCAL_LSF_CLUSTER_NAME }}.*" 25 | line: '{{ LOCAL_LSF_CLUSTER_NAME }} {{ groups.LSF_Masters[0] }}' 26 | backup: yes 27 | 28 | - name: Append on-cloud cluster info into lsf.shared 29 | lineinfile: 30 | dest: "{{ LSF_CONF_DIR }}/lsf.shared" 31 | state: present 32 | backup: yes 33 | insertbefore: "^End Cluster.*" 34 | line: '{{ CLOUD_LSF_CLUSTER_NAME | default("myCloudCluster") }} {{ ec2servers[0].prv_name}}' 35 | 36 | - name: Update LSF cluster file 37 | lineinfile: 38 | dest: "{{ LSF_CONF_DIR }}/lsf.cluster.{{ LOCAL_LSF_CLUSTER_NAME }}" 39 | state: present 40 | insertafter: "^Begin Parameters.*" 41 | backup: yes 42 | line: "PRODUCTS=LSF_Make LSF_Base LSF_Manager LSF_MultiCluster" 43 | 44 | #update lsb.queue to add receive request queue 45 | - name: Update the lsb.queue file 46 | blockinfile: 47 | dest: "{{ LSF_CONF_DIR }}/lsbatch/{{ LOCAL_LSF_CLUSTER_NAME }}/configdir/lsb.queues" 48 | backup: yes 49 | block: | 50 | Begin Queue 51 | QUEUE_NAME = send2cloud 52 | SNDJOBS_TO = recOnprem@{{ CLOUD_LSF_CLUSTER_NAME }} 53 | PRIORITY = 40 54 | DESCRIPTION = Sample Queue for send cluster request to cloud 55 | End Queue 56 | 57 | - name: Clear the hosts file 58 | shell: grep -v "{{ SERVER_IP }}" hosts > hosts.WRK ; mv hosts.WRK hosts 59 | args: 60 | chdir "{{ LSF_CONF_DIR }}" 61 | 62 | - name: Create a host file 63 | template: 64 | src: ../../../template/hosts-lsf.j2 65 | dest: "{{ LSF_CONF_DIR }}/hosts" 66 | follow: yes 67 | 68 | - name: Copy LSF host file to a common location 69 | copy: 70 | src: "{{ LSF_CONF_DIR }}/hosts" 71 | dest: "{{ RC_PLAY_TOP }}/files/hosts-lsf" 72 | follow: yes 73 | 74 | - name: Archive the playbook for provisoning lsf servers 75 | shell: tar cvf deploy-lsf-server.tar Storage-config.yml inventory_ec2servers.yml inventory_ec2.yml make-lsf-server.yml lsf-inventory roles/ group_vars/ template/ AWS/ 76 | # shell: tar cvf deploy-lsf-server.tar Storage-config.yml inventory_ec2servers.yml make-lsf-server.yml lsf-inventory roles/ group_vars/ template/ AWS/ 77 | args: 78 | chdir: "{{ RC_PLAY_TOP }}" 79 | 80 | 81 | -------------------------------------------------------------------------------- /LSF_On_AWS/roles/reconfig-lsf-master/tasks/config-lsf-master.yml: -------------------------------------------------------------------------------- 1 | --- 2 | #----------------------------------- 3 | # Copyright IBM Corp. 1992, 2017. All rights reserved. 4 | # US Government Users Restricted Rights - Use, duplication or disclosure 5 | # restricted by GSA ADP Schedule Contract with IBM Corp. 6 | #----------------------------------- 7 | 8 | #- name: Update the lsb.modules file 9 | # lineinfile: 10 | # dest: "{{ LSF_CONF_DIR }}/lsbatch/{{ LOCAL_LSF_CLUSTER_NAME | default('myCluster') }}/configdir/lsb.modules" 11 | # backup: yes 12 | # backrefs: yes 13 | # regexp: '^#(schmod_demand.*)' 14 | # line: '\1' 15 | 16 | - name: Update the lsb.queue file 17 | blockinfile: 18 | dest: "{{ LSF_CONF_DIR }}/lsbatch/{{ LOCAL_LSF_CLUSTER_NAME | default('myCluster') }}/configdir/lsb.queues" 19 | backup: yes 20 | block: | 21 | Begin Queue 22 | QUEUE_NAME = awsexample 23 | PRIORITY = 30 24 | RERUNNABLE = Y 25 | RES_REQ = awshost 26 | INTERACTIVE = NO 27 | DESCRIPTION = Sample Queue for running jobs on AWS 28 | End Queue 29 | 30 | - name: Update lsf.shared 31 | lineinfile: 32 | dest: "{{ LSF_CONF_DIR }}/lsf.shared" 33 | backrefs: yes 34 | regexp: '^#.*(awshost.*)' 35 | line: ' \1' 36 | backup: yes 37 | 38 | - name: Update LSF cluster file 39 | lineinfile: 40 | dest: "{{ LSF_CONF_DIR }}/lsf.cluster.{{ LOCAL_LSF_CLUSTER_NAME | default('myCluster') }}" 41 | state: present 42 | insertafter: "^Begin Parameters.*" 43 | backup: yes 44 | line: "LSF_HOST_ADDR_RANGE=*.*.*.*" 45 | 46 | #- name: Update LSF lsf.conf add LSB_RC_EXTERNAL_HOST_FLAG 47 | # lineinfile: 48 | # dest: "{{ LSF_CONF_DIR }}/lsf.conf" 49 | # state: present 50 | # line: "LSB_RC_EXTERNAL_HOST_FLAG=awshost" 51 | # backup: yes 52 | 53 | - name: Update LSF lsf.conf add ENABLE_DYNAMIC_HOSTS 54 | lineinfile: 55 | dest: "{{ LSF_CONF_DIR }}/lsf.conf" 56 | state: present 57 | line: "ENABLE_DYNAMIC_HOSTS=Y" 58 | 59 | - name: Update LSF lsf.conf add LSF_REG_FLOAT_HOSTS 60 | lineinfile: 61 | dest: "{{ LSF_CONF_DIR }}/lsf.conf" 62 | state: present 63 | line: "LSF_REG_FLOAT_HOSTS=Y" 64 | 65 | - name: Update LSF lsf.conf add LSF_DYNAMIC_HOST_WAIT_TIME 66 | lineinfile: 67 | dest: "{{ LSF_CONF_DIR }}/lsf.conf" 68 | state: present 69 | line: "LSF_DYNAMIC_HOST_WAIT_TIME=2" 70 | 71 | - name: Gather LSF_MASTER_LIST 72 | shell: egrep "^LSF_MASTER_LIST" "{{ LSF_CONF_DIR }}/lsf.conf" 73 | register: LSFMasters 74 | ignore_errors: True 75 | tags: mdebug 76 | 77 | - name: Set LSF_MASTER_LIST 78 | set_fact: 79 | LSF_MASTER_LIST: "{{ LSFMasters.stdout_lines[0] }}" 80 | tags: mdebug 81 | 82 | - name: Display varaibles 83 | debug: 84 | msg: "LSFMasters.stdout_lines[0] = {{ LSFMasters.stdout_lines[0] }} \n LSF_MASTER_LIST = {{ hostvars[groups.LSF_Masters[0]]['LSF_MASTER_LIST'] }}" 85 | tags: mdebug 86 | 87 | - name: Gather LSF_SERVER_HOSTS 88 | shell: egrep "^LSF_SERVER_HOSTS" "{{ LSF_CONF_DIR }}/lsf.conf" 89 | register: LSFServers 90 | ignore_errors: True 91 | # Reference with: LSF_SERVER_HOSTS_OUT.stdout_lines[0] 92 | 93 | - name: Set LSF_SERVER_HOSTS 94 | set_fact: 95 | LSF_SERVER_HOSTS: "{{ LSFServers.stdout_lines[0] }}" 96 | 97 | - name: Gather EGO_MASTER_LIST 98 | shell: egrep "^EGO_MASTER_LIST" "{{ LSF_CONF_DIR }}/ego/{{ LOCAL_LSF_CLUSTER_NAME | default('myCluster') }}/kernel/ego.conf" 99 | register: EGOMasters 100 | ignore_errors: True 101 | 102 | - name: Set EGO_MASTER_LIST 103 | set_fact: 104 | EGO_MASTER_LIST: "{{ EGOMasters.stdout_lines[0] }}" 105 | 106 | - name: Clear the hosts file 107 | shell: grep -v "{{ SERVER_IP }}" hosts > hosts.WRK ; mv hosts.WRK hosts 108 | args: 109 | chdir "{{ LSF_CONF_DIR }}" 110 | ignore_errors: True 111 | 112 | - name: Clear the hostcache 113 | shell: grep -v awshost hostcache > hostcache.WRK ; mv hostcache.WRK hostcache ; chown lsfadmin hostcache 114 | args: 115 | chdir: "{{ LSF_WORK_DIR }}/{{ LOCAL_LSF_CLUSTER_NAME }}/ego/lim" 116 | ignore_errors: True 117 | 118 | - name: Dump variables for debugging 119 | template: 120 | src: "{{ RC_PLAY_TOP }}/template/dumpall.j2" 121 | dest: /tmp/ansible-lsf 122 | when: Debug_Tasks == true 123 | 124 | - name: Create a host file 125 | template: 126 | src: "{{ RC_PLAY_TOP }}/template/hosts-lsf.j2" 127 | dest: "{{ LSF_CONF_DIR }}/hosts" 128 | follow: yes 129 | 130 | - name: Copy LSF host file to a common location 131 | copy: 132 | src: "{{ LSF_CONF_DIR }}/hosts" 133 | dest: "{{ RC_PLAY_TOP }}/files/hosts-lsf" 134 | follow: yes 135 | -------------------------------------------------------------------------------- /LSF_On_AWS/roles/reconfig-lsf-master/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | #----------------------------------- 3 | # Copyright IBM Corp. 1992, 2017. All rights reserved. 4 | # US Government Users Restricted Rights - Use, duplication or disclosure 5 | # restricted by GSA ADP Schedule Contract with IBM Corp. 6 | #----------------------------------- 7 | 8 | # Load AWS variables 9 | - include_vars: "{{ RC_PLAY_TOP }}/AWS/AWS-config.yml" 10 | 11 | # The LSF master will have the client side VPN 12 | - include: config-lsf-master.yml 13 | when: 14 | - hybrid_cluster is defined 15 | - hybrid_cluster == true 16 | 17 | - include: config-lsf-master-multi-cluster.yml 18 | when: 19 | - multi_cluster is defined 20 | - multi_cluster == true 21 | 22 | - include: restart-lsf.yml 23 | -------------------------------------------------------------------------------- /LSF_On_AWS/roles/reconfig-lsf-master/tasks/restart-lsf.yml: -------------------------------------------------------------------------------- 1 | --- 2 | #----------------------------------- 3 | # Copyright IBM Corp. 1992, 2017. All rights reserved. 4 | # US Government Users Restricted Rights - Use, duplication or disclosure 5 | # restricted by GSA ADP Schedule Contract with IBM Corp. 6 | #----------------------------------- 7 | 8 | - name: Restart LSF daemons 9 | systemd: 10 | name: lsfd 11 | state: restarted 12 | -------------------------------------------------------------------------------- /LSF_On_AWS/roles/update-remote-env/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # ----------------------------------- 3 | # Copyright IBM Corp. 1992, 2018. All rights reserved. 4 | # US Government Users Restricted Rights - Use, duplication or disclosure 5 | # restricted by GSA ADP Schedule Contract with IBM Corp. 6 | # ----------------------------------- 7 | 8 | # Merge the Environment files 9 | - include: update-env-files.yml 10 | -------------------------------------------------------------------------------- /LSF_On_AWS/roles/update-remote-env/tasks/update-env-files.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # ----------------------------------- 3 | # Copyright IBM Corp. 1992, 2018. All rights reserved. 4 | # US Government Users Restricted Rights - Use, duplication or disclosure 5 | # restricted by GSA ADP Schedule Contract with IBM Corp. 6 | # ----------------------------------- 7 | 8 | - name: Copy files to Cloud and merge 9 | debug: 10 | msg: "Start..." 11 | 12 | - name: Copy the generated files to the Cloud machine 13 | copy: 14 | src: "{{ RC_PLAY_TOP }}/files/{{ item.src }}" 15 | dest: "/etc/{{ item.dest }}" 16 | with_items: 17 | - { src: 'passwd', dest: 'passwd.append' } 18 | - { src: 'group', dest: 'group.append' } 19 | - { src: 'shadow', dest: 'shadow.append' } 20 | - { src: 'hosts', dest: 'hosts.append' } 21 | 22 | - name: Update the authentication files 23 | shell: cat "{{ item.src }}" >> "{{ item.dest }}" 24 | args: 25 | warn: False 26 | chdir: /etc 27 | creates: /etc/.passwd.updated 28 | with_items: 29 | - { src: 'passwd.append', dest: 'passwd' } 30 | - { src: 'group.append', dest: 'group' } 31 | - { src: 'shadow.append', dest: 'shadow' } 32 | - { src: 'hosts.append', dest: 'hosts' } 33 | - { src: 'passwd.append', dest: '.passwd.updated' } 34 | 35 | - name: Finished Updating Authentication files from the Deployer 36 | debug: 37 | msg: "Done..." 38 | -------------------------------------------------------------------------------- /LSF_On_AWS/template/dumpall.j2: -------------------------------------------------------------------------------- 1 | Module Variables ("vars"): 2 | ---------------------------------------------------------------------- 3 | {{ vars | to_nice_json }} 4 | 5 | 6 | 7 | Environment Variables ("environment"): 8 | ----------------------------------------------------------------------- 9 | {{ environment | to_nice_json }} 10 | 11 | 12 | 13 | GROUP NAMES Variables ("group_names"): 14 | --------------------------------------------------------------------- 15 | {{ group_names | to_nice_json }} 16 | 17 | 18 | 19 | GROUPS Variables ("groups"): 20 | --------------------------------------------------------------------- 21 | {{ groups | to_nice_json }} 22 | 23 | 24 | 25 | HOST Variables ("hostvars"): 26 | --------------------------------------------------------------------- 27 | {{ hostvars | to_nice_json }} 28 | -------------------------------------------------------------------------------- /LSF_On_AWS/template/fstab.j2: -------------------------------------------------------------------------------- 1 | # These are fstab entries compiled from the Storage-config.yml 2 | {% if sharedir is defined %} 3 | {% for i in sharedir %} 4 | {% set exprt=i.export %} 5 | {% set mount=i.mountpnt %} 6 | {% set type=i.type %} 7 | {% set fsargs=i.args %} 8 | {{ exprt }} {{ mount }} {{ type }} {{ fsargs }} 0 0 9 | {{ '' }} 10 | {%- endfor %} 11 | {% endif %} 12 | -------------------------------------------------------------------------------- /LSF_On_AWS/template/hosts-lsf.j2: -------------------------------------------------------------------------------- 1 | # This is the LSF Hosts file 2 | # It is generated by the Step6-install-LSF.yml playbook 3 | # 4 | {% for i in groups.ec2servers %} 5 | {% set hv = hostvars[i] %} 6 | {% set nlist = hv.prv_name.split('.') %} 7 | {{ hv.prv_ip }} {{ nlist[0] }} {{ hv.prv_name }} 8 | {% if hv.isvpn == 'yes' %} 9 | {{ '#' }} {{ nlist[0] }} is the VPN node 10 | {{ SERVER_IP }} {{ nlist[0] }} 11 | {% endif %} 12 | {%- endfor %} 13 | 14 | # LSF Master 15 | {% for i in ansible_interfaces %} 16 | {% set j = i.replace("-", "_") %} 17 | {% set iface = vars.__getitem__('ansible_' + j) %} 18 | {% if iface.device != 'lo' %} 19 | {% if iface.device != 'docker0' %} 20 | {% if iface.active %} 21 | {% if iface.ipv4 is defined %} 22 | {{ iface.ipv4.address }} {{ ansible_fqdn }} {{ ansible_hostname }} # {{ iface.device }} 23 | {% endif %} 24 | {% endif %} 25 | {% endif %} 26 | {% endif %} 27 | {%- endfor %} 28 | -------------------------------------------------------------------------------- /LSF_On_AWS/template/hosts.j2: -------------------------------------------------------------------------------- 1 | # EC2 hosts 2 | # Generated file. Do not edit (unless you know what you are doing) ;) 3 | 4 | {% if ec2vpn is defined and ( use_vpn == 'y' or use_vpn == 'Y') %} 5 | {% set vname = ec2vpn[0].prv_name %} 6 | {% set vlist = vname.split('.') %} 7 | {{ ec2vpn[0].prv_ip }} {{ vlist[0] }} {{ ec2vpn[0].prv_name }} 8 | {% endif %} 9 | {% if newec2servers and newec2servers.instances %} 10 | {% for i in newec2servers.instances %} 11 | {% set hv = i.private_dns_name %} 12 | {% set nlist = hv.split('.') %} 13 | {{ '#' }} {{ i.public_ip }} {{ nlist[0] }} {{ i.public_dns_name }} 14 | {{ i.private_ip }} {{ nlist[0] }} {{ i.private_dns_name }} 15 | {%- endfor %} 16 | {% endif %} 17 | -------------------------------------------------------------------------------- /LSF_On_AWS/template/inventory-ec2servers.j2: -------------------------------------------------------------------------------- 1 | --- 2 | # EC2 inventory information 3 | # Generated file. Do not edit (unless you know what you are doing) ;) 4 | 5 | ec2servers: 6 | {% set list1 = [] %} 7 | {% if ec2vpn is defined and ( use_vpn == 'y' or use_vpn == 'Y') %} 8 | {% if list1.append( {"name": ec2vpn[0].name, "pub_ip": ec2vpn[0].pub_ip, "prv_ip": ec2vpn[0].prv_ip, "awsid": ec2vpn[0].awsid, "prv_name": ec2vpn[0].prv_name, "awsvol": ec2vpn[0].awsvol, "isvpn": "yes" } ) %}{% endif %} 9 | {% endif %} 10 | {% if newec2servers and newec2servers.instances %} 11 | {% for i in newec2servers.instances %} 12 | {% set dev=i.block_device_mapping %} 13 | {% set volid=dev['/dev/sda1'].volume_id %} 14 | {% if list1.append( {"name": i.public_dns_name, "pub_ip": i.public_ip, "prv_ip": i.private_ip, "prv_name": i.private_dns_name, "awsid": i.id, "awsvol": volid, "isvpn": "no" } ) %}{% endif %} 15 | {{ list1 | to_yaml }} 16 | {%- endfor %} 17 | {% else %} 18 | {{ list1 | to_yaml }} 19 | {% endif %} 20 | -------------------------------------------------------------------------------- /LSF_On_AWS/template/inventory-ec2vpn.j2: -------------------------------------------------------------------------------- 1 | --- 2 | # EC2 inventory information 3 | # Generated file. Do not edit (unless you know what you are doing) ;) 4 | 5 | ec2vpn: 6 | {% set list1 = [] %} 7 | {% for i in ec2.instances %} 8 | {% set dev=i.block_device_mapping %} 9 | {% set volid=dev['/dev/sda1'].volume_id %} 10 | {% if list1.append( {"name": i.public_dns_name, "pub_ip": i.public_ip, "prv_ip": i.private_ip, "prv_name": i.private_dns_name, "awsid": i.id, "awsvol": volid } ) %}{% endif %} 11 | {{ list1 | to_yaml }} 12 | {%- endfor %} 13 | -------------------------------------------------------------------------------- /LSF_On_AWS/template/iptables: -------------------------------------------------------------------------------- 1 | # sample configuration for iptables service 2 | # you can edit this manually or use system-config-firewall 3 | # please do not ask us to add additional ports/services to this default configuration 4 | *filter 5 | :INPUT ACCEPT [0:0] 6 | :FORWARD ACCEPT [0:0] 7 | :OUTPUT ACCEPT [0:0] 8 | -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT 9 | -A INPUT -p icmp -j ACCEPT 10 | -A INPUT -i lo -j ACCEPT 11 | -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT 12 | -A INPUT -p tcp -m state --state NEW -m tcp --dport 6881 -j ACCEPT 13 | -A INPUT -p tcp -m state --state NEW -m tcp --dport 7869 -j ACCEPT 14 | -A INPUT -p tcp -m state --state NEW -m tcp -s "{{ AWS_VPC_PRV_CIDR }}" --dport 0:65535 -j ACCEPT 15 | -A INPUT -p udp --dport 1194 -j ACCEPT 16 | -A INPUT -p udp --dport 7869 -j ACCEPT 17 | -A INPUT -i tun+ -j ACCEPT 18 | -A INPUT -i eth+ -j ACCEPT 19 | -A INPUT -j REJECT --reject-with icmp-host-prohibited 20 | -A FORWARD -i tun+ -o eth+ -j ACCEPT 21 | -A FORWARD -i eth+ -o tun+ -j ACCEPT 22 | -A FORWARD -j REJECT --reject-with icmp-host-prohibited 23 | COMMIT 24 | 25 | -------------------------------------------------------------------------------- /LSF_On_IBM_Cloud/README.md: -------------------------------------------------------------------------------- 1 | An IBM Spectrum LSF offering is now available as a tile in the IBM Cloud catalog for automated deployment of 2 | Virtual Private Cloud (VPC) HPC clusters and workload management. 3 | 4 | - [Read the announcement](https://www.ibm.com/cloud/blog/announcements/ibm-spectrum-lsf-is-now-available-on-ibm-cloud "Announcement") 5 | - [See the documentation](https://cloud.ibm.com/docs/ibm-spectrum-lsf?topic=ibm-spectrum-lsf-getting-started-tutorial "IBM Cloud LSF Docs") 6 | - [Go to the LSF tile in the Cloud Catalog](https://cloud.ibm.com/catalog/content/terraform-1623200063-71606cab-c6e1-4f95-a47a-2ce541dcbed8-global "LSF Catalog Tile") 7 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | ![Logos](Spectrum_icon.png) 2 | 3 | # LSF Hybrid Cloud Repository 4 | 5 | ## Introduction 6 | IBM® Spectrum LSF (formerly IBM® Platform™ LSF®) is a complete workload management solution for demanding HPC environments. Featuring intelligent, policy-driven scheduling and easy to use interfaces for job and workflow management, it helps organizations to improve competitiveness by accelerating research and design while controlling costs through superior resource utilization. 7 | 8 | The repository contents focuses on how IBM Cloud is making it easy for customers using LSF to migrate their HPC workloads to IBM Cloud using the latest Generation 2 IaaS capabilities. Two use cases are explored: 9 | 1. A complete lift and shift of their on-premise HPC cluster, 10 | 2. A hybrid HPC cluster on-premise with bursting to IBM Cloud on demand. 11 | The scripts in the repository, are provided to ease the pain for a HPC IT Administrator, by making it easy to spin up a HPC Cluster with LSF on IBM Cloud, and also how to establish connectivity with on-premise HPC cluster environment for the bursting scenarios. 12 | 13 | ## Cloud Deployment 14 | - For IBM Cloud, the scripts that formerly resided in this repository have been replaced by links to the LSF Cloud Catalog Tile where you can easily deploy a cluster to your specifications. 15 | - For AWS the repository contains sample code to help you take your on premises LSF cluster and extend it to the cloud. 16 | 17 | Whichever you choose, please follow the documentation for your cloud provider. 18 | 19 | [For IBM Cloud continue here](LSF_On_IBM_Cloud/README.md) 20 | 21 | [For AWS continue here.](LSF_On_AWS/README.md) 22 | 23 | 24 | 25 | *NOTE: This code is provided without support.* 26 | -------------------------------------------------------------------------------- /Spectrum_icon-small.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/IBMSpectrumComputing/lsf-hybrid-cloud/46cce888f0e11031733ad94a9fd36374dff8db4f/Spectrum_icon-small.png -------------------------------------------------------------------------------- /Spectrum_icon.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/IBMSpectrumComputing/lsf-hybrid-cloud/46cce888f0e11031733ad94a9fd36374dff8db4f/Spectrum_icon.png -------------------------------------------------------------------------------- /Symphony_icon.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/IBMSpectrumComputing/lsf-hybrid-cloud/46cce888f0e11031733ad94a9fd36374dff8db4f/Symphony_icon.png --------------------------------------------------------------------------------