Staging xrdp,podman-compose,eessi,apptainer

Author: assumptionsandg

ansible/roles/linux-eessi/README.md

@@ -0,0 +1,34 @@
+EESSI
+=====
+
+Configure the EESSI pilot respository for use on given hosts.
+
+Requirements
+------------
+
+None.
+
+Role Variables
+--------------
+
+- `cvmfs_quota_limit_mb`: Optional int. Maximum size of local package cache on each node in MB.
+- `cvmfs_config_overrides`: Optional dict. Set of key-value pairs for additional CernVM-FS settings see [official docs](https://cvmfs.readthedocs.io/en/stable/cpt-configure.html) for list of options. Each dict key should correspond to a valid config variable (e.g. `CVMFS_HTTP_PROXY`) and the corresponding dict value will be set as the variable value (e.g. `https://my-proxy.com`). These configuration parameters will be written to the `/etc/cvmfs/default.local` config file on each host in the form `KEY=VALUE`.
+
+Dependencies
+------------
+
+None.
+
+Example Playbook
+----------------
+
+```yaml
+- name: Setup EESSI
+  hosts: eessi
+  tags: eessi
+  become: true
+  tasks:
+    - name: Install and configure EESSI
+      import_role:
+        name: eessi
+```

ansible/roles/linux-eessi/defaults/main.yml

@@ -0,0 +1,11 @@
+---
+# Default to 10GB
+cvmfs_quota_limit_mb: "10000"
+
+cvmfs_config_default:
+  CVMFS_CLIENT_PROFILE: "single"
+  CVMFS_QUOTA_LIMIT: "{{ cvmfs_quota_limit_mb }}"
+
+cvmfs_config_overrides: {}
+
+cvmfs_config: "{{ cvmfs_config_default | combine(cvmfs_config_overrides) }}"

ansible/roles/linux-eessi/tasks/main.yml

@@ -0,0 +1,48 @@
+---
+- name: Download CVMFS repo
+  ansible.builtin.get_url:
+    url: https://ecsft.cern.ch/dist/cvmfs/cvmfs-release/cvmfs-release-latest_all.deb
+    dest: '.'
+
+- name: Add CVMFS repo
+  shell: 'dpkg -i cvmfs-release-latest_all.deb'
+
+- name: Update cache
+  shell: 'apt update'
+
+- name: Install CVMFS
+  apt:
+    name: cvmfs
+    update_cache: true
+
+- name: Download EESSI CVMFS config
+  ansible.builtin.get_url:
+    url: https://github.com/EESSI/filesystem-layer/releases/download/latest/cvmfs-config-eessi_latest_all.deb
+    dest: '.'
+
+- name: Install EESSI CVMFS config
+  shell: 'dpkg -i cvmfs-config-eessi_latest_all.deb'
+
+# Alternative version using official repo - still no GPG key :(
+# - name: Add EESSI repo
+#   dnf: 
+#     name: http://repo.eessi-infra.org/eessi/rhel/8/noarch/eessi-release-0-1.noarch.rpm
+
+# - name: Install EESSI CVMFS config
+#   dnf:
+#     name: cvmfs-config-eessi
+
+- name: Add base CVMFS config
+  community.general.ini_file:
+    dest: /etc/cvmfs/default.local
+    option: "{{ item.key }}"
+    value: "{{ item.value }}"
+    section: "null"
+    no_extra_spaces: true
+  loop: "{{ cvmfs_config | dict2items }}"
+    
+
+# NOTE: Not clear how to make this idempotent
+- name: Ensure CVMFS config is setup
+  command:
+    cmd: "cvmfs_config setup"

ansible/roles/linux-webconsole/files/guacamole-playbook.yml

@@ -40,54 +40,23 @@
         key: "{{ guacamole_ssh_public_key }}"
 
     - block:
-        - name: Generate VNC password for Guacamole
+        - name: Generate password for Guacamole
           set_fact:
-            guacamole_vnc_password: "{{ lookup('community.general.random_string', length = 16, override_special = special_chars) }}"
+            guacamole_password: "{{ lookup('community.general.random_string', length = 16, override_special = special_chars) }}"
           vars:
             # Even though this string is within a CDATA tag, there's very small chance of
             # generating ]]>, which will still break XML. Therefore remove ">" from special
             # characters.
             special_chars: '!"#$%&()*+,-./:;<=?@[\]^_`{|}~'
 
-        - block:
-          - name: Get Guacamole user info
-            getent:
-              database: passwd
-              key: "{{ guacamole_user }}"
-
-          - name: Set Guacamole user home directory
-            set_fact:
-              guacamole_user_home: "{{ ansible_facts.getent_passwd[guacamole_user][4] }}"
-
-          - name: Generate VNC password
-            command: vncpasswd -f
-            args:
-              stdin: "{{ guacamole_vnc_password }}"
-            register: vncpassword
-
-          - name: Create VNC directory
-            file:
-              state: directory
-              path: "{{ guacamole_user_home }}/.vnc"
-              owner: "{{ guacamole_user }}"
-              group: "{{ guacamole_user }}"
-              mode: "0775"
-
-          - name: Create VNC password file
-            copy:
-              content: "{{ vncpassword.stdout }}"
-              dest: "{{ guacamole_user_home }}/.vnc/passwd"
-              owner: "{{ guacamole_user }}"
-              group: "{{ guacamole_user }}"
-              mode: "0600"
-          become: yes
-          become_user: "{{ guacamole_user }}"
-
-        - name: Start and enable VNC server
-          service:
-            name: vncserver@:1.service
-            state: started
-            enabled: yes
+        - name: Configure default user
+          ansible.builtin.user:
+            name: "{{ guacamole_user }}"
+            state: present
+            password: "{{ guacamole_password | password_hash('sha512') }}"
+            append: true
+            groups: ssl-cert
+          become: true
       when: desktop_enabled
 
     - name: Write Guacamole user mapping file
@@ -105,12 +74,11 @@
                   </connection>
           {% if desktop_enabled %}
                   <connection name="desktop">
-                      <protocol>vnc</protocol>
+                      <protocol>rdp</protocol>
                       <param name="hostname">{{ ansible_default_ipv4.address }}</param>
-                      <param name="port">5901</param>
-                      <param name="autoretry">3</param>
+                      <param name="port">3389</param>
                       <param name="username">{{ guacamole_user }}</param>
-                      <param name="password"><![CDATA[{{ guacamole_vnc_password }}]]></param>
+                      <param name="password"><![CDATA[{{ guacamole_password }}]]></param>
                   </connection>
           {% endif %}
               </authorize>

ansible/roles/linux-webconsole/files/vnc_server/restart.conf

@@ -38,16 +38,42 @@
 
 - block:
     - include_tasks: desktop.yml
-    - include_tasks: vnc_server.yml
   when: desktop_enabled is defined and desktop_enabled
 
+- name: Install xrdp
+  apt:
+    name: xrdp
+    state: present
+  when: ansible_os_family == "Debian"
+
+- name: Install dbus-x11 package
+  apt:
+    name: dbus-x11
+    state: present
+  when: ansible_os_family == "Debian"
+
 - include_role:
     name: linux-ansible-init
 
 - include_role: 
     name: linux-podman
     tasks_from: install.yml
 
+- name: Install podman-compose
+  pip:
+    name: podman-compose
+    state: present
+  
+- name: Add apptainer repository
+  apt_repository:
+    repo: 'ppa:apptainer/ppa'
+    update_cache: true
+
+- name: Install apptainer
+  apt:
+    name: apptainer
+    state: present
+
 - include_role:
     name: linux-data-volumes
   vars:
@@ -63,6 +89,9 @@
         owner: ubuntu
         group: ubuntu
 
+- include_role:
+    name: linux-eessi
+
 - include_role:
     name: linux-guacamole