diff --git a/README.md b/README.md index 7f92204..40e7841 100644 --- a/README.md +++ b/README.md @@ -1,11 +1,112 @@ -## My Project +

ParallelCluster post-install samples

+This repository gather some **ParallelCluster** post-install samples for common HPC-related operations. +
Primary ParallelCluster script sets the environment and launches secondary scripts according to their naming convention. +
All those scripts are meant to be stored on an S3 bucket. See more details in the Requirements section below. -TODO: Fill this README out! - -Be sure to: - -* Change the title in this README -* Edit your repository description on GitHub +At the moment we are including: +1. *01.install.enginframe.master.sh* +
Secondary script installing EnginFrame +2. *02.install.dcv.broker.master.sh* +
Secondary script installing DCV Session Manager Broker +

Overview

+I’ll add the following 2 options to my ParallelCluster configuration file:
+
post_install = s3://<bucket>/<bucket key>/scripts/post.install.sh
post_install_args = '<bucket> <bucket key> <efadmin password (optional)>'
+The first one, post_install, specifies a Bash script stored on Amazon S3 as ParallelCluster post-install option. This is my main script that will run secondary scripts for EnginFrame and DCV Session Manager broker respectively.
+
+The second parameter, post_install_args, passes a set of arguments to the above script:
+
Secondary script will get those arguments, detect all the other information required and proceed with the installation of the 2 components on ParallelCluster master host.
+
+EnginFrame and DCV Session Manager Broker secondary scripts are separated, so you can potentially install just one of them.
+
+
Note: This procedure has been tested with EnginFrame version 2020.0 and DCV Session Manager Broker version 2020.2. With easy modifications, though, it can work with previous versions, just mind to add the license management.
+

Walktrough

+

Requirements

+To perform a successful installation of EnginFrame and DCV Sesssion Manager broker, you’ll need:
+
Note: neither EnginFrame 2020 or DCV Session Manager Broker need a license if running on EC2 instances. For more details please refer to their documentation.
+

Step 1. Review and customize post-install scripts

+GitHub code repository for this article contains 3 main scripts:
+
Secondary scripts follow this naming convention: they start with a number that will set their execution order, then they describe their purpose, and finally define the node type in which they should be executed (master or compute) as a last argument, just before the extension, e.g.:
+
01.install.enginframe.master.sh
|  |                  |      |     
|  |                  |      file extension
|  purpose            |
|                     to be run on master or compute nodes
execution order
+While main post-install script post.install.sh just sets environment variables and launches secondary scripts, you might want to check the secondary ones: 01.install.enginframe.master.sh installing EnginFrame and 02.install.dcv.broker.master.sh installing DCV Session Manager Broker.
+
+Crucial parameters are set in ParallelCluster configuration file, and some EnginFrame settings are defined into efinstall.config file. All these files should be checked to reflect what you have in mind.
+
+You can also add further custom scripts, in the same folder, following the naming convention stated above. An example could be installing an HPC application locally on a compute node, or in the master shared folder.
+
+Each script sources /etc/parallelcluster/cfnconfig to get the required information about current cluster settings, AWS resources involved and node type. Specifically, cfnconfig defines 
+
Note: More details on each scripts are provided in Post-install scripts details section following the Walktrough.
+

Step 2. Prepare your S3 bucket 

+I create an S3 Bucket e.g. mys3bucket, with the following structure and contents in a prefix of choice (Packages names and version numbers may vary):
+
packages
├── NICE-GPG-KEY.conf
├── efinstall.config
├── enginframe-2020.0-r58.jar
└── nice-dcv-session-manager-broker-2020.2.78-1.el7.noarch.rpm
scripts
├── 01.install.enginframe.master.sh
├── 02.install.dcv.broker.master.sh
└── post.install.sh
+

Step 3. Modify or create your ParallelCluster configuration file

+As mentioned, the only settings required by my scripts are the following in the [cluster] section:  post_install, post_install_args and s3_read_resource:
+
post_install = s3://<bucket>/<bucket key>/scripts/post.install.sh
post_install_args = '<bucket> <bucket key> <efadmin password (optional)>'
s3_read_resource = arn:aws:s3:::<bucket>/<bucket key>/*
+The post.install.sh main script is set as the post_install option value, with its S3 full path, and provided arguments:
+a) bucket name 
+b) bucket folder/key location
+c) efadmin user (primary EnginFrame administrator) password
+all separated by space. All post install arguments must be enclosed in a single pair of single quotes, as in the example code.
+Finally, the s3_read_resource option grants the master access to the same S3 location to download secondary scripts: first one installing EnginFrame (01.install.enginframe.master.sh) and second one installing DCV Session Manager broker (02.install.dcv.broker.master.sh).
+
+
Note: you may wish to associate a custom role to the ParallelCluster master instead of using the s3_read_resource option.
+
+
Note: ParallelCluster documentation suggests to use double quotes for post_install_args. This is not working with the last version of parallelcluster available when writing this article, so I’m using single quotes. This is under fixing and will probably change in near future.
+
+A configuration file sample is provided under the parallelcuster folder of the github repository.
+

Step 4. Create ParallelCluster

+You can now start ParallelCluster creation with your preferred invocation command, e.g.:
+
pcluster create --norollback --config parallelcluster/config.sample PC291
+
Hint: when testing it’s probably better to disable rollback like in the above command line: this will allow you to connect via ssh to the Master instance to diagnose problems if something with the post-install scripts went wrong.
+

Cleaning up

+To avoid incurring future charges, delete idle ParallelCluster instances via its delete command:
+
pcluster delete --config parallelcluster/config.sample PC291
+

Post-install scripts details

+In this section I’ll list some more details on the scripts logic. This could be a starting point in customizing, evolving or adding more secondary scripts to the solution. For example, you might want to add a further script to automatically install an HPC application into ParallelCluster master node.
+

Main post.install.sh

+Post-install script post.install.sh goes through the following steps:
+

EnginFrame

+Provided script 01.install.enginframe.sh performs the following steps:
+

DCV Session Manager Broker

+Provided script 02.install.dcv.broker.master.sh performs the following steps:
+
Optionally, if EnginFrame is installed, it:
+

Troubleshooting

+Detailed output log is available on the master node, in:
+
You can reach it via ssh, after getting the master node IP address from AWS Console → EC2 → Instances and looking for an instance named Master.
## Security diff --git a/packages/NICE-GPG-KEY.conf b/packages/NICE-GPG-KEY.conf new file mode 100644 index 0000000..6de3bb7 --- /dev/null +++ b/packages/NICE-GPG-KEY.conf @@ -0,0 +1,30 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQENBFnObokBCAColwxCCvgj2KniCq4pqh9REGj6CjaOUYcUFSlf+eCwcNhaUWAx ++49rkkEWtcc/uJEE4ZL+q+r3imoH8KHFr8HBsi10xktPohxdhvKtEcG9EZIFH1zC +xmTZCab7jrz54rZvc1+tGlmjhQLIQSVros7Sfq6ufNPz/eCj1wTU5o9JIrie87sG +rciY408EOfHstJOE8Esa24IDJg+/dF/CxoAi77cKadqNNWq4z1rzF8ngJPLybbaS +GxYnIbLr+0hq8Orlb/jQIenrlYSJrKQPVuPRwA7JUpxwNWCnjh32vC9/pjTXh0W5 +FXLy2PsJClXnzSNIaqHdgs6rJZjep55EtrZ9ABEBAAG0J05JQ0Ugcy5yLmwuIDxz +dXBwb3J0QG5pY2Utc29mdHdhcmUuY29tPokBVAQTAQgAPgIbAwULCQgHAgYVCAkK +CwIEFgIDAQIeAQIXgBYhBFue68hkRJcB9s5WahG1xwoXDGEUBQJdlNmuBQkHiNIl +AAoJEBG1xwoXDGEUjiMIAJmovoF25GX5YaPJ/gs9AC0gMgai+6YJPPHEG0Bj7A8p +3fH1pxXhU81obLdlr2gdc+YeOR6/9z7bdIjE+rVcR/iV2pUXXSYrEjfhgXE+HObI +v2hvP5BeeSwRdMpBt3nNigFCJbej6ZLOupOL5dhtV1qaNVdvGUkM90bH8Lz4JFBj +bpJgyp2LIivQ+MyvjO3xCA3J6XXn+Kfk6Fn5tlJVuHn51fUF6oWeKOe2nMSN8aVZ +zPh9tOiX7RQUV1SH/Xupxk+LLhopboC2LOlXPhw0KNpOii+9xiR2gkfSqSfIrn/T +W/zi7oIfbsYkkKhhXPpAmEEsl1PPZFD0YGaFlUkQt925AQ0EWc5uiQEIALKIH9li +yci5tXotIX5/NjWSCcLONq8TjYOlEjZvSKE4MCy6acaYTeaJBDXdJxOB+hosqzMv +NCRv2K+D3YPteJ43LpjdBm9ixJ672N4KoKelcvPKl4A5vF66pr2VQ+0hWt0Gthv8 +HCvvbogeVJ0GE57QKNFVjji2pqkSvW9/znDjlW2qNUP560i72fPVUmyt2iFzlccH +rfI8FPHe99CeTcpSzCpz4fSj2MlB9OpazdlycUyegiiGqaORWs3vF1/FtcryNM4d +wgjdXoAH5mFR1+VRhXjxHP19akexxM6XNRSIGz0qlH4iMY6ueBFtLJ+1b4Klxk5S +St/6TCyqCnUiue0AEQEAAYkBJQQYAQgADwUCWc5uiQIbDAUJA8JnAAAKCRARtccK +FwxhFIn0B/9dBTEExe2BdwbNsxukAOHteGTSKmztw9tXaY9A8ePmOxMw+cEvX+NV +5cpOmvHPH0uhS3VF7gDSR0+IP7cIj7oIhm4MrJA5yJQK1Hm/Izb0uUTF+oLMNrUg +kkDyeWlm4KiCjJ4WQvGRF1Vp++ThVWMuPsTEIQqKMfo9EJlDaC5meKPeMdezzj0I +iJ3y8lCVfm6uUHQMUDtdfskH751N6Lv/hMNzwe0NvGf4LjV2KPHuJgQQcNPr8l3Q +Y+kQ8ph3ESAnF0S/CUJAGqGI/AqXzcS+28Bxn2Q0Af1/ut+1fhxBcyKzebnTPsik +icLIoKPXsqZPBQ74FNNAasQckkXwpHjB +=ZEVD +-----END PGP PUBLIC KEY BLOCK----- diff --git a/packages/efinstall.config b/packages/efinstall.config new file mode 100644 index 0000000..59b9963 --- /dev/null +++ b/packages/efinstall.config @@ -0,0 +1,640 @@ +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: MIT-0 +# +# Permission is hereby granted, free of charge, to any person obtaining a copy of this +# software and associated documentation files (the "Software"), to deal in the Software +# without restriction, including without limitation the rights to use, copy, modify, +# merge, publish, distribute, sublicense, and/or sell copies of the Software, and to +# permit persons to whom the Software is furnished to do so. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, +# INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A +# PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT +# HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION +# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE +# SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + + +###################################################################### +# EnginFrame +# +# This file has been automaticaly generated on Tue Nov 17 16:36:29 UTC 2020 +###################################################################### + +efinstall.config.version = 1.0 + + +###################################################################### +# License Agreement +# Review the license terms before installing EnginFrame +###################################################################### + +# Setting the property ef.accept.eula to 'true' you declare that you have read +# you have read all the terms of the EnginFrame +# license agreement and that you accept them. +# +# Values: [true|false] +ef.accept.eula = true + + +###################################################################### +# What's new in EnginFrame 2020.0 +###################################################################### + + +###################################################################### +# License File +# Install the license file +###################################################################### + +# License file +#kernel.eflicense = No license file. EnginFrame is running on EC2. + + +###################################################################### +# Choose Install Location +# Choose the directory in which to install EnginFrame +###################################################################### + +# Install directory +nice.root.dir.ui = /shared/nice + + +###################################################################### +# EnginFrame Update +# Preliminary Checks +###################################################################### + + +###################################################################### +# Components to install +# The list of what will be installed +###################################################################### + +# EnginFrame +##component_enginframe = + +# EnginFrame +##component_enginframe_finalizer = + +# EnginFrame Kernel +##component_kernel = + +# EnginFrame Applets +##component_applets = + +# Include Parser Library +##component_parser = + +# EnginFrame HTTP Authentication Plug-in +##component_http = + +# EnginFrame PAM Authentication Plug-in +##component_pam = + +# EnginFrame LDAP Authentication Plug-in +##component_ldap = + +# EnginFrame ActiveDirectory Authentication Plug-in +##component_activedirectory = + +# EnginFrame RSS Feed Supplier Plug-in +##component_rss = + +# EnginFrame LSF Grid Integration Plug-in +##component_lsf = + +# PBS Plug-in +##component_pbs = + +# Torque Plug-in +##component_torque = + +# Grid Engine Plug-in +##component_sge = + +# SLURM Plug-in +##component_slurm = + +# AWS Batch Plug-in +##component_awsbatch = + +# DCV Session Manager Plug-in +##component_dcvsm = + +# EnginFrame Demo Portal +##component_demo = + +# NEUTRO Grid Plug-in +##component_neutro = + +# EnginFrame VDI Portal +##component_vdi = + +# EnginFrame Applications Portal +##component_applications = + +# Service Manager Plug-in +##component_service-manager = + +# User Group Manager Plug-in +##component_user-group-manager = + + +###################################################################### +# Java Runtime Environment (JRE) Selection +# Define which JRE will be used by EnginFrame +###################################################################### + +# JRE base directory +kernel.java.home = /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.265.b01-1.amzn2.0.1.x86_64/jre + + +###################################################################### +# EnginFrame Spoolers +# Choose the location for the EnginFrame spoolers +###################################################################### + +# Spoolers directory +ef.spooler.dir = /shared/nice/enginframe/spoolers + + +###################################################################### +# EnginFrame Repository +# Choose the location for the EnginFrame repository +###################################################################### + +# Repositories directory +ef.repository.dir = /shared/nice/enginframe/repository + + +###################################################################### +# EnginFrame Sessions +# Choose the location for the EnginFrame sessions +###################################################################### + +# Sessions directory +ef.sessions.dir = /shared/nice/enginframe/sessions + + +###################################################################### +# EnginFrame Data +# Choose the location for the EnginFrame data directory +###################################################################### + +# Data directory +ef.data.root.dir = /shared/nice/enginframe/data + + +###################################################################### +# EnginFrame Logs and Temp +# Choose the location for the EnginFrame logs and temp directories +###################################################################### + +# Logs directory +ef.logs.root.dir = /shared/nice/enginframe/logs + +# Temp directory +ef.temp.root.dir = /shared/nice/enginframe/tmp + + +###################################################################### +# EnginFrame configuration +# Choose the EnginFrame configuration +###################################################################### + +# Choose the EnginFrame configuration: +# Values: [PRO|ENT] +ef.product = PRO + + +###################################################################### +# EnginFrame Agent +# Choose if EnginFrame Agent will run on this machine +###################################################################### + +# EF Agent will be started on this machine +# Values: [true|false] +kernel.agent.on.same.machine = true + + +###################################################################### +# Agent Configuration +# Configure the EnginFrame agent communication +###################################################################### + +# TCP port on which the RMI registry listens for requests +kernel.agent.rmi.port = 9999 + +# TCP port on which the EnginFrame agent listens for RMI requests from the EnginFrame server +kernel.agent.rmi.bind.port = 9998 + + +###################################################################### +# Agent Configuration +# Configure the EnginFrame agent communication +###################################################################### + +# Hostname where the agent will be launched +##kernel.agent.host = + +# TCP port on which the RMI registry listens for requests +#kernel.agent.rmi.port = 9999 + +# TCP port on which the EnginFrame agent listens for RMI requests from the EnginFrame server +#kernel.agent.rmi.bind.port = 9998 + + +###################################################################### +# EnginFrame Administrator +# Specify the EnginFrame administrator +###################################################################### + +# EnginFrame administrator +kernel.ef.admin.user = efadmin + + +###################################################################### +# Apache Tomcat HTTPS +# Enable Apache Tomcat HTTPS +###################################################################### + +# Apache Tomcat with HTTPS +# Values: [true|false] +kernel.server.tomcat.https = true + + +###################################################################### +# Apache Tomcat Configuration +# Configure Apache Tomcat +###################################################################### + +# OS user owning the Apache Tomcat process +#kernel.ef.tomcat.user = efnobody + +# Context of the EnginFrame web application +#kernel.ef.root.context = enginframe + +# TCP port on which Apache Tomcat listens for HTTP connections +##kernel.tomcat.port = + +# TCP port on which Apache Tomcat listens for shutdown requests +#kernel.tomcat.shutdown.port = 8005 + + +###################################################################### +# Apache Tomcat Configuration +# Configure Apache Tomcat +###################################################################### + +# OS user owning the Apache Tomcat process +kernel.ef.tomcat.user = efnobody + +# Context of the EnginFrame web application +kernel.ef.root.context = enginframe + +# TCP port on which Apache Tomcat listens for HTTPS connections +kernel.tomcat.https.port = 8443 + +# TCP port on which Apache Tomcat listens for shutdown requests +kernel.tomcat.shutdown.port = 8005 + +# Hostname to be set into the autogenerated certificate for Apache Tomcat +kernel.server.tomcat.https.ef.hostname = + + +###################################################################### +# EnginFrame Database Configuration +# Configure EnginFrame Database +###################################################################### + +# Select database to use +# Values: [derby|other-db] +kernel.ef.db = derby + + +###################################################################### +# EnginFrame Database Configuration +# Configure EnginFrame Database +###################################################################### + +# DerbyDB port +kernel.ef.derby.db.port = 1527 + + +###################################################################### +# EnginFrame Database Configuration +# Configure EnginFrame Database +###################################################################### + +# JDBC URL +##kernel.ef.db.url = + +# Username +##kernel.ef.db.admin.name = + +# Property hidden PasswordTextInput +#kernel.ef.db.admin.password = XXXXXXXX + + +###################################################################### +# Enterprise Configuration +# Configure Enterprise features +###################################################################### + +# Comma separated list of server IPs and ports e.g. 192.168.0.1:7800,192.168.0.2:7800 +##kernel.ef.enterprise.tcp.servers = + + +###################################################################### +# EnginFrame Startup +# Choose whether EnginFrame should start at boot +###################################################################### + +# Start EnginFrame at boot +# Values: [true|false] +kernel.start_enginframe_at_boot = true + + +###################################################################### +# EnginFrame Startup +# Select the version to start +###################################################################### + +# Use the new version? +# Values: [true|false] +##kernel.update_current_version = + + +###################################################################### +# EnginFrame Developer's Documentation +# Choose whether to install the technical showcase and documentation +###################################################################### + +# Do you want to install the EnginFrame Developer's Documentation? +# Values: [true|false] +demo.install = true + + +###################################################################### +# Authentication Manager +# Select the default authentication manager +###################################################################### + +# +# Values: [pam|http|ldap|activedirectory|certificate] +default.auth.mgr = pam + + +###################################################################### +# EnginFrame Certificate Authority Configuration +# Configure EnginFrame Certificate Authority +###################################################################### + +# Get username from client certificate +# Values: [true|false] +##kernel.authorization.certificate.userCertificate = + + +###################################################################### +# Authentication Manager Configuration +# Specify the PAM service +###################################################################### + +# PAM service +pam.service = system-auth + + +###################################################################### +# Authentication Manager Configuration +# Test the PAM authentication manager +###################################################################### + +# Username +pam.user = + +# Property hidden PasswordTextInput +#pam.userpw = XXXXXXXX + + +###################################################################### +# Authentication Manager Configuration +# Specify the 'ldapsearch' location +###################################################################### + +# Location of 'ldapsearch' +##ldap.ldapsearch = + + +###################################################################### +# Authentication Manager Configuration +# Specify the information needed to query the LDAP server +###################################################################### + +# Name of the host on which the LDAP server is located +##ldap.server = + +# TCP port on which the LDAP server listens for requests +##ldap.port = + +# Does the LDAP server require a secure connection (TLS)? +# Values: [true|false] +##ldap.secure = + +# Use simple authentication (instead of SASL) +# Values: [true|false] +##ldap.simple.auth = + +# Default base Distinguished Name (example: 'ou=People,dc=nice') +##ldap.base = + + +###################################################################### +# LDAP Plug-in Configuration +# Specify username and password to test authentication +###################################################################### + +# Username +##ldap.user = + +# Property hidden PasswordTextInput +#ldap.userpw = XXXXXXXX + + +###################################################################### +# Authentication Manager Configuration +# Specify the 'ldapsearch' location +###################################################################### + +# Location of 'ldapsearch' +##activedirectory.ldapsearch = + + +###################################################################### +# Authentication Manager Configuration +# Specify the information needed to query the ActiveDirectory server +###################################################################### + +# Name of the host on which the ActiveDirectory server is located +##activedirectory.server = + +# TCP port on which the ActiveDirectory server listens for requests +##activedirectory.port = + +# Does the ActiveDirectory server require a secure connection (TLS)? +# Values: [true|false] +##activedirectory.secure = + +# Default base Distinguished Name +##activedirectory.base = + + +###################################################################### +# ActiveDirectory Plug-in Configuration +# Specify username and password to test authentication +###################################################################### + +# Bind as +##activedirectory.bindas = + +# Property hidden PasswordTextInput +#activedirectory.bindpwd = XXXXXXXX + +# Username +##activedirectory.user = + +# Property hidden PasswordTextInput +#activedirectory.userpw = XXXXXXXX + + +###################################################################### +# Grid Manager +# Select the grid managers +###################################################################### + +# +ef.jobmanager = slurm + + +###################################################################### +# LSF/OpenLava Integration +# Configure EnginFrame to integrate with LSF/OpenLava +###################################################################### + +# Shell profile file +##lsf.profile.file = + + +###################################################################### +# LSF/OpenLava Integration +# Configure EnginFrame to integrate with LSF/OpenLava +###################################################################### + +# Shell profile file +##lsf.profile.file = + + +###################################################################### +# PBS Integration +# Configure EnginFrame to integrate with PBS +###################################################################### + +# PBS binaries path +##pbs.binaries.path = + + +###################################################################### +# Torque Integration +# Configure EnginFrame to integrate with Torque +###################################################################### + +# Torque binaries path +##torque.binaries.path = + + +###################################################################### +# Grid Engine Integration +# Configure EnginFrame to integrate with Grid Engine +###################################################################### + +# Grid Engine shell profile file +##sge.profile.file = + + +###################################################################### +# SLURM Integration +# Configure EnginFrame to integrate with SLURM +###################################################################### + +# SLURM binaries path +slurm.binaries.path = /opt/slurm/bin + + +###################################################################### +# AWS Batch Integration +# Configure EnginFrame to integrate with AWS Batch +###################################################################### + +# AWS ParallelCluster name +##awsbatch.cluster = + +# AWS ParallelCluster region +##awsbatch.region = + + +###################################################################### +# NEUTRO Plug-in +# Configuration of NEUTRO connection +###################################################################### + +# NEUTRO Master Address(es) +##neutro.neutro.master = + + +###################################################################### +# Delegate Interactive Session Manager +# Select the delegate interactive session managers +###################################################################### + +# DCV Session Manager +# Values: [true|false] +ef.delegate.dcvsm = true + + +###################################################################### +# DCVSessionManager +# Configure DCV Session Manager connection +###################################################################### + +# OAuth2 Server URL +dcvsm.oauth2.url = https\://sm-hostname\:sm-port/oauth2/token + +# OAuth2 Client ID +dcvsm.oauth2.id = + +# Property hidden PasswordTextInput +#dcvsm.oauth2.psw = XXXXXXXX + +# DCV Session Manager Broker URI +dcvsm.broker.url = https\://sm-hostname\:sm-port/ + + +###################################################################### +# DCVSessionManager +# Configure DCV Session Manager connection +###################################################################### + +# Disable TLS Strict Check +# Values: [true|false] +dcvsm.no.strict.tls = false + + + +###################################################################### +# Do not modify any configuration below this line +###################################################################### + + +intro-targets = component_enginframe,component_kernel,component_applets,component_parser,component_http,component_pam,component_ldap,component_activedirectory,component_rss,component_lsf,component_pbs,component_torque,component_sge,component_slurm,component_awsbatch,component_dcvsm,component_demo,component_neutro,component_vdi,component_applications,component_service-manager,component_user-group-manager,component_enginframe_finalizer, + +progress-targets = cleanuptarget, diff --git a/parallelcluster/config.sample b/parallelcluster/config.sample new file mode 100644 index 0000000..bdb62a0 --- /dev/null +++ b/parallelcluster/config.sample @@ -0,0 +1,65 @@ +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: MIT-0 +# +# Permission is hereby granted, free of charge, to any person obtaining a copy of this +# software and associated documentation files (the "Software"), to deal in the Software +# without restriction, including without limitation the rights to use, copy, modify, +# merge, publish, distribute, sublicense, and/or sell copies of the Software, and to +# permit persons to whom the Software is furnished to do so. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, +# INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A +# PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT +# HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION +# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE +# SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + + +[global] +cluster_template = default +update_check = true +sanity_check = false + +[aws] +aws_region_name = eu-west-1 + +[cluster default] +base_os = alinux2 +scheduler = slurm +key_name = my-EC2-key-here +master_instance_type = m5.large +queue_settings = parallel +vpc_settings = public + +# post install: EnginFrame and DCV session manager broker +# requires post_install_argrs = " " +post_install = s3://my-bucket-here/parallelcluster/scripts/post.install.sh +post_install_args = "my-bucket-here parallelcluster efadminpassword" +s3_read_resource = arn:aws:s3:::my-bucket-here* + +[queue parallel] +compute_resource_settings = c5queue, m5queue +compute_type = ondemand +disable_hyperthreading = true +placement_group = DYNAMIC + +[compute_resource c5queue] +instance_type = c5.large +min_count = 0 +max_count = 2 +initial_count = 0 + +[compute_resource m5queue] +instance_type = m5.large +min_count = 0 +max_count = 4 +initial_count = 0 + +[vpc public] +master_subnet_id = subnet-123456 +vpc_id = vpc-123456 +additional_sg = sg-123456 + +[cw_log parallelculuster-log] +enable = true +retention_days = 7 \ No newline at end of file diff --git a/scripts/01.install.enginframe.master.sh b/scripts/01.install.enginframe.master.sh new file mode 100644 index 0000000..945f57f --- /dev/null +++ b/scripts/01.install.enginframe.master.sh @@ -0,0 +1,104 @@ +#!/bin/bash + +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: MIT-0 +# +# Permission is hereby granted, free of charge, to any person obtaining a copy of this +# software and associated documentation files (the "Software"), to deal in the Software +# without restriction, including without limitation the rights to use, copy, modify, +# merge, publish, distribute, sublicense, and/or sell copies of the Software, and to +# permit persons to whom the Software is furnished to do so. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, +# INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A +# PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT +# HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION +# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE +# SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + + +# Installs EnginFrame on master host + +source '/etc/parallelcluster/cfnconfig' + +export NICE_ROOT="${cfn_shared_dir}/nice" +export EF_CONF_ROOT="${NICE_ROOT}/enginframe/conf" +export EF_DATA_ROOT="${NICE_ROOT}/enginframe/data" + +set -x +set -e + + +# install EnginFrame +# ---------------------------------------------------------------------------- +installEnginFrame() { + # install pre-requisites + yum -y install java-latest-openjdk + # get packages from S3 + aws s3 sync "s3://${S3Bucket}/${S3Key}/packages" "/tmp/packages" || exit 1 + # set permissions and uncompress + chmod 755 -R /tmp/packages/* + enginframe_jar=$(find /tmp/packages -type f -name 'enginframe-[0-9]*.jar') + # some checks + [[ -z ${enginframe_jar} ]] && \ + echo "[ERROR] missing enginframe jar" && return 1 + [[ ! -f /tmp/packages/efinstall.config ]] && \ + echo "[ERROR] missing efinstall.config" && return 1 + + # update java path + java_path=$(readlink /etc/alternatives/java | sed 's/\/bin\/java//') + sed -i \ + "s/^kernel.java.home = .*$/kernel.java.home = ${java_path//\//\\/}/" \ + /tmp/packages/efinstall.config + # use shared folder as NICE_ROOT + sed -i \ + "s/^nice.root.dir.ui = .*$/nice.root.dir.ui = ${NICE_ROOT//\//\\/}/" \ + /tmp/packages/efinstall.config + sed -i \ + "s/^ef.spooler.dir = .*$/ef.spooler.dir = ${NICE_ROOT//\//\\/}\/enginframe\/spoolers/" \ + /tmp/packages/efinstall.config + sed -i \ + "s/^ef.repository.dir = .*$/ef.repository.dir = ${NICE_ROOT//\//\\/}\/enginframe\/repository/" \ + /tmp/packages/efinstall.config + sed -i \ + "s/^ef.sessions.dir = .*$/ef.sessions.dir = ${NICE_ROOT//\//\\/}\/enginframe\/sessions/" \ + /tmp/packages/efinstall.config + sed -i \ + "s/^ef.data.root.dir = .*$/ef.data.root.dir = ${NICE_ROOT//\//\\/}\/enginframe\/data/" \ + /tmp/packages/efinstall.config + sed -i \ + "s/^ef.logs.root.dir = .*$/ef.logs.root.dir = ${NICE_ROOT//\//\\/}\/enginframe\/logs/" \ + /tmp/packages/efinstall.config + sed -i \ + "s/^ef.temp.root.dir = .*$/ef.temp.root.dir = ${NICE_ROOT//\//\\/}\/enginframe\/tmp/" \ + /tmp/packages/efinstall.config + sed -i \ + "s/^kernel.server.tomcat.https.ef.hostname = .*$/kernel.server.tomcat.https.ef.hostname = $(hostname -s)/" \ + /tmp/packages/efinstall.config + # add EnginFrame users + adduser efadmin + adduser efnobody + printf "${efadminPassword}" | passwd efadmin --stdin + + # finally, launch EnginFrame installer + ( cd /tmp/packages + java -jar "${enginframe_jar}" --text --batch ) +} + +startEnginFrame() { + systemctl start enginframe +} + + +# main +# ---------------------------------------------------------------------------- +main() { + echo "[INFO][$(date '+%Y-%m-%d %H:%M:%S')] install.enginframe.master.sh: START" >&2 + + installEnginFrame + startEnginFrame + + echo "[INFO][$(date '+%Y-%m-%d %H:%M:%S')] install.enginframe.master.sh: STOP" >&2 +} + +main "$@" diff --git a/scripts/02.install.dcv.broker.master.sh b/scripts/02.install.dcv.broker.master.sh new file mode 100644 index 0000000..1085822 --- /dev/null +++ b/scripts/02.install.dcv.broker.master.sh @@ -0,0 +1,132 @@ +#!/bin/bash + +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: MIT-0 +# +# Permission is hereby granted, free of charge, to any person obtaining a copy of this +# software and associated documentation files (the "Software"), to deal in the Software +# without restriction, including without limitation the rights to use, copy, modify, +# merge, publish, distribute, sublicense, and/or sell copies of the Software, and to +# permit persons to whom the Software is furnished to do so. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, +# INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A +# PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT +# HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION +# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE +# SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + + +# Installs DCV Session Broker on master host + +source '/etc/parallelcluster/cfnconfig' + +export NICE_ROOT="${cfn_shared_dir}/nice" + +set -x +set -e + + +# install DCV Session Broker +installDCVSessionBroker() { + # get packages from S3 + aws s3 sync "s3://${S3Bucket}/${S3Key}/packages" "/tmp/packages" || exit 1 + # set permissions and uncompress + chmod 755 -R /tmp/packages/* + dcv_session_broker_pkg=$(find /tmp/packages -type f -name 'nice-dcv-session-manager-broker-[0-9]*.rpm') + # some checks + [[ -z ${dcv_session_broker_pkg} ]] && \ + echo "[ERROR] missing DCV Session Broker rpm" && return 1 + [[ ! -r /tmp/packages/NICE-GPG-KEY ]] && \ + echo "[ERROR] missing NICE-GPG-KEY" && return 1 + + rpm --import /tmp/packages/NICE-GPG-KEY + yum install -y "${dcv_session_broker_pkg}" + # switch broker to 8446 since 8443 is used by EnginFrame + sed -i 's/client-to-broker-connector-https-port = .*$/client-to-broker-connector-https-port = 8446/' \ + /etc/dcv-session-manager-broker/session-manager-broker.properties + # switch broker discovery port to 45001 since in the boot phase it can be busy + #sed -i 's/broker-to-broker-discovery-port = .*$/broker-to-broker-discovery-port = 47501/' \ + # /etc/dcv-session-manager-broker/session-manager-broker.properties + #sed -i 's/broker-to-broker-discovery-addresses = .*$/broker-to-broker-discovery-addresses = 127.0.0.1:47501/' \ + # /etc/dcv-session-manager-broker/session-manager-broker.properties +} + + +# start DCV session broker +startDCVSessionBroker() { + local -i attempts=10 wait=1 + systemctl enable dcv-session-manager-broker + systemctl start dcv-session-manager-broker + sleep 10 # wait for a correct ignite initialization + efadmin_home=$(getent passwd | grep efadmin | sed 's/^.*:.*:.*:.*:.*:\(.*\):.*$/\1/') + + # wait for the certificate to be available, and copy it to efadmin's home + while [[ $((attempts--)) -gt 0 ]]; do + if [[ -r /var/lib/dcvsmbroker/security/dcvsmbroker_ca.pem ]]; then + cp /var/lib/dcvsmbroker/security/dcvsmbroker_ca.pem "${efadmin_home}" + break + else sleep $((wait++)) + fi + done + [[ ${attempts} -gt 0 ]] || return 1 +} + + +# sets DCV session broker in EnginFrame +# avoid this function if you don't install EnginFrame +setupEFSessionManager() { + local -i attempts=10 wait=1 + source "${NICE_ROOT}/enginframe/conf/enginframe.conf" + + # register and set EnginFrame as API client + while [[ $((attempts--)) -gt 0 ]]; do + systemctl is-active --quiet dcv-session-manager-broker + if [[ $? == 0 ]]; then + dcv-session-manager-broker register-api-client --client-name EnginFrame > /tmp/packages/ef_client_reg + [[ $? == 0 ]] || return 1 + break + else sleep $((wait++)) + fi + done + [[ ${attempts} -gt 0 ]] || return 1 + + client_id=$(cat /tmp/packages/ef_client_reg | sed -n 's/^[ \t]*client-id:[ \t]*//p') + client_pw=$(cat /tmp/packages/ef_client_reg | sed -n 's/^[ \t]*client-password:[ \t]*//p') + sed -i "s/^DCVSM_CLUSTER_dcvsm_cluster1_AUTH_ID=.*$/DCVSM_CLUSTER_dcvsm_cluster1_AUTH_ID=${client_id//\//\\/}/" \ + /shared/nice/enginframe/conf/plugins/dcvsm/clusters.props + sed -i \ + "s/^DCVSM_CLUSTER_dcvsm_cluster1_AUTH_PASSWORD=.*$/DCVSM_CLUSTER_dcvsm_cluster1_AUTH_PASSWORD=${client_pw//\//\\/}/" \ + /shared/nice/enginframe/conf/plugins/dcvsm/clusters.props + sed -i \ + "s/^DCVSM_CLUSTER_dcvsm_cluster1_AUTH_ENDPOINT=.*$/DCVSM_CLUSTER_dcvsm_cluster1_AUTH_ENDPOINT=https:\/\/$(hostname):8446\/oauth2\/token/" \ + /shared/nice/enginframe/conf/plugins/dcvsm/clusters.props + sed -i \ + "s/^DCVSM_CLUSTER_dcvsm_cluster1_SESSION_MANAGER_ENDPOINT=.*$/DCVSM_CLUSTER_dcvsm_cluster1_SESSION_MANAGER_ENDPOINT=https:\/\/$(hostname):8446/" \ + /shared/nice/enginframe/conf/plugins/dcvsm/clusters.props + + # add dcvsm certificate to Java keystore + openssl x509 -in /var/lib/dcvsmbroker/security/dcvsmbroker_ca.pem -inform pem \ + -out /tmp/packages/dcvsmbroker_ca.der -outform der + keytool -importcert -alias dcvsm \ + -keystore "${JAVA_HOME}/lib/security/cacerts" \ + -storepass changeit \ + -noprompt \ + -file /tmp/packages/dcvsmbroker_ca.der + systemctl restart enginframe +} + + +# main +# ---------------------------------------------------------------------------- +main() { + echo "[INFO][$(date '+%Y-%m-%d %H:%M:%S')] install.dcv.broker.master.sh: START" >&2 + + installDCVSessionBroker + startDCVSessionBroker + setupEFSessionManager + + echo "[INFO][$(date '+%Y-%m-%d %H:%M:%S')] install.dcv.broker.master.sh: STOP" >&2 +} + +main "$@" diff --git a/scripts/post.install.sh b/scripts/post.install.sh new file mode 100644 index 0000000..e0eefda --- /dev/null +++ b/scripts/post.install.sh @@ -0,0 +1,59 @@ +#!/bin/bash + +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: MIT-0 +# +# Permission is hereby granted, free of charge, to any person obtaining a copy of this +# software and associated documentation files (the "Software"), to deal in the Software +# without restriction, including without limitation the rights to use, copy, modify, +# merge, publish, distribute, sublicense, and/or sell copies of the Software, and to +# permit persons to whom the Software is furnished to do so. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, +# INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A +# PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT +# HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION +# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE +# SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + + +# Top level post install script + +# get post install arguments +export S3Bucket="$2" +export S3Key="$3" +export efadminPassword="$4" + +source '/etc/parallelcluster/cfnconfig' + + +# run scripts +# ---------------------------------------------------------------------------- +# runs secondary scripts according to the node type +runScripts() { + # get packages from S3 + echo "Getting S3 packages from ${S3Bucket}" + aws s3 sync s3://${S3Bucket}/${S3Key}/scripts /tmp/scripts || exit 1 + chmod 755 -R /tmp/scripts/* + # run scripts according to node type + if [[ ${cfn_node_type} == MasterServer ]]; then + find /tmp/scripts -type f -name '[0-9][0-9]*.master.sh' -print0 | \ + sort -z -n | xargs -0 -I '{}' /bin/bash -c '{}' + fi + if [[ ${cfn_node_type} == ComputeFleet ]]; then + + find /tmp/scripts -type f -name '[0-9][0-9]*.compute.sh' -print0 | \ + sort -z -n | xargs -0 -I '{}' /bin/bash -c '{}' + fi +} + + +# main +# ---------------------------------------------------------------------------- +main() { + echo "[INFO][$(date '+%Y-%m-%d %H:%M:%S')] post.install.sh START" >&2 + runScripts + echo "[INFO][$(date '+%Y-%m-%d %H:%M:%S')] post.install.sh: STOP" >&2 +} + +main "$@"