tools/compute-images/ansible/build-compute-image.yml

   1 #!/usr/bin/env ansible-playbook
   2 # Copyright (C) The Arvados Authors. All rights reserved.
   3 #
   4 # SPDX-License-Identifier: Apache-2.0
   5
   6 - name: Load Arvados configuration
   7   hosts: default
   8   tasks:
   9     - name: Load Arvados configuration file
  10       delegate_to: localhost
  11       ansible.builtin.include_vars:
  12         name: arvados_config
  13         file: "{{ arvados_config_file }}"
  14     - name: Load Arvados cluster configuration
  15       ansible.builtin.set_fact:
  16         arvados_cluster: "{{ arvados_config.Clusters[arvados_cluster_id] }}"
  17       failed_when: arvados_cluster is undefined
  18     - name: Get Crunch dispatch public key
  19       delegate_to: localhost
  20       vars:
  21         key_url: "{{ arvados_cluster.Containers.DispatchPrivateKey | urlsplit }}"
  22       ansible.builtin.command:
  23         argv: "{{ ['ssh-keygen', '-y'] + (['-f', key_url.path] if key_url.scheme == 'file' else []) }}"
  24         stdin: "{{ arvados_cluster.Containers.DispatchPrivateKey if key_url.scheme != 'file' else '' }}"
  25       register: compute_dispatch_ssh_keygen
  26
  27 - name: Build compute node
  28   # `default` is the name that the Packer Ansible plugin assigns to the
  29   # instance used to create the image.
  30   hosts: default
  31   become: true
  32   tasks:
  33     - name: Bootstrap packages required for Ansible
  34       ansible.builtin.raw: "apt-get -o DPkg::Lock::Timeout=300 -qy {{ item }}"
  35       loop:
  36         - update
  37         - install gnupg python3-apt python3-debian xz-utils
  38     - include_role:
  39         name: distro_apt
  40     - include_role:
  41         name: arvados_apt
  42     - name: Upgrade packages
  43       ansible.builtin.apt:
  44         update_cache: true
  45         upgrade: true
  46     - name: Remove unwanted packages
  47       ansible.builtin.apt:
  48         state: absent
  49         autoremove: true
  50         purge: true
  51         name:
  52           - unattended-upgrades
  53
  54     - include_role:
  55         name: compute_nvidia
  56       when: "arvados_compute_nvidia|default(false)|bool"
  57     - include_role:
  58         name: "compute_{{ arvados_cluster.Containers.RuntimeEngine }}"
  59     - include_role:
  60         name: compute_encrypt_tmp
  61     - include_role:
  62         name: compute_user
  63
  64     - name: Install Arvados FUSE driver
  65       ansible.builtin.apt:
  66         name: python3-arvados-fuse
  67     - name: Configure FUSE
  68       ansible.builtin.lineinfile:
  69         path: /etc/fuse.conf
  70         regexp: "^[# ]*user_allow_other *$"
  71         line: user_allow_other
  72     - name: Configure locale
  73       ansible.builtin.lineinfile:
  74         path: /etc/locale.gen
  75         regexp: "^[# ]*en_US.UTF-8 +UTF-8 *$"
  76         line: en_US.UTF-8 UTF-8
  77       notify: locale-gen
  78     - name: Configure DNS
  79       ansible.builtin.lineinfile:
  80         path: /etc/dhcp/dhclient.conf
  81         regexp: "^[# ]*prepend +domain-name-servers "
  82         line: "prepend domain-name-servers {{ dns_resolver }};"
  83       when: dns_resolver is defined
  84
  85   handlers:
  86     - name: apt update
  87       ansible.builtin.debug:
  88         msg: Skipping apt update handler before an apt upgrade
  89         verbosity: 1
  90     - name: locale-gen
  91       ansible.builtin.command: locale-gen