This document is specific to the London RedCentric lab, but should evolve to a more generic setup once we have more labs. For now, there are some hard-coded logic in the wiki as well as the scripts, to make sure we can reproduce at least the one lab we have. Once we have more labs, we'll work to automate that using configuration files, command line options, etc.
London RedCentric
Our HPC Lab will be using the 10.50.0.0/16 network, using a VPN just for us. We will have no contact with any other lab, in or out.
The servers will receive static IP assignments in the 10.50.16.*/20 range, while the provisioner will work with IPs in the ranges:
- 10.50.16.*/22 to dynamic
- 10.50.20.*/22 to dynamic-reserved
- 10.50.24.*/22 to static
The second interface in the provisioner will be in a different sub-net (via VLAN) with fixed IPs (because MrP still can't DHCP) in the range 192.168.2.0/24. This is overly restrictive considering the ranges above, but it's enough for the London data-centre (we won't have more than 250 machines in there).
The masters and benchmark machines will be provisioned by MrProvisioner and the compute nodes will be provisioned by the master (ex. warewulf, xCAT, etc).
There will be a VLAN for each cluster, to allow internal communications without flooding the rest of the lab (including other clusters), and these will be GB, 10GBE or InfiniBand, in the ranges 172.16.0.0/15, 172.18.0.0/15 and 172.20.0.0/15 respectively, as each cluster can have more than one interconnect technology at the same time.
Here's a diagram of the network:
Setting up the hpc-admin node
The hpc-admin node will be the physical server hosting the MrProvisioner and Jenkins services for the HPC lab.
The baremetal installation is : a Debian9 (stretch) hosting the two services using KVM/QEMU for the moment (migration to Docker/Containers will be possible when MrP support for containers is production ready.)
Required Packages and repos
Install Debian as you normally would for a server, do care to install the ssh server and to plan for enough space for the Jenkins logs (a bare minimum of 500Go for the Jenkins VM is desirable)
root@hpc-admin # apt update && apt upgrade root@hpc-admin # apt install sudo git net-tools vim bridge-utils qemu-kvm libvirt-clients libvirt-daemon-system virtinst dirmngr build-essential root@hpc-admin # echo "deb http://ppa.launchpad.net/ansible/ansible/ubuntu trusty main" >> /etc/apt/sources.list root@hpc-admin # apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 93C4A3FD7BB9C367 root@hpc-admin # apt update && apt install ansible
You'll also need a few repositories for the automation:
root@hpc-admin # git clone ssh://git@dev-private-git.linaro.org/hpc/labconf.git root@hpc-admin # git clone https://github.com/BaptisteGerondeau/ans_setup_jenkins.git root@hpc-admin # git clone https://github.com/BaptisteGerondeau/infra-automation.git && cd infra_automation/ansible
You now have a working baremetal server running Debian9 with all the appropriate utilities and tools.
Network Configuration
For the VMs to work on the two network interfaces of the host, we need to create a bridge in each and assign the required static IPs, as well as enabling IP forward and creating the SSH keys.
This is all done by the network_setup.sh script in our labconf repository:
root@hpc-admin # cd labconf/network root@hpc-admin # ./network_setup.sh <IF0> <IF1>
Change IF0 to your primary interface (the one connected to the firewall / VPN and IF1 to the one that will be connected to the BMCs (via the MrP VM).
Warning: This script will restart your network, make sure you're running on a physical terminal.
Setting up the VMs
With the network in place, you can clone the HPC Lab Conf repository (you must be allowed and have your key in the private repo):
root@hpc-admin # cd labconf/kvm root@hpc-admin # ./jenkins_virt_install.sh
And the same for MrProvisioner:
root@hpc-admin # ./mrp_virt_install.sh
For both MrProvisioner and Jenkins, the preseed will setup statis IPs (10.50.0.3 and 10.50.0.4 respectively), and they should be visible from the wider network, including the host. This is done to simplify VM migration and a potential new installation on a different server.
Update the Ansible host configuration:
root@hpc-admin # vim /etc/ansible/hosts [jenkins] 10.50.0.4 [infra_servers] 10.50.0.3
Installing the Jenkins service
Copy the secret files from our private repo to the Jenkins ansible repo:
root@hpc-admin # cp -r labconf/roles/ ans_set_jenkins/
Then run Ansible and wait until it exists with no errors:
root@hpc-admin # cd ans_setup_jenkins && ansible-playbook configure-jenkins.yml -vvv -u root
Ansible will start Jenkins automatically, so you should be able to just open the URL on your browser (assuming you have a route to the machine's IP):
If your Linaro login belongs to the hpc-sig-admin group, then you can directly login, as Jenkins is connected to LDAP, with your email and Linaro password.
BE CAREFUL: Jenkins is not yet using SSL, so your password will be passed plain text. Only use this if you are inside a VPN or on an isolated network.
You may get two warnings when you log in to Jenkins, which can be corrected on the Global Security screen:
- Agent to master security subsystem is currently off: Check the box saying "Enable Agent → Master Access Control"
- Jenkins instance uses deprecated protocols: JNLP3-connect: Uncheck the box "Java Web Start Agent Protocol/3" in "Agent Protocols"
Save the configuration and you should be all set.
Installing the MrP service
Add your mrp-hpc IP to /etc/ansible/hosts under the tag "[infra_servers]"
Then :
root@hpc-admin # cd infra_automation/ansible root@hpc-admin # ansible-playbook playbooks/infra-server.yml -vvv -u root
Then you can login to MrP on port 5000 (or whatever you set it to in the Ansible playbook) and login with the usual first install login (admin:linaro).