User Tools

Site Tools



This shows you the differences between two versions of the page.

Link to this comparison view

Next revision
Previous revision
Next revision Both sides next revision
cluster:154 [2017/03/03 19:02]
hmeij07 created
cluster:154 [2017/03/08 20:27]
hmeij07 [Deploy]
Line 4: Line 4:
 ==== OpenHPC ==== ==== OpenHPC ====
-  * install vanilla CentOS 7.2+  * install vanilla CentOS 7.2 on //master// 
 +  * find Install_guide-CentOS7.2-SLURM-1.2.1-x86_64.pdf recipe guide on 
 +  * turn selinux off 
 +  * next switch to iptables 
 +[root@ohpc0-test ~]# systemctl stop firewalld                 
 +[root@ohpc0-test ~]# systemctl disable firewalld          
 +[root@ohpc0-test ~]#  yum install iptables-services -y                           
 +[root@ohpc0-test ~]# systemctl enable iptables 
 +[root@ohpc0-test ~]# systemctl enable ip6tables 
 +[root@ohpc0-test ~]# vi /etc/sysconfig/iptables 
 +# lock up port 22: note "eth0" 
 +-A INPUT -i enp4s0 -p tcp -m state --state NEW -m tcp -s --dport 22 -j ACCEPT 
 +# local allow: note "eth1" 
 +-A INPUT -i enp8s0 -d -p tcp --dport 0:65535 -j ACCEPT 
 +-A INPUT -i enp8s0 -d -p udp --dport 0:65535 -j ACCEPT 
 +[root@ohpc0-test ~]# vi /etc/sysconfig/ip6tables 
 +# comment out port 22 
 +[root@ohpc0-test ~]# systemctl restart iptables 
 +[root@ohpc0-test ~]# systemctl restart ip6tables 
 +[root@ohpc0-test ~]# iptables -L 
 +Chain INPUT (policy ACCEPT) 
 +target     prot opt source               destination 
 +ACCEPT     all  --  anywhere             anywhere             state RELATED,ESTABLISHED 
 +ACCEPT     icmp --  anywhere             anywhere 
 +ACCEPT     all  --  anywhere             anywhere 
 +ACCEPT     tcp  --       anywhere             state NEW tcp dpt:ssh 
 +ACCEPT     tcp  --  anywhere          tcp 
 +ACCEPT     udp  --  anywhere          udp 
 +REJECT     all  --  anywhere             anywhere             reject-with icmp-host-prohibited 
 +Chain FORWARD (policy ACCEPT) 
 +target     prot opt source               destination 
 +REJECT     all  --  anywhere             anywhere             reject-with icmp-host-prohibited 
 +Chain OUTPUT (policy ACCEPT) 
 +target     prot opt source               destination 
 +[root@ohpc0-test ~]# reboot 
 +  * next add OpenHPC component, install the RPM package which also enables repo EPEL 
 +[root@ohpc0-test ~]# yum install 
 +  ohpc-release.x86_64 0:1.2-1 
 +Dependency Installed: 
 +  epel-release.noarch 0:7-9 
 +[root@ohpc0-test ~]# yum repolist 
 +repo id                       repo name 
 +OpenHPC                       OpenHPC-1.2 - Base 
 +OpenHPC-updates               OpenHPC-1.2 - Updates 
 +base/7/x86_64                 CentOS-7 - Base 
 +*epel/x86_64                  Extra Packages for Enterprise Linux 7 - x86_64 
 +extras/7/x86_64               CentOS-7 - Extras 
 +updates/7/x86_64              CentOS-7 - Updates 
 +  * Next provisioning, pull down a suite of packages 
 + yum -y groupinstall ohpc-base 
 + yum -y groupinstall ohpc-warewulf 
 +# for openlava if we decide not slurm 
 + yum install tcl-devel 
 + systemctl enable ntpd.service 
 + systemctl start ntpd 
 + systemctl status ntpd 
 + yum -y groupinstall ohpc-slurm-server 
 +  * Configure ''ib0'' and ''IPoIB'' if needed, consult  [[cluster:145|Infiniband]], also consult the PDF file. 
 +==== Configure ==== 
 +  * Warewulf (do yourself a favor and check changes in file to avoid typos) 
 +perl -pi -e "s/device = eth1/device = enp8s0/" /etc/warewulf/provision.conf 
 +perl -pi -e "s/^\s+disable\s+= yes/ disable = no /" /etc/xinetd.d/tftp 
 +perl -pi -e "s/cgi-bin>\$/cgi-bin>\n Require all granted/" /etc/httpd/conf.d/warewulf-httpd.conf 
 +perl -pi -e "s/Allow from all/Require all granted/" /etc/httpd/conf.d/warewulf-httpd.conf 
 +# -ni not -pi 
 +perl -ni -e "print unless /^\s+Order allow,deny/" /etc/httpd/conf.d/warewulf-httpd.conf 
 +# restart/enable services 
 +systemctl restart xinetd 
 +systemctl enable mariadb.service 
 +systemctl restart mariadb 
 +systemctl enable httpd.service 
 +systemctl restart httpd 
 +  * Now let get ready to provision a node. First we need to build a CHROOT environment. 
 +# defined repo 
 +less /usr/libexec/warewulf/wwmkchroot/centos-7.tmpl 
 +# admin area 
 +ls -R /opt/ohpc/admin/ 
 +# use another disk for images 
 +mkdir /data 
 +mkfs.xfs -f /dev/sdb1 
 +mount /data 
 +mkdir -p /data/ohpc/images/centos7.2 
 +# this yields an error as 7.2.1511 is already deprecated 
 +wwmkchroot centos-7 /data/ohpc/images/centos7.2 
 +"This directory (and version of CentOS) is deprecated.  For normal users, 
 +you should use /7/ and not /7.2.1511/ in your path." 
 +# so we follow their advise and edit the repo destination s/7.2.1511/7/ 
 +vi /usr/libexec/warewulf/wwmkchroot/centos-7.tmpl 
 +# try again 
 +wwmkchroot centos-7 /data/ohpc/images/centos7.2 
 +# ls /data/ohpc/images/centos7.2/ 
 +bin  boot  dev  etc  fastboot  home  lib  lib64  media  mnt  opt   
 +proc  root  run  sbin  srv  sys  tmp  usr  var 
 +# du -hs /data/ohpc/images/centos7.2/ 
 +490M    /data/ohpc/images/centos7.2/ 
 +  * Next customize the CHROOT environment 
 +cp -p /etc/resolv.conf /data/ohpc/images/centos7.2/etc/ 
 +yum -y --installroot=/data/ohpc/images/centos7.2 groupinstall ohpc-slurm-client 
 +yum -y --installroot=/data/ohpc/images/centos7.2 install kernel 
 +yum -y --installroot=/data/ohpc/images/centos7.2 install ntp 
 +yum -y --installroot=/data/ohpc/images/centos7.2 install lmod-ohpc 
 +# pass on infiniband 
 +# if it does not exist on **master** issue command ''wwinit ssh'' 
 +cat ~/.ssh/ 
 +cat ~/.ssh/ >> /data/ohpc/images/centos7.2/root/.ssh/authorized_keys 
 +echo " /home nfs nfsvers=3,rsize=1024,wsize=1024,cto 0 0 " \ 
 +      >> /data/ohpc/images/centos7.2/etc/fstab 
 +echo " /opt/ohpc/pub nfs nfsvers=3 0 0 " \ 
 +      >> /data/ohpc/images/centos7.2/etc/fstab 
 +chroot /data/ohpc/images/centos7.2 systemctl enable ntpd 
 +echo "server" >> /data/ohpc/images/centos7.2/etc/ntp.conf 
 +# finally on **master** issue 
 +perl -pi -e "s/ControlMachine=\S+/ControlMachine=ohpc0-test/" /etc/slurm/slurm.conf 
 +echo "/home *(rw,no_subtree_check,fsid=10,no_root_squash)" >> /etc/exports 
 +echo "/opt/ohpc/pub *(ro,no_subtree_check,fsid=11)" >> /etc/exports 
 +exportfs -ra 
 +systemctl restart nfs 
 +systemctl enable nfs-server 
 +==== Deploy ==== 
 +  * Next we PXE boot the compute node for imaging (after building bootstrp image and VNFS) 
 +# Both are loaded in database 
 +echo "drivers += updates/kernel" >> /etc/warewulf/bootstrap.conf 
 +wwbootstrap `uname -r` 
 +# Bootstrap image '3.10.0-327.el7.x86_64' is ready 
 +wwvnfs -y --chroot /data/ohpc/images/centos7.2 
 +# VNFS 'centos7.2' has been imported 
 +# Wrote a new configuration file at: /etc/warewulf/vnfs/centos7.2.conf 
 +wwsh -y file import /tmp/network.12501 --name network 
 +wwsh -y file set network --path /etc/sysconfig/network --mode=0644 --uid=0  
 +wwsh -y node new ohpc0 --ipaddr= --hwaddr=00:15:C5:EF:08:61 -D enp8s0 
 +wwsh -y file import /etc/passwd 
 +wwsh -y file import /etc/group 
 +wwsh -y file import /etc/shadow 
 +wwsh -y file import /etc/slurm/slurm.conf 
 +wwsh -y file import /etc/munge/munge.key 
 +wwsh -y provision set ohpc0 --vnfs=centos7.2 --bootstrap=`uname -r` \ 
 +     --files=dynamic_hosts,passwd,group,shadow,slurm.conf,munge.key,network 
 +systemctl restart dhcpd 
 +wwsh pxe update 
 +  * Note: the next part is optional but I recommend it. Warewulf by defaults deploys ''stateless'' (in memory) but I'd rather deploy ''statefull'' in which VNFS is written to disk. The advantage is that if the node crashed, it will reboot without the help of the **master**, and Linux typically survives crashes. Actually I like the ''golden image'' even better, customize a node, then create the image. More details at [[cluster:144|Warewulf Golden Image]]
-  * disable firewalld, install iptables 
-  *  
 \\ \\
 **[[cluster:0|Back]]** **[[cluster:0|Back]]**
cluster/154.txt · Last modified: 2018/08/17 12:48 by hmeij07