From 293d44782c36587c491e444ec3e766d07370e14e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A9mi=20Palancher?= Date: Fri, 12 Dec 2025 13:38:18 +0100 Subject: [PATCH] feat: add support of openSUSE Leap 15 and 16 --- CHANGELOG.md | 1 + conf/roles/common/tasks/os/suse-post.yml | 2 + .../common/tasks/os/suse-rackslab-repos.yml | 38 +++++++++++ conf/roles/common/tasks/os/suse.yml | 8 +++ conf/roles/common/vars/os/suse.yml | 12 ++++ conf/roles/ldap/tasks/main.yml | 7 +- conf/roles/ldap/tasks/os/debian.yml | 2 +- conf/roles/ldap/tasks/os/redhat.yml | 2 +- conf/roles/ldap/tasks/os/suse.yml | 65 +++++++++++++++++++ conf/roles/ldap/vars/os/suse.yml | 7 ++ conf/roles/ssh/vars/os/suse.yml | 2 + etc/os/db.yml | 6 ++ 12 files changed, 146 insertions(+), 6 deletions(-) create mode 100644 conf/roles/common/tasks/os/suse-post.yml create mode 100644 conf/roles/common/tasks/os/suse-rackslab-repos.yml create mode 100644 conf/roles/common/tasks/os/suse.yml create mode 100644 conf/roles/common/vars/os/suse.yml create mode 100644 conf/roles/ldap/tasks/os/suse.yml create mode 100644 conf/roles/ldap/vars/os/suse.yml create mode 100644 conf/roles/ssh/vars/os/suse.yml diff --git a/CHANGELOG.md b/CHANGELOG.md index 9c3a48f..f9b3a0a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -14,6 +14,7 @@ and this project adheres to - Support GPU gres without model in Slurm configuration. - Add SSL/TLS certificate for Slurm-web with internal CA. - Support serving Slurm-web gateway in HTTP server subfolder. +- Add support of opensuse15 and opensuse16 - cli: Add `deploy --update-os-image` option to force download of base OS image when already present on host. - lib: Add `deploy --update-os-image` option in bash-completion. diff --git a/conf/roles/common/tasks/os/suse-post.yml b/conf/roles/common/tasks/os/suse-post.yml new file mode 100644 index 0000000..c836c37 --- /dev/null +++ b/conf/roles/common/tasks/os/suse-post.yml @@ -0,0 +1,2 @@ +--- +# Nothing special here. diff --git a/conf/roles/common/tasks/os/suse-rackslab-repos.yml b/conf/roles/common/tasks/os/suse-rackslab-repos.yml new file mode 100644 index 0000000..1af1183 --- /dev/null +++ b/conf/roles/common/tasks/os/suse-rackslab-repos.yml @@ -0,0 +1,38 @@ +--- +# # Add hpck.it RPM packages repositories +# - name: Add HPCk.it rpm packages repository +# ansible.builtin.yum_repository: +# name: "hpck.it-{{ item }}" +# description: "HPCk.it {{ item }} derivative repository" +# file: hpckit +# baseurl: "https://hpck.it/rpm/el$releasever/{{ item }}/$basearch/" +# gpgcheck: yes +# gpgkey: https://hpck.it/keyring.asc +# priority: "{{ common_hpckit_priorities[item] | default(99) }}" +# loop: "{{ common_hpckit_derivatives }}" + +# # Add Rackslab pkgs RPM packages repositories +# - name: Add Rackslab pkgs rpm packages repository +# ansible.builtin.yum_repository: +# name: "Rackslab-pkgs-{{ item }}" +# description: "Rackslab pkgs {{ item }} repository" +# file: rackslab-devs +# baseurl: "https://pkgs.rackslab.io/rpm/el$releasever/{{ item }}/$basearch/" +# gpgcheck: yes +# gpgkey: https://pkgs.rackslab.io/keyring.asc +# priority: "{{ common_pkgs_priorities[item] | default(99) }}" +# when: common_with_pkgs_repos +# loop: "{{ common_pkgs_derivatives }}" + +# # Add Rackslab development RPM packages repositories +# - name: Add Rackslab development rpm packages repository +# ansible.builtin.yum_repository: +# name: "Rackslab-devs-{{ item }}" +# description: "Rackslab development {{ item }} repository" +# file: rackslab-devs +# baseurl: "https://build.rackslab.io/devs/rpm/el$releasever/{{ item }}/$basearch/" +# gpgcheck: yes +# gpgkey: https://build.rackslab.io/devs/keyring.asc +# priority: "{{ common_devs_priorities[item] | default(99) }}" +# when: common_with_devs_repos +# loop: "{{ common_devs_derivatives }}" diff --git a/conf/roles/common/tasks/os/suse.yml b/conf/roles/common/tasks/os/suse.yml new file mode 100644 index 0000000..f34cfdd --- /dev/null +++ b/conf/roles/common/tasks/os/suse.yml @@ -0,0 +1,8 @@ +--- +- name: Define system locale + ansible.builtin.command: + argv: + - /usr/bin/localectl + - set-locale + - LANG=en_US.UTF-8 + creates: /etc/locale.conf diff --git a/conf/roles/common/vars/os/suse.yml b/conf/roles/common/vars/os/suse.yml new file mode 100644 index 0000000..e506418 --- /dev/null +++ b/conf/roles/common/vars/os/suse.yml @@ -0,0 +1,12 @@ +--- +common_packages: + - neovim + - file + - htop + - rsync + - man + - bash-completion + - socat + - openssh-clients +common_ca_system_dir: /var/lib/ca-certificates/openssl +common_ca_update_cmd: update-ca-certificates diff --git a/conf/roles/ldap/tasks/main.yml b/conf/roles/ldap/tasks/main.yml index 0f85c29..7acda3e 100644 --- a/conf/roles/ldap/tasks/main.yml +++ b/conf/roles/ldap/tasks/main.yml @@ -3,9 +3,8 @@ ansible.builtin.include_vars: file: "os/{{ ansible_facts.os_family | lower }}.yml" -- name: Gather the package facts - ansible.builtin.package_facts: {} - +# misses python3-rpm library on openSUSE +# https://ipv6.rs/tutorial/OpenSUSE_Latest/OpenLDAP/ - name: Include OS specific pre-installation tasks ansible.builtin.include_tasks: "os/{{ ansible_facts.os_family | lower }}.yml" vars: @@ -66,7 +65,7 @@ olcTLSCertificateFile: "{{ ldap_tls_cert_file }}" olcTLSCertificateKeyFile: "{{ ldap_tls_key_file }}" state: exact - when: ldap_server_package not in ansible_facts.packages + when: ldap_packages_installation is changed - name: Generate bootstrap LDIF ansible.builtin.template: diff --git a/conf/roles/ldap/tasks/os/debian.yml b/conf/roles/ldap/tasks/os/debian.yml index 9ce2f95..e6be412 100644 --- a/conf/roles/ldap/tasks/os/debian.yml +++ b/conf/roles/ldap/tasks/os/debian.yml @@ -22,7 +22,7 @@ # not installed yet. It is pointless to define these debconf parameters if # LDAP server package is already installed. - ldap_phase == 'pre_install' - - ldap_server_package not in ansible_facts.packages + - ldap_packages_installation is changed - name: Debian specific post-installation tasks block: diff --git a/conf/roles/ldap/tasks/os/redhat.yml b/conf/roles/ldap/tasks/os/redhat.yml index 67df22a..d686451 100644 --- a/conf/roles/ldap/tasks/os/redhat.yml +++ b/conf/roles/ldap/tasks/os/redhat.yml @@ -60,4 +60,4 @@ # LDAP directory after it initial installation. Errors would be generated if # these tasks are run a second time on installed LDAP directory. - ldap_phase == 'post_install' - - ldap_server_package not in ansible_facts.packages + - ldap_packages_installation is changed diff --git a/conf/roles/ldap/tasks/os/suse.yml b/conf/roles/ldap/tasks/os/suse.yml new file mode 100644 index 0000000..2a615e6 --- /dev/null +++ b/conf/roles/ldap/tasks/os/suse.yml @@ -0,0 +1,65 @@ +--- +- name: Suse specific post-installation tasks + block: + + + - name: Fill LDAP schema with essential objects + ansible.builtin.command: + cmd: "/usr/bin/ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/{{ item }}.ldif" + loop: + - cosine + - nis + - inetorgperson + + - name: Generate LDAP administration password hash + ansible.builtin.command: + cmd: "/usr/sbin/slappasswd -s {{ ldap_admin_password }}" + register: ldap_admin_password_hash_cmd + + - name: Setup admin user password + community.general.ldap_attrs: + dn: olcDatabase={0}config,cn=config + attributes: + olcRootPW: "{{ ldap_admin_password_hash_cmd.stdout }}" + state: exact + + - name: Configure monitor account and ACL + community.general.ldap_attrs: + dn: olcDatabase={1}monitor,cn=config + attributes: + olcAccess: + - >- + to * + by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" read + by dn.base="cn=Manager,{{ ldap_base }}" read + by * none + ordered: true + state: exact + + - name: Configure domain, root DN and ACL + community.general.ldap_attrs: + dn: olcDatabase={2}mdb,cn=config + attributes: + olcSuffix: "{{ ldap_base }}" + olcRootDN: "cn=Manager,{{ ldap_base }}" + olcRootPW: "{{ ldap_admin_password_hash_cmd.stdout }}" + olcAccess: + - >- + to attrs=userPassword,shadowLastChange + by dn="cn=Manager,{{ ldap_base }}" write + by anonymous auth + by self write + by * none + - >- + to * + by dn="cn=Manager,{{ ldap_base }}" write + by * read + ordered: true + state: exact + when: + # Run this block of tasks in post-install phase only if ldap server package + # was not installed initially. These tasks must only run once to bootstrap + # LDAP directory after it initial installation. Errors would be generated if + # these tasks are run a second time on installed LDAP directory. + - ldap_phase == 'post_install' + - ldap_packages_installation is changed diff --git a/conf/roles/ldap/vars/os/suse.yml b/conf/roles/ldap/vars/os/suse.yml new file mode 100644 index 0000000..d470135 --- /dev/null +++ b/conf/roles/ldap/vars/os/suse.yml @@ -0,0 +1,7 @@ +--- +ldap_server_package: openldap2 +ldap_extra_packages: +- openldap2-client +- python3-ldap +ldap_system_user: ldap +ldap_system_group: ldap diff --git a/conf/roles/ssh/vars/os/suse.yml b/conf/roles/ssh/vars/os/suse.yml new file mode 100644 index 0000000..164876b --- /dev/null +++ b/conf/roles/ssh/vars/os/suse.yml @@ -0,0 +1,2 @@ +--- +ssh_service: sshd diff --git a/etc/os/db.yml b/etc/os/db.yml index d4ed1ad..bdfda00 100644 --- a/etc/os/db.yml +++ b/etc/os/db.yml @@ -17,3 +17,9 @@ rocky8: rocky9: url: https://hpck.it/osi/firehpc/main/node-rocky9_1.raw.xz environment: ansible-latest +opensuse15: + url: https://hpck.it/osi/firehpc/main/node-opensuse15_1.raw.xz + environment: ansible-2.16 +opensuse16: + url: https://hpck.it/osi/firehpc/main/node-opensuse16_1.raw.xz + environment: ansible-latest