feat: add support of openSUSE Leap 15 and 16

CHANGELOG.md

@@ -14,6 +14,7 @@ and this project adheres to
   - Support GPU gres without model in Slurm configuration.
   - Add SSL/TLS certificate for Slurm-web with internal CA.
   - Support serving Slurm-web gateway in HTTP server subfolder.
+- Add support of opensuse15 and opensuse16
 - cli: Add `deploy --update-os-image` option to force download of base OS image
   when already present on host.
 - lib: Add `deploy --update-os-image` option in bash-completion.

conf/roles/common/tasks/os/suse-post.yml

@@ -0,0 +1,2 @@
+---
+# Nothing special here.

conf/roles/common/tasks/os/suse-rackslab-repos.yml

@@ -0,0 +1,38 @@
+---
+# # Add hpck.it RPM packages repositories
+# - name: Add HPCk.it rpm packages repository
+#   ansible.builtin.yum_repository:
+#     name: "hpck.it-{{ item }}"
+#     description: "HPCk.it {{ item }} derivative repository"
+#     file: hpckit
+#     baseurl: "https://hpck.it/rpm/el$releasever/{{ item }}/$basearch/"
+#     gpgcheck: yes
+#     gpgkey: https://hpck.it/keyring.asc
+#     priority: "{{ common_hpckit_priorities[item] | default(99) }}"
+#   loop: "{{ common_hpckit_derivatives }}"
+
+# # Add Rackslab pkgs RPM packages repositories
+# - name: Add Rackslab pkgs rpm packages repository
+#   ansible.builtin.yum_repository:
+#     name: "Rackslab-pkgs-{{ item }}"
+#     description: "Rackslab pkgs {{ item }} repository"
+#     file: rackslab-devs
+#     baseurl: "https://pkgs.rackslab.io/rpm/el$releasever/{{ item }}/$basearch/"
+#     gpgcheck: yes
+#     gpgkey: https://pkgs.rackslab.io/keyring.asc
+#     priority: "{{ common_pkgs_priorities[item] | default(99) }}"
+#   when: common_with_pkgs_repos
+#   loop: "{{ common_pkgs_derivatives }}"
+
+# # Add Rackslab development RPM packages repositories
+# - name: Add Rackslab development rpm packages repository
+#   ansible.builtin.yum_repository:
+#     name: "Rackslab-devs-{{ item }}"
+#     description: "Rackslab development {{ item }} repository"
+#     file: rackslab-devs
+#     baseurl: "https://build.rackslab.io/devs/rpm/el$releasever/{{ item }}/$basearch/"
+#     gpgcheck: yes
+#     gpgkey: https://build.rackslab.io/devs/keyring.asc
+#     priority: "{{ common_devs_priorities[item] | default(99) }}"
+#   when: common_with_devs_repos
+#   loop: "{{ common_devs_derivatives }}"

conf/roles/common/tasks/os/suse.yml

@@ -0,0 +1,8 @@
+---
+- name: Define system locale
+  ansible.builtin.command:
+    argv:
+      - /usr/bin/localectl
+      - set-locale
+      - LANG=en_US.UTF-8
+    creates: /etc/locale.conf

conf/roles/common/vars/os/suse.yml

@@ -0,0 +1,12 @@
+---
+common_packages:
+  - neovim
+  - file
+  - htop
+  - rsync
+  - man
+  - bash-completion
+  - socat
+  - openssh-clients
+common_ca_system_dir: /var/lib/ca-certificates/openssl
+common_ca_update_cmd: update-ca-certificates

conf/roles/ldap/tasks/main.yml

@@ -3,9 +3,8 @@
   ansible.builtin.include_vars:
     file: "os/{{ ansible_facts.os_family | lower }}.yml"
 
-- name: Gather the package facts
-  ansible.builtin.package_facts: {}
-
+# misses python3-rpm library on openSUSE
+# https://ipv6.rs/tutorial/OpenSUSE_Latest/OpenLDAP/
 - name: Include OS specific pre-installation tasks
   ansible.builtin.include_tasks: "os/{{ ansible_facts.os_family | lower }}.yml"
   vars:
@@ -66,7 +65,7 @@
       olcTLSCertificateFile: "{{ ldap_tls_cert_file }}"
       olcTLSCertificateKeyFile: "{{ ldap_tls_key_file }}"
     state: exact
-  when: ldap_server_package not in ansible_facts.packages
+  when: ldap_packages_installation is changed
 
 - name: Generate bootstrap LDIF
   ansible.builtin.template:

conf/roles/ldap/tasks/os/debian.yml

@@ -22,7 +22,7 @@
   # not installed yet. It is pointless to define these debconf parameters if
   # LDAP server package is already installed.
   - ldap_phase == 'pre_install'
-  - ldap_server_package not in ansible_facts.packages
+  - ldap_packages_installation is changed
 
 - name: Debian specific post-installation tasks
   block:

conf/roles/ldap/tasks/os/redhat.yml

@@ -60,4 +60,4 @@
   # LDAP directory after it initial installation. Errors would be generated if
   # these tasks are run a second time on installed LDAP directory.
   - ldap_phase == 'post_install'
-  - ldap_server_package not in ansible_facts.packages
+  - ldap_packages_installation is changed

conf/roles/ldap/tasks/os/suse.yml

@@ -0,0 +1,65 @@
+---
+- name: Suse specific post-installation tasks
+  block:
+
+
+  - name: Fill LDAP schema with essential objects
+    ansible.builtin.command:
+      cmd: "/usr/bin/ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/{{ item }}.ldif"
+    loop:
+    - cosine
+    - nis
+    - inetorgperson
+
+  - name: Generate LDAP administration password hash
+    ansible.builtin.command:
+      cmd: "/usr/sbin/slappasswd -s {{ ldap_admin_password }}"
+    register: ldap_admin_password_hash_cmd
+
+  - name: Setup admin user password
+    community.general.ldap_attrs:
+      dn: olcDatabase={0}config,cn=config
+      attributes:
+        olcRootPW: "{{ ldap_admin_password_hash_cmd.stdout }}"
+      state: exact
+
+  - name: Configure monitor account and ACL
+    community.general.ldap_attrs:
+      dn: olcDatabase={1}monitor,cn=config
+      attributes:
+        olcAccess:
+            - >-
+              to *
+              by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" read
+              by dn.base="cn=Manager,{{ ldap_base }}" read
+              by * none
+      ordered: true
+      state: exact
+
+  - name: Configure domain, root DN and ACL
+    community.general.ldap_attrs:
+      dn: olcDatabase={2}mdb,cn=config
+      attributes:
+        olcSuffix: "{{ ldap_base }}"
+        olcRootDN: "cn=Manager,{{ ldap_base }}"
+        olcRootPW: "{{ ldap_admin_password_hash_cmd.stdout }}"
+        olcAccess:
+            - >-
+              to attrs=userPassword,shadowLastChange
+              by dn="cn=Manager,{{ ldap_base }}" write
+              by anonymous auth
+              by self write
+              by * none
+            - >-
+              to *
+              by dn="cn=Manager,{{ ldap_base }}" write
+              by * read
+      ordered: true
+      state: exact
+  when:
+  # Run this block of tasks in post-install phase only if ldap server package
+  # was not installed initially. These tasks must only run once to bootstrap
+  # LDAP directory after it initial installation. Errors would be generated if
+  # these tasks are run a second time on installed LDAP directory.
+  - ldap_phase == 'post_install'
+  - ldap_packages_installation is changed

conf/roles/ldap/vars/os/suse.yml

@@ -0,0 +1,7 @@
+---
+ldap_server_package: openldap2
+ldap_extra_packages:
+- openldap2-client
+- python3-ldap
+ldap_system_user: ldap
+ldap_system_group: ldap

conf/roles/ssh/vars/os/suse.yml

@@ -0,0 +1,2 @@
+---
+ssh_service: sshd

etc/os/db.yml

@@ -17,3 +17,9 @@ rocky8:
 rocky9:
   url: https://hpck.it/osi/firehpc/main/node-rocky9_1.raw.xz
   environment: ansible-latest
+opensuse15:
+  url: https://hpck.it/osi/firehpc/main/node-opensuse15_1.raw.xz
+  environment: ansible-2.16
+opensuse16:
+  url: https://hpck.it/osi/firehpc/main/node-opensuse16_1.raw.xz
+  environment: ansible-latest