Fix Confluent deployment

Author: dhilst

include/cloysterhpc/models/cluster.h

@@ -52,7 +52,7 @@ class Cluster {
      * @enum Provisioner
      * @brief Enumeration for cluster provisioners.
      */
-    enum class Provisioner { xCAT };
+    enum class Provisioner { xCAT, Confluent };
 
 private:
     std::string m_name;

include/cloysterhpc/services/runner.h

@@ -32,7 +32,10 @@ namespace unsafe {
         if (!opts->dryRun) {
             LOG_DEBUG("Running shell command: {}", command);
             boost::process::ipstream pipe_stream;
-            boost::process::child child("/bin/bash", "-xc", command,
+            // -x for debug
+            // -l for loading /etc/profile.d/* files
+            // -e for stopping in the first error, use (|| :) to ignore
+            boost::process::child child("/bin/bash", "-xelc", command,
                 boost::process::std_out > pipe_stream);
 
             std::string line;
@@ -59,7 +62,10 @@ namespace unsafe {
         if (!opts->dryRun) {
             LOG_DEBUG("Running shell command: {}", command);
             boost::process::ipstream pipe_stream;
-            boost::process::child child("/bin/bash", "-xc", command,
+            // -x for debug
+            // -l for loading /etc/profile.d/* files
+            // -e for stopping in the first error, use (|| :) to ignore
+            boost::process::child child("/bin/bash", "-xelc", command,
                 boost::process::std_out > pipe_stream);
 
             std::string line;

src/models/answerfile.cpp

@@ -3,8 +3,6 @@
  * SPDX-License-Identifier: Apache-2.0
  */
 
-// TODO: CFL Retrieve the provisioner (xcat | confluent (default: confluent) from the answerfile
-
 #include <cstddef>
 #include <fmt/core.h>
 #include <iterator>

src/models/cluster.cpp

@@ -766,7 +766,14 @@ void Cluster::fillData(const AnswerFile& answerfil)
 
 
     // TODO: CFL Retrieve the provisioner from the answerfile
-    setProvisioner(Provisioner::xCAT);
+    const auto provisioner = utils::string::lower(answerfil.system.provisioner);
+    if (provisioner == "xcat") {
+        setProvisioner(Provisioner::xCAT);
+    } else if (provisioner == "confluent") {
+        setProvisioner(Provisioner::Confluent);
+    } else {
+        cloyster::functions::abort("Invalid provisioner {}", provisioner);
+    }
 
     // FIXME: This should come from /etc/os-release
     m_headnode.setOS(nodeOS);

src/models/slurm.cpp

@@ -19,7 +19,7 @@ SLURM::SLURM(const Cluster& cluster)
 
 void SLURM::installServer()
 {
-    cloyster::Singleton<cloyster::services::IOSService>::get()->install(
+    cloyster::Singleton<const cloyster::services::IOSService>::get()->install(
         "ohpc-slurm-server");
 }
 
@@ -55,14 +55,14 @@ void SLURM::configureServer()
 
 void SLURM::enableServer()
 {
-    auto osservice = cloyster::Singleton<services::IOSService>::get();
+    auto osservice = cloyster::Singleton<const services::IOSService>::get();
     osservice->enableService("munge");
     osservice->enableService("slurmctld");
 }
 
 void SLURM::startServer()
 {
-    auto osservice = cloyster::Singleton<services::IOSService>::get();
+    auto osservice = cloyster::Singleton<const services::IOSService>::get();
     osservice->startService("munge");
     osservice->startService("slurmctld");
 }

src/network.cpp

@@ -368,9 +368,6 @@ std::string Network::fetchDomainName()
     return ret;
 }
 
-/* TODO: Check return type
- *  - We can't return const (don't know exactly why)
- */
 std::vector<address> Network::getNameservers() const
 {
     std::vector<address> returnVector;

src/services/ansible/roles/network.cpp

@@ -42,18 +42,45 @@ void disableNetworkManagerDNSOverride()
 
 void configureNetworks(const std::list<Connection>& connections)
 {
-    LOG_INFO("Setting up networks 2")
-
     osservice()->enableService("NetworkManager");
+    disableNetworkManagerDNSOverride();
+    const auto shouldDisableIPV6 = []() -> bool {
+        switch (cluster()->getProvisioner()) {
+            case cloyster::models::Cluster::Provisioner::xCAT:
+                return true;
+            case cloyster::models::Cluster::Provisioner::Confluent:
+                return false;
+            default:
+                // Unreachable
+                cloyster::functions::abort("BUG: Invalid provisioner in network setup");
+        }
+    }();
 
     for (const auto& connection : std::as_const(connections)) {
-        LOG_INFO("Setting up networks ->> {}", connection.getNetwork()->getProfile())
         /* For now, we just skip the external network to avoid disconnects */
         if (connection.getNetwork()->getProfile() == Network::Profile::External) {
             continue;
         }
 
-        LOG_INFO("Setting up networks {}", connection.getNetwork()->getProfile())
+        // These validations are sanity checks to improve error messages and
+        // keep code future proof. The real validation should happen at
+        // cluster.fillData method
+        cloyster::functions::abortif(
+            connection.getNetwork()->getProfile() == Network::Profile::Management
+                && connection.getNetwork()->getGateway().is_unspecified(),
+            "Management network requires a gateway, please define a gateway in "
+            "network_management section of the answerfile: {}",
+            answerfile()->path());
+
+        if (connection.getNetwork()->getProfile() != Network::Profile::Management &&
+            !connection.getNetwork()->getGateway().is_unspecified()) {
+            LOG_WARN("Ignoring gateway in {} network {}, only Management network should specify a gateway",
+                connection.getNetwork()->getGateway().to_string(),
+                connection.getNetwork()->getProfile());
+        }
+
+        const auto shouldUseGateway = connection.getNetwork()->getProfile()
+            == Network::Profile::Management;
 
 #ifndef NDEBUG
         if (!connection.getInterface().has_value()) {
@@ -65,72 +92,62 @@ void configureNetworks(const std::list<Connection>& connections)
 
         std::vector<address> nameservers
             = connection.getNetwork()->getNameservers();
-        LOG_INFO("Setting up networks {}", connection.getNetwork()->getProfile())
         std::vector<std::string> formattedNameservers;
-        LOG_INFO("Setting up networks {}", connection.getNetwork()->getProfile())
         formattedNameservers.reserve(nameservers.size());
         for (const auto & nameserver : nameservers) {
             formattedNameservers.emplace_back(nameserver.to_string());
         }
 
         LOG_INFO("Setting up networks {}", connection.getNetwork()->getProfile())
-        auto opts = options();
         auto connectionName
             = cloyster::utils::enums::toString(connection.getNetwork()->getProfile());
-        if (!opts->dryRun
-
-            && runner()->executeCommand(
-                   fmt::format("nmcli connection show {}", connectionName))
-                == 0) {
-            LOG_WARN("Connection exists {}, skipping", connectionName);
-            continue;
-        }
-
-        LOG_INFO("Setting up networks {}", connection.getNetwork()->getProfile())
-
         deleteConnectionIfExists(connectionName);
+
         ::runner()->executeCommand(
             fmt::format("nmcli device set {} managed yes", interface));
         ::runner()->executeCommand(
             fmt::format("nmcli device set {} autoconnect yes", interface));
+        ::runner()->executeCommand(
+            fmt::format("nmcli connection delete {}", connection.getNetwork()->getProfile()));
+
+        // example
+        // nmcli connection delete Management; nmcli connection add con-name Management ifname enp2s2 type Ethernet mtu 1500 ipv4.method manual ipv4.address 192.168.30.254/24 ipv4.dns "192.168.122.1"; nmcli device connect enp2s2
         ::runner()->executeCommand(fmt::format(
-            "nmcli connection add con-name {} ifname {} type {} "
-            "mtu {} ipv4.method manual ipv4.address {}/{} "
-            "ipv4.dns \"{}\" "
-            // "ipv4.gateway {} ipv4.dns \"{}\" "
-            // @TODO: CFL only do this if we're using xCAT as provisioner
-            // @FIXME: This will break Confluent, is it required by xCAT?
-            "ipv4.dns-search {} ipv6.method disabled",
-            cloyster::utils::enums::toString(
-                connection.getNetwork()->getProfile()),
-            interface,
-            cloyster::utils::enums::toString(
-                connection.getNetwork()->getType()),
-            connection.getMTU(), connection.getAddress().to_string(),
-            connection.getNetwork()->cidr.at(
-                connection.getNetwork()->getSubnetMask().to_string()),
-            // connection.getNetwork()->getGateway().to_string(),
-            fmt::join(formattedNameservers, " "),
-            connection.getNetwork()->getDomainName()));
+            "nmcli connection add con-name {connName} ifname {ifname} type {type} "
+            "mtu {mtu} ipv4.method manual ipv4.address {ip}/{cidr} "
+            "ipv4.dns \"{dns}\" "
+            // When I setup the gateway I lost the connection to the VM, so I'm commeting
+            // it out for now
+            // "{gw} "
+            // "ipv4.dns-search {dnsSearch} "
+            "{ipv6}",
+            fmt::arg("connName", cloyster::utils::enums::toString(connection.getNetwork()->getProfile())),
+            fmt::arg("ifname", interface),
+            fmt::arg("type", cloyster::utils::enums::toString(connection.getNetwork()->getType())),
+            fmt::arg("mtu", connection.getMTU()),
+            fmt::arg("ip", connection.getAddress().to_string()),
+            fmt::arg("cidr", connection.getNetwork()->cidr.at(connection.getNetwork()->getSubnetMask().to_string())),
+            fmt::arg("dns", fmt::join(formattedNameservers, " ")),
+            // fmt::arg("gw", shouldUseGateway
+            //      ? fmt::format("ipv4.gateway {}", connection.getNetwork()->getGateway().to_string()) 
+            //      : ""),
+            // fmt::arg("dnsSearch", connection.getNetwork()->getDomainName()),
+            fmt::arg("ipv6", shouldDisableIPV6 ? "ipv6.method disabled" : "")
+       ));
 
 
-        LOG_INFO("Setting up networks {}", connection.getNetwork()->getProfile())
         /* Give network manage some time to settle thing up
          * Avoids: Error: Connection activation failed: IP configuration could
          * not be reserved (no available address, timeout, etc.).
          */
         std::this_thread::sleep_for(std::chrono::milliseconds(200));
 
-        LOG_INFO("Setting up networks {}", connection.getNetwork()->getProfile())
-
         // Breaking my ssh connection during development
         runner()->executeCommand(
             fmt::format("nmcli device connect {}", interface));
 
-        LOG_INFO("Setting up networks {} returning", connection.getNetwork()->getProfile())
     }
 
-    disableNetworkManagerDNSOverride();
 
 }
 

src/services/confluent.cpp

@@ -30,8 +30,7 @@ nodeattrib {nodeName} net.ipv4_address={nodeIp}/{nodeCIDR}
     );
 
     if (const auto& macOpt = node.getConnection(Network::Profile::Management).getMAC(); macOpt) {
-        services::runner::shell::fmt(
-            "nodeattrib {nodeName} net.hwaddr={nodeMac}",
+        services::runner::shell::fmt("nodeattrib {nodeName} net.hwaddr={nodeMac}",
             fmt::arg("nodeName", node.getHostname()),
             fmt::arg("nodeMac", macOpt.value())
         );
@@ -64,13 +63,13 @@ void Confluent::install() {
     // NOTE: WIP - GENERALIZE THIS 
     runner::shell::fmt(R"d(
 # Add the Confluent repository
-rpm -ivh https://hpc.lenovo.com/yum/latest/el{releasever}/{arch}/lenovo-hpc-yum-1-1.{arch}.rpm
+rpm -ivh https://hpc.lenovo.com/yum/latest/el{releasever}/{arch}/lenovo-hpc-yum-1-1.{arch}.rpm || :
 
 # Install required packages
 # Technically only `lenovo-confluent` is requqired, however: 
 # 1. If we are dealing with legacy systems we may need `tftp-server` also
 # 2. If we want DNS resolution, which we may want, also add `dnsmasq`.
-dnf install -y lenovo-confluent tftp-server dnsmasq
+dnf install -y lenovo-confluent tftp-server dnsmasq || :
 systemctl enable confluent --now
 systemctl enable httpd --now 
 systemctl enable tftp.socket --now
@@ -100,7 +99,9 @@ nodegroupattrib everything \
 # nodegroupattrib everything -p bmcuser bmcpass crypted.rootpassword crypted.grubpassword
 
 # Generate a keypair for internal cluster usage
-test -f ~/.ssh/id_ed25519 || ssh-keygen -t ed25519 -N ""
+# This command may issue prompts, the <<< n is to not replace
+# the old ssh key
+ssh-keygen -f ~/.ssh/id_ed25519 -t ed25519 -N "" <<< n
 
 # Configure the osdeploy parameters; it's an interactive interface, so we must find a way to automate this step
 osdeploy initialize -u -s -k -l -p -a -t -g
@@ -123,12 +124,12 @@ imgutil pack /tmp/scratchdir/ {image}-diskless
 osdeploy list
 
 # Remove the leftover files from the chroot
-rm -rf /tmp/scratchdir
+rm -rf /tmp/scratchdir || :
 
 
 )d",
 
-                       fmt::arg("domain", cluster()->getHeadnode().getConnection(Network::Profile::Management).getFQDN()),
+                       fmt::arg("domain", cluster()->getDomainName()),
                        fmt::arg("releasever", os().getMajorVersion()),
                        fmt::arg("hnIp", cluster()->getHeadnode().getConnection(Network::Profile::Management).getAddress().to_string()),
                        fmt::arg("arch", cloyster::utils::enums::toString(os().getArch())),

src/services/init.cpp

@@ -13,6 +13,14 @@ namespace cloyster::services {
 using namespace cloyster;
 using namespace cloyster::services;
 
+// WARNING: If you change the type T in Singleton<T>::init(...) (to const T for
+// instance) all the Singleton<T>::get need to be changed, otherwise you get
+// "Singleton read before initialization error" at runtime. While there are
+// getters to handle this in cloyster/utils/singletons in a uniform way and for
+// most cases, these getters depends on headers (that introduce the type
+// T in question), so files including the same header cannot use these getters
+// (or we have recursive header inclusion error).
+
 // Singletons that depends only in the options, the cluster model
 // depends on these
 void initializeSingletonsOptions(std::unique_ptr<const Options>&& opts)