Merge pull request #15 from stackhpc/ood

Added Open OnDemand
stackhpc · Aug 15, 2023 · 8c4407c · 8c4407c
2 parents 1c8f39a + 1a4a3e4
commit 8c4407c
Show file tree

Hide file tree

Showing 13 changed files with 742 additions and 4 deletions.
diff --git a/README.md b/README.md
@@ -44,6 +44,8 @@ On initial deployment ONLY, run
 ```
 This generates a set of secrets. If these need to be regenerated, see "Reconfiguring the Cluster"
 
+Be sure to take note of the Open Ondemand credentials, you will need them to access the cluster through a browser
+
 ### Connecting RWX Volume
 
 A ReadWriteMany (RWX) volume is required, if a named volume exists, set `nfs.claimName` in the `values.yaml` file to its name. If not, manifests to deploy a Rook NFS volume are provided in the `/nfs` directory. You can deploy this by running

diff --git a/generate-secrets.sh b/generate-secrets.sh
@@ -10,4 +10,26 @@ kubectl create secret generic munge-key-secret \
 --dry-run=client \
 --from-literal=munge.key=$(dd if=/dev/urandom bs=1 count=1024 2>/dev/null | base64 -w 0) \
 -o yaml | \
-kubectl apply -f -
+kubectl apply -f -
+
+mkdir -p ./temphostkeys/etc/ssh
+ssh-keygen -A -f ./temphostkeys
+kubectl create secret generic host-keys-secret \
+--dry-run=client \
+--from-file=./temphostkeys/etc/ssh \
+-o yaml | \
+kubectl apply -f -
+rm -rf ./temphostkeys
+
+OOD_PASS=$(tr -dc 'A-Za-z0-9' </dev/urandom | head -c 16)
+
+kubectl create secret generic htdbm-secret \
+--dry-run=client \
+--from-literal=password=$OOD_PASS \
+-o yaml | \
+kubectl apply -f -
+
+echo "Open Ondemand Credentials:"
+echo "Username: rocky"
+echo "Password: $OOD_PASS"
+OOD_PASS=""
diff --git a/image/Dockerfile b/image/Dockerfile
@@ -15,6 +15,9 @@ RUN set -ex \
     && yum -y install dnf-plugins-core epel-release \
     && yum -y install dnf-plugins-core \
     && yum config-manager --set-enabled powertools \
+    && yum -y module enable ruby:2.7 nodejs:14 \
+    && yum -y install https://yum.osc.edu/ondemand/2.0/ondemand-release-web-2.0-1.noarch.rpm \
+    && yum -y module install ruby nodejs \
     && yum -y install \
        wget \
        bzip2 \
@@ -42,6 +45,7 @@ RUN set -ex \
        hwloc-devel \
        openssh-server \
        apptainer \
+       ondemand \
     && yum clean all \
     && rm -rf /var/cache/yum
 

diff --git a/image/docker-entrypoint.sh b/image/docker-entrypoint.sh
@@ -86,6 +86,8 @@ then
     chown root:root /home
     chmod 755 /home
 
+    echo "---> Setting up ssh for user"
+
     mkdir -p /home/rocky/.ssh
     cp /tmp/authorized_keys /home/rocky/.ssh/authorized_keys
 
@@ -99,11 +101,40 @@ then
     done
     popd > /dev/null
 
+    echo "---> Complete"
     echo "---> Starting sshd"
-    ssh-keygen -A
+    cp /tempmounts/etc/ssh/* /etc/ssh/
+    chmod 600 /etc/ssh/ssh_host_dsa_key
+    chmod 600 /etc/ssh/ssh_host_ecdsa_key
+    chmod 600 /etc/ssh/ssh_host_ed25519_key
+    chmod 600 /etc/ssh/ssh_host_rsa_key
     /usr/sbin/sshd
 
-    start_munge --foreground
+    start_munge
+
+    echo "---> Setting up self ssh capabilities for OOD"
+
+    if [ -f /home/rocky/.ssh/id_rsa.pub ]; then
+        echo "ssh keys already found"
+    else
+            ssh-keygen -t rsa -f /home/rocky/.ssh/id_rsa -N ""
+    fi
+
+    ssh-keyscan localhost > /etc/ssh/ssh_known_hosts
+    echo "" >> /home/rocky/.ssh/authorized_keys #Adding newline to avoid breaking authorized_keys file
+    cat /home/rocky/.ssh/id_rsa.pub >> /home/rocky/.ssh/authorized_keys
+
+    echo "---> Starting Apache Server"
+
+    # mkdir --parents /etc/ood/config/apps/shell
+    # env > /etc/ood/config/apps/shell/env
+
+    /usr/libexec/httpd-ssl-gencerts
+    /opt/ood/ood-portal-generator/sbin/update_ood_portal
+    mkdir --parents /opt/rh/httpd24/root/etc/httpd/
+
+    /usr/bin/htdbm -cb /opt/rh/httpd24/root/etc/httpd/.htpasswd.dbm rocky $ROCKY_OOD_PASS
+    /usr/sbin/httpd -k start -X -e debug
 
 elif [ "$1" = "check-queue-hook" ]
 then