aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorEfraim Flashner2020-11-26 17:59:09 +0200
committerEfraim Flashner2020-11-26 17:59:18 +0200
commit16aeca47b1c3b9a6cbede7ab78945bbbf1aebf5e (patch)
tree308b22d7039bd77fda92c3c36eadc7e14f8b5abf
parentd142bda43b7926aa50433a8cfac22b54593904c1 (diff)
downloadguix-bioinformatics-16aeca47b1c3b9a6cbede7ab78945bbbf1aebf5e.tar.gz
octopus: Add munge service, initial octopus OS config
-rw-r--r--gn/deploy/octopus.scm82
-rw-r--r--gn/services/science.scm147
2 files changed, 229 insertions, 0 deletions
diff --git a/gn/deploy/octopus.scm b/gn/deploy/octopus.scm
new file mode 100644
index 0000000..f707462
--- /dev/null
+++ b/gn/deploy/octopus.scm
@@ -0,0 +1,82 @@
+(define-module (gn deploy octopus))
+
+(use-modules (gnu)
+ (gn services science)
+ )
+(use-service-modules ssh web)
+(use-package-modules certs tmux screen vim)
+
+(operating-system
+ (host-name "octopus")
+ (timezone "Etc/UTC")
+ (locale "en_US.utf8")
+
+ (bootloader (bootloader-configuration
+ (bootloader grub-bootloader)
+ (target "/dev/sda")
+ (terminal-outputs '(console serial))))
+ (kernel-arguments '("console=tty1" "console=ttyS0,115200n8"))
+
+ (file-systems
+ (append (list
+ (file-system
+ (device "/dev/sda3")
+ (mount-point "/")
+ (type "ext4")
+ (options "errors=remount-ro"))
+ ;(file-system
+ ; (device "/dev/sdb1")
+ ; (mount-point "/mnt/sdb1")
+ ; (type "xfs")
+ ; (flags '(no-exec no-dev no-atime))
+ ; (options "rw,nodiratime,largeio,inode64")
+ ; (create-mount-point? #t))
+ ;(file-system
+ ; (device "octopus01:/home")
+ ; (mount-point "/home")
+ ; (type "nfs"))
+ )
+ %base-file-systems))
+
+ (swap-devices '("/dev/sda2"))
+ ;; No firmware needed
+ (firmware '())
+
+ (users (cons*
+ (user-account
+ (name "efraimf")
+ (comment "Efraim Flashner")
+ (uid 1000)
+ (group "users")
+ (supplementary-groups '("wheel")))
+ (user-account
+ (name "wrk")
+ (comment "Pjotr Prins")
+ (uid 502)
+ (group "users")
+ (supplementary-groups '("wheel")))
+ %base-user-accounts))
+
+
+ (packages (cons*
+ nss-certs
+ screen
+ tmux
+ vim
+ %base-packages))
+
+ (services
+ (append (list
+ ;; This conflicts with everything when testing in a VM.
+ ;(agetty-service
+ ; (agetty-configuration
+ ; (extra-options '("-L"))
+ ; (baud-rate "115200")
+ ; (term "vt100")
+ ; (tty "ttyS0")))
+
+ (service openssh-service-type)
+
+ (service munge-service-type)
+ )
+ %base-services)))
diff --git a/gn/services/science.scm b/gn/services/science.scm
new file mode 100644
index 0000000..4b34882
--- /dev/null
+++ b/gn/services/science.scm
@@ -0,0 +1,147 @@
+(define-module (gn services science)
+ #:export (munge-configuration
+ munge-configuration?
+ munge-service-type))
+
+(use-modules (gnu)
+ (guix records)
+ (ice-9 match))
+(use-service-modules shepherd)
+(use-package-modules admin parallel)
+
+(define %munge-accounts
+ (list (user-group
+ (name "munge")
+ (id 900)
+ (system? #t))
+ (user-account
+ (name "munge")
+ (group "munge")
+ (uid 900)
+ (system? #t)
+ (comment "Munge User")
+ (home-directory "/var/lib/munge")
+ (shell (file-append shadow "/sbin/nologin")))))
+
+(define %slurm-accounts
+ (list (user-group
+ (name "slurm")
+ (id 901)
+ (system? #t))
+ (user-account
+ (name "slurm")
+ (group "slurm")
+ (uid 901)
+ (system? #t)
+ (comment "Slurm User")
+ (home-directory "/var/lib/slurm"))))
+
+(define-record-type* <munge-configuration>
+ munge-configuration
+ make-munge-configuration
+ munge-configuration?
+ (package munge-configuration-package
+ (default munge))
+ (socket munge-configuration-socket
+ (default "/var/run/munge/munge.socket.2"))
+ (pid-file munge-configuration-pid-file
+ (default "/var/run/munge/munged.pid"))
+ (log-file munge-configuration-log-file
+ (default "/var/log/munge/munged.log"))
+ (key munge-configuration-key
+ (default "/etc/munge/munge.key")))
+
+(define-record-type* <slurm-configuration>
+ slurm-configuration
+ make-slurm-configuration
+ slurm-configuration?
+ (package slurm-configuration-package
+ (default slurm)))
+
+(define (munge-activation config)
+ "Return the activation GEXP for CONFIG for the munge service."
+ (with-imported-modules '((guix build utils))
+ #~(begin
+ (use-modules (guix build utils)
+ (rnrs bytevectors)
+ (rnrs io ports))
+ (define %user (getpw "munge"))
+ (let* ((homedir (passwd:dir %user))
+ (key #$(munge-configuration-key config))
+ (etc-dir (dirname key))
+ (run-dir (dirname #$(munge-configuration-pid-file config)))
+ (log-dir (dirname #$(munge-configuration-log-file config))))
+ (for-each (lambda (dir)
+ (unless (file-exists? dir)
+ (mkdir-p dir))
+ (chown dir (passwd:uid %user) (passwd:gid %user))
+ (chmod dir #o700))
+ (list homedir etc-dir log-dir))
+ (unless (file-exists? key)
+ ;; Borrowed from /dev/urandom in (gnu services base)
+ (call-with-input-file "/dev/urandom"
+ (lambda (urandom)
+ (let ((buf (make-bytevector 1024)))
+ (get-bytevector-n! urandom buf 0 1024)
+ (call-with-output-file key
+ (lambda (seed)
+ (put-bytevector seed buf)))))))
+ (chown key (passwd:uid %user) (passwd:gid %user))
+ (chmod key #o400)
+ (unless (file-exists? run-dir)
+ (mkdir-p run-dir))
+ (chown run-dir (passwd:uid %user) (passwd:gid %user))))))
+
+(define (slurm-activation config)
+ "Return the activation GEXP for CONFIG for the slurm service."
+ (with-imported-modules '((guix build utils))
+ #~(begin
+ (use-modules (guix build utils))
+ (unless (file-exists? "/var/lib/slurm")
+ (mkdir-p "/var/lib/slurm"))
+ (chown "/var/lib/slurm" (passwd:uid "slurm") (passwd:gid "slurm")))))
+
+(define munge-shepherd-service
+ (match-lambda
+ (($ <munge-configuration> package socket pid-file log-file key)
+ (list
+ (shepherd-service
+ (documentation "Munge server")
+ (provision '(munge))
+ (requirement '(loopback user-processes file-systems))
+ (start #~(make-forkexec-constructor
+ (list #$(file-append package "/sbin/munged")
+ "--foreground" ; "--force"
+ (string-append "--socket=" #$socket)
+ (string-append "--key-file=" #$key)
+ (string-append "--pid-file=" #$pid-file)
+ (string-append "--log-file=" #$log-file))
+ #:user "munge"
+ #:group "munge"
+ #:pid-file #$pid-file
+ #:log-file #$log-file))
+ (stop #~(lambda _
+ (not (and
+ (list #$(file-append package "/sbin/munged")
+ (string-append "--socket=" #$socket)
+ "--stop")
+ ;; This seems to not be removed by default.
+ (delete-file (string-append #$socket ".lock"))))))
+ (auto-start? #t))))))
+
+(define munge-service-type
+ (service-type
+ (name 'munge)
+ (extensions
+ (list
+ (service-extension shepherd-root-service-type
+ munge-shepherd-service)
+ (service-extension activation-service-type
+ munge-activation)
+ (service-extension account-service-type
+ (const %munge-accounts))
+ (service-extension profile-service-type
+ (compose list munge-configuration-package))))
+ (default-value (munge-configuration))
+ (description
+ "Run a munge service.")))