diff options
| author | Efraim Flashner | 2020-11-26 17:59:09 +0200 |
|---|---|---|
| committer | Efraim Flashner | 2020-11-26 17:59:18 +0200 |
| commit | 16aeca47b1c3b9a6cbede7ab78945bbbf1aebf5e (patch) | |
| tree | 308b22d7039bd77fda92c3c36eadc7e14f8b5abf | |
| parent | d142bda43b7926aa50433a8cfac22b54593904c1 (diff) | |
| download | guix-bioinformatics-16aeca47b1c3b9a6cbede7ab78945bbbf1aebf5e.tar.gz | |
octopus: Add munge service, initial octopus OS config
| -rw-r--r-- | gn/deploy/octopus.scm | 82 | ||||
| -rw-r--r-- | gn/services/science.scm | 147 |
2 files changed, 229 insertions, 0 deletions
diff --git a/gn/deploy/octopus.scm b/gn/deploy/octopus.scm new file mode 100644 index 0000000..f707462 --- /dev/null +++ b/gn/deploy/octopus.scm @@ -0,0 +1,82 @@ +(define-module (gn deploy octopus)) + +(use-modules (gnu) + (gn services science) + ) +(use-service-modules ssh web) +(use-package-modules certs tmux screen vim) + +(operating-system + (host-name "octopus") + (timezone "Etc/UTC") + (locale "en_US.utf8") + + (bootloader (bootloader-configuration + (bootloader grub-bootloader) + (target "/dev/sda") + (terminal-outputs '(console serial)))) + (kernel-arguments '("console=tty1" "console=ttyS0,115200n8")) + + (file-systems + (append (list + (file-system + (device "/dev/sda3") + (mount-point "/") + (type "ext4") + (options "errors=remount-ro")) + ;(file-system + ; (device "/dev/sdb1") + ; (mount-point "/mnt/sdb1") + ; (type "xfs") + ; (flags '(no-exec no-dev no-atime)) + ; (options "rw,nodiratime,largeio,inode64") + ; (create-mount-point? #t)) + ;(file-system + ; (device "octopus01:/home") + ; (mount-point "/home") + ; (type "nfs")) + ) + %base-file-systems)) + + (swap-devices '("/dev/sda2")) + ;; No firmware needed + (firmware '()) + + (users (cons* + (user-account + (name "efraimf") + (comment "Efraim Flashner") + (uid 1000) + (group "users") + (supplementary-groups '("wheel"))) + (user-account + (name "wrk") + (comment "Pjotr Prins") + (uid 502) + (group "users") + (supplementary-groups '("wheel"))) + %base-user-accounts)) + + + (packages (cons* + nss-certs + screen + tmux + vim + %base-packages)) + + (services + (append (list + ;; This conflicts with everything when testing in a VM. + ;(agetty-service + ; (agetty-configuration + ; (extra-options '("-L")) + ; (baud-rate "115200") + ; (term "vt100") + ; (tty "ttyS0"))) + + (service openssh-service-type) + + (service munge-service-type) + ) + %base-services))) diff --git a/gn/services/science.scm b/gn/services/science.scm new file mode 100644 index 0000000..4b34882 --- /dev/null +++ b/gn/services/science.scm @@ -0,0 +1,147 @@ +(define-module (gn services science) + #:export (munge-configuration + munge-configuration? + munge-service-type)) + +(use-modules (gnu) + (guix records) + (ice-9 match)) +(use-service-modules shepherd) +(use-package-modules admin parallel) + +(define %munge-accounts + (list (user-group + (name "munge") + (id 900) + (system? #t)) + (user-account + (name "munge") + (group "munge") + (uid 900) + (system? #t) + (comment "Munge User") + (home-directory "/var/lib/munge") + (shell (file-append shadow "/sbin/nologin"))))) + +(define %slurm-accounts + (list (user-group + (name "slurm") + (id 901) + (system? #t)) + (user-account + (name "slurm") + (group "slurm") + (uid 901) + (system? #t) + (comment "Slurm User") + (home-directory "/var/lib/slurm")))) + +(define-record-type* <munge-configuration> + munge-configuration + make-munge-configuration + munge-configuration? + (package munge-configuration-package + (default munge)) + (socket munge-configuration-socket + (default "/var/run/munge/munge.socket.2")) + (pid-file munge-configuration-pid-file + (default "/var/run/munge/munged.pid")) + (log-file munge-configuration-log-file + (default "/var/log/munge/munged.log")) + (key munge-configuration-key + (default "/etc/munge/munge.key"))) + +(define-record-type* <slurm-configuration> + slurm-configuration + make-slurm-configuration + slurm-configuration? + (package slurm-configuration-package + (default slurm))) + +(define (munge-activation config) + "Return the activation GEXP for CONFIG for the munge service." + (with-imported-modules '((guix build utils)) + #~(begin + (use-modules (guix build utils) + (rnrs bytevectors) + (rnrs io ports)) + (define %user (getpw "munge")) + (let* ((homedir (passwd:dir %user)) + (key #$(munge-configuration-key config)) + (etc-dir (dirname key)) + (run-dir (dirname #$(munge-configuration-pid-file config))) + (log-dir (dirname #$(munge-configuration-log-file config)))) + (for-each (lambda (dir) + (unless (file-exists? dir) + (mkdir-p dir)) + (chown dir (passwd:uid %user) (passwd:gid %user)) + (chmod dir #o700)) + (list homedir etc-dir log-dir)) + (unless (file-exists? key) + ;; Borrowed from /dev/urandom in (gnu services base) + (call-with-input-file "/dev/urandom" + (lambda (urandom) + (let ((buf (make-bytevector 1024))) + (get-bytevector-n! urandom buf 0 1024) + (call-with-output-file key + (lambda (seed) + (put-bytevector seed buf))))))) + (chown key (passwd:uid %user) (passwd:gid %user)) + (chmod key #o400) + (unless (file-exists? run-dir) + (mkdir-p run-dir)) + (chown run-dir (passwd:uid %user) (passwd:gid %user)))))) + +(define (slurm-activation config) + "Return the activation GEXP for CONFIG for the slurm service." + (with-imported-modules '((guix build utils)) + #~(begin + (use-modules (guix build utils)) + (unless (file-exists? "/var/lib/slurm") + (mkdir-p "/var/lib/slurm")) + (chown "/var/lib/slurm" (passwd:uid "slurm") (passwd:gid "slurm"))))) + +(define munge-shepherd-service + (match-lambda + (($ <munge-configuration> package socket pid-file log-file key) + (list + (shepherd-service + (documentation "Munge server") + (provision '(munge)) + (requirement '(loopback user-processes file-systems)) + (start #~(make-forkexec-constructor + (list #$(file-append package "/sbin/munged") + "--foreground" ; "--force" + (string-append "--socket=" #$socket) + (string-append "--key-file=" #$key) + (string-append "--pid-file=" #$pid-file) + (string-append "--log-file=" #$log-file)) + #:user "munge" + #:group "munge" + #:pid-file #$pid-file + #:log-file #$log-file)) + (stop #~(lambda _ + (not (and + (list #$(file-append package "/sbin/munged") + (string-append "--socket=" #$socket) + "--stop") + ;; This seems to not be removed by default. + (delete-file (string-append #$socket ".lock")))))) + (auto-start? #t)))))) + +(define munge-service-type + (service-type + (name 'munge) + (extensions + (list + (service-extension shepherd-root-service-type + munge-shepherd-service) + (service-extension activation-service-type + munge-activation) + (service-extension account-service-type + (const %munge-accounts)) + (service-extension profile-service-type + (compose list munge-configuration-package)))) + (default-value (munge-configuration)) + (description + "Run a munge service."))) |