diff options
author | Christian Grothoff <christian@grothoff.org> | 2021-08-29 14:11:21 +0200 |
---|---|---|
committer | Christian Grothoff <christian@grothoff.org> | 2021-08-29 14:11:21 +0200 |
commit | 4234a2882f0812be37721b6b7a58156260d52379 (patch) | |
tree | 9394eba47021a7050c7764b7fed0689d5a15b6fa /grid5000/steps/data/setup/puppet/modules/env/files | |
download | grid5k-4234a2882f0812be37721b6b7a58156260d52379.tar.gz grid5k-4234a2882f0812be37721b6b7a58156260d52379.tar.bz2 grid5k-4234a2882f0812be37721b6b7a58156260d52379.zip |
initial import
Diffstat (limited to 'grid5000/steps/data/setup/puppet/modules/env/files')
76 files changed, 6391 insertions, 0 deletions
diff --git a/grid5000/steps/data/setup/puppet/modules/env/files/base/cpufreq/cpufrequtils b/grid5000/steps/data/setup/puppet/modules/env/files/base/cpufreq/cpufrequtils new file mode 100644 index 0000000..03070fe --- /dev/null +++ b/grid5000/steps/data/setup/puppet/modules/env/files/base/cpufreq/cpufrequtils @@ -0,0 +1 @@ +GOVERNOR="performance" diff --git a/grid5000/steps/data/setup/puppet/modules/env/files/base/ganglia/gmond.conf b/grid5000/steps/data/setup/puppet/modules/env/files/base/ganglia/gmond.conf new file mode 100644 index 0000000..a2f8292 --- /dev/null +++ b/grid5000/steps/data/setup/puppet/modules/env/files/base/ganglia/gmond.conf @@ -0,0 +1,336 @@ +/* This configuration is as close to 2.5.x default behavior as possible + The values closely match ./gmond/metric.h definitions in 2.5.x */ +globals { + daemonize = yes + setuid = yes + user = ganglia + debug_level = 0 + max_udp_msg_len = 1472 + mute = no + deaf = yes + host_dmax = 0 /*secs */ + cleanup_threshold = 300 /*secs */ + gexec = no + send_metadata_interval = 0 +} + +/* If a cluster attribute is specified, then all gmond hosts are wrapped inside + * of a <CLUSTER> tag. If you do not specify a cluster tag, then all <HOSTS> will + * NOT be wrapped inside of a <CLUSTER> tag. */ +cluster { + name = "my_clustername" + owner = "INRIA" + latlong = "unspecified" + url = "unspecified" +} + +/* The host section describes attributes of the host, like the location */ +host { + location = "unspecified" +} + +/* Feel free to specify as many udp_send_channels as you like. Gmond + used to only support having a single channel */ +udp_send_channel { + mcast_join = 239.2.11.71 + port = 8649 + ttl = 1 +} + +/* You can specify as many udp_recv_channels as you like as well. */ +udp_recv_channel { + mcast_join = 239.2.11.71 + port = 8649 + bind = 239.2.11.71 +} + +/* You can specify as many tcp_accept_channels as you like to share + an xml description of the state of the cluster */ +tcp_accept_channel { + port = 8649 +} + +/* Each metrics module that is referenced by gmond must be specified and + loaded. If the module has been statically linked with gmond, it does not + require a load path. However all dynamically loadable modules must include + a load path. */ +modules { + module { + name = "core_metrics" + } + module { + name = "cpu_module" + path = "/usr/lib/ganglia/modcpu.so" + } + module { + name = "disk_module" + path = "/usr/lib/ganglia/moddisk.so" + } + module { + name = "load_module" + path = "/usr/lib/ganglia/modload.so" + } + module { + name = "mem_module" + path = "/usr/lib/ganglia/modmem.so" + } + module { + name = "net_module" + path = "/usr/lib/ganglia/modnet.so" + } + module { + name = "proc_module" + path = "/usr/lib/ganglia/modproc.so" + } + module { + name = "sys_module" + path = "/usr/lib/ganglia/modsys.so" + } +} + +include ('/etc/ganglia/conf.d/*.conf') + + +/* The old internal 2.5.x metric array has been replaced by the following + collection_group directives. What follows is the default behavior for + collecting and sending metrics that is as close to 2.5.x behavior as + possible. */ + +/* This collection group will cause a heartbeat (or beacon) to be sent every + 20 seconds. In the heartbeat is the GMOND_STARTED data which expresses + the age of the running gmond. */ +collection_group { + collect_once = yes + time_threshold = 20 + metric { + name = "heartbeat" + } +} + +/* This collection group will send general info about this host every 1200 secs. + This information doesn't change between reboots and is only collected once. */ +collection_group { + collect_once = yes + time_threshold = 1200 + metric { + name = "cpu_num" + title = "CPU Count" + } + metric { + name = "cpu_speed" + title = "CPU Speed" + } + metric { + name = "mem_total" + title = "Memory Total" + } + /* Should this be here? Swap can be added/removed between reboots. */ + metric { + name = "swap_total" + title = "Swap Space Total" + } + metric { + name = "boottime" + title = "Last Boot Time" + } + metric { + name = "machine_type" + title = "Machine Type" + } + metric { + name = "os_name" + title = "Operating System" + } + metric { + name = "os_release" + title = "Operating System Release" + } + metric { + name = "location" + title = "Location" + } +} + +/* This collection group will send the status of gexecd for this host every 300 secs */ +/* Unlike 2.5.x the default behavior is to report gexecd OFF. */ +collection_group { + collect_once = yes + time_threshold = 300 + metric { + name = "gexec" + title = "Gexec Status" + } +} + +/* This collection group will collect the CPU status info every 20 secs. + The time threshold is set to 90 seconds. In honesty, this time_threshold could be + set significantly higher to reduce unneccessary network chatter. */ +collection_group { + collect_every = 20 + time_threshold = 90 + /* CPU status */ + metric { + name = "cpu_user" + value_threshold = "1.0" + title = "CPU User" + } + metric { + name = "cpu_system" + value_threshold = "1.0" + title = "CPU System" + } + metric { + name = "cpu_idle" + value_threshold = "5.0" + title = "CPU Idle" + } + metric { + name = "cpu_nice" + value_threshold = "1.0" + title = "CPU Nice" + } + metric { + name = "cpu_aidle" + value_threshold = "5.0" + title = "CPU aidle" + } + metric { + name = "cpu_wio" + value_threshold = "1.0" + title = "CPU wio" + } + /* The next two metrics are optional if you want more detail... + ... since they are accounted for in cpu_system. + metric { + name = "cpu_intr" + value_threshold = "1.0" + title = "CPU intr" + } + metric { + name = "cpu_sintr" + value_threshold = "1.0" + title = "CPU sintr" + } + */ +} + +collection_group { + collect_every = 20 + time_threshold = 90 + /* Load Averages */ + metric { + name = "load_one" + value_threshold = "1.0" + title = "One Minute Load Average" + } + metric { + name = "load_five" + value_threshold = "1.0" + title = "Five Minute Load Average" + } + metric { + name = "load_fifteen" + value_threshold = "1.0" + title = "Fifteen Minute Load Average" + } +} + +/* This group collects the number of running and total processes */ +collection_group { + collect_every = 80 + time_threshold = 950 + metric { + name = "proc_run" + value_threshold = "1.0" + title = "Total Running Processes" + } + metric { + name = "proc_total" + value_threshold = "1.0" + title = "Total Processes" + } +} + +/* This collection group grabs the volatile memory metrics every 40 secs and + sends them at least every 180 secs. This time_threshold can be increased + significantly to reduce unneeded network traffic. */ +collection_group { + collect_every = 40 + time_threshold = 180 + metric { + name = "mem_free" + value_threshold = "1024.0" + title = "Free Memory" + } + metric { + name = "mem_shared" + value_threshold = "1024.0" + title = "Shared Memory" + } + metric { + name = "mem_buffers" + value_threshold = "1024.0" + title = "Memory Buffers" + } + metric { + name = "mem_cached" + value_threshold = "1024.0" + title = "Cached Memory" + } + metric { + name = "swap_free" + value_threshold = "1024.0" + title = "Free Swap Space" + } +} + +collection_group { + collect_every = 40 + time_threshold = 300 + metric { + name = "bytes_out" + value_threshold = 4096 + title = "Bytes Sent" + } + metric { + name = "bytes_in" + value_threshold = 4096 + title = "Bytes Received" + } + metric { + name = "pkts_in" + value_threshold = 256 + title = "Packets Received" + } + metric { + name = "pkts_out" + value_threshold = 256 + title = "Packets Sent" + } +} + +/* Different than 2.5.x default since the old config made no sense */ +collection_group { + collect_every = 1800 + time_threshold = 3600 + metric { + name = "disk_total" + value_threshold = 1.0 + title = "Total Disk Space" + } +} + +collection_group { + collect_every = 40 + time_threshold = 180 + metric { + name = "disk_free" + value_threshold = 1.0 + title = "Disk Space Available" + } + metric { + name = "part_max_used" + value_threshold = 1.0 + title = "Maximum Disk Space Used" + } +} diff --git a/grid5000/steps/data/setup/puppet/modules/env/files/base/infiniband/90-ib.rules b/grid5000/steps/data/setup/puppet/modules/env/files/base/infiniband/90-ib.rules new file mode 100644 index 0000000..994f4a0 --- /dev/null +++ b/grid5000/steps/data/setup/puppet/modules/env/files/base/infiniband/90-ib.rules @@ -0,0 +1,6 @@ +KERNEL=="umad*", NAME="infiniband/%k" +KERNEL=="issm*", NAME="infiniband/%k" +KERNEL=="ucm*", NAME="infiniband/%k", MODE="0666" +KERNEL=="uverbs*", NAME="infiniband/%k", MODE="0666" +KERNEL=="ucma", NAME="infiniband/%k", MODE="0666" +KERNEL=="rdma_cm", NAME="infiniband/%k", MODE="0666" diff --git a/grid5000/steps/data/setup/puppet/modules/env/files/base/infiniband/openib.conf b/grid5000/steps/data/setup/puppet/modules/env/files/base/infiniband/openib.conf new file mode 100644 index 0000000..87981c7 --- /dev/null +++ b/grid5000/steps/data/setup/puppet/modules/env/files/base/infiniband/openib.conf @@ -0,0 +1,39 @@ +# Start HCA driver upon boot +ONBOOT=yes + +# Load UCM module +UCM_LOAD=no + +# Load RDMA_CM module +RDMA_CM_LOAD=yes + +# Load RDMA_UCM module +RDMA_UCM_LOAD=yes + +# Increase ib_mad thread priority +RENICE_IB_MAD=no + +# Load MTHCA +MTHCA_LOAD=yes + +# Load MLX4 modules +MLX4_LOAD=yes + +# Load MLX5 modules +MLX5_LOAD=yes + +# Load MLX4_EN module +MLX4_EN_LOAD=yes + +# Load CXGB3 modules +CXGB3_LOAD=no + +# Load NES modules +NES_LOAD=no + +# Load IPoIB +IPOIB_LOAD=yes + +# Enable IPoIB Connected Mode +SET_IPOIB_CM=yes + diff --git a/grid5000/steps/data/setup/puppet/modules/env/files/base/infiniband/openibd b/grid5000/steps/data/setup/puppet/modules/env/files/base/infiniband/openibd new file mode 100644 index 0000000..b943e72 --- /dev/null +++ b/grid5000/steps/data/setup/puppet/modules/env/files/base/infiniband/openibd @@ -0,0 +1,1610 @@ +#!/bin/bash +### BEGIN INIT INFO +# Provides: openibd +# Required-Start: $local_fs +# Required-Stop: opensmd +# Default-Start: 2 3 5 +# Default-Stop: 0 1 2 6 +# Description: Activates/Deactivates InfiniBand Driver to # start at boot time. +### END INIT INFO +# +# Copyright (c) 2013 Mellanox Technologies. All rights reserved. +# Copyright (c) 2010 QLogic Corporation. All rights reserved. +# +# This Software is licensed under one of the following licenses: +# +# 1) under the terms of the "Common Public License 1.0" a copy of which is +# available from the Open Source Initiative, see +# http://www.opensource.org/licenses/cpl.php. +# +# 2) under the terms of the "The BSD License" a copy of which is +# available from the Open Source Initiative, see +# http://www.opensource.org/licenses/bsd-license.php. +# +# 3) under the terms of the "GNU General Public License (GPL) Version 2" a +# copy of which is available from the Open Source Initiative, see +# http://www.opensource.org/licenses/gpl-license.php. +# +# Licensee has the right to choose one of the above licenses. +# +# Redistributions of source code must retain the above copyright +# notice and one of the license notices. +# +# Redistributions in binary form must reproduce both the above copyright +# notice, one of the license notices in the documentation +# and/or other materials provided with the distribution. +# +# +# $Id: openibd 9139 2006-08-29 14:03:38Z vlad $ +# + +# config: /etc/infiniband/openib.conf +OPENIBD_CONFIG=${OPENIBD_CONFIG:-"/etc/infiniband/openib.conf"} +CONFIG=$OPENIBD_CONFIG +export LANG=en_US.UTF-8 + +if [ ! -f $CONFIG ]; then + echo No InfiniBand configuration found + exit 0 +fi + +. $CONFIG + +CWD=`pwd` +cd /etc/infiniband +WD=`pwd` + +PATH=$PATH:/sbin:/usr/bin:/lib/udev +if [ -e /etc/profile.d/ofed.sh ]; then + . /etc/profile.d/ofed.sh +fi + +# Only use ONBOOT option if called by a runlevel directory. +# Therefore determine the base, follow a runlevel link name ... +base=${0##*/} +link=${base#*[SK][0-9][0-9]} +# ... and compare them +if [[ $link == $base && "$0" != "/etc/rc.d/init.d/openibd" ]] ; then + RUNMODE=manual + ONBOOT=yes +else + RUNMODE=auto +fi + +# Allow unsupported modules, if disallowed by current configuration +modprobe=/sbin/modprobe +if ${modprobe} -c | grep -q '^allow_unsupported_modules *0'; then + modprobe="${modprobe} --allow-unsupported-modules" +fi + +ACTION=$1 +shift +max_ports_num_in_hca=0 + +# Check if OpenIB configured to start automatically +if [ "X${ONBOOT}" != "Xyes" ]; then + exit 0 +fi + +if ( grep -i 'SuSE Linux' /etc/issue >/dev/null 2>&1 ); then + if [ -n "$INIT_VERSION" ] ; then + # MODE=onboot + if LANG=C egrep -L "^ONBOOT=['\"]?[Nn][Oo]['\"]?" ${CONFIG} > /dev/null ; then + exit 0 + fi + fi +fi + +######################################################################### +# Get a sane screen width +[ -z "${COLUMNS:-}" ] && COLUMNS=80 + +[ -z "${CONSOLETYPE:-}" ] && [ -x /sbin/consoletype ] && CONSOLETYPE="`/sbin/consoletype`" + +# Read in our configuration +if [ -z "${BOOTUP:-}" ]; then + if [ -f /etc/sysconfig/init ]; then + . /etc/sysconfig/init + else + # This all seem confusing? Look in /etc/sysconfig/init, + # or in /usr/doc/initscripts-*/sysconfig.txt + BOOTUP=color + RES_COL=60 + MOVE_TO_COL="echo -en \\033[${RES_COL}G" + SETCOLOR_SUCCESS="echo -en \\033[1;32m" + SETCOLOR_FAILURE="echo -en \\033[1;31m" + SETCOLOR_WARNING="echo -en \\033[1;33m" + SETCOLOR_NORMAL="echo -en \\033[0;39m" + LOGLEVEL=1 + fi + if [ "$CONSOLETYPE" = "serial" ]; then + BOOTUP=serial + MOVE_TO_COL= + SETCOLOR_SUCCESS= + SETCOLOR_FAILURE= + SETCOLOR_WARNING= + SETCOLOR_NORMAL= + fi +fi + +if [ "${BOOTUP:-}" != "verbose" ]; then + INITLOG_ARGS="-q" +else + INITLOG_ARGS= +fi + +echo_success() { + echo -n $@ + [ "$BOOTUP" = "color" ] && $MOVE_TO_COL + echo -n "[ " + [ "$BOOTUP" = "color" ] && $SETCOLOR_SUCCESS + echo -n $"OK" + [ "$BOOTUP" = "color" ] && $SETCOLOR_NORMAL + echo -n " ]" + echo -e "\r" + return 0 +} + +echo_done() { + echo -n $@ + [ "$BOOTUP" = "color" ] && $MOVE_TO_COL + echo -n "[ " + [ "$BOOTUP" = "color" ] && $SETCOLOR_NORMAL + echo -n $"done" + [ "$BOOTUP" = "color" ] && $SETCOLOR_NORMAL + echo -n " ]" + echo -e "\r" + return 0 +} + +echo_failure() { + echo -n $@ + [ "$BOOTUP" = "color" ] && $MOVE_TO_COL + echo -n "[" + [ "$BOOTUP" = "color" ] && $SETCOLOR_FAILURE + echo -n $"FAILED" + [ "$BOOTUP" = "color" ] && $SETCOLOR_NORMAL + echo -n "]" + echo -e "\r" + return 1 +} + +echo_warning() { + echo -n $@ + [ "$BOOTUP" = "color" ] && $MOVE_TO_COL + echo -n "[" + [ "$BOOTUP" = "color" ] && $SETCOLOR_WARNING + echo -n $"WARNING" + [ "$BOOTUP" = "color" ] && $SETCOLOR_NORMAL + echo -n "]" + echo -e "\r" + return 1 +} + +count_ib_ports() +{ + local cnt=0 + local ports_in_hca=0 + sysdir=/sys/class/infiniband + hcas=$(/bin/ls -1 ${sysdir} 2> /dev/null) + for hca in $hcas + do + ports_in_hca=$(/bin/ls -1 ${sysdir}/${hca}/ports 2> /dev/null | wc -l) + if [ $ports_in_hca -gt $max_ports_num_in_hca ]; then + max_ports_num_in_hca=$ports_in_hca + fi + cnt=$[ $cnt + $ports_in_hca ] + done + + return $cnt +} + +# Setting Environment variables +if [ -f /etc/redhat-release ]; then + DISTRIB="RedHat" + NETWORK_CONF_DIR="/etc/sysconfig/network-scripts" +elif [ -f /etc/rocks-release ]; then + DISTRIB="Rocks" + NETWORK_CONF_DIR="/etc/sysconfig/network-scripts" +elif [ -f /etc/SuSE-release ]; then + DISTRIB="SuSE" + NETWORK_CONF_DIR="/etc/sysconfig/network" +elif [ -f /etc/debian_version ]; then + DISTRIB="Debian" + NETWORK_CONF_DIR="/etc/infiniband" +else + DISTRIB=`ls /etc/*-release | head -n 1 | xargs -iXXX basename XXX -release 2> /dev/null` + if [ -d /etc/sysconfig/network-scripts ]; then + NETWORK_CONF_DIR="/etc/sysconfig/network-scripts" + elif [ -d /etc/sysconfig/network ]; then + NETWORK_CONF_DIR="/etc/sysconfig/network" + else + echo_failure "You system is not supported for IPoIB configuration" + echo "Try to load driver manually using configuration files from $WD directory" + exit 1 + fi +fi + +# Define kernel version prefix +KPREFIX=`uname -r | cut -c -3 | tr -d '.' | tr -d '[:space:]'` + +# Setting OpenIB start parameters +POST_LOAD_MODULES="" + +RUN_SYSCTL=${RUN_SYSCTL:-"no"} + +IPOIB=0 +IPOIB_MTU=${IPOIB_MTU:-65520} +if [ "X${IPOIB_LOAD}" == "Xyes" ]; then + IPOIB=1 +fi + +if [ "X${SRP_LOAD}" == "Xyes" ]; then + POST_LOAD_MODULES="$POST_LOAD_MODULES ib_srp" +fi + +if [ "X${SRPT_LOAD}" == "Xyes" ]; then + POST_LOAD_MODULES="$POST_LOAD_MODULES ib_srpt" +fi + +if [ "X${QLGC_VNIC_LOAD}" == "Xyes" ]; then + POST_LOAD_MODULES="$POST_LOAD_MODULES qlgc_vnic" +fi + +if [ "X${SRP_TARGET_LOAD}" == "Xyes" ]; then + POST_LOAD_MODULES="$POST_LOAD_MODULES ib_srp_target" +fi + +if [ "X${RDMA_CM_LOAD}" == "Xyes" ]; then + POST_LOAD_MODULES="$POST_LOAD_MODULES rdma_cm" +fi + +if [ "X${UCM_LOAD}" == "Xyes" ]; then + POST_LOAD_MODULES="$POST_LOAD_MODULES ib_ucm" +fi + +if [ "X${RDS_LOAD}" == "Xyes" ]; then + POST_LOAD_MODULES="$POST_LOAD_MODULES rds rds_rdma rds_tcp" +fi + +if [ "X${RDMA_UCM_LOAD}" == "Xyes" ]; then + POST_LOAD_MODULES="$POST_LOAD_MODULES rdma_ucm" +fi + +GEN1_UNLOAD_MODULES="ib_srp_target scsi_target ib_srp kdapltest_module ib_kdapl ib_useraccess ib_useraccess_cm ib_cm ib_dapl_srv ib_ip2pr ib_ipoib ib_tavor mod_thh mod_rhh ib_dm_client ib_sa_client ib_client_query ib_poll ib_mad ib_core ib_services" + +UNLOAD_MODULES="ib_mthca mlx5_ib mlx5_core mlx4_ib ib_ipath ipath_core ib_ehca iw_nes i40iw iw_cxgb3 cxgb3 iw_cxgb4 cxgb4 ocrdma bnxt_re bnxt_en" +UNLOAD_MODULES="$UNLOAD_MODULES ib_qib" +UNLOAD_MODULES="$UNLOAD_MODULES ib_ipoib ib_madeye ib_rds" +UNLOAD_MODULES="$UNLOAD_MODULES rpcrdma rds_rdma rds_tcp rds ib_ucm kdapl ib_srp_target scsi_target ib_srpt ib_srp ib_iser" +UNLOAD_MODULES="$UNLOAD_MODULES rdma_ucm rdma_cm iw_cm ib_cm ib_local_sa findex" +UNLOAD_MODULES="$UNLOAD_MODULES ib_sa ib_uverbs ib_umad ib_mad ib_core ib_addr" + +STATUS_MODULES="rdma_ucm ib_rds rds rds_rdma rds_tcp ib_srpt ib_srp qlgc_vnic rdma_cm ib_addr ib_local_sa findex ib_ipoib ib_ehca ib_ipath ipath_core mlx4_core mlx4_ib mlx4_en mlx5_core mlx5_ib ib_mthca ib_uverbs ib_umad ib_ucm ib_sa ib_cm ib_mad ib_core iw_cxgb3 iw_cxgb4 iw_nes i40iw vmw_pvrdma" +STATUS_MODULES="$STATUS_MODULES ib_qib ocrdma bnxt_re bnxt_en" + +if (modinfo scsi_transport_srp 2>/dev/null | grep depends: | grep -q compat 2>/dev/null) || + (lsmod 2>/dev/null | grep scsi_transport_srp | grep -q compat); then + UNLOAD_MODULES="$UNLOAD_MODULES scsi_transport_srp" + STATUS_MODULES="$STATUS_MODULES scsi_transport_srp" +fi + +ipoib_ha_pidfile=/var/run/ipoib_ha.pid +srp_daemon_pidfile=/var/run/srp_daemon.pid +_truescale=/etc/infiniband/truescale.cmds + +get_interfaces() +{ + interfaces=$(cd /sys/class/net;/bin/ls -d ib* 2> /dev/null) +} + +get_mlx4_en_interfaces() +{ + mlx4_en_interfaces="" + for ethpath in /sys/class/net/* + do + if (grep 0x15b3 ${ethpath}/device/vendor > /dev/null 2>&1); then + mlx4_en_interfaces="$mlx4_en_interfaces ${ethpath##*/}" + fi + done +} + +# If module $1 is loaded return - 0 else - 1 +is_module() +{ +local RC + + /sbin/lsmod | grep -w "$1" > /dev/null 2>&1 + RC=$? + +return $RC +} + +log_msg() +{ + logger -i "openibd: $@" +} + +load_module() +{ + local module=$1 + filename=`modinfo $module | grep filename | awk '{print $NF}'` + + if [ ! -n "$filename" ]; then + echo_failure "Module $module does not exist" + log_msg "Error: Module $module does not exist" + return 1 + fi + + if [ -L $filename ]; then + filename=`readlink -f $filename` + fi + + rpm_name=`/bin/rpm -qf $filename --queryformat "[%{NAME}]" 2> /dev/null` + if [ $? -ne 0 ]; then + echo_warning "Module $module does not belong to OFED" + log_msg "Module $module does not belong to OFED" + else + case "$rpm_name" in + *compat-rdma* | kernel-ib) + ;; + *) + echo_warning "Module $module belong to $rpm_name which is not a part of OFED" + log_msg "Module $module belong to $rpm_name which is not a part of OFED" + ;; + esac + fi + ${modprobe} $module > /dev/null 2>&1 +} + +# Return module's refcnt +is_ref() +{ + local refcnt + refcnt=`cat /sys/module/"$1"/refcnt 2> /dev/nill` + return $refcnt +} + +get_sw_fw_info() +{ + INFO=/etc/infiniband/info + OFEDHOME="/usr/local" + if [ -x ${INFO} ]; then + OFEDHOME=$(${INFO} | grep -w prefix | cut -d '=' -f 2) + fi + MREAD=$(which mstmread 2> /dev/null) + + # Get OFED Build id + if [ -r ${OFEDHOME}/BUILD_ID ]; then + echo "Software" + echo "-------------------------------------" + printf "Build ID:\n" + cat ${OFEDHOME}/BUILD_ID + echo "-------------------------------------" + fi + + # Get FW version + if [ ! -x ${MREAD} ]; then + return 1 + fi + + vendor="15b3" + slots=$(lspci -n -d "${vendor}:" 2> /dev/null | grep -v "5a46" | cut -d ' ' -f 1) + for mst_device in $slots + do + major=$($MREAD ${mst_device} 0x82478 2> /dev/null | cut -d ':' -f 2) + subminor__minor=$($MREAD ${mst_device} 0x8247c 2> /dev/null | cut -d ':' -f 2) + ftime=$($MREAD ${mst_device} 0x82480 2> /dev/null | cut -d ':' -f 2) + fdate=$($MREAD ${mst_device} 0x82484 2> /dev/null | cut -d ':' -f 2) + + major=$(echo -n $major | cut -d x -f 2 | cut -b 4) + subminor__minor1=$(echo -n $subminor__minor | cut -d x -f 2 | cut -b 3,4) + subminor__minor2=$(echo -n $subminor__minor | cut -d x -f 2 | cut -b 5,6,7,8) + echo + echo "Device ${mst_device} Info:" + echo "Firmware:" + + printf "\tVersion:" + printf "\t$major.$subminor__minor1.$subminor__minor2\n" + + day=$(echo -n $fdate | cut -d x -f 2 | cut -b 7,8) + month=$(echo -n $fdate | cut -d x -f 2 | cut -b 5,6) + year=$(echo -n $fdate | cut -d x -f 2 | cut -b 1,2,3,4) + hour=$(echo -n $ftime | cut -d x -f 2 | cut -b 5,6) + min=$(echo -n $ftime | cut -d x -f 2 | cut -b 3,4) + sec=$(echo -n $ftime | cut -d x -f 2 | cut -b 1,2) + + printf "\tDate:" + printf "\t$day/$month/$year $hour:$min:$sec\n" + done +} + +# Create debug info +get_debug_info() +{ + trap '' 2 9 15 + DEBUG_INFO=/tmp/ib_debug_info.log + /bin/rm -f $DEBUG_INFO + touch $DEBUG_INFO + echo "Hostname: `hostname -s`" >> $DEBUG_INFO + test -e /etc/issue && echo "OS: `cat /etc/issue`" >> $DEBUG_INFO + echo "Current kernel: `uname -r`" >> $DEBUG_INFO + echo "Architecture: `uname -m`" >> $DEBUG_INFO + which gcc &>/dev/null && echo "GCC version: `gcc --version`" >> $DEBUG_INFO + echo "CPU: `cat /proc/cpuinfo | /bin/grep -E \"model name|arch\" | head -1`" >> $DEBUG_INFO + echo "`cat /proc/meminfo | /bin/grep \"MemTotal\"`" >> $DEBUG_INFO + echo "Chipset: `/sbin/lspci 2> /dev/null | head -1 | cut -d ':' -f 2-`" >> $DEBUG_INFO + + echo >> $DEBUG_INFO + get_sw_fw_info >> $DEBUG_INFO + echo >> $DEBUG_INFO + + echo >> $DEBUG_INFO + echo "############# LSPCI ##############" >> $DEBUG_INFO + /sbin/lspci 2> /dev/null >> $DEBUG_INFO + + echo >> $DEBUG_INFO + echo "############# LSPCI -N ##############" >> $DEBUG_INFO + /sbin/lspci -n 2> /dev/null >> $DEBUG_INFO + + echo >> $DEBUG_INFO + echo "############# LSMOD ##############" >> $DEBUG_INFO + /sbin/lsmod >> $DEBUG_INFO + + echo >> $DEBUG_INFO + echo "############# DMESG ##############" >> $DEBUG_INFO + /bin/dmesg >> $DEBUG_INFO + + if [ -r /var/log/messages ]; then + echo >> $DEBUG_INFO + echo "############# Messages ##############" >> $DEBUG_INFO + tail -50 /var/log/messages >> $DEBUG_INFO + fi + + echo >> $DEBUG_INFO + echo "############# Running Processes ##############" >> $DEBUG_INFO + /bin/ps -ef >> $DEBUG_INFO + echo "##############################################" >> $DEBUG_INFO + + echo + echo "Please open an issue in the http://bugs.openfabrics.org and attach $DEBUG_INFO" + echo +} + +ib_set_node_desc() +{ + # Wait while node's hostname is set + NODE_DESC_TIME_BEFORE_UPDATE=${NODE_DESC_TIME_BEFORE_UPDATE:-10} + local declare -i UPDATE_TIMEOUT=${NODE_DESC_UPDATE_TIMEOUT:-120} + sleep $NODE_DESC_TIME_BEFORE_UPDATE + # Reread NODE_DESC value + . $CONFIG + NODE_DESC=${NODE_DESC:-$(hostname -s)} + while [ "${NODE_DESC}" == "localhost" ] && [ $UPDATE_TIMEOUT -gt 0 ]; do + sleep 1 + . $CONFIG + NODE_DESC=${NODE_DESC:-$(hostname -s)} + let UPDATE_TIMEOUT-- + done + # Add node description to sysfs + ibsysdir="/sys/class/infiniband" + if [ -d ${ibsysdir} ]; then + declare -i hca_id=1 + for hca in ${ibsysdir}/* + do + if [ -e ${hca}/node_desc ]; then + log_msg "Set node_desc for $(basename $hca): ${NODE_DESC} HCA-${hca_id}" + echo -n "${NODE_DESC} HCA-${hca_id}" >> ${hca}/node_desc + fi + let hca_id++ + done + fi +} + + +need_location_code_fix() +{ + local sub ARCH KVERSION + ARCH=$(uname -m) + KVERSION=$(uname -r) + + if [ "$ARCH" != "ppc64" ]; then + return 1; + fi + + case $KVERSION in + 2.6.9-*.EL*) + sub=$(echo $KVERSION | cut -d"-" -f2 | cut -d"." -f1) + if [ $sub -lt 62 ]; then + return 2; + fi + ;; + 2.6.16.*-*-*) + sub=$(echo $KVERSION | cut -d"." -f4 | cut -d"-" -f1) + if [ $sub -lt 53 ]; then + return 0; + fi + ;; + 2.6.18-*.el5*) + sub=$(echo $KVERSION | cut -d"-" -f2 | cut -d"." -f1) + if [ $sub -lt 54 ]; then + return 0; + fi + ;; + 2.6.*) + sub=$(echo $KVERSION | cut -d"." -f3 | cut -d"-" -f1 | tr -d [:alpha:][:punct:]) + if [ $sub -lt 24 ]; then + return 0; + fi + ;; + esac + + return 1; +} + +fix_location_codes() +{ + # ppc64 only: + # Fix duplicate location codes on kernels where ibmebus can't handle them + + need_location_code_fix + ret=$? + if [ $ret = 1 ]; then return 0; fi + if ! [ -d /proc/device-tree -a -f /proc/ppc64/ofdt ]; then return 0; fi + + local i=1 phandle lcode len + # output all duplicate location codes and their devices + for attr in $(find /proc/device-tree -name "ibm,loc-code" | grep "lh.a"); do + echo -e $(dirname $attr)"\t"$(cat $attr) + done | sort -k2 | uniq -f1 --all-repeated=separate | cut -f1 | while read dev; do + if [ -n "$dev" ]; then + # append an instance counter to the location code + phandle=$(hexdump -e '8 "%u"' $dev/ibm,phandle) + lcode=$(cat $dev/ibm,loc-code)-I$i + len=$(echo -n "$lcode" | wc -c) + node=${dev#/proc/device-tree} + + # kernel-2.6.9 don't provide "update_property" + if [ ! -z "$(echo -n "$node" | grep "lhca")" ]; then + if [ $ret = 2 ]; then + echo -n "add_node $node" > /tmp/addnode + cd $dev + for a in *; do + SIZE=$(stat -c%s $a) + if [ "$a" = "ibm,loc-code" ] ; then + echo -n " $a $len $lcode" >> /tmp/addnode + elif [ "$a" = "interrupts" ] ; then + echo -n " $a 0 " >> /tmp/addnode + else + echo -n " $a $SIZE " >> /tmp/addnode + cat $a >> /tmp/addnode + fi + done + echo -n "remove_node $node" > /proc/ppc64/ofdt + cat /tmp/addnode > /proc/ppc64/ofdt + rm -rf /tmp/addnode + else + echo -n "update_property $phandle ibm,loc-code $len $lcode" > /proc/ppc64/ofdt + fi + i=$(($i + 1)) + fi + else + # empty line means new group -- reset i + i=1 + fi + done +} + +rotate_log() +{ + local log=$1 + if [ -s ${log} ]; then + cat ${log} >> ${log}.$(date +%Y-%m-%d) + /bin/rm -f ${log} + fi + touch ${log} +} + +is_ivyb() +{ + cpu_family=`/usr/bin/lscpu 2>&1 | grep "CPU family" | cut -d':' -f 2 | sed -e 's/ //g'` + cpu_model=`/usr/bin/lscpu 2>&1 | grep "Model:" | cut -d':' -f 2 | sed -e 's/ //g'` + + case "${cpu_family}_${cpu_model}" in + 6_62) + return 0 + ;; + *) + return 1 + ;; + esac +} + +# Check whether IPoIB interface configured to be started upon boot. +is_onboot() +{ + local i=$1 + shift + + case $DISTRIB in + RedHat|Rocks) + if LANG=C egrep -L "^ONBOOT=['\"]?[Nn][Oo]['\"]?" ${NETWORK_CONF_DIR}/ifcfg-$i > /dev/null ; then + return 1 + fi + ;; + SuSE) + if ! LANG=C egrep -L "^STARTMODE=['\"]?onboot['\"]?" ${NETWORK_CONF_DIR}/ifcfg-$i > /dev/null ; then + return 1 + fi + ;; + Debian) + if ! ( LANG=C grep auto /etc/network/interfaces | grep -w $i > /dev/null 2>&1) ; then + return 1 + fi + ;; + *) + if LANG=C egrep -L "^ONBOOT=['\"]?[Nn][Oo]['\"]?" ${NETWORK_CONF_DIR}/ifcfg-$i > /dev/null ; then + return 1 + fi + ;; + esac + + return 0 +} + +set_ipoib_cm() +{ + local i=$1 + shift + + if [ ! -e /sys/class/net/${i}/mode ]; then + echo "Failed to configure IPoIB connected mode for ${i}" + return 1 + fi + + sleep 1 + echo connected > /sys/class/net/${i}/mode + /sbin/ip link set ${i} mtu ${IPOIB_MTU} +} + +bring_up() +{ + local i=$1 + shift + + case $DISTRIB in + RedHat|Rocks) + . ${NETWORK_CONF_DIR}/ifcfg-${i} + if [ ! -z ${IPADDR} ] && [ ! -z ${NETMASK} ] && [ ! -z ${BROADCAST} ]; then + /sbin/ifconfig ${i} ${IPADDR} netmask ${NETMASK} broadcast ${BROADCAST} > /dev/null 2>&1 + else + /sbin/ifup ${i} 2> /dev/null + fi + ;; + SuSE) + if [ "$KPREFIX" == "26" ]; then + ifconfig ${i} up > /dev/null 2>&1 + fi + # Workaround for ifup issue: two devices with the same IP address + . ${NETWORK_CONF_DIR}/ifcfg-${i} + if [ ! -z ${IPADDR} ] && [ ! -z ${NETMASK} ] && [ ! -z ${BROADCAST} ]; then + /sbin/ifconfig ${i} ${IPADDR} netmask ${NETMASK} broadcast ${BROADCAST} > /dev/null 2>&1 + else + /sbin/ifup ${i} + fi + # /sbin/ifup ${i} > /dev/null 2>&1 + ;; + Debian) + . ${NETWORK_CONF_DIR}/ifcfg-${i} + /sbin/ip address add ${IPADDR}/${NETMASK} dev ${i} > /dev/null 2>&1 + /sbin/ip link set ${i} up > /dev/null 2>&1 + ;; + *) + /sbin/ifup ${i} 2> /dev/null + ;; + esac + + if [ "X${SET_IPOIB_CM}" == "Xyes" ]; then + set_ipoib_cm ${i} + fi + + return $? +} + +is_active_vf() +{ + # test if have ConnectX with VFs + # if not, no need to proceed further. Return 0 (no VFs active) + lspci | grep Mellanox | grep ConnectX | grep Virtual > /dev/null + if [ $? -ne 0 ] ; then + # No VFs activated + return 1 + fi + + # test for virsh + virsh -v > /dev/null 2> /dev/null + if [ $? -ne 0 ] ; then + # No virsh + return 1 + fi + + # test if running virsh by mistake on a guest + virsh sysinfo > /dev/null 2> /dev/null + if [ $? -ne 0 ] ; then + # virsh running on a guest + return 1 + fi + + # find all pci devices using the mlx4_core driver + MLX4_CORE_DEVICES=`for j in \`virsh nodedev-list | grep pci \` ; do + virsh nodedev-dumpxml $j 2> /dev/null| grep mlx4_core > /dev/null + if [ $? -eq 0 ] ; then echo $j; fi + done` + + # for all devices using mlx4_core, see if any have active VFs + ACTIVE_MLX4_VFS=`for k in \`echo $MLX4_CORE_DEVICES\` ; do + IFS=$'\n' + for f in \`virsh -d 4 nodedev-dumpxml $k | grep "address domain"\` ; do + for g in \`virsh list | grep -E "running|paused" | awk '{ print $2 }' \`; do + virsh dumpxml $g 2> /dev/null | grep $f | grep "address domain" + done + done + done` + + if [ "x$ACTIVE_MLX4_VFS" = "x" ] ; then + # NO GUESTS + return 1 + else + # There are active virtual functions + return 0 + fi +} + +start() +{ + local RC=0 + + if is_active_vf; then + echo "There are active virtual functions. Cannot continue..." + exit 1 + fi + + # W/A: inbox drivers are loaded at boot instead of new ones + local loaded_modules=$(/sbin/lsmod 2>/dev/null | grep -E '^be2net|^cxgb|^mlx|^iw_nes|^i40iw|^iw_cxgb|^ib_qib|^ib_mthca|^ocrdma|^bnxt_re|^ib_ipoib|^ib_srp|^ib_iser|^ib_uverbs|^ib_addr|^ib_mad|^ib_sa|^iw_cm|^ib_core|^ib_ucm|^ib_cm|^rdma_ucm|^ib_umad|^rdma_cm|^compat' | awk '{print $1}') + for loaded_module in $loaded_modules + do + local loaded_srcver=$(/bin/cat /sys/module/$loaded_module/srcversion 2>/dev/null) + local curr_srcver=$(/sbin/modinfo $loaded_module 2>/dev/null | grep srcversion | awk '{print $NF}') + if [ "X$loaded_srcver" != "X$curr_srcver" ]; then + log_msg "start(): Detected loaded old version of module '$loaded_module', calling stop..." + stop + break + fi + done + + # W/A: modules loaded from initrd without taking new params from /etc/modprobe.d/ + local conf_files=$(grep -rE "options.*mlx" /etc/modprobe.d/*.conf 2>/dev/null | grep -v ":#" | cut -d":" -f"1" | uniq) + local goFlag=1 + if [ "X$conf_files" != "X" ]; then + for file in $conf_files + do + while read line && [ $goFlag -eq 1 ] + do + local curr_mod=$(echo $line | sed -r -e 's/.*options //g' | awk '{print $NR}') + if ! is_module $curr_mod; then + continue + fi + for item in $(echo $line | sed -r -e "s/.*options\s*${curr_mod}//g") + do + local param=${item%=*} + local conf_value=${item##*=} + local real_value=$(cat /sys/module/${curr_mod}/parameters/${param} 2>/dev/null) + if [ "X$conf_value" != "X$real_value" ]; then + log_msg "start(): Detected '$curr_mod' loaded with '$param=$real_value' instead of '$param=$conf_value' as configured in '$file', calling stop..." + goFlag=0 + stop + break + fi + done + done < $file + if [ $goFlag -ne 1 ]; then + break + fi + done + fi + + if is_ivyb; then + # Clear SB registers on IvyB machines + ivyb_slots=`/sbin/lspci -n | grep -w '8086:0e28' | cut -d ' ' -f 1` + for ivyb_slot in $ivyb_slots + do + if [ "0x`/sbin/setpci -s $ivyb_slot 0x858.W`" == "0x0000" ]; then + setpci -s $ivyb_slot 0x858.W=0xffff + fi + if [ "0x`/sbin/setpci -s $ivyb_slot 0x85C.W`" == "0x0000" ]; then + setpci -s $ivyb_slot 0x85C.W=0xffff + fi + done + fi + + if [ $DISTRIB = "SuSE" ]; then + if [ -x /sbin/rpc.statd ]; then + /sbin/rpc.statd + fi + fi + + # Load Mellanox HCA driver + if [ "X${MTHCA_LOAD}" == "Xyes" ]; then + load_module ib_mthca + my_rc=$? + if [ $my_rc -ne 0 ]; then + echo_failure $"Loading Mellanox HCA driver: " + fi + RC=$[ $RC + $my_rc ] + fi + + if [ "X${MLX4_LOAD}" == "Xyes" ]; then + load_module mlx4_core + my_rc=$? + if [ $my_rc -ne 0 ]; then + echo_failure $"Loading Mellanox MLX4 HCA driver: " + else + # Set port configuration + if [ -f /etc/infiniband/connectx.conf ]; then + . /etc/infiniband/connectx.conf > /dev/null 2>&1 + fi + fi + load_module mlx4_ib + my_rc=$? + if [ $my_rc -ne 0 ]; then + echo_failure $"Loading Mellanox MLX4_IB HCA driver: " + fi + RC=$[ $RC + $my_rc ] + fi + + if [ "X${MLX4_EN_LOAD}" == "Xyes" ]; then + if ! is_module mlx4_core; then + load_module mlx4_core + fi + + load_module mlx4_en + my_rc=$? + if [ $my_rc -ne 0 ]; then + echo_failure $"Loading Mellanox MLX4_EN HCA driver: " + fi + RC=$[ $RC + $my_rc ] + fi + + if [ "X${MLX5_LOAD}" == "Xyes" ]; then + load_module mlx5_core + my_rc=$? + if [ $my_rc -ne 0 ]; then + echo_failure $"Loading Mellanox MLX5 HCA driver: " + fi + load_module mlx5_ib + my_rc=$? + if [ $my_rc -ne 0 ]; then + echo_failure $"Loading Mellanox MLX5_IB HCA driver: " + fi + RC=$[ $RC + $my_rc ] + fi + + # Load QLogic QIB driver + if [ "X${QIB_LOAD}" == "Xyes" ]; then + load_module ib_qib + my_rc=$? + if [ $my_rc -ne 0 ]; then + echo_failure $"Loading QLogic QIB driver: " + elif [ -x ${_truescale} ]; then + ${_truescale} start + fi + RC=$[ $RC + $my_rc ] + fi + + # Load QLogic InfiniPath driver + if [ "X${IPATH_LOAD}" == "Xyes" ]; then + load_module ib_ipath + my_rc=$? + if [ $my_rc -ne 0 ]; then + echo_failure $"Loading QLogic InfiniPath driver: " + fi + # Don't exit on error + # Workarround for Bug 252. + # RC=$[ $RC + $my_rc ] + fi + + # Load eHCA driver + if [ "X${EHCA_LOAD}" == "Xyes" ]; then + fix_location_codes + load_module ib_ehca + my_rc=$? + if [ $my_rc -ne 0 ]; then + echo_failure $"Loading eHCA driver: " + fi + RC=$[ $RC + $my_rc ] + fi + + # Load iw_cxgb3 driver + if [ "X${CXGB3_LOAD}" == "Xyes" ]; then + fix_location_codes + load_module iw_cxgb3 + my_rc=$? + if [ $my_rc -ne 0 ]; then + echo_failure $"Loading cxgb3 driver: " + fi + RC=$[ $RC + $my_rc ] + fi + + # Load iw_cxgb4 driver + if [ "X${CXGB4_LOAD}" == "Xyes" ]; then + fix_location_codes + load_module iw_cxgb4 + my_rc=$? + if [ $my_rc -ne 0 ]; then + echo_failure $"Loading cxgb4 driver: " + fi + RC=$[ $RC + $my_rc ] + fi + + # Load iw_nes driver + if [ "X${NES_LOAD}" == "Xyes" ]; then + fix_location_codes + load_module iw_nes + my_rc=$? + if [ $my_rc -ne 0 ]; then + echo_failure $"Loading nes driver: " + fi + RC=$[ $RC + $my_rc ] + fi + + # Load i40iw driver + if [ "X${I40IW_LOAD}" == "Xyes" ]; then + fix_location_codes + load_module i40iw + my_rc=$? + if [ $my_rc -ne 0 ]; then + echo_failure $"Loading i40iw driver: " + fi + RC=$[ $RC + $my_rc ] + fi + + # Load Broadcom bnxt_re driver + if [ "X${BNXT_RE_LOAD}" == "Xyes" ]; then + load_module bnxt_re + load_module bnxt_en + my_rc=$? + if [ $my_rc -ne 0 ]; then + echo_failure $"Loading Broadcom Netxtreme driver: " + fi + RC=$[ $RC + $my_rc ] + fi + + # Load Emulex One Connect driver + if [ "X${OCRDMA_LOAD}" == "Xyes" ]; then + load_module ocrdma + my_rc=$? + if [ $my_rc -ne 0 ]; then + echo_failure $"Loading Emulex One Connect driver: " + elif [ -x ${_truescale} ]; then + ${_truescale} start + fi + RC=$[ $RC + $my_rc ] + fi + + # Load VMware Paravirtual RDMA driver + if [ "X${VMW_PVRDMA_LOAD}" == "Xyes" ]; then + load_module vmw_pvrdma + my_rc=$? + if [ $my_rc -ne 0 ]; then + echo_failure $"Loading VMware Paravirtual RDMA driver: " + fi + RC=$[ $RC + $my_rc ] + fi + + ib_set_node_desc > /dev/null 2>&1 & + + load_module ib_umad + RC=$[ $RC + $? ] + load_module ib_uverbs + RC=$[ $RC + $? ] + + if [ $IPOIB -eq 1 ]; then + load_module ib_ipoib + RC=$[ $RC + $? ] + fi + + if [ $RC -eq 0 ]; then + echo_success $"Loading HCA driver and Access Layer: " + else + echo_failure $"Loading HCA driver and Access Layer: " + get_debug_info + exit 1 + fi + + # Enable IPoIB Interface if configured + if [ $IPOIB -eq 1 ]; then + get_interfaces + echo Setting up InfiniBand network interfaces: + for i in $interfaces + do + if [[ ! -e ${WD}/ifcfg-${i} && ! -e ${NETWORK_CONF_DIR}/ifcfg-${i} ]]; then + echo "No configuration found for ${i}" + if [ "X${SET_IPOIB_CM}" == "Xyes" ]; then + set_ipoib_cm ${i} + fi + else + REMOVE_NETWORK_CONF=0 + if [ ! -e ${NETWORK_CONF_DIR}/ifcfg-${i} ]; then + ln -snf ${WD}/ifcfg-${i} ${NETWORK_CONF_DIR}/ifcfg-${i} + REMOVE_NETWORK_CONF=1 + fi + + if [ "$RUNMODE" != "manual" ]; then + if ! is_onboot $i; then + continue + fi + fi + + bring_up $i + RC=$? + + unset IPADDR NETMASK BROADCAST + + if [ $REMOVE_NETWORK_CONF -eq 1 ]; then + rm -f ${NETWORK_CONF_DIR}/ifcfg-${i} + fi + + if [ $RC -eq 0 ]; then + echo_success $"Bringing up interface $i:" + else + echo_failure $"Bringing up interface $i:" + fi + fi + + # Bring up child interfaces if configured + for child_conf in $(/bin/ls -1 ${NETWORK_CONF_DIR}/ifcfg-${i}.???? 2> /dev/null) + do + ch_i=${child_conf##*-} + # Skip saved interfaces rpmsave and rpmnew + if (echo $ch_i | grep rpm > /dev/null 2>&1); then + continue + fi + if [ "$RUNMODE" != "manual" ]; then + if ! is_onboot $ch_i; then + continue + fi + fi + + if [ ! -f /sys/class/net/${i}/create_child ]; then + continue + fi + + pkey=0x${ch_i##*.} + if [ ! -e /sys/class/net/${i}.${ch_i##*.} ] ; then + echo $pkey > /sys/class/net/${i}/create_child + fi + bring_up $ch_i + RC=$? + + unset IPADDR NETMASK BROADCAST + if [ $RC -eq 0 ]; then + echo_success $"Bringing up interface $ch_i:" + else + echo_failure $"Bringing up interface $ch_i:" + fi + done + done + echo_done "Setting up service network . . ." + + fi + + # Load configured modules + if [ "$POST_LOAD_MODULES" != "" ]; then + for mod in $POST_LOAD_MODULES + do + case $mod in + ib_srp) + load_module $mod + if [ "X${SRPHA_ENABLE}" == "Xyes" ]; then + if [ ! -x /sbin/multipath ]; then + echo "/sbin/multipath is required to enable SRP HA." + else + # Create 91-srp.rules file + mkdir -p /etc/udev/rules.d + if [ "$DISTRIB" == "SuSE" ]; then + cat > /etc/udev/rules.d/91-srp.rules << EOF +ACTION=="add", KERNEL=="sd*[!0-9]", RUN+="/sbin/multipath %M:%m" +EOF + fi + ${modprobe} dm_multipath > /dev/null 2>&1 + srp_daemon.sh & + srp_daemon_pid=$! + echo ${srp_daemon_pid} > ${srp_daemon_pidfile} + fi + elif [ "X${SRP_DAEMON_ENABLE}" == "Xyes" ]; then + srp_daemon.sh & + srp_daemon_pid=$! + echo ${srp_daemon_pid} > ${srp_daemon_pidfile} + fi + ;; + *) + load_module $mod + ;; + esac + RC=$? + [ $RC -ne 0 ] && echo_failure "Loading $mod" + done + fi + + # Create devices using udev + if [ -x /sbin/udevstart ]; then + UDEVSTART=/sbin/udevstart + elif [ -x /sbin/start_udev ]; then + UDEVSTART=/sbin/start_udev + else + UDEVSTART= + fi + + if [ ! -z "${UDEVSTART}" ]; then + devstart_cnt=0 + devstart_maxcnt=10 + while [ ! -d /dev/infiniband/ ] && [ $devstart_cnt -lt $devstart_maxcnt ]; do + sleep 1 + let devstart_cnt++ + done + + if [ ! -d /dev/infiniband/ ] && [ $devstart_cnt -eq $devstart_maxcnt ]; then + ${UDEVSTART} > /dev/null 2>&1 + fi + + if [ ! -d /dev/infiniband/ ]; then + echo_warning $"udevstart: No devices created under /dev/infiniband" + fi + fi + + # Create qlgc_vnic interfaces. This needs to be done after udevstart + if [ "X${QLGC_VNIC_LOAD}" == "Xyes" ]; then + if [ -x /etc/init.d/qlgc_vnic ]; then + /etc/init.d/qlgc_vnic start + fi + fi + + if [ X${RENICE_IB_MAD} == "Xyes" ]; then + # Set max_ports_num_in_hca variable + count_ib_ports + ports_num=$? + list_of_ibmads="" + for (( i=1 ; $i <= ${max_ports_num_in_hca} ; i++ )) + do + list_of_ibmads="${list_of_ibmads} ib_mad${i}" + done + + ib_mad_pids=($(pidof ${list_of_ibmads} 2> /dev/null)) + num_of_root_ibmad_procs=$(/bin/ps h -o user -p ${ib_mad_pids[*]} | grep -w root | wc -l) + get_pid_retries=0 + while [ ${num_of_root_ibmad_procs} -lt $ports_num ] + do + # Wait maximum for 5 sec to get ib_mad process pid + if [ $get_pid_retries -gt 10 ]; then + echo Failed to get $ports_num ib_mad PIDs to renice. Got ${num_of_root_ibmad_procs}. + break + fi + usleep 500000 + ib_mad_pids=($(pidof ${list_of_ibmads} 2> /dev/null)) + num_of_root_ibmad_procs=$(/bin/ps h -o user -p ${ib_mad_pids[*]} | grep -w root | wc -l) + let get_pid_retries++ + done + for ib_mad_pid in ${ib_mad_pids[*]} + do + if [ "$(/bin/ps -p ${ib_mad_pid} h -o user 2> /dev/null)" == "root" ]; then + renice -19 ${ib_mad_pid} > /dev/null 2>&1 + fi + done + fi + + if [ -x /sbin/sysctl_perf_tuning ] && [ "X${RUN_SYSCTL}" == "Xyes" ]; then + /sbin/sysctl_perf_tuning load + fi + + return $RC +} + +UNLOAD_REC_TIMEOUT=100 +unload_rec() +{ + local mod=$1 + shift + + if is_module $mod ; then + ${modprobe} -r $mod >/dev/null 2>&1 + if [ $? -ne 0 ];then + for dep in `/sbin/rmmod $mod 2>&1 | grep "is in use by" | sed -r -e 's/.*use by //g' | sed -e 's/,/ /g'` + do + # if $dep was not loaded by openibd, don't unload it; fail with error. + if ! `echo $UNLOAD_MODULES | grep -q $dep` ; then + rm_mod $mod + else + unload_rec $dep + fi + done + fi + if is_module $mod ; then + if [ "X$RUNMODE" == "Xauto" ] && [ "X$mod" == "Xmlx4_core" ] && [ $UNLOAD_REC_TIMEOUT -gt 0 ]; then + let UNLOAD_REC_TIMEOUT-- + sleep 1 + unload_rec $mod + else + rm_mod $mod + fi + fi + fi +} + +rm_mod() +{ + local mod=$1 + shift + + unload_log=`/sbin/rmmod $mod 2>&1` + if [ $? -ne 0 ]; then + echo_failure $"Unloading $mod" + if [ ! -z "${unload_log}" ]; then + echo $unload_log + fi + # get_debug_info + [ ! -z $2 ] && echo $2 + exit 1 + fi +} + +unload() +{ + # Unload module $1 + local mod=$1 + local unload_log + + if is_module $mod; then + case $mod in + ib_ipath) + # infinipath depends on modprobe.conf remove rule + unload_rec $mod + sleep 2 + ;; + ib_qib) + if [ -x ${_truescale} ]; then + ${_truescale} stop + fi + + if [ -d /ipathfs ]; then + umount /ipathfs + rmdir /ipathfs + fi + + unload_rec $mod + sleep 2 + ;; + ib_mthca | mlx4_ib | mlx5_ib | ib_ehca | iw_cxgb3 | iw_cxgb4 | iw_nes | i40iw) + unload_rec $mod + sleep 2 + ;; + *) + unload_rec $mod + if [ $? -ne 0 ] || is_module $mod; then + # Try rmmod if modprobe failed: case that previous installation included more IB modules. + unload_rec $mod + fi + ;; + esac + fi +} + +stop() +{ + + # Check if Lustre is loaded + if ( grep -q "ko2iblnd" /proc/modules ); then + echo + echo "Please stop Lustre services before unloading the" + echo "Infiniband stack." + echo + exit 1 + fi + + if is_active_vf; then + echo "There are active virtual functions. Cannot continue..." + exit 1 + fi + + # Check if applications which use infiniband are running + local apps="opensm osmtest ibbs ibns ibacm iwpmd" + local pid + + for app in $apps + do + if ( /usr/bin/pgrep $app > /dev/null 2>&1 ); then + echo + echo "Please stop \"$app\" and all applications running over InfiniBand" + echo "Then run \"$0 $ACTION\"" + echo + exit 1 + fi + done + + # Lookup for remaining applications using infiniband devices + local entries + + if [ -d /dev/infiniband ]; then + entries=$(lsof +c 0 +d /dev/infiniband 2>/dev/null | grep -v "^COMMAND" | \ + awk '{print $1 " " $2 " " $3 " " $NF}' | sort -u) + fi + + if [ -n "$entries" ]; then + + echo "Please stop the following applications still using Infiniband devices:" + + while IFS= read -r entry; do + app=$(echo "$entry" | cut -f1 -d' ') + pid=$(echo "$entry" | cut -f2 -d' ') + owner=$(echo "$entry" | cut -f3 -d' ') + device=$(echo "$entry" | cut -f4 -d' ' | awk -F/ '{print $NF}') + + echo "$app($pid) user $owner is using device $device" + done <<< "$entries" + + echo + echo "Then run \"$0 $ACTION\"" + + exit 1 + fi + + # W/A for http://bugs.openfabrics.org/bugzilla/show_bug.cgi?id=2259 + for bond in $(cat /sys/class/net/bonding_masters 2> /dev/null) ; do + if_type=$(cat /sys/class/net/$bond/type 2> /dev/null) + if [ $if_type -eq 32 ] ; then + for slave in $(cat /sys/class/net/$bond/bonding/slaves 2> /dev/null) ; do + echo -$slave > /sys/class/net/$bond/bonding/slaves + done + echo -$bond > /sys/class/net/bonding_masters + fi + done + + # Check if open-iscsi is running and if there are open iSER sessions + if [ $(pidof iscsid | wc -w) -gt 0 ]; then + iser_session_cnt=$(iscsiadm -m session 2>&1 | grep -c "^iser") + + if [ $iser_session_cnt -gt 0 ]; then + echo + # If it's RH4, open-iscsi must be stopped before openibd + if [[ -f /etc/redhat-release && $(grep -c "Red Hat Enterprise Linux AS release 4" /etc/redhat-release) -eq 1 ]]; then + echo "Please stop open-iscsi: /etc/init.d/iscsi stop" + else + echo "Please logout from all open-iscsi over iSER sessions" + fi + echo "Then run \"$0 $ACTION\"" + echo + exit 1 + fi + fi + + # Check for any multipath devices running over SRP devices + if is_module ib_srp; then + for f in `/bin/ls /sys/class/scsi_host`; do + if [ -f /sys/class/scsi_host/$f/local_ib_port ]; then + for i in `/bin/ls /sys/class/scsi_host/$f/device/target*/*/block* | awk -F: '{print $NF}'` + do + holders=`ls /sys/block/$i/holders 2> /dev/null` + if [ -n "$holders" ]; then + echo "Please flush multipath devices running over SRP devices" + echo + exit 1 + fi + done + fi + done + fi + # Stop IPoIB HA daemon if running + if [ -f $ipoib_ha_pidfile ]; then + local line p + read line < $ipoib_ha_pidfile + for p in $line ; do + [ -z "${p//[0-9]/}" -a -d "/proc/$p" ] && ipoib_ha_pids="$ipoib_ha_pids $p" + done + /bin/rm -f $ipoib_ha_pidfile + fi + + if [ -n "${ipoib_ha_pids:-}" ]; then + kill -9 ${ipoib_ha_pids} > /dev/null 2>&1 + mcastpid=$(pidof -x mcasthandle) + if [ -n "${mcastpid:-}" ]; then + kill -9 ${mcastpid} > /dev/null 2>&1 + fi + fi + + # Stop SRP HA daemon if running + if [ -f $srp_daemon_pidfile ]; then + local line p + read line < $srp_daemon_pidfile + for p in $line ; do + [ -z "${p//[0-9]/}" -a -d "/proc/$p" ] && srp_daemon_pids="$srp_daemon_pids $p" + done + /bin/rm -f $srp_daemon_pidfile + fi + + if [ -n "${srp_daemon_pids:-}" ]; then + kill -15 ${srp_daemon_pids} > /dev/null 2>&1 + fi + + if [ "X${SRPHA_ENABLE}" == "Xyes" ]; then + /bin/rm -f /etc/udev/rules.d/91-srp.rules > /dev/null 2>&1 + mpath_pids=$(pidof -x multipath) + if [ -n "${mpath_pids:-}" ]; then + kill -9 ${mpath_pids} > /dev/null 2>&1 + fi + + if is_module ib_srp; then + for f in `/bin/ls /sys/class/scsi_host` + do + if [ -f /sys/class/scsi_host/$f/local_ib_port ]; then + for i in `/bin/ls -d /sys/class/scsi_host/$f/device/target*/*/block* | awk -F: '{print $NF}'` + do + mdev=`/sbin/scsi_id -g -s /block/$i 2> /dev/null` + if [ -n "${mdev}" ]; then + /sbin/multipath -f $mdev > /dev/null 2>&1 + fi + done + fi + done + fi + fi + + if [ -d /sys/class/infiniband_qlgc_vnic/ ]; then + if [ -x /etc/init.d/qlgc_vnic ]; then + /etc/init.d/qlgc_vnic stop 2>&1 1>/dev/null + fi + fi + + # Unload modules + if [ "$UNLOAD_MODULES" != "" ]; then + for mod in $UNLOAD_MODULES + do + unload $mod + done + fi + + # Unload mlx4_core + if is_module mlx4_core; then + is_ref mlx4_core + if [ $? -eq 0 ]; then + unload mlx4_core + elif is_module mlx4_en; then + # Unload mlx4_en if one or more of the following cases takes place: + # - No MLX4 eth devices present + # - mlx4_en module was not loaded by the openibd script + if (grep 0x15b3 /sys/class/net/eth*/device/vendor > /dev/null 2>&1) && [ "X$MLX4_EN_LOAD" != "Xyes" ]; then + echo "MLX4_EN module is loaded and in use." + echo "To unload MLX4_EN run: 'modprobe -r mlx4_en mlx4_core'" + else + unload mlx4_en + unload mlx4_core + fi + fi + fi + + if [ -x /sbin/sysctl_perf_tuning ] && [ "X${RUN_SYSCTL}" == "Xyes" ]; then + /sbin/sysctl_perf_tuning unload + fi + + /bin/rm -rf /dev/infiniband + echo_success $"Unloading HCA driver: " + sleep 1 +} + +status() +{ + local RC=0 + + if is_module ib_mthca || is_module mlx4_core || is_module mlx5_core || is_module ib_qib || is_module ib_ipath || is_module ib_ehca || is_module iw_cxgb3 || is_module iw_cxgb4 || is_module iw_nes || is_module i40iw; then + echo + echo " HCA driver loaded" + echo + else + echo + echo $"HCA driver is not loaded" + echo + fi + + if is_module ib_ipoib; then + get_interfaces + if [ -n "$interfaces" ]; then + echo $"Configured IPoIB devices:" + echo $interfaces + echo + echo $"Currently active IPoIB devices:" + + for i in $interfaces + do + if [[ ! -e ${NETWORK_CONF_DIR}/ifcfg-${i} ]]; then + continue + fi + echo `/sbin/ip -o link show $i | awk -F ": " '/UP>/ { print $2 }'` + RC=$? + done + fi + fi + + if is_module mlx4_en; then + get_mlx4_en_interfaces + if [ -n "$mlx4_en_interfaces" ]; then + echo $"Configured MLX4_EN devices:" + echo $mlx4_en_interfaces + echo + echo $"Currently active MLX4_EN devices:" + + for i in $mlx4_en_interfaces + do + echo `/sbin/ip -o link show $i | awk -F ": " '/UP>/ { print $2 }'` + done + fi + fi + + echo + + local cnt=0 + + for mod in $STATUS_MODULES + do + if is_module $mod; then + [ $cnt -eq 0 ] && echo "The following OFED modules are loaded:" && echo + let cnt++ + echo " $mod" + fi + done + + echo + + return $RC +} + + +RC=0 +start_time=$(date +%s | tr -d '[:space:]') + +trap_handler() +{ + let run_time=$(date +%s | tr -d '[:space:]')-${start_time} + + # Ask to wait for 5 seconds if trying to stop openibd + if [ $run_time -gt 5 ] && [ "$ACTION" == "stop" ]; then + printf "\nProbably some application are still using InfiniBand modules...\n" + else + printf "\nPlease wait ...\n" + fi + return 0 +} + +trap 'trap_handler' 2 9 15 + +case $ACTION in + start) + start + ;; + stop) + stop + ;; + restart) + stop + start + ;; + status) + status + ;; + *) + echo + echo "Usage: `basename $0` {start|stop|restart|status}" + echo + exit 1 + ;; +esac + +RC=$? +exit $RC diff --git a/grid5000/steps/data/setup/puppet/modules/env/files/base/infiniband/openibd.service b/grid5000/steps/data/setup/puppet/modules/env/files/base/infiniband/openibd.service new file mode 100644 index 0000000..d71e899 --- /dev/null +++ b/grid5000/steps/data/setup/puppet/modules/env/files/base/infiniband/openibd.service @@ -0,0 +1,22 @@ +[Unit] +SourcePath=/etc/init.d/openibd +Description=LSB: Activates/Deactivates InfiniBand Driver to start at boot time. +Before=runlevel2.target runlevel3.target runlevel5.target shutdown.target +After=local-fs.target network.target network-online.target +Conflicts=shutdown.target + +[Service] +Type=forking +Restart=no +TimeoutSec=5min +IgnoreSIGPIPE=no +KillMode=process +GuessMainPID=no +RemainAfterExit=yes +SysVStartPriority=1 +ExecStart=/etc/init.d/openibd start +ExecStop=/etc/init.d/openibd stop + +[Install] +WantedBy=multi-user.target +WantedBy=network-online.target diff --git a/grid5000/steps/data/setup/puppet/modules/env/files/base/kexec/kexec b/grid5000/steps/data/setup/puppet/modules/env/files/base/kexec/kexec new file mode 100644 index 0000000..5a7e9db --- /dev/null +++ b/grid5000/steps/data/setup/puppet/modules/env/files/base/kexec/kexec @@ -0,0 +1,13 @@ +# Defaults for kexec initscript +# sourced by /etc/init.d/kexec and /etc/init.d/kexec-load + +# Load a kexec kernel (true/false) +LOAD_KEXEC=false + +# Kernel and initrd image +KERNEL_IMAGE="/vmlinuz" +INITRD="/initrd.img" + +# If empty, use current /proc/cmdline +APPEND="" + diff --git a/grid5000/steps/data/setup/puppet/modules/env/files/base/mx/ip_over_mx b/grid5000/steps/data/setup/puppet/modules/env/files/base/mx/ip_over_mx new file mode 100644 index 0000000..d9f6ceb --- /dev/null +++ b/grid5000/steps/data/setup/puppet/modules/env/files/base/mx/ip_over_mx @@ -0,0 +1,13 @@ +#!/bin/sh + +set -e + +if [ "$IFACE" != "myri0" ]; then + exit 0 +fi + +SHORTNAME=$(hostname -s) + +/etc/init.d/mx start + +/sbin/ifconfig "$IFACE" $(gethostip -d "$SHORTNAME-$IFACE") netmask 255.255.240.0 up diff --git a/grid5000/steps/data/setup/puppet/modules/env/files/base/ndctl/ndctl.preset b/grid5000/steps/data/setup/puppet/modules/env/files/base/ndctl/ndctl.preset new file mode 100644 index 0000000..d487ae7 --- /dev/null +++ b/grid5000/steps/data/setup/puppet/modules/env/files/base/ndctl/ndctl.preset @@ -0,0 +1 @@ +disable ndctl-monitor.service diff --git a/grid5000/steps/data/setup/puppet/modules/env/files/base/sshfs/40-fuse.rules b/grid5000/steps/data/setup/puppet/modules/env/files/base/sshfs/40-fuse.rules new file mode 100644 index 0000000..9585111 --- /dev/null +++ b/grid5000/steps/data/setup/puppet/modules/env/files/base/sshfs/40-fuse.rules @@ -0,0 +1 @@ +KERNEL=="fuse", MODE="0666" diff --git a/grid5000/steps/data/setup/puppet/modules/env/files/base/tuning/limits-grid5000.conf b/grid5000/steps/data/setup/puppet/modules/env/files/base/tuning/limits-grid5000.conf new file mode 100644 index 0000000..9483bec --- /dev/null +++ b/grid5000/steps/data/setup/puppet/modules/env/files/base/tuning/limits-grid5000.conf @@ -0,0 +1,5 @@ +# Grid 5000 +# Needed for openmpi +* hard memlock unlimited +* soft memlock unlimited + diff --git a/grid5000/steps/data/setup/puppet/modules/env/files/base/tuning/sysctl-00-grid5000.conf b/grid5000/steps/data/setup/puppet/modules/env/files/base/tuning/sysctl-00-grid5000.conf new file mode 100644 index 0000000..ff44ed6 --- /dev/null +++ b/grid5000/steps/data/setup/puppet/modules/env/files/base/tuning/sysctl-00-grid5000.conf @@ -0,0 +1,6 @@ +# +# Grid'5000 Tuning +net.ipv4.tcp_rmem=4096 87380 67108864 +net.ipv4.tcp_wmem=4096 16384 67108864 +net.core.rmem_max = 4194304 +net.core.wmem_max = 4194304 diff --git a/grid5000/steps/data/setup/puppet/modules/env/files/base/userns/sysctl-00-userns.conf b/grid5000/steps/data/setup/puppet/modules/env/files/base/userns/sysctl-00-userns.conf new file mode 100644 index 0000000..575f6aa --- /dev/null +++ b/grid5000/steps/data/setup/puppet/modules/env/files/base/userns/sysctl-00-userns.conf @@ -0,0 +1,2 @@ +# Necessaire pour Nix +kernel.unprivileged_userns_clone=1 diff --git a/grid5000/steps/data/setup/puppet/modules/env/files/big/amd_gpu/70-amdgpu.rules b/grid5000/steps/data/setup/puppet/modules/env/files/big/amd_gpu/70-amdgpu.rules new file mode 100644 index 0000000..325f040 --- /dev/null +++ b/grid5000/steps/data/setup/puppet/modules/env/files/big/amd_gpu/70-amdgpu.rules @@ -0,0 +1,4 @@ +# INSTALLED BY PUPPET +KERNEL=="kfd", GROUP="8000", MODE="0660" +KERNEL=="card*", DRIVERS=="amdgpu", GROUP="8000", MODE="0660" +KERNEL=="renderD*", DRIVERS=="amdgpu", GROUP="8000", MODE="0660" diff --git a/grid5000/steps/data/setup/puppet/modules/env/files/big/kvm/60-qemu-system.rules b/grid5000/steps/data/setup/puppet/modules/env/files/big/kvm/60-qemu-system.rules new file mode 100644 index 0000000..c99e555 --- /dev/null +++ b/grid5000/steps/data/setup/puppet/modules/env/files/big/kvm/60-qemu-system.rules @@ -0,0 +1 @@ +KERNEL=="kvm", GROUP="8000", MODE="0666" diff --git a/grid5000/steps/data/setup/puppet/modules/env/files/big/kvm/create_tap b/grid5000/steps/data/setup/puppet/modules/env/files/big/kvm/create_tap new file mode 100644 index 0000000..273fbe4 --- /dev/null +++ b/grid5000/steps/data/setup/puppet/modules/env/files/big/kvm/create_tap @@ -0,0 +1,13 @@ +#!/bin/sh +set -e +BRIDGE="br0" +if [ -z "$SUDO_USER" ]; then + echo "error: SUDO_USER is not set" + exit 1 +fi +TAPDEV=`tunctl -b -u $SUDO_USER` +/sbin/brctl addif $BRIDGE $TAPDEV +ip link set $TAPDEV up +echo $TAPDEV >> /var/lib/oar/tap_devices_for_user_$SUDO_USER +chown oar:oar /var/lib/oar/tap_devices_for_user_$SUDO_USER +echo $TAPDEV diff --git a/grid5000/steps/data/setup/puppet/modules/env/files/big/kvm/random_mac b/grid5000/steps/data/setup/puppet/modules/env/files/big/kvm/random_mac new file mode 100644 index 0000000..9c2bc8a --- /dev/null +++ b/grid5000/steps/data/setup/puppet/modules/env/files/big/kvm/random_mac @@ -0,0 +1,38 @@ +#!/bin/sh + +SITE_NAME=$(hostname | cut -d. -f2) + +# Code the 2nd byte of the IP in the mac address, in order to avoid conflicts +# with g5k-subnets (see [[Virtual network interlink]]) + +if [ "x$SITE_NAME" = "xbordeaux" ] ; then + SITE_HEX=83 +elif [ "x$SITE_NAME" = "xlille" ] ; then + SITE_HEX=8b +elif [ "x$SITE_NAME" = "xlyon" ] ; then + SITE_HEX=8f +elif [ "x$SITE_NAME" = "xnancy" ] ; then + SITE_HEX=93 +elif [ "x$SITE_NAME" = "xrennes" ] ; then + SITE_HEX=9f +elif [ "x$SITE_NAME" = "xtoulouse" ] ; then + SITE_HEX=a3 +elif [ "x$SITE_NAME" = "xsophia" ] ; then + SITE_HEX=a7 +elif [ "x$SITE_NAME" = "xreims" ] ; then + SITE_HEX=ab +elif [ "x$SITE_NAME" = "xluxembourg" ] ; then + SITE_HEX=af +elif [ "x$SITE_NAME" = "xnantes" ] ; then + SITE_HEX=b3 +elif [ "x$SITE_NAME" = "xgrenoble" ] ; then + SITE_HEX=b7 +elif [ "x$SITE_NAME" = "xqualif" ] ; then + SITE_HEX=ff +else + # Orsay (or unknown site) + SITE_HEX=97 +fi + +MACADDR="00:16:3e:$SITE_HEX:$(dd if=/dev/urandom count=1 2>/dev/null | md5sum | sed 's/^\(..\)\(..\).*$/\1:\2/')" +echo $MACADDR diff --git a/grid5000/steps/data/setup/puppet/modules/env/files/big/kvm/sudoers b/grid5000/steps/data/setup/puppet/modules/env/files/big/kvm/sudoers new file mode 100644 index 0000000..2b5c5a8 --- /dev/null +++ b/grid5000/steps/data/setup/puppet/modules/env/files/big/kvm/sudoers @@ -0,0 +1,2 @@ +# Allow members of group g5k-users to create a tap interface and add it to the bridge +%g5k-users ALL=NOPASSWD: /usr/local/bin/create_tap, /usr/local/bin/mic-setup-my-user diff --git a/grid5000/steps/data/setup/puppet/modules/env/files/big/mic/85-mic.rules b/grid5000/steps/data/setup/puppet/modules/env/files/big/mic/85-mic.rules new file mode 100644 index 0000000..4ec0c5f --- /dev/null +++ b/grid5000/steps/data/setup/puppet/modules/env/files/big/mic/85-mic.rules @@ -0,0 +1,2 @@ +# Installed by puppet +KERNEL=="scif", SUBSYSTEM=="mic", MODE="666" diff --git a/grid5000/steps/data/setup/puppet/modules/env/files/big/mic/fstab b/grid5000/steps/data/setup/puppet/modules/env/files/big/mic/fstab new file mode 100644 index 0000000..fd00fd1 --- /dev/null +++ b/grid5000/steps/data/setup/puppet/modules/env/files/big/mic/fstab @@ -0,0 +1,2 @@ +nfs:/export/home /home nfs rsize=8192,wsize=8192,nolock,intr 0 0 +nfs:/export/grid5000 /grid5000 nfs rsize=8192,wsize=8192,nolock,intr 0 0 diff --git a/grid5000/steps/data/setup/puppet/modules/env/files/big/mic/mic0.filelist b/grid5000/steps/data/setup/puppet/modules/env/files/big/mic/mic0.filelist new file mode 100644 index 0000000..6f5d3cb --- /dev/null +++ b/grid5000/steps/data/setup/puppet/modules/env/files/big/mic/mic0.filelist @@ -0,0 +1,41 @@ +dir /etc/network 755 0 0 +file /etc/network/interfaces etc/network/interfaces 644 0 0 +file /etc/passwd etc/passwd 644 0 0 +file /etc/shadow etc/shadow 000 0 0 +dir /home 755 0 0 +dir /root 755 0 0 +dir /grid5000 755 0 0 +file /root/.profile root/.profile 644 0 0 +dir /home/micuser 755 400 400 +file /home/micuser/.profile home/micuser/.profile 644 400 400 +file /etc/group etc/group 644 0 0 +dir /root/.ssh 700 0 0 +file /root/.ssh/id_rsa.pub root/.ssh/id_rsa.pub 600 0 0 +file /root/.ssh/authorized_keys root/.ssh/authorized_keys 600 0 0 +file /root/.ssh/id_rsa root/.ssh/id_rsa 600 0 0 +file /etc/hostname etc/hostname 644 0 0 +file /etc/resolv.conf etc/resolv.conf 644 0 0 +file /etc/nsswitch.conf etc/nsswitch.conf 644 0 0 +dir /etc/ssh 755 0 0 +file /etc/ssh/ssh_host_key etc/ssh/ssh_host_key 600 0 0 +file /etc/ssh/ssh_host_key.pub etc/ssh/ssh_host_key.pub 644 0 0 +file /etc/ssh/ssh_host_rsa_key etc/ssh/ssh_host_rsa_key 600 0 0 +file /etc/ssh/ssh_host_rsa_key.pub etc/ssh/ssh_host_rsa_key.pub 644 0 0 +file /etc/ssh/ssh_host_dsa_key etc/ssh/ssh_host_dsa_key 600 0 0 +file /etc/ssh/ssh_host_dsa_key.pub etc/ssh/ssh_host_dsa_key.pub 644 0 0 +file /etc/ssh/ssh_host_ecdsa_key etc/ssh/ssh_host_ecdsa_key 600 0 0 +file /etc/ssh/ssh_host_ecdsa_key.pub etc/ssh/ssh_host_ecdsa_key.pub 644 0 0 +file /etc/localtime etc/localtime 644 0 0 +file /etc/fstab etc/fstab 644 0 0 +dir /etc/init.d 0755 0 0 +dir /etc/rc5.d 0755 0 0 +file /etc/init.d/timesync etc/init.d/timesync 0755 0 0 +slink /etc/rc5.d/S01timesync ../init.d/timesync 0755 0 0 +dir /etc/init.d 0755 0 0 +dir /etc/rc5.d 0755 0 0 +file /etc/init.d/sysonline etc/init.d/sysonline 0755 0 0 +slink /etc/rc5.d/S99sysonline ../init.d/sysonline 0755 0 0 +file /etc/init.d/pm etc/init.d/pm 0755 0 0 +slink /etc/rc5.d/S90pm ../init.d/pm 0755 0 0 +file /etc/hosts etc/hosts 644 0 0 +slink /opt/intel /grid5000/software/intel 0777 0 0 diff --git a/grid5000/steps/data/setup/puppet/modules/env/files/big/mic/mpss b/grid5000/steps/data/setup/puppet/modules/env/files/big/mic/mpss new file mode 100644 index 0000000..56a1a94 --- /dev/null +++ b/grid5000/steps/data/setup/puppet/modules/env/files/big/mic/mpss @@ -0,0 +1,191 @@ +#!/bin/bash +# Copyright 2010-2013 Intel Corporation. +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License, version 2, +# as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software Foundation, +# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# +# Disclaimer: The codes contained in these modules may be specific to +# the Intel Software Development Platform codenamed Knights Ferry, +# and the Intel product codenamed Knights Corner, and are not backward +# compatible with other Intel products. Additionally, Intel will NOT +# support the codes or instruction set in future products. +# +# Intel offers no warranty of any kind regarding the code. This code is +# licensed on an "AS IS" basis and Intel is not obligated to provide +# any support, assistance, installation, training, or other services +# of any kind. Intel is also not obligated to provide any updates, +# enhancements or extensions. Intel specifically disclaims any warranty +# of merchantability, non-infringement, fitness for any particular +# purpose, and any other warranty. +# +# Further, Intel disclaims all liability of any kind, including but +# not limited to liability for infringement of any proprietary rights, +# relating to the use of the code, even if Intel is notified of the +# possibility of such liability. Except as expressly stated in an Intel +# license agreement provided with this code and agreed upon with Intel, +# no license, express or implied, by estoppel or otherwise, to any +# intellectual property rights is granted herein. +# +# mpss Start mpssd. +# +# chkconfig: 2345 95 05 +# description: start MPSS stack processing. +# +### BEGIN INIT INFO +# Provides: mpss +# Required-Start: +# Required-Stop: iptables +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: MPSS stack control +# Description: MPSS stack control +### END INIT INFO + +exec=/usr/sbin/mpssd +sysfs="/sys/class/mic" + +. /lib/lsb/init-functions + +start() +{ + [ -x $exec ] || exit 5 + + # add directory to standard library search path + if [ ! -f /etc/ld.so.conf.d/mic.conf ]; then + echo "/usr/lib64/" > /etc/ld.so.conf.d/mic.conf + ldconfig + fi + + # create ssh key for root + if [ ! -f /root/.ssh/id_rsa ]; then + ssh-keygen -t rsa -P "" -f /root/.ssh/id_rsa + fi + + # enable access to nfs for mic (not needed with bridge) +# iptables -t nat -A POSTROUTING -s 192.168.0.0/16 -j MASQUERADE +# echo 1 >/proc/sys/net/ipv4/ip_forward + + # Ensure the driver is loaded + [ -d "$sysfs" ] || modprobe mic + + echo -n $"Starting MPSS Stack: " + + [ -d "/var/lock/subsys" ] || mkdir /var/lock/subsys + micctrl --initdefaults + start-stop-daemon --start --exec $exec + + if [ "`ps -e | awk '{print $4}' | grep mpssd`" = "mpssd" ]; then + echo + micctrl -s + return 0 + fi + + micctrl -w 1> /dev/null + micctrl -s +} + +stop() +{ + echo -n $"Shutting down MPSS Stack: " + + WAITRET=0 + MPSSD=`ps ax | grep /usr/sbin/mpssd | grep -v grep` + + if [ "$MPSSD" = "" ]; then + echo + return 0; + fi + + MPSSDPID=`echo $MPSSD | awk '{print $1}'` + kill -s QUIT $MPSSDPID > /dev/null 2>/dev/null + RETVAL=$? + + if [ $RETVAL = 0 ]; then + while [ "`ps -e | awk '{print $4}' | grep mpssd`" = "mpssd" ]; do sleep 1; done + micctrl -w 1> /dev/null + WAITRET=$? + if [ $WAITRET = 9 ]; then + echo -n $"Shutting down MPSS Stack by force: " + micctrl -r 1> /dev/null + RETVAL=$? + if [ $RETVAL = 0 ]; then + micctrl -w 1> /dev/null + WAITRET=$? + fi + fi + fi + +} + +restart() +{ + stop + start +} + +status() +{ + if [ "`ps -e | awk '{print $4}' | grep mpssd`" = "mpssd" ]; then + echo "mpss is running" + STOPPED=0 + else + echo "mpss is stopped" + STOPPED=3 + fi + return $STOPPED +} + +unload() +{ + if [ ! -d "$sysfs" ]; then + return + fi + + stop + RETVAL=$? + + echo $"Removing MIC Module: " + + if [ $RETVAL = 0 ]; then + sleep 1 + modprobe -r mic + RETVAL=$? + fi + + if [ $RETVAL -ne 0 ]; then + rc_failed 3 + fi + echo + return $RETVAL +} + +case $1 in + start) + start + ;; + stop) + stop + ;; + restart) + restart + ;; + status) + status + ;; + unload) + unload + ;; + *) + echo $"Usage: $0 {start|stop|restart|status|unload}" +esac + diff --git a/grid5000/steps/data/setup/puppet/modules/env/files/big/nvidia/cuda.conf b/grid5000/steps/data/setup/puppet/modules/env/files/big/nvidia/cuda.conf new file mode 100644 index 0000000..8bd574f --- /dev/null +++ b/grid5000/steps/data/setup/puppet/modules/env/files/big/nvidia/cuda.conf @@ -0,0 +1 @@ +/usr/local/cuda/lib64 diff --git a/grid5000/steps/data/setup/puppet/modules/env/files/big/nvidia/dcgm-exporter.service b/grid5000/steps/data/setup/puppet/modules/env/files/big/nvidia/dcgm-exporter.service new file mode 100644 index 0000000..ed87bd8 --- /dev/null +++ b/grid5000/steps/data/setup/puppet/modules/env/files/big/nvidia/dcgm-exporter.service @@ -0,0 +1,16 @@ +[Unit] +Description=NVIDIA DCGM prometheus exporter service +After=network.target +# Ensure that /dev/nvidia0 is created by first calling nvidia-smi. +# If no GPU is found, nvidia-smi will not create /dev/nvidia0 and we will not run. +Wants=nvidia-smi.service +After=nvidia-smi.service +ConditionPathExists=/dev/nvidia0 + +[Service] +Type=simple +ExecStart=/usr/sbin/dcgm-exporter +Restart=on-failure + +[Install] +WantedBy=multi-user.target diff --git a/grid5000/steps/data/setup/puppet/modules/env/files/big/nvidia/ganglia-monitor.service b/grid5000/steps/data/setup/puppet/modules/env/files/big/nvidia/ganglia-monitor.service new file mode 100644 index 0000000..d7b8211 --- /dev/null +++ b/grid5000/steps/data/setup/puppet/modules/env/files/big/nvidia/ganglia-monitor.service @@ -0,0 +1,25 @@ +# INSTALLED BY PUPPET + +[Unit] +SourcePath=/etc/init.d/ganglia-monitor +Description=(null) +Before=runlevel2.target runlevel3.target runlevel4.target runlevel5.target shutdown.target +After=network-online.target nss-lookup.target remote-fs.target systemd-journald-dev-log.socket +Wants=network-online.target +Conflicts=shutdown.target + +[Service] +Type=forking +Restart=no +TimeoutSec=5min +IgnoreSIGPIPE=no +KillMode=process +GuessMainPID=no +RemainAfterExit=yes +SysVStartPriority=2 +ExecStartPre=/bin/bash -c "[[ $(lsmod | grep -ic nvidia) -eq 0 ]] && rm -f /etc/ganglia/conf.d/{nvidia.pyconf,modpython-nvidia.conf} || true" +ExecStart=/etc/init.d/ganglia-monitor start +ExecStop=/etc/init.d/ganglia-monitor stop + +[Install] +WantedBy=multi-user.target diff --git a/grid5000/steps/data/setup/puppet/modules/env/files/big/nvidia/modpython-nvidia.conf b/grid5000/steps/data/setup/puppet/modules/env/files/big/nvidia/modpython-nvidia.conf new file mode 100644 index 0000000..3e95248 --- /dev/null +++ b/grid5000/steps/data/setup/puppet/modules/env/files/big/nvidia/modpython-nvidia.conf @@ -0,0 +1,13 @@ +/* + INSTALLED BY PUPPET +*/ + +modules { + module { + name = "python_module" + path = "/usr/lib/ganglia/modpython.so" + params = "/usr/lib/ganglia/python_modules" + } +} + +include ('/etc/ganglia/conf.d/nvidia.pyconf') diff --git a/grid5000/steps/data/setup/puppet/modules/env/files/big/nvidia/nvidia-persistenced.service b/grid5000/steps/data/setup/puppet/modules/env/files/big/nvidia/nvidia-persistenced.service new file mode 100644 index 0000000..1c8569c --- /dev/null +++ b/grid5000/steps/data/setup/puppet/modules/env/files/big/nvidia/nvidia-persistenced.service @@ -0,0 +1,18 @@ +[Unit] +Description=NVIDIA Persistence Daemon +Wants=syslog.target +# Ensure that /dev/nvidia0 is created by first calling nvidia-smi. +# If no GPU is found, nvidia-smi will not create /dev/nvidia0 and we will not run. +Wants=nvidia-smi.service +After=nvidia-smi.service +ConditionPathExists=/dev/nvidia0 + +[Service] +Type=forking +PIDFile=/var/run/nvidia-persistenced/nvidia-persistenced.pid +Restart=always +ExecStart=/usr/bin/nvidia-persistenced --verbose +ExecStopPost=/bin/rm -rf /var/run/nvidia-persistenced + +[Install] +WantedBy=multi-user.target diff --git a/grid5000/steps/data/setup/puppet/modules/env/files/big/nvidia/nvidia-smi.service b/grid5000/steps/data/setup/puppet/modules/env/files/big/nvidia/nvidia-smi.service new file mode 100644 index 0000000..e3eb471 --- /dev/null +++ b/grid5000/steps/data/setup/puppet/modules/env/files/big/nvidia/nvidia-smi.service @@ -0,0 +1,12 @@ +[Unit] +Description=Call nvidia-smi once to create /dev/nvidiaX + +[Service] +Type=oneshot +# Ignore the exit code: the command fails when no GPU is found +ExecStart=-/usr/bin/nvidia-smi +# Ignore stdout: error messages are expected when there is no GPU +StandardOutput=null + +[Install] +WantedBy=multi-user.target diff --git a/grid5000/steps/data/setup/puppet/modules/env/files/min/apt/grid5000-archive-key.asc b/grid5000/steps/data/setup/puppet/modules/env/files/min/apt/grid5000-archive-key.asc new file mode 100644 index 0000000..3d5350a --- /dev/null +++ b/grid5000/steps/data/setup/puppet/modules/env/files/min/apt/grid5000-archive-key.asc @@ -0,0 +1,52 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBFuSnqEBEADJ+sFR94jY2uGHWOwlfmHEvsiqzX4BQdpSlLz7S/Gs7go6RtAU +cZLT7ehp1dG/QJdgSCqBZ2xTbDHnMYm7hv9/LnKd/YJuRzHjr0fXbZ9rOAc7D6TB +Cr1VgjJN5fIgCG5LWs6xPpxFL9XSZdiOE/xPMcygiHkSnEjlShccO3PQmoSUrYEz +K3YxIcDjBmJcFpk2ay1gpxBi54KtY4aaYy1tZneEIMBh1aybqilbQhM9qIyz7fp8 +mKkq4/XQkXc1VvfSyLn2vM0cOtkD0X9FCU5v7lEri6tgpajHqEcQyRziDfWDC+33 +1OMvQgeBoqR6WfW13cquxA15JO873Cwwl52U5IriB52m3nd73UboLQjThyu7V/id +ZGUFMNO/VvCBclA/uoZhRkOaTrfWXfhNnBMdJxppHrWAk5rEja+DXItNZtS4LqPa +rBQvPszTC3PKGZS7DlSCU9C+orb08I4GZe2Y7ccEyOPIRowyleorROR2yPuxeN3w +Ht330RX5UTk8InUYlh5PSLfRcfY5sjYAbayRXxJlDudl+DrJDkrfRnnU8zjqceDx +rjHedofcfn16JwlR86MrPyEvfOsJ4pE9haVyOgfJsDe5PBimxddyevEFx8pYEJfi +K15tx2/mYWWN10N4sx/lR0HvL75kllQW85JdL9rQLPQsqx23A1DkCnC1iwARAQAB +tEJwYWNrYWdlcy5ncmlkNTAwMC5mciBBcmNoaXZlIEtleSA8c3VwcG9ydC1zdGFm +ZkBsaXN0cy5ncmlkNTAwMC5mcj6JAk4EEwEIADgWIQQ8OL3qoF1Ke+14FeWx809W +eXvy0QUCW5KeoQIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRCx809WeXvy +0aF+EACvChuPyo47akv7HKnsxUq4KlraDmY2w0cFXL0Pavy2Kr8uui5AaSMPcgEb +drAsHd0vb8Xr9dz4my6W3Iw6dIOb6R+1JjRK3DXeBFsV/RYSKK4MZ+moJ37yTQof +0eJaYwJaeZoYBMHCfffLGOr063MB7YE+B3PCM6wHBaRUSRCotHZrzNZJSbWftEq+ +zVkZcuZU9o9bM0vCwgEnjgNiEieeQNBw64NAySm/xjC1eHjscEchK2jvyIWqqW3y +LfbWmUaoYS0JL6m2SirocC/In+vTtsZUlpNaw1XEMG3dTUYI57FlZu5HXQEwLUlR +CNtxlZDyqLP88KB5uPnRFJP34A+BCiitJhXHLn105kDaKEY8h6gx4rVweSFj5TOd +nqgcGvStoOq87UYXtCHieGnP7W4ZkDNMwnBcMSXG+Ha3nc1BOJ9X7UavqJzPJM65 +W5bs152Ga81w7ILeegH+rGUixAz7hHOREMG1bfkk+urVadaPvgnC/qEO2JW6S/8k +eS45UKpKUtqg8mKt1ZC5iqnDdFCg3BtdWtLd4BzffunpoOz0YmnPx1x8/nLXhzlb +vdblITIvqiqlyRJmH1tL12e3/+4PulvO3OAPKitUfTjDrS9hS5y4U9ZPMZjp1/wi +IULywOcOPQebaffH/o2Nmcn/KTUVLDYb7s2sOR4wjhaljTsokLkCDQRbkp6hARAA +4pTzdSXs6wEmUiIUuC8/vUSQyqcXpB+7DbbPaAXEE9A/3V3c5fuRdwUZBcaSQBnq +JkCyYJIVMFW6Y1Y2ZUXs5FYIagVmPfgL8v+YPtBH0T9FZ+f+JdDSRiGw0GSEE7vH +qQ8ClnKITrImCADVYNh7cmaPGYFlkdCHiguWMmqigxiXbgnYSdl59XkuTs8ugREy +0/BRrwngmUrCAzd8viMGt3PJyssgXVbtx4lDQDGYMPrT+5a30xZvWxbl0pG3hJyY +M6hBqF+d/u410+KJ8CX2pEXiqzeddgsjhqtvsqb8Vu6fAurCfDD95Axf59vjyvu5 +DyODicu7DqxldEFwcPb7vvuDdVkmC3LNaAEbxMJDWs72wHMy/35QBEbn9I7qOZK5 +TknjFA/VhGCYRRYyPzZe9Y57iiWGjFPxlhZ7ePLis+JmxPeFcsc9jT7ozAB0vN1e +YDGOwHBv/m1+8YVuqzyV3xChxCtzXU6verBqYezSHZAa8IGPa0dxwklnRWy++MtO +mCNQS+54Gf2+BlkmSaIUKJu51bIZRvnyJgeDjxQVYEgViS5u2pGe7h0iu6bAeFKz +kj6XhgfgRoAJH0wFNIRBJGF9KG0uBCnSu2C4D0A/DhW1C/rCgvj6aNH1QpjlTvOm +pGT/+kxFw5HOnng6ziQ2z15I0hl/qm9lRLig8QqsdlUAEQEAAYkCNgQYAQgAIBYh +BDw4veqgXUp77XgV5bHzT1Z5e/LRBQJbkp6hAhsMAAoJELHzT1Z5e/LRZosP/0nB +/5RE09QJr20SuPG7mhKBGQbRRliHTIp8Q4UfD1tsMPvo60c1lzaU6ht7k2rYFSNV +2b3sCJBCWx3Xc88uyCKKkGWAOdCmz17wBbqJEY41mT0AxdjoKozeD09VOcraODQ7 +D6jfcR3NqPjAuMAxlS1sM1G1ECJ6gfK0QEBKmlmOwU4pzAIrniRZ9Pjf4tgfGLJK +/11U5C3OG2aImhX7PiaWHQNn4p8LkWVvPxGP99Jb42z+34xtuGajwOqLEDh7Wftc +xUzwu2BgjZQzwlQHbULVNOcx00gpXYJt5WheZ4bStZNWdTyQaWYn0GabDLaU3bdp +/00CWn0XBlWTmpMuaErN5PcRLJQJ22PNA6Jz9OsHfIhpgou1MHlA7zWIXYapuytq +ixaHgdGcjB1bAjWLeZU5ttECpUEpeyBSKLFawWvCzOScUV6e2VrADxagfsnSCQHQ +UG6qv9JNmlmKo3zw42CzeSA03wmGY188kbhJMCUU6bJ8G20q9p1Xy9KEIOVgk5QZ +NU4AKejAuwulbeQkPjz1aatp/PyveuSQJTPrd9S45cYShg6Plvi+egSU9E8ciehY +nVpWhVxwHSvNi9lqHNBYU2otM8ShJzk9xmHOLTeg/s7zXyTvsZpXQn6yNSvc3BOh +aBSpMPFlS9PyaAHZjk9nsRKLwjP/SI7YJbwWPPwi +=ETJ1 +-----END PGP PUBLIC KEY BLOCK----- diff --git a/grid5000/steps/data/setup/puppet/modules/env/files/min/cpu_microcode/amd64-microcode b/grid5000/steps/data/setup/puppet/modules/env/files/min/cpu_microcode/amd64-microcode new file mode 100644 index 0000000..1a4d194 --- /dev/null +++ b/grid5000/steps/data/setup/puppet/modules/env/files/min/cpu_microcode/amd64-microcode @@ -0,0 +1,12 @@ +# Configuration script for amd64-microcode version 3 + +# +# initramfs helper +# + +# +# Set this to "no" to disable automatic microcode updates on boot; +# Set this to "early" to always install microcode updates to the early initramfs +# Set this to "auto" to autodetect mode for current system (default); +# +AMD64UCODE_INITRAMFS=early diff --git a/grid5000/steps/data/setup/puppet/modules/env/files/min/cpu_microcode/intel-microcode b/grid5000/steps/data/setup/puppet/modules/env/files/min/cpu_microcode/intel-microcode new file mode 100644 index 0000000..a3626dd --- /dev/null +++ b/grid5000/steps/data/setup/puppet/modules/env/files/min/cpu_microcode/intel-microcode @@ -0,0 +1,27 @@ +# Configuration script for intel-microcode version 3 + +# +# initramfs helper +# + +# Set this to "no" to disable automatic microcode updates on boot; +# Set this to "auto" to use early initramfs mode automatically (default); +# Set this to "early" to always attempt to create an early initramfs; +IUCODE_TOOL_INITRAMFS=yes + +# Set this to "yes" (default) to use "iucode_tool --scan-system" to reduce +# the initramfs size bloat, by detecting which Intel processors are active +# in this system, and installing only their microcodes. +# +# Set this to "no" to either include all microcodes, or only the microcodes +# selected through the use of IUCODE_TOOL_EXTRA_OPTIONS below. +# +# WARNING: including all microcodes will increase initramfs size greatly. +# This can cause boot issues if the initramfs is already large. +IUCODE_TOOL_SCANCPUS=no + +# Extra options to pass to iucode_tool, useful to forbid or to +# force the inclusion of microcode for specific processor signatures. +# See iucode_tool(8) for details. +#IUCODE_TOOL_EXTRA_OPTIONS="" + diff --git a/grid5000/steps/data/setup/puppet/modules/env/files/min/image_versioning/git_tag b/grid5000/steps/data/setup/puppet/modules/env/files/min/image_versioning/git_tag new file mode 100644 index 0000000..3fc2634 --- /dev/null +++ b/grid5000/steps/data/setup/puppet/modules/env/files/min/image_versioning/git_tag @@ -0,0 +1,2 @@ +# This file will contains git tag of repository used to build the image. +# This git tag will be extracted by kameleon diff --git a/grid5000/steps/data/setup/puppet/modules/env/files/min/image_versioning/postinst b/grid5000/steps/data/setup/puppet/modules/env/files/min/image_versioning/postinst new file mode 100644 index 0000000..5f5114e --- /dev/null +++ b/grid5000/steps/data/setup/puppet/modules/env/files/min/image_versioning/postinst @@ -0,0 +1,3 @@ +# This file is intended to be completed by kameleon and contains the path of the postinstall used by kadeploy to deploy this image +# If this file is changed (postinstall increment), the version of the image must be incremented as well. +# To avoid any unfortunate forgetting, this path is stored in the tgz to change the tgz checksum. diff --git a/grid5000/steps/data/setup/puppet/modules/env/files/min/locales/locale b/grid5000/steps/data/setup/puppet/modules/env/files/min/locales/locale new file mode 100644 index 0000000..a709cd8 --- /dev/null +++ b/grid5000/steps/data/setup/puppet/modules/env/files/min/locales/locale @@ -0,0 +1,3 @@ +LANGUAGE=en_US:en +LANG=en_US.UTF-8 +LC_ALL=en_US.UTF-8 diff --git a/grid5000/steps/data/setup/puppet/modules/env/files/min/locales/locale.gen b/grid5000/steps/data/setup/puppet/modules/env/files/min/locales/locale.gen new file mode 100644 index 0000000..a66d814 --- /dev/null +++ b/grid5000/steps/data/setup/puppet/modules/env/files/min/locales/locale.gen @@ -0,0 +1 @@ +en_US.UTF-8 UTF-8 diff --git a/grid5000/steps/data/setup/puppet/modules/env/files/min/network/g5k-update-host-name b/grid5000/steps/data/setup/puppet/modules/env/files/min/network/g5k-update-host-name new file mode 100644 index 0000000..0422d0e --- /dev/null +++ b/grid5000/steps/data/setup/puppet/modules/env/files/min/network/g5k-update-host-name @@ -0,0 +1,16 @@ + +if [ -n "$new_host_name" ]; then + if ! echo "$new_host_name" | egrep -q '^.*-eth.*$'; then + if [ -n "$new_domain_name" ]; then + hostname="${new_host_name}.${new_domain_name}" + else + hostname="${new_host_name}" + fi + + echo "$hostname" > /etc/hostname 2> /dev/null + hostname "$hostname" + echo "$hostname" > /etc/mailname 2> /dev/null + fi + systemctl restart syslog +fi + diff --git a/grid5000/steps/data/setup/puppet/modules/env/files/min/network/hosts b/grid5000/steps/data/setup/puppet/modules/env/files/min/network/hosts new file mode 100644 index 0000000..0d49331 --- /dev/null +++ b/grid5000/steps/data/setup/puppet/modules/env/files/min/network/hosts @@ -0,0 +1,10 @@ +127.0.0.1 localhost + +# The following lines are desirable for IPv6 capable hosts +::1 ip6-localhost ip6-loopback +fe00::0 ip6-localnet +ff00::0 ip6-mcastprefix +ff02::1 ip6-allnodes +ff02::2 ip6-allrouters +ff02::3 ip6-allhosts + diff --git a/grid5000/steps/data/setup/puppet/modules/env/files/nfs/ldap/ca2019.grid5000.fr.cert b/grid5000/steps/data/setup/puppet/modules/env/files/nfs/ldap/ca2019.grid5000.fr.cert new file mode 100644 index 0000000..ee8b084 --- /dev/null +++ b/grid5000/steps/data/setup/puppet/modules/env/files/nfs/ldap/ca2019.grid5000.fr.cert @@ -0,0 +1,26 @@ +-----BEGIN CERTIFICATE----- +MIIEbjCCA1agAwIBAgIJAJceqF9a8UnpMA0GCSqGSIb3DQEBCwUAMH0xCzAJBgNV +BAYTAkZSMREwDwYDVQQKDAhHcmlkNTAwMDEOMAwGA1UECwwFSU5SSUExGzAZBgNV +BAMMEmNhMjAxOS5ncmlkNTAwMC5mcjEuMCwGCSqGSIb3DQEJARYfc3VwcG9ydC1z +dGFmZkBsaXN0cy5ncmlkNTAwMC5mcjAeFw0xOTA1MTMxMjQyNTdaFw0zNDA1MDkx +MjQyNTdaMH0xCzAJBgNVBAYTAkZSMREwDwYDVQQKDAhHcmlkNTAwMDEOMAwGA1UE +CwwFSU5SSUExGzAZBgNVBAMMEmNhMjAxOS5ncmlkNTAwMC5mcjEuMCwGCSqGSIb3 +DQEJARYfc3VwcG9ydC1zdGFmZkBsaXN0cy5ncmlkNTAwMC5mcjCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAKcIXPnhkWgYLwUgSm1quyt62Lh4OApekYwc +TA4S3by1nnOhYTbKnKe+chm5xKgt1oKA442DzAA85tffZ9QRCcuDMMRXN8Xywc74 +nqQ66zX2Kxiav8ncHzJSTPn+PjlYaJHl59eVa9Rb0bQk36tIt+lnno6N6bJhVNID +FoOxK0SCjPg72Sa+pwzYJksFFRdbB2cwnzRPTnH3Q2k+ofzB82xKPGjEQOCfs2SK +7uvsJvN/wG+UID+yJSY0S+6FSeTBScJAALxskP2Wuyp1VQ1a4pOfPE1IrFEu8O8W +3oy91WQYnpjBUMFdrW1TK4EcXUU8jeyXk5Bwn6l5+Fe+yAP08pECAwEAAaOB8DCB +7TAdBgNVHQ4EFgQU/rp9soPqEmpIs083TeggATSu6T8wgbAGA1UdIwSBqDCBpYAU +/rp9soPqEmpIs083TeggATSu6T+hgYGkfzB9MQswCQYDVQQGEwJGUjERMA8GA1UE +CgwIR3JpZDUwMDAxDjAMBgNVBAsMBUlOUklBMRswGQYDVQQDDBJjYTIwMTkuZ3Jp +ZDUwMDAuZnIxLjAsBgkqhkiG9w0BCQEWH3N1cHBvcnQtc3RhZmZAbGlzdHMuZ3Jp +ZDUwMDAuZnKCCQCXHqhfWvFJ6TAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjAN +BgkqhkiG9w0BAQsFAAOCAQEAVCfhuFJ3VouWWYqMrM10cMiF4E3GYUdGfnB9ecaQ +5UKjN1kdiOdVf+luXZksfljIOCXN8eY5+NMOm+7uzawOKuVqsxvfLt7duKbP2yw4 +VmQMfWn6/zhkkJR0/QFXchvzii5dWXNb6JJj/Z7cuy7i8/sapUtS5gnqxkYuE8og +3duLwaW96cZI5aAqdcz4t+BADn+Sk0EY4fhyRxq3vMDw7yzY+07iIOSMVLuLDIIa +hIXFonphQGPD9Asz2EOBbJN6JRC+RWtniLT6BqghFvz+cLXFCqTqJvf+YRs11xwn +uqCzvhyO0cW+/oBUvyAb6uP/kM2ABkidw1g5hNsvPdBCvQ== +-----END CERTIFICATE----- diff --git a/grid5000/steps/data/setup/puppet/modules/env/files/nfs/ldap/common-auth b/grid5000/steps/data/setup/puppet/modules/env/files/nfs/ldap/common-auth new file mode 100644 index 0000000..3e92893 --- /dev/null +++ b/grid5000/steps/data/setup/puppet/modules/env/files/nfs/ldap/common-auth @@ -0,0 +1,13 @@ +# +# /etc/pam.d/common-auth - authentication settings common to all services +# +# This file is included from other service-specific PAM config files, +# and should contain a list of the authentication modules that define +# the central authentication scheme for use on the system +# (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the +# traditional Unix authentication mechanisms. +# +#auth required pam_unix.so nullok_secure + +auth sufficient pam_ldap.so +auth requisite pam_unix.so use_first_pass nullok_secure diff --git a/grid5000/steps/data/setup/puppet/modules/env/files/nfs/ldap/common-password b/grid5000/steps/data/setup/puppet/modules/env/files/nfs/ldap/common-password new file mode 100644 index 0000000..74f1425 --- /dev/null +++ b/grid5000/steps/data/setup/puppet/modules/env/files/nfs/ldap/common-password @@ -0,0 +1,34 @@ +# +# /etc/pam.d/common-password - password-related modules common to all services +# +# This file is included from other service-specific PAM config files, +# and should contain a list of modules that define the services to be +# used to change user passwords. The default is pam_unix. + +# Explanation of pam_unix options: +# +# The "nullok" option allows users to change an empty password, else +# empty passwords are treated as locked accounts. +# +# The "md5" option enables MD5 passwords. Without this option, the +# default is Unix crypt. +# +# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in +# login.defs. +# +# You can also use the "min" option to enforce the length of the new +# password. +# +# See the pam_unix manpage for other options. + +password sufficient pam_ldap.so +password required pam_unix.so nullok obscure md5 + +# Alternate strength checking for password. Note that this +# requires the libpam-cracklib package to be installed. +# You will need to comment out the password line above and +# uncomment the next two in order to use this. +# (Replaces the `OBSCURE_CHECKS_ENAB', `CRACKLIB_DICTPATH') +# +# password required pam_cracklib.so retry=3 minlen=6 difok=3 +# password required pam_unix.so use_authtok nullok md5 diff --git a/grid5000/steps/data/setup/puppet/modules/env/files/nfs/ldap/ldap.conf b/grid5000/steps/data/setup/puppet/modules/env/files/nfs/ldap/ldap.conf new file mode 100644 index 0000000..16557a1 --- /dev/null +++ b/grid5000/steps/data/setup/puppet/modules/env/files/nfs/ldap/ldap.conf @@ -0,0 +1,20 @@ +# +# LDAP Defaults +# + +# See ldap.conf(5) for details +# This file should be world readable but not world writable. + +#BASE dc=example,dc=com +#URI ldap://ldap.example.com ldap://ldap-master.example.com:666 + +#SIZELIMIT 12 +#TIMELIMIT 15 +#DEREF never + +base dc=grid5000,dc=fr +uri ldaps://ldap/ +ldap_version 3 + +tls_cacert /etc/ldap/certificates/ca2019.grid5000.fr.cert +tls_reqcert demand diff --git a/grid5000/steps/data/setup/puppet/modules/env/files/nfs/ldap/libnss-ldap.conf b/grid5000/steps/data/setup/puppet/modules/env/files/nfs/ldap/libnss-ldap.conf new file mode 100644 index 0000000..626cccd --- /dev/null +++ b/grid5000/steps/data/setup/puppet/modules/env/files/nfs/ldap/libnss-ldap.conf @@ -0,0 +1,324 @@ +# the configuration of this file will be done by debconf as long as the +# first line of the file says '###DEBCONF###' +# +# you should use dpkg-reconfigure libnss-ldap to configure this file. +# +# @(#)$Id: ldap.conf,v 2.48 2008/07/03 02:30:29 lukeh Exp $ +# +# This is the configuration file for the LDAP nameservice +# switch library and the LDAP PAM module. +# +# PADL Software +# http://www.padl.com +# + +# Your LDAP server. Must be resolvable without using LDAP. +# Multiple hosts may be specified, each separated by a +# space. How long nss_ldap takes to failover depends on +# whether your LDAP client library supports configurable +# network or connect timeouts (see bind_timelimit). +#host 127.0.0.1 + +# The distinguished name of the search base. +base dc=grid5000,dc=fr + +# Another way to specify your LDAP server is to provide an +uri ldaps://ldap/ +# Unix Domain Sockets to connect to a local LDAP Server. +#uri ldap://127.0.0.1/ +#uri ldaps://127.0.0.1/ +#uri ldapi://%2fvar%2frun%2fldapi_sock/ +# Note: %2f encodes the '/' used as directory separator + +# The LDAP version to use (defaults to 3 +# if supported by client library) +ldap_version 3 + +# The distinguished name to bind to the server with. +# Optional: default is to bind anonymously. +# Please do not put double quotes around it as they +# would be included literally. +#binddn cn=proxyuser,dc=padl,dc=com + +# The credentials to bind with. +# Optional: default is no credential. +#bindpw secret + +# The distinguished name to bind to the server with +# if the effective user ID is root. Password is +# stored in /etc/libnss-ldap.secret (mode 600) +# Use 'echo -n "mypassword" > /etc/libnss-ldap.secret' instead +# of an editor to create the file. +#rootbinddn cn=manager,dc=example,dc=net + +# The port. +# Optional: default is 389. +#port 389 + +# The search scope. +#scope sub +#scope one +#scope base + +# Search timelimit +#timelimit 30 + +# Bind/connect timelimit +#bind_timelimit 30 + +# Reconnect policy: +# hard_open: reconnect to DSA with exponential backoff if +# opening connection failed +# hard_init: reconnect to DSA with exponential backoff if +# initializing connection failed +# hard: alias for hard_open +# soft: return immediately on server failure +bind_policy hard + +# Connection policy: +# persist: DSA connections are kept open (default) +# oneshot: DSA connections destroyed after request +#nss_connect_policy persist + +# Idle timelimit; client will close connections +# (nss_ldap only) if the server has not been contacted +# for the number of seconds specified below. +#idle_timelimit 3600 + +# Use paged rseults +#nss_paged_results yes + +# Pagesize: when paged results enable, used to set the +# pagesize to a custom value +#pagesize 1000 + +# Filter to AND with uid=%s +#pam_filter objectclass=account +pam_filter &(objectclass=posixAccount)(!(uid=oar)) + +# The user ID attribute (defaults to uid) +#pam_login_attribute uid + +# Search the root DSE for the password policy (works +# with Netscape Directory Server) +#pam_lookup_policy yes + +# Check the 'host' attribute for access control +# Default is no; if set to yes, and user has no +# value for the host attribute, and pam_ldap is +# configured for account management (authorization) +# then the user will not be allowed to login. +#pam_check_host_attr yes + +# Check the 'authorizedService' attribute for access +# control +# Default is no; if set to yes, and the user has no +# value for the authorizedService attribute, and +# pam_ldap is configured for account management +# (authorization) then the user will not be allowed +# to login. +#pam_check_service_attr yes + +# Group to enforce membership of +#pam_groupdn cn=PAM,ou=Groups,dc=padl,dc=com + +# Group member attribute +#pam_member_attribute uniquemember + +# Specify a minium or maximum UID number allowed +pam_min_uid 1000 +pam_max_uid 0 + + +# Template login attribute, default template user +# (can be overriden by value of former attribute +# in user's entry) +#pam_login_attribute userPrincipalName +#pam_template_login_attribute uid +#pam_template_login nobody + +# HEADS UP: the pam_crypt, pam_nds_passwd, +# and pam_ad_passwd options are no +# longer supported. +# +# Do not hash the password at all; presume +# the directory server will do it, if +# necessary. This is the default. +#pam_password clear + +# Hash password locally; required for University of +# Michigan LDAP server, and works with Netscape +# Directory Server if you're using the UNIX-Crypt +# hash mechanism and not using the NT Synchronization +# service. +#pam_password crypt + +# Remove old password first, then update in +# cleartext. Necessary for use with Novell +# Directory Services (NDS) +#pam_password nds + +# RACF is an alias for the above. For use with +# IBM RACF +#pam_password racf + +# Update Active Directory password, by +# creating Unicode password and updating +# unicodePwd attribute. +#pam_password ad + +# Use the OpenLDAP password change +# extended operation to update the password. +#pam_password exop + +# Redirect users to a URL or somesuch on password +# changes. +#pam_password_prohibit_message Please visit http://internal to change your password. + +# Use backlinks for answering initgroups() +#nss_initgroups backlink + +# Enable support for RFC2307bis (distinguished names in group +# members) +#nss_schema rfc2307bis + +# RFC2307bis naming contexts +# Syntax: +# nss_base_XXX base?scope?filter +# where scope is {base,one,sub} +# and filter is a filter to be &'d with the +# default filter. +# You can omit the suffix eg: +# nss_base_passwd ou=People, +# to append the default base DN but this +# may incur a small performance impact. +#nss_base_passwd ou=People,dc=padl,dc=com?one +#nss_base_shadow ou=People,dc=padl,dc=com?one +#nss_base_group ou=Group,dc=padl,dc=com?one +#nss_base_hosts ou=Hosts,dc=padl,dc=com?one +#nss_base_services ou=Services,dc=padl,dc=com?one +#nss_base_networks ou=Networks,dc=padl,dc=com?one +#nss_base_protocols ou=Protocols,dc=padl,dc=com?one +#nss_base_rpc ou=Rpc,dc=padl,dc=com?one +#nss_base_ethers ou=Ethers,dc=padl,dc=com?one +#nss_base_netmasks ou=Networks,dc=padl,dc=com?ne +#nss_base_bootparams ou=Ethers,dc=padl,dc=com?one +#nss_base_aliases ou=Aliases,dc=padl,dc=com?one +#nss_base_netgroup ou=Netgroup,dc=padl,dc=com?one + +# attribute/objectclass mapping +# Syntax: +#nss_map_attribute rfc2307attribute mapped_attribute +#nss_map_objectclass rfc2307objectclass mapped_objectclass + +# configure --enable-nds is no longer supported. +# NDS mappings +#nss_map_attribute uniqueMember member + +# Services for UNIX 3.5 mappings +#nss_map_objectclass posixAccount User +#nss_map_objectclass shadowAccount User +#nss_map_attribute uid msSFU30Name +#nss_map_attribute uniqueMember msSFU30PosixMember +#nss_map_attribute userPassword msSFU30Password +#nss_map_attribute homeDirectory msSFU30HomeDirectory +#nss_map_attribute homeDirectory msSFUHomeDirectory +#nss_map_objectclass posixGroup Group +#pam_login_attribute msSFU30Name +#pam_filter objectclass=User +#pam_password ad + +# configure --enable-mssfu-schema is no longer supported. +# Services for UNIX 2.0 mappings +#nss_map_objectclass posixAccount User +#nss_map_objectclass shadowAccount user +#nss_map_attribute uid msSFUName +#nss_map_attribute uniqueMember posixMember +#nss_map_attribute userPassword msSFUPassword +#nss_map_attribute homeDirectory msSFUHomeDirectory +#nss_map_attribute shadowLastChange pwdLastSet +#nss_map_objectclass posixGroup Group +#nss_map_attribute cn msSFUName +#pam_login_attribute msSFUName +#pam_filter objectclass=User +#pam_password ad + +# RFC 2307 (AD) mappings +#nss_map_objectclass posixAccount user +#nss_map_objectclass shadowAccount user +#nss_map_attribute uid sAMAccountName +#nss_map_attribute homeDirectory unixHomeDirectory +#nss_map_attribute shadowLastChange pwdLastSet +#nss_map_objectclass posixGroup group +#nss_map_attribute uniqueMember member +#pam_login_attribute sAMAccountName +#pam_filter objectclass=User +#pam_password ad + +# configure --enable-authpassword is no longer supported +# AuthPassword mappings +#nss_map_attribute userPassword authPassword + +# AIX SecureWay mappings +#nss_map_objectclass posixAccount aixAccount +#nss_base_passwd ou=aixaccount,?one +#nss_map_attribute uid userName +#nss_map_attribute gidNumber gid +#nss_map_attribute uidNumber uid +#nss_map_attribute userPassword passwordChar +#nss_map_objectclass posixGroup aixAccessGroup +#nss_base_group ou=aixgroup,?one +#nss_map_attribute cn groupName +#nss_map_attribute uniqueMember member +#pam_login_attribute userName +#pam_filter objectclass=aixAccount +#pam_password clear + +# For pre-RFC2307bis automount schema +#nss_map_objectclass automountMap nisMap +#nss_map_attribute automountMapName nisMapName +#nss_map_objectclass automount nisObject +#nss_map_attribute automountKey cn +#nss_map_attribute automountInformation nisMapEntry + +# Netscape SDK LDAPS +#ssl on + +# Netscape SDK SSL options +#sslpath /etc/ssl/certs + +# OpenLDAP SSL mechanism +# start_tls mechanism uses the normal LDAP port, LDAPS typically 636 +#ssl start_tls +ssl on + +# OpenLDAP SSL options +# Require and verify server certificate (yes/no) +# Default is to use libldap's default behavior, which can be configured in +# /etc/openldap/ldap.conf using the TLS_REQCERT setting. The default for +# OpenLDAP 2.0 and earlier is "no", for 2.1 and later is "yes". +tls_checkpeer no +tls_reqcert demand + +# CA certificates for server certificate verification +# At least one of these are required if tls_checkpeer is "yes" +tls_cacertfile /etc/ldap/certificates/ca2019.grid5000.fr.cert +tls_cacertdir /etc/ssl/certificates + +# Seed the PRNG if /dev/urandom is not provided +#tls_randfile /var/run/egd-pool + +# SSL cipher suite +# See man ciphers for syntax +#tls_ciphers TLSv1 + +# Client certificate and key +# Use these, if your server requires client authentication. +#tls_cert +#tls_key + +# Disable SASL security layers. This is needed for AD. +#sasl_secprops maxssf=0 + +# Override the default Kerberos ticket cache location. +#krb5_ccname FILE:/etc/.ldapcache diff --git a/grid5000/steps/data/setup/puppet/modules/env/files/nfs/ldap/nscd.conf b/grid5000/steps/data/setup/puppet/modules/env/files/nfs/ldap/nscd.conf new file mode 100644 index 0000000..82b5755 --- /dev/null +++ b/grid5000/steps/data/setup/puppet/modules/env/files/nfs/ldap/nscd.conf @@ -0,0 +1,81 @@ +# +# /etc/nscd.conf +# +# An example Name Service Cache config file. This file is needed by nscd. +# +# Legal entries are: +# +# logfile <file> +# debug-level <level> +# threads <initial #threads to use> +# max-threads <maximum #threads to use> +# server-user <user to run server as instead of root> +# server-user is ignored if nscd is started with -S parameters +# stat-user <user who is allowed to request statistics> +# reload-count unlimited|<number> +# paranoia <yes|no> +# restart-interval <time in seconds> +# +# enable-cache <service> <yes|no> +# positive-time-to-live <service> <time in seconds> +# negative-time-to-live <service> <time in seconds> +# suggested-size <service> <prime number> +# check-files <service> <yes|no> +# persistent <service> <yes|no> +# shared <service> <yes|no> +# max-db-size <service> <number bytes> +# auto-propagate <service> <yes|no> +# +# Currently supported cache names (services): passwd, group, hosts, services +# + + +# logfile /var/log/nscd.log +# threads 6 +# max-threads 128 +# server-user nobody +# stat-user somebody + debug-level 0 +# reload-count 5 + paranoia no +# restart-interval 3600 + + enable-cache passwd yes + positive-time-to-live passwd 300 + negative-time-to-live passwd 20 + suggested-size passwd 211 + check-files passwd no + persistent passwd no + shared passwd yes + max-db-size passwd 33554432 + auto-propagate passwd yes + + enable-cache group yes + positive-time-to-live group 300 + negative-time-to-live group 60 + suggested-size group 211 + check-files group no + persistent group no + shared group yes + max-db-size group 33554432 + auto-propagate group yes + +# hosts caching is broken with gethostby* calls, hence is now disabled +# per default. See /usr/share/doc/nscd/NEWS.Debian. + enable-cache hosts no + positive-time-to-live hosts 3600 + negative-time-to-live hosts 20 + suggested-size hosts 211 + check-files hosts no + persistent hosts no + shared hosts yes + max-db-size hosts 33554432 + + enable-cache services yes + positive-time-to-live services 28800 + negative-time-to-live services 20 + suggested-size services 211 + check-files services no + persistent services no + shared services yes + max-db-size services 33554432 diff --git a/grid5000/steps/data/setup/puppet/modules/env/files/nfs/ldap/nslcd.conf b/grid5000/steps/data/setup/puppet/modules/env/files/nfs/ldap/nslcd.conf new file mode 100644 index 0000000..ff9443e --- /dev/null +++ b/grid5000/steps/data/setup/puppet/modules/env/files/nfs/ldap/nslcd.conf @@ -0,0 +1,36 @@ +# /etc/nslcd.conf +# nslcd configuration file. See nslcd.conf(5) +# for details. + +# The user and group nslcd should run as. +uid nslcd +gid nslcd + +# The location at which the LDAP server(s) should be reachable. +uri ldaps://ldap/ + +# The search base that will be used for all queries. +base dc=grid5000,dc=fr + +# The LDAP protocol version to use. +ldap_version 3 + +# The DN to bind with for normal lookups. +#binddn cn=annonymous,dc=example,dc=net +#bindpw secret + +# The DN used for password modifications by root. +#rootpwmoddn cn=admin,dc=example,dc=com + +# SSL options +ssl on + +tls_cacertfile /etc/ldap/certificates/ca2019.grid5000.fr.cert +tls_reqcert demand + +# The search scope. +#scope sub + +# Specifies the period if inactivity (in seconds) after which the connection to the LDAP server will be closed. +# The default is not to time out connections. +idle_timelimit 30 diff --git a/grid5000/steps/data/setup/puppet/modules/env/files/nfs/ldap/nsswitch.conf b/grid5000/steps/data/setup/puppet/modules/env/files/nfs/ldap/nsswitch.conf new file mode 100644 index 0000000..71f836d --- /dev/null +++ b/grid5000/steps/data/setup/puppet/modules/env/files/nfs/ldap/nsswitch.conf @@ -0,0 +1,19 @@ +# /etc/nsswitch.conf +# +# Example configuration of GNU Name Service Switch functionality. +# If you have the `glibc-doc-reference' and `info' packages installed, try: +# `info libc "Name Service Switch"' for information about this file. + +passwd: files ldap +group: files ldap +shadow: files ldap + +hosts: files dns +networks: files + +protocols: db files +services: db files +ethers: db files +rpc: db files + +netgroup: nis diff --git a/grid5000/steps/data/setup/puppet/modules/env/files/nfs/openiscsi/55-openiscsi.rules b/grid5000/steps/data/setup/puppet/modules/env/files/nfs/openiscsi/55-openiscsi.rules new file mode 100644 index 0000000..a3fff48 --- /dev/null +++ b/grid5000/steps/data/setup/puppet/modules/env/files/nfs/openiscsi/55-openiscsi.rules @@ -0,0 +1 @@ +KERNEL=="sd*", SUBSYSTEMS=="scsi", PROGRAM="/etc/udev/scripts/iscsidev.sh %b",SYMLINK+="iscsi/%c/part%n" diff --git a/grid5000/steps/data/setup/puppet/modules/env/files/nfs/openiscsi/iscsidev.sh b/grid5000/steps/data/setup/puppet/modules/env/files/nfs/openiscsi/iscsidev.sh new file mode 100644 index 0000000..caa828a --- /dev/null +++ b/grid5000/steps/data/setup/puppet/modules/env/files/nfs/openiscsi/iscsidev.sh @@ -0,0 +1,17 @@ +#!/bin/sh + +BUS=${1} +HOST=${BUS%%:*} + +[ -e /sys/class/iscsi_host ] || exit 1 + +file="/sys/class/iscsi_host/host${HOST}/device/session*/iscsi_session*/session*/targetname" + +target_name=$(cat ${file}) + +# This is not an open-scsi drive +if [ -z "${target_name}" ]; then + exit 1 +fi + +echo "${target_name##*:}" diff --git a/grid5000/steps/data/setup/puppet/modules/env/files/std/g5k-manager/g5k-disk-manager-backend b/grid5000/steps/data/setup/puppet/modules/env/files/std/g5k-manager/g5k-disk-manager-backend new file mode 100644 index 0000000..97192ea --- /dev/null +++ b/grid5000/steps/data/setup/puppet/modules/env/files/std/g5k-manager/g5k-disk-manager-backend @@ -0,0 +1,284 @@ +#!/usr/bin/env ruby + +# INSTALLED BY PUPPET +# Location : puppet/modules/env/files/std/g5k-manager/g5k-disk-manager-backend + +require 'open-uri' +require 'json' +require 'optparse' +require_relative '../lib/g5k/g5k-manager.rb' + +DISABLE_DELAY = 2 +ENABLE_DELAY = 1 +ENABLE_LAST_DELAY = 2 + +def main + options = parse_cmdline + start + if options[:on_boot] + startup_service(options[:force]) + else + manage_disks(options) + end + close +end + +def start + Dir.chdir(TMPDIR) +end + +def close + rmtmp + exit 0 +end + +def parse_cmdline + options = {} + OptionParser.new do |opts| + opts.banner = 'Usage: g5k-disk-manager-backend [--enable 1,2,3] [--disable 4,5]' + opts.on('--on-boot', 'Enable all disks at boot time') do |v| + options[:on_boot] = v + end + opts.on('--force', 'Force usage of --on-boot even if the node has been deployed by user') do |f| + options[:force] = f + end + opts.on('--enable DISK_IDS', 'Enable disks') do |disks| + options[:enable] = disks + end + opts.on('--disable DISK_IDS', 'Disable disks') do |disks| + options[:disable] = disks + end + opts.on('-h', '--help', 'Prints this help') do + puts opts + exit + end + end.parse! + options +end + +# The aim of this function is to activate all disks of the node in a predefined +# order, so that sdb, sdc, ... devices names are always given to the same +# physical disks. +# It must be done just before g5k-checks is launched on the node, to avoid +# g5k-checks errors. +# See also /etc/systemd/system/g5k-disk-manager-backend.service. +def startup_service(force) + _status, hostname = sh('hostname') + + unless reservable_disks? + notice "This cluster doesn't have reservable disks: exit service" + close + end + + if user_deploy?(hostname) && !force + notice 'The environment is deployed manually by a user: the disks have not been activated' + close + end + + unless megacli_compliant? + notice 'No compliant RAID controller was found: the disks have not been activated' + close + end + + # Get the disks identifiers + physical_disks, virtual_disks = get_disks + + # If there is one virtual drive: exit, to exclude RAID 0 and RAID 1 configured + # clusters + num_virtual_drives = virtual_disks.count + debug "num_virtual_drives = #{num_virtual_drives}" + if num_virtual_drives >= 1 + notice 'One virtual drive of RAID disks is present: the disks have not been activated' + close + end + + # Remove the first disk from the list (first disk is the main disk sda) + physical_disks.shift + + # Disable then enable the disks + disable(physical_disks) + num_enable_errors = enable(physical_disks) + + if num_enable_errors.zero? + notice 'All disks have been activated with success' + else + error(1, "#{num_enable_errors} errors occured while enabling the disks") + end +end + +def manage_disks(options) + error(2, 'No compliant RAID controller was found') unless megacli_compliant? + + physical_disks, _virtual_disks = get_disks + disks_to_enable = disks_locations(physical_disks, options[:enable]) + disks_to_disable = disks_locations(physical_disks, options[:disable]) + + # Array intersection + if (disks_to_enable & disks_to_disable) != [] + error(3, 'You provided the same disk to enable and disable') + end + + # First, we disable the disks (we will maybe re-enable them after) + unless disks_to_disable.empty? + num_disable_errors = disable(disks_to_disable) + error(1, "#{num_disable_errors} errors occured while disabling the disks") unless num_disable_errors.zero? + end + unless disks_to_enable.empty? + num_enable_errors = enable(disks_to_enable) + error(1, "#{num_enable_errors} errors occured while enabling the disks") unless num_enable_errors.zero? + end +end + +def disks_locations(physical_disks, ids) + return [] if ids.nil? + + ids = ids.split(',').map { |e| e.strip.to_i } + disks = [] + ids.each do |id| + # id == 0 corresponds to the main disk sda + error(4, "Wrong disk id: #{id}") if id <= 0 || id >= physical_disks.length + disks.push(physical_disks[id]) + end + disks +end + +# Clusters with reservable disks are clusters whose +# reference-repository storage_devices property contains property +# reservation: true +def reservable_disks? + ref_api = File.read('/etc/grid5000/ref-api.json') + JSON.parse(ref_api)['storage_devices'].select { |sd| sd['reservation'] }.any? +end + +def megacli_compliant? + # Get the number or RAID controllers supported by megacli + # The return code of the command is the number of controllers supported + num_controllers, _output = sh("#{MEGACLI} -AdpCount") + num_controllers != 0 +end + +# This function retrieves the physical and virtual disk identifiers from +# the output of the megacli command. +# For both type of drives, the adapter is printed once on a single line +# and then are printed out the drives who belong to this adapter. +# +# A physical drive output looks like: +# +# Enclosure Device ID: 8 +# Slot Number: 0 +# Enclosure position: 1 +# Device Id: 14 +# WWN: 5002538c40be7492 +# Sequence Number: 2 +# Media Error Count: 0 +# ... other lines +# +# A virtual one: +# +# Virtual Drive: 0 (Target Id: 0) +# Name :SYSTEM +# RAID Level : Primary-1, Secondary-0, RAID Level Qualifier-0 +# Size : 558.375 GB +# Sector Size : 512 +# ... other lines +# +# The physical drives have to be sorted by the Device ID to match the way +# Linux create the /dev/ devices special files (pci-scsi path order) +def get_disks + status, output_pdlist = sh("#{MEGACLI} -PDList -aALL") + unless status.zero? + notice 'The command megacli failed to list physical drives' + close + end + + status, output_vdlist = sh("#{MEGACLI} -LDInfo -Lall -aall") + unless status.zero? + notice 'The command megacli failed to list virtual drives' + close + end + + physical_disks = [] + virtual_disks = [] + + adapter_regexp = /^Adapter\s#?(\d+).*$/ + enclosure_regexp = /^Enclosure\sDevice\sID:\s+(\d+)$/ + slot_regexp = /^Slot\sNumber:\s+(\d+)$/ + device_id_regexp = /^Device\sId:\s+(\d+)$/ + virtual_drive_regexp = /^Virtual\sDrive:\s+(\d+).+$/ + + adapter = '' + enclosure = '' + slot = '' + + output_pdlist.each_line do |line| + if (m = adapter_regexp.match(line)) + adapter = m[1].to_i + elsif (m = enclosure_regexp.match(line)) + enclosure = m[1].to_i + elsif (m = slot_regexp.match(line)) + slot = m[1].to_i + elsif (m = device_id_regexp.match(line)) + physical_disks << { adapter: adapter, enclosure: enclosure, slot: slot, device_id: m[1].to_i } + end + + physical_disks.sort_by! { |p_disk| p_disk[:device_id] } + end + + adapter = '' + + output_vdlist.each_line do |line| + if (m = adapter_regexp.match(line)) + adapter = m[1].to_i + elsif (m = virtual_drive_regexp.match(line)) + virtual_disks << { adapter: adapter, drive: m[1].to_i } + end + end + + [physical_disks, virtual_disks] +end + +# Enable the disks +# The megacli command changes the the state of the drive from Unconfigured Good +# to JBOD (Just a Bunch of Disks). +# A new drive in JBOD state is exposed to the host operating system as a +# stand-alone drive. Drives in JBOD drive state are not part of the RAID +# configuration. +def enable(physical_disks) + num_enable_errors = 0 + physical_disks.each do |disk| + # Sleep a bit before enabling to give the kernel time to detect disks that were + # previously removed, or disks that were just enabled. + # If we do that too fast, the kernel might pick up disks in a random order. + # See bug https://intranet.grid5000.fr/bugzilla/show_bug.cgi?id=9238 for details. + sleep(ENABLE_DELAY) + status, _output = sh("#{MEGACLI} -PDMakeJBOD -PhysDrv [#{disk[:enclosure]}:#{disk[:slot]}] -a#{disk[:adapter]}") + debug "Enabling disk #{disk} => Return code = #{status}" + num_enable_errors += 1 unless status.zero? + end + # Also sleep after enabling the last disk + sleep(ENABLE_LAST_DELAY) + num_enable_errors +end + +# Disable the disks +# The megacli command changes the state of the drive from JBOD to +# Unconfigured Good. When in Unconfigured Good state, the disk is accessible +# to the RAID controller but not configured as a part of a virtual disk +# or as a hot spare. +def disable(physical_disks) + num_disable_errors = 0 + physical_disks.each do |disk| + status, _output = sh("#{MEGACLI} -PDMakeGood -PhysDrv [#{disk[:enclosure]}:#{disk[:slot]}] -force -a#{disk[:adapter]}") + debug "Disabling disk #{disk} => Return code = #{status}" + num_disable_errors += 1 unless status.zero? + end + sleep(DISABLE_DELAY) + num_disable_errors +end + +# Main program + +MEGACLI = '/usr/sbin/megacli'.freeze + +_status, TMPDIR = sh('mktemp -d /tmp/tmp.g5k-disk-manager-backend.XXXXXX') +main diff --git a/grid5000/steps/data/setup/puppet/modules/env/files/std/g5k-manager/g5k-disk-manager-backend.service b/grid5000/steps/data/setup/puppet/modules/env/files/std/g5k-manager/g5k-disk-manager-backend.service new file mode 100644 index 0000000..1172832 --- /dev/null +++ b/grid5000/steps/data/setup/puppet/modules/env/files/std/g5k-manager/g5k-disk-manager-backend.service @@ -0,0 +1,11 @@ +[Unit] +Description=activation of all disks before g5k-checks is launched +After=network-online.target +Before=oar-node.service + +[Service] +Type=oneshot +ExecStart=/usr/local/libexec/g5k-disk-manager-backend --on-boot + +[Install] +WantedBy=multi-user.target diff --git a/grid5000/steps/data/setup/puppet/modules/env/files/std/g5k-manager/g5k-pmem-manager b/grid5000/steps/data/setup/puppet/modules/env/files/std/g5k-manager/g5k-pmem-manager new file mode 100644 index 0000000..b9c12ed --- /dev/null +++ b/grid5000/steps/data/setup/puppet/modules/env/files/std/g5k-manager/g5k-pmem-manager @@ -0,0 +1,115 @@ +#!/usr/bin/env ruby +# coding: utf-8 + +# INSTALLED BY PUPPET +# Location : puppet/modules/env/files/std/g5k-manager/g5k-pmem-manager + +require 'open-uri' +require 'json' +require 'optparse' +require 'fileutils' +require_relative '../lib/g5k/g5k-manager.rb' + +$reboot_lock_dir = '/var/lib/g5k-pmem-manager' +$reboot_lock_file = File.join($reboot_lock_dir, 'run.lock') + +def main + hostname = `hostname`.chomp + + unless have_pmem? + notice('No PMEM in this system, nothing to do') + exit + end + + if user_deploy?(hostname) + notice('The environment is deployed by a user: PMEM configuration left unchanged') + exit + end + + if rebooted? + if !defined_regions? && !defined_namespaces? && !defined_goals? + notice('PMEM switch to Memory Mode is effective after reboot') + FileUtils.rm_f($reboot_lock_file) + exit + else + error(1, 'PMEM was not changed to Memory Mode after reboot, something went wrong') + end + end + + if defined_goals? + error(1, 'Some PMEM configuration goals are defined. This is unexpected') + elsif defined_regions? || defined_namespaces? + notice('PMEM App Direct configuration found, removing and switching to full Memory Mode') + memory_mode + else + notice('The PMEM is in Memory Mode as expected') + exit + end +end + +def have_pmem? + ref_api = JSON.parse(File.read('/etc/grid5000/ref-api.json')) + ref_api['main_memory'].key?('pmem_size') +end + +def defined_regions? + status, stdout = sh('ipmctl show -region') + unless status.zero? + error(1, 'impctl failed to list regions') + return false + end + + stdout.match(/There are no Regions defined/) ? false : true +end + +def defined_namespaces? + status, stdout = sh('ndctl list') + unless status.zero? + error(1, 'ndctl failed to list namespaces') + end + + stdout.empty? ? false : true +end + +def defined_goals? + status, stdout = sh('ipmctl show -goal') + unless status.zero? + error(1, 'ipmctl failed to list goals') + end + + stdout.match(/no goal configs defined in the system/) ? false : true +end + +def rebooted? + File.exist?($reboot_lock_file) +end + +def memory_mode + # ndctl destroy-namespace return code isn't 0 when there's no namespace, + # even with the --force-all argument + if defined_namespaces? + status, _stdout = sh('ndctl destroy-namespace --force all') + unless status.zero? + error(1, 'ndctl failed to destroy namespaces') + end + end + + status, _stdout = sh('ipmctl create -force -goal MemoryMode=100') + unless status.zero? + error(1, 'ipmctl failed to provision Memory Mode') + end + + begin + FileUtils.mkdir_p($reboot_lock_dir) + FileUtils.touch($reboot_lock_file) + rescue => e + error(1, "Unable to create #{$reboot_lock_file}, error: #{e}") + end + + status, _stdout = sh('reboot') + unless status.zero? + error(1, 'System failed to reboot') + end +end + +main diff --git a/grid5000/steps/data/setup/puppet/modules/env/files/std/g5k-manager/g5k-pmem-manager.service b/grid5000/steps/data/setup/puppet/modules/env/files/std/g5k-manager/g5k-pmem-manager.service new file mode 100644 index 0000000..2bc296d --- /dev/null +++ b/grid5000/steps/data/setup/puppet/modules/env/files/std/g5k-manager/g5k-pmem-manager.service @@ -0,0 +1,12 @@ +[Unit] +Description=Check pmem configuration and put in memory mode +After=network-online.target +Before=oar-node.service + +[Service] +Type=oneshot +ExecStart=/usr/local/libexec/g5k-pmem-manager +StandardOutput=journal+console + +[Install] +WantedBy=multi-user.target diff --git a/grid5000/steps/data/setup/puppet/modules/env/files/std/g5k-manager/lib/g5k-manager.rb b/grid5000/steps/data/setup/puppet/modules/env/files/std/g5k-manager/lib/g5k-manager.rb new file mode 100644 index 0000000..7569501 --- /dev/null +++ b/grid5000/steps/data/setup/puppet/modules/env/files/std/g5k-manager/lib/g5k-manager.rb @@ -0,0 +1,79 @@ +# coding: utf-8 + +# INSTALLED BY PUPPET +# Location : puppet/modules/env/files/std/g5k-manager/lib/g5k-manager.rb + +require 'open-uri' +require 'json' +require 'optparse' + +def sh(cmd) + output = `#{cmd}`.chomp + status = $?.exitstatus + return [status, output] +end + +# systemd log levels: +# see http://0pointer.net/blog/projects/journal-submit.html +# and http://man7.org/linux/man-pages/man3/syslog.3.html +def notice(msg) + log_notice = 5 # normal, but significant, condition + puts "<#{log_notice}> #{msg}" +end + +def debug(msg) + log_debug = 7 # debug-level message + puts "<#{log_debug}> #{msg}" if DEBUG +end + +def error(status, msg) + log_err = 3 # error conditions + puts "<#{log_err}> #{msg}" + rmtmp + exit status +end + +def rmtmp + if defined?(TMPDIR) + Dir.chdir('/root') + sh("rm -rf #{TMPDIR}") + end +end + +# If property 'soft'='free', the standard environment is being +# deployed by an admin (outside a job) or phoenix. +# Else, it is a user that is deploying the standard environment +# For the different states, see: +# https://github.com/grid5000/g5k-api/blob/master/lib/oar/resource.rb#L45 +def user_deploy?(hostname) + tries = 3 + begin + url = G5K_API + '/sites/' + site(hostname) + '/status?disks=no&job_details=no&waiting=no&network_address=' + hostname + hash = JSON::parse(open(url, 'User-Agent' => 'g5k-manager (for disk and pmem)').read) + rescue + tries -= 1 + if tries > 0 + debug("Fetching #{url} failed. Sleeping 1s and retry.") + sleep(1) + retry + else + error(1, "Fetching #{url} failed too many times") + end + end + + status = hash['nodes'][hostname] + debug("Node status: soft=#{status['soft']}, hard=#{status['hard']}") + user_deploy = (status['hard'] == 'alive' and status['soft'] != 'free') + return user_deploy +end + +def cluster(hostname) + return hostname.split('-')[0] +end + +def site(hostname) + return hostname.split('.')[1] +end + +G5K_API = 'https://api.grid5000.fr/stable' +DEBUG = true diff --git a/grid5000/steps/data/setup/puppet/modules/env/files/std/g5k_generator/g5k_generator b/grid5000/steps/data/setup/puppet/modules/env/files/std/g5k_generator/g5k_generator new file mode 100644 index 0000000..675df66 --- /dev/null +++ b/grid5000/steps/data/setup/puppet/modules/env/files/std/g5k_generator/g5k_generator @@ -0,0 +1,38 @@ +#!/bin/bash + +#for tests +DEST=/tmp + +# Standard generator setup, they take three arguments but allow none too. +if [[ $# -gt 0 && $# -ne 3 ]]; then + echo "This program takes three or no arguments." + exit 0 +fi + +# See https://www.freedesktop.org/wiki/Software/systemd/Generators/ +# Using $2 to override generated services by systemd-sysv-generator in $3 +DEST="$2" + +##### Disable the Dell dataeng service if not a Dell Machine ##### + +SMBIOS_UTIL="/usr/sbin/smbios-sys-info-lite" + +if [[ ! -x "$SMBIOS_UTIL" ]]; +then + echo "G5k systemd generator, ${SMBIOS_UTIL} cannot be executed" > /dev/kmsg + exit 0 +fi + +#Simple check, copied from Dell tools (CheckSystemType). +"$SMBIOS_UTIL" | /bin/egrep "(Vendor|OEM String 1)" | /usr/bin/awk -F":" '{print $2}' | /bin/grep -qi "Dell" + +if [[ "$?" != "0" ]]; then + /bin/ln -sf "/dev/null" "${DEST}/dataeng.service" +else + #Remove possibly existing symlink + /bin/rm -f "${DEST}/dataeng.service" +fi + +##### End dataeng service override ##### + +exit 0 diff --git a/grid5000/steps/data/setup/puppet/modules/env/files/std/g5kchecks/g5k-checks.conf b/grid5000/steps/data/setup/puppet/modules/env/files/std/g5kchecks/g5k-checks.conf new file mode 100644 index 0000000..32c7a76 --- /dev/null +++ b/grid5000/steps/data/setup/puppet/modules/env/files/std/g5kchecks/g5k-checks.conf @@ -0,0 +1,39 @@ +# SET BY PUPPET +# This is a yaml file for G5kchecks configuration +--- + +# directory destination of g5kchecks output file in failure case +output_dir: /var/lib/g5kchecks/ + +#List of Strings/regexp to exclude from test list +# It is of the form of the access path to an API property. +# Example1: to skip the rate check of the eth0 network adapter: +# network_adapters.eth0.rate +# Example2: to skip everything about eth0: +# network_adapters.eth0 +# Example2: to skip test matching a regexp: +# network_adapters.ib\d+.mac +removetestlist: + - "storage_devices..+.timeread" + - "storage_devices..+.timewrite" + +# check if directory bellow are mounted +#mountpoint: +# - /export/home +# - /dev/sda5 + +# type of input description (retrieve json from rest or file) +retrieve_from: rest + +# in case of rest, should provide an url +retrieve_url: https://api.grid5000.fr/3.0 + +# specify a branch at the end of uri (syntax will be: ?branch=mybranch at the +# end of uri) +#branch: mybranch + +# Add another branch if the first url doesn't work +fallback_branch: testing + +# in case of file, should provide a directory +#retrieve_dir: /tmp/ diff --git a/grid5000/steps/data/setup/puppet/modules/env/files/std/lvm/lvm.conf b/grid5000/steps/data/setup/puppet/modules/env/files/std/lvm/lvm.conf new file mode 100644 index 0000000..db20b9b --- /dev/null +++ b/grid5000/steps/data/setup/puppet/modules/env/files/std/lvm/lvm.conf @@ -0,0 +1,2096 @@ +# This is an example configuration file for the LVM2 system. +# It contains the default settings that would be used if there was no +# /etc/lvm/lvm.conf file. +# +# Refer to 'man lvm.conf' for further information including the file layout. +# +# Refer to 'man lvm.conf' for information about how settings configured in +# this file are combined with built-in values and command line options to +# arrive at the final values used by LVM. +# +# Refer to 'man lvmconfig' for information about displaying the built-in +# and configured values used by LVM. +# +# If a default value is set in this file (not commented out), then a +# new version of LVM using this file will continue using that value, +# even if the new version of LVM changes the built-in default value. +# +# To put this file in a different directory and override /etc/lvm set +# the environment variable LVM_SYSTEM_DIR before running the tools. +# +# N.B. Take care that each setting only appears once if uncommenting +# example settings in this file. + + +# Configuration section config. +# How LVM configuration settings are handled. +config { + + # Configuration option config/checks. + # If enabled, any LVM configuration mismatch is reported. + # This implies checking that the configuration key is understood by + # LVM and that the value of the key is the proper type. If disabled, + # any configuration mismatch is ignored and the default value is used + # without any warning (a message about the configuration key not being + # found is issued in verbose mode only). + checks = 1 + + # Configuration option config/abort_on_errors. + # Abort the LVM process if a configuration mismatch is found. + abort_on_errors = 0 + + # Configuration option config/profile_dir. + # Directory where LVM looks for configuration profiles. + profile_dir = "/etc/lvm/profile" +} + +# Configuration section devices. +# How LVM uses block devices. +devices { + + # Configuration option devices/dir. + # Directory in which to create volume group device nodes. + # Commands also accept this as a prefix on volume group names. + # This configuration option is advanced. + dir = "/dev" + + # Configuration option devices/scan. + # Directories containing device nodes to use with LVM. + # This configuration option is advanced. + scan = [ "/dev" ] + + # Configuration option devices/obtain_device_list_from_udev. + # Obtain the list of available devices from udev. + # This avoids opening or using any inapplicable non-block devices or + # subdirectories found in the udev directory. Any device node or + # symlink not managed by udev in the udev directory is ignored. This + # setting applies only to the udev-managed device directory; other + # directories will be scanned fully. LVM needs to be compiled with + # udev support for this setting to apply. + obtain_device_list_from_udev = 1 + + # Configuration option devices/external_device_info_source. + # Select an external device information source. + # Some information may already be available in the system and LVM can + # use this information to determine the exact type or use of devices it + # processes. Using an existing external device information source can + # speed up device processing as LVM does not need to run its own native + # routines to acquire this information. For example, this information + # is used to drive LVM filtering like MD component detection, multipath + # component detection, partition detection and others. + # + # Accepted values: + # none + # No external device information source is used. + # udev + # Reuse existing udev database records. Applicable only if LVM is + # compiled with udev support. + # + external_device_info_source = "none" + + # Configuration option devices/preferred_names. + # Select which path name to display for a block device. + # If multiple path names exist for a block device, and LVM needs to + # display a name for the device, the path names are matched against + # each item in this list of regular expressions. The first match is + # used. Try to avoid using undescriptive /dev/dm-N names, if present. + # If no preferred name matches, or if preferred_names are not defined, + # the following built-in preferences are applied in order until one + # produces a preferred name: + # Prefer names with path prefixes in the order of: + # /dev/mapper, /dev/disk, /dev/dm-*, /dev/block. + # Prefer the name with the least number of slashes. + # Prefer a name that is a symlink. + # Prefer the path with least value in lexicographical order. + # + # Example + # preferred_names = [ "^/dev/mpath/", "^/dev/mapper/mpath", "^/dev/[hs]d" ] + # + # This configuration option does not have a default value defined. + + # Configuration option devices/filter. + # Limit the block devices that are used by LVM commands. + # This is a list of regular expressions used to accept or reject block + # device path names. Each regex is delimited by a vertical bar '|' + # (or any character) and is preceded by 'a' to accept the path, or + # by 'r' to reject the path. The first regex in the list to match the + # path is used, producing the 'a' or 'r' result for the device. + # When multiple path names exist for a block device, if any path name + # matches an 'a' pattern before an 'r' pattern, then the device is + # accepted. If all the path names match an 'r' pattern first, then the + # device is rejected. Unmatching path names do not affect the accept + # or reject decision. If no path names for a device match a pattern, + # then the device is accepted. Be careful mixing 'a' and 'r' patterns, + # as the combination might produce unexpected results (test changes.) + # Run vgscan after changing the filter to regenerate the cache. + # See the use_lvmetad comment for a special case regarding filters. + # + # Example + # Accept every block device: + # filter = [ "a|.*/|" ] + # Reject the cdrom drive: + # filter = [ "r|/dev/cdrom|" ] + # Work with just loopback devices, e.g. for testing: + # filter = [ "a|loop|", "r|.*|" ] + # Accept all loop devices and ide drives except hdc: + # filter = [ "a|loop|", "r|/dev/hdc|", "a|/dev/ide|", "r|.*|" ] + # Use anchors to be very specific: + # filter = [ "a|^/dev/hda8$|", "r|.*/|" ] + # + # This configuration option has an automatic default value. + # filter = [ "a|.*/|" ] +global_filter = [ "r|.*/|" ] + + # Configuration option devices/global_filter. + # Limit the block devices that are used by LVM system components. + # Because devices/filter may be overridden from the command line, it is + # not suitable for system-wide device filtering, e.g. udev and lvmetad. + # Use global_filter to hide devices from these LVM system components. + # The syntax is the same as devices/filter. Devices rejected by + # global_filter are not opened by LVM. + # This configuration option has an automatic default value. + # global_filter = [ "a|.*/|" ] + + # Configuration option devices/cache_dir. + # Directory in which to store the device cache file. + # The results of filtering are cached on disk to avoid rescanning dud + # devices (which can take a very long time). By default this cache is + # stored in a file named .cache. It is safe to delete this file; the + # tools regenerate it. If obtain_device_list_from_udev is enabled, the + # list of devices is obtained from udev and any existing .cache file + # is removed. + cache_dir = "/run/lvm" + + # Configuration option devices/cache_file_prefix. + # A prefix used before the .cache file name. See devices/cache_dir. + cache_file_prefix = "" + + # Configuration option devices/write_cache_state. + # Enable/disable writing the cache file. See devices/cache_dir. + write_cache_state = 1 + + # Configuration option devices/types. + # List of additional acceptable block device types. + # These are of device type names from /proc/devices, followed by the + # maximum number of partitions. + # + # Example + # types = [ "fd", 16 ] + # + # This configuration option is advanced. + # This configuration option does not have a default value defined. + + # Configuration option devices/sysfs_scan. + # Restrict device scanning to block devices appearing in sysfs. + # This is a quick way of filtering out block devices that are not + # present on the system. sysfs must be part of the kernel and mounted.) + sysfs_scan = 1 + + # Configuration option devices/multipath_component_detection. + # Ignore devices that are components of DM multipath devices. + multipath_component_detection = 1 + + # Configuration option devices/md_component_detection. + # Ignore devices that are components of software RAID (md) devices. + md_component_detection = 1 + + # Configuration option devices/fw_raid_component_detection. + # Ignore devices that are components of firmware RAID devices. + # LVM must use an external_device_info_source other than none for this + # detection to execute. + fw_raid_component_detection = 0 + + # Configuration option devices/md_chunk_alignment. + # Align PV data blocks with md device's stripe-width. + # This applies if a PV is placed directly on an md device. + md_chunk_alignment = 1 + + # Configuration option devices/default_data_alignment. + # Default alignment of the start of a PV data area in MB. + # If set to 0, a value of 64KiB will be used. + # Set to 1 for 1MiB, 2 for 2MiB, etc. + # This configuration option has an automatic default value. + # default_data_alignment = 1 + + # Configuration option devices/data_alignment_detection. + # Detect PV data alignment based on sysfs device information. + # The start of a PV data area will be a multiple of minimum_io_size or + # optimal_io_size exposed in sysfs. minimum_io_size is the smallest + # request the device can perform without incurring a read-modify-write + # penalty, e.g. MD chunk size. optimal_io_size is the device's + # preferred unit of receiving I/O, e.g. MD stripe width. + # minimum_io_size is used if optimal_io_size is undefined (0). + # If md_chunk_alignment is enabled, that detects the optimal_io_size. + # This setting takes precedence over md_chunk_alignment. + data_alignment_detection = 1 + + # Configuration option devices/data_alignment. + # Alignment of the start of a PV data area in KiB. + # If a PV is placed directly on an md device and md_chunk_alignment or + # data_alignment_detection are enabled, then this setting is ignored. + # Otherwise, md_chunk_alignment and data_alignment_detection are + # disabled if this is set. Set to 0 to use the default alignment or the + # page size, if larger. + data_alignment = 0 + + # Configuration option devices/data_alignment_offset_detection. + # Detect PV data alignment offset based on sysfs device information. + # The start of a PV aligned data area will be shifted by the + # alignment_offset exposed in sysfs. This offset is often 0, but may + # be non-zero. Certain 4KiB sector drives that compensate for windows + # partitioning will have an alignment_offset of 3584 bytes (sector 7 + # is the lowest aligned logical block, the 4KiB sectors start at + # LBA -1, and consequently sector 63 is aligned on a 4KiB boundary). + # pvcreate --dataalignmentoffset will skip this detection. + data_alignment_offset_detection = 1 + + # Configuration option devices/ignore_suspended_devices. + # Ignore DM devices that have I/O suspended while scanning devices. + # Otherwise, LVM waits for a suspended device to become accessible. + # This should only be needed in recovery situations. + ignore_suspended_devices = 0 + + # Configuration option devices/ignore_lvm_mirrors. + # Do not scan 'mirror' LVs to avoid possible deadlocks. + # This avoids possible deadlocks when using the 'mirror' segment type. + # This setting determines whether LVs using the 'mirror' segment type + # are scanned for LVM labels. This affects the ability of mirrors to + # be used as physical volumes. If this setting is enabled, it is + # impossible to create VGs on top of mirror LVs, i.e. to stack VGs on + # mirror LVs. If this setting is disabled, allowing mirror LVs to be + # scanned, it may cause LVM processes and I/O to the mirror to become + # blocked. This is due to the way that the mirror segment type handles + # failures. In order for the hang to occur, an LVM command must be run + # just after a failure and before the automatic LVM repair process + # takes place, or there must be failures in multiple mirrors in the + # same VG at the same time with write failures occurring moments before + # a scan of the mirror's labels. The 'mirror' scanning problems do not + # apply to LVM RAID types like 'raid1' which handle failures in a + # different way, making them a better choice for VG stacking. + ignore_lvm_mirrors = 1 + + # Configuration option devices/disable_after_error_count. + # Number of I/O errors after which a device is skipped. + # During each LVM operation, errors received from each device are + # counted. If the counter of a device exceeds the limit set here, + # no further I/O is sent to that device for the remainder of the + # operation. Setting this to 0 disables the counters altogether. + disable_after_error_count = 0 + + # Configuration option devices/require_restorefile_with_uuid. + # Allow use of pvcreate --uuid without requiring --restorefile. + require_restorefile_with_uuid = 1 + + # Configuration option devices/pv_min_size. + # Minimum size in KiB of block devices which can be used as PVs. + # In a clustered environment all nodes must use the same value. + # Any value smaller than 512KiB is ignored. The previous built-in + # value was 512. + pv_min_size = 2048 + + # Configuration option devices/issue_discards. + # Issue discards to PVs that are no longer used by an LV. + # Discards are sent to an LV's underlying physical volumes when the LV + # is no longer using the physical volumes' space, e.g. lvremove, + # lvreduce. Discards inform the storage that a region is no longer + # used. Storage that supports discards advertise the protocol-specific + # way discards should be issued by the kernel (TRIM, UNMAP, or + # WRITE SAME with UNMAP bit set). Not all storage will support or + # benefit from discards, but SSDs and thinly provisioned LUNs + # generally do. If enabled, discards will only be issued if both the + # storage and kernel provide support. + issue_discards = 0 + + # Configuration option devices/allow_changes_with_duplicate_pvs. + # Allow VG modification while a PV appears on multiple devices. + # When a PV appears on multiple devices, LVM attempts to choose the + # best device to use for the PV. If the devices represent the same + # underlying storage, the choice has minimal consequence. If the + # devices represent different underlying storage, the wrong choice + # can result in data loss if the VG is modified. Disabling this + # setting is the safest option because it prevents modifying a VG + # or activating LVs in it while a PV appears on multiple devices. + # Enabling this setting allows the VG to be used as usual even with + # uncertain devices. + allow_changes_with_duplicate_pvs = 0 +} + +# Configuration section allocation. +# How LVM selects space and applies properties to LVs. +allocation { + + # Configuration option allocation/cling_tag_list. + # Advise LVM which PVs to use when searching for new space. + # When searching for free space to extend an LV, the 'cling' allocation + # policy will choose space on the same PVs as the last segment of the + # existing LV. If there is insufficient space and a list of tags is + # defined here, it will check whether any of them are attached to the + # PVs concerned and then seek to match those PV tags between existing + # extents and new extents. + # + # Example + # Use the special tag "@*" as a wildcard to match any PV tag: + # cling_tag_list = [ "@*" ] + # LVs are mirrored between two sites within a single VG, and + # PVs are tagged with either @site1 or @site2 to indicate where + # they are situated: + # cling_tag_list = [ "@site1", "@site2" ] + # + # This configuration option does not have a default value defined. + + # Configuration option allocation/maximise_cling. + # Use a previous allocation algorithm. + # Changes made in version 2.02.85 extended the reach of the 'cling' + # policies to detect more situations where data can be grouped onto + # the same disks. This setting can be used to disable the changes + # and revert to the previous algorithm. + maximise_cling = 1 + + # Configuration option allocation/use_blkid_wiping. + # Use blkid to detect existing signatures on new PVs and LVs. + # The blkid library can detect more signatures than the native LVM + # detection code, but may take longer. LVM needs to be compiled with + # blkid wiping support for this setting to apply. LVM native detection + # code is currently able to recognize: MD device signatures, + # swap signature, and LUKS signatures. To see the list of signatures + # recognized by blkid, check the output of the 'blkid -k' command. + use_blkid_wiping = 1 + + # Configuration option allocation/wipe_signatures_when_zeroing_new_lvs. + # Look for and erase any signatures while zeroing a new LV. + # The --wipesignatures option overrides this setting. + # Zeroing is controlled by the -Z/--zero option, and if not specified, + # zeroing is used by default if possible. Zeroing simply overwrites the + # first 4KiB of a new LV with zeroes and does no signature detection or + # wiping. Signature wiping goes beyond zeroing and detects exact types + # and positions of signatures within the whole LV. It provides a + # cleaner LV after creation as all known signatures are wiped. The LV + # is not claimed incorrectly by other tools because of old signatures + # from previous use. The number of signatures that LVM can detect + # depends on the detection code that is selected (see + # use_blkid_wiping.) Wiping each detected signature must be confirmed. + # When this setting is disabled, signatures on new LVs are not detected + # or erased unless the --wipesignatures option is used directly. + wipe_signatures_when_zeroing_new_lvs = 1 + + # Configuration option allocation/mirror_logs_require_separate_pvs. + # Mirror logs and images will always use different PVs. + # The default setting changed in version 2.02.85. + mirror_logs_require_separate_pvs = 0 + + # Configuration option allocation/raid_stripe_all_devices. + # Stripe across all PVs when RAID stripes are not specified. + # If enabled, all PVs in the VG or on the command line are used for raid0/4/5/6/10 + # when the command does not specify the number of stripes to use. + # This was the default behaviour until release 2.02.162. + # This configuration option has an automatic default value. + # raid_stripe_all_devices = 0 + + # Configuration option allocation/cache_pool_metadata_require_separate_pvs. + # Cache pool metadata and data will always use different PVs. + cache_pool_metadata_require_separate_pvs = 0 + + # Configuration option allocation/cache_mode. + # The default cache mode used for new cache. + # + # Accepted values: + # writethrough + # Data blocks are immediately written from the cache to disk. + # writeback + # Data blocks are written from the cache back to disk after some + # delay to improve performance. + # + # This setting replaces allocation/cache_pool_cachemode. + # This configuration option has an automatic default value. + # cache_mode = "writethrough" + + # Configuration option allocation/cache_policy. + # The default cache policy used for new cache volume. + # Since kernel 4.2 the default policy is smq (Stochastic multique), + # otherwise the older mq (Multiqueue) policy is selected. + # This configuration option does not have a default value defined. + + # Configuration section allocation/cache_settings. + # Settings for the cache policy. + # See documentation for individual cache policies for more info. + # This configuration section has an automatic default value. + # cache_settings { + # } + + # Configuration option allocation/cache_pool_chunk_size. + # The minimal chunk size in KiB for cache pool volumes. + # Using a chunk_size that is too large can result in wasteful use of + # the cache, where small reads and writes can cause large sections of + # an LV to be mapped into the cache. However, choosing a chunk_size + # that is too small can result in more overhead trying to manage the + # numerous chunks that become mapped into the cache. The former is + # more of a problem than the latter in most cases, so the default is + # on the smaller end of the spectrum. Supported values range from + # 32KiB to 1GiB in multiples of 32. + # This configuration option does not have a default value defined. + + # Configuration option allocation/cache_pool_max_chunks. + # The maximum number of chunks in a cache pool. + # For cache target v1.9 the recommended maximumm is 1000000 chunks. + # Using cache pool with more chunks may degrade cache performance. + # This configuration option does not have a default value defined. + + # Configuration option allocation/thin_pool_metadata_require_separate_pvs. + # Thin pool metdata and data will always use different PVs. + thin_pool_metadata_require_separate_pvs = 0 + + # Configuration option allocation/thin_pool_zero. + # Thin pool data chunks are zeroed before they are first used. + # Zeroing with a larger thin pool chunk size reduces performance. + # This configuration option has an automatic default value. + # thin_pool_zero = 1 + + # Configuration option allocation/thin_pool_discards. + # The discards behaviour of thin pool volumes. + # + # Accepted values: + # ignore + # nopassdown + # passdown + # + # This configuration option has an automatic default value. + # thin_pool_discards = "passdown" + + # Configuration option allocation/thin_pool_chunk_size_policy. + # The chunk size calculation policy for thin pool volumes. + # + # Accepted values: + # generic + # If thin_pool_chunk_size is defined, use it. Otherwise, calculate + # the chunk size based on estimation and device hints exposed in + # sysfs - the minimum_io_size. The chunk size is always at least + # 64KiB. + # performance + # If thin_pool_chunk_size is defined, use it. Otherwise, calculate + # the chunk size for performance based on device hints exposed in + # sysfs - the optimal_io_size. The chunk size is always at least + # 512KiB. + # + # This configuration option has an automatic default value. + # thin_pool_chunk_size_policy = "generic" + + # Configuration option allocation/thin_pool_chunk_size. + # The minimal chunk size in KiB for thin pool volumes. + # Larger chunk sizes may improve performance for plain thin volumes, + # however using them for snapshot volumes is less efficient, as it + # consumes more space and takes extra time for copying. When unset, + # lvm tries to estimate chunk size starting from 64KiB. Supported + # values are in the range 64KiB to 1GiB. + # This configuration option does not have a default value defined. + + # Configuration option allocation/physical_extent_size. + # Default physical extent size in KiB to use for new VGs. + # This configuration option has an automatic default value. + # physical_extent_size = 4096 +} + +# Configuration section log. +# How LVM log information is reported. +log { + + # Configuration option log/report_command_log. + # Enable or disable LVM log reporting. + # If enabled, LVM will collect a log of operations, messages, + # per-object return codes with object identification and associated + # error numbers (errnos) during LVM command processing. Then the + # log is either reported solely or in addition to any existing + # reports, depending on LVM command used. If it is a reporting command + # (e.g. pvs, vgs, lvs, lvm fullreport), then the log is reported in + # addition to any existing reports. Otherwise, there's only log report + # on output. For all applicable LVM commands, you can request that + # the output has only log report by using --logonly command line + # option. Use log/command_log_cols and log/command_log_sort settings + # to define fields to display and sort fields for the log report. + # You can also use log/command_log_selection to define selection + # criteria used each time the log is reported. + # This configuration option has an automatic default value. + # report_command_log = 0 + + # Configuration option log/command_log_sort. + # List of columns to sort by when reporting command log. + # See <lvm command> --logonly --configreport log -o help + # for the list of possible fields. + # This configuration option has an automatic default value. + # command_log_sort = "log_seq_num" + + # Configuration option log/command_log_cols. + # List of columns to report when reporting command log. + # See <lvm command> --logonly --configreport log -o help + # for the list of possible fields. + # This configuration option has an automatic default value. + # command_log_cols = "log_seq_num,log_type,log_context,log_object_type,log_object_name,log_object_id,log_object_group,log_object_group_id,log_message,log_errno,log_ret_code" + + # Configuration option log/command_log_selection. + # Selection criteria used when reporting command log. + # You can define selection criteria that are applied each + # time log is reported. This way, it is possible to control the + # amount of log that is displayed on output and you can select + # only parts of the log that are important for you. To define + # selection criteria, use fields from log report. See also + # <lvm command> --logonly --configreport log -S help for the + # list of possible fields and selection operators. You can also + # define selection criteria for log report on command line directly + # using <lvm command> --configreport log -S <selection criteria> + # which has precedence over log/command_log_selection setting. + # For more information about selection criteria in general, see + # lvm(8) man page. + # This configuration option has an automatic default value. + # command_log_selection = "!(log_type=status && message=success)" + + # Configuration option log/verbose. + # Controls the messages sent to stdout or stderr. + verbose = 0 + + # Configuration option log/silent. + # Suppress all non-essential messages from stdout. + # This has the same effect as -qq. When enabled, the following commands + # still produce output: dumpconfig, lvdisplay, lvmdiskscan, lvs, pvck, + # pvdisplay, pvs, version, vgcfgrestore -l, vgdisplay, vgs. + # Non-essential messages are shifted from log level 4 to log level 5 + # for syslog and lvm2_log_fn purposes. + # Any 'yes' or 'no' questions not overridden by other arguments are + # suppressed and default to 'no'. + silent = 0 + + # Configuration option log/syslog. + # Send log messages through syslog. + syslog = 1 + + # Configuration option log/file. + # Write error and debug log messages to a file specified here. + # This configuration option does not have a default value defined. + + # Configuration option log/overwrite. + # Overwrite the log file each time the program is run. + overwrite = 0 + + # Configuration option log/level. + # The level of log messages that are sent to the log file or syslog. + # There are 6 syslog-like log levels currently in use: 2 to 7 inclusive. + # 7 is the most verbose (LOG_DEBUG). + level = 0 + + # Configuration option log/indent. + # Indent messages according to their severity. + indent = 1 + + # Configuration option log/command_names. + # Display the command name on each line of output. + command_names = 0 + + # Configuration option log/prefix. + # A prefix to use before the log message text. + # (After the command name, if selected). + # Two spaces allows you to see/grep the severity of each message. + # To make the messages look similar to the original LVM tools use: + # indent = 0, command_names = 1, prefix = " -- " + prefix = " " + + # Configuration option log/activation. + # Log messages during activation. + # Don't use this in low memory situations (can deadlock). + activation = 0 + + # Configuration option log/debug_classes. + # Select log messages by class. + # Some debugging messages are assigned to a class and only appear in + # debug output if the class is listed here. Classes currently + # available: memory, devices, activation, allocation, lvmetad, + # metadata, cache, locking, lvmpolld. Use "all" to see everything. + debug_classes = [ "memory", "devices", "activation", "allocation", "lvmetad", "metadata", "cache", "locking", "lvmpolld", "dbus" ] +} + +# Configuration section backup. +# How LVM metadata is backed up and archived. +# In LVM, a 'backup' is a copy of the metadata for the current system, +# and an 'archive' contains old metadata configurations. They are +# stored in a human readable text format. +backup { + + # Configuration option backup/backup. + # Maintain a backup of the current metadata configuration. + # Think very hard before turning this off! + backup = 1 + + # Configuration option backup/backup_dir. + # Location of the metadata backup files. + # Remember to back up this directory regularly! + backup_dir = "/etc/lvm/backup" + + # Configuration option backup/archive. + # Maintain an archive of old metadata configurations. + # Think very hard before turning this off. + archive = 1 + + # Configuration option backup/archive_dir. + # Location of the metdata archive files. + # Remember to back up this directory regularly! + archive_dir = "/etc/lvm/archive" + + # Configuration option backup/retain_min. + # Minimum number of archives to keep. + retain_min = 10 + + # Configuration option backup/retain_days. + # Minimum number of days to keep archive files. + retain_days = 30 +} + +# Configuration section shell. +# Settings for running LVM in shell (readline) mode. +shell { + + # Configuration option shell/history_size. + # Number of lines of history to store in ~/.lvm_history. + history_size = 100 +} + +# Configuration section global. +# Miscellaneous global LVM settings. +global { + + # Configuration option global/umask. + # The file creation mask for any files and directories created. + # Interpreted as octal if the first digit is zero. + umask = 077 + + # Configuration option global/test. + # No on-disk metadata changes will be made in test mode. + # Equivalent to having the -t option on every command. + test = 0 + + # Configuration option global/units. + # Default value for --units argument. + units = "h" + + # Configuration option global/si_unit_consistency. + # Distinguish between powers of 1024 and 1000 bytes. + # The LVM commands distinguish between powers of 1024 bytes, + # e.g. KiB, MiB, GiB, and powers of 1000 bytes, e.g. KB, MB, GB. + # If scripts depend on the old behaviour, disable this setting + # temporarily until they are updated. + si_unit_consistency = 1 + + # Configuration option global/suffix. + # Display unit suffix for sizes. + # This setting has no effect if the units are in human-readable form + # (global/units = "h") in which case the suffix is always displayed. + suffix = 1 + + # Configuration option global/activation. + # Enable/disable communication with the kernel device-mapper. + # Disable to use the tools to manipulate LVM metadata without + # activating any logical volumes. If the device-mapper driver + # is not present in the kernel, disabling this should suppress + # the error messages. + activation = 1 + + # Configuration option global/fallback_to_lvm1. + # Try running LVM1 tools if LVM cannot communicate with DM. + # This option only applies to 2.4 kernels and is provided to help + # switch between device-mapper kernels and LVM1 kernels. The LVM1 + # tools need to be installed with .lvm1 suffices, e.g. vgscan.lvm1. + # They will stop working once the lvm2 on-disk metadata format is used. + # This configuration option has an automatic default value. + # fallback_to_lvm1 = 0 + + # Configuration option global/format. + # The default metadata format that commands should use. + # The -M 1|2 option overrides this setting. + # + # Accepted values: + # lvm1 + # lvm2 + # + # This configuration option has an automatic default value. + # format = "lvm2" + + # Configuration option global/format_libraries. + # Shared libraries that process different metadata formats. + # If support for LVM1 metadata was compiled as a shared library use + # format_libraries = "liblvm2format1.so" + # This configuration option does not have a default value defined. + + # Configuration option global/segment_libraries. + # This configuration option does not have a default value defined. + + # Configuration option global/proc. + # Location of proc filesystem. + # This configuration option is advanced. + proc = "/proc" + + # Configuration option global/etc. + # Location of /etc system configuration directory. + etc = "/etc" + + # Configuration option global/locking_type. + # Type of locking to use. + # + # Accepted values: + # 0 + # Turns off locking. Warning: this risks metadata corruption if + # commands run concurrently. + # 1 + # LVM uses local file-based locking, the standard mode. + # 2 + # LVM uses the external shared library locking_library. + # 3 + # LVM uses built-in clustered locking with clvmd. + # This is incompatible with lvmetad. If use_lvmetad is enabled, + # LVM prints a warning and disables lvmetad use. + # 4 + # LVM uses read-only locking which forbids any operations that + # might change metadata. + # 5 + # Offers dummy locking for tools that do not need any locks. + # You should not need to set this directly; the tools will select + # when to use it instead of the configured locking_type. + # Do not use lvmetad or the kernel device-mapper driver with this + # locking type. It is used by the --readonly option that offers + # read-only access to Volume Group metadata that cannot be locked + # safely because it belongs to an inaccessible domain and might be + # in use, for example a virtual machine image or a disk that is + # shared by a clustered machine. + # + locking_type = 1 + + # Configuration option global/wait_for_locks. + # When disabled, fail if a lock request would block. + wait_for_locks = 1 + + # Configuration option global/fallback_to_clustered_locking. + # Attempt to use built-in cluster locking if locking_type 2 fails. + # If using external locking (type 2) and initialisation fails, with + # this enabled, an attempt will be made to use the built-in clustered + # locking. Disable this if using a customised locking_library. + fallback_to_clustered_locking = 1 + + # Configuration option global/fallback_to_local_locking. + # Use locking_type 1 (local) if locking_type 2 or 3 fail. + # If an attempt to initialise type 2 or type 3 locking failed, perhaps + # because cluster components such as clvmd are not running, with this + # enabled, an attempt will be made to use local file-based locking + # (type 1). If this succeeds, only commands against local VGs will + # proceed. VGs marked as clustered will be ignored. + fallback_to_local_locking = 1 + + # Configuration option global/locking_dir. + # Directory to use for LVM command file locks. + # Local non-LV directory that holds file-based locks while commands are + # in progress. A directory like /tmp that may get wiped on reboot is OK. + locking_dir = "/run/lock/lvm" + + # Configuration option global/prioritise_write_locks. + # Allow quicker VG write access during high volume read access. + # When there are competing read-only and read-write access requests for + # a volume group's metadata, instead of always granting the read-only + # requests immediately, delay them to allow the read-write requests to + # be serviced. Without this setting, write access may be stalled by a + # high volume of read-only requests. This option only affects + # locking_type 1 viz. local file-based locking. + prioritise_write_locks = 1 + + # Configuration option global/library_dir. + # Search this directory first for shared libraries. + # This configuration option does not have a default value defined. + + # Configuration option global/locking_library. + # The external locking library to use for locking_type 2. + # This configuration option has an automatic default value. + # locking_library = "liblvm2clusterlock.so" + + # Configuration option global/abort_on_internal_errors. + # Abort a command that encounters an internal error. + # Treat any internal errors as fatal errors, aborting the process that + # encountered the internal error. Please only enable for debugging. + abort_on_internal_errors = 0 + + # Configuration option global/detect_internal_vg_cache_corruption. + # Internal verification of VG structures. + # Check if CRC matches when a parsed VG is used multiple times. This + # is useful to catch unexpected changes to cached VG structures. + # Please only enable for debugging. + detect_internal_vg_cache_corruption = 0 + + # Configuration option global/metadata_read_only. + # No operations that change on-disk metadata are permitted. + # Additionally, read-only commands that encounter metadata in need of + # repair will still be allowed to proceed exactly as if the repair had + # been performed (except for the unchanged vg_seqno). Inappropriate + # use could mess up your system, so seek advice first! + metadata_read_only = 0 + + # Configuration option global/mirror_segtype_default. + # The segment type used by the short mirroring option -m. + # The --type mirror|raid1 option overrides this setting. + # + # Accepted values: + # mirror + # The original RAID1 implementation from LVM/DM. It is + # characterized by a flexible log solution (core, disk, mirrored), + # and by the necessity to block I/O while handling a failure. + # There is an inherent race in the dmeventd failure handling logic + # with snapshots of devices using this type of RAID1 that in the + # worst case could cause a deadlock. (Also see + # devices/ignore_lvm_mirrors.) + # raid1 + # This is a newer RAID1 implementation using the MD RAID1 + # personality through device-mapper. It is characterized by a + # lack of log options. (A log is always allocated for every + # device and they are placed on the same device as the image, + # so no separate devices are required.) This mirror + # implementation does not require I/O to be blocked while + # handling a failure. This mirror implementation is not + # cluster-aware and cannot be used in a shared (active/active) + # fashion in a cluster. + # + mirror_segtype_default = "raid1" + + # Configuration option global/raid10_segtype_default. + # The segment type used by the -i -m combination. + # The --type raid10|mirror option overrides this setting. + # The --stripes/-i and --mirrors/-m options can both be specified + # during the creation of a logical volume to use both striping and + # mirroring for the LV. There are two different implementations. + # + # Accepted values: + # raid10 + # LVM uses MD's RAID10 personality through DM. This is the + # preferred option. + # mirror + # LVM layers the 'mirror' and 'stripe' segment types. The layering + # is done by creating a mirror LV on top of striped sub-LVs, + # effectively creating a RAID 0+1 array. The layering is suboptimal + # in terms of providing redundancy and performance. + # + raid10_segtype_default = "raid10" + + # Configuration option global/sparse_segtype_default. + # The segment type used by the -V -L combination. + # The --type snapshot|thin option overrides this setting. + # The combination of -V and -L options creates a sparse LV. There are + # two different implementations. + # + # Accepted values: + # snapshot + # The original snapshot implementation from LVM/DM. It uses an old + # snapshot that mixes data and metadata within a single COW + # storage volume and performs poorly when the size of stored data + # passes hundreds of MB. + # thin + # A newer implementation that uses thin provisioning. It has a + # bigger minimal chunk size (64KiB) and uses a separate volume for + # metadata. It has better performance, especially when more data + # is used. It also supports full snapshots. + # + sparse_segtype_default = "thin" + + # Configuration option global/lvdisplay_shows_full_device_path. + # Enable this to reinstate the previous lvdisplay name format. + # The default format for displaying LV names in lvdisplay was changed + # in version 2.02.89 to show the LV name and path separately. + # Previously this was always shown as /dev/vgname/lvname even when that + # was never a valid path in the /dev filesystem. + # This configuration option has an automatic default value. + # lvdisplay_shows_full_device_path = 0 + + # Configuration option global/use_lvmetad. + # Use lvmetad to cache metadata and reduce disk scanning. + # When enabled (and running), lvmetad provides LVM commands with VG + # metadata and PV state. LVM commands then avoid reading this + # information from disks which can be slow. When disabled (or not + # running), LVM commands fall back to scanning disks to obtain VG + # metadata. lvmetad is kept updated via udev rules which must be set + # up for LVM to work correctly. (The udev rules should be installed + # by default.) Without a proper udev setup, changes in the system's + # block device configuration will be unknown to LVM, and ignored + # until a manual 'pvscan --cache' is run. If lvmetad was running + # while use_lvmetad was disabled, it must be stopped, use_lvmetad + # enabled, and then started. When using lvmetad, LV activation is + # switched to an automatic, event-based mode. In this mode, LVs are + # activated based on incoming udev events that inform lvmetad when + # PVs appear on the system. When a VG is complete (all PVs present), + # it is auto-activated. The auto_activation_volume_list setting + # controls which LVs are auto-activated (all by default.) + # When lvmetad is updated (automatically by udev events, or directly + # by pvscan --cache), devices/filter is ignored and all devices are + # scanned by default. lvmetad always keeps unfiltered information + # which is provided to LVM commands. Each LVM command then filters + # based on devices/filter. This does not apply to other, non-regexp, + # filtering settings: component filters such as multipath and MD + # are checked during pvscan --cache. To filter a device and prevent + # scanning from the LVM system entirely, including lvmetad, use + # devices/global_filter. + use_lvmetad = 1 + + # Configuration option global/lvmetad_update_wait_time. + # The number of seconds a command will wait for lvmetad update to finish. + # After waiting for this period, a command will not use lvmetad, and + # will revert to disk scanning. + # This configuration option has an automatic default value. + # lvmetad_update_wait_time = 10 + + # Configuration option global/use_lvmlockd. + # Use lvmlockd for locking among hosts using LVM on shared storage. + # Applicable only if LVM is compiled with lockd support in which + # case there is also lvmlockd(8) man page available for more + # information. + use_lvmlockd = 0 + + # Configuration option global/lvmlockd_lock_retries. + # Retry lvmlockd lock requests this many times. + # Applicable only if LVM is compiled with lockd support + # This configuration option has an automatic default value. + # lvmlockd_lock_retries = 3 + + # Configuration option global/sanlock_lv_extend. + # Size in MiB to extend the internal LV holding sanlock locks. + # The internal LV holds locks for each LV in the VG, and after enough + # LVs have been created, the internal LV needs to be extended. lvcreate + # will automatically extend the internal LV when needed by the amount + # specified here. Setting this to 0 disables the automatic extension + # and can cause lvcreate to fail. Applicable only if LVM is compiled + # with lockd support + # This configuration option has an automatic default value. + # sanlock_lv_extend = 256 + + # Configuration option global/thin_check_executable. + # The full path to the thin_check command. + # LVM uses this command to check that a thin metadata device is in a + # usable state. When a thin pool is activated and after it is + # deactivated, this command is run. Activation will only proceed if + # the command has an exit status of 0. Set to "" to skip this check. + # (Not recommended.) Also see thin_check_options. + # (See package device-mapper-persistent-data or thin-provisioning-tools) + # This configuration option has an automatic default value. + # thin_check_executable = "/usr/sbin/thin_check" + + # Configuration option global/thin_dump_executable. + # The full path to the thin_dump command. + # LVM uses this command to dump thin pool metadata. + # (See package device-mapper-persistent-data or thin-provisioning-tools) + # This configuration option has an automatic default value. + # thin_dump_executable = "/usr/sbin/thin_dump" + + # Configuration option global/thin_repair_executable. + # The full path to the thin_repair command. + # LVM uses this command to repair a thin metadata device if it is in + # an unusable state. Also see thin_repair_options. + # (See package device-mapper-persistent-data or thin-provisioning-tools) + # This configuration option has an automatic default value. + # thin_repair_executable = "/usr/sbin/thin_repair" + + # Configuration option global/thin_check_options. + # List of options passed to the thin_check command. + # With thin_check version 2.1 or newer you can add the option + # --ignore-non-fatal-errors to let it pass through ignorable errors + # and fix them later. With thin_check version 3.2 or newer you should + # include the option --clear-needs-check-flag. + # This configuration option has an automatic default value. + # thin_check_options = [ "-q", "--clear-needs-check-flag" ] + + # Configuration option global/thin_repair_options. + # List of options passed to the thin_repair command. + # This configuration option has an automatic default value. + # thin_repair_options = [ "" ] + + # Configuration option global/thin_disabled_features. + # Features to not use in the thin driver. + # This can be helpful for testing, or to avoid using a feature that is + # causing problems. Features include: block_size, discards, + # discards_non_power_2, external_origin, metadata_resize, + # external_origin_extend, error_if_no_space. + # + # Example + # thin_disabled_features = [ "discards", "block_size" ] + # + # This configuration option does not have a default value defined. + + # Configuration option global/cache_disabled_features. + # Features to not use in the cache driver. + # This can be helpful for testing, or to avoid using a feature that is + # causing problems. Features include: policy_mq, policy_smq. + # + # Example + # cache_disabled_features = [ "policy_smq" ] + # + # This configuration option does not have a default value defined. + + # Configuration option global/cache_check_executable. + # The full path to the cache_check command. + # LVM uses this command to check that a cache metadata device is in a + # usable state. When a cached LV is activated and after it is + # deactivated, this command is run. Activation will only proceed if the + # command has an exit status of 0. Set to "" to skip this check. + # (Not recommended.) Also see cache_check_options. + # (See package device-mapper-persistent-data or thin-provisioning-tools) + # This configuration option has an automatic default value. + # cache_check_executable = "/usr/sbin/cache_check" + + # Configuration option global/cache_dump_executable. + # The full path to the cache_dump command. + # LVM uses this command to dump cache pool metadata. + # (See package device-mapper-persistent-data or thin-provisioning-tools) + # This configuration option has an automatic default value. + # cache_dump_executable = "/usr/sbin/cache_dump" + + # Configuration option global/cache_repair_executable. + # The full path to the cache_repair command. + # LVM uses this command to repair a cache metadata device if it is in + # an unusable state. Also see cache_repair_options. + # (See package device-mapper-persistent-data or thin-provisioning-tools) + # This configuration option has an automatic default value. + # cache_repair_executable = "/usr/sbin/cache_repair" + + # Configuration option global/cache_check_options. + # List of options passed to the cache_check command. + # With cache_check version 5.0 or newer you should include the option + # --clear-needs-check-flag. + # This configuration option has an automatic default value. + # cache_check_options = [ "-q", "--clear-needs-check-flag" ] + + # Configuration option global/cache_repair_options. + # List of options passed to the cache_repair command. + # This configuration option has an automatic default value. + # cache_repair_options = [ "" ] + + # Configuration option global/system_id_source. + # The method LVM uses to set the local system ID. + # Volume Groups can also be given a system ID (by vgcreate, vgchange, + # or vgimport.) A VG on shared storage devices is accessible only to + # the host with a matching system ID. See 'man lvmsystemid' for + # information on limitations and correct usage. + # + # Accepted values: + # none + # The host has no system ID. + # lvmlocal + # Obtain the system ID from the system_id setting in the 'local' + # section of an lvm configuration file, e.g. lvmlocal.conf. + # uname + # Set the system ID from the hostname (uname) of the system. + # System IDs beginning localhost are not permitted. + # machineid + # Use the contents of the machine-id file to set the system ID. + # Some systems create this file at installation time. + # See 'man machine-id' and global/etc. + # file + # Use the contents of another file (system_id_file) to set the + # system ID. + # + system_id_source = "none" + + # Configuration option global/system_id_file. + # The full path to the file containing a system ID. + # This is used when system_id_source is set to 'file'. + # Comments starting with the character # are ignored. + # This configuration option does not have a default value defined. + + # Configuration option global/use_lvmpolld. + # Use lvmpolld to supervise long running LVM commands. + # When enabled, control of long running LVM commands is transferred + # from the original LVM command to the lvmpolld daemon. This allows + # the operation to continue independent of the original LVM command. + # After lvmpolld takes over, the LVM command displays the progress + # of the ongoing operation. lvmpolld itself runs LVM commands to + # manage the progress of ongoing operations. lvmpolld can be used as + # a native systemd service, which allows it to be started on demand, + # and to use its own control group. When this option is disabled, LVM + # commands will supervise long running operations by forking themselves. + # Applicable only if LVM is compiled with lvmpolld support. + use_lvmpolld = 1 + + # Configuration option global/notify_dbus. + # Enable D-Bus notification from LVM commands. + # When enabled, an LVM command that changes PVs, changes VG metadata, + # or changes the activation state of an LV will send a notification. + notify_dbus = 1 +} + +# Configuration section activation. +activation { + + # Configuration option activation/checks. + # Perform internal checks of libdevmapper operations. + # Useful for debugging problems with activation. Some of the checks may + # be expensive, so it's best to use this only when there seems to be a + # problem. + checks = 0 + + # Configuration option activation/udev_sync. + # Use udev notifications to synchronize udev and LVM. + # The --nodevsync option overrides this setting. + # When disabled, LVM commands will not wait for notifications from + # udev, but continue irrespective of any possible udev processing in + # the background. Only use this if udev is not running or has rules + # that ignore the devices LVM creates. If enabled when udev is not + # running, and LVM processes are waiting for udev, run the command + # 'dmsetup udevcomplete_all' to wake them up. + udev_sync = 1 + + # Configuration option activation/udev_rules. + # Use udev rules to manage LV device nodes and symlinks. + # When disabled, LVM will manage the device nodes and symlinks for + # active LVs itself. Manual intervention may be required if this + # setting is changed while LVs are active. + udev_rules = 1 + + # Configuration option activation/verify_udev_operations. + # Use extra checks in LVM to verify udev operations. + # This enables additional checks (and if necessary, repairs) on entries + # in the device directory after udev has completed processing its + # events. Useful for diagnosing problems with LVM/udev interactions. + verify_udev_operations = 0 + + # Configuration option activation/retry_deactivation. + # Retry failed LV deactivation. + # If LV deactivation fails, LVM will retry for a few seconds before + # failing. This may happen because a process run from a quick udev rule + # temporarily opened the device. + retry_deactivation = 1 + + # Configuration option activation/missing_stripe_filler. + # Method to fill missing stripes when activating an incomplete LV. + # Using 'error' will make inaccessible parts of the device return I/O + # errors on access. You can instead use a device path, in which case, + # that device will be used in place of missing stripes. Using anything + # other than 'error' with mirrored or snapshotted volumes is likely to + # result in data corruption. + # This configuration option is advanced. + missing_stripe_filler = "error" + + # Configuration option activation/use_linear_target. + # Use the linear target to optimize single stripe LVs. + # When disabled, the striped target is used. The linear target is an + # optimised version of the striped target that only handles a single + # stripe. + use_linear_target = 1 + + # Configuration option activation/reserved_stack. + # Stack size in KiB to reserve for use while devices are suspended. + # Insufficent reserve risks I/O deadlock during device suspension. + reserved_stack = 64 + + # Configuration option activation/reserved_memory. + # Memory size in KiB to reserve for use while devices are suspended. + # Insufficent reserve risks I/O deadlock during device suspension. + reserved_memory = 8192 + + # Configuration option activation/process_priority. + # Nice value used while devices are suspended. + # Use a high priority so that LVs are suspended + # for the shortest possible time. + process_priority = -18 + + # Configuration option activation/volume_list. + # Only LVs selected by this list are activated. + # If this list is defined, an LV is only activated if it matches an + # entry in this list. If this list is undefined, it imposes no limits + # on LV activation (all are allowed). + # + # Accepted values: + # vgname + # The VG name is matched exactly and selects all LVs in the VG. + # vgname/lvname + # The VG name and LV name are matched exactly and selects the LV. + # @tag + # Selects an LV if the specified tag matches a tag set on the LV + # or VG. + # @* + # Selects an LV if a tag defined on the host is also set on the LV + # or VG. See tags/hosttags. If any host tags exist but volume_list + # is not defined, a default single-entry list containing '@*' + # is assumed. + # + # Example + # volume_list = [ "vg1", "vg2/lvol1", "@tag1", "@*" ] + # + # This configuration option does not have a default value defined. + + # Configuration option activation/auto_activation_volume_list. + # Only LVs selected by this list are auto-activated. + # This list works like volume_list, but it is used only by + # auto-activation commands. It does not apply to direct activation + # commands. If this list is defined, an LV is only auto-activated + # if it matches an entry in this list. If this list is undefined, it + # imposes no limits on LV auto-activation (all are allowed.) If this + # list is defined and empty, i.e. "[]", then no LVs are selected for + # auto-activation. An LV that is selected by this list for + # auto-activation, must also be selected by volume_list (if defined) + # before it is activated. Auto-activation is an activation command that + # includes the 'a' argument: --activate ay or -a ay. The 'a' (auto) + # argument for auto-activation is meant to be used by activation + # commands that are run automatically by the system, as opposed to LVM + # commands run directly by a user. A user may also use the 'a' flag + # directly to perform auto-activation. Also see pvscan(8) for more + # information about auto-activation. + # + # Accepted values: + # vgname + # The VG name is matched exactly and selects all LVs in the VG. + # vgname/lvname + # The VG name and LV name are matched exactly and selects the LV. + # @tag + # Selects an LV if the specified tag matches a tag set on the LV + # or VG. + # @* + # Selects an LV if a tag defined on the host is also set on the LV + # or VG. See tags/hosttags. If any host tags exist but volume_list + # is not defined, a default single-entry list containing '@*' + # is assumed. + # + # Example + # auto_activation_volume_list = [ "vg1", "vg2/lvol1", "@tag1", "@*" ] + # + # This configuration option does not have a default value defined. + + # Configuration option activation/read_only_volume_list. + # LVs in this list are activated in read-only mode. + # If this list is defined, each LV that is to be activated is checked + # against this list, and if it matches, it is activated in read-only + # mode. This overrides the permission setting stored in the metadata, + # e.g. from --permission rw. + # + # Accepted values: + # vgname + # The VG name is matched exactly and selects all LVs in the VG. + # vgname/lvname + # The VG name and LV name are matched exactly and selects the LV. + # @tag + # Selects an LV if the specified tag matches a tag set on the LV + # or VG. + # @* + # Selects an LV if a tag defined on the host is also set on the LV + # or VG. See tags/hosttags. If any host tags exist but volume_list + # is not defined, a default single-entry list containing '@*' + # is assumed. + # + # Example + # read_only_volume_list = [ "vg1", "vg2/lvol1", "@tag1", "@*" ] + # + # This configuration option does not have a default value defined. + + # Configuration option activation/raid_region_size. + # Size in KiB of each raid or mirror synchronization region. + # For raid or mirror segment types, this is the amount of data that is + # copied at once when initializing, or moved at once by pvmove. + raid_region_size = 512 + + # Configuration option activation/error_when_full. + # Return errors if a thin pool runs out of space. + # The --errorwhenfull option overrides this setting. + # When enabled, writes to thin LVs immediately return an error if the + # thin pool is out of data space. When disabled, writes to thin LVs + # are queued if the thin pool is out of space, and processed when the + # thin pool data space is extended. New thin pools are assigned the + # behavior defined here. + # This configuration option has an automatic default value. + # error_when_full = 0 + + # Configuration option activation/readahead. + # Setting to use when there is no readahead setting in metadata. + # + # Accepted values: + # none + # Disable readahead. + # auto + # Use default value chosen by kernel. + # + readahead = "auto" + + # Configuration option activation/raid_fault_policy. + # Defines how a device failure in a RAID LV is handled. + # This includes LVs that have the following segment types: + # raid1, raid4, raid5*, and raid6*. + # If a device in the LV fails, the policy determines the steps + # performed by dmeventd automatically, and the steps perfomed by the + # manual command lvconvert --repair --use-policies. + # Automatic handling requires dmeventd to be monitoring the LV. + # + # Accepted values: + # warn + # Use the system log to warn the user that a device in the RAID LV + # has failed. It is left to the user to run lvconvert --repair + # manually to remove or replace the failed device. As long as the + # number of failed devices does not exceed the redundancy of the LV + # (1 device for raid4/5, 2 for raid6), the LV will remain usable. + # allocate + # Attempt to use any extra physical volumes in the VG as spares and + # replace faulty devices. + # + raid_fault_policy = "warn" + + # Configuration option activation/mirror_image_fault_policy. + # Defines how a device failure in a 'mirror' LV is handled. + # An LV with the 'mirror' segment type is composed of mirror images + # (copies) and a mirror log. A disk log ensures that a mirror LV does + # not need to be re-synced (all copies made the same) every time a + # machine reboots or crashes. If a device in the LV fails, this policy + # determines the steps perfomed by dmeventd automatically, and the steps + # performed by the manual command lvconvert --repair --use-policies. + # Automatic handling requires dmeventd to be monitoring the LV. + # + # Accepted values: + # remove + # Simply remove the faulty device and run without it. If the log + # device fails, the mirror would convert to using an in-memory log. + # This means the mirror will not remember its sync status across + # crashes/reboots and the entire mirror will be re-synced. If a + # mirror image fails, the mirror will convert to a non-mirrored + # device if there is only one remaining good copy. + # allocate + # Remove the faulty device and try to allocate space on a new + # device to be a replacement for the failed device. Using this + # policy for the log is fast and maintains the ability to remember + # sync state through crashes/reboots. Using this policy for a + # mirror device is slow, as it requires the mirror to resynchronize + # the devices, but it will preserve the mirror characteristic of + # the device. This policy acts like 'remove' if no suitable device + # and space can be allocated for the replacement. + # allocate_anywhere + # Not yet implemented. Useful to place the log device temporarily + # on the same physical volume as one of the mirror images. This + # policy is not recommended for mirror devices since it would break + # the redundant nature of the mirror. This policy acts like + # 'remove' if no suitable device and space can be allocated for the + # replacement. + # + mirror_image_fault_policy = "remove" + + # Configuration option activation/mirror_log_fault_policy. + # Defines how a device failure in a 'mirror' log LV is handled. + # The mirror_image_fault_policy description for mirrored LVs also + # applies to mirrored log LVs. + mirror_log_fault_policy = "allocate" + + # Configuration option activation/snapshot_autoextend_threshold. + # Auto-extend a snapshot when its usage exceeds this percent. + # Setting this to 100 disables automatic extension. + # The minimum value is 50 (a smaller value is treated as 50.) + # Also see snapshot_autoextend_percent. + # Automatic extension requires dmeventd to be monitoring the LV. + # + # Example + # Using 70% autoextend threshold and 20% autoextend size, when a 1G + # snapshot exceeds 700M, it is extended to 1.2G, and when it exceeds + # 840M, it is extended to 1.44G: + # snapshot_autoextend_threshold = 70 + # + snapshot_autoextend_threshold = 100 + + # Configuration option activation/snapshot_autoextend_percent. + # Auto-extending a snapshot adds this percent extra space. + # The amount of additional space added to a snapshot is this + # percent of its current size. + # + # Example + # Using 70% autoextend threshold and 20% autoextend size, when a 1G + # snapshot exceeds 700M, it is extended to 1.2G, and when it exceeds + # 840M, it is extended to 1.44G: + # snapshot_autoextend_percent = 20 + # + snapshot_autoextend_percent = 20 + + # Configuration option activation/thin_pool_autoextend_threshold. + # Auto-extend a thin pool when its usage exceeds this percent. + # Setting this to 100 disables automatic extension. + # The minimum value is 50 (a smaller value is treated as 50.) + # Also see thin_pool_autoextend_percent. + # Automatic extension requires dmeventd to be monitoring the LV. + # + # Example + # Using 70% autoextend threshold and 20% autoextend size, when a 1G + # thin pool exceeds 700M, it is extended to 1.2G, and when it exceeds + # 840M, it is extended to 1.44G: + # thin_pool_autoextend_threshold = 70 + # + thin_pool_autoextend_threshold = 100 + + # Configuration option activation/thin_pool_autoextend_percent. + # Auto-extending a thin pool adds this percent extra space. + # The amount of additional space added to a thin pool is this + # percent of its current size. + # + # Example + # Using 70% autoextend threshold and 20% autoextend size, when a 1G + # thin pool exceeds 700M, it is extended to 1.2G, and when it exceeds + # 840M, it is extended to 1.44G: + # thin_pool_autoextend_percent = 20 + # + thin_pool_autoextend_percent = 20 + + # Configuration option activation/mlock_filter. + # Do not mlock these memory areas. + # While activating devices, I/O to devices being (re)configured is + # suspended. As a precaution against deadlocks, LVM pins memory it is + # using so it is not paged out, and will not require I/O to reread. + # Groups of pages that are known not to be accessed during activation + # do not need to be pinned into memory. Each string listed in this + # setting is compared against each line in /proc/self/maps, and the + # pages corresponding to lines that match are not pinned. On some + # systems, locale-archive was found to make up over 80% of the memory + # used by the process. + # + # Example + # mlock_filter = [ "locale/locale-archive", "gconv/gconv-modules.cache" ] + # + # This configuration option is advanced. + # This configuration option does not have a default value defined. + + # Configuration option activation/use_mlockall. + # Use the old behavior of mlockall to pin all memory. + # Prior to version 2.02.62, LVM used mlockall() to pin the whole + # process's memory while activating devices. + use_mlockall = 0 + + # Configuration option activation/monitoring. + # Monitor LVs that are activated. + # The --ignoremonitoring option overrides this setting. + # When enabled, LVM will ask dmeventd to monitor activated LVs. + monitoring = 1 + + # Configuration option activation/polling_interval. + # Check pvmove or lvconvert progress at this interval (seconds). + # When pvmove or lvconvert must wait for the kernel to finish + # synchronising or merging data, they check and report progress at + # intervals of this number of seconds. If this is set to 0 and there + # is only one thing to wait for, there are no progress reports, but + # the process is awoken immediately once the operation is complete. + polling_interval = 15 + + # Configuration option activation/auto_set_activation_skip. + # Set the activation skip flag on new thin snapshot LVs. + # The --setactivationskip option overrides this setting. + # An LV can have a persistent 'activation skip' flag. The flag causes + # the LV to be skipped during normal activation. The lvchange/vgchange + # -K option is required to activate LVs that have the activation skip + # flag set. When this setting is enabled, the activation skip flag is + # set on new thin snapshot LVs. + # This configuration option has an automatic default value. + # auto_set_activation_skip = 1 + + # Configuration option activation/activation_mode. + # How LVs with missing devices are activated. + # The --activationmode option overrides this setting. + # + # Accepted values: + # complete + # Only allow activation of an LV if all of the Physical Volumes it + # uses are present. Other PVs in the Volume Group may be missing. + # degraded + # Like complete, but additionally RAID LVs of segment type raid1, + # raid4, raid5, radid6 and raid10 will be activated if there is no + # data loss, i.e. they have sufficient redundancy to present the + # entire addressable range of the Logical Volume. + # partial + # Allows the activation of any LV even if a missing or failed PV + # could cause data loss with a portion of the LV inaccessible. + # This setting should not normally be used, but may sometimes + # assist with data recovery. + # + activation_mode = "degraded" + + # Configuration option activation/lock_start_list. + # Locking is started only for VGs selected by this list. + # The rules are the same as those for volume_list. + # This configuration option does not have a default value defined. + + # Configuration option activation/auto_lock_start_list. + # Locking is auto-started only for VGs selected by this list. + # The rules are the same as those for auto_activation_volume_list. + # This configuration option does not have a default value defined. +} + +# Configuration section metadata. +# This configuration section has an automatic default value. +# metadata { + + # Configuration option metadata/check_pv_device_sizes. + # Check device sizes are not smaller than corresponding PV sizes. + # If device size is less than corresponding PV size found in metadata, + # there is always a risk of data loss. If this option is set, then LVM + # issues a warning message each time it finds that the device size is + # less than corresponding PV size. You should not disable this unless + # you are absolutely sure about what you are doing! + # This configuration option is advanced. + # This configuration option has an automatic default value. + # check_pv_device_sizes = 1 + + # Configuration option metadata/record_lvs_history. + # When enabled, LVM keeps history records about removed LVs in + # metadata. The information that is recorded in metadata for + # historical LVs is reduced when compared to original + # information kept in metadata for live LVs. Currently, this + # feature is supported for thin and thin snapshot LVs only. + # This configuration option has an automatic default value. + # record_lvs_history = 0 + + # Configuration option metadata/lvs_history_retention_time. + # Retention time in seconds after which a record about individual + # historical logical volume is automatically destroyed. + # A value of 0 disables this feature. + # This configuration option has an automatic default value. + # lvs_history_retention_time = 0 + + # Configuration option metadata/pvmetadatacopies. + # Number of copies of metadata to store on each PV. + # The --pvmetadatacopies option overrides this setting. + # + # Accepted values: + # 2 + # Two copies of the VG metadata are stored on the PV, one at the + # front of the PV, and one at the end. + # 1 + # One copy of VG metadata is stored at the front of the PV. + # 0 + # No copies of VG metadata are stored on the PV. This may be + # useful for VGs containing large numbers of PVs. + # + # This configuration option is advanced. + # This configuration option has an automatic default value. + # pvmetadatacopies = 1 + + # Configuration option metadata/vgmetadatacopies. + # Number of copies of metadata to maintain for each VG. + # The --vgmetadatacopies option overrides this setting. + # If set to a non-zero value, LVM automatically chooses which of the + # available metadata areas to use to achieve the requested number of + # copies of the VG metadata. If you set a value larger than the the + # total number of metadata areas available, then metadata is stored in + # them all. The value 0 (unmanaged) disables this automatic management + # and allows you to control which metadata areas are used at the + # individual PV level using pvchange --metadataignore y|n. + # This configuration option has an automatic default value. + # vgmetadatacopies = 0 + + # Configuration option metadata/pvmetadatasize. + # Approximate number of sectors to use for each metadata copy. + # VGs with large numbers of PVs or LVs, or VGs containing complex LV + # structures, may need additional space for VG metadata. The metadata + # areas are treated as circular buffers, so unused space becomes filled + # with an archive of the most recent previous versions of the metadata. + # This configuration option has an automatic default value. + # pvmetadatasize = 255 + + # Configuration option metadata/pvmetadataignore. + # Ignore metadata areas on a new PV. + # The --metadataignore option overrides this setting. + # If metadata areas on a PV are ignored, LVM will not store metadata + # in them. + # This configuration option is advanced. + # This configuration option has an automatic default value. + # pvmetadataignore = 0 + + # Configuration option metadata/stripesize. + # This configuration option is advanced. + # This configuration option has an automatic default value. + # stripesize = 64 + + # Configuration option metadata/dirs. + # Directories holding live copies of text format metadata. + # These directories must not be on logical volumes! + # It's possible to use LVM with a couple of directories here, + # preferably on different (non-LV) filesystems, and with no other + # on-disk metadata (pvmetadatacopies = 0). Or this can be in addition + # to on-disk metadata areas. The feature was originally added to + # simplify testing and is not supported under low memory situations - + # the machine could lock up. Never edit any files in these directories + # by hand unless you are absolutely sure you know what you are doing! + # Use the supplied toolset to make changes (e.g. vgcfgrestore). + # + # Example + # dirs = [ "/etc/lvm/metadata", "/mnt/disk2/lvm/metadata2" ] + # + # This configuration option is advanced. + # This configuration option does not have a default value defined. +# } + +# Configuration section report. +# LVM report command output formatting. +# This configuration section has an automatic default value. +# report { + + # Configuration option report/output_format. + # Format of LVM command's report output. + # If there is more than one report per command, then the format + # is applied for all reports. You can also change output format + # directly on command line using --reportformat option which + # has precedence over log/output_format setting. + # Accepted values: + # basic + # Original format with columns and rows. If there is more than + # one report per command, each report is prefixed with report's + # name for identification. + # json + # JSON format. + # This configuration option has an automatic default value. + # output_format = "basic" + + # Configuration option report/compact_output. + # Do not print empty values for all report fields. + # If enabled, all fields that don't have a value set for any of the + # rows reported are skipped and not printed. Compact output is + # applicable only if report/buffered is enabled. If you need to + # compact only specified fields, use compact_output=0 and define + # report/compact_output_cols configuration setting instead. + # This configuration option has an automatic default value. + # compact_output = 0 + + # Configuration option report/compact_output_cols. + # Do not print empty values for specified report fields. + # If defined, specified fields that don't have a value set for any + # of the rows reported are skipped and not printed. Compact output + # is applicable only if report/buffered is enabled. If you need to + # compact all fields, use compact_output=1 instead in which case + # the compact_output_cols setting is then ignored. + # This configuration option has an automatic default value. + # compact_output_cols = "" + + # Configuration option report/aligned. + # Align columns in report output. + # This configuration option has an automatic default value. + # aligned = 1 + + # Configuration option report/buffered. + # Buffer report output. + # When buffered reporting is used, the report's content is appended + # incrementally to include each object being reported until the report + # is flushed to output which normally happens at the end of command + # execution. Otherwise, if buffering is not used, each object is + # reported as soon as its processing is finished. + # This configuration option has an automatic default value. + # buffered = 1 + + # Configuration option report/headings. + # Show headings for columns on report. + # This configuration option has an automatic default value. + # headings = 1 + + # Configuration option report/separator. + # A separator to use on report after each field. + # This configuration option has an automatic default value. + # separator = " " + + # Configuration option report/list_item_separator. + # A separator to use for list items when reported. + # This configuration option has an automatic default value. + # list_item_separator = "," + + # Configuration option report/prefixes. + # Use a field name prefix for each field reported. + # This configuration option has an automatic default value. + # prefixes = 0 + + # Configuration option report/quoted. + # Quote field values when using field name prefixes. + # This configuration option has an automatic default value. + # quoted = 1 + + # Configuration option report/columns_as_rows. + # Output each column as a row. + # If set, this also implies report/prefixes=1. + # This configuration option has an automatic default value. + # columns_as_rows = 0 + + # Configuration option report/binary_values_as_numeric. + # Use binary values 0 or 1 instead of descriptive literal values. + # For columns that have exactly two valid values to report + # (not counting the 'unknown' value which denotes that the + # value could not be determined). + # This configuration option has an automatic default value. + # binary_values_as_numeric = 0 + + # Configuration option report/time_format. + # Set time format for fields reporting time values. + # Format specification is a string which may contain special character + # sequences and ordinary character sequences. Ordinary character + # sequences are copied verbatim. Each special character sequence is + # introduced by the '%' character and such sequence is then + # substituted with a value as described below. + # + # Accepted values: + # %a + # The abbreviated name of the day of the week according to the + # current locale. + # %A + # The full name of the day of the week according to the current + # locale. + # %b + # The abbreviated month name according to the current locale. + # %B + # The full month name according to the current locale. + # %c + # The preferred date and time representation for the current + # locale (alt E) + # %C + # The century number (year/100) as a 2-digit integer. (alt E) + # %d + # The day of the month as a decimal number (range 01 to 31). + # (alt O) + # %D + # Equivalent to %m/%d/%y. (For Americans only. Americans should + # note that in other countries%d/%m/%y is rather common. This + # means that in international context this format is ambiguous and + # should not be used. + # %e + # Like %d, the day of the month as a decimal number, but a leading + # zero is replaced by a space. (alt O) + # %E + # Modifier: use alternative local-dependent representation if + # available. + # %F + # Equivalent to %Y-%m-%d (the ISO 8601 date format). + # %G + # The ISO 8601 week-based year with century as adecimal number. + # The 4-digit year corresponding to the ISO week number (see %V). + # This has the same format and value as %Y, except that if the + # ISO week number belongs to the previous or next year, that year + # is used instead. + # %g + # Like %G, but without century, that is, with a 2-digit year + # (00-99). + # %h + # Equivalent to %b. + # %H + # The hour as a decimal number using a 24-hour clock + # (range 00 to 23). (alt O) + # %I + # The hour as a decimal number using a 12-hour clock + # (range 01 to 12). (alt O) + # %j + # The day of the year as a decimal number (range 001 to 366). + # %k + # The hour (24-hour clock) as a decimal number (range 0 to 23); + # single digits are preceded by a blank. (See also %H.) + # %l + # The hour (12-hour clock) as a decimal number (range 1 to 12); + # single digits are preceded by a blank. (See also %I.) + # %m + # The month as a decimal number (range 01 to 12). (alt O) + # %M + # The minute as a decimal number (range 00 to 59). (alt O) + # %O + # Modifier: use alternative numeric symbols. + # %p + # Either "AM" or "PM" according to the given time value, + # or the corresponding strings for the current locale. Noon is + # treated as "PM" and midnight as "AM". + # %P + # Like %p but in lowercase: "am" or "pm" or a corresponding + # string for the current locale. + # %r + # The time in a.m. or p.m. notation. In the POSIX locale this is + # equivalent to %I:%M:%S %p. + # %R + # The time in 24-hour notation (%H:%M). For a version including + # the seconds, see %T below. + # %s + # The number of seconds since the Epoch, + # 1970-01-01 00:00:00 +0000 (UTC) + # %S + # The second as a decimal number (range 00 to 60). (The range is + # up to 60 to allow for occasional leap seconds.) (alt O) + # %t + # A tab character. + # %T + # The time in 24-hour notation (%H:%M:%S). + # %u + # The day of the week as a decimal, range 1 to 7, Monday being 1. + # See also %w. (alt O) + # %U + # The week number of the current year as a decimal number, + # range 00 to 53, starting with the first Sunday as the first + # day of week 01. See also %V and %W. (alt O) + # %V + # The ISO 8601 week number of the current year as a decimal number, + # range 01 to 53, where week 1 is the first week that has at least + # 4 days in the new year. See also %U and %W. (alt O) + # %w + # The day of the week as a decimal, range 0 to 6, Sunday being 0. + # See also %u. (alt O) + # %W + # The week number of the current year as a decimal number, + # range 00 to 53, starting with the first Monday as the first day + # of week 01. (alt O) + # %x + # The preferred date representation for the current locale without + # the time. (alt E) + # %X + # The preferred time representation for the current locale without + # the date. (alt E) + # %y + # The year as a decimal number without a century (range 00 to 99). + # (alt E, alt O) + # %Y + # The year as a decimal number including the century. (alt E) + # %z + # The +hhmm or -hhmm numeric timezone (that is, the hour and minute + # offset from UTC). + # %Z + # The timezone name or abbreviation. + # %% + # A literal '%' character. + # + # This configuration option has an automatic default value. + # time_format = "%Y-%m-%d %T %z" + + # Configuration option report/devtypes_sort. + # List of columns to sort by when reporting 'lvm devtypes' command. + # See 'lvm devtypes -o help' for the list of possible fields. + # This configuration option has an automatic default value. + # devtypes_sort = "devtype_name" + + # Configuration option report/devtypes_cols. + # List of columns to report for 'lvm devtypes' command. + # See 'lvm devtypes -o help' for the list of possible fields. + # This configuration option has an automatic default value. + # devtypes_cols = "devtype_name,devtype_max_partitions,devtype_description" + + # Configuration option report/devtypes_cols_verbose. + # List of columns to report for 'lvm devtypes' command in verbose mode. + # See 'lvm devtypes -o help' for the list of possible fields. + # This configuration option has an automatic default value. + # devtypes_cols_verbose = "devtype_name,devtype_max_partitions,devtype_description" + + # Configuration option report/lvs_sort. + # List of columns to sort by when reporting 'lvs' command. + # See 'lvs -o help' for the list of possible fields. + # This configuration option has an automatic default value. + # lvs_sort = "vg_name,lv_name" + + # Configuration option report/lvs_cols. + # List of columns to report for 'lvs' command. + # See 'lvs -o help' for the list of possible fields. + # This configuration option has an automatic default value. + # lvs_cols = "lv_name,vg_name,lv_attr,lv_size,pool_lv,origin,data_percent,metadata_percent,move_pv,mirror_log,copy_percent,convert_lv" + + # Configuration option report/lvs_cols_verbose. + # List of columns to report for 'lvs' command in verbose mode. + # See 'lvs -o help' for the list of possible fields. + # This configuration option has an automatic default value. + # lvs_cols_verbose = "lv_name,vg_name,seg_count,lv_attr,lv_size,lv_major,lv_minor,lv_kernel_major,lv_kernel_minor,pool_lv,origin,data_percent,metadata_percent,move_pv,copy_percent,mirror_log,convert_lv,lv_uuid,lv_profile" + + # Configuration option report/vgs_sort. + # List of columns to sort by when reporting 'vgs' command. + # See 'vgs -o help' for the list of possible fields. + # This configuration option has an automatic default value. + # vgs_sort = "vg_name" + + # Configuration option report/vgs_cols. + # List of columns to report for 'vgs' command. + # See 'vgs -o help' for the list of possible fields. + # This configuration option has an automatic default value. + # vgs_cols = "vg_name,pv_count,lv_count,snap_count,vg_attr,vg_size,vg_free" + + # Configuration option report/vgs_cols_verbose. + # List of columns to report for 'vgs' command in verbose mode. + # See 'vgs -o help' for the list of possible fields. + # This configuration option has an automatic default value. + # vgs_cols_verbose = "vg_name,vg_attr,vg_extent_size,pv_count,lv_count,snap_count,vg_size,vg_free,vg_uuid,vg_profile" + + # Configuration option report/pvs_sort. + # List of columns to sort by when reporting 'pvs' command. + # See 'pvs -o help' for the list of possible fields. + # This configuration option has an automatic default value. + # pvs_sort = "pv_name" + + # Configuration option report/pvs_cols. + # List of columns to report for 'pvs' command. + # See 'pvs -o help' for the list of possible fields. + # This configuration option has an automatic default value. + # pvs_cols = "pv_name,vg_name,pv_fmt,pv_attr,pv_size,pv_free" + + # Configuration option report/pvs_cols_verbose. + # List of columns to report for 'pvs' command in verbose mode. + # See 'pvs -o help' for the list of possible fields. + # This configuration option has an automatic default value. + # pvs_cols_verbose = "pv_name,vg_name,pv_fmt,pv_attr,pv_size,pv_free,dev_size,pv_uuid" + + # Configuration option report/segs_sort. + # List of columns to sort by when reporting 'lvs --segments' command. + # See 'lvs --segments -o help' for the list of possible fields. + # This configuration option has an automatic default value. + # segs_sort = "vg_name,lv_name,seg_start" + + # Configuration option report/segs_cols. + # List of columns to report for 'lvs --segments' command. + # See 'lvs --segments -o help' for the list of possible fields. + # This configuration option has an automatic default value. + # segs_cols = "lv_name,vg_name,lv_attr,stripes,segtype,seg_size" + + # Configuration option report/segs_cols_verbose. + # List of columns to report for 'lvs --segments' command in verbose mode. + # See 'lvs --segments -o help' for the list of possible fields. + # This configuration option has an automatic default value. + # segs_cols_verbose = "lv_name,vg_name,lv_attr,seg_start,seg_size,stripes,segtype,stripesize,chunksize" + + # Configuration option report/pvsegs_sort. + # List of columns to sort by when reporting 'pvs --segments' command. + # See 'pvs --segments -o help' for the list of possible fields. + # This configuration option has an automatic default value. + # pvsegs_sort = "pv_name,pvseg_start" + + # Configuration option report/pvsegs_cols. + # List of columns to sort by when reporting 'pvs --segments' command. + # See 'pvs --segments -o help' for the list of possible fields. + # This configuration option has an automatic default value. + # pvsegs_cols = "pv_name,vg_name,pv_fmt,pv_attr,pv_size,pv_free,pvseg_start,pvseg_size" + + # Configuration option report/pvsegs_cols_verbose. + # List of columns to sort by when reporting 'pvs --segments' command in verbose mode. + # See 'pvs --segments -o help' for the list of possible fields. + # This configuration option has an automatic default value. + # pvsegs_cols_verbose = "pv_name,vg_name,pv_fmt,pv_attr,pv_size,pv_free,pvseg_start,pvseg_size,lv_name,seg_start_pe,segtype,seg_pe_ranges" + + # Configuration option report/vgs_cols_full. + # List of columns to report for lvm fullreport's 'vgs' subreport. + # See 'vgs -o help' for the list of possible fields. + # This configuration option has an automatic default value. + # vgs_cols_full = "vg_all" + + # Configuration option report/pvs_cols_full. + # List of columns to report for lvm fullreport's 'vgs' subreport. + # See 'pvs -o help' for the list of possible fields. + # This configuration option has an automatic default value. + # pvs_cols_full = "pv_all" + + # Configuration option report/lvs_cols_full. + # List of columns to report for lvm fullreport's 'lvs' subreport. + # See 'lvs -o help' for the list of possible fields. + # This configuration option has an automatic default value. + # lvs_cols_full = "lv_all" + + # Configuration option report/pvsegs_cols_full. + # List of columns to report for lvm fullreport's 'pvseg' subreport. + # See 'pvs --segments -o help' for the list of possible fields. + # This configuration option has an automatic default value. + # pvsegs_cols_full = "pvseg_all,pv_uuid,lv_uuid" + + # Configuration option report/segs_cols_full. + # List of columns to report for lvm fullreport's 'seg' subreport. + # See 'lvs --segments -o help' for the list of possible fields. + # This configuration option has an automatic default value. + # segs_cols_full = "seg_all,lv_uuid" + + # Configuration option report/vgs_sort_full. + # List of columns to sort by when reporting lvm fullreport's 'vgs' subreport. + # See 'vgs -o help' for the list of possible fields. + # This configuration option has an automatic default value. + # vgs_sort_full = "vg_name" + + # Configuration option report/pvs_sort_full. + # List of columns to sort by when reporting lvm fullreport's 'vgs' subreport. + # See 'pvs -o help' for the list of possible fields. + # This configuration option has an automatic default value. + # pvs_sort_full = "pv_name" + + # Configuration option report/lvs_sort_full. + # List of columns to sort by when reporting lvm fullreport's 'lvs' subreport. + # See 'lvs -o help' for the list of possible fields. + # This configuration option has an automatic default value. + # lvs_sort_full = "vg_name,lv_name" + + # Configuration option report/pvsegs_sort_full. + # List of columns to sort by when reporting for lvm fullreport's 'pvseg' subreport. + # See 'pvs --segments -o help' for the list of possible fields. + # This configuration option has an automatic default value. + # pvsegs_sort_full = "pv_uuid,pvseg_start" + + # Configuration option report/segs_sort_full. + # List of columns to sort by when reporting lvm fullreport's 'seg' subreport. + # See 'lvs --segments -o help' for the list of possible fields. + # This configuration option has an automatic default value. + # segs_sort_full = "lv_uuid,seg_start" + + # Configuration option report/mark_hidden_devices. + # Use brackets [] to mark hidden devices. + # This configuration option has an automatic default value. + # mark_hidden_devices = 1 + + # Configuration option report/two_word_unknown_device. + # Use the two words 'unknown device' in place of '[unknown]'. + # This is displayed when the device for a PV is not known. + # This configuration option has an automatic default value. + # two_word_unknown_device = 0 +# } + +# Configuration section dmeventd. +# Settings for the LVM event daemon. +dmeventd { + + # Configuration option dmeventd/mirror_library. + # The library dmeventd uses when monitoring a mirror device. + # libdevmapper-event-lvm2mirror.so attempts to recover from + # failures. It removes failed devices from a volume group and + # reconfigures a mirror as necessary. If no mirror library is + # provided, mirrors are not monitored through dmeventd. + mirror_library = "libdevmapper-event-lvm2mirror.so" + + # Configuration option dmeventd/raid_library. + # This configuration option has an automatic default value. + # raid_library = "libdevmapper-event-lvm2raid.so" + + # Configuration option dmeventd/snapshot_library. + # The library dmeventd uses when monitoring a snapshot device. + # libdevmapper-event-lvm2snapshot.so monitors the filling of snapshots + # and emits a warning through syslog when the usage exceeds 80%. The + # warning is repeated when 85%, 90% and 95% of the snapshot is filled. + snapshot_library = "libdevmapper-event-lvm2snapshot.so" + + # Configuration option dmeventd/thin_library. + # The library dmeventd uses when monitoring a thin device. + # libdevmapper-event-lvm2thin.so monitors the filling of a pool + # and emits a warning through syslog when the usage exceeds 80%. The + # warning is repeated when 85%, 90% and 95% of the pool is filled. + thin_library = "libdevmapper-event-lvm2thin.so" + + # Configuration option dmeventd/executable. + # The full path to the dmeventd binary. + # This configuration option has an automatic default value. + # executable = "/sbin/dmeventd" +} + +# Configuration section tags. +# Host tag settings. +# This configuration section has an automatic default value. +# tags { + + # Configuration option tags/hosttags. + # Create a host tag using the machine name. + # The machine name is nodename returned by uname(2). + # This configuration option has an automatic default value. + # hosttags = 0 + + # Configuration section tags/<tag>. + # Replace this subsection name with a custom tag name. + # Multiple subsections like this can be created. The '@' prefix for + # tags is optional. This subsection can contain host_list, which is a + # list of machine names. If the name of the local machine is found in + # host_list, then the name of this subsection is used as a tag and is + # applied to the local machine as a 'host tag'. If this subsection is + # empty (has no host_list), then the subsection name is always applied + # as a 'host tag'. + # + # Example + # The host tag foo is given to all hosts, and the host tag + # bar is given to the hosts named machine1 and machine2. + # tags { foo { } bar { host_list = [ "machine1", "machine2" ] } } + # + # This configuration section has variable name. + # This configuration section has an automatic default value. + # tag { + + # Configuration option tags/<tag>/host_list. + # A list of machine names. + # These machine names are compared to the nodename returned + # by uname(2). If the local machine name matches an entry in + # this list, the name of the subsection is applied to the + # machine as a 'host tag'. + # This configuration option does not have a default value defined. + # } +# } diff --git a/grid5000/steps/data/setup/puppet/modules/env/files/std/net_access/iptables b/grid5000/steps/data/setup/puppet/modules/env/files/std/net_access/iptables new file mode 100644 index 0000000..9721f72 --- /dev/null +++ b/grid5000/steps/data/setup/puppet/modules/env/files/std/net_access/iptables @@ -0,0 +1,31 @@ +#!/bin/sh + +# MANAGED BY PUPPET +# Module:: env::std::net_access +# + +/sbin/iptables-restore <<EOF +*filter + +:INPUT ACCEPT [0:0] +:FORWARD ACCEPT [0:0] +:OUTPUT ACCEPT [0:0] + +#Log outgoing traffic to NAT +# ACCEPT even if it's the default policy : Avoid having these destinations in the logs +-A OUTPUT -d 127.0.0.1 -j ACCEPT +-A OUTPUT -d 172.16.0.0/12 -j ACCEPT +-A OUTPUT -d 10.0.0.0/8 -j ACCEPT +-A OUTPUT -d 192.168.4.0/24 -j ACCEPT +-A OUTPUT -d 192.168.66.0/24 -j ACCEPT +# Multicast traffic +-A OUTPUT -d 224.0.0.0/4 -j ACCEPT + +# Rate-limit UDP logging to 10 pkt/s per destination IP +# https://intranet.grid5000.fr/bugzilla/show_bug.cgi?id=12295 +-A OUTPUT -p udp -m hashlimit --hashlimit-name UDPG5K --hashlimit-rate-match --hashlimit-above 10/s --hashlimit-mode dstip -j ACCEPT + +# Log everything else : it's going outside g5k +-A OUTPUT -m conntrack --ctstate NEW -j LOG --log-level 7 --log-uid --log-prefix "outgoing traffic " +COMMIT +EOF diff --git a/grid5000/steps/data/setup/puppet/modules/env/files/std/net_access/iptables.stretch b/grid5000/steps/data/setup/puppet/modules/env/files/std/net_access/iptables.stretch new file mode 100644 index 0000000..ab5e59e --- /dev/null +++ b/grid5000/steps/data/setup/puppet/modules/env/files/std/net_access/iptables.stretch @@ -0,0 +1,27 @@ +#!/bin/sh + +# MANAGED BY PUPPET +# Module:: env::std::net_access +# + +/sbin/iptables-restore <<EOF +*filter + +:INPUT ACCEPT [0:0] +:FORWARD ACCEPT [0:0] +:OUTPUT ACCEPT [0:0] + +#Log outgoing traffic to NAT +# ACCEPT even if it's the default policy : Avoid having these destinations in the logs +-A OUTPUT -d 127.0.0.1 -j ACCEPT +-A OUTPUT -d 172.16.0.0/12 -j ACCEPT +-A OUTPUT -d 10.0.0.0/8 -j ACCEPT +-A OUTPUT -d 192.168.4.0/24 -j ACCEPT +-A OUTPUT -d 192.168.66.0/24 -j ACCEPT +# Multicast traffic +-A OUTPUT -d 224.0.0.0/4 -j ACCEPT + +# Log everything else : it's going outside g5k +-A OUTPUT -m conntrack --ctstate NEW -j LOG --log-level 7 --log-uid --log-prefix "outgoing traffic " +COMMIT +EOF diff --git a/grid5000/steps/data/setup/puppet/modules/env/files/std/net_access/rsyslog.conf b/grid5000/steps/data/setup/puppet/modules/env/files/std/net_access/rsyslog.conf new file mode 100644 index 0000000..7ccecda --- /dev/null +++ b/grid5000/steps/data/setup/puppet/modules/env/files/std/net_access/rsyslog.conf @@ -0,0 +1,113 @@ +# INSTALLED BY PUPPET +# File : puppet:///modules/syslogg5k/frontend/rsyslog.conf +# +# /etc/rsyslog.conf Configuration file for rsyslog. +# +# For more information see +# /usr/share/doc/rsyslog-doc/html/rsyslog_conf.html + + +################# +#### MODULES #### +################# + +$ModLoad imuxsock # provides support for local system logging +$ModLoad imklog # provides kernel logging support +#$ModLoad immark # provides --MARK-- message capability + +# provides UDP syslog reception +#$ModLoad imudp +#$UDPServerRun 514 + +# provides TCP syslog reception +#$ModLoad imtcp +#$InputTCPServerRun 514 + + +########################### +#### GLOBAL DIRECTIVES #### +########################### + +# +# Use traditional timestamp format. +# To enable high precision timestamps, comment out the following line. +# +$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat + +# +# Set the default permissions for all log files. +# +$FileOwner root +$FileGroup adm +$FileCreateMode 0640 +$DirCreateMode 0755 +$Umask 0022 + +# +# Where to place spool and state files +# +$WorkDirectory /var/spool/rsyslog + +# +# Include all config files in /etc/rsyslog.d/ +# +$IncludeConfig /etc/rsyslog.d/*.conf + + +############### +#### RULES #### +############### +# +# First some standard log files. Log by facility. +# +auth,authpriv.* /var/log/auth.log +*.*;auth,authpriv.none -/var/log/syslog +#cron.* /var/log/cron.log +daemon.* -/var/log/daemon.log +kern.* -/var/log/kern.log +lpr.* -/var/log/lpr.log +mail.* -/var/log/mail.log +user.* -/var/log/user.log + +# +# Logging for the mail system. Split it up so that +# it is easy to write scripts to parse these files. +# +mail.info -/var/log/mail.info +mail.warn -/var/log/mail.warn +mail.err /var/log/mail.err + +# +# Logging for INN news system. +# +news.crit /var/log/news/news.crit +news.err /var/log/news/news.err +news.notice -/var/log/news/news.notice + +# +# Some "catch-all" log files. +# +*.=debug;\ + auth,authpriv.none;\ + news.none;mail.none -/var/log/debug +*.=info;*.=notice;*.=warn;\ + auth,authpriv.none;\ + cron,daemon.none;\ + mail,news.none -/var/log/messages + +# +# Emergencies are sent to everybody logged in. +# +*.emerg :omusrmsg:* + +# +# I like to have messages displayed on the console, but only on a virtual +# console I usually leave idle. +# +#daemon,mail.*;\ +# news.=crit;news.=err;news.=notice;\ +# *.=debug;*.=info;\ +# *.=notice;*.=warn /dev/tty8 + +# Redirect Phoenix log to syslog.rennes +local7.* @syslog.rennes.grid5000.fr:514 diff --git a/grid5000/steps/data/setup/puppet/modules/env/files/std/net_access/syslog_iptables.conf b/grid5000/steps/data/setup/puppet/modules/env/files/std/net_access/syslog_iptables.conf new file mode 100644 index 0000000..3e4d28e --- /dev/null +++ b/grid5000/steps/data/setup/puppet/modules/env/files/std/net_access/syslog_iptables.conf @@ -0,0 +1,7 @@ +#Redirect iptables log to gwol syslog : http://www.rsyslog.com/doc/v8-stable/tutorials/reliable_forwarding.html -> Forwarding to More than One Server +$ActionQueueType LinkedList # use asynchronous processing +$ActionQueueFileName srvrfwd1 # set file name, also enables disk mode +$ActionResumeRetryCount -1 # infinite retries on insert failure +$ActionQueueSaveOnShutdown on # save in-memory data if rsyslog shuts down +:msg, contains, "outgoing traffic " @@gwol-north.grid5000.fr:514 +:msg, contains, "outgoing traffic " @@gwol-south.grid5000.fr:514 diff --git a/grid5000/steps/data/setup/puppet/modules/env/files/std/nvidia_configure/nvidia-reset-mig b/grid5000/steps/data/setup/puppet/modules/env/files/std/nvidia_configure/nvidia-reset-mig new file mode 100644 index 0000000..e17ccbc --- /dev/null +++ b/grid5000/steps/data/setup/puppet/modules/env/files/std/nvidia_configure/nvidia-reset-mig @@ -0,0 +1,16 @@ +#!/bin/bash +GPU=`/usr/bin/nvidia-smi --query-gpu=index --format=csv,noheader 2> /dev/null` +if [ $? -eq 9 ] ; then + echo "`hostname` node don't have GPU" +else + for i in $GPU + do + mig=`/usr/bin/nvidia-smi -i $i -mig 0` + if [[ $mig =~ "Not Supported" ]]; then + echo "GPU $i isn't compatible with MIG" + else + echo "OK : Disabled MIG Mode for GPU $i" + fi + done +fi +exit 0 diff --git a/grid5000/steps/data/setup/puppet/modules/env/files/std/nvidia_configure/nvidia-reset-mig.service b/grid5000/steps/data/setup/puppet/modules/env/files/std/nvidia_configure/nvidia-reset-mig.service new file mode 100644 index 0000000..2742427 --- /dev/null +++ b/grid5000/steps/data/setup/puppet/modules/env/files/std/nvidia_configure/nvidia-reset-mig.service @@ -0,0 +1,10 @@ +[Unit] +Description=Reset MIG configuration on GPU nvidia A100 +Before=dcgm-exporter.service prometheus-node-exporter.service ganglia-monitor.service +After=nvidia-smi.service +[Service] +Type=oneshot +# Ignore the exit code: the command fails when no GPU is found or when GPU isn't A100 +ExecStart=-/usr/local/bin/nvidia-reset-mig +[Install] +WantedBy=multi-user.target diff --git a/grid5000/steps/data/setup/puppet/modules/env/files/std/oar/batch_job_bashrc b/grid5000/steps/data/setup/puppet/modules/env/files/std/oar/batch_job_bashrc new file mode 100644 index 0000000..032fd99 --- /dev/null +++ b/grid5000/steps/data/setup/puppet/modules/env/files/std/oar/batch_job_bashrc @@ -0,0 +1,6 @@ +# +# OAR bash environnement file for only the batch job users +# + +source ~/.bashrc + diff --git a/grid5000/steps/data/setup/puppet/modules/env/files/std/oar/default_oar-node b/grid5000/steps/data/setup/puppet/modules/env/files/std/oar/default_oar-node new file mode 100644 index 0000000..b8a6fc0 --- /dev/null +++ b/grid5000/steps/data/setup/puppet/modules/env/files/std/oar/default_oar-node @@ -0,0 +1,53 @@ +# OARSERVER: machine where we remotely run oarnodesetting +OARREMOTE="oar" + +# The paths to oarnodecheckquery and oarnodecheckrun (check your installation) +OARNODECHECKQUERY=/usr/bin/oarnodecheckquery +OARNODECHECKRUN=/usr/lib/oar/oarnodecheckrun +# Home directory of user oar +OARHOME=/var/lib/oar + +# retry settings +MODSLEEP=20 +MINSLEEP=10 +MAXRETRY=180 + + +start_oar_node() { + test -n "$OARREMOTE" || exit 0 + local retry=0 + local sleep=0 + local status=1 + until [ $status -eq 0 ]; do + echo "oar-node: perform sanity checks" + $OARNODECHECKRUN + $OARNODECHECKQUERY + status=$? + [ $status -eq 0 ] && { + echo "oar-node: set the ressources of this node to Alive" + ssh -t -oStrictHostKeyChecking=no -oPasswordAuthentication=no -i $OARHOME/.ssh/oarnodesetting_ssh.key oar@$OARREMOTE + status=$? + } + [ $status -ne 0 ] && { + if [ $((retry+=sleep)) -gt $MAXRETRY ]; then + echo "oar-node: FAILED" + return 1 + fi + local random=$RANDOM + # Workaround for the case where dash is the default shell: dash does + # not provide $RANDOM + if [ "x$random" = "x" ]; then + random=$(bash -c 'echo $RANDOM') + fi + sleep=$(($random % $MODSLEEP + $MINSLEEP)) + echo "oar-node: retrying in $sleep seconds..." + sleep $sleep + } + done + return 0 +} + +stop_oar_node() { + : +} + diff --git a/grid5000/steps/data/setup/puppet/modules/env/files/std/oar/default_oar-node_site b/grid5000/steps/data/setup/puppet/modules/env/files/std/oar/default_oar-node_site new file mode 100644 index 0000000..273cf08 --- /dev/null +++ b/grid5000/steps/data/setup/puppet/modules/env/files/std/oar/default_oar-node_site @@ -0,0 +1,49 @@ +# OARSERVER: machine where we remotely run oarnodesetting +OARREMOTE="frontend" + +# The paths to oarnodecheckquery and oarnodecheckrun (check your installation) +OARNODECHECKQUERY=/usr/bin/oarnodecheckquery +OARNODECHECKRUN=/usr/lib/oar/oarnodecheckrun +# Home directory of user oar +OARHOME=/var/lib/oar + +# retry settings +MODSLEEP=20 +MINSLEEP=10 +MAXRETRY=180 +# Ungly glitch do use the good oar key. +SITE=$( hostname | cut -d'.' -f2) + + +start_oar_node() { + test -n "$OARREMOTE" || exit 0 + local retry=0 + local sleep=0 + local status=1 + until [ $status -eq 0 ]; do + echo "oar-node: perform sanity checks" + $OARNODECHECKRUN + $OARNODECHECKQUERY + status=$? + [ $status -eq 0 ] && { + echo "oar-node: set the ressources of this node to Alive" + ssh -t -oStrictHostKeyChecking=no -oPasswordAuthentication=no -i $OARHOME/.ssh/oarnodesetting_ssh_$SITE.key oar@$OARREMOTE -p 6667 + status=$? + } + [ $status -ne 0 ] && { + if [ $((retry+=sleep)) -gt $MAXRETRY ]; then + echo "oar-node: FAILED" + return 1 + fi + ((sleep = $RANDOM % $MODSLEEP + $MINSLEEP)) + echo "oar-node: retrying in $sleep seconds..." + sleep $sleep + } + done + return 0 +} + +stop_oar_node() { + : +} + diff --git a/grid5000/steps/data/setup/puppet/modules/env/files/std/oar/etc/security/access.conf b/grid5000/steps/data/setup/puppet/modules/env/files/std/oar/etc/security/access.conf new file mode 100644 index 0000000..d5a4ebb --- /dev/null +++ b/grid5000/steps/data/setup/puppet/modules/env/files/std/oar/etc/security/access.conf @@ -0,0 +1,66 @@ +# Login access control table. +# +# When someone logs in, the table is scanned for the first entry that +# matches the (user, host) combination, or, in case of non-networked +# logins, the first entry that matches the (user, tty) combination. The +# permissions field of that table entry determines whether the login will +# be accepted or refused. +# +# Format of the login access control table is three fields separated by a +# ":" character: +# +# [Note, if you supply a 'fieldsep=|' argument to the pam_access.so +# module, you can change the field separation character to be +# '|'. This is useful for configurations where you are trying to use +# pam_access with X applications that provide PAM_TTY values that are +# the display variable like "host:0".] +# +# permission : users : origins +# +# The first field should be a "+" (access granted) or "-" (access denied) +# character. +# +# The second field should be a list of one or more login names, group +# names, or ALL (always matches). A pattern of the form user@host is +# matched when the login name matches the "user" part, and when the +# "host" part matches the local machine name. +# +# The third field should be a list of one or more tty names (for +# non-networked logins), host names, domain names (begin with "."), host +# addresses, internet network numbers (end with "."), ALL (always +# matches) or LOCAL (matches any string that does not contain a "." +# character). +# +# If you run NIS you can use @netgroupname in host or user patterns; this +# even works for @usergroup@@hostgroup patterns. Weird. +# +# The EXCEPT operator makes it possible to write very compact rules. +# +# The group file is searched only when a name does not match that of the +# logged-in user. Both the user's primary group is matched, as well as +# groups in which users are explicitly listed. +# +# TTY NAMES: Must be in the form returned by ttyname(3) less the initial +# "/dev" (e.g. tty1 or vc/1) +# +############################################################################## +# +# Disallow non-root logins on tty1 +# +#-:ALL EXCEPT root:tty1 +# +# Disallow console logins to all but a few accounts. +# +#-:ALL EXCEPT wheel shutdown sync:LOCAL +# +# Disallow non-local logins to privileged accounts (group wheel). +# +#-:wheel:ALL EXCEPT LOCAL .win.tue.nl +# +# Some accounts are not allowed to login from anywhere: +# +#-:wsbscaro wsbsecr wsbspac wsbsym wscosor wstaiwde:ALL +# +# All other accounts are allowed to login from anywhere. +# ++:ALL:LOCAL EXCEPT ttyS1 diff --git a/grid5000/steps/data/setup/puppet/modules/env/files/std/oar/oar_sshclient_config b/grid5000/steps/data/setup/puppet/modules/env/files/std/oar/oar_sshclient_config new file mode 100644 index 0000000..65ca659 --- /dev/null +++ b/grid5000/steps/data/setup/puppet/modules/env/files/std/oar/oar_sshclient_config @@ -0,0 +1,5 @@ +Host * + ForwardX11 no + StrictHostKeyChecking no + PasswordAuthentication no + AddressFamily inet diff --git a/grid5000/steps/data/setup/puppet/modules/env/files/std/oar/var/lib/oar/access.conf b/grid5000/steps/data/setup/puppet/modules/env/files/std/oar/var/lib/oar/access.conf new file mode 100644 index 0000000..e367d23 --- /dev/null +++ b/grid5000/steps/data/setup/puppet/modules/env/files/std/oar/var/lib/oar/access.conf @@ -0,0 +1,66 @@ +# Login access control table. +# +# When someone logs in, the table is scanned for the first entry that +# matches the (user, host) combination, or, in case of non-networked +# logins, the first entry that matches the (user, tty) combination. The +# permissions field of that table entry determines whether the login will +# be accepted or refused. +# +# Format of the login access control table is three fields separated by a +# ":" character: +# +# [Note, if you supply a 'fieldsep=|' argument to the pam_access.so +# module, you can change the field separation character to be +# '|'. This is useful for configurations where you are trying to use +# pam_access with X applications that provide PAM_TTY values that are +# the display variable like "host:0".] +# +# permission : users : origins +# +# The first field should be a "+" (access granted) or "-" (access denied) +# character. +# +# The second field should be a list of one or more login names, group +# names, or ALL (always matches). A pattern of the form user@host is +# matched when the login name matches the "user" part, and when the +# "host" part matches the local machine name. +# +# The third field should be a list of one or more tty names (for +# non-networked logins), host names, domain names (begin with "."), host +# addresses, internet network numbers (end with "."), ALL (always +# matches) or LOCAL (matches any string that does not contain a "." +# character). +# +# If you run NIS you can use @netgroupname in host or user patterns; this +# even works for @usergroup@@hostgroup patterns. Weird. +# +# The EXCEPT operator makes it possible to write very compact rules. +# +# The group file is searched only when a name does not match that of the +# logged-in user. Both the user's primary group is matched, as well as +# groups in which users are explicitly listed. +# +# TTY NAMES: Must be in the form returned by ttyname(3) less the initial +# "/dev" (e.g. tty1 or vc/1) +# +############################################################################## +# +# Disallow non-root logins on tty1 +# +#-:ALL EXCEPT root:tty1 +# +# Disallow console logins to all but a few accounts. +# +#-:ALL EXCEPT wheel shutdown sync:LOCAL +# +# Disallow non-local logins to privileged accounts (group wheel). +# +#-:wheel:ALL EXCEPT LOCAL .win.tue.nl +# +# Some accounts are not allowed to login from anywhere: +# +#-:wsbscaro wsbsecr wsbspac wsbsym wscosor wstaiwde:ALL +# +# All other accounts are allowed to login from anywhere. +# +-:ALL:ALL diff --git a/grid5000/steps/data/setup/puppet/modules/env/files/std/sudo-g5k/id_rsa_sudo-g5k b/grid5000/steps/data/setup/puppet/modules/env/files/std/sudo-g5k/id_rsa_sudo-g5k new file mode 100644 index 0000000..0086ebd --- /dev/null +++ b/grid5000/steps/data/setup/puppet/modules/env/files/std/sudo-g5k/id_rsa_sudo-g5k @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEogIBAAKCAQEAk+SSpC0tgjVcoagfCoBNhBktXuY1rWvv9nuTL6dM3mkcu6uP +wch1n/KQHgq9+ibr/ZAvo0Mva8G181wMBpwMpuI0/jlvd5710of7aM/LEz5fI7GO +AhU1Fn/WehgcNzFskEfBbEEZEzKV/lcGMYViMPLKQ22g1ADYhiff5U0B+Q7asDSY +1MbbCEpDR6xDJMjgkhZL6BS67S2RJibYO1V7moQP9l5lKha5hz8B515m6nFAugvM +En8xWPE39vjpNkHo78juboxeDz94qOGGFZjZUqodpw4j9cKjgDfCkpDN2hyjbgMX +mct55rBvbnMkLYH2zsqVRM978fEwNlvw2OnSgwIDAQABAoIBAAMhREU7O4pU7Mfz +Ee0b+AgCrGYkwyAPd72kseHBTawrV1NVdy5nuq2O6aPpIEoqBraQFaID6v4B1IL5 +ALwnE1F42hxDROuoLpWtERIPy8F1gXf06wd6QWxfej+NQROd9Sk8i4hp/EjeujPu +zY/AvepBSSySJmQ2PF7ieyeUMKV/tb6rftx0r5aeFmCU3Rwm9FtSRobmanJtNlxN +364awfrY3p9pF4DaCwXU/S6OGwZDVbxZR0CDURvd1nvsw75bDwYmMSLYXN8NqLYv +zgBfY93NC1sWn3LYGWhkzHLLkgsFq1rtF559ndWsNAInsZoHWVlOXgXFJDP0uXQ9 +OfBH2wECgYEAw6gCrqDNpMD9ZcGuoa8iyQNbVDVhSK+1BDHFOcy/jn6RSEeD5832 +qwHE2/XTGU1XFKEiEFuTAdEchs6FuMPjkL/HRelDEZuzES6zECi4aUlWF3cZIDmc +YAncBDXfq19Clr7JewlSHToPvVi/f1ZBeuT9BQppLYVAUnmNX1Wg6IECgYEAwYFp +7SpGWsR/ztGe0XHyCpYuWjoAiGrwMSCilzza8LBfCVauZKNEzzyRxU/90JdQb7Vt +OLUoDnViMXqJxKKT/AxYK1/pMIEb2/hVL5IuGRF3P5B93f8MMUiL8h3vLi7ckFu3 +Y2yfsVbLkzH+/miz9K+3K21Pm+0qbDuqi1QSmQMCgYAn6YkKiIEKv9exP05Zazmk +WcvypKUAx98cSO7buJnG/qiyXuxYiBpujgDTghUbDzzZV3l0bsnRUBAKq+x5YXR1 +nbmP2GK3H9Tqh2U9waDE0ZH/XWtBuJ7etIQuU7MZ6WfTCn5dW+xlS+fUD1uZJUZc +RIQc2B/Wil0xtdwR+4zEgQKBgBLF0Vb24PhxU8zmvTeojEjGpRyPv/l8Fm1Nszhk +6QCsu6uWQzj0Nfq8749q4T7ZTy5nNX9o48fzT2Fpd/AhraWoNO2QUnkoLWG7x9fj +oKFB9oWuKOfelHo7hYgpq0iZt0AyBaqZoSx9NSbElO5tjffRDD4kTrLb4V+6siLu +NxetAoGABG57q1pIx1ftFjQCrEd8HaQX1Axx2EOGU0Iu8sA9d0u1aWMx4NYHVS8U +PIqNtP5/EnlInCU1oWyg9zf6Wj7Z1F72v6EqfbxRYUr5F6qfMRkRDDyXTuweLwex +Q5Zty1bC9bIDMsJQBoK6e3ywFwNu685X/lO5SNNSbmBJ1mWeu8o= +-----END RSA PRIVATE KEY----- diff --git a/grid5000/steps/data/setup/puppet/modules/env/files/std/sudo-g5k/id_rsa_sudo-g5k.pub b/grid5000/steps/data/setup/puppet/modules/env/files/std/sudo-g5k/id_rsa_sudo-g5k.pub new file mode 100644 index 0000000..8a42299 --- /dev/null +++ b/grid5000/steps/data/setup/puppet/modules/env/files/std/sudo-g5k/id_rsa_sudo-g5k.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCT5JKkLS2CNVyhqB8KgE2EGS1e5jWta+/2e5Mvp0zeaRy7q4/ByHWf8pAeCr36Juv9kC+jQy9rwbXzXAwGnAym4jT+OW93nvXSh/toz8sTPl8jsY4CFTUWf9Z6GBw3MWyQR8FsQRkTMpX+VwYxhWIw8spDbaDUANiGJ9/lTQH5DtqwNJjUxtsISkNHrEMkyOCSFkvoFLrtLZEmJtg7VXuahA/2XmUqFrmHPwHnXmbqcUC6C8wSfzFY8Tf2+Ok2QejvyO5ujF4PP3io4YYVmNlSqh2nDiP1wqOAN8KSkM3aHKNuAxeZy3nmsG9ucyQtgfbOypVEz3vx8TA2W/DY6dKD sudog5k@key diff --git a/grid5000/steps/data/setup/puppet/modules/env/files/version b/grid5000/steps/data/setup/puppet/modules/env/files/version new file mode 100644 index 0000000..4043493 --- /dev/null +++ b/grid5000/steps/data/setup/puppet/modules/env/files/version @@ -0,0 +1,2 @@ +# This file will contains the image version of this build. +# This version will be filled by kameleon (stored as kameleon global) diff --git a/grid5000/steps/data/setup/puppet/modules/env/files/xen/xen/id_rsa b/grid5000/steps/data/setup/puppet/modules/env/files/xen/xen/id_rsa new file mode 100644 index 0000000..938b6b3 --- /dev/null +++ b/grid5000/steps/data/setup/puppet/modules/env/files/xen/xen/id_rsa @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpQIBAAKCAQEAt0IIibHCE0vMewl4JB8zOsDi4VUJ2Msuec41brBNvT5ANA23 ++o0KoQte4w8UIwvzeWggUDRBzyKkpkejuJm+r9fH1zsFCdT6eMXeITeV8ZYGVjhq +dEcoLF5wOsfOmg9pbHtlmu9odnXmHsm/+d7wYeykohdYxKkl4UR3hdusjj7RKdjW +QPdaaChcHR0XrD//Yc/4z54MFnY4hZ4HpS7HdLeP55HaG8uvtZLrDs05XQzi7m5X +/6HvM6jW52gHEyYJD+47oY7dZMtBw3sAwTFpMJY2kI6uU5l+FCKBEmF/ztxaekWW +TxDlbBVBK+x37omop91QYCXjIhOQhRaetfjTawIDAQABAoIBAAkh7079XtCbXGtd +Q3F5ZJIu/p+AH2eAaKaFUkBb5OPjcEuny11fHgJ8kJP8MmK0u8N3HvUgRY9PCKmI +tG4Eq24T8M+XD184D+to4PMC1CQf99zgHt4Alc3wPuOPBYrD7dsMIzofaDNPGNK7 +9yc6pvwaUPIK+8+BJnQdd19iXS0RepzDzeCw4P0rGtkQpwX6VV09AGzuH4d+puhE +u6/yLLCN9/kb46SuGG4AFxuQl5LtAllU4jtAkcUxG/vdNKRGIh3BsP4wmVFGTQ0t +chDX0IKm8u7OJAF18zEpEOPuXpWCMZ3TerALc94S/WBQBuEcJmMInhKZYoiYK68T +xewb0VECgYEA8qCd0t9w4d3zcn5Hvq1kHTwgtZnnUvdebqgPBnBZb8XOWdNIkyFG +j/zzI9edO8UmJQ388SJtdlp4jTzD39n4jmR5pkvS2AUKWnKYDYTkPnqPXnWf/2c0 +myrBeX2CXExtpHZw2gkBhpe5qR8fXGxazBuZA9QfpleNdw2Ybnhvst0CgYEAwVu8 +S5yRJ/VFXy6gqsdB1VNui1PtPe7LaWG9uYLB2oa6I89R1yjJYx+UP1Nt0v2Y4rCw +dM4/1fyMh/vAzUeyOt/Un2CVVpbO/K1XBEztlwAQIDy1tqLfvYOeAgQ753o4OYpo +XpCDYnjlRzaMRPZsWn7c5y4p5Dg0jxnJ/DP+RucCgYEA6w54WEdokSn6JL36u9w3 +1are9ZD47wQAVKw0gkRuIT89vwBWm1PtjKm+1Maa6cECR3vZxbNY4QSdLhfknAYM +K8djo5xp1CZt9Vp3vQE2LuGF7DmAnGtcJ8ewUQcrOEhDIMYuZs260K5FjHc+ZsgC +3yMNhwwG7Zx8zQ460yuS63ECgYEAtjS46lN+obXKCliJBIVB70FwsRCERlFJE2QM +gczK2h8NNwN9bpA7vhGbBFWc7y8UK8IuddOJah9TWi0NUSQXus0DsrAz6eWw5YB+ +uEm5tgpUJ9ytq44t4ostkV7mCEouw2I+2aW6eUfNXt7zLWU9U8Wqapsg1LN2K8c0 +hFmGas8CgYEAz2FwiwMyVRsloI+QtN4VMsZsz+CFfUXYTv5erNV2FE9JhpEEulSU +1Gn8psGe6NSQfcNQ5IntoWQD4WWcKznlNFBPc6N8n0kQttvoeNU0Jaw/6P0FRtLv +xw7uclDorHsyMjCRxK9H7rhKx27uWL2/g2gd6RYwYBYs9HPMS9DGBQo= +-----END RSA PRIVATE KEY----- diff --git a/grid5000/steps/data/setup/puppet/modules/env/files/xen/xen/id_rsa.pub b/grid5000/steps/data/setup/puppet/modules/env/files/xen/xen/id_rsa.pub new file mode 100644 index 0000000..b2661a8 --- /dev/null +++ b/grid5000/steps/data/setup/puppet/modules/env/files/xen/xen/id_rsa.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC3QgiJscITS8x7CXgkHzM6wOLhVQnYyy55zjVusE29PkA0Dbf6jQqhC17jDxQjC/N5aCBQNEHPIqSmR6O4mb6v18fXOwUJ1Pp4xd4hN5XxlgZWOGp0RygsXnA6x86aD2lse2Wa72h2deYeyb/53vBh7KSiF1jEqSXhRHeF26yOPtEp2NZA91poKFwdHResP/9hz/jPngwWdjiFngelLsd0t4/nkdoby6+1kusOzTldDOLublf/oe8zqNbnaAcTJgkP7juhjt1ky0HDewDBMWkwljaQjq5TmX4UIoESYX/O3Fp6RZZPEOVsFUEr7Hfuiain3VBgJeMiE5CFFp61+NNr dom0 to domU key diff --git a/grid5000/steps/data/setup/puppet/modules/env/files/xen/xen/random_mac b/grid5000/steps/data/setup/puppet/modules/env/files/xen/xen/random_mac new file mode 100644 index 0000000..9c2bc8a --- /dev/null +++ b/grid5000/steps/data/setup/puppet/modules/env/files/xen/xen/random_mac @@ -0,0 +1,38 @@ +#!/bin/sh + +SITE_NAME=$(hostname | cut -d. -f2) + +# Code the 2nd byte of the IP in the mac address, in order to avoid conflicts +# with g5k-subnets (see [[Virtual network interlink]]) + +if [ "x$SITE_NAME" = "xbordeaux" ] ; then + SITE_HEX=83 +elif [ "x$SITE_NAME" = "xlille" ] ; then + SITE_HEX=8b +elif [ "x$SITE_NAME" = "xlyon" ] ; then + SITE_HEX=8f +elif [ "x$SITE_NAME" = "xnancy" ] ; then + SITE_HEX=93 +elif [ "x$SITE_NAME" = "xrennes" ] ; then + SITE_HEX=9f +elif [ "x$SITE_NAME" = "xtoulouse" ] ; then + SITE_HEX=a3 +elif [ "x$SITE_NAME" = "xsophia" ] ; then + SITE_HEX=a7 +elif [ "x$SITE_NAME" = "xreims" ] ; then + SITE_HEX=ab +elif [ "x$SITE_NAME" = "xluxembourg" ] ; then + SITE_HEX=af +elif [ "x$SITE_NAME" = "xnantes" ] ; then + SITE_HEX=b3 +elif [ "x$SITE_NAME" = "xgrenoble" ] ; then + SITE_HEX=b7 +elif [ "x$SITE_NAME" = "xqualif" ] ; then + SITE_HEX=ff +else + # Orsay (or unknown site) + SITE_HEX=97 +fi + +MACADDR="00:16:3e:$SITE_HEX:$(dd if=/dev/urandom count=1 2>/dev/null | md5sum | sed 's/^\(..\)\(..\).*$/\1:\2/')" +echo $MACADDR diff --git a/grid5000/steps/data/setup/puppet/modules/env/files/xen/xen/xen-g5k b/grid5000/steps/data/setup/puppet/modules/env/files/xen/xen/xen-g5k new file mode 100644 index 0000000..e4c48cf --- /dev/null +++ b/grid5000/steps/data/setup/puppet/modules/env/files/xen/xen/xen-g5k @@ -0,0 +1,28 @@ +#!/bin/sh + +NAME=xen-g5k +RAND_MAC_CMD="/usr/local/bin/random_mac" + +XEN_DIR=/etc/xen +DOMUS_CONF_FILES=`ls $XEN_DIR/*.cfg` + +test -f $RAND_MAC_CMD || exit 0 +test -d $XEN_DIR || exit 0 + +case "$1" in + start|reload|force-reload|restart) + + mkdir -p /var/log/xen + for conf_file in $DOMUS_CONF_FILES; do + sed -i s/mac=[A-Za-z0-9:]*/mac=$($RAND_MAC_CMD)/g $conf_file + done + + ;; + stop) + ;; + *) + echo "Usage: invoke-rc.d $NAME {start|stop|reload|force-reload|restart}" + ;; +esac + +exit 0 diff --git a/grid5000/steps/data/setup/puppet/modules/env/files/xen/xen/xen-g5k.service b/grid5000/steps/data/setup/puppet/modules/env/files/xen/xen/xen-g5k.service new file mode 100644 index 0000000..f79c7e5 --- /dev/null +++ b/grid5000/steps/data/setup/puppet/modules/env/files/xen/xen/xen-g5k.service @@ -0,0 +1,8 @@ +[Unit] +Description=Generate MAC addresse for Xen DomU and create /var/log/xen + +[Service] +ExecStart=/usr/sbin/xen-g5k start + +[Install] +WantedBy=multi-user.target diff --git a/grid5000/steps/data/setup/puppet/modules/env/files/xen/xen/xend-config.sxp b/grid5000/steps/data/setup/puppet/modules/env/files/xen/xen/xend-config.sxp new file mode 100644 index 0000000..28057f6 --- /dev/null +++ b/grid5000/steps/data/setup/puppet/modules/env/files/xen/xen/xend-config.sxp @@ -0,0 +1,5 @@ +(network-script network-bridge) +(vif-script vif-bridge) +(dom0-min-mem 196) +(dom0-cpus 0) +(vncpasswd '') |