add remote user setup to allow multiple users (#3)

* add remote user setup to allow multiple users

* fixed condition

Co-authored-by: Matus Kosut <[email protected]>

.gitignore

@@ -3,6 +3,7 @@
 packages.yml
 
 files/hosts.ini
+bluebox/files/hosts.txt
 **/*-ssh-key
 **/*-ssh-key.pub
 cluster-ssh-key

Makefile

@@ -12,6 +12,7 @@ LOCAL_CODE_PATH ?= '../code'
 LOCAL_RESULTS_PATH ?= '../results'
 tasks := tasks.txt
 hosts := hosts.txt
+tmphosts := bluebox/files/hosts.txt
 params := --env PARALLEL_USER --ungroup --no-run-if-empty --filter-hosts
 joblog := task.log
 
@@ -49,7 +50,8 @@ run: ## Run tasks.txt (Optional: params,tasks,hosts,joblog)
 	@echo "Run: $(tasks)"
 	@eval $$(ssh-agent -s) >/dev/null 2>&1
 	@ssh-add bluebox/files/$$(whoami)-ssh-key >/dev/null 2>&1
-	@parallel $(params) --joblog $(joblog) --sshloginfile "$(hosts)" --workdir "/home/ubuntu/bluebox" :::: "$(tasks)"
+	@sed -E "s|[a-zA-Z0-9\-\_\.]+@|$(USER)@|g" "$(hosts)" > "$(tmphosts)"
+	@parallel $(params) --joblog $(joblog) --sshloginfile "$(tmphosts)" --workdir "/home/$(USER)/bluebox" :::: "$(tasks)"
 
 run-all: clean code data run results
 
@@ -61,7 +63,7 @@ resume: params += --resume
 resume: run
 
 ssh:
-	@ssh -i bluebox/files/$(USER)-ssh-key ubuntu@$(host)
+	@ssh -i bluebox/files/$(USER)-ssh-key $(USER)@$(host)
 
 watch:
 	@watch -c -n 3 "pssh -h \"$(hosts)\" -x \"-i bluebox/files/$$(whoami)-ssh-key\" -P 'S_COLORS=always blueboxmon' | sed -E 's/^([0-9.]+):/\1:\n/g' | grep -v SUCCESS"

bluebox/Vagrantfile

@@ -28,6 +28,7 @@ Vagrant.configure(2) do |config|
       box.vm.provision "ansible" do |ansible|
         ansible.playbook = "dev/preprovision.yaml"
         ansible.groups = { "vagrant" => ["all"] }
+        ansible.extra_vars = { ansible_python_interpreter: "/usr/bin/python3" }
       end
 
       # box.vm.provision "ansible" do |ansible|

bluebox/ansible.cfg

@@ -1,5 +1,7 @@
 [defaults]
 retry_files_enabled = False
 deprecation_warnings = False
+host_key_checking = False
+ansible_python_interpreter=/usr/bin/python3
 [inventory]
 enable_plugins = ini, script, host_list, yaml, auto

bluebox/dev/preprovision.yaml

@@ -18,8 +18,8 @@
   connection: ssh
   user: vagrant
   pre_tasks:
-  - name: Make sure python package is installed (16.04 does not by default)
-    raw: bash -c "test -e /usr/bin/python || (apt -qqy update && apt install -qqy python3 python)"
+  - name: Make sure python3 package is installed (16.04 does not by default)
+    raw: bash -c "test -e /usr/bin/python3 || (apt -qqy update && apt install -qqy python3 python3-apt)"
     register: output
     changed_when: output.stdout != ""
 

bluebox/group_vars/nodes.yaml

@@ -1,6 +1,5 @@
 ---
 ansible_connection: ssh
-ansible_user: ubuntu
 remote_code_path: ~/bluebox
 remote_data_path: ~/bluebox/data
 remote_results_path: ~/bluebox/results

bluebox/group_vars/presetup.yaml

@@ -1,6 +1,5 @@
 ---
 ansible_connection: ssh
-ansible_user: ubuntu
 become: yes
 gather_facts: true
 common_apt_packages:
@@ -10,9 +9,10 @@ common_apt_packages:
   - sshpass
   - build-essential
   - python-setuptools
-  - python-apt
-  - python3-apt
   - python-dev
+  - python3-setuptools
+  - python3-distutils
+  - python3-apt
   - python3-dev
   - xz-utils
   - autoconf
@@ -27,7 +27,9 @@ common_apt_packages:
   - libgsl0-dev
   - rng-tools
   - uuid
+  - dstat
   - sysstat
+  - bash-completion
   - apt-transport-https
   - ca-certificates
   - curl
@@ -37,9 +39,6 @@ common_pip_packages:
   - virtualenv
   - setuptools
   - wheel
-  - numpy
-  - pandas
-  - scipy
   - six
   - tox
   - jmespath

bluebox/includes/localhost.yaml

@@ -16,7 +16,7 @@
 - name: Get latest GNU Parallel
   become: yes
   unarchive:
-    src: https://ftp.gnu.org/gnu/parallel/parallel-20200322.tar.bz2
+    src: https://ftp.gnu.org/gnu/parallel/parallel-20200922.tar.bz2
     # http://ftp.gnu.org/gnu/parallel/parallel-latest.tar.bz2
     dest: /usr/local
     remote_src: yes
@@ -50,7 +50,7 @@
   file:
     path: "/home/{{ ansible_user_id }}/.parallel/will-cite"
     state: touch
-    mode: '0664'
+    mode: "0664"
   ignore_errors: yes
   when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu'
 

bluebox/includes/nodes.yaml

@@ -3,13 +3,14 @@
 - name: Install common-packages
   apt:
     name: "{{ common_apt_packages }}"
+    update_cache: yes
 
 # Pip installation - assure actual versions
 - name: Get PIP installation
   get_url:
     url: "https://bootstrap.pypa.io/get-pip.py"
     dest: "/tmp/get-pip.py"
-    mode: '0777'
+    mode: "0777"
   register: getpip
 - name: Install PIP (Python 2)
   command:
@@ -33,10 +34,26 @@
     executable: /usr/local/bin/pip3
   ignore_errors: yes
 
+- name: Ansible config directory
+  become: yes
+  become_user: "{{ local_lab_user }}"
+  file:
+    path: "/home/{{ local_lab_user }}/.ansible"
+    state: directory
+    mode: "0755"
+
+- name: Ansible tmp directory
+  become: yes
+  become_user: "{{ local_lab_user }}"
+  file:
+    path: "/home/{{ local_lab_user }}/.ansible/tmp"
+    state: directory
+    mode: "0777"
+
 - name: Get latest GNU Parallel
   # become: yes
   unarchive:
-    src: https://ftp.gnu.org/gnu/parallel/parallel-20200322.tar.bz2
+    src: https://ftp.gnu.org/gnu/parallel/parallel-20200922.tar.bz2
     # http://ftp.gnu.org/gnu/parallel/parallel-latest.tar.bz2
     dest: /usr/local
     remote_src: yes
@@ -65,17 +82,19 @@
     filename: "{{ ansible_distribution_release }}-cran35"
 
 - name: Paralell rc directory
-  become: no
+  become: yes
+  become_user: "{{ local_lab_user }}"
   file:
-    path: "/home/{{ ansible_user }}/.parallel"
+    path: "/home/{{ local_lab_user }}/.parallel"
     state: directory
 
 - name: Paralell confirm
-  become: no
+  become: yes
+  become_user: "{{ local_lab_user }}"
   file:
-    path: "/home/{{ ansible_user }}/.parallel/will-cite"
+    path: "/home/{{ local_lab_user }}/.parallel/will-cite"
     state: touch
-    mode: '0664'
+    mode: "0664"
 
 - name: Check docker directory
   file:
@@ -101,42 +120,47 @@
   get_url:
     url: "https://repo.anaconda.com/miniconda/Miniconda3-latest-Linux-x86_64.sh"
     dest: /tmp/miniconda.sh
-    mode: '0777'
+    mode: "0777"
 
 - name: Install Miniconda
-  become: no
+  become: yes
+  become_user: "{{ local_lab_user }}"
   command:
-    cmd: bash /tmp/miniconda.sh -b -p /home/{{ ansible_user }}/miniconda
-    creates: /home/{{ ansible_user }}/miniconda/bin/conda
+    cmd: bash /tmp/miniconda.sh -b -p /home/{{ local_lab_user }}/miniconda
+    creates: /home/{{ local_lab_user }}/miniconda/bin/conda
 
 - name: Install base condarc
-  become: no
-  copy: src=condarc dest=/home/{{ ansible_user }}/.condarc
+  become: yes
+  become_user: "{{ local_lab_user }}"
+  copy: src=condarc dest=/home/{{ local_lab_user }}/.condarc
 
 - name: Add miniconda to the PATH
-  become: no
+  become: yes
+  become_user: "{{ local_lab_user }}"
   lineinfile:
-    dest: "/home/{{ ansible_user }}/.bashrc"
-    line: export PATH=/home/{{ ansible_user }}/miniconda/bin:$PATH
+    dest: "/home/{{ local_lab_user }}/.bashrc"
+    line: export PATH=/home/{{ local_lab_user }}/miniconda/bin:$PATH
     state: present
 
 - name: Add bluebox env SCIBOX_HOME
-  become: no
+  become: yes
+  become_user: "{{ local_lab_user }}"
   lineinfile:
-    dest: "/home/{{ ansible_user }}/.bashrc"
-    line: export SCIBOX_HOME=/home/{{ ansible_user }}/bluebox
+    dest: "/home/{{ local_lab_user }}/.bashrc"
+    line: export SCIBOX_HOME=/home/{{ local_lab_user }}/bluebox
     state: present
 
 - name: Add BlueBoxMon
   become: yes
   copy:
     src: blueboxmon
     dest: /usr/local/bin/blueboxmon
-    mode: '0755'
+    mode: "0755"
 
 - name: Add bluebox to the PATH
-  become: no
+  become: yes
+  become_user: "{{ local_lab_user }}"
   lineinfile:
-    dest: "/home/{{ ansible_user }}/.bashrc"
-    line: export PATH=/home/{{ ansible_user }}/bluebox:$PATH
+    dest: "/home/{{ local_lab_user }}/.bashrc"
+    line: export PATH=/home/{{ local_lab_user }}/bluebox:$PATH
     state: present

bluebox/playbook.yaml

@@ -6,7 +6,8 @@
     - name: "Add IAAS nodes from {{ hosts_path | default('hosts.txt') }} to Ansible inventory"
       add_host:
         hostname: "{{ item.split('@')[1].split(':')[0] if '@' in item else item.split('/')[1].split(':')[0] }}"
-        ansible_user: ubuntu
+        ansible_user: "{{ ansible_user_id }}"
+        ansible_ssh_user: "{{ ansible_user_id }}"
         groups: ["all", "nodes"]
         ansible_ssh_private_key_file: "files/{{ ansible_user_id }}-ssh-key"
         local_lab_user: "{{ ansible_user_id }}"
@@ -16,7 +17,7 @@
 
 - hosts: nodes
   become: yes
-  become_user: ubuntu
+  become_user: "{{ local_lab_user }}"
   gather_facts: false
   tasks:
     - name: Setup folders

bluebox/setup.yaml

@@ -24,21 +24,25 @@
     - name: "Add IAAS nodes from {{ hosts_path | default('hosts.txt') }} to Ansible inventory"
       add_host:
         hostname: "{{ item.split('@')[1].split(':')[0] if '@' in item else item.split('/')[1].split(':')[0] }}"
-        ansible_user: ubuntu
-        groups: ["all", "nodes"]
+        ansible_user: "{{ ansible_user_id }}"
+        ansible_ssh_user: "{{ ansible_user_id }}"
         ansible_ssh_private_key_file: "files/{{ ansible_user_id }}-ssh-key"
         local_lab_user: "{{ ansible_user_id }}"
+        ansible_python_interpreter: "/usr/bin/python3"
+        groups: ["all", "nodes"]
       ignore_errors: yes
       with_lines: "cat ../{{ hosts_path | default('hosts.txt') }}"
       tags: always
     - name: "Add IAAS nodes from {{ hosts_path | default('hosts.txt') }} to Ansible inventory"
       add_host:
         hostname: "{{ item.split('@')[1].split(':')[0] if '@' in item else item.split('/')[1].split(':')[0] }}"
         ansible_user: ubuntu
+        ansible_ssh_user: ubuntu
         ansible_ssh_pass: ubuntu
         local_lab_user: "{{ ansible_user_id }}"
-        ansible_ssh_common_args: '-o StrictHostKeyChecking=no'
-        # ansible_ssh_common_args: '-o PubkeyAuthentication=no -o PasswordAuthentication=yes'
+        ansible_ssh_common_args: "-o StrictHostKeyChecking=no -o IdentitiesOnly=yes"
+        ansible_python_interpreter: "/usr/bin/python3"
+        # ansible_ssh_common_args: "-o UserKnownHostsFile=/dev/null -o PasswordAuthentication=yes"
         groups: ["presetup"]
       ignore_errors: yes
       with_lines: "cat ../{{ hosts_path | default('hosts.txt') }}"
@@ -47,27 +51,60 @@
 # Prepare IAAS nodes
 - hosts: presetup
   tasks:
-    - become: yes
+    - name: Ensure groups exist
+      become: yes
       group:
-        name: docker
+        name: "{{ item }}"
         state: present
       ignore_errors: yes
-      register: dockergroup
+      with_items:
+        - bluebox
+        - "{{ local_lab_user }}"
+        - docker
+      register: addgroups
+    - name: Setup user
+      become: yes
+      user:
+        name: "{{ local_lab_user }}"
+        group: "{{ local_lab_user }}"
+        password: "{{ local_lab_user | password_hash('sha512') }}"
+        shell: /bin/bash
+        append: yes
+        groups:
+          - sudo
+          - bluebox
+          - "{{ local_lab_user }}"
+        comment: "bluebox user"
     - name: Set authorized key
+      become: yes
+      become_user: "{{ local_lab_user }}"
       authorized_key:
-        user: "{{ ansible_user }}"
+        user: "{{ local_lab_user }}"
         key: "{{ lookup('file', '{{ local_lab_user }}-ssh-key.pub') }}"
         state: present
         exclusive: no
         comment: "{{ local_lab_user }}@bluebox.iaas"
       tags: setupkeys
+    # - name: Set authorized key
+    #   authorized_key:
+    #     user: "{{ ansible_user }}"
+    #     key: "{{ lookup('file', '{{ local_lab_user }}-ssh-key.pub') }}"
+    #     state: present
+    #     exclusive: no
+    #     comment: "{{ local_lab_user }}@bluebox.iaas"
+    #   tags: setupkeys
+    - name: Set permissions
+      become: yes
+      copy:
+        content: "{{ local_lab_user }} ALL=(ALL) NOPASSWD:ALL"
+        dest: "/etc/sudoers.d/99-bluebox-{{ local_lab_user }}.conf"
     - become: yes
       user:
         name: "{{ local_lab_user }}"
         groups: docker
         append: yes
       ignore_errors: yes
-      when: dockergroup is not skipped and dockergroup is successful
+      when: addgroups is not skipped and addgroups is successful
 
 # Prepare IAAS nodes
 - hosts: nodes
@@ -78,6 +115,7 @@
       vars:
         possible_files:
           - "../packages.yml"
+          - "../packages.yaml"
           - "../example.packages.yml"
       tags: 'always'
   tasks:

example.packages.yml

@@ -7,6 +7,7 @@ python_pip_packages:
   - pysam
   - numpy
   - pandas
+  - scipy
   - memory-profiler
 r_packages: []
 conda_packages: