ComputeCanada · cmd-ntrf · Oct 7, 2022 · Oct 11, 2022 · Oct 13, 2022 · Jan 17, 2023
diff --git a/Puppetfile b/Puppetfile
@@ -40,3 +40,7 @@ mod 'saz-limits', '3.0.4'
 mod 'computecanada-jupyterhub',
     :git => 'https://github.com/ComputeCanada/puppet-jupyterhub.git',
     :ref => 'v5.0.6'
+
+mod 'computecanada-trailblazing_turtle',
+    :git => 'https://github.com/ComputeCanada/puppet-trailblazing_turtle.git',
+    :ref => 'v0.3.0'
diff --git a/bootstrap.sh b/bootstrap.sh
@@ -12,6 +12,8 @@ ENC_CMD="eyaml encrypt -o block --pkcs7-public-key=${PKCS7_KEY}"
     $ENC_CMD -l 'profile::freeipa::mokey::password' -s $(openssl rand -base64 9)
     $ENC_CMD -l 'profile::freeipa::server::ds_password' -s $(openssl rand -base64 9)
     $ENC_CMD -l 'profile::freeipa::server::admin_password' -s $(openssl rand -base64 9)
+    $ENC_CMD -l 'trailblazing_turtle::server::password' -s $(openssl rand -base64 9)
+    $ENC_CMD -l 'trailblazing_turtle::server::root_api_token' -s $(openssl rand -hex 20)
 ) > /etc/puppetlabs/code/environments/production/data/bootstrap.yaml
 
 # Apply bootstrap classes if any

diff --git a/data/common.yaml b/data/common.yaml
@@ -256,7 +256,7 @@ profile::slurm::controller::autoscale_version: '0.5.1'
 profile::slurm::node::enable_tmpfs_mounts: true
 
 profile::accounts::project_regex: '(ctb|def|rpp|rrg)-[a-z0-9_-]*'
-profile::users::ldap::access_tags: ['login:sshd', 'node:sshd', 'proxy:jupyterhub-login']
+profile::users::ldap::access_tags: ['login:sshd', 'node:sshd', 'proxy:jupyterhub-login', 'portal:login']
 profile::users::ldap::users:
   'user':
     count: "%{alias('terraform.data.nb_users')}"
@@ -289,6 +289,7 @@ profile::reverse_proxy::subdomains:
   ipa: "ipa.int.%{lookup('terraform.data.domain_name')}"
   mokey: "%{lookup('terraform.tag_ip.mgmt.0')}:%{lookup('profile::freeipa::mokey::port')}"
   jupyter: "https://127.0.0.1:8000"
+  explore: "http://%{lookup('terraform.tag_ip.portal.0')}:9000"
 
 profile::jupyterhub::hub::register_url: "https://mokey.%{lookup('terraform.data.domain_name')}/auth/signup"
 profile::jupyterhub::hub::reset_pw_url: "https://mokey.%{lookup('terraform.data.domain_name')}/auth/forgotpw"
@@ -303,3 +304,17 @@ profile::gpu::install::passthrough::packages:
   - nvidia-xconfig
   - nvidia-persistenced
   - nvidia-driver-cuda
+
+profile::metrics::slurm_job_exporter::version: 0.2.0
+
+trailblazing_turtle::server::prometheus_ip: "%{alias('terraform.tag_ip.mgmt.0')}"
+trailblazing_turtle::server::ldap_password: "%{alias('profile::freeipa::server::admin_password')}"
+trailblazing_turtle::server::slurm_password: "%{alias('profile::slurm::accounting::password')}"
+trailblazing_turtle::server::cluster_name: "%{alias('profile::slurm::base::cluster_name')}"
+trailblazing_turtle::server::prometheus_port: 9090
+trailblazing_turtle::server::db_ip: 127.0.0.1
+trailblazing_turtle::server::db_port: 3306
+trailblazing_turtle::version: 1.4.0
+
+trailblazing_turtle::slurm_jobscripts::api_url: "http://%{lookup('terraform.tag_ip.portal.0')}:9000"
+trailblazing_turtle::slurm_jobscripts::token: "%{alias('trailblazing_turtle::server::root_api_token')}"
diff --git a/data/site.yaml b/data/site.yaml
@@ -42,6 +42,7 @@ magic_castle::site::tags:
     - profile::accounts
     - profile::nfs
     - profile::users::ldap
+    - trailblazing_turtle::slurm_jobscripts
   node:
     - profile::gpu
     - profile::jupyterhub::node
@@ -54,6 +55,8 @@ magic_castle::site::tags:
   nfs:
     - profile::nfs::server
     - profile::cvmfs::alien_cache
+  portal:
+    - profile::userportal
   proxy:
     - profile::jupyterhub::hub
     - profile::reverse_proxy

diff --git a/site/profile/manifests/freeipa.pp b/site/profile/manifests/freeipa.pp
@@ -206,7 +206,7 @@
   Integer $id_start,
   String $admin_password,
   String $ds_password,
-  Array[String] $hbac_services = ['sshd', 'jupyterhub-login'],
+  Array[String] $hbac_services = ['sshd', 'jupyterhub-login', 'login'],
 ) {
   include profile::base::etc_hosts
   include profile::freeipa::base

diff --git a/site/profile/manifests/userportal.pp b/site/profile/manifests/userportal.pp
@@ -0,0 +1,24 @@
+class profile::userportal {
+  $instances = lookup('terraform.instances')
+  $logins = keys($instances.filter |$keys, $values| { 'login' in $values['tags'] })
+
+  $domain_name = lookup('profile::freeipa::base::domain_name')
+  $int_domain_name = "int.${domain_name}"
+  $base_dn = join(split($int_domain_name, '[.]').map |$dc| { "dc=${dc}" }, ',')
+
+  class { 'trailblazing_turtle':
+    root_api_token  => lookup('trailblazing_turtle::server::root_api_token'),
+    password        => lookup('trailblazing_turtle::server::password'),
+    prometheus_ip   => lookup('trailblazing_turtle::server::prometheus_ip'),
+    prometheus_port => lookup('trailblazing_turtle::server::prometheus_port'),
+    db_ip           => lookup('trailblazing_turtle::server::db_ip'),
+    db_port         => lookup('trailblazing_turtle::server::db_port'),
+    ldap_password   => lookup('trailblazing_turtle::server::ldap_password'),
+    slurm_password  => lookup('trailblazing_turtle::server::slurm_password'),
+    cluster_name    => lookup('trailblazing_turtle::server::cluster_name'),
+    subdomain       => lookup('trailblazing_turtle::subdomain'),
+    logins          => $logins,
+    base_dn         => $base_dn,
+    domain_name     => $domain_name,
+  }
+}