diff --git a/README.md b/README.md index 66295b8..fa9b906 100644 --- a/README.md +++ b/README.md @@ -32,10 +32,16 @@ The Helm chart will create the following named volumes: ## Configuring the Cluster All config files in `slurm-cluster-chart/files` will be mounted into the container to configure their respective services on startup. The `authorized_keys` file contains authorised public keys for the user `rocky`, add your public key to access the cluster. Note that changes to these files will not all be propagated to existing deployments (see "Reconfiguring the Cluster"). -Additional parameters can be found in the `values.yaml` file, which will be applied on a Helm chart deployment. Note that some of these values, such as `encodedMungeKey` will also not propagate until the cluster is restarted (see Reconfiguring the Cluster). +Additional parameters can be found in the `values.yaml` file, which will be applied on a Helm chart deployment. Note that some of these values, such as `encodedMungeKey` will also not propagate until the cluster is restarted (see "Reconfiguring the Cluster"). ## Deploying the Cluster +On initial deployment ONLY, run +```console +./generate-secrets.sh +``` +This generates a set of secrets. If these need to be regenerated, see "Reconfiguring the Cluster" + After configuring `kubectl` with the appropriate `kubeconfig` file, deploy the cluster using the Helm chart: ```console helm install slurm-cluster-chart @@ -74,8 +80,27 @@ normal* up 5-00:00:00 2 idle c[1-2] ## Reconfiguring the Cluster +### Changes to config files + To guarantee changes to config files are propagated to the cluster, use ```console kubectl rollout restart deployment ``` -Generally restarts to `slurmd`, `slurmctld`, `login` and `slurmdbd` will be required \ No newline at end of file +Generally restarts to `slurmd`, `slurmctld`, `login` and `slurmdbd` will be required + +### Changes to secrets + +Regenerate secrets by rerunning +```console +./generate-secrets.sh +``` +Some secrets are persisted in volumes, so cycling them requires a full teardown and reboot of the volumes and pods which these volumes are mounted on. Run +```console +kubectl delete deployment mysql +kubectl delete pvc var-lib-mysql +helm upgrade slurm-cluster-chart +``` +and then restart the other dependent deployments to propagate changes: +```console +kubectl rollout restart deployment slurmd slurmctld login slurmdbd +``` \ No newline at end of file diff --git a/generate-secrets.sh b/generate-secrets.sh new file mode 100755 index 0000000..70dcb22 --- /dev/null +++ b/generate-secrets.sh @@ -0,0 +1,13 @@ +#!/bin/bash + +kubectl create secret generic database-auth-secret \ +--dry-run=client \ +--from-literal=password=$(tr -dc 'A-Za-z0-9' /dev/null | base64 -w 0) \ +-o yaml | \ +kubectl apply -f - diff --git a/slurm-cluster-chart/templates/database-auth-secret.yaml b/slurm-cluster-chart/templates/database-auth-secret.yaml deleted file mode 100644 index 3f83b9c..0000000 --- a/slurm-cluster-chart/templates/database-auth-secret.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: {{ .Values.secrets.databaseAuth }} -type: kubernetes.io/basic-auth -stringData: - password: {{ .Values.databaseAuthentication.password }} diff --git a/slurm-cluster-chart/templates/munge-key-secret.yaml b/slurm-cluster-chart/templates/munge-key-secret.yaml deleted file mode 100644 index 2b9a9b4..0000000 --- a/slurm-cluster-chart/templates/munge-key-secret.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: {{ .Values.secrets.mungeKey }} -data: - munge.key: {{ .Values.encodedMungeKey }} \ No newline at end of file diff --git a/slurm-cluster-chart/values.yaml b/slurm-cluster-chart/values.yaml index ae249b0..023e594 100644 --- a/slurm-cluster-chart/values.yaml +++ b/slurm-cluster-chart/values.yaml @@ -13,9 +13,6 @@ nfs: sqlImage: mariadb:10.10 -databaseAuthentication: - password: password - databaseStorage: 100Mi encodedMungeKey: QpMuwnFPV/n8vIomm6rfxEKOx/ORVIJrnKCkK/niD636mtQTJwWXrWiv3V6E7KNlsDXMs5eRcfBW3mlZuOrPfKCoAHfRx6RcdbqkmjifA4N2pfZnyBsMh6La5HIZP1Bi7a7Tnjw2QxheNLgCuFQqjNzpFpFwxDtjcutDw7QfG4vNwqEHgK9RnCwNi6kXcavgSpue4iT/zXjoq7CnIto/QgFOyjSvCl7xN9UMWAEJdyocXW9CnzImnvGjqeg8Aie2W0/d6MvxBA8dU7DqEYJriSaynj9ZjtTrz4HbK+pYSQr7CdWsFJKLAJhvptbu1TLhA2dhHP3Uf1hEYlFyCchoZt3IzM/kdcSqaG//57fsU5bYukXp8hyBNeV5o4FJajcvuOR09ix0Gnrq+alOoRXKL6EASaUK6HLd/PkUVuns9e22PpmJ4Z1zro5Ggtzufh8Blu9CxE3BExKkbqwgTFfLZ39d/dAR4fKrHV94K1FeT54tQkXb7MMFWK+Piz0p7qezDWHzd77BcgGjP0tow9FXq942zdRxJK+089abQUdXtGwZe49Dq5evIFLOQMLcxIfV2xiulsDDDFQESwPaD4juj5IYQPaTcctsGmla3o5lFDTFM+NcXdOTQJ/0z4Gy0NQPPTwrrWy4jw6n+MrhPqHKvp1ZXloiD1phQgqlPg/rNiM6AmTz7X07kCeeO8MZ9kJeLhYlRIAyr0SDPxOx0p86RuHhZfC2A0gSf35VlZBf8PLUHZB+hXNkTCiXgYiJzUGyOyVm8cUBJ6Aqhd4/rJOCoRwvrf5ytkIBWsDyygrW4o9pn4xEKScnQarCD9yQGFnXXGiEiWQUfcqlHe6b/cnK5t6G9OHZZv70sOLWED36ocJWzyKJFn+EQGQg7pvYTkuzud5fKR/XMw5Ntzm2CoUKzaCzLULDcuVjKBMGPeVXNbgE8zJMAd5rWWmr/r20Ql2YdXVophld6MxTr/MnzK1Dbh75odPFi8RJ3z9qSaXHlT/Eu/1WUtDe+ECiFLKQ86Mi2xJ7/8E1A8UnYOPuMqjKjy0zfkutwaUh1WB89etFQvMnGWjSGf5q523nv4k1+m8n0iYJvHlFAJ2jBmTmpqaEuBdPVC2l8GHRE3LfiuT7/NEnylbKL+JzkYV2WdPvi5b4oKK0oyV8RSyix3bEwDGdAv0t4gJSVLW/IBZ3/tmGcjqXeTjprtGXZE+shiCaFIOX2b7pKkcc3M1tylyr4MGDEwkeJC48O6dSatLLF9DJX9RTLbSfFkvHqxrBdkYu8PPN4Vx/9lG1Z9b7YuBLWb+VJDIPZLKpE9yFrZ5/8dZ9Dh0kywgUuiD9+24XSHgPOBWnpT2oe78wU+cjQhyoXmthqQ==