зеркало из https://github.com/Azure/azurehpc.git
add Active Directory support
This commit is contained in:
Родитель
82dcb79cb8
Коммит
e11e47bc2d
|
@ -0,0 +1,49 @@
|
|||
{
|
||||
"location": "variables.location",
|
||||
"resource_group": "variables.resource_group",
|
||||
"install_from": "headnode",
|
||||
"admin_user": "variables.ad_admin",
|
||||
"variables": {
|
||||
"image": "OpenLogic:CentOS:7.6:latest",
|
||||
"hpc_image": "OpenLogic:CentOS-HPC:7.6:latest",
|
||||
"location": "<NOT-SET>",
|
||||
"resource_group": "<NOT-SET>",
|
||||
"vnet_resource_group": "variables.resource_group",
|
||||
"ad_image": "MicrosoftWindowsServer:WindowsServer:2012-R2-Datacenter:latest",
|
||||
"ad_domain": "MyDomain.local",
|
||||
"ad_admin": "hpcadmin",
|
||||
"win_password": "<NOT-SET>"
|
||||
},
|
||||
"vnet": {
|
||||
"resource_group": "variables.vnet_resource_group",
|
||||
"name": "hpcvnet",
|
||||
"address_prefix": "10.2.0.0/20",
|
||||
"subnets": {
|
||||
"admin": "10.2.1.0/24",
|
||||
"viz": "10.2.2.0/24",
|
||||
"compute": "10.2.4.0/22"
|
||||
}
|
||||
},
|
||||
"resources": {
|
||||
"adnode": {
|
||||
"type": "vm",
|
||||
"public_ip": "true",
|
||||
"password": "variables.win_password",
|
||||
"vm_type": "Standard_D8_v3",
|
||||
"image": "variables.ad_image",
|
||||
"subnet": "admin",
|
||||
"tags": []
|
||||
}
|
||||
},
|
||||
"post_install":
|
||||
{
|
||||
"script": "setup_win_ad.sh",
|
||||
"args": [
|
||||
"variables.resource_group",
|
||||
"adnode",
|
||||
"variables.ad_domain",
|
||||
"variables.ad_admin",
|
||||
"variables.win_password"
|
||||
]
|
||||
}
|
||||
}
|
Двоичный файл не отображается.
После Ширина: | Высота: | Размер: 401 KiB |
|
@ -0,0 +1,140 @@
|
|||
{
|
||||
"location": "variables.location",
|
||||
"resource_group": "variables.resource_group",
|
||||
"install_from": "headnode",
|
||||
"admin_user": "hpcadmin",
|
||||
"variables": {
|
||||
"image": "OpenLogic:CentOS:7.6:latest",
|
||||
"hpc_image": "OpenLogic:CentOS-HPC:7.6:latest",
|
||||
"location": "<NOT-SET>",
|
||||
"vm_type": "Standard_HB60rs",
|
||||
"resource_group": "<NOT-SET>",
|
||||
"vnet_resource_group": "variables.resource_group",
|
||||
"ad_image": "MicrosoftWindowsServer:WindowsServer:2012-R2-Datacenter:latest",
|
||||
"ad_domain": "MyDomain.local",
|
||||
"ad_admin": "hpcadmin",
|
||||
"win_password": "<NOT-SET>"
|
||||
},
|
||||
"vnet": {
|
||||
"resource_group": "variables.vnet_resource_group",
|
||||
"name": "hpcvnet",
|
||||
"address_prefix": "10.2.0.0/20",
|
||||
"subnets": {
|
||||
"admin": "10.2.1.0/24",
|
||||
"viz": "10.2.2.0/24",
|
||||
"compute": "10.2.4.0/22"
|
||||
}
|
||||
},
|
||||
"resources": {
|
||||
"adnode": {
|
||||
"type": "vm",
|
||||
"public_ip": "true",
|
||||
"password": "variables.win_password",
|
||||
"vm_type": "Standard_D8_v3",
|
||||
"image": "variables.ad_image",
|
||||
"subnet": "admin",
|
||||
"tags": [
|
||||
"ad_server"
|
||||
]
|
||||
},
|
||||
"headnode": {
|
||||
"type": "vm",
|
||||
"vm_type": "Standard_HB60rs",
|
||||
"public_ip": true,
|
||||
"image": "variables.image",
|
||||
"subnet": "compute",
|
||||
"tags": [
|
||||
"cndefault",
|
||||
"nfsserver",
|
||||
"pbsserver",
|
||||
"loginnode",
|
||||
"localuser",
|
||||
"disable-selinux",
|
||||
"join_domain"
|
||||
]
|
||||
},
|
||||
"compute": {
|
||||
"type": "vmss",
|
||||
"vm_type": "variables.vm_type",
|
||||
"instances": 2,
|
||||
"image": "variables.hpc_image",
|
||||
"subnet": "compute",
|
||||
"tags": [
|
||||
"nfsclient",
|
||||
"pbsclient",
|
||||
"cndefault",
|
||||
"localuser",
|
||||
"disable-selinux",
|
||||
"join_domain"
|
||||
]
|
||||
}
|
||||
},
|
||||
"install": [
|
||||
{
|
||||
"script": "disable-selinux.sh",
|
||||
"tag": "disable-selinux",
|
||||
"sudo": true
|
||||
},
|
||||
{
|
||||
"script": "cndefault.sh",
|
||||
"tag": "cndefault",
|
||||
"sudo": true
|
||||
},
|
||||
{
|
||||
"script": "nfsserver.sh",
|
||||
"tag": "nfsserver",
|
||||
"sudo": true
|
||||
},
|
||||
{
|
||||
"script": "nfsclient.sh",
|
||||
"args": [
|
||||
"$(<hostlists/tags/nfsserver)"
|
||||
],
|
||||
"tag": "nfsclient",
|
||||
"sudo": true
|
||||
},
|
||||
{
|
||||
"script": "localuser.sh",
|
||||
"args": [
|
||||
"$(<hostlists/tags/nfsserver)"
|
||||
],
|
||||
"tag": "localuser",
|
||||
"sudo": true
|
||||
},
|
||||
{
|
||||
"script": "pbsdownload.sh",
|
||||
"tag": "loginnode",
|
||||
"sudo": false
|
||||
},
|
||||
{
|
||||
"script": "pbsserver.sh",
|
||||
"copy": [
|
||||
"pbspro_19.1.1.centos7/pbspro-server-19.1.1-0.x86_64.rpm"
|
||||
],
|
||||
"tag": "pbsserver",
|
||||
"sudo": false
|
||||
},
|
||||
{
|
||||
"script": "pbsclient.sh",
|
||||
"args": [
|
||||
"$(<hostlists/tags/pbsserver)"
|
||||
],
|
||||
"copy": [
|
||||
"pbspro_19.1.1.centos7/pbspro-execution-19.1.1-0.x86_64.rpm"
|
||||
],
|
||||
"tag": "pbsclient",
|
||||
"sudo": false
|
||||
},
|
||||
{
|
||||
"script": "join_domain.sh",
|
||||
"args": [
|
||||
"variables.ad_domain",
|
||||
"variables.ad_admin",
|
||||
"variables.win_password",
|
||||
"$(<hostlists/tags/ad_server)"
|
||||
],
|
||||
"tag": "join_domain",
|
||||
"sudo": true
|
||||
}
|
||||
]
|
||||
}
|
|
@ -0,0 +1,99 @@
|
|||
# Use Active Directory for user authentication
|
||||
|
||||
To build a usable cluster for a group of users, authentication and authorization has to be set up. The example
|
||||
here demonstrates how to set up a AD server and how to connect the cluster nodes to it.
|
||||
|
||||
First create the config file for the Active Directory Domain Controller
|
||||
'''
|
||||
$ azhpc-init -c azurehpc/examples/activedirectory/ad-config.json -d adtest -s
|
||||
Thu Sep 5 11:38:08 CEST 2019 : variables to set: "-v location=,resource_group=,win_password="
|
||||
'''
|
||||
|
||||
And build it....
|
||||
'''
|
||||
$ azhpc-init -c azurehpc/examples/activedirectory/ad-config.json -d adtest -v "location=westeurope
|
||||
,resource_group=ad_demo,win_password=mypassword@1234"
|
||||
Thu Sep 5 11:40:29 CEST 2019 : creating directory adtest
|
||||
Thu Sep 5 11:40:29 CEST 2019 : copying config.json to adtest
|
||||
Thu Sep 5 11:40:29 CEST 2019 : updating file adtest/ad-config.json
|
||||
$ azhpc-build -c ad-config.json
|
||||
'''
|
||||
|
||||
Now the actual cluster can be initialized and build
|
||||
'''
|
||||
$ azhpc-init -c ../azurehpc/examples/activedirectory/config.json -v "location=westeurope,re
|
||||
source_group=ad_demo,win_password=mypassword@1234"
|
||||
Thu Sep 5 11:55:45 CEST 2019 : creating directory .
|
||||
Thu Sep 5 11:55:45 CEST 2019 : copying config.json to .
|
||||
Thu Sep 5 11:55:45 CEST 2019 : updating file ./ad-config.json
|
||||
Thu Sep 5 11:55:45 CEST 2019 : updating file ./config.json
|
||||
$ azhpc-build
|
||||
'''
|
||||
|
||||
While building the cluster, connect to the AD node, and start up the Active Directory Users and Computers manager to add a new user.
|
||||
|
||||
![Add Windows User](add_windows_user.png?raw=true)
|
||||
|
||||
'''
|
||||
$ azhpc-connect headnode
|
||||
Thu Sep 5 12:21:04 CEST 2019 : logging in to headnode (via headnodee10cb4.westeurope.cloudapp.azure.com)
|
||||
[hpcadmin@headnode ~]$ getent passwd winuser
|
||||
winuser:*:719201105:719200513:winuser:/share/home/winuser:/bin/bash
|
||||
'''
|
||||
|
||||
and you can login using the supplied password:
|
||||
'''
|
||||
[hpcadmin@headnode ~]$ ssh winuser@localhost
|
||||
winuser@localhost's password:
|
||||
Creating home directory for winuser.
|
||||
[winuser@headnode ~]$
|
||||
'''
|
||||
|
||||
Some basic cluster homework:
|
||||
'''
|
||||
[winuser@headnode ~]$ ssh-keygen
|
||||
Generating public/private rsa key pair.
|
||||
Enter file in which to save the key (/share/home/winuser/.ssh/id_rsa):
|
||||
Created directory '/share/home/winuser/.ssh'.
|
||||
Enter passphrase (empty for no passphrase):
|
||||
Enter same passphrase again:
|
||||
Your identification has been saved in /share/home/winuser/.ssh/id_rsa.
|
||||
Your public key has been saved in /share/home/winuser/.ssh/id_rsa.pub.
|
||||
The key fingerprint is:
|
||||
SHA256:Lt9Muf0RI61mBLkpliUtEq68Q2t0pTJUkkqfrrY/vLU winuser@headnode
|
||||
The key's randomart image is:
|
||||
+---[RSA 2048]----+
|
||||
| ..o |
|
||||
| . .+ . . . |
|
||||
| . o..o + = |
|
||||
| .oo. + = + . |
|
||||
| .B o S o o + |
|
||||
| o.* o . o o o |
|
||||
| o= o . o + . |
|
||||
| o.oo + + = . |
|
||||
| ..oooE . + ... |
|
||||
+----[SHA256]-----+
|
||||
[winuser@headnode ~]$
|
||||
[winuser@headnode ~]$ cp .ssh/id_rsa.pub .ssh/authorized_keys
|
||||
[winuser@headnode ~]$ pbsnodes -a | grep compu
|
||||
compu8526000001
|
||||
resources_available.vnode = compu8526000001
|
||||
compu8526000000
|
||||
resources_available.vnode = compu8526000000
|
||||
[winuser@headnode ~]$ ssh compu8526000000
|
||||
Last login: Thu Sep 5 10:25:49 2019 from 10.2.4.8
|
||||
[winuser@compu8526000000 ~]$ exit
|
||||
logout
|
||||
Connection to compu8526000000 closed.
|
||||
[winuser@headnode ~]$
|
||||
'''
|
||||
|
||||
And you can submit your first job...
|
||||
'''
|
||||
[winuser@headnode ~]$ qsub -l nodes=2 -- hostname
|
||||
0.headnode
|
||||
[winuser@headnode ~]$ ls
|
||||
STDIN.e0 STDIN.o0
|
||||
'''
|
||||
|
||||
|
|
@ -0,0 +1,21 @@
|
|||
#install AD
|
||||
param (
|
||||
[Parameter(Mandatory=$true)][string] $ad_domain,
|
||||
[Parameter(Mandatory=$true)][string] $ad_user,
|
||||
[Parameter(Mandatory=$true)][string] $ad_password
|
||||
)
|
||||
|
||||
#$ProgressPreference = 'SilentlyContinue'
|
||||
|
||||
Write-Output $ad_domain
|
||||
Write-Output $ad_user
|
||||
Write-Output $ad_password
|
||||
|
||||
New-ADUser `
|
||||
-Name "hpcuser" `
|
||||
-GivenName "hpcuser" `
|
||||
-Surname "hpcuser" `
|
||||
-SamAccountName "hpcuser" `
|
||||
-UserPrincipalName "hpcuser@$ad_domain" `
|
||||
-AccountPassword(ConvertTo-SecureString $ad_password -AsPlainText -Force) `
|
||||
-Enabled $true > D:\user.log
|
|
@ -0,0 +1,40 @@
|
|||
#install AD
|
||||
param (
|
||||
[Parameter(Mandatory=$true)][string] $ad_domain,
|
||||
[Parameter(Mandatory=$true)][string] $ad_user,
|
||||
[Parameter(Mandatory=$true)][string] $ad_password
|
||||
)
|
||||
|
||||
#$ProgressPreference = 'SilentlyContinue'
|
||||
|
||||
Write-Output $ad_domain
|
||||
Write-Output $ad_user
|
||||
Write-Output $ad_password
|
||||
|
||||
|
||||
#cd C:\Windows\Temp
|
||||
#Invoke-WebRequest -OutFile C:\Windows\rgs_trial.lic $lic_url
|
||||
#Invoke-WebRequest -OutFile SenderSetup64.exe $sw_url
|
||||
#.\SenderSetup64.exe /z"/autoinstall /agreetolicense /clipboard /rgslicensefile=C:\Windows\rgs_trial.lic /noreboot" -Wait
|
||||
Install-WindowsFeature AD-Domain-Services -IncludeAllSubFeature -IncludeManagementTools
|
||||
Install-WindowsFeature DNS -IncludeAllSubFeature -IncludeManagementTools
|
||||
Install-ADDSForest `
|
||||
-CreateDnsDelegation:$false `
|
||||
-DomainName $ad_domain `
|
||||
-InstallDns `
|
||||
-DomainMode Win2012R2 `
|
||||
-ForestMode Win2012R2 `
|
||||
-DatabasePath C:\Windows\NTDS `
|
||||
-SysvolPath C:\Windows\SYSVOL `
|
||||
-LogPath C:\Windows\Logs `
|
||||
-NoRebootOnCompletion:$false `
|
||||
-Force `
|
||||
-SafeModeAdministratorPassword (ConvertTo-SecureString $ad_password -AsPlainText -Force) > D:\domain.log
|
||||
#New-ADUser `
|
||||
# -Name "hpcuser" `
|
||||
# -GivenName "hpcuser" `
|
||||
# -Surname "hpcuser" `
|
||||
# -SamAccountName "hpcuser" `
|
||||
# -UserPrincipalName "hpcuser@$ad_domain" `
|
||||
# -AccountPassword(ConvertTo-SecureString $ad_password -AsPlainText -Force) `
|
||||
# -Enabled $true > D:\user.log
|
|
@ -0,0 +1,45 @@
|
|||
#!/bin/bash
|
||||
|
||||
ADMIN_DOMAIN=$1
|
||||
ADMIN_NAME=$2
|
||||
ADMIN_PASSWORD=$3
|
||||
|
||||
echo $1 $2 $3
|
||||
|
||||
yum install sssd realmd oddjob oddjob-mkhomedir adcli samba-common samba-common-tools krb5-workstation openldap-clients policycoreutils-python -y
|
||||
|
||||
systemctl restart dbus
|
||||
systemctl restart systemd-logind
|
||||
|
||||
#NAMESERVER=$(jetpack config adjoin.ad.dns1)
|
||||
NAMESERVER=10.2.1.4
|
||||
if [ ! -f /etc/resolv.conf.bak ]; then
|
||||
cp /etc/resolv.conf /etc/resolv.conf.bak
|
||||
fi
|
||||
if grep -q "nameserver $NAMESERVER" /etc/resolv.conf ; then
|
||||
echo "resolv.conf already changed"
|
||||
else
|
||||
echo "nameserver $NAMESERVER" >> /etc/resolv.conf.tmp
|
||||
cat /etc/resolv.conf >> /etc/resolv.conf.tmp
|
||||
mv /etc/resolv.conf.tmp /etc/resolv.conf
|
||||
fi
|
||||
|
||||
#ADMIN_DOMAIN=$(jetpack config adjoin.ad.domain)
|
||||
#ADMIN_DOMAIN=MyDomain.local
|
||||
#ADMIN_NAME=$(jetpack config adjoin.ad.admin.name)
|
||||
#ADMIN_NAME=hpcadmin
|
||||
#ADMIN_PASSWORD=$(jetpack config adjoin.ad.admin.password)
|
||||
#ADMIN_PASSWORD=admin_1234567
|
||||
echo $ADMIN_PASSWORD| realm join -U $ADMIN_NAME $ADMIN_DOMAIN --verbose
|
||||
|
||||
|
||||
sed -i 's/PasswordAuthentication no/PasswordAuthentication yes/g' /etc/ssh/sshd_config
|
||||
service sshd restart
|
||||
|
||||
|
||||
sed -i 's@override_homedir.*@override_homedir = /share/home/%u@' /etc/sssd/sssd.conf
|
||||
sed -i 's@fallback_homedir.*@fallback_homedir = /share/home/%u@' /etc/sssd/sssd.conf
|
||||
sed -i 's@use_fully_qualified_names.*@use_fully_qualified_names = False@' /etc/sssd/sssd.conf
|
||||
service sssd restart
|
||||
|
||||
|
|
@ -0,0 +1,33 @@
|
|||
#!/bin/bash
|
||||
|
||||
# Setup HP RGS on a Win10 VM
|
||||
|
||||
resource_group=$1
|
||||
node_name=$2
|
||||
ad_domain=$3
|
||||
ad_user=$4
|
||||
ad_password=$5
|
||||
|
||||
echo "Calling ad_win.ps1..."
|
||||
|
||||
az vm run-command invoke \
|
||||
--name $node_name \
|
||||
--resource-group $resource_group \
|
||||
--command-id RunPowerShellScript \
|
||||
--scripts @$azhpc_dir/scripts/ad_win.ps1 \
|
||||
--parameters ad_domain=$ad_domain ad_user=$ad_user ad_password=$ad_password \
|
||||
--output table
|
||||
|
||||
echo Sleeping to allow AD to reboot
|
||||
sleep 60
|
||||
|
||||
az vm run-command invoke \
|
||||
--name $node_name \
|
||||
--resource-group $resource_group \
|
||||
--command-id RunPowerShellScript \
|
||||
--scripts @$azhpc_dir/scripts/ad_user.ps1 \
|
||||
--parameters ad_domain=$ad_domain ad_user=$ad_user ad_password=$ad_password \
|
||||
--output table
|
||||
|
||||
echo "AD setup done"
|
||||
|
Загрузка…
Ссылка в новой задаче