This commit is contained in:
hugo meiland 2019-09-05 12:34:25 +02:00
Родитель 82dcb79cb8
Коммит e11e47bc2d
8 изменённых файлов: 427 добавлений и 0 удалений

Просмотреть файл

@ -0,0 +1,49 @@
{
"location": "variables.location",
"resource_group": "variables.resource_group",
"install_from": "headnode",
"admin_user": "variables.ad_admin",
"variables": {
"image": "OpenLogic:CentOS:7.6:latest",
"hpc_image": "OpenLogic:CentOS-HPC:7.6:latest",
"location": "<NOT-SET>",
"resource_group": "<NOT-SET>",
"vnet_resource_group": "variables.resource_group",
"ad_image": "MicrosoftWindowsServer:WindowsServer:2012-R2-Datacenter:latest",
"ad_domain": "MyDomain.local",
"ad_admin": "hpcadmin",
"win_password": "<NOT-SET>"
},
"vnet": {
"resource_group": "variables.vnet_resource_group",
"name": "hpcvnet",
"address_prefix": "10.2.0.0/20",
"subnets": {
"admin": "10.2.1.0/24",
"viz": "10.2.2.0/24",
"compute": "10.2.4.0/22"
}
},
"resources": {
"adnode": {
"type": "vm",
"public_ip": "true",
"password": "variables.win_password",
"vm_type": "Standard_D8_v3",
"image": "variables.ad_image",
"subnet": "admin",
"tags": []
}
},
"post_install":
{
"script": "setup_win_ad.sh",
"args": [
"variables.resource_group",
"adnode",
"variables.ad_domain",
"variables.ad_admin",
"variables.win_password"
]
}
}

Двоичные данные
examples/activedirectory/add_windows_user.png Normal file

Двоичный файл не отображается.

После

Ширина:  |  Высота:  |  Размер: 401 KiB

Просмотреть файл

@ -0,0 +1,140 @@
{
"location": "variables.location",
"resource_group": "variables.resource_group",
"install_from": "headnode",
"admin_user": "hpcadmin",
"variables": {
"image": "OpenLogic:CentOS:7.6:latest",
"hpc_image": "OpenLogic:CentOS-HPC:7.6:latest",
"location": "<NOT-SET>",
"vm_type": "Standard_HB60rs",
"resource_group": "<NOT-SET>",
"vnet_resource_group": "variables.resource_group",
"ad_image": "MicrosoftWindowsServer:WindowsServer:2012-R2-Datacenter:latest",
"ad_domain": "MyDomain.local",
"ad_admin": "hpcadmin",
"win_password": "<NOT-SET>"
},
"vnet": {
"resource_group": "variables.vnet_resource_group",
"name": "hpcvnet",
"address_prefix": "10.2.0.0/20",
"subnets": {
"admin": "10.2.1.0/24",
"viz": "10.2.2.0/24",
"compute": "10.2.4.0/22"
}
},
"resources": {
"adnode": {
"type": "vm",
"public_ip": "true",
"password": "variables.win_password",
"vm_type": "Standard_D8_v3",
"image": "variables.ad_image",
"subnet": "admin",
"tags": [
"ad_server"
]
},
"headnode": {
"type": "vm",
"vm_type": "Standard_HB60rs",
"public_ip": true,
"image": "variables.image",
"subnet": "compute",
"tags": [
"cndefault",
"nfsserver",
"pbsserver",
"loginnode",
"localuser",
"disable-selinux",
"join_domain"
]
},
"compute": {
"type": "vmss",
"vm_type": "variables.vm_type",
"instances": 2,
"image": "variables.hpc_image",
"subnet": "compute",
"tags": [
"nfsclient",
"pbsclient",
"cndefault",
"localuser",
"disable-selinux",
"join_domain"
]
}
},
"install": [
{
"script": "disable-selinux.sh",
"tag": "disable-selinux",
"sudo": true
},
{
"script": "cndefault.sh",
"tag": "cndefault",
"sudo": true
},
{
"script": "nfsserver.sh",
"tag": "nfsserver",
"sudo": true
},
{
"script": "nfsclient.sh",
"args": [
"$(<hostlists/tags/nfsserver)"
],
"tag": "nfsclient",
"sudo": true
},
{
"script": "localuser.sh",
"args": [
"$(<hostlists/tags/nfsserver)"
],
"tag": "localuser",
"sudo": true
},
{
"script": "pbsdownload.sh",
"tag": "loginnode",
"sudo": false
},
{
"script": "pbsserver.sh",
"copy": [
"pbspro_19.1.1.centos7/pbspro-server-19.1.1-0.x86_64.rpm"
],
"tag": "pbsserver",
"sudo": false
},
{
"script": "pbsclient.sh",
"args": [
"$(<hostlists/tags/pbsserver)"
],
"copy": [
"pbspro_19.1.1.centos7/pbspro-execution-19.1.1-0.x86_64.rpm"
],
"tag": "pbsclient",
"sudo": false
},
{
"script": "join_domain.sh",
"args": [
"variables.ad_domain",
"variables.ad_admin",
"variables.win_password",
"$(<hostlists/tags/ad_server)"
],
"tag": "join_domain",
"sudo": true
}
]
}

Просмотреть файл

@ -0,0 +1,99 @@
# Use Active Directory for user authentication
To build a usable cluster for a group of users, authentication and authorization has to be set up. The example
here demonstrates how to set up a AD server and how to connect the cluster nodes to it.
First create the config file for the Active Directory Domain Controller
'''
$ azhpc-init -c azurehpc/examples/activedirectory/ad-config.json -d adtest -s
Thu Sep 5 11:38:08 CEST 2019 : variables to set: "-v location=,resource_group=,win_password="
'''
And build it....
'''
$ azhpc-init -c azurehpc/examples/activedirectory/ad-config.json -d adtest -v "location=westeurope
,resource_group=ad_demo,win_password=mypassword@1234"
Thu Sep 5 11:40:29 CEST 2019 : creating directory adtest
Thu Sep 5 11:40:29 CEST 2019 : copying config.json to adtest
Thu Sep 5 11:40:29 CEST 2019 : updating file adtest/ad-config.json
$ azhpc-build -c ad-config.json
'''
Now the actual cluster can be initialized and build
'''
$ azhpc-init -c ../azurehpc/examples/activedirectory/config.json -v "location=westeurope,re
source_group=ad_demo,win_password=mypassword@1234"
Thu Sep 5 11:55:45 CEST 2019 : creating directory .
Thu Sep 5 11:55:45 CEST 2019 : copying config.json to .
Thu Sep 5 11:55:45 CEST 2019 : updating file ./ad-config.json
Thu Sep 5 11:55:45 CEST 2019 : updating file ./config.json
$ azhpc-build
'''
While building the cluster, connect to the AD node, and start up the Active Directory Users and Computers manager to add a new user.
![Add Windows User](add_windows_user.png?raw=true)
'''
$ azhpc-connect headnode
Thu Sep 5 12:21:04 CEST 2019 : logging in to headnode (via headnodee10cb4.westeurope.cloudapp.azure.com)
[hpcadmin@headnode ~]$ getent passwd winuser
winuser:*:719201105:719200513:winuser:/share/home/winuser:/bin/bash
'''
and you can login using the supplied password:
'''
[hpcadmin@headnode ~]$ ssh winuser@localhost
winuser@localhost's password:
Creating home directory for winuser.
[winuser@headnode ~]$
'''
Some basic cluster homework:
'''
[winuser@headnode ~]$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/share/home/winuser/.ssh/id_rsa):
Created directory '/share/home/winuser/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /share/home/winuser/.ssh/id_rsa.
Your public key has been saved in /share/home/winuser/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:Lt9Muf0RI61mBLkpliUtEq68Q2t0pTJUkkqfrrY/vLU winuser@headnode
The key's randomart image is:
+---[RSA 2048]----+
| ..o |
| . .+ . . . |
| . o..o + = |
| .oo. + = + . |
| .B o S o o + |
| o.* o . o o o |
| o= o . o + . |
| o.oo + + = . |
| ..oooE . + ... |
+----[SHA256]-----+
[winuser@headnode ~]$
[winuser@headnode ~]$ cp .ssh/id_rsa.pub .ssh/authorized_keys
[winuser@headnode ~]$ pbsnodes -a | grep compu
compu8526000001
resources_available.vnode = compu8526000001
compu8526000000
resources_available.vnode = compu8526000000
[winuser@headnode ~]$ ssh compu8526000000
Last login: Thu Sep 5 10:25:49 2019 from 10.2.4.8
[winuser@compu8526000000 ~]$ exit
logout
Connection to compu8526000000 closed.
[winuser@headnode ~]$
'''
And you can submit your first job...
'''
[winuser@headnode ~]$ qsub -l nodes=2 -- hostname
0.headnode
[winuser@headnode ~]$ ls
STDIN.e0 STDIN.o0
'''

21
scripts/ad_user.ps1 Normal file
Просмотреть файл

@ -0,0 +1,21 @@
#install AD
param (
[Parameter(Mandatory=$true)][string] $ad_domain,
[Parameter(Mandatory=$true)][string] $ad_user,
[Parameter(Mandatory=$true)][string] $ad_password
)
#$ProgressPreference = 'SilentlyContinue'
Write-Output $ad_domain
Write-Output $ad_user
Write-Output $ad_password
New-ADUser `
-Name "hpcuser" `
-GivenName "hpcuser" `
-Surname "hpcuser" `
-SamAccountName "hpcuser" `
-UserPrincipalName "hpcuser@$ad_domain" `
-AccountPassword(ConvertTo-SecureString $ad_password -AsPlainText -Force) `
-Enabled $true > D:\user.log

40
scripts/ad_win.ps1 Normal file
Просмотреть файл

@ -0,0 +1,40 @@
#install AD
param (
[Parameter(Mandatory=$true)][string] $ad_domain,
[Parameter(Mandatory=$true)][string] $ad_user,
[Parameter(Mandatory=$true)][string] $ad_password
)
#$ProgressPreference = 'SilentlyContinue'
Write-Output $ad_domain
Write-Output $ad_user
Write-Output $ad_password
#cd C:\Windows\Temp
#Invoke-WebRequest -OutFile C:\Windows\rgs_trial.lic $lic_url
#Invoke-WebRequest -OutFile SenderSetup64.exe $sw_url
#.\SenderSetup64.exe /z"/autoinstall /agreetolicense /clipboard /rgslicensefile=C:\Windows\rgs_trial.lic /noreboot" -Wait
Install-WindowsFeature AD-Domain-Services -IncludeAllSubFeature -IncludeManagementTools
Install-WindowsFeature DNS -IncludeAllSubFeature -IncludeManagementTools
Install-ADDSForest `
-CreateDnsDelegation:$false `
-DomainName $ad_domain `
-InstallDns `
-DomainMode Win2012R2 `
-ForestMode Win2012R2 `
-DatabasePath C:\Windows\NTDS `
-SysvolPath C:\Windows\SYSVOL `
-LogPath C:\Windows\Logs `
-NoRebootOnCompletion:$false `
-Force `
-SafeModeAdministratorPassword (ConvertTo-SecureString $ad_password -AsPlainText -Force) > D:\domain.log
#New-ADUser `
# -Name "hpcuser" `
# -GivenName "hpcuser" `
# -Surname "hpcuser" `
# -SamAccountName "hpcuser" `
# -UserPrincipalName "hpcuser@$ad_domain" `
# -AccountPassword(ConvertTo-SecureString $ad_password -AsPlainText -Force) `
# -Enabled $true > D:\user.log

45
scripts/join_domain.sh Normal file
Просмотреть файл

@ -0,0 +1,45 @@
#!/bin/bash
ADMIN_DOMAIN=$1
ADMIN_NAME=$2
ADMIN_PASSWORD=$3
echo $1 $2 $3
yum install sssd realmd oddjob oddjob-mkhomedir adcli samba-common samba-common-tools krb5-workstation openldap-clients policycoreutils-python -y
systemctl restart dbus
systemctl restart systemd-logind
#NAMESERVER=$(jetpack config adjoin.ad.dns1)
NAMESERVER=10.2.1.4
if [ ! -f /etc/resolv.conf.bak ]; then
cp /etc/resolv.conf /etc/resolv.conf.bak
fi
if grep -q "nameserver $NAMESERVER" /etc/resolv.conf ; then
echo "resolv.conf already changed"
else
echo "nameserver $NAMESERVER" >> /etc/resolv.conf.tmp
cat /etc/resolv.conf >> /etc/resolv.conf.tmp
mv /etc/resolv.conf.tmp /etc/resolv.conf
fi
#ADMIN_DOMAIN=$(jetpack config adjoin.ad.domain)
#ADMIN_DOMAIN=MyDomain.local
#ADMIN_NAME=$(jetpack config adjoin.ad.admin.name)
#ADMIN_NAME=hpcadmin
#ADMIN_PASSWORD=$(jetpack config adjoin.ad.admin.password)
#ADMIN_PASSWORD=admin_1234567
echo $ADMIN_PASSWORD| realm join -U $ADMIN_NAME $ADMIN_DOMAIN --verbose
sed -i 's/PasswordAuthentication no/PasswordAuthentication yes/g' /etc/ssh/sshd_config
service sshd restart
sed -i 's@override_homedir.*@override_homedir = /share/home/%u@' /etc/sssd/sssd.conf
sed -i 's@fallback_homedir.*@fallback_homedir = /share/home/%u@' /etc/sssd/sssd.conf
sed -i 's@use_fully_qualified_names.*@use_fully_qualified_names = False@' /etc/sssd/sssd.conf
service sssd restart

33
scripts/setup_win_ad.sh Normal file
Просмотреть файл

@ -0,0 +1,33 @@
#!/bin/bash
# Setup HP RGS on a Win10 VM
resource_group=$1
node_name=$2
ad_domain=$3
ad_user=$4
ad_password=$5
echo "Calling ad_win.ps1..."
az vm run-command invoke \
--name $node_name \
--resource-group $resource_group \
--command-id RunPowerShellScript \
--scripts @$azhpc_dir/scripts/ad_win.ps1 \
--parameters ad_domain=$ad_domain ad_user=$ad_user ad_password=$ad_password \
--output table
echo Sleeping to allow AD to reboot
sleep 60
az vm run-command invoke \
--name $node_name \
--resource-group $resource_group \
--command-id RunPowerShellScript \
--scripts @$azhpc_dir/scripts/ad_user.ps1 \
--parameters ad_domain=$ad_domain ad_user=$ad_user ad_password=$ad_password \
--output table
echo "AD setup done"