hpc
/
nixcfg
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
NixOS configuration for HPC cluster https://docs.hpc.informatik.hs-fulda.de/
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
26 Commits
1 Branch
0 Tags
314 KiB
Tree: 59c5a80f7d
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '59c5a80f7d'
${ noResults }
nixcfg/docs/content/internal/deployment.md

79 lines
2.9 KiB
Raw Normal View History

More docs
7 months ago
  1. # Infrastructure Deployment
  3. The whole cluster infrastructure is build using [NixOS](https://nixos.org/).
  4. The configuration repository is hosted at {{ config.repo_url }} and is deployed using [colmena](https://github.com/zhaofengli/colmena).
  6. ## Building the configuration
  7. To build the configuration, as system with [Nix](https://nix.dev/install-nix) installed is required.
  9. To activate the environment, run `nix develop` inside the configuration folder.
  10. This will fetch all required build dependecies and makes them available in the environment.
  12. Building the whole configuration is as easy as running:
  13. ```
  14. colmana build --verbose --show-trace
  15. ```
  16. *Go grap a coffee, this can take a while*
  18. ## Deploying
  19. > Note: Deployment requires SSH access as the `root` user to all machines.
  21. To deploy a configuration change or updates to the cluster, run the following command:
  22. ```
  23. colmena apply switch
  24. ```
  26. ### Using the manager as a SSH jump host
  27. SSH access to the nodes is limited.
  28. Therefore it the manager system can be used as a jump host.
  29. To do so, add the following lines to your local `~/.ssh/config` file (before the the `Host *` entry):
  30. ```
  31. Host 10.32.47.1??
  32. IdentitiesOnly yes
  33. ProxyJump root@10.32.47.10
  34. ```
  36. ## Updating
  37. Updating all systems can be done by running the following command in the configuration repository:
  38. ```
  39. nix flake update
  40. ```
  42. This will update all dependencies including the NixOS operation system.
  44. After doing the update, the changed config (with the updated dependencies) must be [deployed](#deploying).
  46. ## Gather node information
  47. The configuration repository relies on some information gathered from the machines itself.
  48. After bootstrapping a machine, these information need to be gathered from the machines into the configuration repository.
  50. To gather there data, run the following command:
  51. ```
  52. ./gather.sh
  53. ```
  55. ## Secret management
  56. The config repository contains several secrets which are secured by [sops](https://github.com/getsops/sops) and the according [Nix integration](https://github.com/Mic92/sops-nix).
  58. To edit a config file, run the following command:
  59. ```
  60. sops <path/to/secrets/file>
  61. ```
  63. This requires the editor to have its PGP-key fingerprint be part of the `adminKeys` list in `sops.nix`.
  65. Altering the list requires one of the previous members to [update the keys](#update-keys).
  67. ### Update keys
  68. Whenever a key, either the SSH key of a machine or the PGP key of an administrator, changes, the secret files need updating.
  69. To do so, run the following command:
  70. ```
  71. find -name "secrets.yaml" -or -path "*/secrets/**" -type f -exec 'sops updatekeys {}'
  72. ```
  74. ## Bootstrapping a node
  75. Compute nodes can be bootstrapped using PXE boot.
  76. The manager will provide a touchless boot image which will install the node with the current deployment automatically.
  77. Booting the node from PXE (network boot) is enough to activate the bootstrapping process.
  79. After bootstrapping a node, make sure to [gather the node data](#gather-node-information) and [update the secret keys](#update-keys).