Dustin Frisch
1 year ago
No known key found for this signature in database
GPG Key ID: B4C3BF012D9B26BE
10 changed files with 180 additions and 72 deletions
-
57docs/config.nix
-
19docs/content/first_steps.md
-
1docs/content/index.md
-
79docs/content/internal/deployment.md
-
18docs/default.nix
-
37docs/mkdocs.yaml
-
19docs/module.nix
-
1docs/result
-
1machines/manager/default.nix
-
20machines/manager/docs.nix
@ -0,0 +1,57 @@ |
|||
{ config, ... }: |
|||
|
|||
{ |
|||
site_name = "HPC @ HS-Fulda"; |
|||
site_description = '' |
|||
User documentation for high performance cluster on University of Applied Sciences Fulda |
|||
''; |
|||
site_url = "http://${config.networking.domain}/"; |
|||
|
|||
use_directory_urls = false; |
|||
strict = true; |
|||
|
|||
repo_url = "https://gogs.informatik.hs-fulda.de/hpc/nixcfg.git"; |
|||
|
|||
docs_dir = ./content; |
|||
|
|||
theme = { |
|||
name = "readthedocs"; |
|||
locale = "de"; |
|||
prev_next_buttons_location = "none"; |
|||
highlightjs = true; |
|||
hljs_languages = [ |
|||
"bash" |
|||
"yaml" |
|||
"rust" |
|||
]; |
|||
}; |
|||
|
|||
markdown_extensions = [ |
|||
"extra" |
|||
"admonition" |
|||
]; |
|||
|
|||
plugins = [ |
|||
"search" |
|||
]; |
|||
|
|||
extra = { |
|||
"manager"."host" = config.networking.domain; |
|||
}; |
|||
|
|||
nav = [ |
|||
{ "Start" = "index.md"; } |
|||
{ "Erste Schritte" = "first_steps.md"; } |
|||
{ "Nutzung" = "usage.md"; } |
|||
{ "Software" = "environment.md"; } |
|||
{ "Daten" = "storage.md"; } |
|||
{ "Best Practices" = "best_practice.md"; } |
|||
{ "Hilfe" = "support.md"; } |
|||
{ |
|||
"Internes" = [ |
|||
{ "Deployment" = "internal/deployment.md"; } |
|||
{ "Netzwerk" = "internal/network.md"; } |
|||
]; |
|||
} |
|||
]; |
|||
} |
@ -0,0 +1,79 @@ |
|||
# Infrastructure Deployment |
|||
|
|||
The whole cluster infrastructure is build using [NixOS](https://nixos.org/). |
|||
The configuration repository is hosted at {{ config.repo_url }} and is deployed using [colmena](https://github.com/zhaofengli/colmena). |
|||
|
|||
## Building the configuration |
|||
To build the configuration, as system with [Nix](https://nix.dev/install-nix) installed is required. |
|||
|
|||
To activate the environment, run `nix develop` inside the configuration folder. |
|||
This will fetch all required build dependecies and makes them available in the environment. |
|||
|
|||
Building the whole configuration is as easy as running: |
|||
``` |
|||
colmana build --verbose --show-trace |
|||
``` |
|||
*Go grap a coffee, this can take a while* |
|||
|
|||
## Deploying |
|||
> Note: Deployment requires SSH access as the `root` user to all machines. |
|||
|
|||
To deploy a configuration change or updates to the cluster, run the following command: |
|||
``` |
|||
colmena apply switch |
|||
``` |
|||
|
|||
### Using the manager as a SSH jump host |
|||
SSH access to the nodes is limited. |
|||
Therefore it the manager system can be used as a jump host. |
|||
To do so, add the following lines to your local `~/.ssh/config` file (before the the `Host *` entry): |
|||
``` |
|||
Host 10.32.47.1?? |
|||
IdentitiesOnly yes |
|||
ProxyJump root@10.32.47.10 |
|||
``` |
|||
|
|||
## Updating |
|||
Updating all systems can be done by running the following command in the configuration repository: |
|||
``` |
|||
nix flake update |
|||
``` |
|||
|
|||
This will update all dependencies including the NixOS operation system. |
|||
|
|||
After doing the update, the changed config (with the updated dependencies) must be [deployed](#deploying). |
|||
|
|||
## Gather node information |
|||
The configuration repository relies on some information gathered from the machines itself. |
|||
After bootstrapping a machine, these information need to be gathered from the machines into the configuration repository. |
|||
|
|||
To gather there data, run the following command: |
|||
``` |
|||
./gather.sh |
|||
``` |
|||
|
|||
## Secret management |
|||
The config repository contains several secrets which are secured by [sops](https://github.com/getsops/sops) and the according [Nix integration](https://github.com/Mic92/sops-nix). |
|||
|
|||
To edit a config file, run the following command: |
|||
``` |
|||
sops <path/to/secrets/file> |
|||
``` |
|||
|
|||
This requires the editor to have its PGP-key fingerprint be part of the `adminKeys` list in `sops.nix`. |
|||
|
|||
Altering the list requires one of the previous members to [update the keys](#update-keys). |
|||
|
|||
### Update keys |
|||
Whenever a key, either the SSH key of a machine or the PGP key of an administrator, changes, the secret files need updating. |
|||
To do so, run the following command: |
|||
``` |
|||
find -name "secrets.yaml" -or -path "*/secrets/**" -type f -exec 'sops updatekeys {}' |
|||
``` |
|||
|
|||
## Bootstrapping a node |
|||
Compute nodes can be bootstrapped using PXE boot. |
|||
The manager will provide a touchless boot image which will install the node with the current deployment automatically. |
|||
Booting the node from PXE (network boot) is enough to activate the bootstrapping process. |
|||
|
|||
After bootstrapping a node, make sure to [gather the node data](#gather-node-information) and [update the secret keys](#update-keys). |
@ -1,18 +0,0 @@ |
|||
{ stdenv |
|||
, mkdocs |
|||
, ... |
|||
}: |
|||
|
|||
stdenv.mkDerivation { |
|||
name = "docs"; |
|||
|
|||
preferLocalBuild = true; |
|||
allowSubstitutes = false; |
|||
|
|||
src = ./.; |
|||
|
|||
buildCommand = '' |
|||
cd "$src" |
|||
${mkdocs}/bin/mkdocs build --site-dir "$out" |
|||
''; |
|||
} |
@ -1,37 +0,0 @@ |
|||
site_name: HPC @ HS-Fulda |
|||
site_description: User documentation for high performance cluster on University of Applied Sciences Fulda |
|||
site_url: https://docs.hpc.informatik.hs-fulda.de/ |
|||
site_dir: public |
|||
use_directory_urls: false |
|||
strict: true |
|||
repo_url: https://gogs.informatik.hs-fulda.de/hpc/nixcfg.git |
|||
docs_dir: content |
|||
|
|||
theme: |
|||
name: readthedocs |
|||
locale: de |
|||
prev_next_buttons_location: none |
|||
highlightjs: true |
|||
hljs_languages: |
|||
- bash |
|||
- yaml |
|||
- rust |
|||
|
|||
markdown_extensions: |
|||
- extra |
|||
- admonition |
|||
|
|||
plugins: |
|||
- search |
|||
|
|||
nav: |
|||
- Start: index.md |
|||
- Erste Schritte: first_steps.md |
|||
- Nutzung: usage.md |
|||
- Software: environment.md |
|||
- Daten: storage.md |
|||
- Best Practices: best_practice.md |
|||
- Hilfe: support.md |
|||
- Internes: |
|||
- Netzwerk: internal/network.md |
|||
|
@ -0,0 +1,19 @@ |
|||
{ pkgs, config, lib, ... }: |
|||
|
|||
with lib; |
|||
|
|||
let |
|||
mkdocsConfig = import ./config.nix { |
|||
inherit config lib; |
|||
}; |
|||
|
|||
mkdocsConfigYaml = pkgs.writeText "mkdocs.yaml" (generators.toYAML { } mkdocsConfig); |
|||
|
|||
in |
|||
{ |
|||
system.build.docs = pkgs.runCommand "docs" { } '' |
|||
${pkgs.mkdocs}/bin/mkdocs build \ |
|||
--site-dir "$out" \ |
|||
--config-file "${mkdocsConfigYaml}" |
|||
''; |
|||
} |
@ -1 +0,0 @@ |
|||
/nix/store/8v3r668x18fl49yx2s41yzs0qx9cn24d-docs |
@ -1,16 +1,22 @@ |
|||
{ pkgs, lib, ... }: |
|||
{ config, pkgs, lib, ... }: |
|||
|
|||
with lib; |
|||
|
|||
let |
|||
docs = pkgs.callPackage ../../docs { }; |
|||
|
|||
in |
|||
{ |
|||
imports = [ |
|||
../../docs/module.nix |
|||
]; |
|||
|
|||
services.nginx = { |
|||
virtualHosts = { |
|||
"docs.${config.networking.domain}" = { |
|||
locations."/".root = docs; |
|||
"${config.networking.domain}" = { |
|||
default = true; |
|||
|
|||
serverAliases = [ |
|||
"doku.${config.networking.domain}" |
|||
]; |
|||
|
|||
locations."/".root = config.system.build.docs; |
|||
}; |
|||
}; |
|||
}; |
|||
|
Write
Preview
Loading…
Cancel
Save
Reference in new issue