Dustin Frisch
1 year ago
No known key found for this signature in database
GPG Key ID: B4C3BF012D9B26BE
10 changed files with 180 additions and 72 deletions
-
57docs/config.nix
-
19docs/content/first_steps.md
-
1docs/content/index.md
-
79docs/content/internal/deployment.md
-
18docs/default.nix
-
37docs/mkdocs.yaml
-
19docs/module.nix
-
1docs/result
-
1machines/manager/default.nix
-
20machines/manager/docs.nix
@ -0,0 +1,57 @@ |
|||||
|
{ config, ... }: |
||||
|
|
||||
|
{ |
||||
|
site_name = "HPC @ HS-Fulda"; |
||||
|
site_description = '' |
||||
|
User documentation for high performance cluster on University of Applied Sciences Fulda |
||||
|
''; |
||||
|
site_url = "http://${config.networking.domain}/"; |
||||
|
|
||||
|
use_directory_urls = false; |
||||
|
strict = true; |
||||
|
|
||||
|
repo_url = "https://gogs.informatik.hs-fulda.de/hpc/nixcfg.git"; |
||||
|
|
||||
|
docs_dir = ./content; |
||||
|
|
||||
|
theme = { |
||||
|
name = "readthedocs"; |
||||
|
locale = "de"; |
||||
|
prev_next_buttons_location = "none"; |
||||
|
highlightjs = true; |
||||
|
hljs_languages = [ |
||||
|
"bash" |
||||
|
"yaml" |
||||
|
"rust" |
||||
|
]; |
||||
|
}; |
||||
|
|
||||
|
markdown_extensions = [ |
||||
|
"extra" |
||||
|
"admonition" |
||||
|
]; |
||||
|
|
||||
|
plugins = [ |
||||
|
"search" |
||||
|
]; |
||||
|
|
||||
|
extra = { |
||||
|
"manager"."host" = config.networking.domain; |
||||
|
}; |
||||
|
|
||||
|
nav = [ |
||||
|
{ "Start" = "index.md"; } |
||||
|
{ "Erste Schritte" = "first_steps.md"; } |
||||
|
{ "Nutzung" = "usage.md"; } |
||||
|
{ "Software" = "environment.md"; } |
||||
|
{ "Daten" = "storage.md"; } |
||||
|
{ "Best Practices" = "best_practice.md"; } |
||||
|
{ "Hilfe" = "support.md"; } |
||||
|
{ |
||||
|
"Internes" = [ |
||||
|
{ "Deployment" = "internal/deployment.md"; } |
||||
|
{ "Netzwerk" = "internal/network.md"; } |
||||
|
]; |
||||
|
} |
||||
|
]; |
||||
|
} |
@ -0,0 +1,79 @@ |
|||||
|
# Infrastructure Deployment |
||||
|
|
||||
|
The whole cluster infrastructure is build using [NixOS](https://nixos.org/). |
||||
|
The configuration repository is hosted at {{ config.repo_url }} and is deployed using [colmena](https://github.com/zhaofengli/colmena). |
||||
|
|
||||
|
## Building the configuration |
||||
|
To build the configuration, as system with [Nix](https://nix.dev/install-nix) installed is required. |
||||
|
|
||||
|
To activate the environment, run `nix develop` inside the configuration folder. |
||||
|
This will fetch all required build dependecies and makes them available in the environment. |
||||
|
|
||||
|
Building the whole configuration is as easy as running: |
||||
|
``` |
||||
|
colmana build --verbose --show-trace |
||||
|
``` |
||||
|
*Go grap a coffee, this can take a while* |
||||
|
|
||||
|
## Deploying |
||||
|
> Note: Deployment requires SSH access as the `root` user to all machines. |
||||
|
|
||||
|
To deploy a configuration change or updates to the cluster, run the following command: |
||||
|
``` |
||||
|
colmena apply switch |
||||
|
``` |
||||
|
|
||||
|
### Using the manager as a SSH jump host |
||||
|
SSH access to the nodes is limited. |
||||
|
Therefore it the manager system can be used as a jump host. |
||||
|
To do so, add the following lines to your local `~/.ssh/config` file (before the the `Host *` entry): |
||||
|
``` |
||||
|
Host 10.32.47.1?? |
||||
|
IdentitiesOnly yes |
||||
|
ProxyJump root@10.32.47.10 |
||||
|
``` |
||||
|
|
||||
|
## Updating |
||||
|
Updating all systems can be done by running the following command in the configuration repository: |
||||
|
``` |
||||
|
nix flake update |
||||
|
``` |
||||
|
|
||||
|
This will update all dependencies including the NixOS operation system. |
||||
|
|
||||
|
After doing the update, the changed config (with the updated dependencies) must be [deployed](#deploying). |
||||
|
|
||||
|
## Gather node information |
||||
|
The configuration repository relies on some information gathered from the machines itself. |
||||
|
After bootstrapping a machine, these information need to be gathered from the machines into the configuration repository. |
||||
|
|
||||
|
To gather there data, run the following command: |
||||
|
``` |
||||
|
./gather.sh |
||||
|
``` |
||||
|
|
||||
|
## Secret management |
||||
|
The config repository contains several secrets which are secured by [sops](https://github.com/getsops/sops) and the according [Nix integration](https://github.com/Mic92/sops-nix). |
||||
|
|
||||
|
To edit a config file, run the following command: |
||||
|
``` |
||||
|
sops <path/to/secrets/file> |
||||
|
``` |
||||
|
|
||||
|
This requires the editor to have its PGP-key fingerprint be part of the `adminKeys` list in `sops.nix`. |
||||
|
|
||||
|
Altering the list requires one of the previous members to [update the keys](#update-keys). |
||||
|
|
||||
|
### Update keys |
||||
|
Whenever a key, either the SSH key of a machine or the PGP key of an administrator, changes, the secret files need updating. |
||||
|
To do so, run the following command: |
||||
|
``` |
||||
|
find -name "secrets.yaml" -or -path "*/secrets/**" -type f -exec 'sops updatekeys {}' |
||||
|
``` |
||||
|
|
||||
|
## Bootstrapping a node |
||||
|
Compute nodes can be bootstrapped using PXE boot. |
||||
|
The manager will provide a touchless boot image which will install the node with the current deployment automatically. |
||||
|
Booting the node from PXE (network boot) is enough to activate the bootstrapping process. |
||||
|
|
||||
|
After bootstrapping a node, make sure to [gather the node data](#gather-node-information) and [update the secret keys](#update-keys). |
@ -1,18 +0,0 @@ |
|||||
{ stdenv |
|
||||
, mkdocs |
|
||||
, ... |
|
||||
}: |
|
||||
|
|
||||
stdenv.mkDerivation { |
|
||||
name = "docs"; |
|
||||
|
|
||||
preferLocalBuild = true; |
|
||||
allowSubstitutes = false; |
|
||||
|
|
||||
src = ./.; |
|
||||
|
|
||||
buildCommand = '' |
|
||||
cd "$src" |
|
||||
${mkdocs}/bin/mkdocs build --site-dir "$out" |
|
||||
''; |
|
||||
} |
|
@ -1,37 +0,0 @@ |
|||||
site_name: HPC @ HS-Fulda |
|
||||
site_description: User documentation for high performance cluster on University of Applied Sciences Fulda |
|
||||
site_url: https://docs.hpc.informatik.hs-fulda.de/ |
|
||||
site_dir: public |
|
||||
use_directory_urls: false |
|
||||
strict: true |
|
||||
repo_url: https://gogs.informatik.hs-fulda.de/hpc/nixcfg.git |
|
||||
docs_dir: content |
|
||||
|
|
||||
theme: |
|
||||
name: readthedocs |
|
||||
locale: de |
|
||||
prev_next_buttons_location: none |
|
||||
highlightjs: true |
|
||||
hljs_languages: |
|
||||
- bash |
|
||||
- yaml |
|
||||
- rust |
|
||||
|
|
||||
markdown_extensions: |
|
||||
- extra |
|
||||
- admonition |
|
||||
|
|
||||
plugins: |
|
||||
- search |
|
||||
|
|
||||
nav: |
|
||||
- Start: index.md |
|
||||
- Erste Schritte: first_steps.md |
|
||||
- Nutzung: usage.md |
|
||||
- Software: environment.md |
|
||||
- Daten: storage.md |
|
||||
- Best Practices: best_practice.md |
|
||||
- Hilfe: support.md |
|
||||
- Internes: |
|
||||
- Netzwerk: internal/network.md |
|
||||
|
|
@ -0,0 +1,19 @@ |
|||||
|
{ pkgs, config, lib, ... }: |
||||
|
|
||||
|
with lib; |
||||
|
|
||||
|
let |
||||
|
mkdocsConfig = import ./config.nix { |
||||
|
inherit config lib; |
||||
|
}; |
||||
|
|
||||
|
mkdocsConfigYaml = pkgs.writeText "mkdocs.yaml" (generators.toYAML { } mkdocsConfig); |
||||
|
|
||||
|
in |
||||
|
{ |
||||
|
system.build.docs = pkgs.runCommand "docs" { } '' |
||||
|
${pkgs.mkdocs}/bin/mkdocs build \ |
||||
|
--site-dir "$out" \ |
||||
|
--config-file "${mkdocsConfigYaml}" |
||||
|
''; |
||||
|
} |
@ -1 +0,0 @@ |
|||||
/nix/store/8v3r668x18fl49yx2s41yzs0qx9cn24d-docs |
|
@ -1,16 +1,22 @@ |
|||||
{ pkgs, lib, ... }: |
|
||||
|
{ config, pkgs, lib, ... }: |
||||
|
|
||||
with lib; |
with lib; |
||||
|
|
||||
let |
|
||||
docs = pkgs.callPackage ../../docs { }; |
|
||||
|
|
||||
in |
|
||||
{ |
{ |
||||
|
imports = [ |
||||
|
../../docs/module.nix |
||||
|
]; |
||||
|
|
||||
services.nginx = { |
services.nginx = { |
||||
virtualHosts = { |
virtualHosts = { |
||||
"docs.${config.networking.domain}" = { |
|
||||
locations."/".root = docs; |
|
||||
|
"${config.networking.domain}" = { |
||||
|
default = true; |
||||
|
|
||||
|
serverAliases = [ |
||||
|
"doku.${config.networking.domain}" |
||||
|
]; |
||||
|
|
||||
|
locations."/".root = config.system.build.docs; |
||||
}; |
}; |
||||
}; |
}; |
||||
}; |
}; |
||||
|
Write
Preview
Loading…
Cancel
Save
Reference in new issue