From 0870a0a34bceb2c161e0a70458a8c28f6a63491f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Franti=C5=A1ek=20Dvo=C5=99=C3=A1k?= <valtri@civ.zcu.cz> Date: Wed, 4 Jun 2025 23:11:08 +0000 Subject: [PATCH] YAML linting --- common/deployments/hub-production.yaml | 8 +- common/deployments/hub-staging.yaml | 8 +- common/playbooks/k8s.yaml | 87 ++++++++++--------- .../accounting-config.yaml | 9 +- egi-devel/deployments/hub.yaml | 12 +-- egi-devel/playbooks/templates/binder.yaml | 2 +- eosc-devel/deployments/fullhub.yaml | 8 +- eosc-testing/deployments/hub.yaml | 9 +- 8 files changed, 75 insertions(+), 68 deletions(-) diff --git a/common/deployments/hub-production.yaml b/common/deployments/hub-production.yaml index 0316dbb..5c142a7 100644 --- a/common/deployments/hub-production.yaml +++ b/common/deployments/hub-production.yaml @@ -161,7 +161,7 @@ hub: # k8s-hub 4.2.0 tag: "sha-4e2fb2f" loadRoles: - #user scopes required for user initiated sharing API + # user scopes required for user initiated sharing API user: scopes: ["self", "shares!user"] config: @@ -322,10 +322,10 @@ hub: c.WebDavOIDCSpawner.token_mount_path = "/var/run/secrets/oidc/" c.WebDavOIDCSpawner.http_timeout = 90 - #Scopes for user sharing api extension to be able to - #use browser token for API queries + # Scopes for user sharing api extension to be able to + # use browser token for API queries c.WebDavOIDCSpawner.oauth_client_allowed_scopes = [ - "access:servers!server", + "access:servers!server", "shares!server" ] {% endraw %} diff --git a/common/deployments/hub-staging.yaml b/common/deployments/hub-staging.yaml index 7c85970..8af278c 100644 --- a/common/deployments/hub-staging.yaml +++ b/common/deployments/hub-staging.yaml @@ -161,7 +161,7 @@ hub: # k8s-hub 4.2.0 tag: "sha-4e2fb2f" loadRoles: - #user scopes required for user initiated sharing API + # user scopes required for user initiated sharing API user: scopes: ["self", "shares!user"] config: @@ -320,10 +320,10 @@ hub: c.WebDavOIDCSpawner.token_mount_path = "/var/run/secrets/oidc/" c.WebDavOIDCSpawner.http_timeout = 90 - #Scopes for user sharing api extension to be able to - #use browser token for API queries + # Scopes for user sharing api extension to be able to + # use browser token for API queries c.WebDavOIDCSpawner.oauth_client_allowed_scopes = [ - "access:servers!server", + "access:servers!server", "shares!server" ] {% endraw %} diff --git a/common/playbooks/k8s.yaml b/common/playbooks/k8s.yaml index cec8cdc..b3c9de7 100644 --- a/common/playbooks/k8s.yaml +++ b/common/playbooks/k8s.yaml @@ -561,7 +561,7 @@ PATH: /sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin changed_when: true when: true -# TODO: Following step can be removed as gpu-operator +# XXX: Following step can be removed as gpu-operator # installs drivers in containers but it requires # the latest kernels or a workaround is needed - # provide an outdated kernel repo for operator to access @@ -585,48 +585,49 @@ hosts: master[0] become: true tasks: - - block: - - name: Configure Nvidia gpu-operator Helm repo - shell: |- - helm repo add nvidia https://helm.ngc.nvidia.com/nvidia - helm repo update - changed_when: true - when: "'nvidia' not in ansible_local.helm_repos | map(attribute='name') | list" - - name: Deploy/upgrade Nvidia gpu-operator instance - vars: - driver_enabled: false # if set to true the operator will install containerized drivers - mig_strategy: single - shell: |- - helm status --namespace gpu-operator gpu-operator - if [ $? -ne 0 ]; then - helm install --wait --create-namespace --namespace gpu-operator \ - gpu-operator nvidia/gpu-operator --set driver.enabled={{ driver_enabled }} \ - --set mig.strategy={{ mig_strategy }} - else - helm upgrade --wait --namespace gpu-operator \ - gpu-operator nvidia/gpu-operator --set driver.enabled={{ driver_enabled }} \ - --set mig.strategy={{ mig_strategy }} - fi - changed_when: true - when: true - - name: Get GPU node hostnames - shell: |- - kubectl get nodes --no-headers -o custom-columns=NAME:.metadata.name | grep -- -gpu- - register: gpu_nodes - changed_when: false - failed_when: gpu_nodes.rc != 0 and gpu_nodes.rc != 1 - when: true - - name: Print GPU node hostnames - debug: - var: gpu_nodes - - name: Add required label to GPU nodes to create mig profiles - vars: - mig_profile: all-1g.12gb - shell: |- - kubectl label node {{ item }} nvidia.com/mig.config={{ mig_profile }} --overwrite - loop: "{{ gpu_nodes.stdout_lines }}" - changed_when: true - when: true + - name: GPU Setup environment: KUBECONFIG: /etc/kubernetes/admin.conf PATH: /sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin + block: + - name: Configure Nvidia gpu-operator Helm repo + shell: |- + helm repo add nvidia https://helm.ngc.nvidia.com/nvidia + helm repo update + changed_when: true + when: "'nvidia' not in ansible_local.helm_repos | map(attribute='name') | list" + - name: Deploy/upgrade Nvidia gpu-operator instance + vars: + driver_enabled: false # if set to true the operator will install containerized drivers + mig_strategy: single + shell: |- + helm status --namespace gpu-operator gpu-operator + if [ $? -ne 0 ]; then + helm install --wait --create-namespace --namespace gpu-operator \ + gpu-operator nvidia/gpu-operator --set driver.enabled={{ driver_enabled }} \ + --set mig.strategy={{ mig_strategy }} + else + helm upgrade --wait --namespace gpu-operator \ + gpu-operator nvidia/gpu-operator --set driver.enabled={{ driver_enabled }} \ + --set mig.strategy={{ mig_strategy }} + fi + changed_when: true + when: true + - name: Get GPU node hostnames + shell: |- + kubectl get nodes --no-headers -o custom-columns=NAME:.metadata.name | grep -- -gpu- + register: gpu_nodes + changed_when: false + failed_when: gpu_nodes.rc != 0 and gpu_nodes.rc != 1 + when: true + - name: Print GPU node hostnames + debug: + var: gpu_nodes + - name: Add required label to GPU nodes to create mig profiles + vars: + mig_profile: all-1g.12gb + shell: |- + kubectl label node {{ item }} nvidia.com/mig.config={{ mig_profile }} --overwrite + loop: "{{ gpu_nodes.stdout_lines }}" + changed_when: true + when: true diff --git a/egi-devel/accounting_deployments/accounting-config.yaml b/egi-devel/accounting_deployments/accounting-config.yaml index c4311dd..3fd3812 100644 --- a/egi-devel/accounting_deployments/accounting-config.yaml +++ b/egi-devel/accounting_deployments/accounting-config.yaml @@ -1,3 +1,4 @@ +--- accounting: # schedule: 23 */6 * * * sitename: EGI-NOTEBOOKS-DEVEL2 @@ -6,11 +7,15 @@ accounting: fqan: auger: urn:mace:egi.eu:group:auger:role=member#aai.egi.eu biomed: urn:mace:egi.eu:group:biomed:role=member#aai.egi.eu - eiscat.se: urn:mace:egi.eu:group:eiscat.se:Dev:role=member#aai.egi.eu,urn:mace:egi.eu:group:eiscat.se:Hub:role=member#aai.egi.eu,urn:mace:egi.eu:group:cc-eiscat3d#sso.egi.eu + eiscat.se: >- + urn:mace:egi.eu:group:eiscat.se:Dev:role= + member#aai.egi.eu,urn:mace:egi.eu:group:eiscat.se:Hub:role=member#aai.egi.eu,urn:mace:egi.eu:group:cc-eiscat3d#sso.egi.eu eval.c-scale.eu: urn:mace:egi.eu:group:eval.c-scale.eu:role=member#aai.egi.eu vo.cessda.eduteams.org: urn:mace:egi.eu:group:vo.cessda.eduteams.org:role=member#aai.egi.eu vo.environmental.egi.eu: urn:mace:egi.eu:group:vo.environmental.egi.eu:role=member#aai.egi.eu - vo.lethe-project.eu: urn:mace:egi.eu:group:vo.lethe-project.eu:role=member#aai.egi.eu,urn:mace:egi.eu:group:vo.lethe-project.eu:lethe-notebooks:role=member#aai.egi.eu + vo.lethe-project.eu: >- + urn:mace:egi.eu:group:vo.lethe-project.eu:role= + member#aai.egi.eu,urn:mace:egi.eu:group:vo.lethe-project.eu:lethe-notebooks:role=member#aai.egi.eu vo.panosc.eu: urn:mace:egi.eu:group:vo.panosc.eu:role=vm_operator#aai.egi.eu vo.reliance-project.eu: urn:mace:egi.eu:group:vo.reliance-project.eu:role=member#aai.egi.eu vo.access.egi.eu: urn:mace:egi.eu:group:vo.access.egi.eu:role=member#aai.egi.eu diff --git a/egi-devel/deployments/hub.yaml b/egi-devel/deployments/hub.yaml index 6b389ea..63b9916 100644 --- a/egi-devel/deployments/hub.yaml +++ b/egi-devel/deployments/hub.yaml @@ -243,9 +243,9 @@ hub: except ApiException: return if secret and secret.data: - self.b2drop_user = base64.b64decode(secret.data.get("b2drop-user", "")).decode() - self.b2drop_pwd = base64.b64decode(secret.data.get("b2drop-pwd", "")).decode() - self.b2drop_ready = (self.b2drop_user and self.b2drop_pwd) + self.b2drop_user = base64.b64decode(secret.data.get("b2drop-user", "")).decode() + self.b2drop_pwd = base64.b64decode(secret.data.get("b2drop-pwd", "")).decode() + self.b2drop_ready = (self.b2drop_user and self.b2drop_pwd) def _render_options_form(self, profile_list): # old hub: self._profile_list = self._init_profile_list(profile_list) @@ -253,7 +253,9 @@ hub: profile_form_template = Environment(loader=BaseLoader).from_string( self.profile_form_template ) - return profile_form_template.render(profile_list=self._profile_list, b2drop_ready=self.b2drop_ready, b2drop_user=self.b2drop_user, b2drop_pwd=self.b2drop_pwd) + return profile_form_template.render( + profile_list=self._profile_list, b2drop_ready=self.b2drop_ready, b2drop_user=self.b2drop_user, b2drop_pwd=self.b2drop_pwd + ) async def pre_spawn_hook(self, spawner): await super(B2DropSpawner, self).pre_spawn_hook(spawner) @@ -295,7 +297,7 @@ hub: } ) if b2drop_remember: - await self._update_secret({"b2drop-user": b2drop_user, + await self._update_secret({"b2drop-user": b2drop_user, "b2drop-pwd": b2drop_pwd}) else: await self._update_secret({"b2drop-user": "", "b2drop-pwd": ""}) diff --git a/egi-devel/playbooks/templates/binder.yaml b/egi-devel/playbooks/templates/binder.yaml index 88fb762..7cffcda 100644 --- a/egi-devel/playbooks/templates/binder.yaml +++ b/egi-devel/playbooks/templates/binder.yaml @@ -4,7 +4,7 @@ config: auth_enabled: true hub_url: "https://{{ binder_hostname }}/hub" use_registry: true - image_prefix: {{ registry_binder_hostname }}/{{site_name}}/binder- + image_prefix: "{{ registry_binder_hostname }}/{{site_name}}/binder-" # build_image: quay.io/jupyterhub/repo2docker:2024.07.0 build_token_secret: "{{ secrets['build_token_secret'] }}" template_path: /etc/egi/templates diff --git a/eosc-devel/deployments/fullhub.yaml b/eosc-devel/deployments/fullhub.yaml index ff1258b..b974970 100644 --- a/eosc-devel/deployments/fullhub.yaml +++ b/eosc-devel/deployments/fullhub.yaml @@ -162,7 +162,7 @@ hub: # k8s-hub 4.2.0 tag: "sha-4e2fb2f" loadRoles: - #user roles required for user initiated sharing API + # user roles required for user initiated sharing API user: scopes: ["self", "shares!user"] @@ -323,10 +323,10 @@ hub: c.WebDavOIDCSpawner.token_mount_path = "/var/run/secrets/oidc/" c.WebDavOIDCSpawner.http_timeout = 90 - #Scopes for user sharing api extension to be able to - #use browser token for API queries + # Scopes for user sharing api extension to be able to + # use browser token for API queries c.WebDavOIDCSpawner.oauth_client_allowed_scopes = [ - "access:servers!server", + "access:servers!server", "shares!server" ] {% endraw %} diff --git a/eosc-testing/deployments/hub.yaml b/eosc-testing/deployments/hub.yaml index 4315d1f..f741494 100644 --- a/eosc-testing/deployments/hub.yaml +++ b/eosc-testing/deployments/hub.yaml @@ -162,10 +162,9 @@ hub: # k8s-hub 4.2.0 tag: "sha-4e2fb2f" loadRoles: - #user roles required for user initiated sharing API + # user roles required for user initiated sharing API user: scopes: ["self", "shares!user"] - config: Authenticator: enable_auth_state: true @@ -322,10 +321,10 @@ hub: c.WebDavOIDCSpawner.token_mount_path = "/var/run/secrets/oidc/" c.WebDavOIDCSpawner.http_timeout = 90 - #Scopes for user sharing api extension to be able to - #use browser token for API queries + # Scopes for user sharing api extension to be able to + # use browser token for API queries c.WebDavOIDCSpawner.oauth_client_allowed_scopes = [ - "access:servers!server", + "access:servers!server", "shares!server" ] {% endraw %} -- GitLab