Running the ansible-playbook with 'install_from_src: true' on Ubuntu Focal 20.04 results in the playbook failing when it comes to compiling the source.

This is the build.out file:

PASSENGER_APP_ENV=production /tmp/ood-build/ondemand/apps/shell/bin/setup
PASSENGER_APP_ENV=production /tmp/ood-build/ondemand/apps/files/bin/setup
cd /tmp/ood-build/ondemand/apps/activejobs
bin/bundle install --jobs 4 --retry 2 --without doc
cd /tmp/ood-build/ondemand/apps/files
rm -rf node_modules
npm install --production --prefix tmp yarn

== Building Files App ==

== Installing dependencies ==
cd /tmp/ood-build/ondemand/apps/shell
rm -rf node_modules
npm install --production --prefix tmp yarn

== Building Shell App ==

== Installing dependencies ==
/usr/lib/ruby/2.7.0/rubygems.rb:930: warning: FILE in eval may not return location in binding; use Binding#source_location instead
/var/lib/gems/2.7.0/gems/bundler-1.13.7/lib/bundler/rubygems_integration.rb:501: warning: in eval' Don't run Bundler as root. Bundler can ask for sudo if it is needed, and installing your bundle as root will break this application for all non-root users on this machine. Warning: the running version of Bundler (1.13.7) is older than the version that created the lockfile (1.17.3). We suggest you upgrade to the latest version of Bundler by running gem install bundler`.
Fetching gem metadata from https://rubygems.org/.npm WARN saveError ENOENT: no such file or directory, open '/tmp/ood-build/ondemand/apps/files/tmp/package.json'
npm notice created a lockfile as package-lock.json. You should commit this file.
npm WARN enoent ENOENT: no such file or directory, open '/tmp/ood-build/ondemand/apps/files/tmp/package.json'
npm WARN tmp No description
npm WARN tmp No repository field.
npm WARN tmp No README data
npm WARN tmp No license field.

npm WARN saveError ENOENT: no such file or directory, open '/tmp/ood-build/ondemand/apps/shell/tmp/package.json'
npm notice created a lockfile as package-lock.json. You should commit this file.
npm WARN enoent ENOENT: no such file or directory, open '/tmp/ood-build/ondemand/apps/shell/tmp/package.json'
npm WARN tmp No description
npm WARN tmp No repository field.
npm WARN tmp No README data
npm WARN tmp No license field.

.+ [email protected]
added 1 package and audited 1 package in 1.009s
found 0 vulnerabilities

tmp/node_modules/yarn/bin/yarn --production install --flat --cache-folder /root/.cache/yarn/ood-shell-app

• [email protected]
  added 1 package and audited 1 package in 1.139s
  found 0 vulnerabilities

tmp/node_modules/yarn/bin/yarn --production install --cache-folder /root/.cache/yarn/ood-files-app
.yarn install v1.22.4
[1/4] Resolving packages...
warning Lockfile has incorrect entry for "[email protected]". Ignoring it.
.yarn install v1.22.4
[2/4] Fetching packages...
.[3/4] Linking dependencies...
[1/4] Resolving packages...
.warning Resolution field "[email protected]" is incompatible with requested version "[email protected]"
warning Resolution field "[email protected]" is incompatible with requested version "ponse@~1.4.1"
warning Resolution field "[email protected]" is incompatible with requested version "ponse@~1.4.1"
warning Resolution field "[email protected]" is incompatible with requested version "ponse@~1.4.1"
warning Resolution field "[email protected]" is incompatible with requested version "ponse@^1.4.1"
warning Resolution field "[email protected]" is incompatible with requested version "ponse@^1.6.0"
warning Resolution field "[email protected]" is incompatible with requested version "ponse@~1.4.1"
.[2/4] Fetching packages...
.[4/4] Building fresh packages...
..error /tmp/ood-build/ondemand/apps/shell/node_modules/node-pty: Command failed.
Exit code: 1
Command: node scripts/install.js
Arguments:
Directory: /tmp/ood-build/ondemand/apps/shell/node_modules/node-pty
Output:
events.js:174
throw er; // Unhandled 'error' event
^

Error: spawn node-gyp ENOENT
at Process.ChildProcess._handle.onexit (internal/child_process.js:240:19)
at onErrorNT (internal/child_process.js:415:16)
at process._tickCallback (internal/process/next_tick.js:63:19)
at Function.Module.runMain (internal/modules/cjs/loader.js:834:11)
at startup (internal/bootstrap/node.js:283:19)
at bootstrapNodeJSCore (internal/bootstrap/node.js:623:3)
Emitted 'error' event at:
at Process.ChildProcess._handle.onexit (internal/child_process.js:246:12)
at onErrorNT (internal/child_process.js:415:16)
[... lines matching original stack trace ...]
at bootstrapNodeJSCore (internal/bootstrap/node.js:623:3)
info Visit https://yarnpkg.com/en/docs/cli/install for documentation about this command.
/usr/share/rubygems-integration/all/gems/rake-13.0.1/lib/rake/file_utils.rb:67:in block in create_shell_runner': Command failed with status (1): [tmp/node_modules/yarn/bin/yarn --productio...] (RuntimeError) from /usr/share/rubygems-integration/all/gems/rake-13.0.1/lib/rake/file_utils.rb:57:in sh'
from /tmp/ood-build/ondemand/apps/shell/bin/setup:20:in block in <main>' from /usr/lib/ruby/2.7.0/fileutils.rb:139:in chdir'
from /usr/lib/ruby/2.7.0/fileutils.rb:139:in cd' from /usr/share/rubygems-integration/all/gems/rake-13.0.1/lib/rake/file_utils_ext.rb:35:in chdir'
from /tmp/ood-build/ondemand/apps/shell/bin/setup:11:in <main>' rake aborted! Command failed with status (1): [PASSENGER_APP_ENV=production /tmp/ood-buil...] /tmp/ood-build/ondemand/Rakefile:103:in block (3 levels) in <top (required)>'
/usr/share/rubygems-integration/all/gems/rake-13.0.1/exe/rake:27:in `<top (required)>'
Tasks: TOP => build => build:all => build:shell
(See full trace by running task with --trace)
--- ERROR REPORT TEMPLATE -------------------------------------------------------

• What did you do?

  I ran the command bin/bundle install --jobs 4 --retry 2 --without doc

• What did you expect to happen?

  I expected Bundler to...

• What happened instead?

  Instead, what happened was...

Error details

SignalException: SIGHUP
  /usr/lib/ruby/2.7.0/net/protocol.rb:217:in `wait_readable'
  /usr/lib/ruby/2.7.0/net/protocol.rb:217:in `rbuf_fill'
  /usr/lib/ruby/2.7.0/net/protocol.rb:191:in `readuntil'
  /usr/lib/ruby/2.7.0/net/protocol.rb:201:in `readline'
  /usr/lib/ruby/2.7.0/net/http/response.rb:42:in `read_status_line'
  /usr/lib/ruby/2.7.0/net/http/response.rb:31:in `read_new'
  /usr/lib/ruby/2.7.0/net/http.rb:1528:in `block in transport_request'
  /usr/lib/ruby/2.7.0/net/http.rb:1519:in `catch'
  /usr/lib/ruby/2.7.0/net/http.rb:1519:in `transport_request'
  /usr/lib/ruby/2.7.0/net/http.rb:1492:in `request'
  /var/lib/gems/2.7.0/gems/bundler-1.13.7/lib/bundler/vendor/net/http/persistent.rb:999:in `request'
  /var/lib/gems/2.7.0/gems/bundler-1.13.7/lib/bundler/fetcher/downloader.rb:48:in `request'
  /var/lib/gems/2.7.0/gems/bundler-1.13.7/lib/bundler/fetcher/downloader.rb:16:in `fetch'
  /var/lib/gems/2.7.0/gems/bundler-1.13.7/lib/bundler/fetcher/dependency.rb:56:in `block in unmarshalled_dep_gems'
  /var/lib/gems/2.7.0/gems/bundler-1.13.7/lib/bundler/fetcher/dependency.rb:55:in `each'
  /var/lib/gems/2.7.0/gems/bundler-1.13.7/lib/bundler/fetcher/dependency.rb:55:in `each_slice'
  /var/lib/gems/2.7.0/gems/bundler-1.13.7/lib/bundler/fetcher/dependency.rb:55:in `unmarshalled_dep_gems'
  /var/lib/gems/2.7.0/gems/bundler-1.13.7/lib/bundler/fetcher/dependency.rb:49:in `dependency_specs'
  /var/lib/gems/2.7.0/gems/bundler-1.13.7/lib/bundler/fetcher/dependency.rb:31:in `block in specs'
  /var/lib/gems/2.7.0/gems/bundler-1.13.7/lib/bundler/retry.rb:39:in `run'
  /var/lib/gems/2.7.0/gems/bundler-1.13.7/lib/bundler/retry.rb:29:in `attempt'
  /var/lib/gems/2.7.0/gems/bundler-1.13.7/lib/bundler/fetcher/dependency.rb:30:in `specs'
  /var/lib/gems/2.7.0/gems/bundler-1.13.7/lib/bundler/fetcher/dependency.rb:35:in `specs'
  /var/lib/gems/2.7.0/gems/bundler-1.13.7/lib/bundler/fetcher/dependency.rb:35:in `specs'
  /var/lib/gems/2.7.0/gems/bundler-1.13.7/lib/bundler/fetcher/dependency.rb:35:in `specs'
  /var/lib/gems/2.7.0/gems/bundler-1.13.7/lib/bundler/fetcher/dependency.rb:35:in `specs'
  /var/lib/gems/2.7.0/gems/bundler-1.13.7/lib/bundler/fetcher/dependency.rb:35:in `specs'
  /var/lib/gems/2.7.0/gems/bundler-1.13.7/lib/bundler/fetcher/dependency.rb:35:in `specs'
  /var/lib/gems/2.7.0/gems/bundler-1.13.7/lib/bundler/fetcher/dependency.rb:35:in `specs'
  /var/lib/gems/2.7.0/gems/bundler-1.13.7/lib/bundler/fetcher/dependency.rb:35:in `specs'
  /var/lib/gems/2.7.0/gems/bundler-1.13.7/lib/bundler/fetcher/dependency.rb:35:in `specs'
  /var/lib/gems/2.7.0/gems/bundler-1.13.7/lib/bundler/fetcher.rb:128:in `block in specs'
  /var/lib/gems/2.7.0/gems/bundler-1.13.7/lib/bundler/fetcher.rb:127:in `each'
  /var/lib/gems/2.7.0/gems/bundler-1.13.7/lib/bundler/fetcher.rb:127:in `specs'
  /var/lib/gems/2.7.0/gems/bundler-1.13.7/lib/bundler/fetcher.rb:112:in `block in specs_with_retry'
  /var/lib/gems/2.7.0/gems/bundler-1.13.7/lib/bundler/retry.rb:39:in `run'
  /var/lib/gems/2.7.0/gems/bundler-1.13.7/lib/bundler/retry.rb:29:in `attempt'
  /var/lib/gems/2.7.0/gems/bundler-1.13.7/lib/bundler/fetcher.rb:111:in `specs_with_retry'
  /var/lib/gems/2.7.0/gems/bundler-1.13.7/lib/bundler/source/rubygems.rb:355:in `block (2 levels) in remote_specs'
  /var/lib/gems/2.7.0/gems/bundler-1.13.7/lib/bundler/source/rubygems.rb:353:in `each'
  /var/lib/gems/2.7.0/gems/bundler-1.13.7/lib/bundler/source/rubygems.rb:353:in `block in remote_specs'
  /var/lib/gems/2.7.0/gems/bundler-1.13.7/lib/bundler/index.rb:10:in `build'
  /var/lib/gems/2.7.0/gems/bundler-1.13.7/lib/bundler/source/rubygems.rb:336:in `remote_specs'
  /var/lib/gems/2.7.0/gems/bundler-1.13.7/lib/bundler/source/rubygems.rb:83:in `specs'
  /var/lib/gems/2.7.0/gems/bundler-1.13.7/lib/bundler/lazy_specification.rb:61:in `__materialize__'
  /var/lib/gems/2.7.0/gems/bundler-1.13.7/lib/bundler/spec_set.rb:91:in `block in materialize'
  /var/lib/gems/2.7.0/gems/bundler-1.13.7/lib/bundler/spec_set.rb:88:in `map!'
  /var/lib/gems/2.7.0/gems/bundler-1.13.7/lib/bundler/spec_set.rb:88:in `materialize'
  /var/lib/gems/2.7.0/gems/bundler-1.13.7/lib/bundler/definition.rb:174:in `specs'
  /var/lib/gems/2.7.0/gems/bundler-1.13.7/lib/bundler/definition.rb:162:in `resolve_remotely!'
  /var/lib/gems/2.7.0/gems/bundler-1.13.7/lib/bundler/installer.rb:225:in `resolve_if_need'
  /var/lib/gems/2.7.0/gems/bundler-1.13.7/lib/bundler/installer.rb:78:in `run'
  /var/lib/gems/2.7.0/gems/bundler-1.13.7/lib/bundler/installer.rb:24:in `install'
  /var/lib/gems/2.7.0/gems/bundler-1.13.7/lib/bundler/cli/install.rb:71:in `run'
  /var/lib/gems/2.7.0/gems/bundler-1.13.7/lib/bundler/cli.rb:189:in `install'
  /var/lib/gems/2.7.0/gems/bundler-1.13.7/lib/bundler/vendor/thor/lib/thor/command.rb:27:in `run'
  /var/lib/gems/2.7.0/gems/bundler-1.13.7/lib/bundler/vendor/thor/lib/thor/invocation.rb:126:in `invoke_command'
  /var/lib/gems/2.7.0/gems/bundler-1.13.7/lib/bundler/vendor/thor/lib/thor.rb:359:in `dispatch'
  /var/lib/gems/2.7.0/gems/bundler-1.13.7/lib/bundler/cli.rb:20:in `dispatch'
  /var/lib/gems/2.7.0/gems/bundler-1.13.7/lib/bundler/vendor/thor/lib/thor/base.rb:440:in `start'
  /var/lib/gems/2.7.0/gems/bundler-1.13.7/lib/bundler/cli.rb:11:in `start'
  /var/lib/gems/2.7.0/gems/bundler-1.13.7/exe/bundle:34:in `block in <top (required)>'
  /var/lib/gems/2.7.0/gems/bundler-1.13.7/lib/bundler/friendly_errors.rb:100:in `with_friendly_errors'
  /var/lib/gems/2.7.0/gems/bundler-1.13.7/exe/bundle:26:in `<top (required)>'
  bin/bundle:3:in `load'
  bin/bundle:3:in `<main>'

Environment

Bundler 1.13.7
Rubygems 3.1.2
Ruby 2.7.0p0 (2019-12-25 revision 647ee6f091eafcce70ffb75ddf7e121e192ab217) [x86_64-linux-gnu]
GEM_HOME /var/lib/gems/2.7.0
GEM_PATH /var/lib/gems/2.7.0:/root/.gem/ruby/2.7.0:/usr/lib/ruby/gems/2.7.0:/usr/share/rubygems-integration/2.7.0:/usr/share/rubygems-integration/all:/usr/lib/x86_64-linux-gnu/rubygems-integration/2.7.0
Git 2.25.1

  Bundler settings

retry
Set for your local app (/tmp/ood-build/ondemand/apps/activejobs/.bundle/config): 2
jobs
Set for your local app (/tmp/ood-build/ondemand/apps/activejobs/.bundle/config): 4
without
Set for your local app (/tmp/ood-build/ondemand/apps/activejobs/.bundle/config): "doc"
gemfile
Set via BUNDLE_GEMFILE: "/tmp/ood-build/ondemand/apps/activejobs/Gemfile"
--- TEMPLATE END ----------------------------------------------------------------

Unfortunately, an unexpected error occurred, and Bundler cannot continue.

First, try this link to see if there are any existing issue reports for this error:
https://github.com/bundler/bundler/search?q=SIGHUP&type=Issues

If there aren't any reports for this error yet, please create copy and paste the report template above into a new issue. Don't forget to anonymize any private data! The new issue form is located at:
https://github.com/bundler/bundler/issues/new

When I configure a cluster like so

clusters:
  titan:
    v2:
      batch_connect:
        vnc:
          script_wrapper: |
            #!/bin/bash
        basic:
          script_wrapper: |
            #!/bin/bash

It turns out to get written like this, which may or may not be OK, it does look off and perhaps could be wrong if there are several lines.

v2:
    batch_connect:
        basic:
            script_wrapper: '#!/bin/bash

                '
        vnc:
            script_wrapper: '#!/bin/bash

                '

We need to deprecate the use of ood_portal.conf.j2. I added it initially as a way for folks to write new directives but it's just too much to maintain. Folks should get by with just adding new conf files to conf.d.

I don't know how to get ansible to signify that this is deprecated, but we should use that mechanism if it exists.

Create automation for OSC/ondemand#583

When setting a value of host_regex: 'forge-(l|c)\d+' (forge-l1,forge-l2,forge-c1,forge-c22, and so on) OOD portal generation will fail. This is due to the template using double quotes instead of single quotes. YAML is trying to interpret the escape character '\' due to the double quotes.

If double quotes are used when setting the variable the Ansible run will fail. When using single quotes Ansible runs correctly but the portal generation will fill fail due to the issue mentioned before in the template. Manually fixing the resulting portal yaml file to use single quotes allows the portal generation to run correctly.

When defining OIDCPassRefreshToken like below on an overrides.yml file

oidc_settings:
  OIDCPassIDTokenAs: 'serialized'
  OIDCPassRefreshToken: 'On'
  OIDCPassClaimsAs: 'environment'

Then after the update generator has been run the OIDCPassRefreshToken is set to true instead of On

[root@ondemand hpcadmin]# grep OIDCPassRefreshToken /opt/rh/httpd24/root/etc/httpd/conf.d/ood-portal.conf
  OIDCPassRefreshToken true

And below is the error message when starting httpd24-httpd.service

systemctl status httpd24-httpd.service -l

Jul 06 08:06:41 ondemand httpd-scl-wrapper[10636]: AH00526: Syntax error on line 95 of /opt/rh/httpd24/root/etc/httpd/conf.d/ood-portal.conf:
Jul 06 08:06:41 ondemand httpd-scl-wrapper[10636]: OIDCPassRefreshToken must be On or Off

This is using version 1.8

The first instruction in the README is to:

First pull this repo into where you keep your roles. Shown is the .ansible folder in your home directory.

git clone https://github.com/OSC/ood-ansible.git ~/.ansible/roles/ondemand

If this is the first step, it would seem that if we added the ansible role to the monorepo at the subdirectory ansible we could just alter the directions:

First add this role where you keep your roles. Shown is the .ansible folder in your home directory.

git clone https://github.com/OSC/ondemand.git
git checkout v1.6.20
cp -r ondemand/ansible ~/.ansible/roles/ondemand

Or even

svn export https://github.com/OSC/ondemand/tags/v1.6.20/ansible ~/.ansible/roles/ondemand

The two draw backs I see are that the role is not a git repo so you can't just cd into it and update it - but if you are checking out a specific tag of the role, that is going to be immutable anyways, so the process above could just replace it. The other is that maybe this doesn't play well with some patterns like using ansible-galaxy but I don't know much about those tools.

I know that typically ansible roles are kept in separate repos, but typically so are ruby gems and so are web apps etc. Following the convention of separate repos and enjoying the benefit of being able to clone just that app or component to work on was the same rationale for not having a monorepo all this time.

What are the other drawbacks?

Trying to move from 1.8.1 to 2.0.2 I was unable to successfully run my playbook including the ood-ansible role.

The full error being

ERROR! failed to combine variables, expected dicts but got a 'NoneType' and a 'AnsibleMapping': 
null
{"install_from_src": false, "ood_source_repo": "https://github.com/OSC/ondemand.git", "ood_source_version": "v2.0.9", "ood_build_dir": "/tmp/ood-build", "ood_source_dir": "{{ ood_build_dir }}/ondemand", "ood_base_apache_dir": "/var/www/ood", "ood_base_dir": "/opt/ood", "ood_core_libs": ["mod_ood_proxy", "nginx_stage", "ood-portal-generator", "ood_auth_map"], "ood_base_apps": ["activejobs", "bc_desktop", "dashboard", "file-editor", "files", "myjobs", "shell"], "ruby_lib_dir": "/usr/lib64/ruby/", "passenger_version": "6.0.7", "nginx_version": "1.18.0", "nodejs_version": "12.x", "passenger_tar": "passenger-{{ passenger_version }}.tar.gz", "nginx_tar": "nginx-{{ nginx_version }}-x86_64-linux.tar.gz", "agent_tar": "agent-x86_64-linux.tar.gz", "passenger_base_url": "https://github.com/phusion/passenger/releases/download", "passenger_release_url": "{{ passenger_base_url }}/release-{{ passenger_version }}", "passenger_url": "{{ passenger_release_url }}/{{ passenger_tar }}", "passenger_nginx_url": "{{ passenger_release_url }}/{{ nginx_tar }}", "passenger_agent_url": "{{ passenger_release_url }}/{{ agent_tar }}", "passenger_remote_dl": true, "passenger_src_dir": "{{ ood_build_dir }}/passenger-src", "passenger_lib_dir": "{{ ood_base_dir }}/passenger-lib", "passenger_support_binaries_dir": "{{ passenger_lib_dir }}/support-binaries", "passenger_base_dir": "{{ ood_base_dir }}/passenger", "g_plus_plus": "g++", "sqlite_devel_package": "sqlite-devel", "ruby_devel_package": "ruby-devel", "ffi_devel_package": "libffi-devel", "libz_devel_package": "zlib-devel"}

this is using ansible 2.9.6 on ubuntu 20.4

Create automation for OSC/ondemand#1209

We're building passenger_native_support.so in the role itself, however, passenger does not see this when it boots up and builds it all over again. So every user would eventually build the same so library and have their own copy which is both inefficient and a poor installation procedure.

These logs can be seen on boot.

[ N 2019-10-31 14:48:19.8575 107/T1 age/Cor/CoreMain.cpp:256 ]: Passenger core running in multi-application mode.
[ N 2019-10-31 14:48:19.9076 107/T1 age/Cor/CoreMain.cpp:1015 ]: Passenger core online, PID 107
App 131 output:  [passenger_native_support.so] trying to compile for the current user (jeff) and Ruby interpreter...
App 131 output:      (set PASSENGER_COMPILE_NATIVE_SUPPORT_BINARY=0 to disable)
App 131 output:      Compilation successful. The logs are here:
App 131 output:      /tmp/passenger_native_support-36f1sj.log
App 131 output:  [passenger_native_support.so] successfully loaded.
[ N 2019-10-31 14:48:22.5587 107/T5 age/Cor/SecurityUpdateChecker.h:519 ]: Security update check: no update found (next check in 24 hours)

Create automation for OSC/ondemand#1290

Create automation for OSC/ondemand#1522

I'm using version 1.8 to setup Azure AD OIDC.
When trying to set the oidc variables in an override.yml file like that

oidc_remote_user_claim: upn
oidc_scope: 'openid profile email groups'
oidc_settings:
  OIDCPassIDTokenAs: serialized
  OIDCPassRefreshToken: On
  OIDCPassClaimsAs: environment
  OIDCStripCookies: 'mod_auth_openidc_session mod_auth_openidc_session_chunks mod_auth_openidc_session_0 mod_auth_openidc_session_1'

The settings are not well converted in proper yml format and the ansible playbook is returning this error

fatal: [ondemand]: FAILED! => {"changed": true, "cmd": "/opt/ood/ood-portal-generator/sbin/update_ood_portal --force", "delta": "0:00:00.353958", "end": "2021-07-02 14:02:28.243094", "msg": "non-zero return code", "rc": 1, "start": "2021-07-02 14:02:27.889136", "stderr": "(/etc/ood/config/ood_portal.yml): could not find expected ':' while scanning a simple key at line 364 column 1\nRun 'update_ood_portal --help' to see a full list of available options.", "stderr_lines": ["(/etc/ood/config/ood_portal.yml): could not find expected ':' while scanning a simple key at line 364 column 1", "Run 'update_ood_portal --help' to see a full list of available options."], "stdout": "", "stdout_lines": []}

Here is how the settings are written in the ood_portal.yml file

oidc_settings:
OIDCPassIDTokenAs serialized
OIDCPassRefreshToken True
OIDCPassClaimsAs environment
OIDCStripCookies 'mod_auth_openidc_session mod_auth_openidc_session_chunks mod_auth_openidc_session_0 mod_auth_openidc_session_1'

I've also noticed that the handler "update ood portal" is ignoring errors which shouldn't be the case, as here a malformed input should generate an error and not silently failed.

• How to define the oidc_settings so they are well formatted in the ppd_portal.yml file ?
• should the "update ood portal" failed be not ignored ?

Create automation for OSC/ondemand#1211

Hello, I'm trying to deploy OOD on Ubuntu 20.04 and am hitting the following error:

TASK [ood-ansible : move passenger_native_support.so to support libraries] *****************
fatal: [virtual-login01]: FAILED! => changed=false 
  msg: Destination directory /usr/lib/x86_64-linux-gnu/ruby/2.5.0 does not exist

Ubuntu 20.04 deploys ruby 2.7 so you may need to have version-specific values in vars/Ubuntu.yml.

ood_apps.submit configuration should probably be a raw string that we write out instead of a dictionary.

That way folks can do something like this, make a ruby computation before they submit. The fact it's a .erb file type someone may need to do something in a <%- ruby block that doesn't get written -%>.

<%-
  ppn   = num_cores.blank? ? 28 : num_cores.to_i
  props = case node_type
          when "gpu"
            ":ppn=#{ppn}:gpus=1"
          when "hugemem"
            ":ppn=48"
          else
            ":ppn=#{ppn}"
          end
-%>
---
batch_connect:
  template: "basic"
script:
  <%- if node_type == "debug" -%>
  queue_name: "debug"
  <%- end -%>
  native:
    resources:
      nodes: "1<%= props %>"

Not sure if related, but also on a new Ubuntu Focal and 'install_from_src: true' I got:

TASK [osc.open_ondemand : init the passenger src directory] **************************************************************************************************************************************************
fatal: [x]: FAILED! => {"changed": false, "msg": "There was an issue creating /tmp/ood-build/passenger-src as requested: [Errno 13] Permission denied: b'/tmp/ood-build/passenger-src'", "path": "/tmp/ood-build/passenger-src"}

Originally posted by @Juanjdurillo in #63 (comment)

Instead of having 1 giant defaults/main.yml file, we should instead have several for convenience and easier lookup.

So I'm suggesting a structure kind of like this, where every file cooresponds to either a file you're templating (like ood_portal.yml) or a logical thing like installing apps (apps.yml)

defaults/main/
    ood_portal.yml
    nginx_stage.yml
    apps.yml
    ondemand.yml
    install.yml

It appears that there is no way to configure interactive desktop for multiple clusters.
I'm using the ood_apps parameter with bc_desktop, but want to create two different cluster desktop applications.

Ubuntu has a few errors in installing due to become permission. But aside from that, once everything is installed and configured, nginx segfaults when the PUN starts to boot. Here's the error out of journalctl.

kernel: nginx[20380]: segfault at 18 ip 000055fe8c71c2aa sp 00007fff016eed10 error 4 in nginx-1.17.3[55fe8c5db000+3f9000]

(firstly, thanks for OOD and this role!)

The definition and use of servername is a bit problematic when NOT accessing the OOD node by IP, i.e so we don't want name-based virtual hosting:

• Default here is to define something (localhost)
• The templating here includes the ServerName directive (?) if servername is defined.

Firstly, I think the role var should be e.g. ood_servername to make it more obvious what it's setting, could refer to loads of things and at least that'd let you look up the OOD docs.

Secondly, I think the templating of SeverName should be conditional on it being both defined AND truth-y. The problem is that with more complicated inventory setups it can get impossible to un-define the variable again. I can give a specific example but it'll seem odd but I think in general having to have variables undefined to get specific behaviour is problematic.

Well, the obvious change become: yes solves the issue, but I am not sure whether this must be done as non-root user. By doing this, the playbook runs fine. However, I have the problem that navigating to the portal does not shows the portal but simply apache listing the directories ... (I guess this is probably for another issue)

Originally posted by @Juanjdurillo in #109 (comment)

Moving from 1.8.1 to the new version of this role (2.0.0) I ran into the following error due to an undefined variable. I had to manually set this to null to bypass the error.

I have node/rnode enabled in-order to allow interactive apps to work. Do I need to set these pun hooks to something other then null?

add more 1.8 template updates like the ones below:

OSC/ondemand#697
OSC/ondemand#677
OSC/ondemand#651

I am not sure how well ASDF works when attempting to install things to the system instead of just as a user, but it and its plugins provide a huge number of versions of Ruby and Node.

https://github.com/asdf-vm/asdf

Because of OSC/ondemand#729, ood-ansible produces a broken installation that tries to use ood_auth_map.regex, which has been removed.

I had to create #80 due to either molecule or testinfra updates that started to fail tests. Looking in the documentation for both testinfra has updated to be pytest-testinfra and apparently molecule's default verifier is now ansible.

So given testinfra's recent instability maybe it's time to start using ansible as the verifier instead of testinfra.

Provide releases that have the target ood version set to the latest ood release that has been tested with that release.

With ood master moving forward, ood-ansible otherwise breaks, like it has in #84.

Once we have #31 completed we can then have travis-ci execute molecule tests instead of the bash shims we currently have.

ood now requires nodejs v10 for atleast the shell app. When on Ubuntu 18.04, this is not available through apt. Should I make a PR to install from somewhere else so we can get the correct version?

The files application doesn't boot correctly, giving this error. It's unclear why exactly but likely due to a PATH problem because that file does end up existing here /opt/ood/passenger-6.0.4/src/nodejs_supportlib/phusion_passenger/line_reader.js.

App 969 output: internal/modules/cjs/loader.js:583
App 969 output:     throw err;
App 969 output:     ^
App 969 output: 
App 969 output: Error: Cannot find module 'phusion_passenger/line_reader'
App 969 output:     at Function.Module._resolveFilename (internal/modules/cjs/loader.js:581:15)
App 969 output:     at Function.Module._load (internal/modules/cjs/loader.js:507:25)
App 969 output:     at Module.require (internal/modules/cjs/loader.js:637:17)
App 969 output:     at Module.require (/opt/ood/passenger-6.0.4/src/helper-scripts/node-loader.js:80:25)
App 969 output:     at require (internal/modules/cjs/helpers.js:22:18)
App 969 output:     at Object.<anonymous> (/opt/ood/passenger-6.0.4/src/helper-scripts/node-loader.js:121:18)
App 969 output:     at Module._compile (internal/modules/cjs/loader.js:689:30)
App 969 output:     at Object.Module._extensions..js (internal/modules/cjs/loader.js:700:10)
App 969 output:     at Module.load (internal/modules/cjs/loader.js:599:32)
App 969 output:     at tryModuleLoad (internal/modules/cjs/loader.js:538:12)
[ E 2019-10-31 15:02:48.1906 878/To age/Cor/App/Implementation.cpp:221 ]: Could not spawn process for application /var/www/ood/apps/sys/files: The application process exited prematurely.

Add support for pinning apps
https://osc.github.io/ood-documentation/latest/customization.html#pinning-applications-to-the-dashboard

and customizing the dashboard
https://osc.github.io/ood-documentation/latest/customization.html#custom-layouts-in-the-dashboard

Centos and RHEL var files should follow the same pattern that the Ubuntu files do. That is, there's a directory called CentOS and in it there's a 7.yml and and 8.yml. These will replace the current structure of having CentOS.yml and CentOS-scl.yml files.

We should remove site.yml and the site tag and the note in the README because folks should just do site specific things in another role (or even tasks in the playbook). That's silly and strange to have a file in this role that you can change and don't commit?

With #24 we can write out cluster configurations. This ticket is tech debt to document in the README explaining that we can do that. And maybe even having a cluster config in the defaults/main.yml?

By default the bc_desktop app is using a very wide port range (2000-65535).
Looking at this documentation https://github.com/OSC/ood-documentation/blob/82e0a76d0cff81358d478aa589e2044f4b795bba/source/reference/files/submit-yml/basic-bc-options.rst it appears that there are options to change this range. Here is override.yml file content.

      batch_connect:
        min_port: 61000
        max_port: 61010
        basic:
          min_port: 61000
          max_port: 61010
          script_wrapper: |
            module purge
            %s
        vnc:
          min_port: 61000
          max_port: 61010
          script_wrapper: |
            module purge
            export PATH="/opt/TurboVNC/bin:$PATH"
            export WEBSOCKIFY_CMD="/usr/bin/websockify"
            %s

I can see in the /etc/ood/config/clusters.d/ondemand.yml that the content is correct, however when I start a Remote Desktop session, this port range is not pickup.
How to make sure these values are read and used to limit the port range ?

Owner and Mode are not set in the majority of tasks that are creating files and directories. On a hardened system, where the umask for the root account is set to be more restrictive, this will cause the configuration to fail.

A good example is in

I'm trying to install OOD on a RHEL 7 host using this ansible role and found that it fails to run due to an include in task/main.yml ( include_vars: "{{ ansible_distribution }}-scl.yml" ) which doesn't exist for RedHat.
I was able to get it to run by copying the vars/CentOS-scl.yml to vars/RedHat-scl.yml and then remove the following lines from that file:

additional_rpm_installs:

• centos-release-scl

I can submit a pull request if you'd like, but maybe there is a cleaner way to fix that problem.

When launching the DeepOps desktop in Open OnDemand, it fails to connect. When looking at the output.log I see a ton of these errors:

(dconf:243965): dconf-CRITICAL **: 13:20:22.363: unable to create directory '/run/user/20199891/dconf': Permission denied.  dconf will not work properly.
mate-session[243970]: dconf-CRITICAL: unable to create directory '/run/user/20199891/dconf': Permission denied.  dconf will not work properly.

However, I can manually create that directory with the user that launches the Desktop. Also, even with that directory already existing I still get this error when launching the desktop from OOD.

I also get the same error when trying to launch a xfce desktop as well.

Any ideas why this is happening?

# cat /etc/ood/config/apps/bc_desktop/deepops.yml 
---
title: "NVIDIA DeepOps Desktop"
cluster: "deepops"
submit: "submit/deepops_desktop.yml.erb"
attributes:
  desktop: "xfce"
  bc_queue: null
  bc_account: null
  bc_num_gpus:
    label: "Number of GPUs"
    value: 1

Molecule tests now do a lot with RPM/centos based systems. This ticket is to add debian/ubuntu build from source tests into the molecule framework.

I'd imagine they should cover the basic things (along with just the play not crashing)

• play builds the source
• play distributes source to appropriate directories
• play starts apache correctly

After installation when the very first login occurs two things happen that shouldn't. First, users are forced to initialize the system applications which they shouldn't have to. Secondly as Passenger boots it apparently zombies a couple of times before reaching steady state as shown below.

4 S root      1837     0  0  80   0 -  1496 -      14:36 pts/0    00:00:00 bash
4 Z ood       1872     1  0  80   0 -     0 -      14:38 ?        00:00:00 [PassengerAgent] <defunct>
5 S apache    1874  1588  0  80   0 - 580179 -     14:38 ?        00:00:00 httpd -k restart
0 Z ood       1941     1  0  80   0 -     0 -      14:38 ?        00:00:00 [PassengerAgent] <defunct>
5 Z root      1952     1  0  80   0 -     0 -      14:38 ?        00:00:00 [nginx] <defunct>
1 Z ood       1976     1  0  80   0 -     0 -      14:38 ?        00:00:00 [PassengerAgent] <defunct>
4 S ood       1977     1  0  80   0 - 70860 -      14:38 ?        00:00:00 Passenger watchdog
0 S ood       1980  1977  1  80   0 - 331948 -     14:38 ?        00:00:00 Passenger core
5 S root      1995     1  0  80   0 -  2349 -      14:38 ?        00:00:00 nginx: master process (ood) -c /var/lib/ondemand-nginx/config/puns/ood.conf
5 S ood       1996  1995  0  80   0 -  2488 -      14:38 ?        00:00:00 nginx: worker process

With #30 we can now write out app configurations. This ticket is to document such a feature in the README.

With #24 we can write out a single cluster configuration. This ticket is to enable writing out mutliple. So a user would define an array of clusters (of size N) and write out N files in /etc/ood/config/clusters.d.

I would like to be able to add several entries for bc_desktop on the same cluster, for example one GPU accelerated and one CPU like this :

ood_apps:
  bc_desktop:
    title: "desktop 1"
  bc_desktop:
    title: "desktop 2"

but this looks not possible as I'm having this warning.
"[WARNING]: While constructing a mapping from /hpc/playbooks/ood-overrides.yml, line 36, column 3, found a duplicate dict key (bc_desktop). Using last defined value only."

How to add multiple entries here ?

There are all sorts of deprecation warnings when the tests run. This ticket is to fix all of those.

I was just reading through the ansible playbook - I noticed that it still references the ood 1.7.1 repos.

Does that mean the other software references are a little out of date?

@johrstrom is this expected to work out of the box on Ubuntu? We had a user report that setting ood_portal_generator to true causes failures in the portal. We can default the var to false in DeepOps for Ubuntu, but it seems like other people not using DeepOps might run into it.

Originally posted by @dholt in #48 (comment)

the original issue being raised here:

NVIDIA/deepops#541 (comment)

As shown in #121 the CI and myself use ansible 2.10.x and there was a bug in our playbook for ansible versions 2.9-. So it'd probably be worth it to also test the playbook against multiple ansible versions in our CI.