From 308d1635fb5f172b59e55c2d9d3a380a735515f9 Mon Sep 17 00:00:00 2001 From: Mark Olson <115657904+mark-olson@users.noreply.github.com> Date: Tue, 23 May 2023 15:33:04 -0700 Subject: [PATCH 1/3] DAOSGCP-178 Fixes for ansible changes in EPEL (#85) Recent changes require ansible to be installed with the ansible-core package. That package now uses Python 3.11. Signed-off-by: Mark Olson <115657904+mark-olson@users.noreply.github.com> --- images/ansible_playbooks/tune.yml | 2 -- images/daos.pkr.hcl | 14 ++++++++++++-- 2 files changed, 12 insertions(+), 4 deletions(-) diff --git a/images/ansible_playbooks/tune.yml b/images/ansible_playbooks/tune.yml index 9ac12da..b658d22 100644 --- a/images/ansible_playbooks/tune.yml +++ b/images/ansible_playbooks/tune.yml @@ -57,8 +57,6 @@ - { limit_type: "-", limit_item: "rtprio", value: unlimited } - name: Disable SELinux service - vars: - ansible_python_interpreter: /usr/bin/python3 ansible.posix.selinux: state: disabled register: disablingSE diff --git a/images/daos.pkr.hcl b/images/daos.pkr.hcl index 1cec225..4975590 100644 --- a/images/daos.pkr.hcl +++ b/images/daos.pkr.hcl @@ -135,17 +135,27 @@ build { execute_command = "echo 'packer' | sudo -S env {{ .Vars }} {{ .Path }}" inline = [ "dnf -y install epel-release", - "dnf -y install ansible" + "dnf -y install python3.11 python3.11-pip ansible-core", + "alternatives --set python3 /usr/bin/python3.11" + ] + } + + provisioner "shell" { + inline = [ + "ansible-galaxy collection install ansible.posix", + "ansible-galaxy collection install community.general" ] } provisioner "ansible-local" { - playbook_file = "./ansible_playbooks/tune.yml" + playbook_file = "./ansible_playbooks/tune.yml" + extra_arguments = ["--user", "root"] } provisioner "ansible-local" { playbook_file = "./ansible_playbooks/daos.yml" extra_arguments = [ + "--user", "root", "--extra-vars", "\"daos_version=${var.daos_version} daos_repo_base_url=${var.daos_repo_base_url} daos_packages_repo_file=${var.daos_packages_repo_file} daos_install_type=${var.daos_install_type}\"" ] From b88cbe252eae24a160b40f53f8ff1a78d4bad3d4 Mon Sep 17 00:00:00 2001 From: Mark Olson <115657904+mark-olson@users.noreply.github.com> Date: Thu, 8 Jun 2023 15:01:48 -0700 Subject: [PATCH 2/3] DAOSGCP-189 Added security.md (#86) Add required security.md file Signed-off-by: Mark Olson <115657904+mark-olson@users.noreply.github.com> --- security.md | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 security.md diff --git a/security.md b/security.md new file mode 100644 index 0000000..d5f1e5e --- /dev/null +++ b/security.md @@ -0,0 +1,6 @@ +# Security Policy +Intel is committed to rapidly addressing security vulnerabilities affecting our customers and providing clear guidance on the solution, impact, severity and mitigation. + +## Reporting a Vulnerability +Please report any security vulnerabilities in this project [utilizing the guidelines here](https://www.intel.com/content/www/us/en/security-center/vulnerability-handling-guidelines.html). + From 053ad246e514e6b4c12768515b9907981dc9e605 Mon Sep 17 00:00:00 2001 From: Mark Olson <115657904+mark-olson@users.noreply.github.com> Date: Fri, 23 Jun 2023 06:55:08 -0700 Subject: [PATCH 3/3] DAOSGCP-190 Ensure realpath is not used on non-existent dirs (#87) Fixed an issue that caused scripts to fail when running from a fresh clone of the repo. Signed-off-by: Mark Olson <115657904+mark-olson@users.noreply.github.com> --- terraform/examples/io500/bin/get_io500_result_data.sh | 9 +++++---- terraform/examples/io500/bin/start.sh | 10 +++++----- terraform/examples/io500/bin/stop.sh | 7 ++++--- 3 files changed, 14 insertions(+), 12 deletions(-) diff --git a/terraform/examples/io500/bin/get_io500_result_data.sh b/terraform/examples/io500/bin/get_io500_result_data.sh index 8c79db6..5dbd87a 100755 --- a/terraform/examples/io500/bin/get_io500_result_data.sh +++ b/terraform/examples/io500/bin/get_io500_result_data.sh @@ -31,9 +31,10 @@ set -eo pipefail trap 'echo "Hit an unexpected and unchecked error. Exiting."' ERR SCRIPT_DIR=$(cd "$(dirname "${BASH_SOURCE[0]}")" &>/dev/null && pwd -P) -LOCAL_RESULTS_DIR=$(realpath "${SCRIPT_DIR}/../results") -TMP_DIR=$(realpath "${SCRIPT_DIR}/../.tmp") -ACTIVE_CONFIG="${SCRIPT_DIR}/../config/active_config.sh" +TF_DIR="$(realpath "${SCRIPT_DIR}/../")" +LOCAL_RESULTS_DIR="${TF_DIR}/results" +TMP_DIR="${TF_DIR}/.tmp" +ACTIVE_CONFIG="${TF_DIR}/config/active_config.sh" # shellcheck disable=SC2034 source "${SCRIPT_DIR}/_log.sh" @@ -52,7 +53,7 @@ load_active_config() { } get_first_client_ip() { - FIRST_CLIENT_IP=$(grep ssh "${SCRIPT_DIR}/login.sh" | awk '{print $4}') + FIRST_CLIENT_IP="$(grep ssh "${SCRIPT_DIR}/login.sh" | awk '{print $4}')" log.debug "FIRST_CLIENT_IP=${FIRST_CLIENT_IP}" } diff --git a/terraform/examples/io500/bin/start.sh b/terraform/examples/io500/bin/start.sh index 1f5ae9b..a6c2d69 100755 --- a/terraform/examples/io500/bin/start.sh +++ b/terraform/examples/io500/bin/start.sh @@ -28,13 +28,13 @@ trap 'echo "Hit an unexpected and unchecked error. Exiting."' ERR SCRIPT_DIR=$(cd "$(dirname "${BASH_SOURCE[0]}")" &>/dev/null && pwd -P) SCRIPT_FILENAME=$(basename "${BASH_SOURCE[0]}") -TMP_DIR=$(realpath "${SCRIPT_DIR}/../.tmp") +TF_DIR="$(realpath "${SCRIPT_DIR}/../")" +IMAGES_DIR="${TF_DIR}/images" +CLIENT_FILES_DIR="${TF_DIR}/client_files" +TMP_DIR="${TF_DIR}/.tmp" SSH_CONFIG_FILE="${TMP_DIR}/ssh_config" -TF_DIR=$(realpath "${SCRIPT_DIR}/../") -IMAGES_DIR=$(realpath "${SCRIPT_DIR}/../images") -CLIENT_FILES_DIR=$(realpath "${SCRIPT_DIR}/../client_files") +CONFIG_DIR="${TF_DIR}/config" -CONFIG_DIR=$(realpath "${SCRIPT_DIR}/../config") DEFAULT_CONFIG_FILE="GCP-1C-1S8d-rf0.sh" : "${CONFIG_FILE:="${DEFAULT_CONFIG_FILE}"}" diff --git a/terraform/examples/io500/bin/stop.sh b/terraform/examples/io500/bin/stop.sh index 79c5d75..a2f46b2 100755 --- a/terraform/examples/io500/bin/stop.sh +++ b/terraform/examples/io500/bin/stop.sh @@ -17,10 +17,11 @@ set -eo pipefail trap 'echo "Hit an unexpected and unchecked error. Exiting."' ERR SCRIPT_DIR=$(cd "$(dirname "${BASH_SOURCE[0]}")" &>/dev/null && pwd -P) -TMP_DIR=$(realpath "${SCRIPT_DIR}/../.tmp") TF_DIR=$(realpath "${SCRIPT_DIR}/../") -CLIENT_FILES_DIR=$(realpath "${SCRIPT_DIR}/../client_files") -CONFIG_DIR=$(realpath "${SCRIPT_DIR}/../config") +TMP_DIR="${TF_DIR}/.tmp" + +CLIENT_FILES_DIR="${TF_DIR}/client_files" +CONFIG_DIR="${TF_DIR}/config" ACTIVE_CONFIG_SYMLINK="${CONFIG_DIR}/active_config.sh" # shellcheck source=_log.sh