Enable image builds to install extra packages by default (#536)

* Enable image builds to install extra packages by default * simplify adding additional packages * Fix docs typo Co-authored-by: wtripp180901 <[email protected]> --------- Co-authored-by: wtripp180901 <[email protected]>
stackhpc · Jan 15, 2025 · 5f7e48f · 5f7e48f
1 parent a347b90
commit 5f7e48f
Show file tree

Hide file tree

Showing 5 changed files with 31 additions and 18 deletions.
diff --git a/ansible/extras.yml b/ansible/extras.yml
@@ -65,4 +65,3 @@
   - name: Install additional packages
     dnf:
       name: "{{ appliances_extra_packages }}"
-    when: appliances_mode != 'configure' or appliances_extra_packages_during_configure
diff --git a/docs/operations.md b/docs/operations.md
@@ -63,7 +63,7 @@ This is a usually a two-step process:
 Deploying the additional nodes and applying these changes requires rerunning both Terraform and the Ansible site.yml playbook - follow [Deploying a Cluster](#Deploying-a-Cluster).
 
 # Adding Additional Packages
-By default, the following utility packages are installed during build:
+By default, the following utility packages are installed during the StackHPC image build:
 - htop
 - nano
 - screen
@@ -75,18 +75,34 @@ By default, the following utility packages are installed during build:
 - git
 - latest python version for system (3.6 for for Rocky 8.9 and 3.12 for Rocky 9.4)
 
-Additional packages from any DNF repositories which are enabled during build (which always includes EPEL, PowerTools and OpenHPC) can be added to the image by defining a list `appliances_extra_packages_other` (defaulted to the empty list in the common environment) in e.g. `environments/$SITE_ENV/inventory/group_vars/all/defaults.yml`. For example:
-
-```yaml
-    # environments/foo-base/inventory/group_vars/all/defaults.yml:
-    appliances_extra_packages_other:
-    - somepackage
-    - anotherpackage
-```
-
-The packages available from the OpenHPC repos are described in Appendix E of the OpenHPC installation guide (linked from the [OpenHPC releases page](https://github.com/openhpc/ohpc/releases/)). Note "user-facing" OpenHPC packages such as compilers, mpi libraries etc. include corresponding `lmod` modules.
-
-If you wish to install packages during runtime, the `site.yml` playbook should be run with `appliances_packages_during_configure` overriden to `true` and `cluster` should be added as a child of the `dnf_repos` group in order to temporarily re-enable DNF repositories during runtime (WARNING: this should only be done if using an unauthenticated local Pulp server. If using StackHPC Ark directly, doing this WILL leak credentials to users).
+Additional packages can be added during image builds by:
+- adding the `extra_packages` group to the build `inventory_groups` (see
+[docs/image-build.md](./image-build.md))
+- defining a list of packages in `appliances_extra_packages_other` in e.g.
+`environments/$SITE_ENV/inventory/group_vars/all/defaults.yml`. For example:
+
+    ```yaml
+        # environments/foo-base/inventory/group_vars/all/defaults.yml:
+        appliances_extra_packages_other:
+        - somepackage
+        - anotherpackage
+    ```
+
+For packages which come from repositories mirroed by StackHPC's "Ark" Pulp server
+(including rocky, EPEL and OpenHPC repositories), this will require either [Ark
+credentials](./image-build.md)) or a [local Pulp mirror](./experimental/pulp.md)
+to be configured. This includes rocky, EPEL and OpenHPC repos.
+
+The packages available from the OpenHPC repos are described in Appendix E of
+the OpenHPC installation guide (linked from the
+[OpenHPC releases page](https://github.com/openhpc/ohpc/releases/)). Note
+"user-facing" OpenHPC packages such as compilers, mpi libraries etc. include
+corresponding `lmod` modules.
+
+Packages *may* also be installed during the site.yml, by adding the `cluster`
+group into the `extra_packages` group. An error will occur if Ark credentials
+are defined in this case, as they are readable by unprivileged users in the
+`.repo` files and a local Pulp mirror must be used instead.
 
 If additional repositories are required, these could be added/enabled as necessary in a play added to `environments/$SITE_ENV/hooks/{pre,post}.yml` as appropriate. Note such a plat should NOT exclude the builder group, so that the repositories are also added to built images. There are various Ansible modules which might be useful for this:
     - `ansible.builtin.yum_repository`: Add a repo from an URL providing a 'repodata' directory.

diff --git a/environments/common/inventory/group_vars/all/defaults.yml b/environments/common/inventory/group_vars/all/defaults.yml
@@ -94,9 +94,6 @@ appliances_extra_packages_default:
  - git
  - "{{ 'python36' if ansible_distribution_version == '8.9' else 'python312' }}"
 
-
-appliances_extra_packages_during_configure: false
-
 appliances_extra_packages_other: []
 
 appliances_extra_packages: "{{ appliances_extra_packages_default + appliances_extra_packages_other }}"

diff --git a/environments/common/inventory/groups b/environments/common/inventory/groups
@@ -161,6 +161,7 @@ freeipa_client
 # Hosts to replace system repos with Pulp repos
 # Warning: when using Ark directly rather than a local Pulp server, adding hosts other than `builder` will leak Ark creds to users
 builder
+extra_packages
 
 [pulp]
 # Add builder to this group to enable automatically syncing of pulp during image build
diff --git a/environments/common/layouts/everything b/environments/common/layouts/everything
@@ -110,4 +110,4 @@ control
 
 [extra_packages:children]
 # Hosts to install specified additional packages on
-cluster
+builder
-Original file line number
+Diff line change
@@ Expand Up / @@ -110,4 +110,4 @@ control @@
     [extra_packages:children]
     # Hosts to install specified additional packages on
-    cluster
+    builder