puppet-module-openondemand

Table of Contents

1. Overview
   • Supported Versions of Open OnDemand
2. Usage - Configuration options
3. Reference - Parameter and detailed reference to all options
4. Limitations - OS compatibility, etc.

Overview

Manage Open OnDemand installation and configuration.

Supported Versions of Open OnDemand

The following are the versions of this module and the supported versions of Open OnDemand:

• Module 5.x and 6.x supports Open OnDemand 3.1 and 3.0
• Module 3.x and 4.x supports Open OnDemand 3.0
• Module 2.x supports Open OnDemand 2.x
• Module 1.x supports Open OnDemand 1.18.x
• Module <= 0.12.0 supports Open OnDemand <= 1.7

Usage

All configuration can be done through the openondemand class. Example configurations will be done in Hiera format.

include openondemand

Install specific versions of OnDemand from 3.0 repo with OpenID Connect support.

openondemand::repo_release: '3.0'
openondemand::ondemand_package_ensure: "3.0.0-1.el7"
openondemand::mod_auth_openidc_ensure: "3.4.5-1.el7"

Configure OnDemand SSL certs

openondemand::servername: ondemand.osc.edu
openondemand::ssl:
  - "SSLCertificateFile /etc/pki/tls/certs/%{lookup('openondemand::servername')}.crt"
  - "SSLCertificateKeyFile /etc/pki/tls/private/%{lookup('openondemand::servername')}.key"
  - "SSLCertificateChainFile /etc/pki/tls/certs/%{lookup('openondemand::servername')}-interm.crt"

If you already declare the apache class you may wish to only include apache in this module:

openondemand::declare_apache: false
apache::default_vhost: false

Add support for interactive apps

openondemand::host_regex: '[\w.-]+\.osc\.edu'
openondemand::node_uri: '/node'
openondemand::rnode_uri: '/rnode'

Setup OnDemand to use default Dex authentication against LDAP.

openondemand::servername: ondemand.example.org
openondemand::auth_type: dex
openondemand::dex_config:
  connectors:
    - type: ldap
      id: ldap
      name: LDAP
      config:
        host: ldap.example.org:636
        insecureSkipVerify: true
        bindDN: cn=admin,dc=example,dc=org
        bindPW: admin
        userSearch:
          baseDN: ou=People,dc=example,dc=org
          filter: "(objectClass=posixAccount)"
          username: uid
          idAttr: uid
          emailAttr: mail
          nameAttr: gecos
          preferredUsernameAttr: uid
        groupSearch:
          baseDN: ou=Groups,dc=example,dc=org
          filter: "(objectClass=posixGroup)"
          userMatchers:
            - userAttr: DN
              groupAttr: member
          nameAttr: cn

Setup OnDemand to authenticate with OpenID Connect system, in these examples the IdP is Keycloak.

openondemand::servername: ondemand.osc.edu
openondemand::auth_type: 'openid-connect'
openondemand::auth_configs:
  - 'Require valid-user'
openondemand::user_map_match: '.*'
openondemand::logout_redirect: "/oidc?logout=https%3A%2F%2F%{lookup('openondemand::servername')}"
openondemand::oidc_uri: '/oidc'
openondemand::oidc_provider_metadata_url: 'https://idp.osc.edu/auth/realms/osc/.well-known/openid-configuration'
openondemand::oidc_scope: 'openid profile email groups'
openondemand::oidc_client_id: ondemand.osc.edu
openondemand::oidc_client_secret: 'SUPERSECRET'
openondemand::oidc_settings:
  OIDCPassIDTokenAs: 'serialized'
  OIDCPassRefreshToken: 'On'
  OIDCPassClaimsAs: environment
  OIDCStripCookies: 'mod_auth_openidc_session mod_auth_openidc_session_chunks mod_auth_openidc_session_0 mod_auth_openidc_session_1'

Configure OnDemand via git repo that contains app configs, locales, public, and annoucement files

openondemand::servername: ondemand.osc.edu
openondemand::apps_config_repo: https://github.com/OSC/osc-ood-config.git
openondemand::apps_config_revision: v30
openondemand::apps_config_repo_path: "%{lookup('openondemand::servername')}/apps"
openondemand::locales_config_repo_path: "%{lookup('openondemand::servername')}/locales"
openondemand::public_files_repo_paths:
  - "%{lookup('openondemand::servername')}/public/logo.png"
  - "%{lookup('openondemand::servername')}/public/favicon.ico"
openondemand::announcements_config_repo_path: "%{lookup('openondemand::servername')}/announcements"

Define a SLURM cluster:

openondemand::clusters:
  pitzer-exp:
    cluster_title: 'Pitzer Expansion'
    url: https://www.osc.edu/supercomputing/computing/pitzer
    acls:
      - adapter: group
        groups:
          - oscall
        type: whitelist
    login_host: pitzer-exp.osc.edu
    job_adapter: slurm
    job_host: pitzer-slurm01.ten.osc.edu
    job_cluster: pitzer
    job_bin: /usr/bin
    job_lib: /usr/lib64
    job_conf: /etc/slurm/slurm.conf

Define a Torque cluster. The following example is based on a cluster at OSC using Torque

openondemand::clusters:
  owens:
    cluster_title: 'Owens'
    url: 'https://www.osc.edu/supercomputing/computing/owens'
    login_host: 'owens.osc.edu'
    job_adapter: torque
    job_host: 'owens-batch.ten.osc.edu'
    job_bin: /opt/torque/bin
    job_lib: /opt/torque/lib64
    job_version: '6.0.1'
    batch_connect:
      basic:
        script_wrapper: |
          module restore
          %s
      vnc:
        script_wrapper: |
          module restore
          module load ondemand-vnc
          %s

Define a Linux Host Adapter cluster:

openondemand::clusters:
  pitzer-login:
    cluster_title: 'Pitzer Login'
    url: https://www.osc.edu/supercomputing/computing/pitzer
    hidden: true
    job_adapter: linux_host
    job_submit_host: pitzer.osc.edu
    job_ssh_hosts:
      - pitzer-login01.hpc.osc.edu
      - pitzer-login02.hpc.osc.edu
      - pitzer-login03.hpc.osc.edu
    job_site_timeout: 7200
    job_debug: true
    job_singularity_bin: /usr/bin/singularity
    job_singularity_bindpath: /etc,/media,/mnt,/run,/srv,/usr,/var,/users,/opt
    job_singularity_image: /path/to/custom/image.sif
    job_strict_host_checking: false
    job_tmux_bin: /usr/bin/tmux
    batch_connect:
      vnc:
        script_wrapper: |
          module restore
          module load ondemand-vnc
          %s

Define a Kubernetes cluster:

openondemand::clusters:
  kubernetes:
    cluster_title: Kubernetes
    hidden: true
    job_adapter: kubernetes
    job_bin: /usr/local/bin/kubectl
    job_cluster: ood-prod
    job_username_prefix: prod
    job_namespace_prefix: 'user-'
    job_server:
      endpoint: "https://k8controler.example.com:6443"
      cert_authority_file: /etc/pki/tls/kubernetes-ca.crt
    job_mounts:
      - name: home
        destination_path: /users
        path: /users
        host_type: Directory
        type: host
    job_auth:
      type: oidc

Add XDMoD support

Ensure the cluster definition has xdmod_resource_id set to resource_id of the cluster in XDMoD. Also must do something like the following to set the appropriate environment variable:

openondemand::nginx_stage_pun_custom_env:
  OOD_XDMOD_HOST: http://xdmod.osc.edu

Add Support Ticket configuration:

openondemand::confs:
  support_ticket:
    data:
      support_ticket:
        email:
          from: noreply@example.com
          to: support@example.com

The above example will create /etc/ood/config/ondemand.d/support_ticket.yml with the YAML defined in data parameter.

Install additional apps of specific versions as well as hide some apps

openondemand::install_apps:
  bc_osc_rstudio_server:
    ensure: "0.8.2-1.el7"
  bc_desktop:
    mode: '0700'

Install additional apps from Git repos:

openondemand::install_apps:
  bc_osc_rstudio_server:
    ensure: latest
    git_repo: https://github.com/OSC/bc_osc_rstudio_server.git
  bc_osc_jupyter:
    ensure: present
    git_repo: https://github.com/OSC/bc_osc_jupyter
    git_revision: v0.20.0

Install additional apps from Puppet sources:

openondemand::install_apps:
  bc_osc_rstudio_server:
    source: puppet:///modules/profile/bc_osc_rstudio_server

Add usr apps with a default group

openondemand::usr_app_defaults:
  group: staff
openondemand::usr_apps:
  user1:
    gateway_src: /home/user1/ondemand/share
  user2:
    group: faculty
    gateway_src: /home/user2/ondemand/share

Add dev app users

openondemand::dev_app_users:
  - user1
  - user2

Define some pinned apps and dashboard layout:

openondemand::pinned_apps:
  - 'usr/*'
  - 'sys/jupyter'
  - type: dev
    category: system
openondemand::pinned_apps_menu_length: 10
openondemand::pinned_apps_group_by: category
openondemand::dashboard_layout:
  rows:
    - columns:
      - width: 8
        widgets:
          - pinned_apps
          - motd
      - width: 4
        widgets:
          - xdmod_widget_job_efficiency
          - xdmod_widget_jobs

Define some configurations for /etc/ood/config/ondemand.d. This will generate /etc/ood/config/ondemand.d/pinned_apps.yml.erb based on the source file as well as /etc/ood/config/ondemand.d/dashboard_layout.yml from a template file. The example for foobar will generate the YAML file using data defined in Hiera.

openondemand::confs:
  pinned_apps:
    source: 'puppet:///modules/profile/openondemand/pinned_apps.yml.erb'
    template: true
  dashboard_layout:
    content_template: 'profile/openondemand/dashboard_layout.yml.erb'
  foobar:
    data:
      ...hash of configuration data here...

Reference

http://osc.github.io/puppet-module-openondemand/

Limitations

This module has been tested on:

• RedHat/CentOS 7 x86_64
• RedHat/Rocky Linux/Alma Linux 8
• RedHat/Rocky Linux/Alma Linux 9
• Amazon Linux 2023
• Ubuntu 20.04
• Ubuntu 22.04
• Debian 12

Reference

Table of Contents

Classes

Public Classes

• openondemand: Manage Open OnDemand

Private Classes

• openondemand::apache: Manage Open OnDemand Apache
• openondemand::config: Manage Open OnDemand configs
• openondemand::install: Manage Open OnDemand install
• openondemand::repo::apt: Manage Open OnDemand APT repos
• openondemand::repo::rpm: Manage Open OnDemand RPM repos
• openondemand::service: Manage Open OnDemand service

Defined types

• openondemand::app::dev: Manage Open OnDemand dev app
• openondemand::app::usr: Manage Open OnDemand user app
• openondemand::cluster: Manage Open OnDemand cluster definition
• openondemand::conf: Manage Open OnDemand configuration file in /etc/ood/config/ondemand.d
• openondemand::install::app: Manage Open OnDemand app

Data types

• Openondemand::Acl: OnDemand cluster ACL
• Openondemand::Batch_connect: Defines cluster config batch_connect values
• Openondemand::Dashboard_layout: Dashboard layout
• Openondemand::Dashboard_layout_column: Dashboard layout column
• Openondemand::Dex_config: ondemand-dex config
• Openondemand::K8_auth: OnDemand cluster Kubernetes auth
• Openondemand::K8_mount: OnDemand cluster Kubernetes mount
• Openondemand::K8_server: OnDemand cluster Kubernetes mount
• Openondemand::Nginx_stage_namespace_config: nginx_stage.yml namespace_config

Tasks

• announce: Install Open OnDemand announcement file
• maintenance: Put OnDemand into maintenance mode
• nginx_stage: Run nginx_stage commands

Classes

openondemand

Manage Open OnDemand

Parameters

The following parameters are available in the openondemand class:

• repo_release
• repo_baseurl_prefix
• repo_gpgkey
• repo_gpgcheck
• repo_repogpgcheck
• repo_proxy
• repo_priority
• repo_module_hotfixes
• repo_exclude
• manage_dependency_repos
• manage_epel
• repo_nightly
• selinux
• ondemand_package_ensure
• ondemand_dex_package_ensure
• mod_auth_openidc_ensure
• install_apps
• declare_apache
• apache_user
• apache_scls
• generator_insecure
• listen_addr_port
• servername
• server_aliases
• ssl
• disable_logs
• logroot
• use_rewrites
• use_maintenance
• maintenance_ip_allowlist
• maintenance_source
• maintenance_content
• security_csp_frame_ancestors
• security_strict_transport
• lua_root
• lua_log_level
• user_map_match
• user_map_cmd
• user_env
• map_fail_uri
• auth_type
• auth_configs
• custom_vhost_directives
• custom_location_directives
• root_uri
• analytics
• public_uri
• public_root
• logout_uri
• logout_redirect
• host_regex
• node_uri
• rnode_uri
• nginx_uri
• pun_uri
• pun_socket_root
• pun_max_retries
• pun_pre_hook_root_cmd
• pun_pre_hook_exports
• oidc_uri
• oidc_discover_uri
• oidc_discover_root
• register_uri
• register_root
• oidc_provider_metadata_url
• oidc_client_id
• oidc_client_secret
• oidc_remote_user_claim
• oidc_scope
• oidc_session_inactivity_timeout
• oidc_session_max_duration
• oidc_state_max_number_of_cookies
• oidc_settings
• dex_uri
• dex_config
• web_directory
• nginx_log_group
• nginx_stage_clean_cron_schedule
• nginx_stage_ondemand_portal
• nginx_stage_ondemand_title
• nginx_stage_pun_custom_env
• nginx_stage_app_root
• nginx_stage_scl_env
• nginx_stage_app_request_regex
• nginx_stage_min_uid
• nginx_stage_passenger_pool_idle_time
• nginx_stage_passenger_options
• nginx_stage_nginx_file_upload_max
• nginx_stage_configs
• config_dir_purge
• config_source
• config_content
• confs
• pinned_apps
• pinned_apps_menu_length
• pinned_apps_group_by
• dashboard_layout
• hook_env
• hook_env_path
• hook_env_config
• kubectl_path
• clusters
• clusters_hiera_merge
• usr_apps
• usr_app_defaults
• dev_apps
• dev_app_users
• dev_app_defaults
• apps_config_repo
• apps_config_revision
• apps_config_repo_path
• locales_config_repo_path
• announcements_config_repo_path
• apps_config_source
• locales_config_source
• announcements_config_source
• public_files_repo_paths
• public_files_source_paths
• manage_logrotate

repo_release

Data type: String

The release of OnDemand repo

Default value: '3.1'

repo_baseurl_prefix

Data type: Variant[Stdlib::HTTPSUrl, Stdlib::HTTPUrl]

The baseurl prefix for OnDemand repo

Default value: 'https://yum.osc.edu/ondemand'

repo_gpgkey

Data type: Variant[Stdlib::HTTPSUrl, Stdlib::HTTPUrl, Stdlib::Absolutepath]

The URL for OnDemand repo GPG key

Default value: 'https://yum.osc.edu/ondemand/RPM-GPG-KEY-ondemand-SHA512'

repo_gpgcheck

Data type: Variant[Boolean, Enum['1','0', 'yes', 'no']]

Boolean to enable or disable the GPG check for the OnDemand repo. Defaults to enabled

Default value: '1'

repo_repogpgcheck

Data type: Variant[Boolean, Enum['1','0', 'yes', 'no']]

Boolean to enable or disable the repo GPG check for the OnDemand repo. Defaults to enabled

Default value: '1'

repo_proxy

Data type: Optional[String[1]]

The URL for proxy for OnDemand repo

Default value: undef

repo_priority

Data type: Integer[1,99]

The priority of the OnDemand repo

Default value: 99

repo_module_hotfixes

Data type: Optional[Boolean]

The module_hotfixes of the OnDemand repo

Default value: undef

repo_exclude

Data type: String

Exclusion for OnDemand repo

Default value: 'absent'

manage_dependency_repos

Data type: Boolean

Boolean that determines if managing repos for package dependencies

Default value: true

manage_epel

Data type: Boolean

Boolean that determines if managing EPEL repo

Default value: true

repo_nightly

Data type: Boolean

Add the OnDemand nightly repo

Default value: false

selinux

Data type: Boolean

Boolean that determines if adding SELinux support

Default value: false

ondemand_package_ensure

Data type: String

ondemand package ensure

Default value: 'present'

ondemand_dex_package_ensure

Data type: String

ondemand-dex package ensure

Default value: 'present'

mod_auth_openidc_ensure

Data type: String

mod_auth_openidc package ensure

Default value: 'present'

install_apps

Data type: Hash

Hash of apps to install, passed to ondemand::install::app

Default value: {}

declare_apache

Data type: Boolean

Boolean that determines if apache is declared or included

Default value: true

apache_user

Data type: String[1]

Name of the Apache user

Default value: 'apache'

apache_scls

Data type: String

SCLs to load when starting Apache service

Default value: 'httpd24'

generator_insecure

Data type: Boolean

Run ood-portal-generator with --insecure flag This is needed if you wish to use default ood@localhost user or other local users

Default value: false

listen_addr_port

Data type: Variant[Array, String, Undef]

ood_portal.yml listen_addr_port

Default value: undef

servername

Data type: Optional[String]

ood_portal.yml servername

Default value: undef

server_aliases

Data type: Optional[Array]

ood_porta.yml server_aliases

Default value: undef

ssl

Data type: Optional[Array]

ood_portal.yml ssl

Default value: undef

disable_logs

Data type: Boolean

ood_portal.yml disable_logs

Default value: false

logroot

Data type: String

ood_portal.yml logroot

Default value: 'logs'

use_rewrites

Data type: Boolean

ood_portal.yml use_rewrites

Default value: true

use_maintenance

Data type: Boolean

ood_portal.yml use_maintenance

Default value: true

maintenance_ip_allowlist

Data type: Array

ood_portal.yml maintenance_ip_allowlist

Default value: []

maintenance_source

Data type: Optional[String]

Source for maintenance index.html

Default value: undef

maintenance_content

Data type: Optional[String]

Content for maintenance index.html

Default value: undef

security_csp_frame_ancestors

Data type: Optional[Variant[String, Boolean]]

ood_portal.yml security_csp_frame_ancestors

Default value: undef

security_strict_transport

Data type: Boolean

ood_portal.yml security_strict_transport

Default value: true

lua_root

Data type: String

ood_portal.yml lua_root

Default value: '/opt/ood/mod_ood_proxy/lib'

lua_log_level

Data type: Optional[String]

ood_portal.yml lua_log_level

Default value: undef

user_map_match

Data type: String

ood_portal.yml user_map_match

Default value: '.*'

user_map_cmd

Data type: Optional[String]

ood_portal.yml user_map_cmd

Default value: undef

user_env

Data type: Optional[String]

ood_portal.yml user_env

Default value: undef

map_fail_uri

Data type: Optional[String]

ood_portal.yml map_fail_uri

Default value: undef

auth_type

Data type: Variant[Enum['CAS', 'openid-connect', 'shibboleth', 'dex'], String[1]]

ood_portal.yml auth_type

Default value: 'dex'

auth_configs

Data type: Optional[Array]

ood_portal.yml auth_configs

Default value: undef

custom_vhost_directives

Data type: Array

ood_portal.yml custom_vhost_directives

Default value: []

custom_location_directives

Data type: Array

ood_portal.yml custom_location_directives

Default value: []

root_uri

Data type: String

ood_portal.yml root_uri

Default value: '/pun/sys/dashboard'

analytics

Data type: Optional[Struct[{ url => String, id => String }]]

ood_portal.yml analytics

Default value: undef

public_uri

Data type: String

ood_portal.yml public_uri

Default value: '/public'

public_root

Data type: String

ood_portal.yml public_root

Default value: '/var/www/ood/public'

logout_uri

Data type: Variant[String[1], Undef]

ood_portal.yml logout_uri

Default value: '/logout'

logout_redirect

Data type: Variant[String[1], Undef]

ood_portal.yml logout_redirect

Default value: '/pun/sys/dashboard/logout'

host_regex

Data type: String

ood_portal.yml host_regex

Default value: '[^/]+'

node_uri

Data type: Optional[String]

ood_portal.yml node_uri

Default value: undef

rnode_uri

Data type: Optional[String]

ood_portal.yml rnode_uri

Default value: undef

nginx_uri

Data type: String

ood_portal.yml nginx_uri

Default value: '/nginx'

pun_uri

Data type: String

ood_portal.yml pun_uri

Default value: '/pun'

pun_socket_root

Data type: String

ood_portal.yml pun_socket_root

Default value: '/var/run/ondemand-nginx'

pun_max_retries

Data type: Integer

ood_portal.yml pun_max_retries

Default value: 5

pun_pre_hook_root_cmd

Data type: Optional[Stdlib::Absolutepath]

ood_portal.yml pun_pre_hook_root_cmd

Default value: undef

pun_pre_hook_exports

Data type: Optional[String]

ood_porta.yml pun_pre_hook_exports

Default value: undef

oidc_uri

Data type: Optional[String]

ood_portal.yml oidc_uri

Default value: undef

oidc_discover_uri

Data type: Optional[String]

ood_portal.yml oidc_discover_uri

Default value: undef

oidc_discover_root

Data type: Optional[String]

ood_portal.yml oidc_discover_root

Default value: undef

register_uri

Data type: Optional[String]

ood_portal.yml register_uri

Default value: undef

register_root

Data type: Optional[String]

ood_portal.yml register_root

Default value: undef

oidc_provider_metadata_url

Data type: Optional[String]

OIDC metadata URL

Default value: undef

oidc_client_id

Data type: Optional[String]

OIDC client ID

Default value: undef

oidc_client_secret

Data type: Optional[String]

OIDC client secret

Default value: undef

oidc_remote_user_claim

Data type: String

OIDC REMOTE_USER claim

Default value: 'preferred_username'

oidc_scope

Data type: String

OIDC scopes

Default value: 'openid profile email'

oidc_session_inactivity_timeout

Data type: Integer

OIDC session inactivity timeout, see OIDCSessionInactivityTimeout

Default value: 28800

oidc_session_max_duration

Data type: Integer

OIDC session max duration, see OIDCSessionMaxDuration

Default value: 28800

oidc_state_max_number_of_cookies

Data type: String

OIDC setting that determines how to clean up cookies

Default value: '10 true'

oidc_settings

Data type: Hash

Hash of OIDC settings passsed directly to Apache config

Default value: {}

dex_uri

Data type: Variant[String[1],Boolean]

Dex URI if put behind Apache reverse proxy

Default value: '/dex'

dex_config

Data type: Openondemand::Dex_config

Dex configuration Hash

Default value: {}

web_directory

Data type: Stdlib::Absolutepath

Path to main web directory for OnDemand

Default value: '/var/www/ood'

nginx_log_group

Data type: String

Group to set for /var/log/ondemand-nginx

Default value: 'ondemand-nginx'

nginx_stage_clean_cron_schedule

Data type: String

Configure how often you want to run nginx_clean Defaults to '0 /2 * *' (every other hour)

Default value: '0 */2 * * *'

nginx_stage_ondemand_portal

Data type: String

nginx_stage.yml ondemand_portal

Default value: 'ondemand'

nginx_stage_ondemand_title

Data type: Optional[String]

nginx_stage.yml ondemand_title

Default value: undef

nginx_stage_pun_custom_env

Data type: Hash

nginx_stage.yml pun_custom_env

Default value: {}

nginx_stage_app_root

Data type: Openondemand::Nginx_stage_namespace_config

nginx_stage.yml app_root

Default value: {}

nginx_stage_scl_env

Data type: String

nginx_stage.yml scl_env

Default value: 'ondemand'

nginx_stage_app_request_regex

Data type: Optional[Openondemand::Nginx_stage_namespace_config]

nginx_stage.yml app_request_regex

Default value: undef

nginx_stage_min_uid

Data type: Integer

nginx_stage.yml min_uid

Default value: 1000

nginx_stage_passenger_pool_idle_time

Data type: Integer

nginx_stage.yml passenger_pool_idle_time

Default value: 300

nginx_stage_passenger_options

Data type: Hash[Pattern[/^passenger_.+/], Variant[String, Integer]]

nginx_stage.yml passenger_options

Default value: {}

nginx_stage_nginx_file_upload_max

Data type: Optional[Integer]

nginx_stage.yml nginx_file_upload_max

Default value: undef

nginx_stage_configs

Data type: Hash

nginx_stage.yml extra configuration options

Default value: {}

config_dir_purge

Data type: Boolean

Boolean that sets if ondemand.d should be purged of unmanaged files

Default value: true

config_source

Data type: Optional[String]

The source for /etc/ood/config/ondemand.d/ondemand.yml Overrides config_content as well as pinned apps and dashboard layout parameters

Default value: undef

config_content

Data type: Optional[String]

The content for /etc/ood/config/ondemand.d/ondemand.yml Overrides pinned apps and dashboard layout parameters

Default value: undef

confs

Data type: Hash

Hash to define openondemand::conf resources

Default value: {}

pinned_apps

Data type: Optional[Array[Variant[String[1], Hash]]]

Defines the OnDemand configuration for pinned_apps

Default value: undef

pinned_apps_menu_length

Data type: Optional[Integer]

Defines the OnDemand configuration for pinned_apps_menu_length

Default value: undef

pinned_apps_group_by

Data type: Optional[String[1]]

Defines the OnDemand configuration for pinned_apps_group_by

Default value: undef

dashboard_layout

Data type: Optional[Openondemand::Dashboard_layout]

Defines the OnDemand configuration for dashboard_layout

Default value: undef

hook_env

Data type: Boolean

Boolean that sets of hook.env configuration should be managed

Default value: true

hook_env_path

Data type: Stdlib::Absolutepath

Path to hook.env

Default value: '/etc/ood/config/hook.env'

hook_env_config

Data type: Hash

Configuration hash to pass into hook.env

Default value: {}

kubectl_path

Data type: Stdlib::Absolutepath

Path to kubectl

Default value: '/bin/kubectl'

clusters

Data type: Hash

Hash of resources to apss to openondemand::cluster

Default value: {}

clusters_hiera_merge

Data type: Boolean

Boolean that determines if clusters should be merged via lookup function

Default value: true

usr_apps

Data type: Variant[Array, Hash]

Resources passed to openondemand::app::usr

Default value: {}

usr_app_defaults

Data type: Hash

Defaults for usr_apps resources

Default value: {}

dev_apps

Data type: Hash

Resources passed to openondemand::app::dev

Default value: {}

dev_app_users

Data type: Array

Users to define as having dev apps, passed to openondemand::app::dev

Default value: []

dev_app_defaults

Data type: Hash

Defaults for dev_apps and dev_app_users

Default value: {}

apps_config_repo

Data type: Optional[String]

Git repo URL for apps config

Default value: undef

apps_config_revision

Data type: Optional[String]

Revision for apps config Git repo

Default value: undef

apps_config_repo_path

Data type: String

Path in apps config Git repo for app configs

Default value: ''

locales_config_repo_path

Data type: Optional[String]

Path in apps config Git repo for locales configs

Default value: undef

announcements_config_repo_path

Data type: Optional[String]

Path in apps config Git repo for announcements

Default value: undef

apps_config_source

Data type: Optional[String]

Source for apps config, not used if apps_config_repo is defined

Default value: undef

locales_config_source

Data type: Optional[String]

Source for locales config, not used if apps_config_repo is defined

Default value: undef

announcements_config_source

Data type: Optional[String]

Source for aouncements config, not used if apps_config_repo is defined

Default value: undef

public_files_repo_paths

Data type: Array

Path to public files in apps config Git repo

Default value: []

public_files_source_paths

Data type: Array

Path to the source for public files

Default value: []

manage_logrotate

Data type: Boolean

Boolean that allows disabling management of logrotate

Default value: true

Defined types

openondemand::app::dev

Manage Open OnDemand dev app

Examples

openondemand::app::dev { 'user1': }

Parameters

The following parameters are available in the openondemand::app::dev defined type:

• ensure
• mode
• owner
• group
• home_subdir
• gateway_src

ensure

Data type: Enum['present','absent']

Default value: 'present'

mode

Data type: Stdlib::Filemode

File mode of dev app

Default value: '0755'

owner

Data type: String

Owner of dev app

Default value: 'root'

group

Data type: String

Group owning dev app

Default value: 'root'

home_subdir

Data type: String

The subdirectory under user's home for dev app Not used if gateway_src is defined

Default value: 'ondemand/dev'

gateway_src

Data type: Optional[Stdlib::Absolutepath]

The path to dev app, overrides home_subdir

Default value: undef

openondemand::app::usr

Manage Open OnDemand user app

Examples

openondemand::app::usr { 'user1':
  gateway_src => '/home/user1/ondemand/usr',
}

Parameters

The following parameters are available in the openondemand::app::usr defined type:

• gateway_src
• ensure
• mode
• owner
• group

gateway_src

Data type: Stdlib::Absolutepath

Path to source of user's apps

ensure

Data type: Enum['present','absent']

Default value: 'present'

mode

Data type: Stdlib::Filemode

The file mode for shared apps

Default value: '0750'

owner

Data type: String

The file owner of shared apps

Default value: 'root'

group

Data type: String

The file group owner of shared apps

Default value: 'root'

openondemand::cluster

Manage Open OnDemand cluster definition

Parameters

The following parameters are available in the openondemand::cluster defined type:

• cluster_title
• owner
• group
• mode
• url
• hidden
• acls
• login_host
• job_adapter
• job_cluster
• job_host
• job_lib
• job_libdir
• job_bin
• job_bindir
• job_conf
• job_envdir
• job_serverdir
• job_exec
• sge_root
• libdrmaa_path
• job_version
• job_bin_overrides
• job_submit_host
• job_ssh_hosts
• job_site_timeout
• job_debug
• job_singularity_bin
• job_singularity_bindpath
• job_singularity_image
• job_strict_host_checking
• job_tmux_bin
• job_config_file
• job_username_prefix
• job_namespace_prefix
• job_all_namespaces
• job_auto_supplemental_groups
• job_server
• job_mounts
• job_auth
• scheduler_type
• scheduler_host
• scheduler_bin
• scheduler_version
• scheduler_params
• rsv_query_acls
• ganglia_host
• ganglia_scheme
• ganglia_segments
• ganglia_req_query
• ganglia_opt_query
• ganglia_version
• grafana_host
• grafana_org_id
• grafana_theme
• grafana_dashboard_name
• grafana_dashboard_uid
• grafana_dashboard_panels
• grafana_labels
• grafana_cluster_override
• xdmod_resource_id
• custom_config
• batch_connect
• source

cluster_title

Data type: String

Default value: $name

owner

Data type: String

Owner of the cluster YAML file

Default value: 'root'

group

Data type: String

Group of the cluster YAML file

Default value: 'root'

mode

Data type: Stdlib::Filemode

Ownership mode of the cluster YAML file

Default value: '0644'

url

Data type: Optional[Variant[Stdlib::HTTPSUrl, Stdlib::HTTPUrl]]

Default value: undef

hidden

Data type: Boolean

Default value: false

acls

Data type: Optional[Array[Openondemand::Acl]]

Default value: undef

login_host

Data type: Optional[Stdlib::Host]

Default value: undef

job_adapter

Data type: Optional[Enum['torque','slurm','lsf','pbspro','sge','linux_host','kubernetes']]

Default value: undef

job_cluster

Data type: Optional[String]

Default value: undef

job_host

Data type: Optional[Stdlib::Host]

Default value: undef

job_lib

Data type: Optional[Stdlib::Absolutepath]

Default value: undef

job_libdir

Data type: Optional[Stdlib::Absolutepath]

Default value: undef

job_bin

Data type: Optional[Stdlib::Absolutepath]

Default value: undef

job_bindir

Data type: Optional[Stdlib::Absolutepath]

Default value: undef

job_conf

Data type: Optional[Stdlib::Absolutepath]

Default value: undef

job_envdir

Data type: Optional[Stdlib::Absolutepath]

Default value: undef

job_serverdir

Data type: Optional[Stdlib::Absolutepath]

Default value: undef

job_exec

Data type: Optional[Stdlib::Absolutepath]

Default value: undef

sge_root

Data type: Optional[Stdlib::Absolutepath]

Default value: undef

libdrmaa_path

Data type: Optional[Stdlib::Absolutepath]

Default value: undef

job_version

Data type: Optional[String]

Default value: undef

job_bin_overrides

Data type: Optional[Hash[String, Stdlib::Absolutepath]]

Default value: undef

job_submit_host

Data type: Optional[Stdlib::Host]

Default value: undef

job_ssh_hosts

Data type: Optional[Array[Stdlib::Host]]

Default value: undef

job_site_timeout

Data type: Optional[Integer]

Default value: undef

job_debug

Data type: Optional[Boolean]

Default value: undef

job_singularity_bin

Data type: Optional[Stdlib::Absolutepath]

Default value: undef

job_singularity_bindpath

Data type: Optional[Variant[Array[Stdlib::Absolutepath], String]]

Default value: undef

job_singularity_image

Data type: Optional[String]

Default value: undef

job_strict_host_checking

Data type: Optional[Boolean]

Default value: undef

job_tmux_bin

Data type: Optional[Stdlib::Absolutepath]

Default value: undef

job_config_file

Data type: Optional[String[1]]

Default value: undef

job_username_prefix

Data type: Optional[String]

Default value: undef

job_namespace_prefix

Data type: Optional[String]

Default value: undef

job_all_namespaces

Data type: Boolean

Default value: false

job_auto_supplemental_groups

Data type: Boolean

Default value: false

job_server

Data type: Optional[Openondemand::K8_server]

Default value: undef

job_mounts

Data type: Optional[Array[Openondemand::K8_mount]]

Default value: undef

job_auth

Data type: Optional[Openondemand::K8_auth]

Default value: undef

scheduler_type

Data type: Optional[Enum['moab']]

Default value: undef

scheduler_host

Data type: Optional[Stdlib::Host]

Default value: undef

scheduler_bin

Data type: Optional[Stdlib::Absolutepath]

Default value: undef

scheduler_version

Data type: Optional[String]

Default value: undef

scheduler_params

Data type: Hash

Default value: {}

rsv_query_acls

Data type: Optional[Array[Openondemand::Acl]]

Default value: undef

ganglia_host

Data type: Optional[Stdlib::Host]

Default value: undef

ganglia_scheme

Data type: String

Default value: 'https://'

ganglia_segments

Data type: Array

Default value: ['gweb', 'graph.php']

ganglia_req_query

Data type: Hash

Default value: { 'c' => $name }

ganglia_opt_query

Data type: Hash

Default value: { 'h' => "%{h}.${facts['networking']['domain']}" }

ganglia_version

Data type: String

Default value: '3'

grafana_host

Data type: Optional[Variant[Stdlib::HTTPSUrl,Stdlib::HTTPUrl]]

Default value: undef

grafana_org_id

Data type: Integer

Default value: 1

grafana_theme

Data type: Optional[String]

Default value: undef

grafana_dashboard_name

Data type: Optional[String]

Default value: undef

grafana_dashboard_uid

Data type: Optional[String]

Default value: undef

grafana_dashboard_panels

Data type:

Optional[Struct[{
        'cpu' => Integer,
        'memory' => Integer,
  }]]

Default value: undef

grafana_labels

Data type:

Optional[Struct[{
        'cluster' => String,
        'host' => String,
        'jobid' => Optional[String],
  }]]

Default value: undef

grafana_cluster_override

Data type: Optional[String]

Default value: undef

xdmod_resource_id

Data type: Optional[Integer]

Default value: undef

custom_config

Data type: Hash

Custom Hash passed to v2.custom in cluster YAML

Default value: {}

batch_connect

Data type: Optional[Openondemand::Batch_connect]

Default value: undef

source

Data type: Optional[Stdlib::Filesource]

source file to create cluster configuration from.

Default value: undef

openondemand::conf

Manage Open OnDemand configuration file in /etc/ood/config/ondemand.d

Parameters

The following parameters are available in the openondemand::conf defined type:

• source
• content
• content_template
• data
• template
• filename

source

Data type: Optional[String]

The source of the configuration file

Default value: undef

content

Data type: Optional[String]

The content template of the configuration file

Default value: undef

content_template

Data type: Optional[String]

The template to define content

Default value: undef

data

Data type: Optional[Hash]

A hash of data to convert to YAML that defines the configuration file contents

Default value: undef

template

Data type: Boolean

If true, the file will have .yml.erb extension, otherwise the extension is .yml

Default value: false

filename

Data type: Optional[String]

Override the default filename for the configuration file

Default value: undef

openondemand::install::app

Manage Open OnDemand app

Examples

openondemand::install::app { 'bc_osc_foo':
  ensure => '0.1.0-1.el7',
}

Parameters

The following parameters are available in the openondemand::install::app defined type:

• ensure
• package
• manage_package
• git_repo
• git_revision
• source
• path
• owner
• group
• mode

ensure

Data type: String

Package ensure property if installing from a package

Default value: 'present'

package

Data type: String

Package name for the app

Default value: "ondemand-${name}"

manage_package

Data type: Boolean

Should package be managed

Default value: true

git_repo

Data type: Optional[String]

The git repo to use to install the app If defined, no package will be installed

Default value: undef

git_revision

Data type: Optional[String]

The git revision to checkout

Default value: undef

source

Data type: Optional[String]

The Puppet source path for app

Default value: undef

path

Data type: Optional[Stdlib::Absolutepath]

Path to app, defaults to /var/www/ood/apps/sys/$name

Default value: undef

owner

Data type: String

File owner of app

Default value: 'root'

group

Data type: String

File group owner of app

Default value: 'root'

mode

Data type: String

File mode for app

Default value: '0755'

Data types

Openondemand::Acl

OnDemand cluster ACL

Alias of

Struct[{ 'adapter' => Enum['group'],
                                  'groups'  => Optional[Array],
                                  'type'    => Enum['whitelist', 'blacklist']
                                  }]

Openondemand::Batch_connect

Defines cluster config batch_connect values

Alias of

Struct[{
  Optional['basic']     => Struct[{
        Optional['script_wrapper'] => String,
        Optional['set_host'] => String
    }],
  Optional['vnc']       => Struct[{
        Optional['script_wrapper'] => String,
        Optional['set_host'] => String
    }],
  Optional['ssh_allow'] => Boolean,
}]

Openondemand::Dashboard_layout

Dashboard layout

Alias of

Struct[{
  'rows' => Array[Struct[{'columns' => Array[Openondemand::Dashboard_layout_column]}]]
}]

Openondemand::Dashboard_layout_column

Dashboard layout column

Alias of

Struct[{
  'width' => Integer,
  'widgets' => Array[String[1]],
}]

Openondemand::Dex_config

ondemand-dex config

Alias of

Struct[{
  'ssl' => Optional[Boolean],
  'http_port' => Optional[Variant[String, Integer]],
  'https_port' => Optional[Variant[String, Integer]],
  'tls_cert' => Optional[Stdlib::Absolutepath],
  'tls_key' => Optional[Stdlib::Absolutepath],
  'storage_file' => Optional[Stdlib::Absolutepath],
  'grpc' => Optional[Hash],
  'expiry' => Optional[Hash],
  'client_id' => Optional[String],
  'client_redirect_uris' => Optional[Array],
  'client_name' => Optional[String],
  'client_secret' => Optional[String],
  'static_clients' => Optional[Array[Hash]],
  'connectors' => Optional[Array[Hash]],
  'frontend' => Optional[Hash],
  }]

Openondemand::K8_auth

OnDemand cluster Kubernetes auth

Alias of

Struct[{
    'type' => String[1],
  }]

Openondemand::K8_mount

OnDemand cluster Kubernetes mount

Alias of

Struct[{ 'type' => String[1],
    'name'  => String[1],
    'host_type' => Optional[String[1]],
    'host' => Optional[String[1]],
    'destination_path' => Stdlib::Absolutepath,
    'path' => Stdlib::Absolutepath,
  }]

Openondemand::K8_server

OnDemand cluster Kubernetes mount

Alias of

Struct[{ 'endpoint' => Stdlib::HTTPSUrl,
    'cert_authority_file'  => Stdlib::Absolutepath,
  }]

Openondemand::Nginx_stage_namespace_config

nginx_stage.yml namespace_config

Alias of

Struct[{
  'dev' => Optional[String],
  'usr' => Optional[String],
  'sys' => Optional[String]
  }]

Tasks

announce

Install Open OnDemand announcement file

Supports noop? false

Parameters

source

Data type: String[1]

Path to file to install (or purge)

maintenance

Put OnDemand into maintenance mode

Supports noop? false

Parameters

ensure

Data type: Enum['present','absent']

Set state of maintenance mode

nginx_stage

Run nginx_stage commands

Supports noop? false

Parameters

command

Data type: Enum[nginx_clean,nginx_list]

nginx_stage command to execute

user

Data type: Optional[String[1]]

Operate on specific user

skip_nginx

Data type: Optional[Boolean]

Skip execution of the per-user nginx process

force

Data type: Optional[Boolean]

Force clean ALL per-user nginx processes

Change log

All notable changes to this project will be documented in this file. The format is based on Keep a Changelog and this project adheres to Semantic Versioning.

v6.0.0 (2024-10-16)

Full Changelog

Changed

• Require stdlib >= 9.x #165 (treydock)

v5.2.0 (2024-10-16)

Full Changelog

Added

• Support Ubuntu 24.04 #163 (treydock)
• Remove EL7 support #161 (treydock)

v5.1.0 (2024-09-06)

Full Changelog

Added

• Added support to configure the GPG check for the OnDemand repo #159 (abujeda)

Fixed

• Don't wrap yaml lines for confs #160 (mattmix)

v5.0.1 (2024-04-17)

Full Changelog

Fixed

• Allow undef for logout_uri and logout_redirect #157 (abujeda)

v5.0.0 (2024-02-13)

Full Changelog

Changed

• Support OnDemand 3.1 #154 (treydock)

v4.5.0 (2024-01-25)

Full Changelog

Added

• Added support for files to configure cluster definitions #156 (abujeda)

v4.4.1 (2024-01-25)

Full Changelog

Fixed

• Fix Apache user for Ubuntu and Debian #155 (treydock)

v4.4.0 (2024-01-21)

Full Changelog

Added

• Added support to add module files into the OnDemand public folder #151 (abujeda)

v4.3.1 (2023-12-01)

Full Changelog

Fixed

• document multi-line strings #146 (johrstrom)

v4.3.0 (2023-11-27)

Full Changelog

Added

• Support new module dependencies #144 (treydock)

Fixed

• Removed Nginx stage ondemand title default value #142 (abujeda)

v4.2.1 (2023-10-06)

Full Changelog

Fixed

• Fix nginx_stage task to work on Python 3 #138 (treydock)

v4.2.0 (2023-09-19)

Full Changelog

Added

• Refactor how cluster YAML is generated to stop using ERB template #137 (treydock)

v4.1.0 (2023-06-16)

Full Changelog

Added

• Support newer stdlib and systemd modules #131 (treydock)
• Allow apps to be installed from source parameter #130 (treydock)
• Document adding support ticket configuration #126 (treydock)

Fixed

• Set mode for managed directories #132 (treydock)

v4.0.0 (2023-05-04)

Full Changelog

Changed

• Support Puppet 8, Drop Puppet 6 support, update dependencies #125 (treydock)

Added

• Adding proxy for ondemand repo. #124 (pedmon)

v3.0.1 (2023-04-14)

Full Changelog

Fixed

• Fixed boolean check for boolean parameter #121 (abujeda)

v3.0.0 (2023-04-03)

Full Changelog

Changed

• Switch to use OnDemand 3.0 #122 (treydock)
• OnDemand 3.0 support #70 (treydock)

v2.15.0 (2022-11-15)

Full Changelog

Added

• Use NodeJS 14 #115 (treydock)

v2.14.0 (2022-08-12)

Full Changelog

Added

• Add dex_uri parameter #109 (treydock)
• Support Ubuntu 18.04 and 20.04 #103 (treydock)

v2.13.0 (2022-06-10)

Full Changelog

Added

• Add the ability to configure set_host for clusters #98 (mattmix)

v2.12.1 (2022-06-08)

Full Changelog

Fixed

• Allow arbitrary string for auth_type #97 (mattmix)

v2.12.0 (2022-05-20)

Full Changelog

Added

• Avoid latest repo by default, not a stable repo #91 (treydock)
• Replace CentOS 8 with Rocky 8 and PDK sync #87 (treydock)

v2.11.0 (2022-05-06)

Full Changelog

Added

• Support installing apps with git #85 (treydock)

v2.10.0 (2022-04-11)

Full Changelog

Added

• Allow setting cluster YAML permissions #82 (treydock)

Fixed

• Actually use new owner/group/mode cluster parameters #83 (treydock)

v2.9.0 (2022-03-04)

Full Changelog

Added

• Add repo_exclude parameter #81 (treydock)

Fixed

• Use 2.0 repo for acceptance tests #80 (treydock)
• Fix when ood-portal-generator is triggered #79 (treydock)
• Ensure that validation errors for Apache config will not persist #78 (treydock)
• Skip nigntly tests until feature/ondemand-2.1 merged #74 (treydock)

v2.8.2 (2021-10-14)

Full Changelog

Fixed

• Further fix how custom configs are defined (with tests) #73 (treydock)

v2.8.1 (2021-10-14)

Full Changelog

Fixed

• Fix how custom cluster configs are defined #72 (treydock)

v2.8.0 (2021-09-01)

Full Changelog

Added

• Support nightly repos #66 (treydock)

v2.7.0 (2021-08-09)

Full Changelog

Added

• Add nginx_stage_nginx_file_upload_max and nginx_stage_configs #65 (treydock)

v2.6.0 (2021-08-03)

Full Changelog

Added

• Support cluster custom_config #63 (treydock)

v2.5.0 (2021-07-29)

Full Changelog

Added

• Support K8 auto_supplemental_groups #62 (treydock)

v2.4.1 (2021-07-21)

Full Changelog

v2.4.0 (2021-07-14)

Full Changelog

v2.3.0 (2021-06-15)

Full Changelog

v2.2.0 (2021-06-03)

Full Changelog

v2.1.0 (2021-05-26)

Full Changelog

v2.0.0 (2021-05-19)

Full Changelog

* This Changelog was automatically generated by github_changelog_generator