abonerib/jungle
1
0
Fork 0
forked from rarias/jungle
Code Pull Requests Activity
1,483 Commits 21 Branches 0 Tags
Commit Graph

1483 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Aleix Boné
9a48ae45bb Update paraver to 4.12.0 
Adds a new patch to fix libxml2: the m4 AM_PATH_XML2 macro has been
deprecated and is no longer included in the latest nixpkgs unstable.
Upstream recommends using `PKG_CHECK_MODULES` instead.

Reviewed-by: Rodrigo Arias Mallo <rodrigo.arias@bsc.es>
 2025-07-22 12:57:33 +02:00
Aleix Boné
ce8b05b142 Replace xeon07 by hut in ssh config 
The xeon07 machine has been renamed to hut.

Reviewed-by: Rodrigo Arias Mallo <rodrigo.arias@bsc.es>
 2025-07-21 18:10:08 +02:00
Rodrigo Arias Mallo
974bb56dc3 Fix lmbench build issues with GCC 14 
Reviewed-by: Aleix Boné <abonerib@bsc.es>
Tested-by: Rodrigo Arias Mallo <rodrigo.arias@bsc.es>
 2025-07-21 18:01:36 +02:00
Rodrigo Arias Mallo
88d4d8e317 Drop tagaspi from bench6 
Reviewed-by: Aleix Boné <abonerib@bsc.es>
 2025-07-21 18:01:20 +02:00
Rodrigo Arias Mallo
885e04e446 Remove unused inputs from intel compiler 2023 
Reviewed-by: Aleix Boné <abonerib@bsc.es>
 2025-07-21 18:00:39 +02:00
Rodrigo Arias Mallo
4a5787e0c6 Enable automatic Nix GC in raccoon 
Reviewed-by: Aleix Boné <abonerib@bsc.es>
 2025-07-21 17:58:26 +02:00
Rodrigo Arias Mallo
6c11093033 Select proprietary NVIDIA driver in raccoon 
The NVIDIA GTX 960 from 2016 has the Maxwell architecture, and NixOS
suggests using the proprietary driver for older than Turing:

> It is suggested to use the open source kernel modules on Turing or
> later GPUs (RTX series, GTX 16xx), and the closed source modules
> otherwise.

Reviewed-by: Aleix Boné <abonerib@bsc.es>
 2025-07-21 17:58:21 +02:00
Rodrigo Arias Mallo
26f52aa27d Use gcc 13 for intel compiler 2023 
Intel compiler for C++ (icpc) is not able to parse the location of C++
headers from the output of gcc 14, but works fine for gcc 13.

Reviewed-by: Aleix Boné <abonerib@bsc.es>
 2025-07-21 17:23:30 +02:00
Rodrigo Arias Mallo
52fe43bfe1 Fix PATH in intel compiler wrapper 
We need to add the gcc in the PATH, but adding it directly to $PATH
doesn't work, as it will be restored to $path_backup before icc runs. So
for now we simply inject it to path_backup, but ideally we should find a
more robust solution.

Reviewed-by: Aleix Boné <abonerib@bsc.es>
 2025-07-21 17:23:30 +02:00
Rodrigo Arias Mallo
f0637b4569 Drop GPI-2 and TAGASPI 
GPI-2 fails to build, which is needed for TAGASPI.

Reviewed-by: Aleix Boné <abonerib@bsc.es>
 2025-07-21 17:23:30 +02:00
Aleix Boné
6ddfea0a3a Use boost 1.86 for paraver 
Reviewed-by: Rodrigo Arias Mallo <rodrigo.arias@bsc.es>
 2025-07-21 17:23:30 +02:00
Rodrigo Arias Mallo
e7adef1ffa Fix intel-compiler by ignoring broken symlinks 
In the future, we may want to look if those symlinks are needed.

Reviewed-by: Aleix Boné <abonerib@bsc.es>
 2025-07-21 17:23:30 +02:00
Rodrigo Arias Mallo
e82d3c3b9f Upgrade OmpSs-2 LLVM to 2025.06 
Reviewed-by: Aleix Boné <abonerib@bsc.es>
 2025-07-21 17:23:30 +02:00
Rodrigo Arias Mallo
4442b6a706 Update TAMPI to 4.1 
Reviewed-by: Aleix Boné <abonerib@bsc.es>
 2025-07-21 17:23:30 +02:00
Rodrigo Arias Mallo
2d0b014dc7 Update Nanos6 to 4.3 
Reviewed-by: Aleix Boné <abonerib@bsc.es>
 2025-07-21 17:23:30 +02:00
Rodrigo Arias Mallo
867ba3ec5a Update nOS-V to 3.2.0 
Reviewed-by: Aleix Boné <abonerib@bsc.es>
 2025-07-21 17:23:30 +02:00
Rodrigo Arias Mallo
2cacc2b265 Update ovni to 1.12.0 
Reviewed-by: Aleix Boné <abonerib@bsc.es>
 2025-07-21 17:23:30 +02:00
Rodrigo Arias Mallo
e4abd8d8f6 flake.lock: Update 
Flake lock file updates:

• Updated input 'nixpkgs':
    'path:/nix/store/2csx2kkb2hxyxhhmg2xs9jfyypikwwk6-source?lastModified=1736867362&narHash=sha256-i/UJ5I7HoqmFMwZEH6vAvBxOrjjOJNU739lnZnhUln8%3D&rev=9c6b49aeac36e2ed73a8c472f1546f6d9cf1addc' (2025-01-14)
  → 'path:/nix/store/zk8v61cpk1wprp9ld5ayc1g5fq4pdkwv-source?lastModified=1752436162&narHash=sha256-Kt1UIPi7kZqkSc5HVj6UY5YLHHEzPBkgpNUByuyxtlw%3D&rev=dfcd5b901dbab46c9c6e80b265648481aafb01f8' (2025-07-13)

Reviewed-by: Aleix Boné <abonerib@bsc.es>
 2025-07-21 17:23:30 +02:00
Rodrigo Arias Mallo
750504744f Enable open source NVidia driver in fox 
It is recommended for newer versions.

Reviewed-by: Aleix Boné <abonerib@bsc.es>
 2025-07-18 09:57:38 +02:00
Rodrigo Arias Mallo
c26ec1b6f1 Remove option allowUnfree from fox and raccoon 
It is already set to true for all machines.

Reviewed-by: Aleix Boné <abonerib@bsc.es>
 2025-07-18 09:57:21 +02:00
Rodrigo Arias Mallo
2ef32f773c Ban another scanner trying to connect via SSH 
It is constantly spamming out logs:

apex# journalctl | grep 'Connection closed by 84.88.52.176' | wc -l
2255

Reviewed-by: Aleix Boné <abonerib@bsc.es>
 2025-07-18 09:51:49 +02:00
Rodrigo Arias Mallo
fc9fcd602a Update weasel IPMI hostname for monitoring 
Reviewed-by: Aleix Boné <abonerib@bsc.es>
 2025-07-18 09:51:21 +02:00
Rodrigo Arias Mallo
0e37ab5fe1 Remove merged MPICH patch 
Reviewed-by: Aleix Roca Nonell <aleix.rocanonell@bsc.es>
 2025-07-16 13:07:12 +02:00
Rodrigo Arias Mallo
a1b387e454 Remove package ix as it is gone 
Fails with: "error: ix has been removed from Nixpkgs, as the ix.io
pastebin has been offline since Dec. 2023".

Reviewed-by: Aleix Roca Nonell <aleix.rocanonell@bsc.es>
 2025-07-16 13:07:06 +02:00
Rodrigo Arias Mallo
380abe9957 flake.lock: Update 
Flake lock file updates:

• Updated input 'agenix':
    'github:ryantm/agenix/f6291c5935fdc4e0bef208cfc0dcab7e3f7a1c41?narHash=sha256-b%2Buqzj%2BWa6xgMS9aNbX4I%2BsXeb5biPDi39VgvSFqFvU%3D' (2024-08-10)
  → 'github:ryantm/agenix/531beac616433bac6f9e2a19feb8e99a22a66baf?narHash=sha256-9P1FziAwl5%2B3edkfFcr5HeGtQUtrSdk/MksX39GieoA%3D' (2025-06-17)
• Updated input 'agenix/darwin':
    'github:lnl7/nix-darwin/4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d?narHash=sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0%3D' (2023-11-24)
  → 'github:lnl7/nix-darwin/43975d782b418ebf4969e9ccba82466728c2851b?narHash=sha256-dyN%2BteG9G82G%2Bm%2BPX/aSAagkC%2BvUv0SgUw3XkPhQodQ%3D' (2025-04-12)
• Updated input 'agenix/home-manager':
    'github:nix-community/home-manager/3bfaacf46133c037bb356193bd2f1765d9dc82c1?narHash=sha256-7ulcXOk63TIT2lVDSExj7XzFx09LpdSAPtvgtM7yQPE%3D' (2023-12-20)
  → 'github:nix-community/home-manager/abfad3d2958c9e6300a883bd443512c55dfeb1be?narHash=sha256-YZCh2o9Ua1n9uCvrvi5pRxtuVNml8X2a03qIFfRKpFs%3D' (2025-04-24)
• Updated input 'bscpkgs':
    'git+https://git.sr.ht/~rodarima/bscpkgs?ref=refs/heads/master&rev=6782fc6c5b5a29e84a7f2c2d1064f4bcb1288c0f' (2024-11-29)
  → 'git+https://git.sr.ht/~rodarima/bscpkgs?ref=refs/heads/master&rev=9d1944c658929b6f98b3f3803fead4d1b91c4405' (2025-06-11)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/9c6b49aeac36e2ed73a8c472f1546f6d9cf1addc?narHash=sha256-i/UJ5I7HoqmFMwZEH6vAvBxOrjjOJNU739lnZnhUln8%3D' (2025-01-14)
  → 'github:NixOS/nixpkgs/dfcd5b901dbab46c9c6e80b265648481aafb01f8?narHash=sha256-Kt1UIPi7kZqkSc5HVj6UY5YLHHEzPBkgpNUByuyxtlw%3D' (2025-07-13)

Reviewed-by: Aleix Roca Nonell <aleix.rocanonell@bsc.es>
 2025-07-16 13:07:01 +02:00
Rodrigo Arias Mallo
37c12783bb Upgrade nixpkgs to nixos 25.05 
Reviewed-by: Aleix Roca Nonell <aleix.rocanonell@bsc.es>
 2025-07-16 13:06:40 +02:00
Rodrigo Arias Mallo
7379e84e79 Silently ban OpenVAS BSC scanner from apex 
It is spamming our logs with refused connection lines:

apex% sudo journalctl -b0 | grep 'refused connection.*SRC=192.168.8.16' | wc -l
13945

Reviewed-by: Aleix Boné <abonerib@bsc.es>
 2025-07-15 17:40:41 +02:00
Rodrigo Arias Mallo
b802f88df9 Rotate anavarro password and SSH key 
Reviewed-by: Aleix Boné <abonerib@bsc.es>
 2025-07-15 17:24:41 +02:00
Rodrigo Arias Mallo
bd94c4ad00 Add weasel machine configuration 
Reviewed-by: Aleix Boné <abonerib@bsc.es>
 2025-07-15 17:24:38 +02:00
Rodrigo Arias Mallo
570c6e175d Remove extra flush commands on firewall stop 
They are not needed as they are already flushed when the firewall
starts or stops.

Reviewed-by: Aleix Boné <abonerib@bsc.es>
 2025-07-15 11:18:45 +02:00
Rodrigo Arias Mallo
96661dd0d4 Prevent accidental use of nftables 
Reviewed-by: Aleix Boné <abonerib@bsc.es>
 2025-07-15 11:18:42 +02:00
Rodrigo Arias Mallo
28db7799ea Add proxy configuration for internal hosts 
Access internal hosts via apex proxy. From the compute nodes we first
open an SSH connection to apex, and then tunnel it through the HTTP
proxy with netcat.

This way we allow reaching internal GitLab repositories without
requiring the user to have credentials in the remote host, while we can
use multiple remotes to provide redundancy.

Reviewed-by: Aleix Boné <abonerib@bsc.es>
 2025-07-15 11:18:36 +02:00
Rodrigo Arias Mallo
508059c99e Remove unused blackbox configuration modules 
Reviewed-by: Aleix Boné <abonerib@bsc.es>
 2025-07-15 11:18:30 +02:00
Rodrigo Arias Mallo
b9f9cc7d7a Use IPv4 in blackbox probes 
Otherwise they simply fail as IPv6 doesn't work.

Reviewed-by: Aleix Boné <abonerib@bsc.es>
 2025-07-15 11:18:26 +02:00
Rodrigo Arias Mallo
eae0c7cb59 Make NFS mount async to improve latency 
Don't wait to flush writes, as we don't care about consistency on a
crash:

> This option allows the NFS server to violate the NFS protocol and
> reply to requests before any changes made by that request have been
> committed to stable storage (e.g. disc drive).
>
> Using this option usually improves performance, but at the cost that
> an unclean server restart (i.e. a crash) can cause data to be lost or
> corrupted.

Reviewed-by: Aleix Boné <abonerib@bsc.es>
 2025-07-15 11:18:20 +02:00
Rodrigo Arias Mallo
2280635cd6 Disable root_squash from NFS 
Allows root to read files in the NFS export, so we can directly run
`nixos-rebuild switch` from /home.

Reviewed-by: Aleix Boné <abonerib@bsc.es>
 2025-07-15 11:18:16 +02:00
Rodrigo Arias Mallo
16ada09600 Remove SSH proxy to access BSC clusters 
We now have direct connection to them.

Reviewed-by: Aleix Boné <abonerib@bsc.es>
 2025-07-15 11:18:13 +02:00
Rodrigo Arias Mallo
0d291d715c Add users to apex machine 
They need to be able to login to apex to access any other machine from
the SSF rack.

Reviewed-by: Aleix Boné <abonerib@bsc.es>
 2025-07-15 11:18:09 +02:00
Rodrigo Arias Mallo
66001f76f7 Remove proxy from hut HTTP probes 
Reviewed-by: Aleix Boné <abonerib@bsc.es>
 2025-07-15 11:18:04 +02:00
Rodrigo Arias Mallo
1e3b85067d Remove proxy configuration from environment 
All machines have now direct connection with the outside world.

Reviewed-by: Aleix Boné <abonerib@bsc.es>
 2025-07-15 11:18:00 +02:00
Rodrigo Arias Mallo
36ee1f3adc Add storcli utility to apex 
Reviewed-by: Aleix Boné <abonerib@bsc.es>
 2025-07-15 11:17:57 +02:00
Rodrigo Arias Mallo
25e9c071b0 Add new configuration for apex 
Reviewed-by: Aleix Boné <abonerib@bsc.es>
 2025-07-15 11:17:43 +02:00
Rodrigo Arias Mallo
80cee2dbd0 Add pmartin1 user with access to fox 
Reviewed-by: Aleix Boné <abonerib@bsc.es>
 2025-07-03 11:16:43 +02:00
Rodrigo Arias Mallo
ee92934c74 Add access to fox for rpenacob user 
Reviewed-by: Aleix Boné <abonerib@bsc.es>
 2025-07-02 16:58:53 +02:00
Rodrigo Arias Mallo
db0f3fed91 Revert "Only allow Vincent to access fox for now" 
This reverts commit e9e3704b677baed1649583f25e4e1bc050a9534e.

Reviewed-by: Aleix Boné <abonerib@bsc.es>
 2025-07-02 16:58:49 +02:00
Aleix Boné
adeaa0484d Add all terminfo files in environment 
Fixes problems with the kitty terminal when opening vim or kakoune.

Reviewed-by: Rodrigo Arias Mallo <rodrigo.arias@bsc.es>
 2025-07-02 16:02:45 +02:00
Rodrigo Arias Mallo
815810830e Monitor Fox BMC with ICMP probes too 
Reviewed-by: Aleix Boné <abonerib@bsc.es>
 2025-07-02 15:51:22 +02:00
Rodrigo Arias Mallo
7a52e1907c Restrict DAC VPN to fox-ipmi machine only 
Reviewed-by: Aleix Boné <abonerib@bsc.es>
 2025-07-02 15:51:19 +02:00
Rodrigo Arias Mallo
22a2e1b9e8 Monitor fox via VPN 
Reviewed-by: Aleix Boné <abonerib@bsc.es>
 2025-07-02 15:51:16 +02:00
Rodrigo Arias Mallo
f29461ae32 Add OpenVPN service to connect to fox BMC 
Reviewed-by: Aleix Boné <abonerib@bsc.es>
 2025-07-02 15:51:13 +02:00