rarias/jungle
2
0
Fork 3
Code Issues 57 Pull Requests 7 Actions Packages Projects Releases Wiki Activity

Compare commits

base: rarias:add-fpga-u280
Branches Tags
rarias:master rarias:enableStrictDeps rarias:fox-regression rarias:pkgs/tacuda rarias:pkgs/tasycl rarias:robust-fetchGit rarias:old-master rarias:gitea-lfs rarias:only-restart-logins rarias:monitor-gpfs-home rarias:add-tent-machine rarias:m/raccoon rarias:add-fpga-u280 rarias:maintenance-purchase rarias:add-fox-machine rarias:share-files rarias:shared-nix-store rarias:intro-nix rarias:lake2-ipoib
..
compare: rarias:shared-nix-store
Branches Tags
rarias:master rarias:enableStrictDeps rarias:fox-regression rarias:pkgs/tacuda rarias:pkgs/tasycl rarias:robust-fetchGit rarias:old-master rarias:gitea-lfs rarias:only-restart-logins rarias:monitor-gpfs-home rarias:add-tent-machine rarias:m/raccoon rarias:add-fpga-u280 rarias:maintenance-purchase rarias:add-fox-machine rarias:share-files rarias:shared-nix-store rarias:intro-nix rarias:lake2-ipoib

11 Commits
add-fpga-u ... shared-nix

Author SHA1 Message Date
Rodrigo Arias Mallo
e065cde376 Use NixOS attributes for the install section 2023-09-18 19:27:14 +02:00
Rodrigo Arias Mallo
3bb0b550aa Add a RequiredBy dependency for remote-fs.target 2023-09-18 19:05:58 +02:00
Rodrigo Arias Mallo
e4cbcab81c Use a systemd mount directly for the nix store 
Allows the LazyUnmount option and avoids the stage1 hack with
/nix//store.
 2023-09-18 18:53:40 +02:00
Rodrigo Arias Mallo
77b41a90e2 Patch nix instead of using an override unit 2023-09-18 18:06:51 +02:00
Rodrigo Arias Mallo
1fc6891dc6 Remove nix-daemon.socket dependency of /nix/store 
The dependency causes a cycle as the nix store will be mounted after the
network is ready, which itself depends on the socket.target which
requires the nix-daemon.socket to be ready too.
 2023-09-18 17:28:47 +02:00
Rodrigo Arias Mallo
8c11c7460a Delay the mount until the network is ready 2023-09-18 16:07:46 +02:00
Rodrigo Arias Mallo
e6014511f5 Wait for the NFS hut store to be mounted 2023-09-18 15:50:37 +02:00
Rodrigo Arias Mallo
320c58ce48 Prevent the overlay to be mounted in stage1 2023-09-18 13:57:41 +02:00
Rodrigo Arias Mallo
d145ee9b2c Mount the overlay in /nix/store 2023-09-18 13:02:32 +02:00
Rodrigo Arias Mallo
140178d58e Begin the nix store overlay 
We need to disable the read-only bind mount, so we can directly bind
mount the overlay.
 2023-09-18 11:22:24 +02:00
Rodrigo Arias Mallo
d48f3b989a Enable direnv integration 2023-09-17 22:27:51 +02:00
82 changed files with 815 additions and 2091 deletions
Expand all files Collapse all files

BIN
doc/R1000WF_SystemIntegration_and_ServiceGuide_Rev2_4.pdf
View File

Binary file not shown.

24
doc/install.md
View File

@@ -150,27 +150,3 @@ And update grub.
``` ```
# nix build .#nixosConfigurations.xeon02.config.system.build.kexecTree -v # nix build .#nixosConfigurations.xeon02.config.system.build.kexecTree -v
``` ```
## Chain NixOS in same disk with other systems
To install NixOS on a partition along another system which controls the GRUB,
first disable the grub device, so the GRUB is not installed in the disk by
NixOS (only the /boot files will be generated):
```
boot.loader.grub.device = "nodev";
```
Then add the following entry to the old GRUB configuration:
```
menuentry 'NixOS' {
insmod chain
search --no-floppy --label nixos --set root
configfile /boot/grub/grub.cfg
}
```
The partition with NixOS must have the label "nixos" for it to be found. New
system configuration entries will be stored in the GRUB configuration managed
by NixOS, so there is no need to change the old GRUB settings.

54
flake.lock generated
View File

@@ -6,15 +6,14 @@
"home-manager": "home-manager", "home-manager": "home-manager",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
], ]
"systems": "systems"
}, },
"locked": { "locked": {
"lastModified": 1720546205, "lastModified": 1690228878,
"narHash": "sha256-boCXsjYVxDviyzoEyAk624600f3ZBo/DKtUdvMTpbGY=", "narHash": "sha256-9Xe7JV0krp4RJC9W9W9WutZVlw6BlHTFMiUP/k48LQY=",
"owner": "ryantm", "owner": "ryantm",
"repo": "agenix", "repo": "agenix",
"rev": "de96bd907d5fbc3b14fc33ad37d1b9a3cb15edc6", "rev": "d8c973fd228949736dedf61b7f8cc1ece3236792",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -30,17 +29,17 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1713974364, "lastModified": 1694708510,
"narHash": "sha256-ilZTVWSaNP1ibhQIIRXE+q9Lj2XOH+F9W3Co4QyY1eU=", "narHash": "sha256-72bvRBhq8Q8V6ibsR9lyBE92V2EC6C6Ek3J5cOM79So=",
"ref": "refs/heads/master", "ref": "refs/heads/master",
"rev": "de89197a4a7b162db7df9d41c9d07759d87c5709", "rev": "3a4062ac04be6263c64a481420d8e768c2521b80",
"revCount": 937, "revCount": 862,
"type": "git", "type": "git",
"url": "https://git.sr.ht/~rodarima/bscpkgs" "url": "https://pm.bsc.es/gitlab/rarias/bscpkgs.git"
}, },
"original": { "original": {
"type": "git", "type": "git",
"url": "https://git.sr.ht/~rodarima/bscpkgs" "url": "https://pm.bsc.es/gitlab/rarias/bscpkgs.git"
} }
}, },
"darwin": { "darwin": {
@@ -51,11 +50,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1700795494, "lastModified": 1673295039,
"narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=", "narHash": "sha256-AsdYgE8/GPwcelGgrntlijMg4t3hLFJFCRF3tL5WVjA=",
"owner": "lnl7", "owner": "lnl7",
"repo": "nix-darwin", "repo": "nix-darwin",
"rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d", "rev": "87b9d090ad39b25b2400029c64825fc2a8868943",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -73,11 +72,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1703113217, "lastModified": 1682203081,
"narHash": "sha256-7ulcXOk63TIT2lVDSExj7XzFx09LpdSAPtvgtM7yQPE=", "narHash": "sha256-kRL4ejWDhi0zph/FpebFYhzqlOBrk0Pl3dzGEKSAlEw=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "3bfaacf46133c037bb356193bd2f1765d9dc82c1", "rev": "32d3e39c491e2f91152c84f8ad8b003420eab0a1",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -88,11 +87,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1720957393, "lastModified": 1693663421,
"narHash": "sha256-oedh2RwpjEa+TNxhg5Je9Ch6d3W1NKi7DbRO1ziHemA=", "narHash": "sha256-ImMIlWE/idjcZAfxKK8sQA7A1Gi/O58u5/CJA+mxvl8=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "693bc46d169f5af9c992095736e82c3488bf7dbb", "rev": "e56990880811a451abd32515698c712788be5720",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -108,21 +107,6 @@
"bscpkgs": "bscpkgs", "bscpkgs": "bscpkgs",
"nixpkgs": "nixpkgs" "nixpkgs": "nixpkgs"
} }
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
} }
}, },
"root": "root", "root": "root",

17
flake.nix
View File

@@ -3,7 +3,7 @@
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
agenix.url = "github:ryantm/agenix"; agenix.url = "github:ryantm/agenix";
agenix.inputs.nixpkgs.follows = "nixpkgs"; agenix.inputs.nixpkgs.follows = "nixpkgs";
bscpkgs.url = "git+https://git.sr.ht/~rodarima/bscpkgs"; bscpkgs.url = "git+https://pm.bsc.es/gitlab/rarias/bscpkgs.git";
bscpkgs.inputs.nixpkgs.follows = "nixpkgs"; bscpkgs.inputs.nixpkgs.follows = "nixpkgs";
}; };
@@ -17,14 +17,13 @@ let
in in
{ {
nixosConfigurations = { nixosConfigurations = {
hut = mkConf "hut"; hut = mkConf "hut";
owl1 = mkConf "owl1"; owl1 = mkConf "owl1";
owl2 = mkConf "owl2"; owl2 = mkConf "owl2";
eudy = mkConf "eudy"; eudy = mkConf "eudy";
koro = mkConf "koro"; koro = mkConf "koro";
bay = mkConf "bay"; bay = mkConf "bay";
lake2 = mkConf "lake2"; lake2 = mkConf "lake2";
raccoon = mkConf "raccoon";
}; };
packages.x86_64-linux = self.nixosConfigurations.hut.pkgs // { packages.x86_64-linux = self.nixosConfigurations.hut.pkgs // {

22
m/bay/configuration.nix
View File

@@ -2,21 +2,21 @@
{ {
imports = [ imports = [
../common/xeon.nix ../common/main.nix
../module/monitoring.nix ../common/monitoring.nix
]; ];
# Select the this using the ID to avoid mismatches # Select the this using the ID to avoid mismatches
boot.loader.grub.device = "/dev/disk/by-id/wwn-0x55cd2e414d53562d"; boot.loader.grub.device = "/dev/disk/by-id/wwn-0x55cd2e414d53562d";
boot.kernel.sysctl = {
"kernel.yama.ptrace_scope" = lib.mkForce "1";
};
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
ceph ceph
]; ];
services.slurm = {
client.enable = lib.mkForce false;
};
networking = { networking = {
hostName = "bay"; hostName = "bay";
interfaces.eno1.ipv4.addresses = [ { interfaces.eno1.ipv4.addresses = [ {
@@ -27,16 +27,6 @@
address = "10.0.42.40"; address = "10.0.42.40";
prefixLength = 24; prefixLength = 24;
} ]; } ];
firewall = {
extraCommands = ''
# Accept all incoming TCP traffic from lake2
iptables -A nixos-fw -p tcp -s lake2 -j nixos-fw-accept
# Accept monitoring requests from hut
iptables -A nixos-fw -p tcp -s hut -m multiport --dport 9283,9002 -j nixos-fw-accept
# Accept all Ceph traffic from the local network
iptables -A nixos-fw -p tcp -s 10.0.40.0/24 -m multiport --dport 3300,6789,6800:7568 -j nixos-fw-accept
'';
};
}; };
services.ceph = { services.ceph = {

0
m/common/base/agenix.nix → m/common/agenix.nix
View File

20
m/common/base.nix
View File

@@ -1,20 +0,0 @@
{
# All machines should include this profile.
# Includes the basic configuration for an Intel server.
imports = [
./base/agenix.nix
./base/august-shutdown.nix
./base/boot.nix
./base/env.nix
./base/fs.nix
./base/hw.nix
./base/net.nix
./base/nix.nix
./base/ntp.nix
./base/rev.nix
./base/ssh.nix
./base/users.nix
./base/watchdog.nix
./base/zsh.nix
];
}

14
m/common/base/august-shutdown.nix
View File

@@ -1,14 +0,0 @@
{
# Shutdown all machines on August 2nd at 11:00 AM, so we can protect the
# hardware from spurious electrical peaks on the yearly electrical cut for
# manteinance that starts on August 4th.
systemd.timers.august-shutdown = {
description = "Shutdown on August 2nd for maintenance";
wantedBy = [ "timers.target" ];
timerConfig = {
OnCalendar = "*-08-02 11:00:00";
RandomizedDelaySec = "10min";
Unit = "systemd-poweroff.service";
};
};
}

35
m/common/base/env.nix
View File

@@ -1,35 +0,0 @@
{ pkgs, config, ... }:
{
environment.systemPackages = with pkgs; [
vim wget git htop tmux pciutils tcpdump ripgrep nix-index nixos-option
nix-diff ipmitool freeipmi ethtool lm_sensors ix cmake gnumake file tree
ncdu config.boot.kernelPackages.perf ldns
# From bsckgs overlay
osumb
];
programs.direnv.enable = true;
# Increase limits
security.pam.loginLimits = [
{
domain = "*";
type = "-";
item = "memlock";
value = "1048576"; # 1 GiB of mem locked
}
];
environment.variables = {
EDITOR = "vim";
VISUAL = "vim";
};
programs.bash.promptInit = ''
PS1="\h\\$ "
'';
time.timeZone = "Europe/Madrid";
i18n.defaultLocale = "en_DK.UTF-8";
}

19
m/common/base/net.nix
View File

@@ -1,19 +0,0 @@
{ pkgs, ... }:
{
networking = {
enableIPv6 = false;
useDHCP = false;
firewall = {
enable = true;
allowedTCPPorts = [ 22 ];
};
hosts = {
"84.88.53.236" = [ "ssfhead.bsc.es" "ssfhead" ];
"84.88.51.152" = [ "raccoon" ];
"84.88.51.142" = [ "raccoon-ipmi" ];
};
};
}

58
m/common/base/nix.nix
View File

@@ -1,58 +0,0 @@
{ pkgs, nixpkgs, bscpkgs, theFlake, ... }:
{
nixpkgs.overlays = [
bscpkgs.bscOverlay
(import ../../../pkgs/overlay.nix)
];
nix = {
nixPath = [
"nixpkgs=${nixpkgs}"
"jungle=${theFlake.outPath}"
];
registry = {
nixpkgs.flake = nixpkgs;
jungle.flake = theFlake;
};
settings = {
experimental-features = [ "nix-command" "flakes" ];
sandbox = "relaxed";
trusted-users = [ "@wheel" ];
flake-registry = pkgs.writeText "global-registry.json"
''{"flakes":[],"version":2}'';
keep-outputs = true;
};
gc = {
automatic = true;
dates = "weekly";
options = "--delete-older-than 30d";
};
};
# The nix-gc.service can begin its execution *before* /home is mounted,
# causing it to remove all gcroots considering them as stale, as it cannot
# access the symlink. To prevent this problem, we force the service to wait
# until /home is mounted as well as other remote FS like /ceph.
systemd.services.nix-gc = {
# Start remote-fs.target if not already being started and fail if it fails
# to start. It will also be stopped if the remote-fs.target fails after
# starting successfully.
bindsTo = [ "remote-fs.target" ];
# Wait until remote-fs.target fully starts before starting this one.
after = [ "remote-fs.target"];
# Ensure we can access a remote path inside /home
unitConfig.ConditionPathExists = "/home/Computational";
};
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "22.11"; # Did you read the comment?
}

12
m/common/base/boot.nix → m/common/boot.nix
View File

@@ -2,7 +2,7 @@
{ {
# Use the GRUB 2 boot loader. # Use the GRUB 2 boot loader.
boot.loader.grub.enable = true; boot.loader.grub.enable = lib.mkForce true;
# Enable GRUB2 serial console # Enable GRUB2 serial console
boot.loader.grub.extraConfig = '' boot.loader.grub.extraConfig = ''
@@ -11,12 +11,14 @@
terminal_output --append serial terminal_output --append serial
''; '';
# Enable serial console
boot.kernelParams = [
"console=tty1"
"console=ttyS0,115200"
];
boot.kernel.sysctl = { boot.kernel.sysctl = {
"kernel.perf_event_paranoid" = lib.mkDefault "-1"; "kernel.perf_event_paranoid" = lib.mkDefault "-1";
# Allow ptracing (i.e. attach with GDB) any process of the same user, see:
# https://www.kernel.org/doc/Documentation/security/Yama.txt
"kernel.yama.ptrace_scope" = "0";
}; };
boot.kernelPackages = pkgs.linuxPackages_latest; boot.kernelPackages = pkgs.linuxPackages_latest;

10
m/common/base/fs.nix → m/common/fs.nix
View File

@@ -13,12 +13,16 @@
[ { device = "/dev/disk/by-label/swap"; } [ { device = "/dev/disk/by-label/swap"; }
]; ];
# Mount the home via NFS
fileSystems."/home" = {
device = "10.0.40.30:/home";
fsType = "nfs";
options = [ "nfsvers=3" "rsize=1024" "wsize=1024" "cto" "nofail" ];
};
# Tracing # Tracing
fileSystems."/sys/kernel/tracing" = { fileSystems."/sys/kernel/tracing" = {
device = "none"; device = "none";
fsType = "tracefs"; fsType = "tracefs";
}; };
# Mount a tmpfs into /tmp
boot.tmp.useTmpfs = true;
} }

0
m/common/base/hw.nix → m/common/hw.nix
View File

97
m/common/main.nix Normal file
View File

@@ -0,0 +1,97 @@
{ config, pkgs, nixpkgs, bscpkgs, agenix, theFlake, ... }:
{
imports = [
./agenix.nix
./boot.nix
./fs.nix
./hw.nix
./net.nix
./ntp.nix
./slurm.nix
./ssh.nix
./users.nix
./watchdog.nix
./rev.nix
./zsh.nix
];
nixpkgs.overlays = [
bscpkgs.bscOverlay
(import ../../pkgs/overlay.nix)
];
system.configurationRevision =
if theFlake ? rev
then theFlake.rev
else throw ("Refusing to build from a dirty Git tree!");
nix.nixPath = [
"nixpkgs=${nixpkgs}"
"jungle=${theFlake.outPath}"
];
nix.settings.flake-registry =
pkgs.writeText "global-registry.json" ''{"flakes":[],"version":2}'';
nix.registry.nixpkgs.flake = nixpkgs;
nix.registry.jungle.flake = theFlake;
environment.systemPackages = with pkgs; [
vim wget git htop tmux pciutils tcpdump ripgrep nix-index nixos-option
nix-diff ipmitool freeipmi ethtool lm_sensors ix cmake gnumake file tree
ncdu config.boot.kernelPackages.perf ldns
# From bsckgs overlay
bsc.osumb
];
programs.direnv.enable = true;
systemd.services."serial-getty@ttyS0" = {
enable = true;
wantedBy = [ "getty.target" ];
serviceConfig.Restart = "always";
};
# Increase limits
security.pam.loginLimits = [
{
domain = "*";
type = "-";
item = "memlock";
value = "1048576"; # 1 GiB of mem locked
}
];
time.timeZone = "Europe/Madrid";
i18n.defaultLocale = "en_DK.UTF-8";
environment.variables = {
EDITOR = "vim";
VISUAL = "vim";
};
nix.settings.experimental-features = [ "nix-command" "flakes" ];
nix.settings.sandbox = "relaxed";
nix.settings.trusted-users = [ "@wheel" ];
nix.gc.automatic = true;
nix.gc.dates = "weekly";
nix.gc.options = "--delete-older-than 30d";
programs.bash.promptInit = ''
PS1="\h\\$ "
'';
# Copy the NixOS configuration file and link it from the resulting system
# (/run/current-system/configuration.nix). This is useful in case you
# accidentally delete configuration.nix.
#system.copySystemConfiguration = true;
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "22.11"; # Did you read the comment?
}

0
m/module/monitoring.nix → m/common/monitoring.nix
View File

12
m/common/xeon/net.nix → m/common/net.nix
View File

@@ -6,11 +6,12 @@
boot.kernelModules = [ "ib_umad" "ib_ipoib" ]; boot.kernelModules = [ "ib_umad" "ib_ipoib" ];
networking = { networking = {
enableIPv6 = false;
useDHCP = false;
defaultGateway = "10.0.40.30"; defaultGateway = "10.0.40.30";
nameservers = ["8.8.8.8"]; nameservers = ["8.8.8.8"];
proxy = { proxy = {
default = "http://hut:23080/"; default = "http://localhost:23080/";
noProxy = "127.0.0.1,localhost,internal.domain,10.0.40.40"; noProxy = "127.0.0.1,localhost,internal.domain,10.0.40.40";
# Don't set all_proxy as go complains and breaks the gitlab runner, see: # Don't set all_proxy as go complains and breaks the gitlab runner, see:
# https://github.com/golang/go/issues/16715 # https://github.com/golang/go/issues/16715
@@ -18,9 +19,11 @@
}; };
firewall = { firewall = {
enable = true;
allowedTCPPorts = [ 22 ];
extraCommands = '' extraCommands = ''
# Prevent ssfhead from contacting our slurmd daemon # Prevent ssfhead from contacting our slurmd daemon
iptables -A nixos-fw -p tcp -s ssfhead --dport 6817:6819 -j nixos-fw-refuse iptables -A nixos-fw -p tcp -s ssfhead --dport 6817:6819 -j nixos-fw-log-refuse
# But accept traffic to slurm ports from any other node in the subnet # But accept traffic to slurm ports from any other node in the subnet
iptables -A nixos-fw -p tcp -s 10.0.40.0/24 --dport 6817:6819 -j nixos-fw-accept iptables -A nixos-fw -p tcp -s 10.0.40.0/24 --dport 6817:6819 -j nixos-fw-accept
# We also need to open the srun port range # We also need to open the srun port range
@@ -29,7 +32,8 @@
}; };
extraHosts = '' extraHosts = ''
10.0.40.30 ssfhead 10.0.40.30 ssfhead
84.88.53.236 ssfhead.bsc.es ssfhead
# Node Entry for node: mds01 (ID=72) # Node Entry for node: mds01 (ID=72)
10.0.40.40 bay mds01 mds01-eth0 10.0.40.40 bay mds01 mds01-eth0

0
m/common/base/ntp.nix → m/common/ntp.nix
View File

3
m/common/base/rev.nix → m/common/rev.nix
View File

@@ -1,7 +1,6 @@
{ theFlake, ... }: { theFlake, ... }:
let let
# Prevent building a configuration without revision
rev = if theFlake ? rev then theFlake.rev rev = if theFlake ? rev then theFlake.rev
else throw ("Refusing to build from a dirty Git tree!"); else throw ("Refusing to build from a dirty Git tree!");
in { in {
@@ -16,6 +15,4 @@ in {
DATENOW=$(date --iso-8601=seconds) DATENOW=$(date --iso-8601=seconds)
echo "$DATENOW booted=$BOOTED current=$CURRENT next=$NEXT" >> /var/configrev.log echo "$DATENOW booted=$BOOTED current=$CURRENT next=$NEXT" >> /var/configrev.log
''; '';
system.configurationRevision = rev;
} }

12
m/module/slurm-client.nix → m/common/slurm.nix
View File

@@ -47,8 +47,8 @@ in {
]; ];
partitionName = [ partitionName = [
"owl Nodes=owl[1-2] Default=YES DefaultTime=01:00:00 MaxTime=INFINITE State=UP" "owl Nodes=owl[1-2] Default=YES MaxTime=INFINITE State=UP"
"all Nodes=owl[1-2],hut Default=NO DefaultTime=01:00:00 MaxTime=INFINITE State=UP" "all Nodes=owl[1-2],hut Default=NO MaxTime=INFINITE State=UP"
]; ];
# See slurm.conf(5) for more details about these options. # See slurm.conf(5) for more details about these options.
@@ -83,14 +83,6 @@ in {
# Reduce port range so we can allow only this range in the firewall # Reduce port range so we can allow only this range in the firewall
SrunPortRange=60000-61000 SrunPortRange=60000-61000
# Use cores as consumable resources. In SLURM terms, a core may have
# multiple hardware threads (or CPUs).
SelectType=select/cons_tres
# Ignore memory constraints and only use unused cores to share a node with
# other jobs.
SelectTypeParameters=CR_Core
''; '';
}; };

9
m/common/base/ssh.nix → m/common/ssh.nix
View File

@@ -1,13 +1,20 @@
{ lib, ... }: { lib, ... }:
let let
keys = import ../../../keys.nix; keys = import ../../keys.nix;
hostsKeys = lib.mapAttrs (name: value: { publicKey = value; }) keys.hosts; hostsKeys = lib.mapAttrs (name: value: { publicKey = value; }) keys.hosts;
in in
{ {
# Enable the OpenSSH daemon. # Enable the OpenSSH daemon.
services.openssh.enable = true; services.openssh.enable = true;
# Connect to intranet git hosts via proxy
programs.ssh.extraConfig = ''
Host bscpm02.bsc.es bscpm03.bsc.es gitlab-internal.bsc.es alya.gitlab.bsc.es
User git
ProxyCommand nc -X connect -x localhost:23080 %h %p
'';
programs.ssh.knownHosts = hostsKeys // { programs.ssh.knownHosts = hostsKeys // {
"gitlab-internal.bsc.es".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF9arsAOSRB06hdy71oTvJHG2Mg8zfebADxpvc37lZo3"; "gitlab-internal.bsc.es".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF9arsAOSRB06hdy71oTvJHG2Mg8zfebADxpvc37lZo3";
"bscpm03.bsc.es".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM2NuSUPsEhqz1j5b4Gqd+MWFnRqyqY57+xMvBUqHYUS"; "bscpm03.bsc.es".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM2NuSUPsEhqz1j5b4Gqd+MWFnRqyqY57+xMvBUqHYUS";

51
m/common/base/users.nix → m/common/users.nix
View File

@@ -1,10 +1,6 @@
{ pkgs, ... }: { pkgs, ... }:
{ {
imports = [
../../module/jungle-users.nix
];
users = { users = {
mutableUsers = false; mutableUsers = false;
users = { users = {
@@ -20,7 +16,6 @@
rarias = { rarias = {
uid = 1880; uid = 1880;
isNormalUser = true; isNormalUser = true;
linger = true;
home = "/home/Computational/rarias"; home = "/home/Computational/rarias";
description = "Rodrigo Arias"; description = "Rodrigo Arias";
group = "Computational"; group = "Computational";
@@ -40,23 +35,20 @@
home = "/home/Computational/arocanon"; home = "/home/Computational/arocanon";
description = "Aleix Roca"; description = "Aleix Roca";
group = "Computational"; group = "Computational";
extraGroups = [ "wheel" "tracing" ]; extraGroups = [ "wheel" ];
hashedPassword = "$6$hliZiW4tULC/tH7p$pqZarwJkNZ7vS0G5llWQKx08UFG9DxDYgad7jplMD8WkZh5k58i4dfPoWtnEShfjTO6JHiIin05ny5lmSXzGM/"; hashedPassword = "$6$hliZiW4tULC/tH7p$pqZarwJkNZ7vS0G5llWQKx08UFG9DxDYgad7jplMD8WkZh5k58i4dfPoWtnEShfjTO6JHiIin05ny5lmSXzGM/";
openssh.authorizedKeys.keys = [ openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF3zeB5KSimMBAjvzsp1GCkepVaquVZGPYwRIzyzaCba aleix@bsc" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF3zeB5KSimMBAjvzsp1GCkepVaquVZGPYwRIzyzaCba aleix@bsc"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGdphWxLAEekicZ/WBrvP7phMyxKSSuLAZBovNX+hZXQ aleix@kerneland" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGdphWxLAEekicZ/WBrvP7phMyxKSSuLAZBovNX+hZXQ aleix@kerneland"
]; ];
}; };
};
jungleUsers = {
rpenacob = { rpenacob = {
uid = 2761; uid = 2761;
isNormalUser = true; isNormalUser = true;
home = "/home/Computational/rpenacob"; home = "/home/Computational/rpenacob";
description = "Raúl Peñacoba"; description = "Raúl Peñacoba";
group = "Computational"; group = "Computational";
hosts = [ "owl1" "owl2" "hut" ];
hashedPassword = "$6$TZm3bDIFyPrMhj1E$uEDXoYYd1z2Wd5mMPfh3DZAjP7ztVjJ4ezIcn82C0ImqafPA.AnTmcVftHEzLB3tbe2O4SxDyPSDEQgJ4GOtj/"; hashedPassword = "$6$TZm3bDIFyPrMhj1E$uEDXoYYd1z2Wd5mMPfh3DZAjP7ztVjJ4ezIcn82C0ImqafPA.AnTmcVftHEzLB3tbe2O4SxDyPSDEQgJ4GOtj/";
openssh.authorizedKeys.keys = [ openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFYfXg37mauGeurqsLpedgA2XQ9d4Nm0ZGo/hI1f7wwH rpenacob@bsc" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFYfXg37mauGeurqsLpedgA2XQ9d4Nm0ZGo/hI1f7wwH rpenacob@bsc"
@@ -69,56 +61,15 @@
home = "/home/Computational/anavarro"; home = "/home/Computational/anavarro";
description = "Antoni Navarro"; description = "Antoni Navarro";
group = "Computational"; group = "Computational";
hosts = [ "hut" "raccoon" ];
hashedPassword = "$6$QdNDsuLehoZTYZlb$CDhCouYDPrhoiB7/seu7RF.Gqg4zMQz0n5sA4U1KDgHaZOxy2as9pbIGeF8tOHJKRoZajk5GiaZv0rZMn7Oq31"; hashedPassword = "$6$QdNDsuLehoZTYZlb$CDhCouYDPrhoiB7/seu7RF.Gqg4zMQz0n5sA4U1KDgHaZOxy2as9pbIGeF8tOHJKRoZajk5GiaZv0rZMn7Oq31";
openssh.authorizedKeys.keys = [ openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILWjRSlKgzBPZQhIeEtk6Lvws2XNcYwHcwPv4osSgst5 anavarro@ssfhead" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILWjRSlKgzBPZQhIeEtk6Lvws2XNcYwHcwPv4osSgst5 anavarro@ssfhead"
]; ];
}; };
abonerib = {
uid = 4541;
isNormalUser = true;
home = "/home/Computational/abonerib";
description = "Aleix Boné";
group = "Computational";
hosts = [ "owl1" "owl2" "hut" "raccoon" ];
hashedPassword = "$6$V1EQWJr474whv7XJ$OfJ0wueM2l.dgiJiiah0Tip9ITcJ7S7qDvtSycsiQ43QBFyP4lU0e0HaXWps85nqB4TypttYR4hNLoz3bz662/";
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIIFiqXqt88VuUfyANkZyLJNiuroIITaGlOOTMhVDKjf abonerib@bsc"
];
};
vlopez = {
uid = 4334;
isNormalUser = true;
home = "/home/Computational/vlopez";
description = "Victor López";
group = "Computational";
hosts = [ "koro" ];
hashedPassword = "$6$0ZBkgIYE/renVqtt$1uWlJsb0FEezRVNoETTzZMx4X2SvWiOsKvi0ppWCRqI66S6TqMBXBdP4fcQyvRRBt0e4Z7opZIvvITBsEtO0f0";
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGMwlUZRf9jfG666Qa5Sb+KtEhXqkiMlBV2su3x/dXHq victor@arch"
];
};
dbautist = {
uid = 5649;
isNormalUser = true;
home = "/home/Computational/dbautist";
description = "Dylan Bautista Cases";
group = "Computational";
hosts = [ "hut" "raccoon" ];
hashedPassword = "$6$a2lpzMRVkG9nSgIm$12G6.ka0sFX1YimqJkBAjbvhRKZ.Hl090B27pdbnQOW0wzyxVWySWhyDDCILjQELky.HKYl9gqOeVXW49nW7q/";
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAb+EQBoS98zrCwnGKkHKwMLdYABMTqv7q9E0+T0QmkS dbautist@bsc-848818791"
];
};
}; };
groups = { groups = {
Computational = { gid = 564; }; Computational = { gid = 564; };
tracing = { };
}; };
}; };
} }

0
m/common/base/watchdog.nix → m/common/watchdog.nix
View File

10
m/common/xeon.nix
View File

@@ -1,10 +0,0 @@
{
# Provides the base system for a xeon node.
imports = [
./base.nix
./xeon/console.nix
./xeon/fs.nix
./xeon/net.nix
./xeon/ssh.nix
];
}

14
m/common/xeon/console.nix
View File

@@ -1,14 +0,0 @@
{
# Restart the serial console
systemd.services."serial-getty@ttyS0" = {
enable = true;
wantedBy = [ "getty.target" ];
serviceConfig.Restart = "always";
};
# Enable serial console
boot.kernelParams = [
"console=tty1"
"console=ttyS0,115200"
];
}

8
m/common/xeon/fs.nix
View File

@@ -1,8 +0,0 @@
{
# Mount the home via NFS
fileSystems."/home" = {
device = "10.0.40.30:/home";
fsType = "nfs";
options = [ "nfsvers=3" "rsize=1024" "wsize=1024" "cto" "nofail" ];
};
}

8
m/common/xeon/ssh.nix
View File

@@ -1,8 +0,0 @@
{
# Connect to intranet git hosts via proxy
programs.ssh.extraConfig = ''
Host bscpm02.bsc.es bscpm03.bsc.es gitlab-internal.bsc.es alya.gitlab.bsc.es
User git
ProxyCommand nc -X connect -x hut:23080 %h %p
'';
}

0
m/common/base/zsh.nix → m/common/zsh.nix
View File

4
m/eudy/configuration.nix
View File

@@ -2,14 +2,14 @@
{ {
imports = [ imports = [
../common/xeon.nix ../common/main.nix
#(modulesPath + "/installer/netboot/netboot-minimal.nix") #(modulesPath + "/installer/netboot/netboot-minimal.nix")
./kernel/kernel.nix ./kernel/kernel.nix
./cpufreq.nix ./cpufreq.nix
./fs.nix ./fs.nix
./users.nix ./users.nix
../module/debuginfod.nix ./slurm.nix
]; ];
# Select this using the ID to avoid mismatches # Select this using the ID to avoid mismatches

34
m/eudy/kernel/kernel.nix
View File

@@ -21,9 +21,9 @@ let
# configfile = if lockdep then ./configs/lockdep else ./configs/defconfig; # configfile = if lockdep then ./configs/lockdep else ./configs/defconfig;
#}; #};
kernel = nixos-fcs; kernel = nixos-fcsv3;
nixos-fcs-kernel = lib.makeOverridable ({gitCommit, lockStat ? false, preempt ? false, branch ? "fcs"}: pkgs.linuxPackagesFor (pkgs.buildLinux rec { nixos-fcs-kernel = {gitCommit, lockStat ? false, preempt ? false, branch ? "fcs"}: pkgs.linuxPackagesFor (pkgs.buildLinux rec {
version = "6.2.8"; version = "6.2.8";
src = builtins.fetchGit { src = builtins.fetchGit {
url = "git@bscpm03.bsc.es:ompss-kernel/linux.git"; url = "git@bscpm03.bsc.es:ompss-kernel/linux.git";
@@ -40,13 +40,35 @@ let
}; };
kernelPatches = []; kernelPatches = [];
extraMeta.branch = lib.versions.majorMinor version; extraMeta.branch = lib.versions.majorMinor version;
})); });
nixos-fcs = nixos-fcs-kernel {gitCommit = "8a09822dfcc8f0626b209d6d2aec8b5da459dfee";}; nixos-fcsv1 = nixos-fcs-kernel {gitCommit = "bc11660676d3d68ce2459b9fb5d5e654e3f413be";};
nixos-fcs-lockstat = nixos-fcs.override { nixos-fcsv2 = nixos-fcs-kernel {gitCommit = "db0f2eca0cd57a58bf456d7d2c7d5d8fdb25dfb1";};
nixos-fcsv3 = nixos-fcs-kernel {gitCommit = "6c17394890704c3345ac1a521bb547164b36b154";};
# always use fcs_sched_setaffinity
#nixos-debug = nixos-fcs-kernel {gitCommit = "7d0bf285fca92badc8df3c9907a9ab30db4418aa";};
# remove need_check_cgroup
#nixos-debug = nixos-fcs-kernel {gitCommit = "4cc4efaab5e4a0bfa3089e935215b981c1922919";};
# merge again fcs_wake and fcs_wait
#nixos-debug = nixos-fcs-kernel {gitCommit = "40c6f72f4ae54b0b636b193ac0648fb5730c810d";};
# start from scratch, this is the working version with split fcs_wake and fcs_wait
nixos-debug = nixos-fcs-kernel {gitCommit = "c9a39d6a4ca83845b4e71fcc268fb0a76aff1bdf"; branch = "fcs-test"; };
nixos-fcsv1-lockstat = nixos-fcs-kernel {
gitCommit = "bc11660676d3d68ce2459b9fb5d5e654e3f413be";
lockStat = true; lockStat = true;
}; };
nixos-fcs-lockstat-preempt = nixos-fcs.override { nixos-fcsv2-lockstat = nixos-fcs-kernel {
gitCommit = "db0f2eca0cd57a58bf456d7d2c7d5d8fdb25dfb1";
lockStat = true;
};
nixos-fcsv3-lockstat = nixos-fcs-kernel {
gitCommit = "6c17394890704c3345ac1a521bb547164b36b154";
lockStat = true;
};
nixos-fcsv3-lockstat-preempt = nixos-fcs-kernel {
gitCommit = "6c17394890704c3345ac1a521bb547164b36b154";
lockStat = true; lockStat = true;
preempt = true; preempt = true;
}; };

7
m/eudy/slurm.nix Normal file
View File

@@ -0,0 +1,7 @@
{ lib, ... }:
{
services.slurm = {
client.enable = lib.mkForce false;
};
}

162
m/hut/blackbox.yml
View File

@@ -1,162 +0,0 @@
modules:
http_2xx:
prober: http
timeout: 5s
http:
proxy_url: "http://127.0.0.1:23080"
skip_resolve_phase_with_proxy: true
follow_redirects: true
valid_status_codes: [] # Defaults to 2xx
method: GET
http_with_proxy:
prober: http
http:
proxy_url: "http://127.0.0.1:3128"
skip_resolve_phase_with_proxy: true
http_with_proxy_and_headers:
prober: http
http:
proxy_url: "http://127.0.0.1:3128"
proxy_connect_header:
Proxy-Authorization:
- Bearer token
http_post_2xx:
prober: http
timeout: 5s
http:
method: POST
headers:
Content-Type: application/json
body: '{}'
http_post_body_file:
prober: http
timeout: 5s
http:
method: POST
body_file: "/files/body.txt"
http_basic_auth_example:
prober: http
timeout: 5s
http:
method: POST
headers:
Host: "login.example.com"
basic_auth:
username: "username"
password: "mysecret"
http_2xx_oauth_client_credentials:
prober: http
timeout: 5s
http:
valid_http_versions: ["HTTP/1.1", "HTTP/2"]
follow_redirects: true
preferred_ip_protocol: "ip4"
valid_status_codes:
- 200
- 201
oauth2:
client_id: "client_id"
client_secret: "client_secret"
token_url: "https://api.example.com/token"
endpoint_params:
grant_type: "client_credentials"
http_custom_ca_example:
prober: http
http:
method: GET
tls_config:
ca_file: "/certs/my_cert.crt"
http_gzip:
prober: http
http:
method: GET
compression: gzip
http_gzip_with_accept_encoding:
prober: http
http:
method: GET
compression: gzip
headers:
Accept-Encoding: gzip
tls_connect:
prober: tcp
timeout: 5s
tcp:
tls: true
tcp_connect_example:
prober: tcp
timeout: 5s
imap_starttls:
prober: tcp
timeout: 5s
tcp:
query_response:
- expect: "OK.*STARTTLS"
- send: ". STARTTLS"
- expect: "OK"
- starttls: true
- send: ". capability"
- expect: "CAPABILITY IMAP4rev1"
smtp_starttls:
prober: tcp
timeout: 5s
tcp:
query_response:
- expect: "^220 ([^ ]+) ESMTP (.+)$"
- send: "EHLO prober\r"
- expect: "^250-STARTTLS"
- send: "STARTTLS\r"
- expect: "^220"
- starttls: true
- send: "EHLO prober\r"
- expect: "^250-AUTH"
- send: "QUIT\r"
irc_banner_example:
prober: tcp
timeout: 5s
tcp:
query_response:
- send: "NICK prober"
- send: "USER prober prober prober :prober"
- expect: "PING :([^ ]+)"
send: "PONG ${1}"
- expect: "^:[^ ]+ 001"
icmp:
prober: icmp
timeout: 5s
icmp:
preferred_ip_protocol: "ip4"
dns_udp_example:
prober: dns
timeout: 5s
dns:
query_name: "www.prometheus.io"
query_type: "A"
valid_rcodes:
- NOERROR
validate_answer_rrs:
fail_if_matches_regexp:
- ".*127.0.0.1"
fail_if_all_match_regexp:
- ".*127.0.0.1"
fail_if_not_matches_regexp:
- "www.prometheus.io.\t300\tIN\tA\t127.0.0.1"
fail_if_none_matches_regexp:
- "127.0.0.1"
validate_authority_rrs:
fail_if_matches_regexp:
- ".*127.0.0.1"
validate_additional_rrs:
fail_if_matches_regexp:
- ".*127.0.0.1"
dns_soa:
prober: dns
dns:
query_name: "prometheus.io"
query_type: "SOA"
dns_tcp_example:
prober: dns
dns:
transport_protocol: "tcp" # defaults to "udp"
preferred_ip_protocol: "ip4" # defaults to "ip6"
query_name: "www.prometheus.io"

23
m/hut/configuration.nix
View File

@@ -2,24 +2,19 @@
{ {
imports = [ imports = [
../common/xeon.nix ../common/main.nix
../module/ceph.nix ../module/ceph.nix
../module/debuginfod.nix
../module/emulation.nix
../module/slurm-client.nix
./gitlab-runner.nix ./gitlab-runner.nix
./monitoring.nix ./monitoring.nix
./nfs.nix ./nfs.nix
./slurm-server.nix ./slurm-daemon.nix
./nix-serve.nix ./nix-serve.nix
./public-inbox.nix
./gitea.nix
./msmtp.nix
./postgresql.nix
#./pxe.nix #./pxe.nix
]; ];
boot.binfmt.emulatedSystems = [ "aarch64-linux" "powerpc64le-linux" "riscv64-linux" ];
# Select the this using the ID to avoid mismatches # Select the this using the ID to avoid mismatches
boot.loader.grub.device = "/dev/disk/by-id/ata-INTEL_SSDSC2BB240G7_PHDV6462004Y240AGN"; boot.loader.grub.device = "/dev/disk/by-id/ata-INTEL_SSDSC2BB240G7_PHDV6462004Y240AGN";
@@ -33,15 +28,5 @@
address = "10.0.42.7"; address = "10.0.42.7";
prefixLength = 24; prefixLength = 24;
} ]; } ];
firewall = {
extraCommands = ''
# Accept all proxy traffic from compute nodes but not the login
iptables -A nixos-fw -p tcp -s 10.0.40.30 --dport 23080 -j nixos-fw-log-refuse
iptables -A nixos-fw -p tcp -s 10.0.40.0/24 --dport 23080 -j nixos-fw-accept
'';
};
}; };
# Allow proxy to bind to the ethernet interface
services.openssh.settings.GatewayPorts = "clientspecified";
} }

63
m/hut/gitea.nix
View File

@@ -1,63 +0,0 @@
{ config, lib, ... }:
{
age.secrets.giteaRunnerToken.file = ../../secrets/gitea-runner-token.age;
services.gitea = {
enable = true;
appName = "Gitea in the jungle";
settings = {
server = {
ROOT_URL = "https://jungle.bsc.es/git/";
LOCAL_ROOT_URL = "https://jungle.bsc.es/git/";
LANDING_PAGE = "explore";
};
metrics.ENABLED = true;
service = {
REGISTER_MANUAL_CONFIRM = true;
ENABLE_NOTIFY_MAIL = true;
};
log.LEVEL = "Warn";
mailer = {
ENABLED = true;
FROM = "jungle-robot@bsc.es";
PROTOCOL = "sendmail";
SENDMAIL_PATH = "/run/wrappers/bin/sendmail";
SENDMAIL_ARGS = "--";
};
};
};
services.gitea-actions-runner.instances = {
runrun = {
enable = true;
name = "runrun";
url = "https://jungle.bsc.es/git/";
tokenFile = config.age.secrets.giteaRunnerToken.path;
labels = [ "native:host" ];
settings.runner.capacity = 8;
};
};
systemd.services.gitea-runner-runrun = {
path = [ "/run/current-system/sw" ];
serviceConfig = {
# DynamicUser doesn't work well with SSH
DynamicUser = lib.mkForce false;
User = "gitea-runner";
Group = "gitea-runner";
};
};
users.users.gitea-runner = {
isSystemUser = true;
home = "/var/lib/gitea-runner";
description = "Gitea Runner";
group = "gitea-runner";
extraGroups = [ "docker" ];
createHome = true;
};
users.groups.gitea-runner = {};
}

39
m/hut/gitlab-runner.nix
View File

@@ -1,23 +1,31 @@
{ pkgs, lib, config, ... }: { pkgs, lib, config, ... }:
{ {
age.secrets.gitlabRunnerShellToken.file = ../../secrets/gitlab-runner-shell-token.age; age.secrets.ovniToken.file = ../../secrets/ovni-token.age;
age.secrets.gitlabRunnerDockerToken.file = ../../secrets/gitlab-runner-docker-token.age; age.secrets.nosvToken.file = ../../secrets/nosv-token.age;
services.gitlab-runner = { services.gitlab-runner = {
enable = true; enable = true;
settings.concurrent = 5; settings.concurrent = 5;
services = let services = {
common-shell = { ovni-shell = {
registrationConfigFile = config.age.secrets.ovniToken.path;
executor = "shell"; executor = "shell";
tagList = [ "nix" "xeon" ];
registrationFlags = [
# Using space doesn't work, and causes it to misread the next flag
"--locked='false'"
];
environmentVariables = { environmentVariables = {
SHELL = "${pkgs.bash}/bin/bash"; SHELL = "${pkgs.bash}/bin/bash";
}; };
}; };
common-docker = { ovni-docker = {
executor = "docker"; registrationConfigFile = config.age.secrets.ovniToken.path;
dockerImage = "debian:stable"; dockerImage = "debian:stable";
tagList = [ "docker" "xeon" ];
registrationFlags = [ registrationFlags = [
"--locked='false'"
"--docker-network-mode host" "--docker-network-mode host"
]; ];
environmentVariables = { environmentVariables = {
@@ -25,13 +33,18 @@
http_proxy = "http://localhost:23080"; http_proxy = "http://localhost:23080";
}; };
}; };
in { nosv-docker = {
# For pm.bsc.es/gitlab registrationConfigFile = config.age.secrets.nosvToken.path;
gitlab-pm-shell = common-shell // { dockerImage = "debian:stable";
authenticationTokenConfigFile = config.age.secrets.gitlabRunnerShellToken.path; tagList = [ "docker" "xeon" ];
}; registrationFlags = [
gitlab-pm-docker = common-docker // { "--docker-network-mode host"
authenticationTokenConfigFile = config.age.secrets.gitlabRunnerDockerToken.path; "--docker-cpus 56"
];
environmentVariables = {
https_proxy = "http://localhost:23080";
http_proxy = "http://localhost:23080";
};
}; };
}; };
}; };

106
m/hut/monitoring.nix
View File

@@ -1,14 +1,6 @@
{ config, lib, ... }: { config, lib, ... }:
{ {
imports = [ ../module/slurm-exporter.nix ];
age.secrets.grafanaJungleRobotPassword = {
file = ../../secrets/jungle-robot-password.age;
owner = "grafana";
mode = "400";
};
services.grafana = { services.grafana = {
enable = true; enable = true;
settings = { settings = {
@@ -19,25 +11,10 @@
http_port = 2342; http_port = 2342;
http_addr = "127.0.0.1"; http_addr = "127.0.0.1";
}; };
smtp = {
enabled = true;
from_address = "jungle-robot@bsc.es";
user = "jungle-robot";
# Read the password from a file, which is only readable by grafana user
# https://grafana.com/docs/grafana/latest/setup-grafana/configure-grafana/#file-provider
password = "$__file{${config.age.secrets.grafanaJungleRobotPassword.path}}";
host = "mail.bsc.es:465";
startTLS_policy = "NoStartTLS";
};
feature_toggles.publicDashboards = true; feature_toggles.publicDashboards = true;
"auth.anonymous".enabled = true;
log.level = "warn";
}; };
}; };
# Make grafana alerts also use the proxy
systemd.services.grafana.environment = config.networking.proxy.envVars;
services.prometheus = { services.prometheus = {
enable = true; enable = true;
port = 9001; port = 9001;
@@ -84,11 +61,6 @@
enable = true; enable = true;
listenAddress = "127.0.0.1"; listenAddress = "127.0.0.1";
}; };
blackbox = {
enable = true;
listenAddress = "127.0.0.1";
configFile = ./blackbox.yml;
};
}; };
scrapeConfigs = [ scrapeConfigs = [
@@ -101,8 +73,6 @@
"127.0.0.1:9323" "127.0.0.1:9323"
"127.0.0.1:9252" "127.0.0.1:9252"
"127.0.0.1:${toString config.services.prometheus.exporters.smartctl.port}" "127.0.0.1:${toString config.services.prometheus.exporters.smartctl.port}"
"127.0.0.1:9341" # Slurm exporter
"127.0.0.1:${toString config.services.prometheus.exporters.blackbox.port}"
]; ];
}]; }];
} }
@@ -116,71 +86,6 @@
]; ];
}]; }];
} }
{
job_name = "blackbox-http";
metrics_path = "/probe";
params = { module = [ "http_2xx" ]; };
static_configs = [{
targets = [
"https://www.google.com/robots.txt"
"https://pm.bsc.es/"
"https://pm.bsc.es/gitlab/"
"https://jungle.bsc.es/"
"https://gitlab.bsc.es/"
];
}];
relabel_configs = [
{
# Takes the address and sets it in the "target=<xyz>" URL parameter
source_labels = [ "__address__" ];
target_label = "__param_target";
}
{
# Sets the "instance" label with the remote host we are querying
source_labels = [ "__param_target" ];
target_label = "instance";
}
{
# Shows the host target address instead of the blackbox address
target_label = "__address__";
replacement = "127.0.0.1:${toString config.services.prometheus.exporters.blackbox.port}";
}
];
}
{
job_name = "blackbox-icmp";
metrics_path = "/probe";
params = { module = [ "icmp" ]; };
static_configs = [{
targets = [
"1.1.1.1"
"8.8.8.8"
"ssfhead"
"anella-bsc.cesca.cat"
];
}];
relabel_configs = [
{
# Takes the address and sets it in the "target=<xyz>" URL parameter
source_labels = [ "__address__" ];
target_label = "__param_target";
}
{
# Sets the "instance" label with the remote host we are querying
source_labels = [ "__param_target" ];
target_label = "instance";
}
{
# Shows the host target address instead of the blackbox address
target_label = "__address__";
replacement = "127.0.0.1:${toString config.services.prometheus.exporters.blackbox.port}";
}
];
}
{
job_name = "gitea";
static_configs = [{ targets = [ "127.0.0.1:3000" ]; }];
}
{ {
# Scrape the IPMI info of the hosts remotely via LAN # Scrape the IPMI info of the hosts remotely via LAN
job_name = "ipmi-lan"; job_name = "ipmi-lan";
@@ -233,17 +138,6 @@
} }
]; ];
} }
{
job_name = "ipmi-raccoon";
metrics_path = "/ipmi";
static_configs = [
{ targets = [ "127.0.0.1:9291" ]; }
];
params = {
target = [ "84.88.51.142" ];
module = [ "raccoon" ];
};
}
]; ];
}; };
} }

24
m/hut/msmtp.nix
View File

@@ -1,24 +0,0 @@
{ config, lib, ... }:
{
age.secrets.jungleRobotPassword = {
file = ../../secrets/jungle-robot-password.age;
group = "gitea";
mode = "440";
};
programs.msmtp = {
enable = true;
accounts = {
default = {
auth = true;
tls = true;
tls_starttls = false;
port = 465;
host = "mail.bsc.es";
user = "jungle-robot";
passwordeval = "cat ${config.age.secrets.jungleRobotPassword.path}";
from = "jungle-robot@bsc.es";
};
};
};
}

19
m/hut/postgresql.nix
View File

@@ -1,19 +0,0 @@
{ lib, ... }:
{
services.postgresql = {
enable = true;
ensureDatabases = [ "perftestsdb" ];
ensureUsers = [
{ name = "anavarro"; ensureClauses.superuser = true; }
{ name = "rarias"; ensureClauses.superuser = true; }
{ name = "grafana"; }
];
authentication = ''
#type database DBuser auth-method
local perftestsdb rarias trust
local perftestsdb anavarro trust
local perftestsdb grafana trust
'';
};
}

79
m/hut/public-inbox.css
View File

@@ -1,79 +0,0 @@
/*
* CC0-1.0 <https://creativecommons.org/publicdomain/zero/1.0/legalcode>
* Dark color scheme using 216 web-safe colors, inspired
* somewhat by the default color scheme in mutt.
* It reduces eyestrain for me, and energy usage for all:
* https://en.wikipedia.org/wiki/Light-on-dark_color_scheme
*/
* {
font-size: 14px;
font-family: monospace;
}
pre {
white-space: pre-wrap;
padding: 10px;
background: #f5f5f5;
}
hr {
margin: 30px 0;
}
body {
max-width: 120ex; /* 120 columns wide */
margin: 50px auto;
}
/*
* Underlined links add visual noise which make them hard-to-read.
* Use colors to make them stand out, instead.
*/
a:link {
color: #007;
text-decoration: none;
}
a:visited {
color:#504;
}
a:hover {
text-decoration: underline;
}
/* quoted text in emails gets a different color */
*.q { color:gray }
/*
* these may be used with cgit <https://git.zx2c4.com/cgit/>, too.
* (cgit uses <div>, public-inbox uses <span>)
*/
*.add { color:darkgreen } /* diff post-image lines */
*.del { color:darkred } /* diff pre-image lines */
*.head { color:black } /* diff header (metainformation) */
*.hunk { color:gray } /* diff hunk-header */
/*
* highlight 3.x colors (tested 3.18) for displaying blobs.
* This doesn't use most of the colors available, as I find too
* many colors overwhelming, so the default is commented out.
*/
.hl.num { color:#f30 } /* number */
.hl.esc { color:#f0f } /* escape character */
.hl.str { color:#f30 } /* string */
.hl.ppc { color:#f0f } /* preprocessor */
.hl.pps { color:#f30 } /* preprocessor string */
.hl.slc { color:#09f } /* single-line comment */
.hl.com { color:#09f } /* multi-line comment */
/* .hl.opt { color:#ccc } */ /* operator */
/* .hl.ipl { color:#ccc } */ /* interpolation */
/* keyword groups kw[a-z] */
.hl.kwa { color:#ff0 }
.hl.kwb { color:#0f0 }
.hl.kwc { color:#ff0 }
/* .hl.kwd { color:#ccc } */
/* line-number (unused by public-inbox) */
/* .hl.lin { color:#ccc } */

47
m/hut/public-inbox.nix
View File

@@ -1,47 +0,0 @@
{ lib, ... }:
{
services.public-inbox = {
enable = true;
http = {
enable = true;
port = 8081;
mounts = [ "/lists" ];
};
settings.publicinbox = {
css = [ "${./public-inbox.css}" ];
wwwlisting = "all";
};
inboxes = {
bscpkgs = {
url = "https://jungle.bsc.es/lists/bscpkgs";
address = [ "~rodarima/bscpkgs@lists.sr.ht" ];
watch = [ "imaps://jungle-robot%40gmx.com@imap.gmx.com/INBOX" ];
description = "Patches for bscpkgs";
listid = "~rodarima/bscpkgs.lists.sr.ht";
};
jungle = {
url = "https://jungle.bsc.es/lists/jungle";
address = [ "~rodarima/jungle@lists.sr.ht" ];
watch = [ "imaps://jungle-robot%40gmx.com@imap.gmx.com/INBOX" ];
description = "Patches for jungle";
listid = "~rodarima/jungle.lists.sr.ht";
};
};
};
# We need access to the network for the watch service, as we will fetch the
# emails directly from the IMAP server.
systemd.services.public-inbox-watch.serviceConfig = {
PrivateNetwork = lib.mkForce false;
RestrictAddressFamilies = lib.mkForce [ "AF_UNIX" "AF_INET" "AF_INET6" ];
KillSignal = "SIGKILL"; # Avoid slow shutdown
# Required for chmod(..., 02750) on directories by git, from
# systemd.exec(8):
# > Note that this restricts marking of any type of file system object with
# > these bits, including both regular files and directories (where the SGID
# > is a different meaning than for files, see documentation).
RestrictSUIDSGID = lib.mkForce false;
};
}

0
m/hut/slurm-server.nix → m/hut/slurm-daemon.nix
View File

4
m/koro/configuration.nix
View File

@@ -2,11 +2,13 @@
{ {
imports = [ imports = [
../common/xeon.nix ../common/main.nix
#(modulesPath + "/installer/netboot/netboot-minimal.nix") #(modulesPath + "/installer/netboot/netboot-minimal.nix")
../eudy/cpufreq.nix ../eudy/cpufreq.nix
../eudy/users.nix ../eudy/users.nix
../eudy/slurm.nix
./users.nix
./kernel.nix ./kernel.nix
]; ];

48
m/koro/kernel.nix
View File

@@ -1,29 +1,9 @@
{ pkgs, lib, ... }: { pkgs, lib, ... }:
let let
#fcs-devel = pkgs.linuxPackages_custom { kernel = nixos-fcsv4;
# version = "6.2.8";
# src = /mnt/data/kernel/fcs/kernel/src;
# configfile = /mnt/data/kernel/fcs/kernel/configs/defconfig;
#};
#fcsv1 = fcs-kernel "bc11660676d3d68ce2459b9fb5d5e654e3f413be" false; nixos-fcs-kernel = {gitCommit, lockStat ? false, preempt ? false, branch ? "fcs"}: pkgs.linuxPackagesFor (pkgs.buildLinux rec {
#fcsv2 = fcs-kernel "db0f2eca0cd57a58bf456d7d2c7d5d8fdb25dfb1" false;
#fcsv1-lockdep = fcs-kernel "bc11660676d3d68ce2459b9fb5d5e654e3f413be" true;
#fcsv2-lockdep = fcs-kernel "db0f2eca0cd57a58bf456d7d2c7d5d8fdb25dfb1" true;
#fcs-kernel = gitCommit: lockdep: pkgs.linuxPackages_custom {
# version = "6.2.8";
# src = builtins.fetchGit {
# url = "git@bscpm03.bsc.es:ompss-kernel/linux.git";
# rev = gitCommit;
# ref = "fcs";
# };
# configfile = if lockdep then ./configs/lockdep else ./configs/defconfig;
#};
kernel = nixos-fcs;
nixos-fcs-kernel = lib.makeOverridable ({gitCommit, lockStat ? false, preempt ? false, branch ? "fcs"}: pkgs.linuxPackagesFor (pkgs.buildLinux rec {
version = "6.2.8"; version = "6.2.8";
src = builtins.fetchGit { src = builtins.fetchGit {
url = "git@bscpm03.bsc.es:ompss-kernel/linux.git"; url = "git@bscpm03.bsc.es:ompss-kernel/linux.git";
@@ -40,13 +20,27 @@ let
}; };
kernelPatches = []; kernelPatches = [];
extraMeta.branch = lib.versions.majorMinor version; extraMeta.branch = lib.versions.majorMinor version;
})); });
nixos-fcs = nixos-fcs-kernel {gitCommit = "8a09822dfcc8f0626b209d6d2aec8b5da459dfee";}; nixos-fcsv1 = nixos-fcs-kernel {gitCommit = "bc11660676d3d68ce2459b9fb5d5e654e3f413be";};
nixos-fcs-lockstat = nixos-fcs.override { nixos-fcsv2 = nixos-fcs-kernel {gitCommit = "db0f2eca0cd57a58bf456d7d2c7d5d8fdb25dfb1";};
nixos-fcsv3 = nixos-fcs-kernel {gitCommit = "6c17394890704c3345ac1a521bb547164b36b154";};
nixos-fcsv4 = nixos-fcs-kernel {gitCommit = "c94c3d946f33ac3e5782a02ee002cc1164c0cb4f";};
nixos-fcsv1-lockstat = nixos-fcs-kernel {
gitCommit = "bc11660676d3d68ce2459b9fb5d5e654e3f413be";
lockStat = true; lockStat = true;
}; };
nixos-fcs-lockstat-preempt = nixos-fcs.override { nixos-fcsv2-lockstat = nixos-fcs-kernel {
gitCommit = "db0f2eca0cd57a58bf456d7d2c7d5d8fdb25dfb1";
lockStat = true;
};
nixos-fcsv3-lockstat = nixos-fcs-kernel {
gitCommit = "6c17394890704c3345ac1a521bb547164b36b154";
lockStat = true;
};
nixos-fcsv3-lockstat-preempt = nixos-fcs-kernel {
gitCommit = "6c17394890704c3345ac1a521bb547164b36b154";
lockStat = true; lockStat = true;
preempt = true; preempt = true;
}; };
@@ -66,5 +60,5 @@ in {
# enable memory overcommit, needed to build a taglibc system using nix after # enable memory overcommit, needed to build a taglibc system using nix after
# increasing the openblas memory footprint # increasing the openblas memory footprint
boot.kernel.sysctl."vm.overcommit_memory" = 1; boot.kernel.sysctl."vm.overcommit_memory" = lib.mkForce 1;
} }

17
m/koro/users.nix Normal file
View File

@@ -0,0 +1,17 @@
{ ... }:
{
users.users = {
vlopez = {
uid = 4334;
isNormalUser = true;
home = "/home/Computational/vlopez";
description = "Victor López";
group = "Computational";
hashedPassword = "$6$0ZBkgIYE/renVqtt$1uWlJsb0FEezRVNoETTzZMx4X2SvWiOsKvi0ppWCRqI66S6TqMBXBdP4fcQyvRRBt0e4Z7opZIvvITBsEtO0f0";
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGMwlUZRf9jfG666Qa5Sb+KtEhXqkiMlBV2su3x/dXHq victor@arch"
];
};
};
}

22
m/lake2/configuration.nix
View File

@@ -2,20 +2,20 @@
{ {
imports = [ imports = [
../common/xeon.nix ../common/main.nix
../module/monitoring.nix ../common/monitoring.nix
]; ];
boot.loader.grub.device = "/dev/disk/by-id/wwn-0x55cd2e414d53563a"; boot.loader.grub.device = "/dev/disk/by-id/wwn-0x55cd2e414d53563a";
boot.kernel.sysctl = {
"kernel.yama.ptrace_scope" = lib.mkForce "1";
};
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
ceph ceph
]; ];
services.slurm = {
client.enable = lib.mkForce false;
};
services.ceph = { services.ceph = {
enable = true; enable = true;
global = { global = {
@@ -49,16 +49,6 @@
address = "10.0.42.42"; address = "10.0.42.42";
prefixLength = 24; prefixLength = 24;
} ]; } ];
firewall = {
extraCommands = ''
# Accept all incoming TCP traffic from bay
iptables -A nixos-fw -p tcp -s bay -j nixos-fw-accept
# Accept monitoring requests from hut
iptables -A nixos-fw -p tcp -s hut --dport 9002 -j nixos-fw-accept
# Accept all Ceph traffic from the local network
iptables -A nixos-fw -p tcp -s 10.0.40.0/24 -m multiport --dport 3300,6789,6800:7568 -j nixos-fw-accept
'';
};
}; };
# Missing service for volumes, see: # Missing service for volumes, see:

1
m/module/ceph.nix
View File

@@ -3,6 +3,7 @@
# Mounts the /ceph filesystem at boot # Mounts the /ceph filesystem at boot
{ {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
ceph
ceph-client ceph-client
fio # For benchmarks fio # For benchmarks
]; ];

3
m/module/debuginfod.nix
View File

@@ -1,3 +0,0 @@
{
services.nixseparatedebuginfod.enable = true;
}

3
m/module/emulation.nix
View File

@@ -1,3 +0,0 @@
{
boot.binfmt.emulatedSystems = [ "armv7l-linux" "aarch64-linux" "powerpc64le-linux" "riscv64-linux" ];
}

24
m/module/jungle-users.nix
View File

@@ -1,24 +0,0 @@
{ config, lib, ... }:
with lib;
{
options = {
users.jungleUsers = mkOption {
type = types.attrsOf (types.anything // { check = (x: x ? "hosts"); });
description = ''
Same as users.users but with the extra `hosts` attribute, which controls
access to the nodes by `networking.hostName`.
'';
};
};
config = let
allowedUser = host: userConf: builtins.elem host userConf.hosts;
filterUsers = host: users: filterAttrs (n: v: allowedUser host v) users;
removeHosts = users: mapAttrs (n: v: builtins.removeAttrs v [ "hosts" ]) users;
currentHost = config.networking.hostName;
in {
users.users = removeHosts (filterUsers currentHost config.users.jungleUsers);
};
}

69
m/module/shared-nix-store.nix Normal file
View File

@@ -0,0 +1,69 @@
{ ... }:
{
# Don't make the nix store read-only, as this would prevent the overlay FS
# from being able to mount it.
boot.readOnlyNixStore = false;
# The nix-daemon.socket has an unnecessary dependency over the /nix/store
# mount point. But that mount point won't be provided until the network is
# ready. However, the network-address-eno1.service, has a dependency over
# sockets.target, causing a cycle.
# One solution is to make the nix-daemon.socket depend only on the socket
# patch (which is already covered by ConditionPathIsReadWrite =
# /nix/var/nix/daemon-socket), instead on the /nix/store.
#
# Using systemd.sockets.nix-daemon.unitConfig.RequiresMountsFor =
# "/nix/var/nix/daemon-socket" doesn't work, as the the mount options get
# added by systemd when the override config is merged with the one that Nix
# provides:
#
# owl2% sudo systemctl show nix-daemon.socket | grep RequiresMountsFor
# RequiresMountsFor=/nix/store /nix/var/nix/daemon-socket/socket /nix/var/nix/daemon-socket
#
# To fix this, the Nix package is patched to only depend on /nix/var instead.
# See ../../pkgs/overlay.nix for details.
# Mount the hut nix store via NFS in read-only mode.
fileSystems."/mnt/hut-nix-store" = {
device = "hut:/nix/store";
fsType = "nfs";
options = [ "ro" ];
};
# A workdir is also needed, so setup a permanent dir using tmpfiles.
systemd.tmpfiles.rules = [
"d /mnt/nix-work 0700 root root -"
];
# Mount an overlay in /nix/store using as lower layer the NFS store and upper
# layer the disk nix store. The destination is still the nix store in
# /nix/store (confusing). We need rw access, as the daemon need to write the
# lock files to build derivations locally. Use a systemd mount unit directly
# so we can specify the LazyUmount option and we avoid having it mounted
# in the stage1 before systemd.
systemd.mounts = [
{
what = "overlay";
type = "overlay";
where = "/nix/store";
# We need the local-fs.target to be ready, so the network interfaces can
# be configured to the network.target is reached. So make this a netdev
# mount.
options = "_netdev,lowerdir=/mnt/hut-nix-store,upperdir=/nix/store,workdir=/mnt/nix-work";
description = "Overlay /nix/store mount";
mountConfig = {
LazyUnmount = true;
};
# Run the unit after remote-fs-pre.target but before the remote-fs.target
after = [ "remote-fs-pre.target"];
before = [ "umount.target" "remote-fs.target" ];
# Install by using wantedBy over remote-fs.target
wantedBy = [ "remote-fs.target" ];
unitConfig = {
# We need to wait for the NFS mount
RequiresMountsFor = "/nix/store /mnt/hut-nix-store";
};
}
];
}

28
m/module/slurm-exporter.nix
View File

@@ -1,28 +0,0 @@
{ config, lib, pkgs, ... }:
# See also: https://github.com/NixOS/nixpkgs/pull/112010
# And: https://github.com/NixOS/nixpkgs/pull/115839
with lib;
{
systemd.services."prometheus-slurm-exporter" = {
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
serviceConfig = {
Restart = mkDefault "always";
PrivateTmp = mkDefault true;
WorkingDirectory = mkDefault "/tmp";
DynamicUser = mkDefault true;
ExecStart = ''
${pkgs.prometheus-slurm-exporter}/bin/prometheus-slurm-exporter --listen-address "127.0.0.1:9341"
'';
Environment = [
"PATH=${pkgs.slurm}/bin"
# We need to specify the slurm config to be able to talk to the slurmd
# daemon.
"SLURM_CONF=${config.services.slurm.etcSlurm}/slurm.conf"
];
};
};
}

19
m/module/slurm-hut-nix-store.nix
View File

@@ -1,19 +0,0 @@
{ ... }:
{
# Mount the hut nix store via NFS
fileSystems."/mnt/hut-nix-store" = {
device = "hut:/nix/store";
fsType = "nfs";
options = [ "ro" ];
};
systemd.services.slurmd.serviceConfig = {
# When running a job, bind the hut store in /nix/store so the paths are
# available too.
# FIXME: This doesn't keep the programs in /run/current-system/sw/bin
# available in the store. Ideally they should be merged but the overlay FS
# doesn't work when the underlying directories change.
BindReadOnlyPaths = "/mnt/hut-nix-store:/nix/store";
};
}

6
m/owl1/configuration.nix
View File

@@ -2,12 +2,10 @@
{ {
imports = [ imports = [
../common/xeon.nix ../common/main.nix
../module/ceph.nix ../module/ceph.nix
../module/emulation.nix
../module/slurm-client.nix
../module/slurm-firewall.nix ../module/slurm-firewall.nix
../module/debuginfod.nix ../module/shared-nix-store.nix
]; ];
# Select the this using the ID to avoid mismatches # Select the this using the ID to avoid mismatches

6
m/owl2/configuration.nix
View File

@@ -2,12 +2,10 @@
{ {
imports = [ imports = [
../common/xeon.nix ../common/main.nix
../module/ceph.nix ../module/ceph.nix
../module/emulation.nix
../module/slurm-client.nix
../module/slurm-firewall.nix ../module/slurm-firewall.nix
../module/debuginfod.nix ../module/shared-nix-store.nix
]; ];
# Select the this using the ID to avoid mismatches # Select the this using the ID to avoid mismatches

103
m/raccoon/configuration.nix
View File

@@ -1,103 +0,0 @@
{ config, pkgs, lib, modulesPath, ... }:
{
imports = [
../common/base.nix
../module/emulation.nix
../module/debuginfod.nix
../eudy/kernel/lttng.nix
../eudy/kernel/perf.nix
];
# Don't install Grub on the disk yet
boot.loader.grub.device = "nodev";
# Enable serial console
boot.kernelParams = [
"console=tty1"
"console=ttyS1,115200"
];
networking = {
hostName = "raccoon";
# Only BSC DNSs seem to be reachable from the office VLAN
nameservers = [ "84.88.52.35" "84.88.52.36" ];
defaultGateway = "84.88.51.129";
interfaces.eno0.ipv4.addresses = [ {
address = "84.88.51.152";
prefixLength = 25;
} ];
};
# Enable performance governor
powerManagement.cpuFreqGovernor = "performance";
# Configure Nvidia driver to use with CUDA
hardware.nvidia.package = config.boot.kernelPackages.nvidiaPackages.production;
hardware.graphics.enable = true;
nixpkgs.config.allowUnfree = true;
nixpkgs.config.nvidia.acceptLicense = true;
services.xserver.videoDrivers = [ "nvidia" ];
# Disable garbage collection for now
nix.gc.automatic = lib.mkForce false;
# Use nix cache from hut
nix.settings = {
substituters = [ "https://jungle.bsc.es/cache" ];
trusted-public-keys = [ "jungle.bsc.es:pEc7MlAT0HEwLQYPtpkPLwRsGf80ZI26aj29zMw/HH0=" ];
};
services.openssh.settings.X11Forwarding = true;
nixpkgs.overlays = [
(final: prev: {
xilinx-xrt = prev.callPackage ./xilinx-xrt.nix { };
xilinx-fw = prev.callPackage ./xilinx-fw.nix { };
xilinx-xocl = prev.callPackage ./xilinx-xocl.nix {
kernel = config.boot.kernelPackages.kernel;
};
})
];
boot.extraModulePackages = [ pkgs.xilinx-xocl ];
boot.kernelModules = [ "xclmgmt" "xocl" ];
services.udev.packages = [ pkgs.xilinx-xocl ];
services.prometheus.exporters.node = {
enable = true;
enabledCollectors = [ "systemd" ];
port = 9002;
listenAddress = "127.0.0.1";
};
users.motd = ''
DO YOU BRING FEEDS?
'';
}

335
m/raccoon/xilinx-create-xsabin.sh
View File

@@ -1,335 +0,0 @@
#!/bin/bash
## (c) Copyright 2020 Xilinx, Inc. All rights reserved.
##
## This file contains confidential and proprietary information
## of Xilinx, Inc. and is protected under U.S. and
## international copyright and other intellectual property
## laws.
##
## DISCLAIMER
## This disclaimer is not a license and does not grant any
## rights to the materials distributed herewith. Except as
## otherwise provided in a valid license issued to you by
## Xilinx, and to the maximum extent permitted by applicable
## law: (1) THESE MATERIALS ARE MADE AVAILABLE "AS IS" AND
## WITH ALL FAULTS, AND XILINX HEREBY DISCLAIMS ALL WARRANTIES
## AND CONDITIONS, EXPRESS, IMPLIED, OR STATUTORY, INCLUDING
## BUT NOT LIMITED TO WARRANTIES OF MERCHANTABILITY, NON-
## INFRINGEMENT, OR FITNESS FOR ANY PARTICULAR PURPOSE; and
## (2) Xilinx shall not be liable (whether in contract or tort,
## including negligence, or under any other theory of
## liability) for any loss or damage of any kind or nature
## related to, arising under or in connection with these
## materials, including for any direct, or any indirect,
## special, incidental, or consequential loss or damage
## (including loss of data, profits, goodwill, or any type of
## loss or damage suffered as a result of any action brought
## by a third party) even if such damage or loss was
## reasonably foreseeable or Xilinx had been advised of the
## possibility of the same.
##
## CRITICAL APPLICATIONS
## Xilinx products are not designed or intended to be fail-
## safe, or for use in any application requiring fail-safe
## performance, such as life-support or safety devices or
## systems, Class III medical devices, nuclear facilities,
## applications related to the deployment of airbags, or any
## other applications that could lead to death, personal
## injury, or severe property or environmental damage
## (individually and collectively, "Critical
## Applications"). Customer assumes the sole risk and
## liability of any use of Xilinx products in Critical
## Applications, subject only to applicable laws and
## regulations governing limitations on product liability.
##
## THIS COPYRIGHT NOTICE AND DISCLAIMER MUST BE RETAINED AS
## PART OF THIS FILE AT ALL TIMES.
# This script must be run with root permissions
# if [[ "$EUID" -ne 0 ]]; then
# echo "This script must be run as root."
# exit
# fi
# Get absolute path to this script with any symlinks resolved
realme=$(realpath $0)
scriptpath="${realme%/*}"
echo "This is create_xsabin.sh running from $scriptpath on $(date)"
# The directory above that is the human-readable installation path - probably /opt/xilinx/firmware/<card>/<family>/<partition>/
humanpath=${scriptpath%/*}
pushd $humanpath > /dev/null
# This script may be called during firmware upgrade, in which case the firmware product, branch, version and release
# are provided as script arguments, to help this script to select the new firmware file
if [[ "$#" -ge 4 ]]; then
firmware_upgrade_product=$1
firmware_upgrade_branch=$2
firmware_upgrade_version=$3
firmware_upgrade_release=$4
echo "Run for install of firmware $firmware_upgrade_product-$firmware_upgrade_branch version $firmware_upgrade_version release $firmware_upgrade_release"
elif [[ "$#" -eq 3 ]]; then
# If 3 script arguments, these are the partition name, version and release, so that this script can report them for debug
echo "Run for install of partition $1 version $2 release $3"
fi
# Find the partition_metadata.json link in the install directory
jsonlink="partition_metadata.json"
if [[ ! -e "$jsonlink" ]]; then
echo "Cannot find $jsonlink file in $humanpath - install failed"
exit 1
fi
# Find the machine-readable directory for this partition:
# this is the target of the partition_metadata.json link
if [[ ! -h "$jsonlink" ]]; then
echo "$jsonlink in $humanpath should be a symlink, but it is not - install failed"
exit 1
fi
jsonpath=$(readlink $jsonlink)
if [[ $? -ne 0 ]]; then
echo "Failed to read target of symlink $jsonlink in $humanpath - install failed"
exit 1
fi
if [[ ! -e "$jsonpath" ]]; then
echo "Target of symlink $jsonlink in $humanpath is $jsonpath, which does not exist - install failed"
exit 1
fi
echo "Metadata file is $jsonpath"
machinepath=${jsonpath%/*}
json=${jsonpath##*/}
echo "User install path is $humanpath"
echo "Machine-readable path is $machinepath"
pushd $machinepath > /dev/null
# Parse the partition_metadata.json file to find the required firmware
declare -A firmware
firmware_products=()
product=""
branch="mainline"
major="*"
minor="*"
revision="*"
while IFS= read -r line; do
key=${line#*\"}
key=${key%%\"*}
value=${line%\"*}
value=${value##*\"}
numvalue=$value
if [[ "$numvalue" =~ ^0x ]]; then
numvalue=$(($numvalue))
fi
case "$key" in
"firmware")
# Starts a new section: record current one (except if before the first section)
if [[ -n "$product" ]]; then
firmware_products+=($product)
firmware["$product.branch"]=$branch
firmware["$product.version"]="$major.$minor.$revision"
product=""
branch="mainline"
major="*"
minor="*"
revision="*"
fi
;;
"firmware_product_name")
product=${value,,}
;;
"firmware_branch_name")
branch=${value,,}
;;
"firmware_version_major")
major=$numvalue
;;
"firmware_version_minor")
minor=$numvalue
;;
"firmware_version_revision")
revision=$numvalue
;;
esac
done <<< "$(grep '\"firmware' $json)"
# Record last section
firmware_products+=($product)
firmware["$product.branch"]=$branch
firmware["$product.version"]="$major.$minor.$revision"
# Locate the required firmware in existing installed directories, and build xclbinutil options to add firmware
# For each firmware, there is already a symlink in the human-readable directory's firmware directory
# which points to the existing firmware install directory
firmware_opts=""
for product in "${firmware_products[@]}"; do
uc_product=${product^^}
branch=${firmware[$product.branch]}
version=${firmware[$product.version]}
link="$humanpath/firmware/$product-$branch"
if [[ ! -L "$link" ]]; then
echo "Expected symlink $link for required $product firmware, but this either does not exist or is not a symlink - install failed"
exit 1
fi
firmware_path=$(readlink -f $humanpath/firmware/$product-$branch)
if [[ ! -e "$firmware_path" ]]; then
echo "Required $product firmware install directory not found at $firmware_path. Unable to build xsabin files"
exit 1
fi
# Locate the required firmware binary file
case "$product" in
"ert")
# ERT firmware is deployed within XRT and has its own file naming rule
if [[ "$branch" == "mainline" ]] || [[ "$branch" == "legacy" ]] || [[ "$branch" == "" ]]; then
ert_name="sched.bin"
else
ert_name="sched_$branch.bin"
fi
firmware_file="$firmware_path/$ert_name"
if [[ ! -e "$firmware_file" ]]; then
echo "Cannot locate required $product firmware: not found at $firmware_file. Unable to build xsabin files"
exit 1
fi
firmware_opts+=" --add-section SCHED_FIRMWARE:RAW:${firmware_file}"
;;
*)
# All other firmware is deployed in its own package
# Accommodate possible variations in firmware file name, as long as the file name contains the product name
# During firmware upgrade, it is possible that both the old and the new firmware files are both present
# (the old one may not be removed until after this script has run).
# In this situation, the new firmware product, branch and version are provided as script arguments:
# select the appropriate file here (if multiple files are found).
firmware_files=()
for globfile in $firmware_path/*; do
if [[ -e "$globfile" ]] && [[ ! -d "$globfile" ]]; then
globfilename=${globfile##*/}
if [[ "$globfilename" == *"$product"* ]] || [[ "$globfilename" == *"$uc_product"* ]]; then
firmware_files+=($globfile)
fi
fi
done
if [[ "${#firmware_files[@]}" -eq 0 ]]; then
echo "Cannot locate required $product firmware: not found at $firmware_path. Unable to build xsabin files"
exit 1
fi
firmware_file=""
if [[ "${#firmware_files[@]}" -gt 1 ]]; then
IFS=$'\n'
firmware_files=( $(sort -V <<<"${firmware_files[*]}") )
unset IFS
if [[ "$firmware_upgrade_product" == "$product" ]]; then
firmware_file=""
for fw_file in "${firmware_files[@]}"; do
fw_filename=${fw_file##*/}
if [[ "$fw_filename" == *"$firmware_upgrade_version"* ]]; then
firmware_file=$fw_file
fi
done
fi
fi
if [[ -z "$firmware_file" ]]; then
firmware_file="${firmware_files[-1]}"
fi
# Select the correct xsabin section name, depending on the firmware product
section=""
case "$product" in
"cmc")
section="FIRMWARE"
;;
"sc-fw" | "sc")
section="BMC-FW"
;;
*)
echo "Unrecognised firmware product name '$product', unable to select the correct xsabin section name"
exit 1
;;
esac
firmware_opts+=" --add-section ${section}:RAW:${firmware_file}"
# The SC firmware (BMC-FW section) may have a metadata JSON file also to be added
if [[ "$section" == "BMC-FW" && -e "$firmware_path/metadata.json" ]]; then
firmware_opts+=" --add-section BMC-METADATA:JSON:${firmware_path}/metadata.json"
fi
;;
esac
done
# Extract vendor, board, name and version from partition_metadata.json, to build PlatformVBNV
declare -A vbnv
for element in {partition_vendor,partition_card,partition_family,partition_name,installed_package_version}; do
line="$(grep $element $json)"
if [[ -n "$line" ]]; then
value=${line%\"*}
value=${value##*\"}
if [[ "$element" != "partition_vendor" ]] && [[ "$element" != "partition_card" ]]; then
value=${value//-/_}
fi
else
value="UNKNOWN"
fi
vbnv[$element]=$value
done
platform_vbnv="${vbnv[partition_vendor]}:${vbnv[partition_card]}:${vbnv[partition_family]}_${vbnv[partition_name]}:${vbnv[installed_package_version]}"
# Check for VBNV override in partition_metadata.json
line="$(grep vbnv_override $json)"
if [[ -n "$line" ]]; then
value=${line%\"*}
value=${value##*\"}
# Check VBNV override value is correctly formatted (4 fields separated by colons)
fields="$(echo "$value" | tr ':' ' ' | wc -w)"
if [[ "$fields" == "4" ]]; then
platform_vbnv=$value
fi
fi
# Use the XRT standard install path to find xclbinutil
xclbinutil="${xclbinutil:-/opt/xilinx/xrt/bin/xclbinutil}"
if [[ ! -e "$xclbinutil" ]]; then
echo "xclbinutil tool not found at $xclbinutil, unable to build xsabin files"
exit 1
fi
## Must source XRT's setup.sh to set up environment correctly
#if [[ ! -e /opt/xilinx/xrt/setup.sh ]]; then
# echo "XRT setup.sh not found at /opt/xilinx/xrt/setup.sh, XRT installation is bad. Cannot build xsabin files"
# exit 1
#fi
#source /opt/xilinx/xrt/setup.sh
# Build xclbinutil options for creating xsabin files
xclbinopts=" --force"
if [[ -e "partition.mcs" ]]; then
xclbinopts+=" --add-section MCS-PRIMARY:RAW:partition.mcs"
fi
if [[ -e "partition_secondary.mcs" ]]; then
xclbinopts+=" --add-section MCS-SECONDARY:RAW:partition_secondary.mcs"
fi
if [[ -e "partition.bin" ]]; then
xclbinopts+=" --add-section FLASH[BIN]-DATA:RAW:partition.bin"
fi
if [[ -e "bin_metadata.json" ]]; then
xclbinopts+=" --add-section FLASH[BIN]-METADATA:JSON:bin_metadata.json"
fi
if [[ -e "partition.bit" ]]; then
xclbinopts+=" --add-section BITSTREAM:RAW:partition.bit"
fi
if [[ -e "partition.pdi" ]]; then
xclbinopts+=" --add-section PDI:RAW:partition.pdi"
fi
xclbinopts+=" --add-section PARTITION_METADATA:JSON:${json}"
xclbinopts+=$firmware_opts
xclbinopts+=" --key-value SYS:PlatformVBNV:${platform_vbnv}"
# Create partition.xsabin
xsabin="partition.xsabin"
xclbincmd="${xclbinutil} ${xclbinopts} --output $xsabin"
echo $xclbincmd
$xclbincmd
if [[ $? -ne 0 ]]; then
echo "An error occurred while running xclbinutil"
exit 1
fi
if [[ ! -e "$xsabin" ]]; then
echo "xclbinutil did not create output file $xsabin"
exit 1
fi
# And we're done
echo "create_xsabin.sh completed successfully"

75
m/raccoon/xilinx-fw.nix
View File

@@ -1,75 +0,0 @@
{
stdenv
, lib
, dpkg
, fetchurl
, xilinx-xrt
}:
with lib;
# Must read: https://xilinx.github.io/XRT/master/html/platforms_partitions.html#shell
# Taken from:
# - https://aur.archlinux.org/packages/xilinx-sc-fw-u280
# - https://aur.archlinux.org/packages/xilinx-u280-gen3x16-xdma-base
stdenv.mkDerivation rec {
pname = "xilinx-fw";
version = "1.3.5-3592445";
srcs = [
# List packages with: curl https://packages.xilinx.com/artifactory/debian-packages-cache/pool/
(fetchurl {
url = "https://packages.xilinx.com/artifactory/debian-packages-cache/pool/xilinx-cmc-u280_1.3.5-3592445_all.deb";
hash = "sha256-H48bdeuBc9dK6LExMnw1RCfY85PKntBk/X8CMcAI+zI=";
})
(fetchurl {
url = "https://packages.xilinx.com/artifactory/debian-packages-cache/pool/xilinx-sc-fw-u280_4.3.28-1.ea1b92f_all.deb";
hash = "sha256-JxQal2IqYAgebAgfjs2noFG5ghxC9sJQFppJFUCx6jA=";
})
(fetchurl {
url = "https://packages.xilinx.com/artifactory/debian-packages-cache/pool/xilinx-u280-gen3x16-xdma-base_1-3585717_all.deb";
hash = "sha256-oe84YgmmRFZjNa63j0pIneuFUG0Bb4aA7wulyU4bCrY=";
})
(fetchurl {
url = "https://packages.xilinx.com/artifactory/debian-packages-cache/pool/xilinx-u280-gen3x16-xdma-validate_1-3585755_all.deb";
hash = "sha256-F+IAzR8NVc9FDsgQstpBcKeq3ogH1PI8nuq94sEExCg=";
})
# Needed for the ERT firmware
(fetchurl {
url = "https://packages.xilinx.com/artifactory/debian-packages-cache/pool/xrt_202320.2.16.204_22.04-amd64-xrt.deb";
hash = "sha256-FEhzx2KlIYpunXmTSBjtyAtblbuz5tkvnt2qp21gUho=";
})
];
dontStrip = true;
hardeningDisable = [ "all" ];
nativeBuildInputs = [ dpkg ];
unpackPhase = ''
for f in $srcs; do
dpkg-deb -x "$f" deb
done
sourceRoot=deb
'';
# Generate the xsabin firmware file by fixing the original script
buildPhase = ''
set -x
ln -rs lib/firmware/xilinx/283bab8f654d8674968f4da57f7fa5d7 lib/firmware/xilinx/fb2b2c5a19ed63593fea95f51fbc8eb9
ln -rs lib/firmware/xilinx/283bab8f654d8674968f4da57f7fa5d7/partition_metadata.json opt/xilinx/firmware/u280/gen3x16-xdma/base/partition_metadata.json
ln -rs lib/firmware/xilinx/283bab8f654d8674968f4da57f7fa5d7/partition.xsabin opt/xilinx/firmware/u280/gen3x16-xdma/base/partition.xsabin
ln -rs opt/xilinx/xrt/share/fw opt/xilinx/firmware/u280/gen3x16-xdma/base/firmware/ert-v30
ln -rs opt/xilinx/firmware/cmc/u280 opt/xilinx/firmware/u280/gen3x16-xdma/base/firmware/cmc-u280
ln -rs opt/xilinx/firmware/sc-fw/u280 opt/xilinx/firmware/u280/gen3x16-xdma/base/firmware/sc-fw-u280
find
export xclbinutil=${xilinx-xrt}/xrt/bin/xclbinutil
cp -a ${./xilinx-create-xsabin.sh} opt/xilinx/firmware/u280/gen3x16-xdma/base/scripts/create_xsabin.sh
bash -x opt/xilinx/firmware/u280/gen3x16-xdma/base/scripts/create_xsabin.sh xilinx-u280-gen3x16-xdma-base 1 3585717
set +x
'';
installPhase = ''
mkdir -p $out
cp -a * $out
'';
}

27
m/raccoon/xilinx-xocl-depmod.patch
View File

@@ -1,27 +0,0 @@
--- a/driver/xocl/mgmtpf/Makefile 2025-02-20 15:59:28.379826176 +0100
+++ b/driver/xocl/mgmtpf/Makefile 2025-02-20 15:59:42.366892140 +0100
@@ -119,10 +119,6 @@ all:
install: all
$(MAKE) -C $(KERNEL_SRC) M=$(PWD) modules_install
- depmod -a
- install -m 644 99-xclmgmt.rules /etc/udev/rules.d
- -rmmod -s xclmgmt || true
- -modprobe xclmgmt
clean:
rm -rf *.o *.o.d *.o.cmd *~ core .depend .*.cmd *.ko *.ko.unsigned \
--- a/driver/xocl/userpf/Makefile 2025-02-20 16:03:20.751922522 +0100
+++ b/driver/xocl/userpf/Makefile 2025-02-20 16:03:35.377991553 +0100
@@ -138,11 +138,6 @@ all:
install: all
$(MAKE) -C $(KERNEL_SRC) M=$(PWD) modules_install
- depmod -a
- install -m 644 99-xocl.rules /etc/udev/rules.d
- -rmmod -s xocl || true
- -rmmod -s xdma || true
- -modprobe xocl
clean:
rm -rf *.o *.o.d *~ core .depend .*.cmd *.ko *.ko.unsigned *.mod.c \

35
m/raccoon/xilinx-xocl.nix
View File

@@ -1,35 +0,0 @@
{
stdenv
, lib
, kernel
, xilinx-xrt
}:
with lib;
# See: https://iotlab.sdsu.edu/index.php/flash-base-image-on-xilinx-alveo-u280/
stdenv.mkDerivation rec {
pname = "xilinx-xocl";
version = "2.19.0";
src = "${xilinx-xrt}/src/xrt-${version}";
dontStrip = true;
preBuild = ''
cd driver/xocl
'';
patches = [
./xilinx-xocl-depmod.patch
];
buildFlags = [ "KERNEL_SRC=${kernel.dev}/lib/modules/${kernel.modDirVersion}/build" ];
installFlags = [
"KERNEL_SRC=${kernel.dev}/lib/modules/${kernel.modDirVersion}/build"
"INSTALL_MOD_PATH=${placeholder "out"}"
];
postInstall = ''
mkdir -p $out/etc/udev/rules.d
install -m 644 userpf/99-xocl.rules $out/etc/udev/rules.d
install -m 644 mgmtpf/99-xclmgmt.rules $out/etc/udev/rules.d
'';
nativeBuildInputs = kernel.moduleBuildDependencies;
hardeningDisable = [ "all" ];
}

25
m/raccoon/xilinx-xrt-aiebu.patch
View File

@@ -1,25 +0,0 @@
--- a/src/runtime_src/core/common/aiebu/src/cpp/aiebu/utils/asm/CMakeLists.txt
+++ b/src/runtime_src/core/common/aiebu/src/cpp/aiebu/utils/asm/CMakeLists.txt
@@ -23,8 +23,6 @@ add_executable(aiebu-asm $<TARGET_OBJECTS:aiebu_asm_objects>)
target_link_libraries(aiebu-asm PRIVATE aiebu_static)
if (${CMAKE_SYSTEM_NAME} STREQUAL "Linux")
- target_link_options(aiebu-asm PRIVATE "-static")
- set_target_properties(aiebu-asm PROPERTIES INSTALL_RPATH "" BUILD_RPATH "")
# Create a dynamically linked executable. aiebu-asm-dyn, on Linux for running
# valgrind, etc. This binary is not released for deployment but only used for
@@ -35,13 +33,6 @@ if (${CMAKE_SYSTEM_NAME} STREQUAL "Linux")
target_link_libraries(aiebu-asm-dyn PRIVATE aiebu_static)
endif()
-# This custom target fails if aiebu-asm has any dynamic dependencies
-add_custom_target(check_dynamic_deps ALL
- COMMAND ${CMAKE_COMMAND} -E echo "Checking for dynamic dependencies ..."
- COMMAND ${CMAKE_COMMAND} -P "${AIEBU_SOURCE_DIR}/cmake/depends.cmake" $<TARGET_FILE:aiebu-asm> aiebu-asm_depends.txt
- DEPENDS aiebu-asm
- )
-
install(TARGETS aiebu-asm
RUNTIME DESTINATION ${AIEBU_INSTALL_BIN_DIR}
CONFIGURATIONS Debug Release COMPONENT Runtime

13
m/raccoon/xilinx-xrt-icd.patch
View File

@@ -1,13 +0,0 @@
diff --git a/src/CMake/icd.cmake b/src/CMake/icd.cmake
index 255a2e3d8..460a6d4c7 100644
--- a/src/CMake/icd.cmake
+++ b/src/CMake/icd.cmake
@@ -10,7 +10,7 @@ configure_file (
${ICD_FILE_NAME}
)
-set(OCL_ICD_INSTALL_PREFIX "/etc/OpenCL/vendors")
+set(OCL_ICD_INSTALL_PREFIX "${CMAKE_INSTALL_PREFIX}/etc/OpenCL/vendors")
install (FILES ${CMAKE_CURRENT_BINARY_DIR}/${ICD_FILE_NAME}
DESTINATION ${OCL_ICD_INSTALL_PREFIX}

204
m/raccoon/xilinx-xrt-u280-support.patch
View File

@@ -1,204 +0,0 @@
From 6f64871f2e679ad5d3b140c8a2732edaae2dcf6a Mon Sep 17 00:00:00 2001
From: Rodrigo Arias Mallo <rodrigo.arias@bsc.es>
Date: Thu, 20 Feb 2025 18:49:54 +0100
Subject: [PATCH] Revert "Removed support for u50lv, u55n and u280 platforms in
XRT (#7901)"
This reverts commit 41f4221433c6b173316b61cb2e7e3ee5152d8075.
---
.../core/pcie/driver/linux/xocl/devices.h | 103 ++++++++++++++++++
1 file changed, 103 insertions(+)
diff --git a/src/runtime_src/core/pcie/driver/linux/xocl/devices.h b/src/runtime_src/core/pcie/driver/linux/xocl/devices.h
index 971ad73d2..5fe329cfa 100644
--- a/src/runtime_src/core/pcie/driver/linux/xocl/devices.h
+++ b/src/runtime_src/core/pcie/driver/linux/xocl/devices.h
@@ -2064,6 +2064,14 @@ struct xocl_subdev_map {
.subdev_num = ARRAY_SIZE(USER_RES_DSA52), \
}
+#define XOCL_BOARD_USER_DSA52_U280 \
+ (struct xocl_board_private){ \
+ .flags = 0, \
+ .subdev_info = USER_RES_DSA52, \
+ .subdev_num = ARRAY_SIZE(USER_RES_DSA52), \
+ .p2p_bar_sz = 64, \
+ }
+
#define XOCL_BOARD_USER_SMARTN \
(struct xocl_board_private){ \
.flags = XOCL_DSAFLAG_SMARTN, \
@@ -2370,6 +2378,30 @@ struct xocl_subdev_map {
.flash_type = FLASH_TYPE_SPI, \
}
+
+#define MGMT_RES_XBB_DSA52_U280 \
+ ((struct xocl_subdev_info []) { \
+ XOCL_DEVINFO_FEATURE_ROM, \
+ XOCL_DEVINFO_PRP_IORES_MGMT, \
+ XOCL_DEVINFO_AXIGATE_ULP, \
+ XOCL_DEVINFO_CLOCK_HBM, \
+ XOCL_DEVINFO_AF_DSA52, \
+ XOCL_DEVINFO_XMC, \
+ XOCL_DEVINFO_XVC_PRI, \
+ XOCL_DEVINFO_MAILBOX_MGMT, \
+ XOCL_DEVINFO_ICAP_MGMT, \
+ XOCL_DEVINFO_FMGR, \
+ XOCL_DEVINFO_FLASH, \
+ })
+
+#define XOCL_BOARD_MGMT_XBB_DSA52_U280 \
+ (struct xocl_board_private){ \
+ .flags = 0, \
+ .subdev_info = MGMT_RES_XBB_DSA52_U280, \
+ .subdev_num = ARRAY_SIZE(MGMT_RES_XBB_DSA52_U280), \
+ .flash_type = FLASH_TYPE_SPI, \
+ }
+
#define MGMT_RES_XBB_SMARTN \
((struct xocl_subdev_info []) { \
XOCL_DEVINFO_FEATURE_ROM_SMARTN, \
@@ -2772,6 +2804,24 @@ struct xocl_subdev_map {
.board_name = "u50" \
}
+#define XOCL_BOARD_U55N_USER_RAPTOR2 \
+ (struct xocl_board_private){ \
+ .flags = XOCL_DSAFLAG_DYNAMIC_IP, \
+ .board_name = "u55n", \
+ .subdev_info = RES_USER_VSEC, \
+ .subdev_num = ARRAY_SIZE(RES_USER_VSEC), \
+ }
+
+#define XOCL_BOARD_U55N_MGMT_RAPTOR2 \
+ (struct xocl_board_private){ \
+ .flags = XOCL_DSAFLAG_DYNAMIC_IP, \
+ .subdev_info = RES_MGMT_VSEC, \
+ .subdev_num = ARRAY_SIZE(RES_MGMT_VSEC), \
+ .flash_type = FLASH_TYPE_SPI, \
+ .board_name = "u55n", \
+ .vbnv = "xilinx_u55n" \
+ }
+
#define XOCL_BOARD_U55C_USER_RAPTOR2 \
(struct xocl_board_private){ \
.flags = XOCL_DSAFLAG_DYNAMIC_IP, \
@@ -2790,6 +2840,24 @@ struct xocl_subdev_map {
.vbnv = "xilinx_u55c" \
}
+#define XOCL_BOARD_U50LV_USER_RAPTOR2 \
+ (struct xocl_board_private){ \
+ .flags = XOCL_DSAFLAG_DYNAMIC_IP, \
+ .board_name = "u50lv", \
+ .subdev_info = RES_USER_VSEC, \
+ .subdev_num = ARRAY_SIZE(RES_USER_VSEC), \
+ }
+
+#define XOCL_BOARD_U50LV_MGMT_RAPTOR2 \
+ (struct xocl_board_private){ \
+ .flags = XOCL_DSAFLAG_DYNAMIC_IP, \
+ .subdev_info = RES_MGMT_VSEC, \
+ .subdev_num = ARRAY_SIZE(RES_MGMT_VSEC), \
+ .flash_type = FLASH_TYPE_SPI, \
+ .board_name = "u50lv", \
+ .vbnv = "xilinx_u50lv" \
+ }
+
#define XOCL_BOARD_U50C_USER_RAPTOR2 \
(struct xocl_board_private){ \
.flags = XOCL_DSAFLAG_DYNAMIC_IP, \
@@ -2834,6 +2902,14 @@ struct xocl_subdev_map {
.p2p_bar_sz = 64, \
}
+#define XOCL_BOARD_U280_USER_RAPTOR2 \
+ (struct xocl_board_private){ \
+ .flags = XOCL_DSAFLAG_DYNAMIC_IP, \
+ .subdev_info = RES_USER_VSEC, \
+ .subdev_num = ARRAY_SIZE(RES_USER_VSEC), \
+ .board_name = "u280", \
+ }
+
#define XOCL_BOARD_U250_MGMT_RAPTOR2 \
(struct xocl_board_private){ \
.flags = XOCL_DSAFLAG_DYNAMIC_IP, \
@@ -2843,6 +2919,15 @@ struct xocl_subdev_map {
.board_name = "u250" \
}
+#define XOCL_BOARD_U280_MGMT_RAPTOR2 \
+ (struct xocl_board_private){ \
+ .flags = XOCL_DSAFLAG_DYNAMIC_IP, \
+ .subdev_info = RES_MGMT_VSEC, \
+ .subdev_num = ARRAY_SIZE(RES_MGMT_VSEC), \
+ .flash_type = FLASH_TYPE_SPI, \
+ .board_name = "u280" \
+ }
+
#define XOCL_BOARD_VERSAL_USER_RAPTOR2 \
(struct xocl_board_private){ \
.flags = XOCL_DSAFLAG_DYNAMIC_IP | \
@@ -3435,6 +3520,8 @@ struct xocl_subdev_map {
{ XOCL_PCI_DEVID(0x10EE, 0x6A8F, 0x4353, MGMT_6A8F_DSA52) }, \
{ XOCL_PCI_DEVID(0x10EE, 0x5000, PCI_ANY_ID, MGMT_XBB_DSA52_U200) }, \
{ XOCL_PCI_DEVID(0x10EE, 0x5004, PCI_ANY_ID, MGMT_XBB_DSA52) }, \
+ { XOCL_PCI_DEVID(0x10EE, 0x5008, PCI_ANY_ID, MGMT_XBB_DSA52_U280) },\
+ { XOCL_PCI_DEVID(0x10EE, 0x500C, PCI_ANY_ID, MGMT_XBB_DSA52_U280) },\
{ XOCL_PCI_DEVID(0x10EE, 0x5020, PCI_ANY_ID, MGMT_U50) }, \
{ XOCL_PCI_DEVID(0x10EE, 0x5028, PCI_ANY_ID, MGMT_VERSAL) }, \
{ XOCL_PCI_DEVID(0x10EE, 0x5044, PCI_ANY_ID, MGMT_VERSAL) }, \
@@ -3448,7 +3535,9 @@ struct xocl_subdev_map {
{ XOCL_PCI_DEVID(0x10EE, 0x5078, PCI_ANY_ID, VERSAL_MGMT_RAPTOR2) }, \
{ XOCL_PCI_DEVID(0x10EE, 0x5050, PCI_ANY_ID, MGMT_U25) }, \
{ XOCL_PCI_DEVID(0x10EE, 0x504E, PCI_ANY_ID, U26Z_MGMT_RAPTOR2) }, \
+ { XOCL_PCI_DEVID(0x10EE, 0x5058, PCI_ANY_ID, U55N_MGMT_RAPTOR2) },\
{ XOCL_PCI_DEVID(0x10EE, 0x505C, PCI_ANY_ID, U55C_MGMT_RAPTOR2) },\
+ { XOCL_PCI_DEVID(0x10EE, 0x5060, PCI_ANY_ID, U50LV_MGMT_RAPTOR2) },\
{ XOCL_PCI_DEVID(0x10EE, 0x506C, PCI_ANY_ID, U50C_MGMT_RAPTOR2) },\
{ XOCL_PCI_DEVID(0x10EE, 0x5074, PCI_ANY_ID, X3522PV_MGMT_RAPTOR2) }, \
{ XOCL_PCI_DEVID(0x13FE, 0x006C, PCI_ANY_ID, MGMT_6A8F) }, \
@@ -3457,6 +3546,8 @@ struct xocl_subdev_map {
{ XOCL_PCI_DEVID(0x10EE, 0xF987, PCI_ANY_ID, XBB_MFG("samsung_efuse")) },\
{ XOCL_PCI_DEVID(0x10EE, 0xD000, PCI_ANY_ID, XBB_MFG("u200")) },\
{ XOCL_PCI_DEVID(0x10EE, 0xD004, PCI_ANY_ID, XBB_MFG("u250")) },\
+ { XOCL_PCI_DEVID(0x10EE, 0xD008, PCI_ANY_ID, XBB_MFG("u280-es1")) }, \
+ { XOCL_PCI_DEVID(0x10EE, 0xD00C, PCI_ANY_ID, XBB_MFG("u280")) },\
{ XOCL_PCI_DEVID(0x10EE, 0xD030, PCI_ANY_ID, XBB_MFG("poc1465")) },\
{ XOCL_PCI_DEVID(0x10EE, 0xD020, PCI_ANY_ID, XBB_MFG_U50) }, \
{ XOCL_PCI_DEVID(0x10EE, 0xD03C, PCI_ANY_ID, XBB_MFG_U30) }, \
@@ -3495,11 +3586,15 @@ struct xocl_subdev_map {
{ XOCL_PCI_DEVID(0x10EE, 0x7990, 0x4352, USER_DSA52) }, \
{ XOCL_PCI_DEVID(0x10EE, 0x5001, PCI_ANY_ID, USER_DSA52) }, \
{ XOCL_PCI_DEVID(0x10EE, 0x5005, PCI_ANY_ID, USER_DSA52) }, \
+ { XOCL_PCI_DEVID(0x10EE, 0x5009, PCI_ANY_ID, USER_DSA52_U280) }, \
+ { XOCL_PCI_DEVID(0x10EE, 0x500D, PCI_ANY_ID, USER_DSA52_U280) }, \
{ XOCL_PCI_DEVID(0x10EE, 0x5021, PCI_ANY_ID, USER_U50) }, \
{ XOCL_PCI_DEVID(0x10EE, 0x5051, PCI_ANY_ID, USER_U25) }, \
{ XOCL_PCI_DEVID(0x10EE, 0x504F, PCI_ANY_ID, U26Z_USER_RAPTOR2) }, \
{ XOCL_PCI_DEVID(0x10EE, 0x513D, PCI_ANY_ID, U30_USER_RAPTOR2) }, \
+ { XOCL_PCI_DEVID(0x10EE, 0x5059, PCI_ANY_ID, U55N_USER_RAPTOR2) },\
{ XOCL_PCI_DEVID(0x10EE, 0x505D, PCI_ANY_ID, U55C_USER_RAPTOR2) },\
+ { XOCL_PCI_DEVID(0x10EE, 0x5061, PCI_ANY_ID, U50LV_USER_RAPTOR2) },\
{ XOCL_PCI_DEVID(0x10EE, 0x506D, PCI_ANY_ID, U50C_USER_RAPTOR2) },\
{ XOCL_PCI_DEVID(0x10EE, 0x5075, PCI_ANY_ID, X3522PV_USER_RAPTOR2) }, \
{ XOCL_PCI_DEVID(0x13FE, 0x0065, PCI_ANY_ID, USER_XDMA) }, \
@@ -3561,6 +3656,14 @@ struct xocl_subdev_map {
.vbnv = "xilinx_u250", \
.priv_data = &XOCL_BOARD_U250_MGMT_RAPTOR2, \
.type = XOCL_DSAMAP_RAPTOR2 }, \
+ { 0x10EE, 0x500D, PCI_ANY_ID, \
+ .vbnv = "xilinx_u280", \
+ .priv_data = &XOCL_BOARD_U280_USER_RAPTOR2, \
+ .type = XOCL_DSAMAP_RAPTOR2 }, \
+ { 0x10EE, 0x500C, PCI_ANY_ID, \
+ .vbnv = "xilinx_u280", \
+ .priv_data = &XOCL_BOARD_U280_MGMT_RAPTOR2, \
+ .type = XOCL_DSAMAP_RAPTOR2 }, \
{ 0x10EE, 0x5020, PCI_ANY_ID, \
.vbnv = "xilinx_u50", \
.priv_data = &XOCL_BOARD_U50_MGMT_RAPTOR2, \
--
2.45.2

74
m/raccoon/xilinx-xrt.nix
View File

@@ -1,74 +0,0 @@
{
stdenv
, fetchFromGitHub
, enableDebug ? false
, lib
, cmake
, pkg-config
, libdrm
, libelf
, opencl-headers
, ocl-icd
, git
, boost
, ncurses
, openssl
, rapidjson
, protobuf
, python3
, libuuid
, curl
, libsystemtap
, libxcrypt
, udev
}:
with lib;
stdenv.mkDerivation rec {
name = "xilinx-xrt";
version = "dc81a9cc";
src = fetchFromGitHub {
owner = "Xilinx";
repo = "XRT";
rev = "dc81a9cc852bf44e71aa3edde7c8f7d54f355eab";
hash = "sha256-SG1gIO8Bvgs5XQ7HswjWNavPH+m8xHXqauztuJa6aEo=";
fetchSubmodules = true;
};
dontStrip = true;
patches = [
./xilinx-xrt-aiebu.patch
./xilinx-xrt-icd.patch
./xilinx-xrt-u280-support.patch
];
cmakeFlags = [
"-DXRT_INSTALL_PREFIX=${placeholder "out"}"
"-DXRT_INSTALL_DIR=${placeholder "out"}"
"-DXRT_NATIVE_BUILD=yes"
"-DCMAKE_BUILD_WITH_INSTALL_RPATH=ON"
# Enable debug
"-DCMAKE_BUILD_TYPE=RelWithDebInfo"
#"-DCMAKE_BUILD_TYPE=Debug"
#"-DXOCL_VERBOSE=1"
#"-DXRT_VERBOSE=1"
];
# A directory named "build" already exists
cmakeBuildDir = "the-build";
# Replace all occurences of /usr to $out, although some are not correct. By
# default they are replaced by /var/empty
dontFixCmake = true;
preConfigure = ''
find "." -type f \( -name "*.cmake" -o -name "*.cmake.in" -o -name CMakeLists.txt \) -print |
while read fn; do
sed -e 's^/usr\([ /]\|$\)^'$out'\1^g' -e 's^/opt\([ /]\|$\)^'$out'\1^g' < "$fn" > "$fn.tmp"
mv "$fn.tmp" "$fn"
done
'';
nativeBuildInputs = [ cmake pkg-config git ];
buildInputs = [ libdrm.dev opencl-headers ocl-icd boost.dev ncurses
openssl.dev rapidjson protobuf python3 libelf libuuid.dev curl.dev
libsystemtap libxcrypt udev.out udev.dev
];
hardeningDisable = [ "all" ];
}

405
pkgs/ceph.nix Normal file
View File

@@ -0,0 +1,405 @@
{ lib
, stdenv
, runCommand
, fetchurl
, fetchFromGitHub
, fetchPypi
# Build time
, cmake
, ensureNewerSourcesHook
, fmt
, git
, makeWrapper
, nasm
, pkg-config
, which
# Tests
, nixosTests
# Runtime dependencies
, arrow-cpp
, babeltrace
, boost179
, bzip2
, cryptsetup
, cunit
, doxygen
, gperf
, graphviz
, gtest
, icu
, libcap
, libcap_ng
, libnl
, libxml2
, lttng-ust
, lua
, lz4
, oath-toolkit
, openldap
, python310
, rdkafka
, rocksdb
, snappy
, sqlite
, utf8proc
, zlib
, zstd
# Optional Dependencies
, curl ? null
, expat ? null
, fuse ? null
, libatomic_ops ? null
, libedit ? null
, libs3 ? null
, yasm ? null
# Mallocs
, gperftools ? null
, jemalloc ? null
# Crypto Dependencies
, cryptopp ? null
, nspr ? null
, nss ? null
# Linux Only Dependencies
, linuxHeaders
, util-linux
, libuuid
, udev
, keyutils
, rdma-core
, rabbitmq-c
, libaio ? null
, libxfs ? null
, liburing ? null
, zfs ? null
, ...
}:
# We must have one crypto library
assert cryptopp != null || (nss != null && nspr != null);
let
shouldUsePkg = pkg: if pkg != null && pkg.meta.available then pkg else null;
optYasm = shouldUsePkg yasm;
optExpat = shouldUsePkg expat;
optCurl = shouldUsePkg curl;
optFuse = shouldUsePkg fuse;
optLibedit = shouldUsePkg libedit;
optLibatomic_ops = shouldUsePkg libatomic_ops;
optLibs3 = shouldUsePkg libs3;
optJemalloc = shouldUsePkg jemalloc;
optGperftools = shouldUsePkg gperftools;
optCryptopp = shouldUsePkg cryptopp;
optNss = shouldUsePkg nss;
optNspr = shouldUsePkg nspr;
optLibaio = shouldUsePkg libaio;
optLibxfs = shouldUsePkg libxfs;
optZfs = shouldUsePkg zfs;
# Downgrade rocksdb, 7.10 breaks ceph
rocksdb' = rocksdb.overrideAttrs {
version = "7.9.2";
src = fetchFromGitHub {
owner = "facebook";
repo = "rocksdb";
rev = "refs/tags/v7.9.2";
hash = "sha256-5P7IqJ14EZzDkbjaBvbix04ceGGdlWBuVFH/5dpD5VM=";
};
};
hasRadosgw = optExpat != null && optCurl != null && optLibedit != null;
# Malloc implementation (can be jemalloc, tcmalloc or null)
malloc = if optJemalloc != null then optJemalloc else optGperftools;
# We prefer nss over cryptopp
cryptoStr = if optNss != null && optNspr != null then "nss" else
if optCryptopp != null then "cryptopp" else "none";
cryptoLibsMap = {
nss = [ optNss optNspr ];
cryptopp = [ optCryptopp ];
none = [ ];
};
getMeta = description: with lib; {
homepage = "https://ceph.io/en/";
inherit description;
license = with licenses; [ lgpl21 gpl2 bsd3 mit publicDomain ];
maintainers = with maintainers; [ adev ak johanot krav ];
platforms = [ "x86_64-linux" "aarch64-linux" ];
};
ceph-common = with python.pkgs; buildPythonPackage {
pname = "ceph-common";
inherit src version;
sourceRoot = "ceph-${version}/src/python-common";
propagatedBuildInputs = [
pyyaml
];
nativeCheckInputs = [
pytestCheckHook
];
disabledTests = [
# requires network access
"test_valid_addr"
];
meta = getMeta "Ceph common module for code shared by manager modules";
};
# Watch out for python <> boost compatibility
python = python310.override {
packageOverrides = self: super: {
sqlalchemy = super.sqlalchemy.overridePythonAttrs rec {
version = "1.4.46";
src = fetchPypi {
pname = "SQLAlchemy";
inherit version;
hash = "sha256-aRO4JH2KKS74MVFipRkx4rQM6RaB8bbxj2lwRSAMSjA=";
};
disabledTestPaths = [
"test/aaa_profiling"
"test/ext/mypy"
];
};
};
};
boost = boost179.override {
enablePython = true;
inherit python;
};
# TODO: split this off in build and runtime environment
ceph-python-env = python.withPackages (ps: with ps; [
ceph-common
# build time
cython
# debian/control
bcrypt
cherrypy
influxdb
jinja2
kubernetes
natsort
numpy
pecan
prettytable
pyjwt
pyopenssl
python-dateutil
pyyaml
requests
routes
scikit-learn
scipy
setuptools
sphinx
virtualenv
werkzeug
# src/pybind/mgr/requirements-required.txt
cryptography
jsonpatch
# src/tools/cephfs/shell/setup.py
cmd2
colorama
]);
inherit (ceph-python-env.python) sitePackages;
version = "18.2.0";
src = fetchurl {
url = "https://download.ceph.com/tarballs/ceph-${version}.tar.gz";
hash = "sha256:0k9nl6xi5brva51rr14m7ig27mmmd7vrpchcmqc40q3c2khn6ns9";
};
in rec {
ceph = stdenv.mkDerivation {
pname = "ceph";
inherit src version;
nativeBuildInputs = [
cmake
fmt
git
makeWrapper
nasm
pkg-config
python
python.pkgs.python # for the toPythonPath function
python.pkgs.wrapPython
which
(ensureNewerSourcesHook { year = "1980"; })
# for building docs/man-pages presumably
doxygen
graphviz
];
enableParallelBuilding = true;
buildInputs = cryptoLibsMap.${cryptoStr} ++ [
arrow-cpp
babeltrace
boost
bzip2
ceph-python-env
cryptsetup
cunit
gperf
gtest
icu
libcap
libnl
libxml2
lttng-ust
lua
lz4
malloc
oath-toolkit
openldap
optLibatomic_ops
optLibs3
optYasm
rdkafka
rocksdb'
snappy
sqlite
utf8proc
zlib
zstd
] ++ lib.optionals stdenv.isLinux [
keyutils
libcap_ng
liburing
libuuid
linuxHeaders
optLibaio
optLibxfs
optZfs
rabbitmq-c
rdma-core
udev
util-linux
] ++ lib.optionals hasRadosgw [
optCurl
optExpat
optFuse
optLibedit
];
pythonPath = [ ceph-python-env "${placeholder "out"}/${ceph-python-env.sitePackages}" ];
preConfigure =''
substituteInPlace src/common/module.c --replace "/sbin/modinfo" "modinfo"
substituteInPlace src/common/module.c --replace "/sbin/modprobe" "modprobe"
substituteInPlace src/common/module.c --replace "/bin/grep" "grep"
# install target needs to be in PYTHONPATH for "*.pth support" check to succeed
# set PYTHONPATH, so the build system doesn't silently skip installing ceph-volume and others
export PYTHONPATH=${ceph-python-env}/${sitePackages}:$lib/${sitePackages}:$out/${sitePackages}
patchShebangs src/
'';
cmakeFlags = [
"-DCMAKE_INSTALL_DATADIR=${placeholder "lib"}/lib"
"-DWITH_CEPHFS_SHELL:BOOL=ON"
"-DWITH_SYSTEMD:BOOL=OFF"
# `WITH_JAEGER` requires `thrift` as a depenedncy (fine), but the build fails with:
# CMake Error at src/opentelemetry-cpp-stamp/opentelemetry-cpp-build-Release.cmake:49 (message):
# Command failed: 2
#
# 'make' 'opentelemetry_trace' 'opentelemetry_exporter_jaeger_trace'
#
# See also
#
# /build/ceph-18.2.0/build/src/opentelemetry-cpp/src/opentelemetry-cpp-stamp/opentelemetry-cpp-build-*.log
# and that file contains:
# /build/ceph-18.2.0/src/jaegertracing/opentelemetry-cpp/exporters/jaeger/src/TUDPTransport.cc: In member function 'virtual void opentelemetry::v1::exporter::jaeger::TUDPTransport::close()':
# /build/ceph-18.2.0/src/jaegertracing/opentelemetry-cpp/exporters/jaeger/src/TUDPTransport.cc:71:7: error: '::close' has not been declared; did you mean 'pclose'?
# 71 | ::THRIFT_CLOSESOCKET(socket_);
# | ^~~~~~~~~~~~~~~~~~
# Looks like `close()` is somehow not included.
# But the relevant code is already removed in `open-telemetry` 1.10: https://github.com/open-telemetry/opentelemetry-cpp/pull/2031
# So it's proably not worth trying to fix that for this Ceph version,
# and instead just disable Ceph's Jaeger support.
"-DWITH_JAEGER:BOOL=OFF"
"-DWITH_TESTS:BOOL=OFF"
# Use our own libraries, where possible
"-DWITH_SYSTEM_ARROW:BOOL=ON" # Only used if other options enable Arrow support.
"-DWITH_SYSTEM_BOOST:BOOL=ON"
"-DWITH_SYSTEM_GTEST:BOOL=ON"
"-DWITH_SYSTEM_ROCKSDB:BOOL=ON"
"-DWITH_SYSTEM_UTF8PROC:BOOL=ON"
"-DWITH_SYSTEM_ZSTD:BOOL=ON"
# TODO breaks with sandbox, tries to download stuff with npm
"-DWITH_MGR_DASHBOARD_FRONTEND:BOOL=OFF"
# WITH_XFS has been set default ON from Ceph 16, keeping it optional in nixpkgs for now
''-DWITH_XFS=${if optLibxfs != null then "ON" else "OFF"}''
] ++ lib.optional stdenv.isLinux "-DWITH_SYSTEM_LIBURING=ON";
postFixup = ''
wrapPythonPrograms
wrapProgram $out/bin/ceph-mgr --prefix PYTHONPATH ":" "$(toPythonPath ${placeholder "out"}):$(toPythonPath ${ceph-python-env})"
# Test that ceph-volume exists since the build system has a tendency to
# silently drop it with misconfigurations.
test -f $out/bin/ceph-volume
'';
outputs = [ "out" "lib" "dev" "doc" "man" ];
doCheck = false; # uses pip to install things from the internet
# Takes 7+h to build with 2 cores.
requiredSystemFeatures = [ "big-parallel" ];
meta = getMeta "Distributed storage system";
passthru = {
inherit version;
tests = {
inherit (nixosTests)
ceph-multi-node
ceph-single-node
ceph-single-node-bluestore;
};
};
};
ceph-client = runCommand "ceph-client-${version}" {
meta = getMeta "Tools needed to mount Ceph's RADOS Block Devices/Cephfs";
} ''
mkdir -p $out/{bin,etc,${sitePackages},share/bash-completion/completions}
cp -r ${ceph}/bin/{ceph,.ceph-wrapped,rados,rbd,rbdmap} $out/bin
cp -r ${ceph}/bin/ceph-{authtool,conf,dencoder,rbdnamer,syn} $out/bin
cp -r ${ceph}/bin/rbd-replay* $out/bin
cp -r ${ceph}/sbin/mount.ceph $out/bin
cp -r ${ceph}/sbin/mount.fuse.ceph $out/bin
ln -s bin $out/sbin
cp -r ${ceph}/${sitePackages}/* $out/${sitePackages}
cp -r ${ceph}/etc/bash_completion.d $out/share/bash-completion/completions
# wrapPythonPrograms modifies .ceph-wrapped, so lets just update its paths
substituteInPlace $out/bin/ceph --replace ${ceph} $out
substituteInPlace $out/bin/.ceph-wrapped --replace ${ceph} $out
'';
}

36
pkgs/mpich-fix-hwtopo.patch
View File

@@ -1,36 +0,0 @@
diff --git a/src/util/mpir_hwtopo.c b/src/util/mpir_hwtopo.c
index 33e88bc..ee3641c 100644
--- a/src/util/mpir_hwtopo.c
+++ b/src/util/mpir_hwtopo.c
@@ -200,18 +200,6 @@ int MPII_hwtopo_init(void)
#ifdef HAVE_HWLOC
bindset = hwloc_bitmap_alloc();
hwloc_topology_init(&hwloc_topology);
- char *xmlfile = MPIR_pmi_get_jobattr("PMI_hwloc_xmlfile");
- if (xmlfile != NULL) {
- int rc;
- rc = hwloc_topology_set_xml(hwloc_topology, xmlfile);
- if (rc == 0) {
- /* To have hwloc still actually call OS-specific hooks, the
- * HWLOC_TOPOLOGY_FLAG_IS_THISSYSTEM has to be set to assert that the loaded
- * file is really the underlying system. */
- hwloc_topology_set_flags(hwloc_topology, HWLOC_TOPOLOGY_FLAG_IS_THISSYSTEM);
- }
- MPL_free(xmlfile);
- }
hwloc_topology_set_io_types_filter(hwloc_topology, HWLOC_TYPE_FILTER_KEEP_ALL);
if (!hwloc_topology_load(hwloc_topology))
--- a/src/mpi/init/local_proc_attrs.c
+++ b/src/mpi/init/local_proc_attrs.c
@@ -79,10 +79,6 @@ int MPII_init_local_proc_attrs(int *p_thread_required)
/* Set the number of tag bits. The device may override this value. */
MPIR_Process.tag_bits = MPIR_TAG_BITS_DEFAULT;
- char *requested_kinds = MPIR_pmi_get_jobattr("PMI_mpi_memory_alloc_kinds");
- MPIR_get_supported_memory_kinds(requested_kinds, &MPIR_Process.memory_alloc_kinds);
- MPL_free(requested_kinds);
-
return mpi_errno;
}

11
pkgs/nix-socket.patch Normal file
View File

@@ -0,0 +1,11 @@
--- a/misc/systemd/nix-daemon.socket.in 1970-01-01 01:00:01.000000000 +0100
+++ b/misc/systemd/nix-daemon.socket.in 2023-09-18 17:53:32.351760208 +0200
@@ -1,7 +1,7 @@
[Unit]
Description=Nix Daemon Socket
Before=multi-user.target
-RequiresMountsFor=@storedir@
+RequiresMountsFor=@localstatedir@
ConditionPathIsReadWrite=@localstatedir@/nix/daemon-socket
[Socket]

70
pkgs/overlay.nix
View File

@@ -1,45 +1,39 @@
final: prev: final: prev:
{ {
# Set MPICH as default bsc = prev.bsc.extend (bscFinal: bscPrev: {
mpi = final.mpich; # Set MPICH as default
mpi = bscFinal.mpich;
# Configure the network for MPICH # Configure the network for MPICH
mpich = with final; let mpich = with final; prev.mpich.overrideAttrs (old: {
# pmix comes with the libraries in .out and headers in .dev buildInput = old.buildInputs ++ [
pmixAll = symlinkJoin { libfabric
name = "pmix-all"; pmix
paths = [ pmix.dev pmix.out ]; ];
}; configureFlags = [
in prev.mpich.overrideAttrs (old: { "--enable-shared"
patches = [ "--enable-sharedlib"
# See https://github.com/pmodels/mpich/issues/6946 "--with-pm=no"
./mpich-fix-hwtopo.patch "--with-device=ch4:ofi"
]; "--with-pmi=pmix"
buildInput = old.buildInputs ++ [ "--with-pmix=${final.pmix}"
libfabric "--with-libfabric=${final.libfabric}"
pmixAll "--enable-g=log"
]; ] ++ lib.optionals (lib.versionAtLeast gfortran.version "10") [
configureFlags = [ "FFLAGS=-fallow-argument-mismatch" # https://github.com/pmodels/mpich/issues/4300
"--enable-shared" "FCFLAGS=-fallow-argument-mismatch"
"--enable-sharedlib" ];
"--with-pm=no" });
"--with-device=ch4:ofi"
"--with-pmi=pmix"
"--with-pmix=${pmixAll}"
"--with-libfabric=${libfabric}"
"--enable-g=log"
] ++ lib.optionals (lib.versionAtLeast gfortran.version "10") [
"FFLAGS=-fallow-argument-mismatch" # https://github.com/pmodels/mpich/issues/4300
"FCFLAGS=-fallow-argument-mismatch"
];
}); });
slurm = prev.slurm.overrideAttrs (old: { # Update ceph to 18.2.0 until it lands in nixpkgs, see:
patches = (old.patches or []) ++ [ # https://github.com/NixOS/nixpkgs/pull/247849
# See https://bugs.schedmd.com/show_bug.cgi?id=19324 inherit (prev.callPackage ./ceph.nix {
./slurm-rank-expansion.patch lua = prev.lua5_4;
]; fmt = prev.fmt_8;
}); }) ceph ceph-client;
prometheus-slurm-exporter = prev.callPackage ./slurm-exporter.nix { }; nix = prev.nix.overrideAttrs (old: {
patches = old.patches ++ [ ./nix-socket.patch ];
});
} }

22
pkgs/slurm-exporter.nix
View File

@@ -1,22 +0,0 @@
{ buildGoModule, fetchFromGitHub, lib }:
buildGoModule rec {
pname = "prometheus-slurm-exporter";
version = "0.20";
src = fetchFromGitHub {
rev = version;
owner = "vpenso";
repo = pname;
sha256 = "sha256-KS9LoDuLQFq3KoKpHd8vg1jw20YCNRJNJrnBnu5vxvs=";
};
vendorHash = "sha256-A1dd9T9SIEHDCiVT2UwV6T02BSLh9ej6LC/2l54hgwI=";
doCheck = false;
meta = with lib; {
description = "Prometheus SLURM Exporter";
homepage = "https://github.com/vpenso/prometheus-slurm-exporter";
platforms = platforms.linux;
};
}

11
pkgs/slurm-rank-expansion.patch
View File

@@ -1,11 +0,0 @@
--- a/src/plugins/mpi/pmix/pmixp_dmdx.c 2024-03-15 13:05:24.815313882 +0100
+++ b/src/plugins/mpi/pmix/pmixp_dmdx.c 2024-03-15 13:09:53.936900823 +0100
@@ -314,7 +314,7 @@ static void _dmdx_req(buf_t *buf, int no
}
nsptr = pmixp_nspaces_local();
- if (nsptr->ntasks <= rank) {
+ if ((long) nsptr->ntasks <= (long) rank) {
char *nodename = pmixp_info_job_host(nodeid);
PMIXP_ERROR("Bad request from %s: nspace \"%s\" has only %d ranks, asked for %d",
nodename, ns, nsptr->ntasks, rank);

9
secrets/gitea-runner-token.age
View File

@@ -1,9 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 HY2yRg DQdgCk16Yu524BsrWVf0krnwWzDM6SeaJCgQipOfwCA
Ab9ocqra/UWJZI+QGMlxUhBu5AzqfjPgXl+ENIiHYGs
-> ssh-ed25519 CAWG4Q KF9rGCenb3nf+wyz2hyVs/EUEbsmUs5R+1fBxlCibC8
7++Kxbr3FHVdVfnFdHYdAuR0Tgfd+sRcO6WRss6LhEw
-> ssh-ed25519 MSF3dg aUe4DhRsu4X8CFOEAnD/XM/o/0qHYSB522woCaAVh0I
GRcs5cm2YqA/lGhUtbpboBaz7mfgiLaCr+agaB7vACU
--- 9Q7Ou+Pxq+3RZilCb2dKC/pCFjZEt4rp5KnTUUU7WJ8
1<12>Mw4<77><34> <09>:H<>@<40>/<2F>gLtM<74>,<2C>ƥ<>*<2A><>z<EFBFBD>NV5<56>m<EFBFBD><6D>N<EFBFBD>o<EFBFBD><6F>j1 $<24>T<EFBFBD>G_<47>E{<7B>%<25><><17><>H<EFBFBD><EFBFBD>A<EFBFBD>p<EFBFBD>

9
secrets/gitlab-runner-docker-token.age
View File

@@ -1,9 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 HY2yRg WvKK6U1wQtx2pbUDfuaUIXTQiCulDkz7hgUCSwMfMzQ
jLktUMqKuVxukqzz++pHOKvmucUQqeKYy5IwBma7KxY
-> ssh-ed25519 CAWG4Q XKGuNNoYFl9bdZzsqYYTY7GsEt5sypLW4R+1uk78NmU
8dIA2GzRAwTGM5CDHSM2BUBsbXzEAUssWUz2PY2PaTg
-> ssh-ed25519 MSF3dg T630RsKuZIF/bp+KITnIIWWHsg6M/VQGqbWQZxqT+AA
SraZcgZJVtmUzHF/XR9J7aK5t5EDNpkC/av/WJUT/G8
--- /12G8pj9sbs591OM/ryhoLnSWWmzYcoqprk9uN/3g18
<EFBFBD><EFBFBD><EFBFBD><01>‡%<25>]yi"<22><><EFBFBD>L<EFBFBD> <0B><>H`<60>a$<24><>)<29>9ve<76>.0<EFBFBD>m<EFBFBD>K<EFBFBD>v<EFBFBD><EFBFBD> <0B>u"|1c<31>-%<25><>"<22>WF<12><><EFBFBD>A<EFBFBD><41>h<EFBFBD>$<05><>j<e<><65>x<EFBFBD>Lx<4C><78>.?<3F><><EFBFBD>:L<><4C><EFBFBD><EFBFBD>,<2C>u<EFBFBD>|<7C><>F|<7C>i<EFBFBD><69><EFBFBD>

BIN
secrets/gitlab-runner-shell-token.age
View File

Binary file not shown.

10
secrets/jungle-robot-password.age
View File

@@ -1,10 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 HY2yRg 3L1Y5upc5qN6fgiFAox5rD/W8n0eQUv5mT39QAdO5Ac
XkWsmPmzRgHjsvJgsDKJRgHZ7/sBZFmd1Doppj/y390
-> ssh-ed25519 CAWG4Q v03Qr+fckdIpsxvQG/viKxlF8WNpO4XUe//QcPzH4k0
afUwi3ccDCRfUxPDdF7ZkoL+0UX1XwqVtiyabDWjVQk
-> ssh-ed25519 MSF3dg c2hEUk4LslJpiL7v/4UpT8fK7ZiBJ8+uRhZ/vBoRUDE
YX9EpnJpHo1eDsZtapTVY6jD+81kb588Oik4NoY9jro
--- LhUkopNtCsyHCLzEYzBFs+vekOkAR4B3VBaiMF/ZF8w
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>C<EFBFBD><EFBFBD>H<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>y<EFBFBD>LؔItM<74><4D><EFBFBD><EFBFBD>sM<12>\<5C>1-<2D>K<EFBFBD><4B><10><>G:<><7F><02><>
<EFBFBD>g<16><><EFBFBD>bpF<70>Ӷ<EFBFBD>%Y<>

11
secrets/nosv-token.age Normal file
View File

@@ -0,0 +1,11 @@
age-encryption.org/v1
-> ssh-ed25519 HY2yRg hrdS7Dl/j+u3XVfM79ZJpZSlre9TcD7DTQ+EEAT6kEE
avUO96P1h7w2BYWgrQ7GpUgdaCV9AZL7eOTTcF9gfro
-> ssh-ed25519 CAWG4Q A5raRY1CAgFYZgoQ92GMyNejYNdHx/7Y6uTS+EjLPWA
FRFqT2Jz7qRcybaxkQTKHGl797LVXoHpYG4RZSrX/70
-> ssh-ed25519 MSF3dg D+R80Bg7W9AuiOMAqtGFZQl994dRBIegYRLmmTaeZ3o
BHvZsugRiuZ91b4jk91h30o3eF3hadSnVCwxXge95T8
-> BT/El`a-grease W{nq|Vm )bld 2Nl}4 N$#JGB4t
oLG+0S1aGfO/ohCfgGmhDhwwLi4H
--- 2I5C+FvBG/K1ZHh7C5QD39feTSLoFGwcTeZAmeILNsI
<EFBFBD><EFBFBD>W<EFBFBD>o<> <14><>d;<3B><>C<EFBFBD>.<2E><>_(<28>u

BIN
secrets/ovni-token.age Normal file
View File

Binary file not shown.

6
secrets/secrets.nix
View File

@@ -6,11 +6,9 @@ let
safe = keys.hostGroup.safe ++ adminsKeys; safe = keys.hostGroup.safe ++ adminsKeys;
in in
{ {
"gitea-runner-token.age".publicKeys = hut; "ovni-token.age".publicKeys = hut;
"gitlab-runner-docker-token.age".publicKeys = hut; "nosv-token.age".publicKeys = hut;
"gitlab-runner-shell-token.age".publicKeys = hut;
"nix-serve.age".publicKeys = hut; "nix-serve.age".publicKeys = hut;
"jungle-robot-password.age".publicKeys = hut;
"ceph-user.age".publicKeys = safe; "ceph-user.age".publicKeys = safe;
"munge-key.age".publicKeys = safe; "munge-key.age".publicKeys = safe;

6
web/content/git/_index.md
View File

@@ -1,6 +0,0 @@
---
title: "Git"
description: "Gitea instance"
---
If you are reading this page, the proxy to the Gitea service is not working.

6
web/content/lists/_index.md
View File

@@ -1,6 +0,0 @@
---
title: "Lists"
description: "Mailing lists"
---
If you are reading this page, the proxy to the public-inbox service is not working.

8
web/content/owl/_index.md
View File

@@ -8,11 +8,3 @@ description: "Low system noise"
Much like the silent flight of an owl at night, these nodes are configured to Much like the silent flight of an owl at night, these nodes are configured to
minimize the system noise and let programs run undisturbed. The list of nodes is minimize the system noise and let programs run undisturbed. The list of nodes is
`owl[1-2]` and are available for jobs with SLURM. `owl[1-2]` and are available for jobs with SLURM.
The contents of the nix store of the hut node is made available in the owl nodes
when a job is running. This allows jobs to access the same paths that are on hut
to load dependencies.
For now, only the hut node can be used to build new derivations so that they
appear in the compute nodes. This applies to the `nix build`, `nix develop` and
`nix shell` commands.

25
web/hugo.toml
View File

@@ -2,27 +2,4 @@ baseURL = 'https://jungle.bsc.es/'
languageCode = 'en-us' languageCode = 'en-us'
title = 'The jungle' title = 'The jungle'
theme = 'PaperMod' theme = 'PaperMod'
sectionPagesMenu = "main"
[[menu.main]]
identifier = "grafana"
name = "Grafana"
url = "/grafana/"
weight = 10
[[menu.main]]
identifier = "Git"
name = "Git"
url = "/git/"
weight = 20
[[menu.main]]
identifier = "Lists"
name = "Lists"
url = "/lists/"
weight = 30
[[menu.main]]
identifier = "Posts"
name = "Posts"
url = "/posts/"
weight = 40

2
web/themes/PaperMod/layouts/partials/header.html
View File

@@ -100,9 +100,9 @@
{{- $separator := or $label_text (not site.Params.disableThemeToggle)}} {{- $separator := or $label_text (not site.Params.disableThemeToggle)}}
{{- with site.Home.AllTranslations }} {{- with site.Home.AllTranslations }}
<ul class="lang-switch"> <ul class="lang-switch">
{{- if $separator }}<li>|</li>{{ end }}
{{- range . -}} {{- range . -}}
{{- if ne $lang .Lang }} {{- if ne $lang .Lang }}
{{- if $separator }}<li>|</li>{{ end }}
<li> <li>
<a href="{{- .Permalink -}}" title="{{ .Language.Params.languageAltTitle | default (.Language.LanguageName | emojify) | default (.Lang | title) }}" <a href="{{- .Permalink -}}" title="{{ .Language.Params.languageAltTitle | default (.Language.LanguageName | emojify) | default (.Lang | title) }}"
aria-label="{{ .Language.LanguageName | default (.Lang | title) }}"> aria-label="{{ .Language.LanguageName | default (.Lang | title) }}">

2
web/themes/PaperMod/layouts/partials/post_meta.html
View File

@@ -17,5 +17,5 @@
{{- end }} {{- end }}
{{- with ($scratch.Get "meta") }} {{- with ($scratch.Get "meta") }}
{{- delimit . "&nbsp;·&nbsp;" | safeHTML -}} {{- delimit . "&nbsp;·&nbsp;" -}}
{{- end -}} {{- end -}}