rarias/jungle
2
0
Fork 3
Code Issues 57 Pull Requests 7 Actions Packages Projects Releases Wiki Activity

Add apex machine configuration #131

Manually merged
rarias merged 13 commits from apex into master 2025-07-15 11:40:32 +02:00
Conversation 3 Commits 13 Files Changed 28 +208 -278

13 Commits

Author SHA1 Message Date
Rodrigo Arias Mallo
9e83565977 Remove extra flush commands on firewall stop 
They are not needed as they are already flushed when the firewall
starts or stops.

Reviewed-by: Aleix Boné <abonerib@bsc.es>
 2025-07-15 11:18:45 +02:00
Rodrigo Arias Mallo
ce2cda1c41 Prevent accidental use of nftables 
Reviewed-by: Aleix Boné <abonerib@bsc.es>
 2025-07-15 11:18:42 +02:00
Rodrigo Arias Mallo
e6aef2cbd0 Add proxy configuration for internal hosts 
Access internal hosts via apex proxy. From the compute nodes we first
open an SSH connection to apex, and then tunnel it through the HTTP
proxy with netcat.

This way we allow reaching internal GitLab repositories without
requiring the user to have credentials in the remote host, while we can
use multiple remotes to provide redundancy.

Reviewed-by: Aleix Boné <abonerib@bsc.es>
 2025-07-15 11:18:36 +02:00
Rodrigo Arias Mallo
b7603053fa Remove unused blackbox configuration modules 
Reviewed-by: Aleix Boné <abonerib@bsc.es>
 2025-07-15 11:18:30 +02:00
Rodrigo Arias Mallo
3ca55acfdf Use IPv4 in blackbox probes 
Otherwise they simply fail as IPv6 doesn't work.

Reviewed-by: Aleix Boné <abonerib@bsc.es>
 2025-07-15 11:18:26 +02:00
Rodrigo Arias Mallo
e505a952af Make NFS mount async to improve latency 
Don't wait to flush writes, as we don't care about consistency on a
crash:

> This option allows the NFS server to violate the NFS protocol and
> reply to requests before any changes made by that request have been
> committed to stable storage (e.g. disc drive).
>
> Using this option usually improves performance, but at the cost that
> an unclean server restart (i.e. a crash) can cause data to be lost or
> corrupted.

Reviewed-by: Aleix Boné <abonerib@bsc.es>
 2025-07-15 11:18:20 +02:00
Rodrigo Arias Mallo
3ad9452637 Disable root_squash from NFS 
Allows root to read files in the NFS export, so we can directly run
`nixos-rebuild switch` from /home.

Reviewed-by: Aleix Boné <abonerib@bsc.es>
 2025-07-15 11:18:16 +02:00
Rodrigo Arias Mallo
fdd21d0dd0 Remove SSH proxy to access BSC clusters 
We now have direct connection to them.

Reviewed-by: Aleix Boné <abonerib@bsc.es>
 2025-07-15 11:18:13 +02:00
Rodrigo Arias Mallo
c40871bbfe Add users to apex machine 
They need to be able to login to apex to access any other machine from
the SSF rack.

Reviewed-by: Aleix Boné <abonerib@bsc.es>
 2025-07-15 11:18:09 +02:00
Rodrigo Arias Mallo
e8f5ce735e Remove proxy from hut HTTP probes 
Reviewed-by: Aleix Boné <abonerib@bsc.es>
 2025-07-15 11:18:04 +02:00
Rodrigo Arias Mallo
4a25056897 Remove proxy configuration from environment 
All machines have now direct connection with the outside world.

Reviewed-by: Aleix Boné <abonerib@bsc.es>
 2025-07-15 11:18:00 +02:00
Rodrigo Arias Mallo
89e0c0df28 Add storcli utility to apex 
Reviewed-by: Aleix Boné <abonerib@bsc.es>
 2025-07-15 11:17:57 +02:00
Rodrigo Arias Mallo
1b731a756a Add new configuration for apex 
Reviewed-by: Aleix Boné <abonerib@bsc.es>
 2025-07-15 11:17:43 +02:00