blog [AdminSysGNULinux]

blog

Table des matières

4 billet(s) pour janvier 2026

2026:
- janvier

2025:
- mars
- avril
- mai
- juin
- juillet
- août
- septembre
- octobre
- novembre
- décembre

4 billet(s) pour janvier 2026

AWX sur K8S Kind - partage de fichier pour les blob - Execution pods	2026/01/26 10:15	Jean-Baptiste
Notes rsh rcp	2026/01/21 18:08	Jean-Baptiste
Git - Duplication d'un dépôt	2026/01/19 10:22	Jean-Baptiste
Exemple simple de conf Nagios	2026/01/14 10:07	Jean-Baptiste

Notes ordonnanceur cluster grid batch scheduler slurm

Slurm

Liens :

API

http://slurm.schedmd.com/slurm_ug_2012/pyslurm.pdf

Voir aussi :

https://aws.amazon.com/fr/batch/use-cases

A faire

MPI with Slurm

Install

Slurm utilisant par défaut munge pour faire le lien entre les comptes des machines il faut que toutes les machines aient l'horloge synchronisées

Manager :

apt-get install slurm-wlm

Nœuds :

apt-get install -y slurmd slurm-wlm-basic-plugins

Manager et Nœuds

systemctl enable munge.service

zcat /usr/share/doc/slurm-client/examples/slurm.conf.simple.gz > /etc/slurm-llnl/slurm.conf

Il faut adapter slurm.conf, il peut-être généré à partir de :

/usr/share/doc/slurmctld/slurm-wlm-configurator.easy.html
/usr/share/doc/slurmctld/slurm-wlm-configurator.html
https://computing.llnl.gov/linux/slurm/configurator.html

On copie le même fichier de conf sur les nœuds (le même fichier sur le manager que sur les nœuds)

scp -3 vmdeb1:/etc/slurm-llnl/slurm.conf vmdeb2:/etc/slurm-llnl/slurm.conf 
scp -3 vmdeb1:/etc/munge/munge.key vmdeb2:/etc/munge/munge.key

Lister les “daemons” démarrés

scontrol show daemons

Sur le maître (ControlMachine) : slurmctld slurmd
Sur les nœuds : slurmd

/etc/slurm-llnl/slurm.conf

# slurm.conf file generated by configurator easy.html.
# Put this file on all nodes of your cluster.
# See the slurm.conf man page for more information.
#
ControlMachine=vmdeb1
#ControlAddr=127.0.0.1
#
#MailProg=/bin/mail
#MpiDefault=none
MpiDefault=openmpi
MpiParams=ports=12000-12999
#MpiParams=ports=#-#
#ProctrackType=proctrack/pgid
Proctracktype=proctrack/linuxproc
SlurmctldPidFile=/var/run/slurm-llnl/slurmctld.pid
#SlurmctldPort=6817
SlurmdPidFile=/var/run/slurm-llnl/slurmd.pid
#SlurmdPort=6818
SlurmdSpoolDir=/var/lib/slurm-llnl/slurmd
SlurmUser=slurm
#SlurmdUser=root
 
#UsePAM=1
DisableRootJobs=YES
EnforcePartLimits=YES
JobRequeue=0
ReturnToService=1
#TopologyPlugin=topology/tree
 
# Must be writable by user SlurmUser. The file must be accessible by the primary and backup control machines.
# On NFS share !? See http://manx.classiccmp.org/mirror/techpubs.sgi.com/library/manuals/5000/007-5814-001/pdf/007-5814-001.pdf
StateSaveLocation=/var/lib/slurm-llnl/slurmctld
 
SwitchType=switch/none
#TaskPlugin=task/none
#TaskPlugin=task/cgroup
TaskPlugin=task/affinity
 
#
#
# TIMERS
#KillWait=30
#MinJobAge=300
#SlurmctldTimeout=120
#SlurmdTimeout=300
 
Waittime=0
#
#
# SCHEDULING
FastSchedule=1
SchedulerType=sched/backfill
#SchedulerPort=7321
SelectType=select/linear
#
#
# LOGGING AND ACCOUNTING
ClusterName=cluster1
#JobAcctGatherFrequency=30
JobAcctGatherType=jobacct_gather/linux
#SlurmctldDebug=3
SlurmctldLogFile=/var/log/slurm-llnl/slurmctld.log                          
#SlurmdDebug=3
SlurmdLogFile=/var/log/slurm-llnl/slurmd.log
SlurmSchedLogFile=/var/log/slurm-llnl/slurmSched.log
 
#JobCompType=jobcomp/filetxt
#JobCompType=jobcomp/mysql
JobCompType=jobcomp/none
JobCompLoc=/var/log/slurm-llnl/jobcomp
#JobCheckpointDir=/var/lib/slurm-llnl/checkpoint
#AccountingStorageType=jobacct_gather/linux
#AccountingStorageType=accounting_storage/filetxt
AccountingStorageType=accounting_storage/slurmdbd
AccountingStoreJobComment=YES
DefaultStorageType=accounting_storage/slurmdbd
#AccountingStorageLoc=/var/log/slurm-llnl/accounting
AccountingStoragePort=6819
AccountingStorageEnforce=associations
#
#
NodeName=vmdeb1
 
# COMPUTE NODES
NodeName=DEFAULT
PartitionName=DEFAULT MaxTime=INFINITE State=UP
 
NodeName=vmdeb2 CPUs=1 RealMemory=494 State=UNKNOWN
NodeName=vmdeb3 CPUs=2 RealMemory=494 TmpDisk=8000 State=UNKNOWN
PartitionName=debug Nodes=vmdeb[2-3] Default=YES MaxTime=INFINITE  Shared=YES State=UP

Install de slurmdbd

Il est recommandé d'utiliser MySQL (pas toutes les fonctionnalité avec PostgreSQL, dommage)

Ici on part du principe que vous avez déjà une base de donnés MySQL et compte et droits crée.

apt-get install slurmdbd
zcat /usr/share/doc/slurmdbd/examples/slurmdbd.conf.simple.gz > /etc/slurm-llnl/slurmdbd.conf

On adapte le fichier slurmdbd.conf Puis

service slurmdbd restart

On test

sacct
       JobID    JobName  Partition    Account  AllocCPUS      State ExitCode 
------------ ---------- ---------- ---------- ---------- ---------- --------

Pb

munge -n | ssh vmdeb1  unmunge

STATUS:           Expired credential (15)

Solution :

ntpdate -u pool.ntp.org

sudo -u slurm -- /usr/sbin/slurmctld -Dcvvvv
/usr/sbin/slurmd    -Dcvvvv

-c : Clear : Efface l'etat précedent, purge les jobs...
-D : Deamon : Lancement en arrière plan. Logs sur STDOUT
-v : Verbose : Mode bavare. Mettre plusieurs "v" pour être très bavare

slurmd -C
Affiche la configuration de l'hôte courant 


Aide 

Le **man**
et 
commande --help
commande --usage

Variables :
SQUEUE_STATES=all for the squeue command to display jobs in any state. (y compris les job en COMPLETED et CANCELLED)

Commande : 
sbatch
salloc
srun
sattach

srun -l --ntasks-per-core=1 --exclusive -n 2 hostname
sinfo --Node
scontrol show partition
scancel --user=test --state=pending
scontrol show config
scontrol show job
scancel -i --user=test

# The Slurm -d singleton argument tells Slurm not to dispatch this job until all previous jobs with the same name have completed.

sbatch -d singleton simple.sh

scontrol ping
sinfo -R

# Afficher egalement les jobs terminés
squeue -t all

#A/I/O/T = "active(in use)/idle/other/total" 
sinfo -l

# 
sinfo -Nle -o '%n %C %t'

Astuce

Lancer une commande srun sans attendre

Normalement

$ srun -N2 -l hostname
srun: job 219 queued and waiting for resources

Solution (compte root ou le “SlurmUser”)

# sinfo --noheader -o %N
vmdeb[2-3]

# srun -N2 --no-allocate -w vmdeb[2-3] hostname

Cancel / terminate a job in “CG” state

scontrol update nodename=node4-blender state=down reason=hung
scontrol update nodename=node4-blender state=idle

Il faudra aussi tuer le processus 'slurmstepd' sur les nœuds
Problème de flux réseaux : Node ⇒ Manager:TCP6817

</code → “srun: error: Application launch failed: User not found on host” </code>

Solution : Il faut que le même utilisateur ai le même UID sur les nœuds ainsi que sur le manager. Apparemment c'est lié à munge Il peut être intéressant d'utiliser LDAP

2025/03/24 15:06

brouillon, cluster, grid, ressource

Notes Optique Image OCR

Voir :

Images de synthèse

Voir :

https://fr.wikipedia.org/wiki/Bruit_de_Perlin

2025/03/24 15:06

brouillon

Notes OpenVPN

Voir aussi :

Voir Fail over

Sécurité :

https://blog.g3rt.nl/openvpn-security-tips.html

Autre :

IP fixes

http://safesrv.net/simple-guide-to-assign-openvpn-users-static-ips/

OpenVPN + Fail2ban :

http://blog.cybermonde.org/post/2015/02/23/pr%C3%A9venir-les-intrusions

Conf

Sur le serveur

zcat /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz > /etc/openvpn/server.conf

Sur un client

cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf /etc/openvpn/

/etc/openvpn/server.conf

port 1194

;proto tcp
proto udp

dev tun

ca ca.crt
cert server.crt
key server.key

dh dh1024.pem

tls-auth ta.key 0 # Zero sur le serveur

server 10.8.0.0 255.255.255.0

user nobody
group nogroup

# Pour que les clients puisse communiquer entre eux
client-to-client

;ifconfig-pool-persist ipp.txt
ifconfig-pool-persist ipp.txt 0

# Pour les certificat révoqués
crl-verify crl.pem

# Interface admin 'telnet localhost 5001'
management localhost 5001

# Pour supervision (Munin)
status /var/log/openvpn.status
status-version 1

Le fichier ta.key devra être présent sur le serveur ainsi que sur l'ensemble des clients

openvpn --genkey --secret /etc/openvpn/ta.key
chmod 600 /etc/openvpn/ta.key

/etc/openvpn/client.conf

dev tun

remote vpn.acme.fr 1194

resolv-retry infinite
nobind

persist-key
persist-tun

comp-lzo

# Serveur proxy
;http-proxy 1.1.1.1 8080

;proto tcp
proto udp

ca ca.crt
cert client.crt
key client.key

tls-auth ta.key 1

remote-cert-tls server

user nobody
group nogroup

;log  /var/log/openvpn.log
;verb 3

ifconfig-pool-persist ipp.txt 0 permet de mettre des IP fixes aux clients, le fichier ipp.txt est en lecture seul pour OpenVPN, il faudra le mettre à jour à la main.

Pb / Bug ⇒ il arrive qu'il y ai un décalage de 2 numéro IP (ex 10.8.0.4 dans le fichier, 10.8.0.6 pour de vrai)

ipp.txt

portable,10.8.0.4

Déposer le fichier crl.pem (crash si fichier vide)

Voir Création du fichier crl.pem

Démarrer le VPN sur le client

Exemple

sudo openvpn --inactive 0 --config plop.ovpn

Si le serveur pousse des routes que nous ne souhaitons corriger

ip route del 0.0.0.0/1 via 10.81.234.1
ip route del 128.0.0.0/1
ip route add 10.0.0.0/8 via 10.81.234.1

Supervision avec Munin

Voir

/etc/munin/plugin-conf.d/munin-node

[openvpn]
user root
env.statusfile /var/log/openvpn-status.log

/etc/openvpn/server.conf

status /var/log/openvpn.status
status-version 1

Note OpenVPN to LAN gateway

https://community.openvpn.net/openvpn/wiki/RoutedLans http://blog.remibergsma.com/2013/01/13/howto-connect-to-hosts-on-a-remote-network-using-openvpn-and-some-routing/ http://15minutesoffame.be/nico/blog2/?article16/creer-un-serveur-openvpn

http://askubuntu.com/questions/462533/route-all-traffic-through-openvpn http://denisrosenkranz.com/tuto-pleins-de-trucs-pour-openvpn/

http://serverfault.com/questions/648118/openvpn-not-default-gateway-for-all-traffic/648689

VPN

ccd/jibe

ifconfig-push 10.9.0.12  10.9.0.13
push "route 10.8.0.0 255.255.0.0"

iptables -t nat -A POSTROUTING -s 10.9.0.0/24 -o eth0 -j MASQUERADE
 
echo 1 > /proc/sys/net/ipv4/ip_forward

Sortir tout le trafique via le VPN

Sur le serveur

/etc/openvpn/server.conf

push "redirect-gateway"

OpenVPN sur TCP443

https://doc.pfsense.org/index.php/Sharing_a_Port_with_OpenVPN_and_a_Web_Server

port-share x.x.x.x 443

Exemple de conf

login.conf

username
password

plop.ovpn

client
dev tun3
proto tcp
remote 176.126.237.217 80
remote euro217.vpnbook.com 80
resolv-retry infinite
nobind
persist-key
persist-tun


#auth-user-pass
auth-user-pass login.conf

comp-lzo
verb 3
cipher AES-128-CBC
fast-io
pull
route-delay 2
redirect-gateway

# auth SHA1

;http-proxy-retry
;http-proxy [proxy server] [proxy port]
<ca>
-----BEGIN CERTIFICATE-----
MIIDyzCCAzSgAwIBAgIJAKRtpjsIvek1MA0GCSqGSIb3DQEBBQUAMIGgMQswCQYD
VQQGEwJDSDEPMA0GA1UECBMGWnVyaWNoMQ8wDQYDVQQHEwZadXJpY2gxFDASBgNV
BAoTC3ZwbmJvb2suY29tMQswCQYDVQQLEwJJVDEUMBIGA1UEAxMLdnBuYm9vay5j
b20xFDASBgNVBCkTC3ZwbmJvb2suY29tMSAwHgYJKoZIhvcNAQkBFhFhZG1pbkB2
cG5ib29rLmNvbTAeFw0xMzA0MjQwNDA3NDhaFw0yMzA0MjIwNDA3NDhaMIGgMQsw
CQYDVQQGEwJDSDEPMA0GA1UECBMGWnVyaWNoMQ8wDQYDVQQHEwZadXJpY2gxFDAS
BgNVBAoTC3ZwbmJvb2suY29tMQswCQYDVQQLEwJJVDEUMBIGA1UEAxMLdnBuYm9v
ay5jb20xFDASBgNVBCkTC3ZwbmJvb2suY29tMSAwHgYJKoZIhvcNAQkBFhFhZG1p
bkB2cG5ib29rLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAyNwZEYs6
WN+j1zXYLEwiQMShc1mHmY9f9cx18hF/rENG+TBgaS5RVx9zU+7a9X1P3r2OyLXi
WzqvEMmZIEhij8MtCxbZGEEUHktkbZqLAryIo8ubUigqke25+QyVLDIBuqIXjpw3
hJQMXIgMic1u7TGsvgEUahU/5qbLIGPNDlUCAwEAAaOCAQkwggEFMB0GA1UdDgQW
BBRZ4KGhnll1W+K/KJVFl/C2+KM+JjCB1QYDVR0jBIHNMIHKgBRZ4KGhnll1W+K/
KJVFl/C2+KM+JqGBpqSBozCBoDELMAkGA1UEBhMCQ0gxDzANBgNVBAgTBlp1cmlj
aDEPMA0GA1UEBxMGWnVyaWNoMRQwEgYDVQQKEwt2cG5ib29rLmNvbTELMAkGA1UE
CxMCSVQxFDASBgNVBAMTC3ZwbmJvb2suY29tMRQwEgYDVQQpEwt2cG5ib29rLmNv
bTEgMB4GCSqGSIb3DQEJARYRYWRtaW5AdnBuYm9vay5jb22CCQCkbaY7CL3pNTAM
BgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAKaoCEWk2pitKjbhChjl1rLj
6FwAZ74bcX/YwXM4X4st6k2+Fgve3xzwUWTXinBIyz/WDapQmX8DHk1N3Y5FuRkv
wOgathAN44PrxLAI8kkxkngxby1xrG7LtMmpATxY7fYLOQ9yHge7RRZKDieJcX3j
+ogTneOl2w6P0xP6lyI6
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
MIID6DCCA1GgAwIBAgIBATANBgkqhkiG9w0BAQUFADCBoDELMAkGA1UEBhMCQ0gx
DzANBgNVBAgTBlp1cmljaDEPMA0GA1UEBxMGWnVyaWNoMRQwEgYDVQQKEwt2cG5i
b29rLmNvbTELMAkGA1UECxMCSVQxFDASBgNVBAMTC3ZwbmJvb2suY29tMRQwEgYD
VQQpEwt2cG5ib29rLmNvbTEgMB4GCSqGSIb3DQEJARYRYWRtaW5AdnBuYm9vay5j
b20wHhcNMTMwNTA2MDMyMTIxWhcNMjMwNTA0MDMyMTIxWjB4MQswCQYDVQQGEwJD
SDEPMA0GA1UECBMGWnVyaWNoMQ8wDQYDVQQHEwZadXJpY2gxFDASBgNVBAoTC3Zw
bmJvb2suY29tMQ8wDQYDVQQDEwZjbGllbnQxIDAeBgkqhkiG9w0BCQEWEWFkbWlu
QHZwbmJvb2suY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCkTM/8E+JH
CjskqMIwgYDrNCBTWZLa+qKkJjZ/rliJomTfVYwKwv1AHYYU6RHpCxS1qFp3BEKL
vQlASuzycSv1FGnNiLmg94fqzzWdmjs1XWosnLqbOwxx2Ye/1WoakSHia0pItoZk
xK7/fllm42+Qujri/ERGga5Cb/TfiP6pUQIDAQABo4IBVzCCAVMwCQYDVR0TBAIw
ADAtBglghkgBhvhCAQ0EIBYeRWFzeS1SU0EgR2VuZXJhdGVkIENlcnRpZmljYXRl
MB0GA1UdDgQWBBTDr4BCNSdOEh+Lx6+4RRK11x8XcDCB1QYDVR0jBIHNMIHKgBRZ
4KGhnll1W+K/KJVFl/C2+KM+JqGBpqSBozCBoDELMAkGA1UEBhMCQ0gxDzANBgNV
BAgTBlp1cmljaDEPMA0GA1UEBxMGWnVyaWNoMRQwEgYDVQQKEwt2cG5ib29rLmNv
bTELMAkGA1UECxMCSVQxFDASBgNVBAMTC3ZwbmJvb2suY29tMRQwEgYDVQQpEwt2
cG5ib29rLmNvbTEgMB4GCSqGSIb3DQEJARYRYWRtaW5AdnBuYm9vay5jb22CCQCk
baY7CL3pNTATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwDQYJKoZI
hvcNAQEFBQADgYEAoDgD8mpVPnHUh7RhQziwhp8APC8K3jToZ0Dv4MYXQnzyXziH
QbewJZABCcOKYS0VRB/6zYX/9dIBogA/ieLgLrXESIeOp1SfP3xt+gGXSiJaohyA
/NLsTi/Am8OP211IFLyDLvPqZuqlh/+/GOLcMCeCrMj4RYxWstNxtguGQFc=
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQCkTM/8E+JHCjskqMIwgYDrNCBTWZLa+qKkJjZ/rliJomTfVYwK
wv1AHYYU6RHpCxS1qFp3BEKLvQlASuzycSv1FGnNiLmg94fqzzWdmjs1XWosnLqb
Owxx2Ye/1WoakSHia0pItoZkxK7/fllm42+Qujri/ERGga5Cb/TfiP6pUQIDAQAB
AoGANX508WQf9nVUUFlJ8LUZnnr4U2sEr5uPPNbcQ7ImTZm8MiMOV6qo/ikesMw5
8qCS+5p26e1PJWRFENPUVhOW9c07z+nRMyHBQzFnNAFD7TiayjNk1gz1oIXarceR
edNGFDdWCwXh+nJJ6whbQn9ioyTg9aqScrcATmHQxTit0GECQQDR5FmwC7g0eGwZ
VHgSc/bZzo0q3VjNGakrA2zSXWUWrE0ybBm2wJNBYKAeskzWxoc6/gJa8mKEU+Vv
ugGb+J/tAkEAyGSEmWROUf4WX5DLl6nkjShdyv4LAQpByhiwLjmiZL7F4/irY4fo
ct2Ii5uMzwERRvHjJ7yzJJic8gkEca2adQJABxjZj4JV8DBCN3kLtlQFfMfnLhPd
9NFxTusGuvY9fM7GrXXKSMuqLwO9ZkxRHNIJsIz2N20Kt76+e1CmzUdS4QJAVvbQ
WKUgHBMRcI2s3PecuOmQspxG+D+UR3kpVBYs9F2aEZIEBuCfLuIW9Mcfd2I2NjyY
4NDSSYp1adAh/pdhVQJBANDrlnodYDu6A+a4YO9otjd+296/T8JpePI/KNxk7N0A
gm7SAhk379I6hr5NXdBbvTedlb1ULrhWV8lpwZ9HW2k=
-----END RSA PRIVATE KEY-----
</key>

id.conf

username
password

Conf PIA Private Internet Access

Source : https://helpdesk.privateinternetaccess.com/kb/articles/linux-setting-up-manual-openvpn-connection-through-the-terminal#anchor-2

new_zealand.ovpn

client
dev tun
proto udp
remote nz.privacy.network 1198
resolv-retry infinite
nobind
persist-key
persist-tun
cipher aes-128-cbc
auth sha1
tls-client
remote-cert-tls server
 
auth-user-pass
compress
verb 1
reneg-sec 0
<crl-verify>
-----BEGIN X509 CRL-----
MIICWDCCAUAwDQYJKoZIhvcNAQENBQAwgegxCzAJBgNVBAYTAlVTMQswCQYDVQQI
EwJDQTETMBEGA1UEBxMKTG9zQW5nZWxlczEgMB4GA1UEChMXUHJpdmF0ZSBJbnRl
cm5ldCBBY2Nlc3MxIDAeBgNVBAsTF1ByaXZhdGUgSW50ZXJuZXQgQWNjZXNzMSAw
HgYDVQQDExdQcml2YXRlIEludGVybmV0IEFjY2VzczEgMB4GA1UEKRMXUHJpdmF0
ZSBJbnRlcm5ldCBBY2Nlc3MxLzAtBgkqhkiG9w0BCQEWIHNlY3VyZUBwcml2YXRl
aW50ZXJuZXRhY2Nlc3MuY29tFw0xNjA3MDgxOTAwNDZaFw0zNjA3MDMxOTAwNDZa
MCYwEQIBARcMMTYwNzA4MTkwMDQ2MBECAQYXDDE2MDcwODE5MDA0NjANBgkqhkiG
9w0BAQ0FAAOCAQEAQZo9X97ci8EcPYu/uK2HB152OZbeZCINmYyluLDOdcSvg6B5
jI+ffKN3laDvczsG6CxmY3jNyc79XVpEYUnq4rT3FfveW1+Ralf+Vf38HdpwB8EW
B4hZlQ205+21CALLvZvR8HcPxC9KEnev1mU46wkTiov0EKc+EdRxkj5yMgv0V2Re
ze7AP+NQ9ykvDScH4eYCsmufNpIjBLhpLE2cuZZXBLcPhuRzVoU3l7A9lvzG9mjA
5YijHJGHNjlWFqyrn1CfYS6koa4TGEPngBoAziWRbDGdhEgJABHrpoaFYaL61zqy
MR6jC0K2ps9qyZAN74LEBedEfK7tBOzWMwr58A==
-----END X509 CRL-----
</crl-verify>
 
<ca>
-----BEGIN CERTIFICATE-----
MIIFqzCCBJOgAwIBAgIJAKZ7D5Yv87qDMA0GCSqGSIb3DQEBDQUAMIHoMQswCQYD
VQQGEwJVUzELMAkGA1UECBMCQ0ExEzARBgNVBAcTCkxvc0FuZ2VsZXMxIDAeBgNV
BAoTF1ByaXZhdGUgSW50ZXJuZXQgQWNjZXNzMSAwHgYDVQQLExdQcml2YXRlIElu
dGVybmV0IEFjY2VzczEgMB4GA1UEAxMXUHJpdmF0ZSBJbnRlcm5ldCBBY2Nlc3Mx
IDAeBgNVBCkTF1ByaXZhdGUgSW50ZXJuZXQgQWNjZXNzMS8wLQYJKoZIhvcNAQkB
FiBzZWN1cmVAcHJpdmF0ZWludGVybmV0YWNjZXNzLmNvbTAeFw0xNDA0MTcxNzM1
MThaFw0zNDA0MTIxNzM1MThaMIHoMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0Ex
EzARBgNVBAcTCkxvc0FuZ2VsZXMxIDAeBgNVBAoTF1ByaXZhdGUgSW50ZXJuZXQg
QWNjZXNzMSAwHgYDVQQLExdQcml2YXRlIEludGVybmV0IEFjY2VzczEgMB4GA1UE
AxMXUHJpdmF0ZSBJbnRlcm5ldCBBY2Nlc3MxIDAeBgNVBCkTF1ByaXZhdGUgSW50
ZXJuZXQgQWNjZXNzMS8wLQYJKoZIhvcNAQkBFiBzZWN1cmVAcHJpdmF0ZWludGVy
bmV0YWNjZXNzLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAPXD
L1L9tX6DGf36liA7UBTy5I869z0UVo3lImfOs/GSiFKPtInlesP65577nd7UNzzX
lH/P/CnFPdBWlLp5ze3HRBCc/Avgr5CdMRkEsySL5GHBZsx6w2cayQ2EcRhVTwWp
cdldeNO+pPr9rIgPrtXqT4SWViTQRBeGM8CDxAyTopTsobjSiYZCF9Ta1gunl0G/
8Vfp+SXfYCC+ZzWvP+L1pFhPRqzQQ8k+wMZIovObK1s+nlwPaLyayzw9a8sUnvWB
/5rGPdIYnQWPgoNlLN9HpSmsAcw2z8DXI9pIxbr74cb3/HSfuYGOLkRqrOk6h4RC
OfuWoTrZup1uEOn+fw8CAwEAAaOCAVQwggFQMB0GA1UdDgQWBBQv63nQ/pJAt5tL
y8VJcbHe22ZOsjCCAR8GA1UdIwSCARYwggESgBQv63nQ/pJAt5tLy8VJcbHe22ZO
sqGB7qSB6zCB6DELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRMwEQYDVQQHEwpM
b3NBbmdlbGVzMSAwHgYDVQQKExdQcml2YXRlIEludGVybmV0IEFjY2VzczEgMB4G
A1UECxMXUHJpdmF0ZSBJbnRlcm5ldCBBY2Nlc3MxIDAeBgNVBAMTF1ByaXZhdGUg
SW50ZXJuZXQgQWNjZXNzMSAwHgYDVQQpExdQcml2YXRlIEludGVybmV0IEFjY2Vz
czEvMC0GCSqGSIb3DQEJARYgc2VjdXJlQHByaXZhdGVpbnRlcm5ldGFjY2Vzcy5j
b22CCQCmew+WL/O6gzAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBDQUAA4IBAQAn
a5PgrtxfwTumD4+3/SYvwoD66cB8IcK//h1mCzAduU8KgUXocLx7QgJWo9lnZ8xU
ryXvWab2usg4fqk7FPi00bED4f4qVQFVfGfPZIH9QQ7/48bPM9RyfzImZWUCenK3
7pdw4Bvgoys2rHLHbGen7f28knT2j/cbMxd78tQc20TIObGjo8+ISTRclSTRBtyC
GohseKYpTS9himFERpUgNtefvYHbn70mIOzfOJFTVqfrptf9jXa9N8Mpy3ayfodz
1wiqdteqFXkTYoSDctgKMiZ6GdocK9nMroQipIQtpnwd4yBDWIyC6Bvlkrq5TQUt
YDQ8z9v+DMO6iwyIDRiU
-----END CERTIFICATE-----
</ca>
 
disable-occ

2025/03/24 15:06

brouillon

Notes OpenStack

Brouillon

Voir :

OpenStack

Voir aussi :

OpenNebula
CloudStack

Devstack

Pré-requis :

8Go RAM
2 Cores
1 NIC

Voir : https://wescale.developpez.com/tutoriels/apprendre-openstack-les-bases/

Install : https://github.com/rdoxenham/openstack-training/blob/master/labs/openstack-summit.md

Ubuntu LTS

export NO_PROXY=localhost,127.0.0.1,192.168.56.22
# export http_proxy=http://127.0.0.1:3128
# export https_proxy=http://127.0.0.1:3128
export ALL_PROXY=http://127.0.0.1:3128
 
git config --global http.proxy http://192.168.56.1:3128
git clone https://git.openstack.org/openstack-dev/devstack

cp -p ./samples/local.conf .

./stack.sh:751:git_clone
/opt/stack/devstack/functions-common:537:git_timed
/opt/stack/devstack/functions-common:601:die
[ERROR] /opt/stack/devstack/functions-common:601 git call failed: [git clone git://git.openstack.org/openstack/requirements.git /opt/stack/requirements --branch master]
Error on exit

git config --global url."https://".insteadOf git://

local.conf

ADMIN_PASSWORD=secret
DATABASE_PASSWORD=$ADMIN_PASSWORD
RABBIT_PASSWORD=$ADMIN_PASSWORD
SERVICE_PASSWORD=$ADMIN_PASSWORD
 
IPV4_ADDRS_SAFE_TO_USE=192.168.56.0/24
HOST_IP=192.168.56.22
 
LOGDAYS=1
LOGFILE=$DEST/logs/stack.sh.log
 
RECLONE=yes
PIP_UPGRADE=True
#IP_VERSION=4+6
IP_VERSION=4
DEFAULT_INSTANCE_TYPE=m1.tiny

journalctl --unit devstack@*

apt-get update && apt-get upgrade
apt-get install git
 
adduser stack
 
echo "stack ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers.d/stack
 
su - stack
export http_proxy=http://192.168.56.1:3128
export https_proxy=http://192.168.56.1:3128
git clone https://git.openstack.org/openstack-dev/devstack
 
cd devstack/samples
cp local.conf ..
cd ..

local.conf

HOST_IP=192.168.56.101
FLOATING_RANGE=192.168.56.224/27

./stack.sh

timeout -s SIGINT 0 git clone git://git.openstack.org/openstack/keystone.git /opt/stack/keystone --branch master
openstack --os-cloud=devstack-admin --os-region-name=RegionOne image create cirros-0.3.5-x86_64-disk --public --container-format=bare --disk-format qcow2

Voir :

local.conf

[[local|localrc]]
ADMIN_PASSWORD=secret
DATABASE_PASSWORD=$ADMIN_PASSWORD
RABBIT_PASSWORD=$ADMIN_PASSWORD
SERVICE_PASSWORD=$ADMIN_PASSWORD
HOST_IP=10.245.108.3
LOGFILE=$DEST/logs/stack.sh.log
LOGDAYS=2
SWIFT_HASH=66a3d6b56c1f479c8b4e70ab5c2000f5
SWIFT_REPLICAS=1
SWIFT_DATA_DIR=$DEST/data

sudo su - stack
cd devstack
source openrc
export OS_USERNAME=admin
 
#export OS_PASSWORD=secret
#export OS_PROJECT_NAME=admin
#export OS_USER_DOMAIN_ID=default
#export OS_PROJECT_DOMAIN_ID=default
#export OS_IDENTITY_API_VERSION=3
#export OS_AUTH_URL=http://localhost:5000/v3
openstack user list
 
openstack image list
 
nova service-list
 
 
nova list
openstack server list
 
cinder list
sudo journalctl -f --unit devstack@*
 
#nova show 936ea954-b91f-4490-bbc6-f36c22f27db1
openstack server show 416b59a7-aede-4c9b-94cf-ad37d2bd3e6e -f shell

Error: Failed to perform requested operation on instance "plop", the instance has an error status: Please try again later [Error: No valid host was found. There are not enough hosts available.]. 
No valid host was found. There are not enough hosts available.

# export http_proxy=http://127.0.0.1:3128
# export https_proxy=http://127.0.0.1:3128
export ALL_PROXY=http://127.0.0.1:3128
export NO_PROXY=localhost,127.0.0.1,10.245.108.3,192.168.122.0/24

VirtIO

glance image-update \
       --property hw_scsi_model=virtio-scsi \
       [image]
 
hw_disk_bus_model=virtio-scsi
hw_scsi_model=virtio-scsi
hw_disk_bus=scsi

/etc/keystone/keystone.conf

[token]
expiration = 36000

/opt/stack/horizon/openstack_dashboard/local/local_settings.py

SESSION_TIMEOUT=36000

systemctl restart devstack@keystone.service
systemctl restart apache2

~/devstack/stackrc

if ! isset ENABLED_SERVICES ; then
    # Keystone - nothing works without keystone
    ENABLED_SERVICES=key
    # Nova - services to support libvirt based openstack clouds
    ENABLED_SERVICES+=,n-api,n-cpu,n-cond,n-sch,n-novnc,n-cauth,n-api-meta
    # Placement service needed for Nova
    ENABLED_SERVICES+=,placement-api,placement-client
    # Glance services needed for Nova
    ENABLED_SERVICES+=,g-api,g-reg
    # Cinder
    ENABLED_SERVICES+=,c-sch,c-api,c-vol
    # Neutron
    ENABLED_SERVICES+=,q-svc,q-dhcp,q-meta,q-agt,q-l3
    # Dashboard
    ENABLED_SERVICES+=,horizon
    # Additional services
    ENABLED_SERVICES+=,rabbit,tempest,mysql,etcd3,dstat
    # PERSO
    ENABLED_SERVICES+=,n-sproxy
fi

Diag

RabbitMQ

sudo rabbitmqctl list_queues

Supervision

OpenStack supervision - Diag

db ok ?
ping openstack cli
rabbitmq ?
port listen : 5000/tcp

2025/03/24 15:06

brouillon

Boot KO - Dracut - LVM

If the lvm lvs doesn't show any vol group then run as,

# List volume groups
lvm lvs
 
# Activate the volume groups
lvm vgchange -ay
 
# Continue to boot
exit
 
# If this also does not work then run
mv /etc/lvm/lvm.conf /tmp/
cat /proc/partitions
cat /proc/scsi/scsi
cat /proc/cmdline
ls /sys/module/

Pb mode single KO, fichier /dev/mapper manquant

Erratum A la place de passer init=/bin/bash au kernel il faut lui passer 1 ou single

Un défaut empêche le boot en mode single nécessaire pour certaines opérations de maintenance En dehors du LV racine et la LV du swap aucun LV n’est monté. Les block devices sont absents dans /dev/

Voici comment y remédier

# lvs
  LV           VG      Attr       LSize   Pool Origin Data%  Meta%  Move Log Cpy%Sync Convert
  temlv        toolsvg -wi-------   2.00g
  toolsadminlv toolsvg -wi-------   1.00g
  homelv       vg00    -wi------- 512.00m
  optlv        vg00    -wi------- 128.00m
  rootlv       vg00    -wi-ao----   2.00g
  swaplv       vg00    -wi-ao----   2.00g
  tmplv        vg00    -wi-------   1.00g
  usrlv        vg00    -wi-------   3.00g
  varlv        vg00    -wi-------   3.00g

Pour activer tous les LV

vgchange -a y

Nous constatons des absents :

# ls -1 /dev/mapper/
control
vg00-rootlv
vg00-swaplv

Pour monter /usr (Est-ce nécessaire ?)

mknod /dev/mapper/vg00-usrlv block 253 6
mount /dev/mapper/vg00-usrlv /usr

Pour générer de nouveau l’initramfs :

dracut -f -v

Puis

touch /.autorelabel
/sbin/reboot -f

2025/03/24 15:06

brouillon, boot, lvm

<< Billets récents | Anciens billets >>

blog.txt · Dernière modification : 2025/03/24 15:06 de 127.0.0.1

Table des matières

4 billet(s) pour janvier 2026

Notes ordonnanceur cluster grid batch scheduler slurm

Slurm

A faire

Install

Install de slurmdbd

Pb

Astuce

Lancer une commande **srun** sans attendre

Notes Optique Image OCR

Images de synthèse

Notes OpenVPN

Conf

Démarrer le VPN sur le client

Supervision avec Munin

Note OpenVPN to LAN gateway

VPN

Sortir tout le trafique via le VPN

OpenVPN sur TCP443

Exemple de conf

Notes OpenStack

Diag

Supervision

Boot KO - Dracut - LVM

Pb mode single KO, fichier /dev/mapper manquant

Lancer une commande srun sans attendre