diff --git a/.github/workflows/trivyscan.yml b/.github/workflows/trivyscan.yml index 1898d8558..df449451b 100644 --- a/.github/workflows/trivyscan.yml +++ b/.github/workflows/trivyscan.yml @@ -102,7 +102,7 @@ jobs: run: sudo guestmount -a /mnt/images/${{ steps.manifest.outputs.image-name }}.qcow2 -i --ro -o allow_other './${{ steps.manifest.outputs.image-name }}' - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@v0.33.1 + uses: aquasecurity/trivy-action@0.33.1 with: scan-type: fs scan-ref: "${{ steps.manifest.outputs.image-name }}" @@ -122,7 +122,7 @@ jobs: category: "${{ matrix.build }}" - name: Fail if scan has CRITICAL vulnerabilities - uses: aquasecurity/trivy-action@v0.33.1 + uses: aquasecurity/trivy-action@0.33.1 with: scan-type: fs scan-ref: "${{ steps.manifest.outputs.image-name }}" diff --git a/ansible/roles/compute_init/files/compute-init.yml b/ansible/roles/compute_init/files/compute-init.yml index 81dedf8fb..4d8c26072 100644 --- a/ansible/roles/compute_init/files/compute-init.yml +++ b/ansible/roles/compute_init/files/compute-init.yml @@ -277,22 +277,11 @@ name: basic_users when: enable_basic_users - - name: EESSI - when: enable_eessi # NB: don't need conditional block on enable_compute as have already exited # if not the case - block: - - name: Copy cvmfs config - ansible.builtin.copy: - src: /var/tmp/cluster/cvmfs/default.local - dest: /etc/cvmfs/default.local - owner: root - group: root - mode: "0644" - - - name: Ensure CVMFS config is setup # noqa: no-changed-when - ansible.builtin.command: - cmd: "cvmfs_config setup" + - name: Configure EESSI + ansible.builtin.include_tasks: tasks/eessi.yml + when: enable_eessi - name: Configure VGPUs ansible.builtin.include_role: diff --git a/ansible/roles/compute_init/tasks/install.yml b/ansible/roles/compute_init/tasks/install.yml index f7ee87645..b239877b1 100644 --- a/ansible/roles/compute_init/tasks/install.yml +++ b/ansible/roles/compute_init/tasks/install.yml @@ -54,6 +54,8 @@ dest: roles/ - src: ../../nhc dest: roles/ + - src: ../../eessi/tasks/configure.yml + dest: tasks/eessi.yml - name: Add filter_plugins to ansible.cfg ansible.builtin.lineinfile: diff --git a/ansible/roles/eessi/tasks/configure.yml b/ansible/roles/eessi/tasks/configure.yml index 2c765d20c..c5949ba76 100644 --- a/ansible/roles/eessi/tasks/configure.yml +++ b/ansible/roles/eessi/tasks/configure.yml @@ -15,3 +15,20 @@ - name: Ensure CVMFS config is setup # noqa: no-changed-when ansible.builtin.command: cmd: "cvmfs_config setup" + +# configure gpus +- name: Check for NVIDIA GPU + ansible.builtin.stat: + path: /dev/nvidia0 + register: nvidia_driver + +- name: Set fact if NVIDIA GPU is present + ansible.builtin.set_fact: + has_nvidia_driver: "{{ nvidia_driver.stat.exists | default(false) }}" + +- name: Expose GPU drivers + ansible.builtin.shell: | + source /cvmfs/software.eessi.io/versions/2023.06/init/bash + /cvmfs/software.eessi.io/versions/2023.06/scripts/gpu_support/nvidia/link_nvidia_host_libraries.sh + when: has_nvidia_driver + changed_when: true diff --git a/environments/.stackhpc/tofu/cluster_image.auto.tfvars.json b/environments/.stackhpc/tofu/cluster_image.auto.tfvars.json index 0be7322ec..eafd506ea 100644 --- a/environments/.stackhpc/tofu/cluster_image.auto.tfvars.json +++ b/environments/.stackhpc/tofu/cluster_image.auto.tfvars.json @@ -1,6 +1,6 @@ { "cluster_image": { - "RL8": "openhpc-RL8-251027-1123-d389c00b", - "RL9": "openhpc-RL9-251027-1123-d389c00b" + "RL8": "openhpc-RL8-251112-1307-e34d64c4", + "RL9": "openhpc-RL9-251112-1307-e34d64c4" } }