Input Parameters for Local Repositories

The local_repo.yml playbook is dependent on the inputs provided to the following input files:

• /opt/omnia/input/project_default/software_config.json

• /opt/omnia/input/project_default/local_repo_config.yml

• /opt/omnia/input/project_default/additional_packages.json

/opt/omnia/input/project_default/software_config.json

Based on the inputs provided to the /opt/omnia/input/project_default/software_config.json, the software packages/images are accessed from the Pulp container and the desired software stack is deployed on the cluster nodes.

Note

• To download a software with both x86_64 and aarch64 architectures, the arch key input is mandatory. Ensure that you check if the .json files for all the specified architectures are available in the input or configuration file. Else, update the .json files.

• For additional_software support, update the input/config/{arch}/rhel/10.0/additional_packages.json file with the required {arch} data, where {arch} can either be x86_64 or aarch64, or a combination of both.

Parameters for Software Configuration

Parameter	Mandatory/Optional	Details
cluster_os_type	Mandatory	Type: string Specify the operating system running on the OIM and the one to be provisioned on the compute nodes. Accepted value: rhel
cluster_os_version	Mandatory	Type: string The OS Version that will be provisioned on compute nodes. Accepted value: 10.0.
repo_config	Mandatory	Type: string Omnia sets up a local Pulp repository on the OIM and downloads all the necessary packages or images for the cluster into this repository. The behavior of the Pulp container varies depending on the value of the repo_config parameter. In case of always, packages are downloaded and cached on OIM during local_repo.yml execution; compute nodes get the packages from OIM. Caching these packages allows them to be reused in future operations without needing to download them again. In case of partial, packages are not pre-downloaded or cached. OIM downloads from upstream URLs when needed. Accepted value: always, partial Default value: always Note The following packages will always be downloaded from the local Pulp repository, regardless of the value of repo_config: ISOs pip modules manifests tarballs container images
softwares	Mandatory	Type: JSON list A JSON list of required software with the software version (optional) and architecture type aarch64, x86_64 or both. This field is mandatory. The following software should be listed with a version in the list: OpenLDAP, NFS, Slurm, service_k8s, utils, ucx, openmpi. A minimum of one software should be provided in the list for local_repo.yml to execute correctly. The software_config.json will have the basic softwares present in it. To install additional software stacks, update the additional_packages.json available at /opt/omnia/input/project_default/ and add the following entry to the JSON list: {"name": "additional_packages", "arch": ["x86_64, "aarch64"]}. To install debug pakages on the cluster nodes, add the following entry to the JSON list: {"name": "admin_debug_packages", "arch": ["x86_64, "aarch64"]}. For the list of all applicable softwares based on your <cluster_os_type>, see the templates at examples/template_<os>_software_config.json. For example, /omnia/examples/rhel_software_config.json Note The accepted names for software are taken from /opt/omnia/input/project_default/config/<architecture>/<cluster_os_type>/<cluster_os_version>.
slurm_custom	Mandatory	Specify the functional roles of the Slurm nodes, login and login compiler on which basic software packages must be deployed.
service_k8s	Mandatory	Specify the functional roles of the Service Kubernetes Cluster nodes on which basic software packages must be deployed.
additional_packages	Optional	Specify the functional roles of the cluster nodes on which additional software packages must be deployed.

The following is the sample software_config.json file:

{
"cluster_os_type": "rhel",
"cluster_os_version": "10.0",
"repo_config": "always",
"softwares": [
    {"name": "default_packages", "arch": ["x86_64","aarch64"]},
    {"name": "admin_debug_packages", "arch": ["x86_64","aarch64"]},
    {"name": "openldap", "arch": ["x86_64"]},
    {"name": "nfs", "arch": ["x86_64","aarch64"]},
    {"name": "service_k8s","version": "1.31.4", "arch": ["x86_64"]},
    {"name": "slurm_custom", "arch": ["x86_64","aarch64"]},
    {"name": "additional_packages", "arch": ["x86_64","aarch64"]}
],
"slurm_custom": [
    {"name": "slurm_control_node"},
    {"name": "slurm_node"},
    {"name": "login_node"},
    {"name": "login_compiler_node"}
],
"service_k8s": [
    {"name": "service_kube_control_plane_first"},
    {"name": "service_kube_control_plane"},
    {"name": "service_kube_node"}
]
"additional_packages": [
    {"name": "slurm_control_node"},
    {"name": "slurm_node"},
    {"name": "login_node"},
    {"name": "login_compiler_node"},
    {"name": "service_kube_control_plane_first"},
    {"name": "service_kube_control_plane"},
    {"name": "service_kube_node"}
]
}

For a list of packages included in admin_debug_packages, see Default Admin Debug Packages.

To deploy additional software packages on the cluster nodes, update the additional_packages.json available at /opt/omnia/input/project_default/. For detailed steps on how to deploy additional packages, see Deploy Additional Packages.

Additional software packages

Parameter	Details	Supported Package Type
additional_packages	Type: string Provide the name of the additional software packages to be available on all cluster nodes.	rpm: requires repo_name image: requires tag or digest
service_kube_control_plane	Type: string Provide the name of the additional software packages to be available on all Kubernetes control plane nodes.	rpm: requires repo_name image: requires tag or digest
service_kube_control_plane_first	Type: string Provide the name of the additional software packages to be available on Kubernetes first control plane node.	rpm: requires repo_name image: requires tag or digest
service_kube_node	Type: string Provide the name of the additional software packages to be available on all kube nodes.	rpm: requires repo_name image: requires tag or digest
slurm_control_node	Type: string Provide the name of the additional software packages to be available on all Slurm control nodes.	rpm: requires repo_name image: requires tag or digest
slurm_node	Type: string Provide the name of the additional software packages to be be available on all Slurm nodes.	rpm: requires repo_name image: requires tag or digest
login_node	Type: string Provide the name of the additional software packages to be available on all login nodes.	rpm: requires repo_name image: requires tag or digest
login_compiler_node	Type: string Provide the name of the additional software packages to be available on login compiler node.	rpm: requires repo_name image: requires tag or digest

The following is the sample additional_packages.json file:

{
"additional_packages": {
    "cluster": [
    { "package": "fuse-overlayfs", "type": "rpm", "repo_name": "x86_64_appstream" },
    { "package": "python3-PyMySQL", "type": "rpm", "repo_name": "x86_64_appstream" },
    { "package": "sssd", "type": "rpm", "repo_name": "x86_64_baseos" },
    { "package": "oddjob-mkhomedir", "type": "rpm", "repo_name": "x86_64_appstream" },
    { "package": "quay.io/strimzi/kafka-bridge", "type": "image", "tag": "0.33.1" },
    { "package": "registry.k8s.io/pause", "type": "image", "digest": "sha256:7031c1b283388c2c47cc389c74e7a6a1f91e3c23f7f9c2d9e25f7c8b1a2d3e4f" }
    ]
},
"service_kube_control_plane": {
    "cluster": [
    { "package": "git", "type": "rpm", "repo_name": "x86_64_appstream" },
    { "package": "docker.io/curlimages/curl", "type": "image", "tag": "8.17.0" },
    { "package": "docker.io/mohr/activemq", "type": "image", "tag": "5.15.9" }
    ]
},
"service_kube_control_plane_first": {
    "cluster": [
    { "package": "kernel-devel", "type": "rpm", "repo_name": "x86_64_appstream" },
    { "package": "kernel-headers", "type": "rpm", "repo_name": "x86_64_appstream" }
    ]
}
}

Architecture information for softwares

Software name	x86_64	aarch64
default_packages.json	Yes	Yes
openldap.json	Yes	No
nfs.json	Yes	Yes
slurm_custom.json	Yes	Yes
service_k8s.json	Yes	No
ucx.json	Yes	No
openmpi	Yes	No
additional_packages.json	Yes	Yes
admin_debug_packages.json	Yes	Yes

Note

• For a list of accepted softwares, go to the /opt/omnia/input/project_default/config/<cluster_os_type>/<cluster_os_version> and view the list of JSON files available. The filenames present in this location are the list of accepted softwares. For a cluster running RHEL 10.0, go to /opt/omnia/input/project_default/config/<architecture>/rhel/10.0/ and view the file list for accepted softwares.

• Omnia supports a single version of any software packages in the software_config.json file. Ensure that multiple versions of the same package are not mentioned.

/opt/omnia/input/project_default/local_repo_config.yml

Parameters for Local Repository Configuration

Parameter	Mandatory/Optional	Details
user_registry	Optional	Type: JSON list This variable accepts a list of user container registries from which additional container images can be downloaded and synchronized into the Omnia local repository. Omnia connects to the specified registries, pulls the required images, and stores them in local repository. These images are then accessed by the cluster nodes from local repository. host: Registry IP and port on which user registry is hosted. User registry can use both HTTP and HTTPS. To be strictly specified in the format IP:port. cert_path: Path to the SSL certificate file. This field is required when the registry uses HTTPS and must point to a file with a .crt extension. key_path: Path to the SSL private key file. This parameter is mandatory when the registry operates over HTTPS and must reference a file with a .key extension. Note User registry certificates and private keys specified in cert_path and key_path must already exist at the given locations, and these paths must be accessible from within the omnia_core container.
user_repo_url_x86_64	Optional	Type: JSON list This variable accepts the x86_64 repository urls from which the software packages/images will be downloaded and accessed by the cluster. Omnia downloads the software packages from the given list of URLs and stores them into a local Pulp container. These packages are then accessed by the cluster nodes from that Pulp container. url The URL defines the base URL for the repository, and it should always point to the repodata directory of the repository. gpgkey defines gpgkey for the repository. If gpgkey is omitted then gpgcheck=0 is set for that repository. name defines the name of the software .rpm package. If you are using SSL certificates for encryption, include the sslcacert, sslclientkey, and sslclientcert fields, and ensure each is populated with the correct certificate or key data. Omit these fields entirely if SSL is not in use. Irrespective of the value set to repo_config in /opt/omnia/input/project_default/software_config.json, you can set policies (always, partial) for each user repository individually. To do so, add the policy key and provide the desired value while providing the repository URLs. Example: - { url: "https://download.docker.com/linux/centos/9/x86_64/stable", gpgkey: "https://download.docker.com/linux/centos/gpg", name: "docker-ce-repo", sslcacert: "", sslclientkey: "", sslclientcert: "", policy: "" } Note All SSL related certificates must be kept in /opt/omnia/user-repo-certs/<user_repo_name>. The certificate files are encrypted post local_repo.yml playbook execution. Execute the ansible-vault decrypt <certificate_file> --vault-password-file /opt/omnia/input/project_default/.local_repo_credentials_key command to decrypt the files.
user_repo_url_aarch64	Optional	Type: JSON list This variable accepts the aarch64 repository urls from which the software packages/images will be downloaded and accessed by the cluster. Omnia downloads the software packages from the given list of URLs and stores them into a local Pulp container. These packages are then accessed by the cluster nodes from that Pulp container. url The URL defines the base URL for the repository, and it should always point to the repodata directory of the repository. gpgkey defines gpgkey for the repository. If gpgkey is omitted then gpgcheck=0 is set for that repository. name defines the name of the software .rpm package. If you are using SSL certificates for encryption, include the sslcacert, sslclientkey, and sslclientcert fields, and ensure each is populated with the correct certificate or key data. Omit these fields entirely if SSL is not in use. Irrespective of the value set to repo_config in /opt/omnia/input/project_default/software_config.json, you can set policies (always, partial) for each user repository individually. To do so, add the policy key and provide the desired value while providing the repository URLs. Example: - { url: "https://download.docker.com/linux/centos/9/aarch64/stable", gpgkey: "https://download.docker.com/linux/centos/gpg", name: "docker-ce-repo", sslcacert: "", sslclientkey: "", sslclientcert: "", policy: "" } Note All SSL related certificates must be kept in /opt/omnia/user-repo-certs/<user_repo_name>. The certificate files are encrypted post local_repo.yml playbook execution. Execute the ansible-vault decrypt <certificate_file> --vault-password-file /opt/omnia/input/project_default/.local_repo_credentials_key command to decrypt the files.
rhel_os_url_x86_64	Mandatory	Type: string Mandatory when cluster_os_type is rhel in /opt/omnia/input/project_default/software_config.json and the RHEL subscription is not registered. For RHEL systems without a subscription, the repository URLs for x86_64_codeready-builder, x86_64_appstream, and x86_64_baseos are mandatory. Additional packages required for the cluster are downloaded from the provided rhel_os_url and stored in the Pulp container. url defines the baseurl for the repository where the OS package is hosted. gpgkey defines the x86_64_gpgkey for the repository. If gpgkey is omitted, then gpgcheck=0 is set for that repository. name defines the name of the OS package. If you are using SSL certificates for encryption, include the sslcacert, sslclientkey, and sslclientcert fields, and ensure each is populated with the correct certificate or key data. Omit these fields entirely if SSL is not in use. Irrespective of the value set to repo_config in /opt/omnia/input/project_default/software_config.json, you can set an individual policy (always, partial) for the rhel_os_url. To do so, add the policy key and provide the desired value while providing the repository URLs. Example: If cluster_os_type is rhel, rhel_os_url might be - { url: "http://crb.com/CRB/x86_64/os/", gpgkey: "http://crb.com/CRB/x86_64/os/RPM-GPG-KEY", sslcacert: "", sslclientkey: "", sslclientcert: "", name: "x86_64_codeready-builder"} Note All SSL related certificates must be kept in /opt/omnia/rhel-repo-certs/<rhel_repo_name>. The certificate files are encrypted post local_repo.yml playbook execution. Execute the ansible-vault decrypt <certificate_file> --vault-password-file /opt/omnia/input/project_default/.local_repo_credentials_key command to decrypt the files.
rhel_os_url_aarch64	Mandatory	Type: string Mandatory when cluster_os_type is rhel in /opt/omnia/input/project_default/software_config.json and the RHEL subscription is not registered. For RHEL systems without a subscription, the repository URLs for aarch64_codeready-builder, aarch64_appstream, and aarch64_baseos are mandatory. Additional packages required for the cluster are downloaded from the provided rhel_os_url and stored in the Pulp container. url defines the baseurl for the repository where the OS package is hosted. gpgkey defines the aarch64_gpgkey for the repository. If gpgkey is omitted, then gpgcheck=0 is set for that repository. name defines the name of the OS package. If you are using SSL certificates for encryption, include the sslcacert, sslclientkey, and sslclientcert fields, and ensure each is populated with the correct certificate or key data. Omit these fields entirely if SSL is not in use. Irrespective of the value set to repo_config in /opt/omnia/input/project_default/software_config.json, you can set an individual policy (always, partial) for the rhel_os_url. To do so, add the policy key and provide the desired value while providing the repository URLs. Example: If cluster_os_type is rhel, rhel_os_url might be - { url: "http://crb.com/CRB/aarch64/os/", gpgkey: "http://crb.com/CRB/aarch64/os/RPM-GPG-KEY", sslcacert: "", sslclientkey: "", sslclientcert: "", name: "aarch64_codeready-builder" } Note All SSL related certificates must be kept in /opt/omnia/rhel-repo-certs/<rhel_repo_name>. The certificate files are encrypted post local_repo.yml playbook execution. Execute the ansible-vault decrypt <certificate_file> --vault-password-file /opt/omnia/input/project_default/.local_repo_credentials_key command to decrypt the files.
omnia_repo_url_rhel_x86_64	Mandatory	Type: JSON list This variable accepts a list of all the x86_64 repo urls from where .rpm packages will be downloaded for RHEL clusters. url defines the baseurl for the repository where the package is hosted. gpgkey defines the gpgkey for the repository. If gpgkey is omitted, then gpgcheck=0 is set for that repository. name defines the name of the software .rpm package. Irrespective of the value set to repo_config in /opt/omnia/input/project_default/software_config.json, you can set individual policies (always, partial) for the repository URLs. To do so, add the policy key and provide the desired value while providing the repository URLs. Default value: { url: “https://download.docker.com/linux/centos/10/x86_64/stable/”, gpgkey: “https://download.docker.com/linux/centos/gpg”, name: “docker-ce-repo”} { url: “https://dl.fedoraproject.org/pub/epel/10/Everything/x86_64/”, gpgkey: “https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-9”, name: “epel”} Note These inputs are not validated by Omnia. Incorrect values provided to this variable can lead to unexpected failures during Omnia’s deployment. Ensure that all the listed URLs are reachable from the OIM.
omnia_repo_url_rhel_aarch64	Mandatory	Type: JSON list This variable accepts a list of all the aarch64 repo urls from where .rpm packages will be downloaded for RHEL clusters. url defines the baseurl for the repository where the package is hosted. gpgkey defines the gpgkey for the repository. If gpgkey is omitted, then gpgcheck=0 is set for that repository. name defines the name of the software .rpm package. Irrespective of the value set to repo_config in /opt/omnia/input/project_default/software_config.json, you can set individual policies (always, partial) for the repository URLs. To do so, add the policy key and provide the desired value while providing the repository URLs. Default value: { url: “https://download.docker.com/linux/centos/10/aarch64/stable/”, gpgkey: “https://download.docker.com/linux/centos/gpg”, name: “docker-ce”} { url: “https://dl.fedoraproject.org/pub/epel/10/Everything/aarch64/”, gpgkey: “https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-9”, name: “epel”} Note These inputs are not validated by Omnia. Incorrect values provided to this variable can lead to unexpected failures during Omnia’s deployment. Ensure that all the listed URLs are reachable from the OIM.
additional_repos_x86_64	Optional	Type: JSON list Each repository entry must include: url: Repository base URL. name: Unique repository name. gpgkey: URL to the repository GPG key, or empty string (“”) if you are not using GPG. Example: yaml additional_repos_x86_64: { url: “https://nginx.org/packages/rhel/9/x86_64/”, gpgkey: “”, name: “test-nginx” }
additional_repos_aarch64	Optional	Type: JSON list Each repository entry must include: url: Repository base URL. name: Unique repository name. gpgkey: URL to the repository GPG key, or empty string (“”) if you are not using GPG. Example: yaml additional_repos_aarch64: { url: “https://nginx.org/packages/rhel/9/aarch64/”, gpgkey: “”, name: “test-nginx-arm” }

Note

• For systems with RedHat subscription, subscription URLs override rhel_os_urls and are processed automatically by the local_repo.yml playbook.

If you have any feedback about Omnia documentation, please reach out at omnia.readme@dell.com.