Input parameters for Local Repositories

The local_repo.yml playbook is dependent on the inputs provided to the following input files:

  • /opt/omnia/input/project_default/software_config.json

  • /opt/omnia/input/project_default/local_repo_config.yml

/opt/omnia/input/project_default/software_config.json

Based on the inputs provided to the /opt/omnia/input/project_default/software_config.json, the software packages/images are accessed from the Pulp container and the desired software stack is deployed on the cluster nodes.

Parameters for Software Configuration

Parameter

Mandatory/Optional

Details

cluster_os_type

Mandatory

  • Type: string

  • Specify the operating system running on the OIM and the one to be provisioned on the compute nodes.

  • Accepted value: rhel

cluster_os_version

Mandatory

  • Type: string

  • The OS Version that will be provisioned on compute nodes.

  • Accepted value: 10.0.

repo_config

Mandatory

  • Type: string

  • Omnia sets up a local Pulp repository on the OIM and downloads all the necessary packages or images for the cluster into this repository. The behavior of the Pulp container varies depending on the value of the repo_config parameter.

  • In case of always, packages are downloaded and cached on OIM during local_repo.yml execution; compute nodes get the packages from OIM. Caching these packages allow them to be reused in future operations without needing to download them again.

  • In case of partial, packages are not pre-downloaded or cached. OIM downloads from upstream URLs when needed.

  • Accepted value: always, partial

  • Default value: always

Note

The following packages will always be downloaded from the local Pulp repository, regardless of the value of repo_config:

  • ISOs

  • pip modules

  • manifests

  • tarballs

  • container images

softwares

Mandatory

  • Type: JSON list

  • A JSON list of required software with the software version (optional) and architecture type aarch64, x86_64 or both. This field is mandatory.

  • The following software should be listed with a version in the list: OpenLDAP, NFS, Slurm, service_k8s, utils, ucx, openmpi.

  • A minimum of one software should be provided in the list for local_repo.yml to execute correctly.

  • The software_config.json will have the basic softwares present in it. To add additional software stacks, add the software under /opt/omnia/input/project_default/software_config.json.

  • For the list of all applicable softwares based on your <cluster_os_type>, refer the templates at examples/template_<os>_software_config.json. For example, /omnia/examples/rhel_software_config.json

Note

The accepted names for software are taken from /opt/omnia/input/project_default/config/<architecture>/<cluster_os_type>/<cluster_os_version>.

Here’s a sample of the software_config.json for RHEL clusters:

{
"cluster_os_type": "rhel",
"cluster_os_version": "10.0",
"repo_config": "always",
"softwares": [
    {"name": "default_packages", "arch": ["x86_64","aarch64"]},
    {"name": "openldap", "arch": ["x86_64"]},
    {"name": "nfs", "arch": ["x86_64","aarch64"]},
    {"name": "service_k8s","version": "1.31.4", "arch": ["x86_64"]},
    {"name": "slurm_custom", "arch": ["x86_64","aarch64"]}
],
"slurm_custom": [
    {"name": "slurm_control_node"},
    {"name": "slurm_node"},
    {"name": "login_node"},
    {"name": "login_compiler_node"}
],
"service_k8s": [
    {"name": "service_kube_control_plane"},
    {"name": "service_etcd"},
    {"name": "service_kube_node"}
]

}
Architecture information for softwares

Software name

x86_64

aarch64

default_packages.json

Yes

Yes

openldap.json

Yes

No

nfs.json

Yes

Yes

slurm_custom.json

Yes

Yes

service_k8s.json

Yes

No

ucx.json

Yes

No

openmpi

Yes

No

Note

  • To download a software with both x86_64 and aarch64 architectures, the arch key input is mandatory. Ensure that you check if the .json files for all the specified architectures are available in the input or configuration file. Else, update the .json files. See the following sample:

{
    "cluster_os_type": "rhel",
    "cluster_os_version": "10.0",
    "repo_config": "always",
    "softwares": [
        {"name": "default_packages", "arch": ["x86_64","aarch64"]},
        {"name": "openldap", "arch": ["x86_64"]},
        {"name": "nfs", "arch": ["x86_64","aarch64"]},
        {"name": "slurm_custom", "arch": ["x86_64","aarch64"]},
        {"name": "service_k8s", "version": "1.31.4", "arch": ["x86_64"]},
        {"name": "ucx", "version": "1.19.0", "arch": ["x86_64"]},
        {"name": "openmpi", "version": "5.0.8", "arch": ["x86_64"]}
    ],
    "slurm_custom": [
        {"name": "slurm_control_node"},
        {"name": "slurm_node"},
        {"name": "login_node"},
        {"name": "login_compiler_node"}
    ],
    "service_k8s": [
        {"name": "service_kube_control_plane"},
        {"name": "service_etcd"},
        {"name": "service_kube_node"}
    ]
}

  • For additional_software support, update the input/config/{arch}/rhel/10.0/additional_software.json file with the required {arch} data, where {arch} can either be x86_64 or aarch64, or a combination of both.

Note

  • For a list of accepted softwares, go to the /opt/omnia/input/project_default/config/<cluster_os_type>/<cluster_os_version> and view the list of JSON files available. The filenames present in this location are the list of accepted softwares. For a cluster running RHEL 10.0, go to /opt/omnia/input/project_default/config/<architecture>/rhel/10.0/ and view the file list for accepted softwares.

  • Omnia supports a single version of any software packages in the software_config.json file. Ensure that multiple versions of the same package is not mentioned.

  • For software packages that do not have a pre-defined json file in /opt/omnia/input/project_default/config/<architecture>/<cluster_os_type>/<cluster_os_version>, you need to create a custom.json file with the package details.

/opt/omnia/input/project_default/local_repo_config.yml

Parameters for Local Repository Configuration

Parameter

Mandatory/Optional

Details

pulp_protocol

Mandatory

  • Type: Boolean

  • By default, set to true to enable secure (HTTPS) connection to the Pulp server.

  • Set to false if you want to connect to the Pulp server using HTTP.

user_repo_url_x86_64

Optional

  • Type: JSON list

  • This variable accepts the x86_64 repository urls from which the software packages/images will be downloaded and accessed by the cluster.

  • Omnia downloads the software packages from the given list of URLs and stores them into a local Pulp container. These packages are then accessed by the cluster nodes from that Pulp container.

  • url defines the baseurl for the repository.

  • gpgkey defines gpgkey for the repository. If gpgkey is omitted then gpgcheck=0 is set for that repository.

  • name defines the name of the software .rpm package.

  • If you are using SSL certificates for encryption, include the sslcacert, sslclientkey, and sslclientcert fields, and ensure each is populated with the correct certificate or key data. Omit these fields entirely if SSL is not in use.

  • Irrespective of the value set to repo_config in /opt/omnia/input/project_default/software_config.json, you can set policies (always, partial) for each user repository individually. To do so, add the policy key and provide the desired value while providing the repository URLs.

  • Example: - { url: "https://download.docker.com/linux/centos/9/x86_64/stable", gpgkey: "https://download.docker.com/linux/centos/gpg", name: "docker-ce-repo", sslcacert: "", sslclientkey: "", sslclientcert: "", policy: "" }

Note

All SSL related certificates must be kept in /opt/omnia/user-repo-certs/<user_repo_name>. The certificate files are encrypted post local_repo.yml playbook execution. Execute the ansible-vault decrypt <certificate_file> --vault-password-file /opt/omnia/input/project_default/.local_repo_credentials_key command to decrypt the files.

user_repo_url_aarch64

Optional

  • Type: JSON list

  • This variable accepts the aarch64 repository urls from which the software packages/images will be downloaded and accessed by the cluster.

  • Omnia downloads the software packages from the given list of URLs and stores them into a local Pulp container. These packages are then accessed by the cluster nodes from that Pulp container.

  • url defines the baseurl for the repository.

  • gpgkey defines gpgkey for the repository. If gpgkey is omitted then gpgcheck=0 is set for that repository.

  • name defines the name of the software .rpm package.

  • If you are using SSL certificates for encryption, include the sslcacert, sslclientkey, and sslclientcert fields, and ensure each is populated with the correct certificate or key data. Omit these fields entirely if SSL is not in use.

  • Irrespective of the value set to repo_config in /opt/omnia/input/project_default/software_config.json, you can set policies (always, partial) for each user repository individually. To do so, add the policy key and provide the desired value while providing the repository URLs.

  • Example: - { url: "https://download.docker.com/linux/centos/9/aarch64/stable", gpgkey: "https://download.docker.com/linux/centos/gpg", name: "docker-ce-repo", sslcacert: "", sslclientkey: "", sslclientcert: "", policy: "" }

Note

All SSL related certificates must be kept in /opt/omnia/user-repo-certs/<user_repo_name>. The certificate files are encrypted post local_repo.yml playbook execution. Execute the ansible-vault decrypt <certificate_file> --vault-password-file /opt/omnia/input/project_default/.local_repo_credentials_key command to decrypt the files.

user_registry

Optional

  • Type: JSON list

  • This variable accepts the URL and port of the user’s own software image registry.

  • If you have your own registry and want Omnia to use it, you can specify its URL and port using this variable. If the package is available there, Omnia will pull the image from the user_registry instead of the Internet.

  • Compute nodes can directly mirror images from the URLs listed in the user_registry, using http_proxy.

  • Format: - { host: <registry URL or hostname>, cert_path: "<certificate path>" , key_path: "", name: "", requires_auth: <true or false>}

    • host: The registry URL/hostname (for example, 10.11.0.100 or abcd.dev.test).

    • cert_path: Absolute path to the CA certificate file for the registry. If kept blank, the registry is treated as insecure.

    • key_path: Path to the client key file, if required by the registry.

    • name: A unique identifier for the registry.

    • requires_auth: Set to true if the registry requires authentication with username or password, otherwise set to false.

  • Example:

    user_registry:
         - { host: 10.11.0.100, cert_path: "/home/ca.crt", key_path: "", name: "local", requires_auth: true }
         - { host: hostname.registry.test, cert_path: "", key_path: "", name: "external", requires_auth: false }

  • If the user_registry requires authentication, then set requires_auth to true and update the /opt/omnia/input/project_default/user_registry_credential.yml file with the necessary details and credentials.

    • name: User registry name, name should match exact name provided in local_repo_config.yml.

    • username: Provide if user registry requires username to authenticate.

    • password: Provide if user registry requires password to authenticate.

    • Format:

      user_registry_credential:
       - {name: "", username: "", password: ""}

Note

The user_registry_credential.yml file will get encrypted once local_repo.yml playbook has been executed. To edit or modify any fields, use the following command:

ansible-vault edit user_registry_credential.yml --vault-password-file .local_repo_credentials_key

rhel_os_url_x86_64

Mandatory

  • Type: string

  • Mandatory when cluster_os_type is rhel in /opt/omnia/input/project_default/software_config.json and the RHEL subscription is not registered.

  • For RHEL systems without a subscription, the repository URLs for x86_64_codeready-builder, x86_64_appstream, and x86_64_baseos are mandatory.

  • Additional packages required for the cluster are downloaded from the provided rhel_os_url and stored in the Pulp container.

  • url defines the baseurl for the repository where the OS package is hosted.

  • gpgkey defines the x86_64_gpgkey for the repository. If gpgkey is omitted, then gpgcheck=0 is set for that repository.

  • name defines the name of the OS package.

  • If you are using SSL certificates for encryption, include the sslcacert, sslclientkey, and sslclientcert fields, and ensure each is populated with the correct certificate or key data. Omit these fields entirely if SSL is not in use.

  • Irrespective of the value set to repo_config in /opt/omnia/input/project_default/software_config.json, you can set an individual policy (always, partial) for the rhel_os_url. To do so, add the policy key and provide the desired value while providing the repository URLs.

  • Example: If cluster_os_type is rhel, rhel_os_url might be - { url: "http://crb.com/CRB/x86_64/os/", gpgkey: "http://crb.com/CRB/x86_64/os/RPM-GPG-KEY", sslcacert: "", sslclientkey: "", sslclientcert: "", name: "x86_64_codeready-builder"}

Note

All SSL related certificates must be kept in /opt/omnia/rhel-repo-certs/<rhel_repo_name>. The certificate files are encrypted post local_repo.yml playbook execution. Execute the ansible-vault decrypt <certificate_file> --vault-password-file /opt/omnia/input/project_default/.local_repo_credentials_key command to decrypt the files.

rhel_os_url_aarch64

Mandatory

  • Type: string

  • Mandatory when cluster_os_type is rhel in /opt/omnia/input/project_default/software_config.json and the RHEL subscription is not registered.

  • For RHEL systems without a subscription, the repository URLs for aarch64_codeready-builder, aarch64_appstream, and aarch64_baseos are mandatory.

  • Additional packages required for the cluster are downloaded from the provided rhel_os_url and stored in the Pulp container.

  • url defines the baseurl for the repository where the OS package is hosted.

  • gpgkey defines the aarch64_gpgkey for the repository. If gpgkey is omitted, then gpgcheck=0 is set for that repository.

  • name defines the name of the OS package.

  • If you are using SSL certificates for encryption, include the sslcacert, sslclientkey, and sslclientcert fields, and ensure each is populated with the correct certificate or key data. Omit these fields entirely if SSL is not in use.

  • Irrespective of the value set to repo_config in /opt/omnia/input/project_default/software_config.json, you can set an individual policy (always, partial) for the rhel_os_url. To do so, add the policy key and provide the desired value while providing the repository URLs.

  • Example: If cluster_os_type is rhel, rhel_os_url might be - { url: "http://crb.com/CRB/aarch64/os/", gpgkey: "http://crb.com/CRB/aarch64/os/RPM-GPG-KEY", sslcacert: "", sslclientkey: "", sslclientcert: "", name: "aarch64_codeready-builder" }

Note

All SSL related certificates must be kept in /opt/omnia/rhel-repo-certs/<rhel_repo_name>. The certificate files are encrypted post local_repo.yml playbook execution. Execute the ansible-vault decrypt <certificate_file> --vault-password-file /opt/omnia/input/project_default/.local_repo_credentials_key command to decrypt the files.

omnia_repo_url_rhel_x86_64

Mandatory

Note

  • These inputs are not validated by Omnia. Incorrect values provided to this variable can lead to unexpected failures during Omnia’s deployment.

  • Ensure that all the listed URLs are reachable from the OIM.

omnia_repo_url_rhel_aarch64

Mandatory

Note

  • These inputs are not validated by Omnia. Incorrect values provided to this variable can lead to unexpected failures during Omnia’s deployment.

  • Ensure that all the listed URLs are reachable from the OIM.

Note

  • For systems with RedHat subscription, subscription URLs override rhel_os_urls and are processed automatically by the local_repo.yml playbook.

If you have any feedback about Omnia documentation, please reach out at omnia.readme@dell.com.