diff --git a/azure/README.md b/azure/README.md index 94fae9e..76aa01b 100644 --- a/azure/README.md +++ b/azure/README.md @@ -443,6 +443,10 @@ Now let's run lammps! # This should work (one node with ib and shared memory) flux run -o cpu-affinity=per-task -N1 -n 96 --env UCX_TLS=ib,sm --env UCX_NET_DEVICES=mlx5_ib0:1 lmp -v x 1 -v y 1 -v z 1 -in in.reaxff.hns -nocite +/opt/hpcx-v2.19-gcc-mlnx_ofed-ubuntu22.04-cuda12-x86_64/hpcx-rebuild/lib:/opt/hpcx-v2.19-gcc-mlnx_ofed-ubuntu22.04-cuda12-x86_64/hcoll/lib +flux run -o cpu-affinity=per-task -N2 -n 192 --env OMPI_MPI_mca_coll_hcoll_enable=0 --env OMPI_MPI_mca_coll_ucc_enable=0 --env UCX_TLS=ib --env UCX_NET_DEVICES=mlx5_ib0:1 lmp -v x 1 -v y 1 -v z 1 -in in.reaxff.hns -nocite + + # -x UCC_LOG_LEVEL=debug -x UCC_TLS=ucp flux run -o cpu-affinity=per-task -N2 -n 192 --env UCC_LOG_LEVEL=info --env UCC_TLS=ucp --env UCC_CONFIG_FILE= -OMPI_MPI_mca_coll_ucc_enable=0 --env UCX_TLS=dc_x --env UCX_NET_DEVICES=mlx5_ib0:1 lmp -v x 1 -v y 1 -v z 1 -in in.reaxff.hns -nocite ``` diff --git a/azure/build-ubuntu-24.04/Makefile b/azure/build-ubuntu-24.04/Makefile new file mode 100644 index 0000000..ff1d42b --- /dev/null +++ b/azure/build-ubuntu-24.04/Makefile @@ -0,0 +1,18 @@ +.PHONY: all +all: init fmt validate build + +.PHONY: init +init: + packer init . + +.PHONY: fmt +fmt: + packer fmt . + +.PHONY: validate +validate: + packer validate . + +.PHONY: build +build: + packer build flux-usernetes.pkr.hcl diff --git a/azure/build-ubuntu-24.04/README.md b/azure/build-ubuntu-24.04/README.md new file mode 100644 index 0000000..b60e1c4 --- /dev/null +++ b/azure/build-ubuntu-24.04/README.md @@ -0,0 +1,38 @@ +# Build Packer Images + +Note that I needed to do this build from a cloud shell, so clone and then: + +```bash +git clone https://github.com/converged-computing/flux-usernetes +cd flux-usernetes/azure/build-ubuntu-24.04 +``` + +And install packer + +```bash +wget https://releases.hashicorp.com/packer/1.11.2/packer_1.11.2_linux_amd64.zip +unzip packer_1.11.2_linux_amd64.zip +mkdir -p ./bin +mv ./packer ./bin/ +export PATH=$(pwd)/bin:$PATH +``` + +Get your account information for azure as follows: + +```bash +az account show +``` + +And export variables in the following format. Note that the resource group needs to actually exist - I created mine in the console UI. + +```bash +export AZURE_SUBSCRIPTION_ID=xxxxxxxxx +export AZURE_TENANT_ID=xxxxxxxxxxx +export AZURE_RESOURCE_GROUP_NAME=packer-testing +``` + +Then build! + +```bash +make +``` diff --git a/azure/build-ubuntu-24.04/build.sh b/azure/build-ubuntu-24.04/build.sh new file mode 100644 index 0000000..42a200c --- /dev/null +++ b/azure/build-ubuntu-24.04/build.sh @@ -0,0 +1,345 @@ +#!/bin/bash + +set -euo pipefail + +################################################################ +# +# Flux, Singularity, and Infiniband dependencies +# Starting on ubuntu 24.04 +# + +/usr/bin/cloud-init status --wait + +export DEBIAN_FRONTEND=noninteractive +sudo apt-get update && \ + sudo apt-get install -y apt-transport-https ca-certificates curl jq apt-utils wget curl jq \ + build-essential make linux-tools-common linux-tools-$(uname -r) + +# Install ORAS client +VERSION="1.2.2" +curl -LO "https://github.com/oras-project/oras/releases/download/v${VERSION}/oras_${VERSION}_linux_amd64.tar.gz" +mkdir -p oras-install/ +tar -zxf oras_${VERSION}_*.tar.gz -C oras-install/ +sudo mv oras-install/oras /usr/local/bin/ +rm -rf oras_${VERSION}_*.tar.gz oras-install/ + +# Infiniband +# make sure secure boot is disabled +# mokutil --sb-state +sudo chown -R azureuser /opt + +# https://docs.nvidia.com/networking/display/mlnxofedv24101140lts/installing+the+driver#src-3411296587_InstallingtheDriver-InstallationScript +# check we have devices +# lspci -v | grep Mellanox +cd /opt +oras pull ghcr.io/converged-computing/rdma-infiniband:ubuntu-24.04-tgz +tar -xzvf MLNX_OFED_LINUX-24.10-1.1.4.0-ubuntu24.04-x86_64.tgz +touch MLNX_OFED_LINUX-24.10-1.1.4.0-ubuntu24.04-x86_64.txt +mv MLNX_OFED_LINUX-24.10-1.1.4.0-ubuntu24.04-x86_64 mlnx +rm MLNX_OFED_LINUX-24.10-1.1.4.0-ubuntu24.04-x86_64.tgz +cd mlnx +sudo ./mlnxofedinstall --force +sudo /etc/init.d/openibd restart + +# Rename device to ib0 +cd /opt +wget https://raw.githubusercontent.com/converged-computing/aks-infiniband-install/main/ubuntu22.04/parse-links.py +sudo python3 parse-links.py +ip link + +cd /opt +wget https://github.com/openucx/ucx/releases/download/v1.17.0/ucx-1.17.0.tar.gz && \ + tar -xzvf ucx-1.17.0.tar.gz && \ + cd ucx-1.17.0 && \ + ./configure --disable-logging --disable-debug --disable-assertions --disable-params-check --enable-mt --prefix=/usr --enable-examples --without-java --without-go --without-xpmem --without-cuda --with-rc --with-ud --with-dc \ + --with-mlx5-dv --with-verbs --with-ib-hw-tm --with-dm --with-devx && \ + make -j && sudo make install && sudo ldconfig + +wget https://download.open-mpi.org/release/open-mpi/v4.1/openmpi-4.1.2.tar.gz && \ + tar -xzvf openmpi-4.1.2.tar.gz && \ + cd openmpi-4.1.2 && \ + ./configure --with-ucx=/usr && \ + make -j && sudo make install && sudo ldconfig + +# cmake is needed for flux-sched, and make sure to choose arm or x86 +export CMAKE=3.23.1 +export ARCH=x86_64 +export ORAS_ARCH=amd64 + +curl -s -L https://github.com/Kitware/CMake/releases/download/v$CMAKE/cmake-$CMAKE-linux-$ARCH.sh > cmake.sh && \ + sudo sh cmake.sh --prefix=/usr/local --skip-license && \ + sudo apt-get update && \ + sudo apt-get install -y man flex ssh sudo vim luarocks munge lcov ccache lua5.4 \ + valgrind build-essential pkg-config autotools-dev libtool \ + libffi-dev autoconf automake make clang clang-tidy \ + gcc g++ libpam-dev apt-utils lua-posix \ + libsodium-dev libzmq3-dev libczmq-dev libjansson-dev libmunge-dev \ + libncursesw5-dev liblua5.4-dev liblz4-dev libsqlite3-dev uuid-dev \ + libhwloc-dev libs3-dev libevent-dev libarchive-dev \ + libboost-graph-dev libboost-system-dev libboost-filesystem-dev \ + libboost-regex-dev libyaml-cpp-dev libedit-dev uidmap dbus-user-session python3-cffi + +# /etc/init.d/openibd status +# HCA driver loaded + +# Configured IPoIB devices: +# ib0 + +# Currently active IPoIB devices: +# Configured Mellanox EN devices: +# enP54485s1 + +# Currently active Mellanox devices: +# enP54485s1 +# ib0 + +# The following OFED modules are loaded: + +# rdma_ucm +# rdma_cm +# ib_ipoib +# mlx5_core +# mlx5_ib +# ib_uverbs +# ib_umad +# ib_cm +# ib_core +# mlxfw + +sudo locale-gen en_US.UTF-8 + +################################################################ +## Install Flux and dependencies + +mkdir -p /opt/prrte && \ + cd /opt/prrte && \ + git clone https://github.com/openpmix/openpmix.git && \ + git clone https://github.com/openpmix/prrte.git && \ + cd openpmix && \ + git checkout fefaed568f33bf86f28afb6e45237f1ec5e4de93 && \ + ./autogen.pl && \ + ./configure --prefix=/usr --disable-static && sudo make install && \ + sudo ldconfig + +cd /opt/prrte/prrte && \ + git checkout 477894f4720d822b15cab56eee7665107832921c && \ + ./autogen.pl && \ + ./configure --prefix=/usr && sudo make -j install + +# flux security +cd /opt +wget https://github.com/flux-framework/flux-security/releases/download/v0.13.0/flux-security-0.13.0.tar.gz && \ + tar -xzvf flux-security-0.13.0.tar.gz && \ + mv flux-security-0.13.0 /opt/flux-security && \ + cd /opt/flux-security && \ + ./configure --prefix=/usr --sysconfdir=/etc && \ + make -j && sudo make install + +# The VMs will share the same munge key +sudo mkdir -p /var/run/munge && \ + dd if=/dev/urandom bs=1 count=1024 > munge.key && \ + sudo mv munge.key /etc/munge/munge.key && \ + sudo chown -R munge /etc/munge/munge.key /var/run/munge && \ + sudo chmod 600 /etc/munge/munge.key + +# Make the flux run directory +mkdir -p /home/azureuser/run/flux + +# Flux core +sudo apt-get install -y python3-pip +cd /opt +wget https://github.com/flux-framework/flux-core/releases/download/v0.68.0/flux-core-0.68.0.tar.gz && \ + tar -xzvf flux-core-0.68.0.tar.gz && \ + mv flux-core-0.68.0 /opt/flux-core && \ + cd /opt/flux-core && \ + ./configure --prefix=/usr --sysconfdir=/etc --with-flux-security && \ + make clean && \ + make -j && sudo make install + +# Flux pmix (must be installed after flux core) +cd /opt +wget https://github.com/flux-framework/flux-pmix/releases/download/v0.5.0/flux-pmix-0.5.0.tar.gz && \ + tar -xzvf flux-pmix-0.5.0.tar.gz && \ + mv flux-pmix-0.5.0 /opt/flux-pmix && \ + cd /opt/flux-pmix && \ + ./configure --prefix=/usr && \ + make -j && \ + sudo make install + +# Flux sched +cd /opt +wget https://github.com/flux-framework/flux-sched/releases/download/v0.40.0/flux-sched-0.40.0.tar.gz && \ + tar -xzvf flux-sched-0.40.0.tar.gz && \ + mv flux-sched-0.40.0 /opt/flux-sched && \ + cd /opt/flux-sched && \ + mkdir build && \ + cd build && \ + cmake ../ && make -j && sudo make install && sudo ldconfig && \ + echo "DONE flux build" + +# Flux curve.cert +# Ensure we have a shared curve certificate +flux keygen /tmp/curve.cert && \ + sudo mkdir -p /etc/flux/system && \ + sudo cp /tmp/curve.cert /etc/flux/system/curve.cert && \ + sudo chown azureuser /etc/flux/system/curve.cert && \ + sudo chmod o-r /etc/flux/system/curve.cert && \ + sudo chmod g-r /etc/flux/system/curve.cert && \ + # Permissions for imp + sudo chmod u+s /usr/libexec/flux/flux-imp && \ + sudo chmod 4755 /usr/libexec/flux/flux-imp && \ + # /var/lib/flux needs to be owned by the instance owner + sudo mkdir -p /var/lib/flux && \ + sudo chown azureuser -R /var/lib/flux && \ + cd /opt + +# Install Singularity +# flux start mpirun -n 6 singularity exec singularity-mpi_mpich.sif /opt/mpitest +sudo apt-get update && sudo apt-get install -y libseccomp-dev libglib2.0-dev cryptsetup \ + libfuse-dev \ + squashfs-tools \ + squashfs-tools-ng \ + uidmap \ + zlib1g-dev \ + iperf3 + +sudo apt-get install -y \ + autoconf \ + automake \ + cryptsetup \ + git \ + libfuse-dev \ + libglib2.0-dev \ + libseccomp-dev \ + libtool \ + pkg-config \ + runc \ + squashfs-tools \ + squashfs-tools-ng \ + uidmap \ + wget \ + zlib1g-dev + +# install go +cd /tmp +wget https://go.dev/dl/go1.21.0.linux-${ORAS_ARCH}.tar.gz +tar -xvf go1.21.0.linux-${ORAS_ARCH}.tar.gz +sudo mv go /usr/local && rm go1.21.0.linux-${ORAS_ARCH}.tar.gz +export PATH=/usr/local/go/bin:$PATH + +# Install singularity +export VERSION=4.0.1 && \ + wget https://github.com/sylabs/singularity/releases/download/v${VERSION}/singularity-ce-${VERSION}.tar.gz && \ + tar -xzf singularity-ce-${VERSION}.tar.gz && \ + cd singularity-ce-${VERSION} + +./mconfig && \ + make -C builddir && \ + sudo make -C builddir install + +# Ensure the flux uri is exported for all users +# The build should be done as azureuser, but don't assume it. +export FLUX_URI=local:///opt/run/flux/local +echo "export FLUX_URI=local:///opt/run/flux/local" >> /home/$(whoami)/.bashrc +echo "export FLUX_URI=local:///opt/run/flux/local" >> /home/azureuser/.bashrc + +# The flux uri needs to be set for all users that logic +echo "FLUX_URI DEFAULT=local:///opt/run/flux/local" >> ./environment +sudo mv ./environment /etc/security/pam_env.conf + +# Install Usernetes +cd /tmp +echo "START updating cgroups2" +cat /etc/default/grub | grep GRUB_CMDLINE_LINUX= +GRUB_CMDLINE_LINUX="" +sudo sed -i -e 's/^GRUB_CMDLINE_LINUX=""/GRUB_CMDLINE_LINUX="systemd.unified_cgroup_hierarchy=1"/' /etc/default/grub +sudo update-grub +sudo mkdir -p /etc/systemd/system/user@.service.d + +cat </dev/null +br_netfilter +vxlan +EOF + +sudo mv ./usernetes.conf /etc/modules-load.d/usernetes.conf +sudo systemctl restart systemd-modules-load.service +echo "DONE updating kernel modules" + +echo "START 99-usernetes.conf" +echo "net.ipv4.conf.default.rp_filter = 2" > /tmp/99-usernetes.conf +sudo mv /tmp/99-usernetes.conf /etc/sysctl.d/99-usernetes.conf +sudo sysctl --system || true +echo "DONE 99-usernetes.conf" + +echo "START modprobe" +sudo modprobe vxlan +sudo modprobe ip6_tables +sudo modprobe ip6table_nat +sudo modprobe iptable_nat +sudo systemctl daemon-reload + +# https://github.com/rootless-containers/rootlesskit/blob/master/docs/port.md#exposing-privileged-ports +cp /etc/sysctl.conf ./sysctl.conf +echo "net.ipv4.ip_unprivileged_port_start=0" | tee -a ./sysctl.conf +echo "net.ipv4.conf.default.rp_filter=2" | tee -a ./sysctl.conf +echo "net.ipv4.ip_forward=1" | tee -a ./sysctl.conf +sudo mv ./sysctl.conf /etc/sysctl.conf + +sudo sysctl -p +sudo systemctl daemon-reload +echo "DONE modprobe" + +echo "START kubectl" +curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl" +chmod +x ./kubectl +sudo mv ./kubectl /usr/bin/kubectl +echo "DONE kubectl" + +# We need to reinstall docker, the one on the VM does not have compose :/ +echo "Installing docker" +curl -o install.sh -fsSL https://get.docker.com +chmod +x install.sh +sudo rm -rf /etc/containerd/config.toml +sudo ./install.sh || true +echo "done installing docker" + +echo "Setting up usernetes" +echo "export PATH=/usr/bin:$PATH" >> /home/azureuser/.bashrc +echo "export XDG_RUNTIME_DIR=/home/azureuser/.docker/run" >> /home/azureuser/.bashrc +# This wants to write into run, which is probably OK (under userid) +echo "export DOCKER_HOST=unix:///home/azureuser/.docker/run/docker.sock" >> /home/azureuser/.bashrc +echo "export KUBECONFIG=/home/azureuser/usernetes/kubeconfig" >> /home/azureuser/.bashrc + +echo "Installing docker user" +sudo loginctl enable-linger azureuser +ls /var/lib/systemd/linger +mkdir -p /home/azureuser/.docker/run + +# Install rootless docker +sudo apt-get install -y uidmap + +curl -fsSL https://get.docker.com/rootless | sh +dockerd-rootless-setuptool.sh install +sleep 10 +systemctl --user enable docker.service +systemctl --user start docker.service +ln -s /run/user/1000/docker.sock /home/azureuser/.docker/run/docker.sock +docker run hello-world + +# Clone usernetes +git clone https://github.com/rootless-containers/usernetes /home/azureuser/usernetes +# +# At this point we have what we need! + +/usr/sbin/waagent -force -deprovision+user && export HISTSIZE=0 && sync diff --git a/azure/build-ubuntu-24.04/flux-usernetes.pkr.hcl b/azure/build-ubuntu-24.04/flux-usernetes.pkr.hcl new file mode 100644 index 0000000..a13145d --- /dev/null +++ b/azure/build-ubuntu-24.04/flux-usernetes.pkr.hcl @@ -0,0 +1,68 @@ +packer { + required_plugins { + azure = { + source = "github.com/hashicorp/azure" + version = "~> 2" + } + } +} + +variable client_id { + type = string + default = null +} +variable client_secret { + type = string + default = null +} + +variable subscription_id { + type = string + default = env("AZURE_SUBSCRIPTION_ID") +} + +variable tenant_id { + type = string + default = env("AZURE_TENANT_ID") +} + +variable "image_resource_group_name" { + description = "Name of the resource group in which the Packer image will be created" + default = env("AZURE_RESOURCE_GROUP_NAME") +} + +# az vm image list +source "azure-arm" "builder" { + + # Uncomment if you aren't using managed identity (in cloud shell) + # client_id = var.client_id + # client_secret = var.client_secret + # And comment this line (or set to false) + use_azure_cli_auth = true + image_offer = "ubuntu-24_04-lts" + image_publisher = "Canonical" + image_sku = "server" + location = "southcentralus" + managed_image_name = "flux-usernetes-ubuntu-2404" + managed_image_resource_group_name = var.image_resource_group_name + os_type = "Linux" + subscription_id = var.subscription_id + tenant_id = var.tenant_id + # If you aren't sure about size, put something wrong :) + # You will need to have quota for this family, and the location + vm_size = "Standard_HB120-96rs_v3" + ssh_username = "azureuser" + azure_tags = { + "flux" : "0.68.0", + "flux-sched": "0.40.0" + } +} + +build { + sources = ["source.azure-arm.builder"] + provisioner "shell" { + # This will likely run as sudo + # execute_command = "chmod +x {{ .Path }}; {{ .Vars }} sudo -E sh '{{ .Path }}'" + script = "build.sh" + } +}