Skip to content

Update production.md docs #730

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 2 commits into from
Jul 10, 2025
Merged

Update production.md docs #730

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
b4e86a7
Update production.md docs
sjpb Jul 9, 2025
d5405e0
Fix tofu module instructions
sjpb Jul 9, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
31 changes: 15 additions & 16 deletions docs/production.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -48,21 +48,28 @@ and referenced from the `site` and `production` environments, e.g.:

```
...
variable "environment_root" {
type = string
description = "Path to environment root, automatically set by activate script"
}

module "cluster" {
source = "../../site/tofu/"
environment_root = var.environment_root

cluster_name = "foo"
...
}
```

Note that:
- Environment-specific variables (`cluster_name`) should be hardcoded
into the cluster module block.
- Environment-independent variables (e.g. maybe `cluster_net` if the
same is used for staging and production) should be set as *defaults*
in `environments/site/tofu/variables.tf`, and then don't need to
be passed in to the module.

- Environment-specific variables (`cluster_name`) should be hardcoded
into the cluster module block.
- Environment-independent variables (e.g. maybe `cluster_net` if the
same is used for staging and production) should be set as *defaults*
in `environments/site/tofu/variables.tf`, and then don't need to
be passed in to the module.

- Vault-encrypt secrets. Running the `generate-passwords.yml` playbook creates
a secrets file at `environments/$ENV/inventory/group_vars/all/secrets.yml`.
Expand Down Expand Up @@ -120,22 +127,14 @@ and referenced from the `site` and `production` environments, e.g.:
set the "attach" options and run `tofu apply` again - this should show there
are no changes planned.

- Enable `etc_hosts` templating:

```yaml
# environments/site/inventory/groups:
[etc_hosts:children]
cluster
```

- Configure Open OnDemand - see [specific documentation](openondemand.md).

- Remove the `demo_user` user from `environments/$ENV/inventory/group_vars/all/basic_users.yml`

- Consider whether having (read-only) access to Grafana without login is OK. If not, remove `grafana_auth_anonymous` in `environments/$ENV/inventory/group_vars/all/grafana.yml`

- If floating IPs are required for login nodes, modify the OpenTofu configurations
appropriately.
- If floating IPs are required for login nodes, create these in OpenStack and add the IPs into
the OpenTofu `login` definition.

- Consider whether mapping of baremetal nodes to ironic nodes is required. See
[PR 485](https://github.com/stackhpc/ansible-slurm-appliance/pull/485).
Expand Down