Skip to content

Add Ansible Script to Allow Nodes to Keep Their Own External Data Up-to-date #134

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
cailafinn wants to merge 3 commits into
base: main
Choose a base branch
from
Open

Add Ansible Script to Allow Nodes to Keep Their Own External Data Up-to-date #134

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
d53f6a2
Mirror data from the ISIS server
cailafinn Sep 16, 2025
c4a44c7
Fix SSH connection issues
cailafinn Sep 18, 2025
ed112be
Use mounts rather than volumes for ext data
cailafinn Oct 13, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion Linux/external-data-mirror/ansible/roles/mirror-data/tasks/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@
when: connected.stdout != "success"

- name: Mirror the external data from the main server in a volume (this may take a while).
ansible.builtin.command: "rsync -az --perms -o -g {{ main_server_hostname }}:/srv/{{ main_data_srv_dir }}/ftp/external-data/MD5/ /external-data/MD5/"
ansible.builtin.command: "rsync -azvW --perms -o -g {{ main_server_hostname }}:/srv/{{ main_data_srv_dir }}/ftp/external-data/MD5/ /external-data/MD5/"

- name: Copy the data update script onto the mirror machine.
ansible.builtin.copy:
Expand Down
2 changes: 1 addition & 1 deletion Linux/external-data-mirror/ansible/roles/mirror-data/tasks/update-external-data.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ printf "%(%H:%M:%S)T "

if [ -z "${RSYNC_PROCESS_IDS}" ]; then
echo "running rsync..."
rsync -az --perms -o -g $SERVER_IP:/srv/$FTP_SRV_DIR/ftp/external-data/MD5/ /external-data/MD5/
rsync -azvW --perms -o -g $SERVER_IP:/srv/$FTP_SRV_DIR/ftp/external-data/MD5/ /external-data/MD5/
Copy link
Contributor

@idigs idigs Oct 16, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more. 

--whole-file, -W
              This option disables rsync's delta-transfer algorithm, which causes all transferred files to be sent whole.  The transfer may be faster if this option  is  used  when
              the  bandwidth between the source and destination machines is higher than the bandwidth to disk (especially when the "disk" is actually a networked filesystem).  This
              is the default when both the source and destination are specified as local paths, but only if no batch-writing option is in effect.

Copy link
Collaborator Author

@cailafinn cailafinn Nov 26, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Including the -W flag seemed to reduce some of the flakiness that was happening when trying to rsync data though the load balancer.

else
echo "rsync is already running. Skipping this time..."
fi
10 changes: 7 additions & 3 deletions Linux/jenkins-node/ansible/jenkins-agent-production.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,20 +3,24 @@
vars:
deploy_type: production
jenkins_url: https://builds.mantidproject.org
data_server_hostname: 172.16.114.127
pip_install_packages:
- name: docker

roles:
- role: setup
tags: "initial-setup"
- role: interactive_users
tags: "initial-setup"
tags: "initial-setup"
- role: geerlingguy.pip
become: yes
tags: "initial-setup"
tags: "initial-setup"
- role: geerlingguy.docker
become: yes
tags: "initial-setup"
tags: "initial-setup"
- role: mirror-data # ONLY WORKS FOR ISIS NODES
become: yes
tags: ["mirror", never]
- role: agent
become: yes
tags: "agent"
12 changes: 6 additions & 6 deletions Linux/jenkins-node/ansible/roles/agent/tasks/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,9 +9,9 @@
pull: yes
shm_size: 512M
volumes:
- "{{ agent_name }}:/jenkins_workdir"
- "{{ agent_name }}_ccache:/ccache"
- "{{ agent_name }}_external_data:/mantid_data"
- "/{{ agent_name }}/:/jenkins_workdir"
- "/{{ agent_name }}_ccache/:/ccache"
- "/{{ agent_name }}_external_data/:/mantid_data"
env:
JENKINS_AGENT_NAME: "{{ agent_name }}"
JENKINS_SECRET: "{{ agent_secret }}"
Expand All @@ -29,9 +29,9 @@
pull: yes
shm_size: 512M
volumes:
- "{{ agent_name }}:/jenkins_workdir"
- "{{ agent_name }}_ccache:/ccache"
- "{{ agent_name }}_external_data:/mantid_data"
- "/{{ agent_name }}/:/jenkins_workdir"
- "/{{ agent_name }}_ccache/:/ccache"
- "/{{ agent_name }}_external_data/:/mantid_data"
env:
JENKINS_AGENT_NAME: "{{ agent_name }}"
JENKINS_SECRET: "{{ agent_secret }}"
Expand Down
45 changes: 45 additions & 0 deletions Linux/jenkins-node/ansible/roles/mirror-data/tasks/exchange-keys.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,45 @@
- name: Generate key pair if it does not exist
community.crypto.openssh_keypair:
force: no # Don't regenerate existing keys.
path: ~/.ssh/id_rsa

- name: Read public key into tmp to copy over.
fetch:
src: ~/.ssh/id_rsa.pub
dest: /tmp/{{ ansible_hostname }}-id_rsa.pub
flat: yes

- name: Add public key to ISIS mirror's authorized keys
ansible.posix.authorized_key:
user: "{{ ansible_user_id }}"
key: "{{ lookup('file','/tmp/{{ ansible_hostname }}-id_rsa.pub')}}"
remote_user: ubuntu
Copy link
Contributor

@warunawickramasingha warunawickramasingha Feb 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

When running the ansbile script, for remote_user, I had to use my fedid with with --ask-become-pass option instead, as ubuntu user as it gave below error

fatal: [172.16.111.215 -> 172.16.114.127]: UNREACHABLE! => {"changed": false, "msg": "Task failed: Failed to connect to the host via ssh: ubuntu@172.16.114.127: Permission denied (publickey,password).", "unreachable": true}

delegate_to: "{{ data_server_hostname }}"
delegate_facts: true

- name: Touch the known_hosts file if it's missing
file:
path: ~/.ssh/known_hosts
state: touch
mode: 0644

- name: Check if known_hosts contains existing server fingerprint
command: ssh-keygen -F {{ data_server_hostname }}
register: key_exists
failed_when: key_exists.stderr != ''
changed_when: False

- name: Scan for existing remote ssh fingerprint
command: ssh-keyscan -T5 {{ data_server_hostname }}
register: keyscan
failed_when: keyscan.rc != 0 or keyscan.stdout == ''
changed_when: False
when: key_exists.rc == 1

- name: Copy ssh-key to local known_hosts
lineinfile:
name: ~/.ssh/known_hosts
create: yes
line: "{{ item }}"
when: key_exists.rc == 1
with_items: "{{ keyscan.stdout_lines|default([]) }}"
29 changes: 29 additions & 0 deletions Linux/jenkins-node/ansible/roles/mirror-data/tasks/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
- name: Create a directory to hold the mirror of the external data.
ansible.builtin.file:
path: /{{ agent_name }}_external_data/MD5/
state: directory
mode: '0755'

- name: Check if machine has SSH access to the ISIS data store.
ansible.builtin.command: ssh -o BatchMode=True {{ ansible_user_id }}@{{ data_server_hostname }} 'echo success'
register: connected
ignore_errors: True

- name: Exchange SSH keys with linode so we can access the data.
import_tasks: exchange-keys.yml
when: connected.stdout != "success"

- name: Mirror the external data from the main server in a volume (this may take a while).
ansible.builtin.command: "rsync -azvW --perms -o -g {{ ansible_user_id }}@{{ data_server_hostname }}:/external-data/MD5/ /{{ agent_name }}_external_data/MD5 -v"
Copy link
Contributor

@warunawickramasingha warunawickramasingha Feb 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The ssh connection was closed due to long running process. It would be better to run this asynchronously as follows.

Suggested change
ansible.builtin.command: "rsync -azvW --perms -o -g {{ ansible_user_id }}@{{ data_server_hostname }}:/external-data/MD5/ /{{ agent_name }}_external_data/MD5 -v"
ansible.builtin.command: >
rsync -azvW --perms -o -g
{{ ansible_user_id }}@{{ data_server_hostname }}:/external-data/MD5/
/{{ agent_name }}_external_data/MD5/
async: 10800 # allow up to 3h
poll: 30 # check every 30s

Copy link
Contributor

@warunawickramasingha warunawickramasingha Feb 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In addition, after deleting some of the files from the mount path of the docker volume in the host machine, I cannot see the missing files are made available even after several cron runs.

Shown below are all the current cron jobs,
crontab -l >>

#Ansible: update_admin_keys
0 7 * * * /usr/local/sbin/update_keys.sh
#Ansible: update_cloud_keys
0 6 * * * /usr/local/sbin/update_cloud_users.sh
#Ansible: Update external data
*/5 * * * * /isis-cloud-linux-b-9_external_data/update-external-data.sh 172.16.114.127 isis-cloud-linux-b-9 kli94267 >> /isis-cloud-linux-b-9_external_data/update-log.txt 2>&1


- name: Copy the data update script onto the mirror machine.
ansible.builtin.copy:
src: ./update-external-data.sh
dest: /{{ agent_name }}_external_data/update-external-data.sh
mode: '0755'

- name: Create a crontab job that runs periodically to keep the data up to date.
ansible.builtin.cron:
name: Update external data
minute: "*/5"
job: /{{ agent_name }}_external_data/update-external-data.sh {{ data_server_hostname }} {{ agent_name }} {{ ansible_user_id }} >> /{{ agent_name }}_external_data/update-log.txt 2>&1
16 changes: 16 additions & 0 deletions Linux/jenkins-node/ansible/roles/mirror-data/tasks/update-external-data.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
#! /bin/bash

SERVER_IP=${1}
HOST_NAME=${2}
USER_NAME=${3}

RSYNC_PROCESS_IDS=$(pidof rsync)

printf "%(%H:%M:%S)T "

if [ -z "${RSYNC_PROCESS_IDS}" ]; then
echo "running rsync..."
rsync -azvW --perms -o -g $USER_NAME@$SERVER_IP:/external-data/MD5/ /${HOST_NAME}_external_data/MD5/
else
echo "rsync is already running. Skipping this time..."
fi