Add Slurm AI/HPC cluster platform project

platform-projects/hpc-slurm-ai-cluster/playbooks/bootstrap/bootstrap-ansible.yml

@@ -0,0 +1,58 @@
+---
+- name: Bootstrap Ansible SSH access from pvef to Slurm nodes
+  hosts: slurm_cluster
+  gather_facts: false
+  become: true
+
+  vars:
+    ansible_controller_pubkey: "{{ lookup('file', lookup('env', 'HOME') + '/.ssh/id_ed25519.pub') }}"
+
+  pre_tasks:
+    - name: Wait for SSH
+      ansible.builtin.wait_for_connection:
+        timeout: 30
+
+    - name: Install Python if missing - Debian/Ubuntu
+      ansible.builtin.raw: |
+        test -e /usr/bin/python3 || (apt-get update && apt-get install -y python3)
+      changed_when: false
+
+  tasks:
+    - name: Ensure sudo is installed
+      ansible.builtin.apt:
+        name:
+          - sudo
+          - openssh-server
+        state: present
+        update_cache: true
+
+    - name: Ensure SSH server is enabled and running
+      ansible.builtin.service:
+        name: ssh
+        state: started
+        enabled: true
+
+    - name: Ensure .ssh directory exists for login user
+      ansible.builtin.file:
+        path: "/home/{{ ansible_user }}/.ssh"
+        state: directory
+        owner: "{{ ansible_user }}"
+        group: "{{ ansible_user }}"
+        mode: "0700"
+
+    - name: Add pvef root public key to login user's authorized_keys
+      ansible.builtin.authorized_key:
+        user: "{{ ansible_user }}"
+        key: "{{ ansible_controller_pubkey }}"
+        state: present
+        manage_dir: true
+
+    - name: Allow bootstrap login user passwordless sudo
+      ansible.builtin.copy:
+        dest: "/etc/sudoers.d/90-ansible-{{ ansible_user }}"
+        owner: root
+        group: root
+        mode: "0440"
+        content: |
+          {{ ansible_user }} ALL=(ALL) NOPASSWD:ALL
+        validate: "visudo -cf %s"