Change defaults so a cookiecutter environment is fully functional

[wtripp180901]

• NB: Changes default selinux_state to disabled to allow prometheus to work
• Enables etc_hosts by default to provide working internal name resolution
• Adds working defaults for OpenOndemand (likely to need changing for production):
  • Use basic_auth + PAM for authentication
  • Use ansible_host (i.e. IP address) as the ondemand external "servername"
• Creates a default user to access ondemand with
• Default cluster suffix is now "internal" instead of "invalid" now the former is reserved by ICANN for private-use applications.
• Grafana anonymous auth is now enabled by default for new environments

[sjpb]

@wtripp180901 when you get back to this pls can you update docs/production.md too?

[sjpb]

See also #432

[sjpb]

Minor tweaks, mostly to make it consistent with the other docs

[wtripp180901]

rebased from feature/k3s-monitoring onto main so reviewing might be a pain, sorry! Last review was for 1d7dfa3

[wtripp180901]

https://github.com/stackhpc/ansible-slurm-appliance/actions/runs/12630850849

[wtripp180901]

persist_hostkeys/nfs changes in separate branch #520

[sjpb]

Nearly OK! Tested by creating a new cookiecutter environment on CI cloud, following README. Ran:

• ✔️ site
• ✔️ hpctests
• ✔️ can login to ondemand as demo_user
• ✔️ ondemand shell
• ❌ can't log in to monitoring - no anonymous auth

Suggest

• adding environments/skeleton/\{\{cookiecutter.environment\}\}/inventory/group_vars/all/openondemand.yml to set grafana_auth_anonymous: true in new cookiecutter envs
• adding a note to production docs to review if that is OK

[sjpb]

Tiiny docs tweak no need to rerun.

[sjpb]

✔️ Checked I can login to grafana as demo_user via OOD.
✔️ Checked slurm job dashboard works
✔️ Checked remote desktop worked

[sjpb]

LGTM

[sjpb]

LGTM