debfranca
/
ansible-roles
forked from ISTI-ansible-roles/ansible-roles
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

library/roles/d4s_user_services_perms: Manage the basic gcore case, where we only create a user. 

d4science-ghn-cluster: Playbook to provision access.d4science.org.
This commit is contained in:
Andrea Dell'Amico 2016-03-01 14:14:12 +01:00
parent a7114f7888
commit 44c7857c8f
4 changed files with 50 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
d4s_user_services_perms/defaults/main.yml
View File

@ -1,6 +1,8 @@
--- ---
d4science_user: gcube d4science_user: gcube
d4science_user_create_home: True
d4science_user_home: '/home/{{ d4science_user }}' d4science_user_home: '/home/{{ d4science_user }}'
d4science_user_shell: /bin/bash
d4science_tomcat_options_files: d4science_tomcat_options_files:
- '/etc/default/tomcat-instance-{{ item.0.http_port }}' - '/etc/default/tomcat-instance-{{ item.0.http_port }}'

6
d4s_user_services_perms/tasks/d4s-basic-node.yml Normal file
View File

@ -0,0 +1,6 @@
---
- name: Create the d4science user
user: name={{ d4science_user }} home={{ d4science_user_home }} createhome={{ d4science_user_create_home }} shell={{ d4science_user_shell }}
tags: [ 'gcore', 'd4science', 'users' ]

38
d4s_user_services_perms/tasks/d4s-smartgears-node.yml Normal file
View File

@ -0,0 +1,38 @@
---
- name: Install the sudoers config that permits the tomcat user to restart the service
template: src=tomcat-sudoers.j2 dest=/etc/sudoers.d/tomcat-d4science owner=root group=root mode=0440
tags: [ 'tomcat', 'd4science', 'sudo' ]
- name: Install the script that allows the tomcat user to start and stop the service without using the full path
template: src={{ item.1 }}.j2 dest={{ item.0.user_home }}/{{ item.1 }} owner={{ item.0.user }} group={{ item.0.user }} mode=0755
with_nested:
- '{{ tomcat_m_instances }}'
- [ 'startContainer.sh', 'stopContainer.sh' ]
tags: [ 'tomcat', 'd4science', 'sudo' ]
- name: Install the README file that explains where the options files are placed and how start/stop the service
template: src={{ item.1 }}.j2 dest={{ item.0.user_home }}/{{ item.1 }} owner={{ item.0.user }} group={{ item.0.user }} mode=0444
with_nested:
- '{{ tomcat_m_instances }}'
- [ 'README' ]
tags: [ 'tomcat', 'd4science', 'd4s_readme' ]
# - name: Set the read/write permissions on the tomcat default options files
# acl: name={{ item.1 }} entity={{ item.0.user }} etype=user permissions=rw state=present
# with_nested:
# - '{{ tomcat_m_instances }}'
# - '{{ d4science_tomcat_options_files }}'
# tags: [ 'tomcat', 'd4science', 'acl' ]
- name: Set the read/write permissions on the tomcat default options files
acl: name=/etc/default/tomcat-instance-{{ item.http_port }} entity={{ item.user }} etype=user permissions=rw state=present
with_items: tomcat_m_instances
tags: [ 'tomcat', 'd4science', 'acl' ]
- name: Set the read/write permissions on the tomcat default local options files
acl: name=/etc/default/tomcat-instance-{{ item.http_port }}.local entity={{ item.user }} etype=user permissions=rw state=present
with_items: tomcat_m_instances
tags: [ 'tomcat', 'd4science', 'acl' ]
ignore_errors: True

41
d4s_user_services_perms/tasks/main.yml
View File

@ -1,38 +1,5 @@
--- ---
- name: Install the sudoers config that permits the tomcat user to restart the service - include: d4s-smartgears-node.yml
template: src=tomcat-sudoers.j2 dest=/etc/sudoers.d/tomcat-d4science owner=root group=root mode=0440 when: smartgears_node is defined and smartgears_node
tags: [ 'tomcat', 'd4science', 'sudo' ] - include: d4s-basic-node.yml
when: gcore_node is defined and gcore_node
- name: Install the script that allows the tomcat user to start and stop the service without using the full path
template: src={{ item.1 }}.j2 dest={{ item.0.user_home }}/{{ item.1 }} owner={{ item.0.user }} group={{ item.0.user }} mode=0755
with_nested:
- '{{ tomcat_m_instances }}'
- [ 'startContainer.sh', 'stopContainer.sh' ]
tags: [ 'tomcat', 'd4science', 'sudo' ]
- name: Install the README file that explains where the options files are placed and how start/stop the service
template: src={{ item.1 }}.j2 dest={{ item.0.user_home }}/{{ item.1 }} owner={{ item.0.user }} group={{ item.0.user }} mode=0444
with_nested:
- '{{ tomcat_m_instances }}'
- [ 'README' ]
tags: [ 'tomcat', 'd4science', 'd4s_readme' ]
# - name: Set the read/write permissions on the tomcat default options files
# acl: name={{ item.1 }} entity={{ item.0.user }} etype=user permissions=rw state=present
# with_nested:
# - '{{ tomcat_m_instances }}'
# - '{{ d4science_tomcat_options_files }}'
# tags: [ 'tomcat', 'd4science', 'acl' ]
- name: Set the read/write permissions on the tomcat default options files
acl: name=/etc/default/tomcat-instance-{{ item.http_port }} entity={{ item.user }} etype=user permissions=rw state=present
with_items: tomcat_m_instances
tags: [ 'tomcat', 'd4science', 'acl' ]
- name: Set the read/write permissions on the tomcat default local options files
acl: name=/etc/default/tomcat-instance-{{ item.http_port }}.local entity={{ item.user }} etype=user permissions=rw state=present
with_items: tomcat_m_instances
tags: [ 'tomcat', 'd4science', 'acl' ]
ignore_errors: True