diff --git a/docker/defaults/main.yml b/docker/defaults/main.yml index fb9aa1b2..3eed9ecb 100644 --- a/docker/defaults/main.yml +++ b/docker/defaults/main.yml @@ -13,3 +13,7 @@ docker_packages: docker_run_as_docker_user: True docker_user_home: /home/docker +docker_defaults_file: /etc/default/docker +docker_enable_tcp_socket: False +docker_tcp_socket_port: 2375 +docker_tcp_socket_host: 127.0.0.1 diff --git a/docker/tasks/pkgs.yml b/docker/tasks/pkgs.yml index a37461c1..e56d3d54 100644 --- a/docker/tasks/pkgs.yml +++ b/docker/tasks/pkgs.yml @@ -14,6 +14,10 @@ apt: pkg={{ item }} state={{ docker_pkg_status }} update_cache=yes cache_valid_time=3600 with_items: '{{ docker_packages }}' + - name: Install the Docker default options + template: src=docker-default.j2 dest={{ docker_defaults_file }} owner=root group=root mode=0644 + notify: Restart docker + - name: Ensure that the service is started and enabled service: name=docker state=started enabled=yes diff --git a/docker/templates/docker-default.j2 b/docker/templates/docker-default.j2 new file mode 100644 index 00000000..dec0522c --- /dev/null +++ b/docker/templates/docker-default.j2 @@ -0,0 +1,15 @@ +# Customize location of Docker binary (especially for development testing). +#DOCKERD="/usr/local/bin/dockerd" + + +CUSTOM_DOCKER_SOCKET="-H tcp://{{ docker_tcp_socket_host }}:{{ docker_tcp_socket_port }} -H unix:///var/run/docker.sock" +#CUSTOM_DOCKER_DNS_SERVERS="--dns 8.8.8.8 --dns 8.8.4.4" + +# Use DOCKER_OPTS to modify the daemon startup options. +DOCKER_OPTS="{% if docker_enable_tcp_socket %}$CUSTOM_DOCKER_SOCKET {% endif %}" + +# If you need Docker to use an HTTP proxy, it can also be specified here. +#export http_proxy="http://127.0.0.1:3128/" + +# This is also a handy place to tweak where Docker's temporary files go. +#export DOCKER_TMPDIR="/mnt/bigdrive/docker-tmp" diff --git a/jenkins/common/defaults/main.yml b/jenkins/common/defaults/main.yml new file mode 100644 index 00000000..dc125c3d --- /dev/null +++ b/jenkins/common/defaults/main.yml @@ -0,0 +1,12 @@ +--- +# There are some duplicates here +jenkins_dest: "/var/lib/jenkins" +jenkins_username: jenkins +jenkins_group: jenkins +jenkins_shell: /bin/bash + +jenkins_maven_config: True +jenkins_maven_settings_dirs: + - .m2 + +jenkins_maven_settings_url: http://localhost/settings.xml diff --git a/jenkins/common/tasks/main.yml b/jenkins/common/tasks/main.yml new file mode 100644 index 00000000..b57d2d24 --- /dev/null +++ b/jenkins/common/tasks/main.yml @@ -0,0 +1,20 @@ +--- +- block: + - name: Create the maven setting directory + file: dest={{ jenkins_dest }}/{{ item }} state=directory + with_items: '{{ jenkins_maven_settings_dirs }}' + + - name: Fetch the maven settings template file + become: False + become_user: root + run_once: True + get_url: url={{ jenkins_maven_settings_url }} dest=/tmp/settings.xml.j2 force=yes + delegate_to: localhost + + - name: Install the maven settings + template: src=/tmp/settings.xml.j2 dest={{ jenkins_dest }}/.m2/settings.xml + + become: True + become_user: '{{ jenkins_username }}' + when: jenkins_maven_config + tags: [ 'jenkins', 'jenkins_common', 'jenkins_master', 'jenkins_slave' ] diff --git a/jenkins/master/defaults/main.yml b/jenkins/master/defaults/main.yml index 9d8a2400..f3562bcc 100644 --- a/jenkins/master/defaults/main.yml +++ b/jenkins/master/defaults/main.yml @@ -74,3 +74,5 @@ jenkins_plugins: enabled: True build-pipeline-plugin: enabled: True + build-timeout-plugin: + enabled: True diff --git a/jenkins/master/tasks/main.yml b/jenkins/master/tasks/main.yml index 289fdc27..63365dba 100644 --- a/jenkins/master/tasks/main.yml +++ b/jenkins/master/tasks/main.yml @@ -32,14 +32,13 @@ service: name=jenkins state=started enabled=yes when: jenkins_install - tags: jenkins + tags: [ 'jenkins', 'jenkins_master' ] - block: # Handle plugins # If Jenkins is installed or updated, wait for pulling the Jenkins CLI, assuming 10s should be sufficiant - name: 120 seconds delay while starting Jenkins wait_for: port={{ jenkins_http_port }} delay={{ jenkins_restart_delay }} - when: jenkins_install | changed # Create Jenkins CLI destination directory - name: "Create Jenkins CLI destination directory" @@ -55,14 +54,14 @@ - name: Install plugins without a specific version jenkins_plugin: name="{{ item.key }}" params='{{ jenkins_access_params }}' register: my_jenkins_plugin_unversioned - when: 'version' not in item.value - with_dict: jenkins_plugins + when: '"version" not in item.value' + with_dict: '{{ jenkins_plugins }}' - name: Install plugins with a specific version jenkins_plugin: name="{{ item.key }}" version="{{ item.value['version'] }}" params='{{ jenkins_access_params }}' register: my_jenkins_plugin_versioned - when: 'version' in item.value - with_dict: jenkins_plugins + when: '"version" in item.value' + with_dict: '{{ jenkins_plugins }}' - name: Initiate the jenkins_restart_required fact set_fact: @@ -72,16 +71,17 @@ set_fact: jenkins_restart_required: yes when: item.changed - with_items: my_jenkins_plugin_versioned.results + with_items: '{{ my_jenkins_plugin_versioned.results }}' - name: Check if restart is required by any of the unversioned plugins set_fact: jenkins_restart_required: yes when: item.changed - with_items: my_jenkins_plugin_unversioned.results + with_items: '{{ my_jenkins_plugin_unversioned.results }}' - name: Restart Jenkins if required - service: name=jenkins state= restarted + become_user: root + service: name=jenkins state=restarted when: jenkins_restart_required - name: Wait for Jenkins to start up @@ -105,18 +105,18 @@ - name: Plugin pinning jenkins_plugin: name="{{ item.key }}" state="{{ 'pinned' if item.value['pinned'] else 'unpinned'}}" params='{{ jenkins_access_params }}' - when: 'pinned' in item.value - with_dict: jenkins_plugins + when: '"pinned" in item.value' + with_dict: '{{ jenkins_plugins }}' - name: Plugin enabling jenkins_plugin: name="{{ item.key }}" state="{{ 'enabled' if item.value['enabled'] else 'disabled'}}" params='{{ jenkins_access_params }}' - when: 'enabled' in item.value - with_dict: jenkins_plugins + when: '"enabled" in item.value' + with_dict: '{{ jenkins_plugins }}' become: True become_user: '{{ jenkins_username }}' when: jenkins_install - tags: [ 'jenkins', 'jenkins_plugins' ] + tags: [ 'jenkins', 'jenkins_plugins', 'jenkins_master' ] - block: - name: Ensure that jenkins is stoppend and disabled @@ -140,4 +140,4 @@ apt_key: url='{{ jenkins_repo_key }}' state=absent when: not jenkins_install - tags: jenkins + tags: [ 'jenkins', 'jenkins_master' ] diff --git a/jenkins/slave/defaults/main.yml b/jenkins/slave/defaults/main.yml index e69de29b..4d5bc9ac 100644 --- a/jenkins/slave/defaults/main.yml +++ b/jenkins/slave/defaults/main.yml @@ -0,0 +1,10 @@ +--- +jenkins_slave: False +# There are some duplicates here +jenkins_dest: "/var/lib/jenkins" +jenkins_username: jenkins +jenkins_group: jenkins +jenkins_shell: /bin/bash +jenkins_tmp_retain_days: 5 +# TODO: fetch the public key from the master +#jenkins_master_pubkey: diff --git a/jenkins/slave/tasks/main.yml b/jenkins/slave/tasks/main.yml index e69de29b..916f5b62 100644 --- a/jenkins/slave/tasks/main.yml +++ b/jenkins/slave/tasks/main.yml @@ -0,0 +1,17 @@ +--- +- block: + - name: add the user that will run the jenkins jobs + user: name={{ jenkins_username }} home={{ jenkins_dest }} shell={{ jenkins_shell }} generate_ssh_key=yes + + - name: ensure the jenkins master has ssh access on each slave, as jenkins user + authorized_key: user={{ jenkins_username }} key="{{ item }}" state=present + with_items: + - '{{ jenkins_master_pubkey }}' + + - name: Daily cron job to cleanup the /tmp junk + template: src={{ item }}.j2 dest=/etc/cron.daily/{{ item }} owner=root group=root mode=0755 + with_items: + - tmp-cleaner + + when: jenkins_slave + tags: [ 'jenkins', 'jenkins_slave' ] diff --git a/jenkins/slave/templates/tmp-cleaner.j2 b/jenkins/slave/templates/tmp-cleaner.j2 new file mode 100644 index 00000000..54e8c238 --- /dev/null +++ b/jenkins/slave/templates/tmp-cleaner.j2 @@ -0,0 +1,8 @@ +#!/bin/bash + +RETAIN_DAYS={{ jenkins_tmp_retain_days }} +LOG_FILE=/var/log/tmp-cleaner.log +find /tmp/ -ctime +${RETAIN_DAYS} -exec rm -fr {} \; >>$LOG_FILE 2>&1 + +exit 0 + diff --git a/shinyproxy/defaults/main.yml b/shinyproxy/defaults/main.yml new file mode 100644 index 00000000..7fd569e3 --- /dev/null +++ b/shinyproxy/defaults/main.yml @@ -0,0 +1,20 @@ +--- +shinyproxy_install: False +shinyproxy_version: 0.8.6 +shinyproxy_file_name: 'shinyproxy-{{ shinyproxy_version }}.jar' +shinyproxy_url: 'https://www.shinyproxy.io/downloads/{{ shinyproxy_file_name }}' +shinyproxy_app_name: shinyproxy.jar +shinyproxy_user: shinyproxy +shinyproxy_install_dir: /opt/shinyproxy +shinyproxy_http_port: 8080 + +shinyproxy_app_title: 'Open Analytics Shiny Proxy' +shinyproxy_logo_url: 'http://www.openanalytics.eu/sites/www.openanalytics.eu/themes/oa/logo.png' +shinyproxy_authentication: ldap +shinyproxy_admin_group: '' +shinyproxy_ldap_server: 'ldap://ldap.forumsys.com:389/dc=example,dc=com' +shinyproxy_ldap_admin: cn=read-only-admin,dc=example,dc=com +shinyproxy_ldap_admin_pwd: password +shinyproxy_user_dn_pattern: 'uid={0}' +shinyproxy_group_search_base: '' +shinyproxy_group_search_filter: '(uniqueMember={0})' diff --git a/shinyproxy/handlers/main.yml b/shinyproxy/handlers/main.yml new file mode 100644 index 00000000..5e3b523d --- /dev/null +++ b/shinyproxy/handlers/main.yml @@ -0,0 +1,3 @@ +--- +- name: Restart shinyproxy + service: name=shinyproxy state=restarted diff --git a/shinyproxy/tasks/main.yml b/shinyproxy/tasks/main.yml new file mode 100644 index 00000000..b66a1f15 --- /dev/null +++ b/shinyproxy/tasks/main.yml @@ -0,0 +1,30 @@ +--- +- block: + - name: Create the shinyproxy user + user: name={{ shinyproxy_user }} home={{ shinyproxy_install_dir }} createhome=yes system=yes shell=/usr/sbin/nologin + + - name: Download the shinyproxy jar + become: True + become_user: '{{ shinyproxy_user }}' + get_url: url={{ shinyproxy_url }} dest={{ shinyproxy_install_dir }} + + - name: Set up a symlink to an unversioned app name + become: True + become_user: '{{ shinyproxy_user }}' + file: src={{ shinyproxy_install_dir }}/{{ shinyproxy_file_name }} dest={{ shinyproxy_install_dir }}/{{ shinyproxy_app_name }} state=link + + - name: Install the upstart init file + template: src=upstart-shinyproxy.conf.j2 dest=/etc/init/shinyproxy.conf owner=root group=root mode=0644 + when: is_trusty + + - name: Install the shinyproxy configuration file + template: src=shinyproxy-conf.yml.j2 dest={{ shinyproxy_install_dir }}/application.yml owner=root group={{ shinyproxy_user }} mode=0640 + notify: Restart shinyproxy + tags: [ 'shinyproxy', 'shinyproxy_conf' ] + + - name: Ensure that the shinyproxy service is enabled and running + service: name=shinyproxy state=started enabled=yes + + when: shinyproxy_install + tags: shinyproxy + diff --git a/shinyproxy/templates/shinyproxy-conf.yml.j2 b/shinyproxy/templates/shinyproxy-conf.yml.j2 new file mode 100644 index 00000000..5bc848c0 --- /dev/null +++ b/shinyproxy/templates/shinyproxy-conf.yml.j2 @@ -0,0 +1,40 @@ +shiny: + proxy: + title: {{ shinyproxy_app_title }} + logo-url: {{ shinyproxy_logo_url }} + landing-page: / + heartbeat-rate: 10000 + heartbeat-timeout: 60000 + port: 8080 + authentication: {{ shinyproxy_authentication }} + admin-groups: {{ shinyproxy_admin_group }} + # LDAP configuration + ldap: + url: {{ shinyproxy_ldap_server }} + user-dn-pattern: {{ shinyproxy_user_dn_pattern }} + group-search-base: {{ shinyproxy_group_search_base }} + group-search-filter: {{ shinyproxy_group_search_filter }} + manager-dn: {{ shinyproxy_ldap_admin }} + manager-password: {{ shinyproxy_ldap_admin_pwd }} +# Docker configuration + docker: + cert-path: /home/none + url: http://localhost:2375 + host: 127.0.0.1 + port-range-start: 20000 + apps: + - name: 01_hello + display-name: Hello Application + description: Application which demonstrates the basics of a Shiny app + docker-cmd: ["R", "-e shinyproxy::run_01_hello()"] + docker-image: openanalytics/shinyproxy-demo + groups: scientists, mathematicians + - name: 06_tabsets + docker-cmd: ["R", "-e shinyproxy::run_06_tabsets()"] + docker-image: openanalytics/shinyproxy-demo + groups: scientists + +logging: + file: + shinyproxy.log + diff --git a/shinyproxy/templates/upstart-shinyproxy.conf.j2 b/shinyproxy/templates/upstart-shinyproxy.conf.j2 new file mode 100644 index 00000000..93c4b4be --- /dev/null +++ b/shinyproxy/templates/upstart-shinyproxy.conf.j2 @@ -0,0 +1,17 @@ +# shinyproxy - springboot based shiny executor + +description "shinyproxy service" + +start on runlevel [2345] +stop on runlevel [!2345] +respawn +respawn limit 10 5 + +setuid {{ shinyproxy_user }} +setgid {{ shinyproxy_user }} + +script + cd {{ shinyproxy_install_dir }} + exec java -jar ./{{ shinyproxy_app_name }} +end script + diff --git a/smartgears/accounting-service/defaults/main.yml b/smartgears/accounting-service/defaults/main.yml new file mode 100644 index 00000000..c75b3667 --- /dev/null +++ b/smartgears/accounting-service/defaults/main.yml @@ -0,0 +1,10 @@ +--- + +accounting_service_gcube_repository: 'gcube-snapshots' +accounting_service_install: False +accounting_service_ver: 1.0.0-20170323.102652-1 +accounting_service_snap: 1.0.0-SNAPSHOT +accounting_service_name: accounting-service +accounting_service_filename: '{{ accounting_service_name }}-{{ accounting_service_ver }}.war' +accounting_service_url: 'http://maven.research-infrastructures.eu/nexus/service/local/repositories/{{ accounting_service_gcube_repository }}/content/org/gcube/data/publishing/{{ accounting_service_name }}/{{ accounting_service_snap}}/{{ accounting_service_filename }}' +accounting_service_war_file: '{{ accounting_service_name }}.war' diff --git a/smartgears/accounting-service/tasks/main.yml b/smartgears/accounting-service/tasks/main.yml new file mode 100644 index 00000000..e76436b4 --- /dev/null +++ b/smartgears/accounting-service/tasks/main.yml @@ -0,0 +1,17 @@ +--- +- block: + + - name: Remove the installed accounting-service before upgrading + file: dest={{ item }} state=absent + with_items: + - '{{ smartgears_instance_path }}/webapps/accounting-service' + - '{{ smartgears_instance_path }}/webapps/accounting-service.war' + when: smartgears_upgrade + + - name: Get the accounting-service war file + get_url: url={{ accounting_service_url }} dest={{ smartgears_instance_path }}/webapps/{{ accounting_service_war_file }} + + become: True + become_user: '{{ smartgears_user }}' + when: accounting_service_install + tags: [ 'smartgears', 'accounting_service', 'tomcat' ] diff --git a/smartgears/dataminer_app/tasks/install-gcube-key.yml b/smartgears/dataminer_app/tasks/install-gcube-key.yml index d55e5298..b83a35b4 100644 --- a/smartgears/dataminer_app/tasks/install-gcube-key.yml +++ b/smartgears/dataminer_app/tasks/install-gcube-key.yml @@ -7,6 +7,7 @@ - '{{ gcube_prod_key_2 }}' - '{{ gcube_prod_key_3 }}' - '{{ gcube_prod_key_4 }}' + - '{{ gcube_prod_key_5 }}' notify: Restart smartgears when: install_gcube_prod_key @@ -17,6 +18,7 @@ - '{{ gcube_prod_key_2 }}' - '{{ gcube_prod_key_3 }}' - '{{ gcube_prod_key_4 }}' + - '{{ gcube_prod_key_5 }}' notify: Restart smartgears when: not install_gcube_prod_key diff --git a/smartgears/home_library/defaults/main.yml b/smartgears/home_library/defaults/main.yml new file mode 100644 index 00000000..5e25055d --- /dev/null +++ b/smartgears/home_library/defaults/main.yml @@ -0,0 +1,8 @@ +--- +home_library_gcube_repository: 'gcube-staging' +home_library_install: False +home_library_ver: 1.7.0-4.3.0-144852 +home_library_name: home-library-webapp +home_library_filename: '{{ home_library_name }}-{{ home_library_ver }}.war' +home_library_url: 'http://maven.research-infrastructures.eu/nexus/content/repositories/{{ home_library_gcube_repository }}/org/gcube/data/access/{{ home_library_name }}/{{ home_library_ver}}/{{ home_library_filename }}' +home_library_war_file: '{{ home_library_name }}.war' diff --git a/smartgears/home_library/tasks/main.yml b/smartgears/home_library/tasks/main.yml new file mode 100644 index 00000000..53ecb8b0 --- /dev/null +++ b/smartgears/home_library/tasks/main.yml @@ -0,0 +1,22 @@ +--- +- block: + + - name: Remove the installed HOME LIBRARY connector before upgrading + file: dest={{ item }} state=absent + with_items: + - '{{ smartgears_instance_path }}/webapps/home-library-webapp' + - '{{ smartgears_instance_path }}/webapps/home-library-webapp.war' + when: smartgears_upgrade + + - name: Get the HOME LIBRARY connector war file + get_url: url={{ home_library_url }} dest={{ smartgears_instance_path }}/webapps/{{ home_library_war_file }} + +# - name: Unpack the HOME LIBRARY connector war file +# shell: mkdir {{ smartgears_instance_path }}/webapps/home-library-webapp ; cd {{ smartgears_instance_path }}/webapps/home-library-webapp ; jar xf {{ smartgears_instance_path }}/webapps/{{ home_library_war_file }} +# args: +# creates: '{{ smartgears_instance_path }}/webapps/home-library-webapp/WEB-INF/web.xml' + + become: True + become_user: '{{ smartgears_user }}' + when: home_library_install + tags: [ 'smartgears', 'home_library', 'tomcat' ] diff --git a/smartgears/r_connector/defaults/main.yml b/smartgears/r_connector/defaults/main.yml index af47ee31..25828362 100644 --- a/smartgears/r_connector/defaults/main.yml +++ b/smartgears/r_connector/defaults/main.yml @@ -1,7 +1,7 @@ --- gcube_repository: 'gcube-staging' r_connector_install: False -r_connector_ver: 2.1.2-4.3.0-144071 +r_connector_ver: 2.1.3-4.4.0-146364 r_connector_name: r-connector r_connector_group_id: org.gcube.data.analysis r_connector_extension: war diff --git a/smartgears/r_connector/templates/rusersadd.j2 b/smartgears/r_connector/templates/rusersadd.j2 index 009b716b..1853a4b6 100755 --- a/smartgears/r_connector/templates/rusersadd.j2 +++ b/smartgears/r_connector/templates/rusersadd.j2 @@ -10,11 +10,18 @@ ALLOW_LOCAL_USERS=1 RPROFILE_FILE='{{ r_connector_rprofile_path }}/{{ r_connector_rprofile_filename }}' if [ -d $HDIR ] ; then - logger "$LOG_PREFIX user $HDIR directory exists" - sudo /usr/bin/touch ${HDIR}/{{ r_connector_userconfig }} - sudo /bin/chown ${USER}:{{ smartgears_user }} $HDIR/{{ r_connector_userconfig }} - sudo /usr/bin/setfacl -m u:${USER}:rw,g:{{ smartgears_user }}:rw $HDIR/{{ r_connector_userconfig }} - exit 0 + if id -u $USER >/dev/null 2>&1 + then + logger "$LOG_PREFIX user $HDIR directory exists. Touching the userconfig.csv file to ensure that it exists with the correct permissions" + sudo /usr/bin/touch ${HDIR}/{{ r_connector_userconfig }} + sudo /bin/chown ${USER}:{{ smartgears_user }} $HDIR/{{ r_connector_userconfig }} + sudo /usr/bin/setfacl -m u:${USER}:rw,g:{{ smartgears_user }}:rw $HDIR/{{ r_connector_userconfig }} + sudo /bin/ln -s $RPROFILE_FILE $HDIR/{{ r_connector_rprofile_filename }} + exit 0 + else + logger "$LOG_PREFIX user $HDIR directory exists but the user not. Aborting." + exit 1 + fi else if id -u $USER >/dev/null 2>&1 then diff --git a/smartgears/smartgears/defaults/main.yml b/smartgears/smartgears/defaults/main.yml index a50d4847..2e1e2b08 100644 --- a/smartgears/smartgears/defaults/main.yml +++ b/smartgears/smartgears/defaults/main.yml @@ -16,19 +16,32 @@ smartgears_user: '{{ d4science_user }}' smartgears_user_home: '{{ d4science_user_home }}' smartgears_instance_path: '{{ smartgears_user_home }}/tomcat' smartgears_install_path: '{{ smartgears_user_home }}/SmartGears' -smartgears_distribution_version: 2.1.0-4.3.0-142337 +#smartgears_distribution_version: 2.1.0-4.3.0-142337 +smartgears_distribution_version: 2.1.2-4.4.0-146408 smartgears_file: 'smartgears-distribution-{{ smartgears_distribution_version }}.tar.gz' smartgears_url: 'http://maven.research-infrastructures.eu/nexus/content/repositories/{{ gcube_repository }}/org/gcube/distribution/smartgears-distribution/{{ smartgears_distribution_version }}/{{ smartgears_file }}' smartgears_mode: online smartgears_application_mode: online # Production infra smartgears_infrastructure_name: "d4science.research-infrastructures.eu" +# Production VOs +smartgears_production_vo: + - '/{{ smartgears_infrastructure_name }}' + - '/{{ smartgears_infrastructure_name }}/FARM' + - '/{{ smartgears_infrastructure_name }}/SoBigData' + - '/{{ smartgears_infrastructure_name }}/SmartArea' + - '/{{ smartgears_infrastructure_name }}/gCubeApps' + - '/{{ smartgears_infrastructure_name }}/D4Research' +# Set to 'true' or 'false'. Pay attention to the case +smartgears_authorized_on_all_scopes: 'false' +smartgears_scopes: + - '/{{ smartgears_infrastructure_name }}' smartgears_hostname: '{{ ansible_fqdn }}' smartgears_country: it smartgears_location: pisa smartgears_latitude: 41.9000 smartgears_longitude: 12.5000 -smartgears_publication_frequency: 180 +smartgears_publication_frequency: 300 smartgears_http_port: 9000 smartgears_service_name: 'tomcat-instance-{{ smartgears_http_port }}' @@ -36,8 +49,6 @@ smartgears_loglevel: WARN smartgears_tomcat_contexts: [ 'whn-manager' ] -smartgears_scopes: - - '/{{ smartgears_infrastructure_name }}' # The iptables rules use this http_port: '{{ smartgears_http_port }}' diff --git a/smartgears/smartgears/tasks/install-gcube-keys.yml b/smartgears/smartgears/tasks/install-gcube-keys.yml index 9c45615b..add87437 100644 --- a/smartgears/smartgears/tasks/install-gcube-keys.yml +++ b/smartgears/smartgears/tasks/install-gcube-keys.yml @@ -7,6 +7,7 @@ - '{{ gcube_prod_key_2 }}' - '{{ gcube_prod_key_3 }}' - '{{ gcube_prod_key_4 }}' + - '{{ gcube_prod_key_5 }}' notify: Restart smartgears when: install_gcube_prod_key @@ -17,6 +18,7 @@ - '{{ gcube_prod_key_2 }}' - '{{ gcube_prod_key_3 }}' - '{{ gcube_prod_key_4 }}' + - '{{ gcube_prod_key_5 }}' notify: Restart smartgears when: not install_gcube_prod_key diff --git a/smartgears/smartgears/tasks/smartgears-app.yml b/smartgears/smartgears/tasks/smartgears-app.yml index 3af684e7..da2c2399 100644 --- a/smartgears/smartgears/tasks/smartgears-app.yml +++ b/smartgears/smartgears/tasks/smartgears-app.yml @@ -58,6 +58,26 @@ copy: src=TokenGenerator.class dest=/usr/local/lib/TokenGenerator.class owner=root group=root mode=0644 tags: [ 'smartgears', 'smartgears_conf', 'tomcat' ] +- name: Install the script that manages the smartgears loglevel + template: src=change-logback-loglevel.sh.j2 dest=/usr/local/bin/change-logback-loglevel owner=root group=root mode=0755 + with_items: '{{ tomcat_m_instances }}' + when: not item.skip_smartgears + tags: [ 'smartgears', 'smartgears_loglevel', 'tomcat' ] + +- name: Change the smartgears log level + become: True + become_user: '{{ smartgears_user }}' + shell: /usr/local/bin/change-logback-loglevel + tags: [ 'smartgears', 'tomcat', 'smartgears_loglevel' ] + +- name: Remove some wrong symbolic links created by the install/upgrade script + file: dest={{ item }} state=absent + with_items: + - '{{ smartgears_install_path }}/lib/lib' + - '{{ smartgears_install_path }}/apps/webapps' + when: smartgears_upgrade + tags: [ 'smartgears', 'smartgears_conf', 'tomcat' ] + - name: Install the script that fetches the scope tokens template: src=get-scopes.j2 dest=/usr/local/bin/get-scopes owner=root group={{ smartgears_user }} mode=0750 with_items: '{{ tomcat_m_instances }}' @@ -81,38 +101,20 @@ with_items: '{{ tomcat_m_instances }}' tags: [ 'smartgears', 'smartgears_conf', 'tomcat' ] -- name: Get the scope tokens from the authorization service and assemble the container.xml file +- name: Get the scope tokens from the authorization service and assemble the container.xml file when whe have an authorization token or we are upgrading become: True become_user: '{{ smartgears_user }}' - shell: /usr/local/bin/get-scopes {{ gcube_admin_token | default(omit) }} - when: gcube_admin_token is defined + shell: /usr/local/bin/get-scopes {{ gcube_admin_token | default('') }} + when: gcube_admin_token is defined or smartgears_upgrade + notify: Restart smartgears tags: [ 'smartgears', 'smartgears_conf', 'tomcat' ] - name: Remove the smartgears application state if requested - #file: dest={{ smartgears_install_path }}/state state=absent - file: dest=/home/gcube/SmartGears/state state=absent - when: smartgears_remove_state - notify: Restart smartgears - tags: [ 'smartgears', 'smartgears_conf', 'tomcat' ] - -- name: Install the script that manages the smartgears loglevel - template: src=change-logback-loglevel.sh.j2 dest=/usr/local/bin/change-logback-loglevel owner=root group=root mode=0755 - with_items: '{{ tomcat_m_instances }}' - when: not item.skip_smartgears - tags: [ 'smartgears', 'smartgears_loglevel', 'tomcat' ] - -- name: Change the smartgears log level become: True become_user: '{{ smartgears_user }}' - shell: /usr/local/bin/change-logback-loglevel - tags: [ 'smartgears', 'tomcat', 'smartgears_loglevel' ] - -- name: Remove some wrong symbolic links created by the install/upgrade script - file: dest={{ item }} state=absent - with_items: - - '{{ smartgears_install_path }}/lib/lib' - - '{{ smartgears_install_path }}/apps/webapps' - when: smartgears_upgrade + shell: . {{ smartgears_user_home }}/.bashrc ; cd {{ smartgears_user_home }}/SmartGears/scripts ; ./clean-container-state -s old_saved_scopes.xml + when: smartgears_remove_state and not smartgears_upgrade + notify: Restart smartgears tags: [ 'smartgears', 'smartgears_conf', 'tomcat' ] - name: Force a smartgears restart diff --git a/smartgears/smartgears/templates/container.xml.j2 b/smartgears/smartgears/templates/container.xml.j2 index 9f20eac1..961537b9 100644 --- a/smartgears/smartgears/templates/container.xml.j2 +++ b/smartgears/smartgears/templates/container.xml.j2 @@ -24,6 +24,9 @@ {{ smartgears_longitude }} + +{{ smartgears_authorized_on_all_scopes }} + {{ smartgears_publication_frequency }} diff --git a/smartgears/smartgears/templates/get-scopes.j2 b/smartgears/smartgears/templates/get-scopes.j2 index 5f835fbf..70a74d1e 100644 --- a/smartgears/smartgears/templates/get-scopes.j2 +++ b/smartgears/smartgears/templates/get-scopes.j2 @@ -6,11 +6,37 @@ CONTAINER_XML_TAIL={{ smartgears_user_home }}/.containerxml/3-container.xml LOCAL_LIB=/usr/local/lib LOCAL_ETC=/usr/local/etc LOG_PREFIX="get-scopes: " +GHN_ENV_FILE=/etc/default/tomcat-instance-{{ item.http_port }}.local +SMARTGEARS_VO_AUTH={{ smartgears_authorized_on_all_scopes }} +SMARTGEARS_UPGRADE={{ smartgears_upgrade }} +SMARTGEARS_SAVED_STATE_F=saved_scopes_list.xml +SMARTGEARS_SAVED_STATE_PATH={{ smartgears_user_home }}/SmartGears/$SMARTGEARS_SAVED_STATE_F +SMARTGEARS_SCRIPTS_DIR={{ smartgears_user_home }}/SmartGears/scripts + CONTAINER_XML_FILE={{ smartgears_install_path }}/container.xml +# 0: True, 1: False +USE_SAVED_STATE=1 + RETVAL= +# Scenario: +# - First installation, no upgrade. +# - The node must run on all VOs +# In these cases we use our scopes list + +if [ "$SMARTGEARS_VO_AUTH" == 'false' ] ; then + if [ "$SMARTGEARS_UPGRADE" == 'True' ] ; then + USE_SAVED_STATE=0 + logger "$LOG_PREFIX setting the correct variables so that we are going to use the local scopes" + else + logger "$LOG_PREFIX We are going to use our scopes list. A valid token is mandatory" + fi +else + logger "$LOG_PREFIX We are going to use our scopes list. A valid token is mandatory" +fi + SCOPES_LIST="" if [ -f $LOCAL_ETC/scopes.list ] ; then . $LOCAL_ETC/scopes.list @@ -18,14 +44,16 @@ else logger "$LOG_PREFIX There is no token list, aborting" exit 1 fi - -if [ $# -ne 1 ] ; then - echo "The token must be passed as the sole argument" - logger "$LOG_PREFIX The token must be passed as the sole argument" + +if [ $# -ne 1 -a $USE_SAVED_STATE -ne 0 ] ; then + echo "The token must be passed as the sole argument when we are not using the local state" + logger "$LOG_PREFIX The token must be passed as the sole argument when we are not using the local state" exit 1 +elif [ $# -eq 1 ] ; then + logger "$LOG_PREFIX We have an authorization token" + TOKEN=$1 fi -TOKEN=$1 {%if setup_nginx %} {%if https_port is defined %} @@ -43,21 +71,33 @@ HTTP_PORT={{ http_port }} HTTP_PORT={{ item.http_port }} {% endif %} -for jar in $( ls -1 /home/gcube/tomcat/lib/ ) ; do - export CLASSPATH="/home/gcube/SmartGears/lib/${jar}:$CLASSPATH" -done +if [ $USE_SAVED_STATE -ne 0 ] ; then + logger "$LOG_PREFIX First installation or moving avay to a configuration that needs to be present on all the VREs. Using our scopes list and not the state memorized one" + for jar in $( ls -1 /home/gcube/tomcat/lib/ ) ; do + export CLASSPATH="/home/gcube/SmartGears/lib/${jar}:$CLASSPATH" + done -cd $LOCAL_LIB + cd $LOCAL_LIB -java TokenGenerator {{ smartgears_hostname }} $TOKEN $HTTP_PORT $SCOPES_FILE $SCOPES_LIST -RETVAL=$? -if [ $RETVAL -eq 0 ] ; then - logger "$LOG_PREFIX We got the scope tokens" + java TokenGenerator {{ smartgears_hostname }} $TOKEN $HTTP_PORT $SCOPES_FILE $SCOPES_LIST >/dev/null 2>&1 + RETVAL=$? + if [ $RETVAL -eq 0 ] ; then + logger "$LOG_PREFIX We got the scope tokens" + else + logger "$LOG_PREFIX Unable to obtain the scope tokens, aborting" + exit 1 + fi else - logger "$LOG_PREFIX Unable to obtain the scope tokens, aborting" - exit 1 + logger "$LOG_PREFIX We are going to use the scopes memorized into the state" + SCOPES_FILE=$SMARTGEARS_SAVED_STATE_PATH fi +# We always remove the current state +cd $SMARTGEARS_SCRIPTS_DIR +. $GHN_ENV_FILE +./clean-container-state -s $SMARTGEARS_SAVED_STATE_F + + # Now that we have the tokens, we can assemble the container.xml file chmod 640 $CONTAINER_XML_FILE CREATE_CONTAINER_XML_RES=0