Merge branch 'master' of gitorious.research-infrastructures.eu:infrastructure-management/ansible-playbooks

This commit is contained in:
Luca Frosini 2017-04-05 14:36:06 +02:00
commit 5c30b79437
27 changed files with 391 additions and 65 deletions

View File

@ -13,3 +13,7 @@ docker_packages:
docker_run_as_docker_user: True docker_run_as_docker_user: True
docker_user_home: /home/docker docker_user_home: /home/docker
docker_defaults_file: /etc/default/docker
docker_enable_tcp_socket: False
docker_tcp_socket_port: 2375
docker_tcp_socket_host: 127.0.0.1

View File

@ -14,6 +14,10 @@
apt: pkg={{ item }} state={{ docker_pkg_status }} update_cache=yes cache_valid_time=3600 apt: pkg={{ item }} state={{ docker_pkg_status }} update_cache=yes cache_valid_time=3600
with_items: '{{ docker_packages }}' with_items: '{{ docker_packages }}'
- name: Install the Docker default options
template: src=docker-default.j2 dest={{ docker_defaults_file }} owner=root group=root mode=0644
notify: Restart docker
- name: Ensure that the service is started and enabled - name: Ensure that the service is started and enabled
service: name=docker state=started enabled=yes service: name=docker state=started enabled=yes

View File

@ -0,0 +1,15 @@
# Customize location of Docker binary (especially for development testing).
#DOCKERD="/usr/local/bin/dockerd"
CUSTOM_DOCKER_SOCKET="-H tcp://{{ docker_tcp_socket_host }}:{{ docker_tcp_socket_port }} -H unix:///var/run/docker.sock"
#CUSTOM_DOCKER_DNS_SERVERS="--dns 8.8.8.8 --dns 8.8.4.4"
# Use DOCKER_OPTS to modify the daemon startup options.
DOCKER_OPTS="{% if docker_enable_tcp_socket %}$CUSTOM_DOCKER_SOCKET {% endif %}"
# If you need Docker to use an HTTP proxy, it can also be specified here.
#export http_proxy="http://127.0.0.1:3128/"
# This is also a handy place to tweak where Docker's temporary files go.
#export DOCKER_TMPDIR="/mnt/bigdrive/docker-tmp"

View File

@ -0,0 +1,12 @@
---
# There are some duplicates here
jenkins_dest: "/var/lib/jenkins"
jenkins_username: jenkins
jenkins_group: jenkins
jenkins_shell: /bin/bash
jenkins_maven_config: True
jenkins_maven_settings_dirs:
- .m2
jenkins_maven_settings_url: http://localhost/settings.xml

View File

@ -0,0 +1,20 @@
---
- block:
- name: Create the maven setting directory
file: dest={{ jenkins_dest }}/{{ item }} state=directory
with_items: '{{ jenkins_maven_settings_dirs }}'
- name: Fetch the maven settings template file
become: False
become_user: root
run_once: True
get_url: url={{ jenkins_maven_settings_url }} dest=/tmp/settings.xml.j2 force=yes
delegate_to: localhost
- name: Install the maven settings
template: src=/tmp/settings.xml.j2 dest={{ jenkins_dest }}/.m2/settings.xml
become: True
become_user: '{{ jenkins_username }}'
when: jenkins_maven_config
tags: [ 'jenkins', 'jenkins_common', 'jenkins_master', 'jenkins_slave' ]

View File

@ -74,3 +74,5 @@ jenkins_plugins:
enabled: True enabled: True
build-pipeline-plugin: build-pipeline-plugin:
enabled: True enabled: True
build-timeout-plugin:
enabled: True

View File

@ -32,14 +32,13 @@
service: name=jenkins state=started enabled=yes service: name=jenkins state=started enabled=yes
when: jenkins_install when: jenkins_install
tags: jenkins tags: [ 'jenkins', 'jenkins_master' ]
- block: - block:
# Handle plugins # Handle plugins
# If Jenkins is installed or updated, wait for pulling the Jenkins CLI, assuming 10s should be sufficiant # If Jenkins is installed or updated, wait for pulling the Jenkins CLI, assuming 10s should be sufficiant
- name: 120 seconds delay while starting Jenkins - name: 120 seconds delay while starting Jenkins
wait_for: port={{ jenkins_http_port }} delay={{ jenkins_restart_delay }} wait_for: port={{ jenkins_http_port }} delay={{ jenkins_restart_delay }}
when: jenkins_install | changed
# Create Jenkins CLI destination directory # Create Jenkins CLI destination directory
- name: "Create Jenkins CLI destination directory" - name: "Create Jenkins CLI destination directory"
@ -55,14 +54,14 @@
- name: Install plugins without a specific version - name: Install plugins without a specific version
jenkins_plugin: name="{{ item.key }}" params='{{ jenkins_access_params }}' jenkins_plugin: name="{{ item.key }}" params='{{ jenkins_access_params }}'
register: my_jenkins_plugin_unversioned register: my_jenkins_plugin_unversioned
when: 'version' not in item.value when: '"version" not in item.value'
with_dict: jenkins_plugins with_dict: '{{ jenkins_plugins }}'
- name: Install plugins with a specific version - name: Install plugins with a specific version
jenkins_plugin: name="{{ item.key }}" version="{{ item.value['version'] }}" params='{{ jenkins_access_params }}' jenkins_plugin: name="{{ item.key }}" version="{{ item.value['version'] }}" params='{{ jenkins_access_params }}'
register: my_jenkins_plugin_versioned register: my_jenkins_plugin_versioned
when: 'version' in item.value when: '"version" in item.value'
with_dict: jenkins_plugins with_dict: '{{ jenkins_plugins }}'
- name: Initiate the jenkins_restart_required fact - name: Initiate the jenkins_restart_required fact
set_fact: set_fact:
@ -72,16 +71,17 @@
set_fact: set_fact:
jenkins_restart_required: yes jenkins_restart_required: yes
when: item.changed when: item.changed
with_items: my_jenkins_plugin_versioned.results with_items: '{{ my_jenkins_plugin_versioned.results }}'
- name: Check if restart is required by any of the unversioned plugins - name: Check if restart is required by any of the unversioned plugins
set_fact: set_fact:
jenkins_restart_required: yes jenkins_restart_required: yes
when: item.changed when: item.changed
with_items: my_jenkins_plugin_unversioned.results with_items: '{{ my_jenkins_plugin_unversioned.results }}'
- name: Restart Jenkins if required - name: Restart Jenkins if required
service: name=jenkins state= restarted become_user: root
service: name=jenkins state=restarted
when: jenkins_restart_required when: jenkins_restart_required
- name: Wait for Jenkins to start up - name: Wait for Jenkins to start up
@ -105,18 +105,18 @@
- name: Plugin pinning - name: Plugin pinning
jenkins_plugin: name="{{ item.key }}" state="{{ 'pinned' if item.value['pinned'] else 'unpinned'}}" params='{{ jenkins_access_params }}' jenkins_plugin: name="{{ item.key }}" state="{{ 'pinned' if item.value['pinned'] else 'unpinned'}}" params='{{ jenkins_access_params }}'
when: 'pinned' in item.value when: '"pinned" in item.value'
with_dict: jenkins_plugins with_dict: '{{ jenkins_plugins }}'
- name: Plugin enabling - name: Plugin enabling
jenkins_plugin: name="{{ item.key }}" state="{{ 'enabled' if item.value['enabled'] else 'disabled'}}" params='{{ jenkins_access_params }}' jenkins_plugin: name="{{ item.key }}" state="{{ 'enabled' if item.value['enabled'] else 'disabled'}}" params='{{ jenkins_access_params }}'
when: 'enabled' in item.value when: '"enabled" in item.value'
with_dict: jenkins_plugins with_dict: '{{ jenkins_plugins }}'
become: True become: True
become_user: '{{ jenkins_username }}' become_user: '{{ jenkins_username }}'
when: jenkins_install when: jenkins_install
tags: [ 'jenkins', 'jenkins_plugins' ] tags: [ 'jenkins', 'jenkins_plugins', 'jenkins_master' ]
- block: - block:
- name: Ensure that jenkins is stoppend and disabled - name: Ensure that jenkins is stoppend and disabled
@ -140,4 +140,4 @@
apt_key: url='{{ jenkins_repo_key }}' state=absent apt_key: url='{{ jenkins_repo_key }}' state=absent
when: not jenkins_install when: not jenkins_install
tags: jenkins tags: [ 'jenkins', 'jenkins_master' ]

View File

@ -0,0 +1,10 @@
---
jenkins_slave: False
# There are some duplicates here
jenkins_dest: "/var/lib/jenkins"
jenkins_username: jenkins
jenkins_group: jenkins
jenkins_shell: /bin/bash
jenkins_tmp_retain_days: 5
# TODO: fetch the public key from the master
#jenkins_master_pubkey:

View File

@ -0,0 +1,17 @@
---
- block:
- name: add the user that will run the jenkins jobs
user: name={{ jenkins_username }} home={{ jenkins_dest }} shell={{ jenkins_shell }} generate_ssh_key=yes
- name: ensure the jenkins master has ssh access on each slave, as jenkins user
authorized_key: user={{ jenkins_username }} key="{{ item }}" state=present
with_items:
- '{{ jenkins_master_pubkey }}'
- name: Daily cron job to cleanup the /tmp junk
template: src={{ item }}.j2 dest=/etc/cron.daily/{{ item }} owner=root group=root mode=0755
with_items:
- tmp-cleaner
when: jenkins_slave
tags: [ 'jenkins', 'jenkins_slave' ]

View File

@ -0,0 +1,8 @@
#!/bin/bash
RETAIN_DAYS={{ jenkins_tmp_retain_days }}
LOG_FILE=/var/log/tmp-cleaner.log
find /tmp/ -ctime +${RETAIN_DAYS} -exec rm -fr {} \; >>$LOG_FILE 2>&1
exit 0

View File

@ -0,0 +1,20 @@
---
shinyproxy_install: False
shinyproxy_version: 0.8.6
shinyproxy_file_name: 'shinyproxy-{{ shinyproxy_version }}.jar'
shinyproxy_url: 'https://www.shinyproxy.io/downloads/{{ shinyproxy_file_name }}'
shinyproxy_app_name: shinyproxy.jar
shinyproxy_user: shinyproxy
shinyproxy_install_dir: /opt/shinyproxy
shinyproxy_http_port: 8080
shinyproxy_app_title: 'Open Analytics Shiny Proxy'
shinyproxy_logo_url: 'http://www.openanalytics.eu/sites/www.openanalytics.eu/themes/oa/logo.png'
shinyproxy_authentication: ldap
shinyproxy_admin_group: ''
shinyproxy_ldap_server: 'ldap://ldap.forumsys.com:389/dc=example,dc=com'
shinyproxy_ldap_admin: cn=read-only-admin,dc=example,dc=com
shinyproxy_ldap_admin_pwd: password
shinyproxy_user_dn_pattern: 'uid={0}'
shinyproxy_group_search_base: ''
shinyproxy_group_search_filter: '(uniqueMember={0})'

View File

@ -0,0 +1,3 @@
---
- name: Restart shinyproxy
service: name=shinyproxy state=restarted

30
shinyproxy/tasks/main.yml Normal file
View File

@ -0,0 +1,30 @@
---
- block:
- name: Create the shinyproxy user
user: name={{ shinyproxy_user }} home={{ shinyproxy_install_dir }} createhome=yes system=yes shell=/usr/sbin/nologin
- name: Download the shinyproxy jar
become: True
become_user: '{{ shinyproxy_user }}'
get_url: url={{ shinyproxy_url }} dest={{ shinyproxy_install_dir }}
- name: Set up a symlink to an unversioned app name
become: True
become_user: '{{ shinyproxy_user }}'
file: src={{ shinyproxy_install_dir }}/{{ shinyproxy_file_name }} dest={{ shinyproxy_install_dir }}/{{ shinyproxy_app_name }} state=link
- name: Install the upstart init file
template: src=upstart-shinyproxy.conf.j2 dest=/etc/init/shinyproxy.conf owner=root group=root mode=0644
when: is_trusty
- name: Install the shinyproxy configuration file
template: src=shinyproxy-conf.yml.j2 dest={{ shinyproxy_install_dir }}/application.yml owner=root group={{ shinyproxy_user }} mode=0640
notify: Restart shinyproxy
tags: [ 'shinyproxy', 'shinyproxy_conf' ]
- name: Ensure that the shinyproxy service is enabled and running
service: name=shinyproxy state=started enabled=yes
when: shinyproxy_install
tags: shinyproxy

View File

@ -0,0 +1,40 @@
shiny:
proxy:
title: {{ shinyproxy_app_title }}
logo-url: {{ shinyproxy_logo_url }}
landing-page: /
heartbeat-rate: 10000
heartbeat-timeout: 60000
port: 8080
authentication: {{ shinyproxy_authentication }}
admin-groups: {{ shinyproxy_admin_group }}
# LDAP configuration
ldap:
url: {{ shinyproxy_ldap_server }}
user-dn-pattern: {{ shinyproxy_user_dn_pattern }}
group-search-base: {{ shinyproxy_group_search_base }}
group-search-filter: {{ shinyproxy_group_search_filter }}
manager-dn: {{ shinyproxy_ldap_admin }}
manager-password: {{ shinyproxy_ldap_admin_pwd }}
# Docker configuration
docker:
cert-path: /home/none
url: http://localhost:2375
host: 127.0.0.1
port-range-start: 20000
apps:
- name: 01_hello
display-name: Hello Application
description: Application which demonstrates the basics of a Shiny app
docker-cmd: ["R", "-e shinyproxy::run_01_hello()"]
docker-image: openanalytics/shinyproxy-demo
groups: scientists, mathematicians
- name: 06_tabsets
docker-cmd: ["R", "-e shinyproxy::run_06_tabsets()"]
docker-image: openanalytics/shinyproxy-demo
groups: scientists
logging:
file:
shinyproxy.log

View File

@ -0,0 +1,17 @@
# shinyproxy - springboot based shiny executor
description "shinyproxy service"
start on runlevel [2345]
stop on runlevel [!2345]
respawn
respawn limit 10 5
setuid {{ shinyproxy_user }}
setgid {{ shinyproxy_user }}
script
cd {{ shinyproxy_install_dir }}
exec java -jar ./{{ shinyproxy_app_name }}
end script

View File

@ -0,0 +1,10 @@
---
accounting_service_gcube_repository: 'gcube-snapshots'
accounting_service_install: False
accounting_service_ver: 1.0.0-20170323.102652-1
accounting_service_snap: 1.0.0-SNAPSHOT
accounting_service_name: accounting-service
accounting_service_filename: '{{ accounting_service_name }}-{{ accounting_service_ver }}.war'
accounting_service_url: 'http://maven.research-infrastructures.eu/nexus/service/local/repositories/{{ accounting_service_gcube_repository }}/content/org/gcube/data/publishing/{{ accounting_service_name }}/{{ accounting_service_snap}}/{{ accounting_service_filename }}'
accounting_service_war_file: '{{ accounting_service_name }}.war'

View File

@ -0,0 +1,17 @@
---
- block:
- name: Remove the installed accounting-service before upgrading
file: dest={{ item }} state=absent
with_items:
- '{{ smartgears_instance_path }}/webapps/accounting-service'
- '{{ smartgears_instance_path }}/webapps/accounting-service.war'
when: smartgears_upgrade
- name: Get the accounting-service war file
get_url: url={{ accounting_service_url }} dest={{ smartgears_instance_path }}/webapps/{{ accounting_service_war_file }}
become: True
become_user: '{{ smartgears_user }}'
when: accounting_service_install
tags: [ 'smartgears', 'accounting_service', 'tomcat' ]

View File

@ -7,6 +7,7 @@
- '{{ gcube_prod_key_2 }}' - '{{ gcube_prod_key_2 }}'
- '{{ gcube_prod_key_3 }}' - '{{ gcube_prod_key_3 }}'
- '{{ gcube_prod_key_4 }}' - '{{ gcube_prod_key_4 }}'
- '{{ gcube_prod_key_5 }}'
notify: Restart smartgears notify: Restart smartgears
when: install_gcube_prod_key when: install_gcube_prod_key
@ -17,6 +18,7 @@
- '{{ gcube_prod_key_2 }}' - '{{ gcube_prod_key_2 }}'
- '{{ gcube_prod_key_3 }}' - '{{ gcube_prod_key_3 }}'
- '{{ gcube_prod_key_4 }}' - '{{ gcube_prod_key_4 }}'
- '{{ gcube_prod_key_5 }}'
notify: Restart smartgears notify: Restart smartgears
when: not install_gcube_prod_key when: not install_gcube_prod_key

View File

@ -0,0 +1,8 @@
---
home_library_gcube_repository: 'gcube-staging'
home_library_install: False
home_library_ver: 1.7.0-4.3.0-144852
home_library_name: home-library-webapp
home_library_filename: '{{ home_library_name }}-{{ home_library_ver }}.war'
home_library_url: 'http://maven.research-infrastructures.eu/nexus/content/repositories/{{ home_library_gcube_repository }}/org/gcube/data/access/{{ home_library_name }}/{{ home_library_ver}}/{{ home_library_filename }}'
home_library_war_file: '{{ home_library_name }}.war'

View File

@ -0,0 +1,22 @@
---
- block:
- name: Remove the installed HOME LIBRARY connector before upgrading
file: dest={{ item }} state=absent
with_items:
- '{{ smartgears_instance_path }}/webapps/home-library-webapp'
- '{{ smartgears_instance_path }}/webapps/home-library-webapp.war'
when: smartgears_upgrade
- name: Get the HOME LIBRARY connector war file
get_url: url={{ home_library_url }} dest={{ smartgears_instance_path }}/webapps/{{ home_library_war_file }}
# - name: Unpack the HOME LIBRARY connector war file
# shell: mkdir {{ smartgears_instance_path }}/webapps/home-library-webapp ; cd {{ smartgears_instance_path }}/webapps/home-library-webapp ; jar xf {{ smartgears_instance_path }}/webapps/{{ home_library_war_file }}
# args:
# creates: '{{ smartgears_instance_path }}/webapps/home-library-webapp/WEB-INF/web.xml'
become: True
become_user: '{{ smartgears_user }}'
when: home_library_install
tags: [ 'smartgears', 'home_library', 'tomcat' ]

View File

@ -1,7 +1,7 @@
--- ---
gcube_repository: 'gcube-staging' gcube_repository: 'gcube-staging'
r_connector_install: False r_connector_install: False
r_connector_ver: 2.1.2-4.3.0-144071 r_connector_ver: 2.1.3-4.4.0-146364
r_connector_name: r-connector r_connector_name: r-connector
r_connector_group_id: org.gcube.data.analysis r_connector_group_id: org.gcube.data.analysis
r_connector_extension: war r_connector_extension: war

View File

@ -10,11 +10,18 @@ ALLOW_LOCAL_USERS=1
RPROFILE_FILE='{{ r_connector_rprofile_path }}/{{ r_connector_rprofile_filename }}' RPROFILE_FILE='{{ r_connector_rprofile_path }}/{{ r_connector_rprofile_filename }}'
if [ -d $HDIR ] ; then if [ -d $HDIR ] ; then
logger "$LOG_PREFIX user $HDIR directory exists" if id -u $USER >/dev/null 2>&1
sudo /usr/bin/touch ${HDIR}/{{ r_connector_userconfig }} then
sudo /bin/chown ${USER}:{{ smartgears_user }} $HDIR/{{ r_connector_userconfig }} logger "$LOG_PREFIX user $HDIR directory exists. Touching the userconfig.csv file to ensure that it exists with the correct permissions"
sudo /usr/bin/setfacl -m u:${USER}:rw,g:{{ smartgears_user }}:rw $HDIR/{{ r_connector_userconfig }} sudo /usr/bin/touch ${HDIR}/{{ r_connector_userconfig }}
exit 0 sudo /bin/chown ${USER}:{{ smartgears_user }} $HDIR/{{ r_connector_userconfig }}
sudo /usr/bin/setfacl -m u:${USER}:rw,g:{{ smartgears_user }}:rw $HDIR/{{ r_connector_userconfig }}
sudo /bin/ln -s $RPROFILE_FILE $HDIR/{{ r_connector_rprofile_filename }}
exit 0
else
logger "$LOG_PREFIX user $HDIR directory exists but the user not. Aborting."
exit 1
fi
else else
if id -u $USER >/dev/null 2>&1 if id -u $USER >/dev/null 2>&1
then then

View File

@ -16,19 +16,32 @@ smartgears_user: '{{ d4science_user }}'
smartgears_user_home: '{{ d4science_user_home }}' smartgears_user_home: '{{ d4science_user_home }}'
smartgears_instance_path: '{{ smartgears_user_home }}/tomcat' smartgears_instance_path: '{{ smartgears_user_home }}/tomcat'
smartgears_install_path: '{{ smartgears_user_home }}/SmartGears' smartgears_install_path: '{{ smartgears_user_home }}/SmartGears'
smartgears_distribution_version: 2.1.0-4.3.0-142337 #smartgears_distribution_version: 2.1.0-4.3.0-142337
smartgears_distribution_version: 2.1.2-4.4.0-146408
smartgears_file: 'smartgears-distribution-{{ smartgears_distribution_version }}.tar.gz' smartgears_file: 'smartgears-distribution-{{ smartgears_distribution_version }}.tar.gz'
smartgears_url: 'http://maven.research-infrastructures.eu/nexus/content/repositories/{{ gcube_repository }}/org/gcube/distribution/smartgears-distribution/{{ smartgears_distribution_version }}/{{ smartgears_file }}' smartgears_url: 'http://maven.research-infrastructures.eu/nexus/content/repositories/{{ gcube_repository }}/org/gcube/distribution/smartgears-distribution/{{ smartgears_distribution_version }}/{{ smartgears_file }}'
smartgears_mode: online smartgears_mode: online
smartgears_application_mode: online smartgears_application_mode: online
# Production infra # Production infra
smartgears_infrastructure_name: "d4science.research-infrastructures.eu" smartgears_infrastructure_name: "d4science.research-infrastructures.eu"
# Production VOs
smartgears_production_vo:
- '/{{ smartgears_infrastructure_name }}'
- '/{{ smartgears_infrastructure_name }}/FARM'
- '/{{ smartgears_infrastructure_name }}/SoBigData'
- '/{{ smartgears_infrastructure_name }}/SmartArea'
- '/{{ smartgears_infrastructure_name }}/gCubeApps'
- '/{{ smartgears_infrastructure_name }}/D4Research'
# Set to 'true' or 'false'. Pay attention to the case
smartgears_authorized_on_all_scopes: 'false'
smartgears_scopes:
- '/{{ smartgears_infrastructure_name }}'
smartgears_hostname: '{{ ansible_fqdn }}' smartgears_hostname: '{{ ansible_fqdn }}'
smartgears_country: it smartgears_country: it
smartgears_location: pisa smartgears_location: pisa
smartgears_latitude: 41.9000 smartgears_latitude: 41.9000
smartgears_longitude: 12.5000 smartgears_longitude: 12.5000
smartgears_publication_frequency: 180 smartgears_publication_frequency: 300
smartgears_http_port: 9000 smartgears_http_port: 9000
smartgears_service_name: 'tomcat-instance-{{ smartgears_http_port }}' smartgears_service_name: 'tomcat-instance-{{ smartgears_http_port }}'
@ -36,8 +49,6 @@ smartgears_loglevel: WARN
smartgears_tomcat_contexts: [ 'whn-manager' ] smartgears_tomcat_contexts: [ 'whn-manager' ]
smartgears_scopes:
- '/{{ smartgears_infrastructure_name }}'
# The iptables rules use this # The iptables rules use this
http_port: '{{ smartgears_http_port }}' http_port: '{{ smartgears_http_port }}'

View File

@ -7,6 +7,7 @@
- '{{ gcube_prod_key_2 }}' - '{{ gcube_prod_key_2 }}'
- '{{ gcube_prod_key_3 }}' - '{{ gcube_prod_key_3 }}'
- '{{ gcube_prod_key_4 }}' - '{{ gcube_prod_key_4 }}'
- '{{ gcube_prod_key_5 }}'
notify: Restart smartgears notify: Restart smartgears
when: install_gcube_prod_key when: install_gcube_prod_key
@ -17,6 +18,7 @@
- '{{ gcube_prod_key_2 }}' - '{{ gcube_prod_key_2 }}'
- '{{ gcube_prod_key_3 }}' - '{{ gcube_prod_key_3 }}'
- '{{ gcube_prod_key_4 }}' - '{{ gcube_prod_key_4 }}'
- '{{ gcube_prod_key_5 }}'
notify: Restart smartgears notify: Restart smartgears
when: not install_gcube_prod_key when: not install_gcube_prod_key

View File

@ -58,6 +58,26 @@
copy: src=TokenGenerator.class dest=/usr/local/lib/TokenGenerator.class owner=root group=root mode=0644 copy: src=TokenGenerator.class dest=/usr/local/lib/TokenGenerator.class owner=root group=root mode=0644
tags: [ 'smartgears', 'smartgears_conf', 'tomcat' ] tags: [ 'smartgears', 'smartgears_conf', 'tomcat' ]
- name: Install the script that manages the smartgears loglevel
template: src=change-logback-loglevel.sh.j2 dest=/usr/local/bin/change-logback-loglevel owner=root group=root mode=0755
with_items: '{{ tomcat_m_instances }}'
when: not item.skip_smartgears
tags: [ 'smartgears', 'smartgears_loglevel', 'tomcat' ]
- name: Change the smartgears log level
become: True
become_user: '{{ smartgears_user }}'
shell: /usr/local/bin/change-logback-loglevel
tags: [ 'smartgears', 'tomcat', 'smartgears_loglevel' ]
- name: Remove some wrong symbolic links created by the install/upgrade script
file: dest={{ item }} state=absent
with_items:
- '{{ smartgears_install_path }}/lib/lib'
- '{{ smartgears_install_path }}/apps/webapps'
when: smartgears_upgrade
tags: [ 'smartgears', 'smartgears_conf', 'tomcat' ]
- name: Install the script that fetches the scope tokens - name: Install the script that fetches the scope tokens
template: src=get-scopes.j2 dest=/usr/local/bin/get-scopes owner=root group={{ smartgears_user }} mode=0750 template: src=get-scopes.j2 dest=/usr/local/bin/get-scopes owner=root group={{ smartgears_user }} mode=0750
with_items: '{{ tomcat_m_instances }}' with_items: '{{ tomcat_m_instances }}'
@ -81,38 +101,20 @@
with_items: '{{ tomcat_m_instances }}' with_items: '{{ tomcat_m_instances }}'
tags: [ 'smartgears', 'smartgears_conf', 'tomcat' ] tags: [ 'smartgears', 'smartgears_conf', 'tomcat' ]
- name: Get the scope tokens from the authorization service and assemble the container.xml file - name: Get the scope tokens from the authorization service and assemble the container.xml file when whe have an authorization token or we are upgrading
become: True become: True
become_user: '{{ smartgears_user }}' become_user: '{{ smartgears_user }}'
shell: /usr/local/bin/get-scopes {{ gcube_admin_token | default(omit) }} shell: /usr/local/bin/get-scopes {{ gcube_admin_token | default('') }}
when: gcube_admin_token is defined when: gcube_admin_token is defined or smartgears_upgrade
notify: Restart smartgears
tags: [ 'smartgears', 'smartgears_conf', 'tomcat' ] tags: [ 'smartgears', 'smartgears_conf', 'tomcat' ]
- name: Remove the smartgears application state if requested - name: Remove the smartgears application state if requested
#file: dest={{ smartgears_install_path }}/state state=absent
file: dest=/home/gcube/SmartGears/state state=absent
when: smartgears_remove_state
notify: Restart smartgears
tags: [ 'smartgears', 'smartgears_conf', 'tomcat' ]
- name: Install the script that manages the smartgears loglevel
template: src=change-logback-loglevel.sh.j2 dest=/usr/local/bin/change-logback-loglevel owner=root group=root mode=0755
with_items: '{{ tomcat_m_instances }}'
when: not item.skip_smartgears
tags: [ 'smartgears', 'smartgears_loglevel', 'tomcat' ]
- name: Change the smartgears log level
become: True become: True
become_user: '{{ smartgears_user }}' become_user: '{{ smartgears_user }}'
shell: /usr/local/bin/change-logback-loglevel shell: . {{ smartgears_user_home }}/.bashrc ; cd {{ smartgears_user_home }}/SmartGears/scripts ; ./clean-container-state -s old_saved_scopes.xml
tags: [ 'smartgears', 'tomcat', 'smartgears_loglevel' ] when: smartgears_remove_state and not smartgears_upgrade
notify: Restart smartgears
- name: Remove some wrong symbolic links created by the install/upgrade script
file: dest={{ item }} state=absent
with_items:
- '{{ smartgears_install_path }}/lib/lib'
- '{{ smartgears_install_path }}/apps/webapps'
when: smartgears_upgrade
tags: [ 'smartgears', 'smartgears_conf', 'tomcat' ] tags: [ 'smartgears', 'smartgears_conf', 'tomcat' ]
- name: Force a smartgears restart - name: Force a smartgears restart

View File

@ -24,6 +24,9 @@
<longitude>{{ smartgears_longitude }}</longitude> <longitude>{{ smartgears_longitude }}</longitude>
</site> </site>
<authorizeChildrenContext>{{ smartgears_authorized_on_all_scopes }}</authorizeChildrenContext>
<property name='SmartGearsDistributionBundle' value='UnBundled' /> <property name='SmartGearsDistributionBundle' value='UnBundled' />
<property name='SmartGearsDistribution' value='{{ smartgears_distribution_version }}' /> <property name='SmartGearsDistribution' value='{{ smartgears_distribution_version }}' />
<publication-frequency>{{ smartgears_publication_frequency }}</publication-frequency> <publication-frequency>{{ smartgears_publication_frequency }}</publication-frequency>

View File

@ -6,11 +6,37 @@ CONTAINER_XML_TAIL={{ smartgears_user_home }}/.containerxml/3-container.xml
LOCAL_LIB=/usr/local/lib LOCAL_LIB=/usr/local/lib
LOCAL_ETC=/usr/local/etc LOCAL_ETC=/usr/local/etc
LOG_PREFIX="get-scopes: " LOG_PREFIX="get-scopes: "
GHN_ENV_FILE=/etc/default/tomcat-instance-{{ item.http_port }}.local
SMARTGEARS_VO_AUTH={{ smartgears_authorized_on_all_scopes }}
SMARTGEARS_UPGRADE={{ smartgears_upgrade }}
SMARTGEARS_SAVED_STATE_F=saved_scopes_list.xml
SMARTGEARS_SAVED_STATE_PATH={{ smartgears_user_home }}/SmartGears/$SMARTGEARS_SAVED_STATE_F
SMARTGEARS_SCRIPTS_DIR={{ smartgears_user_home }}/SmartGears/scripts
CONTAINER_XML_FILE={{ smartgears_install_path }}/container.xml CONTAINER_XML_FILE={{ smartgears_install_path }}/container.xml
# 0: True, 1: False
USE_SAVED_STATE=1
RETVAL= RETVAL=
# Scenario:
# - First installation, no upgrade.
# - The node must run on all VOs
# In these cases we use our scopes list
if [ "$SMARTGEARS_VO_AUTH" == 'false' ] ; then
if [ "$SMARTGEARS_UPGRADE" == 'True' ] ; then
USE_SAVED_STATE=0
logger "$LOG_PREFIX setting the correct variables so that we are going to use the local scopes"
else
logger "$LOG_PREFIX We are going to use our scopes list. A valid token is mandatory"
fi
else
logger "$LOG_PREFIX We are going to use our scopes list. A valid token is mandatory"
fi
SCOPES_LIST="" SCOPES_LIST=""
if [ -f $LOCAL_ETC/scopes.list ] ; then if [ -f $LOCAL_ETC/scopes.list ] ; then
. $LOCAL_ETC/scopes.list . $LOCAL_ETC/scopes.list
@ -18,14 +44,16 @@ else
logger "$LOG_PREFIX There is no token list, aborting" logger "$LOG_PREFIX There is no token list, aborting"
exit 1 exit 1
fi fi
if [ $# -ne 1 ] ; then
echo "The token must be passed as the sole argument" if [ $# -ne 1 -a $USE_SAVED_STATE -ne 0 ] ; then
logger "$LOG_PREFIX The token must be passed as the sole argument" echo "The token must be passed as the sole argument when we are not using the local state"
logger "$LOG_PREFIX The token must be passed as the sole argument when we are not using the local state"
exit 1 exit 1
elif [ $# -eq 1 ] ; then
logger "$LOG_PREFIX We have an authorization token"
TOKEN=$1
fi fi
TOKEN=$1
{%if setup_nginx %} {%if setup_nginx %}
{%if https_port is defined %} {%if https_port is defined %}
@ -43,21 +71,33 @@ HTTP_PORT={{ http_port }}
HTTP_PORT={{ item.http_port }} HTTP_PORT={{ item.http_port }}
{% endif %} {% endif %}
for jar in $( ls -1 /home/gcube/tomcat/lib/ ) ; do if [ $USE_SAVED_STATE -ne 0 ] ; then
export CLASSPATH="/home/gcube/SmartGears/lib/${jar}:$CLASSPATH" logger "$LOG_PREFIX First installation or moving avay to a configuration that needs to be present on all the VREs. Using our scopes list and not the state memorized one"
done for jar in $( ls -1 /home/gcube/tomcat/lib/ ) ; do
export CLASSPATH="/home/gcube/SmartGears/lib/${jar}:$CLASSPATH"
done
cd $LOCAL_LIB cd $LOCAL_LIB
java TokenGenerator {{ smartgears_hostname }} $TOKEN $HTTP_PORT $SCOPES_FILE $SCOPES_LIST java TokenGenerator {{ smartgears_hostname }} $TOKEN $HTTP_PORT $SCOPES_FILE $SCOPES_LIST >/dev/null 2>&1
RETVAL=$? RETVAL=$?
if [ $RETVAL -eq 0 ] ; then if [ $RETVAL -eq 0 ] ; then
logger "$LOG_PREFIX We got the scope tokens" logger "$LOG_PREFIX We got the scope tokens"
else
logger "$LOG_PREFIX Unable to obtain the scope tokens, aborting"
exit 1
fi
else else
logger "$LOG_PREFIX Unable to obtain the scope tokens, aborting" logger "$LOG_PREFIX We are going to use the scopes memorized into the state"
exit 1 SCOPES_FILE=$SMARTGEARS_SAVED_STATE_PATH
fi fi
# We always remove the current state
cd $SMARTGEARS_SCRIPTS_DIR
. $GHN_ENV_FILE
./clean-container-state -s $SMARTGEARS_SAVED_STATE_F
# Now that we have the tokens, we can assemble the container.xml file # Now that we have the tokens, we can assemble the container.xml file
chmod 640 $CONTAINER_XML_FILE chmod 640 $CONTAINER_XML_FILE
CREATE_CONTAINER_XML_RES=0 CREATE_CONTAINER_XML_RES=0