Add scripts and templates to manage the mount and umount of the workspace.

This commit is contained in:
Andrea Dell'Amico 2019-03-01 17:43:30 +01:00
parent 8da346c7f9
commit 6b3f9bb7c8
5 changed files with 98 additions and 32 deletions

View File

@ -9,6 +9,8 @@ r_connector_filename: '{{ r_connector_name }}-{{ r_connector_ver }}.{{ r_connect
r_connector_usershome: /home/ r_connector_usershome: /home/
r_connector_userconfig: userconfig.csv r_connector_userconfig: userconfig.csv
r_connector_adduserscript: /usr/local/bin/rusersadd r_connector_adduserscript: /usr/local/bin/rusersadd
r_connector_workspace_unmount: /usr/local/bin/rconnector_unmount
r_connector_workspace_mountpoint: workspace
r_connector_rstudio_cookie_key: /var/lib/rstudio-server/secure-cookie-key r_connector_rstudio_cookie_key: /var/lib/rstudio-server/secure-cookie-key
r_connector_rprofile_svn_url: 'http://svn.research-infrastructures.eu/public/d4science/gcube/trunk/data-analysis/RConfiguration/RStudioConfiguration' r_connector_rprofile_svn_url: 'http://svn.research-infrastructures.eu/public/d4science/gcube/trunk/data-analysis/RConfiguration/RStudioConfiguration'
r_connector_rprofile_filename: '.Rprofile' r_connector_rprofile_filename: '.Rprofile'

View File

@ -8,13 +8,16 @@
notify: Restart smartgears notify: Restart smartgears
- name: Remove the packages required to enable the LDAP PAM authentication - name: Remove the packages required to enable the LDAP PAM authentication
become: False become_user: root
apt: pkg={{ item }} state=absent apt: pkg={{ item }} state=absent
with_items: '{{ r_connector_deb_pkgs }}' with_items: '{{ r_connector_deb_pkgs }}'
- name: Remove the connector raddusers script - name: Remove the connector raddusers and rconnector_unmount scripts
become: False become_user: root
file: dest={{ r_connector_adduserscript }} state=absent file: dest={{ item }} state=absent
with_items:
- '{{ r_connector_adduserscript }}'
- '{{ r_connector_workspace_unmount }}'
- name: Remove the RConfiguration repo - name: Remove the RConfiguration repo
file: dest={{ r_connector_rprofile_path }} state=absent file: dest={{ r_connector_rprofile_path }} state=absent
@ -29,7 +32,7 @@
- block: - block:
- name: Get the R Connector war - name: Get the R Connector war
maven_artifact: artifact_id={{ r_connector_name }} version={{ r_connector_ver | default('latest') }} group_id={{ r_connector_group_id }} extension={{ r_connector_extension }} repository_url={{ smartgears_global_base_url }} dest={{ smartgears_downloads_dir }}/{{ r_connector_filename }} maven_artifact: artifact_id={{ r_connector_name }} version={{ r_connector_ver | default('latest') }} group_id={{ r_connector_group_id }} extension={{ r_connector_extension }} repository_url={{ smartgears_global_base_url }} dest={{ smartgears_downloads_dir }}/{{ r_connector_filename }} verify_checksum=always
register: r_connector_download register: r_connector_download
- name: Remove the installed R connector before upgrading - name: Remove the installed R connector before upgrading
@ -58,10 +61,14 @@
template: src=r-web.xml.j2 dest={{ smartgears_instance_path }}/webapps/{{ r_connector_name }}/WEB-INF/web.xml mode=0440 template: src=r-web.xml.j2 dest={{ smartgears_instance_path }}/webapps/{{ r_connector_name }}/WEB-INF/web.xml mode=0440
notify: Restart smartgears notify: Restart smartgears
- name: Install the R add users script - name: Install the rconnector add users script
become_user: root become_user: root
template: src=rusersadd.j2 dest={{ r_connector_adduserscript }} owner=root group=root mode=0555 template: src=rusersadd.j2 dest={{ r_connector_adduserscript }} owner=root group=root mode=0555
- name: Install the script that unmounts the remote workspace
become_user: root
template: src=rconnector_unmount dest={{ r_connector_workspace_unmount }} owner=root group=root mode=0555
- name: Crete the directory that will host the RConfiguration stuff - name: Crete the directory that will host the RConfiguration stuff
become_user: root become_user: root
file: dest={{ r_connector_rprofile_base_dir }} owner={{ d4science_user }} group={{ d4science_user }} state=directory file: dest={{ r_connector_rprofile_base_dir }} owner={{ d4science_user }} group={{ d4science_user }} state=directory

View File

@ -11,6 +11,10 @@
<param-name>addUserScript</param-name> <param-name>addUserScript</param-name>
<param-value>{{ r_connector_adduserscript }}</param-value> <param-value>{{ r_connector_adduserscript }}</param-value>
</context-param> </context-param>
<context-param>
<param-name>unmountScript</param-name>
<param-value>{{ r_connector_workspace_unmount }}</param-value>
</context-param>
<context-param> <context-param>
<param-name>storedKeyPath</param-name> <param-name>storedKeyPath</param-name>
<param-value>{{ r_connector_rstudio_cookie_key }}</param-value> <param-value>{{ r_connector_rstudio_cookie_key }}</param-value>
@ -19,6 +23,11 @@
<param-name>rStudioAddress</param-name> <param-name>rStudioAddress</param-name>
<param-value>{{ ansible_fqdn }}</param-value> <param-value>{{ ansible_fqdn }}</param-value>
</context-param> </context-param>
<context-param>
<param-name>unmountScript</param-name>
<param-value>{{ r_connector_workspace_unmount }}</param-value>
</context-param>
<servlet> <servlet>
<servlet-name>org.gcube.data.analysis.rconnector.RConnector</servlet-name> <servlet-name>org.gcube.data.analysis.rconnector.RConnector</servlet-name>
</servlet> </servlet>

View File

@ -0,0 +1,18 @@
#!/bin/bash
WORKSPACE_USER=$1
RETVAL=0
RCONNECTOR_WORKSPACE_MOUNTPOINT="{{ r_connector_workspace_mountpoint }}"
MOUNT_WORKSPACE_PID=$( ps auwwx | grep -i java | grep "$WORKSPACE_USER" | grep "$RCONNECTOR_WORKSPACE_MOUNTPOINT" | grep -v sudo | awk '{print $2}' )
if [ ! -z "$MOUNT_WORKSPACE_PID" ] ; then
logger "rconnector_unmount: trying to unmount the workspace of the user $WORKSPACE_USER, pid $MOUNT_WORKSPACE_PID"
sudo /bin/kill -15 "$MOUNT_WORKSPACE_PID"
RETVAL=$?
logger "rconnector_unmount: umount result: $RETVAL"
else
logger "rconnector_unmount: no mounted workspace for the user $WORKSPACE_USER"
fi
exit $RETVAL

View File

@ -1,40 +1,72 @@
#!/bin/bash #!/bin/bash
DEBUG=1
USER="$1" if [ $DEBUG -eq 0 ] ; then
HDIR="{{ r_connector_usershome }}$USER" set -x
exec 2>/var/tmp/rusersadd.log
fi
# We use logger to log directly to syslog # We use logger to log directly to syslog
LOG_PREFIX="r-connector rusersadd:" LOG_PREFIX="r-connector rusersadd:"
USER="$1"
GCUBE_TOKEN=
GCUBE_SCOPES=
REMOTE_WORKSPACE_MOUNT=0
if [ $# -ne 3 ] ; then
REMOTE_WORKSPACE_MOUNT=1
logger "$LOG_PREFIX: this rconnector does not support the remote workspace mount"
else
GCUBE_TOKEN="$2"
GCUBE_SCOPES="$3"
fi
HDIR="{{ r_connector_usershome }}$USER"
# 0: allowed # 0: allowed
# 1: not allowed # 1: not allowed
ALLOW_LOCAL_USERS=1 ALLOW_LOCAL_USERS=1
RPROFILE_FILE='{{ r_connector_rprofile_path }}/{{ r_connector_rprofile_filename }}' RPROFILE_FILE='{{ r_connector_rprofile_path }}/{{ r_connector_rprofile_filename }}'
FUSE_INTEGRATION_JAR=/usr/local/lib/sh-fuse-integration-1.0.0-SNAPSHOT-jar-with-dependencies.jar
WORKSPACE_MOUNT_DIR="$HDIR/{{ r_connector_workspace_mountpoint }}"
if [ -d $HDIR ] ; then workspace_mount () {
if id -u $USER >/dev/null 2>&1 if [ $REMOTE_WORKSPACE_MOUNT -eq 0 ] ; then
{{ r_connector_workspace_unmount }} "$USER"
logger "$LOG_PREFIX: Trying to mount the remote workspace"
[ $DEBUG -eq 0 ] && logger "$LOG_PREFIX: Mount command is sudo -u $USER /usr/bin/java -jar $FUSE_INTEGRATION_JAR $GCUBE_TOKEN $GCUBE_SCOPES $WORKSPACE_MOUNT_DIR"
sudo /bin/mkdir -p "$WORKSPACE_MOUNT_DIR"
sudo /bin/chown "${USER}" "$WORKSPACE_MOUNT_DIR"
sudo -u "$USER" /usr/bin/java -jar $FUSE_INTEGRATION_JAR $GCUBE_TOKEN $GCUBE_SCOPES $WORKSPACE_MOUNT_DIR > "/var/tmp/workspace_${USER}.log" 2>&1 &
fi
}
fix_userconfig_perms () {
sudo /usr/bin/touch "${HDIR}/{{ r_connector_userconfig }}"
sudo /bin/chmod 660 "$HDIR/{{ r_connector_userconfig }}"
sudo /bin/chown "${USER}:{{ smartgears_user }}" "$HDIR/{{ r_connector_userconfig }}"
sudo /usr/bin/setfacl -m u:${USER}:rw,g:{{ smartgears_user }}:rw $HDIR/{{ r_connector_userconfig }}
}
if [ -d "$HDIR" ] ; then
if id -u "$USER" >/dev/null 2>&1
then then
logger "$LOG_PREFIX user $HDIR directory exists. Touching the userconfig.csv file to ensure that it exists with the correct permissions" logger "$LOG_PREFIX user $HDIR directory exists. Touching the userconfig.csv file to ensure that it exists with the correct permissions"
sudo /usr/bin/touch ${HDIR}/{{ r_connector_userconfig }} fix_userconfig_perms
sudo /bin/chown ${USER}:{{ smartgears_user }} $HDIR/{{ r_connector_userconfig }} sudo /bin/ln -s "$RPROFILE_FILE" "$HDIR/{{ r_connector_rprofile_filename }}"
sudo /usr/bin/setfacl -m u:${USER}:rw,g:{{ smartgears_user }}:rw $HDIR/{{ r_connector_userconfig }} workspace_mount
sudo /bin/ln -s $RPROFILE_FILE $HDIR/{{ r_connector_rprofile_filename }}
exit 0 exit 0
else else
logger "$LOG_PREFIX user $HDIR directory exists but the user not. Aborting." logger "$LOG_PREFIX user $HDIR directory exists but the user not. Aborting."
exit 1 exit 1
fi fi
else else
if id -u $USER >/dev/null 2>&1 if id -u "$USER" >/dev/null 2>&1
then then
logger "$LOG_PREFIX ldap user $USER first login" logger "$LOG_PREFIX ldap user $USER first login"
sudo /bin/mkdir -p $HDIR sudo /bin/mkdir -p "$HDIR"
sudo /bin/chown -R $USER $HDIR sudo /bin/chown -R "$USER" "$HDIR"
sudo /bin/chmod g-wr,o-rwx $HDIR sudo /bin/chmod g-wr,o-rwx "$HDIR"
sudo /usr/bin/touch $HDIR/{{ r_connector_userconfig }} fix_userconfig_perms
sudo /bin/chmod 660 $HDIR/{{ r_connector_userconfig }} sudo /bin/chgrp {{ smartgears_user }} "$HDIR"
sudo /bin/chown $USER:{{ smartgears_user }} $HDIR/{{ r_connector_userconfig }} sudo /bin/ln -s "$RPROFILE_FILE" "$HDIR/{{ r_connector_rprofile_filename }}"
sudo /usr/bin/setfacl -m u:${USER}:rw,g:{{ smartgears_user }}:rw $HDIR/{{ r_connector_userconfig }} workspace_mount
sudo /bin/chgrp {{ smartgears_user }} $HDIR
sudo /bin/ln -s $RPROFILE_FILE $HDIR/{{ r_connector_rprofile_filename }}
exit 0 exit 0
else else
logger "$LOG_PREFIX user $USER does not exist locally and is not an ldap user" logger "$LOG_PREFIX user $USER does not exist locally and is not an ldap user"
@ -43,13 +75,11 @@ else
exit 1 exit 1
else else
logger "$LOG_PREFIX non ldap users allowed, adding the user $USER locally" logger "$LOG_PREFIX non ldap users allowed, adding the user $USER locally"
sudo /usr/sbin/useradd -m -s /bin/false -g {{ smartgears_user }} $USER sudo /usr/sbin/useradd -m -s /bin/false -g {{ smartgears_user }} "$USER"
sudo /bin/chmod g+ws $HDIR sudo /bin/chmod g+ws "$HDIR"
sudo /usr/bin/touch $HDIR/{{ r_connector_userconfig }} fix_userconfig_perms
sudo /bin/chmod 660 $HDIR/{{ r_connector_userconfig }} sudo /bin/chgrp -R {{ smartgears_user }} "$HDIR"
sudo /usr/bin/setfacl -m g:{{ smartgears_user }}:rw $HDIR/{{ r_connector_userconfig }} sudo /bin/ln -s "$RPROFILE_FILE" "$HDIR/{{ r_connector_rprofile_filename }}"
sudo /bin/chgrp -R {{ smartgears_user }} $HDIR
sudo /bin/ln -s $RPROFILE_FILE $HDIR/{{ r_connector_rprofile_filename }}
exit 0 exit 0
fi fi
fi fi