forked from ISTI-ansible-roles/ansible-roles
Add scripts and templates to manage the mount and umount of the workspace.
This commit is contained in:
parent
8da346c7f9
commit
6b3f9bb7c8
|
@ -9,6 +9,8 @@ r_connector_filename: '{{ r_connector_name }}-{{ r_connector_ver }}.{{ r_connect
|
||||||
r_connector_usershome: /home/
|
r_connector_usershome: /home/
|
||||||
r_connector_userconfig: userconfig.csv
|
r_connector_userconfig: userconfig.csv
|
||||||
r_connector_adduserscript: /usr/local/bin/rusersadd
|
r_connector_adduserscript: /usr/local/bin/rusersadd
|
||||||
|
r_connector_workspace_unmount: /usr/local/bin/rconnector_unmount
|
||||||
|
r_connector_workspace_mountpoint: workspace
|
||||||
r_connector_rstudio_cookie_key: /var/lib/rstudio-server/secure-cookie-key
|
r_connector_rstudio_cookie_key: /var/lib/rstudio-server/secure-cookie-key
|
||||||
r_connector_rprofile_svn_url: 'http://svn.research-infrastructures.eu/public/d4science/gcube/trunk/data-analysis/RConfiguration/RStudioConfiguration'
|
r_connector_rprofile_svn_url: 'http://svn.research-infrastructures.eu/public/d4science/gcube/trunk/data-analysis/RConfiguration/RStudioConfiguration'
|
||||||
r_connector_rprofile_filename: '.Rprofile'
|
r_connector_rprofile_filename: '.Rprofile'
|
||||||
|
|
|
@ -8,13 +8,16 @@
|
||||||
notify: Restart smartgears
|
notify: Restart smartgears
|
||||||
|
|
||||||
- name: Remove the packages required to enable the LDAP PAM authentication
|
- name: Remove the packages required to enable the LDAP PAM authentication
|
||||||
become: False
|
become_user: root
|
||||||
apt: pkg={{ item }} state=absent
|
apt: pkg={{ item }} state=absent
|
||||||
with_items: '{{ r_connector_deb_pkgs }}'
|
with_items: '{{ r_connector_deb_pkgs }}'
|
||||||
|
|
||||||
- name: Remove the connector raddusers script
|
- name: Remove the connector raddusers and rconnector_unmount scripts
|
||||||
become: False
|
become_user: root
|
||||||
file: dest={{ r_connector_adduserscript }} state=absent
|
file: dest={{ item }} state=absent
|
||||||
|
with_items:
|
||||||
|
- '{{ r_connector_adduserscript }}'
|
||||||
|
- '{{ r_connector_workspace_unmount }}'
|
||||||
|
|
||||||
- name: Remove the RConfiguration repo
|
- name: Remove the RConfiguration repo
|
||||||
file: dest={{ r_connector_rprofile_path }} state=absent
|
file: dest={{ r_connector_rprofile_path }} state=absent
|
||||||
|
@ -29,7 +32,7 @@
|
||||||
|
|
||||||
- block:
|
- block:
|
||||||
- name: Get the R Connector war
|
- name: Get the R Connector war
|
||||||
maven_artifact: artifact_id={{ r_connector_name }} version={{ r_connector_ver | default('latest') }} group_id={{ r_connector_group_id }} extension={{ r_connector_extension }} repository_url={{ smartgears_global_base_url }} dest={{ smartgears_downloads_dir }}/{{ r_connector_filename }}
|
maven_artifact: artifact_id={{ r_connector_name }} version={{ r_connector_ver | default('latest') }} group_id={{ r_connector_group_id }} extension={{ r_connector_extension }} repository_url={{ smartgears_global_base_url }} dest={{ smartgears_downloads_dir }}/{{ r_connector_filename }} verify_checksum=always
|
||||||
register: r_connector_download
|
register: r_connector_download
|
||||||
|
|
||||||
- name: Remove the installed R connector before upgrading
|
- name: Remove the installed R connector before upgrading
|
||||||
|
@ -58,10 +61,14 @@
|
||||||
template: src=r-web.xml.j2 dest={{ smartgears_instance_path }}/webapps/{{ r_connector_name }}/WEB-INF/web.xml mode=0440
|
template: src=r-web.xml.j2 dest={{ smartgears_instance_path }}/webapps/{{ r_connector_name }}/WEB-INF/web.xml mode=0440
|
||||||
notify: Restart smartgears
|
notify: Restart smartgears
|
||||||
|
|
||||||
- name: Install the R add users script
|
- name: Install the rconnector add users script
|
||||||
become_user: root
|
become_user: root
|
||||||
template: src=rusersadd.j2 dest={{ r_connector_adduserscript }} owner=root group=root mode=0555
|
template: src=rusersadd.j2 dest={{ r_connector_adduserscript }} owner=root group=root mode=0555
|
||||||
|
|
||||||
|
- name: Install the script that unmounts the remote workspace
|
||||||
|
become_user: root
|
||||||
|
template: src=rconnector_unmount dest={{ r_connector_workspace_unmount }} owner=root group=root mode=0555
|
||||||
|
|
||||||
- name: Crete the directory that will host the RConfiguration stuff
|
- name: Crete the directory that will host the RConfiguration stuff
|
||||||
become_user: root
|
become_user: root
|
||||||
file: dest={{ r_connector_rprofile_base_dir }} owner={{ d4science_user }} group={{ d4science_user }} state=directory
|
file: dest={{ r_connector_rprofile_base_dir }} owner={{ d4science_user }} group={{ d4science_user }} state=directory
|
||||||
|
|
|
@ -11,6 +11,10 @@
|
||||||
<param-name>addUserScript</param-name>
|
<param-name>addUserScript</param-name>
|
||||||
<param-value>{{ r_connector_adduserscript }}</param-value>
|
<param-value>{{ r_connector_adduserscript }}</param-value>
|
||||||
</context-param>
|
</context-param>
|
||||||
|
<context-param>
|
||||||
|
<param-name>unmountScript</param-name>
|
||||||
|
<param-value>{{ r_connector_workspace_unmount }}</param-value>
|
||||||
|
</context-param>
|
||||||
<context-param>
|
<context-param>
|
||||||
<param-name>storedKeyPath</param-name>
|
<param-name>storedKeyPath</param-name>
|
||||||
<param-value>{{ r_connector_rstudio_cookie_key }}</param-value>
|
<param-value>{{ r_connector_rstudio_cookie_key }}</param-value>
|
||||||
|
@ -19,6 +23,11 @@
|
||||||
<param-name>rStudioAddress</param-name>
|
<param-name>rStudioAddress</param-name>
|
||||||
<param-value>{{ ansible_fqdn }}</param-value>
|
<param-value>{{ ansible_fqdn }}</param-value>
|
||||||
</context-param>
|
</context-param>
|
||||||
|
<context-param>
|
||||||
|
<param-name>unmountScript</param-name>
|
||||||
|
<param-value>{{ r_connector_workspace_unmount }}</param-value>
|
||||||
|
</context-param>
|
||||||
|
|
||||||
<servlet>
|
<servlet>
|
||||||
<servlet-name>org.gcube.data.analysis.rconnector.RConnector</servlet-name>
|
<servlet-name>org.gcube.data.analysis.rconnector.RConnector</servlet-name>
|
||||||
</servlet>
|
</servlet>
|
||||||
|
|
|
@ -0,0 +1,18 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
WORKSPACE_USER=$1
|
||||||
|
RETVAL=0
|
||||||
|
RCONNECTOR_WORKSPACE_MOUNTPOINT="{{ r_connector_workspace_mountpoint }}"
|
||||||
|
|
||||||
|
MOUNT_WORKSPACE_PID=$( ps auwwx | grep -i java | grep "$WORKSPACE_USER" | grep "$RCONNECTOR_WORKSPACE_MOUNTPOINT" | grep -v sudo | awk '{print $2}' )
|
||||||
|
|
||||||
|
if [ ! -z "$MOUNT_WORKSPACE_PID" ] ; then
|
||||||
|
logger "rconnector_unmount: trying to unmount the workspace of the user $WORKSPACE_USER, pid $MOUNT_WORKSPACE_PID"
|
||||||
|
sudo /bin/kill -15 "$MOUNT_WORKSPACE_PID"
|
||||||
|
RETVAL=$?
|
||||||
|
logger "rconnector_unmount: umount result: $RETVAL"
|
||||||
|
else
|
||||||
|
logger "rconnector_unmount: no mounted workspace for the user $WORKSPACE_USER"
|
||||||
|
fi
|
||||||
|
|
||||||
|
exit $RETVAL
|
|
@ -1,40 +1,72 @@
|
||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
|
DEBUG=1
|
||||||
USER="$1"
|
if [ $DEBUG -eq 0 ] ; then
|
||||||
HDIR="{{ r_connector_usershome }}$USER"
|
set -x
|
||||||
|
exec 2>/var/tmp/rusersadd.log
|
||||||
|
fi
|
||||||
# We use logger to log directly to syslog
|
# We use logger to log directly to syslog
|
||||||
LOG_PREFIX="r-connector rusersadd:"
|
LOG_PREFIX="r-connector rusersadd:"
|
||||||
|
|
||||||
|
USER="$1"
|
||||||
|
GCUBE_TOKEN=
|
||||||
|
GCUBE_SCOPES=
|
||||||
|
REMOTE_WORKSPACE_MOUNT=0
|
||||||
|
if [ $# -ne 3 ] ; then
|
||||||
|
REMOTE_WORKSPACE_MOUNT=1
|
||||||
|
logger "$LOG_PREFIX: this rconnector does not support the remote workspace mount"
|
||||||
|
else
|
||||||
|
GCUBE_TOKEN="$2"
|
||||||
|
GCUBE_SCOPES="$3"
|
||||||
|
fi
|
||||||
|
|
||||||
|
HDIR="{{ r_connector_usershome }}$USER"
|
||||||
# 0: allowed
|
# 0: allowed
|
||||||
# 1: not allowed
|
# 1: not allowed
|
||||||
ALLOW_LOCAL_USERS=1
|
ALLOW_LOCAL_USERS=1
|
||||||
RPROFILE_FILE='{{ r_connector_rprofile_path }}/{{ r_connector_rprofile_filename }}'
|
RPROFILE_FILE='{{ r_connector_rprofile_path }}/{{ r_connector_rprofile_filename }}'
|
||||||
|
FUSE_INTEGRATION_JAR=/usr/local/lib/sh-fuse-integration-1.0.0-SNAPSHOT-jar-with-dependencies.jar
|
||||||
|
WORKSPACE_MOUNT_DIR="$HDIR/{{ r_connector_workspace_mountpoint }}"
|
||||||
|
|
||||||
if [ -d $HDIR ] ; then
|
workspace_mount () {
|
||||||
if id -u $USER >/dev/null 2>&1
|
if [ $REMOTE_WORKSPACE_MOUNT -eq 0 ] ; then
|
||||||
|
{{ r_connector_workspace_unmount }} "$USER"
|
||||||
|
logger "$LOG_PREFIX: Trying to mount the remote workspace"
|
||||||
|
[ $DEBUG -eq 0 ] && logger "$LOG_PREFIX: Mount command is sudo -u $USER /usr/bin/java -jar $FUSE_INTEGRATION_JAR $GCUBE_TOKEN $GCUBE_SCOPES $WORKSPACE_MOUNT_DIR"
|
||||||
|
sudo /bin/mkdir -p "$WORKSPACE_MOUNT_DIR"
|
||||||
|
sudo /bin/chown "${USER}" "$WORKSPACE_MOUNT_DIR"
|
||||||
|
sudo -u "$USER" /usr/bin/java -jar $FUSE_INTEGRATION_JAR $GCUBE_TOKEN $GCUBE_SCOPES $WORKSPACE_MOUNT_DIR > "/var/tmp/workspace_${USER}.log" 2>&1 &
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
fix_userconfig_perms () {
|
||||||
|
sudo /usr/bin/touch "${HDIR}/{{ r_connector_userconfig }}"
|
||||||
|
sudo /bin/chmod 660 "$HDIR/{{ r_connector_userconfig }}"
|
||||||
|
sudo /bin/chown "${USER}:{{ smartgears_user }}" "$HDIR/{{ r_connector_userconfig }}"
|
||||||
|
sudo /usr/bin/setfacl -m u:${USER}:rw,g:{{ smartgears_user }}:rw $HDIR/{{ r_connector_userconfig }}
|
||||||
|
}
|
||||||
|
if [ -d "$HDIR" ] ; then
|
||||||
|
if id -u "$USER" >/dev/null 2>&1
|
||||||
then
|
then
|
||||||
logger "$LOG_PREFIX user $HDIR directory exists. Touching the userconfig.csv file to ensure that it exists with the correct permissions"
|
logger "$LOG_PREFIX user $HDIR directory exists. Touching the userconfig.csv file to ensure that it exists with the correct permissions"
|
||||||
sudo /usr/bin/touch ${HDIR}/{{ r_connector_userconfig }}
|
fix_userconfig_perms
|
||||||
sudo /bin/chown ${USER}:{{ smartgears_user }} $HDIR/{{ r_connector_userconfig }}
|
sudo /bin/ln -s "$RPROFILE_FILE" "$HDIR/{{ r_connector_rprofile_filename }}"
|
||||||
sudo /usr/bin/setfacl -m u:${USER}:rw,g:{{ smartgears_user }}:rw $HDIR/{{ r_connector_userconfig }}
|
workspace_mount
|
||||||
sudo /bin/ln -s $RPROFILE_FILE $HDIR/{{ r_connector_rprofile_filename }}
|
|
||||||
exit 0
|
exit 0
|
||||||
else
|
else
|
||||||
logger "$LOG_PREFIX user $HDIR directory exists but the user not. Aborting."
|
logger "$LOG_PREFIX user $HDIR directory exists but the user not. Aborting."
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
else
|
else
|
||||||
if id -u $USER >/dev/null 2>&1
|
if id -u "$USER" >/dev/null 2>&1
|
||||||
then
|
then
|
||||||
logger "$LOG_PREFIX ldap user $USER first login"
|
logger "$LOG_PREFIX ldap user $USER first login"
|
||||||
sudo /bin/mkdir -p $HDIR
|
sudo /bin/mkdir -p "$HDIR"
|
||||||
sudo /bin/chown -R $USER $HDIR
|
sudo /bin/chown -R "$USER" "$HDIR"
|
||||||
sudo /bin/chmod g-wr,o-rwx $HDIR
|
sudo /bin/chmod g-wr,o-rwx "$HDIR"
|
||||||
sudo /usr/bin/touch $HDIR/{{ r_connector_userconfig }}
|
fix_userconfig_perms
|
||||||
sudo /bin/chmod 660 $HDIR/{{ r_connector_userconfig }}
|
sudo /bin/chgrp {{ smartgears_user }} "$HDIR"
|
||||||
sudo /bin/chown $USER:{{ smartgears_user }} $HDIR/{{ r_connector_userconfig }}
|
sudo /bin/ln -s "$RPROFILE_FILE" "$HDIR/{{ r_connector_rprofile_filename }}"
|
||||||
sudo /usr/bin/setfacl -m u:${USER}:rw,g:{{ smartgears_user }}:rw $HDIR/{{ r_connector_userconfig }}
|
workspace_mount
|
||||||
sudo /bin/chgrp {{ smartgears_user }} $HDIR
|
|
||||||
sudo /bin/ln -s $RPROFILE_FILE $HDIR/{{ r_connector_rprofile_filename }}
|
|
||||||
exit 0
|
exit 0
|
||||||
else
|
else
|
||||||
logger "$LOG_PREFIX user $USER does not exist locally and is not an ldap user"
|
logger "$LOG_PREFIX user $USER does not exist locally and is not an ldap user"
|
||||||
|
@ -43,13 +75,11 @@ else
|
||||||
exit 1
|
exit 1
|
||||||
else
|
else
|
||||||
logger "$LOG_PREFIX non ldap users allowed, adding the user $USER locally"
|
logger "$LOG_PREFIX non ldap users allowed, adding the user $USER locally"
|
||||||
sudo /usr/sbin/useradd -m -s /bin/false -g {{ smartgears_user }} $USER
|
sudo /usr/sbin/useradd -m -s /bin/false -g {{ smartgears_user }} "$USER"
|
||||||
sudo /bin/chmod g+ws $HDIR
|
sudo /bin/chmod g+ws "$HDIR"
|
||||||
sudo /usr/bin/touch $HDIR/{{ r_connector_userconfig }}
|
fix_userconfig_perms
|
||||||
sudo /bin/chmod 660 $HDIR/{{ r_connector_userconfig }}
|
sudo /bin/chgrp -R {{ smartgears_user }} "$HDIR"
|
||||||
sudo /usr/bin/setfacl -m g:{{ smartgears_user }}:rw $HDIR/{{ r_connector_userconfig }}
|
sudo /bin/ln -s "$RPROFILE_FILE" "$HDIR/{{ r_connector_rprofile_filename }}"
|
||||||
sudo /bin/chgrp -R {{ smartgears_user }} $HDIR
|
|
||||||
sudo /bin/ln -s $RPROFILE_FILE $HDIR/{{ r_connector_rprofile_filename }}
|
|
||||||
exit 0
|
exit 0
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
Loading…
Reference in New Issue