forked from ISTI-ansible-roles/ansible-roles
library/roles/smartgears: Handle the case when we need VO level authorization. Use the locally saved scopes instead of the provided ones. See https://support.d4science.org/issues/7880
This commit is contained in:
parent
8c3a37c5bc
commit
c9a63a6330
|
@ -16,7 +16,8 @@ smartgears_user: '{{ d4science_user }}'
|
||||||
smartgears_user_home: '{{ d4science_user_home }}'
|
smartgears_user_home: '{{ d4science_user_home }}'
|
||||||
smartgears_instance_path: '{{ smartgears_user_home }}/tomcat'
|
smartgears_instance_path: '{{ smartgears_user_home }}/tomcat'
|
||||||
smartgears_install_path: '{{ smartgears_user_home }}/SmartGears'
|
smartgears_install_path: '{{ smartgears_user_home }}/SmartGears'
|
||||||
smartgears_distribution_version: 2.1.0-4.3.0-142337
|
#smartgears_distribution_version: 2.1.0-4.3.0-142337
|
||||||
|
smartgears_distribution_version: 2.1.2-4.4.0-146408
|
||||||
smartgears_file: 'smartgears-distribution-{{ smartgears_distribution_version }}.tar.gz'
|
smartgears_file: 'smartgears-distribution-{{ smartgears_distribution_version }}.tar.gz'
|
||||||
smartgears_url: 'http://maven.research-infrastructures.eu/nexus/content/repositories/{{ gcube_repository }}/org/gcube/distribution/smartgears-distribution/{{ smartgears_distribution_version }}/{{ smartgears_file }}'
|
smartgears_url: 'http://maven.research-infrastructures.eu/nexus/content/repositories/{{ gcube_repository }}/org/gcube/distribution/smartgears-distribution/{{ smartgears_distribution_version }}/{{ smartgears_file }}'
|
||||||
smartgears_mode: online
|
smartgears_mode: online
|
||||||
|
@ -40,7 +41,7 @@ smartgears_country: it
|
||||||
smartgears_location: pisa
|
smartgears_location: pisa
|
||||||
smartgears_latitude: 41.9000
|
smartgears_latitude: 41.9000
|
||||||
smartgears_longitude: 12.5000
|
smartgears_longitude: 12.5000
|
||||||
smartgears_publication_frequency: 180
|
smartgears_publication_frequency: 300
|
||||||
smartgears_http_port: 9000
|
smartgears_http_port: 9000
|
||||||
smartgears_service_name: 'tomcat-instance-{{ smartgears_http_port }}'
|
smartgears_service_name: 'tomcat-instance-{{ smartgears_http_port }}'
|
||||||
|
|
||||||
|
|
|
@ -58,6 +58,26 @@
|
||||||
copy: src=TokenGenerator.class dest=/usr/local/lib/TokenGenerator.class owner=root group=root mode=0644
|
copy: src=TokenGenerator.class dest=/usr/local/lib/TokenGenerator.class owner=root group=root mode=0644
|
||||||
tags: [ 'smartgears', 'smartgears_conf', 'tomcat' ]
|
tags: [ 'smartgears', 'smartgears_conf', 'tomcat' ]
|
||||||
|
|
||||||
|
- name: Install the script that manages the smartgears loglevel
|
||||||
|
template: src=change-logback-loglevel.sh.j2 dest=/usr/local/bin/change-logback-loglevel owner=root group=root mode=0755
|
||||||
|
with_items: '{{ tomcat_m_instances }}'
|
||||||
|
when: not item.skip_smartgears
|
||||||
|
tags: [ 'smartgears', 'smartgears_loglevel', 'tomcat' ]
|
||||||
|
|
||||||
|
- name: Change the smartgears log level
|
||||||
|
become: True
|
||||||
|
become_user: '{{ smartgears_user }}'
|
||||||
|
shell: /usr/local/bin/change-logback-loglevel
|
||||||
|
tags: [ 'smartgears', 'tomcat', 'smartgears_loglevel' ]
|
||||||
|
|
||||||
|
- name: Remove some wrong symbolic links created by the install/upgrade script
|
||||||
|
file: dest={{ item }} state=absent
|
||||||
|
with_items:
|
||||||
|
- '{{ smartgears_install_path }}/lib/lib'
|
||||||
|
- '{{ smartgears_install_path }}/apps/webapps'
|
||||||
|
when: smartgears_upgrade
|
||||||
|
tags: [ 'smartgears', 'smartgears_conf', 'tomcat' ]
|
||||||
|
|
||||||
- name: Install the script that fetches the scope tokens
|
- name: Install the script that fetches the scope tokens
|
||||||
template: src=get-scopes.j2 dest=/usr/local/bin/get-scopes owner=root group={{ smartgears_user }} mode=0750
|
template: src=get-scopes.j2 dest=/usr/local/bin/get-scopes owner=root group={{ smartgears_user }} mode=0750
|
||||||
with_items: '{{ tomcat_m_instances }}'
|
with_items: '{{ tomcat_m_instances }}'
|
||||||
|
@ -81,38 +101,20 @@
|
||||||
with_items: '{{ tomcat_m_instances }}'
|
with_items: '{{ tomcat_m_instances }}'
|
||||||
tags: [ 'smartgears', 'smartgears_conf', 'tomcat' ]
|
tags: [ 'smartgears', 'smartgears_conf', 'tomcat' ]
|
||||||
|
|
||||||
- name: Get the scope tokens from the authorization service and assemble the container.xml file
|
- name: Get the scope tokens from the authorization service and assemble the container.xml file when whe have an authorization token or we are upgrading
|
||||||
become: True
|
become: True
|
||||||
become_user: '{{ smartgears_user }}'
|
become_user: '{{ smartgears_user }}'
|
||||||
shell: /usr/local/bin/get-scopes {{ gcube_admin_token | default(omit) }}
|
shell: /usr/local/bin/get-scopes {{ gcube_admin_token | default('') }}
|
||||||
when: gcube_admin_token is defined
|
when: gcube_admin_token is defined or smartgears_upgrade
|
||||||
tags: [ 'smartgears', 'smartgears_conf', 'tomcat' ]
|
|
||||||
|
|
||||||
- name: Remove the smartgears application state if requested
|
|
||||||
#file: dest={{ smartgears_install_path }}/state state=absent
|
|
||||||
file: dest=/home/gcube/SmartGears/state state=absent
|
|
||||||
when: smartgears_remove_state
|
|
||||||
notify: Restart smartgears
|
notify: Restart smartgears
|
||||||
tags: [ 'smartgears', 'smartgears_conf', 'tomcat' ]
|
tags: [ 'smartgears', 'smartgears_conf', 'tomcat' ]
|
||||||
|
|
||||||
- name: Install the script that manages the smartgears loglevel
|
- name: Remove the smartgears application state if requested
|
||||||
template: src=change-logback-loglevel.sh.j2 dest=/usr/local/bin/change-logback-loglevel owner=root group=root mode=0755
|
|
||||||
with_items: '{{ tomcat_m_instances }}'
|
|
||||||
when: not item.skip_smartgears
|
|
||||||
tags: [ 'smartgears', 'smartgears_loglevel', 'tomcat' ]
|
|
||||||
|
|
||||||
- name: Change the smartgears log level
|
|
||||||
become: True
|
become: True
|
||||||
become_user: '{{ smartgears_user }}'
|
become_user: '{{ smartgears_user }}'
|
||||||
shell: /usr/local/bin/change-logback-loglevel
|
shell: . {{ smartgears_user_home }}/.bashrc ; cd {{ smartgears_user_home }}/SmartGears/scripts ; ./clean-container-state -s old_saved_scopes.xml
|
||||||
tags: [ 'smartgears', 'tomcat', 'smartgears_loglevel' ]
|
when: smartgears_remove_state and not smartgears_upgrade
|
||||||
|
notify: Restart smartgears
|
||||||
- name: Remove some wrong symbolic links created by the install/upgrade script
|
|
||||||
file: dest={{ item }} state=absent
|
|
||||||
with_items:
|
|
||||||
- '{{ smartgears_install_path }}/lib/lib'
|
|
||||||
- '{{ smartgears_install_path }}/apps/webapps'
|
|
||||||
when: smartgears_upgrade
|
|
||||||
tags: [ 'smartgears', 'smartgears_conf', 'tomcat' ]
|
tags: [ 'smartgears', 'smartgears_conf', 'tomcat' ]
|
||||||
|
|
||||||
- name: Force a smartgears restart
|
- name: Force a smartgears restart
|
||||||
|
|
|
@ -6,11 +6,37 @@ CONTAINER_XML_TAIL={{ smartgears_user_home }}/.containerxml/3-container.xml
|
||||||
LOCAL_LIB=/usr/local/lib
|
LOCAL_LIB=/usr/local/lib
|
||||||
LOCAL_ETC=/usr/local/etc
|
LOCAL_ETC=/usr/local/etc
|
||||||
LOG_PREFIX="get-scopes: "
|
LOG_PREFIX="get-scopes: "
|
||||||
|
GHN_ENV_FILE=/etc/default/tomcat-instance-{{ item.http_port }}.local
|
||||||
|
SMARTGEARS_VO_AUTH={{ smartgears_authorized_on_all_scopes }}
|
||||||
|
SMARTGEARS_UPGRADE={{ smartgears_upgrade }}
|
||||||
|
SMARTGEARS_SAVED_STATE_F=saved_scopes_list.xml
|
||||||
|
SMARTGEARS_SAVED_STATE_PATH={{ smartgears_user_home }}/SmartGears/$SMARTGEARS_SAVED_STATE_F
|
||||||
|
SMARTGEARS_SCRIPTS_DIR={{ smartgears_user_home }}/SmartGears/scripts
|
||||||
|
|
||||||
|
|
||||||
CONTAINER_XML_FILE={{ smartgears_install_path }}/container.xml
|
CONTAINER_XML_FILE={{ smartgears_install_path }}/container.xml
|
||||||
|
|
||||||
|
# 0: True, 1: False
|
||||||
|
USE_SAVED_STATE=1
|
||||||
|
|
||||||
RETVAL=
|
RETVAL=
|
||||||
|
|
||||||
|
# Scenario:
|
||||||
|
# - First installation, no upgrade.
|
||||||
|
# - The node must run on all VOs
|
||||||
|
# In these cases we use our scopes list
|
||||||
|
|
||||||
|
if [ "$SMARTGEARS_VO_AUTH" == 'false' ] ; then
|
||||||
|
if [ "$SMARTGEARS_UPGRADE" == 'True' ] ; then
|
||||||
|
USE_SAVED_STATE=0
|
||||||
|
logger "$LOG_PREFIX setting the correct variables so that we are going to use the local scopes"
|
||||||
|
else
|
||||||
|
logger "$LOG_PREFIX We are going to use our scopes list. A valid token is mandatory"
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
logger "$LOG_PREFIX We are going to use our scopes list. A valid token is mandatory"
|
||||||
|
fi
|
||||||
|
|
||||||
SCOPES_LIST=""
|
SCOPES_LIST=""
|
||||||
if [ -f $LOCAL_ETC/scopes.list ] ; then
|
if [ -f $LOCAL_ETC/scopes.list ] ; then
|
||||||
. $LOCAL_ETC/scopes.list
|
. $LOCAL_ETC/scopes.list
|
||||||
|
@ -20,12 +46,14 @@ else
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
|
||||||
if [ $# -ne 1 ] ; then
|
if [ $# -ne 1 -a $USE_SAVED_STATE -ne 0 ] ; then
|
||||||
echo "The token must be passed as the sole argument"
|
echo "The token must be passed as the sole argument when we are not using the local state"
|
||||||
logger "$LOG_PREFIX The token must be passed as the sole argument"
|
logger "$LOG_PREFIX The token must be passed as the sole argument when we are not using the local state"
|
||||||
exit 1
|
exit 1
|
||||||
|
elif [ $# -eq 1 ] ; then
|
||||||
|
logger "$LOG_PREFIX We have an authorization token"
|
||||||
|
TOKEN=$1
|
||||||
fi
|
fi
|
||||||
TOKEN=$1
|
|
||||||
|
|
||||||
{%if setup_nginx %}
|
{%if setup_nginx %}
|
||||||
{%if https_port is defined %}
|
{%if https_port is defined %}
|
||||||
|
@ -43,21 +71,33 @@ HTTP_PORT={{ http_port }}
|
||||||
HTTP_PORT={{ item.http_port }}
|
HTTP_PORT={{ item.http_port }}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
for jar in $( ls -1 /home/gcube/tomcat/lib/ ) ; do
|
if [ $USE_SAVED_STATE -ne 0 ] ; then
|
||||||
export CLASSPATH="/home/gcube/SmartGears/lib/${jar}:$CLASSPATH"
|
logger "$LOG_PREFIX First installation or moving avay to a configuration that needs to be present on all the VREs. Using our scopes list and not the state memorized one"
|
||||||
done
|
for jar in $( ls -1 /home/gcube/tomcat/lib/ ) ; do
|
||||||
|
export CLASSPATH="/home/gcube/SmartGears/lib/${jar}:$CLASSPATH"
|
||||||
|
done
|
||||||
|
|
||||||
cd $LOCAL_LIB
|
cd $LOCAL_LIB
|
||||||
|
|
||||||
java TokenGenerator {{ smartgears_hostname }} $TOKEN $HTTP_PORT $SCOPES_FILE $SCOPES_LIST
|
java TokenGenerator {{ smartgears_hostname }} $TOKEN $HTTP_PORT $SCOPES_FILE $SCOPES_LIST >/dev/null 2>&1
|
||||||
RETVAL=$?
|
RETVAL=$?
|
||||||
if [ $RETVAL -eq 0 ] ; then
|
if [ $RETVAL -eq 0 ] ; then
|
||||||
logger "$LOG_PREFIX We got the scope tokens"
|
logger "$LOG_PREFIX We got the scope tokens"
|
||||||
|
else
|
||||||
|
logger "$LOG_PREFIX Unable to obtain the scope tokens, aborting"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
else
|
else
|
||||||
logger "$LOG_PREFIX Unable to obtain the scope tokens, aborting"
|
logger "$LOG_PREFIX We are going to use the scopes memorized into the state"
|
||||||
exit 1
|
SCOPES_FILE=$SMARTGEARS_SAVED_STATE_PATH
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
# We always remove the current state
|
||||||
|
cd $SMARTGEARS_SCRIPTS_DIR
|
||||||
|
. $GHN_ENV_FILE
|
||||||
|
./clean-container-state -s $SMARTGEARS_SAVED_STATE_F
|
||||||
|
|
||||||
|
|
||||||
# Now that we have the tokens, we can assemble the container.xml file
|
# Now that we have the tokens, we can assemble the container.xml file
|
||||||
chmod 640 $CONTAINER_XML_FILE
|
chmod 640 $CONTAINER_XML_FILE
|
||||||
CREATE_CONTAINER_XML_RES=0
|
CREATE_CONTAINER_XML_RES=0
|
||||||
|
|
Loading…
Reference in New Issue