Merge pull request #7 from mila-iqia/Add-new-publisher-role

Add publisher configuration
mila-iqia · Nov 24, 2023 · 5de021c · 5de021c
2 parents c22b81b + 10c4abf
commit 5de021c
Show file tree

Hide file tree

Showing 6 changed files with 78 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -127,6 +127,15 @@ variable | type | description
 `cvmfs_union_fs` | string | Union filesystem type (`overlayfs` or `aufs`) for new repositories on Stratum 0 servers.
 `cvmfs_numfiles` | integer | Set the maximum number of open files in `/etc/security/limits.conf`. Useful with the `CVMFS_NFILES` client option on Stratum 0 servers.
 
+## Publisher variables
+
+variable | type | description
+--- | --- | ---
+`cvmfs_repositories` | list of dicts | CVMFS repository configurations, to create publisher hosts.
+`cvmfs_certs` | list of dicts | The repository’s public key (encoded as an X.509 certificate).
+`cvmfs_gateway_api` | list of dicts | The gateway API key.
+
+
 [defaults]: https://github.com/galaxyproject/ansible-cvmfs/blob/master/defaults/main.yml
 [cvmfs-config-repo]: https://cvmfs.readthedocs.io/en/stable/cpt-configure.html#the-config-repository
 [preload]: http://cvmfs.readthedocs.io/en/stable/cpt-hpc.html

diff --git a/tasks/main.yml b/tasks/main.yml
@@ -37,3 +37,7 @@
 - name: Include localproxy Tasks
   ansible.builtin.include_tasks: localproxy.yml
   when: "'cvmfslocalproxies' in group_names or cvmfs_role == 'localproxy'"
+
+- name: Include publisher Tasks
+  ansible.builtin.include_tasks: publisher.yml
+  when: "'cvmfspublishers' in group_names or cvmfs_role == 'publisher'"
diff --git a/tasks/publisher.yml b/tasks/publisher.yml
@@ -0,0 +1,58 @@
+---
+- name: Include initial OS-specific tasks
+  ansible.builtin.include_tasks: init_{{ ansible_os_family | lower }}.yml
+  vars:
+    _cvmfs_role: publisher
+    _cvmfs_upgrade: "{{ cvmfs_upgrade_server }}"
+
+- name: Create a directory cvmfs_keys
+  ansible.builtin.file:
+    path: /var/tmp/keys
+    state: directory
+    mode: '0755'
+
+- name: Copy certificate key on publisher 
+  ansible.builtin.copy:
+    content: "{{ item.crt }}"
+    dest: /var/tmp/keys/
+    owner: "{{ item.owner | default('root') }}"
+    group: root
+    mode: "0400"
+  with_items: "{{ cvmfs_certs }}"
+  loop_control:
+    label: "{{ item.path }}"
+
+- name: Create the API key filesystem
+  ansible.builtin.template:
+    src: api-key.gw.j2
+    dest: "{{ item.key_dir | default('/var/tmp/keys') }}/{{ item.repository }}.gw"
+    owner: "{{ item.owner | default('root') }}"
+    group: root
+    mode: "0644"
+  loop: "{{ cvmfs_gateway_api }}"
+
+- name: Install CernVM-FS keys
+  ansible.builtin.copy:
+    content: "{{ item.key }}"
+    dest: "{{ item.path }}"
+    owner: "{{ item.owner | default('root') }}"
+    group: root
+    mode: 0444
+  loop: "{{ cvmfs_keys }}"
+  loop_control:
+    label: "{{ item.path }}"
+
+#export S0_IP='<STRATUM0_IP>'
+#sudo cvmfs_server mkfs -w http://$S0_IP/cvmfs/repo.organization.tld \
+#                       -u gw,/srv/cvmfs/repo.organization.tld/data/txn,http://$S0_IP:4929/api/v1 \
+#                       -k /path/to/keys/dir -o $USER repo.organization.tld
+
+- name:  Create the repository available for writing publisher
+  ansible.builtin.command: >-
+    /usr/bin/cvmfs_server mkfs -w http://{{ item.gateway }}/cvmfs/{{ item.repository }} 
+      -u gw,/srv/cvmfs/{{ item.repository }},http://{{ item.gateway }}:{{ item.gateway_port | default('4929') }}/api/v1
+      -k {{ item.key_dir | default('/tmp/keys') }}
+      -o {{ item.owner | default('root') }} {{ item.repository }}
+  args:
+    creates: /etc/cvmfs/repositories.d/{{ item.repository }}
+  loop: "{{ cvmfs_repositories }}"
diff --git a/templates/api-key.gw.j2 b/templates/api-key.gw.j2
@@ -0,0 +1 @@
+plain_text {{ item.KEY_ID }} {{ item.SECRET }}
diff --git a/vars/debian.yml b/vars/debian.yml
@@ -23,3 +23,6 @@ cvmfs_packages:
     - squid
   client:
     - cvmfs
+  publisher:
+    - cvmfs-server
+    - cvmfs
diff --git a/vars/redhat.yml b/vars/redhat.yml
@@ -23,3 +23,6 @@ cvmfs_packages:
     - squid
   client:
     - cvmfs
+  publisher:
+    - cvmfs-server
+    - cvmfs
-Original file line number
+Diff line change
@@ Expand Up / @@ -23,3 +23,6 @@ cvmfs_packages: @@
         - squid
       client:
         - cvmfs
+      publisher:
+        - cvmfs-server
+        - cvmfs