README.md 6.27 KB
Newer Older
1
# ARGO via Ansible
2

3 4 5
# Modified from GitLab


6 7 8 9 10 11 12 13 14
This repository contains a collection of Ansible roles and playbooks that aim at easing the deployment procedure of ARGO products. The goal for these roles and playbooks has been to be as generic as possible so that they are easily adaptable to different environments and e-Infrastructure requirements. Hence most of the variables used by default in these roles reside under the `roles/{role_name}/defaults/main.yml` files. 

The administrator of the ARGO product being deployed via these Ansible playbooks may use any of the following places in order to successfully overwrite the default values of the variables and adapt the ARGO product to the specific environment and requirements:
- `roles/{role_name}/vars/main.yml`
- `groups_vars/{groups_name}`
- `host_vars/{inventory_hostname}`

Per ARGO product more details on prerequisites and variables are given in the following subsections.

15 16 17 18
## WebAPI deployment

Contains Ansible playbook for the deployment of the ARGO datastore and API service. The play is split into four (4) roles:
- repos (includes tasks for the installation of the required repository definitions)
19 20 21 22
- has_certificate (task for uploading the certificate file onto the host under the appropriate path)
- mongodb (installation and configuration of mongodb datastore)
- webapi (installation and bootstrap of ARGO api service)

23
### Things to do before deployment
24

Paschalis Korosoglou's avatar
Paschalis Korosoglou committed
25
- Obtain a key/certificate pair from a trusted CA and after place them both under roles/has_certificate/files with names `{{inventory_hostname}}.key` and `{{inventory_hostname}}.pem` respectively. As `{{inventory_hostname}}` use the exact name used within the `inventory` file. 
26
- Edit inventory and replace `webapi.node` with the hostname that you intend to deploy the API onto. 
27

28
### Prerequisites
29

30
- Deploy against CentOS 6.x node
31
- Make sure `libselinux-python` is installed on the target node
32 33 34
- Ansible version used is `1.7.2`

### How to deploy
35 36 37

```bash
$ ansible-playbook -v webapi.yml
38 39
```

40 41 42 43 44 45 46 47 48 49 50

## Web UI deployment

Contains Ansible playbook for the deployment of the ARGO Web UI service. The play is split into four (4) roles:
- firewall (configures iptables firewall rules)
- repos (includes tasks for the installation of the required repository definitions)
- has_certificate (task for uploading the certificate file onto the host under the appropriate path)
- webui (installation and bootstrap of ARGO Web UI service)

### Things to do before deployment

Paschalis Korosoglou's avatar
Paschalis Korosoglou committed
51
- Obtain a key/certificate pair from a trusted CA and after place them both under roles/has_certificate/files with names `{{inventory_hostname}}.key` and `{{inventory_hostname}}.pem` respectively. As `{{inventory_hostname}}` use the exact name used within the `inventory` file. 
Paschalis Korosoglou's avatar
Paschalis Korosoglou committed
52
- Edit inventory and replace `webui.node` with the hostname that you intend to deploy the Web UI onto. 
53 54
- Edit `roles/webui/vars/main.yml` file and change the values of the `certificate_password` and `keystore_password` variables to a stronger value.

55 56
- Note that by default the EGI based web UI will be deployed on your target node. To change this behaviour use the `argo_web` and `branch_name` variables within the `roles/webui/vars/main.yml` file to point to another upstream lavoisier repository. 

57 58 59 60 61 62 63 64 65 66 67
### Prerequisites

- Deploy against CentOS 7.x node
- Ansible version used is `1.9.2`

### How to deploy

```bash
$ ansible-playbook -v webui.yml
```

68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94
## POEM deployment

Contains Ansible playbook for the deployment of the ARGO POEM service. The play is split into four (4) roles:
- firewall (configures iptables firewall rules)
- repos (includes tasks for the installation of the required repository definitions)
- has_certificate (task for uploading the certificate file onto the host under the appropriate path)
- poem (installs and bootstraps poem service)

### Things to do before deployment

- Obtain a key/certificate pair from a trusted CA and after place them both under roles/has_certificate/files with names `{{inventory_hostname}}.key` and `{{inventory_hostname}}.pem` respectively. As `{{inventory_hostname}}` use the exact name used within the `inventory` file. 
- Edit inventory and replace `poem.node` with the hostname that you intend to deploy the POEM service onto. 
- Create a `host_vars/{{inventory_hostname}}` file and place therein the variables found within the `roles/poem/defaults/main.yml` file in order to overwrite them. 
  - In order to generate a uuid to be used in the place of the `poem_secret` variable you may use the `uuidgen` linux cli utility. 

### Prerequisites

- Deploy against CentOS 6.x node
- Make sure `libselinux-python` is installed on the target node
- Ansible version used is `1.9.2`

### How to deploy

```bash
$ ansible-playbook -v poem.yml
```

95 96 97 98 99 100 101 102 103 104 105 106
## Full standalone deployment

Contains Ansible playbook for the deployment of all ARGO components. The play is split into six (6) roles:
- repos (includes tasks for the installation of the required repository definitions)
- ca_bundle (includes a task for the installation of the egi-ca-policy-core bundle)
- has_certificate (task for uploading the certificate file onto the host under the appropriate path)
- consumer (includes tasks for the installation of the ARGO consumer and feed components)
- mongodb (installation and configuration of mongodb datastore)
- webapi (installation and bootstrap of ARGO api service)

### Things to do before deployment

Paschalis Korosoglou's avatar
Paschalis Korosoglou committed
107
- Obtain a key/certificate pair from a trusted CA and after place them both under roles/has_certificate/files with names `{{inventory_hostname}}.key` and `{{inventory_hostname}}.pem` respectively. As `{{inventory_hostname}}` use the exact name used within the `inventory` file. 
108 109 110 111 112
- Edit inventory and replace `standalone.node` with the hostname that you intend to deploy the complete ARGO stack onto. 

### Prerequisites

- Deploy against CentOS 6.x node
113
- Make sure `libselinux-python` is installed on the target node
114 115 116 117 118 119 120
- Ansible version used is `1.7.2`

### How to deploy

```bash
$ ansible-playbook -v standalone.yml
```
121 122 123 124 125


## Monitoring your services

In case you are using Nagios or Icinga for health monitoring purposes a minimal `is_monitored` role is included in the repo. The puspose of this role is to install and configure the nrpe service on your target machines. Modify the remote host variable within the `roles/is_monitored/defaults/main.yml` file and include it in your playbooks.