Unverified Commit 4865ce8a authored by Themis Zamani's avatar Themis Zamani Committed by GitHub
Browse files

Merge pull request #254 from agelostsal/devel

ARGO-1255 Create Cron Job for the gocdb sync script and simplify the …
parents 922d6386 4b314e61
......@@ -324,3 +324,25 @@ is the same as for users to add, but the only required field is `username`.
However, it is recommended that you also keep the `uid` field for reference so
that numeric user ids are not accidentally reused.
## Argo Authentication Service
In case you would like to provide extra authentication mechanisms for your argo services
ypu could set up the argo-api-authn service. This playbook contains (1) roles.
- Set up the ams-create-users-from-gocdb script
### Things to do before deployment
In the `roles/argo-api-authn/defaults/main.yml` replace:
- the virtual_env_installation, which refers to the folder that will contain the virtual environment
e.g. with the current default configuration it will be created under `/var/www/argo-api-authn/Envs/authn-env`
- the service_configuration_folder, which refers to where the service's configuration files are being kept
### Prerequisites
- Deploy against CentOS 7.x
- Ansible version used: 2.2
if you want to run the script:
```bash
$ ansible-playbook -i <your_inventory> authn-setup.yml -vvv
```
\ No newline at end of file
---
- hosts: haproxy
user: root
roles:
- argo-api-authn
\ No newline at end of file
---
virtual_env_installation: /var/www/argo-api-authn/Envs
service_configuration_folder: /etc/argo-api-authn/conf.d
\ No newline at end of file
---
- become: true
name: restart cron after timezone change
service: name=crond state=restarted
\ No newline at end of file
---
- name: "install pip"
yum:
name: python-pip
state: latest
enablerepo: epel
- name : "upgrade pip"
pip:
name: pip
extra_args: --upgrade
- name: "create directory to host all virtualenvs"
file:
path: "{{virtual_env_installation}}"
state: directory
- name: Create a virtualenv and install the requirements
pip:
name: git+https://github.com/ARGOeu/argo-api-authn.git@devel#egg=argo-api-authn-scripts
virtualenv: "{{virtual_env_installation}}/authn-env"
virtualenv_python: python2.7
- name: change permissions for authn-env
file:
path: "{{virtual_env_installation}}"
state: directory
owner: argo-api-authn
group: argo-api-authn
mode: 0755
recurse: yes
- name: "template configuration for ams-create-users-gocdb script"
template:
src: ams-create-users-gocdb.template.j2
dest: "{{service_configuration_folder}}/ams-create-users-gocdb.cfg"
- name: change permissions for ams-create-users-gocdb.cfg
file:
path: "{{service_configuration_folder}}/ams-create-users-gocdb.cfg"
owner: argo-api-authn
group: argo-api-authn
mode: 0644
- name: "set up cron for ams-create-users-gocdb"
cron:
cron_file: ams-create-users-gocdb
name: "set up cron for ams-create-users-gocdb"
user: argo-api-authn
hour: 1
job: "{{virtual_env_installation}}/authn-env/bin/python {{virtual_env_installation}}/authn-env/bin/ams-create-users-gocdb.py -v"
[AMS]
# under which ams project, the users will be created
ams_project: {{ams.project}}
# goc db url to pull user data
goc_db_host: {{ams.goc_db_host}}
# service types referes to the different service types that will we should keep from the xml and assign them to the respectivew ams topic
service-types: {{ams.service_types}}
# ams use role
users_role: {{ams.users_role}}
# token to access ams
ams_token: {{ams.token}}
# ams url
ams_host: {{ams.host}}
# ams user email
ams_email: {{ams.email}}
[AUTHN]
# token to access authn
authn_token: {{authn.token}}
# authn url to create bindings
authn_host: {{authn.host}}
# service's uuid where bindings will belong
service_uuid: {{authn.service_uuid}}
# service's host where bindings will belong
service_host: {{authn.service_host}}
[LOGS]
syslog_socket: {{logs.syslog_socket}}
\ No newline at end of file
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment