Merge pull request #254 from agelostsal/devel

ARGO-1255 Create Cron Job for the gocdb sync script and simplify the …

Merge pull request #254 from agelostsal/devel
ARGO-1255 Create Cron Job for the gocdb sync script and simplify the …
4865ce8a · Themis Zamani · GitHub · 922d6386 · 4b314e61 · 4865ce8a
Unverified Commit 4865ce8a authored Jun 28, 2018 by Themis Zamani Committed by GitHub Jun 28, 2018
--- a/README.md
+++ b/README.md
@@ -324,3 +324,25 @@ is the same as for users to add, but the only required field is `username`.
 However, it is recommended that you also keep the `uid` field for reference so
 that numeric user ids are not accidentally reused.

+## Argo Authentication Service
+In case you would like to provide extra authentication mechanisms for your argo services
+ypu could set up the argo-api-authn service. This playbook contains (1) roles.
+
+- Set up the ams-create-users-from-gocdb script
+
+### Things to do before deployment
+
+In the `roles/argo-api-authn/defaults/main.yml` replace:
+
+- the virtual_env_installation, which refers to the folder that will contain the virtual environment
+e.g. with the current default configuration it will be created under `/var/www/argo-api-authn/Envs/authn-env`
+- the service_configuration_folder, which refers to where the service's configuration files are being kept
+
+### Prerequisites
+- Deploy against CentOS 7.x
+- Ansible version used: 2.2
+
+if you want to run the script:
+```bash
+$ ansible-playbook -i <your_inventory> authn-setup.yml -vvv 
+``` 
\ No newline at end of file
--- a/authn_setup.yml
+++ b/authn_setup.yml
+---
+
+- hosts: haproxy
+  user: root
+  roles:
+    - argo-api-authn
\ No newline at end of file
--- a/roles/argo-api-authn/defaults/main.yml
+++ b/roles/argo-api-authn/defaults/main.yml
+---
+
+virtual_env_installation: /var/www/argo-api-authn/Envs
+service_configuration_folder: /etc/argo-api-authn/conf.d
\ No newline at end of file
--- a/roles/argo-api-authn/handlers/main.yml
+++ b/roles/argo-api-authn/handlers/main.yml
+---
+ - become: true
+   name: restart cron after timezone change
+   service: name=crond state=restarted
\ No newline at end of file
--- a/roles/argo-api-authn/tasks/main.yml
+++ b/roles/argo-api-authn/tasks/main.yml
+---
+
+- name: "install pip"
+  yum: 
+    name: python-pip
+    state: latest
+    enablerepo: epel
+
+- name : "upgrade pip"
+  pip:
+    name: pip
+    extra_args: --upgrade
+
+- name: "create directory to host all virtualenvs"
+  file:
+    path: "{{virtual_env_installation}}"
+    state: directory 
+
+- name: Create a virtualenv and install the requirements
+  pip: 
+    name: git+https://github.com/ARGOeu/argo-api-authn.git@devel#egg=argo-api-authn-scripts
+    virtualenv: "{{virtual_env_installation}}/authn-env"
+    virtualenv_python: python2.7
+
+- name: change permissions for authn-env
+  file:
+    path: "{{virtual_env_installation}}"
+    state: directory
+    owner: argo-api-authn
+    group: argo-api-authn
+    mode: 0755
+    recurse: yes
+
+- name: "template configuration for ams-create-users-gocdb script"
+  template: 
+    src: ams-create-users-gocdb.template.j2
+    dest: "{{service_configuration_folder}}/ams-create-users-gocdb.cfg"
+
+- name: change permissions for ams-create-users-gocdb.cfg
+  file:
+    path: "{{service_configuration_folder}}/ams-create-users-gocdb.cfg"
+    owner: argo-api-authn
+    group: argo-api-authn
+    mode: 0644
+
+- name: "set up cron for ams-create-users-gocdb"
+  cron:
+    cron_file: ams-create-users-gocdb
+    name: "set up cron for ams-create-users-gocdb"
+    user: argo-api-authn
+    hour: 1
+    job: "{{virtual_env_installation}}/authn-env/bin/python {{virtual_env_installation}}/authn-env/bin/ams-create-users-gocdb.py -v"
+
--- a/roles/argo-api-authn/templates/ams-create-users-gocdb.template.j2
+++ b/roles/argo-api-authn/templates/ams-create-users-gocdb.template.j2
+[AMS]
+
+# under which ams project, the users will be created
+ams_project: {{ams.project}}
+
+# goc db url to pull user data
+goc_db_host: {{ams.goc_db_host}}
+
+# service types referes to the different service types that will we should keep from the xml and assign them to the respectivew ams topic
+service-types: {{ams.service_types}}
+
+# ams use role
+users_role: {{ams.users_role}}
+
+# token to access ams
+ams_token: {{ams.token}}
+
+# ams url
+ams_host: {{ams.host}}
+
+# ams user email
+ams_email: {{ams.email}}
+
+[AUTHN]
+
+# token to access authn
+authn_token: {{authn.token}}
+
+# authn url to create bindings
+authn_host: {{authn.host}}
+
+# service's uuid where bindings will belong
+service_uuid: {{authn.service_uuid}}
+
+# service's host where bindings will belong
+service_host: {{authn.service_host}}
+
+[LOGS]
+syslog_socket: {{logs.syslog_socket}}
\ No newline at end of file