Commit a0189028 authored by Paschalis Korosoglou's avatar Paschalis Korosoglou
Browse files

ARGO-242 Ansible play for POEM service

parent af037450
......@@ -53,6 +53,33 @@ Contains Ansible playbook for the deployment of the ARGO Web UI service. The pla
$ ansible-playbook -v webui.yml
```
## POEM deployment
Contains Ansible playbook for the deployment of the ARGO POEM service. The play is split into four (4) roles:
- firewall (configures iptables firewall rules)
- repos (includes tasks for the installation of the required repository definitions)
- has_certificate (task for uploading the certificate file onto the host under the appropriate path)
- poem (installs and bootstraps poem service)
### Things to do before deployment
- Obtain a key/certificate pair from a trusted CA and after place them both under roles/has_certificate/files with names `{{inventory_hostname}}.key` and `{{inventory_hostname}}.pem` respectively. As `{{inventory_hostname}}` use the exact name used within the `inventory` file.
- Edit inventory and replace `poem.node` with the hostname that you intend to deploy the POEM service onto.
- Create a `host_vars/{{inventory_hostname}}` file and place therein the variables found within the `roles/poem/defaults/main.yml` file in order to overwrite them.
- In order to generate a uuid to be used in the place of the `poem_secret` variable you may use the `uuidgen` linux cli utility.
### Prerequisites
- Deploy against CentOS 6.x node
- Make sure `libselinux-python` is installed on the target node
- Ansible version used is `1.9.2`
### How to deploy
```bash
$ ansible-playbook -v poem.yml
```
## Full standalone deployment
Contains Ansible playbook for the deployment of all ARGO components. The play is split into six (6) roles:
......
......@@ -3,4 +3,6 @@
# Variable enabled_argo_repo specifies which RPM repository to use.
# To use the development repository set its value to argo-devel
enabled_argo_repo: argo-prod
\ No newline at end of file
enabled_argo_repo: argo-prod
cert_dir: /etc/grid-security
---
iptables_rules:
input:
- { dport: "443", proto: "tcp", policy: "accept"}
......@@ -5,5 +5,8 @@ webapi.node
[standalone]
standalone.node
[poem]
poem.node
[webui]
webui.node
\ No newline at end of file
---
- hosts: poem
sudo: true
roles:
- { role: firewall, tags: firewall }
- { role: repos, tags: repos }
- { role: has_certificate, tags: certificate }
- { role: poem, tags: poem }
---
db_path: /var/lib/poem/poemserv.db
db_user: test
db_pass: test123
db_mail: foo@example.com
poem_namespace: example.com.TEST
poem_gocdb_url: goc.egi.eu
poem_secret: bbc2ac55-e3aa-4b89-9038-e1acc4baf232
poem_debug: "True"
poem_timezone: Europe/Athens
\ No newline at end of file
---
- name: Install CAs metapackage
yum: name=ca-policy-egi-core state=latest
tags: install_ca_bundle
- name: Install poem package from argo repository
yum: name=poem state=latest enablerepo={{ enabled_argo_repo }}
- name: Create poem.ini file
template: src=poem.ini.j2
dest=/etc/poem/poem.ini backup=yes
owner=root group=root mode=0644
- name: Run db creation script
shell: poem-createdb creates={{ db_path }}
- name: Start and enable httpd service
service: name=httpd state=started enabled=yes
[general]
SUPERUSER_NAME: {{ db_user }}
SUPERUSER_PASSWORD: {{ db_pass }}
SUPERUSER_EMAIL: {{ db_mail }}
[log]
LOG_CONFIG: /etc/poem/poem_logging.ini
[others]
POEM_NAMESPACE: {{ poem_namespace }}
GOCDB_SERVICETYPE_URL: https://{{ poem_gocdb_url }}/gocdbpi/private/?method=get_service_types
CIC_VO_URL: http://operations-portal.egi.eu/xml/voIDCard/public/all/true
HOST_CERT = /etc/grid-security/hostcert.pem
HOST_KEY = /etc/grid-security/hostkey.pem
DEBUG: {{ poem_debug }}
SECRET_KEY: {{ poem_secret }}
TIME_ZONE: {{ poem_timezone }}
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment