Commit e2b40ea9 authored by Themis Zamani's avatar Themis Zamani
Browse files

Merge pull request #25 from pkoro/webui

ARGO-243 WebUI Role addition
parents e06654e7 5710ba18
......@@ -25,6 +25,32 @@ Contains Ansible playbook for the deployment of the ARGO datastore and API servi
$ ansible-playbook -v webapi.yml
```
## Web UI deployment
Contains Ansible playbook for the deployment of the ARGO Web UI service. The play is split into four (4) roles:
- firewall (configures iptables firewall rules)
- repos (includes tasks for the installation of the required repository definitions)
- has_certificate (task for uploading the certificate file onto the host under the appropriate path)
- webui (installation and bootstrap of ARGO Web UI service)
### Things to do before deployment
- Obtain a key/certificate pair from a trusted CA and after place them both under roles/has_certificate/files with names `hostkey.pem` and `hostcert.pem` respectively.
- Edit inventory and replace `webui.node` with the hostname that you intend to deploy the Web UI onto.
- Edit `roles/webui/vars/main.yml` file and change the values of the `certificate_password` and `keystore_password` variables to a stronger value.
### Prerequisites
- Deploy against CentOS 7.x node
- Ansible version used is `1.9.2`
### How to deploy
```bash
$ ansible-playbook -v webui.yml
```
## Full standalone deployment
Contains Ansible playbook for the deployment of all ARGO components. The play is split into six (6) roles:
......
......@@ -4,3 +4,6 @@ webapi.node
[standalone]
standalone.node
[webui]
webui.node
\ No newline at end of file
---
- name: copy iptables file onto host
template: src=iptables.j2
dest=/etc/sysconfig/iptables backup=no
owner=root group=root mode=0600
when: iptables_rules is defined
notify: reload iptables
- name: copy ip6tables file onto host
template: src=ip6tables.j2
dest=/etc/sysconfig/ip6tables backup=no
owner=root group=root mode=0600
when: ip6tables_rules is defined
notify: reload ip6tables
---
- name: Enable required ports
firewalld: service={{ item }} immediate=true permanent=true state=enabled
with_items: services
when: services is defined
---
- name: copy iptables file onto host
template: src=iptables.j2
dest=/etc/sysconfig/iptables backup=no
owner=root group=root mode=0600
when: iptables_rules is defined
notify: reload iptables
- include: centos6.yml
when: ansible_distribution == 'CentOS' and ansible_distribution_major_version == '6'
- include: centos7.yml
when: ansible_distribution == 'CentOS' and ansible_distribution_major_version == '7'
- name: copy ip6tables file onto host
template: src=ip6tables.j2
dest=/etc/sysconfig/ip6tables backup=no
owner=root group=root mode=0600
when: ip6tables_rules is defined
notify: reload ip6tables
---
- name: Create cert_dir if not exists
file: dest={{ cert_dir }} state=directory
owner=root group=root mode=0755
when: cert_dir is defined
- name: Copy host x509 certificate onto host
tags: certificate
copy: src=hostcert.pem
......@@ -24,3 +29,8 @@
path=/etc/pki/tls/private/localhost.key
when: inventory_hostname in groups.standalone
- name: Create p12 key for web ui
command: openssl pkcs12 -export -in hostcert.pem -inkey hostkey.pem -password pass:{{ keystore_password }} -out server.p12
chdir=/etc/grid-security
creates=/etc/grid-security/server.p12
when: inventory_hostname in groups.webui
......@@ -3,23 +3,26 @@
- name: Install epel repo files
yum: name={{ epel_release_url }}{{ epel_release_name }}
state=present
when: ansible_distribution == 'CentOS' and ansible_distribution_major_version == '6'
- name: Install arstats repo files
yum: name={{ arstats_release_url }}{{ arstats_release_name }}
state=present
when: ansible_distribution == 'CentOS' and ansible_distribution_major_version == '6'
- name: Install mongodb repo
tags: mongodb_repo
copy: src=etc/yum.repos.d/mongodb_3.repo
dest=/etc/yum.repos.d/mongodb_3.repo backup=no
owner=root group=root mode=0644
when: inventory_hostname in groups.standalone or inventory_hostname in groups.webapi
- name: Install EGI-trustanchors repository definitions
tags: ca_bundle_repo
copy: src=etc/yum.repos.d/EGI-trustanchors.repo
dest=/etc/yum.repos.d/EGI-trustanchors.repo backup=no
owner=root group=root mode=0644
when: inventory_hostname in groups.standalone
when: inventory_hostname in groups.standalone or inventory_hostname in groups.webui
- name: Install cloudera-cdh5 repo
tags: cloudera-cdh5_repo
......
---
services:
- http
- https
lavoisier_home: /var/www/lavoisier
download_url: https://github.com/ARGOeu/argo-egi-web/archive/master.zip
cert_dir: /etc/grid-security
cert_path: /etc/grid-security/hostcert.pem
key_path: /etc/grid-security/hostkey.pem
certificate_password: change_me_or_overwrite_me_in_vars_file
certificate_path: /etc/grid-security/server.p12
cache_directory: /tmp
truststore_path: /etc/grid-security/certificates
keystore_path: /etc/grid-security/server.p12
keystore_password: change_me_or_overwrite_me_in_vars_file
admin_password_md5: b91cd1a54781790beaa2baf741fa6789
\ No newline at end of file
# File to export the variable HOME_LAVOISIER.
setenv HOME_LAVOISIER "/var/www/lavoisier"
\ No newline at end of file
# File to export the variable HOME_LAVOISIER.
export HOME_LAVOISIER=/var/www/lavoisier
\ No newline at end of file
---
- name: restart webui
command: ./bin/lavoisier.sh restart
chdir={{ lavoisier_home }}/argo-egi-web-master
ignore_errors: True
---
- name: Install requirements
yum: name={{ item }} state=present
with_items:
- java-1.7.0-openjdk.x86_64
- wget
- unzip
tags: install_requirements
- name: Install CAs metapackage
yum: name=ca-policy-egi-core state=latest
tags: install_ca_bundle
notify: restart webui
- name: Copy files to setup HOME_LAVOISIER
copy: src={{ item }} dest=/etc/profile.d/{{ item }}
owner=root group=root mode=0644
with_items:
- lavoisier.sh
- lavoisier.csh
- name: Create download directory
file: path={{ lavoisier_home }} state=directory
- name: Download lavoisier zip file
get_url: url={{ download_url }}
dest={{ lavoisier_home }}/master.zip
mode=0640
register: download_out
notify: restart webui
- name: Stage old directory if download target has changed
command: mv argo-egi-web-master argo-egi-web-master.old
chdir={{ lavoisier_home }}
when: download_out is defined and download_out.changed
ignore_errors: True
- name: Unzip zip file
command: unzip master.zip
chdir={{ lavoisier_home }}
when: download_out is defined and download_out.changed
- name: Configure etc/lavoisier-hidden.properties step 1
lineinfile: dest={{ lavoisier_home }}/argo-egi-web-master/etc/lavoisier-hidden.properties
line='certificate.password={{ certificate_password }}'
regexp='^certificate.password'
state=present
notify: restart webui
- name: Configure etc/lavoisier-hidden.properties step 2
lineinfile: dest={{ lavoisier_home }}/argo-egi-web-master/etc/lavoisier-hidden.properties
line='certificate.path={{ certificate_path }}'
regexp='^certificate.path'
state=present
notify: restart webui
- name: Configure etc/lavoisier-hidden.properties step 3
lineinfile: dest={{ lavoisier_home }}/argo-egi-web-master/etc/lavoisier-hidden.properties
line='cache.baseDirectory={{ cache_directory }}'
regexp='^cache.baseDirectory='
state=present
insertafter='^#cache.baseDirectory'
notify: restart webui
- name: Configure etc/lavoisier-hidden.properties step 4
lineinfile: dest={{ lavoisier_home }}/argo-egi-web-master/etc/lavoisier-hidden.properties
line='server.baseUrl=http://{{ inventory_hostname }}'
regexp='^server.baseUrl'
state=present
notify: restart webui
- name: Configure etc/lavoisier-hidden.properties step 5
lineinfile: dest={{ lavoisier_home }}/argo-egi-web-master/etc/lavoisier-hidden.properties
line='lavoisier.ssl.trustStore={{ truststore_path }}'
regexp='^lavoisier.ssl.trustStore='
state=present
notify: restart webui
- name: Configure etc/lavoisier-hidden.properties step 6
lineinfile: dest={{ lavoisier_home }}/argo-egi-web-master/etc/lavoisier-hidden.properties
line='lavoisier.ssl.keyStore={{ keystore_path }}'
regexp='^lavoisier.ssl.keyStore='
state=present
notify: restart webui
- name: Configure etc/lavoisier-hidden.properties step 7
lineinfile: dest={{ lavoisier_home }}/argo-egi-web-master/etc/lavoisier-hidden.properties
line='lavoisier.ssl.keyStorePassword={{ keystore_password }}'
regexp='^lavoisier.ssl.keyStorePassword='
state=present
notify: restart webui
- name: Configure etc/security/passwords.properties
lineinfile: dest={{ lavoisier_home }}/argo-egi-web-master/etc/security/passwords.properties
line='admin={{ admin_password_md5 }}'
regexp='^admin'
state=present
notify: restart webui
- name: Start webui
command: ./bin/lavoisier.sh start
chdir={{ lavoisier_home }}/argo-egi-web-master
ignore_errors: True
---
certificate_password: change_me
keystore_password: change_me
\ No newline at end of file
---
- hosts: webui
user: root
roles:
- { role: firewall, tags: firewall }
- { role: repos, tags: repos }
- { role: has_certificate, tags: certificate }
- { role: webui, tags: webui }
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment