Allow Galaxy Team members to log in to cvmfs0-tacc0 to update Test an…

…d Main. Stratum1 and client permissions coming soon.
galaxyproject · Jun 2, 2016 · fd36eee · fd36eee
1 parent 341a94c
commit fd36eee
Show file tree

Hide file tree

Showing 12 changed files with 141 additions and 7 deletions.
diff --git a/galaxyenv/host_vars/cvmfs0-tacc0.galaxyproject.org.yml b/galaxyenv/host_vars/cvmfs0-tacc0.galaxyproject.org.yml
@@ -3,12 +3,14 @@
 cvmfs_repositories:
   - repository: test.galaxyproject.org
     stratum0: cvmfs0-tacc0.galaxyproject.org
+    owner: g2test
     server_options:
       - CVMFS_AUTO_TAG=false
       - CVMFS_GARBAGE_COLLECTION=true
       - CVMFS_AUTO_GC=true
   - repository: main.galaxyproject.org
     stratum0: cvmfs0-tacc0.galaxyproject.org
+    owner: g2main
     server_options:
       - CVMFS_AUTO_TAG=false
       - CVMFS_GARBAGE_COLLECTION=true

diff --git a/roles/cvmfs/defaults/main.yml b/roles/cvmfs/defaults/main.yml
@@ -2,6 +2,7 @@
 
 cvmfs_keys:
   - path: /etc/cvmfs/keys/test.galaxyproject.org.pub
+    owner: g2test
     key: |
       -----BEGIN PUBLIC KEY-----
       MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtfc5SSX9ALcrukWYcxkI
@@ -13,6 +14,7 @@ cvmfs_keys:
       PwIDAQAB
       -----END PUBLIC KEY-----
   - path: /etc/cvmfs/keys/test.galaxyproject.org.crt
+    owner: g2test
     key: |
       -----BEGIN CERTIFICATE-----
       MIIC9DCCAdwCCQC3lM3Z8xqGAjANBgkqhkiG9w0BAQsFADA8MTowOAYDVQQDDDF0
@@ -64,6 +66,7 @@ cvmfs_keys:
       umt/c7usl22IscRFArkCPbTMJuUxyJYH8g9rl1AiziVw9zC9SCbD2w==
       -----END CERTIFICATE-----
   - path: /etc/cvmfs/keys/main.galaxyproject.org.pub
+    owner: g2main
     key: |
       -----BEGIN PUBLIC KEY-----
       MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6S6Tugcv4kk4C06f574l
@@ -75,6 +78,7 @@ cvmfs_keys:
       OQIDAQAB
       -----END PUBLIC KEY-----
   - path: /etc/cvmfs/keys/main.galaxyproject.org.crt
+    owner: g2main
     key: |
       -----BEGIN CERTIFICATE-----
       MIIC9DCCAdwCCQCu1/uoOM2BxjANBgkqhkiG9w0BAQsFADA8MTowOAYDVQQDDDFt
@@ -107,8 +111,10 @@ cvmfs_server_urls:
 cvmfs_repositories:
   - repository: test.galaxyproject.org
     stratum0: cvmfs0-tacc0.galaxyproject.org
+    owner: g2test
   - repository: main.galaxyproject.org
     stratum0: cvmfs0-tacc0.galaxyproject.org
+    owner: g2main
   - repository: data.galaxyproject.org
     stratum0: cvmfs0-psu0.galaxyproject.org
 

diff --git a/roles/cvmfs/tasks/stratum0.yml b/roles/cvmfs/tasks/stratum0.yml
@@ -30,7 +30,7 @@
   copy:
     content: "{{ item.key }}"
     dest: "{{ item.path }}"
-    owner: "root"
+    owner: "{{ item.owner | default('root') }}"
     group: "root"
     mode: "0444"
   with_items: "{{ cvmfs_keys }}"
@@ -39,7 +39,7 @@
   copy:
     content: "{{ item.key }}"
     dest: "{{ item.path }}"
-    owner: "root"
+    owner: "{{ item.owner | default('root') }}"
     group: "root"
     mode: "0400"
   with_items: "{{ cvmfs_private_keys }}"
@@ -67,7 +67,7 @@
   failed_when: not srv_cvmfs_repo_stat.stat.exists
 
 - name: Ensure repositories are imported
-  command: /usr/bin/cvmfs_server import -r -o root -f aufs {{ item.repository }}
+  command: /usr/bin/cvmfs_server import -r -o {{ item.owner | default('root') }} -f aufs {{ item.repository }}
   args:
     creates: /etc/cvmfs/repositories.d/{{ item.repository }}
   with_items: "{{ cvmfs_repositories }}"

diff --git a/roles/cvmfs/tasks/stratum1.yml b/roles/cvmfs/tasks/stratum1.yml
@@ -24,7 +24,7 @@
   copy:
     content: "{{ item.key }}"
     dest: "{{ item.path }}"
-    owner: "root"
+    owner: "{{ item.owner | default('root') }}"
     group: "root"
     mode: "0444"
   with_items: "{{ cvmfs_keys }}"
@@ -69,7 +69,7 @@
     immediate: yes
 
 - name: Ensure replicas are configured
-  command: /usr/bin/cvmfs_server add-replica -z -o root http://{{ item.stratum0 }}/cvmfs/{{ item.repository }} /etc/cvmfs/keys/{{ item.repository }}.pub
+  command: /usr/bin/cvmfs_server add-replica -z -o {{ item.owner | default('root') }} http://{{ item.stratum0 }}/cvmfs/{{ item.repository }} /etc/cvmfs/keys/{{ item.repository }}.pub
   args:
     creates: /etc/cvmfs/repositories.d/{{ item.repository }}
   with_items: "{{ cvmfs_repositories }}"

diff --git a/taccenv/host_vars/galaxy04.tacc.utexas.edu.yml b/taccenv/host_vars/galaxy04.tacc.utexas.edu.yml
@@ -0,0 +1,16 @@
+---
+
+# for use as a virtualenv/ansible management host
+host_packages:
+  - '@development tools'
+  - git
+  - python-devel
+  - libffi-devel
+  - openssl-devel
+  - pass
+
+host_users:
+  - name: g2test
+    groups: docker
+  - name: g2main
+    groups: docker
diff --git a/taccenv/inventory b/taccenv/inventory
@@ -14,6 +14,7 @@ galaxy-web-02.tacc.utexas.edu
 roundup[49:64].tacc.utexas.edu
 
 [baseenv]
+galaxy04.tacc.utexas.edu
 galaxy06.tacc.utexas.edu
 
 [baseenv:children]

diff --git a/taccenv/playbook.yml b/taccenv/playbook.yml
@@ -3,10 +3,10 @@
 - name: Tasks for "base environment" hosts
   hosts: baseenv
   remote_user: root
-  #vars_files:
+  vars_files:
     #- "secret_group_vars/all.yml"
     # uncomment when necessary
-    #- [ "secret_host_vars/{{ inventory_hostname }}.yml", "secret_host_vars/default.yml" ]
+    - [ "secret_host_vars/{{ inventory_hostname }}.yml", "secret_host_vars/default.yml" ]
   pre_tasks:
     - name: Locate secret group variable files
       local_action:

diff --git a/taccenv/secret_group_vars/baseenv.yml b/taccenv/secret_group_vars/baseenv.yml
@@ -0,0 +1 @@
+../../common_env/secret_group_vars/baseenv.yml
diff --git a/taccenv/secret_group_vars/galaxymainservers.yml b/taccenv/secret_group_vars/galaxymainservers.yml
@@ -0,0 +1,26 @@
+$ANSIBLE_VAULT;1.1;AES256
+66653534666164656266336139373463333038383362343562363534383162643231316431663437
+3938343830306232373038373031663062383266376338390a623564636536353165646661333163
+35316663356236663266383236363664663234616635373839616466616365643363316632333164
+6139633563633535320a323130326464333961393630663661626336623832376163326461353230
+36313035303032643532313461363437393365303938333366616330616165353730666361636230
+38323334643765656638343666626230623833383666393166646461353233643839656362383764
+61313061383239393131326164326637313166653065303431616330626335363763393733323537
+65663565323733633032343535373732333763303432616539656263323364366462366334303263
+66333531376261303863366361333766613565636262333338646135633563336535306439356563
+36326637303337326230623137303064616262303438646233306235303330346266393663323162
+64373830396633313636633239363162383464663035626132376366373463313034643733383230
+64346231386431323033323939663337626139333833326334626636626539333537323637386232
+35613238316564656133363936393035633838313161616436346339353063333534333438346230
+30626262663536373730333438366566656266303761663862646661383464386163616136613531
+65303034376635336632623364363066643964656236386164343163323939316333613664373663
+38363662316263303164663636626339313130656461663864636165393565313337323332643264
+31373063663739316535646163653833666461613532383534356430356465363230353938636230
+63353963363234373537373962373031303266313237616536613531303733326266363763373661
+34343236376664386165323130383430656232643963376562366331343430383937333864653235
+33396132383234343939336233333462333166336539353237373165316532653835633162326632
+31626461363332313366623632326165663732613230386438636233366464613332383332646130
+31646262383139383338353434333465303466346163333365633835653233373034666230316163
+39313865333432366365346666616639633839346334303234636238306238363262346561623536
+36383365396161356132653133643838323432653465386631373638613433353430386633653037
+35356331363761373834366564333831326138373538643931316666356535346434
diff --git a/taccenv/secret_group_vars/galaxytestservers.yml b/taccenv/secret_group_vars/galaxytestservers.yml
@@ -0,0 +1,26 @@
+$ANSIBLE_VAULT;1.1;AES256
+65303461646364396532653764643361363937343265656463323630613035363562636239656162
+6462333830356562303565306530396130333561646330330a396363313766353763356432383636
+32303763623738306435396666663034373034363134383331333535356164383732323130393464
+6235353532656165380a303131343836353265633664626562626631653434386533323166383865
+61663166356264636438373337626138316265616161666266373865333631383864383538363439
+64616637623166616366326332313536356430643833656461643231343734636364386430656537
+37633764306662663430336336373437613837623834383938316134323830653136336664353730
+37386433633735666432313036636562313162353431326338343262613766636163316265366266
+36643962326336386636613662396466363163636364343661623235633137643531643662323662
+64366137646361373038333561386130393038383565656636353462336364313130333136643134
+65353937386335663631633939336132643331326233313033626336366132356565653465616234
+32646536373734316439346131626430623861656637663739363463313231343832313464306366
+35393936393065313432373833663566333762396139313566336165386639353064376639306634
+62613738303634623632376537333336313230633637623438363266643238666537366138366238
+64313062346235613432353165656632316266653062636330663139323066653534396337656662
+38343132633238386466356265626162366163313535346163383034666130343861613763663730
+35373165616661623930323364616363303338346363373935326430383836326264323662626538
+62626464303263333239316232366561303131613666316663323036313462346166663362356433
+37633836616336383364373162393533343033633531366231303839653263613139326665383237
+39636466643939353263636266316337623863356234333337633738336634663239303738623963
+39396263313833616434613861393462366434313030643639386461633638623032646439393063
+34396664373635386633333335333636633034643932386538633939376266346661636539333533
+30346330343633623534613330376638343963666464313065653364393633316266626162646333
+65333438616666373163383763386133363534663063373035386635363334356266393565643663
+39323133313237613337663035616361313233663537316433666139643630313636
diff --git a/taccenv/secret_host_vars/default.yml b/taccenv/secret_host_vars/default.yml
@@ -0,0 +1,10 @@
+$ANSIBLE_VAULT;1.1;AES256
+35623366623836623330633062663435643637643132353932663061376535333635653962333865
+3437323436323430343966653164633830353035356565360a343739626537316231656361386562
+35313866373063306465636633313062623637386231306338633031633638663637383732363036
+3462336537643937330a626562363765666165316531343666636539373130346163356365366638
+37643839373266313961633738613063333264386635393837333563643064663232633463633861
+61356364363064653065663266376266613564653465333361373835656631613239613435616634
+37633461626631646634613436393637363537636434306465653832373237323739306431306461
+30333938323937623635633333653461393732303934353062303761333234303864616262366361
+30343236346239303031386335653163613335643166316233343632643064373761
diff --git a/taccenv/secret_host_vars/galaxy04.tacc.utexas.edu.yml b/taccenv/secret_host_vars/galaxy04.tacc.utexas.edu.yml
@@ -0,0 +1,46 @@
+$ANSIBLE_VAULT;1.1;AES256
+62363530653565353138643664316436626533316633323533623462623639653338313565653833
+3263663232643633333962613233396164333032373535620a666561393661343932323566303462
+31326466623934323838326137333031306335613830343433333361336430306262326133366537
+6139373465336161340a393539666437346539646535333933363633616131346162366465616138
+61373539373066633639306632653063613837663336633264356362333065323361366538343561
+61343034666631376463663561653739626539363330633738633033616137383438636135333230
+66616363363339643630623163376431386533616139646238396131643331353339633665653965
+35623030633032633434333538353663636633386537323461396539616337376131626365306636
+35313832626239623161633031313831353862383766393266393638643336353761303966343630
+38653963656461303931323166346562313830383539343234393037623030633461363835623139
+33623061333932663430663239346163653535393865643138323863303338366434633362303735
+34643462326633666435303139363632316331626236376430366632353564346533646665366531
+35336361336338353465313433343833633830343666383331396332633131373030313462663732
+32393561303835643264386262396339353934633531386539383531653766653939303137353637
+35656337386362613963383962373737613662383234313162666630663135623361653164336435
+66343438313436633364646162323264356635623137356261363366646165366233323264653061
+31356636363932633332343065333135626538653630636139626361663363613531363464646332
+37363939653435643332366564343462363537653365323839366464393839653164303437356265
+31653836326233643735303562396530613666316361303261623739643236326538316565643365
+31316232323463336362336239396263366635343837616537383239396633316533323032616430
+34333066306663336432626630643466346462623765366632656236356235623761306139313737
+63363134353935653835376665363333343861313466323166613366623136633761653334316338
+39613734323833633938323433393430346464623366623063613331643739373631306236643637
+36653164373066313930646338653364646439303630396336363861393632653461653533366430
+62363538346639636562663662353564666132653532393263643830346439316635616139323034
+35363531396164303735363639303463663465343365326139636134613864383035326231396434
+30656562633666393736613965356661633339656531303238363361643463343066363766383432
+32643236643765393762313931376532343264643765643431616236633463383163646235343736
+61386661353361356136363666666363663465626635306134326263356532333835626363333935
+65376339343730306564356631363238313330333662373139633036626561393031633032303932
+64643566323033316261303438613337386265653932623131396631663131363262356563666461
+66373535323964303030636431333832636163616435333731366265646336666365353438353232
+37333462336164663362336136346134633538363430656133326362636263306636656638653961
+31636566303237323830656635386562366433333338663938646531393432363430383238306463
+31353461336533393966626437373264623364613537343334383937616232623732623034303563
+33316233323365303834323233663438633836383432333534383633656262363031316664356461
+64643630386239353135633431616231336332383436383536356161666432383437333462633837
+31323966643935653932383339636161613336383163353439363131653963353736313635616235
+34626132363263313731303339633337323132626362653036626464376161613938623161663463
+63326361623362306534303463353637643164376464623034646435323338393366323534646465
+65373161366637383764373362323261643238353163623037303438633233353763373933323834
+30373835366236653865653764383262663366396530303537623536656630666136643861656463
+62626361303163343131366566643131363465323262623632313931633966633430326462333431
+62643566343932626463306262346633333033643535613032613730346166353763303836306139
+37613164653364633961656538373234363433643730653932333537323166313762