Merge pull request #1 from bedroge/master

First versions of Ansible playbooks that seem to work

Author: zilverberg

.gitignore

@@ -0,0 +1 @@
+hosts

.gitmodules

@@ -0,0 +1,3 @@
+[submodule "roles/galaxyproject.cvmfs"]
+	path = roles/cvmfs
+	url = https://github.com/galaxyproject/ansible-cvmfs

README.md

@@ -1,2 +1,48 @@
-# CVMFS-layer
-CVMFS layer of EESSI project
+# CVMFS layer
+
+## Introduction
+The EESSI project uses the CernVM File System (CVMFS) for distributing its software. More details about CVMFS can be found at its homepage and documentation:
+
+- http://cernvm.cern.ch/portal/filesystem
+- https://cvmfs.readthedocs.io
+
+The following introductory video on Youtube gives a quite good overview of CVMFS as well:
+https://www.youtube.com/playlist?list=FLqCLabkRddpbHj4wYNFYjAA
+
+## CVMFS infrastructure
+
+The CVMFS layer of the EESSI project consists of the usual CVMFS infrastructure:
+* one Stratum 0 server;
+* multiple Stratum 1 servers, which contain replicas of the Stratum 0 repositories;
+* multiple local Squid proxy servers;
+* CVMFS clients with the appropriate configuration files on all the machines that need access to the CVMFS repositories.
+
+## Installation and configuration
+
+For the installation of all components we make use of the Ansible files provided by the Galaxy project:
+https://github.com/galaxyproject/ansible-cvmfs
+This repository is added as a submodule inside the roles directory, so make sure to use the --recursive options when cloning this repository:
+```
+git clone --recursive git@github.com:EESSI/cvmfs-layer.git
+```
+Alternatively, clone this repository first, and init and update the required submodule later:
+```
+git clone git@github.com:EESSI/cvmfs-layer.git
+cd cvmfs-layer/roles/cvmfs/
+git submodule init
+git submodule update
+```
+For more information about (working with) submodules, see:
+https://git-scm.com/book/en/v2/Git-Tools-Submodules
+
+The EESSI specific settings can be found in group_vars/all.yml, and in templates we added a template for a Squid configation for the local proxy servers; this file is not included in the Galaxy repository.
+
+In order to run one of these playbooks, you will have to use a hosts file that includes at least the group of nodes for which you are running a playbook. An example of the file that shows the correct structure can be found in hosts.example.
+The playbooks can then be run as follows:
+```
+ansible-playbook -i hosts -b <name of playbook>.yml
+```
+where -b means become, i.e. run with sudo. If this requires a password, include -K:
+```
+ansible-playbook -i hosts -b -K <name of playbook>.yml
+```

client.yml

@@ -0,0 +1,6 @@
+- name: CVMFS
+  hosts: cvmfsclients
+  vars:
+    eessi_cvmfs_repos_enabled: config-repo
+  roles:
+    - cvmfs

group_vars/all.yml

@@ -0,0 +1,78 @@
+---
+# vars file for eessi project
+
+# The license key for the Geo API:
+# https://cvmfs.readthedocs.io/en/stable/cpt-replica.html#geo-api-setup
+# For some unclear reason, the Stratum 1 installation fails when this is not set:
+# https://github.com/EESSI/cvmfs-layer/issues/2
+#cvmfs_geo_license_key: 
+
+# Automatically configure EESSI CVMFS repos
+eessi_cvmfs_repos_enabled: config-repo
+
+# Email address for the project, which will be put in the contact file on the config repo.
+eessi_email: eessi@list.rug.nl
+
+# Defaults for eessi-hpc.org config repo, syntax for each key is the same as that of cvmfs_<key | pluralize>
+eessi_cvmfs_config_repo:
+  domain: eessi-hpc.org
+  key:
+    path: /etc/cvmfs/keys/eessi-hpc.org/cvmfs-config.eessi-hpc.org.pub
+    key: |
+     -----BEGIN PUBLIC KEY-----
+     MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqoTBc/Eksr9ECEOoCzHA
+     F20UjePR7mJyWB13eTBXnjq7PLKKilfk2llLKetPIRMEmbvp97NiQ9ALe/tiGDzT
+     1Wg82Mf9oO4DNQYrTfE/MP5inIrMtSv1WnYJYV4Bgm24s8IhHXytIf1D4qt0x1v5
+     0yRui0dwaZrErWKRKufbJ6ehmEDHuVSEAujrORyig/jYFKVyTaCsXnmwFDJmX2Uw
+     RGCaf0M9ZLYs9t/SWA0s08rle5kH82hgBsIvUr7PLT7hbU407VK6+Y02tuxbI0JR
+     +hCt494UsFs3tchmTebpK+x3pVRXybQ66Qm1mQiaz+2VbUJdQEov4RCC5PcOmOOk
+     BwIDAQAB
+     -----END PUBLIC KEY-----
+  urls:
+    - "http://cvmfs-s1-rug.eessi-hpc.org/cvmfs/@fqrn@"
+  repository:
+    repository: cvmfs-config.eessi-hpc.org
+    stratum0: cvmfs-s0.eessi-hpc.org
+    owner: "{{ cvmfs_repo_owner | default('root') }}"
+    server_options: []
+    client_options: []
+
+# Defaults for eessi-hpc.org repos
+eessi_cvmfs_keys:
+  - path: /etc/cvmfs/keys/eessi-hpc.org/pilot.eessi-hpc.org.pub
+    key: |     
+     -----BEGIN PUBLIC KEY-----
+     MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAommtaoqQ36Rb/cFnqUWg
+     8FoYCOjJWVBMQ4sVZ87oFRWehOUbcfy/ah85D9055HQws7i/hLNGJJAa7Es3E2o8
+     v8LtSlRdfR1A7b7LA6p3213HHz6dNU6I1riwtE2OP7/w4Q3+Agj1iRtW535GwzGo
+     4ZbewL8T1kbyaEm4HyefoitHXJthoPyTlYAhvAegIil1VJPhJZW+q/NWxnsd9QGJ
+     uAtbSICQg6mBJI50KiCBYmKHOAjH2W8qEnLWc7JoPoNvAHuMx1ya6YerBM5T9Esm
+     HJN0HHOVdRIwNjjPkV2jIqhJoI85no89v8/V45SFPVo+A7N0Cj4QdQrQTezpnlby
+     FQIDAQAB
+     -----END PUBLIC KEY-----
+
+eessi_cvmfs_server_urls:
+  - domain: eessi-hpc.org
+    use_geoapi: true
+    urls:
+      - "http://cvmfs-s1-rug.eessi-hpc.org/cvmfs/@fqrn@"
+      
+eessi_cvmfs_repositories:
+  - repository: pilot.eessi-hpc.org
+    stratum0: cvmfs-s0.eessi-hpc.org
+    owner: "{{ cvmfs_repo_owner | default('root') }}"
+    key_dir: /etc/cvmfs/keys/eessi-hpc.org
+    server_options:
+      - CVMFS_AUTO_GC=false
+      - CVMFS_GARBAGE_COLLECTION=true
+      - CVMFS_AUTO_GC=false
+    client_options:
+      - CVMFS_NFILES=4096
+
+# Override all the Galaxy defaults by our EESSI defaults.
+# This is required, beucase the galaxy_* variables are used inside the Ansible tasks.
+galaxy_cvmfs_config_repo: "{{ eessi_cvmfs_config_repo }}"
+galaxy_cvmfs_keys: "{{ eessi_cvmfs_keys }}"
+galaxy_cvmfs_server_urls: "{{ eessi_cvmfs_server_urls }}"
+galaxy_cvmfs_repositories: "{{ eessi_cvmfs_repositories }}"
+galaxy_cvmfs_repos_enabled: "{{ eessi_cvmfs_repos_enabled }}"

hosts.example

@@ -0,0 +1,18 @@
+[cvmfsstratum0servers]
+your-stratum0.org
+
+[cvmfsstratum1servers]
+your-stratum1.org
+
+[cvmfslocalproxies]
+your-proxy-1
+your-proxy-2
+
+[cvmfsclients]
+your-client-1
+your-client-2
+
+[cvmfsclients:vars]
+cvmfs_http_proxies=["your-proxy-1:3128", "your-proxy-2:3128"]
+
+

localproxy.yml

@@ -0,0 +1,4 @@
+- name: CVMFS
+  hosts: cvmfslocalproxies
+  roles:
+    - cvmfs

roles/README.md

@@ -0,0 +1,4 @@
+This roles directory contains a submodule that points to the repository of the Galaxy Ansible role for installing/configuring CVMFS, which can be found at:
+https://github.com/galaxyproject/ansible-cvmfs
+
+We renamed the directory to "cvmfs", so we can use "cvmfs" as the name of this role in our Ansible playbooks.

roles/cvmfs

@@ -0,0 +1,48 @@
+# Start a transaction on the Stratum 0 and put all the files for the config repo in place.
+# Note: first deploy your Stratum 0 and make sure that group_vars/all.yml contains the right configuration,
+#       including all the keys of the repositories that have to be configured.
+---
+- name: CVMFS
+  hosts: cvmfsstratum0servers
+  tasks:
+    - name: Start the CVMFS transaction, create directories, and copy files
+      block:
+        - name: start CVMFS transaction
+          shell: cvmfs_server transaction "{{ eessi_cvmfs_config_repo.repository.repository }}"
+     
+        - name: create directories
+          file:
+            path: "{{ item }}"
+            state: directory
+          with_list:
+            - "/cvmfs/{{ eessi_cvmfs_config_repo.repository.repository }}/etc/cvmfs/keys/{{ eessi_cvmfs_config_repo.domain }}"
+            - "/cvmfs/{{ eessi_cvmfs_config_repo.repository.repository }}/etc/cvmfs/contact"
+            - "/cvmfs/{{ eessi_cvmfs_config_repo.repository.repository }}/etc/cvmfs/domain.d"
+
+        - name: deploy public keys
+          copy: content="{{ item.key }}" dest="/cvmfs/{{ eessi_cvmfs_config_repo.repository.repository }}{{ item.path }}"
+          with_items: "{{ eessi_cvmfs_keys }}"
+     
+        - name: create contacts file
+          copy: content="{{ eessi_email }}\n" dest="/cvmfs/{{ eessi_cvmfs_config_repo.repository.repository }}/etc/cvmfs/contact/{{ eessi_cvmfs_config_repo.domain }}"
+     
+        - name: create domain configuration file
+          copy:
+            content: |
+              CVMFS_SERVER_URL="{{ eessi_cvmfs_config_repo.urls | join(';') }}"
+              CVMFS_KEYS_DIR="/cvmfs/{{ eessi_cvmfs_config_repo.repository.repository }}/etc/cvmfs/keys/{{ eessi_cvmfs_config_repo.domain }}"
+              CVMFS_USE_GEOAPI="{{ eessi_cvmfs_server_urls[0].use_geoapi | default(false) | ternary('yes', 'no') }}"
+            dest: "/cvmfs/{{ eessi_cvmfs_config_repo.repository.repository }}/etc/cvmfs/domain.d/{{ eessi_cvmfs_config_repo.domain }}.conf"
+       
+        - name: create default CVMFS configuration file
+          copy:
+            content: |
+              # For reference see https://sft.its.cern.ch/jira/browse/CVM-878
+              CVMFS_LOW_SPEED_LIMIT=10000
+            dest: "/cvmfs/{{ eessi_cvmfs_config_repo.repository.repository }}/etc/cvmfs/default.conf"
+     
+        - name: publish CVMFS transaction
+          shell: cvmfs_server publish "{{ eessi_cvmfs_config_repo.repository.repository }}"
+      rescue:
+        - name: cancel the transaction
+          shell: cvmfs_server abort -f "{{ eessi_cvmfs_config_repo.repository.repository }}"