Commit d40c777e authored by Maiken's avatar Maiken
Browse files

In middle or rewrite from ansible to python only with jinja template.

parent 4c2553f0
This diff is collapsed.
......@@ -9,12 +9,12 @@ if __name__ == '__main__':
if len(sys.argv) != 2:
sys.exit('Syntax: %s COMMAND' % sys.argv[0])
cmd = sys.argv[1].lower()
if cmd == 'deploy-config':
action = (sys.argv[1].lower())[2:]
print action
if action == 'installwizard':
config = ConfigureARC()
config.configure()
config.control()
else:
sys.exit('Unknown command "%s".' % cmd)
sys.exit('Unknown action "%s".' % action)
......@@ -28,7 +28,7 @@
state: present
createhome: no
- name: Ensure /etc/grid-security folder exists
- name: Ensure grid-security folder exists
file:
name: "{{ item }}"
state: directory
......@@ -38,33 +38,28 @@
- name: Download CertificateGenerator.py
get_url:
url: http://svn.nordugrid.org/trac/nordugrid/export/32500/contrib/certificate_generator/CertificateGenerator.py
url: https://source.coderefinery.org/nordugrid/contrib/raw/master/certificate_generator/CertificateGenerator.py
dest: /tmp
mode: 444
when: create_host_cert
- name: checks hostcert exists on remote path
stat:
path: "/tmp/host-{{ frontend_ip }}-cert.pem"
register: cert
- name: checks hostkey on remote path
stat:
path: "/tmp/host-{{ frontend_ip }}-key.pem"
register: key
- name: checks tempCA on remote path
stat:
path: "/tmp/tempCA.pem"
register: ca
- name: checks tempCA.srl on remote path
stat:
path: "/tmp/tempCA.srl"
register: srl
- name: checks tempCA.signing_policy on remote path
stat:
path: "/tmp/tempCA.signing_policy"
register: policy
- name: Run CertificateGenerator.py to create host certificate
- name: Check if hostcerts and testCA files already exist
stat:
path: "/tmp/{{ item.name }}"
loop:
- "{{ HOST_CERT }}"
- "{{ TESTCA }}"
register: stat_var
- name: debug
debug:
msg: "{{item.reg}}"
with_items: "{{HOST_CERT}}"
- name: Run CertificateGenerator.py to create host and CA certificates (only if they do not exist)
command: python CertificateGenerator.py --CA tempCA --host {{ frontend_ip }}
when: "not( cert.stat.exists or key.stat.exists or ca.stat.exists or srl.stat.exists or policy.stat.exists) and create_host_cert"
args:
......@@ -73,25 +68,12 @@
ignore_errors: yes
- name: move host certificate key file if it exists
command: mv /tmp/host-{{ frontend_ip }}-key.pem {{ grid_security_path }}
when: create_host_cert and run_cert.changed
- name: move host certificate file if it exists
command: mv /tmp/host-{{ frontend_ip }}-cert.pem {{ grid_security_path }}
when: create_host_cert and run_cert.changed
- name: move CA to /etc/grid-security/certificates
command: mv /tmp/tempCA.pem {{ grid_security_path }}/certificates
when: create_host_cert and run_cert.changed
- name: move ca signing policy file if it exists
command: mv /tmp/tempCA.signing_policy {{ grid_security_path }}/certificates
when: create_host_cert and run_cert.changed
- name: move softlinks it exists
shell: mv /tmp/*.0 {{ grid_security_path }}/certificates
- name: Move host certifcate and testCA to specified folders
shell: mv /tmp/{{ item.name }} {{ item.dest }}
when: create_host_cert and run_cert.changed
with_items:
- '{{HOST_CERT}}'
- '{{TESTCA}}'
ignore_errors: yes
......
......@@ -18,3 +18,24 @@ arc_frontend_grid_queue: main
#enable_gridftpd: no
##To-do: where to place key?
HOST_CERT:
- name: "host-{{ frontend_ip }}-cert.pem"
dest: "{{ grid_security_path }}"
- name: "host-{{ frontend_ip }}-key.pem"
dest: "{{ grid_security_path }}"
##To-do: where to place key and srl?
TESTCA:
- name: tempCA.pem
dest: "{{ grid_security_path }}/certificates"
- name: tempCA.signing_policy
dest: "{{ grid_security_path }}/certificates"
- name: "*.0"
dest: "{{ grid_security_path }}/certificates"
- name: tempCA-key.pem
dest: "{{ grid_security_path }}"
- name: tempCA.srl
dest: "{{ grid_security_path }}"
......@@ -20,6 +20,9 @@ x509_host_key = {{ host_key}}
{% endif %}
[mapping]
unixmap={{ grid_user }}:{{ grid_group }} all
[lrms]
lrms={{ lrms_type }}
{% if lrms_type == 'slurm' %}
......@@ -34,12 +37,12 @@ controldir={{ controldir }}
sessiondir={{ sessiondir }}
{% if enable_emies == 'yes' %}
{% if enable_emies %}
[arex/ws]
[arex/ws/emies]
{% endif %}
{% if enable_gridftpd == 'yes' %}
{% if enable_gridftpd %}
[gridftpd]
globus_tcp_port_range={{ globus_tcp_port_range }}
globus_udp_port_range={{ globus_udp_port_range }}
......@@ -53,7 +56,7 @@ loglevel=3
[infosys/ldap]
[infosys/ldap/bdii]
[cluster]
[infosys/cluster]
[queue:{{ arc_frontend_grid_queue }}]
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment