README.md 4.13 KB
Newer Older
1
Read Me
2
3
================

4
1. About
5

6
These Ansible roles allow you to install, from a deployment host, iRODS [4.2.0 - 4.2.8] on one or more CentOS 7.x x86_64 hosts. The iRODS role is compatible with both provider and consumer installation modes. PostgreSQL (from 9.4 to 12 on CentOS 7.x or 10.6 on CentOS 8.x) will be used to serve the iCAT catalogue. All firewalls should be stopped before attempting a deployment.
7

viscapi's avatar
viscapi committed
8
2. Ansible installation 
9
10

```bash
viscapi's avatar
viscapi committed
11
12
13
yum install python2-pip # as root
pip install ansible --user # first installation
pip install -U ansible --user # update
14
15
```

16
17
**N.B:** All my tests were made using Ansible 2.9

18
3. Gitlab repository
19

20
This Gitlab repository is comprised of two Ansible roles:
21
22
23
24

- iRODS
- postgresql

25
4. Fetch the roles
26
27

```bash
viscapi's avatar
viscapi committed
28
mkdir -p ansible/{group_vars/{iRODS,all},host_vars,roles} ; cd ansible
viscapi's avatar
viscapi committed
29
$ git clone https://dci-gitlab.cines.fr/poc_irods/poc-irods.git roles
30
31
```

32
5. Work space on the deployment host
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49

```
ansible
  |
  |_ irods.yml
  |_ irods_hosts
  |
  |_ group_vars
  |       |
  |       |_ iRODS
  |       |    |
  |       |    |_ main.yml
  |       |
  |       |_ all
  |           |
  |           |_ var_pass.yml
  |
viscapi's avatar
viscapi committed
50
51
52
53
  |_ host_vars
  |      |
  |      |_ myhost1.mydomain.tld
  |
54
55
56
57
58
59
60
  |_ roles
       |
       |_ iRODS
       |
       |_ postgresql
```

61
**N.B:** privilege escalation (sudo) relies on the "ansible_become_password" variable in group_vars/all/var_pass.yml file (it should be vaulted):
viscapi's avatar
viscapi committed
62
63
64
65
66
67
68
69
70
71
72
73
74
75

```bash
cd ansible/group_vars/all/
ansible-vault create var_pass.yml
```

```
---

ansible_become_password: your password to become root on the target machines 

...
```

76
**N.B:** The provider / consumer installation mode is handled with the "irods_server_mode" variable in host_vars/myhost1.mydomain.tld file:
viscapi's avatar
viscapi committed
77
78
79
80
81
82

```
irods_server_mode: provider

```

83
6. Preparation of the irods.yml playbook
84
85
86
87

```
---

88
- name: Installation of PostgreSQL server
89
90
91
92
93
94
95
96
97
  hosts: irods_database
  roles:
    - postgresql
  become: true
  become_user: root
  become_method: sudo
  vars_files:
  - "group_vars/iRODS/main.yml"

98
- name: Installation of iRODS server
99
100
101
102
103
104
105
106
107
108
109
110
111
  hosts: irods_server
  roles:
    - iRODS
  become: true
  become_user: root
  become_method: sudo
  vars_fles:
  - "group_vars/iRODS/main.yml"

...

```

112
7. Preparation of the irods_hosts inventory file
113

viscapi's avatar
viscapi committed
114
iRODS and PostgreSQL may also be installed on the same host.
115

116
117
118
119
```
[irods_server]
myhost1.mydomain.tld

viscapi's avatar
viscapi committed
120
[irods_database]
121
122
123
myhost2.mydomain.tld

```
124

125
8. Preparation of your vaulted variables
126

127
The values below are given as examples only, you can obviously modify them.
128

129
130
```bash
cd ansible/group_vars/iRODS/
viscapi's avatar
viscapi committed
131
ansible-vault create --vault-id irods@prompt main.yml
132
133
```
```
viscapi's avatar
viscapi committed
134
135
136
137
---

# Passwords

138
admin_password:
viscapi's avatar
viscapi committed
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
negotiation_key:
server_control_plane_key:
zone_key:
irods_unix_password:
database_password:

# Hosts

database_hostname: myhost2.mydomain.tld
provider_hostname: myhost1.mydomain.tld
provider_ip:

# Users and groups

postgresql_unix_group_name: postgres
postgresql_unix_user_name: postgres
irods_unix_group_name: irods
irods_unix_user_name: irods
irods_unix_group_id: 
irods_unix_user_id:
database_user: irodsdb

# iRODS

irods_version: 4.2.8
path_to_data: /irods/data
path_to_icat: /irods/icat
166
167
168
irods_zone: TESTZONE
default_resource: demoResc
database_name: ICAT
viscapi's avatar
viscapi committed
169
170
171

# Misc

172
postgresql_version: from 9.4 to 12
viscapi's avatar
viscapi committed
173
174
175
176
177
178
179
180
selinux_mode: enforcing
...
```

9. SSH keys

Ansible has only two dependencies: SSH and Python. For that reason you need to generate a pair of SSH keys (without password) on the deployment host and copy the public part of it to each target machines:

181
```
viscapi's avatar
viscapi committed
182
183
184
ssh-keygen -b 2018 -t rsa -C "Some comment" -f /home/user/.ssh/ansible_id_rsa
ssh-copy-id -i /home/user/.ssh/ansible_id_rsa.pub user@myhost1.mydomain.tld
ssh-copy-id -i /home/user/.ssh/ansible_id_rsa.pub user@myhost2.mydomain.tld
185

viscapi's avatar
viscapi committed
186
```
187
**N.B:** if SELinux is set to "enforcing", please don't forget to run "/usr/sbin/restorecon -r -v .ssh" on each target machine, else your public key won't work.
viscapi's avatar
viscapi committed
188
189

10. Run the playbook
190
191

```bash
viscapi's avatar
viscapi committed
192
cd ansible
viscapi's avatar
viscapi committed
193
ansible-playbook --key-file=/path/to/your/.ssh/ansible_id_rsa -i irods_hosts irods.yml --ask-vault-pass --vault-id irods@prompt
194
```
viscapi's avatar
viscapi committed
195
196

The ansible-playbook command will then ask you to input two passwords in order to decrypt your vaulted variables.