README.md 3.04 KB
Newer Older
1
Read Me
2
3
================

4
1. About
5

viscapi's avatar
viscapi committed
6
Those Ansible roles should allow you to install, from a deployment host, iRODS [4.2.0 - 4.2.8] on one or more CentOS 7.x / 8.x x86_64 hosts. PostgreSQL (9.6 on CentOS 7.x or 10.6 on CentOS 8.x) will be used to serve the iCAT catalogue. All firewalls should be stopped before attempting a deployment.
7

8
2. Ansible installation
9
10

```bash
viscapi's avatar
viscapi committed
11
12
13
yum install python2-pip # en tant que root 
pip install ansible --user # installation initiale
pip install -U ansible --user # mise à jour
14
15
```

16
3. Gitlab repository
17

18
This Gitlab repository is comprised of two Ansible roles:
19
20
21
22

- iRODS
- postgresql

23
4. Fetch the roles
24
25

```bash
26
mkdir -p ansible/{group_vars/{iRODS,all},roles} ; cd ansible
viscapi's avatar
viscapi committed
27
$ git clone https://dci-gitlab.cines.fr/poc_irods/poc-irods.git roles
28
29
```

30
5. Work space on the deployment host
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54

```
ansible
  |
  |_ irods.yml
  |_ irods_hosts
  |
  |_ group_vars
  |       |
  |       |_ iRODS
  |       |    |
  |       |    |_ main.yml
  |       |
  |       |_ all
  |           |
  |           |_ var_pass.yml
  |
  |_ roles
       |
       |_ iRODS
       |
       |_ postgresql
```

55
6. Preparation of the irods.yml playbook
56
57
58
59

```
---

60
- name: Installation of PostgreSQL server
61
62
63
64
65
66
67
68
69
  hosts: irods_database
  roles:
    - postgresql
  become: true
  become_user: root
  become_method: sudo
  vars_files:
  - "group_vars/iRODS/main.yml"

70
- name: Installation of iRODS server
71
72
73
74
75
76
77
78
79
80
81
82
83
  hosts: irods_server
  roles:
    - iRODS
  become: true
  become_user: root
  become_method: sudo
  vars_fles:
  - "group_vars/iRODS/main.yml"

...

```

84
7. Preparation of the irods_hosts inventory file
85

86
iRODS and PostgreSQL may be installed on the same host.
87

88
89
90
91
92
93
94
95
```
[irods_server]
myhost1.mydomain.tld

[irods_data]
myhost2.mydomain.tld

```
96

97
8. Preparation of your vaulted variables
98

99
The values below are given as examples only, you can obviously modify them.
100

101
102
```bash
cd ansible/group_vars/iRODS/
viscapi's avatar
viscapi committed
103
ansible-vault create --vault-id irods@prompt main.yml
104
105
```
```
106
irods_unix_user_name: irods
107
irods_unix_user_id: 
108
irods_unix_group_name: irods
109
110
irods_unix_group_id:
irods_unix_password:
111
selinux_mode: enforcing
112
admin_password:
113
114
115
116
117
irods_zone: TESTZONE
default_resource: demoResc
negotiation_key: "A 32-byte encryption key shared by the zone for use in the advanced negotiation handshake at the beginning of an iRODS client connection"
database_hostname: myhost2.mydomain.tld
database_name: ICAT
118
database_password:
119
120
121
122
database_user: irods
server_control_plane_key: "The encryption key required for communicating with the iRODS grid control plane. Must be 32 bytes long. This must be the same across all iRODS servers in a Zone."
zone_key: "The shared secret used for authentication and identification of server-to-server communication - this can be a string of any length, excluding the use of hyphens, for historical purposes. This must be the same across all iRODS servers in a Zone."
path_to_icat: /data/icat
123
irods_server: the IP of myhost1.mydomain.tld
124
125
```

126
9. Run the playbook
127
128

```bash
viscapi's avatar
viscapi committed
129
cd ansible
130
131
ansible-playbook --key-file=/path/to/your/.ssh/id_rsa -i irods_hosts irods.yml --ask-vault-pass --vault-id irods@prompt
```