README.md 4.42 KB
Newer Older
1
Read Me
2
3
================

4
1. About
5

6
These Ansible roles allow you to install, from a deployment host, iRODS [4.2.0 - 4.2.8] on one or more CentOS 7.x / Ubuntu 18.04 x86_64 hosts. The iRODS role is compatible with both provider and consumer installation modes. PostgreSQL (stock versions from the distribution or newer ones) will be used to serve the iCAT catalogue. All firewalls should be stopped before attempting a deployment.
7

8
2. Ansible installation on CentOS
9
10

```bash
11
12
yum install epel-release # as root
yum update # as root
viscapi's avatar
viscapi committed
13
yum install python2-pip # as root
14
pip install --upgrade pip # as root
viscapi's avatar
viscapi committed
15
pip install ansible --user # first installation
viscapi's avatar
viscapi committed
16
pip install -U ansible --user # update
17
18
```

viscapi's avatar
viscapi committed
19
**N.B:** iRODS and postgresql roles are known to work with Ansible 2.10 
20

21
3. Gitlab repository
22

23
This Gitlab repository is comprised of two Ansible roles:
24

viscapi's avatar
viscapi committed
25
- irods
26
27
- postgresql

28
4. Fetch the roles on CentOS
29
30

```bash
31
yum install git # as root
viscapi's avatar
viscapi committed
32
mkdir -p ansible/{group_vars/{iRODS,all},host_vars,roles} ; cd ansible
viscapi's avatar
viscapi committed
33
$ git clone https://dci-gitlab.cines.fr/poc_irods/poc-irods.git roles
34
35
```

36
5. Work space on the deployment host
37
38
39
40
41
42
43
44
45
46

```
ansible
  |
  |_ irods.yml
  |_ irods_hosts
  |
  |_ group_vars
  |       |
  |       |_ iRODS
47
48
49
  |            |
  |            |_ main.yml
  |                             
viscapi's avatar
viscapi committed
50
51
52
53
  |_ host_vars
  |      |
  |      |_ myhost1.mydomain.tld
  |
54
55
  |_ roles
       |
viscapi's avatar
viscapi committed
56
       |_ irods
57
58
59
60
       |
       |_ postgresql
```

61
**N.B:** The provider / consumer installation mode is handled with the "irods_server_mode" variable in host_vars/myhost1.mydomain.tld file:
viscapi's avatar
viscapi committed
62
63
64
65
66
67

```
irods_server_mode: provider

```

68
6. Preparation of the irods.yml playbook
69
70
71
72

```
---

73
- name: Installation of PostgreSQL server
74
75
76
77
78
79
80
81
82
  hosts: irods_database
  roles:
    - postgresql
  become: true
  become_user: root
  become_method: sudo
  vars_files:
  - "group_vars/iRODS/main.yml"

83
- name: Installation of iRODS server
84
85
  hosts: irods_server
  roles:
viscapi's avatar
viscapi committed
86
    - irods
87
88
89
  become: true
  become_user: root
  become_method: sudo
90
  vars_files:
91
92
93
94
95
96
  - "group_vars/iRODS/main.yml"

...

```

97
7. Preparation of the irods_hosts inventory file
98
99
100
101
102

```
[irods_server]
myhost1.mydomain.tld

viscapi's avatar
viscapi committed
103
[irods_database]
104
105
106
myhost2.mydomain.tld

```
viscapi's avatar
viscapi committed
107
**N.B:** iRODS and PostgreSQL may also be installed on the same host.
108

109
8. Preparation of your vaulted variables
110

111
The values below are given as examples only, you can obviously modify them.
112

113
114
```bash
cd ansible/group_vars/iRODS/
viscapi's avatar
viscapi committed
115
ansible-vault create --vault-id irods@prompt main.yml
116
117
```
```
viscapi's avatar
viscapi committed
118
119
120
121
---

# Passwords

122
admin_password:
viscapi's avatar
viscapi committed
123
124
125
negotiation_key:
server_control_plane_key:
zone_key:
126
irods_unix_password: see https://docs.ansible.com/ansible/faq.html#how-do-i-generate-encrypted-passwords-for-the-user-module for details
viscapi's avatar
viscapi committed
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
database_password:

# Hosts

database_hostname: myhost2.mydomain.tld
provider_hostname: myhost1.mydomain.tld
provider_ip:

# Users and groups

postgresql_unix_group_name: postgres
postgresql_unix_user_name: postgres
irods_unix_group_name: irods
irods_unix_user_name: irods
irods_unix_group_id: 
irods_unix_user_id:
database_user: irodsdb

# iRODS

147
irods_version: from 4.2.0 to 4.2.8
148
use_local_mirror: true or false
viscapi's avatar
viscapi committed
149
150
path_to_data: /irods/data
path_to_icat: /irods/icat
151
152
153
irods_zone: TESTZONE
default_resource: demoResc
database_name: ICAT
viscapi's avatar
viscapi committed
154
155
156

# Misc

157
external_postgresql_version: from 9.4 to 13
158
use_external_epel: true or false
159
use_distribution_postgresql: true or false
160
cluster_name: only relevant for PostgreSQL 10 on Ubuntu 18.04
161
selinux_mode: enforcing or permissive
viscapi's avatar
viscapi committed
162
163
164
165
166
167
168
...
```

9. SSH keys

Ansible has only two dependencies: SSH and Python. For that reason you need to generate a pair of SSH keys (without password) on the deployment host and copy the public part of it to each target machines:

169
```
viscapi's avatar
viscapi committed
170
171
172
ssh-keygen -b 2018 -t rsa -C "Some comment" -f /home/user/.ssh/ansible_id_rsa
ssh-copy-id -i /home/user/.ssh/ansible_id_rsa.pub user@myhost1.mydomain.tld
ssh-copy-id -i /home/user/.ssh/ansible_id_rsa.pub user@myhost2.mydomain.tld
173

viscapi's avatar
viscapi committed
174
```
175
**N.B:** if SELinux is set to "enforcing", please don't forget to run "/usr/sbin/restorecon -r -v .ssh" on each target machine, else your public key won't work.
viscapi's avatar
viscapi committed
176
177

10. Run the playbook
178
179

```bash
viscapi's avatar
viscapi committed
180
cd ansible
181
ansible-playbook --key-file=/path/to/your/.ssh/ansible_id_rsa -i irods_hosts irods.yml --vault-id irods@prompt
182
```
viscapi's avatar
viscapi committed
183

184
185
186
The ansible-playbook command will then ask you to input your password in order to decrypt your vaulted variables.

**N.B:** in case you'd need a password to become another user using "sudo", just add the "-K" option to your ansible-playbook command line, and you'll be prompted for it.