Commit 6e0d8426 authored by viscapi's avatar viscapi
Browse files

Added a lot of details to README.md

parent 40b0217f
......@@ -3,14 +3,14 @@ Read Me
1. About
Those Ansible roles should allow you to install, from a deployment host, iRODS [4.2.0 - 4.2.8] on one or more CentOS 7.x / 8.x x86_64 hosts. PostgreSQL (9.6 on CentOS 7.x or 10.6 on CentOS 8.x) will be used to serve the iCAT catalogue. All firewalls should be stopped before attempting a deployment.
Those Ansible roles allow you to install, from a deployment host, iRODS [4.2.0 - 4.2.8] on one or more CentOS 7.x x86_64 hosts. The iRODS role is compatible with both provider and consumer installation modes. PostgreSQL (9.6 on CentOS 7.x or 10.6 on CentOS 8.x) will be used to serve the iCAT catalogue. All firewalls should be stopped before attempting a deployment.
2. Ansible installation
```bash
yum install python2-pip # en tant que root
pip install ansible --user # installation initiale
pip install -U ansible --user # mise à jour
yum install python2-pip # as root
pip install ansible --user # first installation
pip install -U ansible --user # update
```
3. Gitlab repository
......@@ -23,7 +23,7 @@ This Gitlab repository is comprised of two Ansible roles:
4. Fetch the roles
```bash
mkdir -p ansible/{group_vars/{iRODS,all},roles} ; cd ansible
mkdir -p ansible/{group_vars/{iRODS,all},host_vars,roles} ; cd ansible
$ git clone https://dci-gitlab.cines.fr/poc_irods/poc-irods.git roles
```
......@@ -45,6 +45,10 @@ ansible
| |
| |_ var_pass.yml
|
|_ host_vars
| |
| |_ myhost1.mydomain.tld
|
|_ roles
|
|_ iRODS
......@@ -52,6 +56,28 @@ ansible
|_ postgresql
```
N.B: privilege escalation (sudo) relies on the "ansible_become_password" variable in group_vars/all/var_pass.yml file (it should be vaulted):
```bash
cd ansible/group_vars/all/
ansible-vault create var_pass.yml
```
```
---
ansible_become_password: your password to become root on the target machines
...
```
N.B: The provider / consumer installation mode is handled with the "irods_server_mode" variable in host_vars/myhost1.mydomain.tld file:
```
irods_server_mode: provider
```
6. Preparation of the irods.yml playbook
```
......@@ -89,7 +115,7 @@ iRODS and PostgreSQL may be installed on the same host.
[irods_server]
myhost1.mydomain.tld
[irods_data]
[irods_database]
myhost2.mydomain.tld
```
......@@ -103,29 +129,65 @@ cd ansible/group_vars/iRODS/
ansible-vault create --vault-id irods@prompt main.yml
```
```
irods_unix_user_name: irods
irods_unix_user_id:
irods_unix_group_name: irods
irods_unix_group_id:
irods_unix_password:
selinux_mode: enforcing
---
# Passwords
admin_password:
negotiation_key:
server_control_plane_key:
zone_key:
irods_unix_password:
database_password:
# Hosts
database_hostname: myhost2.mydomain.tld
provider_hostname: myhost1.mydomain.tld
provider_ip:
# Users and groups
postgresql_unix_group_name: postgres
postgresql_unix_user_name: postgres
irods_unix_group_name: irods
irods_unix_user_name: irods
irods_unix_group_id:
irods_unix_user_id:
database_user: irodsdb
# iRODS
irods_version: 4.2.8
path_to_data: /irods/data
path_to_icat: /irods/icat
irods_zone: TESTZONE
default_resource: demoResc
negotiation_key: "A 32-byte encryption key shared by the zone for use in the advanced negotiation handshake at the beginning of an iRODS client connection"
database_hostname: myhost2.mydomain.tld
database_name: ICAT
database_password:
database_user: irods
server_control_plane_key: "The encryption key required for communicating with the iRODS grid control plane. Must be 32 bytes long. This must be the same across all iRODS servers in a Zone."
zone_key: "The shared secret used for authentication and identification of server-to-server communication - this can be a string of any length, excluding the use of hyphens, for historical purposes. This must be the same across all iRODS servers in a Zone."
path_to_icat: /data/icat
irods_server: the IP of myhost1.mydomain.tld
# Misc
selinux_mode: enforcing
...
```
9. SSH keys
Ansible has only two dependencies: SSH and Python. For that reason you need to generate a pair of SSH keys (without password) on the deployment host and copy the public part of it to each target machines:
```
ssh-keygen -b 2018 -t rsa -C "Some comment" -f /home/user/.ssh/ansible_id_rsa
ssh-copy-id -i /home/user/.ssh/ansible_id_rsa.pub user@myhost1.mydomain.tld
ssh-copy-id -i /home/user/.ssh/ansible_id_rsa.pub user@myhost2.mydomain.tld
9. Run the playbook
```
N.B: if SELinux is set to "enforcing", please don't forget to run "/usr/sbin/restorecon -r -v .ssh" on each target machine, else your public key won't work.
10. Run the playbook
```bash
cd ansible
ansible-playbook --key-file=/path/to/your/.ssh/id_rsa -i irods_hosts irods.yml --ask-vault-pass --vault-id irods@prompt
```
The ansible-playbook command will then ask you to input two passwords in order to decrypt your vaulted variables.
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment