m1yag1/group_vars.yml

## group_vars.yml
# gcsv5-setup
globus_organization: Mike A.
globus_users:
  - user: mike.a
    group: mike.a
globus_contact_email: mike.a@globus.org
globus_domain: globus.org
globus_owner: "{{ vault_globus_owner }}"
globus_project_id: "{{ vault_globus_project_id }}"
gcs_cli_client_id: "{{ vault_gcs_cli_client_id }}"
gcs_cli_client_secret: "{{ vault_gcs_cli_client_secret }}"
globus_transfer_hosts: "{{ vault_globus_transfer_hosts }}"
globus_sdk_environment: sandbox
globus_os_environment:
  - key: GLOBUS_SDK_ENVIRONMENT
    value: "{{ globus_sdk_environment }}"

globus_test_files:
  - name: file1.txt
    content: file1
  - name: file2.txt
    content: file2
  - name: file3.txt
    content: file3

## main.yml
---
- name: Update hosts file if variable is set
  become: true
  lineinfile:
    dest: /etc/hosts
    regexp: '^{{ item.hostname }}'
    line: '{{ item.ip }} {{ item.hostname }}'
    state: present
  loop: "{{ globus_transfer_hosts }}"
  when: globus_transfer_hosts is defined

- name: Set Globus environment variables
  become: yes
  lineinfile:
    dest: "/etc/environment"
    state: present
    regexp: "^{{ item.key }}="
    line: "{{ item.key }}={{ item.value }}"
  with_items: "{{ globus_os_environment }}"
  when: globus_os_environment is defined

- name: Create globus users with home dir
  become: yes
  user:
    name: "{{ item.user }}"
    createhome: true
    home: "/home/{{ item.user }}"
  with_items: "{{ globus_users }}"

- name: Check if deployment key file exists
  stat:
    path: "{{ ansible_env.HOME }}/deployment-key.json"
  register: deployment_key_file

- name: Create a gcs endpoint
  command: |
    globus-connect-server endpoint setup \
      --organization "{{ globus_organization }}"
      --contact-email "{{ globus_contact_email }}"
      --project-id "{{ globus_project_id }}"
      --owner "{{ globus_owner }}"
      --agree-to-letsencrypt-tos \
      --deployment-key "{{ ansible_env.HOME }}/deployment-key.json" \
      "{{ ec2_instance_name }}"
  when: not deployment_key_file.stat.exists

- name: Register the endpoint id
  command: jq -r .client_id {{ ansible_env.HOME }}/deployment-key.json
  register: gcs_endpoint_id

- name: Create the GCS node
  become: yes
  become_flags: "--preserve-env"
  shell: |
    globus-connect-server node setup
    touch "{{ ansible_env.HOME }}/.gcs_node_setup"
  args:
    creates: "{{ ansible_env.HOME }}/.gcs_node_setup"

- name: Register the endpoint subscription
  environment:
    GCS_CLI_ENDPOINT_ID: "{{ gcs_endpoint_id.stdout }}"
  shell: |
    globus-connect-server endpoint set-subscription-id "{{ globus_subscription_id }}"
    touch {{ ansible_env.HOME }}/.gcs_subscription
  args:
    creates: "{{ ansible_env.HOME }}/.gcs_subscription"
  when: globus_subscription_id is defined

- name: Create the identity-mapping.json file locally
  template:
    src: identity-mapping.json
    dest: "{{ ansible_env.HOME }}/identity-mapping.json"

- name: Create the .env file useful for troubleshooting
  template:
    src: .env.j2
    dest: "{{ ansible_env.HOME }}/.env"

- name: Create a POSIX GCS storage gateway
  environment:
    GCS_CLI_ENDPOINT_ID: "{{ gcs_endpoint_id.stdout }}"
  shell: |
    globus-connect-server storage-gateway create posix \
      "{{ ec2_instance_name }} Gateway" \
      --domain "{{ globus_domain }}" \
      --domain "{{ globus_client_domain }}" \
      --identity-mapping file:identity-mapping.json \
      --authentication-timeout-mins $((60 * 24 * 30)) \
      --user-deny root \
      {% if is_high_assurance -%}
      --high-assurance \
      {%- endif %}
      --format json | jq -r .id > {{ ansible_env.HOME }}/.gcs_storage_gateway
  args:
    creates: "{{ ansible_env.HOME }}/.gcs_storage_gateway"

- name: Register the storage_gateway_id
  command: cat {{ ansible_env.HOME }}/.gcs_storage_gateway
  register: gcs_storage_gateway_id

- name: Create a mapped collection
  environment:
    GCS_CLI_ENDPOINT_ID: "{{ gcs_endpoint_id.stdout }}"
  shell:
    globus-connect-server collection create \
    "{{ gcs_storage_gateway_id.stdout }}" / "{{ ec2_instance_name }} mapped collection" \
    --organization "{{ globus_organization }}" \
    --contact-email "{{ globus_contact_email }}" \
    --enable-https \
    --allow-guest-collections \
    --format json > "{{ ansible_env.HOME }}/.gcs_mapped_collection"
  args:
    creates: "{{ ansible_env.HOME }}/.gcs_mapped_collection"

- name: Create test folder structure /share/godata
  become: yes
  file:
    path: "/home/{{ item.user }}/share/godata"
    state: directory
    owner: "{{ item.user }}"
    group: "{{ item.group }}"
  with_items: "{{ globus_users }}"

- name: Create directory with no permissions
  become: yes
  file:
    path: "/home/{{ item.user }}/no_permissions/godata"
    state: directory
    mode: 000
  with_items: "{{ globus_users }}"

- name: Create test files
  become: yes
  copy:
    content: "{{ item.content }}"
    dest: "/home/{{ item.user }}/share/godata/{{ item.name }}"
    owner: "{{ item.user }}"
    group: "{{ item.group }}"
  with_items: "{{ globus_test_files | product(globus_users) | map('combine') }}"
	# gcsv5-setup
	globus_organization: Mike A.
	globus_users:
	- user: mike.a
	group: mike.a
	globus_contact_email: mike.a@globus.org
	globus_domain: globus.org
	globus_owner: "{{ vault_globus_owner }}"
	globus_project_id: "{{ vault_globus_project_id }}"
	gcs_cli_client_id: "{{ vault_gcs_cli_client_id }}"
	gcs_cli_client_secret: "{{ vault_gcs_cli_client_secret }}"
	globus_transfer_hosts: "{{ vault_globus_transfer_hosts }}"
	globus_sdk_environment: sandbox
	globus_os_environment:
	- key: GLOBUS_SDK_ENVIRONMENT
	value: "{{ globus_sdk_environment }}"

	globus_test_files:
	- name: file1.txt
	content: file1
	- name: file2.txt
	content: file2
	- name: file3.txt
	content: file3
	---
	- name: Update hosts file if variable is set
	become: true
	lineinfile:
	dest: /etc/hosts
	regexp: '^{{ item.hostname }}'
	line: '{{ item.ip }} {{ item.hostname }}'
	state: present
	loop: "{{ globus_transfer_hosts }}"
	when: globus_transfer_hosts is defined

	- name: Set Globus environment variables
	become: yes
	lineinfile:
	dest: "/etc/environment"
	state: present
	regexp: "^{{ item.key }}="
	line: "{{ item.key }}={{ item.value }}"
	with_items: "{{ globus_os_environment }}"
	when: globus_os_environment is defined

	- name: Create globus users with home dir
	become: yes
	user:
	name: "{{ item.user }}"
	createhome: true
	home: "/home/{{ item.user }}"
	with_items: "{{ globus_users }}"

	- name: Check if deployment key file exists
	stat:
	path: "{{ ansible_env.HOME }}/deployment-key.json"
	register: deployment_key_file

	- name: Create a gcs endpoint
	command: \|
	globus-connect-server endpoint setup \
	--organization "{{ globus_organization }}"
	--contact-email "{{ globus_contact_email }}"
	--project-id "{{ globus_project_id }}"
	--owner "{{ globus_owner }}"
	--agree-to-letsencrypt-tos \
	--deployment-key "{{ ansible_env.HOME }}/deployment-key.json" \
	"{{ ec2_instance_name }}"
	when: not deployment_key_file.stat.exists

	- name: Register the endpoint id
	command: jq -r .client_id {{ ansible_env.HOME }}/deployment-key.json
	register: gcs_endpoint_id

	- name: Create the GCS node
	become: yes
	become_flags: "--preserve-env"
	shell: \|
	globus-connect-server node setup
	touch "{{ ansible_env.HOME }}/.gcs_node_setup"
	args:
	creates: "{{ ansible_env.HOME }}/.gcs_node_setup"

	- name: Register the endpoint subscription
	environment:
	GCS_CLI_ENDPOINT_ID: "{{ gcs_endpoint_id.stdout }}"
	shell: \|
	globus-connect-server endpoint set-subscription-id "{{ globus_subscription_id }}"
	touch {{ ansible_env.HOME }}/.gcs_subscription
	args:
	creates: "{{ ansible_env.HOME }}/.gcs_subscription"
	when: globus_subscription_id is defined

	- name: Create the identity-mapping.json file locally
	template:
	src: identity-mapping.json
	dest: "{{ ansible_env.HOME }}/identity-mapping.json"

	- name: Create the .env file useful for troubleshooting
	template:
	src: .env.j2
	dest: "{{ ansible_env.HOME }}/.env"

	- name: Create a POSIX GCS storage gateway
	environment:
	GCS_CLI_ENDPOINT_ID: "{{ gcs_endpoint_id.stdout }}"
	shell: \|
	globus-connect-server storage-gateway create posix \
	"{{ ec2_instance_name }} Gateway" \
	--domain "{{ globus_domain }}" \
	--domain "{{ globus_client_domain }}" \
	--identity-mapping file:identity-mapping.json \
	--authentication-timeout-mins $((60 * 24 * 30)) \
	--user-deny root \
	{% if is_high_assurance -%}
	--high-assurance \
	{%- endif %}
	--format json \| jq -r .id > {{ ansible_env.HOME }}/.gcs_storage_gateway
	args:
	creates: "{{ ansible_env.HOME }}/.gcs_storage_gateway"

	- name: Register the storage_gateway_id
	command: cat {{ ansible_env.HOME }}/.gcs_storage_gateway
	register: gcs_storage_gateway_id

	- name: Create a mapped collection
	environment:
	GCS_CLI_ENDPOINT_ID: "{{ gcs_endpoint_id.stdout }}"
	shell:
	globus-connect-server collection create \
	"{{ gcs_storage_gateway_id.stdout }}" / "{{ ec2_instance_name }} mapped collection" \
	--organization "{{ globus_organization }}" \
	--contact-email "{{ globus_contact_email }}" \
	--enable-https \
	--allow-guest-collections \
	--format json > "{{ ansible_env.HOME }}/.gcs_mapped_collection"
	args:
	creates: "{{ ansible_env.HOME }}/.gcs_mapped_collection"

	- name: Create test folder structure /share/godata
	become: yes
	file:
	path: "/home/{{ item.user }}/share/godata"
	state: directory
	owner: "{{ item.user }}"
	group: "{{ item.group }}"
	with_items: "{{ globus_users }}"

	- name: Create directory with no permissions
	become: yes
	file:
	path: "/home/{{ item.user }}/no_permissions/godata"
	state: directory
	mode: 000
	with_items: "{{ globus_users }}"

	- name: Create test files
	become: yes
	copy:
	content: "{{ item.content }}"
	dest: "/home/{{ item.user }}/share/godata/{{ item.name }}"
	owner: "{{ item.user }}"
	group: "{{ item.group }}"
	with_items: "{{ globus_test_files \| product(globus_users) \| map('combine') }}"