Last active
April 10, 2024 21:59
-
-
Save m1yag1/cf9e697e8c73b7171024ec5b1e9bcb63 to your computer and use it in GitHub Desktop.
Ansible tasks to setup GCSv5 for testing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# gcsv5-setup | |
globus_organization: Mike A. | |
globus_users: | |
- user: mike.a | |
group: mike.a | |
globus_contact_email: mike.a@globus.org | |
globus_domain: globus.org | |
globus_owner: "{{ vault_globus_owner }}" | |
globus_project_id: "{{ vault_globus_project_id }}" | |
gcs_cli_client_id: "{{ vault_gcs_cli_client_id }}" | |
gcs_cli_client_secret: "{{ vault_gcs_cli_client_secret }}" | |
globus_transfer_hosts: "{{ vault_globus_transfer_hosts }}" | |
globus_sdk_environment: sandbox | |
globus_os_environment: | |
- key: GLOBUS_SDK_ENVIRONMENT | |
value: "{{ globus_sdk_environment }}" | |
globus_test_files: | |
- name: file1.txt | |
content: file1 | |
- name: file2.txt | |
content: file2 | |
- name: file3.txt | |
content: file3 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
- name: Update hosts file if variable is set | |
become: true | |
lineinfile: | |
dest: /etc/hosts | |
regexp: '^{{ item.hostname }}' | |
line: '{{ item.ip }} {{ item.hostname }}' | |
state: present | |
loop: "{{ globus_transfer_hosts }}" | |
when: globus_transfer_hosts is defined | |
- name: Set Globus environment variables | |
become: yes | |
lineinfile: | |
dest: "/etc/environment" | |
state: present | |
regexp: "^{{ item.key }}=" | |
line: "{{ item.key }}={{ item.value }}" | |
with_items: "{{ globus_os_environment }}" | |
when: globus_os_environment is defined | |
- name: Create globus users with home dir | |
become: yes | |
user: | |
name: "{{ item.user }}" | |
createhome: true | |
home: "/home/{{ item.user }}" | |
with_items: "{{ globus_users }}" | |
- name: Check if deployment key file exists | |
stat: | |
path: "{{ ansible_env.HOME }}/deployment-key.json" | |
register: deployment_key_file | |
- name: Create a gcs endpoint | |
command: | | |
globus-connect-server endpoint setup \ | |
--organization "{{ globus_organization }}" | |
--contact-email "{{ globus_contact_email }}" | |
--project-id "{{ globus_project_id }}" | |
--owner "{{ globus_owner }}" | |
--agree-to-letsencrypt-tos \ | |
--deployment-key "{{ ansible_env.HOME }}/deployment-key.json" \ | |
"{{ ec2_instance_name }}" | |
when: not deployment_key_file.stat.exists | |
- name: Register the endpoint id | |
command: jq -r .client_id {{ ansible_env.HOME }}/deployment-key.json | |
register: gcs_endpoint_id | |
- name: Create the GCS node | |
become: yes | |
become_flags: "--preserve-env" | |
shell: | | |
globus-connect-server node setup | |
touch "{{ ansible_env.HOME }}/.gcs_node_setup" | |
args: | |
creates: "{{ ansible_env.HOME }}/.gcs_node_setup" | |
- name: Register the endpoint subscription | |
environment: | |
GCS_CLI_ENDPOINT_ID: "{{ gcs_endpoint_id.stdout }}" | |
shell: | | |
globus-connect-server endpoint set-subscription-id "{{ globus_subscription_id }}" | |
touch {{ ansible_env.HOME }}/.gcs_subscription | |
args: | |
creates: "{{ ansible_env.HOME }}/.gcs_subscription" | |
when: globus_subscription_id is defined | |
- name: Create the identity-mapping.json file locally | |
template: | |
src: identity-mapping.json | |
dest: "{{ ansible_env.HOME }}/identity-mapping.json" | |
- name: Create the .env file useful for troubleshooting | |
template: | |
src: .env.j2 | |
dest: "{{ ansible_env.HOME }}/.env" | |
- name: Create a POSIX GCS storage gateway | |
environment: | |
GCS_CLI_ENDPOINT_ID: "{{ gcs_endpoint_id.stdout }}" | |
shell: | | |
globus-connect-server storage-gateway create posix \ | |
"{{ ec2_instance_name }} Gateway" \ | |
--domain "{{ globus_domain }}" \ | |
--domain "{{ globus_client_domain }}" \ | |
--identity-mapping file:identity-mapping.json \ | |
--authentication-timeout-mins $((60 * 24 * 30)) \ | |
--user-deny root \ | |
{% if is_high_assurance -%} | |
--high-assurance \ | |
{%- endif %} | |
--format json | jq -r .id > {{ ansible_env.HOME }}/.gcs_storage_gateway | |
args: | |
creates: "{{ ansible_env.HOME }}/.gcs_storage_gateway" | |
- name: Register the storage_gateway_id | |
command: cat {{ ansible_env.HOME }}/.gcs_storage_gateway | |
register: gcs_storage_gateway_id | |
- name: Create a mapped collection | |
environment: | |
GCS_CLI_ENDPOINT_ID: "{{ gcs_endpoint_id.stdout }}" | |
shell: | |
globus-connect-server collection create \ | |
"{{ gcs_storage_gateway_id.stdout }}" / "{{ ec2_instance_name }} mapped collection" \ | |
--organization "{{ globus_organization }}" \ | |
--contact-email "{{ globus_contact_email }}" \ | |
--enable-https \ | |
--allow-guest-collections \ | |
--format json > "{{ ansible_env.HOME }}/.gcs_mapped_collection" | |
args: | |
creates: "{{ ansible_env.HOME }}/.gcs_mapped_collection" | |
- name: Create test folder structure /share/godata | |
become: yes | |
file: | |
path: "/home/{{ item.user }}/share/godata" | |
state: directory | |
owner: "{{ item.user }}" | |
group: "{{ item.group }}" | |
with_items: "{{ globus_users }}" | |
- name: Create directory with no permissions | |
become: yes | |
file: | |
path: "/home/{{ item.user }}/no_permissions/godata" | |
state: directory | |
mode: 000 | |
with_items: "{{ globus_users }}" | |
- name: Create test files | |
become: yes | |
copy: | |
content: "{{ item.content }}" | |
dest: "/home/{{ item.user }}/share/godata/{{ item.name }}" | |
owner: "{{ item.user }}" | |
group: "{{ item.group }}" | |
with_items: "{{ globus_test_files | product(globus_users) | map('combine') }}" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment