Add alternate-mdx/mdserver/mdproxy

f887426f · Martin van Es · 5b40c488 · f887426f · f887426f · f887426f
Commit f887426f authored 3 years ago by Martin van Es
--- a/inventory/group_vars/all.yml
+++ b/inventory/group_vars/all.yml
@@ -3,3 +3,11 @@
 hosts:
  alternative-mdx.pt-76.utr.surfcloud.nl:
    hostname: srv4
+    mdserver:
+      test:
+        signer: normal_signer
+        metadir: metadata/test
+    mdproxy:
+      test:
+        signer: 'http://localhost:5001'
--- a/playbook.yml
+++ b/playbook.yml
@@ -2,24 +2,26 @@
 - hosts: all
  gather_facts: true
  roles:
-    - {role: base,      tage: ['base']}
+    - {role: base,          tage: ['base']}
 - name: geoDNS
  hosts: geodns
  gather_facts: false
  roles:
-    - {role: geodns,    tags: ['geodns']}
+    - {role: geodns,        tags: ['geodns']}
 - name: MDServer
  hosts: mdserver
  gather_facts: false
  roles:
-    - {role: apache,    tags: ['apache']}
+    - {role: apache,        tags: ['apache']}
-    #- {role: mdserver,  tags: ['mdserver']}
+    - {role: alternate-mdx, tags: ['altmdx']}
+    - {role: mdserver,      tags: ['mdserver']}
 - name: MDProxy
  hosts: mdproxy
  gather_facts: false
  roles:
-    - {role: apache,    tags: ['apache']}
+    - {role: apache,        tags: ['apache']}
-    #- {role: mdproxy,   tags: ['mdproxy']}
+    - {role: alternate-mdx, tags: ['altmdx']}
+    - {role: mdproxy,       tags: ['mdproxy']}
--- a/roles/alternate-mdx/defaults/main.yml
+++ b/roles/alternate-mdx/defaults/main.yml
+---
+altmdx_repo: https://gitlab.geant.org/TI_Incubator/alternate-mdx.git
+altmdx_version: master
+altmdx_dir: /opt/alternate-mdx
+altmdx_metadir: "{{ altmdx_dir }}/metadata"
--- a/roles/alternate-mdx/tasks/main.yml
+++ b/roles/alternate-mdx/tasks/main.yml
+---
+- name: Install packages
+  apt:
+    state: present
+    name:
+      - virtualenv
+      - python3-virtualenv
+      - swig
+- name: Clone alternative-mdx repository
+  ansible.builtin.git:
+    repo: "{{ altmdx_repo }}"
+    dest: "{{ altmdx_dir }}"
+    version: "{{ altmdx_version }}"
+  register: altmdx_git
+- name: Create python virtualenv
+  ansible.builtin.pip:
+    virtualenv: "{{ altmdx_dir }}"
+    requirements: "{{ altmdx_dir }}/requirements.txt"
--- a/roles/mdproxy/handlers/main.yml
+++ b/roles/mdproxy/handlers/main.yml
+---
+- name: enable mdproxy job
+  systemd:
+    name: "mdproxy.service"
+    enabled: true
+    state: "restarted"
+    daemon_reload: true
--- a/roles/mdproxy/tasks/main.yml
+++ b/roles/mdproxy/tasks/main.yml
+---
+- name: Create mdproxy config
+  ansible.builtin.template:
+    src: "mdproxy.yaml.j2"
+    dest: "{{ altmdx_dir }}/mdproxy.yaml"
+  notify:
+    - "enable mdproxy job"
+- name: Copy mdproxy service files
+  ansible.builtin.template:
+    src: "mdproxy.service.j2"
+    dest: "/etc/systemd/system/mdproxy.service"
+  notify:
+    - "enable mdproxy job"
--- a/roles/mdproxy/templates/mdproxy.service.j2
+++ b/roles/mdproxy/templates/mdproxy.service.j2
+[Unit]
+Description=MDProxy
+After=syslog.target network.target
+[Service]
+Type=simple
+WorkingDirectory={{ altmdx_dir }}
+ExecStart={{ altmdx_dir }}/bin/python -u mdproxy.py
+ExecReload=/bin/kill -HUP $MAINPID
+Restart=on-failure
+RestartSec=10
+SyslogIdentifier=mdproxy
+[Install]
+WantedBy=multi-user.target
--- a/roles/mdproxy/templates/mdproxy.yaml.j2
+++ b/roles/mdproxy/templates/mdproxy.yaml.j2
+---
+{{ hosts[inventory_hostname]['mdproxy'] | tojson }}
--- a/roles/mdserver/handlers/main.yml
+++ b/roles/mdserver/handlers/main.yml
+---
+- name: enable mdserver job
+  systemd:
+    name: "mdserver.service"
+    enabled: true
+    state: "restarted"
+    daemon_reload: true
--- a/roles/mdserver/tasks/main.yml
+++ b/roles/mdserver/tasks/main.yml
+---
+- name: Create mdserver config
+  ansible.builtin.template:
+    src: "mdserver.yaml.j2"
+    dest: "{{ altmdx_dir }}/mdserver.yaml"
+  notify:
+    - "enable mdserver job"
+- name: Create metadata dir
+  ansible.builtin.file:
+    path: "{{ altmdx_metadir }}"
+    state: directory
+    mode: '0755'
+- name: Create metadata subdirs
+  ansible.builtin.file:
+    path: "{{ altmdx_metadir }}/{{ item.key }}"
+    state: directory
+    mode: '0755'
+  with_dict: "{{ hosts[inventory_hostname]['mdserver'] }}"
+- name: Check existence of metadata signing cert
+  stat:
+    path: "{{ altmdx_metadir }}/meta.crt"
+  register: mdcert
+- name: create self-signed Metadata Signing SSL certs
+  shell: >
+    openssl genrsa -out "{{ altmdx_dir }}/meta.key" 2048;
+    openssl req -new -nodes -x509 -subj "/C=NL/CN=metadata"
+    -days 3650 -key "{{ altmdx_dir }}/meta.key"
+    -out "{{ altmdx_dir }}/meta.crt" -extensions v3_ca
+  args:
+    creates: "{{ altmdx_dir }}/meta.crt"
+  when: not mdcert.stat.exists
+- name: Copy mdserver service files
+  ansible.builtin.template:
+    src: "mdserver.service.j2"
+    dest: "/etc/systemd/system/mdserver.service"
+  notify:
+    - "enable mdserver job"
--- a/roles/mdserver/templates/mdserver.service.j2
+++ b/roles/mdserver/templates/mdserver.service.j2
+[Unit]
+Description=MDServer
+After=syslog.target network.target
+[Service]
+Type=simple
+WorkingDirectory={{ altmdx_dir }}
+ExecStart={{ altmdx_dir }}/bin/python -u mdserver.py
+ExecReload=/bin/kill -HUP $MAINPID
+Restart=on-failure
+RestartSec=10
+SyslogIdentifier=mdserver
+[Install]
+WantedBy=multi-user.target
--- a/roles/mdserver/templates/mdserver.yaml.j2
+++ b/roles/mdserver/templates/mdserver.yaml.j2
+---
+{{ hosts[inventory_hostname]['mdserver'] | to_yaml }}