From f887426f211e419fbcbbd480f1e5ac66370b8e62 Mon Sep 17 00:00:00 2001
From: Martin van Es <martin@mrvanes.com>
Date: Thu, 10 Feb 2022 14:06:28 +0100
Subject: [PATCH] Add alternate-mdx/mdserver/mdproxy
---
inventory/group_vars/all.yml | 8 ++++
playbook.yml | 14 ++++---
roles/alternate-mdx/defaults/main.yml | 6 +++
roles/alternate-mdx/tasks/main.yml | 21 ++++++++++
roles/mdproxy/handlers/main.yml | 7 ++++
roles/mdproxy/tasks/main.yml | 15 +++++++
roles/mdproxy/templates/mdproxy.service.j2 | 15 +++++++
roles/mdproxy/templates/mdproxy.yaml.j2 | 2 +
roles/mdserver/handlers/main.yml | 7 ++++
roles/mdserver/tasks/main.yml | 43 ++++++++++++++++++++
roles/mdserver/templates/mdserver.service.j2 | 15 +++++++
roles/mdserver/templates/mdserver.yaml.j2 | 2 +
12 files changed, 149 insertions(+), 6 deletions(-)
create mode 100644 roles/alternate-mdx/defaults/main.yml
create mode 100644 roles/alternate-mdx/tasks/main.yml
create mode 100644 roles/mdproxy/handlers/main.yml
create mode 100644 roles/mdproxy/tasks/main.yml
create mode 100644 roles/mdproxy/templates/mdproxy.service.j2
create mode 100644 roles/mdproxy/templates/mdproxy.yaml.j2
create mode 100644 roles/mdserver/handlers/main.yml
create mode 100644 roles/mdserver/tasks/main.yml
create mode 100644 roles/mdserver/templates/mdserver.service.j2
create mode 100644 roles/mdserver/templates/mdserver.yaml.j2
diff --git a/inventory/group_vars/all.yml b/inventory/group_vars/all.yml
index 4f11918..22c5b06 100644
--- a/inventory/group_vars/all.yml
+++ b/inventory/group_vars/all.yml
@@ -3,3 +3,11 @@
hosts:
alternative-mdx.pt-76.utr.surfcloud.nl:
hostname: srv4
+ mdserver:
+ test:
+ signer: normal_signer
+ metadir: metadata/test
+ mdproxy:
+ test:
+ signer: 'http://localhost:5001'
+
diff --git a/playbook.yml b/playbook.yml
index e2bd310..1b3801f 100644
--- a/playbook.yml
+++ b/playbook.yml
@@ -2,24 +2,26 @@
- hosts: all
gather_facts: true
roles:
- - {role: base, tage: ['base']}
+ - {role: base, tage: ['base']}
- name: geoDNS
hosts: geodns
gather_facts: false
roles:
- - {role: geodns, tags: ['geodns']}
+ - {role: geodns, tags: ['geodns']}
- name: MDServer
hosts: mdserver
gather_facts: false
roles:
- - {role: apache, tags: ['apache']}
- #- {role: mdserver, tags: ['mdserver']}
+ - {role: apache, tags: ['apache']}
+ - {role: alternate-mdx, tags: ['altmdx']}
+ - {role: mdserver, tags: ['mdserver']}
- name: MDProxy
hosts: mdproxy
gather_facts: false
roles:
- - {role: apache, tags: ['apache']}
- #- {role: mdproxy, tags: ['mdproxy']}
+ - {role: apache, tags: ['apache']}
+ - {role: alternate-mdx, tags: ['altmdx']}
+ - {role: mdproxy, tags: ['mdproxy']}
diff --git a/roles/alternate-mdx/defaults/main.yml b/roles/alternate-mdx/defaults/main.yml
new file mode 100644
index 0000000..fbb1c27
--- /dev/null
+++ b/roles/alternate-mdx/defaults/main.yml
@@ -0,0 +1,6 @@
+---
+
+altmdx_repo: https://gitlab.geant.org/TI_Incubator/alternate-mdx.git
+altmdx_version: master
+altmdx_dir: /opt/alternate-mdx
+altmdx_metadir: "{{ altmdx_dir }}/metadata"
diff --git a/roles/alternate-mdx/tasks/main.yml b/roles/alternate-mdx/tasks/main.yml
new file mode 100644
index 0000000..0ceef43
--- /dev/null
+++ b/roles/alternate-mdx/tasks/main.yml
@@ -0,0 +1,21 @@
+---
+
+- name: Install packages
+ apt:
+ state: present
+ name:
+ - virtualenv
+ - python3-virtualenv
+ - swig
+
+- name: Clone alternative-mdx repository
+ ansible.builtin.git:
+ repo: "{{ altmdx_repo }}"
+ dest: "{{ altmdx_dir }}"
+ version: "{{ altmdx_version }}"
+ register: altmdx_git
+
+- name: Create python virtualenv
+ ansible.builtin.pip:
+ virtualenv: "{{ altmdx_dir }}"
+ requirements: "{{ altmdx_dir }}/requirements.txt"
diff --git a/roles/mdproxy/handlers/main.yml b/roles/mdproxy/handlers/main.yml
new file mode 100644
index 0000000..0111a86
--- /dev/null
+++ b/roles/mdproxy/handlers/main.yml
@@ -0,0 +1,7 @@
+---
+- name: enable mdproxy job
+ systemd:
+ name: "mdproxy.service"
+ enabled: true
+ state: "restarted"
+ daemon_reload: true
diff --git a/roles/mdproxy/tasks/main.yml b/roles/mdproxy/tasks/main.yml
new file mode 100644
index 0000000..8d6cadb
--- /dev/null
+++ b/roles/mdproxy/tasks/main.yml
@@ -0,0 +1,15 @@
+---
+
+- name: Create mdproxy config
+ ansible.builtin.template:
+ src: "mdproxy.yaml.j2"
+ dest: "{{ altmdx_dir }}/mdproxy.yaml"
+ notify:
+ - "enable mdproxy job"
+
+- name: Copy mdproxy service files
+ ansible.builtin.template:
+ src: "mdproxy.service.j2"
+ dest: "/etc/systemd/system/mdproxy.service"
+ notify:
+ - "enable mdproxy job"
diff --git a/roles/mdproxy/templates/mdproxy.service.j2 b/roles/mdproxy/templates/mdproxy.service.j2
new file mode 100644
index 0000000..a411e2f
--- /dev/null
+++ b/roles/mdproxy/templates/mdproxy.service.j2
@@ -0,0 +1,15 @@
+[Unit]
+Description=MDProxy
+After=syslog.target network.target
+
+[Service]
+Type=simple
+WorkingDirectory={{ altmdx_dir }}
+ExecStart={{ altmdx_dir }}/bin/python -u mdproxy.py
+ExecReload=/bin/kill -HUP $MAINPID
+Restart=on-failure
+RestartSec=10
+SyslogIdentifier=mdproxy
+
+[Install]
+WantedBy=multi-user.target
diff --git a/roles/mdproxy/templates/mdproxy.yaml.j2 b/roles/mdproxy/templates/mdproxy.yaml.j2
new file mode 100644
index 0000000..e17c6fe
--- /dev/null
+++ b/roles/mdproxy/templates/mdproxy.yaml.j2
@@ -0,0 +1,2 @@
+---
+{{ hosts[inventory_hostname]['mdproxy'] | tojson }}
diff --git a/roles/mdserver/handlers/main.yml b/roles/mdserver/handlers/main.yml
new file mode 100644
index 0000000..8f6dc76
--- /dev/null
+++ b/roles/mdserver/handlers/main.yml
@@ -0,0 +1,7 @@
+---
+- name: enable mdserver job
+ systemd:
+ name: "mdserver.service"
+ enabled: true
+ state: "restarted"
+ daemon_reload: true
diff --git a/roles/mdserver/tasks/main.yml b/roles/mdserver/tasks/main.yml
new file mode 100644
index 0000000..9bbf971
--- /dev/null
+++ b/roles/mdserver/tasks/main.yml
@@ -0,0 +1,43 @@
+---
+
+- name: Create mdserver config
+ ansible.builtin.template:
+ src: "mdserver.yaml.j2"
+ dest: "{{ altmdx_dir }}/mdserver.yaml"
+ notify:
+ - "enable mdserver job"
+
+- name: Create metadata dir
+ ansible.builtin.file:
+ path: "{{ altmdx_metadir }}"
+ state: directory
+ mode: '0755'
+
+- name: Create metadata subdirs
+ ansible.builtin.file:
+ path: "{{ altmdx_metadir }}/{{ item.key }}"
+ state: directory
+ mode: '0755'
+ with_dict: "{{ hosts[inventory_hostname]['mdserver'] }}"
+
+- name: Check existence of metadata signing cert
+ stat:
+ path: "{{ altmdx_metadir }}/meta.crt"
+ register: mdcert
+
+- name: create self-signed Metadata Signing SSL certs
+ shell: >
+ openssl genrsa -out "{{ altmdx_dir }}/meta.key" 2048;
+ openssl req -new -nodes -x509 -subj "/C=NL/CN=metadata"
+ -days 3650 -key "{{ altmdx_dir }}/meta.key"
+ -out "{{ altmdx_dir }}/meta.crt" -extensions v3_ca
+ args:
+ creates: "{{ altmdx_dir }}/meta.crt"
+ when: not mdcert.stat.exists
+
+- name: Copy mdserver service files
+ ansible.builtin.template:
+ src: "mdserver.service.j2"
+ dest: "/etc/systemd/system/mdserver.service"
+ notify:
+ - "enable mdserver job"
diff --git a/roles/mdserver/templates/mdserver.service.j2 b/roles/mdserver/templates/mdserver.service.j2
new file mode 100644
index 0000000..6c6fb26
--- /dev/null
+++ b/roles/mdserver/templates/mdserver.service.j2
@@ -0,0 +1,15 @@
+[Unit]
+Description=MDServer
+After=syslog.target network.target
+
+[Service]
+Type=simple
+WorkingDirectory={{ altmdx_dir }}
+ExecStart={{ altmdx_dir }}/bin/python -u mdserver.py
+ExecReload=/bin/kill -HUP $MAINPID
+Restart=on-failure
+RestartSec=10
+SyslogIdentifier=mdserver
+
+[Install]
+WantedBy=multi-user.target
diff --git a/roles/mdserver/templates/mdserver.yaml.j2 b/roles/mdserver/templates/mdserver.yaml.j2
new file mode 100644
index 0000000..b8fa37f
--- /dev/null
+++ b/roles/mdserver/templates/mdserver.yaml.j2
@@ -0,0 +1,2 @@
+---
+{{ hosts[inventory_hostname]['mdserver'] | to_yaml }}
--
GitLab