Merge pull request #323 from brucellino/master

Fully tested ARGUS role.
AAROC · May 11, 2016 · f1a5fc8 · f1a5fc8
2 parents a0be67f + 18cfa42
commit f1a5fc8
Show file tree

Hide file tree

Showing 6 changed files with 75 additions and 8 deletions.
diff --git a/Ansible/argus.yml b/Ansible/argus.yml
@@ -22,6 +22,12 @@
         - argus-pepd
         - argus-pap
         - argus-pdp
+
+#  These final tasks are not idempotent - one should use lineinfile
     - name: Add Central Banning
       become: true
-      command: pap-admin add-pap --public centralbanning lcg-argus.cern.ch "/DC=ch/DC=cern/OU=computers/CN=argus.cern.ch"
+      command: pap-admin add-pap --public centralbanning lcg-argus.cern.ch '/DC=ch/DC=cern/OU=computers/CN=argus.cern.ch'
+
+    - name: add EGI ACE
+      become: true
+      command: pap-admin add-ace 'CN=srv-111.afroditi.hellasgrid.gr, OU=afroditi.hellasgrid.gr,O=HellasGrid, C=GR' 'POLICY_READ_LOCAL|POLICY_READ_REMOTE|CONFIGURATION_READ'
diff --git a/Ansible/group_vars/argus-servers.yml b/Ansible/group_vars/argus-servers.yml
@@ -1,6 +1,5 @@
-argus_host:
 use_argus: TRUE
-pap_admin_dn: /DC=org/DC=acme/CN=John Doe
+pap_admin_dn: /C=IT/O=INFN/OU=Personal Certificate/L=ZA-MERAKA/CN=Bruce Becker
 # CONFIG_PAP
 # CONFIG_PDP
 # CONFIG_PEP

diff --git a/Ansible/roles/argus/tasks/configure.yml b/Ansible/roles/argus/tasks/configure.yml
@@ -6,7 +6,7 @@
     src: etc/argus/pap/pap_configuration.ini
     dest: /etc/argus/pap/pap_configuration.ini
 
-- name: restart pap
-  become: true
-  command: pap-admin refresh-cache
-  #when:
+# - name: restart pap
+#   become: true
+#   command: pap-admin refresh-cache
+#   #when:
diff --git a/Ansible/roles/yaim/tasks/siteinfo.yml b/Ansible/roles/yaim/tasks/siteinfo.yml
@@ -28,6 +28,21 @@
     - yaim
     - yaimfiles
 
+- name: Copy services files needed for ARGUS
+  template:
+    src: opt/glite/yaim/etc/siteinfo/services/glite-argus_server.j2
+    dest: "/opt/glite/yaim/etc/{{ site_name }}/siteinfo/services/glite-argus_server"
+    owner: root
+    group: root
+    mode: 0644
+  when: emi_service == "ARGUS_server"
+  notify:
+    - run yaim
+  tags:
+    - yaim
+    - yaimfiles
+    - CE
+
 - name: Create wn-list.conf file
   template:
     src: opt/glite/yaim/etc/siteinfo/wn-list.conf.j2

diff --git a/Ansible/roles/yaim/templates/opt/glite/yaim/etc/siteinfo/services/glite-argus_server.j2 b/Ansible/roles/yaim/templates/opt/glite/yaim/etc/siteinfo/services/glite-argus_server.j2
@@ -0,0 +1,47 @@
+##############################################################################
+# Copyright (c) Members of the EGEE Collaboration. 2004.
+# See http://www.eu-egee.org/partners/ for details on the copyright
+# holders.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS
+# OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+##############################################################################
+#
+# NAME :        glite-argus-server
+#
+# DESCRIPTION : This configuration file contains the list of variables needed
+#               to configure the Authorization Framework.
+#
+# AUTHORS :     [email protected]
+#               [email protected]
+#
+# NOTES :
+#
+# YAIM MODULE:  glite-yaim-argus-server
+#
+##############################################################################
+
+##########################
+# ARGUS general variable #
+##########################
+
+# Fully qualified hostname of the host where the Argus service is installed
+# Should be groups['argus-servers'][0]['ansible_fqdn']
+ARGUS_HOST=argus.c4.csir.co.za
+
+#########################
+# PAP related variables #
+#########################
+
+# User certificate DN of the user that will be the PAP administrator and use the pap-admin command
+PAP_ADMIN_DN="{{pap_admin_dn}}"
diff --git a/Ansible/roles/yaim/templates/opt/glite/yaim/etc/siteinfo/site-info.def.j2 b/Ansible/roles/yaim/templates/opt/glite/yaim/etc/siteinfo/site-info.def.j2
@@ -135,7 +135,7 @@ SITE_LONG={{ site_longitude }}
 
 # Set USE_ARGUS to yes to enable the configuration of ARGUS
 USE_ARGUS={{ argus_status | default(true) }}
-PAP_ADMIN_DN={{ pap_admin_dn }}
+PAP_ADMIN_DN="{{ pap_admin_dn }}"
 # In case ARGUS is to be used the following should be set
 # The ARGUS service PEPD endpoints as a space separated list:
 # ARGUS_PEPD_ENDPOINTS="http://pepd.example.org:8154/authz"