Added several new roles and host certificates, as well as files for V…

…O sagrid.ac.za configuration

dirac.yml

@@ -0,0 +1,13 @@
+---
+- hosts: dirac
+  user: ansible
+  sudo: true
+  sudo_user: root
+  roles:
+    - bootstrap
+    - common
+    - certificates
+    - dirac
+  vars_files:
+    - roles/common/vars/distros/{{ ansible_distribution }}-{{ ansible_distribution_version }}.yml
+    - roles/common/vars/middleware/igtf.yml

fts.yml

@@ -0,0 +1,12 @@
+---
+- hosts: fts
+  sudo: true
+  sudo_user: root
+  roles:
+    - bootstrap
+    - common
+    - certificates
+    - fts
+  vars_files:
+    - roles/common/vars/distros/{{ ansible_distribution }}-{{ ansible_distribution_version }}.yml
+    - roles/common/vars/middleware/igtf.yml

roles/certificates/files/etc/grid-security/hostcert.pem-dirac.c4.csir.co.za

@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIID7jCCAtagAwIBAgICd2kwDQYJKoZIhvcNAQEFBQAwLjELMAkGA1UEBhMCSVQx
+DTALBgNVBAoTBElORk4xEDAOBgNVBAMTB0lORk4gQ0EwHhcNMTQwNTE2MTMwNDE3
+WhcNMTUwNTE2MTMwNDE3WjBdMQswCQYDVQQGEwJJVDENMAsGA1UEChMESU5GTjEN
+MAsGA1UECxMESG9zdDESMBAGA1UEBxMJWkEtTUVSQUtBMRwwGgYDVQQDExNkaXJh
+Yy5jNC5jc2lyLmNvLnphMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC1r1rO
+hT1RwY4qltY+aiyoXt+CJ+yoCAaMBDUq2U6F850JN5jOiPyQV/7sy6K2ehg+5HQG
+gLNjNwu4a/Wf1l+9iT7uBndFrt04B4aQehchPDaxvAD3U+dHNaxbitgDB4KR6tWd
+AIdb66YojY0h+iVhVylgTRPWg8SmIfVheh+CjQIDAQABo4IBaTCCAWUwDAYDVR0T
+AQH/BAIwADAOBgNVHQ8BAf8EBAMCBaAwNAYDVR0lBC0wKwYIKwYBBQUHAwEGCCsG
+AQUFBwMCBgorBgEEAYI3CgMDBglghkgBhvhCBAEwPQYDVR0fBDYwNDAyoDCgLoYs
+aHR0cDovL3NlY3VyaXR5LmZpLmluZm4uaXQvQ0EvSU5GTkNBX2NybC5kZXIwJQYD
+VR0gBB4wHDAMBgorBgEEAdEjCgEHMAwGCiqGSIb3TAUCAgEwHQYDVR0OBBYEFCWu
+4tMFfiB00y7tw0tH4O6nEugyMFYGA1UdIwRPME2AFNFi87N3csgu+/J5Gm83Tief
+E9UgoTKkMDAuMQswCQYDVQQGEwJJVDENMAsGA1UEChMESU5GTjEQMA4GA1UEAxMH
+SU5GTiBDQYIBADAyBgNVHREEKzApghNkaXJhYy5jNC5jc2lyLmNvLnphgRJiYmVj
+a2VyQGNzaXIuY28uemEwDQYJKoZIhvcNAQEFBQADggEBAGyJKzuJwWfkM9AyHG1j
+CmRKEKn68pv6coVZYT8JHCR62c423WXBUYZxaoGSzN+z7S8lwmNAhoDXMYjZvV3B
+6PEQNoN5aHX/6eUtqFt/UCLVUZeyXuo33kkoZjBkCrB6rMW2LE1db0ICWTPJJSM7
+pKDEPzM+Ewsj06R7CYBdA1ivjxV5trXKx0Q1UtxxV5+GT7r9QE6+7K1VeBv39K7W
+aEHebJIYXdcWH8WBzG/ZSc9QY4FRl6YaBfgT8BeatzyUYLDx4wRkauxDsOtg3e36
+XE4uGBo+EsDL3PED2BG6yJN1hl+EOsJI7sU4yzkrK0LhLYu6HJajBXWACoJkSRYF
+Pj4=
+-----END CERTIFICATE-----

roles/certificates/files/etc/grid-security/hostcert.pem-fts.c4.csir.co.za

@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIID6jCCAtKgAwIBAgICdx8wDQYJKoZIhvcNAQEFBQAwLjELMAkGA1UEBhMCSVQx
+DTALBgNVBAoTBElORk4xEDAOBgNVBAMTB0lORk4gQ0EwHhcNMTQwNTA2MTQxNzA0
+WhcNMTUwNTA2MTQxNzA0WjBbMQswCQYDVQQGEwJJVDENMAsGA1UEChMESU5GTjEN
+MAsGA1UECxMESG9zdDESMBAGA1UEBxMJWkEtTUVSQUtBMRowGAYDVQQDExFmdHMu
+YzQuY3Npci5jby56YTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAw+H4ssln
+ZCQptlKe5ziJc/1e3ad4C4tjU3dKhZKXLPsMYahgBxzR4E20WhuWi2yjWpa8SvPj
+yF8gQ3+Zen1YuuhspDVP10IUQipGU4SKNBDclao7kv4NCARjKf/QWX2kqhrDQb/5
+QzNznDkye7pIpv/lctf/EwVAYCYRXFKsEt0CAwEAAaOCAWcwggFjMAwGA1UdEwEB
+/wQCMAAwDgYDVR0PAQH/BAQDAgWgMDQGA1UdJQQtMCsGCCsGAQUFBwMBBggrBgEF
+BQcDAgYKKwYBBAGCNwoDAwYJYIZIAYb4QgQBMD0GA1UdHwQ2MDQwMqAwoC6GLGh0
+dHA6Ly9zZWN1cml0eS5maS5pbmZuLml0L0NBL0lORk5DQV9jcmwuZGVyMCUGA1Ud
+IAQeMBwwDAYKKwYBBAHRIwoBBzAMBgoqhkiG90wFAgIBMB0GA1UdDgQWBBS5WlV3
+PrtJm5miNiIMN5l57jP9fjBWBgNVHSMETzBNgBTRYvOzd3LILvvyeRpvN04nnxPV
+IKEypDAwLjELMAkGA1UEBhMCSVQxDTALBgNVBAoTBElORk4xEDAOBgNVBAMTB0lO
+Rk4gQ0GCAQAwMAYDVR0RBCkwJ4IRZnRzLmM0LmNzaXIuY28uemGBEmJiZWNrZXJA
+Y3Npci5jby56YTANBgkqhkiG9w0BAQUFAAOCAQEAOhZgAQy10dnhy3Lcs32u4rtA
+CkSUBiEJxOd7Jw4cyLZOIvYwYp5RgFqljus+kMFdiMMaGl+5gAKzdvIi6Qe4XutT
+XOeBQC2tDSkIhIxFv0Hp9OYW6Ks2wbJsfIdIRHVVLY/5Xp2eS+kQpsCj0Tq6rFAr
+JnksdQ1Ej9N4NGqUvgVyTzneL1/zB4boHTioHtWQ+LhhVTfpI0I/fl75GZxDxjUC
+28JSKKzod/0CRirVgLOvVKFGzSsI9LcSgk0c2Jyldt7pIiblgdMwTxCUFLijtNkw
+3wj+W39y8Ex+fZCRHNwkPYAeuhpdLP862exuUWm8b5qKkKSVPtNhD4ctH/jmIA==
+-----END CERTIFICATE-----

roles/certificates/files/etc/grid-security/hostcert.pem-voms-stage.c4.csir.co.za

@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDZzCCAtCgAwIBAgIBDzANBgkqhkiG9w0BAQUFADBUMQswCQYDVQQGEwJaQTEg
+MB4GA1UEChMXU291dGggQWZyaWNhbiBlLVNjaWVuY2UxIzAhBgNVBAMTGlNvdXRo
+IEFmcmljYW4gZS1TY2llbmNlIENBMB4XDTE0MDQyOTA2MTU0NloXDTE1MDQyOTA2
+MTU0NlowdDELMAkGA1UEBhMCWkExIDAeBgNVBAoTF1NvdXRoIEFmcmljYW4gZS1T
+Y2llbmNlMQ0wCwYDVQQLEwRIb3N0MREwDwYDVQQHEwhQcmV0b3JpYTEhMB8GA1UE
+AxMYdm9tcy1zdGFnZS5jNC5jc2lyLmNvLnphMIGfMA0GCSqGSIb3DQEBAQUAA4GN
+ADCBiQKBgQDAeqWaplQ/+fuWDOTeC0ZYysI6yHZBwbKO6iD/lFR8I6tQqOIYrF2O
+/hWD7ljoPaugwT9qKpM0g4zK6YAXd6sPPmcGSw7nnAg0cVs4hTXYlJhi2kI7CspO
+Vn+Stxf7921yGBF1F6vCZb9UsccERpBnTqvicbfwrPAynDVrZRM9kwIDAQABo4IB
+JzCCASMwDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBLAwPgYDVR0lBDcwNQYI
+KwYBBQUHAwEGCCsGAQUFBwMCBggrBgEFBQcDBAYKKwYBBAGCNwoDAwYJYIZIAYb4
+QgQBMB0GA1UdDgQWBBSMQ83rNuKYMatqQOcuNyEVI0ZjzzCBhAYDVR0jBH0we4AU
+ELklM9JeVyDkzlGqz0Jp/av9ZXyhWKRWMFQxCzAJBgNVBAYTAlpBMSAwHgYDVQQK
+ExdTb3V0aCBBZnJpY2FuIGUtU2NpZW5jZTEjMCEGA1UEAxMaU291dGggQWZyaWNh
+biBlLVNjaWVuY2UgQ0GCCQDJDk33mZqXOTAdBgNVHREEFjAUgRJiYmVja2VyQGNz
+aXIuY28uemEwDQYJKoZIhvcNAQEFBQADgYEAPve9WIlclYpLk0h6U2MXPgSAWq0q
+f75XnoA6cVcoOWqG3WveaeZE76zD6w96l9HJj98k2sYC0VMSeR5+HU3ZU4OKuPr4
+Xz9bSXDrmRkfWje3USjdnci+1I0TsmSdHs3OKoGGictSoEkj35SkEiuBJNlwYsOB
+SowsSp9ezTRuO44=
+-----END CERTIFICATE-----

roles/certificates/files/etc/grid-security/vomsdir/dteam/voms.hellasgrid.gr.lsc

@@ -0,0 +1,2 @@
+/C=GR/O=HellasGrid/OU=hellasgrid.gr/CN=voms.hellasgrid.gr
+/C=GR/O=HellasGrid/OU=Certification Authorities/CN=HellasGrid CA 2006

roles/certificates/files/etc/grid-security/vomsdir/dteam/voms2.hellasgrid.gr.lsc

@@ -0,0 +1,2 @@
+/C=GR/O=HellasGrid/OU=hellasgrid.gr/CN=voms2.hellasgrid.gr
+/C=GR/O=HellasGrid/OU=Certification Authorities/CN=HellasGrid CA 2006

roles/certificates/files/etc/grid-security/vomsdir/ops/lcg-voms.cern.ch.lsc

@@ -0,0 +1,2 @@
+/DC=ch/DC=cern/OU=computers/CN=lcg-voms.cern.ch
+/DC=ch/DC=cern/CN=CERN Trusted Certification Authority

roles/certificates/files/etc/grid-security/vomsdir/ops/voms.cern.ch.lsc

@@ -0,0 +1,2 @@
+/DC=ch/DC=cern/OU=computers/CN=voms.cern.ch
+/DC=ch/DC=cern/CN=CERN Trusted Certification Authority

roles/certificates/files/etc/grid-security/vomsdir/sagrid/voms.sagrid.ac.za.lsc

@@ -0,0 +1,2 @@
+/C=IT/O=INFN/OU=Host/L=ZA-UFS/CN=voms.sagrid.ac.za
+/C=IT/O=INFN/CN=INFN CA

roles/certificates/files/etc/grid-security/vomsdir/voms.sagrid.ac.za.pem

@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIIEEjCCAvqgAwIBAgICcA4wDQYJKoZIhvcNAQEFBQAwLjELMAkGA1UEBhMCSVQx
+DTALBgNVBAoTBElORk4xEDAOBgNVBAMTB0lORk4gQ0EwHhcNMTMxMDIzMTMyMTAz
+WhcNMTQxMDIzMTMyMTAzWjBYMQswCQYDVQQGEwJJVDENMAsGA1UEChMESU5GTjEN
+MAsGA1UECxMESG9zdDEPMA0GA1UEBxMGWkEtVUZTMRowGAYDVQQDExF2b21zLnNh
+Z3JpZC5hYy56YTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAvMlTVTAgkSaH
+vduqRMOdekFn619QqfyjpksmQfKl38k9FfIkuHJzro6oI2NmGVQwykTnclDUm+bQ
+lYIyXujzrqmczXLtNC+D+i2oJhKR5As/cPukPDUIZHrGFoCpAhC0vGKOoRvHcDhv
+FbBnEvMFNZVypuvWnPrecEQkgGGraJMCAwEAAaOCAZIwggGOMAwGA1UdEwEB/wQC
+MAAwDgYDVR0PAQH/BAQDAgWgMDQGA1UdJQQtMCsGCCsGAQUFBwMBBggrBgEFBQcD
+AgYKKwYBBAGCNwoDAwYJYIZIAYb4QgQBMD0GA1UdHwQ2MDQwMqAwoC6GLGh0dHA6
+Ly9zZWN1cml0eS5maS5pbmZuLml0L0NBL0lORk5DQV9jcmwuZGVyMCUGA1UdIAQe
+MBwwDAYKKwYBBAHRIwoBBzAMBgoqhkiG90wFAgIBMB0GA1UdDgQWBBRrRV0ecBYQ
+TrqwjZ+jVlrZaI4YGzBWBgNVHSMETzBNgBTRYvOzd3LILvvyeRpvN04nnxPVIKEy
+pDAwLjELMAkGA1UEBhMCSVQxDTALBgNVBAoTBElORk4xEDAOBgNVBAMTB0lORk4g
+Q0GCAQAwWwYDVR0RBFQwUoIRdm9tcy5zYWdyaWQuYWMuemGCFnZvbXMudmlydC5z
+YWdyaWQuYWMuemGCEnZvbXMyLnNhZ3JpZC5hYy56YYERdmFuZWNrYUB1ZnMuYWMu
+emEwDQYJKoZIhvcNAQEFBQADggEBAIuZxs2jFL8eBMskpsCpE43ZY7AW570Ci9kd
+NfdUz8Kpg1DkQV+kmmWWzwNmTZg8Kx8VHpJe04TT9Cu4Rjo0sQ+4v7QwKSTX4ASU
+jbyLVqz+9sXORh6M0WIjMbSYA2oivuRBNetDZ1SG5rGPvKqM+5uYc8G7eaW6S2q/
+BVDyQWDVKKrSiUXgv7AO8Y3+pp6uJ89YW4UOkGFNKFyWvfCDQKc2W2vzdTZx1gDW
+f4FSVbJS4iK1Hu8egrhkgvC0AcSVkMhhyIqrmUWPSUboYt8c3M4tUWghhpXvXtL8
+Nzwsiqza0RQlIwBkiuj80tHOlPoagB4PGT8XwVxwT8dQt2c0oWw=
+-----END CERTIFICATE-----

roles/common/tasks/host-based-authentication.yml

@@ -0,0 +1,30 @@
+---
+- name: Setup SSH known hosts file
+  action: template dest=/etc/ssh/ssh_known_hosts src=etc/ssh/ssh_known_hosts.j2 owner=root group=root
+  sudo: true
+
+- name: Setup /etc/ssh/shosts.equiv file
+  action: template dest=/etc/ssh/shosts.equiv src=etc/ssh/shosts.equiv.j2 owner=root group=root
+  sudo: true
+
+- name: Setup /root/.shosts file
+  action: template dest=/root/.shosts src=etc/ssh/shosts.equiv.j2 owner=root group=root
+  sudo: true
+
+- name: Setup SSH host based authentication (server configuration file; enable `HostbasedAuthentication` option)
+  action: lineinfile dest=/etc/ssh/sshd_config regexp='HostbasedAuthentication.*' line="HostbasedAuthentication yes"
+  notify: restart sshd
+  sudo: true
+
+- name: Setup SSH host based authentication (server configuration file; disable `IgnoreRhosts` option)
+  action: lineinfile dest=/etc/ssh/sshd_config regexp='IgnoreRhosts.*' line="IgnoreRhosts no"
+  notify: restart sshd
+  sudo: true
+
+- name: Setup SSH host based authentication (client configuration file; enable `HostbasedAuthentication` option)
+  action: lineinfile dest=/etc/ssh/ssh_config regexp='HostbasedAuthentication.*' line="HostbasedAuthentication yes"
+  sudo: true
+
+- name: Setup SSH host based authentication (client configuration file; enable `EnableSSHKeysign` option)
+  action: lineinfile dest=/etc/ssh/ssh_config regexp='EnableSSHKeysign.*' line="EnableSSHKeysign yes"
+  sudo: true

roles/dirac/files/etc/sysconfig/C:\nppdf32Log\debuglog.txt

@@ -0,0 +1,6 @@
+NPP_GetValue is called
+NPP_GetValue is called
+NPP_GetValue is called
+NPP_GetValue is called
+NPP_Initialize : called
+NPP_Initialize : called

roles/dirac/files/install.cfg

@@ -0,0 +1,111 @@
+#
+# This section determines which DIRAC components will be installed and where
+#
+LocalInstallation
+{
+  #
+  #   These are options for the installation of the DIRAC software
+  #
+  #  DIRAC release version (this is an example, you should find out the current
+  #  production release)
+  Release = v6r10p4
+  #  Python version of the installation
+  PythonVersion = 26
+  #  To install the Server version of DIRAC (the default is client)
+  InstallType = server
+  #  LCG python bindings for SEs and LFC. Specify this option only if your installation
+  #  uses those services
+  # LcgVer = 2012-02-20
+  #  If this flag is set to yes, each DIRAC update will be installed
+  #  in a separate directory, not overriding the previous ones
+  UseVersionsDir = yes
+  #  The directory of the DIRAC software installation
+  TargetPath = /opt/dirac
+  #  DIRAC extra modules to be installed (Web is required if you are installing the Portal on
+  #  this server).
+  #  Only modules not defined as default to install in their projects need to be defined here:
+  #   i.e. LHCb, LHCbWeb for LHCb
+  ExtraModules = Web
+
+  #
+  #   These are options for the configuration of the installed DIRAC software
+  #   i.e., to produce the initial dirac.cfg for the server
+  #
+  #  Give a Name to your User Community, it does not need to be the same name as in EGI,
+  #  it can be used to cover more than one VO in the grid sense
+  VirtualOrganization = AAROC
+  #  Site name
+  SiteName = SAGridDirac
+  #  Setup name
+  Setup = MyDIRAC-Production
+  #  Default name of system instances
+  InstanceName = Production
+  #  Flag to skip download of CAs, on the first Server of your installation you need to get CAs
+  #  installed by some external means
+  SkipCADownload = yes
+  #  Flag to use the server certificates
+  UseServerCertificate = yes
+  #  Configuration Server URL (This should point to the URL of at least one valid Configuration
+  #  Service in your installation, for the primary server it should not used )
+  #  ConfigurationServer = dips://myprimaryserver.name:9135/Configuration/Server
+  #  Configuration Name
+  ConfigurationName = MyConfiguration
+
+  #
+  #   These options define the DIRAC components to be installed on "this" DIRAC server.
+  #
+  #
+  #  The next options should only be set for the primary server,
+  #  they properly initialize the configuration data
+  #
+  #  Name of the Admin user (default: None )
+  AdminUserName = becker
+  #  DN of the Admin user certificate (default: None )
+  #  In order the find out the DN that needs to be included in the Configuration for a given
+  #  host or user certificate the following command can be used::
+  #
+  #          openssl x509 -noout -subject -enddate -in <certfile.pem>
+  #
+  AdminUserDN = /C=IT/O=INFN/OU=Personal Certificate/L=ZA-MERAKA/CN=Bruce Becker
+  #  Email of the Admin user (default: None )
+  AdminUserEmail = [email protected]
+  #  Name of the Admin group (default: dirac_admin )
+  AdminGroupName = dirac_admin
+  #  DN of the host certificate (*) (default: None )
+  HostDN = /C=IT/O=INFN/OU=Host/L=ZA-MERAKA/CN=dirac.c4.csir.co.za
+  # Define the Configuration Server as Master for your installations
+  ConfigurationMaster = yes
+
+  #
+  #  The following options define components to be installed
+  #
+  #  Name of the installation host (default: the current host )
+  #  Used to build the URLs the services will publish
+  #  For a test installation you can use 127.0.0.1
+  # Host = dirac.cern.ch
+  Host = dirac.c4.csir.co.za
+  #  List of Services to be installed
+  Services  = Configuration/Server
+  Services += Framework/SystemAdministrator
+  #  Flag determining whether the Web Portal will be installed
+  WebPortal = yes
+  #
+  #  The following options defined the MySQL DB connectivity
+  #
+  Database
+  {
+    #  User name used to connect the DB server
+    User = Dirac # default value
+    #  Password for database user acess. Must be set for SystemAdministrator Service to work
+    Password = dirac
+    #  Password for root DB user. Must be set for SystemAdministrator Service to work
+    RootPwd = dirac
+    #  location of DB server. Must be set for SystemAdministrator Service to work
+    Host = localhost # default
+    #  There are 2 flags for small and large installations Set either of them to True/yes when appropriated
+    # MySQLSmallMem:        Configure a MySQL with small memory requirements for testing purposes
+    #                       innodb_buffer_pool_size=200MB
+    # MySQLLargeMem:        Configure a MySQL with high memory requirements for production purposes
+    #                       innodb_buffer_pool_size=10000MB
+  }
+}

roles/dirac/files/install_site.sh

@@ -0,0 +1,65 @@
+#!/bin/bash
+###############################################################
+#
+#
+#
+###############################################################
+#
+function usage {
+  echo Usage:
+  echo "    install_site.sh [Options] ... CFG_file"
+  echo 
+  echo "CFG_file - is the name of the installation configuration file which contains"
+  echo "           all the instructions for the DIRAC installation. See DIRAC Administrator "
+  echo "           Guide for the details"        
+  echo "Options:"
+  echo "    -d, --debug    debug mode"
+  echo "    -h, --help     print this"
+  exit 1
+}
+
+
+while [ $1 ]
+do
+  case $1 in
+
+  -h | --help )
+    usage
+    exit
+  ;;
+  -d | --debug )
+    DEBUG='-o LogLevel=DEBUG' 
+# -v | --version )
+#    switch=$1
+#    shift
+#    [ $1 ] || error_exit "Switch $switch requires a argument"
+#    DIRACVERSION=$1
+  ;;
+  * )
+    installCfg=$1
+  ;;
+
+  esac
+  shift
+done
+
+if [ -z "$installCfg" ]; then
+  usage
+  exit 1
+fi
+
+# Get the latest version of dirac-install
+#
+#wget -O dirac-install 'http://svnweb.cern.ch/guest/dirac/DIRAC/trunk/DIRAC/Core/scripts/dirac-install.py' | exit
+wget --no-check-certificate -O dirac-install 'https://github.com/DIRACGrid/DIRAC/raw/integration/Core/scripts/dirac-install.py' || exit
+#
+# define the target Dir
+#
+installDir=`grep TargetPath $installCfg | grep -v '#' | cut -d '=' -f 2 | sed -e 's/ //g'`
+#
+mkdir -p $installDir || exit
+#
+python dirac-install -t server $installCfg
+source $installDir/bashrc
+dirac-configure $installCfg $DEBUG 
+dirac-setup-site $DEBUG

roles/dirac/tasks/dirac.yml

@@ -0,0 +1,23 @@
+- name: add dirac group
+  group: name=dirac state=present
+
+- name: add dirac user
+  user: name=dirac comment='Dirac generic user' shell=/bin/bash group=dirac state=present
+
+- name: the installation directory
+  file: path=/opt/dirac state=directory owner=dirac group=dirac
+
+- name: create the dirac installation directory
+  file: path=/home/dirac/DIRAC state=directory
+
+- name: download the installation script
+  copy: src={{ item }} dest=/home/dirac/DIRAC/{{ item }}install_site.sh
+  with_items: 
+    - install_site.sh
+    - install.cfg
+  tags:
+    - dirac
+    - installation
+
+
+

roles/dirac/tasks/dirac.yml~

@@ -0,0 +1,8 @@
+- name: add dirac user
+  user: name=dirac comment='Dirac generic user' shell=/bin/bash group=dirac
+
+- create the installation directory
+  file: path=/opt/dirac state=directory owner=dirac group=dirac
+
+
+