Merge pull request #12 from AAROC/dev

merge dev into master

config/handlers/bootstrap.yml

@@ -0,0 +1,6 @@
+- name: reboot
+  command: /sbin/reboot
+- name: updatedb
+  action: command updatedb
+- name: restart ssh
+  service: name=sshd state=restarted

config/handlers/network.yml

@@ -1,5 +1,4 @@
 - name: restart iptables
-  action: save iptables
   action: command 'service iptables save'
   action: command 'service ip6tables save'
   action: service name=iptables state=restarted

config/playbooks/bootstrap.yml

@@ -13,22 +13,15 @@
 --- 
 - hosts: bootstrap
   remote_user: root
-  #ask_pass: true
   tasks:
-    - name: test connection
-      ping:
     - name: create ansible user
       user: name=ansible comment="ansible user created by bootstrap playbook" generate_ssh_key=yes groups=wheel
-    - name: Install prerequisite packages- selinux, python bindings, mlocate
+    - name: Install prerequisite packages- selinux, python bindings
       yum: name={{ item }} state=present
       with_items: 
         - python-simplejson
-        - lokkit 
         - libselinux-python
-        - mlocate
         - iptables
-      notify: 
-        - updatedb
       notify: 
         - restart iptables
     - name: include (only) my rsa key in authorized_keys
@@ -38,10 +31,12 @@
     - name: disable SELinux
       selinux: state=disabled
 # at this point, we have to reboot
-      notify:
-        - reboot
+      notify: reboot
       async: 60
       poll: 15
+    - name: disallow root login
+      action: lineinfile dest="/etc/ssh/sshd_config" line="PermitRootLogin no" state=present
+      notify: restart ssh
 #  - include: task/prep.yml       
 # other things to include in here
 # 1. ensure that dns servers are inserted properly

config/playbooks/preflight-check.yml

@@ -5,21 +5,7 @@
   sudo: true
   sudo_user: root
   tasks:
-    - name: check ansible user login
-      command: sudo echo hi
-      register: sudo_output
-      ignore_errors: True
-    - name: save iptables
-      action: command /etc/init.d/iptables save
-    - name: save ip6tables
-      action: command /etc/init.d/ip6tables save 
-    - name: start iptables
-      action: command service iptables start
-    - name: ensure that 5099 is open for accelerate
-      # changing this to use iptables directly
-# this should be put into a template      action: shell {{ iptables }} {{ iptables_vars }}
-      action: shell /sbin/iptables -A INPUT -i eth0 -p tcp --dport 5099 -j ACCEPT
-      notify: restart iptables
+    - 
     - name: ensure that python-keyczar is enabled
       yum: name=python-keyczar state=latest
   vars_files:

config/playbooks/repos-dev.yml

@@ -1,8 +1,8 @@
-- hosts: site-services-dev
+- hosts: bootstrap
   user: ansible
   sudo: True
   sudo_user: root
-  accelerate: true
+  accelerate: False
   tasks:
     - include: tasks/cas/repo.yml 
     - include: tasks/epel/repo.yml

config/tasks/nfs/server.yml

@@ -1,7 +1,15 @@
-o- name: Install nfs-utils package
+- name: Install nfs-utils package
   yum: name=nfs-utils state=latest
+  tags:
+    - install
+    - nfs
 - name: Enable rpcbind service on nfs server
   action: service name=rpcbind enabled=yes state=started
   when: ansible_lsb.major_release != '5'
+  tags:
+    - nfs
+
 - name: Enable nfs service on server
-  service: name=nfs enabled=yes state=restarted
+  service: name=nfs enabled=yes state=started
+  tags:
+    - nfs

config/tasks/umd/repo.yml

@@ -1,5 +1,5 @@
 - name: Download umd release package
-  action: get_url url={{ umd_release_url[ansible_distribution_release] }} dest=/tmp/umd.rpm mode=0644
+  action: get_url url={{ umd_release_url.{{ ansible_distribution_release}}  }} dest=/tmp/umd.rpm mode=0644
 - name: Install umd release package
   action: command yum install -y {{ yum_flags }} /tmp/umd.rpm creates=/etc/yum.repos.d/UMD-{{ umd_major_release }}-base.repo  
 

config/vars/distros/CentOS-6.2.yml

@@ -0,0 +1,9 @@
+---
+yum_flags: " "
+lokkit_flags: " "
+iptables: /sbin/iptables
+# we should use a template here
+iptables_vars: "-A INPUT -i eth0 -p tcp --dport 5099 -j ACCEPT" 
+# change following line to point to an EPEL mirror closeby to your region
+epel_release_url: http://fedora.mirror.ac.za/epel/6/x86_64/
+epel_release_name: epel-release-6-8.noarch.rpm

cream-ces.yml

@@ -0,0 +1,52 @@
+---
+- hosts: cream-ces
+  user: ansible
+  vars_files: 
+    - roles/common/vars/distros/{{ ansible_distribution }}-{{ ansible_distribution_version }}.yml
+    # need to have every bloody combination of the vars files because facter doesn't report
+    # facts consistently.
+    - roles/common/vars/middleware/igtf.yml
+  roles:
+  - common
+  - certificates
+  - umd3
+  - cream-ce
+  - munge
+  - yaim    
+  post_tasks:
+    - name: fix qmgr queues 1
+      sudo: true
+      action: raw /usr/bin/qmgr -c "unset queue {{ item.name }} {{ resources_max.cput }}"
+      with_items: qmgr_queues
+      notify:
+      - restart pbs_server
+
+    - name: fix qmgr queues 2
+      sudo: true
+      action: raw /usr/bin/qmgr -c "set queue {{ item.name }} resources_max.walltime = {{ item.max_wall_time }}"
+      with_items: qmgr_queues
+      notify:
+        - restart pbs_server
+
+    - name: fix qmgr queues 3
+      action: raw /usr/bin/qmgr -c "set queue {{ item.name }} resources_default.walltime = {{ item.max_wall_time }}"
+      sudo: true
+      with_items: 
+        - qmgr_queues
+      notify:
+        - restart pbs_server
+
+    - name: fix Proxy_to_sandbox_dir
+      sudo: true
+      action: copy src=config/files/usr/bin/glite-cream-copyProxyToSandboxDir.sh dest=/usr/bin/glite-cream-copyProxyToSandboxDir.sh owner=root  group=root mode=755
+
+    - name: restart munge
+      sudo: true
+      service: name=munge state=restarted
+
+    - name: restart exportfs
+      action: shell sudo -i exportfs -r
+      sudo: true
+    - name: restart pbs_server
+      sudo: true
+      action: service name=pbs_server state=restarted enabled=yes  

dirac.yml

@@ -0,0 +1,13 @@
+---
+- hosts: dirac
+  user: ansible
+  sudo: true
+  sudo_user: root
+  roles:
+    - bootstrap
+    - common
+    - certificates
+    - dirac
+  vars_files:
+    - roles/common/vars/distros/{{ ansible_distribution }}-{{ ansible_distribution_version }}.yml
+    - roles/common/vars/middleware/igtf.yml

fts.yml

@@ -0,0 +1,12 @@
+---
+- hosts: fts
+  sudo: true
+  sudo_user: root
+  roles:
+    - bootstrap
+    - common
+    - certificates
+    - fts
+  vars_files:
+    - roles/common/vars/distros/{{ ansible_distribution }}-{{ ansible_distribution_version }}.yml
+    - roles/common/vars/middleware/igtf.yml

group_vars/grid-cluster

@@ -1,4 +1,14 @@
 ---
+# generic variables
+# networking ports
+accelerate_port: 5099
+bdii_port: 2170
+
+igtf_repo_url: 'http://repository.egi.eu/sw/production/cas/1/current/RPMS'
+igtf_release_name: ca-policy-egi-core
+igtf_release_version: 1.55-1
+
+# YAIM variables
 vos:
   - dteam
   - ops
@@ -11,7 +21,7 @@ queues:
   - cert
   - sagrid
   - enmr.eu
-
+  
 
 # use the site name as registered in GOCDB (use the same case)
 site_name: grid-cluster

group_vars/kenet-grid-cluster

@@ -0,0 +1,109 @@
+---
+# generic variables
+# networking ports
+accelerate_port: 5099
+bdii_port: 2170
+yaim_path: /opt/glite/yaim/
+yaim_conf_dir: /opt/glite/yaim/etc/{{ site_name }}/siteinfo
+
+igtf_repo_url: 'http://repository.egi.eu/sw/production/cas/1/current/RPMS'
+igtf_release_name: ca-policy-egi-core
+igtf_release_version: 1.55-1
+
+# YAIM variables
+vos:
+  - dteam
+  - ops
+  - sagrid
+  - enmr.eu
+  - eumed
+  - africacert
+queues:
+  - dteam
+  - cert
+  - sagrid
+  - enmr.eu
+
+
+# use the site name as registered in GOCDB (use the same case)
+site_name: KE-UONBI-01
+site_email: [email protected]
+site_security_email: [email protected]
+site_support_email: [email protected]
+site_latitude: -1.280027
+site_longitude: 36.815983
+site_description: "KENET dev site at University of Nairobi"
+site_other_grid: AfricaArabia
+site_bdii_host: bdii.kenet.or.ke
+site_location: "Nairobi, Kenya"
+site_website: http://www.kenet.or.ke
+argus_status: no
+mysql_pass: a_damn_good_password
+domain: kenet.or.ke
+ce_host: headnode.kenet.or.ke
+
+# Replace the following specs with your own
+ce_cpu_model: Opteron
+ce_cpu_vendor: AMD
+ce_cpu_speed: 2200
+ce_os: CentOS
+ce_os_release: 5.8
+ce_os_version: Final
+ce_os_arch: x86_64
+ce_minphysmem: 2048
+ce_minvirtmem: 6144
+ce_physcpu: 128
+ce_logcpu: 128
+ce_smpsize: 64
+ce_si00: 2105
+ce_sf00: 2601
+ce_outboundip: "TRUE"
+ce_inboundip: "FALSE"
+ce_runtimeenv:
+  - TAG1
+  - TAG2
+ce_otherdescr: Cores=1.0,Benchmark=8.42-HEP-SPEC06
+batch_server: headnode.kenet.or.ke
+job_manager: lcgpbs
+ce_batch_sys: torque
+batch_log_dir: /var/torque
+batch_version: torque-2.5.7
+apel_db_password: set_this_to_a_good_password
+wms_host: wms01.localdomain
+px_host: myproxy01.localdomain
+
+# vars for service: emi_dpm_mysql
+dpm_host: se01.localdomain
+dpmmgr: { uid: 400, gid: 4000 }
+dpm_filesystems: "sitename_dpm:$DPM_HOST:/storage"
+dpm_db:   { user: dpmmgr,  pass: one_more_password }
+dpm_info: { user: dpminfo, pass: yet_another_password }
+
+# vars for service: emi_lfc_mysql
+lfc_host: lfc01.localdomain
+
+# vars for service: BDII_site
+bdii_regions:
+- name: SBDII
+  endpoint: ldap://bdii.kenet.or.ke:2170/mds-vo-name=resource,o=grid
+- name: CREAM
+  endpoint: ldap://headnode.kenet.or.ke:2170/mds-vo-name=resource,o=grid
+- name: SE
+  endpoint: ldap://se01.localdomain:2170/mds-vo-name=resource,o=grid
+- name: LFC
+  endpoint: ldap://lfc01.localdomain:2170/mds-vo-name=resource,o=grid
+- name: PX
+  endpoint: ldap://myproxy01.localdomain:2170/mds-vo-name=resource,o=grid
+
+se_list:
+  - se01.localdomain
+
+se_mount_info_list: none
+se_gridftp_logfile: /var/log/dpm-gsiftp/dpm-gsiftp.log
+
+bdii_host: bdii.core.hellasgrid.gr
+
+apel_mysql_host: apel01.localdomain
+
+sandboxdir_on_ce: /var/cream_sandbox
+sandboxdir_on_wn: /cream_sandbox

group_vars/nagios-servers

@@ -1,24 +1,24 @@
 ---
-
 #Nagios related
-nagios_host: nagios-dev.c4.csir.co.za
-nagios_nsca_pass: password
+nagios_host: nagios.c4.csir.co.za
+nagios_nsca_pass: redacted
 ncg_backup_instance: "true"
 
 #MySQL related
-mysql_pass: password
-db_pass_r: password
-db_pass_w: password
+mysql_pass: redacted
+db_pass_r: redacted
+db_pass_w: redacted
 
 is_nagios: 1
 
-bdii_host: bdii.core.hellasgrid.gr
+#bdii_host: bdii.core.hellasgrid.gr
+bdii_host: bdii.c4.csir.co.za
 px_host: myproxy.cern.ch
 wms_host: wms.c4.csir.co.za
 
 nagios_admin_dns:
-  - put_your_cert_dn_here
-ncg_nagios_admin: your_email
+  - /C=IT/O=INFN/OU=Personal Certificate/L=ZA-MERAKA/CN=Bruce Becker
+ncg_nagios_admin: [email protected]
 
 ncg_vo: ops
 
@@ -39,15 +39,15 @@ nagios_ncg_enable_config: "true"
 nagios_nagios_enable_config: "true"
 nagios_cgi_enable_config: "true"
 
-nagios_myproxy_name: "NagiosRetrieve-<put_the_hostname>"
+nagios_myproxy_name: "NagiosRetrieve-nagios.c4.csir.co.za"
 
 #NCG_TOPOLOGY
 ncg_topology_use_ldap: "false"
 ncg_topology_use_gocdb: "false"
 ncg_remote_use_sam: "false"
 ncg_remote_use_nagios: "false"
 ncg_topology_use_atp: "true"
-ncg_gocdb_roc_name: NGI_ZA
+ncg_gocdb_roc_name: AfricaArabia
 
 #ATP variable in order to support transparent migration of SAM to CNRS
 atp_root_url: http://mon.egi.eu/atp
@@ -58,5 +58,5 @@ poem_sync_urls: http://mon.egi.eu/poem/api/0.1/json/
 #MyEGI
 myegi_admin_name: Bruce Becker
 myegi_default_profile: ROC
-myegi_admin_email: your_email
-myegi_region: NGI_ZA
+myegi_admin_email: [email protected]
+myegi_region: AfricaArabia

group_vars/umd3

@@ -0,0 +1,4 @@
+umd_major_release: 3
+umd: 
+  5: http://repository.egi.eu/sw/production/umd/3/sl5/x86_64/base/umd-release-3.0.0-1.el5.noarch.rpm
+  6: http://repository.egi.eu/sw/production/umd/3/sl6/x86_64/base/umd-release-3.0.0-1.el6.noarch.rpm