diff --git a/hieradata/node/rucio01.ls.lsst.org.yaml b/hieradata/node/rucio01.ls.lsst.org.yaml new file mode 100644 index 0000000000..0ee401acee --- /dev/null +++ b/hieradata/node/rucio01.ls.lsst.org.yaml @@ -0,0 +1,26 @@ +--- +nm::connections: + ens192: + content: + connection: + id: "ens192" + uuid: "fa2c1b82-c58c-3411-bdca-b701a08e2cc0" + type: "ethernet" + interface-name: "ens192" + ethernet: {} + ipv4: + method: "auto" + ipv6: + method: "disabled" + proxy: {} + +nfs::client_enabled: true +nfs::client_mounts: + /repo/LATISS: + share: "/auxtel/repo/LATISS" + server: "nfs-auxtel.ls.lsst.org" + atboot: true + /datasets: + share: "/lsstdata" + server: "nfs-lsstdata.ls.lsst.org" + atboot: true diff --git a/hieradata/role/rucio.yaml b/hieradata/role/rucio.yaml index 06881a4d04..ba9c9ac1cc 100644 --- a/hieradata/role/rucio.yaml +++ b/hieradata/role/rucio.yaml @@ -1,12 +1,20 @@ --- classes: - "profile::core::common" - - "profile::core::debugutils" + - "profile::core::firewall" + - "profile::core::nfsclient" - "profile::core::rucio" - - "python" -python::version: "python36" -python::pip: "present" -python::dev: "present" -python::virtualenv: "present" -profile::core::common::manage_firewall: false +profile::core::firewall::firewall: + "254 accept incoming on port 1094 from SLAC subnet": + proto: "tcp" + state: "NEW" + dport: "1094" + source: "134.79.23.0/24" + jump: "accept" + "255 accept outgoing on port 1094 to SLAC subnet": + proto: "tcp" + state: "NEW" + sport: "1094" + destination: "134.79.23.0/24" + jump: "accept" diff --git a/site/profile/manifests/core/rucio.pp b/site/profile/manifests/core/rucio.pp index 843e70f3ab..1e5e7e4153 100644 --- a/site/profile/manifests/core/rucio.pp +++ b/site/profile/manifests/core/rucio.pp @@ -1,63 +1,38 @@ # @summary # Install required rucio packages # -class profile::core::rucio () { - include profile::core::letsencrypt - - # Host FQDN - $fqdn = fact('networking.fqdn') - - # Define XRootD Path - $xrootd_path = '/opt/xrootd' - - # Define Yum Packages - $yum_packages = [ - 'gcc-c++', - 'cmake3', - 'krb5-devel', - 'libuuid-devel', - 'libxml2-devel', - 'openssl-devel', - 'systemd-devel', - 'zlib-devel', - 'devtoolset-7', - 'xrootd', - 'voms', - ] - - # Define PIP Packages - $pip_packages = [ - 'wheel', - 'cryptography', - 'rucio', - ] - - # Signed Certificate Location - $le_root = "/etc/letsencrypt/live/${fqdn}" - - # Generate and sign certificate - letsencrypt::certonly { $fqdn: - plugin => 'dns-route53', - manage_cron => true, +class profile::core::rucio { + yumrepo { 'xrootd-stable': + descr => 'XRootD Stable Repository', + baseurl => 'https://xrootd.web.cern.ch/repo/stable/el$releasever/$basearch', + skip_if_unavailable => 'true', + gpgcheck => '1', + gpgkey => 'https://xrootd.web.cern.ch/repo/RPM-GPG-KEY.txt', + enabled => '1', + target => '/etc/yum.repo.d/xrootd.repo', } - - # Copy the certificates into /etc/grid-security - -> cron::monthly { 'update_cert': - command => "/bin/rsync -a --copy-links --chown=xrootd:xrootd ${le_root}/cert.pem ${le_root}/chain.pem ${le_root}/fullchain.pem ${le_root}/privkey.pem /etc/grid-security/ /dev/null 2>&1", - user => 'root', - hour => 0, - minute => 0, - date => 1, + -> package { 'xrootd': + ensure => 'installed', } - - # Install Pip3 Packages - package { $pip_packages: - ensure => 'present', - provider => 'pip3', + file { [ + '/lib/systemd/system/xrootd@.service', + '/lib/systemd/system/cmsd@.service', + ]: + ensure => file, + mode => '0644', + owner => 'saluser', + group => 'saluser', } - # Install Yum Packages - package { $yum_packages: - ensure => 'present', + file { [ + '/etc/xrootd', + '/var/log/xrootd', + '/var/run/xrootd', + '/var/spool/xrootd', + ]: + ensure => directory, + mode => '0644', + owner => 'saluser', + group => 'saluser', } } diff --git a/spec/classes/core/rucio_spec.rb b/spec/classes/core/rucio_spec.rb new file mode 100644 index 0000000000..f7a22e865d --- /dev/null +++ b/spec/classes/core/rucio_spec.rb @@ -0,0 +1,49 @@ +# frozen_string_literal: true + +require 'spec_helper' + +describe 'profile::core::rucio' do + on_supported_os.each do |os, os_facts| + next unless os =~ %r{almalinux-9-x86_64} + + context "on #{os}" do + let(:facts) { os_facts } + + it { is_expected.to compile.with_all_deps } + + it do + is_expected.to contain_yumrepo('xrootd-stable').with( + descr: 'XRootD Stable Repository', + baseurl: 'https://xrootd.web.cern.ch/repo/stable/el$releasever/$basearch', + skip_if_unavailable: 'true', + gpgcheck: '1', + gpgkey: 'https://xrootd.web.cern.ch/repo/RPM-GPG-KEY.txt', + enabled: '1', + target: '/etc/yum.repo.d/xrootd.repo' + ) + end + + ['/lib/systemd/system/xrootd@.service', '/lib/systemd/system/cmsd@.service'].each do |path| + it do + is_expected.to contain_file(path).with( + ensure: 'file', + mode: '0644', + owner: 'saluser', + group: 'saluser' + ) + end + end + + ['/etc/xrootd', '/var/log/xrootd', '/var/run/xrootd', '/var/spool/xrootd'].each do |path| + it do + is_expected.to contain_file(path).with( + ensure: 'directory', + mode: '0644', + owner: 'saluser', + group: 'saluser' + ) + end + end + end + end +end diff --git a/spec/hosts/nodes/rucio01.ls.lsst.org_spec.rb b/spec/hosts/nodes/rucio01.ls.lsst.org_spec.rb new file mode 100644 index 0000000000..3e459c461e --- /dev/null +++ b/spec/hosts/nodes/rucio01.ls.lsst.org_spec.rb @@ -0,0 +1,60 @@ +# frozen_string_literal: true + +require 'spec_helper' + +describe 'rucio01.ls.lsst.org', :sitepp do + on_supported_os.each do |os, os_facts| + next unless os =~ %r{almalinux-9-x86_64} + + context "on #{os}" do + let(:facts) do + lsst_override_facts(os_facts, + is_virtual: false, + virtual: 'vmware', + dmi: { + 'product' => { + 'name' => 'VMware7,1', + }, + }) + end + let(:node_params) do + { + role: 'rucio', + site: 'ls', + } + end + + it { is_expected.to compile.with_all_deps } + + include_context 'with nm interface' + + it { is_expected.to have_nm__connection_resource_count(1) } + + context 'with ens192' do + let(:interface) { 'ens192' } + + it_behaves_like 'nm enabled interface' + it_behaves_like 'nm dhcp interface' + it_behaves_like 'nm ethernet interface' + end + + it { is_expected.to contain_class('nfs').with_client_enabled(true) } + + it do + is_expected.to contain_nfs__client__mount('/repo/LATISS').with( + share: '/auxtel/repo/LATISS', + server: 'nfs-auxtel.ls.lsst.org', + atboot: true + ) + end + + it do + is_expected.to contain_nfs__client__mount('/datasets').with( + share: '/lsstdata', + server: 'nfs-lsstdata.ls.lsst.org', + atboot: true + ) + end + end + end # on os +end # on_supported_os diff --git a/spec/hosts/roles/rucio_spec.rb b/spec/hosts/roles/rucio_spec.rb new file mode 100644 index 0000000000..3e3665cc58 --- /dev/null +++ b/spec/hosts/roles/rucio_spec.rb @@ -0,0 +1,27 @@ +# frozen_string_literal: true + +require 'spec_helper' + +role = 'rucio' + +describe "#{role} role" do + on_supported_os.each do |os, os_facts| + next unless os =~ %r{almalinux-9-x86_64} + + context "on #{os}" do + lsst_sites.each do |site| + describe "#{role}.#{site}.lsst.org", :sitepp do + let(:node_params) do + { + role:, + site:, + } + end + let(:facts) { lsst_override_facts(os_facts) } + + it { is_expected.to compile.with_all_deps } + end # host + end # lsst_sites + end # on os + end # on_supported_os +end # role