Grid

This is an Ansible role designed to set up grid repositories, certificates, and VOMS definitions for WLCG/LCG sites.

The role was inspired by the Ansible Role UMD created by the EGI Foundation.

Requirements

• EL6/7
• EPEL

Role Variables

Here are the available variables and their default values (see defaults/main.yml):

• grid_enable_repo: true

  • This enables the grid repository, including YUM priorities.

• grid_umd_version: 4

  • This specifies the UMD version of the repository, likely version 4.

• grid_umd_exclude: []

  • A list of packages to exclude from updates or installations.

• grid_umd_includepkgs: []

  • A list of packages that you want to use only from the UMD repository.

• grid_enable_certificates: true | false | 'cvmfs'

  • This enables grid certificates. Choosing 'cvmfs' uses certificates from the CVMFS repository (grid.cern.ch).

• grid_ca_polices_pkgs:

  • - ca-policy-egi-core
  • - ca-policy-lcg
  • RPMs of CA policies to be installed.

• grid_fetchcrl_options: []

  • Options for fetchcrl can be provided as a hash. For example, you can set options like timeout, logging mode, etc.

• grid_vos: []

  • List of Virtual Organizations (VOs) to configure, details come from the EGI Operation Portal.

• grid_voinfo_url:

  • http://cclavoisier01.in2p3.fr:8080/lavoisier/voVoms?accept=json
  • URL to get information on the VOs.

• grid_install_voms_client: false

  • If set to true, it installs VOMS client packages, although these are usually not needed as they are requested by other installations.

• grid_voms_client_pkgs:

  • - voms-clients-cpp
  • - voms-clients-java
  • These are the VOMS client packages to install.

• grid_host_certificate: {}

  • Install a host certificate. It's provided as a hash:
    • cert: path to the host certificate
    • key: path to the private host key (secured with ansible-vault).

• grid_dummy_host_certificate: false | true | 'caonly'

  • This installs an insecure dummy host certificate for CI purposes. Only 'caonly' configures the CA.

• grid_dummy_ca:

  • Contains Dummy CA information distributed with the role.

Example Playbook

Configuring a server without CVMFS:

- hosts: servers
  roles:
    - name: hephyvienna.grid
      vars:
        grid_vos:
          - cms
          - alice
          - belle
        grid_host_certificate:
          cert: server.crt
          key: server.key
    - name: hephyvienna.argus

Configuring a worker node with CVMFS:

- hosts: workers
  roles:
    - name: hephyvienna.grid
      vars:
        grid_vos:
          - cms
          - alice
          - belle
        grid_enable_certificates: cvmfs
    - role: hephyvienna.cvmfs
    - role: hephyvienna.grid_worker
      vars:
        grid_worker_role: wn

License

MIT

Author Information

Written by Dietrich Liko in May 2019

From the Institute for High Energy Physics at the Austrian Academy of Sciences