grid

grid Build Status Ansible Role

Ansible role for installation of grid repositories, certificates and voms definitions for WLCG/LCG site.

Inspired by the Ansible Role UMD by EGI-Foundation.

Requirements

  • EL6/7
  • EPEL

Role Variables

Available variables are listed below, along with default values (see defaults/main.yml):

grid_enable_repo: true

Set up the grid repository including yum priorties.

grid_umd_version: 4

UMD version of the repository. Its most likely 4.

grid_umd_exclude: []

List of packages to exclude from updates or installs.

grid_umd_includepkgs: []

List of packages you want to only use from the UMD repository.

grid_enable_certificates: true | false | 'cvmfs'

Enable grid certificates. 'cvmfs' implies the usage of certificates from the CVMFS repositoru grid.cern.ch

grid_ca_polices_pkgs:
  - ca-policy-egi-core
  - ca-policy-lcg

RPMs of CA polices to be installed

grid_fetchcrl_options: []

Options for fetchcrl are passed as a hash. Following keys are possible.

  • agingtolerance: 24
  • nosymlinks: true
  • nowarnings: true
  • noerrors: false
  • http_proxy:
  • httptimeout: 30
  • parallelism: 4
  • logmode: syslog

Details for the parameters see Nikhef Wiki

grid_vos: []

A list of Virtual Organisations (VOs) to be configured. The detail of the configuration is taken from the EGI Operation Portal

grid_voinfo_url: http://cclavoisier01.in2p3.fr:8080/lavoisier/voVoms?accept=json

URL to retrieve the information on the VOs. Updating the VO Info is performed offline and the new info has to be added to the repository,

grid_install_voms_client: false

Install VOMS client packages. Usually not required, as packages will be requested by other installations

grid_voms_client_pkgs:
  - voms-clients-cpp
  - voms-clients-java

VOMS client packages to be installed.

grid_host_certificate: {}

Install host certificate. The certificates is provided as hash

  • cert: path to host certificate

  • key: path to private host key. It should be secured with ansible-vault

    grid_dummy_host_certificate: false | true | 'caonly'

Install an insecure dummy host certificate for CI. If 'caonly' is requested only the CA will be configured. Not to be used in production

grid_dummy_ca:
  cert: DummyCA.crt
  key: DummyCA.key
  hash: be034f91

Dummy CA distributed with the role.

Example Playbook

Configuration for a server without CVMFS

- hosts: servers
  roles:
    - name: hephyvienna.grid
      vars:
        grid_vos:
          - cms
          - alice
          - belle
        grid_host_certificate:
          cert: server.crt
          key: server.key
    - name: hephyvienna.argus

Configuration for a worker node with CVMFS

- hosts: workers
  roles:
    - name: hephyvienna.grid
      vars:
        grid_vos:
          - cms
          - alice
          - belle
        grid_enable_certificates: cvmfs
    - role: hephyvienna.cvmfs
    - role: hephyvienna.grid_worker
      vars:
        grid_worker_role: wn

License

MIT

Author Information

Written by Dietrich Liko in May 2019

Institute for High Energy Physics of the Austrian Academy of Sciences

About

Common installation of repositories, certificates and voms for WLCG/LCG site.

Install
ansible-galaxy install geonmo/ansible-role-grid
GitHub repository
License
other
Downloads
194
Owner