Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

iRODS: v2 (remote pgsql, tiering, bugfixes, variables and new certificate) #580

Merged
merged 30 commits into from
Jul 19, 2022
Merged

iRODS: v2 (remote pgsql, tiering, bugfixes, variables and new certificate) #580

Show file tree
Hide file tree
Changes from 28 commits
Commits
Show all changes
30 commits
Select commit Hold shift + click to select a range
e471268
iRODS: bigger update
scimerman May 16, 2022
966da2d
irods: split sql's, added icat_pre.yml, created tiering.sh
scimerman May 23, 2022
7f19d31
irods: added 1247 port again
scimerman May 23, 2022
4f72aff
irods: firewall fix
scimerman May 23, 2022
8f0fe91
irods: back to 4096 key
scimerman May 23, 2022
e560a90
iRODS: added tiering, split into multiple, yaml files, shortened vari…
scimerman May 30, 2022
478f42c
iRODS: add tiering tiering playbook and rule, new certificate and key
scimerman May 30, 2022
2df9382
iRODS: remove tiering script
scimerman May 30, 2022
5541c19
iRODS: removed old davrods lines
scimerman May 30, 2022
b5d9690
iRODS: typo fix
scimerman May 30, 2022
0a25a1e
Merge branch 'develop' into irods_remote_psql
pneerincx Jun 8, 2022
adb15e6
Merge branch 'develop' into irods_remote_psql
pneerincx Jun 9, 2022
78a9fec
Update roles/irods/README.md
scimerman Jun 13, 2022
4686678
Update roles/irods/README.md
scimerman Jun 13, 2022
7c61a60
Update roles/irods/tasks/pgsql_local.yml
scimerman Jun 13, 2022
2fe4cb7
Update roles/irods/templates/database_connect.py
scimerman Jun 13, 2022
701ad3c
Update roles/irods/tasks/tiering.yml
scimerman Jun 13, 2022
a5d36a1
Update roles/irods/handlers/main.yml
scimerman Jun 13, 2022
a72faf0
Update roles/irods/README.md
scimerman Jun 13, 2022
87123ce
Update roles/irods/README.md
scimerman Jun 13, 2022
8e7d8e9
iRODS: resolved PR comments (mostly changed paths)
scimerman Jun 13, 2022
2f19211
iRODS: PR additional fixes
scimerman Jun 13, 2022
570d5f3
Merge branch 'develop' into irods_remote_psql
pneerincx Jun 14, 2022
cf053af
iRODS: versioning and SSL enforcing variable
scimerman Jun 15, 2022
19afbf8
iRODS: ir_client_server_policy
scimerman Jun 15, 2022
3a7ac3d
iRODS: tiering update (rename groups and config file names)
scimerman Jul 18, 2022
374cc83
irods: uncommented test comments
scimerman Jul 18, 2022
039c347
irods: davrods ServerName comment move
scimerman Jul 18, 2022
de5638b
Merge branch 'develop' into irods_remote_psql
scimerman Jul 19, 2022
b19d4cd
irods: indentation fix
scimerman Jul 19, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion files/nibbler_cluster/nemi_irods/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -74,7 +74,7 @@ Extra

2. Three keys
They are configured in /etc/irods/server_config.json
1. one_key
1. zone_key
2. 32byte_negotiation_key
3. 32byte_ctrl_plane_key
Can be shared using www.onetimesecret.com with colleagues from SURFsara.
Expand Down
336 changes: 168 additions & 168 deletions files/nibbler_cluster/nemi_irods/localhost-umcg01.key
View file
Open in desktop

Large diffs are not rendered by default.

595 changes: 143 additions & 452 deletions files/nibbler_cluster/nemi_irods/localhost_and_chain_umcg-icat01.crt
View file
Open in desktop

Large diffs are not rendered by default.

34 changes: 34 additions & 0 deletions files/nibbler_cluster/nemi_irods/remote_psql_server_ca.crt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
-----BEGIN CERTIFICATE-----
MIIF3jCCA8agAwIBAgIQAf1tMPyjylGoG7xkDjUDLTANBgkqhkiG9w0BAQwFADCB
iDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0pl
cnNleSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNV
BAMTJVVTRVJUcnVzdCBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTAw
MjAxMDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBiDELMAkGA1UEBhMCVVMxEzARBgNV
BAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNleSBDaXR5MR4wHAYDVQQKExVU
aGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNVBAMTJVVTRVJUcnVzdCBSU0EgQ2Vy
dGlmaWNhdGlvbiBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK
AoICAQCAEmUXNg7D2wiz0KxXDXbtzSfTTK1Qg2HiqiBNCS1kCdzOiZ/MPans9s/B
3PHTsdZ7NygRK0faOca8Ohm0X6a9fZ2jY0K2dvKpOyuR+OJv0OwWIJAJPuLodMkY
tJHUYmTbf6MG8YgYapAiPLz+E/CHFHv25B+O1ORRxhFnRghRy4YUVD+8M/5+bJz/
Fp0YvVGONaanZshyZ9shZrHUm3gDwFA66Mzw3LyeTP6vBZY1H1dat//O+T23LLb2
VN3I5xI6Ta5MirdcmrS3ID3KfyI0rn47aGYBROcBTkZTmzNg95S+UzeQc0PzMsNT
79uq/nROacdrjGCT3sTHDN/hMq7MkztReJVni+49Vv4M0GkPGw/zJSZrM233bkf6
c0Plfg6lZrEpfDKEY1WJxA3Bk1QwGROs0303p+tdOmw1XNtB1xLaqUkL39iAigmT
Yo61Zs8liM2EuLE/pDkP2QKe6xJMlXzzawWpXhaDzLhn4ugTncxbgtNMs+1b/97l
c6wjOy0AvzVVdAlJ2ElYGn+SNuZRkg7zJn0cTRe8yexDJtC/QV9AqURE9JnnV4ee
UB9XVKg+/XRjL7FQZQnmWEIuQxpMtPAlR1n6BB6T1CZGSlCBst6+eLf8ZxXhyVeE
Hg9j1uliutZfVS7qXMYoCAQlObgOK6nyTJccBz8NUvXt7y+CDwIDAQABo0IwQDAd
BgNVHQ4EFgQUU3m/WqorSs9UgOHYm8Cd8rIDZsswDgYDVR0PAQH/BAQDAgEGMA8G
A1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEMBQADggIBAFzUfA3P9wF9QZllDHPF
Up/L+M+ZBn8b2kMVn54CVVeWFPFSPCeHlCjtHzoBN6J2/FNQwISbxmtOuowhT6KO
VWKR82kV2LyI48SqC/3vqOlLVSoGIG1VeCkZ7l8wXEskEVX/JJpuXior7gtNn3/3
ATiUFJVDBwn7YKnuHKsSjKCaXqeYalltiz8I+8jRRa8YFWSQEg9zKC7F4iRO/Fjs
8PRF/iKz6y+O0tlFYQXBl2+odnKPi4w2r78NBc5xjeambx9spnFixdjQg3IM8WcR
iQycE0xyNN+81XHfqnHd4blsjDwSXWXavVcStkNr/+XeTWYRUc+ZruwXtuhxkYze
Sf7dNXGiFSeUHM9h4ya7b6NnJSFd5t0dCy5oGzuCr+yDZ4XUmFF0sbmZgIn/f3gZ
XHlKYC6SQK5MNyosycdiyA5d9zZbyuAlJQG03RoHnHcAP9Dc1ew91Pq7P8yF1m9/
qS3fuQL39ZeatTXaw2ewh0qpKJ4jjv9cJ2vhsE/zB+4ALtRZh8tSQZXq9EfX7mRB
VXyNWQKV3WKdwrnuWih0hKWbt5DHDAff9Yk2dDLWKMGwsAvgnEzDHNb842m1R0aB
L6KCq9NjRHDEjf8tM7qtj3u1cIiuPhnPQCjY/MiQu12ZIvVS5ljFH4gxQ+6IHdfG
jjxDah2nGN59PRbxYvnKkKj9
-----END CERTIFICATE-----
54 changes: 37 additions & 17 deletions group_vars/irods.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,23 +3,43 @@ firewall_allowed_tcp_ports: # list of open ports on iCAT server
- "22" # SSH.
- "443" # davrods SSL
- "1247" # irods
- "1248" # Control Plane Port
- "5432" # PostgreSQL
- "20000:20199" # irods
irods_ssl_certificate_chain_file: "localhost_and_chain_umcg-icat01.crt"
irods_ssl_certificate_key_file: "localhost-umcg01.key"
irods_ssl_dh_params_file: "dhparams.pem"
irods_zone: 'nlumcg' # default main iRODS zone name
irods_local_resource: 'rootResc' # local iRODS resource
irods_vault_path: '/var/lib/irods/Vault' # default path to store files for local resource
irods_default_resource: 'surfObjStore' # default resource iRODS uploads to
irods_service_account: 'irods' # linux account under which iRODS runs
irods_admin_name: 'rods' # iRODS (and zone) account
irods_admin_home_path: '/nlumcg/home/rods' # iRODS admin's home path
server_type: 'icat' # iRODS Server Type
irods_db_user: '{{ irods_service_account }}' # db Username, usually same as irods_service_account
irods_db_server: '127.0.0.1' # iRODS Database Server
irods_db_name: 'ICAT' # iRODS Database Name
davrods_install: true # to install davrods docker
davrods_docker_folder: "davrods_docker" # davrods docker folder name, relative to the user home directory
davrods_default_resource: "surfObjStore" # default resource to upload files via davrods

ir_version: '-4.2.11*' # if defined (empty): version will be installed (must start with '-' and end with '*')
ir_server_type: 'icat' # iRODS Server Type
ir_client_server_policy: 'CS_NEG_REQUIRE' # communicating using SSL (CS_NEG_REQUIRE) or without (CS_NEG_REFUSE

ir_ssl_certificate_chain_file: 'nemi_irods/localhost_and_chain_umcg-icat01.crt' # iRODS server certificate
ir_ssl_certificate_key_file: 'nemi_irods/localhost-umcg01.key' # iRODS server certificate's key
ir_ssl_dh_params_file: 'dhparams.pem' # DHparam filename

ir_zone: 'nlumcg' # default main iRODS zone name
ir_local_res: 'rootResc' # local iRODS resource
ir_vault_path: '/var/lib/irods/Vault' # default path to store files for local resource
ir_default_res: 'surfObjStore' # default resource iRODS uploads to
ir_service_account: 'irods' # linux account under which iRODS runs
ir_admin_name: 'rods' # iRODS (and zone) account
ir_admin_home_path: '/{{ ir_zone }}/home/{{ ir_admin_name }}' # iRODS admin's home path
ir_db_user: '{{ ir_service_account }}' # db Username, usually same as irods_service_account
ir_db_server: '{{ icat_db_server }}' # iRODS Database Server
ir_db_name: 'ICAT' # iRODS Database Name
ir_negotiation_key: '{{ icat_negotiation_key }}'
ir_ctrl_plane_key: '{{ icat_ctrl_plane_key }}'
ir_zone_key: '{{ icat_zone_key }}'
ir_salt: '{{ icat_salt }}' # iRODS salt

davrods_install: true # to install davrods docker
davrods_docker_folder: 'davrods_docker' # davrods docker folder name, relative to the user home directory
davrods_default_resource: '{{ ir_default_res }}' # default resource to upload files via davrods

tiering_install: False # True / False
ir_local_stage_res: 'demoRescStaging' # Staging resource, before data moved to permanent resource
ir_local_stage_res_fol: '/tmp/irods/{{ ir_local_stage_res }}' # optional, only if it is local resource
ir_local_perm_res: 'demoRescPerm' # Permanent resource, where it will keep data indefinitely
ir_local_perm_res_fol: '/tmp/irods/{{ ir_local_perm_res }}' # optional, only if it is local resource

pgsql_server: "local" # "local" or "remote" PostgreSQL server
remote_psql_server_ca: "nemi_irods/remote_psql_server_ca.crt" # (optional) remote servers's CA certificate
...
Loading