rug-cit-hpc · pneerincx · Sep 2, 2022 · Aug 1, 2022 · Aug 1, 2022 · Aug 5, 2022
diff --git a/group_vars/irods.yml b/group_vars/irods.yml
@@ -7,28 +7,30 @@ firewall_allowed_tcp_ports:                 # list of open ports on iCAT server
   - "5432"  # PostgreSQL
   - "20000:20199"  # irods
 
-ir_version: '-4.2.11*'                  # if defined (empty): version will be installed (must start with '-' and end with '*')
+ir_version: '-4.3.0*'                  # if defined (empty): version will be installed (must start with '-' and end with '*')
+                                       # first install v4.2.11 and then upgrade to 4.3.0
 ir_server_type: 'icat'                  # iRODS Server Type
 ir_client_server_policy: 'CS_NEG_REQUIRE'  # communicating using SSL (CS_NEG_REQUIRE) or without (CS_NEG_REFUSE
 
 ir_ssl_certificate_chain_file: 'nemi_irods/localhost_and_chain_umcg-icat01.crt' # iRODS server certificate
 ir_ssl_certificate_key_file: 'nemi_irods/localhost-umcg01.key' # iRODS server certificate's key
 ir_ssl_dh_params_file: 'dhparams.pem'   # DHparam filename 
 
-ir_zone: 'nlumcg'                       # default main iRODS zone name
-ir_local_res: 'rootResc'                # local iRODS resource
-ir_vault_path: '/var/lib/irods/Vault'   # default path to store files for local resource
-ir_default_res: 'surfObjStore'          # default resource iRODS uploads to
-ir_service_account: 'irods'             # linux account under which iRODS runs
+ir_service_account: 'irods'             # iRODS linux account under which iRODS runs
+ir_service_account_home: '/home/{{ ir_service_account }}' # iRODS service account user's home folder
 ir_admin_name: 'rods'                   # iRODS (and zone) account
+ir_admin_pwd: '{{ icatV_admin_pwd }}'  # iRODS Vaulte main administrator password
 ir_admin_home_path: '/{{ ir_zone }}/home/{{ ir_admin_name }}' # iRODS admin's home path
-ir_db_user: '{{ ir_service_account }}'  # db Username, usually same as irods_service_account
-ir_db_server: '{{ icat_db_server }}'    # iRODS Database Server
-ir_db_name: 'ICAT'                      # iRODS Database Name
-ir_negotiation_key: '{{ icat_negotiation_key }}'
-ir_ctrl_plane_key: '{{ icat_ctrl_plane_key }}'
-ir_zone_key: '{{ icat_zone_key }}'
-ir_salt: '{{ icat_salt }}'              # iRODS salt
+ir_db_user: '{{ icatV_db_user }}'       # iRODS Vaulted database username
+ir_db_pwd: '{{ icatV_db_pwd }}'         # iRODS Vaulted database password
+ir_salt: '{{ icatV_salt }}'             # iRODS Vaulted salt
+ir_zone: 'nlumcg'                       # iRODS default main iRODS zone name
+ir_zone_key: '{{ icatV_zone_key }}'     # iRODS Vaulted zone key 
+ir_negotiation_key: '{{ icatV_negotiation_key }}' # iRODS Vaulted negotiation key
+ir_ctrl_plane_key: '{{ icatV_ctrl_plane_key }}' # iRODS Vaulted control plane key
+ir_local_res: 'rootResc'                # iRODS local iRODS resource
+ir_vault_path: '/var/lib/irods/Vault'   # iRODS default path to store files for local resource
+ir_default_res: 'surfObjStore'          # iRODS default resource iRODS uploads to
 
 davrods_install: true                   # to install davrods docker
 davrods_docker_folder: 'davrods_docker' # davrods docker folder name, relative to the user home directory

diff --git a/group_vars/nibbler_cluster/secrets.yml b/group_vars/nibbler_cluster/secrets.yml
diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml
@@ -3,18 +3,26 @@
   ansible.builtin.yum:
     name:
       - docker
-      - python2-pip
+      - python3-pip
       - docker-compose
     state: latest
     update_cache: true
   become: true
 
-- name: Upgrade pip to latest version that still supports Python 2.7
-  ansible.builtin.command: pip install pip==20.3.4
+# - name: Upgrade pip to latest version
+#   ansible.builtin.command: pip3 install -U pip
+#   become: true
+- name: Upgrade pip3 to latest version
+  ansible.builtin.pip:
+    name: pip
+    state: latest
+    executable: pip3
   become: true
 
-- name: Install docker-py (supported by python 2.7)
+- name: Install docker-py (supported by python 3)
   ansible.builtin.pip:
-    name: docker==4.4.4
+    name: docker
+    executable: pip3
   become: true
-...
+
+...
diff --git a/roles/irods/README.md b/roles/irods/README.md
@@ -3,6 +3,20 @@
  - preconfigured irods repository
  - and administrative privileges on the machine
 
+# Variable naming
+
+`ir_` are all the variables that are used within this playbook
+
+`icatV_` are the variables that are saved in the **Vault**, and can be accessed when
+ individual `ir_` variable is mapped to the appropriate `icatV_` variable.
+
+Mapping is done with one of following files:
+   1. `static_inventory/[clustername].yml`
+   2. `group/irods.yml`
+   3. `roles/irods/defaults/main.yml`
+
+When the playbook deployed, the variables are over written, 1. will have priority over 2.
+
 # About the iRODS and PostgreSQL database
 
 Role sets up the iRODS iCAT server and (optionally) a local PostgreSQL database.