Merge pull request #322 from brucellino/master

Fixing minor issues with ARGUS role. WIP
AAROC · May 11, 2016 · a0be67f · a0be67f
2 parents db1a8c2 + 555391b
commit a0be67f
Show file tree

Hide file tree

Showing 9 changed files with 94 additions and 35 deletions.
diff --git a/Ansible/argus.yml b/Ansible/argus.yml
@@ -22,3 +22,6 @@
         - argus-pepd
         - argus-pap
         - argus-pdp
+    - name: Add Central Banning
+      become: true
+      command: pap-admin add-pap --public centralbanning lcg-argus.cern.ch "/DC=ch/DC=cern/OU=computers/CN=argus.cern.ch"
diff --git a/Ansible/inventories/inventory.za-meraka b/Ansible/inventories/inventory.za-meraka
@@ -61,7 +61,7 @@ apel-server.c4.csir.co.za needs_certificate='true'
 [voms-servers]
 voms-stage.c4.csir.co.za needs_certificate='true'
 [argus-servers]
-argus.c4.csir.co.za emi_service='ARGUS' yaim_options='-n ARGUS_server' needs_certificate='true'
+argus.c4.csir.co.za emi_service='ARGUS_server' yaim_options='-n ARGUS_server' needs_certificate='true' needs_mysql="true"
 [perun]
 perun.c4.csir.co.za
 [CA]

diff --git a/Ansible/roles/argus/files/etc/argus/pap/pap_configuration.ini b/Ansible/roles/argus/files/etc/argus/pap/pap_configuration.ini
@@ -0,0 +1,15 @@
+# See http://wiki.nikhef.nl/grid/Argus_Global_Banning_Setup_Overview#NGI_Argus
+[paps]
+centralbanning.type = remote
+centralbanning.enabled = true
+centralbanning.dn = /DC=ch/DC=cern/OU=computers/CN=argus.cern.ch
+centralbanning.hostname = lcg-argus.cern.ch
+centralbanning.port = 8150
+centralbanning.path = /pap/services/
+centralbanning.protocol = https
+centralbanning.public = true
+
+[paps:properties]
+poll_interval = 3600 # polling time in seconds.
+ordering = centralbanning
+ordering = default
diff --git a/Ansible/roles/argus/tasks/configure.yml b/Ansible/roles/argus/tasks/configure.yml
@@ -0,0 +1,12 @@
+---
+# ARGUS NGI configuration
+- name: put the central banning config file in place
+  become: true
+  copy:
+    src: etc/argus/pap/pap_configuration.ini
+    dest: /etc/argus/pap/pap_configuration.ini
+
+- name: restart pap
+  become: true
+  command: pap-admin refresh-cache
+  #when:
diff --git a/Ansible/roles/argus/tasks/install.yml b/Ansible/roles/argus/tasks/install.yml
@@ -1,3 +1,21 @@
+- name: install prerequisites
+  yum:
+    name: "{{ item }}"
+    state: present
+  with_items:
+    - fetch-crl
+    - perl-Crypt-SSLeay
+  tags:
+    - fetch-crl
+    - install
+
+- name: Update CRL
+  command: fetch-crl
+  tags:
+    - fetch-crl
+  ignore_errors: true
+# fetch-crl will complain about some CRLs and report "ERROR", which Ansible recognises as a failure, so we just never fail this task
+
 - name: Install ARGUS metapackage
   yum:
     name: emi-argus

diff --git a/Ansible/roles/argus/tasks/main.yml b/Ansible/roles/argus/tasks/main.yml
@@ -1,2 +1,3 @@
 - include: install.yml
+- include: configure.yml
 #- include: firewall.yml
diff --git a/Ansible/roles/certificates/files/etc/grid-security/hostcert.pem-argus.c4.csir.co.za b/Ansible/roles/certificates/files/etc/grid-security/hostcert.pem-argus.c4.csir.co.za
@@ -1,26 +1,26 @@
 -----BEGIN CERTIFICATE-----
-MIIEcjCCA1qgAwIBAgICeUAwDQYJKoZIhvcNAQELBQAwLjELMAkGA1UEBhMCSVQx
-DTALBgNVBAoTBElORk4xEDAOBgNVBAMTB0lORk4gQ0EwHhcNMTQwODA4MTIzODE4
-WhcNMTUwODA4MTIzODE4WjBdMQswCQYDVQQGEwJJVDENMAsGA1UEChMESU5GTjEN
-MAsGA1UECxMESG9zdDESMBAGA1UEBxMJWkEtTUVSQUtBMRwwGgYDVQQDExNhcmd1
-cy5jNC5jc2lyLmNvLnphMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
-7dSMtIovuMNZNEcdRM/1W51578B4Glvznih/c15OOQxmBtvnkHgbJIN2BSoNeOAL
-JlinRzZum6cwp7b8ozxlKJ7ink52Xc/rSlYmYrgpgHRu5ktlAlB5mj5So3uVhDNi
-+mYIw2nTSDiCJIRQQZAQXCaTypbgHcSOKQSNNuY7bl+6wvV3gPYCQozm1HNAsp6Q
-BKjcJvvA/1MqZT5FIray7KljcHCxDpgPM/kaUISxxEalYmtx6BLK711SBcMpse+n
-gg0dYgySuWyPDouTDo8aoqDkDkb6etWiDM/OGvHjlVSpLQB4WI6MmzoLjcliXUA3
-vKnbzG/Gbmg6c2/Lh/dkzwIDAQABo4IBaTCCAWUwDAYDVR0TAQH/BAIwADAOBgNV
-HQ8BAf8EBAMCBaAwNAYDVR0lBC0wKwYIKwYBBQUHAwEGCCsGAQUFBwMCBgorBgEE
-AYI3CgMDBglghkgBhvhCBAEwPQYDVR0fBDYwNDAyoDCgLoYsaHR0cDovL3NlY3Vy
-aXR5LmZpLmluZm4uaXQvQ0EvSU5GTkNBX2NybC5kZXIwJQYDVR0gBB4wHDAMBgor
-BgEEAdEjCgEHMAwGCiqGSIb3TAUCAgEwHQYDVR0OBBYEFOp9Aooo5cJ70rBX2YM3
-fd65yGL7MFYGA1UdIwRPME2AFNFi87N3csgu+/J5Gm83TiefE9UgoTKkMDAuMQsw
-CQYDVQQGEwJJVDENMAsGA1UEChMESU5GTjEQMA4GA1UEAxMHSU5GTiBDQYIBADAy
-BgNVHREEKzApghNhcmd1cy5jNC5jc2lyLmNvLnphgRJiYmVja2VyQGNzaXIuY28u
-emEwDQYJKoZIhvcNAQELBQADggEBAMWDJP7dy03t6IbZcTBbnsd6qd7cwL6LH3YW
-5I083Fgw6kNp02aewzJbL/azLJge4ogy6riJZjaI4YMdzJywMSt+KVxpAbbYfs5V
-IPu0TKHZjp9wDDZuFElg1jG1R4EQSeO56yVB+DcHTtLikDBzKaRG4UO/00doZKjt
-6vbUyQfxQPIpI2t92cbtasQ5JjuBLfxXHvOVP9fH7HhApHXo3pMUrPMgLGoSwJru
-hNshccRgHte+vv6bqZLkL/7E3f+ceh0mpoIYrmaD51ag/87VqW3kLcKP5zqgJIyT
-tTRLfC92Rg+/awt785AYNNOCJWkS2xaORcFxMC+o/VnIvVchcq4=
------END CERTIFICATE-----
+MIIEczCCA1ugAwIBAgIDAIOLMA0GCSqGSIb3DQEBCwUAMC4xCzAJBgNVBAYTAklU
+MQ0wCwYDVQQKEwRJTkZOMRAwDgYDVQQDEwdJTkZOIENBMB4XDTE1MDcyMDEyMzY0
+MloXDTE2MDcxOTEyMzY0MlowXTELMAkGA1UEBhMCSVQxDTALBgNVBAoTBElORk4x
+DTALBgNVBAsTBEhvc3QxEjAQBgNVBAcTCVpBLU1FUkFLQTEcMBoGA1UEAxMTYXJn
+dXMuYzQuY3Npci5jby56YTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
+ALuQ4n6z+MTxOEGLU9Brqx7H6rBISm5ytNmWM75w3oHQQltFc4IS8HIDSZcIcDgK
+/vb8xfjB68me5PT47PlCYh5sOCkZ6p0o6CTI118wY4WD+xEFFeOXY+MF8HnXb/DI
+B7knmC5yXCnFlZUTZo326FTXDf3DWZ5n08hEa6e78IpR4ZOZomM/A8OuAqPpPHyN
+p+woYgWs0sgrg8EtIB4/ffA06nXO0PDABC0hQldqPMjY60zhbCEK7LYFatNBeaLr
+wThA0eV9cZe61cJPtwFBO25M8FgD+NLSr/zgBTFWDvrGaeuott0xTiGm781HwYXn
+9TRjr+9aD2AXdCUF2apKLBMCAwEAAaOCAWkwggFlMAwGA1UdEwEB/wQCMAAwDgYD
+VR0PAQH/BAQDAgWgMDQGA1UdJQQtMCsGCCsGAQUFBwMBBggrBgEFBQcDAgYKKwYB
+BAGCNwoDAwYJYIZIAYb4QgQBMD0GA1UdHwQ2MDQwMqAwoC6GLGh0dHA6Ly9zZWN1
+cml0eS5maS5pbmZuLml0L0NBL0lORk5DQV9jcmwuZGVyMCUGA1UdIAQeMBwwDAYK
+KwYBBAHRIwoBBzAMBgoqhkiG90wFAgIBMB0GA1UdDgQWBBQwPV/cNgcA0U1Z6rJk
+FdkYdlqfRTBWBgNVHSMETzBNgBTRYvOzd3LILvvyeRpvN04nnxPVIKEypDAwLjEL
+MAkGA1UEBhMCSVQxDTALBgNVBAoTBElORk4xEDAOBgNVBAMTB0lORk4gQ0GCAQAw
+MgYDVR0RBCswKYITYXJndXMuYzQuY3Npci5jby56YYESYmJlY2tlckBjc2lyLmNv
+LnphMA0GCSqGSIb3DQEBCwUAA4IBAQCCl5se3S3x52TFokUC0in7UDAlwOCAU6W2
+P0YupLvcMsHnmsiVNO7NEtuiiZARltP189+u8G4ZqT8BUPS+mdtBzf5on8QzeFvR
+UhadGZtB3M904F/Qv6F7lsDyHQi7GOnzbpD7buT/XWGHuSGBquIV5ALDYgbDLHke
+h8oU2rrUrcr85SyNBnevNu5QpuIHDf+yoAL4ThxZTMR3J7JcfUzHoJ3SK/N1bLtG
+p6fTYAqSM8J0FonCYh3scsop+Ywhf7FKvtd2NAw0HO5fs9AfvGVfJDoyioH2JmxY
+TCBXADP8mWgdeGWpEEhIi+maRRuhhLnOzYEdMKYcR0vTIj/lmFYc
+-----END CERTIFICATE-----
diff --git a/Ansible/roles/common/handlers/main.yml b/Ansible/roles/common/handlers/main.yml
@@ -1,19 +1,25 @@
 ---
 - name: restart ntpd
+  become: true
   service:
     name: ntpd
     state: restarted
 
-# - name: restart iptables
-#   service: name=iptables state=restarted
-#   when: ansible_os_family == 'RedHat'
+- name: restart iptables
+  become: true
+  service:
+    name: iptables
+    state: restarted
+  when: ansible_os_family == 'RedHat'
 
 - name: update yum
+  become: true
   yum:
     name: "*"
     state: latest
 
 - name: restart sshd
+  become: true
   service:
     name: sshd
     state: restarted
diff --git a/Ansible/roles/top-bdii/handlers/main.yml b/Ansible/roles/top-bdii/handlers/main.yml
@@ -1,7 +1,11 @@
 ---
-#- name: restart ntpd
-  #service: name=ntpd state=restarted
-  #sudo: yes
-#- name: restart iptables
-  #sudo: yes
-  #service: name=iptables state=restarted
+- name: restart ntpd
+  become: true
+  service:
+    name: ntpd
+    state: restarted
+- name: restart iptables
+  become: true
+  service:
+    name: iptables
+    state: restarted