diff --git a/Ansible/argus.yml b/Ansible/argus.yml index 5be25c4..e81e07b 100644 --- a/Ansible/argus.yml +++ b/Ansible/argus.yml @@ -22,6 +22,12 @@ - argus-pepd - argus-pap - argus-pdp + +# These final tasks are not idempotent - one should use lineinfile - name: Add Central Banning become: true - command: pap-admin add-pap --public centralbanning lcg-argus.cern.ch "/DC=ch/DC=cern/OU=computers/CN=argus.cern.ch" + command: pap-admin add-pap --public centralbanning lcg-argus.cern.ch '/DC=ch/DC=cern/OU=computers/CN=argus.cern.ch' + + - name: add EGI ACE + become: true + command: pap-admin add-ace 'CN=srv-111.afroditi.hellasgrid.gr, OU=afroditi.hellasgrid.gr,O=HellasGrid, C=GR' 'POLICY_READ_LOCAL|POLICY_READ_REMOTE|CONFIGURATION_READ' diff --git a/Ansible/group_vars/argus-servers.yml b/Ansible/group_vars/argus-servers.yml index d9f74b2..1e45fb8 100644 --- a/Ansible/group_vars/argus-servers.yml +++ b/Ansible/group_vars/argus-servers.yml @@ -1,6 +1,5 @@ -argus_host: use_argus: TRUE -pap_admin_dn: /DC=org/DC=acme/CN=John Doe +pap_admin_dn: /C=IT/O=INFN/OU=Personal Certificate/L=ZA-MERAKA/CN=Bruce Becker # CONFIG_PAP # CONFIG_PDP # CONFIG_PEP diff --git a/Ansible/roles/argus/tasks/configure.yml b/Ansible/roles/argus/tasks/configure.yml index 0c9e839..9d0eec8 100644 --- a/Ansible/roles/argus/tasks/configure.yml +++ b/Ansible/roles/argus/tasks/configure.yml @@ -6,7 +6,7 @@ src: etc/argus/pap/pap_configuration.ini dest: /etc/argus/pap/pap_configuration.ini -- name: restart pap - become: true - command: pap-admin refresh-cache - #when: +# - name: restart pap +# become: true +# command: pap-admin refresh-cache +# #when: diff --git a/Ansible/roles/yaim/tasks/siteinfo.yml b/Ansible/roles/yaim/tasks/siteinfo.yml index 68f793d..9ceaefe 100644 --- a/Ansible/roles/yaim/tasks/siteinfo.yml +++ b/Ansible/roles/yaim/tasks/siteinfo.yml @@ -28,6 +28,21 @@ - yaim - yaimfiles +- name: Copy services files needed for ARGUS + template: + src: opt/glite/yaim/etc/siteinfo/services/glite-argus_server.j2 + dest: "/opt/glite/yaim/etc/{{ site_name }}/siteinfo/services/glite-argus_server" + owner: root + group: root + mode: 0644 + when: emi_service == "ARGUS_server" + notify: + - run yaim + tags: + - yaim + - yaimfiles + - CE + - name: Create wn-list.conf file template: src: opt/glite/yaim/etc/siteinfo/wn-list.conf.j2 diff --git a/Ansible/roles/yaim/templates/opt/glite/yaim/etc/siteinfo/services/glite-argus_server.j2 b/Ansible/roles/yaim/templates/opt/glite/yaim/etc/siteinfo/services/glite-argus_server.j2 new file mode 100644 index 0000000..288cbda --- /dev/null +++ b/Ansible/roles/yaim/templates/opt/glite/yaim/etc/siteinfo/services/glite-argus_server.j2 @@ -0,0 +1,47 @@ +############################################################################## +# Copyright (c) Members of the EGEE Collaboration. 2004. +# See http://www.eu-egee.org/partners/ for details on the copyright +# holders. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS +# OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +############################################################################## +# +# NAME : glite-argus-server +# +# DESCRIPTION : This configuration file contains the list of variables needed +# to configure the Authorization Framework. +# +# AUTHORS : Maria.Alandes.Pradillo@cern.ch +# valery.tschopp@switch.ch +# +# NOTES : +# +# YAIM MODULE: glite-yaim-argus-server +# +############################################################################## + +########################## +# ARGUS general variable # +########################## + +# Fully qualified hostname of the host where the Argus service is installed +# Should be groups['argus-servers'][0]['ansible_fqdn'] +ARGUS_HOST=argus.c4.csir.co.za + +######################### +# PAP related variables # +######################### + +# User certificate DN of the user that will be the PAP administrator and use the pap-admin command +PAP_ADMIN_DN="{{pap_admin_dn}}" diff --git a/Ansible/roles/yaim/templates/opt/glite/yaim/etc/siteinfo/site-info.def.j2 b/Ansible/roles/yaim/templates/opt/glite/yaim/etc/siteinfo/site-info.def.j2 index fb25aa1..9c49755 100644 --- a/Ansible/roles/yaim/templates/opt/glite/yaim/etc/siteinfo/site-info.def.j2 +++ b/Ansible/roles/yaim/templates/opt/glite/yaim/etc/siteinfo/site-info.def.j2 @@ -135,7 +135,7 @@ SITE_LONG={{ site_longitude }} # Set USE_ARGUS to yes to enable the configuration of ARGUS USE_ARGUS={{ argus_status | default(true) }} -PAP_ADMIN_DN={{ pap_admin_dn }} +PAP_ADMIN_DN="{{ pap_admin_dn }}" # In case ARGUS is to be used the following should be set # The ARGUS service PEPD endpoints as a space separated list: # ARGUS_PEPD_ENDPOINTS="http://pepd.example.org:8154/authz"