From adbf3d940b48ccc2a2c51edb1bf4538eb71074f5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Harri=20J=C3=A4=C3=A4linoja?= Date: Thu, 22 Sep 2016 15:42:11 +0300 Subject: [PATCH 01/25] add packages needed for selinux setup --- ansible/roles/omero-web-runtime/tasks/main.yml | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/ansible/roles/omero-web-runtime/tasks/main.yml b/ansible/roles/omero-web-runtime/tasks/main.yml index 3ba16e672..fbd888c11 100644 --- a/ansible/roles/omero-web-runtime/tasks/main.yml +++ b/ansible/roles/omero-web-runtime/tasks/main.yml @@ -48,8 +48,12 @@ - name: omero | install selinux utilities become: yes yum: - name: libselinux-python + name: "{{ item }}" state: present + with_items: + - libselinux-python + - libsemanage-python + - policycoreutils-python when: omero_selinux_setup - name: omero web | selinux booleans @@ -71,4 +75,4 @@ proto: tcp setype: http_port_t state: present - when: omero_selinux_setup \ No newline at end of file + when: omero_selinux_setup From fc1756ae7fb8ea9a10e22b1d21e978537ef71573 Mon Sep 17 00:00:00 2001 From: Simon Li Date: Fri, 23 Sep 2016 16:41:43 +0100 Subject: [PATCH 02/25] Add {{ idr_environment }} as prefix to idr host groups --- ansible/Vagrantfile | 8 ++++---- ansible/idr-playbooks/idr-omero.yml | 13 +++++-------- 2 files changed, 9 insertions(+), 12 deletions(-) diff --git a/ansible/Vagrantfile b/ansible/Vagrantfile index b89dc4581..8a9e40de7 100644 --- a/ansible/Vagrantfile +++ b/ansible/Vagrantfile @@ -63,10 +63,10 @@ Vagrant.configure(2) do |config| ansible.playbook = "idr-playbooks/idr-omero.yml" ansible.limit = "idr" ansible.groups = { - "database-hosts" => ["idr-database"], - "omero-hosts" => ["idr-omero"], - "proxy-hosts" => ["idr-gateway"], - "idr:children" => ["database-hosts", "omero-hosts", "proxy-hosts"], + "idr-database-hosts" => ["idr-database"], + "idr-omero-hosts" => ["idr-omero"], + "idr-proxy-hosts" => ["idr-gateway"], + "idr:children" => ["idr-database-hosts", "idr-omero-hosts", "idr-proxy-hosts"], "idr:vars" => { # Vagrant uses eth0 for NAT, eth1 for private guest network "idr_net_iface" => "eth1", diff --git a/ansible/idr-playbooks/idr-omero.yml b/ansible/idr-playbooks/idr-omero.yml index f4aca3fbb..a9c2ce3cd 100644 --- a/ansible/idr-playbooks/idr-omero.yml +++ b/ansible/idr-playbooks/idr-omero.yml @@ -12,8 +12,7 @@ # - `idr_net_iface=iface` if your servers use a network interface other # then eth0 for inter-machine networking - -- hosts: database-hosts +- hosts: "{{ idr_environment | default('idr') }}-database-hosts" roles: - role: postgresql @@ -29,7 +28,7 @@ postgresql_server_chown_datadir: True -- hosts: omero-hosts +- hosts: "{{ idr_environment | default('idr') }}-omero-hosts" pre_tasks: @@ -44,8 +43,7 @@ become: yes - set_fact: - # omero_db_host_ansible: "{{ hostvars[groups['database-hosts'][0]]['ansible_ssh_host'] | default(hostvars[groups['database-hosts'][0]]['ansible_host']) }}" - # omero_db_host_ansible: "{{ hostvars[groups['database-hosts'][0]]['ansible_' + (idr_net_iface | default('eth0'))]['ipv4']['address']}}" + omero_db_host_ansible: "{{ hostvars[groups[idr_environment | default('idr') + '-database-hosts'][0]]['ansible_' + (idr_net_iface | default('eth0'))]['ipv4']['address']}}" roles: - { role: upgrade-distpackages, tags: "upgrade-distpackages" } @@ -110,13 +108,12 @@ # Additional vars are in group_vars/omero-hosts.yml -- hosts: proxy-hosts +- hosts: "{{ idr_environment | default('idr') }}-proxy-hosts" pre_tasks: - set_fact: - # omero_omero_host_ansible: "{{ hostvars[groups['omero-hosts'][0]]['ansible_ssh_host'] | default(hostvars[groups['omero-hosts'][0]]['ansible_host']) }}" - # omero_omero_host_ansible: "{{ hostvars[groups['omero-hosts'][0]]['ansible_' + (idr_net_iface | default('eth0'))]['ipv4']['address']}}" + omero_omero_host_ansible: "{{ hostvars[groups[idr_environment | default('idr') + '-omero-hosts'][0]]['ansible_' + (idr_net_iface | default('eth0'))]['ipv4']['address']}}" roles: - role: nginx-ssl-selfsigned From 5e79af71a1db393ca89290fa247613644ff71086 Mon Sep 17 00:00:00 2001 From: Simon Li Date: Fri, 23 Sep 2016 17:16:06 +0100 Subject: [PATCH 03/25] Use custom IDR OMERO 0.0.7-rc1 build for IDR servers --- ansible/Vagrantfile | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ansible/Vagrantfile b/ansible/Vagrantfile index 8a9e40de7..e244bd6bc 100644 --- a/ansible/Vagrantfile +++ b/ansible/Vagrantfile @@ -71,6 +71,8 @@ Vagrant.configure(2) do |config| # Vagrant uses eth0 for NAT, eth1 for private guest network "idr_net_iface" => "eth1", "idr_nginx_ssl_self_signed" => "True", + "omero_release" => "0.0.7-rc1", + "omero_omego_additional_args" => "--downloadurl https://downloads.openmicroscopy.org/idr", } } end From 6fe0f2c4c8cb29a8044bc4ed27dc745c5e249839 Mon Sep 17 00:00:00 2001 From: Simon Li Date: Fri, 23 Sep 2016 18:09:38 +0100 Subject: [PATCH 04/25] Prefix all idr vms with idr_environment --- ansible/idr-playbooks/idr-dundee-nfs.yml | 2 +- ansible/idr-playbooks/idr-local-files.yml | 2 +- ansible/idr-playbooks/idr-local-users.yml | 2 +- ansible/idr-playbooks/idr-monitoring.yml | 2 +- ansible/idr-playbooks/idr-user-utils.yml | 2 +- ansible/os-idr-playbooks/os-create.yml | 29 +++++++++---------- ansible/os-idr-playbooks/os-delete.yml | 14 ++++----- .../vars/os-create-default.yml | 6 ++-- ansible/os-idr-uod.yml | 8 ++--- 9 files changed, 33 insertions(+), 34 deletions(-) diff --git a/ansible/idr-playbooks/idr-dundee-nfs.yml b/ansible/idr-playbooks/idr-dundee-nfs.yml index c354561b2..62eb8833a 100644 --- a/ansible/idr-playbooks/idr-dundee-nfs.yml +++ b/ansible/idr-playbooks/idr-dundee-nfs.yml @@ -2,7 +2,7 @@ # The default is to use NFS, if you are using samba you must install the # dependencies (cifs-utils) yourself. -- hosts: uod-nfs +- hosts: "{{ idr_environment | default('idr') }}-uod-nfs" vars: idr_mountpoint: /uod/idr diff --git a/ansible/idr-playbooks/idr-local-files.yml b/ansible/idr-playbooks/idr-local-files.yml index 157a4e07b..0604ff083 100644 --- a/ansible/idr-playbooks/idr-local-files.yml +++ b/ansible/idr-playbooks/idr-local-files.yml @@ -5,7 +5,7 @@ # This should be cleaned up and moved/combined into an appropriate role # Variables should be in a private group_vars file -- hosts: proxy-hosts +- hosts: "{{ idr_environment | default('idr') }}-proxy-hosts" tasks: diff --git a/ansible/idr-playbooks/idr-local-users.yml b/ansible/idr-playbooks/idr-local-users.yml index 818d47292..ad789e74f 100644 --- a/ansible/idr-playbooks/idr-local-users.yml +++ b/ansible/idr-playbooks/idr-local-users.yml @@ -2,7 +2,7 @@ # Playbook for creating local user accounts on Openstack instances # Variables should be in a private group_vars file -- hosts: database-hosts, omero-hosts, proxy-hosts +- hosts: "{{ idr_environment | default('idr') }}-database-hosts, {{ idr_environment | default('idr') }}-omero-hosts, {{ idr_environment | default('idr') }}-proxy-hosts" roles: - role: sudoers # sudoers_individual_commands: diff --git a/ansible/idr-playbooks/idr-monitoring.yml b/ansible/idr-playbooks/idr-monitoring.yml index 54ffbe656..16fab3afa 100644 --- a/ansible/idr-playbooks/idr-monitoring.yml +++ b/ansible/idr-playbooks/idr-monitoring.yml @@ -1,6 +1,6 @@ # Monitoring playbook -- hosts: omero-hosts +- hosts: "{{ idr_environment | default('idr') }}-omero-hosts" pre_tasks: - name: Get short hostname (not the same as the Ansible hostname vars) diff --git a/ansible/idr-playbooks/idr-user-utils.yml b/ansible/idr-playbooks/idr-user-utils.yml index 114054bfb..89439409e 100644 --- a/ansible/idr-playbooks/idr-user-utils.yml +++ b/ansible/idr-playbooks/idr-user-utils.yml @@ -1,7 +1,7 @@ --- # Playbook for accessing idr metadata -- hosts: idr-hosts +- hosts: "{{ idr_environment | default('idr') }}-omero-hosts" roles: - role: versioncontrol-utils diff --git a/ansible/os-idr-playbooks/os-create.yml b/ansible/os-idr-playbooks/os-create.yml index 66cc478ec..99ab19a0f 100644 --- a/ansible/os-idr-playbooks/os-create.yml +++ b/ansible/os-idr-playbooks/os-create.yml @@ -7,16 +7,26 @@ connection: local #gather_facts: false + pre_tasks: + + - fail: + msg: "vm_key_name is required" + when: vm_key_name is undefined or not vm_key_name + + - set_fact: + idr_environment: idr + when: idr_environment is undefined + + vars: # idr_environment: All VMs will be put into this group, which should have # a matching group_vars file - omero_vm_groups: "ansible-managed,os-image-centos,omero-hosts,{{ idr_environment | default('os-idr') }}" + omero_vm_groups: "ansible-managed,os-image-centos,omero-hosts,{{ idr_environment }}-omero-hosts,{{ idr_environment }}-hosts" omero_vm_extra_groups: "" - gateway_vm_groups: "ansible-managed,os-image-centos,proxy-hosts,{{ idr_environment | default('os-idr') }}" - database_vm_groups: "ansible-managed,os-image-centos,database-hosts,{{ idr_environment | default('os-idr') }}" + gateway_vm_groups: "ansible-managed,os-image-centos,proxy-hosts,{{ idr_environment }}-proxy-hosts,{{ idr_environment }}-hosts" + database_vm_groups: "ansible-managed,os-image-centos,database-hosts,{{ idr_environment }}-database-hosts,{{ idr_environment }}-hosts" - #vm_prefix: #vm_key_name: ignore_internal_known_hosts: True @@ -26,17 +36,6 @@ vars_files: - [ "{{ inventory_dir }}/vars/os-create-{{ os_cloud_provider }}.yml", "vars/os-create-default.yml" ] - pre_tasks: - - - fail: - msg: "vm_key_name is required" - when: vm_key_name is undefined or not vm_key_name - - - fail: - msg: "vm_prefix is required" - when: vm_prefix is undefined or not vm_prefix - - tasks: # If True (default) a single gateway will be setup diff --git a/ansible/os-idr-playbooks/os-delete.yml b/ansible/os-idr-playbooks/os-delete.yml index 0255c6dd5..a3f0baf4e 100644 --- a/ansible/os-idr-playbooks/os-delete.yml +++ b/ansible/os-idr-playbooks/os-delete.yml @@ -8,12 +8,12 @@ tasks: - fail: - msg: "vm_prefix is required" - when: vm_prefix is undefined or not vm_prefix + msg: "idr_environment is required" + when: idr_environment is undefined or not idr_environment - name: Remove instances os_server: - name: "{{ vm_prefix }}-{{ item }}" + name: "{{ idr_environment }}-{{ item }}" state: absent with_items: - database @@ -22,7 +22,7 @@ - name: Remove instances os_server: - name: "{{ vm_prefix }}-{{ item }}" + name: "{{ idr_environment }}-{{ item }}" state: absent with_items: - database @@ -35,9 +35,9 @@ display_name: "{{ item }}" state: absent with_items: - - "{{ vm_prefix }}-omero-data" - - "{{ vm_prefix }}-database-db" - - "{{ vm_prefix }}-gateway-nginxcache" + - "{{ idr_environment }}-omero-data" + - "{{ idr_environment }}-database-db" + - "{{ idr_environment }}-gateway-nginxcache" # Can't remove security group unless nothing is using it - name: Remove OMERO external access security group diff --git a/ansible/os-idr-playbooks/vars/os-create-default.yml b/ansible/os-idr-playbooks/vars/os-create-default.yml index 275bee279..484fe9332 100644 --- a/ansible/os-idr-playbooks/vars/os-create-default.yml +++ b/ansible/os-idr-playbooks/vars/os-create-default.yml @@ -7,8 +7,8 @@ omero_vm_flavour: m2.large gateway_vm_flavour: m1.large database_vm_flavour: m1.large -omero_vm_name: "{{ vm_prefix }}-omero" -gateway_vm_name: "{{ vm_prefix }}-gateway" -database_vm_name: "{{ vm_prefix }}-database" +omero_vm_name: "{{ idr_environment }}-omero" +gateway_vm_name: "{{ idr_environment }}-gateway" +database_vm_name: "{{ idr_environment }}-database" # Assume there's only one network in this tenancy so no need to specify network diff --git a/ansible/os-idr-uod.yml b/ansible/os-idr-uod.yml index 73ec16858..5641ec432 100644 --- a/ansible/os-idr-uod.yml +++ b/ansible/os-idr-uod.yml @@ -4,7 +4,7 @@ - include: os-idr-playbooks/os-create.yml vars: - omero_vm_extra_groups: "uod-nfs,idr-hosts" + omero_vm_extra_groups: "{{ idr_environment | default('idr') }}-uod-nfs" os_cloud_provider: uod - include: os-idr-playbooks/os-volumes.yml @@ -14,19 +14,19 @@ - include: idr-playbooks/idr-local-users.yml # Variables for this section are in a private file -- hosts: database-hosts +- hosts: "{{ idr_environment | default('idr') }}-database-hosts" roles: - role: storage-volume-initialise storage_volume_initialise_device: /dev/vdb storage_volume_initialise_mount: /var/lib/pgsql -- hosts: omero-hosts +- hosts: "{{ idr_environment | default('idr') }}-omero-hosts" roles: - role: storage-volume-initialise storage_volume_initialise_device: /dev/vdb storage_volume_initialise_mount: /data -- hosts: proxy-hosts +- hosts: "{{ idr_environment | default('idr') }}-proxy-hosts" roles: - role: storage-volume-initialise storage_volume_initialise_device: /dev/vdb From 920a926c7c2d10f6694164ac90d1407584e29049 Mon Sep 17 00:00:00 2001 From: Simon Li Date: Fri, 23 Sep 2016 18:12:47 +0100 Subject: [PATCH 05/25] Prefix idr VMs in os-idr-ebi.yml --- ansible/os-idr-ebi.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/ansible/os-idr-ebi.yml b/ansible/os-idr-ebi.yml index a93e9721c..df0a23e75 100644 --- a/ansible/os-idr-ebi.yml +++ b/ansible/os-idr-ebi.yml @@ -4,7 +4,7 @@ - include: os-idr-playbooks/os-create.yml vars: - omero_vm_extra_groups: "ebi-nfs,idr-hosts" + omero_vm_extra_groups: "{{ idr_environment | default('idr') }}-ebi-nfs" os_cloud_provider: ebi - include: os-idr-playbooks/os-volumes.yml @@ -14,19 +14,19 @@ - include: idr-playbooks/idr-local-users.yml # Variables for this section are in a private file -- hosts: database-hosts +- hosts: "{{ idr_environment | default('idr') }}-database-hosts" roles: - role: storage-volume-initialise storage_volume_initialise_device: /dev/vdb storage_volume_initialise_mount: /var/lib/pgsql -- hosts: omero-hosts +- hosts: "{{ idr_environment | default('idr') }}-omero-hosts" roles: - role: storage-volume-initialise storage_volume_initialise_device: /dev/vdb storage_volume_initialise_mount: /data -- hosts: proxy-hosts +- hosts: "{{ idr_environment | default('idr') }}-proxy-hosts" roles: - role: storage-volume-initialise storage_volume_initialise_device: /dev/vdb From b11bb80a8eb9d9194472d4b39036a62e7a94dc86 Mon Sep 17 00:00:00 2001 From: Simon Li Date: Fri, 23 Sep 2016 18:17:45 +0100 Subject: [PATCH 06/25] Update readme (still needs full testing) --- ansible/README-os-idr.md | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/ansible/README-os-idr.md b/ansible/README-os-idr.md index 5b1d50072..37de9b1ca 100644 --- a/ansible/README-os-idr.md +++ b/ansible/README-os-idr.md @@ -15,7 +15,9 @@ Guide for the Impatient Setup your OpenStack environment variables, and run: - ansible-playbook -i inventory -e omero_vm_name=FOO -e omero_vm_key_name=YOUR_KEY os-idr-uod.yml + ansible-playbook -i inventory -e idr_environment=idr -e omero_vm_key_name=YOUR_KEY os-idr-uod.yml + +If `idr_environment` is not defined on the command line it will default to `idr`, but you should almost always set this to your own value. `os-idr-playbooks/os-omero.yml` @@ -34,7 +36,7 @@ The Ansible modules in this playbook require the `shade` Python module. Before running the playbook you must [setup your OpenStack environment variables](http://docs.openstack.org/user-guide/common/cli_set_environment_variables_using_openstack_rc.html). You can override variables at the command line, for example (note double quoting is necessary if spaces are present): - ansible-playbook os-idr-playbooks/os-create.yml -e omero_vm_name=FOO \ + ansible-playbook os-idr-playbooks/os-create.yml -e idr_environment=idr \ -e omero_vm_key_name=YOURKEY -e "omero_vm_flavour='m2.xxlarge'" If this step fails it could be due to an incorrect variable, the Ansible `os_server` module usually gives an uninformative "Error in creating instance" message. @@ -42,7 +44,7 @@ If the VM was created the floating IP of the VM will be printed out. To delete the VM and related security group: - ansible-playbook os-idr-playbooks/os-delete.yml -e omero_vm_name=FOO + ansible-playbook os-idr-playbooks/os-delete.yml -e idr_environment=idr If another instance is using the OMERO security group, the task will fail but can be safely ignored. @@ -67,7 +69,7 @@ Deploying the IDR The production IDR is setup using a private configuration repository. Replace `{{ inventory_dir }}` with the path to the inventory directory. You can use `inventory` in this directory if you have configured the required variables, such as by creating a group_vars file if necessary in `{{ inventory_dir }}/group_vars/`, e.g. `{{ inventory_dir }}/group_vars/os-idr.yml` -This should match the value of the `idr_environment` variable (default `os-idr`), and can be used to support multiple deployment environments with different variables. +This should match the value of the `idr_environment` variable, and can be used to support multiple deployment environments with different variables. Decide on your openstack dynamic inventory. If you are using a single floating IP use `{{ inventory_dir }}/openstack-private.py`. @@ -79,13 +81,13 @@ Select your playbook, for instance `os-idr-uod.yml` for the Dundee cloud. For example (using the default `os-idr` host-group and variables): ansible-playbook -i {{ inventory_dir }}/openstack-private.py os-idr-uod.yml - -e vm_key_name="KEY_NAME" -e vm_prefix=PREFIX + -e vm_key_name="KEY_NAME" -e idr_environment=os-idr Or using a custom group called `os-idrstaging` with additional variable overrides: ansible-playbook -i {{ inventory_dir }}/openstack-private.py os-idr-uod.yml - -e vm_key_name="KEY_NAME" -e vm_prefix=PREFIX - -e @vars/test-overrides.yml -e idr_environment=os-idrstaging + -e vm_key_name="KEY_NAME" -e idr_environment=os-idrstaging + -e @vars/test-overrides.yml Component playbooks From 1c92012118ab4c2466d944751fa4c9fd7df4af75 Mon Sep 17 00:00:00 2001 From: Simon Li Date: Mon, 26 Sep 2016 14:57:51 +0100 Subject: [PATCH 07/25] Remove idr-playbooks/idr-user-utils.yml The only thing that's not in idr-omero.yml is screen --- ansible/idr-playbooks/idr-user-utils.yml | 33 ------------------------ ansible/os-idr-ebi.yml | 2 -- ansible/os-idr-uod.yml | 2 -- 3 files changed, 37 deletions(-) delete mode 100644 ansible/idr-playbooks/idr-user-utils.yml diff --git a/ansible/idr-playbooks/idr-user-utils.yml b/ansible/idr-playbooks/idr-user-utils.yml deleted file mode 100644 index 89439409e..000000000 --- a/ansible/idr-playbooks/idr-user-utils.yml +++ /dev/null @@ -1,33 +0,0 @@ ---- -# Playbook for accessing idr metadata - -- hosts: "{{ idr_environment | default('idr') }}-omero-hosts" - - roles: - - role: versioncontrol-utils - - role: python-pydata - - tasks: - - - name: Install screen - become: yes - yum: - pkg: screen - state: present - - - name: Create metadata directory - become: yes - file: - path: /opt/idr-metadata - owner: omero - group: omero - recurse: yes - state: directory - - - name: Clone metadata repo - become: yes - become_user: omero - git: - repo: git://github.com/snoopycrimecop/idr-metadata.git - dest: /opt/idr-metadata - version: merge/trigger diff --git a/ansible/os-idr-ebi.yml b/ansible/os-idr-ebi.yml index df0a23e75..8eb891a71 100644 --- a/ansible/os-idr-ebi.yml +++ b/ansible/os-idr-ebi.yml @@ -39,6 +39,4 @@ - include: idr-playbooks/idr-local-files.yml -- include: idr-playbooks/idr-user-utils.yml - #- include: idr-playbooks/idr-monitoring.yml diff --git a/ansible/os-idr-uod.yml b/ansible/os-idr-uod.yml index 5641ec432..b564a71a4 100644 --- a/ansible/os-idr-uod.yml +++ b/ansible/os-idr-uod.yml @@ -39,6 +39,4 @@ - include: idr-playbooks/idr-local-files.yml -- include: idr-playbooks/idr-user-utils.yml - #- include: idr-playbooks/idr-monitoring.yml From 5260a7122f75f745af8857578a085ec65348c67e Mon Sep 17 00:00:00 2001 From: Simon Li Date: Mon, 26 Sep 2016 15:11:53 +0100 Subject: [PATCH 08/25] install basedeps with basedeps_user_utils --- ansible/idr-playbooks/idr-omero.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ansible/idr-playbooks/idr-omero.yml b/ansible/idr-playbooks/idr-omero.yml index a9c2ce3cd..9db79548c 100644 --- a/ansible/idr-playbooks/idr-omero.yml +++ b/ansible/idr-playbooks/idr-omero.yml @@ -46,6 +46,9 @@ omero_db_host_ansible: "{{ hostvars[groups[idr_environment | default('idr') + '-database-hosts'][0]]['ansible_' + (idr_net_iface | default('eth0'))]['ipv4']['address']}}" roles: + - role: basedeps + basedeps_user_utils: True + tags: "basedeps" - { role: upgrade-distpackages, tags: "upgrade-distpackages" } - { role: versioncontrol-utils, tags: "versioncontrol-utils" } - { role: omero-server, tags: "omero-server" } From fb2e40573b4b2ced5d040197ba82613dc9a79f41 Mon Sep 17 00:00:00 2001 From: Simon Li Date: Mon, 26 Sep 2016 15:12:22 +0100 Subject: [PATCH 09/25] Remove upgrade-distpackages from idr-omero.yml This should be handled outside this playbook. In addition running upgrade-distpackages in docker may cause problems if it updates core libraries e.g. systemd. --- ansible/idr-playbooks/idr-omero.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/ansible/idr-playbooks/idr-omero.yml b/ansible/idr-playbooks/idr-omero.yml index 9db79548c..356dbf0c1 100644 --- a/ansible/idr-playbooks/idr-omero.yml +++ b/ansible/idr-playbooks/idr-omero.yml @@ -49,7 +49,6 @@ - role: basedeps basedeps_user_utils: True tags: "basedeps" - - { role: upgrade-distpackages, tags: "upgrade-distpackages" } - { role: versioncontrol-utils, tags: "versioncontrol-utils" } - { role: omero-server, tags: "omero-server" } - { role: python-pydata, tags: "python-pydata" } From c1a9e371a33d1b69202beea3a73abcb11757c2c5 Mon Sep 17 00:00:00 2001 From: Simon Li Date: Mon, 26 Sep 2016 15:13:31 +0100 Subject: [PATCH 10/25] Use long-form for roles --- ansible/idr-playbooks/idr-omero.yml | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/ansible/idr-playbooks/idr-omero.yml b/ansible/idr-playbooks/idr-omero.yml index 356dbf0c1..4a6bc3aa7 100644 --- a/ansible/idr-playbooks/idr-omero.yml +++ b/ansible/idr-playbooks/idr-omero.yml @@ -49,10 +49,14 @@ - role: basedeps basedeps_user_utils: True tags: "basedeps" - - { role: versioncontrol-utils, tags: "versioncontrol-utils" } - - { role: omero-server, tags: "omero-server" } - - { role: python-pydata, tags: "python-pydata" } - - { role: omero-web-apps, tags: "omero-web-apps" } + - role: versioncontrol-utils + tags: "versioncontrol-utils" + - role: omero-server + tags: "omero-server" + - role: python-pydata + tags: "python-pydata" + - role: omero-web-apps + tags: "omero-web-apps" vars: omero_dbhost: "{{ omero_db_host_ansible }}" From 6c703f8f5320634bb87e5efc7824ca3c194709e8 Mon Sep 17 00:00:00 2001 From: Simon Li Date: Mon, 26 Sep 2016 15:37:52 +0100 Subject: [PATCH 11/25] Update README.md with latest openstack ansible changes --- ansible/README-os-idr.md | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/ansible/README-os-idr.md b/ansible/README-os-idr.md index 37de9b1ca..623ea358b 100644 --- a/ansible/README-os-idr.md +++ b/ansible/README-os-idr.md @@ -20,11 +20,14 @@ Setup your OpenStack environment variables, and run: If `idr_environment` is not defined on the command line it will default to `idr`, but you should almost always set this to your own value. -`os-idr-playbooks/os-omero.yml` -------------------------------- +`idr-playbooks/idr-omero.yml` +----------------------------- This is the Ansible playbook that will be run to setup OMERO. -You can also run it manually to install OMERO on localhost. +This can be run independently of the openstack playbooks providing you have an inventory with groups: +- `{{ idr_environment }}-data-hosts` +- `{{ idr_environment }}-omero-hosts` +- `{{ idr_environment }}-proxy-hosts` `os-idr-playbooks/os-create.yml` @@ -78,7 +81,7 @@ If you are using floating IPs for all instances you can optionally use `{{ inven Select your playbook, for instance `os-idr-uod.yml` for the Dundee cloud. -For example (using the default `os-idr` host-group and variables): +For example (using the `os-idr` host-group and variables): ansible-playbook -i {{ inventory_dir }}/openstack-private.py os-idr-uod.yml -e vm_key_name="KEY_NAME" -e idr_environment=os-idr From ccf05ecf5969f307b112a773adaa9ab83985f2cd Mon Sep 17 00:00:00 2001 From: Simon Li Date: Wed, 28 Sep 2016 19:34:19 +0100 Subject: [PATCH 12/25] Change default public config pass to public --- ansible/idr-playbooks/files/IDR-OMERO-52-omero.j2 | 2 +- ansible/idr-playbooks/group_vars/omero-hosts.yml | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/ansible/idr-playbooks/files/IDR-OMERO-52-omero.j2 b/ansible/idr-playbooks/files/IDR-OMERO-52-omero.j2 index 672219146..8dab32b13 100644 --- a/ansible/idr-playbooks/files/IDR-OMERO-52-omero.j2 +++ b/ansible/idr-playbooks/files/IDR-OMERO-52-omero.j2 @@ -26,7 +26,7 @@ config set omero.web.secure_proxy_ssl_header '["HTTP_X_FORWARDED_PROTO_OMERO_WEB config set omero.web.public.enabled True config set omero.web.public.server_id 1 config set omero.web.public.user public -config set omero.web.public.password {{ idr_secret_omero_web_public_password | default("") }} +config set omero.web.public.password {{ omero_web_public_password }} config set omero.web.public.url_filter ^/(webadmin/myphoto/|webclient/(?!(action|annotate_(file|tags|comment|rating|map)|script_ui|ome_tiff|figure_script))|webgateway/(?!(archived_files|download_as))) # Group/User drop down menu diff --git a/ansible/idr-playbooks/group_vars/omero-hosts.yml b/ansible/idr-playbooks/group_vars/omero-hosts.yml index 70996a47c..6cb80cb07 100644 --- a/ansible/idr-playbooks/group_vars/omero-hosts.yml +++ b/ansible/idr-playbooks/group_vars/omero-hosts.yml @@ -17,6 +17,8 @@ omero_upgrade: True # Recursively chown data dir (this may take a very long time) #omero_datadir_chown: True +omero_web_public_password: "{{ idr_secret_omero_web_public_password | default('public') }}" + omero_prestart_file: "{{ playbook_dir }}/files/IDR-OMERO-52-omero.j2" omero_logmonitor_slack_token: "{{ idr_secret_omero_logmonitor_slack_token | default(None) }}" From 265704f9754d50a36b498b2d4aaa926a3f4f579d Mon Sep 17 00:00:00 2001 From: Simon Li Date: Wed, 28 Sep 2016 19:38:29 +0100 Subject: [PATCH 13/25] Openstack only playbook for setting up volumes from inside the VM --- ansible/idr-playbooks/idr.yml | 5 +++-- ansible/idr-playbooks/os-idr-volumes.yml | 21 +++++++++++++++++++++ 2 files changed, 24 insertions(+), 2 deletions(-) create mode 100644 ansible/idr-playbooks/os-idr-volumes.yml diff --git a/ansible/idr-playbooks/idr.yml b/ansible/idr-playbooks/idr.yml index 178cfb134..00f594f60 100644 --- a/ansible/idr-playbooks/idr.yml +++ b/ansible/idr-playbooks/idr.yml @@ -1,5 +1,6 @@ -# Runs all public playbooks for setting up the IDR infrastructure -# The remaining playbooks require additional private configuration +# Runs all public playbooks for setting up the IDR infrastructure in any +# environment. This does not run any storage/networking/cloud specific +# tasks, nor does it run playbooks requiring private configuration - include: idr-local-users.yml - include: idr-omero.yml - include: idr-local-files.yml diff --git a/ansible/idr-playbooks/os-idr-volumes.yml b/ansible/idr-playbooks/os-idr-volumes.yml new file mode 100644 index 000000000..d64befe1b --- /dev/null +++ b/ansible/idr-playbooks/os-idr-volumes.yml @@ -0,0 +1,21 @@ +--- +# Initialise openstack volumes from inside VMs if necessary + +- hosts: "{{ idr_environment | default('idr') }}-database-hosts" + roles: + - role: storage-volume-initialise + storage_volume_initialise_device: "{{ database_db_vol_dev | default('/dev/vdb') }}" + storage_volume_initialise_mount: /var/lib/pgsql + +- hosts: "{{ idr_environment | default('idr') }}-omero-hosts" + roles: + - role: storage-volume-initialise + storage_volume_initialise_device: "{{ omero_data_vol_dev | default('/dev/vdb') }}" + storage_volume_initialise_mount: /data + +- hosts: "{{ idr_environment | default('idr') }}-proxy-hosts" + roles: + - role: storage-volume-initialise + storage_volume_initialise_device: "{{ gateway_nginxcache_vol_dev | default('/dev/vdb') }}" + storage_volume_initialise_mount: /var/cache/nginx + From 916a3a75f450105439fb22c8224a257493570146 Mon Sep 17 00:00:00 2001 From: Simon Li Date: Fri, 30 Sep 2016 11:55:01 +0100 Subject: [PATCH 14/25] Add a generic {{}}-data-hosts groupo to os-idr-volumes.yml --- ansible/idr-playbooks/os-idr-volumes.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/ansible/idr-playbooks/os-idr-volumes.yml b/ansible/idr-playbooks/os-idr-volumes.yml index d64befe1b..d457b9602 100644 --- a/ansible/idr-playbooks/os-idr-volumes.yml +++ b/ansible/idr-playbooks/os-idr-volumes.yml @@ -19,3 +19,9 @@ storage_volume_initialise_device: "{{ gateway_nginxcache_vol_dev | default('/dev/vdb') }}" storage_volume_initialise_mount: /var/cache/nginx +# Use this group for any other IDR VMs that should have a volume mounted on /data +- hosts: "{{ idr_environment | default('idr') }}-data-hosts" + roles: + - role: storage-volume-initialise + storage_volume_initialise_device: "{{ data_vol_dev | default('/dev/vdb') }}" + storage_volume_initialise_mount: /data From 18d7869546a2988a0e37d13886df0f8e3469bbe5 Mon Sep 17 00:00:00 2001 From: Simon Li Date: Wed, 5 Oct 2016 18:41:08 +0100 Subject: [PATCH 15/25] Add a role for managing the IDR Openstack security groups --- .../openstack-idr-security-groups/README.md | 10 +++ .../tasks/main.yml | 62 +++++++++++++++++++ 2 files changed, 72 insertions(+) create mode 100644 ansible/roles/openstack-idr-security-groups/README.md create mode 100644 ansible/roles/openstack-idr-security-groups/tasks/main.yml diff --git a/ansible/roles/openstack-idr-security-groups/README.md b/ansible/roles/openstack-idr-security-groups/README.md new file mode 100644 index 000000000..ed99e73a2 --- /dev/null +++ b/ansible/roles/openstack-idr-security-groups/README.md @@ -0,0 +1,10 @@ +Openstack IDR Security Groups +============================= + +Create the security groups for the IDR + + +Author Information +------------------ + +ome-devel@lists.openmicroscopy.org.uk diff --git a/ansible/roles/openstack-idr-security-groups/tasks/main.yml b/ansible/roles/openstack-idr-security-groups/tasks/main.yml new file mode 100644 index 000000000..aef9de068 --- /dev/null +++ b/ansible/roles/openstack-idr-security-groups/tasks/main.yml @@ -0,0 +1,62 @@ +--- +# IDR security groups + +- name: OMERO external access security group + os_security_group: + description: External access to OMERO servers (managed by Ansible) + name: idr-omero-external + state: present + +- name: OMERO external access security group rules + os_security_group_rule: + direction: ingress + port_range_max: "{{ item }}" + port_range_min: "{{ item }}" + protocol: tcp + remote_ip_prefix: 0.0.0.0/0 + security_group: idr-omero-external + state: present + with_items: + # TODO: Remove port 22 to restrict access to gateways only + - 22 + - 80 + - 443 + - 4063 + - 4064 + +- name: Web external access security group + os_security_group: + description: External access to web servers (managed by Ansible) + name: idr-web-external + state: present + +- name: Web external access security group rules + os_security_group_rule: + direction: ingress + port_range_max: "{{ item }}" + port_range_min: "{{ item }}" + protocol: tcp + remote_ip_prefix: 0.0.0.0/0 + security_group: idr-web-external + state: present + with_items: + - 80 + - 443 + +- name: Bastion external access security group + os_security_group: + description: External access to bastion servers (managed by Ansible) + name: idr-bastion-external + state: present + +- name: Bastion external access security group rules + os_security_group_rule: + direction: ingress + port_range_max: "{{ item }}" + port_range_min: "{{ item }}" + protocol: tcp + remote_ip_prefix: 0.0.0.0/0 + security_group: idr-bastion-external + state: present + with_items: + - 22 From ba7eafdf55e951224185a54bb5c3b40211437205 Mon Sep 17 00:00:00 2001 From: Simon Li Date: Wed, 5 Oct 2016 18:46:57 +0100 Subject: [PATCH 16/25] Add role for creating single IDR VMs --- .../roles/openstack-idr-instance/README.md | 38 +++++++++++ .../openstack-idr-instance/defaults/main.yml | 63 +++++++++++++++++++ .../openstack-idr-instance/tasks/main.yml | 24 +++++++ .../tasks/main.yml | 2 - 4 files changed, 125 insertions(+), 2 deletions(-) create mode 100644 ansible/roles/openstack-idr-instance/README.md create mode 100644 ansible/roles/openstack-idr-instance/defaults/main.yml create mode 100644 ansible/roles/openstack-idr-instance/tasks/main.yml diff --git a/ansible/roles/openstack-idr-instance/README.md b/ansible/roles/openstack-idr-instance/README.md new file mode 100644 index 000000000..bea509aea --- /dev/null +++ b/ansible/roles/openstack-idr-instance/README.md @@ -0,0 +1,38 @@ +Openstack IDR Instance +====================== + +Create an Openstack VM for use with the IDR playbooks. + + +Role Variables +-------------- + +Defaults: `defaults/main.yml` + +Required variables: +- `idr_vm_name`: VM hostname +- `idr_vm_image`: Openstack base image +- `idr_vm_keyname`: Openstack SSH key +- `idr_vm_flavour`: Openstack flavour + +Optional variables: +- `idr_vm_private_network`: Use this network instead of the default one +- `idr_vm_assign_floating_ip`: Assign a floating IP, default `False` +- `idr_environment`: Use this as a group prefix. You should almost always set this to something other than the default `idr` + +Booleans indicating the purpose of this server: +- If any of these are `True` they will be used to automatically set the security groups and host-groups for this VM, default `False`. Multiple may be set to `True` if a server has multiple purposes. + - `idr_vm_database`: An IDR database server + - `idr_vm_omero`: An IDR OMERO server + - `idr_vm_proxy`: An IDR web proxy server + +Advanced settings: +- `idr_vm_groups`: A list of host-groups, default depends on the above booleans +- `idr_vm_extra_groups`: A list of host-groups in addition to the above default +- `idr_vm_security_groups`: A list of security groups, default depends on the above booleans + + +Author Information +------------------ + +ome-devel@lists.openmicroscopy.org.uk diff --git a/ansible/roles/openstack-idr-instance/defaults/main.yml b/ansible/roles/openstack-idr-instance/defaults/main.yml new file mode 100644 index 000000000..3b4456bd5 --- /dev/null +++ b/ansible/roles/openstack-idr-instance/defaults/main.yml @@ -0,0 +1,63 @@ +--- +# defaults file for roles/openstack-idr-instance + + +# Required vars: +#idr_vm_name +#idr_vm_image +#idr_vm_key_name +#idr_vm_flavour + +# Optional, default(omit) +#idr_vm_private_network + +idr_vm_assign_floating_ip: False + +# idr_environment: All VMs will be put into this group +idr_environment: idr + +# Booleans indicating the purpose of this server (multiple may be True) +idr_vm_database: False +idr_vm_omero: False +idr_vm_proxy: False +idr_vm_bastion: False + +# Default groups depend on the purpose of this server +idr_vm_groups: > + {{ + (idr_vm_database | ternary(idr_vm_default_groups_database, [])) + + (idr_vm_omero | ternary(idr_vm_default_groups_omero, [])) + + (idr_vm_proxy | ternary(idr_vm_default_groups_proxy, [])) + + (idr_vm_bastion | ternary(idr_vm_default_groups_bastion, [])) + }} + +idr_vm_extra_groups: [] + +# Default security groups depend on the purpose of this server +idr_vm_security_groups: > + {{ + ['default'] + + (idr_vm_omero | ternary(['idr-omero-external'], [])) + + (idr_vm_proxy | ternary(['idr-web-external'], [])) + + (idr_vm_bastion | ternary(['idr-bastion-external'], [])) + }} + +idr_vm_default_groups_database: +- database-hosts +- "{{ idr_environment }}-database-hosts" +- "{{ idr_environment }}-hosts" + +idr_vm_default_groups_omero: +- omero-hosts +- "{{ idr_environment }}-omero-hosts" +- "{{ idr_environment }}-hosts" + +idr_vm_default_groups_proxy: +- proxy-hosts +- "{{ idr_environment }}-proxy-hosts" +- "{{ idr_environment }}-hosts" + +idr_vm_default_groups_bastion: +- bastion-hosts +- "{{ idr_environment }}-bastion-hosts" +- "{{ idr_environment }}-hosts" diff --git a/ansible/roles/openstack-idr-instance/tasks/main.yml b/ansible/roles/openstack-idr-instance/tasks/main.yml new file mode 100644 index 000000000..004fa67a7 --- /dev/null +++ b/ansible/roles/openstack-idr-instance/tasks/main.yml @@ -0,0 +1,24 @@ +--- +# Playbook for creating OpenStack IDR VMs + +- fail: + msg: "idr_vm_keyname is required" + when: idr_vm_keyname is undefined or not idr_vm_keyname + +- name: idr vm | create VM + os_server: + name: "{{ idr_vm_name }}" + state: present + image: "{{ idr_vm_image }}" + key_name: "{{ idr_vm_keyname }}" + flavor: "{{ idr_vm_flavour }}" + nics: "{{ idr_vm_private_network | default(omit) }}" + auto_ip: "{{ idr_vm_assign_floating_ip }}" + meta: + hostname: "{{ idr_vm_name }}" + groups: "{{ (idr_vm_groups + idr_vm_extra_groups) | join(',') }}" + security_groups: "{{ idr_vm_security_groups | join(',') }}" + register: vm + +- debug: + msg: "{{ idr_vm_name }} IP private:{{ vm.openstack.private_v4 | default('') }} floating:{{ vm.openstack.public_v4 | default('') }}" diff --git a/ansible/roles/openstack-idr-security-groups/tasks/main.yml b/ansible/roles/openstack-idr-security-groups/tasks/main.yml index aef9de068..27755e942 100644 --- a/ansible/roles/openstack-idr-security-groups/tasks/main.yml +++ b/ansible/roles/openstack-idr-security-groups/tasks/main.yml @@ -17,8 +17,6 @@ security_group: idr-omero-external state: present with_items: - # TODO: Remove port 22 to restrict access to gateways only - - 22 - 80 - 443 - 4063 From 1f703ca1927c9bedf970045602d441baa9f70106 Mon Sep 17 00:00:00 2001 From: Simon Li Date: Thu, 6 Oct 2016 11:19:25 +0100 Subject: [PATCH 17/25] Install cli-utils on omero --- ansible/idr-playbooks/idr-omero.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ansible/idr-playbooks/idr-omero.yml b/ansible/idr-playbooks/idr-omero.yml index 4a6bc3aa7..11295d6fe 100644 --- a/ansible/idr-playbooks/idr-omero.yml +++ b/ansible/idr-playbooks/idr-omero.yml @@ -47,8 +47,9 @@ roles: - role: basedeps - basedeps_user_utils: True tags: "basedeps" + - role: cli-utils + tags: "cli-utils" - role: versioncontrol-utils tags: "versioncontrol-utils" - role: omero-server From 8a0272f3d5f9e5b0c013ffd4a0b6c9def2b7bcb3 Mon Sep 17 00:00:00 2001 From: Simon Li Date: Thu, 6 Oct 2016 11:22:20 +0100 Subject: [PATCH 18/25] Add docker groups to openstack-idr-instance --- .../roles/openstack-idr-instance/README.md | 8 ++++++- .../openstack-idr-instance/defaults/main.yml | 21 ++++++++++++++++++- .../openstack-idr-instance/tasks/main.yml | 11 ++++++---- 3 files changed, 34 insertions(+), 6 deletions(-) diff --git a/ansible/roles/openstack-idr-instance/README.md b/ansible/roles/openstack-idr-instance/README.md index bea509aea..210cbac75 100644 --- a/ansible/roles/openstack-idr-instance/README.md +++ b/ansible/roles/openstack-idr-instance/README.md @@ -16,7 +16,7 @@ Required variables: - `idr_vm_flavour`: Openstack flavour Optional variables: -- `idr_vm_private_network`: Use this network instead of the default one +- `idr_vm_private_networks`: Use this network instead of the default one - `idr_vm_assign_floating_ip`: Assign a floating IP, default `False` - `idr_environment`: Use this as a group prefix. You should almost always set this to something other than the default `idr` @@ -32,6 +32,12 @@ Advanced settings: - `idr_vm_security_groups`: A list of security groups, default depends on the above booleans +Development +----------- + +See the warning in `tasks/main.yml` before making changes. + + Author Information ------------------ diff --git a/ansible/roles/openstack-idr-instance/defaults/main.yml b/ansible/roles/openstack-idr-instance/defaults/main.yml index 3b4456bd5..045a549b7 100644 --- a/ansible/roles/openstack-idr-instance/defaults/main.yml +++ b/ansible/roles/openstack-idr-instance/defaults/main.yml @@ -1,6 +1,8 @@ --- # defaults file for roles/openstack-idr-instance - +# This contains a lot of the logic for setting the host and security +# groups based on the purpose of the VM, and is specific to the IDR +# playbooks # Required vars: #idr_vm_name @@ -20,6 +22,8 @@ idr_environment: idr idr_vm_database: False idr_vm_omero: False idr_vm_proxy: False +idr_vm_dockermanager: False +idr_vm_dockerworker: False idr_vm_bastion: False # Default groups depend on the purpose of this server @@ -28,6 +32,8 @@ idr_vm_groups: > (idr_vm_database | ternary(idr_vm_default_groups_database, [])) + (idr_vm_omero | ternary(idr_vm_default_groups_omero, [])) + (idr_vm_proxy | ternary(idr_vm_default_groups_proxy, [])) + + (idr_vm_dockermanager | ternary(idr_vm_default_groups_dockermanager, [])) + + (idr_vm_dockerworker | ternary(idr_vm_default_groups_dockerworker, [])) + (idr_vm_bastion | ternary(idr_vm_default_groups_bastion, [])) }} @@ -61,3 +67,16 @@ idr_vm_default_groups_bastion: - bastion-hosts - "{{ idr_environment }}-bastion-hosts" - "{{ idr_environment }}-hosts" + +idr_vm_default_groups_dockermanager: +- dockermanager-hosts +- "{{ idr_environment }}-dockermanager-hosts" +- "{{ idr_environment }}-docker-hosts" +- "{{ idr_environment }}-hosts" +- "{{ idr_environment }}-data-hosts" + +idr_vm_default_groups_dockerworker: +- dockerworker-hosts +- "{{ idr_environment }}-dockerworker-hosts" +- "{{ idr_environment }}-docker-hosts" +- "{{ idr_environment }}-hosts" diff --git a/ansible/roles/openstack-idr-instance/tasks/main.yml b/ansible/roles/openstack-idr-instance/tasks/main.yml index 004fa67a7..5ac758c5f 100644 --- a/ansible/roles/openstack-idr-instance/tasks/main.yml +++ b/ansible/roles/openstack-idr-instance/tasks/main.yml @@ -1,9 +1,11 @@ --- # Playbook for creating OpenStack IDR VMs -- fail: - msg: "idr_vm_keyname is required" - when: idr_vm_keyname is undefined or not idr_vm_keyname +# WARNING: Do not use set_facts in this role, since it'll create a hostvar +# on the host running the openstack client and not the VM created. +# This means multiple invocations of this role (for multiple VMs) will fail +# to work as expected since the hostvar is persistent across tasks. +# See defaults/main.yml for most of the logic. - name: idr vm | create VM os_server: @@ -12,7 +14,7 @@ image: "{{ idr_vm_image }}" key_name: "{{ idr_vm_keyname }}" flavor: "{{ idr_vm_flavour }}" - nics: "{{ idr_vm_private_network | default(omit) }}" + nics: "{{ idr_vm_private_networks | default(omit) }}" auto_ip: "{{ idr_vm_assign_floating_ip }}" meta: hostname: "{{ idr_vm_name }}" @@ -22,3 +24,4 @@ - debug: msg: "{{ idr_vm_name }} IP private:{{ vm.openstack.private_v4 | default('') }} floating:{{ vm.openstack.public_v4 | default('') }}" + verbosity: 1 From b0bd05273120314c8a15746061db7ff85a38b80c Mon Sep 17 00:00:00 2001 From: Simon Li Date: Thu, 6 Oct 2016 11:22:35 +0100 Subject: [PATCH 19/25] Remove http/s ports from idr-omero-external If you need web access use the idr-web-external security group instead --- ansible/roles/openstack-idr-security-groups/tasks/main.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/ansible/roles/openstack-idr-security-groups/tasks/main.yml b/ansible/roles/openstack-idr-security-groups/tasks/main.yml index 27755e942..e7c65ef76 100644 --- a/ansible/roles/openstack-idr-security-groups/tasks/main.yml +++ b/ansible/roles/openstack-idr-security-groups/tasks/main.yml @@ -17,8 +17,6 @@ security_group: idr-omero-external state: present with_items: - - 80 - - 443 - 4063 - 4064 From 4af7da5e327600b61a7effc501b3e98713131970 Mon Sep 17 00:00:00 2001 From: Simon Li Date: Thu, 6 Oct 2016 11:23:40 +0100 Subject: [PATCH 20/25] Optional snapshot source for openstack-volume-storage --- ansible/roles/openstack-volume-storage/tasks/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/ansible/roles/openstack-volume-storage/tasks/main.yml b/ansible/roles/openstack-volume-storage/tasks/main.yml index 28a6ff021..5c1f98c85 100644 --- a/ansible/roles/openstack-volume-storage/tasks/main.yml +++ b/ansible/roles/openstack-volume-storage/tasks/main.yml @@ -6,6 +6,7 @@ state: present size: "{{ openstack_volume_size }}" display_name: "{{ openstack_volume_vmname }}-{{ openstack_volume_name }}" + snapshot_id: "{{ openstack_volume_snapshot | default(omit) }}" - name: openstack volume | attach volume to host os_server_volume: From c135ef474ae5a6fe1c93b74664e3525bba639691 Mon Sep 17 00:00:00 2001 From: Simon Li Date: Thu, 6 Oct 2016 11:58:38 +0100 Subject: [PATCH 21/25] Don't set nginx_proxy_set_header_host --- ansible/idr-playbooks/group_vars/proxy-hosts.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/idr-playbooks/group_vars/proxy-hosts.yml b/ansible/idr-playbooks/group_vars/proxy-hosts.yml index c7a11d782..71559a38f 100644 --- a/ansible/idr-playbooks/group_vars/proxy-hosts.yml +++ b/ansible/idr-playbooks/group_vars/proxy-hosts.yml @@ -54,4 +54,4 @@ nginx_proxy_direct_locations: #nginx_proxy_block_locations: #- "^~ /login" -nginx_proxy_set_header_host: 'idr-demo.openmicroscopy.org' +#nginx_proxy_set_header_host: 'idr-demo.openmicroscopy.org' From 0db2aeffe1650b7b08133133edb2519c18c3e595 Mon Sep 17 00:00:00 2001 From: Simon Li Date: Thu, 6 Oct 2016 11:58:54 +0100 Subject: [PATCH 22/25] Add os-idr-create-example.yml which uses the new openstack-idr roles This supercedes os-create.yml and os-volumes.yml, which can be removed in future --- .../os-idr-create-example.yml | 73 +++++++++++++++++++ 1 file changed, 73 insertions(+) create mode 100644 ansible/os-idr-playbooks/os-idr-create-example.yml diff --git a/ansible/os-idr-playbooks/os-idr-create-example.yml b/ansible/os-idr-playbooks/os-idr-create-example.yml new file mode 100644 index 000000000..21f8e85b5 --- /dev/null +++ b/ansible/os-idr-playbooks/os-idr-create-example.yml @@ -0,0 +1,73 @@ +--- +# Example playbook for creating OpenStack IDR VMs +# You will need to change the variables in the `vars` section depending on +# your openstack environment. For more fine grained control set the vars +# directly in each role + +- hosts: localhost + connection: local + + vars: + - idr_environment: idr + #- idr_vm_keyname: VM_KEYNAME + - vm_image: CentOS 7 1604 + - vm_flavour: m1.large + + + roles: + + ############################################################ + # Security groups + + - role: openstack-idr-security-groups + + + ############################################################ + # Instances + + # Dedicated database server + - role: openstack-idr-instance + idr_vm_name: "{{ idr_environment }}-database" + idr_vm_image: "{{ vm_image }}" + idr_vm_flavour: "{{ vm_flavour }}" + idr_vm_database: True + + # OMERO server + - role: openstack-idr-instance + idr_vm_name: "{{ idr_environment }}-omero" + idr_vm_image: "{{ vm_image }}" + idr_vm_flavour: "{{ vm_flavour }}" + idr_vm_omero: True + #idr_vm_extra_groups: + #idr_vm_private_networks: + + # Proxy server, doubles up as a bastion server + - role: openstack-idr-instance + idr_vm_name: "{{ idr_environment }}-proxy" + idr_vm_image: "{{ vm_image }}" + idr_vm_flavour: "{{ vm_flavour }}" + idr_vm_proxy: True + idr_vm_bastion: True + idr_vm_assign_floating_ip: True + + + ############################################################ + # Volumes + + - role: openstack-volume-storage + openstack_volume_size: 100 + openstack_volume_vmname: "{{ idr_environment }}-database" + openstack_volume_name: db + openstack_volume_device: /dev/vdb + + - role: openstack-volume-storage + openstack_volume_size: 100 + openstack_volume_vmname: "{{ idr_environment }}-omero" + openstack_volume_name: data + openstack_volume_device: /dev/vdb + + - role: openstack-volume-storage + openstack_volume_size: 20 + openstack_volume_vmname: "{{ idr_environment }}-proxy" + openstack_volume_name: nginxcache + openstack_volume_device: /dev/vdb From ace19c1fe7db7ba906423f97192285c0923362e2 Mon Sep 17 00:00:00 2001 From: Simon Li Date: Thu, 6 Oct 2016 12:21:30 +0100 Subject: [PATCH 23/25] update readme --- ansible/README-os-idr.md | 100 +++++++++++++++------------------------ 1 file changed, 39 insertions(+), 61 deletions(-) diff --git a/ansible/README-os-idr.md b/ansible/README-os-idr.md index 623ea358b..f1887c38a 100644 --- a/ansible/README-os-idr.md +++ b/ansible/README-os-idr.md @@ -10,89 +10,67 @@ Most of these scripts should also work on other platforms, providing the VM is b The guest must be running CentOS 7. -Guide for the Impatient ------------------------ +Openstack: Creation of instances, volumes and security groups +------------------------------------------------------------- -Setup your OpenStack environment variables, and run: +[Setup your OpenStack environment variables](http://docs.openstack.org/user-guide/common/cli_set_environment_variables_using_openstack_rc.html), edit the variables in `os-idr-playbooks/os-idr-create-example.yml` (especially `idr_vm_keyname` and `idr_environment`), then run: - ansible-playbook -i inventory -e idr_environment=idr -e omero_vm_key_name=YOUR_KEY os-idr-uod.yml + ansible-playbook os-idr-playbooks/os-idr-create-example.yml -If `idr_environment` is not defined on the command line it will default to `idr`, but you should almost always set this to your own value. - -`idr-playbooks/idr-omero.yml` +Openstack: Installing the IDR ----------------------------- -This is the Ansible playbook that will be run to setup OMERO. -This can be run independently of the openstack playbooks providing you have an inventory with groups: -- `{{ idr_environment }}-data-hosts` -- `{{ idr_environment }}-omero-hosts` -- `{{ idr_environment }}-proxy-hosts` +Find the floating IP of the proxy/bastion server. +Set `BASTION_IP` to the IP, and `IDR_ENVIRONMENT` to match the value from above. +Run: + BASTION_IP=10.0.0.0 + IDR_ENVIRONMENT=idr + ansible-playbook \ + -i inventory/openstack-private.py \ + -u centos \ + -e idr_environment=$IDR_ENVIRONMENT \ + -e idr_nginx_ssl_self_signed=True \ + -e ansible_ssh_common_args="'-o ProxyCommand=\\\"ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -W %h:%p -q centos@$BASTION_IP\\\" -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no'" \ + idr-playbooks/os-idr-volumes.yml \ + idr-playbooks/idr-dundee-nfs.yml \ + idr-playbooks/idr-ebi-nfs.yml \ + idr-playbooks/idr.yml \ + idr-playbooks/idr-docker.yml -`os-idr-playbooks/os-create.yml` --------------------------------- -This playbook will connect to OpenStack and spin up a VM. -The Ansible modules in this playbook require the `shade` Python module. +Deploying the IDR on existing infrastructure +-------------------------------------------- -Before running the playbook you must [setup your OpenStack environment variables](http://docs.openstack.org/user-guide/common/cli_set_environment_variables_using_openstack_rc.html). -You can override variables at the command line, for example (note double quoting is necessary if spaces are present): +If you have already created your servers and just wish to install a plain IDR then run: - ansible-playbook os-idr-playbooks/os-create.yml -e idr_environment=idr \ - -e omero_vm_key_name=YOURKEY -e "omero_vm_flavour='m2.xxlarge'" + ansible-playbook \ + -i inventory \ + -u centos \ + -e idr_environment=$IDR_ENVIRONMENT \ + -e idr_nginx_ssl_self_signed=True \ + idr-playbooks/idr-omero.yml -If this step fails it could be due to an incorrect variable, the Ansible `os_server` module usually gives an uninformative "Error in creating instance" message. -If the VM was created the floating IP of the VM will be printed out. +where `inventory` contains groups described in the following section. -To delete the VM and related security group: - ansible-playbook os-idr-playbooks/os-delete.yml -e idr_environment=idr - -If another instance is using the OMERO security group, the task will fail but can be safely ignored. - - -Inventory ---------- +`idr-playbooks/idr-omero.yml` +----------------------------- -This directory takes advantage of an -[Ansible dynamic inventory script for OpenStack (`openstack.py`)](http://docs.ansible.com/ansible/intro_dynamic_inventory.html#example-openstack-external-inventory-script) -instead of having to manage an inventory file when using Ansible to push out changes. -For example: +This is the Ansible playbook that will be run to setup OMERO. +This can be run independently of the openstack playbooks providing you have an inventory with groups: +- `{{ idr_environment }}-data-hosts` +- `{{ idr_environment }}-omero-hosts` +- `{{ idr_environment }}-proxy-hosts` - ansible-playbook -i inventory -l os-image-centos os-idr-playbooks/os-omero.yml -vv -Variables for the groups defined in `os-idr-playbooks/os-create.yml` as `omero_vm_groups` can be added under inventory/variables. +TODO: explain other `idr-playbooks/*.yml` playbooks Deploying the IDR ================= - -The production IDR is setup using a private configuration repository. -Replace `{{ inventory_dir }}` with the path to the inventory directory. -You can use `inventory` in this directory if you have configured the required variables, such as by creating a group_vars file if necessary in `{{ inventory_dir }}/group_vars/`, e.g. `{{ inventory_dir }}/group_vars/os-idr.yml` -This should match the value of the `idr_environment` variable, and can be used to support multiple deployment environments with different variables. - -Decide on your openstack dynamic inventory. -If you are using a single floating IP use `{{ inventory_dir }}/openstack-private.py`. -using private internal IPs and a gateway server on the Openstack cloud. -If you are using floating IPs for all instances you can optionally use `{{ inventory_dir }}/openstack.py` instead. - -Select your playbook, for instance `os-idr-uod.yml` for the Dundee cloud. - -For example (using the `os-idr` host-group and variables): - - ansible-playbook -i {{ inventory_dir }}/openstack-private.py os-idr-uod.yml - -e vm_key_name="KEY_NAME" -e idr_environment=os-idr - -Or using a custom group called `os-idrstaging` with additional variable overrides: - - ansible-playbook -i {{ inventory_dir }}/openstack-private.py os-idr-uod.yml - -e vm_key_name="KEY_NAME" -e idr_environment=os-idrstaging - -e @vars/test-overrides.yml - - Component playbooks ------------------- From 633030457121529a510993852cb86a99e4d34407 Mon Sep 17 00:00:00 2001 From: Simon Li Date: Thu, 6 Oct 2016 14:48:46 +0100 Subject: [PATCH 24/25] Add a placeholder for copy-from-volume --- ansible/roles/openstack-volume-storage/tasks/main.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ansible/roles/openstack-volume-storage/tasks/main.yml b/ansible/roles/openstack-volume-storage/tasks/main.yml index 5c1f98c85..e212273e0 100644 --- a/ansible/roles/openstack-volume-storage/tasks/main.yml +++ b/ansible/roles/openstack-volume-storage/tasks/main.yml @@ -7,6 +7,9 @@ size: "{{ openstack_volume_size }}" display_name: "{{ openstack_volume_vmname }}-{{ openstack_volume_name }}" snapshot_id: "{{ openstack_volume_snapshot | default(omit) }}" + # TODO: copying from a volume may be quicker than from a snapshot, but this requires + # https://github.com/ansible/ansible-modules-core/pull/5176 + #volume_src: "{{ openstack_volume_source | default(omit) }}" - name: openstack volume | attach volume to host os_server_volume: From 53b10c849c45bfc1c1adc83e9348de44f42c9fd9 Mon Sep 17 00:00:00 2001 From: Simon Li Date: Tue, 11 Oct 2016 13:38:45 +0100 Subject: [PATCH 25/25] Remove omero_upgrade: True from idr group_vars --- ansible/idr-playbooks/group_vars/omero-hosts.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/ansible/idr-playbooks/group_vars/omero-hosts.yml b/ansible/idr-playbooks/group_vars/omero-hosts.yml index 6cb80cb07..b594e8e12 100644 --- a/ansible/idr-playbooks/group_vars/omero-hosts.yml +++ b/ansible/idr-playbooks/group_vars/omero-hosts.yml @@ -13,7 +13,6 @@ omero_omego_additional_args: "--downloadurl https://downloads.openmicroscopy.org # Disable database backups omero_database_backupdir: -omero_upgrade: True # Recursively chown data dir (this may take a very long time) #omero_datadir_chown: True