Skip to content

Commit

Permalink
Merge pull request #2 from bedroge/s3
Browse files Browse the repository at this point in the history 
Add S3 storage support
  • Loading branch information
@bedroge
bedroge authored Feb 18, 2024
2 parents 4a7fd06 + f7ae066 commit 9b6e0c4
Show file tree
Hide file tree
Showing 7 changed files with 91 additions and 24 deletions.
17 changes: 17 additions & 0 deletions defaults/main.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,23 @@ cvmfs_localproxy_http_ports:
cvmfs_stratum1_apache_port: 8008
cvmfs_stratum1_cache_mem: 128 # MB

# Storage backend for Stratum 0/1 servers
# Can be "disk" (/srv) or "s3" (see: https://cvmfs.readthedocs.io/en/stable/cpt-repo.html#s3-compatible-storage-systems)
cvmfs_storage: disk
# The contents of the S3 config file passed as the -s option to cvmfs_server mkfs/add-replica. Dictionary keys are
# option names (e.g. CVMFS_S3_HOST) and values are the option values
cvmfs_s3_config: {}

# Use POSIX ACLs to allow access to s3.conf by repository owners (access is required if any owners are non-root), if you
# don't want to use ACLs, the cvmfs_s3_config_mode and cvmfs_s3_config_group variables can be used (you are responsible
# for setting up and controlling membership of the group).
cvmfs_set_s3_config_acl: true

# The -w option to cvmfs_server mkfs/add-replica
cvmfs_s3_url: null
# The actual options added to cvmfs_server mkfs/add-replica
cvmfs_storage_cli_options: "{% if cvmfs_storage == 's3' %}-s /etc/cvmfs/s3.conf -w {{ cvmfs_s3_url }}{% endif %}"

# Stratum 1 snapshot cron job timing, hash keys correspond to the cron module options:
# https://docs.ansible.com/ansible/latest/collections/ansible/builtin/cron_module.html
#
Expand Down
24 changes: 17 additions & 7 deletions tasks/stratum0.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,7 @@

- name: Include Apache tasks
ansible.builtin.include_tasks: apache.yml
when: "cvmfs_storage == 'disk'"

- name: Include firewall tasks
ansible.builtin.include_tasks: firewall.yml
Expand All @@ -40,22 +41,31 @@
when: cvmfs_manage_firewall

- name: Create repositories
ansible.builtin.command: |
/usr/bin/cvmfs_server mkfs {{ cvmfs_config_apache_flag }} -o {{ item.owner | default('root') }} -f {{ cvmfs_union_fs }} {{ item.repository }}
command: >-
/usr/bin/cvmfs_server mkfs
{{ cvmfs_storage_cli_options }}
{{ cvmfs_config_apache_flag }}
-o {{ item.owner | default('root') }}
-f {{ cvmfs_union_fs }}
{{ item.repository }}
args:
creates: /srv/cvmfs/{{ item.repository }}
creates: "{{ '/srv/cvmfs/' ~ item.repository if (cvmfs_storage == 'disk') else '/etc/cvmfs/repositories.d/' ~ item.repository }}"
with_items: "{{ cvmfs_repositories }}"
notify:
- Restart apache
- restart apache

- name: Ensure repositories are imported
ansible.builtin.command: |
/usr/bin/cvmfs_server import -r {{ cvmfs_config_apache_flag }} -o {{ item.owner | default('root') }} -f {{ cvmfs_union_fs }} {{ item.repository }}
command: >-
/usr/bin/cvmfs_server import -r
{{ cvmfs_config_apache_flag }}
-o {{ item.owner | default('root') }}
-f {{ cvmfs_union_fs }}
{{ item.repository }}
args:
creates: /etc/cvmfs/repositories.d/{{ item.repository }}
with_items: "{{ cvmfs_repositories }}"
notify:
- Restart apache
- restart apache

- name: Include repository server options tasks
ansible.builtin.include_tasks: options.yml
Expand Down
5 changes: 4 additions & 1 deletion tasks/stratum1.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
- name: Include initial OS-specific tasks
ansible.builtin.include_tasks: init_{{ ansible_os_family | lower }}.yml
vars:
_cvmfs_role: stratum1
_cvmfs_role: "stratum1-{{ cvmfs_storage }}"
_cvmfs_upgrade: "{{ cvmfs_upgrade_server }}"

- name: Include key setup tasks
Expand All @@ -23,11 +23,13 @@

- name: Include Apache tasks
ansible.builtin.include_tasks: apache.yml
when: "cvmfs_storage == 'disk'"

- name: Include squid tasks
ansible.builtin.include_tasks: squid.yml
vars:
_cvmfs_squid_conf_src: "{{ cvmfs_squid_conf_src | default('stratum1_squid.conf.j2') }}"
when: "cvmfs_storage == 'disk'"

- name: Include firewall tasks
ansible.builtin.include_tasks: firewall.yml
Expand All @@ -46,6 +48,7 @@
- name: Ensure replicas are configured
ansible.builtin.command: >-
/usr/bin/cvmfs_server add-replica -o {{ item.owner | default('root') }}
{{ cvmfs_storage_cli_options }}
http://{{ item.stratum0 }}/cvmfs/{{ item.repository }}
{{ item.key_dir | default('/etc/cvmfs/keys') }}
args:
Expand Down
55 changes: 41 additions & 14 deletions tasks/stratumN.yml
View file
Original file line number Diff line number Diff line change
@@ -1,15 +1,42 @@
---
- name: Create /srv filesystem
community.general.system.filesystem:
dev: "{{ cvmfs_srv_device }}"
force: false
fstype: "{{ cvmfs_srv_fstype | default('ext4') }}"
when: cvmfs_srv_device is defined

- name: Mount /srv
ansible.posix.mount:
name: "{{ cvmfs_srv_mount }}"
src: "{{ cvmfs_srv_device }}"
fstype: "{{ cvmfs_srv_fstype | default('ext4') }}"
state: mounted
when: cvmfs_srv_device is defined
- name: Disk storage tasks
block:
- name: Create /srv filesystem
community.general.system.filesystem:
dev: "{{ cvmfs_srv_device }}"
force: false
fstype: "{{ cvmfs_srv_fstype | default('ext4') }}"

- name: Mount /srv
ansible.posix.mount:
name: "{{ cvmfs_srv_mount }}"
src: "{{ cvmfs_srv_device }}"
fstype: "{{ cvmfs_srv_fstype | default('ext4') }}"
state: mounted

when: cvmfs_storage == 'disk' and cvmfs_srv_device is defined

- name: S3 storage tasks
block:

- name: Create s3.conf
template:
src: s3.conf.j2
dest: /etc/cvmfs/s3.conf
mode: "{{ cvmfs_s3_config_mode | default('0600') }}"
owner: root
group: "{{ cvmfs_s3_config_group | default('root') }}"

- name: Set ACL for CVMFS repository owners to access s3.conf
acl:
path: /etc/cvmfs/s3.conf
entity: "{{ item.owner }}"
etype: user
permissions: r
state: present
loop: "{{ cvmfs_repositories }}"
when: "cvmfs_set_s3_config_acl and item.owner != 'root'"
loop_control:
label: "{{ item.repository }}: {{ item.owner }}"

when: cvmfs_storage == 's3'
6 changes: 6 additions & 0 deletions templates/s3.conf.j2
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
#
# This file is managed by Ansible. ALL CHANGES WILL BE OVERWRITTEN.
#
{% for opt in (cvmfs_s3_config | dict2items) %}
{{ opt.key }}={{ opt.value }}
{% endfor %}
4 changes: 3 additions & 1 deletion vars/debian.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,10 +12,12 @@ cvmfs_packages:
- apache2
- cvmfs-server
- cvmfs-config-default
stratum1:
stratum1-disk:
- apache2
- cvmfs-server
- cvmfs-config-default
stratum1-s3:
- cvmfs-server
localproxy:
- squid
client:
Expand Down
4 changes: 3 additions & 1 deletion vars/redhat.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,12 +13,14 @@ cvmfs_packages:
- cvmfs-server
- cvmfs-config-default
- cvmfs
stratum1:
stratum1-disk:
- httpd
- "{{ 'mod_wsgi' if ansible_distribution_major_version is version('8', '<') else 'python3-mod_wsgi' }}"
- squid
- cvmfs-server
- cvmfs-config-default
stratum1-s3:
- cvmfs-server
localproxy:
- squid
client:
Expand Down

0 comments on commit 9b6e0c4

Please sign in to comment.