From 9511af1428152e87a2e0a869ccde7ab7739e7811 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bob=20Dr=C3=B6ge?= Date: Tue, 13 Feb 2024 13:39:50 +0100 Subject: [PATCH 1/3] support s3 storage --- defaults/main.yml | 17 ++++++++++++++ tasks/stratum0.yml | 24 ++++++++++++++------ tasks/stratum1.yml | 5 ++++- tasks/stratumN.yml | 55 ++++++++++++++++++++++++++++++++++------------ vars/debian.yml | 4 +++- vars/redhat.yml | 4 +++- 6 files changed, 85 insertions(+), 24 deletions(-) diff --git a/defaults/main.yml b/defaults/main.yml index 91377f0..c90851e 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -21,6 +21,23 @@ cvmfs_localproxy_http_ports: cvmfs_stratum1_apache_port: 8008 cvmfs_stratum1_cache_mem: 128 # MB +# Storage backend for Stratum 0/1 servers +# Can be "disk" (/srv) or "s3" (see: https://cvmfs.readthedocs.io/en/stable/cpt-repo.html#s3-compatible-storage-systems) +cvmfs_storage: disk +# The contents of the S3 config file passed as the -s option to cvmfs_server mkfs/add-replica. Dictionary keys are +# option names (e.g. CVMFS_S3_HOST) and values are the option values +cvmfs_s3_config: {} + +# Use POSIX ACLs to allow access to s3.conf by repository owners (access is required if any owners are non-root), if you +# don't want to use ACLs, the cvmfs_s3_config_mode and cvmfs_s3_config_group variables can be used (you are responsible +# for setting up and controlling membership of the group). +cvmfs_set_s3_config_acl: true + +# The -w option to cvmfs_server mkfs/add-replica +cvmfs_s3_url: null +# The actual options added to cvmfs_server mkfs/add-replica +cvmfs_storage_cli_options: "{% if cvmfs_storage == 's3' %}-s /etc/cvmfs/s3.conf -w {{ cvmfs_s3_url }}{% endif %}" + # Stratum 1 snapshot cron job timing, hash keys correspond to the cron module options: # https://docs.ansible.com/ansible/latest/collections/ansible/builtin/cron_module.html # diff --git a/tasks/stratum0.yml b/tasks/stratum0.yml index 9139252..a3e62f3 100644 --- a/tasks/stratum0.yml +++ b/tasks/stratum0.yml @@ -32,6 +32,7 @@ - name: Include Apache tasks ansible.builtin.include_tasks: apache.yml + when: "cvmfs_storage == 'disk'" - name: Include firewall tasks ansible.builtin.include_tasks: firewall.yml @@ -40,22 +41,31 @@ when: cvmfs_manage_firewall - name: Create repositories - ansible.builtin.command: | - /usr/bin/cvmfs_server mkfs {{ cvmfs_config_apache_flag }} -o {{ item.owner | default('root') }} -f {{ cvmfs_union_fs }} {{ item.repository }} + command: >- + /usr/bin/cvmfs_server mkfs + {{ cvmfs_storage_cli_options }} + {{ cvmfs_config_apache_flag }} + -o {{ item.owner | default('root') }} + -f {{ cvmfs_union_fs }} + {{ item.repository }} args: - creates: /srv/cvmfs/{{ item.repository }} + creates: "{{ '/srv/cvmfs/' ~ item.repository if (cvmfs_storage == 'disk') else '/etc/cvmfs/repositories.d/' ~ item.repository }}" with_items: "{{ cvmfs_repositories }}" notify: - - Restart apache + - restart apache - name: Ensure repositories are imported - ansible.builtin.command: | - /usr/bin/cvmfs_server import -r {{ cvmfs_config_apache_flag }} -o {{ item.owner | default('root') }} -f {{ cvmfs_union_fs }} {{ item.repository }} + command: >- + /usr/bin/cvmfs_server import -r + {{ cvmfs_config_apache_flag }} + -o {{ item.owner | default('root') }} + -f {{ cvmfs_union_fs }} + {{ item.repository }} args: creates: /etc/cvmfs/repositories.d/{{ item.repository }} with_items: "{{ cvmfs_repositories }}" notify: - - Restart apache + - restart apache - name: Include repository server options tasks ansible.builtin.include_tasks: options.yml diff --git a/tasks/stratum1.yml b/tasks/stratum1.yml index 6a502ae..0c72731 100644 --- a/tasks/stratum1.yml +++ b/tasks/stratum1.yml @@ -2,7 +2,7 @@ - name: Include initial OS-specific tasks ansible.builtin.include_tasks: init_{{ ansible_os_family | lower }}.yml vars: - _cvmfs_role: stratum1 + _cvmfs_role: "stratum1-{{ cvmfs_storage }}" _cvmfs_upgrade: "{{ cvmfs_upgrade_server }}" - name: Include key setup tasks @@ -23,11 +23,13 @@ - name: Include Apache tasks ansible.builtin.include_tasks: apache.yml + when: "cvmfs_storage == 'disk'" - name: Include squid tasks ansible.builtin.include_tasks: squid.yml vars: _cvmfs_squid_conf_src: "{{ cvmfs_squid_conf_src | default('stratum1_squid.conf.j2') }}" + when: "cvmfs_storage == 'disk'" - name: Include firewall tasks ansible.builtin.include_tasks: firewall.yml @@ -46,6 +48,7 @@ - name: Ensure replicas are configured ansible.builtin.command: >- /usr/bin/cvmfs_server add-replica -o {{ item.owner | default('root') }} + {{ cvmfs_storage_cli_options }} http://{{ item.stratum0 }}/cvmfs/{{ item.repository }} {{ item.key_dir | default('/etc/cvmfs/keys') }}/{{ item.repository }}.pub args: diff --git a/tasks/stratumN.yml b/tasks/stratumN.yml index 8d5918a..31cee7a 100644 --- a/tasks/stratumN.yml +++ b/tasks/stratumN.yml @@ -1,15 +1,42 @@ --- -- name: Create /srv filesystem - community.general.system.filesystem: - dev: "{{ cvmfs_srv_device }}" - force: false - fstype: "{{ cvmfs_srv_fstype | default('ext4') }}" - when: cvmfs_srv_device is defined - -- name: Mount /srv - ansible.posix.mount: - name: "{{ cvmfs_srv_mount }}" - src: "{{ cvmfs_srv_device }}" - fstype: "{{ cvmfs_srv_fstype | default('ext4') }}" - state: mounted - when: cvmfs_srv_device is defined +- name: Disk storage tasks + block: + - name: Create /srv filesystem + community.general.system.filesystem: + dev: "{{ cvmfs_srv_device }}" + force: false + fstype: "{{ cvmfs_srv_fstype | default('ext4') }}" + + - name: Mount /srv + ansible.posix.mount: + name: "{{ cvmfs_srv_mount }}" + src: "{{ cvmfs_srv_device }}" + fstype: "{{ cvmfs_srv_fstype | default('ext4') }}" + state: mounted + + when: cvmfs_storage == 'disk' and cvmfs_srv_device is defined + +- name: S3 storage tasks + block: + + - name: Create s3.conf + template: + src: s3.conf.j2 + dest: /etc/cvmfs/s3.conf + mode: "{{ cvmfs_s3_config_mode | default('0600') }}" + owner: root + group: "{{ cvmfs_s3_config_group | default('root') }}" + + - name: Set ACL for CVMFS repository owners to access s3.conf + acl: + path: /etc/cvmfs/s3.conf + entity: "{{ item.owner }}" + etype: user + permissions: r + state: present + loop: "{{ cvmfs_repositories }}" + when: "cvmfs_set_s3_config_acl and item.owner != 'root'" + loop_control: + label: "{{ item.repository }}: {{ item.owner }}" + + when: cvmfs_storage == 's3' diff --git a/vars/debian.yml b/vars/debian.yml index cc369f4..182444b 100644 --- a/vars/debian.yml +++ b/vars/debian.yml @@ -12,10 +12,12 @@ cvmfs_packages: - apache2 - cvmfs-server - cvmfs-config-default - stratum1: + stratum1-disk: - apache2 - cvmfs-server - cvmfs-config-default + stratum1-s3: + - cvmfs-server localproxy: - squid client: diff --git a/vars/redhat.yml b/vars/redhat.yml index f630edf..c57a3c7 100644 --- a/vars/redhat.yml +++ b/vars/redhat.yml @@ -13,12 +13,14 @@ cvmfs_packages: - cvmfs-server - cvmfs-config-default - cvmfs - stratum1: + stratum1-disk: - httpd - "{{ 'mod_wsgi' if ansible_distribution_major_version is version('8', '<') else 'python3-mod_wsgi' }}" - squid - cvmfs-server - cvmfs-config-default + stratum1-s3: + - cvmfs-server localproxy: - squid client: From 77bfc75fa35b7a26f745c60a204f245b9d6bf740 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bob=20Dr=C3=B6ge?= Date: Tue, 13 Feb 2024 13:46:40 +0100 Subject: [PATCH 2/3] add s3 template --- templates/s3.conf.j2 | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 templates/s3.conf.j2 diff --git a/templates/s3.conf.j2 b/templates/s3.conf.j2 new file mode 100644 index 0000000..af518ef --- /dev/null +++ b/templates/s3.conf.j2 @@ -0,0 +1,6 @@ +# +# This file is managed by Ansible. ALL CHANGES WILL BE OVERWRITTEN. +# +{% for opt in (cvmfs_s3_config | dict2items) %} +{{ opt.key }}={{ opt.value }} +{% endfor %} From f7ae0660ad71b85604df666a2abd64cd7a47e690 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bob=20Dr=C3=B6ge?= Date: Tue, 13 Feb 2024 15:43:45 +0100 Subject: [PATCH 3/3] add change from https://github.com/galaxyproject/ansible-cvmfs/pull/32 --- tasks/stratum1.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tasks/stratum1.yml b/tasks/stratum1.yml index 0c72731..3cc6dc7 100644 --- a/tasks/stratum1.yml +++ b/tasks/stratum1.yml @@ -50,7 +50,7 @@ /usr/bin/cvmfs_server add-replica -o {{ item.owner | default('root') }} {{ cvmfs_storage_cli_options }} http://{{ item.stratum0 }}/cvmfs/{{ item.repository }} - {{ item.key_dir | default('/etc/cvmfs/keys') }}/{{ item.repository }}.pub + {{ item.key_dir | default('/etc/cvmfs/keys') }} args: creates: /etc/cvmfs/repositories.d/{{ item.repository }} loop: "{{ cvmfs_repositories }}"