Skip to content

Commit

Permalink
Support S3 backend for Stratum 0/1
Browse files Browse the repository at this point in the history
  • Loading branch information
@natefoo
natefoo committed Mar 23, 2022
1 parent a39cedc commit d605511
Show file tree
Hide file tree
Showing 9 changed files with 110 additions and 25 deletions.
1 change: 1 addition & 0 deletions .gitignore
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
*.swp
17 changes: 17 additions & 0 deletions defaults/main.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,23 @@ cvmfs_localproxy_http_ports:
cvmfs_stratum1_apache_port: 8008
cvmfs_stratum1_cache_mem: 128 #MB

# Storage backend for Stratum 0/1 servers
# Can be "disk" (/srv) or "s3" (see: https://cvmfs.readthedocs.io/en/stable/cpt-repo.html#s3-compatible-storage-systems)
cvmfs_storage: disk
# The contents of the S3 config file passed as the -s option to cvmfs_server mkfs/add-replica. Dictionary keys are
# option names (e.g. CVMFS_S3_HOST) and values are the option values
cvmfs_s3_config: {}

# Use POSIX ACLs to allow access to s3.conf by repository owners (access is required if any owners are non-root), if you
# don't want to use ACLs, the cvmfs_s3_config_mode and cvmfs_s3_config_group variables can be used (you are responsible
# for setting up and controlling membership of the group).
cvmfs_set_s3_config_acl: true

# The -w option to cvmfs_server mkfs/add-replica
cvmfs_s3_url: null
# The actual options added to cvmfs_server mkfs/add-replica
cvmfs_storage_cli_options: "{% if cvmfs_storage == 's3' %}-s /etc/cvmfs/s3.conf -w {{ cvmfs_s3_url }}{% endif %}"

# Whether the client or server should be upgraded or just installed if missing
cvmfs_upgrade_client: false
cvmfs_upgrade_server: false
Expand Down
18 changes: 15 additions & 3 deletions tasks/stratum0.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,7 @@

- name: Include Apache tasks
include_tasks: apache.yml
when: "cvmfs_storage == 'disk'"

- name: Include firewall tasks
include_tasks: firewall.yml
Expand All @@ -41,15 +42,26 @@
when: cvmfs_manage_firewall

- name: Create repositories
command: /usr/bin/cvmfs_server mkfs {{ cvmfs_config_apache_flag }} -o {{ item.owner | default('root') }} -f {{ cvmfs_union_fs }} {{ item.repository }}
command: >-
/usr/bin/cvmfs_server mkfs
{{ cvmfs_storage_cli_options }}
{{ cvmfs_config_apache_flag }}
-o {{ item.owner | default('root') }}
-f {{ cvmfs_union_fs }}
{{ item.repository }}
args:
creates: /srv/cvmfs/{{ item.repository }}
creates: "{{ '/srv/cvmfs/' ~ item.repository when (cvmfs_storage == 'disk') else '/etc/cvmfs/repositories.d/' ~ item.repository }}"
with_items: "{{ cvmfs_repositories }}"
notify:
- restart apache

- name: Ensure repositories are imported
command: /usr/bin/cvmfs_server import -r {{ cvmfs_config_apache_flag }} -o {{ item.owner | default('root') }} -f {{ cvmfs_union_fs }} {{ item.repository }}
command: >-
/usr/bin/cvmfs_server import -r
{{ cvmfs_config_apache_flag }}
-o {{ item.owner | default('root') }}
-f {{ cvmfs_union_fs }}
{{ item.repository }}
args:
creates: /etc/cvmfs/repositories.d/{{ item.repository }}
with_items: "{{ cvmfs_repositories }}"
Expand Down
5 changes: 4 additions & 1 deletion tasks/stratum1.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
- name: Include initial OS-specific tasks
include_tasks: "init_{{ ansible_os_family | lower }}.yml"
vars:
_cvmfs_role: stratum1
_cvmfs_role: "stratum1-{{ cvmfs_storage }}"
_cvmfs_upgrade: "{{ cvmfs_upgrade_server }}"

- name: Include key setup tasks
Expand All @@ -24,11 +24,13 @@

- name: Include Apache tasks
include_tasks: apache.yml
when: "cvmfs_storage == 'disk'"

- name: Include squid tasks
include_tasks: squid.yml
vars:
_cvmfs_squid_conf_src: "{{ cvmfs_squid_conf_src | default('stratum1_squid.conf.j2') }}"
when: "cvmfs_storage == 'disk'"

- name: Include firewall tasks
include_tasks: firewall.yml
Expand All @@ -47,6 +49,7 @@
- name: Ensure replicas are configured
command: >-
/usr/bin/cvmfs_server add-replica -o {{ item.owner | default('root') }}
{{ cvmfs_storage_cli_options }}
http://{{ item.stratum0 }}/cvmfs/{{ item.repository }}
{{ item.key_dir | default('/etc/cvmfs/keys') }}/{{ item.repository }}.pub
args:
Expand Down
56 changes: 42 additions & 14 deletions tasks/stratumN.yml
View file
Original file line number Diff line number Diff line change
@@ -1,16 +1,44 @@
---

- name: Create /srv filesystem
filesystem:
dev: "{{ cvmfs_srv_device }}"
force: no
fstype: "{{ cvmfs_srv_fstype | default('ext4') }}"
when: cvmfs_srv_device is defined

- name: Mount /srv
mount:
name: "{{ cvmfs_srv_mount }}"
src: "{{ cvmfs_srv_device }}"
fstype: "{{ cvmfs_srv_fstype | default('ext4') }}"
state: mounted
when: cvmfs_srv_device is defined
- name: Disk storage tasks
block:

- name: Create /srv filesystem
filesystem:
dev: "{{ cvmfs_srv_device }}"
force: no
fstype: "{{ cvmfs_srv_fstype | default('ext4') }}"

- name: Mount /srv
mount:
name: "{{ cvmfs_srv_mount }}"
src: "{{ cvmfs_srv_device }}"
fstype: "{{ cvmfs_srv_fstype | default('ext4') }}"
state: mounted

when: cvmfs_storage == 'disk' and cvmfs_srv_device is defined

- name: S3 storage tasks
block:

- name: Create s3.conf
template:
src: s3.conf.j2
dest: /etc/cvmfs/s3.conf
mode: "{{ cvmfs_s3_config_mode | default('0600') }}"
owner: root
group: "{{ cvmfs_s3_config_group | default('root') }}"

- name: Set ACL for CVMFS repository owners to access s3.conf
acl:
path: /etc/cvmfs/s3.conf
entity: "{{ item.owner }}"
etype: user
permissions: r
state: present
loop: "{{ cvmfs_repositories }}"
when: "cvmfs_set_s3_config_acl and item.owner != 'root'"
loop_control:
label: "{{ item.repository }}: {{ item.owner }}"

when: cvmfs_storage == 's3'
18 changes: 18 additions & 0 deletions templates/localproxy_squid.conf.j2
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
##
## This file is managed by Ansible. ALL CHANGES WILL BE OVERWRITTEN.
##

http_port 3128 accel
http_access allow all

#acl localnet src 10.0.0.0/8
always_direct allow all

cache_mem {{ cvmfs_localproxy_cache_mem }} MB

minimum_expiry_time 0
# This is for the disk cache
#maximum_object_size 1024 MB
maximum_object_size_in_memory {{ cvmfs_localproxy_maximum_object_size_in_memory }} MB

#visible_hostname {{ inventory_hostname }}
6 changes: 6 additions & 0 deletions templates/s3.conf.j2
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
#
# This file is managed by Ansible. ALL CHANGES WILL BE OVERWRITTEN.
#
{% for opt in (cvmfs_s3_config | dict2items) %}
{{ opt.key }}={{ opt.value }}
{% endfor %}
6 changes: 3 additions & 3 deletions vars/debian.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,11 +12,11 @@ cvmfs_packages:
stratum0:
- apache2
- cvmfs-server
- cvmfs-config-default
stratum1:
stratum1-disk:
- apache2
- cvmfs-server
- cvmfs-config-default
stratum1-s3:
- cvmfs-server
localproxy:
- squid
client:
Expand Down
8 changes: 4 additions & 4 deletions vars/redhat.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,14 +12,14 @@ cvmfs_packages:
stratum0:
- httpd
- cvmfs-server
- cvmfs-config-default
- cvmfs
stratum1:
stratum1-disk:
- httpd
- mod_wsgi
- python3-mod_wsgi
- squid
- cvmfs-server
- cvmfs-config-default
stratum1-s3:
- cvmfs-server
localproxy:
- squid
client:
Expand Down

0 comments on commit d605511

Please sign in to comment.