/[pdpsoft]/trunk/egi-pilot/masterportal-pusp/ansible/README
ViewVC logotype

Contents of /trunk/egi-pilot/masterportal-pusp/ansible/README

Parent Directory Parent Directory | Revision Log Revision Log


Revision 2917 - (show annotations) (download)
Tue Mar 22 13:46:52 2016 UTC (6 years, 6 months ago) by msalle
File size: 4086 byte(s)
PUSP master portal with changes as implemented in the robot CA

1 ####################################################################################################
2 Ansible Deploy Script for Master Portal
3 ####################################################################################################
4
5
6 What are these scripts for?
7 ----------------------------------------------------------------------------------------------------
8
9 These scripts are for deploying a Master Portal + Credential Store. To find out more about what this
10 setup is useful for take a look at: https://wiki.nikhef.nl/grid/CILogon_Pre-Pilot_Work . You can
11 use these scripts to deploy a Master Portal and Credential Store on two separate hosts, or into one
12 single host.
13
14
15 Prerequisites
16 ---------------------------------------------------------------------------------------------------
17
18 1. Your hosts should already be configured with host certificats placed in the usual
19 /etc/grid-security location. It is further assumed that your host certificates are
20 issued by 'TERENA eScience SSL CA 3'. If not, you will have to make some modifications
21 to these scripts before executing them
22
23
24 How to use these scripts?
25 ----------------------------------------------------------------------------------------------------
26
27 Before you begin executing plays make sure to decide whether you're deployment will use two separate
28 hosts for Master Portal and Credential Store, or a single host. Fill in you machine hostname[s] into
29 the 'hosts.inventory' file accordingly.
30
31 There are three different plays you have to execute in order to set up a Master Portal. The plays
32 you have to execute are in order as follows:
33
34 1. basic-env.yml
35
36 a. Check that you have the right host certificate
37
38 This play contains a basic configuration that has to be done to both Master Portal and
39 Credential Store. For single host deployments this only has to be execute once, while in
40 case of separate hosts execute this play for both Master Portal and Credential Store
41 hosts.
42
43 This play takes care of installing some dependecies, like the epel repository, and
44 certificate trust roots. It is assumed that your host is configured with host certificate
45 issued by the 'TERENA eScience SSL CA 3' root certificate. If this is not the case, make
46 sure to correctly edit this play to install the right root certificate bundle.
47
48
49 2. credstore.yml
50
51 a. Fill in required environment variables
52
53 This play will configure the Credential Server host. Basically, it provides a MyProxy
54 Server installation with some configuration. Before starting this play there are a couple
55 important variables you should override. You can find these and their explanation in
56 'credstore_env.yml'.
57
58 b. Provide Online CA tar file
59
60 MyProxy only stores credentials that it can verify, therefor it's very important to
61 have the Online CA (which will issue user certificates) present in the trusted
62 certificates directory (usually /etc/grid-security/certificates). Make a tarball from
63 the Online CA in pem format, together with subject_hash links and signing_policy. Do
64 not forget the signing policy, since MyProxy will not work without it. The result tarball
65 should contain these files at the top level, without any direcotry structure, and it
66 should be places under 'roles/credstore/files/'
67
68
69 3. masterportal.yml
70
71 a. Fill in the required variales
72
73 Before executing this play, make sure to fill in the required variables listed and
74 explained in the 'masterportal_env.yml' file.
75
76 b. Verify deploying war files
77
78 This play is about to deploy the Master Portal war files (mp-oa2-client.war and
79 mp-oa2-server.war) and optionally the VO Portal war file (vo-portal.war). Make sure that
80 these are present in your 'role/masterportal/files' directory.
81
82 c. Tweak iptables rules
83
84 There is a simple set of iptable rules being deployed by this play. Feel free to customize
85 this to the needs of your infrastructure. Make sure to leave port 443 accessible. The
86 iptables file can be found in 'role/masterportal/files'
87

grid.support@nikhef.nl
ViewVC Help
Powered by ViewVC 1.1.28