-
Notifications
You must be signed in to change notification settings - Fork 19
/
Copy pathmain.yml
267 lines (236 loc) · 10.2 KB
/
main.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
---
# defaults file for galaxyproject.cvmfs
cvmfs_keys: []
cvmfs_private_keys: []
cvmfs_server_urls: []
cvmfs_repositories: []
cvmfs_http_proxies:
- DIRECT
cvmfs_manage_firewall: false
cvmfs_stratum0_http_ports:
- 80
cvmfs_stratum1_http_ports:
- 80
- 8000
cvmfs_localproxy_http_ports:
- 3128
cvmfs_stratum1_apache_port: "{{ cvmfs_stratum1_squid_enabled | ternary(8008, 80) }}"
cvmfs_stratum1_cache_mem: 128 # MB
cvmfs_stratum1_squid_enabled: true
# Stratum 1 snapshot cron job timing, hash keys correspond to the cron module options:
# https://docs.ansible.com/ansible/latest/collections/ansible/builtin/cron_module.html
#
# cvmfs_stratum1_snapshot_time:
# special_time:
# hour:
# minute:
# day:
# month:
# weekday:
#
# e.g. for every 2 hours at 15 past:
# cvmfs_stratum1_snapshot_time:
# hour: */2
# minute: 15
#
# Use @hourly by default:
cvmfs_stratum1_snapshot_time:
special_time: hourly
# Number of snapshots to keep. Per the documentation, the recommended count is no more than 50.
cvmfs_stratum0_prune_snapshots_count: 50
# Whether the client or server should be upgraded or just installed if missing
cvmfs_upgrade_client: false
cvmfs_upgrade_server: false
# Install a setuid binary allowing unprivileged users to call `cvmfs_config wipecache` or `cvmfs_talk remount sync`?
cvmfs_install_setuid_cvmfs_wipecache: false
cvmfs_install_setuid_cvmfs_remount_sync: false
# Used to select the right binaries in files/
_cvmfs_install_setuid_platform: "{{ ((ansible_os_family == 'RedHat') | ternary('el', ansible_distribution)) | lower }}"
# Block device to mkfs/mount on stratum0s/stratum1s
# cvmfs_srv_device: false
cvmfs_srv_mount: /srv
cvmfs_union_fs: overlayfs
cvmfs_config_apache: true
# Setup an optional cache directory for squid. Otherwise in-memory cache is used.
# cvmfs_stratum1_cache_dir:
# dir: /var/cache/squid
# size: 1024 # 1 GB
# You can manually specify a role if you don't want to or cannot use the
# group_names
cvmfs_role: "" # (client, Or stratum1 or stratum0 or localproxy)
# Specify whether `cvmfs_server gc -a` should be run from cron to garbage collect all repos on the server, disable this
# option if your repos don't use CVMFS_AUTO_GC=false.
cvmfs_gc_enabled: true
# Garbage collection log path (directory will be created if necessary). This is the default path but CVMFS packages
# don't precreate the directory for you so `cvmfs_server gc -a` will fail by default.
# Also as of 2.9.4, -a and -L are incompatible when you have repos owned by multiple users:
# https://github.com/cvmfs/cvmfs/issues/3045
#
# cvmfs_gc_log: /var/log/cvmfs/gc.log
# User to run garbage collection as. This user must have permission to gc all repositories on the server (i.e. it should
# be `root` if you have repositories owned by multiple users)
cvmfs_gc_user: root
# Specify the options passed to `cvmfs_server gc`. If you override these you will need to include `-a -f` in your value
# or the job will fail
cvmfs_gc_options: -a -f {{ '-L ' ~ cvmfs_gc_log if cvmfs_gc_log is defined else '' }}
# Garbage collection cron job timing, see cvmfs_stratum1_snapshot_time for syntax
#
# Use @weekly by default:
cvmfs_gc_time:
special_time: weekly
# Optionally download the preload utility
cvmfs_preload_install: false
cvmfs_preload_path: /usr/bin
# Support for CVMFS config repositories - see galaxy_cvmfs_config_repo for syntax
cvmfs_config_repo: {}
# CVMFS_CONFIG_REPOSITORY is not supported on Debian < 9, Ubuntu LTS < 18.04
cvmfs_config_repo_supported: >-
{{
'true' if ansible_os_family != 'Debian' else (
'true' if (ansible_distribution == 'Debian' and ansible_distribution_version is version('9', '>=')) else (
'true' if (ansible_distribution == 'Ubuntu' and ansible_distribution_version is version('18.04', '>=')) else
'false'))
}}
# When to update the GeoIP database, if cvmfs_geo_license_key is defined
# cvmfs_geo_license_key: consult the CVMFS documentation
cvmfs_geoip_db_update_minute: "{{ 59 | random(seed=inventory_hostname) }}"
cvmfs_geoip_db_update_hour: "{{ 23 | random(seed=inventory_hostname) }}"
cvmfs_geoip_db_update_day: "{{ 28 | random(seed=inventory_hostname) }}"
# You can make Stratum 1s snapshot over HTTPS if
# 1. the Stratum 0 is appropriately configured to serve HTTPS (this role does not handle such configuration for you),
# 2. the entry in 'cvmfs_repositories' has 'stratum0_url_scheme' set to 'https', and
# 3. this points to a cert bundle that contains CA certs for your Stratum 0 (the default here is valid for EL).
# cvmfs_x509_cert_bundle: /etc/pki/tls/cert.pem
# The role will deploy a PolicyKit rule that allows unprivileged users to manage the services in cvmfs_manage_units if
# either of the following two options are set.
# Either a list of usernames, or set to a boolean true to automatically use the 'owner's in cvmfs_repositories
#cvmfs_manage_units_users: ...
# A group name
#cvmfs_manage_units_group: ...
# The list of units that can be managed by users in the above group
cvmfs_manage_units:
- squid.service
#
# Galaxy-specific stuff follows
#
# Automatically configure Galaxy CVMFS repos
galaxy_cvmfs_repos_enabled: false
# Defaults for galaxyproject.org config repo, syntax for each key is the same as that of cvmfs_<key | pluralize>
galaxy_cvmfs_config_repo:
domain: galaxyproject.org
key:
path: /etc/cvmfs/keys/galaxyproject.org/cvmfs-config.galaxyproject.org.pub
key: |
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuJZTWTY3/dBfspFKifv8
TWuuT2Zzoo1cAskKpKu5gsUAyDFbZfYBEy91qbLPC3TuUm2zdPNsjCQbbq1Liufk
uNPZJ8Ubn5PR6kndwrdD13NVHZpXVml1+ooTSF5CL3x/KUkYiyRz94sAr9trVoSx
THW2buV7ADUYivX7ofCvBu5T6YngbPZNIxDB4mh7cEal/UDtxV683A/5RL4wIYvt
S5SVemmu6Yb8GkGwLGmMVLYXutuaHdMFyKzWm+qFlG5JRz4okUWERvtJ2QAJPOzL
mAG1ceyBFowj/r3iJTa+Jcif2uAmZxg+cHkZG5KzATykF82UH1ojUzREMMDcPJi2
dQIDAQAB
-----END PUBLIC KEY-----
urls:
- http://cvmfs1-psu0.galaxyproject.org/cvmfs/@fqrn@
- http://cvmfs1-iu0.galaxyproject.org/cvmfs/@fqrn@
- http://cvmfs1-tacc0.galaxyproject.org/cvmfs/@fqrn@
- http://cvmfs1-ufr0.galaxyproject.eu/cvmfs/@fqrn@
- http://cvmfs1-mel0.gvl.org.au/cvmfs/@fqrn@
repository:
repository: cvmfs-config.galaxyproject.org
stratum0: cvmfs0-psu0.galaxyproject.org
owner: "{{ cvmfs_repo_owner | default('root') }}"
server_options: []
client_options: []
# Defaults for galaxyproject.org repos
galaxy_cvmfs_keys:
# This will become the key for all repos, currently cvmfs-config, singularity, and test
- path: /etc/cvmfs/keys/galaxyproject.org/galaxyproject.org.pub
key: |
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuJZTWTY3/dBfspFKifv8
TWuuT2Zzoo1cAskKpKu5gsUAyDFbZfYBEy91qbLPC3TuUm2zdPNsjCQbbq1Liufk
uNPZJ8Ubn5PR6kndwrdD13NVHZpXVml1+ooTSF5CL3x/KUkYiyRz94sAr9trVoSx
THW2buV7ADUYivX7ofCvBu5T6YngbPZNIxDB4mh7cEal/UDtxV683A/5RL4wIYvt
S5SVemmu6Yb8GkGwLGmMVLYXutuaHdMFyKzWm+qFlG5JRz4okUWERvtJ2QAJPOzL
mAG1ceyBFowj/r3iJTa+Jcif2uAmZxg+cHkZG5KzATykF82UH1ojUzREMMDcPJi2
dQIDAQAB
-----END PUBLIC KEY-----
- path: /etc/cvmfs/keys/galaxyproject.org/data.galaxyproject.org.pub
key: |
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5LHQuKWzcX5iBbCGsXGt
6CRi9+a9cKZG4UlX/lJukEJ+3dSxVDWJs88PSdLk+E25494oU56hB8YeVq+W8AQE
3LWx2K2ruRjEAI2o8sRgs/IbafjZ7cBuERzqj3Tn5qUIBFoKUMWMSIiWTQe2Sfnj
GzfDoswr5TTk7aH/FIXUjLnLGGCOzPtUC244IhHARzu86bWYxQJUw0/kZl5wVGcH
maSgr39h1xPst0Vx1keJ95AH0wqxPbCcyBGtF1L6HQlLidmoIDqcCQpLsGJJEoOs
NVNhhcb66OJHah5ppI1N3cZehdaKyr1XcF9eedwLFTvuiwTn6qMmttT/tHX7rcxT
owIDAQAB
-----END PUBLIC KEY-----
- path: /etc/cvmfs/keys/galaxyproject.org/main.galaxyproject.org.pub
key: |
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6S6Tugcv4kk4C06f574l
YCXQdK6lv2m7mqCh60G0zL1+rAkkEBDWna0yMQLBbj+yDsHjcOe0yISzbTfzG6wk
KnHZUQ/JOeK7lUAbDMxHqnjkEPAbAl4vXl2Y04MW2lzJtXcDKakmLirvV/dfUYqE
gGGx0dc/Z+XmUTf1DvZFJknrBUUxO5+F6m7k/NGrlpAca+e9B0kwCclaE4NyaNWK
Jv5rPWCYz5/sDNW4cNvBdBjwGf46etbczmJoTAbl0oM6LLGdebwkJStd0R1wkj+A
torRYcoFZICTZqY9e/KsadHUeZnH3RvfMypH5oS1POzsFszoSxBhZIBkZbG3/f9Y
OQIDAQAB
-----END PUBLIC KEY-----
galaxy_cvmfs_server_urls:
- domain: galaxyproject.org
use_geoapi: false
urls:
- http://cvmfs1-psu0.galaxyproject.org/cvmfs/@fqrn@
- http://cvmfs1-iu0.galaxyproject.org/cvmfs/@fqrn@
- http://cvmfs1-tacc0.galaxyproject.org/cvmfs/@fqrn@
- http://cvmfs1-mel0.gvl.org.au/cvmfs/@fqrn@
- http://cvmfs1-ufr0.galaxyproject.eu/cvmfs/@fqrn@
galaxy_cvmfs_repositories:
- repository: test.galaxyproject.org
stratum0: cvmfs0-psu1.galaxyproject.org
owner: "{{ cvmfs_repo_owner | default('root') }}"
key_dir: /etc/cvmfs/keys/galaxyproject.org
server_options:
- CVMFS_AUTO_GC=false
client_options: []
- repository: main.galaxyproject.org
stratum0: cvmfs0-tacc0.galaxyproject.org
owner: "{{ cvmfs_repo_owner | default('root') }}"
key_dir: /etc/cvmfs/keys/galaxyproject.org
server_options:
- CVMFS_AUTO_GC=false
client_options: []
- repository: data.galaxyproject.org
stratum0: cvmfs0-psu0.galaxyproject.org
owner: "{{ cvmfs_repo_owner | default('root') }}"
key_dir: /etc/cvmfs/keys/galaxyproject.org
server_options:
- CVMFS_AUTO_GC=false
client_options: []
- repository: refgenomes-databio.galaxyproject.org
stratum0: cvmfs0-psu0.galaxyproject.org
owner: "{{ cvmfs_repo_owner | default('root') }}"
key_dir: /etc/cvmfs/keys/galaxyproject.org
server_options:
- CVMFS_AUTO_GC=false
client_options: []
- repository: sandbox.galaxyproject.org
stratum0: cvmfs0-psu0.galaxyproject.org
owner: "{{ cvmfs_repo_owner | default('root') }}"
key_dir: /etc/cvmfs/keys/galaxyproject.org
server_options: []
client_options: []
- repository: singularity.galaxyproject.org
stratum0: cvmfs-stratum0.galaxyproject.eu
owner: "{{ cvmfs_repo_owner | default('root') }}"
key_dir: /etc/cvmfs/keys/galaxyproject.org
server_options: []
client_options: []
- repository: usegalaxy.galaxyproject.org
stratum0: cvmfs0-psu0.galaxyproject.org
owner: "{{ cvmfs_repo_owner | default('root') }}"
key_dir: /etc/cvmfs/keys/galaxyproject.org
server_options: []
client_options: []