Operation of fedcloud integration components for selected providers.
This repository consists of the main configuration for the fedcloud catchall
operations. For every endpoint, a file in the sites directory should describe
its configuration with a format as follows:
gocdb: <name in gocdb of the site>
endpoint: <keystone endpoint of the site>
# optionally specify a protocol for the Keystone V3 federation API
protocol: openid | oidc (default is openid)
# optionally specify a region name if using different regions
region: myregion
vos:
# List of VOs defined as follows
- name: <vo name>
auth:
project_id: <project id supporting the VO vo name at the site>
# any other optional configuration for cloud-info-provider, e.g:
defaultNetwork: private | public | private_only | public_only
publicNetwork: <name of the public network>The mapping configuration of the VOs supported at each site can be easily
generated with the generate-config.py utility (requires pyyaml). It takes as
parameter the YAML file describing the site and will dump the requested
keystone, caso or cloudkeeper-os json config:
python generate-config.py --config-type keystone sites/SITE.yamlThis mapping file should work for most cases. If you have special requirements open an issue so we can tune the generation to meet your needs!
Components are run as docker containers, which if not available upstream, are generated in this repository.
Deployment is managed on a separate private repository that includes several secrets. Deployment is done with ansible using a dedicated role with:
ansible-playbook -i inventory.yaml --extra-vars "@secrets.yaml" playbook.yamlwhere:
inventory.yamlcontains the ansible inventory with the host to configuresecrets.yamlcontains the credentials for every configured VO and a valid token for the AMSplaybook.yamlis an ansible playbook that just uses thefedcloud-catchall-opsrole to configure the host