Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support S3 backend for Stratum 0/1 #43

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Support S3 backend for Stratum 0/1 #43

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
b5294b6
Support S3 backend for Stratum 0/1
natefoo Mar 23, 2022
6293dc2
Fix incorrect ternary
natefoo Mar 25, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions .gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
*.swp
17 changes: 17 additions & 0 deletions defaults/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,23 @@ cvmfs_localproxy_http_ports:
cvmfs_stratum1_apache_port: 8008
cvmfs_stratum1_cache_mem: 128 #MB

# Storage backend for Stratum 0/1 servers
# Can be "disk" (/srv) or "s3" (see: https://cvmfs.readthedocs.io/en/stable/cpt-repo.html#s3-compatible-storage-systems)
cvmfs_storage: disk
# The contents of the S3 config file passed as the -s option to cvmfs_server mkfs/add-replica. Dictionary keys are
# option names (e.g. CVMFS_S3_HOST) and values are the option values
cvmfs_s3_config: {}

# Use POSIX ACLs to allow access to s3.conf by repository owners (access is required if any owners are non-root), if you
# don't want to use ACLs, the cvmfs_s3_config_mode and cvmfs_s3_config_group variables can be used (you are responsible
# for setting up and controlling membership of the group).
cvmfs_set_s3_config_acl: true

# The -w option to cvmfs_server mkfs/add-replica
cvmfs_s3_url: null
# The actual options added to cvmfs_server mkfs/add-replica
cvmfs_storage_cli_options: "{% if cvmfs_storage == 's3' %}-s /etc/cvmfs/s3.conf -w {{ cvmfs_s3_url }}{% endif %}"

# Whether the client or server should be upgraded or just installed if missing
cvmfs_upgrade_client: false
cvmfs_upgrade_server: false
Expand Down
18 changes: 15 additions & 3 deletions tasks/stratum0.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,7 @@

- name: Include Apache tasks
include_tasks: apache.yml
when: "cvmfs_storage == 'disk'"

- name: Include firewall tasks
include_tasks: firewall.yml
Expand All @@ -41,15 +42,26 @@
when: cvmfs_manage_firewall

- name: Create repositories
command: /usr/bin/cvmfs_server mkfs {{ cvmfs_config_apache_flag }} -o {{ item.owner | default('root') }} -f {{ cvmfs_union_fs }} {{ item.repository }}
command: >-
/usr/bin/cvmfs_server mkfs
{{ cvmfs_storage_cli_options }}
{{ cvmfs_config_apache_flag }}
-o {{ item.owner | default('root') }}
-f {{ cvmfs_union_fs }}
{{ item.repository }}
args:
creates: /srv/cvmfs/{{ item.repository }}
creates: "{{ '/srv/cvmfs/' ~ item.repository if (cvmfs_storage == 'disk') else '/etc/cvmfs/repositories.d/' ~ item.repository }}"
with_items: "{{ cvmfs_repositories }}"
notify:
- restart apache

- name: Ensure repositories are imported
command: /usr/bin/cvmfs_server import -r {{ cvmfs_config_apache_flag }} -o {{ item.owner | default('root') }} -f {{ cvmfs_union_fs }} {{ item.repository }}
command: >-
/usr/bin/cvmfs_server import -r
{{ cvmfs_config_apache_flag }}
-o {{ item.owner | default('root') }}
-f {{ cvmfs_union_fs }}
{{ item.repository }}
args:
creates: /etc/cvmfs/repositories.d/{{ item.repository }}
with_items: "{{ cvmfs_repositories }}"
Expand Down
5 changes: 4 additions & 1 deletion tasks/stratum1.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
- name: Include initial OS-specific tasks
include_tasks: "init_{{ ansible_os_family | lower }}.yml"
vars:
_cvmfs_role: stratum1
_cvmfs_role: "stratum1-{{ cvmfs_storage }}"
_cvmfs_upgrade: "{{ cvmfs_upgrade_server }}"

- name: Include key setup tasks
Expand All @@ -24,11 +24,13 @@

- name: Include Apache tasks
include_tasks: apache.yml
when: "cvmfs_storage == 'disk'"

- name: Include squid tasks
include_tasks: squid.yml
vars:
_cvmfs_squid_conf_src: "{{ cvmfs_squid_conf_src | default('stratum1_squid.conf.j2') }}"
when: "cvmfs_storage == 'disk'"

- name: Include firewall tasks
include_tasks: firewall.yml
Expand All @@ -47,6 +49,7 @@
- name: Ensure replicas are configured
command: >-
/usr/bin/cvmfs_server add-replica -o {{ item.owner | default('root') }}
{{ cvmfs_storage_cli_options }}
http://{{ item.stratum0 }}/cvmfs/{{ item.repository }}
{{ item.key_dir | default('/etc/cvmfs/keys') }}/{{ item.repository }}.pub
args:
Expand Down
56 changes: 42 additions & 14 deletions tasks/stratumN.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,16 +1,44 @@
---

- name: Create /srv filesystem
filesystem:
dev: "{{ cvmfs_srv_device }}"
force: no
fstype: "{{ cvmfs_srv_fstype | default('ext4') }}"
when: cvmfs_srv_device is defined

- name: Mount /srv
mount:
name: "{{ cvmfs_srv_mount }}"
src: "{{ cvmfs_srv_device }}"
fstype: "{{ cvmfs_srv_fstype | default('ext4') }}"
state: mounted
when: cvmfs_srv_device is defined
- name: Disk storage tasks
block:

- name: Create /srv filesystem
filesystem:
dev: "{{ cvmfs_srv_device }}"
force: no
fstype: "{{ cvmfs_srv_fstype | default('ext4') }}"

- name: Mount /srv
mount:
name: "{{ cvmfs_srv_mount }}"
src: "{{ cvmfs_srv_device }}"
fstype: "{{ cvmfs_srv_fstype | default('ext4') }}"
state: mounted

when: cvmfs_storage == 'disk' and cvmfs_srv_device is defined

- name: S3 storage tasks
block:

- name: Create s3.conf
template:
src: s3.conf.j2
dest: /etc/cvmfs/s3.conf
mode: "{{ cvmfs_s3_config_mode | default('0600') }}"
owner: root
group: "{{ cvmfs_s3_config_group | default('root') }}"

- name: Set ACL for CVMFS repository owners to access s3.conf
acl:
path: /etc/cvmfs/s3.conf
entity: "{{ item.owner }}"
etype: user
permissions: r
state: present
loop: "{{ cvmfs_repositories }}"
when: "cvmfs_set_s3_config_acl and item.owner != 'root'"
loop_control:
label: "{{ item.repository }}: {{ item.owner }}"

when: cvmfs_storage == 's3'
6 changes: 6 additions & 0 deletions templates/s3.conf.j2
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
#
# This file is managed by Ansible. ALL CHANGES WILL BE OVERWRITTEN.
#
{% for opt in (cvmfs_s3_config | dict2items) %}
{{ opt.key }}={{ opt.value }}
{% endfor %}
6 changes: 3 additions & 3 deletions vars/debian.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,11 +12,11 @@ cvmfs_packages:
stratum0:
- apache2
- cvmfs-server
- cvmfs-config-default
stratum1:
stratum1-disk:
- apache2
- cvmfs-server
- cvmfs-config-default
stratum1-s3:
- cvmfs-server
localproxy:
- squid
client:
Expand Down
8 changes: 4 additions & 4 deletions vars/redhat.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,14 +12,14 @@ cvmfs_packages:
stratum0:
- httpd
- cvmfs-server
- cvmfs-config-default
- cvmfs
stratum1:
stratum1-disk:
- httpd
- mod_wsgi
- python3-mod_wsgi
- squid
- cvmfs-server
- cvmfs-config-default
stratum1-s3:
- cvmfs-server
localproxy:
- squid
client:
Expand Down