I4938 sftp role

group_vars/lib_sftp/staging.yml

@@ -0,0 +1,14 @@
+---
+ad_domain: "pu.win.princeton.edu"
+ad_test_user: "{{ almasftp_user }}"
+ad_domain_controller: "pu.win.princeton.edu"
+ad_admin_user: "doas-libsftp"
+ad_admin_password: "{{ vault_sssd_dn_password }}"
+almasftp_user: "almasftp"
+almasftp_user_password: "{{ vault_almasftp_user_password }}"
+aspaceftp_user: "{{ vault_libaspacesftp_user_password }}"
+aspaceftp_user_password: "alsosimple"
+lib_sftp_domain_group: "domain [email protected]"
+host_ad_name: lib-sftp-test1.princeton.edu
+deploy_user_local_keys:
+  - { name: 'bibdata-worker-staging1', key: "{{ lookup('file', '../roles/lib_sftp/files/id_rsa.pub') }}" }

group_vars/lib_sftp/vault.yml

@@ -0,0 +1,32 @@
+$ANSIBLE_VAULT;1.1;AES256
+31393761636533636334386165633937356331633237633332373364653566343734663364326339
+3064666166633235336663303662396130393037643061360a313037663630383132396163646437
+62333930393330306232643232326530663035353866623139636139646535306338323332643232
+3666663039633063310a373738623761666239383166396438643366653064656438323161303533
+38323661326631376561363866613935366664326663333535643963346136373438393963616435
+35313662653735386136666166393461613837653136396236383732316234666334373132363438
+30633534373139623434636434373238373865666137656662303337633762613361643434623636
+62366562363838643234633565303765326633613663306161363061633661393831343339373436
+62353734616234326464613731343965626162323834376265626634303962336563613162643635
+35323137313261636561353362346136396232663066313466393337333735323538313161636466
+37323261343638653939306331613834623034333861663136393233313733353965623534363565
+61323561373961633766663435613030383166386461316530666533663364343539303137643531
+39353834386232386466393531323131356461313431636661623564326335363762366362643137
+61613165303331336631373138363938303662346661336234343532633563646664336433373730
+34303964653866376435663336626533376533316635396435386437613862653964346637643836
+33323566626234346132373366613264346438326362343432376666363637653636663834303230
+65636333613134623733376263313264633231636264393661346635646664613637383561636133
+30393039343966623131653939663432613234316637623763623864323733396230643461663036
+66393561373637313937656530343036353639323834316466653064663362306235313465383938
+65366261383638316265623564323234356332303034363338313930613265303266353430343130
+36646162636134613666383035376365316533626537303063363233346163373865363766306666
+31653366616533363631616233656361383931373539333734633638663431343837313630643762
+61666461373064346232313537356162333166643233623062626162316536663239333633613362
+33346631346561396466656137616564636137373162633261656334366639376261636536326561
+35393432356335316464616236313862316230616336333233373362343432613161663438393064
+38333662356639363365393137613632333432323962383135393834653165343238316534363430
+63643331616666333234643363343930653461353839316266316633323033356463323334346262
+34353736393261353966353937663231393539653738306337666663643536663837653966383037
+61646137633265663739373335633966663264356233333835313962323630343037323361396233
+39353736643635643066653936303232383863616433643437643536663432376634616437343664
+383730326561393932313033646333346238

group_vars/sftp/staging.yml

@@ -5,6 +5,6 @@ sssd_uris:
 sssd_search_base: "{{ vault_sssd_search_base }}"
 sssd_bind_dn: "{{ vault_sssd_bind_dn }}"
 sssd_bind_dn_password: "{{ vault_sssd_dn_password }}"
-host_ad_name: sftp-staging1.princeton.edu
+host_ad_name: lib-sftp-test1.princeton.edu
 deploy_user_local_keys:
   - { name: 'bibdata-worker-staging1', key: "{{ lookup('file', '../roles/lib_sftp/files/id_rsa.pub') }}" }

inventory/all_projects/lib_sftp

@@ -1,5 +1,6 @@
 
 [libsftp_staging]
 lib-sftp-staging1.princeton.edu
+lib-sftp-test1.princeton.edu
 [libsftp_production]
 lib-sftp-prod1.princeton.edu

playbooks/lib_sftp.yml

@@ -11,7 +11,7 @@
   become: true
   vars:
     - force_settings: true
-    - drupal_git_repo: ''
+    - drupal_git_repo: ""
     - post_install: |
         Look the README for additional steps to allow mkhome directory
 
@@ -20,9 +20,8 @@
         deploy_id_rsa_private_key: "{{  lookup('file', '../roles/lib_sftp/files/id_rsa')  }}\n"
 
   vars_files:
-    - ../group_vars/sftp/vault.yml
-    - ../group_vars/sftp/common.yml
-    - ../group_vars/sftp/{{ runtime_env | default('staging') }}.yml
+    - ../group_vars/lib_sftp/vault.yml
+    - ../group_vars/lib_sftp/{{ runtime_env | default('staging') }}.yml
   roles:
     - role: ../roles/deploy_user
     - role: ../roles/lib_sftp

roles/lib_sftp/README.md

@@ -0,0 +1,38 @@
+Role Name
+=========
+
+Binds our sftp servers to use active directory
+
+Requirements
+------------
+
+Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
+
+Role Variables
+--------------
+
+A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
+
+Dependencies
+------------
+
+A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
+
+Example Playbook
+----------------
+
+Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
+
+    - hosts: servers
+      roles:
+         - { role: username.rolename, x: 42 }
+
+License
+-------
+
+BSD
+
+Author Information
+------------------
+
+An optional section for the role authors to include contact information, or a website (HTML is not allowed).

roles/lib_sftp/defaults/main.yml

@@ -0,0 +1,7 @@
+---
+# defaults file for sftp
+almasftp_user: "almasftp"
+almasftp_user_password: "simple"
+aspaceftp_user: "lib-aspacesftp"
+aspaceftp_user_password: "alsosimple"
+lib_sftp_domain_group: "nobody"

roles/lib_sftp/files/id_rsa

@@ -0,0 +1,89 @@
+$ANSIBLE_VAULT;1.1;AES256
+31333266363035343163646565353339626631643030363135393632326563326637323236343962
+6434346230346234376438616639636365623663333232640a376135386566646365373231316539
+33663839363837653265353631643166616635643666373036373332343665663264663433306439
+3333383138363662660a626664333035656265376664656537656634323736383638303466323466
+35373737343439383263303931643964313438313435643130376632323039323635333535363762
+34353033393065653964363630656133396362336561376339633163666564313835626639326463
+31663761373535303264383936343833333337346136393166373533633364383666353264623135
+33623333663662333836616530343063366134396637616132613062333230646430333431363937
+30303633613236323632363530636636616464396265643330393465356264646263333837646538
+61343962333534323237346663373835346563343966653736383334323530366164333933346466
+36326532316463326137303635333362663862313062613831366232636262376634396462393438
+64383363353966356338633638623536393536396635366434376535373262343938326137313436
+39333430306137613263353561636162316233356630363638386665633435376439633762646437
+64623233343735663935363336663932646463393837313265613839653539323738633431303266
+37616238623336353332633763363161383337343531353932643564623564336161633765633966
+64663263346261346166636237333432623866636338353262653338356236663839623039326131
+33616163386532373839316163323433666563663766306435306133663038376138313566656264
+62353162383232633761313763363762386532393838623763363436366232393466313033636538
+34316365613632306630636235613730323434303734393764356430333136613466613932653733
+61313735323161626235376566613939306531356263303830663436333131616531313133336231
+38376336626636643237653636643135326165336435336332393661313862386232366539343065
+30363966373734356562623539633165376239623737646665383332313861373062633866313530
+30656532303761333236663834343662613462623762303564316338653261623736343636306538
+34366466303130316537626334306562346134653263663430353433366262343761666432366531
+66303066353461386331336539303436376362636564616234646664363536643933666565616434
+39663239356137613363313662336531656635313937326531396461633035653536303037653033
+65333931643734363136333661303432616663346538356266343536326165616534363163663034
+30333761646164653134356533353231656662353132623263306332303832626432393339356366
+32303761643664653632366362383732343362643863626162326633393538636335616333613034
+38613064363663373263393034353030656333383166623966613062393561613964663765356662
+61656532633663336432626363363434356565386463346637343434373834643331366132626433
+61396637663733633338636137636634633331653635343863316132656638613863343039383931
+31356530306138303231306531386534643330366636616533373736393266336337386233653632
+33653266393736353261636430633533336634366632656261333436313439616665313865363938
+35616636303139663765393434396331646164303830663165613562333239346530383164343634
+33356466313164623462326532353237306238323930643037646263653661373339333138303839
+61353765336139636133666266613038646238313139313064653936383934656639393834613830
+38666566623030383839653732383038656266623532303432386264353438646237383832666232
+35386133343738323736303532323937666563303636343635633930643563323936663663396630
+38643136323536306438313238343533336333306131346233333430666333656632346561666165
+64316333633630656638313137363434366531333730336163633064373638343162326664396232
+35633831663761303232393964303132326637363763366234336632353638316664383365366565
+39333435623836383532643365656564336137623534356631366633386262306663333432653066
+32656165616136633837643735396432313065323761356465303266396132663662376133613731
+31336631313431303538306136653165326135383037323532363737623662353131663135303564
+62316266356535383061396165393466623034393633336537623537663466656633353230626538
+32323261323462363034313036643238363036656662646565613433356330656335383465633466
+34363834633932386234386563326137376165356137393034363330646466663262613035653465
+61316239643032373237336163336535616434353036613835313563626134333132653536306339
+62373663343463306439326363376431663236346364636539373262663637353162373930356238
+33626136636566613135373037346265343837323935626339313835333761393463356461326234
+32303330306163333031613065386437346432303933343866326466623062313763306233353832
+36633437643765633062646366613231366266353363626263623532333566396266623035353039
+61363665306362623264346464326361306139633936333033663538663663383135633634666464
+62303035396661353463336166333736653230396361326430316138653833663362303039313838
+34343930633163393132323863333863613565663161623165303238336362613036393636643934
+35386331366537356264633861653432643933623765616263383432363138633434623933366362
+63326266336238643563653030656161323336616533336131393732326363366363653965633131
+62626266653065636131396237323734386465376163626439323064396462373239623566353932
+31303434333735613236363561323736393633633534343932623362653632326632333366323331
+62313765366236346364613231663436343333656335323033393732346664656663666462633562
+38323031643537343831643736393966303231626561316466386133656664636239383430616538
+62353938653333633961303465333035666564366361363234323737623536666239653139666261
+34333265636239666330363632376163373339386531313966623937663966656534656136363264
+62623437376335313036663733623636633339393136613163626164643666363233643334636139
+30623130356235383063376261313839633133663461613133373065333066303763613434336135
+37383366313266366330386265373433396535363665346166626637336566623437363932356239
+66363636316233346162643631363135613637633030393939353562313630336464653938303839
+65666464653562383736396464303132373830353930653266643966373661356337396563356263
+33623062303835613332633836613461626462636230636563343230613132323034393265636130
+66333361366265303562356366393065333763316132343163393534663264613032336663363137
+30646530303233343863316439323165383938633764646264353663653264363636656132326436
+61646231356264303131323862373363323066373434356662613762663831396231306334626132
+64643464653731613633343738393763396462346236633164363432376639333738333638653666
+35656364396165346565313431333435633531383937663734666464363130653664356261616465
+31393933333133366339633837613732663236633261303635353766323764653663616361613964
+32393833326132656364356237626632336135393632356465656336383765643663333734396230
+31333138633430356434623062333134626462636562346633303864343833393061396166666239
+62313165636133333732383665353163613934313935386636663735666130656539383034396235
+62663361376330643365313364343233663831383562373764393732613765366233373337613730
+66376331616137386135656164356161626663643934346634613632646563393763613663303230
+33316331363362353536396361393534343138313433323966636630353930323438396435613362
+62633961303439383330336535636265323366626237656639666432393635616266376266373036
+34343439323666373736643663373733333465373962323361306239656534306635346366336266
+34616234323737343831386133336161323739663230393933633463356532333965316462343463
+66376334313832326361653563383862353963666135353563333866383932643364306566386461
+66383535346631646533363633326563653835306631613336366234613136633935666264376332
+32653965323364653365

roles/lib_sftp/files/id_rsa.pub

@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCZqYSBvYhs/yMGWyakVUPMEqRWBfgnFkZsuRH1nwi7kaiFOEgpRCgsdn6PXd8vZmBf7bcqQNKuJ5xr2aUj3zmWmpFB+wEMZge2Jn5CI4MpAWtRDtoARIdG2uxoIa83/8GPN0H5SIp3pPbviCB9YroGWjz8EJsoqPqrGoFS1L5cSUO72e/RBRGJlhzdJjm/JDUV/vXnn2MlteX4Wak0DYBNnNn+F0/o0XZ78tb9XZxNZj1worFzn06XpIrJEVDToDb4ueSjuojgRsm+iFUxOSAwKfZpjVFmr6iom8qDbiZZoxdjImttHC+JIZBzbAwMG9B4EE5j4ZKN7OjxlLRmzv+7

roles/lib_sftp/handlers/main.yml

@@ -0,0 +1,2 @@
+---
+# handlers file for sftp

roles/lib_sftp/meta/main.yml

@@ -0,0 +1,19 @@
+---
+galaxy_info:
+  role_name: lib_sftp
+  company: Princeton University Library
+  description: Lib_SFTP
+  author: pulibrary
+
+  license: MIT
+
+  min_ansible_version: 2.9
+
+  platforms:
+    - name: Ubuntu
+      versions:
+        - jammy
+dependencies:
+  - role: "common"
+  - role: "deploy_user"
+  - role: sssd_ad

roles/lib_sftp/molecule/default/converge.yml

@@ -0,0 +1,15 @@
+---
+- name: Converge
+  hosts: all
+  vars:
+    - running_on_server: false
+  become: true
+  pre_tasks:
+    - name: Update cache
+      ansible.builtin.apt:
+        update_cache: true
+        cache_valid_time: 600
+  tasks:
+    - name: "Include lib_sftp"
+      ansible.builtin.include_role:
+        name: lib_sftp

roles/lib_sftp/molecule/default/molecule.yml

@@ -0,0 +1,22 @@
+---
+scenario:
+  name: default
+driver:
+  name: docker
+lint: |
+  set -e
+  yamllint .
+  ansible-lint
+platforms:
+  - name: instance
+    image: "ghcr.io/pulibrary/pul_containers:jammy_multi"
+    command: "sleep infinity"
+    volumes:
+      - /sys/fs/cgroup:/sys/fs/cgroup:ro
+    privileged: true
+    pre_build_image: true
+provisioner:
+  name: ansible
+  log: true
+verifier:
+  name: ansible

roles/lib_sftp/molecule/default/verify.yml

@@ -0,0 +1,37 @@
+---
+- name: Verify lib_sftp configuration
+  hosts: all
+  become: true
+  tasks:
+
+    - name: Lib_sftp | Verify alma directories exist
+      ansible.builtin.stat:
+        path: "{{ item }}"
+      register: alma_dirs
+      loop:
+        - "/alma/bursar"
+        - "/alma/datasync_processing"
+        - "/alma/fund_adjustment"
+        - "/alma/invoice_status"
+        - "/alma/invoices"
+        - "/alma/people"
+        - "/alma/pod"
+        - "/alma/publishing"
+        - "/alma/recap"
+        - "/alma/scsb_renewals"
+
+    - name: Lib_sftp | Assert alma directories exist
+      ansible.builtin.assert:
+        that:
+          - alma_dirs.results | map(attribute='stat.isdir') | all(item=True)
+          - alma_dirs.results | map(attribute='stat.exists') | all(item=True)
+
+    - name: Lib_sftp | Verify aspace directory exists
+      ansible.builtin.stat:
+        path: /alma/aspace
+      register: aspace_dir
+
+    - name: Lib_sftp | Assert aspace directory exists
+      ansible.builtin.assert:
+        that:
+          - aspace_dirs.results | map(attribute='stat.isdir') | all(item=True)