-
Notifications
You must be signed in to change notification settings - Fork 26
/
Copy pathplaybook.yml
231 lines (198 loc) · 5.33 KB
/
playbook.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
---
# copyright Utrecht University
# This playbook deploys a complete Yoda instance.
- name: Check Ansible version
hosts: localhost
gather_facts: false
pre_tasks:
- name: Verify Ansible (core) version meets requirements
ansible.builtin.assert:
that: "ansible_version.full is version('2.11', '>=')"
msg: >
"You must update Ansible (core) to at least 2.11 to deploy Yoda."
- name: Check repository branches
hosts: databases,davrods,development,eus,icats,portals,publics,resources
gather_facts: false
pre_tasks:
- name: Determine whether yoda version matches playbook version (branch or lightweight tag)
ansible.builtin.shell: |
set -o pipefail
git show-ref | grep "^$(git rev-parse HEAD) " | \
grep -E "refs/(heads|tags)/" | cut -d '/' -f 3 | grep "^{{ yoda_version }}$"
delegate_to: localhost
register: check_git_bltags
changed_when: false
failed_when: check_git_bltags.rc > 1
check_mode: false
args:
executable: /bin/bash
- name: Determine whether yoda version matches playbook version (annotated or lightweight tag)
ansible.builtin.shell: |
set -o pipefail
git tag --points-at HEAD | grep "^{{ yoda_version }}$"
delegate_to: localhost
register: check_git_tags
changed_when: false
failed_when: check_git_tags.rc > 1
check_mode: false
args:
executable: /bin/bash
- name: Abort if Yoda repository is not on correct branch or tag
ansible.builtin.fail:
msg: "Make sure your Yoda repository is on branch {{ yoda_version }} or a tag pointing at the current commit. (git checkout {{ yoda_version }})"
when: check_git_bltags.rc != 0 and check_git_tags.rc != 0 and yoda_environment != "development"
- name: Add hosts entries to development instances
hosts: development
become: true
roles:
- hostentries
- name: Provision common software and certificates
hosts: databases,davrods,development,eus,icats,portals,publics,resources
become: true
roles:
- common
- certificates
- name: Provision portal server
hosts: portals
become: true
roles:
- apache
- role: opensearch
when: enable_open_search
- python3
- yoda_portal
- role: irods_icommands
when: "'davrods' not in group_names"
- role: irods_runtime
when: "'davrods' not in group_names"
- role: yoda_davrods
when: "'davrods' not in group_names"
- role: nvm
when: yoda_environment == "development"
tags:
- portal
- name: Provision davrods server
hosts: davrods
become: true
roles:
- apache
- irods_icommands
- irods_runtime
- yoda_davrods
tags:
- davrods
- name: Provision database server
hosts: databases
become: true
roles:
- postgresql
- role: pgbouncer
when: enable_pgbouncer
- irods_database
tags:
- database
- name: Provision iCAT server
hosts: icats
become: true
roles:
- pam_python
- postgresql_odbc
- irods_icat
- irods_runtime
- role: irods_resource_plugin_s3
when: enable_s3_resource
- role: minio
when: enable_s3_resource and yoda_environment == "development"
- irods_microservices
- irods_completion
- irods_rodsadmin
- irods_arb
- role: irods_consistency_check
when: enable_irods_consistency_check
- role: icat_database_checker
when: enable_icat_database_checker
- role: dms_archive_mock
when: enable_data_package_archive and yoda_environment == "development"
- role: dms_tape_archive
when: enable_data_package_archive and yoda_environment != "development"
- role: yoda_web_mock_datacite
when: yoda_environment == "development"
- role: yoda_web_mock_sram
when: yoda_environment == "development"
- role: postfix
when: enable_postfix
- role: mailpit
when: enable_mailpit
- role: irods_gocommands
when: irods_enable_gocommands
tags:
- icat
- name: Provision Yoda-specific database indexes
hosts: databases
become: true
roles:
- role: yoda_database_indexes
tags:
- database
- name: Provision resource server
hosts: resources
become: true
roles:
- irods_resource
- role: irods_resource_plugin_s3
when: enable_s3_resource
- irods_runtime
- irods_microservices
- irods_completion
- irods_arb
- role: irods_gocommands
when: irods_enable_gocommands
- role: irods_consistency_check
when: enable_irods_consistency_check
tags:
- resource
- name: Provision iRODS resources
hosts: icats
become: true
roles:
- composable_resources
tags:
- icat
- name: Provision rulesets on iCAT server
hosts: icats
become: true
roles:
- role: yoda_rulesets
- role: yoda_report
tags:
- icat
- name: Provision rulesets on resource server
hosts: resources
become: true
roles:
- role: yoda_rulesets
- role: yoda_report
tags:
- resource
- name: Provision public server
hosts: publics
become: true
roles:
- apache
- yoda_moai
- yoda_landingpages
- yoda_public
tags:
- public
- name: Provision external user service server
hosts: eus
become: true
roles:
- apache
- yoda_external_user_service
- role: postfix
when: enable_postfix
- role: mailpit
when: enable_mailpit
tags:
- eus