diff --git a/VirtualMachineService/VirtualMachineHandler.py b/VirtualMachineService/VirtualMachineHandler.py index 589cb948..8508ee8a 100644 --- a/VirtualMachineService/VirtualMachineHandler.py +++ b/VirtualMachineService/VirtualMachineHandler.py @@ -6,6 +6,9 @@ import math import sys from uuid import uuid4 +from pathlib import Path +import zipfile +import shutil try: from ancon.Playbook import ALL_TEMPLATES, Playbook @@ -55,7 +58,8 @@ import urllib from contextlib import closing from distutils.version import LooseVersion - +import glob +import shutil import redis import requests as req import yaml @@ -94,6 +98,7 @@ PROTOCOL = "protocol" TEMPLATE_NAME = "template_name" INFORMATION_FOR_DISPLAY = "information_for_display" +NEEDS_FORC_SUPPORT = "needs_forc_support" FORC_VERSIONS = "forc_versions" @@ -1209,7 +1214,9 @@ def create_and_deploy_playbook( self, public_key, playbooks_information, openstack_id ): global active_playbooks - LOG.info(msg=f"Starting Playbook for (openstack_id): {openstack_id}") + LOG.info( + msg=f"Starting Playbook for (openstack_id): {openstack_id} --> {playbooks_information}" + ) port = self.get_vm_ports(openstack_id=openstack_id) key = self.redis.hget(openstack_id, "key").decode("utf-8") playbook = Playbook( @@ -1525,38 +1532,12 @@ def get_template_version_for(self, template): def get_templates(self): return [] - # Todo test this method def get_allowed_templates(self): - templates_metada = [] - # Todo load Metadata from multiple folders - for file in os.listdir(PLAYBOOKS_DIR): - if "_metadata.yml" in file: - with open(PLAYBOOKS_DIR + file) as template_metadata: - try: - loaded_metadata = yaml.load( - template_metadata, Loader=yaml.FullLoader - ) - template_name = loaded_metadata[TEMPLATE_NAME] - if loaded_metadata["needs_forc_support"]: - if template_name in list(self.FORC_ALLOWED.keys()): - templates_metada.append(json.dumps(loaded_metadata)) - if template_name not in self.ALL_TEMPLATES: - ALL_TEMPLATES.append(template_name) - else: - LOG.info( - "Failed to find supporting FORC file for " - + str(template_name) - ) - else: - templates_metada.append(json.dumps(loaded_metadata)) - if template_name not in self.ALL_TEMPLATES: - ALL_TEMPLATES.append(template_name) - - except Exception as e: - LOG.exception( - "Failed to parse Metadata yml: " + file + "\n" + str(e) - ) - return templates_metada + templates_metadata = [] + for key, value in self.loaded_resenv_metadata.items(): + if value.needs_forc_support: + templates_metadata.append(value.json_string) + return templates_metadata def get_templates_by_template(self, template_name): get_url = f"{self.RE_BACKEND_URL}{self.TEMPLATES_URL}/{template_name}" @@ -2684,6 +2665,14 @@ def get_limits(self): "totalGigabytesUsed": str(limits["totalGigabytesUsed"]), } + def install_ansible_galaxy_requirements(self): + LOG.info("Installing Ansible galaxy requirements..") + stream = os.popen( + f"ansible-galaxy install -r {PLAYBOOKS_DIR}/packer/requirements.yml" + ) + output = stream.read() + LOG.info(output) + def update_playbooks(self): if self.GITHUB_PLAYBOOKS_REPO is None: LOG.info( @@ -2692,35 +2681,52 @@ def update_playbooks(self): return LOG.info(f"STARTED update of playbooks from - {self.GITHUB_PLAYBOOKS_REPO}") r = req.get(self.GITHUB_PLAYBOOKS_REPO) - contents = json.loads(r.content) - # Todo maybe clone entire direcotry - for f in contents: - if f["name"] != "LICENSE": - LOG.info("started download of " + f["name"]) - download_link = f["download_url"] - file_request = req.get(download_link) - filename = "/code/VirtualMachineService/ancon/playbooks/" + f["name"] - with open(filename, "w") as playbook_file: - playbook_file.write(file_request.content.decode("utf-8")) + filename = "resenv_repo" + with open(filename, "wb") as output_file: + output_file.write(r.content) + LOG.info("Downloading Completed") + with zipfile.ZipFile(filename, "r") as zip_ref: + zip_ref.extractall(PLAYBOOKS_DIR) + + resenvs_unziped_dir = next( + filter( + lambda f: os.path.isdir(f) and "resenvs" in f, + glob.glob(PLAYBOOKS_DIR + "*"), + ) + ) + shutil.copytree(resenvs_unziped_dir, PLAYBOOKS_DIR, dirs_exist_ok=True) + shutil.rmtree(resenvs_unziped_dir, ignore_errors=True) + self.ALL_TEMPLATES = [ + name + for name in os.listdir(PLAYBOOKS_DIR) + if name != "packer" and os.path.isdir(os.path.join(PLAYBOOKS_DIR, name)) + ] + LOG.info(self.ALL_TEMPLATES) + templates_metadata = self.load_resenv_metadata() for template_metadata in templates_metadata: try: - metadata = ResenvMetadata( - template_metadata[TEMPLATE_NAME], - template_metadata[PORT], - template_metadata[SECURITYGROUP_NAME], - template_metadata[SECURITYGROUP_DESCRIPTION], - template_metadata[SECURITYGROUP_SSH], - template_metadata[DIRECTION], - template_metadata[PROTOCOL], - template_metadata[INFORMATION_FOR_DISPLAY], - ) - self.update_forc_allowed(template_metadata) - if metadata.name not in list(self.loaded_resenv_metadata.keys()): - self.loaded_resenv_metadata[metadata.name] = metadata - else: - if self.loaded_resenv_metadata[metadata.name] != metadata: + if template_metadata.get(NEEDS_FORC_SUPPORT, False): + metadata = ResenvMetadata( + template_metadata[TEMPLATE_NAME], + template_metadata[PORT], + template_metadata[SECURITYGROUP_NAME], + template_metadata[SECURITYGROUP_DESCRIPTION], + template_metadata[SECURITYGROUP_SSH], + template_metadata[DIRECTION], + template_metadata[PROTOCOL], + template_metadata[INFORMATION_FOR_DISPLAY], + needs_forc_support=template_metadata.get( + NEEDS_FORC_SUPPORT, False + ), + json_string=json.dumps(template_metadata), + ) + self.update_forc_allowed(template_metadata) + if metadata.name not in list(self.loaded_resenv_metadata.keys()): self.loaded_resenv_metadata[metadata.name] = metadata + else: + if self.loaded_resenv_metadata[metadata.name] != metadata: + self.loaded_resenv_metadata[metadata.name] = metadata except Exception as e: LOG.exception( @@ -2729,26 +2735,32 @@ def update_playbooks(self): + "\n" + str(e) ) + self.install_ansible_galaxy_requirements() LOG.info(self.loaded_resenv_metadata) def load_resenv_metadata(self): templates_metada = [] - for file in os.listdir(PLAYBOOKS_DIR): - if "_metadata.yml" in file: - with open(PLAYBOOKS_DIR + file) as template_metadata: + for template in self.ALL_TEMPLATES: + try: + with open( + f"{PLAYBOOKS_DIR}{template}/{template}_metadata.yml" + ) as template_metadata: try: loaded_metadata = yaml.load( template_metadata, Loader=yaml.FullLoader ) - template_name = loaded_metadata[TEMPLATE_NAME] templates_metada.append(loaded_metadata) - if template_name not in self.ALL_TEMPLATES: - ALL_TEMPLATES.append(template_name) + except Exception as e: LOG.exception( - "Failed to parse Metadata yml: " + file + "\n" + str(e) + "Failed to parse Metadata yml: " + + template_metadata + + "\n" + + str(e) ) + except Exception as e: + LOG.exception(f"No Metadatafile found for {template} - {e}") return templates_metada def update_forc_allowed(self, template_metadata): @@ -2786,6 +2798,8 @@ def __init__( direction, protocol, information_for_display, + needs_forc_support, + json_string, ): self.name = name self.port = port @@ -2795,3 +2809,5 @@ def __init__( self.direction = direction self.protocol = protocol self.information_for_display = information_for_display + self.json_string = json_string + self.needs_forc_support = needs_forc_support diff --git a/VirtualMachineService/ancon/Playbook.py b/VirtualMachineService/ancon/Playbook.py index f99c8eec..cdbef8a9 100644 --- a/VirtualMachineService/ancon/Playbook.py +++ b/VirtualMachineService/ancon/Playbook.py @@ -8,11 +8,11 @@ import redis import ruamel.yaml -BIOCONDA = "bioconda" +CONDA = "conda" OPTIONAL = "optional" MOSH = "mosh" -ALL_TEMPLATES = [BIOCONDA] +ALL_TEMPLATES = [CONDA] LOG = logging.getLogger(__name__) LOG.setLevel(logging.DEBUG) @@ -135,7 +135,7 @@ def copy_playbooks_and_init(self, playbooks_information, public_key): def copy_and_init(self, playbook_name, playbook_vars): def load_vars(): - if playbook_name == BIOCONDA: + if playbook_name == CONDA: for k, v in playbook_vars.items(): if k == "packages": p_array = [] @@ -144,7 +144,7 @@ def load_vars(): p_array.append(p.split("=")) for p in p_array: p_dict.update({p[0]: {"version": p[1]}}) - data[playbook_name + "_tools"][k] = p_dict + data[playbook_name + "_vars"][k] = p_dict if playbook_name in self.loaded_metadata_keys: for k, v in playbook_vars.items(): LOG.info(playbook_vars) @@ -160,36 +160,32 @@ def load_vars(): if k == MOSH: data[playbook_name + "_defined"][k] = v + # copy whole directory + shutil.copytree( + f"{self.playbooks_dir}/{playbook_name}", + self.directory.name, + dirs_exist_ok=True, + ) + site_specific_yml = f"/{playbook_name}{'-' + self.cloud_site}.yml" playbook_name_local = playbook_name - if os.path.isfile(self.playbooks_dir + site_specific_yml): + if os.path.isfile(self.directory.name + site_specific_yml): playbook_name_local = playbook_name + "-" + self.cloud_site - playbook_yml = f"/{playbook_name_local}.yml" playbook_var_yml = f"/{playbook_name}_vars_file.yml" + try: - shutil.copy(self.playbooks_dir + playbook_yml, self.directory.name) - try: - shutil.copy(self.playbooks_dir + playbook_var_yml, self.directory.name) - with open( - self.directory.name + playbook_var_yml, mode="r" - ) as variables: - data = self.yaml_exec.load(variables) - load_vars() - with open( - self.directory.name + playbook_var_yml, mode="w" - ) as variables: - self.yaml_exec.dump(data, variables) - self.add_to_playbook_lists(playbook_name_local, playbook_name) - except shutil.Error as e: - LOG.exception(e) - self.add_tasks_only(playbook_name_local) - except IOError as e: - LOG.exception(e) - self.add_tasks_only(playbook_name_local) + with open(self.directory.name + playbook_var_yml, mode="r") as variables: + data = self.yaml_exec.load(variables) + load_vars() + with open(self.directory.name + playbook_var_yml, mode="w") as variables: + self.yaml_exec.dump(data, variables) + self.add_to_playbook_lists(playbook_name_local, playbook_name) except shutil.Error as e: LOG.exception(e) + self.add_tasks_only(playbook_name_local) except IOError as e: LOG.exception(e) + self.add_tasks_only(playbook_name_local) def add_to_playbook_lists(self, playbook_name_local, playbook_name): self.vars_files.append(playbook_name + "_vars_file.yml") diff --git a/VirtualMachineService/ancon/playbooks/bioconda.yml b/VirtualMachineService/ancon/playbooks/bioconda.yml deleted file mode 100644 index dee7ae1d..00000000 --- a/VirtualMachineService/ancon/playbooks/bioconda.yml +++ /dev/null @@ -1,80 +0,0 @@ -- name: Download miniconda install script - become_user: "{{ bioconda_user.name }}" - get_url: - args: - url: "{{ bioconda_folders.conda_installer_url }}" - dest: "{{ bioconda_folders.install_script }}" - mode: 0755 - timeout: 180 - force: no - -- name: Install miniconda - become_user: "{{ bioconda_user.name }}" - shell: "timeout 3m {{ bioconda_folders.install_script }} -b" - args: - executable: /bin/bash - creates: "{{ bioconda_folders.conda_dir }}" - -- name: Check for channels - become_user: "{{ bioconda_user.name }}" - shell: "timeout 1m bash -c 'source {{ bioconda_folders.conda_dir }}/bin/activate && conda config --get channels'" - register: added_channels - -- name: Add default channel - become_user: "{{ bioconda_user.name }}" - shell: "timeout 1m bash -c 'source {{ bioconda_folders.conda_dir }}/bin/activate && conda config --add channels default'" - args: - executable: /bin/bash - when: added_channels.stdout.find('default') == -1 - -- name: Add bioconda channel - become_user: "{{ bioconda_user.name }}" - shell: "timeout 1m bash -c 'source {{ bioconda_folders.conda_dir }}/bin/activate && conda config --add channels bioconda'" - args: - executable: /bin/bash - when: added_channels.stdout.find('bioconda') == -1 - -- name: Add conda-forge channel - become_user: "{{ bioconda_user.name }}" - shell: "timeout 1m bash -c 'source {{ bioconda_folders.conda_dir }}/bin/activate && conda config --add channels conda-forge'" - args: - executable: /bin/bash - when: added_channels.stdout.find('conda-forge') == -1 - -- name: Init .bashrc for conda - become_user: "{{ bioconda_user.name }}" - shell: "timeout 1m bash -c 'source {{ bioconda_folders.conda_dir }}/bin/activate && conda init'" - args: - executable: /bin/bash - -- name: Check for environment - become_user: "{{ bioconda_user.name }}" - shell: "timeout 1m bash -c 'source {{ bioconda_folders.conda_dir }}/bin/activate && conda info -e'" - register: added_envs - -- name: Create alias for environment - become_user: "{{ bioconda_user.name }}" - shell: "echo $ALIAS_VARIABLE > ~/.bash_aliases" - environment: - ALIAS_VARIABLE: 'alias {{ bioconda_tools.env | quote }}="conda activate {{ bioconda_tools.env | quote }}"' - when: added_envs.stdout.find(bioconda_tools.env) == -1 - -- name: Create environment - become_user: "{{ bioconda_user.name }}" - shell: "timeout 2m bash -c 'source {{ bioconda_folders.conda_dir }}/bin/activate && conda create --yes -n {{ bioconda_tools.env | quote}}'" - args: - executable: /bin/bash - when: added_envs.stdout.find(bioconda_tools.env) == -1 - -- name: Check for installed packages - become_user: "{{ bioconda_user.name }}" - shell: "timeout 1m bash -c 'source {{ bioconda_folders.conda_dir }}/bin/activate && conda activate {{ bioconda_tools.env | quote}} && conda list'" - register: added_packages - -- name: Install chosen packages - become_user: "{{ bioconda_user.name }}" - shell: "timeout {{ bioconda_tools.timeout_length }} bash -c 'source {{ bioconda_folders.conda_dir }}/bin/activate && conda activate {{ bioconda_tools.env | quote}} && conda install --yes {{ item.key }}={{ item.value.version }}'" - args: - executable: /bin/bash - loop: "{{ q('dict', bioconda_tools.packages) }}" - when: added_packages.stdout.find(item.key) == -1 diff --git a/VirtualMachineService/ancon/playbooks/bioconda_vars_file.yml b/VirtualMachineService/ancon/playbooks/bioconda_vars_file.yml deleted file mode 100644 index 3439a158..00000000 --- a/VirtualMachineService/ancon/playbooks/bioconda_vars_file.yml +++ /dev/null @@ -1,12 +0,0 @@ -bioconda_tools: - packages: - env: "denbi" - timeout_length: "5m" - -bioconda_folders: - install_script: "/home/{{ bioconda_user.name }}/install_miniconda3.sh" - conda_dir: "/home/{{ bioconda_user.name }}/miniconda3" - conda_installer_url: "https://repo.anaconda.com/miniconda/Miniconda3-latest-Linux-x86_64.sh" - -bioconda_user: - name: "ubuntu" diff --git a/VirtualMachineService/ancon/playbooks/roles/guacamole/LICENSE b/VirtualMachineService/ancon/playbooks/roles/guacamole/LICENSE deleted file mode 100644 index 261eeb9e..00000000 --- a/VirtualMachineService/ancon/playbooks/roles/guacamole/LICENSE +++ /dev/null @@ -1,201 +0,0 @@ - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "[]" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright [yyyy] [name of copyright owner] - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. diff --git a/VirtualMachineService/ancon/playbooks/roles/guacamole/README.md b/VirtualMachineService/ancon/playbooks/roles/guacamole/README.md deleted file mode 100644 index 36f9576d..00000000 --- a/VirtualMachineService/ancon/playbooks/roles/guacamole/README.md +++ /dev/null @@ -1,66 +0,0 @@ -guacamolerdp-ansible -========= - -This role prepares a fresh Ubuntu 18.04 instance to be a fully fledged working environment via Xfce4 and XRDP. -XRDP gets bundled with guacamole, a clientless remote desktop web gateway. - -Aim of this is, that we can "reverse proxy" a remote desktop session to a privileged user with a remoteproxy webserver -provisioned with [de.NBI FORC](https://github.com/deNBI/simpleVMWebGateway). - -**For security reasons, you should execute this role on a VM, which is not publicly reachable via internet. Protect the VM with authentication via ReverseProxy, firewall etc.** - -Also an important security notification: - -Guacamole needs a valid unix user and password to automatically create and connect to a valid rdp session. -This role creates a default user with a default password described in `vars/main.yml`. You have been warned. -For more see the `Role Variables` section. - -Requirements ------------- - -* Ubuntu 18.04 -* Internet connection on the target -* Guacamole runs on port `8080`, make sure its not in use already. - -Role Variables --------------- - -**Again: If the targeted machine is not externaly protected or not used in a FORC environment with appropriate firewall rules, change these values!!!** - -**vars/main.yml** - -| Variable | Description | Default | Mandatory | -| ------------- |------------- | ----- | --- | -| DEFAULT_USER | Default unix user on which guacamole connects to | ubuntu | Yes | -| DEFAULT_PASSWORD | Default password of the unix user. Change it when target is not externally protected via ReverseProxy or other. | ogvkyf | Yes | -| DEFAULT_PASSWORD_HASHED | Hashed password of DEFAULT_PASSWORD | $6$iRrIJogr... | Yes | -| GUAC_USER | Default guacamole user | denbi | Yes | -| GUAC_PASSWORD | Default guacamole password | denbi | Yes | - - -Dependencies ------------- - -* No dependencies. - -Example Playbook ----------------- - -Make sure to include `become: yes`. Using this role in a playbook is straight forward: - - - hosts: servers - become: yes - roles: - - guacamolerdp-ansible - -License -------- - -Apache 2.0 - -Author Information ------------------- - -Alex Walender - -de.NBI Cloud Bielefeld diff --git a/VirtualMachineService/ancon/playbooks/roles/guacamole/defaults/main.yml b/VirtualMachineService/ancon/playbooks/roles/guacamole/defaults/main.yml deleted file mode 100644 index d531a940..00000000 --- a/VirtualMachineService/ancon/playbooks/roles/guacamole/defaults/main.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -# defaults file for guacamolerdp-ansible diff --git a/VirtualMachineService/ancon/playbooks/roles/guacamole/files/guacamole.properties b/VirtualMachineService/ancon/playbooks/roles/guacamole/files/guacamole.properties deleted file mode 100644 index c14fbfa1..00000000 --- a/VirtualMachineService/ancon/playbooks/roles/guacamole/files/guacamole.properties +++ /dev/null @@ -1 +0,0 @@ -basic-user-mapping: /etc/guacamole/user-mapping.xml diff --git a/VirtualMachineService/ancon/playbooks/roles/guacamole/handlers/main.yml b/VirtualMachineService/ancon/playbooks/roles/guacamole/handlers/main.yml deleted file mode 100644 index 304216fd..00000000 --- a/VirtualMachineService/ancon/playbooks/roles/guacamole/handlers/main.yml +++ /dev/null @@ -1,21 +0,0 @@ ---- -# handlers file for guacamolerdp-ansible - -- name: Restart xrdp - systemd: - name: xrdp - state: restarted - -- name: Restart guacd - systemd: - name: guacd - state: restarted - -- name: Restart Tomcat - systemd: - name: tomcat9 - state: restarted - -- name: Reload systemd - systemd: - daemon_reload: yes diff --git a/VirtualMachineService/ancon/playbooks/roles/guacamole/meta/main.yml b/VirtualMachineService/ancon/playbooks/roles/guacamole/meta/main.yml deleted file mode 100644 index 9d275b84..00000000 --- a/VirtualMachineService/ancon/playbooks/roles/guacamole/meta/main.yml +++ /dev/null @@ -1,18 +0,0 @@ -galaxy_info: - author: Alex Walender - description: Installs guacamole, xrdp and xfce4 for a target which will act as a SimpleVM in the de.NBI Cloud SimpleVM context. - company: de.NBi Cloud Bielefeld - license: Apache - min_ansible_version: 2.4 - - platforms: - - name: Ubuntu - versions: - - bionic - - galaxy_tags: - - xfce - - xrdp - - guacamole - -dependencies: [] diff --git a/VirtualMachineService/ancon/playbooks/roles/guacamole/tasks/005-desktop.yml b/VirtualMachineService/ancon/playbooks/roles/guacamole/tasks/005-desktop.yml deleted file mode 100644 index 81fe3212..00000000 --- a/VirtualMachineService/ancon/playbooks/roles/guacamole/tasks/005-desktop.yml +++ /dev/null @@ -1,35 +0,0 @@ ---- - -- name: Update apt cache - apt: - cache_valid_time: 7600 - -- name: Install xfce4 - apt: - name: xfce4* - state: latest - -- name: Install Firefox - apt: - name: firefox - state: latest - -- name: Install xrdp and other goodies - apt: - name: - - xrdp - - xorg - - dbus-x11 - - x11-xserver-utils - state: latest - -- name: Config xrdp to start xfce4 - lineinfile: - path: /etc/xrdp/xrdp.ini - line: "exec startxfce4" - notify: Restart xrdp - -- name: Setup password for default user - user: - name: "{{ DEFAULT_USER }}" - password: "{{ DEFAULT_PASSWORD_HASHED }}" diff --git a/VirtualMachineService/ancon/playbooks/roles/guacamole/tasks/010-guacamole.yml b/VirtualMachineService/ancon/playbooks/roles/guacamole/tasks/010-guacamole.yml deleted file mode 100644 index 94405ee1..00000000 --- a/VirtualMachineService/ancon/playbooks/roles/guacamole/tasks/010-guacamole.yml +++ /dev/null @@ -1,116 +0,0 @@ - - -- name: Install needed libraries and tools - apt: - name: - - make - - gcc - - vim - - curl - - wget - - g++ - - libcairo2-dev - - libjpeg-turbo8-dev - - libpng-dev - - libtool-bin - - libossp-uuid-dev - - libavcodec-dev - - libavutil-dev - - libswscale-dev - - build-essential - - libpango1.0-dev - - libssh2-1-dev - - libvncserver-dev - - libtelnet-dev - - freerdp2-dev - - libwebsockets-dev - - libssl-dev - - libvorbis-dev - - libwebp-dev - - tomcat9 - - tomcat9-admin - - tomcat9-user - state: latest - -- name: Download guacamole src - get_url: - url: http://apache.org/dyn/closer.cgi?action=download&filename=guacamole/1.4.0/source/guacamole-server-1.4.0.tar.gz - dest: /usr/share/guacamole.tar.gz - -- name: Download guacamole war file - get_url: - url: http://apache.org/dyn/closer.cgi?action=download&filename=guacamole/1.4.0/binary/guacamole-1.4.0.war - dest: /usr/share/guacamole.war - -- name: Prepare build directory - file: - state: directory - path: /usr/share/guacamole/ - -- name: Unarchive source files - unarchive: - remote_src: yes - src: /usr/share/guacamole.tar.gz - dest: /usr/share/guacamole - -- name: Configure systemd unit - shell: "./configure --with-systemd-dir=/etc/systemd/system" - args: - chdir: /usr/share/guacamole/guacamole-server-1.4.0/ - creates: /usr/share/guacamole/guacamole-server-1.4.0/Makefile - -- name: Compile guacamole - make: - chdir: /usr/share/guacamole/guacamole-server-1.4.0/ - -- name: Make install - make: - chdir: /usr/share/guacamole/guacamole-server-1.4.0/ - target: install - -- name: Link libraries - shell: ldconfig - args: - chdir: /usr/share/guacamole/guacamole-server-1.4.0/ - -- name: Enable guacamole daemon - systemd: - name: guacd - enabled: yes - -- name: Create guacamole config folder - file: - state: directory - path: /etc/guacamole - -- name: Create guacamole.properties - copy: - src: guacamole.properties - dest: /etc/guacamole/guacamole.properties - notify: Restart guacd - -- name: Generate guacamole mapping - template: - src: user-mapping.xml.j2 - dest: /etc/guacamole/user-mapping.xml - notify: Restart guacd - -- name: Register path in env - lineinfile: - path: /etc/environment - line: 'GUACAMOLE_HOME="/etc/guacamole"' - state: present - -- name: Copy tomcat guacamole client - copy: - remote_src: yes - src: /usr/share/guacamole.war - dest: /var/lib/tomcat9/webapps/guacamole.war - notify: Restart Tomcat - -- name: Link configuration directory to tomcat - file: - state: link - src: /etc/guacamole - dest: /usr/share/tomcat9/.guacamole - notify: Reload systemd diff --git a/VirtualMachineService/ancon/playbooks/roles/guacamole/tasks/main.yml b/VirtualMachineService/ancon/playbooks/roles/guacamole/tasks/main.yml deleted file mode 100644 index a234de77..00000000 --- a/VirtualMachineService/ancon/playbooks/roles/guacamole/tasks/main.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- -# tasks file for guacamolerdp-ansible - -- include: 005-desktop.yml - tags: ['guacamole_desktop'] - -- include: 010-guacamole.yml - tags: ['guacamole_guacamole'] diff --git a/VirtualMachineService/ancon/playbooks/roles/guacamole/templates/user-mapping.xml.j2 b/VirtualMachineService/ancon/playbooks/roles/guacamole/templates/user-mapping.xml.j2 deleted file mode 100644 index db819dde..00000000 --- a/VirtualMachineService/ancon/playbooks/roles/guacamole/templates/user-mapping.xml.j2 +++ /dev/null @@ -1,18 +0,0 @@ - - - - - - rdp - 127.0.0.1 - 3389 - {{ DEFAULT_USER }} - {{ DEFAULT_PASSWORD }} - - - - - - diff --git a/VirtualMachineService/ancon/playbooks/roles/guacamole/tests/inventory b/VirtualMachineService/ancon/playbooks/roles/guacamole/tests/inventory deleted file mode 100644 index 2fbb50c4..00000000 --- a/VirtualMachineService/ancon/playbooks/roles/guacamole/tests/inventory +++ /dev/null @@ -1 +0,0 @@ -localhost diff --git a/VirtualMachineService/ancon/playbooks/roles/guacamole/tests/test.yml b/VirtualMachineService/ancon/playbooks/roles/guacamole/tests/test.yml deleted file mode 100644 index f08718ea..00000000 --- a/VirtualMachineService/ancon/playbooks/roles/guacamole/tests/test.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -- hosts: localhost - remote_user: root - roles: - - guacamolerdp-ansible diff --git a/VirtualMachineService/ancon/playbooks/roles/guacamole/vars/main.yml b/VirtualMachineService/ancon/playbooks/roles/guacamole/vars/main.yml deleted file mode 100644 index d8ce58e5..00000000 --- a/VirtualMachineService/ancon/playbooks/roles/guacamole/vars/main.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -# vars file for guacamolerdp-ansible - -DEFAULT_USER: ubuntu -DEFAULT_PASSWORD: ogvkyf -# you can create password hashes like here https://stackoverflow.com/questions/19292899/creating-a-new-user-and-password-with-ansible -DEFAULT_PASSWORD_HASHED: $6$iRrIJogrR0N2ZVdb$oL5XzFqcTC.O3g4DS945a5K7nRvO0LqY.ugyjDINUA347qRYXe1YXag8cRlLf9PVwmNrRYU3LTNGyCIPbFvz4/ -GUAC_USER: denbi -GUAC_PASSWORD: denbi diff --git a/VirtualMachineService/ancon/playbooks/roles/theia/templates/theia-ide.service.j2 b/VirtualMachineService/ancon/playbooks/roles/theia/templates/theia-ide.service.j2 deleted file mode 100644 index 6e2aba99..00000000 --- a/VirtualMachineService/ancon/playbooks/roles/theia/templates/theia-ide.service.j2 +++ /dev/null @@ -1,14 +0,0 @@ -[Unit] -Description=Theia-IDE service for user {{ theia_ide_user }} -After=network.target -StartLimitIntervalSec=0 - -[Service] -Type=simple -Restart=always -RestartSec=1 -User={{ theia_ide_user }} -ExecStart={{ theia_ide_install_dir }}/theia-ide.sh {{ theia_ide_workspace }} {{ theia_ide_bind_address }} {{ theia_ide_bind_port }} - -[Install] -WantedBy=multi-user.target diff --git a/VirtualMachineService/ancon/playbooks/roles/theia/templates/theia-ide.sh.j2 b/VirtualMachineService/ancon/playbooks/roles/theia/templates/theia-ide.sh.j2 deleted file mode 100644 index b67fdec1..00000000 --- a/VirtualMachineService/ancon/playbooks/roles/theia/templates/theia-ide.sh.j2 +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/bash - -source {{ nvm_install_dir }}/nvm.sh -cd $(dirname ${0}) -yarn theia start ${1} --hostname ${2} --port ${3} diff --git a/requirements.txt b/requirements.txt index c823b88e..08195a7a 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,14 +1,14 @@ -setuptools==62.2.0 +setuptools==62.3.2 thrift==0.16.0 python-keystoneclient openstacksdk ==0.61.0 deprecated == 1.2.13 -ansible==5.7.1 +ansible==5.8.0 Click==8.1.3 flake8==4.0.1 -paramiko==2.10.4 +paramiko==2.11.0 ruamel.yaml==0.17.21 -pyvim==3.0.2 +pyvim==3.0.3 redis==4.3.1 requests==2.27.1 pyyaml==6.0 diff --git a/requirements.yml b/requirements.yml index d74f30ee..7d22c965 100644 --- a/requirements.yml +++ b/requirements.yml @@ -4,3 +4,9 @@ roles: - name: oefenweb.latest_r version: v3.1.1 + + + - name: andrewrothstein.miniconda + version: v6.1.5 + + - name: andrewrothstein.conda-env