-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathplaybook-stack.yaml
More file actions
129 lines (120 loc) · 3.39 KB
/
playbook-stack.yaml
File metadata and controls
129 lines (120 loc) · 3.39 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
---
# Install/Manage Galaxy stack
- name: PostgreSQL
hosts: galaxy_db_servers
roles:
- role: galaxyproject.postgresql
- role: galaxyproject.postgresql_objects
become: true
become_user: postgres
tags:
- postgres
- name: Slurm
hosts: all
roles:
- role: galaxyproject.slurm
post_tasks:
- name: Copy epilog script
ansible.builtin.copy:
src: files/slurm/epilog.sh
dest: /etc/slurm/epilog.sh
mode: "0755"
owner: root
group: root
tags:
- slurm
- name: CVMFS
hosts: all
roles:
- role: galaxyproject.cvmfs
tags:
- cvmfs
- name: DRMAA for Slurm
hosts: galaxy_servers
tasks:
- name: Install slurm-drmaa
package:
name: "{{ slurm_drmaa_rpm_url }}"
disable_gpg_check: true
tags:
- slurm
- name: Galaxy Paths
hosts: galaxy_servers
roles:
- role: galaxyproject.general.paths
- role: galaxyproject.galaxy.paths_local_ro
- role: galaxyproject.galaxy.paths_local_rw
- role: galaxyproject.galaxy.paths_shared_ro
become_user: "{{ galaxy_user_name }}"
# in this case we don't privsep on NFS, which is only for local tool deployments anyway
galaxy_privsep_user_name: "{{ galaxy_user_name }}"
- role: galaxyproject.galaxy.paths_shared_rw
become_user: "{{ galaxy_user_name }}"
- role: galaxyproject.tusd
tags:
- galaxy
- name: gxadmin
hosts: galaxy_db_servers
roles:
- role: galaxyproject.gxadmin
tags:
- galaxy
- gxadmin
- name: NGINX
hosts: galaxy_servers
roles:
- role: galaxyproject.galaxy.defaults
- role: galaxyproject.nginx
tags:
- nginx
- name: RabbitMQ
hosts: rabbitmq_servers
pre_tasks:
- name: Ensure /etc/letsencrypt directories are readable
ansible.builtin.file:
path: "/etc/letsencrypt/{{ item }}"
state: directory
owner: root
group: root
mode: "0755"
loop:
- live
- archive
- name: Copy private key
ansible.builtin.copy:
src: "/etc/letsencrypt/live/{{ galaxy_instance_certname }}/privkey.pem"
dest: "/etc/rabbitmq/privkey.pem"
remote_src: true
owner: root
group: rabbitmq
mode: "0640"
# Ok to fail the first time (user does not exist yet), just run the play twice
ignore_errors: true
roles:
- role: galaxyproject.rabbitmq
post_tasks:
- name: Ensure RabbitMQ private key copy is kept up to date
ansible.builtin.cron:
cron_file: ansible_rabbitmq
name: Update RabbitMQ SSL private key
user: root
hour: 0
minute: 0
job: if [ /etc/letsencrypt/live/{{ galaxy_instance_certname }}/privkey.pem -nt /etc/rabbitmq/privkey.pem ]; then /bin/cp -p /etc/letsencrypt/live/{{ galaxy_instance_certname }}/privkey.pem /etc/rabbitmq/privkey.pem && chown root:rabbitmq /etc/rabbitmq/privkey.pem && systemctl restart rabbitmq-server; fi
tags:
- rabbitmq
#- name: Galaxy post-install root
# hosts: galaxyservers
# roles:
# - role: galaxyproject.galaxy
# galaxy_manage_clone: no
# galaxy_manage_static_setup: no
# galaxy_manage_mutable_setup: no
# galaxy_manage_database: no
# galaxy_fetch_dependencies: no
# galaxy_manage_errordocs: no
# galaxy_build_client: no
# galaxy_manage_systemd: yes
# galaxy_manage_gravity: no
# galaxy_manage_cleanup: yes
# tags: galaxy, galaxy_post