fixed ldapconfig dump

5776e102 · Jupiter Hu · 50d3b79e · 5776e102 · 5776e102 · 5776e102
Commit 5776e102 authored 9 years ago by Jupiter Hu
--- a/roles/dump_ldap_config/tasks/main.yml
+++ b/roles/dump_ldap_config/tasks/main.yml
 ---
 - name: grab cacert
-  shell: cat {{ ldapCertDest }} 
+  shell: cat {{ ldapCARootDest }} 
  register: ldapCaCertContents

 - name: dump vars

--- a/roles/karaage3.1.17/tasks/karaage.yml
+++ b/roles/karaage3.1.17/tasks/karaage.yml
@@ -116,7 +116,7 @@
  sudo: true

 - name: install shibboleth cache file 
-  template: src="{{ shibboleth_deploy }}_metadata.aaf.xml.j2" dest=/tmp/metadata.aaf.xml 
+  template: src="files/{{ shibboleth_deploy }}_metadata.aaf.xml.j2" dest=/tmp/metadata.aaf.xml 

 -
 name: "enabling Karaage configuration"
@@ -154,11 +154,11 @@
 sudo: true
 when: karaage_db_init.stdout.find("0") == 0

-#-
-# name: "Create IDP institutes (disable it as cache is not available)"
-# shell: kg-idps /tmp/metadata.aaf.xml 
-# sudo: true
-# when: karaage_db_init.stdout.find("0") == 0
+-
+ name: "Create IDP institutes (disable it as cache is not available)"
+ shell: kg-idps /tmp/metadata.aaf.xml 
+ sudo: true
+ when: karaage_db_init.stdout.find("0") == 0

 -
 name: "Create projects"

--- a/roles/karaage3.1.17/templates/kg_init.j2
+++ b/roles/karaage3.1.17/templates/kg_init.j2
@@ -26,8 +26,6 @@ class HpcIdInit():
        if self.path and os.path.exists(self.path):
            with open(self.path) as data:
                config_data = json.load(data)
-                self.project = config_data["project"]
-                self.mc = config_data["machine_category"]
                self.user = config_data["superuser"]
        else:
            log("Invalid input data")    
@@ -44,115 +42,6 @@ class HpcIdInit():
            now = time.strftime("%c")
            self.logfile.write(now + ": " + message + "\n") 

-    def getGroup(self, name):
-        group = None
-        try:
-            group =Group.objects.get(name = name)
-            if group:
-                self.log("Find group %s" %(name))
-        except:
-            self.log("Group %s not found" %(name))
-        finally:
-            return group
-    
-    def getProject(self, name):
-
-        self.log("Get Project 1 %s" %(name))
-        project = None
-        try:
-            project = Project.objects.get(name = name)
-            if project:
-                self.log("Find project %s" %(project.name))
-                group = project.group
-                if group:
-                    self.log("Group name = %s" %(group.name))
-            else:
-                self.log("Project %s not found" %(project.name))
-        except Project.DoesNotExist:
-            self.log("project %s does not exists" %(name))
-        except:
-            self.log("Exception: ", traceback.format_exc())
-        finally:
-            return project
-
-    def createProject(self, pid, name, institute_name, superuser):
-        project = None
-        try:
-            institute = self.getInstitute(institute_name)
-            if institute:
-                self.log("Find insititute %s" %(institute.name))
-                project = Project.objects.create(pid = pid, name = name, institute = institute, group = institute.group, is_active = True, is_approved = True, approved_by = superuser)
-                if project:
-                    project.leaders.add(superuser)
-                    self.log("Create project OK")
-                else:
-                    self.log("Create project failed")
-
-            else:
-                self.log("Insititute %s does not exist" %(institute_name))
-        except:
-            self.log("Exception: ", traceback.format_exc())
-        finally:
-            return project
-    
-    def getInstitute(self, name):
-        institute = None
-        try:
-            institute = Institute.objects.get(name = name)
-            if institute:
-                self.log("Institute %s exist" %(institute.name))
-                group = institute.group
-                if group:
-                    self.log("Group name = %s" %(group.name))
-            else:
-                self.log("Institute %s not found" %(name))
-        except Institute.DoesNotExist:
-                self.log("Institute %s not found" %(name))
-        finally:
-            return institute
-
-    def getDefaultDatastore(self):
-        for key, value in settings.MACHINE_CATEGORY_DATASTORES.items():
-            if value:
-                return key
-        return None
-
-    def getMachineCategory(self, name):
-        mc = None
-        self.log("Running getMachineGategory %s" %(name))
-        try:
-            mc = MachineCategory.objects.get(name = name)
-            if mc:
-                self.log("Find machine category %s" %(mc.name))
-            else:
-                slef.log("Not found machine category %s" %(name))
-
-        except MachineCategory.DoesNotExist:
-            self.log("Machine category %s dose not exist" %(name))
-        except:
-            self.log("Except to create machine category %s" %(traceback.format_exc()))
-        finally:
-            return mc
-  
-    def getOrCreateMachineCategory(self, name):
-        mc = None
-        try:
-            self.log("getOrCreateMachineCategory %s" %(name))
-            mc = self.getMachineCategory(name)
-            if not mc:
-                datastore = self.getDefaultDatastore()
-                self.log("datastore = '%s'" %(datastore))
-                mc = MachineCategory.objects.get_or_create(name = name, datastore = datastore)
-                self.log("after create machine catetory '%s'" %(name))
-                if mc:
-                    self.log("Create MachineCategory %s OK" %(mc.name))
-                else:
-                    self.log("Create MachineCategory failed")
-        except:
-            self.log("Except to create machine category %s" %(traceback.format_exc()))
-        finally:
-            return mc
-
    def getUser(self, username):
        person = None
        try:
@@ -171,33 +60,13 @@ class HpcIdInit():
                if person:
                    person.set_password(self.password)
                    person.save()
-                    result = self.addInstituteDelegate(person, institute)
-                    if result:
-                        log("Add super user %s to institute %s delegate" %(person.username, institute.name))
-                    else:
-                        log("Faired to add super user %s to institute %s delegate" %(person.username, institute.name))
                    person.full_clean()
        except:
            log("Create super user exception: %s" %(traceback.format_exc()))
        finally:
            return person
    
-    def addInstituteDelegate(self, su, institute):
-        result = True 
-        try:
-            delegates = institute.delegates.all().filter(username = su.username)
-            if len(delegates) == 0:
-                self.log("Create institution delegate %s"%(su.username))
-                institute.delegates.add(su)
-                self.log("Create institution delegate %s OK"%(su.username))
-        except:
-            result = False 
-            self.log("Create institution delegate exception: %s" %(traceback.format_exc()))
-        finally:
-            return result 
-
    def setup(self):
-        self.log("Debug = %s" %(self.debug))
        su = self.getUser(self.user["username"])
        if su:
            self.log("Find super user %s" %(su.username))
@@ -207,25 +76,6 @@ class HpcIdInit():
                self.log("Create super user %s OK" %(su.username))
            else:
                self.log("Create super user %s failed" %(self.user["username"]))
-        if self.mc:
-            mc = self.getOrCreateMachineCategory(self.mc)
-            if mc:
-                self.log("Get machine category = '%s'" %(self.mc))
-            else:    
-                self.log("Failed to get machine category = '%s'" %(self.mc))
-        if su:
-            for p in self.project:
-                project = self.getProject(p["project_name"])
-                if project:
-                    self.log("Find project %s" %(project.name))
-                else:
-                    self.log("Create project name = %s, pid = %s, institute name = %s" %(p["project_name"], p["pid"], p["institute_name"]))
-                    project = self.createProject(p["pid"], p["project_name"], p["institute_name"], su)
-                    if project:
-                        self.log("Create project %s OK." %(project.name))
-                    else:
-                        self.log("Create project %s failed." %(p["project_name"]))
-                        break

 def main(argv):
    config_path = None
@@ -236,7 +86,6 @@ def main(argv):
        if len(sys.argv) > 3:
            debug = argv[2]
        init = HpcIdInit(config_path, password, debug)
-        init.log("Password = %s, debug = %s" %(password, debug))
        init.setup()
    else:
        print "Usage: kg_init <config file> <superuser password> <option: debug True | False>"

--- a/roles/karaage3.1.17/templates/kginit.conf.j2
+++ b/roles/karaage3.1.17/templates/kginit.conf.j2
-{"project": [{"project_name": "MCC2", "pid": "pMcc2", "institute_name": "Monash University"}, {"project_name": "CVL", "pid": "pCvl", "institute_name": "Monash University"}], "machine_category": "hpc_cluster", "superuser": {"username": "admin", "email": "jupiter.hu@monash.edu", "institute_name": "Monash University", "short_name": "admin", "full_name": "admin"}}
+{"superuser": {"username": "admin", "email": "jupiter.hu@monash.edu", "institute_name": "Monash University", "short_name": "admin", "full_name": "admin"}}

--- a/roles/karaage3.1.17/templates/settings.py.j2
+++ b/roles/karaage3.1.17/templates/settings.py.j2
@@ -267,7 +267,7 @@ LOGGING = {

 # Users are advised to contact this address if having problems.
 # This is also used as the from address in outgoing emails.
-ACCOUNTS_EMAIL = '{{ karaageAdminEmail }}'
+ACCOUNTS_EMAIL = '{{ karaageAccountEmail }}'

 # This organisation name, used in outgoing emails.
 ACCOUNTS_ORG_NAME = '{{ karaageAcountName }}' 

--- a/roles/karaage3.1.17/templates/test_metadata.aaf.xml.j2
+++ b/roles/karaage3.1.17/templates/test_metadata.aaf.xml.j2
--- a/roles/ldapserver/tasks/main.yml
+++ b/roles/ldapserver/tasks/main.yml
@@ -77,6 +77,10 @@
  copy: src="files/{{ ldapCAChain }}" dest="{{ ldapCAChainDest }}"
  sudo: true

+- name: copy ca root cert
+  copy: src="files/{{ ldap_TLSCARoot }}" dest="{{ ldapCARootDest }}"
+  sudo: true
+  when: ldap_TLSCARoot is defined

 - name: copy key
  copy: src="files/{{ ldapKey }}" dest="{{ ldapKeyDest }}" mode=600 owner={{ ldapuser }} group={{ ldapgroup }} 

--- a/roles/ldapserver/vars/main.yml
+++ b/roles/ldapserver/vars/main.yml
@@ -2,3 +2,4 @@
 ldapCertDest: "{{ ldapDir }}/ssl/certs/ldapcert.pem"
 ldapKeyDest: "{{ ldapDir }}/ssl/private/ldapkey.pem"
 ldapCAChainDest: "{{ ldapDir }}/ssl/certs/cacert.pem"
+ldapCARootDest: "{{ ldapDir }}/ssl/certs/ca_cert.pem"
--- a/roles/openssh/tasks/installSsh.yml
+++ b/roles/openssh/tasks/installSsh.yml
@@ -70,9 +70,4 @@
    - "Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour"
  notify: restart openssh
  sudo: true
-
- name: link ssh 
-  file: src={{ ssh_dir }}/bin/ssh path=/usr/bin/ssh state=link force=yes
-  sudo: true
-