Install and configure CernVM-FS (CVMFS), particularly for Galaxy servers.
On Enterprise Linux (ansible_os_family == "RedHat"
), it is assumed that you have enabled Extra Packages for Enterprise
Linux (EPEL) for CVMFS's dependencies. If you need to enable EPEL, geerlingguy.repo-epel can easily
do this for you.
All variables are optional. However, if unset, the role will essentially do nothing. See the defaults and example playbook for examples.
Other than cvmfs_role
as described below, Galaxy administrators will most likely only need to set the
galaxy_cvmfs_repos_enabled
variable (disabled by default), which automatically configures the CVMFS client for
galaxyproject.org CVMFS repositories.
The value of galaxy_cvmfs_repos_enabled
can be either config-repo
or any value that evaluates to true
(or false
to explcititly disable, although this is the default). Using config-repo
is recommended since it causes the role to
only install a minimal configuration needed to mount the cvmfs-config.galaxyproject.org
CVMFS repository, and then
uses CVMFS' Config Repository support to obtain the configs for the other galaxyproject.org CVMFS
repositories. This ensures you will always have up-to-date configs for all galaxyproject.org CVMFS repositories.
Setting galaxy_cvmfs_repos_enabled
to config-repo
overrides the value of cvmfs_config_repo
since there can be only
one default config repo configured on the client.
Setting galaxy_cvmfs_repos_enabled
to any other truthy value will causes the role to create a static configuration
where the full configurations for each galaxyproject.org CVMFS repository is installed on the target host. This option
is retained for legacy purposes.
You can override the defaults for Galaxy's cvmfs_keys
, cvmfs_server_urls
, and cvmfs_repositories
by prepending
galaxy_
to the variable names. See the defaults for details.
If galaxy_cvmfs_repos_enabled
is not set, full configuration of non-Galaxy repositories can be performed using the set
of variables described below.
variable | type | description |
---|---|---|
cvmfs_role |
string | Type of CVMFS host: client , stratum0 , stratum1 , or localproxy . Alternatively, you may put hosts in to groups cvmfsclients , cvmfsstratum0servers , cvmfsstratum1servers , and cvmfslocalproxies . Controls what packages are installed and what configuration is performed. |
cvmfs_keys |
list of dicts | Keys to install on hosts of all types. |
cvmfs_server_urls |
list of dicts | CVMFS server URLs, the value of CVMFS_SERVER_URL in /etc/cvmfs/domain.d/<domain>.conf . |
cvmfs_repositories |
list of dicts | CVMFS repository configurations, the value of CVMFS_REPOSITORIES in /etc/cvmfs/default.local plus additional settings in /etc/cvmfs/repositories.d/<repository>/{client,server}.conf . |
cvmfs_config_repo |
dict | CVMFS Configuration Repository configuration, see the value of galaxy_cvmfs_config_repo in the defaults for syntax. |
cvmfs_quota_limit |
integer in MB | Size of CVMFS client cache. Default is 4000 . |
cvmfs_upgrade_client |
boolean | Upgrade CVMFS on clients to the latest version if it is already installed. Default is false . |
cvmfs_preload_install |
boolean | Install the cvmfs_preload script for preloading the CVMFS cache. |
cvmfs_preload_path |
path | Directory where cvmfs_preload should be installed |
cvmfs_install_setuid_cvmfs_wipecache |
boolean | Install a setuid binary on clients that allows unprivileged users to perform cvmfs_config wipecache . EL only (source is provided). |
cvmfs_install_setuid_cvmfs_remount_sync |
boolean | Install a setuid binary on clients that allows unprivileged users to perform cvmfs_talk remount sync . EL only (source is provided). |
The complex (list of dict) variables have the following syntaxes:
cvmfs_keys:
- path: 'absolute path to repo key.pub'
owner: 'user owning key file (default: root)'
key: |
-----BEGIN PUBLIC KEY-----
MIIBIjAN...
cvmfs_server_urls:
- domain: 'repo parent domain'
urls:
- 'repository URL'
cvmfs_repositories:
- repository: 'repo name'
stratum0: 'stratum 0 hostname'
owner: 'user owning repository (default: root)'
key_dir: 'path to directory containing repo keys (default: /etc/cvmfs/keys)'
server_options:
- KEY=val
client_options:
- KEY=val
For Stratum 0 / Release Managers, you can automatically prune older snapshots using the prune_snapshots_time
, a hash
having keys that correspond to the cron module
options. If
prune_snapshots_time
is unset, then snapshots are not automatically pruned.
cvmfs_repositories:
- repository: repo.example.org
owner: user1
prune_snapshots_count: 20
prune_snapshots_time:
special_time: daily
The per-repository prune_snapshots_count
option defaults to the value of cvmfs_stratum0_prune_snapshots_count
in
defaults/main.yml if unset.
variable | type | description |
---|---|---|
cvmfs_private_keys |
list of dicts | Keys to install on Stratum 0 hosts. Separate from cvmfs_keys for vaultability and avoiding duplication. |
cvmfs_config_apache |
boolean | Configure Apache on Stratum 0 and 1 servers. If disabled, you must configure it yourself. Default is true . |
cvmfs_manage_firewall |
boolean | Attempt to configure firewalld (EL) or ufw (Debian) to permit traffic to configured ports. Default is false . |
cvmfs_squid_conf_src |
path | Path to template Squid configuration file (for Stratum 1 and local proxy servers). Defaults are in the role templates/ directory. |
cvmfs_stratum0_http_ports |
list of integers | Port(s) to configure Apache on Stratum 0 servers to listen on. Default is 80 . |
cvmfs_stratum1_http_ports |
list of integers | Port(s) to configure Squid on Stratum 1 servers to listen on. Default is 80 and 8000 . |
cvmfs_stratum1_apache_port |
integer | Port to configure Apache on Stratum 1 servers to listen on. Default is 8008 . |
cvmfs_stratum1_cache_mem |
integer in MB | Amount of memory for Squid to use for caching. Default is 128 . |
cvmfs_stratum1_cache_dir |
list of dicts | |
cvmfs_localproxy_http_ports |
list of integers | Port(s) to configure Squid on local proxy servers to listen on. Default is 3128 . |
cvmfs_upgrade_server |
boolean | Upgrade CVMFS on servers to the latest version if it is already installed. Default is false . |
cvmfs_srv_device |
path | Block device to create a filesystem on and mount for CVMFS data. Unset by default. |
cvmfs_srv_fstype |
string | Filesystem to create on cvmfs_srv_device . Default is ext4 . |
cvmfs_srv_mount |
path | Path to mount CVMFS data volume on. Default is /srv (but is ignored if cvmfs_srv_device is unset). |
cvmfs_union_fs |
string | Union filesystem type (overlayfs or aufs ) for new repositories on Stratum 0 servers. |
cvmfs_numfiles |
integer | Set the maximum number of open files in /etc/security/limits.conf . Useful with the CVMFS_NFILES client option on Stratum 0 servers. |
variable | type | description |
---|---|---|
cvmfs_repositories |
list of dicts | CVMFS repository configurations, to create publisher hosts. |
cvmfs_certs |
list of dicts | The repository’s public key (encoded as an X.509 certificate). |
cvmfs_gateway_api |
list of dicts | The gateway API key. |
None.
Configure all hosts as CVMFS clients with configurations for the Galaxy CVMFS repositories:
- name: CVMFS
hosts: all
vars:
cvmfs_role: client
galaxy_cvmfs_repos_enabled: config-repo
roles:
- geerlingguy.repo-epel
- galaxyproject.cvmfs
Create a Stratum 1 (mirror) of the Galaxy CVMFS repositories and configure clients to prefer your Stratum 1 (assuming
you have configured hosts in groups cvmfsclients
and cvmfsstratum1servers
):
- name: CVMFS
hosts: cvmfsclients:cvmfsstratum1servers
vars:
cvmfs_srv_device: /dev/sdb
galaxy_cvmfs_repos_enabled: true
# override the default
galaxy_cvmfs_server_urls:
- domain: galaxyproject.org
urls:
- "http://cvmfs.example.org/cvmfs/@fqrn@"
- "http://cvmfs1-psu0.galaxyproject.org/cvmfs/@fqrn@"
- "http://cvmfs1-iu0.galaxyproject.org/cvmfs/@fqrn@"
- "http://cvmfs1-tacc0.galaxyproject.org/cvmfs/@fqrn@"
- "http://cvmfs1-mel0.gvl.org.au/cvmfs/@fqrn@"
- "http://cvmfs1-ufr0.galaxyproject.eu/cvmfs/@fqrn@"
roles:
- galaxyproject.cvmfs
Create your own CVMFS infrastructure. Run once without keys (new keys will be generated on repo creation):
- name: CVMFS
hosts: cvmfsstratum0servers
vars:
cvmfs_numfiles: 4096
cvmfs_server_urls:
- domain: example.org
urls:
- "http://cvmfs0.example.org/cvmfs/@fqrn@"
cvmfs_repositories:
- repository: foo.example.org
stratum0: cvmfs0.example.org
key_dir: /etc/cvmfs/keys/example.org
server_options:
- CVMFS_AUTO_TAG=false
- CVMFS_GARBAGE_COLLECTION=true
- CVMFS_AUTO_GC=false
client_options:
- CVMFS_NFILES=4096
- repository: bar.example.org
stratum0: cvmfs0.example.org
key_dir: /etc/cvmfs/keys/example.org
roles:
- galaxyproject.cvmfs
Once keys have been created, add them to cvmfs_keys
and run the same as above but hosts: all
and cvmfs_keys
defined as:
- name: CVMFS
vars:
cvmfs_keys:
- path: /etc/cvmfs/keys/example.org/foo.example.org.pub
key: |
-----BEGIN PUBLIC KEY-----
MIIBIjAN...
- path: /etc/cvmfs/keys/example.org/bar.example.org.pub
key: |
-----BEGIN PUBLIC KEY-----
MIIBIjAN...
MIT