Skip to content
Snippets Groups Projects
Unverified Commit ee7f6c5c authored by Laurent Modolo's avatar Laurent Modolo
Browse files

first test with ansible

parent 37c4c9ad
No related branches found
No related tags found
No related merge requests found
#!/bin/bash
# This script is executed on the virtual machine during the *Deployment* phase.
# It is used to apply parameters specific to the current deployment.
# It is executed secondly during a cloud deployement in IFB-Biosphere, after the *Installation* phase.
source /etc/profile.d/ifb.sh
LOCUSER=${LOCUSER:-ubuntu}
LOCUSER_DIR=`eval echo "~$LOCUSER"`
# Docker params
# APP_IMG="gitlab-registry.in2p3.fr/ifb-biosphere/apps/<...>"
# Configure default user
# IFB_DATADIR is set in profile ‘ifb.sh'
ln -s $IFB_DATADIR $LOCUSER_DIR/data
# Allow local user to run docker
usermod -a -G docker $LOCUSER
# Manage ephemeral disk
EPHEM_DIR=`df | grep vdb | awk '{print $6}'`
if [ -n "$EPHEM_DIR" ]; then
chown $LOCUSER:$LOCUSER $EPHEM_DIR
ln -s $EPHEM_DIR $IFB_DATADIR/mydatalocal
# Move docker data dir to ephemeral disk
DOCKER_DJSON=/etc/docker/daemon.json
export DOCKER_DATADIR=${EPHEM_DIR}/docker-data
mkdir $DOCKER_DATADIR
if [ -e $DOCKER_DJSON ]
then
curjson="$(jq '."data-root"=env.DOCKER_DATADIR' $DOCKER_DJSON)"
echo "${curjson}" > $DOCKER_DJSON
else
echo -e "{\n \"data-root\": \"$DOCKER_DATADIR\"\n}" > $DOCKER_DJSON
fi
systemctl restart docker
else
mkdir $IFB_DATADIR/mydatalocal
fi
# Mount IFB shared volumes
ifb_sharedvols=$(ss-get --timeout=5 ifb_share_endpoints)
if [ -n "$ifb_sharedvols" ]; then
wget -O /root/config_partages.py https://raw.githubusercontent.com/IFB-ElixirFr/biosphere-commons/master/scripts/utils/config_partages.py
python3 /root/config_partages.py $ifb_sharedvols
rm /root/config_partages.py
fi
USER_LOGIN=etudiant
USER_PASSWORD=$( openssl rand -hex 12 )
sudo passwd etudiant << EOF
useradd -m -s /bin/bash -g users -G adm,dialout,cdrom,floppy,audio,dip,video,plugdev,netdev ${USER_LOGIN}
cp /etc/skel/.* /home/${USER_LOGIN}/
passwd ${USER_LOGIN} << EOF
${USER_PASSWORD}
${USER_PASSWORD}
EOF
HOST_NAME=$( ss-get --timeout=3 hostname )
HTTP_ENDP="https://$HOST_NAME"
ss-set url.service "${HTTP_ENDP}"
ss-set ss:url.service "[HTTPS]$HTTP_ENDP,[LOGIN]$etudiant,[PASSWORD]$USER_PASSWORD"
ss-set ss:url.service "[HTTPS]$HTTP_ENDP,[LOGIN]$USER_LOGIN,[PASSWORD]$USER_PASSWORD"
sudo apt update
sudo apt install --yes openssl shellinabox
sudo sed -i 's|SHELLINABOX_PORT=4200|SHELLINABOX_PORT=443|' /etc/default/shellinabox
sudo iptables -t filter -A INPUT -p tcp --dport 443 -j ACCEPT
sudo iptables -t filter -A OUTPUT -p tcp --dport 443 -j ACCEPT
sudo iptables-save
sudo systemctl restart shellinabox
sudo useradd -m -s /bin/bash -g users -G adm,dialout,cdrom,floppy,audio,dip,video,plugdev,netdev etudiant
sudo cp /etc/skel/.* /home/etudiant/
#!/bin/bash
# This script is executed on the virtual machine during the Installation phase (need to be ran as root!).
# It is used to record a predefined VM-image of the appliance.
# Otherwise executed first during a cloud deployement in IFB-Biosphere
# Install Ansible
export DEBIAN_FRONTEND=noninteractive
APT_OPT=""
if [ $(lsb_release -is) = "Debian" ]; then
apt-get install -y software-properties-common dirmngr
if [ $(lsb_release -cs) = "stretch" ]; then apt-add-repository "deb http://deb.debian.org/debian stretch-backports main"; fi
APT_OPT="-t $(lsb_release -cs)-backports --allow-unauthenticated"
apt-get -y --allow-unauthenticated dist-upgrade
elif [ $(lsb_release -cs) != "focal" ]; then
apt-add-repository -y ppa:ansible/ansible
fi
apt-get update
apt-get install $APT_OPT -y ansible
# Run app playbook
ansible-playbook -c local -i 127.0.0.1, -b -e 'ansible_python_interpreter=/usr/bin/python3' ubuntu-shellinabox.yaml
# IFB Bioinformatics environment
export IFB_MAIN=/ifb
export IFB_BIN=$IFB_MAIN/bin
export IFB_DATADIR=$IFB_MAIN/data
export PATH=$PATH:$IFB_BIN
- hosts: all
tasks:
- name: Update the system
apt:
upgrade: dist
- name: Install requirements
apt:
name:
- autofs
- fail2ban
- python3-pip
- nfs-common
- jq
- openssl
- shellinabox
state: latest
- name: Remove old Docker version
apt:
name:
- docker
- docker-engine
- docker.io
- containerd
- runc
state: absent
- name: Install Docker deps
apt:
name:
- apt-transport-https
- ca-certificates
- curl
- gnupg-agent
- software-properties-common
state: latest
- name: Add Docker’s official GPG key
apt_key:
url: https://download.docker.com/linux/{{ ansible_distribution | lower }}/gpg
state: present
- name: Add Docker's repository into sources list
apt_repository:
repo: deb [arch=amd64] https://download.docker.com/linux/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} stable
state: present
- name: Install Docker engine community
apt:
name:
- docker-ce
- docker-ce-cli
- containerd.io
state: latest
- name: Configure shell in a box
shell: sed -i 's|SHELLINABOX_PORT=4200|SHELLINABOX_PORT=443|' /etc/default/shellinabox
- name: Configure network
shell: iptables -t filter -A INPUT -p tcp --dport 443 -j ACCEPT && iptables -t filter -A OUTPUT -p tcp --dport 443 -j ACCEPT && iptables-save
sudo systemctl restart shellinabox
- name: Enable services
systemd:
name: "{{ item }}"
enabled: yes
state: started
loop:
- docker
- fail2ban
- name: Restart services
systemd:
name: "{{ item }}"
enabled: yes
state: restarted
loop:
- shellinabox
- name: Update pip
pip:
name:
- pip
executable: pip3
state: latest
- name: Install docker-compose
pip:
name:
- docker-compose
executable: pip3
state: latest
- name: Install Miniconda
script: miniconda-install.sh
- name: Copy IFB profile
copy:
src: profile_ifb.sh
dest: /etc/profile.d/ifb.sh
owner: root
mode: '0644'
- name: Create IFB root dir and bin
shell: . /etc/profile.d/ifb.sh && mkdir -p $IFB_BIN
- name: Create IFB data dir
shell: . /etc/profile.d/ifb.sh && mkdir -p $IFB_DATADIR
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment