Commit a9a13520 authored by Victor Penso's avatar Victor Penso
Browse files

first re-implementation for CVMFS remote publishing

parent fe25e91b
default[:cvmfs][:remote] = Mash.new
default[:cvmfs][:remote_key] = String.new
#!/bin/bash
#
# Author:: Victor Penso
# Copyright:: 2013, GSI, HPC Department
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# check if there is only one input argument
if [ "$#" -eq "2" ]; then
repo_name=$2
case "$1" in
publish)
# sync local data to the corresponding CVMFS server
su cvmfs -c "rsync -vtza --exclude-from /cvmfs/$repo_name.exclude --delete --delete-excluded /cvmfs/$repo_name $repo_name:/cvmfs/"
# Run publish on the CVMFS server as root, this needs to be
# allowed by sudo on the target machine!
su cvmfs -c "ssh -qt $repo_name 'sudo cvmfs_server publish'"
# SSH terminal allocation is needed to allow the command
# a user switch (su)
;;
resign)
su cvmfs -c "ssh -qt $repo_name 'sudo cvmfs_server resign'"
;;
*)
echo 'You can only publish or resign repositories!'
;;
esac
else
echo "Error: Parameters incomplete!"
echo " cvmfs [publish|resign] <REPO> "
fi
# Cookbook Name:: cernvm-fs
# Recipe:: remote
# Author:: Victor Penso
# Copyright:: 2013, GSI, HPC Department
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# The cvmfs user operates all remote actions on the CVMFS servers
user 'cvmfs'
# This variable contains the SSH configuration for the "cvmfs" user.
ssh_config = Hash.new
# list of all repository maintainers allowed to sync with the servers
sudoers = String.new
node.cvmfs.remote.each_pair do |repo,config|
# by convention the maintainer group is called like the repository
maintainer = repo.split('.')[0]
# list of repository maintainers
maintainers = config[:maintainer]
group maintainer do
members ['cvmfs'] << maintainers
end
directory "/cvmfs/#{repo}" do
group maintainer
recursive true
end
rsync_exclude = "/cvmfs/#{repo}.exclude"
file rsync_exclude do
mode "0770"
group maintainer
content ".svn/*\n.libs/*\n.deps/*\n*.o"
# The excludes for Rsync will be modified by users eventually
not_if do ::File.exists? rsync_exclude end
end
# Define a host alias for each repository in the SSH configuration
ssh_config[repo] = {
'HostName' => config[:server],
'UserKnownHostsFile' => '/dev/null',
'StrictHostKeyChecking' => 'no'
}
sys_sudo repo do
users maintainer.upcase => maintainers
rules ["#{maintainer.upcase} #{node.fqdn}=NOPASSWD:/sbin/cvmfs * #{repo}"]
end
end
directory '/home/cvmfs/.ssh' do
owner 'cvmfs'
group 'cvmfs'
mode '0700'
recursive true
end
sys_ssh_config 'cvmfs' do
config ssh_config
end
if node.cvmfs.remote_key.empty?
Chef::Log.warn("No login SSH key to CVMFS servers provided")
else
file '/home/cvmfs/.ssh/id_rsa' do
owner 'cvmfs'
group 'cvmfs'
mode '0600'
content node.cvmfs.remote_key
end
end
cookbook_file '/sbin/cvmfs-remote' do
source 'cvmfs-remote'
mode '0700'
backup false
end
link "/sbin/cvmfs" do
to "/sbin/cvmfs-remote"
end
# /etc/sudoers.d/cvmfs
#
# DO NOT CHANGE THIS FILE MANUALLY!
#
# This file is managed by the Chef `cernvm-fs::remote` cookbook.
<%= @config %>
name "cvmfs_remote_test"
description "Use to test the [cvmfs::remote] recipe."
run_list(
"recipe[sys::accounts]",
"recipe[cernvm-fs::remote]"
)
default_attributes(
:sys => {
:accounts => {
:skywalker => {},
:solo => {},
:lea => {},
:joda => {}
}
},
:cvmfs => {
:remote => {
"alpha.devops.test" => {
:server => "lxfs01.devops.test",
:maintainer => [ 'skywalker','solo' ]
},
"betta.devops.test" => {
:server => 'lxfs02.devops.test',
:maintainer => [ 'lea', 'joda' ]
}
}
}
)
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment