/ansible-playbook-gridftp

Playbook to deploy gridftp servers and clients along with real or simpleca certificates

Primary LanguageShell

This playbook can be divided in three steps, each configuring server and client independently.

  • The first step (plays 1-3) handle common and utility tasks.
  • The second step (plays 4-5) configures the gridftp servers and clients.
  • The third step (plays 6-7) transfers simpleca certificates from servers to clients. This step is only needed if you don't have valid CA or host certificates, ie when using vagrant machines.

Assuming your variables are correctly configured (see below), this playbook will leave the server completely configured and the only steps needed on the client are to install a user certificate or proxy certificate and start the actual transfer.

Variables

Variables in ansible can be tweaked in multiple ways. My recommended method is to use files in group_vars and host_vars. Each roles will take default values from its defaults/main.yml file for variables not defined in the playbook. Variables that need definition to create a working GridFTP server are (see examples in group_vars directory):

  • gridftp_ca_cert_repos: points to a repository of CA certifictes and package to install, ie EGI's ca-policy-egi-core.
  • gridftp_ca_local_certs: custom certificate not in a repository.
  • gridftp_host_cert: hostcert for the server. This should be generated by your local CA.
  • gridftp_host_key: hostkey for the server. It should be kept private, ie in the vault.
  • gridftp_mappings: mappings to go in /etc/grid-security/grid-mapfile.

Testing the playbook with Vagrant

You should have Vagrant and VirtualBox installed before starting.

  • Install all role dependencies ansible-galaxy install -r requirements.yml
  • Start the vagrant machines: vagrant up