-
Notifications
You must be signed in to change notification settings - Fork 21
/
Copy pathconfigure.yml
322 lines (290 loc) · 13.6 KB
/
configure.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
---
# logging configuration
- name: "Configure rsyslog"
template:
src: "{{ item }}"
dest: "/etc/rsyslog.d/archivematica.conf"
backup: "yes"
with_first_found:
- files:
- "templates/{{ inventory_hostname }}/rsyslog.conf.j2"
- "templates/rsyslog.conf.j2"
- "etc/rsyslog.d/archivematica.conf.j2"
tags: "amsrc-ss-osconf"
notify:
- Restart rsyslog
when: "archivematica_src_syslog_enabled|bool"
# ss-configure
- name: "Check for SS user"
become: "yes"
shell: echo 'select username from auth_user where username="{{ archivematica_src_configure_ss_user }}";' | {{ archivematica_src_ss_virtualenv }}/bin/python manage.py dbshell | tail -n1
args:
chdir: "{{ archivematica_src_ss_app }}"
executable: /bin/bash
environment: "{{ archivematica_src_ss_environment }}"
register: ss_user
when: archivematica_src_configure_ss|bool
- debug:
msg: "The SS user {{ archivematica_src_configure_ss_user }} is already configured: The SS superuser will not be created."
when: archivematica_src_configure_ss|bool and ss_user.stdout != ""
- name: "Get SS API Key"
shell: >
echo "select \`key\` from tastypie_apikey where id in (select id from auth_user where username = '{{ archivematica_src_configure_ss_user }}');"
| {{ archivematica_src_ss_virtualenv }}/bin/python manage.py dbshell | tail -n1
args:
chdir: "{{ archivematica_src_ss_app }}"
executable: /bin/bash
environment: "{{ archivematica_src_ss_environment }}"
delegate_to: "{{ archivematica_src_configure_ss_url|urlsplit('hostname') }}"
become: yes
remote_user: "{{ archivematica_src_configure_ss_ssh_user | default('artefactual') }}"
register: archivematica_src_configure_ss_api_key_temp
when:
- "archivematica_src_configure_dashboard|bool or archivematica_src_configure_ss|bool"
- "archivematica_src_configure_ss_api_key is undefined"
- ss_user.stdout != ""
- set_fact: archivematica_src_configure_ss_api_key="{{ archivematica_src_configure_ss_api_key_temp.stdout }}"
when:
- "archivematica_src_configure_dashboard|bool"
- "archivematica_src_configure_ss_api_key_temp.stdout is defined"
# Create api-key if not defined and SS user was not already configured
- set_fact: archivematica_src_configure_ss_api_key={{ 999999999999999999999 | random | to_uuid | hash('md5') }}
when:
- "archivematica_src_configure_ss_api_key is undefined"
- "archivematica_src_configure_ss|bool"
- name: "Create SS superuser"
django_manage:
command: >
create_user
--username="{{ archivematica_src_configure_ss_user }}"
--password="{{ archivematica_src_configure_ss_password }}"
--email="{{ archivematica_src_configure_ss_email }}"
--api-key="{{ archivematica_src_configure_ss_api_key }}"
--superuser
app_path: "{{ archivematica_src_ss_app }}"
virtualenv: "{{ archivematica_src_ss_virtualenv }}"
environment: "{{ archivematica_src_ss_environment }}"
when: archivematica_src_configure_ss|bool and ss_user.stdout == ""
# dashboard-configure
# Check whether pipeline is registered and dashboard user exists
- name: Check Dashboard SS url
become: "yes"
command: >
mysql --user="{{ archivematica_src_am_db_user }}"
--password="{{ archivematica_src_am_db_password }}"
--host="{{ archivematica_src_am_db_host }}"
"{{ archivematica_src_am_db_name }}"
--batch --skip-column-names
--execute="select * from DashboardSettings where name='storage_service_url';"
register: dashboard_ss_url
when: archivematica_src_configure_dashboard|bool
- debug:
msg: "The pipeline is already configured: The dashboard superuser will not be created and the pipeline will not be registered."
when: archivematica_src_configure_dashboard|bool and dashboard_ss_url.stdout != ""
- name: Check Dashboard user
become: "yes"
command: >
mysql --user="{{ archivematica_src_am_db_user }}"
--password="{{ archivematica_src_am_db_password }}"
--host="{{ archivematica_src_am_db_host }}"
"{{ archivematica_src_am_db_name }}"
--batch --skip-column-names
--execute="select * from auth_user where username='{{ archivematica_src_configure_am_user }}';"
register: dashboard_user
when: archivematica_src_configure_dashboard|bool
- debug:
msg: "The dashboard user {{ archivematica_src_configure_am_user }} is already configured: The dashboard superuser will not be created and the pipeline will not be registered."
when: archivematica_src_configure_dashboard|bool and dashboard_user.stdout != ""
# Create api-key if not defined
- set_fact: archivematica_src_configure_am_api_key={{ 999999999999999999998 | random | to_uuid | hash('md5') }}
when: archivematica_src_configure_am_api_key is undefined
- name: "Create Dashboard user and register pipeline on SS"
django_manage:
command: >
install
--username="{{ archivematica_src_configure_am_user }}"
--password="{{ archivematica_src_configure_am_password }}"
--email="{{ archivematica_src_configure_am_email }}"
--site-url="{{ archivematica_src_configure_am_site_url }}"
--org-name="{{ archivematica_src_configure_am_org_name }}"
--org-id="{{ archivematica_src_configure_am_org_id }}"
--api-key="{{ archivematica_src_configure_am_api_key }}"
--ss-url="{{ archivematica_src_configure_ss_url }}"
--ss-user="{{ archivematica_src_configure_ss_user }}"
--ss-api-key="{{ archivematica_src_configure_ss_api_key }}"
--whitelist="{{archivematica_src_configure_am_whitelist}}"
app_path: "{{ archivematica_src_am_dashboard_app }}"
pythonpath: "{{ archivematica_src_am_common_app }}"
virtualenv: "{{ archivematica_src_am_dashboard_virtualenv }}"
environment: "{{ archivematica_src_am_dashboard_environment }}"
when: archivematica_src_configure_dashboard|bool and dashboard_user.stdout == "" and dashboard_ss_url.stdout == ""
#
# Configure AtoM DIP Upload
#
- name: "Configure Dashboard settings"
command: >
mysql --user="{{archivematica_src_am_db_user }}"
--password="{{ archivematica_src_am_db_password }}"
--host="{{ archivematica_src_am_db_host }}"
"{{ archivematica_src_am_db_name }}"
--batch --skip-column-names
--execute="update DashboardSettings set value=\"{{ item.value }}\" where name=\"{{ item.key }}\";"
with_dict: "{{ archivematica_src_configure_dashboardsettings }}"
no_log: True
when:
- archivematica_src_configure_dashboard|bool
- archivematica_src_configure_dashboardsettings is defined
- name: "Create ssh key"
user:
name: "archivematica"
generate_ssh_key: "yes"
ssh_key_type: "ed25519"
ssh_key_file: ".ssh/id_ed25519"
when:
- archivematica_src_configure_dashboard|bool
- archivematica_src_configure_dashboardsettings is defined
- name: "Use StrictHostKeyChecking=no ssh option for archivematica user"
lineinfile:
create: "yes"
path: "/var/lib/archivematica/.ssh/config"
owner: "archivematica"
group: "archivematica"
mode: "0600"
line: "StrictHostKeyChecking no"
when:
- archivematica_src_configure_dashboard|bool
- archivematica_src_configure_dashboardsettings is defined
- name: "Register ssh key"
command: cat /var/lib/archivematica/.ssh/id_ed25519.pub
register: ssh_key
when:
- archivematica_src_configure_dashboard|bool
- archivematica_src_configure_dashboardsettings is defined
- name: "Show ssh key"
debug: msg={{ ssh_key.stdout_lines }}
when:
- archivematica_src_configure_dashboard|bool
- archivematica_src_configure_dashboardsettings is defined
# The rsync user is defined in the rsync_target, as user@host:/path
- name: "Get rsync user for dip upload"
set_fact:
atom_dipupload_ssh_user: "{{ archivematica_src_configure_dashboardsettings['rsync_target'].split('@')[0] }}"
when:
- archivematica_src_configure_dashboard|bool
- archivematica_src_configure_dashboardsettings is defined
- archivematica_src_configure_dashboardsettings['rsync_target'].split('@')[0] != archivematica_src_configure_dashboardsettings['rsync_target']
- name: "Create archivematica user in AtoM server"
user:
name: "{{ atom_dipupload_ssh_user | default('archivematica') }}"
group: "users"
system: True
home: "/home/{{ atom_dipupload_ssh_user | default('archivematica') }}"
createhome: True
shell: "/bin/bash"
delegate_to: "{{ archivematica_src_configure_dashboardsettings['url']|urlsplit('hostname') }}"
remote_user: "{{ archivematica_src_configure_atom_ssh_user | default('artefactual') }}"
when:
- archivematica_src_configure_dashboard|bool
- archivematica_src_configure_dashboardsettings is defined
- name: "Ensure 0755 permission on /home/{{ atom_dipupload_ssh_user | default('archivematica') }} dir"
file:
path: "/home/{{ atom_dipupload_ssh_user | default('archivematica') }}"
state: directory
mode: '0755'
delegate_to: "{{ archivematica_src_configure_dashboardsettings['url']|urlsplit('hostname') }}"
remote_user: "{{ archivematica_src_configure_atom_ssh_user | default('artefactual') }}"
when:
- archivematica_src_configure_dashboard|bool
- archivematica_src_configure_dashboardsettings is defined
- name: "Add ssh key to AtoM server"
authorized_key:
user: "{{ atom_dipupload_ssh_user | default('archivematica') }}"
state: "present"
key: "{{ ssh_key.stdout }}"
delegate_to: "{{ archivematica_src_configure_dashboardsettings['url']|urlsplit('hostname') }}"
remote_user: "{{ archivematica_src_configure_atom_ssh_user | default('artefactual') }}"
when:
- archivematica_src_configure_dashboard|bool
- archivematica_src_configure_dashboardsettings is defined
#
# Configure FPR
#
- name: "Configure fpcommand settings"
command: >
mysql --user="{{archivematica_src_am_db_user }}"
--password="{{ archivematica_src_am_db_password }}"
--host="{{ archivematica_src_am_db_host }}"
"{{ archivematica_src_am_db_name }}"
--batch --skip-column-names
--execute="update fpr_fpcommand set enabled={{ item.value.enabled }} where {{ item.value.field_name }}=\"{{ item.key }}\";"
loop: "{{ lookup('dict',archivematica_src_configure_fpcommand|default({}),wantlist=True) }}"
when:
- archivematica_src_configure_dashboard|bool
- archivematica_src_configure_fpcommand is defined
#
- name: "Configure fprule settings"
command: >
mysql --user="{{archivematica_src_am_db_user }}"
--password="{{ archivematica_src_am_db_password }}"
--host="{{ archivematica_src_am_db_host }}"
"{{ archivematica_src_am_db_name }}"
--batch --skip-column-names
--execute="update fpr_fprule set enabled={{ item.value.enabled }} where {{ item.value.field_name }}=\"{{ item.key }}\";"
loop: "{{ lookup('dict',archivematica_src_configure_fprule|default({}),wantlist=True) }}"
when:
- archivematica_src_configure_dashboard|bool
- archivematica_src_configure_fprule is defined
- name: "Configure locations"
block:
# Get id of the first registered pipeline (id=1)
- name: "Configure AM: get default pipeline UUID from SS database"
become: "yes"
command: mysql {{ archivematica_src_ss_db_name }} -Ns -e "select uuid from locations_pipeline where id='1';"
register: pipeline_uuid
tags: "configure-am"
# Gets the uuid of the first registered space (id=1)
- name: "Configure AM: get default Space UUID from SS database"
become: "yes"
command: mysql {{ archivematica_src_ss_db_name }} -Ns -e "select uuid from locations_space where id='1';"
register: space_uuid
tags: "configure-am"
- name: "Configure AM: get all TS descriptions from SS database"
become: "yes"
command: mysql {{ archivematica_src_ss_db_name }} -Ns -e "select description from locations_location;"
register: location_descriptions
tags: "configure-am"
- name: "Configure SS: add custom locations"
uri:
url: "{{ archivematica_src_configure_ss_url }}/api/v2/location/"
headers:
Content-Type: "application/json"
Authorization: "ApiKey {{ archivematica_src_configure_ss_user }}:{{ archivematica_src_configure_ss_api_key }}"
body:
pipeline: ["/api/v2/pipeline/{{ pipeline_uuid.stdout }}/"]
purpose: "{{ item.location_purpose }}"
relative_path: "{{ item.location_path | regex_replace('^\\/', '') }}"
description: "{{ item.location_description }}"
space: "/api/v2/space/{{ space_uuid.stdout }}/"
default: "{{ item.location_default }}"
body_format: json
status_code: 201
method: POST
when: not location_descriptions.stdout | join('') | regex_search( '(^|\n)'+item.location_description+'(\n|$)' )
with_items: "{{ am_ss_default_locations }}"
tags: "configure-am"
- name: "Configure SS: configure replication locations "
mysql_query:
login_db: "{{ archivematica_src_ss_db_name }}"
login_user: "{{ archivematica_src_ss_db_user }}"
login_password: "{{ archivematica_src_ss_db_password }}"
login_host: "{{ archivematica_src_ss_db_host }}"
query:
- INSERT IGNORE INTO locations_location_replicators(from_location_id,to_location_id) VALUES ((SELECT id FROM locations_location where description = %(aipstore)s and purpose = "AS"),(SELECT id FROM locations_location where description = %(replica)s and purpose = "RP" ));
named_args:
aipstore: "{{ item.location_replication_from }}"
replica: "{{ item.location_description }}"
when:
- item.location_replication_from is defined
with_items:
- "{{ am_ss_default_locations }}"
when: am_ss_default_locations is defined