Name: atmosphere-ansible
Owner: CyVerse
Description: Ansible instance deployment code for Atmosphere
Created: 2015-10-28 18:37:27.0
Updated: 2017-06-19 18:36:38.0
Pushed: 2018-01-12 21:39:12.0
Size: 200702
Language: Shell
GitHub Committers
| User | Most Recent Commit | # Commits |
|---|
Other Committers
| User | Most Recent Commit | # Commits |
|---|
This is an extension point for Atmosphere. It defines (with Ansible) how Atmosphere's instances deploy within the targeted cloud provider.
To look at how Atmosphere utilizes this module, look at the service.deploy.py and our subspace module.
We use this term to denote that an installation of Atmosphere could customize / modify the actions performed when deploying virtual machine instances to a cloud provider by alter the playbooks defined here.
The number prefixing the name of a playbook (example: 20_atmo_user_install.yml) is used to determine the order of execution by subspace. So 20_atmo_user_install.yml happens after 18_atmo_local_user_account.yml. And, 66_atmo_user_ssh_keys.yml will happen last even though it appears second in a directory listing of playbooks. To prevent this, ensure that playbook names do not exceed a prefix of 100. Here is a list of currently executed playbooks:
ble/playbooks/instance_deploy/
00_setup_ssh.yml
10_setup_pkg_mgr.yml
18_atmo_local_user_account.yml
20_atmo_user_install.yml
30_post_user_install.yml
41_shell_access.yml
42_globus_connect.yml
After instance_deploy, these playbooks are run to add user's SSH keys and run their boot scripts.
ble/playbooks/user_deploy/
00_inject_ssh_keys.yml
10_post_boot.yml
Atmosphere-ansible provides optional functionality that is used in some, but not all deployments.
Enable these optional configurations by setting the corresponding variable to true (e.g. in your Ansible group_vars).
| Variable | Purpose | |————————–|———————————————————–| | SETUP_DHCP_CLIENT | DHCP client | | SETUP_LDAP | LDAP client for user authentication | | SETUP_LOCAL_USER_ACCOUNT | Local user account (always runs when SETUP_LDAP not true) | | SETUP_IRODS_ICOMMANDS | iRODS iCommands and iRODS FUSE client | | SETUP_REALVNC_SERVER | RealVNC server for Atmosphere Web Desktop feature | | SETUP_GLOBUS_CONNECT | Globus Connect | | SETUP_GUACAMOLE | Apache Guacamole | | SETUP_NOVNC | NoVNC VNC Client | | SETUP_GUI_BROWSER | Web browser on instances with a GUI | | SET_DESKTOP_BACKGROUND | Set desktop background for instances with a GUI | | SETUP_ATMO_BACKUP | Deploy cyverse_backup script |
Guacamole is a VNC and SSH gateway. If using this feature, GUACAMOLE_SERVER_IP must also be defined.
Security Warning: the Guacamole remote desktop requires unencrypted VNC connections from the Guacamole server to your target instances. Ensure that your Guacamole server connects to instances via a trusted network where no unauthorized parties can listen to network traffic. If these connections transit an untrusted network, anyone listening on the wire would get everything from the unencrypted VNC sessions.
These playbooks are called separately via subspace to verify things such as network connectivity and VNC status for Atmosphere deployments.
ble/playbooks/utils/
atmo_check_novnc.yml
atmo_check_vnc.yml
check_networking.yml
play_role.yml
print_variables.yml
This directory contains playbooks for performing additionaly actions on an instance post-deploy, such as mounting volumes.
ble/playbooks/instance_actions/
check_volume.yml
mount_volume.yml
unmount_volume.yml
This directory will contain playbooks that can be selected by a user and installed. They may contain additional metadata that will help users understand the playbooks intention additionally they may take different arguments depending on the purpose of the playbook.
ble/playbooks/user_customizations/
README.md
add_user.yml
remove_user.yml
This directory contains a playbook prepare_instance_snapshot.yml that syncs and freezes an instance to prepare it for imaging process.
See this troubleshooting page: Troubleshooting Atmosphere Ansible
Generally, new roles should be created using ansible-role-template using Ansible Galaxy. Optionally, test roles using Travis CI as detailed here.
See LICENSE file.