Name: ansible-gridftp
Owner: EMBL-EBI Technology & Science Integration
Description: Install GridFTP servers and clients
Created: 2016-05-09 12:45:30.0
Updated: 2016-05-09 12:45:30.0
Pushed: 2017-06-01 14:15:17.0
Homepage: null
Size: 19
Language: null
GitHub Committers
User | Most Recent Commit | # Commits |
---|
Other Committers
User | Most Recent Commit | # Commits |
---|
Install GridFTP servers and clients. The role will:
Choose the mode to work by setting gridftp_mode
to server
(default) or client
.
By default no anonymous users are allowed, set gridftp_allow_anonymous: no
and change the gridftp_anonymous_user
of your choice (defaults to nobody
).
In order to make GridFTP usable you will need to deploy several certificates in both server and client.
For the server you will need:
For the client you will need:
CA certificates can be deployed in two ways to both servers and clients: using certificate repositories from known CA sources or installing locally trusted CA certificates.
You probably want to install packages repositories from known CA sources, ie EGI, IGTF, EUGridPMA, APGridPMA or TAGPMA. Each repository should be listed in gridftp_ca_cert_repos
along with a list of packages to install. For example:
ftp_ca_cert_repos:
name: EGI-trustanchors
baseurl: http://repository.egi.eu/sw/production/cas/1/current/
gpgkey: http://repository.egi.eu/sw/production/cas/1/GPG-KEY-EUGridPMA-RPM-3
packages:
- ca-policy-egi-core
Local trusted CA certificates can also be installing by listing them in gridftp_ca_local_certs
along with their subject and signing policy. For example:
ftp_ca_local_certs:
name: my_certificate
subject: '/O=Grid/OU=GlobusTest/CN=Globus Simple CA'
policy: '/O=Grid/OU=GlobusTest/*'
cert_file: path/to/certificate
Alternatively you can also specify the certificate's content instead of pointing to a file:
cert: |
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
If both cert_file
and cert
are specified, cert_file
will take overwrite cert
. Leaving both options undefined will try to just change the signing policy using an already existant certificate with the filename equal to the name specified.
You should ask your local CA representative for host (for server) and user (for client) certificates. Once you have a valid host (trusted by your CA) and its accompanying private key install with variables gridftp_host_cert
and gridftp_host_key
(possible holding the host key in the vault).
This role manages globus' grid-mapfile
directly without the use of grid-mapfile- tools. Only mappings defined in gridftp_mapping
will get globus authorization. For example:
ftp_mappings:
ln: vagrant
dn: '/O=Grid/OU=GlobusTest/CN=vagrant'
Installation of fetch-crl (on the server) and UberFTP (on the client) are managed by gridftp_fetchcrl
and gridftp_uberftp
.
See meta/main.yml
.
See defaults/main.yml
.
None.
Example:
sts: gridftp-servers
les:
gridftp
sts: gridftp-clients
les:
gridftp
Licensed under CC-BY-SA 4.0.
Luis Gracia luis.gracia@ebi.ac.uk