diff --git a/roles/firewalld/tasks/main.yml b/roles/firewalld/tasks/main.yml index 04c9b835..7c405a80 100644 --- a/roles/firewalld/tasks/main.yml +++ b/roles/firewalld/tasks/main.yml @@ -1,5 +1,10 @@ --- # tasks file for ../ansible-role-firewalld +- name: Install firewalld + ansible.builtin.package: + name: firewalld + state: present + - name: Make sure firewalld service is enabled ansible.builtin.systemd: name: firewalld diff --git a/roles/provision/README.md b/roles/provision/README.md index ed504005..eb5875df 100644 --- a/roles/provision/README.md +++ b/roles/provision/README.md @@ -24,10 +24,11 @@ The following variables can be set for provisioning Rocky 8+: The following variables can be set for either CentOS 7 or Rocky 8+: -| Name | Description | -| ------------------------ | -------------------------------------------------------------------- | -| `server_locale` | sets the user's language, region, etc. This is set to "en_GB.UTF-8" | -| `external_storage_drive` | path to mounted storage (if using it). By default this is undefined. | +| Name | Description | +| ------------------------- | -------------------------------------------------------------------------------------------------- | +| `server_locale` | sets the user's language, region, etc. This is set to "en_GB.UTF-8" | +| `external_storage_drive` | single path to mounted storage (if using it). By default this is undefined. | +| `external_storage_mounts` | list of paths to mounted storage (if using multiple storage mounts). By default this is undefined. | ## Dependencies diff --git a/roles/provision/defaults/main.yml b/roles/provision/defaults/main.yml index bac0f54a..69f5d268 100644 --- a/roles/provision/defaults/main.yml +++ b/roles/provision/defaults/main.yml @@ -11,3 +11,6 @@ postgresql_rpm_gpg_key_pgdg_x86_64: >- postgresql_rpm_gpg_key_pgdg_aarch64: >- https://apt.postgresql.org/pub/repos/yum/keys/PGDG-RPM-GPG-KEY-AARCH64-RHEL server_locale: en_GB.UTF-8 +provision_mount_points: + "{{ external_storage_mounts | default([external_storage_drive] if + external_storage_drive is defined else []) }}" diff --git a/roles/provision/tasks/check_mounts.yml b/roles/provision/tasks/check_mounts.yml index 527013e8..b456da7e 100644 --- a/roles/provision/tasks/check_mounts.yml +++ b/roles/provision/tasks/check_mounts.yml @@ -1,14 +1,14 @@ --- - name: Ensure correct permissions are set for the mountpoint ansible.builtin.file: - path: "{{ external_storage_drive }}" + path: "{{ mount_point }}" owner: root group: root state: directory mode: "0755" -- name: "Check if storage is mounted: {{ external_storage_drive }}" - ansible.builtin.command: mountpoint {{ external_storage_drive }} +- name: "Check if storage is mounted: {{ mount_point }}" + ansible.builtin.command: mountpoint {{ mount_point }} register: check_mountpoint failed_when: false changed_when: false @@ -22,7 +22,7 @@ - name: Check that storage has been mounted correctly if it was previously not mounted - ansible.builtin.command: mountpoint {{ external_storage_drive }} + ansible.builtin.command: mountpoint {{ mount_point }} when: "'is not a mountpoint' in check_mountpoint.stdout" register: check_mountpoint_again failed_when: "'is not a mountpoint' in check_mountpoint_again.stdout" diff --git a/roles/provision/tasks/main.yml b/roles/provision/tasks/main.yml index 8970841e..7e84e9c3 100644 --- a/roles/provision/tasks/main.yml +++ b/roles/provision/tasks/main.yml @@ -2,7 +2,9 @@ - name: Check mounts are available tags: restart ansible.builtin.include_tasks: check_mounts.yml - when: external_storage_drive is defined + vars: + mount_point: "{{ item }}" + loop: "{{ provision_mount_points }}" - name: Set up for RedHat 7 ansible.builtin.include_tasks: RedHat7.yml diff --git a/roles/xnat/tasks/plugins.yml b/roles/xnat/tasks/plugins.yml index 7d6e0484..bcd12800 100644 --- a/roles/xnat/tasks/plugins.yml +++ b/roles/xnat/tasks/plugins.yml @@ -40,7 +40,9 @@ owner: "{{ xnat.owner }}" group: "{{ xnat.group }}" verify_checksum: always - headers: "{{ package_registry.authentication_header }}" + headers: "{{ package_registry.authentication_header | default(omit) }}" + username: "{{ package_registry.username | default(omit) }}" + password: "{{ package_registry.token | default(omit) }}" register: package_plugins_downloaded with_items: - "{{ xnat_plugin_packages | default([]) }}" diff --git a/roles/xnat_container_service/tasks/add_container_service_hub.yml b/roles/xnat_container_service/tasks/add_container_service_hub.yml new file mode 100644 index 00000000..eb8d0ad9 --- /dev/null +++ b/roles/xnat_container_service/tasks/add_container_service_hub.yml @@ -0,0 +1,29 @@ +--- +- name: Check if Image Host already configured + ansible.builtin.uri: + url: + "{{ web_server.url }}/xapi/docker/hubs/{{ container_registry.name | + urlencode }}" + user: "{{ xnat_service_admin.username }}" + password: "{{ xnat_service_admin.password }}" + method: GET + validate_certs: "{{ ssl.validate_certs }}" + status_code: 200, 404 + register: hub_check + +- name: Configure Image Host + ansible.builtin.uri: + url: "{{ web_server.url }}/xapi/docker/hubs" + user: "{{ xnat_service_admin.username }}" + password: "{{ xnat_service_admin.password }}" + method: POST + body_format: json + body: + name: "{{ container_registry.name }}" + url: "{{ container_registry.url }}" + username: "{{ container_registry.username }}" + password: "{{ container_registry.password }}" + default: "{{ container_registry.default }}" + validate_certs: "{{ ssl.validate_certs }}" + status_code: 200, 201 + when: hub_check.status != 200 diff --git a/roles/xnat_container_service/tasks/main.yml b/roles/xnat_container_service/tasks/main.yml index 1800049e..3b82edb3 100644 --- a/roles/xnat_container_service/tasks/main.yml +++ b/roles/xnat_container_service/tasks/main.yml @@ -57,3 +57,10 @@ container-user: "" validate_certs: "{{ xnat_container_service_validate_certs }}" status_code: 200, 201 + +- name: Set up container service registries + ansible.builtin.include_tasks: add_container_service_hub.yml + vars: + container_registry: "{{ item }}" + loop: "{{ xnat_container_service_hubs | default([]) }}" + when: external_storage_drive is defined