-
Notifications
You must be signed in to change notification settings - Fork 30
Getting Set Up At TACC
For best results (and for it to work at all for Main) you'll need to run from inside TACC. I typically use galaxy04.tacc.utexas.edu as my base of operations.
You'll want to perform these steps as your own TACC user. If you don't have a TACC user or are unable to log in to our TACC hosts, create an account at the TACC Portal and send your TACC username to Nate.
First, on your own system, configure SSH agent forwarding by adding the following to your ~/.ssh/config:
Host *.tacc.utexas.edu
User <your-tacc-username>
ForwardAgent yes
Now ssh galaxy04.tacc.utexas.edu.
Install Ansible, see requirements
Create virtualenvs like so:
$ virtualenv ansible
$ . ./ansible/bin/activate
(ansible)$ pip install 'ansible<2.4'Don't forget to recursively clone the playbook:
$ git clone --recursive https://github.com/galaxyproject/usegalaxy-playbook.gitIt's very useful to have pass set up over on galaxy04 so you don't have to use your clipboard to manage the vault password. pass is already installed, so all you need to do is clone the password store to ~/.password-store and set up gpg-agent by adding to your shell startup files:
gpg_agent_info="${HOME}/.gnupg/gpg_agent_info"
start_gpg_agent() {
eval $(gpg-agent --daemon --write-env-file $gpg_agent_info --log-file ${HOME}/.gnupg/gpg-agent.log)
}
if [ -f $gpg_agent_info ]; then
. $gpg_agent_info
export GPG_AGENT_INFO
[ "$(ps -p $(echo $GPG_AGENT_INFO | awk -F: '{print $2}') -o comm=)" != 'gpg-agent' ] && start_gpg_agent
else
start_gpg_agent
fiYou also need to import your public and private gpg keys onto the galaxy04. Guide here
This allows you to run Ansible like:
$ pass ansible/vault/usegalaxy | ansible-playbook --vault=/bin/cat ...A handy alias might be:
alias use-playbook='pass ansible/vault/usegalaxy | ansible-playbook --vault=/bin/cat'Then use with (for example):
$ use-playbook -i stage/inventory galaxy_configs.ymlHowever, this shell function should make your life much easier:
ansible-env() {
local env envs playbook playbooks
if [ -z "$1" -o ! -d "env/$1" ]; then
for env in env/*; do
env=$(basename $env)
[ "$env" = 'common' ] && continue
[ -z "$envs" ] && envs="$env" || envs="$envs|$env"
done
echo "usage: ansible-env $envs <operation>"
return 1
else
env="$1"
shift
fi
if [ -z "$1" -o ! -f "env/${env}/${1}.yml" ]; then
for playbook in env/${env}/*.yml; do
playbook=$(basename $playbook .yml)
echo "$playbook" | grep -q '^_' && continue
[ -z "$playbooks" ] && playbooks="$playbook" || playbooks="$playbooks|$playbook"
done
echo "usage: ansible-env $env $playbooks"
return 1
else
op="$1"
shift
fi
case $(basename $PWD) in
*usegalaxy*)
parent=usegalaxy
;;
*infrastructure*)
parent=infrastructure
;;
*)
echo 'Cannot determine playbook directory (are you running from the root of the playbook repo?)'
return 1
;;
esac
playbook=env/${env}/${op}.yml
pass ansible/vault/${parent} | ansible-playbook -i env/${env}/inventory $playbook --vault-password=/bin/cat "$@"
}It is used like so:
$ ansible-env test update [additional ansible-playbook options...]Run without args to see available environments. Run with an environment arg but without an operation arg to see available operations.