Ansible tasks to setup GCSv5 for testing

.env.j2

# Managed by Ansible, do not edit this file directly

# Source this file to run `globus-connect-server` commands as the client
export GLOBUS_SDK_ENVIRONMENT={{ globus_sdk_environment }}
export GCS_CLI_CLIENT_ID={{ gcs_cli_client_id }}
export GCS_CLI_CLIENT_SECRET={{ gcs_cli_client_secret }}
export GCS_CLI_ENDPOINT_ID=$(jq -r .client_id /home/ubuntu/deployment-key.json)

group_vars.yml

# gcsv5-setup
globus_organization: Mike A.
globus_users:
  - user: mike.a
    group: mike.a
globus_contact_email: [email protected]
globus_domain: globus.org
globus_owner: "{{ vault_globus_owner }}"
globus_project_id: "{{ vault_globus_project_id }}"
gcs_cli_client_id: "{{ vault_gcs_cli_client_id }}"
gcs_cli_client_secret: "{{ vault_gcs_cli_client_secret }}"
globus_transfer_hosts: "{{ vault_globus_transfer_hosts }}"
globus_sdk_environment: sandbox
globus_os_environment:
  - key: GLOBUS_SDK_ENVIRONMENT
    value: "{{ globus_sdk_environment }}"

globus_test_files:
  - name: file1.txt
    content: file1
  - name: file2.txt
    content: file2
  - name: file3.txt
    content: file3

identity-mapping.json

{
    "DATA_TYPE": "expression_identity_mapping#1.0.0",
    "mappings": [
      {
        "source": "{id}",
        "match": "{{ gcs_cli_client_id }}",
        "output": "mike.a",
        "literal": true
      },
      {
        "source": "{id}",
        "match": "{{ gcs_cli_client_id }}",
        "output": "test_local_user",
        "literal": true
      },
      {
        "source": "{username}",
        "match": "(.*)@globus\\.org",
        "output": "{0}"
      }
    ]
}

main.yml

---
- name: Update hosts file if variable is set
  become: true
  lineinfile:
    dest: /etc/hosts
    regexp: '^{{ item.hostname }}'
    line: '{{ item.ip }} {{ item.hostname }}'
    state: present
  loop: "{{ globus_transfer_hosts }}"
  when: globus_transfer_hosts is defined

- name: Set Globus environment variables
  become: yes
  lineinfile:
    dest: "/etc/environment"
    state: present
    regexp: "^{{ item.key }}="
    line: "{{ item.key }}={{ item.value }}"
  with_items: "{{ globus_os_environment }}"
  when: globus_os_environment is defined

- name: Create globus users with home dir
  become: yes
  user:
    name: "{{ item.user }}"
    createhome: true
    home: "/home/{{ item.user }}"
  with_items: "{{ globus_users }}"

- name: Check if deployment key file exists
  stat:
    path: "{{ ansible_env.HOME }}/deployment-key.json"
  register: deployment_key_file

- name: Create a gcs endpoint
  command: |
    globus-connect-server endpoint setup \
      --organization "{{ globus_organization }}"
      --contact-email "{{ globus_contact_email }}"
      --project-id "{{ globus_project_id }}"
      --owner "{{ globus_owner }}"
      --agree-to-letsencrypt-tos \
      --deployment-key "{{ ansible_env.HOME }}/deployment-key.json" \
      "{{ ec2_instance_name }}"
  when: not deployment_key_file.stat.exists

- name: Register the endpoint id
  command: jq -r .client_id {{ ansible_env.HOME }}/deployment-key.json
  register: gcs_endpoint_id

- name: Create the GCS node
  become: yes
  become_flags: "--preserve-env"
  shell: |
    globus-connect-server node setup
    touch "{{ ansible_env.HOME }}/.gcs_node_setup"
  args:
    creates: "{{ ansible_env.HOME }}/.gcs_node_setup"

- name: Register the endpoint subscription
  environment:
    GCS_CLI_ENDPOINT_ID: "{{ gcs_endpoint_id.stdout }}"
  shell: |
    globus-connect-server endpoint set-subscription-id "{{ globus_subscription_id }}"
    touch {{ ansible_env.HOME }}/.gcs_subscription
  args:
    creates: "{{ ansible_env.HOME }}/.gcs_subscription"
  when: globus_subscription_id is defined

- name: Create the identity-mapping.json file locally
  template:
    src: identity-mapping.json
    dest: "{{ ansible_env.HOME }}/identity-mapping.json"

- name: Create the .env file useful for troubleshooting
  template:
    src: .env.j2
    dest: "{{ ansible_env.HOME }}/.env"

- name: Create a POSIX GCS storage gateway
  environment:
    GCS_CLI_ENDPOINT_ID: "{{ gcs_endpoint_id.stdout }}"
  shell: |
    globus-connect-server storage-gateway create posix \
      "{{ ec2_instance_name }} Gateway" \
      --domain "{{ globus_domain }}" \
      --domain "{{ globus_client_domain }}" \
      --identity-mapping file:identity-mapping.json \
      --authentication-timeout-mins $((60 * 24 * 30)) \
      --user-deny root \
      {% if is_high_assurance -%}
      --high-assurance \
      {%- endif %}
      --format json | jq -r .id > {{ ansible_env.HOME }}/.gcs_storage_gateway
  args:
    creates: "{{ ansible_env.HOME }}/.gcs_storage_gateway"

- name: Register the storage_gateway_id
  command: cat {{ ansible_env.HOME }}/.gcs_storage_gateway
  register: gcs_storage_gateway_id

- name: Create a mapped collection
  environment:
    GCS_CLI_ENDPOINT_ID: "{{ gcs_endpoint_id.stdout }}"
  shell:
    globus-connect-server collection create \
    "{{ gcs_storage_gateway_id.stdout }}" / "{{ ec2_instance_name }} mapped collection" \
    --organization "{{ globus_organization }}" \
    --contact-email "{{ globus_contact_email }}" \
    --enable-https \
    --allow-guest-collections \
    --format json > "{{ ansible_env.HOME }}/.gcs_mapped_collection"
  args:
    creates: "{{ ansible_env.HOME }}/.gcs_mapped_collection"

- name: Create test folder structure /share/godata
  become: yes
  file:
    path: "/home/{{ item.user }}/share/godata"
    state: directory
    owner: "{{ item.user }}"
    group: "{{ item.group }}"
  with_items: "{{ globus_users }}"

- name: Create directory with no permissions
  become: yes
  file:
    path: "/home/{{ item.user }}/no_permissions/godata"
    state: directory
    mode: 000
  with_items: "{{ globus_users }}"

- name: Create test files
  become: yes
  copy:
    content: "{{ item.content }}"
    dest: "/home/{{ item.user }}/share/godata/{{ item.name }}"
    owner: "{{ item.user }}"
    group: "{{ item.group }}"
  with_items: "{{ globus_test_files | product(globus_users) | map('combine') }}"