ansible-htcondor-grycap/tasks/main.yml at 33ea3aafd9c5d33a1063534e0604631696c052f9 · usegalaxy-eu/ansible-htcondor-grycap · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
---
# These steps are based on:
# https://research.cs.wisc.edu/htcondor/get/

- name: Include HTCondor recipe "{{ ansible_os_family }}"
  ansible.builtin.include_tasks: "{{ ansible_os_family }}.yaml"

- name: Configure HTCondor manager role
  ansible.builtin.template:
    src: 01-central-manager.config.j2
    dest: /etc/condor/config.d/01-central-manager.config
    owner: root
    group: root
    mode: '0644'
  when: htcondor_role_manager
  notify: Restart htcondor

- name: Configure htcondor submit role
  ansible.builtin.template:
    src: 01-submit.config.j2
    dest: /etc/condor/config.d/01-submit.config
    owner: root
    group: root
    mode: '0644'
  when: htcondor_role_submit
  notify: Restart htcondor

- name: Configure HTCondor execute role
  ansible.builtin.template:
    src: 01-execute.config.j2
    dest: /etc/condor/config.d/01-execute.config
    owner: root
    group: root
    mode: '0644'
  when: htcondor_role_execute
  notify: Restart htcondor

- name: Configure htcondor shared filesystem domain
  ansible.builtin.template:
    src: 02-domain.config.j2
    dest: /etc/condor/config.d/02-domain.config
    owner: root
    group: root
    mode: '0644'
  when: ((htcondor_role_submit or htcondor_role_execute) and htcondor_domain != "")
  notify: Restart htcondor

- name: Remove the default security configuration for HTCondor 9.0
  ansible.builtin.file:
    path: /etc/condor/config.d/00-htcondor-9.0.config
    state: absent
  when: htcondor_version is version('10.0', '>=')
  notify: Restart htcondor

- name: Get password directory
  ansible.builtin.command: condor_config_val SEC_PASSWORD_DIRECTORY
  changed_when: false
  register: directory

- name: Ensure that the password directory exists
  ansible.builtin.file:
    path: "{{ directory.stdout }}"
    state: directory
    owner: root
    group: root
    mode: '0700'

- name: Store Condor credentials
  ansible.builtin.command: condor_store_cred add -c -i -
  args:
    creates: "/etc/condor/passwords.d/POOL"
    stdin: "{{ htcondor_password }}"
    stdin_add_newline: false

- name: Get tokens directory
  ansible.builtin.command: condor_config_val SEC_TOKEN_SYSTEM_DIRECTORY
  changed_when: false
  register: directory

- name: Ensure that the tokens directory exists
  ansible.builtin.file:
    path: "{{ directory.stdout }}"
    state: directory
    owner: root
    group: root
    mode: '0700'

- name: Issue Condor token
  ansible.builtin.shell: condor_token_create -identity condor@{{ htcondor_server }} > {{ directory.stdout }}/condor@{{ htcondor_server }}
  args:
    creates: "{{ directory.stdout }}/condor@{{ htcondor_server }}"

- name: Is firewalld installed?
  ansible.builtin.package:
    name:
      - firewalld
    state: present
  when: htcondor_firewall_condor or htcondor_firewall_nfs

- name: Open port 9618 for use by HTCondor
  ansible.posix.firewalld:
    port: 9618/tcp
    permanent: true
    state: enabled
    zone: public
  notify: Reload service firewalld
  when: htcondor_firewall_condor

- name: Open NFS port
  ansible.posix.firewalld:
    service: nfs
    permanent: true
    state: enabled
    zone: public
  notify: Reload service firewalld
  when: htcondor_firewall_nfs

- name: Start and enable htcondor service
  ansible.builtin.service:
    name: condor
    state: started
    enabled: true