The starting point for the documentation for infrastructure orchestration is at at africa-grid.org/DevOps. As you can see there, most of the services have been expressed as Ansible roles which are used in playbooks to orchestrate the services you want.
I suggest you read the getting started guide first, so that we can continue collaborating.
Those pages are generated from our DevOps repo which contains all of the code.
You will need Ansible and your own fork of the DevOps repo.
The playbook that you need to run is idp-ldap.yml which - as one could guess - deploys an LDAP server as identity store for a shibboleth IdP. It also puts up a tomcat-based web application which serves as user registration and management front-end.
Before you run the playbook
Be sure that you have defined your
group_vars correctly - this is the main source of issues when re-using the playbook. See the examples in
To see which variables need to be set, take a look at the role-specific variables:
- IDPPublic web interface
Do not change the variables in
vars/main.yml, but add these to your
Define your site
Before you run the playbook, express your site configuration with an inventory and group_vars :
Add a file to
inventories/ , e.g.
As an example where you have CentOS servers at your site, and the connection is made with an
ansible user :
ldap.your.site needs_certificate=false ansible_user=ansible
idp.your.site needs_certificate=false min_jvm_size=1024m ansible_user=ansible
needs_certificate is set to
true then the playbook will try to install the relevant packages and look for the host certificate to push to the server. This is best left as a post-process for now.
group_vars file should then be in
group_vars/your-site (change this to whatever you want), and contain the relevant variables for the site. Look at the
identity-all file for an example.
Before you run the playbook, add your files to
group_vars and send a pull request back to the AAROC/DevOps repo. We will review the variables and suggest any changes.