From 9cbd8d77a8565567f653737e56a277ebcae8e724 Mon Sep 17 00:00:00 2001 From: Dawa Ometto Date: Mon, 23 Mar 2026 10:47:52 +0100 Subject: [PATCH 01/41] role fact_workspace_info: define venv fact here role postgresql: install ansible module dependency in SRC venv --- docs/roles/fact_regular_users.md | 1 - docs/roles/fact_workspace_info.md | 1 + playbooks/roles/fact_regular_users/meta/main.yml | 2 ++ playbooks/roles/fact_regular_users/tasks/main.yml | 9 --------- playbooks/roles/fact_workspace_info/tasks/main.yml | 9 +++++++++ playbooks/roles/postgresql/meta/main.yml | 3 +++ playbooks/roles/postgresql/tasks/provision.yml | 1 + 7 files changed, 16 insertions(+), 10 deletions(-) create mode 100644 playbooks/roles/postgresql/meta/main.yml diff --git a/docs/roles/fact_regular_users.md b/docs/roles/fact_regular_users.md index fc5f00b1..ab6e6ec1 100644 --- a/docs/roles/fact_regular_users.md +++ b/docs/roles/fact_regular_users.md @@ -8,7 +8,6 @@ Defines the following facts: - `fact_regular_users` -- list of dicts containing user info about regular users. - `fact_co_groups` -- dict with group names from the CO as keys, and lists of usernames in those groups as values. - - `fact_src_ansible_venv` -- string path to the python environment currently being used by Ansible. Can be used to install additional `pip` dependencies for Ansible modules into the correct environment. Empty string if Ansible is not using a virtual environment (but instead the global system python environment). ## Requires Linux flavor operating system. diff --git a/docs/roles/fact_workspace_info.md b/docs/roles/fact_workspace_info.md index c645aba6..4a272b7b 100644 --- a/docs/roles/fact_workspace_info.md +++ b/docs/roles/fact_workspace_info.md @@ -7,6 +7,7 @@ Makes information about the workspace and CO available as Ansible facts. Provide - `fact_workspace_info` -- Dict. Object containing info about the workspace (CO, user endpoint URL, etc.)/ - `fact_desktop_workspace` -- Boolean. True if the workspace has a desktop environment. - `fact_workspace_storage` -- List. List of Strings of paths to ResearchCloud storage volumes mounted on the workspace. +- `fact_src_ansible_venv` -- string path to the python environment currently being used by Ansible. Can be used to install additional `pip` dependencies for Ansible modules into the correct environment. Empty string if Ansible is not using a virtual environment (but instead the global system python environment). ## Requires Linux flavor operating system. diff --git a/playbooks/roles/fact_regular_users/meta/main.yml b/playbooks/roles/fact_regular_users/meta/main.yml index bf7961c7..f6119543 100644 --- a/playbooks/roles/fact_regular_users/meta/main.yml +++ b/playbooks/roles/fact_regular_users/meta/main.yml @@ -16,3 +16,5 @@ galaxy_info: - name: EL versions: - all +dependencies: + - fact_workspace_info diff --git a/playbooks/roles/fact_regular_users/tasks/main.yml b/playbooks/roles/fact_regular_users/tasks/main.yml index 6a0d5444..69ee0bce 100644 --- a/playbooks/roles/fact_regular_users/tasks/main.yml +++ b/playbooks/roles/fact_regular_users/tasks/main.yml @@ -21,15 +21,6 @@ - min when: ansible_os_family is not defined -- name: Determine whether ansible is running in a virtual env - ansible.builtin.stat: - path: /etc/src/venv/src-venv - register: src_ansible_venv - -- name: Set src_ansible_venv fact - ansible.builtin.set_fact: - fact_src_ansible_venv: "{{ src_ansible_venv.stat.exists | ternary('/etc/src/venv/src-venv', '') }}" - # jmespath is required for filter - name: Install jmespath globally when: not fact_src_ansible_venv # ansible is using the global python interpreter diff --git a/playbooks/roles/fact_workspace_info/tasks/main.yml b/playbooks/roles/fact_workspace_info/tasks/main.yml index 8721ebbe..9a8a51f0 100644 --- a/playbooks/roles/fact_workspace_info/tasks/main.yml +++ b/playbooks/roles/fact_workspace_info/tasks/main.yml @@ -1,4 +1,13 @@ --- +- name: Determine whether ansible is running in a virtual env + ansible.builtin.stat: + path: /etc/src/venv/src-venv + register: src_ansible_venv + +- name: Set src_ansible_venv fact + ansible.builtin.set_fact: + fact_src_ansible_venv: "{{ src_ansible_venv.stat.exists | ternary('/etc/src/venv/src-venv', '') }}" + - name: Get workspace.json file ansible.builtin.command: cat /etc/rsc/workspace.json changed_when: false diff --git a/playbooks/roles/postgresql/meta/main.yml b/playbooks/roles/postgresql/meta/main.yml new file mode 100644 index 00000000..f5521a5f --- /dev/null +++ b/playbooks/roles/postgresql/meta/main.yml @@ -0,0 +1,3 @@ +--- +dependencies: + - role: fact_workspace_info diff --git a/playbooks/roles/postgresql/tasks/provision.yml b/playbooks/roles/postgresql/tasks/provision.yml index faf10c6e..3b2b93a5 100644 --- a/playbooks/roles/postgresql/tasks/provision.yml +++ b/playbooks/roles/postgresql/tasks/provision.yml @@ -3,6 +3,7 @@ ansible.builtin.pip: name: psycopg2-binary state: present + executable: "{{ fact_src_ansible_venv }}/bin/pip" - name: Create PostgreSQL database community.postgresql.postgresql_db: From c4723f764e9de2b9688111d6904f71d58f98aaf3 Mon Sep 17 00:00:00 2001 From: Dawa Ometto Date: Mon, 23 Mar 2026 10:49:11 +0100 Subject: [PATCH 02/41] role irods_server: don't use pyton rules plugin --- playbooks/roles/irods_server/defaults/main.yml | 1 + playbooks/roles/irods_server/tasks/main.yml | 13 ++++++++----- 2 files changed, 9 insertions(+), 5 deletions(-) diff --git a/playbooks/roles/irods_server/defaults/main.yml b/playbooks/roles/irods_server/defaults/main.yml index 1f72a1c6..7e4a8168 100644 --- a/playbooks/roles/irods_server/defaults/main.yml +++ b/playbooks/roles/irods_server/defaults/main.yml @@ -10,3 +10,4 @@ irods_server_db_host: localhost irods_server_db_port: 5432 irods_server_db_driver: "PostgreSQL ANSI" irods_server_start: start +irods_server_core_re: false diff --git a/playbooks/roles/irods_server/tasks/main.yml b/playbooks/roles/irods_server/tasks/main.yml index 492aa8e6..537fe448 100644 --- a/playbooks/roles/irods_server/tasks/main.yml +++ b/playbooks/roles/irods_server/tasks/main.yml @@ -11,7 +11,6 @@ name: - irods-server - irods-database-plugin-postgres - - irods-rule-engine-plugin-python - irods-icommands - name: Prepare systemd unit file for irods @@ -26,7 +25,7 @@ ansible.builtin.systemd: daemon_reload: true -- name: Configure ODBC driver for Rocky 9+ +- name: Configure ODBC driver ansible.builtin.set_fact: irods_server_db_driver: "PostgreSQL" when: ansible_pkg_mgr == 'dnf' @@ -61,14 +60,17 @@ - name: Generate zone key ansible.builtin.command: openssl rand -hex 16 register: irods_server_zone_key + changed_when: false - name: Generate negotiation key ansible.builtin.command: openssl rand -hex 16 register: irods_server_negotiation_key + changed_when: false - name: Generate control plane key ansible.builtin.command: openssl rand -hex 16 register: irods_server_control_plane_key + changed_when: false - name: Prepare iRODS server configuration file when: not irods_config_data.stat.exists @@ -86,10 +88,11 @@ state: present line: " return" -- name: Configure empty python ruleset core.py +- name: Configure empty ruleset ansible.builtin.copy: - content: "" - dest: /etc/irods/core.py + when: irods_server_core_re or irods_server_core_re == "" + content: "{{ irods_server_core_re }}" + dest: /etc/irods/core.re mode: "0644" force: false From f85cccc6b6cc455fe6e4589783a183dfa5f4876c Mon Sep 17 00:00:00 2001 From: Dawa Ometto Date: Mon, 23 Mar 2026 11:35:18 +0100 Subject: [PATCH 03/41] role irods_server: add support for hooks --- .../roles/irods_server/defaults/main.yml | 3 ++ .../irods_server/files/hooks_training.re | 34 +++++++++++++++++++ playbooks/roles/irods_server/tasks/main.yml | 10 +++++- .../server_unattended_config.json.j2 | 5 ++- playbooks/roles/irods_server/vars/hooks.yml | 2 ++ 5 files changed, 52 insertions(+), 2 deletions(-) create mode 100644 playbooks/roles/irods_server/files/hooks_training.re create mode 100644 playbooks/roles/irods_server/vars/hooks.yml diff --git a/playbooks/roles/irods_server/defaults/main.yml b/playbooks/roles/irods_server/defaults/main.yml index 7e4a8168..3c1019d3 100644 --- a/playbooks/roles/irods_server/defaults/main.yml +++ b/playbooks/roles/irods_server/defaults/main.yml @@ -11,3 +11,6 @@ irods_server_db_port: 5432 irods_server_db_driver: "PostgreSQL ANSI" irods_server_start: start irods_server_core_re: false +irods_server_hooks_files: + hooks.re: "" + hooks_training.re: "{{ irods_server_hooks_training }}" diff --git a/playbooks/roles/irods_server/files/hooks_training.re b/playbooks/roles/irods_server/files/hooks_training.re new file mode 100644 index 00000000..a7d13bfe --- /dev/null +++ b/playbooks/roles/irods_server/files/hooks_training.re @@ -0,0 +1,34 @@ +acPostProcForPut{ + ON($objPath like "/$rodsZoneClient/home/$userNameClient/event/*"){ + msiWriteRodsLog("LOGGING: object", *Status); + msiWriteRodsLog("$objPath triggered event hook", *Status); + msiAddKeyVal(*Keyval,"TRIGGER","acPostProcForPut"); + msiGetObjType($objPath, *objType); + msiAssociateKeyValuePairsToObj(*Keyval,$objPath,*objType); + msiSetACL("default", "read", $userNameClient, $objPath); + msiWriteRodsLog("LOGGING END", *Status); + } +} + +acPostProcForPut{ + ON($objPath like "*/santa.txt"){ + msiWriteRodsLog("$objPath triggered event hook", *Status); + msiGetObjType($objPath, *objType); + msiAddKeyVal(*Keyval,"Santa says","Merry Christmas!"); + msiAssociateKeyValuePairsToObj(*Keyval,$objPath,*objType); + } +} + +acPostProcForPut { } + +acPostProcForCollCreate{ + ON($collName like "/$rodsZoneClient/home/$userNameClient/event/*"){ + msiWriteRodsLog("LOGGING: Collection", *Status); + msiWriteRodsLog("$collName triggered event hook", *Status); + msiAddKeyVal(*Keyval,"TRIGGER","acPostProcForCollCreate"); + msiAssociateKeyValuePairsToObj(*Keyval,$collName,"-C"); + msiWriteRodsLog("LOGGING END", *Status); + } +} + +acPostProcForCollCreate { } diff --git a/playbooks/roles/irods_server/tasks/main.yml b/playbooks/roles/irods_server/tasks/main.yml index 537fe448..6bd8e402 100644 --- a/playbooks/roles/irods_server/tasks/main.yml +++ b/playbooks/roles/irods_server/tasks/main.yml @@ -89,13 +89,21 @@ line: " return" - name: Configure empty ruleset - ansible.builtin.copy: when: irods_server_core_re or irods_server_core_re == "" + ansible.builtin.copy: content: "{{ irods_server_core_re }}" dest: /etc/irods/core.re mode: "0644" force: false +- name: Configure hooks + loop: irods_server_hooks_files | dict2items + ansible.builtin.copy: + content: "{{ item.value }}" + dest: /etc/irods/{{ item.key }} + mode: "0644" + force: false + - name: Run irods configuration script when: irods_server_start == "start" ansible.builtin.command: python3 /var/lib/irods/scripts/setup_irods.py --json_configuration_file /etc/irods/server_unattended_config.json diff --git a/playbooks/roles/irods_server/templates/server_unattended_config.json.j2 b/playbooks/roles/irods_server/templates/server_unattended_config.json.j2 index 28aa8f17..8ac4058e 100644 --- a/playbooks/roles/irods_server/templates/server_unattended_config.json.j2 +++ b/playbooks/roles/irods_server/templates/server_unattended_config.json.j2 @@ -123,7 +123,10 @@ "core" ], "re_rulebase_set": [ - "core" + "core", + {% for filename in irods_server_hooks_files.keys() %} + "{{ k }}", + {% endfor %} ], "regexes_for_supported_peps": [ "ac[^ ]*", diff --git a/playbooks/roles/irods_server/vars/hooks.yml b/playbooks/roles/irods_server/vars/hooks.yml new file mode 100644 index 00000000..a7f6098e --- /dev/null +++ b/playbooks/roles/irods_server/vars/hooks.yml @@ -0,0 +1,2 @@ +--- +irods_server_hooks_training: "{{ lookup('ansible.builtin.file', 'hooks_training.re') }}" From 6f235754726714327c646567c0daf194170e70a4 Mon Sep 17 00:00:00 2001 From: Dawa Ometto Date: Mon, 23 Mar 2026 11:42:27 +0100 Subject: [PATCH 04/41] role irods_server: support external storage --- playbooks/roles/irods_server/defaults/main.yml | 2 ++ .../irods_server/templates/server_unattended_config.json.j2 | 4 ++-- playbooks/roles/irods_server/vars/main.yml | 2 ++ 3 files changed, 6 insertions(+), 2 deletions(-) create mode 100644 playbooks/roles/irods_server/vars/main.yml diff --git a/playbooks/roles/irods_server/defaults/main.yml b/playbooks/roles/irods_server/defaults/main.yml index 3c1019d3..a40fe1ee 100644 --- a/playbooks/roles/irods_server/defaults/main.yml +++ b/playbooks/roles/irods_server/defaults/main.yml @@ -14,3 +14,5 @@ irods_server_core_re: false irods_server_hooks_files: hooks.re: "" hooks_training.re: "{{ irods_server_hooks_training }}" +irods_server_default_rsc_name: trainingResc +irods_server_use_external_storage: true diff --git a/playbooks/roles/irods_server/templates/server_unattended_config.json.j2 b/playbooks/roles/irods_server/templates/server_unattended_config.json.j2 index 8ac4058e..3c571ffc 100644 --- a/playbooks/roles/irods_server/templates/server_unattended_config.json.j2 +++ b/playbooks/roles/irods_server/templates/server_unattended_config.json.j2 @@ -1,7 +1,7 @@ { "admin_password": "{{ irods_server_admin_password }}", - "default_resource_directory": "/var/lib/irods/Vault", - "default_resource_name": "demoResc", + "default_resource_directory": "{{ irods_server_default_rsc_path }}", + "default_resource_name": "{{ irods_server_default_rsc_name }}", "host_system_information": { "service_account_user_name": "irods", "service_account_group_name": "irods" diff --git a/playbooks/roles/irods_server/vars/main.yml b/playbooks/roles/irods_server/vars/main.yml new file mode 100644 index 00000000..5004b279 --- /dev/null +++ b/playbooks/roles/irods_server/vars/main.yml @@ -0,0 +1,2 @@ +--- +irods_server_default_rsc_path: "{{ (irods_server_use_external_storage and (fact_workspace_storage[0]['mount'] | default(false, true))) or '/var/lib/irods' }}/Vault" # if set to use external storage, and an external storage was found, use the first external storage From 38eee31a7fe9b681eb95664f7a067460e3863364 Mon Sep 17 00:00:00 2001 From: Dawa Ometto Date: Mon, 23 Mar 2026 11:46:48 +0100 Subject: [PATCH 05/41] role irods_server: small refactor --- playbooks/roles/irods_server/defaults/main.yml | 1 - playbooks/roles/irods_server/tasks/main.yml | 5 ----- playbooks/roles/irods_server/vars/main.yml | 1 + 3 files changed, 1 insertion(+), 6 deletions(-) diff --git a/playbooks/roles/irods_server/defaults/main.yml b/playbooks/roles/irods_server/defaults/main.yml index a40fe1ee..dfec43d2 100644 --- a/playbooks/roles/irods_server/defaults/main.yml +++ b/playbooks/roles/irods_server/defaults/main.yml @@ -8,7 +8,6 @@ irods_server_db_username: irods irods_server_db_password: db{{ irods_server_admin_password }} irods_server_db_host: localhost irods_server_db_port: 5432 -irods_server_db_driver: "PostgreSQL ANSI" irods_server_start: start irods_server_core_re: false irods_server_hooks_files: diff --git a/playbooks/roles/irods_server/tasks/main.yml b/playbooks/roles/irods_server/tasks/main.yml index 6bd8e402..e237e126 100644 --- a/playbooks/roles/irods_server/tasks/main.yml +++ b/playbooks/roles/irods_server/tasks/main.yml @@ -25,11 +25,6 @@ ansible.builtin.systemd: daemon_reload: true -- name: Configure ODBC driver - ansible.builtin.set_fact: - irods_server_db_driver: "PostgreSQL" - when: ansible_pkg_mgr == 'dnf' - - name: Create ICAT database and db user and password protect PostgreSQL loopback access ansible.builtin.include_tasks: icat.yml args: diff --git a/playbooks/roles/irods_server/vars/main.yml b/playbooks/roles/irods_server/vars/main.yml index 5004b279..3f78a2e8 100644 --- a/playbooks/roles/irods_server/vars/main.yml +++ b/playbooks/roles/irods_server/vars/main.yml @@ -1,2 +1,3 @@ --- irods_server_default_rsc_path: "{{ (irods_server_use_external_storage and (fact_workspace_storage[0]['mount'] | default(false, true))) or '/var/lib/irods' }}/Vault" # if set to use external storage, and an external storage was found, use the first external storage +irods_server_db_driver: "{{ ansible_pkg_mgr == 'dnf' | ternary('PostgreSQL', 'PostgreSQL ANSI') }}" From fa6433618104aff4750abdb9c11be557753b700d Mon Sep 17 00:00:00 2001 From: Dawa Ometto Date: Mon, 23 Mar 2026 11:57:04 +0100 Subject: [PATCH 06/41] role irods_server: try removing hostname hacks --- playbooks/roles/irods_server/tasks/main.yml | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/playbooks/roles/irods_server/tasks/main.yml b/playbooks/roles/irods_server/tasks/main.yml index e237e126..d9131f42 100644 --- a/playbooks/roles/irods_server/tasks/main.yml +++ b/playbooks/roles/irods_server/tasks/main.yml @@ -47,11 +47,6 @@ irods_server_host: "{{ workspace_fqdn }}" when: workspace_fqdn is defined -# below update of hostname ensures that demoResc iRODS resource will have proper host attribute -- name: Ensure hostname is FQDN (hack needed because hostname FQDN incomplete) - ansible.builtin.command: hostname "{{ workspace_fqdn }}" - when: workspace_fqdn is defined - - name: Generate zone key ansible.builtin.command: openssl rand -hex 16 register: irods_server_zone_key @@ -76,13 +71,6 @@ group: root mode: "0600" -- name: Bypass hostname check in iRODS setup (hack needed for irods 4.3.3 because workspace FQDN != localhost) - ansible.builtin.lineinfile: - path: /var/lib/irods/scripts/setup_irods.py - insertafter: ^def check_hostname - state: present - line: " return" - - name: Configure empty ruleset when: irods_server_core_re or irods_server_core_re == "" ansible.builtin.copy: From a4c2ea0d307a3f490243b4f6e68048c38c3e73c3 Mon Sep 17 00:00:00 2001 From: Dawa Ometto Date: Mon, 23 Mar 2026 13:49:07 +0100 Subject: [PATCH 07/41] role irods_server: allow enabling or disabling training config --- playbooks/roles/irods_server/defaults/main.yml | 4 +++- playbooks/roles/irods_server/vars/hooks.yml | 2 -- playbooks/roles/irods_server/vars/main.yml | 1 + 3 files changed, 4 insertions(+), 3 deletions(-) delete mode 100644 playbooks/roles/irods_server/vars/hooks.yml diff --git a/playbooks/roles/irods_server/defaults/main.yml b/playbooks/roles/irods_server/defaults/main.yml index dfec43d2..83d1e6e4 100644 --- a/playbooks/roles/irods_server/defaults/main.yml +++ b/playbooks/roles/irods_server/defaults/main.yml @@ -12,6 +12,8 @@ irods_server_start: start irods_server_core_re: false irods_server_hooks_files: hooks.re: "" - hooks_training.re: "{{ irods_server_hooks_training }}" + hooks_training.re: "{{ irods_server_training | bool | + default(false, true) | ternary(irods_server_hooks_training, omit) }}" irods_server_default_rsc_name: trainingResc irods_server_use_external_storage: true +irods_server_training: false diff --git a/playbooks/roles/irods_server/vars/hooks.yml b/playbooks/roles/irods_server/vars/hooks.yml deleted file mode 100644 index a7f6098e..00000000 --- a/playbooks/roles/irods_server/vars/hooks.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -irods_server_hooks_training: "{{ lookup('ansible.builtin.file', 'hooks_training.re') }}" diff --git a/playbooks/roles/irods_server/vars/main.yml b/playbooks/roles/irods_server/vars/main.yml index 3f78a2e8..59a093f3 100644 --- a/playbooks/roles/irods_server/vars/main.yml +++ b/playbooks/roles/irods_server/vars/main.yml @@ -1,3 +1,4 @@ --- irods_server_default_rsc_path: "{{ (irods_server_use_external_storage and (fact_workspace_storage[0]['mount'] | default(false, true))) or '/var/lib/irods' }}/Vault" # if set to use external storage, and an external storage was found, use the first external storage irods_server_db_driver: "{{ ansible_pkg_mgr == 'dnf' | ternary('PostgreSQL', 'PostgreSQL ANSI') }}" +irods_server_hooks_training: "{{ lookup('ansible.builtin.file', 'hooks_training.re') }}" From 38ab55f5a63e0c1d6d672b3aa6f735dff2eb4e99 Mon Sep 17 00:00:00 2001 From: Dawa Ometto Date: Mon, 23 Mar 2026 14:24:12 +0100 Subject: [PATCH 08/41] fix template loop --- .../irods_server/templates/server_unattended_config.json.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/playbooks/roles/irods_server/templates/server_unattended_config.json.j2 b/playbooks/roles/irods_server/templates/server_unattended_config.json.j2 index 3c571ffc..e3d0e292 100644 --- a/playbooks/roles/irods_server/templates/server_unattended_config.json.j2 +++ b/playbooks/roles/irods_server/templates/server_unattended_config.json.j2 @@ -125,7 +125,7 @@ "re_rulebase_set": [ "core", {% for filename in irods_server_hooks_files.keys() %} - "{{ k }}", + "{{ filename }}", {% endfor %} ], "regexes_for_supported_peps": [ From 2abb6c5298676d05b6fed826ad65726572abc575 Mon Sep 17 00:00:00 2001 From: Dawa Ometto Date: Mon, 23 Mar 2026 14:43:04 +0100 Subject: [PATCH 09/41] fix loop syntax --- playbooks/roles/irods_server/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/playbooks/roles/irods_server/tasks/main.yml b/playbooks/roles/irods_server/tasks/main.yml index d9131f42..97d86011 100644 --- a/playbooks/roles/irods_server/tasks/main.yml +++ b/playbooks/roles/irods_server/tasks/main.yml @@ -80,7 +80,7 @@ force: false - name: Configure hooks - loop: irods_server_hooks_files | dict2items + loop: "{{ irods_server_hooks_files | dict2items }}" ansible.builtin.copy: content: "{{ item.value }}" dest: /etc/irods/{{ item.key }} From 801873bccf39c23fc3bee49ae44cd94822bcef1f Mon Sep 17 00:00:00 2001 From: Dawa Ometto Date: Mon, 23 Mar 2026 14:54:48 +0100 Subject: [PATCH 10/41] add dependency for setup_irods.py --- playbooks/roles/irods_server/tasks/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/playbooks/roles/irods_server/tasks/main.yml b/playbooks/roles/irods_server/tasks/main.yml index 97d86011..4672d16b 100644 --- a/playbooks/roles/irods_server/tasks/main.yml +++ b/playbooks/roles/irods_server/tasks/main.yml @@ -12,6 +12,7 @@ - irods-server - irods-database-plugin-postgres - irods-icommands + - python3-distro # needed for the setup_irods.py script - name: Prepare systemd unit file for irods ansible.builtin.template: From 3080ece1b5a7f7db3ef4e23e3010ff06db63282c Mon Sep 17 00:00:00 2001 From: Dawa Ometto Date: Mon, 23 Mar 2026 15:49:13 +0100 Subject: [PATCH 11/41] role irods_server: use system python for setup_irods.py --- playbooks/roles/irods_server/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/playbooks/roles/irods_server/tasks/main.yml b/playbooks/roles/irods_server/tasks/main.yml index 4672d16b..3c87bfb3 100644 --- a/playbooks/roles/irods_server/tasks/main.yml +++ b/playbooks/roles/irods_server/tasks/main.yml @@ -90,7 +90,7 @@ - name: Run irods configuration script when: irods_server_start == "start" - ansible.builtin.command: python3 /var/lib/irods/scripts/setup_irods.py --json_configuration_file /etc/irods/server_unattended_config.json + ansible.builtin.command: /var/lib/irods/scripts/setup_irods.py --json_configuration_file /etc/irods/server_unattended_config.json - name: Start and enable iRODS as service when: irods_server_start == "start" From 2472a56da219c1e4b1aff9e280dbb9643ca13e40 Mon Sep 17 00:00:00 2001 From: Dawa Ometto Date: Mon, 23 Mar 2026 16:03:12 +0100 Subject: [PATCH 12/41] fix jinja newlines --- .../irods_server/templates/server_unattended_config.json.j2 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/playbooks/roles/irods_server/templates/server_unattended_config.json.j2 b/playbooks/roles/irods_server/templates/server_unattended_config.json.j2 index e3d0e292..f139e8aa 100644 --- a/playbooks/roles/irods_server/templates/server_unattended_config.json.j2 +++ b/playbooks/roles/irods_server/templates/server_unattended_config.json.j2 @@ -124,9 +124,9 @@ ], "re_rulebase_set": [ "core", - {% for filename in irods_server_hooks_files.keys() %} + {%- for filename in irods_server_hooks_files.keys() %} "{{ filename }}", - {% endfor %} + {%- endfor %} ], "regexes_for_supported_peps": [ "ac[^ ]*", From 6251be5dce2377a6011cf3bd791d1c86fdf9be95 Mon Sep 17 00:00:00 2001 From: Dawa Ometto Date: Mon, 23 Mar 2026 16:15:26 +0100 Subject: [PATCH 13/41] simplify hooks --- playbooks/roles/irods_server/defaults/main.yml | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/playbooks/roles/irods_server/defaults/main.yml b/playbooks/roles/irods_server/defaults/main.yml index 83d1e6e4..0c4b5fee 100644 --- a/playbooks/roles/irods_server/defaults/main.yml +++ b/playbooks/roles/irods_server/defaults/main.yml @@ -11,9 +11,6 @@ irods_server_db_port: 5432 irods_server_start: start irods_server_core_re: false irods_server_hooks_files: - hooks.re: "" - hooks_training.re: "{{ irods_server_training | bool | - default(false, true) | ternary(irods_server_hooks_training, omit) }}" + hooks.re: "{{ irods_server_hooks_training }}" irods_server_default_rsc_name: trainingResc irods_server_use_external_storage: true -irods_server_training: false From 80eda259feb75fd32af8923fab90172478f738fd Mon Sep 17 00:00:00 2001 From: Dawa Ometto Date: Mon, 23 Mar 2026 17:43:00 +0100 Subject: [PATCH 14/41] fix json template --- .../templates/server_unattended_config.json.j2 | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/playbooks/roles/irods_server/templates/server_unattended_config.json.j2 b/playbooks/roles/irods_server/templates/server_unattended_config.json.j2 index f139e8aa..6a553b2f 100644 --- a/playbooks/roles/irods_server/templates/server_unattended_config.json.j2 +++ b/playbooks/roles/irods_server/templates/server_unattended_config.json.j2 @@ -123,10 +123,11 @@ "core" ], "re_rulebase_set": [ - "core", - {%- for filename in irods_server_hooks_files.keys() %} - "{{ filename }}", + "core" + {%- for filename in irods_server_hooks_files.keys() -%} + , "{{ filename }}" {%- endfor %} + ], "regexes_for_supported_peps": [ "ac[^ ]*", From 81b11feecbaf7a7f840a30f589ab62a70e4a1873 Mon Sep 17 00:00:00 2001 From: Dawa Ometto Date: Mon, 23 Mar 2026 17:43:07 +0100 Subject: [PATCH 15/41] add tests --- .../molecule/default/converge.yml | 6 ++++++ .../molecule/default/molecule.yml | 20 +++++++++++++++++++ .../irods_server/molecule/default/prepare.yml | 11 ++++++++++ 3 files changed, 37 insertions(+) create mode 100644 playbooks/roles/irods_server/molecule/default/converge.yml create mode 100644 playbooks/roles/irods_server/molecule/default/molecule.yml create mode 100644 playbooks/roles/irods_server/molecule/default/prepare.yml diff --git a/playbooks/roles/irods_server/molecule/default/converge.yml b/playbooks/roles/irods_server/molecule/default/converge.yml new file mode 100644 index 00000000..3b655123 --- /dev/null +++ b/playbooks/roles/irods_server/molecule/default/converge.yml @@ -0,0 +1,6 @@ +--- +- name: Converge + hosts: all + gather_facts: true + roles: + - role: irods_server diff --git a/playbooks/roles/irods_server/molecule/default/molecule.yml b/playbooks/roles/irods_server/molecule/default/molecule.yml new file mode 100644 index 00000000..50356e70 --- /dev/null +++ b/playbooks/roles/irods_server/molecule/default/molecule.yml @@ -0,0 +1,20 @@ +--- +platforms: + - name: workspace-src-ubuntu_jammy + image: ghcr.io/utrechtuniversity/src-test-workspace:ubuntu_jammy + command: /sbin/init + pre_build_image: true + privileged: true + registry: + url: $DOCKER_REGISTRY + credentials: + username: $DOCKER_USER + password: $DOCKER_PW +provisioner: + name: ansible + playbooks: + converge: ./converge.yml + prepare: ./prepare.yml + env: + ANSIBLE_ROLES_PATH: ../../../ +role_name_check: 1 diff --git a/playbooks/roles/irods_server/molecule/default/prepare.yml b/playbooks/roles/irods_server/molecule/default/prepare.yml new file mode 100644 index 00000000..0f813bbd --- /dev/null +++ b/playbooks/roles/irods_server/molecule/default/prepare.yml @@ -0,0 +1,11 @@ +--- +- name: Prepare + hosts: all + gather_facts: true + tasks: + # Apt cache is normally updated at deploy time by the SRC-OS component. + # Make sure it is fresh so our tests use recent apt repo information. + - name: Update apt cache + ansible.builtin.apt: + update_cache: true + when: ansible_os_family == 'Debian' From 0eba283431cefbd28d2d0b15255a21996e42b74b Mon Sep 17 00:00:00 2001 From: Dawa Ometto Date: Tue, 24 Mar 2026 08:13:20 +0100 Subject: [PATCH 16/41] playbook irods_server: pass workspace fqdn var --- playbooks/irods_server.yml | 4 +++- playbooks/roles/irods_server/defaults/main.yml | 5 ++--- playbooks/roles/irods_server/tasks/main.yml | 2 +- 3 files changed, 6 insertions(+), 5 deletions(-) diff --git a/playbooks/irods_server.yml b/playbooks/irods_server.yml index a98088d7..a285db67 100644 --- a/playbooks/irods_server.yml +++ b/playbooks/irods_server.yml @@ -6,4 +6,6 @@ # irods server will use a local postgresql database roles: - - irods_server + - role: irods_server + vars: + irods_server_host: "{{ workspace_fqdn | default(ansible_fqdn) }}" diff --git a/playbooks/roles/irods_server/defaults/main.yml b/playbooks/roles/irods_server/defaults/main.yml index 0c4b5fee..4403cd8e 100644 --- a/playbooks/roles/irods_server/defaults/main.yml +++ b/playbooks/roles/irods_server/defaults/main.yml @@ -1,15 +1,14 @@ --- -# Note: db_name must be lowercase irods_server_admin_password: rods irods_server_zone: tempZone irods_server_host: "{{ ansible_fqdn }}" -irods_server_db_name: icat +irods_server_db_name: icat # must be lowercase irods_server_db_username: irods irods_server_db_password: db{{ irods_server_admin_password }} irods_server_db_host: localhost irods_server_db_port: 5432 irods_server_start: start -irods_server_core_re: false +irods_server_core_re: false # set to a string to override default core rules irods_server_hooks_files: hooks.re: "{{ irods_server_hooks_training }}" irods_server_default_rsc_name: trainingResc diff --git a/playbooks/roles/irods_server/tasks/main.yml b/playbooks/roles/irods_server/tasks/main.yml index 3c87bfb3..a6ef9e73 100644 --- a/playbooks/roles/irods_server/tasks/main.yml +++ b/playbooks/roles/irods_server/tasks/main.yml @@ -72,7 +72,7 @@ group: root mode: "0600" -- name: Configure empty ruleset +- name: Configure ruleset when: irods_server_core_re or irods_server_core_re == "" ansible.builtin.copy: content: "{{ irods_server_core_re }}" From b66bd59107bb0b8e90808a2177f9bc4b741b23d4 Mon Sep 17 00:00:00 2001 From: Dawa Ometto Date: Tue, 24 Mar 2026 09:26:42 +0100 Subject: [PATCH 17/41] fix ternary --- playbooks/roles/irods_server/vars/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/playbooks/roles/irods_server/vars/main.yml b/playbooks/roles/irods_server/vars/main.yml index 59a093f3..445fab97 100644 --- a/playbooks/roles/irods_server/vars/main.yml +++ b/playbooks/roles/irods_server/vars/main.yml @@ -1,4 +1,4 @@ --- irods_server_default_rsc_path: "{{ (irods_server_use_external_storage and (fact_workspace_storage[0]['mount'] | default(false, true))) or '/var/lib/irods' }}/Vault" # if set to use external storage, and an external storage was found, use the first external storage -irods_server_db_driver: "{{ ansible_pkg_mgr == 'dnf' | ternary('PostgreSQL', 'PostgreSQL ANSI') }}" +irods_server_db_driver: "{{ (ansible_pkg_mgr == 'dnf') | ternary('PostgreSQL', 'PostgreSQL ANSI') }}" irods_server_hooks_training: "{{ lookup('ansible.builtin.file', 'hooks_training.re') }}" From 6460ad4e7ab599cc5730a83944e2574b12dc33b1 Mon Sep 17 00:00:00 2001 From: Dawa Ometto Date: Tue, 24 Mar 2026 09:57:41 +0100 Subject: [PATCH 18/41] attempt to fix config template for irods v5 --- .../templates/server_unattended_config.json.j2 | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/playbooks/roles/irods_server/templates/server_unattended_config.json.j2 b/playbooks/roles/irods_server/templates/server_unattended_config.json.j2 index 6a553b2f..de8d758a 100644 --- a/playbooks/roles/irods_server/templates/server_unattended_config.json.j2 +++ b/playbooks/roles/irods_server/templates/server_unattended_config.json.j2 @@ -2,6 +2,7 @@ "admin_password": "{{ irods_server_admin_password }}", "default_resource_directory": "{{ irods_server_default_rsc_path }}", "default_resource_name": "{{ irods_server_default_rsc_name }}", + "host": "{{ irods_server_host }}", "host_system_information": { "service_account_user_name": "irods", "service_account_group_name": "irods" @@ -35,6 +36,7 @@ }, "server_config": { "advanced_settings": { + "checksum_read_buffer_size_in_bytes": 1048576, "default_log_rotation_in_days": 5, "default_number_of_transfer_threads": 4, "default_temporary_password_lifetime_in_seconds": 120, @@ -45,14 +47,17 @@ "dns_cache": { "eviction_age_in_seconds": 3600, "shared_memory_size_in_bytes": 5000000 + "cache_clearer_sleep_time_in_seconds": 600, }, "hostname_cache": { "eviction_age_in_seconds": 3600, "shared_memory_size_in_bytes": 2500000 + "cache_clearer_sleep_time_in_seconds": 600, }, "maximum_size_for_single_buffer_in_megabytes": 32, "maximum_size_of_delay_queue_in_bytes": 0, "maximum_temporary_password_lifetime_in_seconds": 1000, + "migrate_delay_server_sleep_time_in_seconds": 5, "number_of_concurrent_delay_rule_executors": 4, "stacktrace_file_processor_sleep_time_in_seconds": 10, "transfer_buffer_size_for_parallel_transfer_in_megabytes": 4, @@ -64,6 +69,8 @@ ], "catalog_service_role": "provider", "client_api_allowlist_policy": "enforce", + "client_server_policy": "CS_NEG_REFUSE", + "connection_pool_refresh_time_in_seconds": 300, "controlled_user_connection_list": { "control_type": "denylist", "users": [] @@ -72,8 +79,15 @@ "default_file_mode": "0600", "default_hash_scheme": "SHA256", "default_resource_name": "demoResc", + "encryption": { + "algorithm": "AES-256-CBC", + "key_size": 32, + "num_hash_rounds": 16, + "salt_size": 8 + }, "environment_variables": {}, "federation": [], + "graceful_shutdown_timeout_in_seconds": 30, "host_access_control": { "access_entries": [] }, From 958d3ab3afd2d3a2008995d50e634c2a92e92a3e Mon Sep 17 00:00:00 2001 From: Dawa Ometto Date: Tue, 24 Mar 2026 10:00:50 +0100 Subject: [PATCH 19/41] fix json --- .../irods_server/templates/server_unattended_config.json.j2 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/playbooks/roles/irods_server/templates/server_unattended_config.json.j2 b/playbooks/roles/irods_server/templates/server_unattended_config.json.j2 index de8d758a..083acf36 100644 --- a/playbooks/roles/irods_server/templates/server_unattended_config.json.j2 +++ b/playbooks/roles/irods_server/templates/server_unattended_config.json.j2 @@ -46,12 +46,12 @@ "delay_server_sleep_time_in_seconds": 30, "dns_cache": { "eviction_age_in_seconds": 3600, - "shared_memory_size_in_bytes": 5000000 + "shared_memory_size_in_bytes": 5000000, "cache_clearer_sleep_time_in_seconds": 600, }, "hostname_cache": { "eviction_age_in_seconds": 3600, - "shared_memory_size_in_bytes": 2500000 + "shared_memory_size_in_bytes": 2500000, "cache_clearer_sleep_time_in_seconds": 600, }, "maximum_size_for_single_buffer_in_megabytes": 32, From 92359b952670b20dd7491f09f00c0c1cf70cce7a Mon Sep 17 00:00:00 2001 From: Dawa Ometto Date: Tue, 24 Mar 2026 10:42:40 +0100 Subject: [PATCH 20/41] fix json --- .../irods_server/templates/server_unattended_config.json.j2 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/playbooks/roles/irods_server/templates/server_unattended_config.json.j2 b/playbooks/roles/irods_server/templates/server_unattended_config.json.j2 index 083acf36..8062a215 100644 --- a/playbooks/roles/irods_server/templates/server_unattended_config.json.j2 +++ b/playbooks/roles/irods_server/templates/server_unattended_config.json.j2 @@ -47,12 +47,12 @@ "dns_cache": { "eviction_age_in_seconds": 3600, "shared_memory_size_in_bytes": 5000000, - "cache_clearer_sleep_time_in_seconds": 600, + "cache_clearer_sleep_time_in_seconds": 600 }, "hostname_cache": { "eviction_age_in_seconds": 3600, "shared_memory_size_in_bytes": 2500000, - "cache_clearer_sleep_time_in_seconds": 600, + "cache_clearer_sleep_time_in_seconds": 600 }, "maximum_size_for_single_buffer_in_megabytes": 32, "maximum_size_of_delay_queue_in_bytes": 0, From 62275dc1276a10e40634c76d189a78a46a07e30e Mon Sep 17 00:00:00 2001 From: Dawa Ometto Date: Tue, 24 Mar 2026 10:44:48 +0100 Subject: [PATCH 21/41] fix json for irods v5 --- .../templates/server_unattended_config.json.j2 | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/playbooks/roles/irods_server/templates/server_unattended_config.json.j2 b/playbooks/roles/irods_server/templates/server_unattended_config.json.j2 index 8062a215..bdbaa6e5 100644 --- a/playbooks/roles/irods_server/templates/server_unattended_config.json.j2 +++ b/playbooks/roles/irods_server/templates/server_unattended_config.json.j2 @@ -114,6 +114,13 @@ "plugin_configuration": { "authentication": {}, "database": { + "host": "{{ irods_server_db_host }}", + "name": "{{ irods_server_db_name }}", + "odbc_driver": "{{ irods_server_db_driver }}", + "password": "{{ irods_server_db_password }}", + "port": {{ irods_server_db_port }}, + "username": "{{ irods_server_db_username }}", + "technology": "postgres", "postgres": { "db_host": "{{ irods_server_db_host }}", "db_name": "{{ irods_server_db_name }}", From 95154ea5a794da9a46e95909d911ca2065ca1531 Mon Sep 17 00:00:00 2001 From: Dawa Ometto Date: Tue, 24 Mar 2026 10:52:34 +0100 Subject: [PATCH 22/41] optionally support python rules plugin --- playbooks/roles/irods_server/defaults/main.yml | 1 + playbooks/roles/irods_server/tasks/main.yml | 7 +++++++ .../templates/server_unattended_config.json.j2 | 5 +++-- 3 files changed, 11 insertions(+), 2 deletions(-) diff --git a/playbooks/roles/irods_server/defaults/main.yml b/playbooks/roles/irods_server/defaults/main.yml index 4403cd8e..da4b4f03 100644 --- a/playbooks/roles/irods_server/defaults/main.yml +++ b/playbooks/roles/irods_server/defaults/main.yml @@ -13,3 +13,4 @@ irods_server_hooks_files: hooks.re: "{{ irods_server_hooks_training }}" irods_server_default_rsc_name: trainingResc irods_server_use_external_storage: true +irods_server_python_plugin: false diff --git a/playbooks/roles/irods_server/tasks/main.yml b/playbooks/roles/irods_server/tasks/main.yml index a6ef9e73..6dcaf99b 100644 --- a/playbooks/roles/irods_server/tasks/main.yml +++ b/playbooks/roles/irods_server/tasks/main.yml @@ -14,6 +14,13 @@ - irods-icommands - python3-distro # needed for the setup_irods.py script +- name: Install iRODS python rules plugin + when: irods_server_python_plugin + ansible.builtin.package: + state: present + name: + - irods-rule-engine-plugin-python + - name: Prepare systemd unit file for irods ansible.builtin.template: src: irods.service.j2 diff --git a/playbooks/roles/irods_server/templates/server_unattended_config.json.j2 b/playbooks/roles/irods_server/templates/server_unattended_config.json.j2 index bdbaa6e5..c9df8cdf 100644 --- a/playbooks/roles/irods_server/templates/server_unattended_config.json.j2 +++ b/playbooks/roles/irods_server/templates/server_unattended_config.json.j2 @@ -158,12 +158,13 @@ }, "shared_memory_instance": "irods_rule_language_rule_engine" }, + {%- if irods_server_python_plug -%} { "instance_name": "irods_rule_engine_plugin-python-instance", "plugin_name": "irods_rule_engine_plugin-python", "plugin_specific_configuration": {} - }, - + }, + {%- endif %} { "instance_name": "irods_rule_engine_plugin-cpp_default_policy-instance", "plugin_name": "irods_rule_engine_plugin-cpp_default_policy", From 9bb99f546c65ce2a25a4a96b5d72b75d3d52527b Mon Sep 17 00:00:00 2001 From: Dawa Ometto Date: Tue, 24 Mar 2026 10:55:11 +0100 Subject: [PATCH 23/41] fix var name --- .../irods_server/templates/server_unattended_config.json.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/playbooks/roles/irods_server/templates/server_unattended_config.json.j2 b/playbooks/roles/irods_server/templates/server_unattended_config.json.j2 index c9df8cdf..bb7fc239 100644 --- a/playbooks/roles/irods_server/templates/server_unattended_config.json.j2 +++ b/playbooks/roles/irods_server/templates/server_unattended_config.json.j2 @@ -158,7 +158,7 @@ }, "shared_memory_instance": "irods_rule_language_rule_engine" }, - {%- if irods_server_python_plug -%} + {%- if irods_server_python_plugin -%} { "instance_name": "irods_rule_engine_plugin-python-instance", "plugin_name": "irods_rule_engine_plugin-python", From e0dc19d10bedd4ef1ff4ceffc5ac6987ab978dfb Mon Sep 17 00:00:00 2001 From: Dawa Ometto Date: Tue, 24 Mar 2026 10:58:39 +0100 Subject: [PATCH 24/41] fix json --- .../irods_server/templates/server_unattended_config.json.j2 | 1 + 1 file changed, 1 insertion(+) diff --git a/playbooks/roles/irods_server/templates/server_unattended_config.json.j2 b/playbooks/roles/irods_server/templates/server_unattended_config.json.j2 index bb7fc239..80191dc2 100644 --- a/playbooks/roles/irods_server/templates/server_unattended_config.json.j2 +++ b/playbooks/roles/irods_server/templates/server_unattended_config.json.j2 @@ -88,6 +88,7 @@ "environment_variables": {}, "federation": [], "graceful_shutdown_timeout_in_seconds": 30, + "host": "{{ irods_server_host }}", "host_access_control": { "access_entries": [] }, From ba261d3003ac297f63ade3ac425ab69218304c92 Mon Sep 17 00:00:00 2001 From: Dawa Ometto Date: Tue, 24 Mar 2026 11:31:52 +0100 Subject: [PATCH 25/41] try supporting different irods versions --- playbooks/roles/irods_server/defaults/main.yml | 1 + playbooks/roles/irods_server/tasks/main.yml | 17 ++++++++++++----- ...n.j2 => server_unattended_config_v5.json.j2} | 0 3 files changed, 13 insertions(+), 5 deletions(-) rename playbooks/roles/irods_server/templates/{server_unattended_config.json.j2 => server_unattended_config_v5.json.j2} (100%) diff --git a/playbooks/roles/irods_server/defaults/main.yml b/playbooks/roles/irods_server/defaults/main.yml index da4b4f03..71dcbef9 100644 --- a/playbooks/roles/irods_server/defaults/main.yml +++ b/playbooks/roles/irods_server/defaults/main.yml @@ -1,4 +1,5 @@ --- +irods_server_version: "" irods_server_admin_password: rods irods_server_zone: tempZone irods_server_host: "{{ ansible_fqdn }}" diff --git a/playbooks/roles/irods_server/tasks/main.yml b/playbooks/roles/irods_server/tasks/main.yml index 6dcaf99b..076e745d 100644 --- a/playbooks/roles/irods_server/tasks/main.yml +++ b/playbooks/roles/irods_server/tasks/main.yml @@ -9,9 +9,9 @@ ansible.builtin.package: state: present name: - - irods-server - - irods-database-plugin-postgres - - irods-icommands + - irods-server{% if irods_server_version %}={{ irods_server_version }}{% endif %} + - irods-database-plugin-postgres{% if irods_server_version %}={{ irods_server_version }}{% endif %} + - irods-icommands{% if irods_server_version %}={{ irods_server_version }}{% endif %} - python3-distro # needed for the setup_irods.py script - name: Install iRODS python rules plugin @@ -19,7 +19,14 @@ ansible.builtin.package: state: present name: - - irods-rule-engine-plugin-python + - irods-rule-engine-plugin-python{% if irods_server_version %}={{ irods_server_version }}{% endif %} + +- name: Get installed packages + ansible.builtin.package_facts: + +- name: Set irods version + ansible.builtin.set_fact: + irods_server_version: "{{ package_facts['irods-server'].version | split('.') | list | first }}" - name: Prepare systemd unit file for irods ansible.builtin.template: @@ -73,7 +80,7 @@ - name: Prepare iRODS server configuration file when: not irods_config_data.stat.exists ansible.builtin.template: - src: server_unattended_config.json.j2 + src: server_unattended_config_v{{ irods_server_version }}.json.j2 dest: /etc/irods/server_unattended_config.json owner: root group: root diff --git a/playbooks/roles/irods_server/templates/server_unattended_config.json.j2 b/playbooks/roles/irods_server/templates/server_unattended_config_v5.json.j2 similarity index 100% rename from playbooks/roles/irods_server/templates/server_unattended_config.json.j2 rename to playbooks/roles/irods_server/templates/server_unattended_config_v5.json.j2 From 8df229b8e5d95be9f4b32f94bcf5e00a9c92d413 Mon Sep 17 00:00:00 2001 From: Dawa Ometto Date: Tue, 24 Mar 2026 11:39:55 +0100 Subject: [PATCH 26/41] fix multiple version support --- playbooks/roles/irods_server/tasks/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/playbooks/roles/irods_server/tasks/main.yml b/playbooks/roles/irods_server/tasks/main.yml index 076e745d..d3e79871 100644 --- a/playbooks/roles/irods_server/tasks/main.yml +++ b/playbooks/roles/irods_server/tasks/main.yml @@ -24,9 +24,9 @@ - name: Get installed packages ansible.builtin.package_facts: -- name: Set irods version +- name: Get irods major version ansible.builtin.set_fact: - irods_server_version: "{{ package_facts['irods-server'].version | split('.') | list | first }}" + irods_server_version: "{{ ansible_facts.packages['irods-server'][0]['version'] | split('.') | list | first }}" - name: Prepare systemd unit file for irods ansible.builtin.template: From 1db829dfdea779cc3c326129acfb9182e78fc08c Mon Sep 17 00:00:00 2001 From: Dawa Ometto Date: Tue, 24 Mar 2026 12:21:34 +0100 Subject: [PATCH 27/41] add service files for distinct versions --- playbooks/roles/irods_server/tasks/main.yml | 4 ++-- .../{irods.service.j2 => irods.service_v4.j2} | 0 .../irods_server/templates/irods.service_v5.j2 | 17 +++++++++++++++++ 3 files changed, 19 insertions(+), 2 deletions(-) rename playbooks/roles/irods_server/templates/{irods.service.j2 => irods.service_v4.j2} (100%) create mode 100644 playbooks/roles/irods_server/templates/irods.service_v5.j2 diff --git a/playbooks/roles/irods_server/tasks/main.yml b/playbooks/roles/irods_server/tasks/main.yml index d3e79871..2114dfbc 100644 --- a/playbooks/roles/irods_server/tasks/main.yml +++ b/playbooks/roles/irods_server/tasks/main.yml @@ -29,8 +29,8 @@ irods_server_version: "{{ ansible_facts.packages['irods-server'][0]['version'] | split('.') | list | first }}" - name: Prepare systemd unit file for irods - ansible.builtin.template: - src: irods.service.j2 + ansible.builtin.file: + src: irods.service_v{{ irods_server_version }}.j2 dest: /lib/systemd/system/irods.service owner: root group: root diff --git a/playbooks/roles/irods_server/templates/irods.service.j2 b/playbooks/roles/irods_server/templates/irods.service_v4.j2 similarity index 100% rename from playbooks/roles/irods_server/templates/irods.service.j2 rename to playbooks/roles/irods_server/templates/irods.service_v4.j2 diff --git a/playbooks/roles/irods_server/templates/irods.service_v5.j2 b/playbooks/roles/irods_server/templates/irods.service_v5.j2 new file mode 100644 index 00000000..fc1470db --- /dev/null +++ b/playbooks/roles/irods_server/templates/irods.service_v5.j2 @@ -0,0 +1,17 @@ +[Unit] +Description=iRODS +After=network.target + +[Service] +Type=notify +ExecStart=/usr/sbin/irodsServer +ExecReload=/bin/kill -HUP $MAINPID +KillMode=mixed +Restart=on-failure +User=irods +Group=irods +WorkingDirectory=/var/lib/irods +LimitNOFILE=1048576 + +[Install] +WantedBy=multi-user.target \ No newline at end of file From ec2262d95aea5e4dd449599a9c765074f9737266 Mon Sep 17 00:00:00 2001 From: Dawa Ometto Date: Tue, 24 Mar 2026 12:22:46 +0100 Subject: [PATCH 28/41] fix --- playbooks/roles/irods_server/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/playbooks/roles/irods_server/tasks/main.yml b/playbooks/roles/irods_server/tasks/main.yml index 2114dfbc..b23b647c 100644 --- a/playbooks/roles/irods_server/tasks/main.yml +++ b/playbooks/roles/irods_server/tasks/main.yml @@ -29,7 +29,7 @@ irods_server_version: "{{ ansible_facts.packages['irods-server'][0]['version'] | split('.') | list | first }}" - name: Prepare systemd unit file for irods - ansible.builtin.file: + ansible.builtin.template: src: irods.service_v{{ irods_server_version }}.j2 dest: /lib/systemd/system/irods.service owner: root From 9522d085dbe67f131db7bdf5de6879f561860d4b Mon Sep 17 00:00:00 2001 From: Dawa Ometto Date: Tue, 24 Mar 2026 12:25:13 +0100 Subject: [PATCH 29/41] debug setup_irods call --- playbooks/roles/irods_server/tasks/main.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/playbooks/roles/irods_server/tasks/main.yml b/playbooks/roles/irods_server/tasks/main.yml index b23b647c..6fff38c9 100644 --- a/playbooks/roles/irods_server/tasks/main.yml +++ b/playbooks/roles/irods_server/tasks/main.yml @@ -104,7 +104,8 @@ - name: Run irods configuration script when: irods_server_start == "start" - ansible.builtin.command: /var/lib/irods/scripts/setup_irods.py --json_configuration_file /etc/irods/server_unattended_config.json + ansible.builtin.command: /var/lib/irods/scripts/setup_irods.py -v --json_configuration_file /etc/irods/server_unattended_config.json + failed_when: false - name: Start and enable iRODS as service when: irods_server_start == "start" From 250379c8f35917cd17b07d8d0410297fe8a72f09 Mon Sep 17 00:00:00 2001 From: Dawa Ometto Date: Tue, 24 Mar 2026 12:58:00 +0100 Subject: [PATCH 30/41] fix json --- .../server_unattended_config.json.j2 | 196 ++++++++++++++++++ 1 file changed, 196 insertions(+) create mode 100644 playbooks/roles/irods_server/templates/server_unattended_config.json.j2 diff --git a/playbooks/roles/irods_server/templates/server_unattended_config.json.j2 b/playbooks/roles/irods_server/templates/server_unattended_config.json.j2 new file mode 100644 index 00000000..e67d541f --- /dev/null +++ b/playbooks/roles/irods_server/templates/server_unattended_config.json.j2 @@ -0,0 +1,196 @@ +{ + "admin_password": "{{ irods_server_admin_password }}", + "default_resource_directory": "{{ irods_server_default_rsc_path }}", + "default_resource_name": "{{ irods_server_default_rsc_name }}", + "host_system_information": { + "service_account_user_name": "irods", + "service_account_group_name": "irods" + }, + "service_account_environment": { + "irods_client_server_negotiation": "request_server_negotiation", + "irods_client_server_policy": "CS_NEG_REFUSE", + "irods_connection_pool_refresh_time_in_seconds": 300, + "irods_cwd": "/tempZone/home/rods", + "irods_default_hash_scheme": "SHA256", + "irods_default_number_of_transfer_threads": 4, + "irods_default_resource": "demoResc", + "irods_encryption_algorithm": "AES-256-CBC", + "irods_encryption_key_size": 32, + "irods_encryption_num_hash_rounds": 16, + "irods_encryption_salt_size": 8, + "irods_home": "/tempZone/home/rods", + "irods_host": "{{ irods_server_host }}", + "irods_match_hash_policy": "compatible", + "irods_maximum_size_for_single_buffer_in_megabytes": 32, + "irods_port": 1247, + "irods_server_control_plane_encryption_algorithm": "AES-256-CBC", + "irods_server_control_plane_encryption_num_hash_rounds": 16, + "irods_server_control_plane_key": "{{ irods_server_control_plane_key.stdout }}", + "irods_server_control_plane_port": 1248, + "irods_transfer_buffer_size_for_parallel_transfer_in_megabytes": 4, + "irods_user_name": "rods", + "irods_zone_name": "{{ irods_server_zone }}", + "schema_name": "service_account_environment", + "schema_version": "v4" + }, + "server_config": { + "advanced_settings": { + "checksum_read_buffer_size_in_bytes": 1048576, + "default_log_rotation_in_days": 5, + "default_number_of_transfer_threads": 4, + "default_temporary_password_lifetime_in_seconds": 120, + "delay_rule_executors": [ + "localhost" + ], + "delay_server_sleep_time_in_seconds": 30, + "dns_cache": { + "eviction_age_in_seconds": 3600, + "shared_memory_size_in_bytes": 5000000, + "cache_clearer_sleep_time_in_seconds": 600 + }, + "hostname_cache": { + "eviction_age_in_seconds": 3600, + "shared_memory_size_in_bytes": 2500000, + "cache_clearer_sleep_time_in_seconds": 600 + }, + "maximum_size_for_single_buffer_in_megabytes": 32, + "maximum_size_of_delay_queue_in_bytes": 0, + "maximum_temporary_password_lifetime_in_seconds": 1000, + "migrate_delay_server_sleep_time_in_seconds": 5, + "number_of_concurrent_delay_rule_executors": 4, + "stacktrace_file_processor_sleep_time_in_seconds": 10, + "transfer_buffer_size_for_parallel_transfer_in_megabytes": 4, + "transfer_chunk_size_for_parallel_transfer_in_megabytes": 40 + }, + "catalog_provider_hosts": [ + "localhost", + "{{ irods_server_host }}" + ], + "catalog_service_role": "provider", + "client_api_allowlist_policy": "enforce", + "client_server_policy": "CS_NEG_REFUSE", + "connection_pool_refresh_time_in_seconds": 300, + "controlled_user_connection_list": { + "control_type": "denylist", + "users": [] + }, + "default_dir_mode": "0750", + "default_file_mode": "0600", + "default_hash_scheme": "SHA256", + "default_resource_name": "demoResc", + "encryption": { + "algorithm": "AES-256-CBC", + "key_size": 32, + "num_hash_rounds": 16, + "salt_size": 8 + }, + "environment_variables": {}, + "federation": [], + "graceful_shutdown_timeout_in_seconds": 30, + "host": "{{ irods_server_host }}", + "host_access_control": { + "access_entries": [] + }, + "host_resolution": { + "host_entries": [] + }, + "log_level": { + "agent": "info", + "agent_factory": "info", + "api": "info", + "authentication": "info", + "database": "info", + "delay_server": "info", + "legacy": "info", + "microservice": "info", + "network": "info", + "resource": "info", + "rule_engine": "info", + "server": "info", + "sql": "info" + }, + "match_hash_policy": "compatible", + "negotiation_key": "{{ irods_server_negotiation_key.stdout }}", + "plugin_configuration": { + "authentication": {}, + "database": { + "host": "{{ irods_server_db_host }}", + "name": "{{ irods_server_db_name }}", + "odbc_driver": "{{ irods_server_db_driver }}", + "password": "{{ irods_server_db_password }}", + "port": {{ irods_server_db_port }}, + "username": "{{ irods_server_db_username }}", + "technology": "postgres", + "postgres": { + "db_host": "{{ irods_server_db_host }}", + "db_name": "{{ irods_server_db_name }}", + "db_odbc_driver": "{{ irods_server_db_driver }}", + "db_password": "{{ irods_server_db_password }}", + "db_port": {{ irods_server_db_port }}, + "db_username": "{{ irods_server_db_username }}" + } + }, + "network": {}, + "resource": {}, + "rule_engines": [ + { + "instance_name": "irods_rule_engine_plugin-irods_rule_language-instance", + "plugin_name": "irods_rule_engine_plugin-irods_rule_language", + "plugin_specific_configuration": { + "re_data_variable_mapping_set": [ + "core" + ], + "re_function_name_mapping_set": [ + "core" + ], + "re_rulebase_set": [ + "core" + {%- for filename in irods_server_hooks_files.keys() -%} + , "{{ filename }}" + {%- endfor %} + + ], + "regexes_for_supported_peps": [ + "ac[^ ]*", + "msi[^ ]*", + "[^ ]*pep_[^ ]*_(pre|post|except|finally)" + ] + }, + "shared_memory_instance": "irods_rule_language_rule_engine" + }, + {%- if irods_server_python_plugin -%} + { + "instance_name": "irods_rule_engine_plugin-python-instance", + "plugin_name": "irods_rule_engine_plugin-python", + "plugin_specific_configuration": {} + }, + {%- endif %} + { + "instance_name": "irods_rule_engine_plugin-cpp_default_policy-instance", + "plugin_name": "irods_rule_engine_plugin-cpp_default_policy", + "plugin_specific_configuration": {} + } + ] + }, + "rule_engine_namespaces": [ + "" + ], + "schema_name": "server_config", + "schema_validation_base_uri": "file:///var/lib/irods/configuration_schemas", + "schema_version": "v4", + "server_control_plane_encryption_algorithm": "AES-256-CBC", + "server_control_plane_encryption_num_hash_rounds": 16, + "server_control_plane_key": "{{ irods_server_control_plane_key.stdout }}", + "server_control_plane_port": 1248, + "server_control_plane_timeout_milliseconds": 10000, + "server_port_range_end": 20199, + "server_port_range_start": 20000, + "xmsg_port": 1279, + "zone_auth_scheme": "native", + "zone_key": "{{ irods_server_zone_key.stdout }}", + "zone_name": "{{ irods_server_zone }}", + "zone_port": 1247, + "zone_user": "rods" + } +} + From fa0c624934df098a20974003a5eec08520dde6cc Mon Sep 17 00:00:00 2001 From: Dawa Ometto Date: Tue, 24 Mar 2026 12:58:09 +0100 Subject: [PATCH 31/41] more debug --- playbooks/roles/irods_server/tasks/main.yml | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/playbooks/roles/irods_server/tasks/main.yml b/playbooks/roles/irods_server/tasks/main.yml index 6fff38c9..8c322c95 100644 --- a/playbooks/roles/irods_server/tasks/main.yml +++ b/playbooks/roles/irods_server/tasks/main.yml @@ -103,12 +103,20 @@ force: false - name: Run irods configuration script - when: irods_server_start == "start" ansible.builtin.command: /var/lib/irods/scripts/setup_irods.py -v --json_configuration_file /etc/irods/server_unattended_config.json failed_when: false + register: irods_config + +- name: Debug config script output + ansible.builtin.debug: + msg: "{{ irods_config.stdout }}" + +- name: Kill test server # debug + ansible.builtin.shell: killall -r "irods" + failed_when: false - name: Start and enable iRODS as service - when: irods_server_start == "start" + failed_when: false ansible.builtin.service: enabled: true name: irods From fd2e8715b46a5179c1798b4a22ad2890eebb7936 Mon Sep 17 00:00:00 2001 From: Dawa Ometto Date: Tue, 24 Mar 2026 13:53:19 +0100 Subject: [PATCH 32/41] refactor systemd restarts --- .../roles/irods_server/handlers/main.yml | 10 +++++++++ playbooks/roles/irods_server/tasks/main.yml | 22 +++++-------------- 2 files changed, 16 insertions(+), 16 deletions(-) create mode 100644 playbooks/roles/irods_server/handlers/main.yml diff --git a/playbooks/roles/irods_server/handlers/main.yml b/playbooks/roles/irods_server/handlers/main.yml new file mode 100644 index 00000000..bf6f2ebc --- /dev/null +++ b/playbooks/roles/irods_server/handlers/main.yml @@ -0,0 +1,10 @@ +--- +- name: Reload systemd service + ansible.builtin.systemd: + daemon_reload: true + +- name: Restart irods + ansible.builtin.service: + enabled: true + name: irods + state: restarted diff --git a/playbooks/roles/irods_server/tasks/main.yml b/playbooks/roles/irods_server/tasks/main.yml index 8c322c95..37127cdc 100644 --- a/playbooks/roles/irods_server/tasks/main.yml +++ b/playbooks/roles/irods_server/tasks/main.yml @@ -29,6 +29,7 @@ irods_server_version: "{{ ansible_facts.packages['irods-server'][0]['version'] | split('.') | list | first }}" - name: Prepare systemd unit file for irods + notify: Reload systemd service ansible.builtin.template: src: irods.service_v{{ irods_server_version }}.j2 dest: /lib/systemd/system/irods.service @@ -36,10 +37,6 @@ group: root mode: "0644" -- name: Reload systemd daemon - ansible.builtin.systemd: - daemon_reload: true - - name: Create ICAT database and db user and password protect PostgreSQL loopback access ansible.builtin.include_tasks: icat.yml args: @@ -52,16 +49,6 @@ name: postgresql state: restarted -- name: Register if iRODS server is initialized. - ansible.builtin.stat: - path: /etc/irods/server_config.json - register: irods_config_data - -- name: Register FQDN (hack needed because hostname FQDN incomplete during workspace deployment) - ansible.builtin.set_fact: - irods_server_host: "{{ workspace_fqdn }}" - when: workspace_fqdn is defined - - name: Generate zone key ansible.builtin.command: openssl rand -hex 16 register: irods_server_zone_key @@ -78,15 +65,16 @@ changed_when: false - name: Prepare iRODS server configuration file - when: not irods_config_data.stat.exists ansible.builtin.template: src: server_unattended_config_v{{ irods_server_version }}.json.j2 dest: /etc/irods/server_unattended_config.json owner: root group: root mode: "0600" + register: place_irods_config - name: Configure ruleset + notify: Restart irods when: irods_server_core_re or irods_server_core_re == "" ansible.builtin.copy: content: "{{ irods_server_core_re }}" @@ -95,6 +83,7 @@ force: false - name: Configure hooks + notify: Restart irods loop: "{{ irods_server_hooks_files | dict2items }}" ansible.builtin.copy: content: "{{ item.value }}" @@ -103,6 +92,8 @@ force: false - name: Run irods configuration script + when: place_irods_config.changed + notify: Restart irods ansible.builtin.command: /var/lib/irods/scripts/setup_irods.py -v --json_configuration_file /etc/irods/server_unattended_config.json failed_when: false register: irods_config @@ -116,7 +107,6 @@ failed_when: false - name: Start and enable iRODS as service - failed_when: false ansible.builtin.service: enabled: true name: irods From d6c2aa029b8d19c2cca1d474d758147f296f8df1 Mon Sep 17 00:00:00 2001 From: Dawa Ometto Date: Wed, 25 Mar 2026 11:47:14 +0100 Subject: [PATCH 33/41] Update playbooks/roles/irods_server/templates/server_unattended_config.json.j2 Co-authored-by: chStaiger --- .../irods_server/templates/server_unattended_config.json.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/playbooks/roles/irods_server/templates/server_unattended_config.json.j2 b/playbooks/roles/irods_server/templates/server_unattended_config.json.j2 index e67d541f..b89c841e 100644 --- a/playbooks/roles/irods_server/templates/server_unattended_config.json.j2 +++ b/playbooks/roles/irods_server/templates/server_unattended_config.json.j2 @@ -77,7 +77,7 @@ "default_dir_mode": "0750", "default_file_mode": "0600", "default_hash_scheme": "SHA256", - "default_resource_name": "demoResc", + "default_resource_name": {{ irods_server_default_rsc_name }}, "encryption": { "algorithm": "AES-256-CBC", "key_size": 32, From 5fb4eb3c1528cd7c7c87e92c644812f1d4e6317c Mon Sep 17 00:00:00 2001 From: Dawa Ometto Date: Wed, 25 Mar 2026 11:47:25 +0100 Subject: [PATCH 34/41] Update playbooks/roles/irods_server/templates/server_unattended_config_v5.json.j2 Co-authored-by: chStaiger --- .../irods_server/templates/server_unattended_config_v5.json.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/playbooks/roles/irods_server/templates/server_unattended_config_v5.json.j2 b/playbooks/roles/irods_server/templates/server_unattended_config_v5.json.j2 index 80191dc2..aa612d5e 100644 --- a/playbooks/roles/irods_server/templates/server_unattended_config_v5.json.j2 +++ b/playbooks/roles/irods_server/templates/server_unattended_config_v5.json.j2 @@ -14,7 +14,7 @@ "irods_cwd": "/tempZone/home/rods", "irods_default_hash_scheme": "SHA256", "irods_default_number_of_transfer_threads": 4, - "irods_default_resource": "demoResc", + "irods_default_resource": {{ irods_server_default_rsc_name }}, "irods_encryption_algorithm": "AES-256-CBC", "irods_encryption_key_size": 32, "irods_encryption_num_hash_rounds": 16, From 4982a14c948bfdbebaa3dfdc29fa803597ff4ce4 Mon Sep 17 00:00:00 2001 From: Dawa Ometto Date: Wed, 25 Mar 2026 11:48:09 +0100 Subject: [PATCH 35/41] Update playbooks/roles/irods_server/templates/server_unattended_config_v5.json.j2 Co-authored-by: chStaiger --- .../irods_server/templates/server_unattended_config_v5.json.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/playbooks/roles/irods_server/templates/server_unattended_config_v5.json.j2 b/playbooks/roles/irods_server/templates/server_unattended_config_v5.json.j2 index aa612d5e..6054e19e 100644 --- a/playbooks/roles/irods_server/templates/server_unattended_config_v5.json.j2 +++ b/playbooks/roles/irods_server/templates/server_unattended_config_v5.json.j2 @@ -78,7 +78,7 @@ "default_dir_mode": "0750", "default_file_mode": "0600", "default_hash_scheme": "SHA256", - "default_resource_name": "demoResc", + "default_resource_name": {{ irods_server_default_rsc_name }}, "encryption": { "algorithm": "AES-256-CBC", "key_size": 32, From c6e0cfcc69a1f066910b36373217ba45b80e8217 Mon Sep 17 00:00:00 2001 From: Dawa Ometto Date: Wed, 25 Mar 2026 11:51:07 +0100 Subject: [PATCH 36/41] implicit .re in hooks files default --- playbooks/roles/irods_server/defaults/main.yml | 2 +- playbooks/roles/irods_server/tasks/main.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/playbooks/roles/irods_server/defaults/main.yml b/playbooks/roles/irods_server/defaults/main.yml index 71dcbef9..ceee60f2 100644 --- a/playbooks/roles/irods_server/defaults/main.yml +++ b/playbooks/roles/irods_server/defaults/main.yml @@ -11,7 +11,7 @@ irods_server_db_port: 5432 irods_server_start: start irods_server_core_re: false # set to a string to override default core rules irods_server_hooks_files: - hooks.re: "{{ irods_server_hooks_training }}" + hooks: "{{ irods_server_hooks_training }}" irods_server_default_rsc_name: trainingResc irods_server_use_external_storage: true irods_server_python_plugin: false diff --git a/playbooks/roles/irods_server/tasks/main.yml b/playbooks/roles/irods_server/tasks/main.yml index 37127cdc..8ffe1fb4 100644 --- a/playbooks/roles/irods_server/tasks/main.yml +++ b/playbooks/roles/irods_server/tasks/main.yml @@ -87,7 +87,7 @@ loop: "{{ irods_server_hooks_files | dict2items }}" ansible.builtin.copy: content: "{{ item.value }}" - dest: /etc/irods/{{ item.key }} + dest: /etc/irods/{{ item.key }}.re mode: "0644" force: false From 06a6401ba117110ad412a14825fdf46c9cff3f83 Mon Sep 17 00:00:00 2001 From: Dawa Ometto Date: Wed, 25 Mar 2026 11:53:45 +0100 Subject: [PATCH 37/41] debug fqdn --- playbooks/roles/irods_server/tasks/main.yml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/playbooks/roles/irods_server/tasks/main.yml b/playbooks/roles/irods_server/tasks/main.yml index 8ffe1fb4..0e4e45b2 100644 --- a/playbooks/roles/irods_server/tasks/main.yml +++ b/playbooks/roles/irods_server/tasks/main.yml @@ -1,4 +1,12 @@ --- +- name: Debug - write fqdn to file for inspection + ansible.builtin.copy: + dest: /root/irods_debug.tx + content: | + workspace_fqdn: {{ workspace_fqdn }} + ansible_fqdn: {{ ansible_fqdn }} + irods_server_host: {{ irods_server_host }} + - name: Install prerequisite packages when: ansible_pkg_mgr == 'yum' or ansible_pkg_mgr == 'dnf' ansible.builtin.package: From 90063de1091d67b7ad2acceeee84bfc0566011f1 Mon Sep 17 00:00:00 2001 From: Dawa Ometto Date: Thu, 26 Mar 2026 08:43:04 +0100 Subject: [PATCH 38/41] Update iRODS service task to not fail on errors --- playbooks/roles/irods_server/tasks/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/playbooks/roles/irods_server/tasks/main.yml b/playbooks/roles/irods_server/tasks/main.yml index 0e4e45b2..bde89239 100644 --- a/playbooks/roles/irods_server/tasks/main.yml +++ b/playbooks/roles/irods_server/tasks/main.yml @@ -115,6 +115,7 @@ failed_when: false - name: Start and enable iRODS as service + failed_when: false ansible.builtin.service: enabled: true name: irods From a3538b00a5327dc3197a62c8b35e80ac47ba4f79 Mon Sep 17 00:00:00 2001 From: Dawa Ometto Date: Thu, 26 Mar 2026 11:11:12 +0100 Subject: [PATCH 39/41] refactor handlers, add debug --- playbooks/roles/irods_server/handlers/main.yml | 2 ++ playbooks/roles/irods_server/tasks/main.yml | 14 ++++++++++---- 2 files changed, 12 insertions(+), 4 deletions(-) diff --git a/playbooks/roles/irods_server/handlers/main.yml b/playbooks/roles/irods_server/handlers/main.yml index bf6f2ebc..25b52f51 100644 --- a/playbooks/roles/irods_server/handlers/main.yml +++ b/playbooks/roles/irods_server/handlers/main.yml @@ -8,3 +8,5 @@ enabled: true name: irods state: restarted + failed_when: false + register: restarted_irods diff --git a/playbooks/roles/irods_server/tasks/main.yml b/playbooks/roles/irods_server/tasks/main.yml index bde89239..20f8ba05 100644 --- a/playbooks/roles/irods_server/tasks/main.yml +++ b/playbooks/roles/irods_server/tasks/main.yml @@ -37,7 +37,9 @@ irods_server_version: "{{ ansible_facts.packages['irods-server'][0]['version'] | split('.') | list | first }}" - name: Prepare systemd unit file for irods - notify: Reload systemd service + notify: + - Reload systemd service + - Restart irods ansible.builtin.template: src: irods.service_v{{ irods_server_version }}.j2 dest: /lib/systemd/system/irods.service @@ -79,7 +81,7 @@ owner: root group: root mode: "0600" - register: place_irods_config + register: restart_triggered - name: Configure ruleset notify: Restart irods @@ -89,6 +91,7 @@ dest: /etc/irods/core.re mode: "0644" force: false + register: restart_triggered - name: Configure hooks notify: Restart irods @@ -98,17 +101,18 @@ dest: /etc/irods/{{ item.key }}.re mode: "0644" force: false + register: restart_triggered - name: Run irods configuration script when: place_irods_config.changed notify: Restart irods ansible.builtin.command: /var/lib/irods/scripts/setup_irods.py -v --json_configuration_file /etc/irods/server_unattended_config.json failed_when: false - register: irods_config + register: restart_triggered - name: Debug config script output ansible.builtin.debug: - msg: "{{ irods_config.stdout }}" + msg: "{{ restart_triggered.stdout }}" - name: Kill test server # debug ansible.builtin.shell: killall -r "irods" @@ -120,3 +124,5 @@ enabled: true name: irods state: started + failed_when: false + when: restart_triggered is not defined # ensure the service is in state started, even if the *re*-start handler was not From dfda43a553a5561f8fcd254169a870a9283fbf34 Mon Sep 17 00:00:00 2001 From: Dawa Ometto Date: Thu, 26 Mar 2026 11:24:36 +0100 Subject: [PATCH 40/41] fix restart logic --- playbooks/roles/irods_server/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/playbooks/roles/irods_server/tasks/main.yml b/playbooks/roles/irods_server/tasks/main.yml index 20f8ba05..dfa2d839 100644 --- a/playbooks/roles/irods_server/tasks/main.yml +++ b/playbooks/roles/irods_server/tasks/main.yml @@ -104,7 +104,7 @@ register: restart_triggered - name: Run irods configuration script - when: place_irods_config.changed + when: restart_triggered.changed notify: Restart irods ansible.builtin.command: /var/lib/irods/scripts/setup_irods.py -v --json_configuration_file /etc/irods/server_unattended_config.json failed_when: false From 30be257b66618b07c0b7ece20c6476f542a4eb90 Mon Sep 17 00:00:00 2001 From: Dawa Ometto Date: Thu, 26 Mar 2026 12:16:44 +0100 Subject: [PATCH 41/41] fix json --- .../templates/server_unattended_config_v5.json.j2 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/playbooks/roles/irods_server/templates/server_unattended_config_v5.json.j2 b/playbooks/roles/irods_server/templates/server_unattended_config_v5.json.j2 index 6054e19e..2379f6d3 100644 --- a/playbooks/roles/irods_server/templates/server_unattended_config_v5.json.j2 +++ b/playbooks/roles/irods_server/templates/server_unattended_config_v5.json.j2 @@ -14,7 +14,7 @@ "irods_cwd": "/tempZone/home/rods", "irods_default_hash_scheme": "SHA256", "irods_default_number_of_transfer_threads": 4, - "irods_default_resource": {{ irods_server_default_rsc_name }}, + "irods_default_resource": "{{ irods_server_default_rsc_name }}", "irods_encryption_algorithm": "AES-256-CBC", "irods_encryption_key_size": 32, "irods_encryption_num_hash_rounds": 16, @@ -78,7 +78,7 @@ "default_dir_mode": "0750", "default_file_mode": "0600", "default_hash_scheme": "SHA256", - "default_resource_name": {{ irods_server_default_rsc_name }}, + "default_resource_name": "{{ irods_server_default_rsc_name }}", "encryption": { "algorithm": "AES-256-CBC", "key_size": 32,