Version information
This version is compatible with:
- Puppet Enterprise 2023.2.x, 2023.1.x, 2023.0.x, 2021.7.x, 2021.6.x, 2021.5.x, 2021.4.x, 2021.3.x, 2021.2.x, 2021.1.x, 2021.0.x, 2019.8.x, 2019.7.x, 2019.5.x, 2019.4.x, 2019.3.x, 2019.2.x, 2019.1.x, 2019.0.x
- Puppet >= 6.0.0 < 8.0.0
- , , ,
Start using this module
Add this module to your Puppetfile:
mod 'treydock-globus', '6.0.0'Learn more about managing modules with a PuppetfileDocumentation
puppet-globus
Overview
This module manages Globus Connect Server.
Supported Versions of Globus
Currently this module supports Globus 4.x and 5.4.
| Globus Version | Globus Puppet module versions |
|---|---|
| 4.x | 3.x |
| 4.x & 5.3 | 4.x |
| 4.x & 5.4 | 5.x-6.x |
Upgrading to module version 5.x
Going from a version of this module prior to 5.0.0 to 5.x and using Globus v5 requires manual upgrade be performed.
See Globus v5.4 Migration Guide for details.
For sites using Globus v4 it's necessary to set globus::version to 4 in order to continue using Globus v4 as the default version was changed.
For sites using Globus v5.3 and upgrading this module 5.x, it's expected you are also upgrading to Globus v5.4. The parameters completely changed for Globus v5 support so see the examples below for changes needed and required parameters.
Usage
Globus v5.4
The steps performed by this module are to install Globus and run the globus endpoint setup and globus node setup commands.
The following is the minimum parameters that must be passed to setup Globus v5.4.
class { 'globus':
display_name => 'REPLACE My Site Globus',
client_id => 'REPLACE-client-id-from-globus',
client_secret => 'REPLACE-client-id-from-globus',
owner => 'REPLACE-user@example.com',
organization => 'REPLACE-My Site',
}
Globus v4
Install and configure a Globus IO endpoint that uses OAuth. This example assumes host cert/key will not be provided by Globus.
class { 'globus':
include_id_server => false,
globus_user => 'myusername',
globus_password => 'password',
endpoint_name => 'myorg',
endpoint_public => true,
myproxy_server => 'myproxy.example.com:7512',
oauth_server => 'myproxy.example.com',
security_identity_method => 'OAuth',
security_fetch_credentials_from_relay => false,
security_certificate_file => '/etc/grid-security/hostcert.pem',
security_key_file => '/etc/grid-security/hostkey.pem',
gridftp_server => $::fqdn,
gridftp_restrict_paths => ['RW~','N~/.*','RW/project'],
# Example of extra settings
extra_gridftp_settings => [
'log_level ALL',
'log_single /var/log/gridftp-auth.log',
'log_transfer /var/log/gridftp-transfer.log',
],
}
This is an example of setting up a system that acts as both MyProxy and OAuth host. This example assumes the host cert/key are not provided by Globus.
class { 'globus':
include_io_server => false,
include_id_server => true,
include_oauth_server => true,
globus_user => 'myusername',
globus_password => 'password',
endpoint_name => 'myorg',
endpoint_public => true,
myproxy_server => 'myproxy.example.com:7512',
oauth_server => 'myproxy.example.com',
security_identity_method => 'OAuth',
security_fetch_credentials_from_relay => false,
security_certificate_file => '/etc/grid-security/hostcert.pem',
security_key_file => '/etc/grid-security/hostkey.pem',
}
Below is an example of setting up the IO server to use CILogon.
class { 'globus':
include_id_server => false,
globus_user => 'myusername',
globus_password => 'password',
endpoint_name => 'myorg',
endpoint_public => true,
myproxy_server => 'myproxy.example.com:7512',
oauth_server => 'myproxy.example.com',
security_identity_method => 'CILogon',
security_cilogon_identity_provider => 'My Org',
security_fetch_credentials_from_relay => false,
security_certificate_file => '/etc/grid-security/hostcert.pem',
security_key_file => '/etc/grid-security/hostkey.pem',
gridftp_server => $::fqdn,
gridftp_restrict_paths => ['RW~','N~/.*','RW/project'],
# Example of extra settings
extra_gridftp_settings => [
'log_level ALL',
'log_single /var/log/gridftp-auth.log',
'log_transfer /var/log/gridftp-transfer.log',
],
}
Below is an example of what would be required to setup Globus GridFTP to also work with OSG GridFTP. This example has not been verified since OSG 3.3. OSG module referenced: https://github.com/treydock/puppet-osg
include ::osg
include ::osg::gridftp
class { '::globus':
manage_service => false,
include_id_server => false,
remove_cilogon_cron => true,
extra_gridftp_settings => [
'log_level ALL'
'log_single /var/log/gridftp-auth.log'
'log_transfer /var/log/gridftp.log'
'$LLGT_LOG_IDENT "gridftp-server-llgt"'
'$LCMAPS_DB_FILE "/etc/lcmaps.db"'
'$LCMAPS_POLICY_NAME "authorize_only"'
'$LLGT_LIFT_PRIVILEGED_PROTECTION "1"'
'$LCMAPS_DEBUG_LEVEL "2"'
'$FTPNOSORT 1'
],
first_gridftp_callback => '|globus_mapping liblcas_lcmaps_gt4_mapping.so lcmaps_callout',
}
# Add globus repo before installing OSG GridFTP
Yumrepo['Globus-Toolkit'] -> Package['osg-gridftp']
# Apply OSG GridFTP before Globus
Package['osg-gridftp'] -> Class['::globus::install']
Globus CLI
To install the Globus CLI to /opt/globus-cli and create symlink for executable at /usr/bin/globus:
include globus::cli
Globus SDK
To install the Globus SDK to /opt/globus-sdk:
include globus::sdk
Facts
The globus_info fact exposes the information stored in /var/lib/globus-connect-server/info.json. Example:
# facter -p globus_info
{
endpoint_id => "1c6b6e6a-3791-4213-b3e6-00000001",
domain_name => "00000001.8443.data.globus.org",
manager_version => "5.4.11",
DATA_TYPE => "info#1.0.0",
client_id => "1c6b6e6a-3791-4213-b3e6-00000001",
api_version => "1.3.0"
}
Reference
http://treydock.github.io/puppet-module-globus/
Compatibility
Tested using
- RedHat/CentOS 7
- RedHat/CentOS 8
- Debian 9
- Debian 10
- Ubuntu 18.04
- Ubuntu 20.04
Limitations
At this time globus::cli and globus::sdk are not supported on Ubuntu 20.04 due to limitations in the Python module
Reference
Table of Contents
Classes
Public Classes
globus: Manage Globusglobus::cli: Manage Globus CLIglobus::sdk: Manage Globus SDK
Private Classes
globus::config: Manage globus configsglobus::install: manage Globus installglobus::python: Manage Globus Python dependencyglobus::repo::deb: Manage globus repoglobus::repo::el: Manage globus repoglobus::service: Manage Globus serviceglobus::user: Manage globus user and group
Resource types
globus_connect_config: Section/setting name to manage from /etc/globus-connect-server.conf
Functions
Classes
globus
Manage Globus
Examples
Install and setup a Globus v5.4 endpoint
class { 'globus':
display_name => 'REPLACE My Site Globus',
client_id => 'REPLACE-client-id-from-globus',
client_secret => 'REPLACE-client-id-from-globus',
owner => 'REPLACE-user@example.com',
}
Parameters
The following parameters are available in the globus class.
version
Data type: Variant[Enum['4','5'],Integer[4,5]]
Major version of Globus to install. Only needed to install Globus v4
Default value: '5'
include_io_server
Data type: Boolean
Setup Globus v4 IO server Globus v4 only
Default value: true
include_id_server
Data type: Boolean
Setup Globus v4 ID server Globus v4 only
Default value: true
include_oauth_server
Data type: Boolean
Setup Globus v4 OAuth server Globus v4 only
Default value: false
release_url
Data type: Variant[Stdlib::Httpsurl, Stdlib::Httpurl]
Release URL of Globus release RPM Globus v4 & v5
Default value: 'https://downloads.globus.org/toolkit/globus-connect-server/globus-connect-server-repo-latest.noarch.rpm'
toolkit_repo_baseurl
Data type: Variant[Stdlib::Httpsurl, Stdlib::Httpurl]
Globus Toolkit RPM repo baseurl Globus v4 & v5
Default value: "https://downloads.globus.org/toolkit/gt6/stable/rpm/el/${facts['os']['release']['major']}/\$basearch/"
toolkit_repo_testing_baseurl
Data type: Variant[Stdlib::Httpsurl, Stdlib::Httpurl]
Globus Toolkit testing RPM repo baseurl Globus v4 & v5
Default value: "https://downloads.globus.org/toolkit/gt6/testing/rpm/el/${facts['os']['release']['major']}/\$basearch/"
gcs_repo_baseurl
Data type: Variant[Stdlib::Httpsurl, Stdlib::Httpurl]
Globus Connect Server repo baseurl Globus v4 & v5
Default value: "https://downloads.globus.org/globus-connect-server/stable/rpm/el/${facts['os']['release']['major']}/\$basearch/"
gcs_repo_testing_baseurl
Data type: Variant[Stdlib::Httpsurl, Stdlib::Httpurl]
Globus v5 testing repo baseurl Globus v4 & v5
Default value: "https://downloads.globus.org/globus-connect-server/testing/rpm/el/${facts['os']['release']['major']}/\$basearch/"
enable_testing_repos
Data type: Boolean
Boolean that sets if testing repos should be added
Default value: false
extra_gridftp_settings
Data type: Array
Additional settings for GridFTP Globus v4 & v5
Default value: []
first_gridftp_callback
Data type: Optional[String]
Used when running GridFTP from Globus with OSG, see README. Globus v4 only
Default value: undef
manage_service
Data type: Boolean
Boolean to set if globus-gridftp-server service is managed Globus v4 & v5
Default value: true
run_setup_commands
Data type: Boolean
Boolean to set if the commands to setup Globus are run (v4 and v5) Globus v4 & v5
Default value: true
manage_firewall
Data type: Boolean
Boolean to set if firewall rules are managed by this module Globus v4 & v5
Default value: true
manage_epel
Data type: Boolean
Boolean to set if EPEL is managed by this repo Globus v4 & v5
Default value: true
repo_dependencies
Data type: Array
Additional repo dependencies Globus v4 only
Default value: ['yum-plugin-priorities']
manage_user
Data type: Boolean
Boolean to set if the gcsweb user and group are managed by this module Globus v5 only
Default value: true
group_gid
Data type: Optional[Integer]
The gcsweb group GID Globus v5 only
Default value: undef
user_uid
Data type: Optional[Integer]
The gcsweb user UID Globus v5 only
Default value: undef
package_name
Data type: String
Globus v5 package name
Default value: 'globus-connect-server54'
display_name
Data type: Optional[String]
Display name to use when running 'globus-connect-server endpoint setup' Globus v5 only
Default value: undef
client_id
Data type: Optional[String]
--client-id use when running 'globus-connect-server endpoint setup' Globus v5 only
Default value: undef
client_secret
Data type: Optional[String]
--client-secret use when running 'globus-connect-server endpoint setup' Globus v5 only
Default value: undef
owner
Data type: Optional[String]
--owner use when running 'globus-connect-server endpoint setup' Globus v5 only
Default value: undef
organization
Data type: Optional[String]
--organization use when running 'globus-connect-server endpoint setup' Globus v5 only
Default value: undef
deployment_key
Data type: Stdlib::Absolutepath
--deployment-key use when running 'globus-connect-server endpoint setup' The parent directory of this path must be writable by gcsweb user Globus v5 only
Default value: '/var/lib/globus-connect-server/gcs-manager/deployment-key.json'
keywords
Data type: Optional[Array]
--keywords use when running 'globus-connect-server endpoint setup' Globus v5 only
Default value: undef
department
Data type: Optional[String]
--department use when running 'globus-connect-server endpoint setup' Globus v5 only
Default value: undef
contact_email
Data type: Optional[String]
--contact-email use when running 'globus-connect-server endpoint setup' Globus v5 only
Default value: undef
contact_info
Data type: Optional[String]
--contact-info use when running 'globus-connect-server endpoint setup' Globus v5 only
Default value: undef
info_link
Data type: Optional[String]
--info-link use when running 'globus-connect-server endpoint setup' Globus v5 only
Default value: undef
description
Data type: Optional[String]
--description use when running 'globus-connect-server endpoint setup' Globus v5 only
Default value: undef
public
Data type: Boolean
When false pass --private flag to 'globus-connect-server endpoint setup' Globus v5 only
Default value: true
incoming_port_range
Data type: Array[Stdlib::Port, 2, 2]
--incoming-port-range use when running 'globus-connect-server node setup' Globus v5 only
Default value: [50000, 51000]
outgoing_port_range
Data type: Optional[Array[Stdlib::Port, 2, 2]]
--outgoing-port-range use when running 'globus-connect-server node setup' Globus v5 only
Default value: undef
ip_address
Data type: Optional[Stdlib::IP::Address]
--ip-address use when running 'globus-connect-server node setup' Globus v5 only
Default value: undef
export_node
Data type: Optional[Stdlib::Absolutepath]
--export-node use when running 'globus-connect-server node setup' Globus v5 only
Default value: undef
import_node
Data type: Optional[Stdlib::Absolutepath]
--import-node use when running 'globus-connect-server node setup' Globus v5 only
Default value: undef
globus_user
Data type: String
See globus-connect-server.conf Globus/User Globus v4 only
Default value: '%(GLOBUS_USER)s'
globus_password
Data type: String
See globus-connect-server.conf Globus/Password Globus v4 only
Default value: '%(GLOBUS_PASSWORD)s'
endpoint_name
Data type: String
See globus-connect-server.conf Endpoint/Name Globus v4 only
Default value: $::hostname
endpoint_public
Data type: Boolean
See globus-connect-server.conf Endpoint/Public Globus v4 only
Default value: false
endpoint_default_directory
Data type: String
See globus-connect-server.conf Endpoint/DefaultDirectory Globus v4 only
Default value: '/~/'
security_fetch_credentials_from_relay
Data type: Boolean
See globus-connect-server.conf Security/FetchCredentialFromRelay Globus v4 only
Default value: true
security_certificate_file
Data type: Stdlib::Absolutepath
See globus-connect-server.conf Security/CertificateFile Globus v4 only
Default value: '/var/lib/globus-connect-server/grid-security/hostcert.pem'
security_key_file
Data type: Stdlib::Absolutepath
See globus-connect-server.conf Security/KeyFile Globus v4 only
Default value: '/var/lib/globus-connect-server/grid-security/hostkey.pem'
security_trusted_certificate_directory
Data type: Stdlib::Absolutepath
See globus-connect-server.conf Security/TrustedCertificateDirectory Globus v4 only
Default value: '/var/lib/globus-connect-server/grid-security/certificates/'
security_identity_method
Data type: Enum['MyProxy', 'OAuth', 'CILogon']
See globus-connect-server.conf Security/IdentityMethod Globus v4 only
Default value: 'MyProxy'
security_authorization_method
Data type: Optional[Enum['MyProxyGridmapCallout','CILogon','Gridmap']]
See globus-connect-server.conf Security/AuthorizationMethod Globus v4 only
Default value: undef
security_gridmap
Data type: Optional[Stdlib::Absolutepath]
See globus-connect-server.conf Security/Gridmap Globus v4 only
Default value: undef
security_cilogon_identity_provider
Data type: Optional[String]
See globus-connect-server.conf Security/IdentityProvider Globus v4 only
Default value: undef
gridftp_server
Data type: Optional[String]
See globus-connect-server.conf GridFTP/Server Globus v4 only
Default value: undef
gridftp_server_port
Data type: Stdlib::Port
See globus-connect-server.conf GridFTP/ServerPort Globus v4
Default value: 2811
gridftp_server_behind_nat
Data type: Boolean
See globus-connect-server.conf GridFTP/ServerBehindNat Globus v4 only
Default value: false
gridftp_incoming_port_range
Data type: Array[Stdlib::Port, 2, 2]
See globus-connect-server.conf GridFTP/IncomingPortRange Globus v4 only
Default value: [50000, 51000]
gridftp_outgoing_port_range
Data type: Optional[Array[Stdlib::Port, 2, 2]]
See globus-connect-server.conf GridFTP/OutgoingPortRange Globus v4 only
Default value: undef
gridftp_data_interface
Data type: Optional[String]
See globus-connect-server.conf GridFTP/DataInterface Globus v4 only
Default value: undef
gridftp_restrict_paths
Data type: Array
See globus-connect-server.conf GridFTP/RestrictPaths Globus v4 only
Default value: ['RW~', 'N~/.*']
gridftp_sharing
Data type: Boolean
See globus-connect-server.conf GridFTP/Sharing Globus v4 only
Default value: false
gridftp_sharing_restrict_paths
Data type: Optional[Array]
See globus-connect-server.conf GridFTP/SharingRestrictPaths Globus v4 only
Default value: undef
gridftp_sharing_state_dir
Data type: String
See globus-connect-server.conf GridFTP/SharingStateDir Globus v4 only
Default value: '$HOME/.globus/sharing'
gridftp_sharing_users_allow
Data type: Optional[Array]
See globus-connect-server.conf GridFTP/UsersAllow Globus v4 only
Default value: undef
gridftp_sharing_groups_allow
Data type: Optional[Array]
See globus-connect-server.conf GridFTP/GroupsAllow Globus v4 only
Default value: undef
gridftp_sharing_users_deny
Data type: Optional[Array]
See globus-connect-server.conf GridFTP/UsersDeny Globus v4 only
Default value: undef
gridftp_sharing_groups_deny
Data type: Optional[Array]
See globus-connect-server.conf GridFTP/GroupsDeny Globus v4 only
Default value: undef
myproxy_server
Data type: Optional[String]
See globus-connect-server.conf MyProxy/Server Globus v4 only
Default value: undef
myproxy_server_port
Data type: Stdlib::Port
See globus-connect-server.conf MyProxy/ServerPort Globus v4 only
Default value: 7512
myproxy_server_behind_nat
Data type: Boolean
See globus-connect-server.conf MyProxy/ServerBehindNAT Globus v4 only
Default value: false
myproxy_ca_directory
Data type: Stdlib::Absolutepath
See globus-connect-server.conf MyProxy/CADirectory Globus v4 only
Default value: '/var/lib/globus-connect-server/myproxy-ca'
myproxy_config_file
Data type: Stdlib::Absolutepath
See globus-connect-server.conf MyProxy/ConfigFile Globus v4 only
Default value: '/var/lib/globus-connect-server/myproxy-server.conf'
myproxy_ca_subject_dn
Data type: Optional[String]
See globus-connect-server.conf MyProxy/CaSubjectDN Globus v4 only
Default value: undef
myproxy_firewall_sources
Data type: Array
Sources to open in firewall for MyProxy Globus v4 only
Default value: ['174.129.226.69', '54.237.254.192/29']
oauth_server
Data type: Optional[String]
See globus-connect-server.conf OAuth/Server Globus v4 only
Default value: undef
oauth_server_behind_firewall
Data type: Boolean
See globus-connect-server.conf OAuth/ServerBehindFirewall Globus v4 only
Default value: false
oauth_stylesheet
Data type: Optional[String]
See globus-connect-server.conf OAuth/Stylesheet Globus v4 only
Default value: undef
oauth_logo
Data type: Optional[String]
See globus-connect-server.conf OAuth/Logo Globus v4 only
Default value: undef
globus::cli
Manage Globus CLI
Examples
include ::globus::cli
Parameters
The following parameters are available in the globus::cli class.
ensure
Data type: String[1]
The ensure parameter for PIP installed CLI
Default value: 'present'
install_path
Data type: Stdlib::Absolutepath
Path to install Globus CLI virtualenv
Default value: '/opt/globus-cli'
manage_python
Data type: Boolean
Boolean to set if Python is managed by this class
Default value: true
timer_ensure
Data type: String[1]
Set globus-timer-cli ensure value
Default value: 'absent'
globus::sdk
Manage Globus SDK
Examples
include globus::sdk
Parameters
The following parameters are available in the globus::sdk class.
ensure
Data type: String[1]
The ensure parameter for PIP installed SDK
Default value: 'present'
install_path
Data type: Stdlib::Absolutepath
Path to install Globus CLI virtualenv
Default value: '/opt/globus-sdk'
manage_python
Data type: Boolean
Boolean to set if Python is managed by this class
Default value: true
Resource types
globus_connect_config
Section/setting name to manage from /etc/globus-connect-server.conf
Properties
The following properties are available in the globus_connect_config type.
ensure
Valid values: present, absent
The basic property that the resource should be in.
Default value: present
value
Valid values: %r{^[\S ]*$}
The value of the setting to be defined.
Parameters
The following parameters are available in the globus_connect_config type.
name
namevar
Section/setting name to manage from /etc/globus-connect-server.conf
provider
The specific backend to use for this globus_connect_config resource. You will seldom need to specify this --- Puppet
will usually discover the appropriate provider for your platform.
secret
Valid values: true, false
Whether to hide the value from Puppet logs. Defaults to false.
Default value: false
Functions
globus::endpoint_setup_args
Type: Ruby 4.x API
The globus::endpoint_setup_args function.
globus::endpoint_setup_args(Hash $values)
The globus::endpoint_setup_args function.
Returns: Any
values
Data type: Hash
globus::node_setup_args
Type: Ruby 4.x API
The globus::node_setup_args function.
globus::node_setup_args(Hash $values)
The globus::node_setup_args function.
Returns: Any
values
Data type: Hash
Change log
All notable changes to this project will be documented in this file. The format is based on Keep a Changelog and this project adheres to Semantic Versioning.
v6.0.0 (2021-09-07)
Changed
Added
- Support globus::cli and globus::sdk on ubuntu 20.04 #28 (treydock)
- Update module dependency ranges #27 (treydock)
- Support installing globus-timer-cli #24 (treydock)
Fixed
v5.2.0 (2020-12-29)
Added
v5.1.0 (2020-12-29)
Added
v5.0.0 (2020-12-14)
Changed
- Rename repo baseurl parameters #18 (treydock)
- BREAKING Switch default to Globus v5.4, numerous parameter changes #17 (treydock)
Added
Fixed
v4.2.0 (2020-11-18)
Added
v4.1.0 (2019-11-14)
Added
v4.0.0 (2019-10-30)
Changed
Added
v3.0.1 (2019-07-09)
Fixed
v3.0.0 (2019-05-15)
Changed
Added
- Use PDK #8 (treydock)
- Use puppet strings #7 (treydock)
- Support Puppet 5 and 6 and update module dependency versions #5 (treydock)
2.1.0 (2019-05-14)
Added
- Use beaker4 and update some module development files #4 (treydock)
- add setting of MyProxy CaSubjectDN #3 (gtallan)
- Allow epel management to be disabled #2 (treydock)
2.0.1 (2017-10-28)
2.0.0 (2017-10-26)
1.0.0 (2017-10-26)
0.0.1 (2017-10-26)
* This Changelog was automatically generated by github_changelog_generator
Dependencies
- puppetlabs/stdlib (>= 5.0.0 <9.0.0)
- puppetlabs/apt (>= 7.5.0 <9.0.0)
- puppetlabs/inifile (>= 1.0.0 <6.0.0)
- puppetlabs/firewall (>= 1.0.0 <4.0.0)
- puppet/epel (>= 3.0.0 <4.0.0)
- puppet/python (>= 4.0.0 <7.0.0)
Copyright (C) 2017 Trey Dockendorf treydock@gmail.com
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.