training-server.yml

# Production tuning of server limits.conf, Postgres and NGINX required, but this will install a minimal OMERO server,
# OMERO.web with NGINX and systemd configuration controlling both.

# Install the latest release, including PostgreSQL on the same server

# users-to-be-added to come from host_vars

- hosts: training-server
  roles:
  - role: omero-server
    # Taking this from the openstack playbook os-omero.yml, to install the systemd config.
    omero_systemd_setup: True

  vars:
  - postgresql_users_databases:
    - user: omero
      password: omero
      databases: [omero]
  - users_to_control_omero:
      - "centos"
  - users_to_be_added:
      - "fm1"
      - "fm2"
  - users_password: "invalid"
  - fm_groupname: "facility-managers"

  tasks:
  - name: training-server | add operating system group for trainers
    become: true
    group:
      name: trainers
      state: present

  - name: training-server | add sample images folder
    become: true
    file:
      path: /var/sample-images
      owner: root
      group: trainers
      mode: 0775
      state: directory

  - name: training-server | add operating system group for facility managers
    become: true
    group:
      name: facility-managers
      state: present

  - name: training-server | add facility manager operating system users
    become: true
    user:
     name: "{{item}}"
     state: present
     groups: users,{{ fm_groupname }}
     password: "{{ users_password  }}"
    with_items: "{{ users_to_be_added }}"

  - name: training-server | add symlinks to sample images in fm users homedirs
    become: true
    file:
      path: ~{{ item }}/sample-images
      owner: root
      src: /var/sample-images
      state: link
    with_items: "{{ users_to_be_added }}"

  - name: training-server | add OMERO.DropBox folders
    become: true
    file:
      path: /OMERO/DropBox/{{ item }}
      owner: omero
      group: "{{ fm_groupname  }}"
      mode: 0775
      state: directory
    with_items: "{{ users_to_be_added }}"

  - name: training-server | allow OMERO user sudo by list of users in variable
    become: true
    lineinfile:
      dest: /etc/sudoers
      state: present
      line: '{{ item }} ALL=(omero:omero) NOPASSWD:ALL'
      validate: 'visudo -cf %s'
    with_items: "{{ users_to_control_omero }}"

  - name: training-server | allow OMERO service control by list of users in variable
    become: true
    lineinfile:
      dest: /etc/sudoers
      state: present
      line: '{{ item }} ALL=(root) NOPASSWD:/usr/bin/systemctl ?* omero.service, /usr/bin/systemctl ?* omero-web.service'
      validate: 'visudo -cf %s'
    with_items: "{{ users_to_control_omero }}"