Imported ansible-airavata repo to airavata repo
Project: http://git-wip-us.apache.org/repos/asf/airavata/repo Commit: http://git-wip-us.apache.org/repos/asf/airavata/commit/514567c8 Tree: http://git-wip-us.apache.org/repos/asf/airavata/tree/514567c8 Diff: http://git-wip-us.apache.org/repos/asf/airavata/diff/514567c8 Branch: refs/heads/develop Commit: 514567c8baeb61846c198a7b111f988bab037284 Parents: 7071ef1 f513f56 Author: Shameera Rathnayaka <[email protected]> Authored: Fri Sep 23 21:55:35 2016 -0400 Committer: Shameera Rathnayaka <[email protected]> Committed: Fri Sep 23 21:58:00 2016 -0400 ---------------------------------------------------------------------- dev-tools/ansible/NOTE | 5 + dev-tools/ansible/README.md | 31 + dev-tools/ansible/group_vars/all.yml | 88 +++ dev-tools/ansible/hosts | 26 + .../files/mysql-connector-java-5.1.37-bin.jar | Bin 0 -> 985603 bytes .../ansible/roles/api-orch/handlers/main.yml | 14 + dev-tools/ansible/roles/api-orch/tasks/main.yml | 71 ++ .../templates/airavata-server.properties.j2 | 281 ++++++++ .../api-orch/templates/gfac-config.yaml.j2 | 111 +++ .../ansible/roles/common/files/airavata.jks | Bin 0 -> 2289 bytes .../ansible/roles/common/files/airavata_sym.jks | Bin 0 -> 501 bytes dev-tools/ansible/roles/common/tasks/main.yml | 55 ++ dev-tools/ansible/roles/common/vars/main.yml | 4 + .../ansible/roles/database/handlers/main.yml | 14 + dev-tools/ansible/roles/database/tasks/main.yml | 60 ++ .../roles/database/tasks/secure_install.yml | 23 + .../ansible/roles/database/templates/my.cnf.j2 | 4 + dev-tools/ansible/roles/database/vars/main.yml | 21 + .../ansible/roles/env_setup/tasks/main.yml | 28 + .../ansible/roles/env_setup/tasks/redhat.yml | 12 + .../files/mysql-connector-java-5.1.37-bin.jar | Bin 0 -> 985603 bytes dev-tools/ansible/roles/gfac/handlers/main.yml | 8 + dev-tools/ansible/roles/gfac/tasks/main.yml | 67 ++ .../templates/airavata-server.properties.j2 | 281 ++++++++ .../roles/gfac/templates/gfac-config.yaml.j2 | 111 +++ dev-tools/ansible/roles/java/tasks/main.yml | 21 + dev-tools/ansible/roles/java/vars/main.yml | 15 + dev-tools/ansible/roles/pga/handlers/main.yml | 13 + dev-tools/ansible/roles/pga/tasks/main.yml | 112 +++ .../ansible/roles/pga/templates/httpd.conf.j2 | 353 ++++++++++ .../roles/pga/templates/pga_config.php.j2 | 248 +++++++ dev-tools/ansible/roles/pga/vars/main.yml | 30 + .../ansible/roles/rabbitmq/handlers/main.yml | 13 + dev-tools/ansible/roles/rabbitmq/tasks/main.yml | 60 ++ dev-tools/ansible/roles/rabbitmq/vars/main.yml | 2 + .../files/mysql-connector-java-5.1.37-bin.jar | Bin 0 -> 985603 bytes dev-tools/ansible/roles/registry/tasks/main.yml | 59 ++ .../templates/airavata-server.properties.j2 | 281 ++++++++ dev-tools/ansible/roles/wso2_is/tasks/main.yml | 41 ++ .../roles/wso2_is/templates/carbon.xml.j2 | 688 +++++++++++++++++++ dev-tools/ansible/roles/wso2_is/vars/main.yml | 18 + .../ansible/roles/zookeeper/handlers/main.yml | 12 + .../ansible/roles/zookeeper/tasks/main.yml | 34 + .../roles/zookeeper/templates/zoo.cfg.j2 | 28 + .../zookeeper/templates/zookeeper.service.j2 | 15 + dev-tools/ansible/roles/zookeeper/vars/main.yml | 17 + dev-tools/ansible/site.yml | 76 ++ 47 files changed, 3451 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/airavata/blob/514567c8/dev-tools/ansible/NOTE ---------------------------------------------------------------------- diff --cc dev-tools/ansible/NOTE index 0000000,0000000..b4979b5 new file mode 100644 --- /dev/null +++ b/dev-tools/ansible/NOTE @@@ -1,0 -1,0 +1,5 @@@ ++#Bind to 'hostname -f' output to access from outside. ++ ++#aws ++add new tcp rule under associate security group to open ports ++disable or add firewall rule to open ports http://git-wip-us.apache.org/repos/asf/airavata/blob/514567c8/dev-tools/ansible/README.md ---------------------------------------------------------------------- diff --cc dev-tools/ansible/README.md index 0000000,0000000..f497fb5 new file mode 100644 --- /dev/null +++ b/dev-tools/ansible/README.md @@@ -1,0 -1,0 +1,31 @@@ ++# airavata-ansible ++ ++Ansible script to deploy Apache Airavata ++ ++## Support OS ++ ++- Centos 7 ++ ++## Roles ++ ++- **env_setup** :- Create user and group, install oracle java 8 ++- **zookeeper** :- Download and install zookeeper. ++- **rabbitmq** :- Download and install rabbitmq as service. ++- **common** :- Checkout Airavata source from git and run maven build. Move keystore files. ++- **gfac** :- Setup Gfac deployment and Change configurations. ++- **api-orch** :- Setup Api-Orch deployment and Change configurations. ++- **pga** :- Deploy Airavata PHP Gateway._(Under development)_ ++ ++## Useful commands ++ ++- `ansible-playbook -i hosts site.yml` ++- `ansible-playbook -i hosts site.yml -t "tags"` ++- `ansible-playbook -i hosts site.yml --start-at-task="name of the ansible task"` ++ ++To deploy pga run following. see site.yml (playbook) file for other available tags. ++ ++- `ansible-playbook -i hosts site.yml -t "pga"` ++ ++## Configurations ++ ++- Set correct private key file to `ansible_ssh_private_key_file` property in group_vars/all http://git-wip-us.apache.org/repos/asf/airavata/blob/514567c8/dev-tools/ansible/group_vars/all.yml ---------------------------------------------------------------------- diff --cc dev-tools/ansible/group_vars/all.yml index 0000000,0000000..5a159c3 new file mode 100644 --- /dev/null +++ b/dev-tools/ansible/group_vars/all.yml @@@ -1,0 -1,0 +1,88 @@@ ++--- ++ansible_connection: ssh ++# ansible_ssh_user: centos ++ansible_ssh_user: root ++ansible_ssh_private_key_file: /Users/syodage/Projects/airavata-ansible/dev-deployment-key.pem ++# ansible_ssh_private_key_file: /Users/syodage/Projects/airavata-ansible/shameera-aws.pem.txt ++ ++user: centos ++group: centos ++user_home: "/home/{{ user }}" ++ ++# deployment related variables ++deployment_dir: "{{ user_home }}/dev-deployment" ++airavata_source_dir: "{{ user_home }}/source" ++airavata_dist: "apache-airavata-server-0.17-SNAPSHOT" ++airavata_dist_name: "{{ airavata_dist }}-bin.tar.gz" ++git_branch: develop ++ ++# Database related variables ++db_server: "{{ groups['database'][0] }}" ++db_server_port: "3306" ++db_user: "airavata" ++db_password: "airavata" ++app_catalog: "app_catalog" ++exp_catalog: "exp_catalog" ++replica_catalog: "replica_catalog" ++workflow_catalog: "wf_catalog" ++credential_store: "credential_store" ++ ++mysql_connector_jar: "mysql-connector-java-5.1.37-bin.jar" ++ ++# Rabbitmq related vareables ++rabbitmq_server: "{{ groups['rabbitmq'][0] }}" ++rabbitmq_vhost: "develop" ++rabbitmq_user: "airavata" ++rabbitmq_password: "airavata" ++rabbitmq_port: "5672" ++rabbitmq_broker_url: "amqp://{{ rabbitmq_user }}:{{ rabbitmq_password }}@{{ rabbitmq_server}}:{{ rabbitmq_port }}/{{ rabbitmq_vhost }}" ++ ++# Zoookeeper related variables ++zookeeper_client_port: 2181 ++zookeeper_url: "{{ groups['zookeeper'][0] }}:{{ zookeeper_client_port }}" ++# API Server related variables ++api_server_name: "apiserver-node0" ++api_server_host: "{{ansible_fqdn}}" ++api_server_port: "8930" ++api_secured: "false" ++tls_enable: "false" ++api_server_tls_port: "9930" ++enable_sharing: "false" ++ ++# Orchestrator related variables ++orchestrator_name: "orchestrator-node0" ++orchestrator_host: "{{ansible_fqdn}}" ++orchestrator_port: "8940" ++api_orch_dir: "{{ deployment_dir }}/api-orchestrator" ++ ++# registry related variables ++registry_name: regserver-node0 ++registry_host: "{{groups['registry'][0]}}" ++registry_port: 8970 ++registry_dir: "{{ deployment_dir }}/registry" ++default_gateway: "php_reference_gateway" ++ ++# Credential and keystore related variables ++#authorization_server: "https://{{ groups['wso2is'][0]}}:9443/services/" ++authorization_server: "https://idp.scigap.org:9443/services/"; ++keystore: "airavata.jks" ++keystore_passwd: "airavata" ++#client_truststore: "client_truststore.jks" ++client_truststore: "airavata.jks" ++client_truststore_passwd: "airavata" ++cred_keystore: "airavata_sym.jks" ++cred_keystore_passwd: "airavata" ++cred_keystore_alias: "airavata" ++cred_store_server_host: "{{ ansible_fqdn }}" ++cred_store_port: "8960" ++keystores_location: "{{ deployment_dir }}/keystores" ++ ++# Gfac related variables ++gfac_name: "gfac-node0" ++gfac_host: "{{ ansible_fqdn }}" ++gfac_port: "8950" ++gfac_dir: "{{ deployment_dir }}/gfac-instance" ++ ++# Monitoring variables ++monitor_email_address: "[email protected]" ++monitor_email_password: "airavata" http://git-wip-us.apache.org/repos/asf/airavata/blob/514567c8/dev-tools/ansible/hosts ---------------------------------------------------------------------- diff --cc dev-tools/ansible/hosts index 0000000,0000000..4fc8675 new file mode 100644 --- /dev/null +++ b/dev-tools/ansible/hosts @@@ -1,0 -1,0 +1,26 @@@ ++--- ++# inventory file : production ++ ++[zookeeper] ++54.221.13.4 ++ ++[rabbitmq] ++54.221.13.4 ++ ++[database] ++54.196.189.115 ++ ++[wso2is] ++#52.87.209.219 ++ ++[registry] ++54.89.119.195 ++ ++[api-orch] ++54.89.119.195 ++ ++[gfac] ++54.165.169.111 ++ ++[pga] ++#54.237.220.234 http://git-wip-us.apache.org/repos/asf/airavata/blob/514567c8/dev-tools/ansible/roles/api-orch/files/mysql-connector-java-5.1.37-bin.jar ---------------------------------------------------------------------- diff --cc dev-tools/ansible/roles/api-orch/files/mysql-connector-java-5.1.37-bin.jar index 0000000,0000000..465af67 new file mode 100644 Binary files differ http://git-wip-us.apache.org/repos/asf/airavata/blob/514567c8/dev-tools/ansible/roles/api-orch/handlers/main.yml ---------------------------------------------------------------------- diff --cc dev-tools/ansible/roles/api-orch/handlers/main.yml index 0000000,0000000..a2288d9 new file mode 100644 --- /dev/null +++ b/dev-tools/ansible/roles/api-orch/handlers/main.yml @@@ -1,0 -1,0 +1,14 @@@ ++--- ++ ++# Api server, Orchestrator related handlers ++- name: start api-orch ++ command: ./bin/airavata-server-start.sh api-orch -d ++ chdir="{{ api_orch_dir }}/{{ airavata_dist }}/" ++ creates="{{ api_orch_dir }}/{{ airavata_dist }}/bin/server_start_*" ++ ++- name: stop api-orch ++ command: ./bin/airavata-server-stop.sh -f ++ chdir="{{ api_orch_dir }}/{{ airavata_dist }}/" ++ removes="{{ api_orch_dir }}/{{ airavata_dist }}/bin/server_start_*" ++ ++... http://git-wip-us.apache.org/repos/asf/airavata/blob/514567c8/dev-tools/ansible/roles/api-orch/tasks/main.yml ---------------------------------------------------------------------- diff --cc dev-tools/ansible/roles/api-orch/tasks/main.yml index 0000000,0000000..c9c5227 new file mode 100644 --- /dev/null +++ b/dev-tools/ansible/roles/api-orch/tasks/main.yml @@@ -1,0 -1,0 +1,71 @@@ ++--- ++################################################################################ ++# api-orch deployment ++- name: Create api-orchestrator deployment directory ++ file: path="{{ api_orch_dir }}" state=directory owner="{{ user }}" group="{{ group }}" ++ when: build|success ++ ++- name: Check previous deployments ++ stat: path="{{ api_orch_dir }}/{{ airavata_dist }}" get_md5=no get_checksum=no ++ register: check ++ ++- name: stop api-orch ++ command: ./bin/airavata-server-stop.sh -f ++ chdir="{{ api_orch_dir }}/{{ airavata_dist }}/" ++ removes="{{ api_orch_dir }}/{{ airavata_dist }}/bin/server_start_*" ++ when: check.stat.exists == True ++ ++- name: Delete previous deployments ++ file: path="{{ api_orch_dir }}/{{ airavata_dist }}" state=absent ++ ++- name: Copy distribution to api-orcheatrator deployment directory ++ unarchive: src="{{ airavata_source_dir }}/modules/distribution/target/{{ airavata_dist_name }}" ++ dest="{{ api_orch_dir }}/" ++ copy=no ++ ++- name: set api-orch private ip ++ set_fact: ++ api_server_host: "{{ ansible_eth0.ipv4.address }}" ++ orchestrator_host: "{{ ansible_eth0.ipv4.address }}" ++ cred_store_server_host: "{{ ansible_eth0.ipv4.address }}" ++ ++ ++- name: Copy Airavata server properties file ++ template: src=airavata-server.properties.j2 ++ dest="{{ api_orch_dir }}/{{ airavata_dist }}/bin/airavata-server.properties" ++ owner={{ user }} ++ group={{ group }} ++ mode="u=rw,g=r,o=r" ++ ++- name: Copy Gfac configuration file ++ template: src=gfac-config.yaml.j2 ++ dest="{{ api_orch_dir }}/{{ airavata_dist }}/bin/gfac-config.yaml" ++ owner={{ user }} ++ group={{ group }} ++ mode="u=rw,g=r,o=r" ++ ++- name: Copy Mysql jar to lib ++ copy: src={{ mysql_connector_jar }} ++ dest="{{ api_orch_dir }}/{{ airavata_dist }}/lib/{{ mysql_connector_jar }}" ++ owner={{ user }} ++ group={{ group }} ++ ++- name: Open firwall ports ++ firewalld: port={{ item }} zone=public permanent=true state=enabled immediate=yes ++ with_items: ++ - "{{ api_server_port }}/tcp" ++ - "{{ orchestrator_port }}/tcp" ++ - "{{ cred_store_port }}/tcp" ++ become_user: root ++ ++- name: stop api-orch ++ command: ./bin/airavata-server-stop.sh -f ++ chdir="{{ api_orch_dir }}/{{ airavata_dist }}/" ++ removes="{{ api_orch_dir }}/{{ airavata_dist }}/bin/server_start_*" ++ ++- name: start api-orch ++ command: ./bin/airavata-server-start.sh api-orch -d ++ chdir="{{ api_orch_dir }}/{{ airavata_dist }}/" ++ creates="{{ api_orch_dir }}/{{ airavata_dist }}/bin/server_start_*" ++ ++... http://git-wip-us.apache.org/repos/asf/airavata/blob/514567c8/dev-tools/ansible/roles/api-orch/templates/airavata-server.properties.j2 ---------------------------------------------------------------------- diff --cc dev-tools/ansible/roles/api-orch/templates/airavata-server.properties.j2 index 0000000,0000000..b8d093e new file mode 100644 --- /dev/null +++ b/dev-tools/ansible/roles/api-orch/templates/airavata-server.properties.j2 @@@ -1,0 -1,0 +1,281 @@@ ++# ++# ++# Licensed to the Apache Software Foundation (ASF) under one ++# or more contributor license agreements. See the NOTICE file ++# distributed with this work for additional information ++# regarding copyright ownership. The ASF licenses this file ++# to you under the Apache License, Version 2.0 (the ++# "License"); you may not use this file except in compliance ++# with the License. You may obtain a copy of the License at ++# ++# http://www.apache.org/licenses/LICENSE-2.0 ++# ++# Unless required by applicable law or agreed to in writing, ++# software distributed under the License is distributed on an ++# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY ++# KIND, either express or implied. See the License for the ++# specific language governing permissions and limitations ++# under the License. ++# ++ ++########################################################################### ++# ++# This properties file provides configuration for all Airavata Services: ++# API Server, Registry, Workflow Interpreter, GFac, Orchestrator ++# ++########################################################################### ++ ++########################################################################### ++# API Server Registry Configuration ++########################################################################### ++ ++#for derby [AiravataJPARegistry] ++#registry.jdbc.driver=org.apache.derby.jdbc.ClientDriver ++#registry.jdbc.url=jdbc:derby://localhost:1527/experiment_catalog;create=true;user=airavata;password=airavata ++# MySql database configuration ++registry.jdbc.driver=com.mysql.jdbc.Driver ++registry.jdbc.url=jdbc:mysql://{{ db_server }}:{{ db_server_port }}/{{ exp_catalog }} ++registry.jdbc.user={{ db_user }} ++registry.jdbc.password={{ db_password }} ++#FIXME: Probably the following property should be removed. ++start.derby.server.mode=false ++validationQuery=SELECT 1 from CONFIGURATION ++cache.enable=false ++jpa.cache.size=-1 ++#jpa.connection.properties=MaxActive=10,MaxIdle=5,MinIdle=2,MaxWait=60000,testWhileIdle=true,testOnBorrow=true ++enable.sharing={{enable_sharing}} ++ ++# Properties for default user mode ++default.registry.user=admin ++default.registry.password=admin ++default.registry.password.hash.method=SHA ++default.registry.gateway={{ default_gateway }} ++ ++########################################################################### ++# Application Catalog DB Configuration ++########################################################################### ++#for derby [AiravataJPARegistry] ++#appcatalog.jdbc.driver=org.apache.derby.jdbc.ClientDriver ++#appcatalog.jdbc.url=jdbc:derby://localhost:1527/app_catalog;create=true;user=airavata;password=airavata ++# MySql database configuration ++appcatalog.jdbc.driver=com.mysql.jdbc.Driver ++appcatalog.jdbc.url=jdbc:mysql://{{ db_server }}:3306/{{ app_catalog }} ++appcatalog.jdbc.user={{ db_user }} ++appcatalog.jdbc.password={{ db_password }} ++appcatalog.validationQuery=SELECT 1 from CONFIGURATION ++ ++########################################################################## ++# Replica Catalog DB Configuration ++########################################################################### ++#for derby [AiravataJPARegistry] ++#replicacatalog.jdbc.driver=org.apache.derby.jdbc.ClientDriver ++#replicacatalog.jdbc.url=jdbc:derby://localhost:1527/replica_catalog;create=true;user=airavata;password=airavata ++# MySql database configuration ++replicacatalog.jdbc.driver=com.mysql.jdbc.Driver ++replicacatalog.jdbc.url=jdbc:mysql://{{ db_server }}:3306/{{ replica_catalog }} ++replicacatalog.jdbc.user={{ db_user }} ++replicacatalog.jdbc.password={{ db_password }} ++replicacatalog.validationQuery=SELECT 1 from CONFIGURATION ++ ++########################################################################### ++# Workflow Catalog DB Configuration ++########################################################################### ++#for derby [AiravataJPARegistry] ++#workflowcatalog.jdbc.driver=org.apache.derby.jdbc.ClientDriver ++#workflowcatalog.jdbc.url=jdbc:derby://localhost:1527/workflow_catalog;create=true;user=airavata;password=airavata ++# MySql database configuration ++workflowcatalog.jdbc.driver=com.mysql.jdbc.Driver ++workflowcatalog.jdbc.url=jdbc:mysql://{{ db_server }}:3306/{{ replica_catalog }} ++workflowcatalog.jdbc.user={{ db_user }} ++workflowcatalog.jdbc.password={{ db_password }} ++workflowcatalog.validationQuery=SELECT 1 from CONFIGURATION ++ ++########################################################################### ++# User Profile MongoDB Configuration ++########################################################################### ++userprofile.mongodb.host=localhost ++userprofile.mongodb.port=27017 ++ ++ ++########################################################################### ++# Server module Configuration ++########################################################################### ++#credential store server should be started before API server ++#This is obsolete property with new script files. ++#servers=credentialstore,apiserver,orchestrator ++ ++ ++########################################################################### ++# API Server Configurations ++########################################################################### ++apiserver=org.apache.airavata.api.server.AiravataAPIServer ++apiserver.name={{ api_server_name }} ++apiserver.host={{ api_server_host }} ++apiserver.port={{ api_server_port }} ++apiserver.min.threads=50 ++ ++########################################################################### ++# Orchestrator Server Configurations ++########################################################################### ++orchestrator=org.apache.airavata.orchestrator.server.OrchestratorServer ++orchestrator.server.name={{ orchestrator_name }} ++orchestrator.server.host={{ orchestrator_host }} ++orchestrator.server.port={{ orchestrator_port }} ++orchestrator.server.min.threads=50 ++job.validators=org.apache.airavata.orchestrator.core.validator.impl.BatchQueueValidator,org.apache.airavata.orchestrator.core.validator.impl.ExperimentStatusValidator ++submitter.interval=10000 ++threadpool.size=10 ++start.submitter=true ++embedded.mode=true ++enable.validation=true ++ ++########################################################################### ++# Registry Server Configurations ++########################################################################### ++regserver=org.apache.airavata.registry.api.service.RegistryAPIServer ++regserver.server.name={{registry_name}} ++regserver.server.host={{registry_host}} ++regserver.server.port={{registry_port}} ++regserver.server.min.threads=50 ++ ++########################################################################### ++# GFac Server Configurations ++########################################################################### ++gfac=org.apache.airavata.gfac.server.GfacServer ++gfac.server.name={{ gfac_name }} ++gfac.server.host={{ gfac_host }} ++gfac.server.port={{ gfac_port }} ++gfac.thread.pool.size=50 ++host.scheduler=org.apache.airavata.gfac.impl.DefaultHostScheduler ++ ++ ++ ++########################################################################### ++# Airavata Workflow Interpreter Configurations ++########################################################################### ++workflowserver=org.apache.airavata.api.server.WorkflowServer ++enactment.thread.pool.size=10 ++ ++#to define custom workflow parser user following property ++#workflow.parser=org.apache.airavata.workflow.core.parser.AiravataWorkflowBuilder ++ ++ ++ ++########################################################################### ++# Job Scheduler can send informative email messages to you about the status of your job. ++# Specify a string which consists of either the single character "n" (no mail), or one or more ++# of the characters "a" (send mail when job is aborted), "b" (send mail when job begins), ++# and "e" (send mail when job terminates). The default is "a" if not specified. ++########################################################################### ++ ++job.notification.enable=true ++#Provide comma separated email ids as a string if more than one ++job.notification.emailids= ++job.notification.flags=abe ++ ++########################################################################### ++# Credential Store module Configuration ++########################################################################### ++credential.store.keystore.url={{ keystores_location }}/{{ cred_keystore }} ++credential.store.keystore.alias={{ cred_keystore_alias }} ++credential.store.keystore.password={{ cred_keystore_passwd }} ++credential.store.jdbc.url=jdbc:mysql://{{ db_server }}:3306/{{ credential_store }} ++credential.store.jdbc.user={{ db_user }} ++credential.store.jdbc.password={{ db_password }} ++credential.store.jdbc.driver=com.mysql.jdbc.Driver ++credential.store.server.host={{ cred_store_server_host }} ++credential.store.server.port={{ cred_store_port }} ++credentialstore=org.apache.airavata.credential.store.server.CredentialStoreServer ++credential.stroe.jdbc.validationQuery=SELECT 1 from CONFIGURATION ++ ++# these properties used by credential store email notifications ++email.server=smtp.googlemail.com ++email.server.port=465 ++email.user=airavata ++email.password=xxx ++email.ssl=true [email protected] ++ ++# SSH PKI key pair or ssh password can be used SSH based sshKeyAuthentication is used. ++# if user specify both password sshKeyAuthentication gets the higher preference ++ ++################# ---------- For ssh key pair sshKeyAuthentication ------------------- ################ ++#ssh.public.key=/path to public key for ssh ++#ssh.private.key=/path to private key file for ssh ++#ssh.keypass=passphrase for the private key ++#ssh.username=username for ssh connection ++## If you set "yes" for ssh.strict.hostKey.checking, then you must provide known hosts file path ++#ssh.strict.hostKey.checking=yes/no ++#ssh.known.hosts.file=/path to known hosts file ++### Incase of password sshKeyAuthentication. ++#ssh.password=Password for ssh connection ++ ++################ ---------- BES Properties ------------------- ############### ++#bes.ca.cert.path=<location>/certificates/cacert.pem ++#bes.ca.key.path=<location>/certificates/cakey.pem ++#bes.ca.key.pass=passphrase ++ ++########################################################################### ++# Monitoring module Configuration ++########################################################################### ++ ++#This will be the primary monitoring tool which runs in airavata, in future there will be multiple monitoring ++#mechanisms and one would be able to start a monitor ++monitors=org.apache.airavata.gfac.monitor.impl.pull.qstat.QstatMonitor,org.apache.airavata.gfac.monitor.impl.LocalJobMonitor ++ ++#These properties will used to enable email base monitoring ++email.based.monitor.host=imap.gmail.com ++email.based.monitor.address={{ monitor_email_address }} ++email.based.monitor.password={{ monitor_email_password }} ++email.based.monitor.folder.name=INBOX ++# either imaps or pop3 ++email.based.monitor.store.protocol=imaps ++#These property will be used to query the email server periodically. value in milliseconds(ms). ++email.based.monitoring.period=10000 ++ ++########################################################################### ++# AMQP Notification Configuration ++########################################################################### ++#for simple scenarios we can use the guest user ++#rabbitmq.broker.url=amqp://localhost:5672 ++#for production scenarios, give url as amqp://userName:password@hostName:portNumber/virtualHost, create user, virtualhost ++# and give permissions, refer: http://blog.dtzq.com/2012/06/rabbitmq-users-and-virtual-hosts.html ++rabbitmq.broker.url={{ rabbitmq_broker_url }} ++rabbitmq.status.exchange.name=status_exchange ++rabbitmq.process.exchange.name=process_exchange ++rabbitmq.experiment.exchange.name=experiment_exchange ++durable.queue=false ++prefetch.count=200 ++process.launch.queue.name=process.launch.queue ++experiment.launch..queue.name=experiment.launch.queue ++ ++########################################################################### ++# Zookeeper Server Configuration ++########################################################################### ++embedded.zk=false ++zookeeper.server.connection={{ zookeeper_url }} ++zookeeper.timeout=30000 ++ ++######################################################################## ++## API Security Configuration ++######################################################################## ++api.secured={{ api_secured }} ++security.manager.class=org.apache.airavata.api.server.security.DefaultAiravataSecurityManager ++### TLS related configuration #### ++TLS.enabled={{ tls_enable }} ++TLS.api.server.port={{ api_server_tls_port }} ++TLS.client.timeout=10000 ++#### keystore configuration #### ++keystore.path={{ keystores_location }}/{{ keystore }} ++keystore.password={{ keystore_passwd }} ++#### trust store configuration #### ++trust.store={{ keystores_location }}/{{ client_truststore }} ++trust.store.password=airavata ++#### remote authorization server url #### ++remote.oauth.authorization.server=https://idp.scigap.org:9443/services/ ++#### xacml based authorization policy #### ++authorization.policy=airavata-default-xacml-policy ++#### authorization cache related configuration #### ++authz.cache.enabled=true ++authz.cache.manager.class=org.apache.airavata.api.server.security.authzcache.DefaultAuthzCacheManager ++in.memory.cache.size=1000 http://git-wip-us.apache.org/repos/asf/airavata/blob/514567c8/dev-tools/ansible/roles/api-orch/templates/gfac-config.yaml.j2 ---------------------------------------------------------------------- diff --cc dev-tools/ansible/roles/api-orch/templates/gfac-config.yaml.j2 index 0000000,0000000..3df5832 new file mode 100644 --- /dev/null +++ b/dev-tools/ansible/roles/api-orch/templates/gfac-config.yaml.j2 @@@ -1,0 -1,0 +1,111 @@@ ++################################################################## ++# Licensed to the Apache Software Foundation (ASF) under one ++# or more contributor license agreements. See the NOTICE file ++# distributed with this work for additional information ++# regarding copyright ownership. The ASF licenses this file ++# to you under the Apache License, Version 2.0 (the ++# "License"); you may not use this file except in compliance ++# with the License. You may obtain a copy of the License at ++# ++# http://www.apache.org/licenses/LICENSE-2.0 ++# ++# Unless required by applicable law or agreed to in writing, ++# software distributed under the License is distributed on an ++# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY ++# KIND, either express or implied. See the License for the ++# specific language governing permissions and limitations ++# under the License. ++# ++################################################################ ++ ++jobSubmitters: ++ - submissionProtocol: SSH ++ taskClass: org.apache.airavata.gfac.impl.task.DefaultJobSubmissionTask ++# properties: ++# - userName: airavata ++# passPhrase: airavata ++# privateKey: /path/to/the/privatekey ++# publicKey: /path/to/the/publickey ++# hostName: remote.client.hostName ++ ++ - submissionProtocol: SSH_FORK ++ taskClass: org.apache.airavata.gfac.impl.task.ForkJobSubmissionTask ++ ++ - submissionProtocol: LOCAL ++ taskClass: org.apache.airavata.gfac.impl.task.DefaultJobSubmissionTask ++ ++# Following job subbmitters are not yet implemented. ++ ++ # - submissionProtocol: GSISSH ++ # taskClass: org.apache.airavata.task.adapters.GSISSHJobSubmissionTask ++commonTasks: ++ - type: SETUP ++ taskClass: org.apache.airavata.task.common.SetupTask ++ ++ - type: CLEANUP ++ taskClass: org.apache.airavata.task.common.CleanupTask ++ ++fileTransferTasks: ++# - transferProtocol: SCP ++# taskClass: org.apache.airavata.gfac.impl.task.DataStageTask ++ ++# If your client doen't run the same instance where airavata server is running then you need to comment above ++# DataStageTask and uncomment SCPDataStageTask. To work with SCPDataStageTask, you either need to ++# provide ssh keys or password. ++ ++ - transferProtocol: SCP ++ taskClass: org.apache.airavata.gfac.impl.task.SCPDataStageTask ++ properties: ++ - userName: root ++ passPhrase: ultrascan ++ privateKeyPath: /home/airavata/.ssh/id_rsa ++ publicKeyPath: /home/airavata/.ssh/id_rsa.pub ++ hostName: gw75.iu.xsede.org ++ inputPath: /var/www/portal/experimentData/ ++# password: password ++ ++# Following transfer tasks are not yet implemented. ++ #- transferProtocol: SFTP ++ # taskClass: org.apache.airavata.task.adapters.SFTPFileTransferTask ++ ++ #- transferProtocol: GRIDFTP ++ # taskClass: org.apache.airavata.task.adapters.GRIDFTPFileTransferTask ++ ++ #- transferProtocol: LOCAL ++ # taskClass: org.apache.airavata.task.adapters.LocalFileTransferTask ++ ++resources: ++ - jobManagerType: PBS ++ commandOutputParser: org.apache.airavata.gfac.impl.job.PBSOutputParser ++ emailParser: org.apache.airavata.gfac.monitor.email.parser.PBSEmailParser ++ resourceEmailAddresses: ++ - [email protected] # gordon ++ - [email protected] # Bigred2 ++ - root <[email protected]> # Bigred2 ++ - root <[email protected]> # alamo ++ - root <[email protected]> #karst ++ ++ - jobManagerType: SLURM ++ commandOutputParser: org.apache.airavata.gfac.impl.job.SlurmOutputParser ++ emailParser: org.apache.airavata.gfac.monitor.email.parser.SLURMEmailParser ++ resourceEmailAddresses: ++ - SDSC Admin <[email protected]> # comet ++ - [email protected] # stampede ++ - SDSC Admin <[email protected]> # comet new ++ - Slurm <[email protected]> # bridges ++ - Slurm Daemon <[email protected]> # OU Schooner ++ ++ - jobManagerType: UGE ++ commandOutputParser: org.apache.airavata.gfac.impl.job.UGEOutputParser ++ emailParser: org.apache.airavata.gfac.monitor.email.parser.UGEEmailParser ++ resourceEmailAddresses: ++ - ls4.tacc.utexas.edu # contain Lonestar ++ ++ - jobManagerType: LSF ++ commandOutputParser: org.apache.airavata.gfac.impl.job.LSFOutputParser ++ emailParser: org.apache.airavata.gfac.monitor.email.parser.LSFEmailParser ++ resourceEmailAddresses: ++ - iu.xsede.edu # test resource mail address ++ ++ - jobManagerType: FORK ++ commandOutputParser: org.apache.airavata.gfac.impl.job.ForkOutputParser http://git-wip-us.apache.org/repos/asf/airavata/blob/514567c8/dev-tools/ansible/roles/common/files/airavata.jks ---------------------------------------------------------------------- diff --cc dev-tools/ansible/roles/common/files/airavata.jks index 0000000,0000000..685cc00 new file mode 100644 Binary files differ http://git-wip-us.apache.org/repos/asf/airavata/blob/514567c8/dev-tools/ansible/roles/common/files/airavata_sym.jks ---------------------------------------------------------------------- diff --cc dev-tools/ansible/roles/common/files/airavata_sym.jks index 0000000,0000000..3dd27d6 new file mode 100644 Binary files differ http://git-wip-us.apache.org/repos/asf/airavata/blob/514567c8/dev-tools/ansible/roles/common/tasks/main.yml ---------------------------------------------------------------------- diff --cc dev-tools/ansible/roles/common/tasks/main.yml index 0000000,0000000..eac1a60 new file mode 100644 --- /dev/null +++ b/dev-tools/ansible/roles/common/tasks/main.yml @@@ -1,0 -1,0 +1,55 @@@ ++--- ++- name: Install Airavata pre-requireties ++ yum: name={{ item }} state=latest update_cache=yes ++ with_items: ++ - git ++ - maven ++ become_user: root ++ ++# Setup airavata source ++- name: Create deployment directory {{ deployment_dir }} ++ file: path={{ deployment_dir }} state=directory mode=0755 ++ ++- name: Create source directory ++ file: path={{airavata_source_dir}} ++ state=directory ++ mode=0755 ++ owner={{ user }} ++ group={{ group }} ++ ++- name: git checkout from airavata github ++ git: repo=https://git-wip-us.apache.org/repos/asf/airavata.git ++ dest="{{ airavata_source_dir }}" ++ version="{{ git_branch }}" ++ register: checkout ++ tags: update ++ ++- name: Run maven build ++ command: mvn clean install -Dmaven.test.skip=true chdir="{{ airavata_source_dir }}/" ++ environment: ++ MAVEN_OPTS: "-Xmx2048m" ++ register: build ++ tags: update ++ # when: (checkout|success) and (checkout.changed == true) ++ ++################################################################################ ++# copy key store and trust store files ++- name: Create KeyStores directory ++ file: path={{ keystores_location }} ++ state=directory ++ owner={{ user }} group={{ group }} ++ ++- name: Transfer airavata.jks KeyStore file ++ copy: src={{ keystore }} ++ dest="{{ keystores_location }}/{{ keystore }}" ++ owner={{ user }} group={{ group }} ++ ++- name: Transfer airavata_sym.jks KeyStore file ++ copy: src={{ cred_keystore }} ++ dest="{{ keystores_location }}/{{ cred_keystore }}" ++ owner={{ user }} group={{ group }} ++ ++- name: Transfer client trust store KeyStore file ++ copy: src={{ client_truststore }} ++ dest="{{ keystores_location }}/{{ client_truststore }}" ++ owner={{ user }} group={{ group }} http://git-wip-us.apache.org/repos/asf/airavata/blob/514567c8/dev-tools/ansible/roles/common/vars/main.yml ---------------------------------------------------------------------- diff --cc dev-tools/ansible/roles/common/vars/main.yml index 0000000,0000000..e2d93e7 new file mode 100644 --- /dev/null +++ b/dev-tools/ansible/roles/common/vars/main.yml @@@ -1,0 -1,0 +1,4 @@@ ++--- ++# Common variables ++ ++... http://git-wip-us.apache.org/repos/asf/airavata/blob/514567c8/dev-tools/ansible/roles/database/handlers/main.yml ---------------------------------------------------------------------- diff --cc dev-tools/ansible/roles/database/handlers/main.yml index 0000000,0000000..1906365 new file mode 100644 --- /dev/null +++ b/dev-tools/ansible/roles/database/handlers/main.yml @@@ -1,0 -1,0 +1,14 @@@ ++--- ++- name: start mariadb ++ service: name=mariadb state=started enabled=yes ++ become: yes ++ ++- name: stop mariadb ++ service: name=mariadb state=stopped ++ become: yes ++ ++- name: restart mariadb ++ service: name=mariadb state=restarted enabled=yes ++ become: yes ++ ++... http://git-wip-us.apache.org/repos/asf/airavata/blob/514567c8/dev-tools/ansible/roles/database/tasks/main.yml ---------------------------------------------------------------------- diff --cc dev-tools/ansible/roles/database/tasks/main.yml index 0000000,0000000..17e5b0d new file mode 100644 --- /dev/null +++ b/dev-tools/ansible/roles/database/tasks/main.yml @@@ -1,0 -1,0 +1,60 @@@ ++--- ++# - name: yum update ++# yum: name=* state=latest ++ ++# Install Mysql ++- name: install epel release ++ yum: name=epel-release state=present ++ become_user: root ++ ++- name: install pip ++ yum: name=python-pip state=latest update_cache=yes ++ become_user: root ++ ++- name: install pexpect ++ pip: name=pexpect ++ become_user: root ++ ++# - name: Adds Python MySQL support on Debian/Ubuntu ++# apt: pkg="python-mysqldb" state=present ++# when: ansible_os_family == 'Debian' ++ ++- name: Adds Python MySQL support on RedHat/CentOS ++ yum: name=MySQL-python state=present ++ become_user: root ++ # when: ansible_os_family == 'RedHat' ++ ++- name: install mariadb ++ yum: name="{{ item }}" state=latest update_cache=yes ++ with_items: "{{ mysql_packages }}" ++ become_user: root ++ ++- name: start mariadb ++ service: name=mariadb state=started enabled=yes ++ become_user: root ++ ++- include: secure_install.yml ++ ++- name: create databases ++ mysql_db: name="{{ item }}" state=present ++ with_items: ++ - "{{ mysql_databases }}" ++ ++- name: give access to {{ db_user }} from remote ++ mysql_user: name="{{ db_user }}" password="{{ db_password }}" host="{{ item }}" ++ with_items: ++ - "{{ groups['api-orch'] }}" ++ - "{{ groups['gfac'] }}" ++ - "{{ groups['registry'] }}" ++ ++- name: create new user {{ db_user }} with all privilege ++ mysql_user: name="{{ db_user }}" ++ password="{{ db_password }}" ++ append_privs=yes ++ host_all=yes ++ priv=*.*:ALL,GRANT state=present ++ ++- name: open firewall port {{ db_server_port }} ++ firewalld: port="{{ db_server_port }}/tcp" ++ zone=public permanent=true state=enabled immediate=yes ++ become_user: root http://git-wip-us.apache.org/repos/asf/airavata/blob/514567c8/dev-tools/ansible/roles/database/tasks/secure_install.yml ---------------------------------------------------------------------- diff --cc dev-tools/ansible/roles/database/tasks/secure_install.yml index 0000000,0000000..a747419 new file mode 100644 --- /dev/null +++ b/dev-tools/ansible/roles/database/tasks/secure_install.yml @@@ -1,0 -1,0 +1,23 @@@ ++--- ++# This is ansible equivalent for mysql_secure_installation ++- name: Sets the root password ++ mysql_user: user=root ++ password="{{ mysql_root_password }}" ++ host=localhost ++ login_user=root ++ # login_password="{{ mysql_root_password }}" ++ ++- name: Copy .my.cnf file ++ template: src=my.cnf.j2 dest="{{ user_home }}/.my.cnf" ++ # become: yes ++ ++- name: Removes all anonymous user accounts ++ mysql_user: name='' host_all=yes state=absent ++ ++- name: Secures the MySQL root user for all hosts ++ mysql_user: user=root password="{{ mysql_root_password }}" host_all=yes ++ ++- name: Removes the MySQL test database ++ mysql_db: db=test state=absent ++ ++... http://git-wip-us.apache.org/repos/asf/airavata/blob/514567c8/dev-tools/ansible/roles/database/templates/my.cnf.j2 ---------------------------------------------------------------------- diff --cc dev-tools/ansible/roles/database/templates/my.cnf.j2 index 0000000,0000000..ebe5b5b new file mode 100644 --- /dev/null +++ b/dev-tools/ansible/roles/database/templates/my.cnf.j2 @@@ -1,0 -1,0 +1,4 @@@ ++# Example .my.cnf file for setting the root password ++[client] ++user=root ++password="{{ mysql_root_password }}" http://git-wip-us.apache.org/repos/asf/airavata/blob/514567c8/dev-tools/ansible/roles/database/vars/main.yml ---------------------------------------------------------------------- diff --cc dev-tools/ansible/roles/database/vars/main.yml index 0000000,0000000..1f37424 new file mode 100644 --- /dev/null +++ b/dev-tools/ansible/roles/database/vars/main.yml @@@ -1,0 -1,0 +1,21 @@@ ++--- ++mysql_packages: ++ - mariadb-server ++ - mariadb ++mysql_root_password: "admin" ++ ++mysql_databases: ++ - "{{ app_catalog }}" ++ - "{{ exp_catalog }}" ++ - "{{ replica_catalog }}" ++ - "{{ workflow_catalog }}" ++ - "{{ credential_store }}" ++ ++mysql_privs: ++ - "{{ app_catalog }}.*:ALL" ++ - "{{ exp_catalog }}.*:ALL" ++ - "{{ replica_catalog }}.*:ALL" ++ - "{{ workflow_catalog }}.*:ALL" ++ - "{{ credential_store }}.*:ALL" ++ ++... http://git-wip-us.apache.org/repos/asf/airavata/blob/514567c8/dev-tools/ansible/roles/env_setup/tasks/main.yml ---------------------------------------------------------------------- diff --cc dev-tools/ansible/roles/env_setup/tasks/main.yml index 0000000,0000000..a3ecb8c new file mode 100644 --- /dev/null +++ b/dev-tools/ansible/roles/env_setup/tasks/main.yml @@@ -1,0 -1,0 +1,28 @@@ ++--- ++#Tasks file can include smaller files if wanted ++#All commons tasks goes here ++- name: Create a new user group "{{ group }}" ++ group: name={{ group }} ++ become: yes ++ ++- name: Create a new user "{{ user }}" ++ user: name={{ user }} group={{ group }} ++ become: yes ++ ++- name: Install Firewalld ++ yum: name=firewalld state=latest update_cache=yes ++ become: yes ++ ++ # TODO: stop iptables service, can't have both iptables and firewalld on same host ++ # if we try to stop non existing service ansible fails. ++# - name: Stop iptables, ip6tables services ++# service: name="{{ item }}" state=stopped ++# with_items: ++# - iptables ++# - ip6tables ++ ++- name: Start firewalld service ++ service: name=firewalld state=started ++ become: yes ++ ++... http://git-wip-us.apache.org/repos/asf/airavata/blob/514567c8/dev-tools/ansible/roles/env_setup/tasks/redhat.yml ---------------------------------------------------------------------- diff --cc dev-tools/ansible/roles/env_setup/tasks/redhat.yml index 0000000,0000000..a0e56c7 new file mode 100644 --- /dev/null +++ b/dev-tools/ansible/roles/env_setup/tasks/redhat.yml @@@ -1,0 -1,0 +1,12 @@@ ++--- ++- name: Install git latest version ++ yum: name=git state=latest update_cache=yes ++# become: true ++# become_user: airavata ++ tags: env_setup ++ ++- name: Install maven latest version ++ yum: name=maven state=latest update_cache=yes ++ tags: env_setup ++ ++... http://git-wip-us.apache.org/repos/asf/airavata/blob/514567c8/dev-tools/ansible/roles/gfac/files/mysql-connector-java-5.1.37-bin.jar ---------------------------------------------------------------------- diff --cc dev-tools/ansible/roles/gfac/files/mysql-connector-java-5.1.37-bin.jar index 0000000,0000000..465af67 new file mode 100644 Binary files differ http://git-wip-us.apache.org/repos/asf/airavata/blob/514567c8/dev-tools/ansible/roles/gfac/handlers/main.yml ---------------------------------------------------------------------- diff --cc dev-tools/ansible/roles/gfac/handlers/main.yml index 0000000,0000000..b3d85a9 new file mode 100644 --- /dev/null +++ b/dev-tools/ansible/roles/gfac/handlers/main.yml @@@ -1,0 -1,0 +1,8 @@@ ++--- ++ ++# Gfac related handlers ++- name: start gfac ++ command: ./bin/airavata-server-start.sh gfac -d chdir="{{ gfac_dir }}/{{ airavata_dist }}/" creates="{{ gfac_dir }}/{{ airavata_dist }}/bin/server_start_*" ++ ++- name: stop gfac ++ command: ./bin/airavata-server-stop.sh -f chdir="{{ gfac_dir }}/{{ airavata_dist }}/" removes="{{ gfac_dir }}/{{ airavata_dist }}/bin/server_start_*" http://git-wip-us.apache.org/repos/asf/airavata/blob/514567c8/dev-tools/ansible/roles/gfac/tasks/main.yml ---------------------------------------------------------------------- diff --cc dev-tools/ansible/roles/gfac/tasks/main.yml index 0000000,0000000..30874e6 new file mode 100644 --- /dev/null +++ b/dev-tools/ansible/roles/gfac/tasks/main.yml @@@ -1,0 -1,0 +1,67 @@@ ++--- ++ ++################################################################################ ++# gfac deployments ++- name: Create Gfac deployment directory ++ file: path="{{ gfac_dir }}" state=directory owner={{ user }} group={{ group }} ++ when: build|success ++ ++- name: Check previous deployments ++ stat: path="{{ gfac_dir }}/{{ airavata_dist }}" get_md5=no get_checksum=no ++ register: check ++ ++- name: stop gfac ++ command: ./bin/airavata-server-stop.sh -f ++ chdir="{{ gfac_dir }}/{{ airavata_dist }}/" ++ removes="{{ gfac_dir }}/{{ airavata_dist }}/bin/server_start_*" ++ when: check.stat.exists == True ++ ++- name: Delete previous deployments ++ file: path="{{ gfac_dir }}/{{ airavata_dist }}" state=absent ++ ++- name: Copy distribution to gfac deployment directory ++ unarchive: src="{{ airavata_source_dir }}/modules/distribution/target/{{ airavata_dist_name }}" ++ dest="{{ gfac_dir }}/" ++ copy=no ++ ++- name: set gfac private ip ++ set_fact: ++ gfac_host: "{{ ansible_eth0.ipv4.address }}" ++ ++- name: Copy Airavata server properties file ++ template: src=airavata-server.properties.j2 ++ dest="{{ gfac_dir }}/{{ airavata_dist }}/bin/airavata-server.properties" ++ owner={{ user }} ++ group={{ group }} ++ mode="u=rw,g=r,o=r" ++ ++- name: Copy Gfac configuration file ++ template: src=gfac-config.yaml.j2 ++ dest="{{ gfac_dir }}/{{ airavata_dist }}/bin/gfac-config.yaml" ++ owner={{ user }} ++ group={{ group }} ++ mode="u=rw,g=r,o=r" ++ ++- name: Copy Mysql jar to lib ++ copy: src="{{ mysql_connector_jar }}" ++ dest="{{ gfac_dir }}/{{ airavata_dist }}/lib/{{ mysql_connector_jar }}" ++ owner={{ user }} ++ group={{ group }} ++ ++ ++- name: Open firwall ports ++ firewalld: port="{{ gfac_port }}/tcp" zone=public permanent=true state=enabled immediate=yes ++ become_user: root ++ ++- name: stop gfac ++ command: ./bin/airavata-server-stop.sh -f ++ chdir="{{ gfac_dir }}/{{ airavata_dist }}/" ++ removes="{{ gfac_dir }}/{{ airavata_dist }}/bin/server_start_*" ++ ++- name: start gfac ++ command: ./bin/airavata-server-start.sh gfac -d ++ chdir="{{ gfac_dir }}/{{ airavata_dist }}/" ++ creates="{{ gfac_dir }}/{{ airavata_dist }}/bin/server_start_*" ++ ++ ++... http://git-wip-us.apache.org/repos/asf/airavata/blob/514567c8/dev-tools/ansible/roles/gfac/templates/airavata-server.properties.j2 ---------------------------------------------------------------------- diff --cc dev-tools/ansible/roles/gfac/templates/airavata-server.properties.j2 index 0000000,0000000..b8d093e new file mode 100644 --- /dev/null +++ b/dev-tools/ansible/roles/gfac/templates/airavata-server.properties.j2 @@@ -1,0 -1,0 +1,281 @@@ ++# ++# ++# Licensed to the Apache Software Foundation (ASF) under one ++# or more contributor license agreements. See the NOTICE file ++# distributed with this work for additional information ++# regarding copyright ownership. The ASF licenses this file ++# to you under the Apache License, Version 2.0 (the ++# "License"); you may not use this file except in compliance ++# with the License. You may obtain a copy of the License at ++# ++# http://www.apache.org/licenses/LICENSE-2.0 ++# ++# Unless required by applicable law or agreed to in writing, ++# software distributed under the License is distributed on an ++# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY ++# KIND, either express or implied. See the License for the ++# specific language governing permissions and limitations ++# under the License. ++# ++ ++########################################################################### ++# ++# This properties file provides configuration for all Airavata Services: ++# API Server, Registry, Workflow Interpreter, GFac, Orchestrator ++# ++########################################################################### ++ ++########################################################################### ++# API Server Registry Configuration ++########################################################################### ++ ++#for derby [AiravataJPARegistry] ++#registry.jdbc.driver=org.apache.derby.jdbc.ClientDriver ++#registry.jdbc.url=jdbc:derby://localhost:1527/experiment_catalog;create=true;user=airavata;password=airavata ++# MySql database configuration ++registry.jdbc.driver=com.mysql.jdbc.Driver ++registry.jdbc.url=jdbc:mysql://{{ db_server }}:{{ db_server_port }}/{{ exp_catalog }} ++registry.jdbc.user={{ db_user }} ++registry.jdbc.password={{ db_password }} ++#FIXME: Probably the following property should be removed. ++start.derby.server.mode=false ++validationQuery=SELECT 1 from CONFIGURATION ++cache.enable=false ++jpa.cache.size=-1 ++#jpa.connection.properties=MaxActive=10,MaxIdle=5,MinIdle=2,MaxWait=60000,testWhileIdle=true,testOnBorrow=true ++enable.sharing={{enable_sharing}} ++ ++# Properties for default user mode ++default.registry.user=admin ++default.registry.password=admin ++default.registry.password.hash.method=SHA ++default.registry.gateway={{ default_gateway }} ++ ++########################################################################### ++# Application Catalog DB Configuration ++########################################################################### ++#for derby [AiravataJPARegistry] ++#appcatalog.jdbc.driver=org.apache.derby.jdbc.ClientDriver ++#appcatalog.jdbc.url=jdbc:derby://localhost:1527/app_catalog;create=true;user=airavata;password=airavata ++# MySql database configuration ++appcatalog.jdbc.driver=com.mysql.jdbc.Driver ++appcatalog.jdbc.url=jdbc:mysql://{{ db_server }}:3306/{{ app_catalog }} ++appcatalog.jdbc.user={{ db_user }} ++appcatalog.jdbc.password={{ db_password }} ++appcatalog.validationQuery=SELECT 1 from CONFIGURATION ++ ++########################################################################## ++# Replica Catalog DB Configuration ++########################################################################### ++#for derby [AiravataJPARegistry] ++#replicacatalog.jdbc.driver=org.apache.derby.jdbc.ClientDriver ++#replicacatalog.jdbc.url=jdbc:derby://localhost:1527/replica_catalog;create=true;user=airavata;password=airavata ++# MySql database configuration ++replicacatalog.jdbc.driver=com.mysql.jdbc.Driver ++replicacatalog.jdbc.url=jdbc:mysql://{{ db_server }}:3306/{{ replica_catalog }} ++replicacatalog.jdbc.user={{ db_user }} ++replicacatalog.jdbc.password={{ db_password }} ++replicacatalog.validationQuery=SELECT 1 from CONFIGURATION ++ ++########################################################################### ++# Workflow Catalog DB Configuration ++########################################################################### ++#for derby [AiravataJPARegistry] ++#workflowcatalog.jdbc.driver=org.apache.derby.jdbc.ClientDriver ++#workflowcatalog.jdbc.url=jdbc:derby://localhost:1527/workflow_catalog;create=true;user=airavata;password=airavata ++# MySql database configuration ++workflowcatalog.jdbc.driver=com.mysql.jdbc.Driver ++workflowcatalog.jdbc.url=jdbc:mysql://{{ db_server }}:3306/{{ replica_catalog }} ++workflowcatalog.jdbc.user={{ db_user }} ++workflowcatalog.jdbc.password={{ db_password }} ++workflowcatalog.validationQuery=SELECT 1 from CONFIGURATION ++ ++########################################################################### ++# User Profile MongoDB Configuration ++########################################################################### ++userprofile.mongodb.host=localhost ++userprofile.mongodb.port=27017 ++ ++ ++########################################################################### ++# Server module Configuration ++########################################################################### ++#credential store server should be started before API server ++#This is obsolete property with new script files. ++#servers=credentialstore,apiserver,orchestrator ++ ++ ++########################################################################### ++# API Server Configurations ++########################################################################### ++apiserver=org.apache.airavata.api.server.AiravataAPIServer ++apiserver.name={{ api_server_name }} ++apiserver.host={{ api_server_host }} ++apiserver.port={{ api_server_port }} ++apiserver.min.threads=50 ++ ++########################################################################### ++# Orchestrator Server Configurations ++########################################################################### ++orchestrator=org.apache.airavata.orchestrator.server.OrchestratorServer ++orchestrator.server.name={{ orchestrator_name }} ++orchestrator.server.host={{ orchestrator_host }} ++orchestrator.server.port={{ orchestrator_port }} ++orchestrator.server.min.threads=50 ++job.validators=org.apache.airavata.orchestrator.core.validator.impl.BatchQueueValidator,org.apache.airavata.orchestrator.core.validator.impl.ExperimentStatusValidator ++submitter.interval=10000 ++threadpool.size=10 ++start.submitter=true ++embedded.mode=true ++enable.validation=true ++ ++########################################################################### ++# Registry Server Configurations ++########################################################################### ++regserver=org.apache.airavata.registry.api.service.RegistryAPIServer ++regserver.server.name={{registry_name}} ++regserver.server.host={{registry_host}} ++regserver.server.port={{registry_port}} ++regserver.server.min.threads=50 ++ ++########################################################################### ++# GFac Server Configurations ++########################################################################### ++gfac=org.apache.airavata.gfac.server.GfacServer ++gfac.server.name={{ gfac_name }} ++gfac.server.host={{ gfac_host }} ++gfac.server.port={{ gfac_port }} ++gfac.thread.pool.size=50 ++host.scheduler=org.apache.airavata.gfac.impl.DefaultHostScheduler ++ ++ ++ ++########################################################################### ++# Airavata Workflow Interpreter Configurations ++########################################################################### ++workflowserver=org.apache.airavata.api.server.WorkflowServer ++enactment.thread.pool.size=10 ++ ++#to define custom workflow parser user following property ++#workflow.parser=org.apache.airavata.workflow.core.parser.AiravataWorkflowBuilder ++ ++ ++ ++########################################################################### ++# Job Scheduler can send informative email messages to you about the status of your job. ++# Specify a string which consists of either the single character "n" (no mail), or one or more ++# of the characters "a" (send mail when job is aborted), "b" (send mail when job begins), ++# and "e" (send mail when job terminates). The default is "a" if not specified. ++########################################################################### ++ ++job.notification.enable=true ++#Provide comma separated email ids as a string if more than one ++job.notification.emailids= ++job.notification.flags=abe ++ ++########################################################################### ++# Credential Store module Configuration ++########################################################################### ++credential.store.keystore.url={{ keystores_location }}/{{ cred_keystore }} ++credential.store.keystore.alias={{ cred_keystore_alias }} ++credential.store.keystore.password={{ cred_keystore_passwd }} ++credential.store.jdbc.url=jdbc:mysql://{{ db_server }}:3306/{{ credential_store }} ++credential.store.jdbc.user={{ db_user }} ++credential.store.jdbc.password={{ db_password }} ++credential.store.jdbc.driver=com.mysql.jdbc.Driver ++credential.store.server.host={{ cred_store_server_host }} ++credential.store.server.port={{ cred_store_port }} ++credentialstore=org.apache.airavata.credential.store.server.CredentialStoreServer ++credential.stroe.jdbc.validationQuery=SELECT 1 from CONFIGURATION ++ ++# these properties used by credential store email notifications ++email.server=smtp.googlemail.com ++email.server.port=465 ++email.user=airavata ++email.password=xxx ++email.ssl=true [email protected] ++ ++# SSH PKI key pair or ssh password can be used SSH based sshKeyAuthentication is used. ++# if user specify both password sshKeyAuthentication gets the higher preference ++ ++################# ---------- For ssh key pair sshKeyAuthentication ------------------- ################ ++#ssh.public.key=/path to public key for ssh ++#ssh.private.key=/path to private key file for ssh ++#ssh.keypass=passphrase for the private key ++#ssh.username=username for ssh connection ++## If you set "yes" for ssh.strict.hostKey.checking, then you must provide known hosts file path ++#ssh.strict.hostKey.checking=yes/no ++#ssh.known.hosts.file=/path to known hosts file ++### Incase of password sshKeyAuthentication. ++#ssh.password=Password for ssh connection ++ ++################ ---------- BES Properties ------------------- ############### ++#bes.ca.cert.path=<location>/certificates/cacert.pem ++#bes.ca.key.path=<location>/certificates/cakey.pem ++#bes.ca.key.pass=passphrase ++ ++########################################################################### ++# Monitoring module Configuration ++########################################################################### ++ ++#This will be the primary monitoring tool which runs in airavata, in future there will be multiple monitoring ++#mechanisms and one would be able to start a monitor ++monitors=org.apache.airavata.gfac.monitor.impl.pull.qstat.QstatMonitor,org.apache.airavata.gfac.monitor.impl.LocalJobMonitor ++ ++#These properties will used to enable email base monitoring ++email.based.monitor.host=imap.gmail.com ++email.based.monitor.address={{ monitor_email_address }} ++email.based.monitor.password={{ monitor_email_password }} ++email.based.monitor.folder.name=INBOX ++# either imaps or pop3 ++email.based.monitor.store.protocol=imaps ++#These property will be used to query the email server periodically. value in milliseconds(ms). ++email.based.monitoring.period=10000 ++ ++########################################################################### ++# AMQP Notification Configuration ++########################################################################### ++#for simple scenarios we can use the guest user ++#rabbitmq.broker.url=amqp://localhost:5672 ++#for production scenarios, give url as amqp://userName:password@hostName:portNumber/virtualHost, create user, virtualhost ++# and give permissions, refer: http://blog.dtzq.com/2012/06/rabbitmq-users-and-virtual-hosts.html ++rabbitmq.broker.url={{ rabbitmq_broker_url }} ++rabbitmq.status.exchange.name=status_exchange ++rabbitmq.process.exchange.name=process_exchange ++rabbitmq.experiment.exchange.name=experiment_exchange ++durable.queue=false ++prefetch.count=200 ++process.launch.queue.name=process.launch.queue ++experiment.launch..queue.name=experiment.launch.queue ++ ++########################################################################### ++# Zookeeper Server Configuration ++########################################################################### ++embedded.zk=false ++zookeeper.server.connection={{ zookeeper_url }} ++zookeeper.timeout=30000 ++ ++######################################################################## ++## API Security Configuration ++######################################################################## ++api.secured={{ api_secured }} ++security.manager.class=org.apache.airavata.api.server.security.DefaultAiravataSecurityManager ++### TLS related configuration #### ++TLS.enabled={{ tls_enable }} ++TLS.api.server.port={{ api_server_tls_port }} ++TLS.client.timeout=10000 ++#### keystore configuration #### ++keystore.path={{ keystores_location }}/{{ keystore }} ++keystore.password={{ keystore_passwd }} ++#### trust store configuration #### ++trust.store={{ keystores_location }}/{{ client_truststore }} ++trust.store.password=airavata ++#### remote authorization server url #### ++remote.oauth.authorization.server=https://idp.scigap.org:9443/services/ ++#### xacml based authorization policy #### ++authorization.policy=airavata-default-xacml-policy ++#### authorization cache related configuration #### ++authz.cache.enabled=true ++authz.cache.manager.class=org.apache.airavata.api.server.security.authzcache.DefaultAuthzCacheManager ++in.memory.cache.size=1000 http://git-wip-us.apache.org/repos/asf/airavata/blob/514567c8/dev-tools/ansible/roles/gfac/templates/gfac-config.yaml.j2 ---------------------------------------------------------------------- diff --cc dev-tools/ansible/roles/gfac/templates/gfac-config.yaml.j2 index 0000000,0000000..3df5832 new file mode 100644 --- /dev/null +++ b/dev-tools/ansible/roles/gfac/templates/gfac-config.yaml.j2 @@@ -1,0 -1,0 +1,111 @@@ ++################################################################## ++# Licensed to the Apache Software Foundation (ASF) under one ++# or more contributor license agreements. See the NOTICE file ++# distributed with this work for additional information ++# regarding copyright ownership. The ASF licenses this file ++# to you under the Apache License, Version 2.0 (the ++# "License"); you may not use this file except in compliance ++# with the License. You may obtain a copy of the License at ++# ++# http://www.apache.org/licenses/LICENSE-2.0 ++# ++# Unless required by applicable law or agreed to in writing, ++# software distributed under the License is distributed on an ++# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY ++# KIND, either express or implied. See the License for the ++# specific language governing permissions and limitations ++# under the License. ++# ++################################################################ ++ ++jobSubmitters: ++ - submissionProtocol: SSH ++ taskClass: org.apache.airavata.gfac.impl.task.DefaultJobSubmissionTask ++# properties: ++# - userName: airavata ++# passPhrase: airavata ++# privateKey: /path/to/the/privatekey ++# publicKey: /path/to/the/publickey ++# hostName: remote.client.hostName ++ ++ - submissionProtocol: SSH_FORK ++ taskClass: org.apache.airavata.gfac.impl.task.ForkJobSubmissionTask ++ ++ - submissionProtocol: LOCAL ++ taskClass: org.apache.airavata.gfac.impl.task.DefaultJobSubmissionTask ++ ++# Following job subbmitters are not yet implemented. ++ ++ # - submissionProtocol: GSISSH ++ # taskClass: org.apache.airavata.task.adapters.GSISSHJobSubmissionTask ++commonTasks: ++ - type: SETUP ++ taskClass: org.apache.airavata.task.common.SetupTask ++ ++ - type: CLEANUP ++ taskClass: org.apache.airavata.task.common.CleanupTask ++ ++fileTransferTasks: ++# - transferProtocol: SCP ++# taskClass: org.apache.airavata.gfac.impl.task.DataStageTask ++ ++# If your client doen't run the same instance where airavata server is running then you need to comment above ++# DataStageTask and uncomment SCPDataStageTask. To work with SCPDataStageTask, you either need to ++# provide ssh keys or password. ++ ++ - transferProtocol: SCP ++ taskClass: org.apache.airavata.gfac.impl.task.SCPDataStageTask ++ properties: ++ - userName: root ++ passPhrase: ultrascan ++ privateKeyPath: /home/airavata/.ssh/id_rsa ++ publicKeyPath: /home/airavata/.ssh/id_rsa.pub ++ hostName: gw75.iu.xsede.org ++ inputPath: /var/www/portal/experimentData/ ++# password: password ++ ++# Following transfer tasks are not yet implemented. ++ #- transferProtocol: SFTP ++ # taskClass: org.apache.airavata.task.adapters.SFTPFileTransferTask ++ ++ #- transferProtocol: GRIDFTP ++ # taskClass: org.apache.airavata.task.adapters.GRIDFTPFileTransferTask ++ ++ #- transferProtocol: LOCAL ++ # taskClass: org.apache.airavata.task.adapters.LocalFileTransferTask ++ ++resources: ++ - jobManagerType: PBS ++ commandOutputParser: org.apache.airavata.gfac.impl.job.PBSOutputParser ++ emailParser: org.apache.airavata.gfac.monitor.email.parser.PBSEmailParser ++ resourceEmailAddresses: ++ - [email protected] # gordon ++ - [email protected] # Bigred2 ++ - root <[email protected]> # Bigred2 ++ - root <[email protected]> # alamo ++ - root <[email protected]> #karst ++ ++ - jobManagerType: SLURM ++ commandOutputParser: org.apache.airavata.gfac.impl.job.SlurmOutputParser ++ emailParser: org.apache.airavata.gfac.monitor.email.parser.SLURMEmailParser ++ resourceEmailAddresses: ++ - SDSC Admin <[email protected]> # comet ++ - [email protected] # stampede ++ - SDSC Admin <[email protected]> # comet new ++ - Slurm <[email protected]> # bridges ++ - Slurm Daemon <[email protected]> # OU Schooner ++ ++ - jobManagerType: UGE ++ commandOutputParser: org.apache.airavata.gfac.impl.job.UGEOutputParser ++ emailParser: org.apache.airavata.gfac.monitor.email.parser.UGEEmailParser ++ resourceEmailAddresses: ++ - ls4.tacc.utexas.edu # contain Lonestar ++ ++ - jobManagerType: LSF ++ commandOutputParser: org.apache.airavata.gfac.impl.job.LSFOutputParser ++ emailParser: org.apache.airavata.gfac.monitor.email.parser.LSFEmailParser ++ resourceEmailAddresses: ++ - iu.xsede.edu # test resource mail address ++ ++ - jobManagerType: FORK ++ commandOutputParser: org.apache.airavata.gfac.impl.job.ForkOutputParser http://git-wip-us.apache.org/repos/asf/airavata/blob/514567c8/dev-tools/ansible/roles/java/tasks/main.yml ---------------------------------------------------------------------- diff --cc dev-tools/ansible/roles/java/tasks/main.yml index 0000000,0000000..92f2039 new file mode 100644 --- /dev/null +++ b/dev-tools/ansible/roles/java/tasks/main.yml @@@ -1,0 -1,0 +1,21 @@@ ++--- ++# Install Orcal Java ++- name: download oracle java 8 rpm ++ get_url: url="{{ java_rpm_url }}" dest="{{ java_dir_source }}" headers='Cookie:oraclelicense=accept-securebackup-cookie' ++ become: yes ++ ++- name: Install oracle java 8 ++ yum: name="{{ java_dir_source }}/{{ java_rpm_filename }}" state=present ++ become: yes ++ ++- name: set Oracle Java {{ java_version_string }} as default ++ alternatives: ++ name="{{ item.exe }}" ++ link="/usr/bin/{{ item.exe }}" ++ path="{{ item.path }}/{{ item.exe }}" ++ with_items: ++ - { path: "{{ java_home }}/jre/bin", exe: 'java' } ++ - { path: "{{ java_home }}/jre/bin", exe: 'keytool' } ++ - { path: "{{ java_home }}/bin", exe: 'javac' } ++ - { path: "{{ java_home }}/bin", exe: 'javadoc' } ++ become: yes http://git-wip-us.apache.org/repos/asf/airavata/blob/514567c8/dev-tools/ansible/roles/java/vars/main.yml ---------------------------------------------------------------------- diff --cc dev-tools/ansible/roles/java/vars/main.yml index 0000000,0000000..a995684 new file mode 100644 --- /dev/null +++ b/dev-tools/ansible/roles/java/vars/main.yml @@@ -1,0 -1,0 +1,15 @@@ ++--- ++#Variables associated with this role ++# Oracle Java 8 ++java_dir_source: "/usr/local/src" ++ ++java_version: 8 ++java_version_update: 91 ++java_version_build: '14' ++java_version_string: "1.{{ java_version }}.0_{{ java_version_update }}" ++java_home: "/usr/java/jdk1.{{ java_version }}.0_{{ java_version_update }}" ++ ++java_rpm_filename: "jdk-{{ java_version }}u{{ java_version_update }}-linux-x64.rpm" ++java_rpm_url: "http://download.oracle.com/otn-pub/java/jdk/{{ java_version }}u{{ java_version_update }}-b{{ java_version_build }}/{{ java_rpm_filename }}" ++ ++... http://git-wip-us.apache.org/repos/asf/airavata/blob/514567c8/dev-tools/ansible/roles/pga/handlers/main.yml ---------------------------------------------------------------------- diff --cc dev-tools/ansible/roles/pga/handlers/main.yml index 0000000,0000000..9c6c12f new file mode 100644 --- /dev/null +++ b/dev-tools/ansible/roles/pga/handlers/main.yml @@@ -1,0 -1,0 +1,13 @@@ ++--- ++ ++- name: composer update ++ composer: command=update working_dir="{{ doc_root_dir }}" ++ become: yes ++ ++- name: start httpd ++ service: name=httpd state=started ++ become: yes ++ ++- name: restart httpd ++ service: name=httpd state=restarted ++ become: yes http://git-wip-us.apache.org/repos/asf/airavata/blob/514567c8/dev-tools/ansible/roles/pga/tasks/main.yml ---------------------------------------------------------------------- diff --cc dev-tools/ansible/roles/pga/tasks/main.yml index 0000000,0000000..b267119 new file mode 100644 --- /dev/null +++ b/dev-tools/ansible/roles/pga/tasks/main.yml @@@ -1,0 -1,0 +1,112 @@@ ++--- ++- name: Create root directory ++ file: path="{{ doc_root_dir }}" state=directory ++ become: yes ++ ++- name: Install pre-requireties ++ yum: name="{{ item }}" state=latest update_cache=yes ++ with_items: ++ - git ++ - httpd ++ - php ++ - php-soap ++ - libselinux-python ++ - php-pdo ++ become: yes ++ ++# - name: Allow selinux outbound connection from web server ++ # command: setsebool -P httpd_can_network_connect 1 ++ ++- name: install composer ++ shell: curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer ++ args: ++ creates: /usr/local/bin/composer ++ become: yes ++ ++- name: install epel release ++ yum: name=epel-release state=present ++ become: yes ++ ++# depend on epel release ++- name: install mcrypt ++ yum: name=php-mcrypt state=latest update_cache=yes ++ become: yes ++ ++# - name: Check previous deployments ++# stat: path="{{ doc_root_dir }}" get_md5=no get_checksum=no ++# register: check ++ ++- name: delete previous deployments ++ file: path="{{ doc_root_dir }}" state=absent ++ ++ ++- name: Git clone php gateway ++ git: repo=https://github.com/apache/airavata-php-gateway.git ++ dest="{{ doc_root_dir }}" version="{{ git_branch }}" ++ become: yes ++ ++- name: Create user data dir {{ user_data_dir }} ++ file: path="{{ user_data_dir }}" state=directory owner="{{user}}" group="{{group}}" mode=0777 recurse=yes ++ become: yes ++ ++ #Make sure selinux is dissabled in remote machine ++- name: Disable selinux ++ selinux: state=disabled ++ become: yes ++ register: selinux_disable ++ ++# need to restart after disable selinux ++- name: restart machine ++ shell: sleep 2 && shutdown -r now "Ansible updates triggered" ++ async: 1 ++ poll: 0 ++ become: yes ++ ignore_errors: true ++ when: (selinux_disable|success) and (selinux_disable.changed == true) ++ register: restart ++ ++- name: waiting for server to come back ++ local_action: wait_for host={{ inventory_hostname }} state=started delay=30 timeout=60 ++ when: (restart|success) and (restart.changed == true) ++ ++ ++- name: Run composer update ++ composer: command=update working_dir="{{ doc_root_dir }}" ++ become: yes ++ ++# step 6: Change pga configurations ++- name: Copy pga config file ++ template: src=pga_config.php.j2 dest="{{ doc_root_dir }}/app/config/pga_config.php" ++ become: yes ++ ++# give write permission to storage directory ++- name: give read permissions to doc root ++ file: path="{{ doc_root_dir }}" state=directory mode=0755 recurse=yes ++ become: yes ++ ++- name: give write permissions to storage dir ++ file: path="{{ doc_root_dir }}/app/storage" state=directory mode=0777 owner="{{user}}" group="{{group}}" recurse=yes ++ become: yes ++ ++- name: Eanble https and http service on public zone ++ firewalld: service="{{ item }}" permanent=true state=enabled zone=public immediate=True ++ with_items: ++ - http ++ - https ++ become: yes ++ ++# - name: Edit file ++# lineinfile: dest="{{ httpd_conf_file }}" regexp="#\n\s*AllowOverride None" line="#\nAllowOverride All" ++# notify: ++# - restart httpd ++# become: yes ++ ++- name: copy httpd.conf file ++ template: src=httpd.conf.j2 dest="{{ httpd_conf_file_location }}/httpd.conf" ++ become: yes ++ notify: ++ - restart httpd ++ ++- name: start httpd service ++ service: name=httpd state=started ++ become: yes http://git-wip-us.apache.org/repos/asf/airavata/blob/514567c8/dev-tools/ansible/roles/pga/templates/httpd.conf.j2 ---------------------------------------------------------------------- diff --cc dev-tools/ansible/roles/pga/templates/httpd.conf.j2 index 0000000,0000000..37c05e2 new file mode 100644 --- /dev/null +++ b/dev-tools/ansible/roles/pga/templates/httpd.conf.j2 @@@ -1,0 -1,0 +1,353 @@@ ++# ++# This is the main Apache HTTP server configuration file. It contains the ++# configuration directives that give the server its instructions. ++# See <URL:http://httpd.apache.org/docs/2.4/> for detailed information. ++# In particular, see ++# <URL:http://httpd.apache.org/docs/2.4/mod/directives.html> ++# for a discussion of each configuration directive. ++# ++# Do NOT simply read the instructions in here without understanding ++# what they do. They're here only as hints or reminders. If you are unsure ++# consult the online docs. You have been warned. ++# ++# Configuration and logfile names: If the filenames you specify for many ++# of the server's control files begin with "/" (or "drive:/" for Win32), the ++# server will use that explicit path. If the filenames do *not* begin ++# with "/", the value of ServerRoot is prepended -- so 'log/access_log' ++# with ServerRoot set to '/www' will be interpreted by the ++# server as '/www/log/access_log', where as '/log/access_log' will be ++# interpreted as '/log/access_log'. ++ ++# ++# ServerRoot: The top of the directory tree under which the server's ++# configuration, error, and log files are kept. ++# ++# Do not add a slash at the end of the directory path. If you point ++# ServerRoot at a non-local disk, be sure to specify a local disk on the ++# Mutex directive, if file-based mutexes are used. If you wish to share the ++# same ServerRoot for multiple httpd daemons, you will need to change at ++# least PidFile. ++# ++ServerRoot "/etc/httpd" ++ ++# ++# Listen: Allows you to bind Apache to specific IP addresses and/or ++# ports, instead of the default. See also the <VirtualHost> ++# directive. ++# ++# Change this to Listen on specific IP addresses as shown below to ++# prevent Apache from glomming onto all bound IP addresses. ++# ++#Listen 12.34.56.78:80 ++Listen 80 ++ ++# ++# Dynamic Shared Object (DSO) Support ++# ++# To be able to use the functionality of a module which was built as a DSO you ++# have to place corresponding `LoadModule' lines at this location so the ++# directives contained in it are actually available _before_ they are used. ++# Statically compiled modules (those listed by `httpd -l') do not need ++# to be loaded here. ++# ++# Example: ++# LoadModule foo_module modules/mod_foo.so ++# ++Include conf.modules.d/*.conf ++ ++# ++# If you wish httpd to run as a different user or group, you must run ++# httpd as root initially and it will switch. ++# ++# User/Group: The name (or #number) of the user/group to run httpd as. ++# It is usually good practice to create a dedicated user and group for ++# running httpd, as with most system services. ++# ++User apache ++Group apache ++ ++# 'Main' server configuration ++# ++# The directives in this section set up the values used by the 'main' ++# server, which responds to any requests that aren't handled by a ++# <VirtualHost> definition. These values also provide defaults for ++# any <VirtualHost> containers you may define later in the file. ++# ++# All of these directives may appear inside <VirtualHost> containers, ++# in which case these default settings will be overridden for the ++# virtual host being defined. ++# ++ ++# ++# ServerAdmin: Your address, where problems with the server should be ++# e-mailed. This address appears on some server-generated pages, such ++# as error documents. e.g. [email protected] ++# ++ServerAdmin root@localhost ++ ++# ++# ServerName gives the name and port that the server uses to identify itself. ++# This can often be determined automatically, but we recommend you specify ++# it explicitly to prevent problems during startup. ++# ++# If your host doesn't have a registered DNS name, enter its IP address here. ++# ++#ServerName www.example.com:80 ++ ++# ++# Deny access to the entirety of your server's filesystem. You must ++# explicitly permit access to web content directories in other ++# <Directory> blocks below. ++# ++<Directory /> ++ AllowOverride none ++ Require all denied ++</Directory> ++ ++# ++# Note that from this point forward you must specifically allow ++# particular features to be enabled - so if something's not working as ++# you might expect, make sure that you have specifically enabled it ++# below. ++# ++ ++# ++# DocumentRoot: The directory out of which you will serve your ++# documents. By default, all requests are taken from this directory, but ++# symbolic links and aliases may be used to point to other locations. ++# ++DocumentRoot "/var/www/html" ++ ++# ++# Relax access to content within /var/www. ++# ++<Directory "/var/www"> ++ AllowOverride None ++ # Allow open access: ++ Require all granted ++</Directory> ++ ++# Further relax access to the default document root: ++<Directory "/var/www/html"> ++ # ++ # Possible values for the Options directive are "None", "All", ++ # or any combination of: ++ # Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews ++ # ++ # Note that "MultiViews" must be named *explicitly* --- "Options All" ++ # doesn't give it to you. ++ # ++ # The Options directive is both complicated and important. Please see ++ # http://httpd.apache.org/docs/2.4/mod/core.html#options ++ # for more information. ++ # ++ Options Indexes FollowSymLinks ++ ++ # ++ # AllowOverride controls what directives may be placed in .htaccess files. ++ # It can be "All", "None", or any combination of the keywords: ++ # Options FileInfo AuthConfig Limit ++ # ++ AllowOverride All ++ ++ # ++ # Controls who can get stuff from this server. ++ # ++ Require all granted ++</Directory> ++ ++# ++# DirectoryIndex: sets the file that Apache will serve if a directory ++# is requested. ++# ++<IfModule dir_module> ++ DirectoryIndex index.html ++</IfModule> ++ ++# ++# The following lines prevent .htaccess and .htpasswd files from being ++# viewed by Web clients. ++# ++<Files ".ht*"> ++ Require all denied ++</Files> ++ ++# ++# ErrorLog: The location of the error log file. ++# If you do not specify an ErrorLog directive within a <VirtualHost> ++# container, error messages relating to that virtual host will be ++# logged here. If you *do* define an error logfile for a <VirtualHost> ++# container, that host's errors will be logged there and not here. ++# ++ErrorLog "logs/error_log" ++ ++# ++# LogLevel: Control the number of messages logged to the error_log. ++# Possible values include: debug, info, notice, warn, error, crit, ++# alert, emerg. ++# ++LogLevel warn ++ ++<IfModule log_config_module> ++ # ++ # The following directives define some format nicknames for use with ++ # a CustomLog directive (see below). ++ # ++ LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined ++ LogFormat "%h %l %u %t \"%r\" %>s %b" common ++ ++ <IfModule logio_module> ++ # You need to enable mod_logio.c to use %I and %O ++ LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio ++ </IfModule> ++ ++ # ++ # The location and format of the access logfile (Common Logfile Format). ++ # If you do not define any access logfiles within a <VirtualHost> ++ # container, they will be logged here. Contrariwise, if you *do* ++ # define per-<VirtualHost> access logfiles, transactions will be ++ # logged therein and *not* in this file. ++ # ++ #CustomLog "logs/access_log" common ++ ++ # ++ # If you prefer a logfile with access, agent, and referer information ++ # (Combined Logfile Format) you can use the following directive. ++ # ++ CustomLog "logs/access_log" combined ++</IfModule> ++ ++<IfModule alias_module> ++ # ++ # Redirect: Allows you to tell clients about documents that used to ++ # exist in your server's namespace, but do not anymore. The client ++ # will make a new request for the document at its new location. ++ # Example: ++ # Redirect permanent /foo http://www.example.com/bar ++ ++ # ++ # Alias: Maps web paths into filesystem paths and is used to ++ # access content that does not live under the DocumentRoot. ++ # Example: ++ # Alias /webpath /full/filesystem/path ++ # ++ # If you include a trailing / on /webpath then the server will ++ # require it to be present in the URL. You will also likely ++ # need to provide a <Directory> section to allow access to ++ # the filesystem path. ++ ++ # ++ # ScriptAlias: This controls which directories contain server scripts. ++ # ScriptAliases are essentially the same as Aliases, except that ++ # documents in the target directory are treated as applications and ++ # run by the server when requested rather than as documents sent to the ++ # client. The same rules about trailing "/" apply to ScriptAlias ++ # directives as to Alias. ++ # ++ ScriptAlias /cgi-bin/ "/var/www/cgi-bin/" ++ ++</IfModule> ++ ++# ++# "/var/www/cgi-bin" should be changed to whatever your ScriptAliased ++# CGI directory exists, if you have that configured. ++# ++<Directory "/var/www/cgi-bin"> ++ AllowOverride None ++ Options None ++ Require all granted ++</Directory> ++ ++<IfModule mime_module> ++ # ++ # TypesConfig points to the file containing the list of mappings from ++ # filename extension to MIME-type. ++ # ++ TypesConfig /etc/mime.types ++ ++ # ++ # AddType allows you to add to or override the MIME configuration ++ # file specified in TypesConfig for specific file types. ++ # ++ #AddType application/x-gzip .tgz ++ # ++ # AddEncoding allows you to have certain browsers uncompress ++ # information on the fly. Note: Not all browsers support this. ++ # ++ #AddEncoding x-compress .Z ++ #AddEncoding x-gzip .gz .tgz ++ # ++ # If the AddEncoding directives above are commented-out, then you ++ # probably should define those extensions to indicate media types: ++ # ++ AddType application/x-compress .Z ++ AddType application/x-gzip .gz .tgz ++ ++ # ++ # AddHandler allows you to map certain file extensions to "handlers": ++ # actions unrelated to filetype. These can be either built into the server ++ # or added with the Action directive (see below) ++ # ++ # To use CGI scripts outside of ScriptAliased directories: ++ # (You will also need to add "ExecCGI" to the "Options" directive.) ++ # ++ #AddHandler cgi-script .cgi ++ ++ # For type maps (negotiated resources): ++ #AddHandler type-map var ++ ++ # ++ # Filters allow you to process content before it is sent to the client. ++ # ++ # To parse .shtml files for server-side includes (SSI): ++ # (You will also need to add "Includes" to the "Options" directive.) ++ # ++ AddType text/html .shtml ++ AddOutputFilter INCLUDES .shtml ++</IfModule> ++ ++# ++# Specify a default charset for all content served; this enables ++# interpretation of all content as UTF-8 by default. To use the ++# default browser choice (ISO-8859-1), or to allow the META tags ++# in HTML content to override this choice, comment out this ++# directive: ++# ++AddDefaultCharset UTF-8 ++ ++<IfModule mime_magic_module> ++ # ++ # The mod_mime_magic module allows the server to use various hints from the ++ # contents of the file itself to determine its type. The MIMEMagicFile ++ # directive tells the module where the hint definitions are located. ++ # ++ MIMEMagicFile conf/magic ++</IfModule> ++ ++# ++# Customizable error responses come in three flavors: ++# 1) plain text 2) local redirects 3) external redirects ++# ++# Some examples: ++#ErrorDocument 500 "The server made a boo boo." ++#ErrorDocument 404 /missing.html ++#ErrorDocument 404 "/cgi-bin/missing_handler.pl" ++#ErrorDocument 402 http://www.example.com/subscription_info.html ++# ++ ++# ++# EnableMMAP and EnableSendfile: On systems that support it, ++# memory-mapping or the sendfile syscall may be used to deliver ++# files. This usually improves server performance, but must ++# be turned off when serving from networked-mounted ++# filesystems or if support for these functions is otherwise ++# broken on your system. ++# Defaults if commented: EnableMMAP On, EnableSendfile Off ++# ++#EnableMMAP off ++EnableSendfile on ++ ++# Supplemental configuration ++# ++# Load config files in the "/etc/httpd/conf.d" directory, if any. ++IncludeOptional conf.d/*.conf
