Airavata pga and gfac works perfectly
Project: http://git-wip-us.apache.org/repos/asf/airavata/repo Commit: http://git-wip-us.apache.org/repos/asf/airavata/commit/2b6f220a Tree: http://git-wip-us.apache.org/repos/asf/airavata/tree/2b6f220a Diff: http://git-wip-us.apache.org/repos/asf/airavata/diff/2b6f220a Branch: refs/heads/develop Commit: 2b6f220a06f7ca255471648d4a0ce480d789787c Parents: 6e0715b Author: Shameera Rathnayaka <[email protected]> Authored: Mon Aug 22 16:12:22 2016 -0400 Committer: Shameera Rathnayaka <[email protected]> Committed: Mon Aug 22 16:12:22 2016 -0400 ---------------------------------------------------------------------- group_vars/all | 54 ------------ group_vars/all.yml | 78 ++++++++++++++++++ hosts | 33 +++----- roles/api-orch/handlers/main.yml | 8 +- roles/api-orch/tasks/main.yml | 80 ++++++++++-------- .../templates/airavata-server.properties.j2 | 34 ++++---- roles/api-orch/vars/main.yml | 3 - roles/common/files/airavata.jks | Bin 1410 -> 2289 bytes roles/common/files/airavata_sym.jks | Bin 0 -> 501 bytes roles/common/files/client_truststore.jks | Bin 3558 -> 0 bytes roles/common/tasks/main.yml | 25 ++++-- roles/common/vars/main.yml | 3 +- roles/database/handlers/main.yml | 4 + roles/database/tasks/main.yml | 27 ++++-- roles/database/vars/main.yml | 14 ++++ roles/gfac/tasks/main.yml | 82 +++++++++++-------- .../templates/airavata-server.properties.j2 | 34 ++++---- roles/gfac/vars/main.yml | 3 - roles/pga/tasks/main.yml | 54 +++++++----- roles/rabbitmq/handlers/main.yml | 4 +- roles/rabbitmq/tasks/main.yml | 2 +- roles/zookeeper/handlers/main.yml | 4 +- roles/zookeeper/vars/main.yml | 2 +- site.yml | 28 ++++--- 24 files changed, 325 insertions(+), 251 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/airavata/blob/2b6f220a/group_vars/all ---------------------------------------------------------------------- diff --git a/group_vars/all b/group_vars/all deleted file mode 100644 index da3b24e..0000000 --- a/group_vars/all +++ /dev/null @@ -1,54 +0,0 @@ ---- -ansible_connection: ssh -ansible_ssh_user: centos -#ansible_ssh_private_key_file: /Users/syodage/Projects/scigap/JetCloud/jetcloud.key -ansible_ssh_private_key_file: /Users/syodage/Projects/airavata-ansible/shameera-aws.pem.txt - -user: centos -group: centos -user_home: "/home/{{ user }}" -deployment_dir: "{{ user_home }}/master-deployment" - -airavata_dist: "apache-airavata-server-0.17-SNAPSHOT" -airavata_dist_name: "{{ airavata_dist }}-bin.tar.gz" - -db_server: "gw62.iu.xsede.org" -db_server_port: "3306" -db_user: "airavata" -db_password: "airavata" -app_catalog: "app_catalog" -exp_catalog: "exp_catalog" -replica_catalog: "replica_catalog" -workflow_catalog: "wf_catalog" -credential_store: "credential_store" - -rabbitmq_server: "localhost" -rabbitmq_vhost: "master" -rabbitmq_user: "airavata" -rabbitmq_password: "airavata" -rabbitmq_port: "5672" -rabbitmq_broker_url: "amqp://{{ rabbitmq_user }}:{{ rabbitmq_password }}@{{ rabbitmq_server}}:{{ rabbitmq_port }}/{{ rabbitmq_vhost }}" - -key_store: "airavata.jks" -cred_key_store: "client_truststore.jks" -cred_store_server_host: "gw77.iu.xsede.org" -key_stores_location: "{{ deployment_dir }}/keystores" - -mysql_connector_jar: "mysql-connector-java-5.1.37-bin.jar" - -api_server_name: "apiserver-node0" -api_server_host: "{{ ansible_fqdn }}" -api_server_port: "8930" - -orchestrator_name: "orchestrator-node0" -orchestrator_host: "{{ ansible_fqdn }}" -orchestrator_port: "8940" - -gfac_name: "gfac-node0" -gfac_host: "{{ ansible_fqdn }}" -gfac_port: "8950" - -monitor_email_address: "[email protected]" -monitor_email_password: "xxxxx" - -... http://git-wip-us.apache.org/repos/asf/airavata/blob/2b6f220a/group_vars/all.yml ---------------------------------------------------------------------- diff --git a/group_vars/all.yml b/group_vars/all.yml new file mode 100644 index 0000000..0269ff2 --- /dev/null +++ b/group_vars/all.yml @@ -0,0 +1,78 @@ +--- +ansible_connection: ssh +ansible_ssh_user: centos +#ansible_ssh_private_key_file: /Users/syodage/Projects/scigap/JetCloud/jetcloud.key +ansible_ssh_private_key_file: /Users/syodage/Projects/airavata-ansible/shameera-aws.pem.txt + +user: centos +group: centos +user_home: "/home/{{ user }}" + +# deployment related variables +deployment_dir: "{{ user_home }}/master-deployment" +airavata_source_dir: "{{ user_home }}/source" +airavata_dist: "apache-airavata-server-0.17-SNAPSHOT" +airavata_dist_name: "{{ airavata_dist }}-bin.tar.gz" +git_branch: master + +# Database related variables +db_server: "{{ groups['database'][0] }}" +db_server_port: "3306" +db_user: "airavata" +db_password: "airavata" +app_catalog: "app_catalog" +exp_catalog: "exp_catalog" +replica_catalog: "replica_catalog" +workflow_catalog: "wf_catalog" +credential_store: "credential_store" + +mysql_connector_jar: "mysql-connector-java-5.1.37-bin.jar" + +# Rabbitmq related vareables +rabbitmq_server: "{{ groups['rabbitmq'][0] }}" +rabbitmq_vhost: "master" +rabbitmq_user: "airavata" +rabbitmq_password: "airavata" +rabbitmq_port: "5672" +rabbitmq_broker_url: "amqp://{{ rabbitmq_user }}:{{ rabbitmq_password }}@{{ rabbitmq_server}}:{{ rabbitmq_port }}/{{ rabbitmq_vhost }}" + +# Zoookeeper related variables +zookeeper_client_port: 2181 +zookeeper_url: "{{ groups['zookeeper'][0] }}:{{ zookeeper_client_port }}" +# API Server and Orchestrator related variables +api_server_name: "apiserver-node0" +api_server_host: "{{ ansible_fqdn }}" +api_server_port: "8930" +api_secured: "true" +tls_enable: "false" +api_server_tls_port: "9930" + +orchestrator_name: "orchestrator-node0" +orchestrator_host: "{{ ansible_fqdn }}" +orchestrator_port: "8940" +api_orch_dir: "{{ deployment_dir }}/api-orchestrator" + +# Credential and keystore related variables +#authorization_server: "https://{{ groups['wso2is'][0]}}:9443/services/" +authorization_server: "https://idp.scigap.org:9443/services/"; +keystore: "airavata.jks" +keystore_passwd: "airavata" +#client_truststore: "client_truststore.jks" +client_truststore: "airavata.jks" +client_truststore_passwd: "airavata" +cred_keystore: "airavata_sym.jks" +cred_keystore_passwd: "airavata" +cred_keystore_alias: "airavata" +cred_store_server_host: "{{ ansible_fqdn }}" +cred_store_port: "8960" +keystores_location: "{{ deployment_dir }}/keystores" + +# Gfac related variables +gfac_name: "gfac-node0" +gfac_host: "{{ ansible_fqdn }}" +gfac_port: "8950" +gfac_dir: "{{ deployment_dir }}/gfac-instance" + +# Monitoring variables +monitor_email_address: "[email protected]" +monitor_email_password: "airavata" http://git-wip-us.apache.org/repos/asf/airavata/blob/2b6f220a/hosts ---------------------------------------------------------------------- diff --git a/hosts b/hosts index b14e7fd..4ff2de0 100644 --- a/hosts +++ b/hosts @@ -1,30 +1,23 @@ --- # inventory file : production -[api-orch] -#js-156.196.jetstream-cloud.org -#js-171-11.jetstream-cloud.org - -[gfac] -#js-156.196.jetstream-cloud.org -#js-171-11.jetstream-cloud.org - -[pga] -#js-156.196.jetstream-cloud.org -#js-171-11.jetstream-cloud.org - [zookeeper] -#js-156.196.jetstream-cloud.org -#js-171-11.jetstream-cloud.org +52.91.41.223 [rabbitmq] -#js-156.196.jetstream-cloud.org -#js-171-11.jetstream-cloud.org rabbit_hostName="jetcloud-1-centos-7" -54.236.73.114 +52.91.41.223 [database] -#js-156.196.jetstream-cloud.org -#js-171-11.jetstream-cloud.org +54.221.0.3 [wso2is] -52.91.87.213 +#52.87.209.219 + +[api-orch] +54.164.53.207 + +[gfac] +54.85.248.150 + +[pga] +54.236.200.110 http://git-wip-us.apache.org/repos/asf/airavata/blob/2b6f220a/roles/api-orch/handlers/main.yml ---------------------------------------------------------------------- diff --git a/roles/api-orch/handlers/main.yml b/roles/api-orch/handlers/main.yml index c1a828d..a2288d9 100644 --- a/roles/api-orch/handlers/main.yml +++ b/roles/api-orch/handlers/main.yml @@ -2,9 +2,13 @@ # Api server, Orchestrator related handlers - name: start api-orch - command: ./bin/airavata-server-start.sh api-orch -d chdir="{{ api_orch_dir }}/{{ airavata_dist }}/" creates="{{ api_orch_dir }}/{{ airavata_dist }}/bin/server_start_*" + command: ./bin/airavata-server-start.sh api-orch -d + chdir="{{ api_orch_dir }}/{{ airavata_dist }}/" + creates="{{ api_orch_dir }}/{{ airavata_dist }}/bin/server_start_*" - name: stop api-orch - command: ./bin/airavata-server-stop.sh -f chdir="{{ api_orch_dir }}/{{ airavata_dist }}/" removes="{{ api_orch_dir }}/{{ airavata_dist }}/bin/server_start_*" + command: ./bin/airavata-server-stop.sh -f + chdir="{{ api_orch_dir }}/{{ airavata_dist }}/" + removes="{{ api_orch_dir }}/{{ airavata_dist }}/bin/server_start_*" ... http://git-wip-us.apache.org/repos/asf/airavata/blob/2b6f220a/roles/api-orch/tasks/main.yml ---------------------------------------------------------------------- diff --git a/roles/api-orch/tasks/main.yml b/roles/api-orch/tasks/main.yml index 827f520..369bb2b 100644 --- a/roles/api-orch/tasks/main.yml +++ b/roles/api-orch/tasks/main.yml @@ -4,51 +4,61 @@ - name: Create api-orchestrator deployment directory file: path="{{ api_orch_dir }}" state=directory owner="{{ user }}" group="{{ group }}" when: build|success - tags: deploy, update_api_orch, update - name: Check previous deployments stat: path="{{ api_orch_dir }}/{{ airavata_dist }}" get_md5=no get_checksum=no - register: pp - tags: deploy, update_api_orch, update - -- block: - - name: stop api-orch - command: ./bin/airavata-server-stop.sh -f chdir="{{ api_orch_dir }}/{{ airavata_dist }}/" removes="{{ api_orch_dir }}/{{ airavata_dist }}/bin/server_start_*" - - - name: Delete previous deployments - file: path="{{ gfac_dir }}/{{ airavata_dist }}" state=absent - - when: pp.stat.exists == True - tags: deploy, update_api_orch, update -# -# - block: -# - name: Remove pervious backup directory -# file: path="{{ api_orch_dir }}/backup" state=absent -# notify: -# - stop api-orch -# -# - name: Backup previous deployment directory -# copy: src="{{ api_orch_dir }}/{{ airavata_dist }}" dest="{{ api_orch_dir }}/backup" copy=no -# -# when: p.stat.exist == True -# tags: deploy update_api_orch update + register: check + +- name: stop api-orch + command: ./bin/airavata-server-stop.sh -f + chdir="{{ api_orch_dir }}/{{ airavata_dist }}/" + removes="{{ api_orch_dir }}/{{ airavata_dist }}/bin/server_start_*" + when: check.stat.exists == True + +- name: Delete previous deployments + file: path="{{ api_orch_dir }}/{{ airavata_dist }}" state=absent - name: Copy distribution to api-orcheatrator deployment directory - unarchive: src="{{ airavata_source_dir }}/distribution/target/{{ airavata_dist_name }}" dest="{{ api_orch_dir }}/" copy=no - become: yes - become_user: "{{ user }}" - tags: deploy, update_api_orch, update + unarchive: src="{{ airavata_source_dir }}/distribution/target/{{ airavata_dist_name }}" + dest="{{ api_orch_dir }}/" + copy=no - name: Copy Airavata server properties file - template: src=airavata-server.properties.j2 dest="{{ api_orch_dir }}/{{ airavata_dist }}/bin/airavata-server.properties" owner="{{ user }}" group="{{ group }}" mode="u=rw,g=r,o=r" - tags: deploy, update_api_orch, update + template: src=airavata-server.properties.j2 + dest="{{ api_orch_dir }}/{{ airavata_dist }}/bin/airavata-server.properties" + owner={{ user }} + group={{ group }} + mode="u=rw,g=r,o=r" - name: Copy Gfac configuration file - template: src=gfac-config.yaml.j2 dest="{{ api_orch_dir }}/{{ airavata_dist }}/bin/gfac-config.yaml" owner="{{ user }}" group="{{ group }}" mode="u=rw,g=r,o=r" - tags: deploy, update_api_orch, update + template: src=gfac-config.yaml.j2 + dest="{{ api_orch_dir }}/{{ airavata_dist }}/bin/gfac-config.yaml" + owner={{ user }} + group={{ group }} + mode="u=rw,g=r,o=r" - name: Copy Mysql jar to lib - copy: src="{{ mysql_connector_jar }}" dest="{{ api_orch_dir }}/{{ airavata_dist }}/lib/{{ mysql_connector_jar }}" owner="{{ user }}" group="{{ group }}" - tags: deploy, update_api_orch, update + copy: src={{ mysql_connector_jar }} + dest="{{ api_orch_dir }}/{{ airavata_dist }}/lib/{{ mysql_connector_jar }}" + owner={{ user }} + group={{ group }} + +- name: Open firwall ports + firewalld: port={{ item }} zone=public permanent=true state=enabled immediate=yes + with_items: + - "{{ api_server_port }}/tcp" + - "{{ orchestrator_port }}/tcp" + - "{{ cred_store_port }}/tcp" + become: yes + +- name: stop api-orch + command: ./bin/airavata-server-stop.sh -f + chdir="{{ api_orch_dir }}/{{ airavata_dist }}/" + removes="{{ api_orch_dir }}/{{ airavata_dist }}/bin/server_start_*" + +- name: start api-orch + command: ./bin/airavata-server-start.sh api-orch -d + chdir="{{ api_orch_dir }}/{{ airavata_dist }}/" + creates="{{ api_orch_dir }}/{{ airavata_dist }}/bin/server_start_*" ... http://git-wip-us.apache.org/repos/asf/airavata/blob/2b6f220a/roles/api-orch/templates/airavata-server.properties.j2 ---------------------------------------------------------------------- diff --git a/roles/api-orch/templates/airavata-server.properties.j2 b/roles/api-orch/templates/airavata-server.properties.j2 index 449a7fd..9418e82 100644 --- a/roles/api-orch/templates/airavata-server.properties.j2 +++ b/roles/api-orch/templates/airavata-server.properties.j2 @@ -34,7 +34,7 @@ #registry.jdbc.url=jdbc:derby://localhost:1527/experiment_catalog;create=true;user=airavata;password=airavata # MySql database configuration registry.jdbc.driver=com.mysql.jdbc.Driver -registry.jdbc.url=jdbc:mysql://{{ db_server }}:3306/{{ exp_catalog }} +registry.jdbc.url=jdbc:mysql://{{ db_server }}:{{ db_server_port }}/{{ exp_catalog }} registry.jdbc.user={{ db_user }} registry.jdbc.password={{ db_password }} #FIXME: Probably the following property should be removed. @@ -107,21 +107,16 @@ userprofile.mongodb.port=27017 ########################################################################### # API Server Configurations ########################################################################### +apiserver=org.apache.airavata.api.server.AiravataAPIServer apiserver.name={{ api_server_name }} apiserver.host={{ api_server_host }} apiserver.port={{ api_server_port }} apiserver.min.threads=50 ########################################################################### -# API Server SSL Configurations -########################################################################### -apiserver.tls.enabled=true -apiserver.keystore={{ key_stores_location }}/{{ key_store }} -apiserver.keystore.password=airavata - -########################################################################### # Orchestrator Server Configurations ########################################################################### +orchestrator=org.apache.airavata.orchestrator.server.OrchestratorServer orchestrator.server.name={{ orchestrator_name }} orchestrator.server.host={{ orchestrator_host }} orchestrator.server.port={{ orchestrator_port }} @@ -137,6 +132,7 @@ enable.validation=true ########################################################################### # GFac Server Configurations ########################################################################### +gfac=org.apache.airavata.gfac.server.GfacServer gfac.server.name={{ gfac_name }} gfac.server.host={{ gfac_host }} gfac.server.port={{ gfac_port }} @@ -171,15 +167,15 @@ job.notification.flags=abe ########################################################################### # Credential Store module Configuration ########################################################################### -credential.store.keystore.url=/home/airavata/airavata_sym.jks -credential.store.keystore.alias=airavata -credential.store.keystore.password=airavata +credential.store.keystore.url={{ keystores_location }}/{{ cred_keystore }} +credential.store.keystore.alias={{ cred_keystore_alias }} +credential.store.keystore.password={{ cred_keystore_passwd }} credential.store.jdbc.url=jdbc:mysql://{{ db_server }}:3306/{{ credential_store }} credential.store.jdbc.user={{ db_user }} credential.store.jdbc.password={{ db_password }} credential.store.jdbc.driver=com.mysql.jdbc.Driver credential.store.server.host={{ cred_store_server_host }} -credential.store.server.port=8960 +credential.store.server.port={{ cred_store_port }} credentialstore=org.apache.airavata.credential.store.server.CredentialStoreServer # these properties used by credential store email notifications @@ -250,23 +246,23 @@ rabbitmq.exchange.name=airavata_rabbitmq_exchange # Zookeeper Server Configuration ########################################################################### embedded.zk=false -zookeeper.server.connection=localhost:2181 +zookeeper.server.connection={{ zookeeper_url }} zookeeper.timeout=30000 ######################################################################## ## API Security Configuration ######################################################################## -api.secured=true +api.secured={{ api_secured }} security.manager.class=org.apache.airavata.api.server.security.DefaultAiravataSecurityManager ### TLS related configuration #### -TLS.enabled=true -TLS.api.server.port=9930 +TLS.enabled={{ tls_enable }} +TLS.api.server.port={{ api_server_tls_port }} TLS.client.timeout=10000 #### keystore configuration #### -keystore.path={{ key_stores_location }}/{{ key_store }} -keystore.password=airavata +keystore.path={{ keystores_location }}/{{ keystore }} +keystore.password={{ keystore_passwd }} #### trust store configuration #### -trust.store={{ key_stores_location }}/{{ cred_key_store }} +trust.store={{ keystores_location }}/{{ client_truststore }} trust.store.password=airavata #### remote authorization server url #### remote.oauth.authorization.server=https://idp.scigap.org:9443/services/ http://git-wip-us.apache.org/repos/asf/airavata/blob/2b6f220a/roles/api-orch/vars/main.yml ---------------------------------------------------------------------- diff --git a/roles/api-orch/vars/main.yml b/roles/api-orch/vars/main.yml deleted file mode 100644 index 16b85b0..0000000 --- a/roles/api-orch/vars/main.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- -# API Server and Orchestrator related variables -api_orch_dir: "{{ deployment_dir }}/api-orchestrator" http://git-wip-us.apache.org/repos/asf/airavata/blob/2b6f220a/roles/common/files/airavata.jks ---------------------------------------------------------------------- diff --git a/roles/common/files/airavata.jks b/roles/common/files/airavata.jks index e0e46e2..685cc00 100644 Binary files a/roles/common/files/airavata.jks and b/roles/common/files/airavata.jks differ http://git-wip-us.apache.org/repos/asf/airavata/blob/2b6f220a/roles/common/files/airavata_sym.jks ---------------------------------------------------------------------- diff --git a/roles/common/files/airavata_sym.jks b/roles/common/files/airavata_sym.jks new file mode 100644 index 0000000..3dd27d6 Binary files /dev/null and b/roles/common/files/airavata_sym.jks differ http://git-wip-us.apache.org/repos/asf/airavata/blob/2b6f220a/roles/common/files/client_truststore.jks ---------------------------------------------------------------------- diff --git a/roles/common/files/client_truststore.jks b/roles/common/files/client_truststore.jks deleted file mode 100644 index 4d39906..0000000 Binary files a/roles/common/files/client_truststore.jks and /dev/null differ http://git-wip-us.apache.org/repos/asf/airavata/blob/2b6f220a/roles/common/tasks/main.yml ---------------------------------------------------------------------- diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml index 9c1884d..4289515 100644 --- a/roles/common/tasks/main.yml +++ b/roles/common/tasks/main.yml @@ -26,23 +26,30 @@ - name: Run maven build command: mvn clean install -Dmaven.test.skip=true chdir="{{ airavata_source_dir }}/" - when: (checkout|success) or (checkout|skipped) + environment: + MAVEN_OPTS: "-Xmx1024m" register: build tags: update + # when: (checkout|success) and (checkout.changed == true) ################################################################################ # copy key store and trust store files - name: Create KeyStores directory - file: path="{{ key_stores_location }}" + file: path={{ keystores_location }} state=directory - owner="{{ user }}" group="{{ group }}" + owner={{ user }} group={{ group }} - name: Transfer airavata.jks KeyStore file - copy: src="{{ key_store }}" - dest="{{ key_stores_location }}/{{ key_store }}" - owner="{{ user }}" group="{{ group }}" + copy: src={{ keystore }} + dest="{{ keystores_location }}/{{ keystore }}" + owner={{ user }} group={{ group }} + +- name: Transfer airavata_sym.jks KeyStore file + copy: src={{ cred_keystore }} + dest="{{ keystores_location }}/{{ cred_keystore }}" + owner={{ user }} group={{ group }} - name: Transfer client trust store KeyStore file - copy: src="{{ cred_key_store }}" - dest="{{ key_stores_location }}/{{ cred_key_store }}" - owner="{{ user }}" group="{{ group }}" + copy: src={{ client_truststore }} + dest="{{ keystores_location }}/{{ client_truststore }}" + owner={{ user }} group={{ group }} http://git-wip-us.apache.org/repos/asf/airavata/blob/2b6f220a/roles/common/vars/main.yml ---------------------------------------------------------------------- diff --git a/roles/common/vars/main.yml b/roles/common/vars/main.yml index 0df33c5..e2d93e7 100644 --- a/roles/common/vars/main.yml +++ b/roles/common/vars/main.yml @@ -1,5 +1,4 @@ --- # Common variables -airavata_source_dir: "{{ user_home }}/source" -git_branch: master + ... http://git-wip-us.apache.org/repos/asf/airavata/blob/2b6f220a/roles/database/handlers/main.yml ---------------------------------------------------------------------- diff --git a/roles/database/handlers/main.yml b/roles/database/handlers/main.yml index 5400e8b..1906365 100644 --- a/roles/database/handlers/main.yml +++ b/roles/database/handlers/main.yml @@ -7,4 +7,8 @@ service: name=mariadb state=stopped become: yes +- name: restart mariadb + service: name=mariadb state=restarted enabled=yes + become: yes + ... http://git-wip-us.apache.org/repos/asf/airavata/blob/2b6f220a/roles/database/tasks/main.yml ---------------------------------------------------------------------- diff --git a/roles/database/tasks/main.yml b/roles/database/tasks/main.yml index 5fb75e4..4a75abb 100644 --- a/roles/database/tasks/main.yml +++ b/roles/database/tasks/main.yml @@ -38,16 +38,25 @@ - name: create databases mysql_db: name="{{ item }}" state=present with_items: - - "{{ app_catalog }}" - - "{{ exp_catalog }}" - - "{{ replica_catalog }}" - - "{{ workflow_catalog }}" - - "{{ credential_store }}" + - "{{ mysql_databases }}" -- name: create new user {{ db_user }} with all privilege - mysql_user: name="{{ db_user }}" password="{{ db_password }}" priv=*.*:ALL state=present +- name: give access to {{ db_user }} from remote + mysql_user: name="{{ db_user }}" password="{{ db_password }}" host="{{ item }}" + with_items: + - "{{ groups['api-orch'] }}" + - "{{ groups['gfac'] }}" + tags: testdb -- name: open database port - firewalld: port="{{ db_server_port }}/tcp" zone=public permanent=true state=enabled immediate=yes +- name: create new user {{ db_user }} with all privilege + mysql_user: name="{{ db_user }}" + password="{{ db_password }}" + append_privs=yes + host_all=yes + priv=*.*:ALL,GRANT state=present + tags: testdb + +- name: open firewall port {{ db_server_port }} + firewalld: port="{{ db_server_port }}/tcp" + zone=public permanent=true state=enabled immediate=yes become: yes ... http://git-wip-us.apache.org/repos/asf/airavata/blob/2b6f220a/roles/database/vars/main.yml ---------------------------------------------------------------------- diff --git a/roles/database/vars/main.yml b/roles/database/vars/main.yml index 3bbc070..1f37424 100644 --- a/roles/database/vars/main.yml +++ b/roles/database/vars/main.yml @@ -4,4 +4,18 @@ mysql_packages: - mariadb mysql_root_password: "admin" +mysql_databases: + - "{{ app_catalog }}" + - "{{ exp_catalog }}" + - "{{ replica_catalog }}" + - "{{ workflow_catalog }}" + - "{{ credential_store }}" + +mysql_privs: + - "{{ app_catalog }}.*:ALL" + - "{{ exp_catalog }}.*:ALL" + - "{{ replica_catalog }}.*:ALL" + - "{{ workflow_catalog }}.*:ALL" + - "{{ credential_store }}.*:ALL" + ... http://git-wip-us.apache.org/repos/asf/airavata/blob/2b6f220a/roles/gfac/tasks/main.yml ---------------------------------------------------------------------- diff --git a/roles/gfac/tasks/main.yml b/roles/gfac/tasks/main.yml index bae85cf..06d6dda 100644 --- a/roles/gfac/tasks/main.yml +++ b/roles/gfac/tasks/main.yml @@ -3,51 +3,61 @@ ################################################################################ # gfac deployments - name: Create Gfac deployment directory - file: path="{{ gfac_dir }}" state=directory owner="{{ user }}" group="{{ group }}" + file: path="{{ gfac_dir }}" state=directory owner={{ user }} group={{ group }} when: build|success - tags: deploy, update_gfac, update - name: Check previous deployments stat: path="{{ gfac_dir }}/{{ airavata_dist }}" get_md5=no get_checksum=no - register: p - tags: deploy, update_gfac, update - -- block: - - name: stop gfac - command: ./bin/airavata-server-stop.sh -f chdir="{{ gfac_dir }}/{{ airavata_dist }}/" removes="{{ gfac_dir }}/{{ airavata_dist }}/bin/server_start_*" - - - name: Delete previous deployments - file: path="{{ gfac_dir }}/{{ airavata_dist }}" state=absent - - when: p.stat.exists == True - tags: deploy, update_gfac, update - -# - block: -# - name: Remove pervious backup directory -# file: path="{{ gfac_dir }}/backup" state=absent -# notify: -# - stop gfac -# -# - name: Backup previous deployment directory -# copy: src="{{ gfac_dir }}/{{ airavata_dist }}" dest="{{ gfac_dir }}/backup" copy=no -# -# when: p.stat.exists == True -# tags: deploy, update_gfac, update + register: check + +- name: stop gfac + command: ./bin/airavata-server-stop.sh -f + chdir="{{ gfac_dir }}/{{ airavata_dist }}/" + removes="{{ gfac_dir }}/{{ airavata_dist }}/bin/server_start_*" + when: check.stat.exists == True + +- name: Delete previous deployments + file: path="{{ gfac_dir }}/{{ airavata_dist }}" state=absent - name: Copy distribution to gfac deployment directory - unarchive: src="{{ airavata_source_dir }}/distribution/target/{{ airavata_dist_name }}" dest="{{ gfac_dir }}/" copy=no - become: yes - become_user: "{{ user }}" - tags: deploy, update_gfac, update + unarchive: src="{{ airavata_source_dir }}/distribution/target/{{ airavata_dist_name }}" + dest="{{ gfac_dir }}/" + copy=no - name: Copy Airavata server properties file - template: src=airavata-server.properties.j2 dest="{{ gfac_dir }}/{{ airavata_dist }}/bin/airavata-server.properties" owner="{{ user }}" group="{{ group }}" mode="u=rw,g=r,o=r" - tags: deploy, update_gfac, update + template: src=airavata-server.properties.j2 + dest="{{ gfac_dir }}/{{ airavata_dist }}/bin/airavata-server.properties" + owner={{ user }} + group={{ group }} + mode="u=rw,g=r,o=r" - name: Copy Gfac configuration file - template: src=gfac-config.yaml.j2 dest="{{ gfac_dir }}/{{ airavata_dist }}/bin/gfac-config.yaml" owner="{{ user }}" group="{{ group }}" mode="u=rw,g=r,o=r" - tags: deploy, update_gfac, update + template: src=gfac-config.yaml.j2 + dest="{{ gfac_dir }}/{{ airavata_dist }}/bin/gfac-config.yaml" + owner={{ user }} + group={{ group }} + mode="u=rw,g=r,o=r" - name: Copy Mysql jar to lib - copy: src="{{ mysql_connector_jar }}" dest="{{ gfac_dir }}/{{ airavata_dist }}/lib/{{ mysql_connector_jar }}" owner="{{ user }}" group="{{ group }}" - tags: deploy, update_gfac, update + copy: src="{{ mysql_connector_jar }}" + dest="{{ gfac_dir }}/{{ airavata_dist }}/lib/{{ mysql_connector_jar }}" + owner={{ user }} + group={{ group }} + + +- name: Open firwall ports + firewalld: port="{{ gfac_port }}/tcp" zone=public permanent=true state=enabled immediate=yes + become: yes + +- name: stop gfac + command: ./bin/airavata-server-stop.sh -f + chdir="{{ gfac_dir }}/{{ airavata_dist }}/" + removes="{{ gfac_dir }}/{{ airavata_dist }}/bin/server_start_*" + +- name: start gfac + command: ./bin/airavata-server-start.sh gfac -d + chdir="{{ gfac_dir }}/{{ airavata_dist }}/" + creates="{{ gfac_dir }}/{{ airavata_dist }}/bin/server_start_*" + + +... http://git-wip-us.apache.org/repos/asf/airavata/blob/2b6f220a/roles/gfac/templates/airavata-server.properties.j2 ---------------------------------------------------------------------- diff --git a/roles/gfac/templates/airavata-server.properties.j2 b/roles/gfac/templates/airavata-server.properties.j2 index 449a7fd..9418e82 100644 --- a/roles/gfac/templates/airavata-server.properties.j2 +++ b/roles/gfac/templates/airavata-server.properties.j2 @@ -34,7 +34,7 @@ #registry.jdbc.url=jdbc:derby://localhost:1527/experiment_catalog;create=true;user=airavata;password=airavata # MySql database configuration registry.jdbc.driver=com.mysql.jdbc.Driver -registry.jdbc.url=jdbc:mysql://{{ db_server }}:3306/{{ exp_catalog }} +registry.jdbc.url=jdbc:mysql://{{ db_server }}:{{ db_server_port }}/{{ exp_catalog }} registry.jdbc.user={{ db_user }} registry.jdbc.password={{ db_password }} #FIXME: Probably the following property should be removed. @@ -107,21 +107,16 @@ userprofile.mongodb.port=27017 ########################################################################### # API Server Configurations ########################################################################### +apiserver=org.apache.airavata.api.server.AiravataAPIServer apiserver.name={{ api_server_name }} apiserver.host={{ api_server_host }} apiserver.port={{ api_server_port }} apiserver.min.threads=50 ########################################################################### -# API Server SSL Configurations -########################################################################### -apiserver.tls.enabled=true -apiserver.keystore={{ key_stores_location }}/{{ key_store }} -apiserver.keystore.password=airavata - -########################################################################### # Orchestrator Server Configurations ########################################################################### +orchestrator=org.apache.airavata.orchestrator.server.OrchestratorServer orchestrator.server.name={{ orchestrator_name }} orchestrator.server.host={{ orchestrator_host }} orchestrator.server.port={{ orchestrator_port }} @@ -137,6 +132,7 @@ enable.validation=true ########################################################################### # GFac Server Configurations ########################################################################### +gfac=org.apache.airavata.gfac.server.GfacServer gfac.server.name={{ gfac_name }} gfac.server.host={{ gfac_host }} gfac.server.port={{ gfac_port }} @@ -171,15 +167,15 @@ job.notification.flags=abe ########################################################################### # Credential Store module Configuration ########################################################################### -credential.store.keystore.url=/home/airavata/airavata_sym.jks -credential.store.keystore.alias=airavata -credential.store.keystore.password=airavata +credential.store.keystore.url={{ keystores_location }}/{{ cred_keystore }} +credential.store.keystore.alias={{ cred_keystore_alias }} +credential.store.keystore.password={{ cred_keystore_passwd }} credential.store.jdbc.url=jdbc:mysql://{{ db_server }}:3306/{{ credential_store }} credential.store.jdbc.user={{ db_user }} credential.store.jdbc.password={{ db_password }} credential.store.jdbc.driver=com.mysql.jdbc.Driver credential.store.server.host={{ cred_store_server_host }} -credential.store.server.port=8960 +credential.store.server.port={{ cred_store_port }} credentialstore=org.apache.airavata.credential.store.server.CredentialStoreServer # these properties used by credential store email notifications @@ -250,23 +246,23 @@ rabbitmq.exchange.name=airavata_rabbitmq_exchange # Zookeeper Server Configuration ########################################################################### embedded.zk=false -zookeeper.server.connection=localhost:2181 +zookeeper.server.connection={{ zookeeper_url }} zookeeper.timeout=30000 ######################################################################## ## API Security Configuration ######################################################################## -api.secured=true +api.secured={{ api_secured }} security.manager.class=org.apache.airavata.api.server.security.DefaultAiravataSecurityManager ### TLS related configuration #### -TLS.enabled=true -TLS.api.server.port=9930 +TLS.enabled={{ tls_enable }} +TLS.api.server.port={{ api_server_tls_port }} TLS.client.timeout=10000 #### keystore configuration #### -keystore.path={{ key_stores_location }}/{{ key_store }} -keystore.password=airavata +keystore.path={{ keystores_location }}/{{ keystore }} +keystore.password={{ keystore_passwd }} #### trust store configuration #### -trust.store={{ key_stores_location }}/{{ cred_key_store }} +trust.store={{ keystores_location }}/{{ client_truststore }} trust.store.password=airavata #### remote authorization server url #### remote.oauth.authorization.server=https://idp.scigap.org:9443/services/ http://git-wip-us.apache.org/repos/asf/airavata/blob/2b6f220a/roles/gfac/vars/main.yml ---------------------------------------------------------------------- diff --git a/roles/gfac/vars/main.yml b/roles/gfac/vars/main.yml deleted file mode 100644 index f5451c3..0000000 --- a/roles/gfac/vars/main.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- -# Gfac related variables -gfac_dir: "{{ deployment_dir }}/gfac-instance" http://git-wip-us.apache.org/repos/asf/airavata/blob/2b6f220a/roles/pga/tasks/main.yml ---------------------------------------------------------------------- diff --git a/roles/pga/tasks/main.yml b/roles/pga/tasks/main.yml index ae08942..05bca80 100644 --- a/roles/pga/tasks/main.yml +++ b/roles/pga/tasks/main.yml @@ -1,35 +1,44 @@ --- -# - name: Create a new user group "{{ pga_group }}" -# group: name={{ pga_group }} -# # tags: user -# -# - name: Create a new user "{{ pga_user }}" -# user: name={{ pga_user }} group={{ pga_group }} -# # tags: user +- name: Create root directory + file: path="{{ doc_root_dir }}" state=directory + become: yes - name: Install pre-requireties yum: name="{{ item }}" state=latest update_cache=yes with_items: - git - httpd - - php-soap - php - - composer + - php-soap - php-mcrypt - - firewalld + - libselinux-python + - composer + become: yes -# This doesn't work sometimes, make sure selinux is dissabled in remote machine # - name: Allow selinux outbound connection from web server # command: setsebool -P httpd_can_network_connect 1 -- name: Create root directory - file: path="{{ doc_root_dir }}" state=directory +- name: install composer + yum: name=composer state=latest update_cache=yes + become: yes - name: Git clone php gateway - git: repo=https://github.com/apache/airavata-php-gateway.git dest="{{ doc_root_dir }}" version=master + git: repo=https://github.com/apache/airavata-php-gateway.git + dest="{{ doc_root_dir }}" version=master + become: yes + + #Make sure selinux is dissabled in remote machine +- name: Disable selinux + selinux: state=disabled + become: yes - name: Run composer update - command: composer update chdir="{{ doc_root_dir }}" + composer: command=update working_dir="{{ doc_root_dir }}" + become: yes + +# - name: Run composer update +# command: composer update chdir="{{ doc_root_dir }}" +# become: yes - name: Create user data dir {{ user_data_dir }} file: path="{{ user_data_dir }}" state=directory @@ -38,6 +47,7 @@ - name: Copy pga config file template: src=pga_config.php.j2 dest="{{ doc_root_dir }}/app/config/pga_config.php" + # do we need to change permissions for root user? # - name: Change storage permissions to g+rwx # acl: name="{{ doc_root_dir }}/app/storage" entity="{{ pga_group }}" etype=group permissions="rwx" state=present @@ -45,22 +55,22 @@ # Ignored step 8,9 in doc by assuming selinux is dissabled in remote machine # TODO: stop iptables service, can't have both iptables and firewalld on same host -- name: Stop iptables, ip6tables services - service: name="{{ item }}" state=stopped - with_items: - - iptables - - ip6tables +# - name: Stop iptables, ip6tables services +# service: name="{{ item }}" state=stopped +# with_items: +# - iptables +# - ip6tables - name: Start firewalld service service: name=firewalld state=started + become: yes - name: Eanble https and http service on public zone firewalld: service="{{ item }}" permanent=true state=enabled zone=public immediate=True with_items: - http - https + become: yes - name: Edit file lineinfile: dest="{{ httpd_conf_file }}" regexp=^AllowOverride line="AllowOverride All" - -... http://git-wip-us.apache.org/repos/asf/airavata/blob/2b6f220a/roles/rabbitmq/handlers/main.yml ---------------------------------------------------------------------- diff --git a/roles/rabbitmq/handlers/main.yml b/roles/rabbitmq/handlers/main.yml index 5ce5a59..fef807a 100644 --- a/roles/rabbitmq/handlers/main.yml +++ b/roles/rabbitmq/handlers/main.yml @@ -1,7 +1,7 @@ --- # Rabbitmq related handlers - name: start rabbitmq - service: name=rabbitmq-server state=started + service: name=rabbitmq-server state=started enabled=yes become: yes - name: stop rabbitmq @@ -9,5 +9,5 @@ become: yes - name: restart rabbitmq - service: name=rabbitmq-server state=restarted + service: name=rabbitmq-server state=restarted enabled=yes become: yes http://git-wip-us.apache.org/repos/asf/airavata/blob/2b6f220a/roles/rabbitmq/tasks/main.yml ---------------------------------------------------------------------- diff --git a/roles/rabbitmq/tasks/main.yml b/roles/rabbitmq/tasks/main.yml index b487737..f44a0a6 100644 --- a/roles/rabbitmq/tasks/main.yml +++ b/roles/rabbitmq/tasks/main.yml @@ -29,7 +29,7 @@ become: yes - name: Start Rabbitmq server - service: name=rabbitmq-server state=started + service: name=rabbitmq-server state=started enabled=yes become: yes - name: Enable rabbitmq management plugin http://git-wip-us.apache.org/repos/asf/airavata/blob/2b6f220a/roles/zookeeper/handlers/main.yml ---------------------------------------------------------------------- diff --git a/roles/zookeeper/handlers/main.yml b/roles/zookeeper/handlers/main.yml index 5f30254..daefebe 100644 --- a/roles/zookeeper/handlers/main.yml +++ b/roles/zookeeper/handlers/main.yml @@ -1,6 +1,6 @@ --- - name: start zookeeper - service: name=zookeeper state=started + service: name=zookeeper state=started enabled=yes become: yes - name: stop zookeeper @@ -8,5 +8,5 @@ become: yes - name: restart zookeeper - service: name=zookeeper state=restarted + service: name=zookeeper state=restarted enabled=yes become: yes http://git-wip-us.apache.org/repos/asf/airavata/blob/2b6f220a/roles/zookeeper/vars/main.yml ---------------------------------------------------------------------- diff --git a/roles/zookeeper/vars/main.yml b/roles/zookeeper/vars/main.yml index 825f26f..a3e10db 100644 --- a/roles/zookeeper/vars/main.yml +++ b/roles/zookeeper/vars/main.yml @@ -5,7 +5,7 @@ zookeeper_version: 3.4.8 zookeeper_url: http://www.us.apache.org/dist/zookeeper/zookeeper-{{zookeeper_version}}/zookeeper-{{zookeeper_version}}.tar.gz apt_cache_timeout: 3600 -client_port: 2181 +client_port: "{{ zookeeper_client_port }}" init_limit: 5 sync_limit: 2 tick_time: 2000 http://git-wip-us.apache.org/repos/asf/airavata/blob/2b6f220a/site.yml ---------------------------------------------------------------------- diff --git a/site.yml b/site.yml index 6dd294e..a9472dd 100644 --- a/site.yml +++ b/site.yml @@ -13,10 +13,24 @@ - env_setup - rabbitmq +- hosts: database + tags: mysql + roles: + - env_setup + - database + +- hosts: wso2is + tags: wso2is + roles: + - env_setup + - java + - wso2_is + - hosts: gfac tags: gfac, airavata roles: - env_setup + - java - common - gfac @@ -24,24 +38,14 @@ tags: api-orch, airavata roles: - env_setup + - java - common - api-orch - hosts: pga tags: pga roles: - - pga - -- hosts: database - tags: mysql - roles: - env_setup - - database + - pga -- hosts: wso2is - tags: wso2is - roles: - - env_setup - - java - - wso2_is ...
