http://git-wip-us.apache.org/repos/asf/airavata/blob/514567c8/dev-tools/ansible/roles/pga/templates/pga_config.php.j2 ---------------------------------------------------------------------- diff --cc dev-tools/ansible/roles/pga/templates/pga_config.php.j2 index 0000000,0000000..7b38575 new file mode 100644 --- /dev/null +++ b/dev-tools/ansible/roles/pga/templates/pga_config.php.j2 @@@ -1,0 -1,0 +1,248 @@@ ++<?php ++return array( ++ /** ++ * ***************************************************************** ++ * WSO2 Identity Server Related Configurations ++ * ***************************************************************** ++ */ ++ ++ 'wsis' => [ ++ ++ /** ++ * Admin Role Name ++ */ ++ 'admin-role-name' => 'admin', ++ ++ /** ++ * Read only Admin Role Name ++ */ ++ 'read-only-admin-role-name' => 'admin-read-only', ++ ++ /** ++ * Gateway user role ++ */ ++ 'user-role-name' => 'gateway-user', ++ ++ /** ++ * Tenant Domain ++ */ ++ 'tenant-domain' => '{{ tenant_domain }}', ++ ++ /** ++ * Tenant admin's username ++ */ ++ 'admin-username' => '{{ admin_username }}', ++ ++ /** ++ * Tenant admin's password ++ */ ++ 'admin-password' => '{{ admin_password }}', ++ ++ /** ++ * OAuth client key ++ */ ++ 'oauth-client-key' => '{{ oauth_client_key }}', ++ ++ /** ++ * OAuth client secret ++ */ ++ 'oauth-client-secret' => '{{ oauth_client_secret }}', ++ ++ /** ++ * OAuth Grant Type (password or authorization_code) ++ */ ++ 'oauth-grant-type' => 'password', ++ ++ /** ++ * Identity server domain ++ */ ++ 'server' => 'idp.scigap.org', ++ ++ /** ++ * Identity server url ++ */ ++ 'service-url' => 'https://idp.scigap.org:9443/', ++ ++ /** ++ * Enable HTTPS server verification ++ */ ++ 'verify-peer' => true, ++ ++ /** ++ * Path to the server certificate file ++ */ ++ 'cafile-path' => app_path() . '/resources/security/idp_scigap_org.pem', ++ ++ /** ++ * Allow self signed server certificates ++ */ ++ 'allow-self-signed-cert' => false ++ ], ++ ++ ++ /** ++ * ***************************************************************** ++ * Airavata Client Configurations ++ * ***************************************************************** ++ */ ++ 'airavata' => [ ++ ++ /** ++ * Airavata API server location. Use tls:// as the protocol to ++ * connect TLS enabled Airavata ++ */ ++ 'airavata-server' => '{{ airavata_server }}', ++ ++ /** ++ * Airavata API server port ++ */ ++ 'airavata-port' => '{{ airavata_port }}', ++ ++ /** ++ * Airavata API server thrift communication timeout ++ */ ++ 'airavata-timeout' => '1000000', ++ ++ /** ++ * PGA Gateway ID ++ */ ++ 'gateway-id' => '{{ gateway_id }}', ++ ++ /** ++ * Maximum size of a file which is allowed to upload to the server ++ */ ++ 'server-allowed-file-size' => 64, ++ ++ /** ++ * absolute path of the data dir ++ */ ++ 'experiment-data-absolute-path' => '{{ experiment_data_dir }}', ++ ++ /** ++ * Advanced experiments options ++ */ ++ 'advanced-experiment-options' => '', ++ ++ /** ++ * Default queue name ++ */ ++ 'queue-name' => 'long', ++ ++ /** ++ * Default node count ++ */ ++ 'node-count' => '1', ++ ++ /** ++ * Default total core count ++ */ ++ 'total-cpu-count' => '16', ++ ++ /** ++ * Default wall time limit ++ */ ++ 'wall-time-limit' => '30', ++ ++ /** ++ * Enable app-catalog cache ++ */ ++ 'enable-app-catalog-cache' => true, ++ ++ /** ++ * Life time of app catalog data cache in minutes ++ */ ++ 'app-catalog-cache-duration' => 5, ++ ++ /** ++ * Gateway data store resource id ++ */ ++ 'gateway-data-store-resource-id' => '{{ gateway_data_store_resource_id }}', ++ ++ /** ++ * Data Sharing enabled ++ */ ++ 'data-sharing-enabled' => false ++ ], ++ ++ /** ++ * ***************************************************************** ++ * Portal Related Configurations ++ * ***************************************************************** ++ */ ++ 'portal' => [ ++ /** ++ * Whether this portal is the SciGaP admin portal ++ */ ++ 'super-admin-portal' => {{ super_admin_portal }}, ++ ++ /** ++ * Set the name of theme in use here ++ */ ++ 'theme' => 'base', ++ ++ /** ++ * Portal title ++ */ ++ 'portal-title' => 'Airavata PHP Gateway', ++ ++ /** ++ * Email address of the portal admin. Portal admin well get email notifications for events ++ * such as new user creation ++ */ ++ 'admin-emails' => [{{ admin_emails }}], ++ ++ /** ++ * Email account that the portal should login to send emails ++ */ ++ 'portal-email-username' => '{{ portal_email_username }}', ++ ++ /** ++ * Password for the portal's email account ++ */ ++ 'portal-email-password' => '{{ portal_email_password }}', ++ ++ /** ++ * SMTP server on which the portal should connect ++ */ ++ 'portal-smtp-server-host' => 'smtp.gmail.com', ++ ++ /** ++ * SMTP server port on which the portal should connect ++ */ ++ 'portal-smtp-server-port' => '587', ++ ++ /** ++ * Set JIRA Issue Collector scripts here. ++ */ ++ 'jira-help' => ++ [ ++ /** ++ * Report Issue Script issued for your app by Atlassian JIRA ++ */ ++ 'report-issue-script' => '', ++ /** ++ * Collector id at the end of the above script ++ */ ++ 'report-issue-collector-id' => '', ++ /** ++ * Create Report Script issued for your app by Atlassian JIRA ++ */ ++ 'request-feature-script' => '', ++ /** ++ * Collector id at the end of the above script ++ */ ++ 'request-feature-collector-id' => '' ++ ], ++ ++ /** ++ * Set Google Analytics Id here. ID format that generates from ++ * creating tracker object should be ++ * ++ * UA-XXXXX-Y ++ * ++ * for it to be working correctly. Currently it is only set for ++ * sending pageviews. ++ */ ++ 'google-analytics-id' => '' ++ ] ++);
http://git-wip-us.apache.org/repos/asf/airavata/blob/514567c8/dev-tools/ansible/roles/pga/vars/main.yml ---------------------------------------------------------------------- diff --cc dev-tools/ansible/roles/pga/vars/main.yml index 0000000,0000000..298e897 new file mode 100644 --- /dev/null +++ b/dev-tools/ansible/roles/pga/vars/main.yml @@@ -1,0 -1,0 +1,30 @@@ ++--- ++pga_user: "pga" ++pga_group: "pga" ++doc_root_dir: "/var/www/html/php-gateway" ++user_data_dir: "/var/www/user_data" ++#httpd_conf_file: "/etc/httpd/conf/httpd.conf" ++httpd_conf_file_location: "/etc/httpd/conf" ++ ++## WSO2 IS related variables ++tenant_domain: "prod.testdrive" ++admin_username: "tdaadmin" ++admin_password: "SciDeploy" ++oauth_client_key: "RuLl_Uw7i_KXaLoAGJkiasTfyBYa" ++oauth_client_secret: "vD9yi2ANkChzgWiih3RahrIcfsoa" ++ ++## Airavata Client related variables ++#airavata_server: "tls://gw77.iu.xsede.org" ++airavata_server: "{{ groups['api-orch'][0] }}" ++airavata_port: "8930" ++gateway_id: "{{ default_gateway }}" ++# relative to document root dir ++experiment_data_dir: "{{ user_data_dir }}" ++gateway_data_store_resource_id: "js-170-103.jetstream-cloud.org_6497a464-3121-4b64-a7cb-d195b0a26c19" ++ ++## Portal related variables ++super_admin_portal: "true" ++admin_emails: "'[email protected]'" ++portal_email_username: "[email protected]" ++portal_email_password: "airavata12" ++... http://git-wip-us.apache.org/repos/asf/airavata/blob/514567c8/dev-tools/ansible/roles/rabbitmq/handlers/main.yml ---------------------------------------------------------------------- diff --cc dev-tools/ansible/roles/rabbitmq/handlers/main.yml index 0000000,0000000..fef807a new file mode 100644 --- /dev/null +++ b/dev-tools/ansible/roles/rabbitmq/handlers/main.yml @@@ -1,0 -1,0 +1,13 @@@ ++--- ++# Rabbitmq related handlers ++- name: start rabbitmq ++ service: name=rabbitmq-server state=started enabled=yes ++ become: yes ++ ++- name: stop rabbitmq ++ service: name=rabbitmq-server state=stopped ++ become: yes ++ ++- name: restart rabbitmq ++ service: name=rabbitmq-server state=restarted enabled=yes ++ become: yes http://git-wip-us.apache.org/repos/asf/airavata/blob/514567c8/dev-tools/ansible/roles/rabbitmq/tasks/main.yml ---------------------------------------------------------------------- diff --cc dev-tools/ansible/roles/rabbitmq/tasks/main.yml index 0000000,0000000..f44a0a6 new file mode 100644 --- /dev/null +++ b/dev-tools/ansible/roles/rabbitmq/tasks/main.yml @@@ -1,0 -1,0 +1,60 @@@ ++--- ++################################################################################ ++# Setup and run rabbitmq ++- name: Install erlang latest version ++ yum: name=https://www.rabbitmq.com/releases/erlang/erlang-18.3-1.el7.centos.x86_64.rpm state=present ++ become: yes ++ ++- name: Install Rabbitmq rpm ++ yum: name=https://www.rabbitmq.com/releases/rabbitmq-server/v3.6.3/rabbitmq-server-3.6.3-1.noarch.rpm state=present ++ become: yes ++ ++ # add hostname to /etc/hosts file ++- name: get ip4 address ++ # command: dig +short myip.opendns.com @resolver1.opendns.com ++ command: hostname -i ++ register: _ip4 ++ ++- name: open rabbitmq ports ++ firewalld: port={{ item }} zone=public permanent=true state=enabled immediate=yes ++ with_items: ++ - "{{ rabbitmq_port }}/tcp" ++ - "{{ management_plugin_port }}/tcp" ++ become: yes ++ ++- name: Edit /etc/hosts file ++ lineinfile: dest=/etc/hosts line="{{ _ip4.stdout }} {{ ansible_fqdn }}" ++ notify: ++ - restart rabbitmq ++ become: yes ++ ++- name: Start Rabbitmq server ++ service: name=rabbitmq-server state=started enabled=yes ++ become: yes ++ ++- name: Enable rabbitmq management plugin ++ rabbitmq_plugin: names=rabbitmq_management state=enabled ++ notify: ++ - restart rabbitmq ++ become: yes ++ ++- name: Create rabbitmq vhost {{ rabbitmq_vhost }} ++ rabbitmq_vhost: name="{{ rabbitmq_vhost }}" state=present ++ become: yes ++ ++- name: Add user {{ rabbitmq_user }} to vhost {{ rabbitmq_vhost }} and give permission ++ rabbitmq_user: user="{{ rabbitmq_user }}" ++ password="{{ rabbitmq_password }}" ++ vhost="{{ rabbitmq_vhost }}" ++ tags="administrator" ++ configure_priv=.* ++ read_priv=.* ++ write_priv=.* ++ state=present ++ become: yes ++ ++- name: restart rabbitmq ++ service: name=rabbitmq-server state=restarted ++ become: yes ++ ++... http://git-wip-us.apache.org/repos/asf/airavata/blob/514567c8/dev-tools/ansible/roles/rabbitmq/vars/main.yml ---------------------------------------------------------------------- diff --cc dev-tools/ansible/roles/rabbitmq/vars/main.yml index 0000000,0000000..c5ab904 new file mode 100644 --- /dev/null +++ b/dev-tools/ansible/roles/rabbitmq/vars/main.yml @@@ -1,0 -1,0 +1,2 @@@ ++--- ++management_plugin_port: "15672" http://git-wip-us.apache.org/repos/asf/airavata/blob/514567c8/dev-tools/ansible/roles/registry/files/mysql-connector-java-5.1.37-bin.jar ---------------------------------------------------------------------- diff --cc dev-tools/ansible/roles/registry/files/mysql-connector-java-5.1.37-bin.jar index 0000000,0000000..465af67 new file mode 100644 Binary files differ http://git-wip-us.apache.org/repos/asf/airavata/blob/514567c8/dev-tools/ansible/roles/registry/tasks/main.yml ---------------------------------------------------------------------- diff --cc dev-tools/ansible/roles/registry/tasks/main.yml index 0000000,0000000..9bd2784 new file mode 100644 --- /dev/null +++ b/dev-tools/ansible/roles/registry/tasks/main.yml @@@ -1,0 -1,0 +1,59 @@@ ++--- ++ ++################################################################################ ++- name: Create registry deployment directory ++ file: path="{{ registry_dir }}" state=directory owner={{ user }} group={{ group }} ++ when: build|success ++ ++- name: Check previous deployments ++ stat: path="{{ registry_dir }}/{{ airavata_dist }}" get_md5=no get_checksum=no ++ register: check ++ ++- name: stop registry ++ command: ./bin/airavata-server-stop.sh -f ++ chdir="{{ registry_dir }}/{{ airavata_dist }}/" ++ removes="{{ registry_dir }}/{{ airavata_dist }}/bin/server_start_*" ++ when: check.stat.exists == True ++ ++- name: Delete previous deployments ++ file: path="{{ registry_dir }}/{{ airavata_dist }}" state=absent ++ ++- name: Copy distribution to registry deployment directory ++ unarchive: src="{{ airavata_source_dir }}/modules/distribution/target/{{ airavata_dist_name }}" ++ dest="{{ registry_dir }}/" ++ copy=no ++ ++- name: set gfac private ip ++ set_fact: ++ registry_host: "{{ ansible_eth0.ipv4.address }}" ++ ++- name: Copy Airavata server properties file ++ template: src=airavata-server.properties.j2 ++ dest="{{ registry_dir }}/{{ airavata_dist }}/bin/airavata-server.properties" ++ owner={{ user }} ++ group={{ group }} ++ mode="u=rw,g=r,o=r" ++ ++- name: Copy Mysql jar to lib ++ copy: src="{{ mysql_connector_jar }}" ++ dest="{{ registry_dir }}/{{ airavata_dist }}/lib/{{ mysql_connector_jar }}" ++ owner={{ user }} ++ group={{ group }} ++ ++ ++- name: Open firwall ports ++ firewalld: port="{{ registry_port }}/tcp" zone=public permanent=true state=enabled immediate=yes ++ become_user: root ++ ++- name: stop registry ++ command: ./bin/airavata-server-stop.sh -f ++ chdir="{{ registry_dir }}/{{ airavata_dist }}/" ++ removes="{{ registry_dir }}/{{ airavata_dist }}/bin/server_start_*" ++ ++- name: start registry ++ command: ./bin/airavata-server-start.sh regserver -d ++ chdir="{{ registry_dir }}/{{ airavata_dist }}/" ++ creates="{{ registry_dir }}/{{ airavata_dist }}/bin/server_start_*" ++ ++ ++... http://git-wip-us.apache.org/repos/asf/airavata/blob/514567c8/dev-tools/ansible/roles/registry/templates/airavata-server.properties.j2 ---------------------------------------------------------------------- diff --cc dev-tools/ansible/roles/registry/templates/airavata-server.properties.j2 index 0000000,0000000..b8d093e new file mode 100644 --- /dev/null +++ b/dev-tools/ansible/roles/registry/templates/airavata-server.properties.j2 @@@ -1,0 -1,0 +1,281 @@@ ++# ++# ++# Licensed to the Apache Software Foundation (ASF) under one ++# or more contributor license agreements. See the NOTICE file ++# distributed with this work for additional information ++# regarding copyright ownership. The ASF licenses this file ++# to you under the Apache License, Version 2.0 (the ++# "License"); you may not use this file except in compliance ++# with the License. You may obtain a copy of the License at ++# ++# http://www.apache.org/licenses/LICENSE-2.0 ++# ++# Unless required by applicable law or agreed to in writing, ++# software distributed under the License is distributed on an ++# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY ++# KIND, either express or implied. See the License for the ++# specific language governing permissions and limitations ++# under the License. ++# ++ ++########################################################################### ++# ++# This properties file provides configuration for all Airavata Services: ++# API Server, Registry, Workflow Interpreter, GFac, Orchestrator ++# ++########################################################################### ++ ++########################################################################### ++# API Server Registry Configuration ++########################################################################### ++ ++#for derby [AiravataJPARegistry] ++#registry.jdbc.driver=org.apache.derby.jdbc.ClientDriver ++#registry.jdbc.url=jdbc:derby://localhost:1527/experiment_catalog;create=true;user=airavata;password=airavata ++# MySql database configuration ++registry.jdbc.driver=com.mysql.jdbc.Driver ++registry.jdbc.url=jdbc:mysql://{{ db_server }}:{{ db_server_port }}/{{ exp_catalog }} ++registry.jdbc.user={{ db_user }} ++registry.jdbc.password={{ db_password }} ++#FIXME: Probably the following property should be removed. ++start.derby.server.mode=false ++validationQuery=SELECT 1 from CONFIGURATION ++cache.enable=false ++jpa.cache.size=-1 ++#jpa.connection.properties=MaxActive=10,MaxIdle=5,MinIdle=2,MaxWait=60000,testWhileIdle=true,testOnBorrow=true ++enable.sharing={{enable_sharing}} ++ ++# Properties for default user mode ++default.registry.user=admin ++default.registry.password=admin ++default.registry.password.hash.method=SHA ++default.registry.gateway={{ default_gateway }} ++ ++########################################################################### ++# Application Catalog DB Configuration ++########################################################################### ++#for derby [AiravataJPARegistry] ++#appcatalog.jdbc.driver=org.apache.derby.jdbc.ClientDriver ++#appcatalog.jdbc.url=jdbc:derby://localhost:1527/app_catalog;create=true;user=airavata;password=airavata ++# MySql database configuration ++appcatalog.jdbc.driver=com.mysql.jdbc.Driver ++appcatalog.jdbc.url=jdbc:mysql://{{ db_server }}:3306/{{ app_catalog }} ++appcatalog.jdbc.user={{ db_user }} ++appcatalog.jdbc.password={{ db_password }} ++appcatalog.validationQuery=SELECT 1 from CONFIGURATION ++ ++########################################################################## ++# Replica Catalog DB Configuration ++########################################################################### ++#for derby [AiravataJPARegistry] ++#replicacatalog.jdbc.driver=org.apache.derby.jdbc.ClientDriver ++#replicacatalog.jdbc.url=jdbc:derby://localhost:1527/replica_catalog;create=true;user=airavata;password=airavata ++# MySql database configuration ++replicacatalog.jdbc.driver=com.mysql.jdbc.Driver ++replicacatalog.jdbc.url=jdbc:mysql://{{ db_server }}:3306/{{ replica_catalog }} ++replicacatalog.jdbc.user={{ db_user }} ++replicacatalog.jdbc.password={{ db_password }} ++replicacatalog.validationQuery=SELECT 1 from CONFIGURATION ++ ++########################################################################### ++# Workflow Catalog DB Configuration ++########################################################################### ++#for derby [AiravataJPARegistry] ++#workflowcatalog.jdbc.driver=org.apache.derby.jdbc.ClientDriver ++#workflowcatalog.jdbc.url=jdbc:derby://localhost:1527/workflow_catalog;create=true;user=airavata;password=airavata ++# MySql database configuration ++workflowcatalog.jdbc.driver=com.mysql.jdbc.Driver ++workflowcatalog.jdbc.url=jdbc:mysql://{{ db_server }}:3306/{{ replica_catalog }} ++workflowcatalog.jdbc.user={{ db_user }} ++workflowcatalog.jdbc.password={{ db_password }} ++workflowcatalog.validationQuery=SELECT 1 from CONFIGURATION ++ ++########################################################################### ++# User Profile MongoDB Configuration ++########################################################################### ++userprofile.mongodb.host=localhost ++userprofile.mongodb.port=27017 ++ ++ ++########################################################################### ++# Server module Configuration ++########################################################################### ++#credential store server should be started before API server ++#This is obsolete property with new script files. ++#servers=credentialstore,apiserver,orchestrator ++ ++ ++########################################################################### ++# API Server Configurations ++########################################################################### ++apiserver=org.apache.airavata.api.server.AiravataAPIServer ++apiserver.name={{ api_server_name }} ++apiserver.host={{ api_server_host }} ++apiserver.port={{ api_server_port }} ++apiserver.min.threads=50 ++ ++########################################################################### ++# Orchestrator Server Configurations ++########################################################################### ++orchestrator=org.apache.airavata.orchestrator.server.OrchestratorServer ++orchestrator.server.name={{ orchestrator_name }} ++orchestrator.server.host={{ orchestrator_host }} ++orchestrator.server.port={{ orchestrator_port }} ++orchestrator.server.min.threads=50 ++job.validators=org.apache.airavata.orchestrator.core.validator.impl.BatchQueueValidator,org.apache.airavata.orchestrator.core.validator.impl.ExperimentStatusValidator ++submitter.interval=10000 ++threadpool.size=10 ++start.submitter=true ++embedded.mode=true ++enable.validation=true ++ ++########################################################################### ++# Registry Server Configurations ++########################################################################### ++regserver=org.apache.airavata.registry.api.service.RegistryAPIServer ++regserver.server.name={{registry_name}} ++regserver.server.host={{registry_host}} ++regserver.server.port={{registry_port}} ++regserver.server.min.threads=50 ++ ++########################################################################### ++# GFac Server Configurations ++########################################################################### ++gfac=org.apache.airavata.gfac.server.GfacServer ++gfac.server.name={{ gfac_name }} ++gfac.server.host={{ gfac_host }} ++gfac.server.port={{ gfac_port }} ++gfac.thread.pool.size=50 ++host.scheduler=org.apache.airavata.gfac.impl.DefaultHostScheduler ++ ++ ++ ++########################################################################### ++# Airavata Workflow Interpreter Configurations ++########################################################################### ++workflowserver=org.apache.airavata.api.server.WorkflowServer ++enactment.thread.pool.size=10 ++ ++#to define custom workflow parser user following property ++#workflow.parser=org.apache.airavata.workflow.core.parser.AiravataWorkflowBuilder ++ ++ ++ ++########################################################################### ++# Job Scheduler can send informative email messages to you about the status of your job. ++# Specify a string which consists of either the single character "n" (no mail), or one or more ++# of the characters "a" (send mail when job is aborted), "b" (send mail when job begins), ++# and "e" (send mail when job terminates). The default is "a" if not specified. ++########################################################################### ++ ++job.notification.enable=true ++#Provide comma separated email ids as a string if more than one ++job.notification.emailids= ++job.notification.flags=abe ++ ++########################################################################### ++# Credential Store module Configuration ++########################################################################### ++credential.store.keystore.url={{ keystores_location }}/{{ cred_keystore }} ++credential.store.keystore.alias={{ cred_keystore_alias }} ++credential.store.keystore.password={{ cred_keystore_passwd }} ++credential.store.jdbc.url=jdbc:mysql://{{ db_server }}:3306/{{ credential_store }} ++credential.store.jdbc.user={{ db_user }} ++credential.store.jdbc.password={{ db_password }} ++credential.store.jdbc.driver=com.mysql.jdbc.Driver ++credential.store.server.host={{ cred_store_server_host }} ++credential.store.server.port={{ cred_store_port }} ++credentialstore=org.apache.airavata.credential.store.server.CredentialStoreServer ++credential.stroe.jdbc.validationQuery=SELECT 1 from CONFIGURATION ++ ++# these properties used by credential store email notifications ++email.server=smtp.googlemail.com ++email.server.port=465 ++email.user=airavata ++email.password=xxx ++email.ssl=true [email protected] ++ ++# SSH PKI key pair or ssh password can be used SSH based sshKeyAuthentication is used. ++# if user specify both password sshKeyAuthentication gets the higher preference ++ ++################# ---------- For ssh key pair sshKeyAuthentication ------------------- ################ ++#ssh.public.key=/path to public key for ssh ++#ssh.private.key=/path to private key file for ssh ++#ssh.keypass=passphrase for the private key ++#ssh.username=username for ssh connection ++## If you set "yes" for ssh.strict.hostKey.checking, then you must provide known hosts file path ++#ssh.strict.hostKey.checking=yes/no ++#ssh.known.hosts.file=/path to known hosts file ++### Incase of password sshKeyAuthentication. ++#ssh.password=Password for ssh connection ++ ++################ ---------- BES Properties ------------------- ############### ++#bes.ca.cert.path=<location>/certificates/cacert.pem ++#bes.ca.key.path=<location>/certificates/cakey.pem ++#bes.ca.key.pass=passphrase ++ ++########################################################################### ++# Monitoring module Configuration ++########################################################################### ++ ++#This will be the primary monitoring tool which runs in airavata, in future there will be multiple monitoring ++#mechanisms and one would be able to start a monitor ++monitors=org.apache.airavata.gfac.monitor.impl.pull.qstat.QstatMonitor,org.apache.airavata.gfac.monitor.impl.LocalJobMonitor ++ ++#These properties will used to enable email base monitoring ++email.based.monitor.host=imap.gmail.com ++email.based.monitor.address={{ monitor_email_address }} ++email.based.monitor.password={{ monitor_email_password }} ++email.based.monitor.folder.name=INBOX ++# either imaps or pop3 ++email.based.monitor.store.protocol=imaps ++#These property will be used to query the email server periodically. value in milliseconds(ms). ++email.based.monitoring.period=10000 ++ ++########################################################################### ++# AMQP Notification Configuration ++########################################################################### ++#for simple scenarios we can use the guest user ++#rabbitmq.broker.url=amqp://localhost:5672 ++#for production scenarios, give url as amqp://userName:password@hostName:portNumber/virtualHost, create user, virtualhost ++# and give permissions, refer: http://blog.dtzq.com/2012/06/rabbitmq-users-and-virtual-hosts.html ++rabbitmq.broker.url={{ rabbitmq_broker_url }} ++rabbitmq.status.exchange.name=status_exchange ++rabbitmq.process.exchange.name=process_exchange ++rabbitmq.experiment.exchange.name=experiment_exchange ++durable.queue=false ++prefetch.count=200 ++process.launch.queue.name=process.launch.queue ++experiment.launch..queue.name=experiment.launch.queue ++ ++########################################################################### ++# Zookeeper Server Configuration ++########################################################################### ++embedded.zk=false ++zookeeper.server.connection={{ zookeeper_url }} ++zookeeper.timeout=30000 ++ ++######################################################################## ++## API Security Configuration ++######################################################################## ++api.secured={{ api_secured }} ++security.manager.class=org.apache.airavata.api.server.security.DefaultAiravataSecurityManager ++### TLS related configuration #### ++TLS.enabled={{ tls_enable }} ++TLS.api.server.port={{ api_server_tls_port }} ++TLS.client.timeout=10000 ++#### keystore configuration #### ++keystore.path={{ keystores_location }}/{{ keystore }} ++keystore.password={{ keystore_passwd }} ++#### trust store configuration #### ++trust.store={{ keystores_location }}/{{ client_truststore }} ++trust.store.password=airavata ++#### remote authorization server url #### ++remote.oauth.authorization.server=https://idp.scigap.org:9443/services/ ++#### xacml based authorization policy #### ++authorization.policy=airavata-default-xacml-policy ++#### authorization cache related configuration #### ++authz.cache.enabled=true ++authz.cache.manager.class=org.apache.airavata.api.server.security.authzcache.DefaultAuthzCacheManager ++in.memory.cache.size=1000 http://git-wip-us.apache.org/repos/asf/airavata/blob/514567c8/dev-tools/ansible/roles/wso2_is/tasks/main.yml ---------------------------------------------------------------------- diff --cc dev-tools/ansible/roles/wso2_is/tasks/main.yml index 0000000,0000000..1e506c2 new file mode 100644 --- /dev/null +++ b/dev-tools/ansible/roles/wso2_is/tasks/main.yml @@@ -1,0 -1,0 +1,41 @@@ ++--- ++- name: install role pre-requireties ++ yum: name=unzip state=latest update_cache=yes ++ become: yes ++ ++# downlaod wso2 is ++# extract it ++# - name: Download and unarchive wso2 is ++# unarchive: src="{{ zookeeper_url }}" dest="{{ user_home }}" copy=no owner="{{ user }}" group="{{ group }}" ++# for now wso2is from localhost ++ ++- name: copy WSO2 IS ++ unarchive: > ++ src="{{ wso2_is_dist }}" ++ dest="{{ user_home }}/" ++ owner="{{ user }}" ++ group="{{ group }}" ++ creates="{{ user_home }}/{{ wso2_is_dir }}/bin/wso2server.sh" ++ ++- name: copy carbon.xml ++ template: > ++ src=carbon.xml.j2 ++ dest="{{ user_home }}/{{ wso2_is_dir }}/repository/conf/carbon.xml" ++ owner="{{ user }}" ++ group="{{ group }}" ++ mode="u=rw,g=r,o=r" ++ ++- name: open carabon management console port ++ firewalld: port=9443/tcp zone=public permanent=true state=enabled immediate=yes ++ become: yes ++ ++# start wso2 is server ++- name: start wso2 is ++ command: ./bin/wso2server.sh start chdir="{{ user_home }}/{{ wso2_is_dir }}/" creates="{{ user_home }}/{{ wso2_is_dir }}/wso2carbon.pid" ++ environment: ++ JAVA_HOME: "{{ java_home }}" ++ ++# - name: stop wso2 is ++ # command: ./bin/airavata-server-stop.sh -f chdir="{{ gfac_dir }}/{{ airavata_dist }}/" removes="{{ gfac_dir }}/{{ airavata_dist }}/bin/server_start_*" ++ ++... http://git-wip-us.apache.org/repos/asf/airavata/blob/514567c8/dev-tools/ansible/roles/wso2_is/templates/carbon.xml.j2 ---------------------------------------------------------------------- diff --cc dev-tools/ansible/roles/wso2_is/templates/carbon.xml.j2 index 0000000,0000000..5f421f2 new file mode 100755 --- /dev/null +++ b/dev-tools/ansible/roles/wso2_is/templates/carbon.xml.j2 @@@ -1,0 -1,0 +1,688 @@@ ++<?xml version="1.0" encoding="ISO-8859-1"?> ++<!-- ++ Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. ++ ++ Licensed under the Apache License, Version 2.0 (the "License"); ++ you may not use this file except in compliance with the License. ++ You may obtain a copy of the License at ++ ++ http://www.apache.org/licenses/LICENSE-2.0 ++ ++ Unless required by applicable law or agreed to in writing, software ++ distributed under the License is distributed on an "AS IS" BASIS, ++ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. ++ See the License for the specific language governing permissions and ++ limitations under the License. ++--> ++ ++<!-- ++ This is the main server configuration file ++ ++ ${carbon.home} represents the carbon.home system property. ++ Other system properties can be specified in a similar manner. ++--> ++<Server xmlns="http://wso2.org/projects/carbon/carbon.xml";> ++ ++ <!-- ++ Product Name ++ --> ++ <Name>WSO2 Identity Server</Name> ++ ++ <!-- ++ machine readable unique key to identify each product ++ --> ++ <ServerKey>IS</ServerKey> ++ ++ <!-- ++ Product Version ++ --> ++ <Version>5.1.0</Version> ++ ++ <!-- ++ Host name or IP address of the machine hosting this server ++ e.g. www.wso2.org, 192.168.1.10 ++ This is will become part of the End Point Reference of the ++ services deployed on this server instance. ++ --> ++ <HostName>{{ ansible_fqdn }}</HostName> ++ ++ <!-- ++ Host name to be used for the Carbon management console ++ --> ++ <MgtHostName>localhost</MgtHostName> ++ ++ <!-- ++ The URL of the back end server. This is where the admin services are hosted and ++ will be used by the clients in the front end server. ++ This is required only for the Front-end server. This is used when seperating BE server from FE server ++ --> ++ <ServerURL>local:/${carbon.context}/services/</ServerURL> ++ <!-- ++ <ServerURL>https://localhost:${carbon.management.port}${carbon.context}/services/</ServerURL> ++ --> ++ <!-- ++ The URL of the index page. This is where the user will be redirected after signing in to the ++ carbon server. ++ --> ++ <!-- IndexPageURL>/carbon/admin/index.jsp</IndexPageURL--> ++ ++ <!-- ++ For cApp deployment, we have to identify the roles that can be acted by the current server. ++ The following property is used for that purpose. Any number of roles can be defined here. ++ Regular expressions can be used in the role. ++ Ex : <Role>.*</Role> means this server can act any role ++ --> ++ <ServerRoles> ++ <Role>IdentityServer</Role> ++ </ServerRoles> ++ ++ <!-- uncommnet this line to subscribe to a bam instance automatically --> ++ <!--<BamServerURL>https://bamhost:bamport/services/</BamServerURL>--> ++ ++ <!-- ++ The fully qualified name of the server ++ --> ++ <Package>org.wso2.carbon</Package> ++ ++ <!-- ++ Webapp context root of WSO2 Carbon management console. ++ --> ++ <WebContextRoot>/</WebContextRoot> ++ ++ <!-- ++ Proxy context path is a useful parameter to add a proxy path when a Carbon server is fronted by reverse proxy. In addtion ++ to the proxy host and proxy port this parameter allows you add a path component to external URLs. e.g. ++ URL of the Carbon server -> https://10.100.1.1:9443/carbon ++ URL of the reverse proxy -> https://prod.abc.com/appserver/carbon ++ ++ appserver - proxy context path. This specially required whenever you are generating URLs to displace in ++ Carbon UI components. ++ --> ++ <!-- ++ <MgtProxyContextPath></MgtProxyContextPath> ++ <ProxyContextPath></ProxyContextPath> ++ --> ++ ++ <!-- In-order to get the registry http Port from the back-end when the default http transport is not the same--> ++ <!--RegistryHttpPort>9763</RegistryHttpPort--> ++ ++ <!-- ++ Number of items to be displayed on a management console page. This is used at the ++ backend server for pagination of various items. ++ --> ++ <ItemsPerPage>15</ItemsPerPage> ++ ++ <!-- The endpoint URL of the cloud instance management Web service --> ++ <!--<InstanceMgtWSEndpoint>https://ec2.amazonaws.com/</InstanceMgtWSEndpoint>--> ++ ++ <!-- ++ Ports used by this server ++ --> ++ <Ports> ++ ++ <!-- Ports offset. This entry will set the value of the ports defined below to ++ the define value + Offset. ++ e.g. Offset=2 and HTTPS port=9443 will set the effective HTTPS port to 9445 ++ --> ++ <Offset>0</Offset> ++ ++ <!-- The JMX Ports --> ++ <JMX> ++ <!--The port RMI registry is exposed--> ++ <RMIRegistryPort>9999</RMIRegistryPort> ++ <!--The port RMI server should be exposed--> ++ <RMIServerPort>11111</RMIServerPort> ++ </JMX> ++ ++ <!-- Embedded LDAP server specific ports --> ++ <EmbeddedLDAP> ++ <!-- Port which embedded LDAP server runs --> ++ <LDAPServerPort>10389</LDAPServerPort> ++ <!-- Port which KDC (Kerberos Key Distribution Center) server runs --> ++ <KDCServerPort>8000</KDCServerPort> ++ </EmbeddedLDAP> ++ ++ <!-- ++ Override datasources JNDIproviderPort defined in bps.xml and datasources.properties files ++ --> ++ <!--<JNDIProviderPort>2199</JNDIProviderPort>--> ++ <!--Override receive port of thrift based entitlement service.--> ++ <ThriftEntitlementReceivePort>10500</ThriftEntitlementReceivePort> ++ ++ <!-- ++ This is the proxy port of the worker cluster. These need to be configured in a scenario where ++ manager node is not exposed through the load balancer through which the workers are exposed ++ therefore doesn't have a proxy port. ++ <WorkerHttpProxyPort>80</WorkerHttpProxyPort> ++ <WorkerHttpsProxyPort>443</WorkerHttpsProxyPort> ++ --> ++ ++ </Ports> ++ ++ <!-- ++ JNDI Configuration ++ --> ++ <JNDI> ++ <!-- ++ The fully qualified name of the default initial context factory ++ --> ++ <DefaultInitialContextFactory>org.wso2.carbon.tomcat.jndi.CarbonJavaURLContextFactory</DefaultInitialContextFactory> ++ <!-- ++ The restrictions that are done to various JNDI Contexts in a Multi-tenant environment ++ --> ++ <Restrictions> ++ <!-- ++ Contexts that will be available only to the super-tenant ++ --> ++ <!-- <SuperTenantOnly> ++ <UrlContexts> ++ <UrlContext> ++ <Scheme>foo</Scheme> ++ </UrlContext> ++ <UrlContext> ++ <Scheme>bar</Scheme> ++ </UrlContext> ++ </UrlContexts> ++ </SuperTenantOnly> --> ++ <!-- ++ Contexts that are common to all tenants ++ --> ++ <AllTenants> ++ <UrlContexts> ++ <UrlContext> ++ <Scheme>java</Scheme> ++ </UrlContext> ++ <!-- <UrlContext> ++ <Scheme>foo</Scheme> ++ </UrlContext> --> ++ </UrlContexts> ++ </AllTenants> ++ <!-- ++ All other contexts not mentioned above will be available on a per-tenant basis ++ (i.e. will not be shared among tenants) ++ --> ++ </Restrictions> ++ </JNDI> ++ ++ <!-- ++ Property to determine if the server is running an a cloud deployment environment. ++ This property should only be used to determine deployment specific details that are ++ applicable only in a cloud deployment, i.e when the server deployed *-as-a-service. ++ --> ++ <IsCloudDeployment>false</IsCloudDeployment> ++ ++ <!-- ++ Property to determine whether usage data should be collected for metering purposes ++ --> ++ <EnableMetering>false</EnableMetering> ++ ++ <!-- The Max time a thread should take for execution in seconds --> ++ <MaxThreadExecutionTime>600</MaxThreadExecutionTime> ++ ++ <!-- ++ A flag to enable or disable Ghost Deployer. By default this is set to false. That is ++ because the Ghost Deployer works only with the HTTP/S transports. If you are using ++ other transports, don't enable Ghost Deployer. ++ --> ++ <GhostDeployment> ++ <Enabled>false</Enabled> ++ </GhostDeployment> ++ ++ ++ <!-- ++ Eager loading or lazy loading is a design pattern commonly used in computer programming which ++ will initialize an object upon creation or load on-demand. In carbon, lazy loading is used to ++ load tenant when a request is received only. Similarly Eager loading is used to enable load ++ existing tenants after carbon server starts up. Using this feature, you will be able to include ++ or exclude tenants which are to be loaded when server startup. ++ ++ We can enable only one LoadingPolicy at a given time. ++ ++ 1. Tenant Lazy Loading ++ This is the default behaviour and enabled by default. With this policy, tenants are not loaded at ++ server startup, but loaded based on-demand (i.e when a request is received for a tenant). ++ The default tenant idle time is 30 minutes. ++ ++ 2. Tenant Eager Loading ++ This is by default not enabled. It can be be enabled by un-commenting the <EagerLoading> section. ++ The eager loading configurations supported are as below. These configurations can be given as the ++ value for <Include> element with eager loading. ++ (i)Load all tenants when server startup - * ++ (ii)Load all tenants except foo.com & bar.com - *,!foo.com,!bar.com ++ (iii)Load only foo.com & bar.com to be included - foo.com,bar.com ++ --> ++ <Tenant> ++ <LoadingPolicy> ++ <LazyLoading> ++ <IdleTime>30</IdleTime> ++ </LazyLoading> ++ <!-- <EagerLoading> ++ <Include>*,!foo.com,!bar.com</Include> ++ </EagerLoading>--> ++ </LoadingPolicy> ++ </Tenant> ++ ++ <!-- ++ Caching related configurations ++ --> ++ <Cache> ++ <!-- Default cache timeout in minutes --> ++ <DefaultCacheTimeout>15</DefaultCacheTimeout> ++ </Cache> ++ ++ <!-- ++ Axis2 related configurations ++ --> ++ <Axis2Config> ++ <!-- ++ Location of the Axis2 Services & Modules repository ++ ++ This can be a directory in the local file system, or a URL. ++ ++ e.g. ++ 1. /home/wso2wsas/repository/ - An absolute path ++ 2. repository - In this case, the path is relative to CARBON_HOME ++ 3. file:///home/wso2wsas/repository/ ++ 4. http://wso2wsas/repository/ ++ --> ++ <RepositoryLocation>${carbon.home}/repository/deployment/server/</RepositoryLocation> ++ ++ <!-- ++ Deployment update interval in seconds. This is the interval between repository listener ++ executions. ++ --> ++ <DeploymentUpdateInterval>15</DeploymentUpdateInterval> ++ ++ <!-- ++ Location of the main Axis2 configuration descriptor file, a.k.a. axis2.xml file ++ ++ This can be a file on the local file system, or a URL ++ ++ e.g. ++ 1. /home/repository/axis2.xml - An absolute path ++ 2. conf/axis2.xml - In this case, the path is relative to CARBON_HOME ++ 3. file:///home/carbon/repository/axis2.xml ++ 4. http://repository/conf/axis2.xml ++ --> ++ <ConfigurationFile>${carbon.home}/repository/conf/axis2/axis2.xml</ConfigurationFile> ++ ++ <!-- ++ ServiceGroupContextIdleTime, which will be set in ConfigurationContex ++ for multiple clients which are going to access the same ServiceGroupContext ++ Default Value is 30 Sec. ++ --> ++ <ServiceGroupContextIdleTime>30000</ServiceGroupContextIdleTime> ++ ++ <!-- ++ This repository location is used to crete the client side configuration ++ context used by the server when calling admin services. ++ --> ++ <ClientRepositoryLocation>${carbon.home}/repository/deployment/client/</ClientRepositoryLocation> ++ <!-- This axis2 xml is used in createing the configuration context by the FE server ++ calling to BE server --> ++ <clientAxis2XmlLocation>${carbon.home}/repository/conf/axis2/axis2_client.xml</clientAxis2XmlLocation> ++ <!-- If this parameter is set, the ?wsdl on an admin service will not give the admin service wsdl. --> ++ <HideAdminServiceWSDLs>true</HideAdminServiceWSDLs> ++ ++ <!--WARNING-Use With Care! Uncommenting bellow parameter would expose all AdminServices in HTTP transport. ++ With HTTP transport your credentials and data routed in public channels are vulnerable for sniffing attacks. ++ Use bellow parameter ONLY if your communication channels are confirmed to be secured by other means --> ++ <!--HttpAdminServices>*</HttpAdminServices--> ++ ++ </Axis2Config> ++ ++ <!-- ++ The default user roles which will be created when the server ++ is started up for the first time. ++ --> ++ <ServiceUserRoles> ++ <Role> ++ <Name>admin</Name> ++ <Description>Default Administrator Role</Description> ++ </Role> ++ <Role> ++ <Name>user</Name> ++ <Description>Default User Role</Description> ++ </Role> ++ </ServiceUserRoles> ++ ++ <!-- ++ Enable following config to allow Emails as usernames. ++ --> ++ <!--EnableEmailUserName>true</EnableEmailUserName--> ++ ++ <!-- ++ Security configurations ++ --> ++ <Security> ++ <!-- ++ KeyStore which will be used for encrypting/decrypting passwords ++ and other sensitive information. ++ --> ++ <KeyStore> ++ <!-- Keystore file location--> ++ <Location>${carbon.home}/repository/resources/security/wso2carbon.jks</Location> ++ <!-- Keystore type (JKS/PKCS12 etc.)--> ++ <Type>JKS</Type> ++ <!-- Keystore password--> ++ <Password>wso2carbon</Password> ++ <!-- Private Key alias--> ++ <KeyAlias>wso2carbon</KeyAlias> ++ <!-- Private Key password--> ++ <KeyPassword>wso2carbon</KeyPassword> ++ </KeyStore> ++ ++ <!-- ++ System wide trust-store which is used to maintain the certificates of all ++ the trusted parties. ++ --> ++ <TrustStore> ++ <!-- trust-store file location --> ++ <Location>${carbon.home}/repository/resources/security/client-truststore.jks</Location> ++ <!-- trust-store type (JKS/PKCS12 etc.) --> ++ <Type>JKS</Type> ++ <!-- trust-store password --> ++ <Password>wso2carbon</Password> ++ </TrustStore> ++ ++ <!-- ++ The Authenticator configuration to be used at the JVM level. We extend the ++ java.net.Authenticator to make it possible to authenticate to given servers and ++ proxies. ++ --> ++ <NetworkAuthenticatorConfig> ++ <!-- ++ Below is a sample configuration for a single authenticator. Please note that ++ all child elements are mandatory. Not having some child elements would lead to ++ exceptions at runtime. ++ --> ++ <!-- <Credential> --> ++ <!-- ++ the pattern that would match a subset of URLs for which this authenticator ++ would be used ++ --> ++ <!-- <Pattern>regularExpression</Pattern> --> ++ <!-- ++ the type of this authenticator. Allowed values are: ++ 1. server ++ 2. proxy ++ --> ++ <!-- <Type>proxy</Type> --> ++ <!-- the username used to log in to server/proxy --> ++ <!-- <Username>username</Username> --> ++ <!-- the password used to log in to server/proxy --> ++ <!-- <Password>password</Password> --> ++ <!-- </Credential> --> ++ </NetworkAuthenticatorConfig> ++ ++ <!-- ++ The Tomcat realm to be used for hosted Web applications. Allowed values are; ++ 1. UserManager ++ 2. Memory ++ ++ If this is set to 'UserManager', the realm will pick users & roles from the system's ++ WSO2 User Manager. If it is set to 'memory', the realm will pick users & roles from ++ CARBON_HOME/repository/conf/tomcat/tomcat-users.xml ++ --> ++ <TomcatRealm>UserManager</TomcatRealm> ++ ++ <!--Option to disable storing of tokens issued by STS--> ++ <DisableTokenStore>false</DisableTokenStore> ++ ++ <!-- ++ Security token store class name. If this is not set, default class will be ++ org.wso2.carbon.security.util.SecurityTokenStore ++ --> ++ <TokenStoreClassName>org.wso2.carbon.identity.sts.store.DBTokenStore</TokenStoreClassName> ++ ++ ++ ++ <!-- Configurations to avoid Cross Site Request Forgery vulnerabilities --> ++ <CSRFPreventionConfig> ++ <!-- CSRFPreventionFilter configurations that adopts Synchronizer Token Pattern --> ++ <CSRFPreventionFilter> ++ <!-- Set below to true to enable the CSRFPreventionFilter --> ++ <Enabled>false</Enabled> ++ <!-- Url Pattern to skip application of CSRF protection--> ++ <SkipUrlPattern>(.*)(/images|/css|/js|/docs)(.*)</SkipUrlPattern> ++ </CSRFPreventionFilter> ++ </CSRFPreventionConfig> ++ ++ <!-- Configuration to enable or disable CR and LF sanitization filter--> ++ <CRLFPreventionConfig> ++ <!--Set below to true to enable the CRLFPreventionFilter--> ++ <Enabled>true</Enabled> ++ </CRLFPreventionConfig> ++ </Security> ++ ++ <!-- ++ The temporary work directory ++ --> ++ <WorkDirectory>${carbon.home}/tmp/work</WorkDirectory> ++ ++ <!-- ++ House-keeping configuration ++ --> ++ <HouseKeeping> ++ ++ <!-- ++ true - Start House-keeping thread on server startup ++ false - Do not start House-keeping thread on server startup. ++ The user will run it manually as and when he wishes. ++ --> ++ <AutoStart>true</AutoStart> ++ ++ <!-- ++ The interval in *minutes*, between house-keeping runs ++ --> ++ <Interval>10</Interval> ++ ++ <!-- ++ The maximum time in *minutes*, temp files are allowed to live ++ in the system. Files/directories which were modified more than ++ "MaxTempFileLifetime" minutes ago will be removed by the ++ house-keeping task ++ --> ++ <MaxTempFileLifetime>30</MaxTempFileLifetime> ++ </HouseKeeping> ++ ++ <!-- ++ Configuration for handling different types of file upload & other file uploading related ++ config parameters. ++ To map all actions to a particular FileUploadExecutor, use ++ <Action>*</Action> ++ --> ++ <FileUploadConfig> ++ <!-- ++ The total file upload size limit in MB ++ --> ++ <TotalFileSizeLimit>100</TotalFileSizeLimit> ++ ++ <Mapping> ++ <Actions> ++ <Action>keystore</Action> ++ <Action>certificate</Action> ++ <Action>*</Action> ++ </Actions> ++ <Class>org.wso2.carbon.ui.transports.fileupload.AnyFileUploadExecutor</Class> ++ </Mapping> ++ ++ <Mapping> ++ <Actions> ++ <Action>jarZip</Action> ++ </Actions> ++ <Class>org.wso2.carbon.ui.transports.fileupload.JarZipUploadExecutor</Class> ++ </Mapping> ++ <Mapping> ++ <Actions> ++ <Action>dbs</Action> ++ </Actions> ++ <Class>org.wso2.carbon.ui.transports.fileupload.DBSFileUploadExecutor</Class> ++ </Mapping> ++ <Mapping> ++ <Actions> ++ <Action>tools</Action> ++ </Actions> ++ <Class>org.wso2.carbon.ui.transports.fileupload.ToolsFileUploadExecutor</Class> ++ </Mapping> ++ <Mapping> ++ <Actions> ++ <Action>toolsAny</Action> ++ </Actions> ++ <Class>org.wso2.carbon.ui.transports.fileupload.ToolsAnyFileUploadExecutor</Class> ++ </Mapping> ++ </FileUploadConfig> ++ ++ <!-- FileNameRegEx is used to validate the file input/upload/write-out names. ++ e.g. ++ <FileNameRegEx>^(?!(?:CON|PRN|AUX|NUL|COM[1-9]|LPT[1-9])(?:\.[^.])?$)[^<>:"/\\|?*\x00-\x1F][^<>:"/\\|?*\x00-\x1F\ .]$</FileNameRegEx> ++ --> ++ <!--<FileNameRegEx></FileNameRegEx>--> ++ ++ <!-- ++ Processors which process special HTTP GET requests such as ?wsdl, ?policy etc. ++ ++ In order to plug in a processor to handle a special request, simply add an entry to this ++ section. ++ ++ The value of the Item element is the first parameter in the query string(e.g. ?wsdl) ++ which needs special processing ++ ++ The value of the Class element is a class which implements ++ org.wso2.carbon.transport.HttpGetRequestProcessor ++ --> ++ <HttpGetRequestProcessors> ++ <Processor> ++ <Item>info</Item> ++ <Class>org.wso2.carbon.core.transports.util.InfoProcessor</Class> ++ </Processor> ++ <Processor> ++ <Item>wsdl</Item> ++ <Class>org.wso2.carbon.core.transports.util.Wsdl11Processor</Class> ++ </Processor> ++ <Processor> ++ <Item>wsdl2</Item> ++ <Class>org.wso2.carbon.core.transports.util.Wsdl20Processor</Class> ++ </Processor> ++ <Processor> ++ <Item>xsd</Item> ++ <Class>org.wso2.carbon.core.transports.util.XsdProcessor</Class> ++ </Processor> ++ </HttpGetRequestProcessors> ++ ++ <!-- Deployment Synchronizer Configuration. t Enabled value to true when running with "svn based" dep sync. ++ In master nodes you need to set both AutoCommit and AutoCheckout to true ++ and in worker nodes set only AutoCheckout to true. ++ --> ++ <DeploymentSynchronizer> ++ <Enabled>false</Enabled> ++ <AutoCommit>false</AutoCommit> ++ <AutoCheckout>true</AutoCheckout> ++ <RepositoryType>svn</RepositoryType> ++ <SvnUrl>http://svnrepo.example.com/repos/</SvnUrl> ++ <SvnUser>username</SvnUser> ++ <SvnPassword>password</SvnPassword> ++ <SvnUrlAppendTenantId>true</SvnUrlAppendTenantId> ++ </DeploymentSynchronizer> ++ ++ <!-- Deployment Synchronizer Configuration. Uncomment the following section when running with "registry based" dep sync. ++ In master nodes you need to set both AutoCommit and AutoCheckout to true ++ and in worker nodes set only AutoCheckout to true. ++ --> ++ <!--<DeploymentSynchronizer> ++ <Enabled>true</Enabled> ++ <AutoCommit>false</AutoCommit> ++ <AutoCheckout>true</AutoCheckout> ++ </DeploymentSynchronizer>--> ++ ++ <!-- Mediation persistence configurations. Only valid if mediation features are available i.e. ESB --> ++ <!--<MediationConfig> ++ <LoadFromRegistry>false</LoadFromRegistry> ++ <SaveToFile>false</SaveToFile> ++ <Persistence>enabled</Persistence> ++ <RegistryPersistence>enabled</RegistryPersistence> ++ </MediationConfig>--> ++ ++ <!-- ++ Server intializing code, specified as implementation classes of org.wso2.carbon.core.ServerInitializer. ++ This code will be run when the Carbon server is initialized ++ --> ++ <ServerInitializers> ++ <!--<Initializer></Initializer>--> ++ </ServerInitializers> ++ ++ <!-- ++ Indicates whether the Carbon Servlet is required by the system, and whether it should be ++ registered ++ --> ++ <RequireCarbonServlet>${require.carbon.servlet}</RequireCarbonServlet> ++ ++ <!-- ++ Carbon H2 OSGI Configuration ++ By default non of the servers start. ++ name="web" - Start the web server with the H2 Console ++ name="webPort" - The port (default: 8082) ++ name="webAllowOthers" - Allow other computers to connect ++ name="webSSL" - Use encrypted (HTTPS) connections ++ name="tcp" - Start the TCP server ++ name="tcpPort" - The port (default: 9092) ++ name="tcpAllowOthers" - Allow other computers to connect ++ name="tcpSSL" - Use encrypted (SSL) connections ++ name="pg" - Start the PG server ++ name="pgPort" - The port (default: 5435) ++ name="pgAllowOthers" - Allow other computers to connect ++ name="trace" - Print additional trace information; for all servers ++ name="baseDir" - The base directory for H2 databases; for all servers ++ --> ++ <!--H2DatabaseConfiguration> ++ <property name="web" /> ++ <property name="webPort">8082</property> ++ <property name="webAllowOthers" /> ++ <property name="webSSL" /> ++ <property name="tcp" /> ++ <property name="tcpPort">9092</property> ++ <property name="tcpAllowOthers" /> ++ <property name="tcpSSL" /> ++ <property name="pg" /> ++ <property name="pgPort">5435</property> ++ <property name="pgAllowOthers" /> ++ <property name="trace" /> ++ <property name="baseDir">${carbon.home}</property> ++ </H2DatabaseConfiguration--> ++ <!--Disabling statistics reporter by default--> ++ <StatisticsReporterDisabled>true</StatisticsReporterDisabled> ++ ++ <!-- Enable accessing Admin Console via HTTP --> ++ <!-- EnableHTTPAdminConsole>true</EnableHTTPAdminConsole --> ++ ++ <!-- ++ Default Feature Repository of WSO2 Carbon. ++ --> ++ <FeatureRepository> ++ <RepositoryName>default repository</RepositoryName> ++ <RepositoryURL>http://product-dist.wso2.com/p2/carbon/releases/wilkes/</RepositoryURL> ++ </FeatureRepository> ++ ++ <!-- ++ Configure API Management ++ --> ++ <APIManagement> ++ ++ <!--Uses the embedded API Manager by default. If you want to use an external ++ API Manager instance to manage APIs, configure below externalAPIManager--> ++ ++ <Enabled>true</Enabled> ++ ++ <!--Uncomment and configure API Gateway and ++ Publisher URLs to use external API Manager instance--> ++ ++ <!--ExternalAPIManager> ++ ++ <APIGatewayURL>http://localhost:8281</APIGatewayURL> ++ <APIPublisherURL>http://localhost:8281/publisher</APIPublisherURL> ++ ++ </ExternalAPIManager--> ++ ++ <LoadAPIContextsInServerStartup>true</LoadAPIContextsInServerStartup> ++ </APIManagement> ++</Server> http://git-wip-us.apache.org/repos/asf/airavata/blob/514567c8/dev-tools/ansible/roles/wso2_is/vars/main.yml ---------------------------------------------------------------------- diff --cc dev-tools/ansible/roles/wso2_is/vars/main.yml index 0000000,0000000..f7b4eb7 new file mode 100644 --- /dev/null +++ b/dev-tools/ansible/roles/wso2_is/vars/main.yml @@@ -1,0 -1,0 +1,18 @@@ ++--- ++#Variables associated with this role ++# Oracle Java 8 ++java_dir_source: "/usr/local/src" ++ ++java_version: 8 ++java_version_update: 91 ++java_version_build: '14' ++java_version_string: "1.{{ java_version }}.0_{{ java_version_update }}" ++java_home: "/usr/java/jdk1.{{ java_version }}.0_{{ java_version_update }}" ++ ++java_rpm_filename: "jdk-{{ java_version }}u{{ java_version_update }}-linux-x64.rpm" ++java_rpm_url: "http://download.oracle.com/otn-pub/java/jdk/{{ java_version }}u{{ java_version_update }}-b{{ java_version_build }}/{{ java_rpm_filename }}" ++ ++wso2_is_rul: http://wso2.com/products/identity-server/#download ++wso2_is_dist: wso2is-5.1.0.zip ++wso2_is_dir: wso2is-5.1.0 ++... http://git-wip-us.apache.org/repos/asf/airavata/blob/514567c8/dev-tools/ansible/roles/zookeeper/handlers/main.yml ---------------------------------------------------------------------- diff --cc dev-tools/ansible/roles/zookeeper/handlers/main.yml index 0000000,0000000..daefebe new file mode 100644 --- /dev/null +++ b/dev-tools/ansible/roles/zookeeper/handlers/main.yml @@@ -1,0 -1,0 +1,12 @@@ ++--- ++- name: start zookeeper ++ service: name=zookeeper state=started enabled=yes ++ become: yes ++ ++- name: stop zookeeper ++ service: name=zookeeper state=stopped ++ become: yes ++ ++- name: restart zookeeper ++ service: name=zookeeper state=restarted enabled=yes ++ become: yes http://git-wip-us.apache.org/repos/asf/airavata/blob/514567c8/dev-tools/ansible/roles/zookeeper/tasks/main.yml ---------------------------------------------------------------------- diff --cc dev-tools/ansible/roles/zookeeper/tasks/main.yml index 0000000,0000000..78bcec2 new file mode 100644 --- /dev/null +++ b/dev-tools/ansible/roles/zookeeper/tasks/main.yml @@@ -1,0 -1,0 +1,34 @@@ ++--- ++################################################################################ ++# Setup and run Zookeeper ++- name: Download and unarchive zookeeper ++ unarchive: src="{{ zookeeper_url }}" ++ dest="{{ user_home }}" ++ copy=no ++ owner="{{ user }}" ++ group="{{ group }}" ++ ++- name: open zookeeper port ++ firewalld: port=2181/tcp zone=public permanent=true state=enabled immediate=yes ++ become: yes ++ ++- name: Copy zoo.cfg file ++ template: src=zoo.cfg.j2 dest="{{ zookeeper_dir }}/conf/zoo.cfg" owner="{{ user }}" group="{{ group }}" mode="u=rw,g=r,o=r" ++ notify: ++ - restart zookeeper ++ ++- name: Check if systemd exists ++ stat: path=/usr/lib/systemd/system/ ++ register: systemd_check ++ ++- name: Systemd script. ++ template: src=zookeeper.service.j2 dest=/usr/lib/systemd/system/zookeeper.service ++ when: systemd_check.stat.exists == true ++ notify: ++ - restart zookeeper ++ become: yes ++ ++- name: reload systemd daemons ++ command: systemctl daemon-reload ++ become: yes ++... http://git-wip-us.apache.org/repos/asf/airavata/blob/514567c8/dev-tools/ansible/roles/zookeeper/templates/zoo.cfg.j2 ---------------------------------------------------------------------- diff --cc dev-tools/ansible/roles/zookeeper/templates/zoo.cfg.j2 index 0000000,0000000..8426b98 new file mode 100644 --- /dev/null +++ b/dev-tools/ansible/roles/zookeeper/templates/zoo.cfg.j2 @@@ -1,0 -1,0 +1,28 @@@ ++# The number of milliseconds of each tick ++tickTime={{tick_time}} ++# The number of ticks that the initial ++# synchronization phase can take ++initLimit={{init_limit}} ++# The number of ticks that can pass between ++# sending a request and getting an acknowledgement ++syncLimit={{sync_limit}} ++# the directory where the snapshot is stored. ++# do not use /tmp for storage, /tmp here is just ++# example sakes. ++dataDir={{zookeeper_data_dir}} ++# the port at which the clients will connect ++clientPort={{ client_port }} ++# the maximum number of client connections. ++# increase this if you need to handle more clients ++#maxClientCnxns=60 ++# ++# Be sure to read the maintenance section of the ++# administrator guide before turning on autopurge. ++# ++# http://zookeeper.apache.org/doc/current/zookeeperAdmin.html#sc_maintenance ++# ++# The number of snapshots to retain in dataDir ++#autopurge.snapRetainCount=3 ++# Purge task interval in hours ++# Set to "0" to disable auto purge feature ++#autopurge.purgeInterval=1 http://git-wip-us.apache.org/repos/asf/airavata/blob/514567c8/dev-tools/ansible/roles/zookeeper/templates/zookeeper.service.j2 ---------------------------------------------------------------------- diff --cc dev-tools/ansible/roles/zookeeper/templates/zookeeper.service.j2 index 0000000,0000000..19c3718 new file mode 100644 --- /dev/null +++ b/dev-tools/ansible/roles/zookeeper/templates/zookeeper.service.j2 @@@ -1,0 -1,0 +1,15 @@@ ++# {{ansible_managed}} ++ ++[Unit] ++Description=ZooKeeper ++ ++ ++[Service] ++Type=forking ++ExecStart={{zookeeper_dir}}/bin/zkServer.sh start ++ExecStop={{ zookeeper_dir }}/bin/zkServer.sh stop ++Restart=always ++TimeoutSec=300 ++ ++[Install] ++WantedBy=multi-user.target http://git-wip-us.apache.org/repos/asf/airavata/blob/514567c8/dev-tools/ansible/roles/zookeeper/vars/main.yml ---------------------------------------------------------------------- diff --cc dev-tools/ansible/roles/zookeeper/vars/main.yml index 0000000,0000000..a3e10db new file mode 100644 --- /dev/null +++ b/dev-tools/ansible/roles/zookeeper/vars/main.yml @@@ -1,0 -1,0 +1,17 @@@ ++--- ++#Variables associated with this role ++# zookeeper related variable ++zookeeper_version: 3.4.8 ++zookeeper_url: http://www.us.apache.org/dist/zookeeper/zookeeper-{{zookeeper_version}}/zookeeper-{{zookeeper_version}}.tar.gz ++ ++apt_cache_timeout: 3600 ++client_port: "{{ zookeeper_client_port }}" ++init_limit: 5 ++sync_limit: 2 ++tick_time: 2000 ++data_dir: /var/lib/zookeeper ++log_dir: /var/log/zookeeper ++zookeeper_dir: "{{ user_home }}/zookeeper-{{zookeeper_version}}" ++zookeeper_data_dir: "{{ zookeeper_dir }}/data" ++ ++... http://git-wip-us.apache.org/repos/asf/airavata/blob/514567c8/dev-tools/ansible/site.yml ---------------------------------------------------------------------- diff --cc dev-tools/ansible/site.yml index 0000000,0000000..69ff15b new file mode 100644 --- /dev/null +++ b/dev-tools/ansible/site.yml @@@ -1,0 -1,0 +1,76 @@@ ++--- ++#Master playbook ++- hosts: zookeeper ++ tags: zookeeper, airavata ++ roles: ++ - env_setup ++ - java ++ - zookeeper ++ ++- hosts: rabbitmq ++ tags: rabbitmq, airavata ++ roles: ++ - env_setup ++ - rabbitmq ++ ++- hosts: database ++ tags: mysql , airavata ++ roles: ++ - env_setup ++ - role: database ++ become: yes ++ become_user: "{{user}}" ++ ++- hosts: wso2is ++ tags: wso2is ++ roles: ++ - env_setup ++ - java ++ - role: wso2_is ++ become: yes ++ become_user: "{{user}}" ++ ++ ++- hosts: gfac ++ tags: gfac, airavata ++ roles: ++ - env_setup ++ - java ++ - role: common ++ become: yes ++ become_user: "{{user}}" ++ - role: gfac ++ become: yes ++ become_user: "{{user}}" ++ ++- hosts: api-orch ++ tags: api-orch, airavata ++ roles: ++ - env_setup ++ - java ++ - role: common ++ become: yes ++ become_user: "{{user}}" ++ - role: api-orch ++ become: yes ++ become_user: "{{user}}" ++ ++- hosts: registry ++ tags: registry, airavata ++ roles: ++ - env_setup ++ - java ++ - role: common ++ become: yes ++ become_user: "{{user}}" ++ - role: registry ++ become: yes ++ become_user: "{{user}}" ++ ++- hosts: pga ++ tags: pga ++ roles: ++ - env_setup ++ - pga ++ ++...
