Deploy wso2is on aws EC2 instance
Project: http://git-wip-us.apache.org/repos/asf/airavata/repo Commit: http://git-wip-us.apache.org/repos/asf/airavata/commit/93ec75b6 Tree: http://git-wip-us.apache.org/repos/asf/airavata/tree/93ec75b6 Diff: http://git-wip-us.apache.org/repos/asf/airavata/diff/93ec75b6 Branch: refs/heads/develop Commit: 93ec75b61ddaa5585700fed81a6e173b2850817d Parents: 433ae48 Author: Shameera Rathnayaka <[email protected]> Authored: Tue Aug 16 22:19:12 2016 -0400 Committer: Shameera Rathnayaka <[email protected]> Committed: Tue Aug 16 22:19:12 2016 -0400 ---------------------------------------------------------------------- group_vars/all | 12 +- hosts | 28 +- roles/env_setup/tasks/main.yml | 33 +- roles/rabbitmq/tasks/main.yml | 17 +- roles/rabbitmq/vars/main.yml | 2 + roles/wso2_is/tasks/main.yml | 69 +++ roles/wso2_is/templates/carbon.xml.j2 | 688 +++++++++++++++++++++++++++++ roles/wso2_is/vars/main.yml | 18 + site.yml | 4 + 9 files changed, 837 insertions(+), 34 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/airavata/blob/93ec75b6/group_vars/all ---------------------------------------------------------------------- diff --git a/group_vars/all b/group_vars/all index bae52a5..e1b8187 100644 --- a/group_vars/all +++ b/group_vars/all @@ -1,10 +1,11 @@ --- ansible_connection: ssh -ansible_ssh_user: root -ansible_ssh_private_key_file: /Users/syodage/Projects/scigap/JetCloud/jetcloud.key +ansible_ssh_user: centos +#ansible_ssh_private_key_file: /Users/syodage/Projects/scigap/JetCloud/jetcloud.key +ansible_ssh_private_key_file: /Users/syodage/Projects/airavata-ansible/shameera-aws.pem.txt -user: airavata -group: airavata +user: centos +group: centos user_home: "/home/{{ user }}" deployment_dir: "{{ user_home }}/master-deployment" @@ -24,7 +25,8 @@ rabbitmq_server: "localhost" rabbitmq_vhost: "master" rabbitmq_user: "airavata" rabbitmq_password: "airavata" -rabbitmq_broker_url: "amqp://{{ rabbitmq_user }}:{{ rabbitmq_password }}@{{ rabbitmq_server}}:5672/{{ rabbitmq_vhost }}" +rabbitmq_port: "5672" +rabbitmq_broker_url: "amqp://{{ rabbitmq_user }}:{{ rabbitmq_password }}@{{ rabbitmq_server}}:{{ rabbitmq_port }}/{{ rabbitmq_vhost }}" key_store: "airavata.jks" cred_key_store: "client_truststore.jks" http://git-wip-us.apache.org/repos/asf/airavata/blob/93ec75b6/hosts ---------------------------------------------------------------------- diff --git a/hosts b/hosts index 8a317b8..819e1ab 100644 --- a/hosts +++ b/hosts @@ -1,25 +1,29 @@ +--- # inventory file : production [api-orch] -#149.165.156.196 host_name=js-156-196 host_address=149.165.156.196 -js-171-11.jetstream-cloud.org +#js-156.196.jetstream-cloud.org +#js-171-11.jetstream-cloud.org [gfac] -#149.165.156.196 host_name=js-156-196 host_address=149.165.156.196 -js-171-11.jetstream-cloud.org +#js-156.196.jetstream-cloud.org +#js-171-11.jetstream-cloud.org [pga] -#149.165.156.196 -js-171-11.jetstream-cloud.org +#js-156.196.jetstream-cloud.org +#js-171-11.jetstream-cloud.org [zookeeper] -#149.165.156.196 host_name=js-156-196 host_address=149.165.156.196 -js-171-11.jetstream-cloud.org +#js-156.196.jetstream-cloud.org +#js-171-11.jetstream-cloud.org [rabbitmq] -#149.165.156.196 host_name=js-156-196 host_address=149.165.156.196 -js-171-11.jetstream-cloud.org +#js-156.196.jetstream-cloud.org +#js-171-11.jetstream-cloud.org rabbit_hostName="jetcloud-1-centos-7" [database] -#149.165.156.196 -js-171-11.jetstream-cloud.org +#js-156.196.jetstream-cloud.org +#js-171-11.jetstream-cloud.org + +[wso2is] +107.23.143.252 http://git-wip-us.apache.org/repos/asf/airavata/blob/93ec75b6/roles/env_setup/tasks/main.yml ---------------------------------------------------------------------- diff --git a/roles/env_setup/tasks/main.yml b/roles/env_setup/tasks/main.yml index a20b018..395d0a8 100644 --- a/roles/env_setup/tasks/main.yml +++ b/roles/env_setup/tasks/main.yml @@ -3,32 +3,29 @@ #All commons tasks goes here - name: Create a new user group "{{ group }}" group: name={{ group }} - tags: user - name: Create a new user "{{ user }}" user: name={{ user }} group={{ group }} - tags: user ################################################################################ -- name: Install git latest version - yum: name=git state=latest update_cache=yes - tags: env +- name: Install pre-requireties + yum: name={{ item }} state=latest update_cache=yes + with_items: + - git + - maven + - firewalld + - unzip #need for wso2 -- name: Install maven latest version - yum: name=maven state=latest update_cache=yes - tags: env ################################################################################ # Install Orcal Java - name: download oracle java 8 rpm get_url: url="{{ java_rpm_url }}" dest="{{ java_dir_source }}" headers='Cookie:oraclelicense=accept-securebackup-cookie' - tags: env - name: Install oracle java 8 yum: name="{{ java_dir_source }}/{{ java_rpm_filename }}" state=present - tags: env -- name: set Java version as default +- name: set Oracle Java {{ java_version_string }} as default alternatives: name="{{ item.exe }}" link="/usr/bin/{{ item.exe }}" @@ -38,7 +35,17 @@ - { path: "{{ java_home }}/jre/bin", exe: 'keytool' } - { path: "{{ java_home }}/bin", exe: 'javac' } - { path: "{{ java_home }}/bin", exe: 'javadoc' } - tags: env -# End + # TODO: stop iptables service, can't have both iptables and firewalld on same host + # if we try to stop non existing service ansible fails. +# - name: Stop iptables, ip6tables services +# service: name="{{ item }}" state=stopped +# with_items: +# - iptables +# - ip6tables + +- name: Start firewalld service + service: name=firewalld state=started + become: yes + ... http://git-wip-us.apache.org/repos/asf/airavata/blob/93ec75b6/roles/rabbitmq/tasks/main.yml ---------------------------------------------------------------------- diff --git a/roles/rabbitmq/tasks/main.yml b/roles/rabbitmq/tasks/main.yml index 56ae071..d1e7ce5 100644 --- a/roles/rabbitmq/tasks/main.yml +++ b/roles/rabbitmq/tasks/main.yml @@ -1,23 +1,32 @@ --- - - ################################################################################ # Setup and run rabbitmq - name: Install erlang latest version yum: name=https://www.rabbitmq.com/releases/erlang/erlang-18.3-1.el7.centos.x86_64.rpm state=present + become: yes - name: Install Rabbitmq rpm yum: name=https://www.rabbitmq.com/releases/rabbitmq-server/v3.6.3/rabbitmq-server-3.6.3-1.noarch.rpm state=present + become: yes # add hostname to /etc/hosts file - name: get ip4 address - command: dig +short myip.opendns.com @resolver1.opendns.com + # command: dig +short myip.opendns.com @resolver1.opendns.com + command: hostname -i register: _ip4 +- name: open rabbitmq ports + firewalld: port={{ item }} zone=public permanent=true state=enabled immediate=yes + with_items: + - "{{ rabbitmq_port }}/tcp" + - "{{ management_plugin_port }}/tcp" + become: yes + - name: Edit /etc/hosts file - lineinfile: dest=/etc/hosts line="{{ _ip4.stdout }} {{ ansible_hostname }} {{ ansible_fqdn }}" + lineinfile: dest=/etc/hosts line="{{ _ip4.stdout }} {{ rabbit_hostName }}" notify: - restart rabbitmq + become: yes - name: Start Rabbitmq server service: name=rabbitmq-server state=started http://git-wip-us.apache.org/repos/asf/airavata/blob/93ec75b6/roles/rabbitmq/vars/main.yml ---------------------------------------------------------------------- diff --git a/roles/rabbitmq/vars/main.yml b/roles/rabbitmq/vars/main.yml new file mode 100644 index 0000000..c5ab904 --- /dev/null +++ b/roles/rabbitmq/vars/main.yml @@ -0,0 +1,2 @@ +--- +management_plugin_port: "15672" http://git-wip-us.apache.org/repos/asf/airavata/blob/93ec75b6/roles/wso2_is/tasks/main.yml ---------------------------------------------------------------------- diff --git a/roles/wso2_is/tasks/main.yml b/roles/wso2_is/tasks/main.yml new file mode 100644 index 0000000..6cd03b0 --- /dev/null +++ b/roles/wso2_is/tasks/main.yml @@ -0,0 +1,69 @@ +--- +# TODO- replace java install with env_setup role +# Install Orcal Java +- name: download oracle java 8 rpm + get_url: url="{{ java_rpm_url }}" dest="{{ java_dir_source }}" headers='Cookie:oraclelicense=accept-securebackup-cookie' + become: yes + become_user: root + +- name: Install oracle java 8 + yum: name="{{ java_dir_source }}/{{ java_rpm_filename }}" state=present + become: yes + become_user: root + +- name: set Oracle Java {{ java_version_string }} as default + alternatives: + name="{{ item.exe }}" + link="/usr/bin/{{ item.exe }}" + path="{{ item.path }}/{{ item.exe }}" + with_items: + - { path: "{{ java_home }}/jre/bin", exe: 'java' } + - { path: "{{ java_home }}/jre/bin", exe: 'keytool' } + - { path: "{{ java_home }}/bin", exe: 'javac' } + - { path: "{{ java_home }}/bin", exe: 'javadoc' } + become: yes + become_user: root + +- name: Install pre-requireties + yum: name=unzip state=latest update_cache=yes + become: yes + +- name: Install pre-requireties + yum: name=firewalld state=latest update_cache=yes + become: yes +# downlaod wso2 is +# extract it +# - name: Download and unarchive wso2 is +# unarchive: src="{{ zookeeper_url }}" dest="{{ user_home }}" copy=no owner="{{ user }}" group="{{ group }}" +# for now wso2is from localhost +- name: Copy WSO2 IS + unarchive: > + src="{{ wso2_is_dist }}" + dest="{{ user_home }}/" + owner="{{ user }}" + group="{{ group }}" + creates="{{ user_home }}/{{ wso2_is_dir }}/bin/wso2server.sh" + +- name: Copy carbon.xml + template: src=carbon.xml.j2 dest="{{ user_home }}/{{ wso2_is_dir }}/repository/conf/carbon.xml" owner="{{ user }}" group="{{ group }}" mode="u=rw,g=r,o=r" + + +- name: Start firewalld service + service: name=firewalld state=started + become: yes + +- name: open carabon management console port + firewalld: port=9443/tcp zone=public permanent=true state=enabled immediate=yes + become: yes + +# start wso2 is server +- name: start wso2 is + command: ./bin/wso2server.sh start chdir="{{ user_home }}/{{ wso2_is_dir }}/" creates="{{ user_home }}/{{ wso2_is_dir }}/wso2carbon.pid" + environment: + JAVA_HOME: "{{ java_home }}" + +# - name: stop wso2 is + # command: ./bin/airavata-server-stop.sh -f chdir="{{ gfac_dir }}/{{ airavata_dist }}/" removes="{{ gfac_dir }}/{{ airavata_dist }}/bin/server_start_*" + + +... http://git-wip-us.apache.org/repos/asf/airavata/blob/93ec75b6/roles/wso2_is/templates/carbon.xml.j2 ---------------------------------------------------------------------- diff --git a/roles/wso2_is/templates/carbon.xml.j2 b/roles/wso2_is/templates/carbon.xml.j2 new file mode 100755 index 0000000..5f421f2 --- /dev/null +++ b/roles/wso2_is/templates/carbon.xml.j2 @@ -0,0 +1,688 @@ +<?xml version="1.0" encoding="ISO-8859-1"?> +<!-- + Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--> + +<!-- + This is the main server configuration file + + ${carbon.home} represents the carbon.home system property. + Other system properties can be specified in a similar manner. +--> +<Server xmlns="http://wso2.org/projects/carbon/carbon.xml";> + + <!-- + Product Name + --> + <Name>WSO2 Identity Server</Name> + + <!-- + machine readable unique key to identify each product + --> + <ServerKey>IS</ServerKey> + + <!-- + Product Version + --> + <Version>5.1.0</Version> + + <!-- + Host name or IP address of the machine hosting this server + e.g. www.wso2.org, 192.168.1.10 + This is will become part of the End Point Reference of the + services deployed on this server instance. + --> + <HostName>{{ ansible_fqdn }}</HostName> + + <!-- + Host name to be used for the Carbon management console + --> + <MgtHostName>localhost</MgtHostName> + + <!-- + The URL of the back end server. This is where the admin services are hosted and + will be used by the clients in the front end server. + This is required only for the Front-end server. This is used when seperating BE server from FE server + --> + <ServerURL>local:/${carbon.context}/services/</ServerURL> + <!-- + <ServerURL>https://localhost:${carbon.management.port}${carbon.context}/services/</ServerURL> + --> + <!-- + The URL of the index page. This is where the user will be redirected after signing in to the + carbon server. + --> + <!-- IndexPageURL>/carbon/admin/index.jsp</IndexPageURL--> + + <!-- + For cApp deployment, we have to identify the roles that can be acted by the current server. + The following property is used for that purpose. Any number of roles can be defined here. + Regular expressions can be used in the role. + Ex : <Role>.*</Role> means this server can act any role + --> + <ServerRoles> + <Role>IdentityServer</Role> + </ServerRoles> + + <!-- uncommnet this line to subscribe to a bam instance automatically --> + <!--<BamServerURL>https://bamhost:bamport/services/</BamServerURL>--> + + <!-- + The fully qualified name of the server + --> + <Package>org.wso2.carbon</Package> + + <!-- + Webapp context root of WSO2 Carbon management console. + --> + <WebContextRoot>/</WebContextRoot> + + <!-- + Proxy context path is a useful parameter to add a proxy path when a Carbon server is fronted by reverse proxy. In addtion + to the proxy host and proxy port this parameter allows you add a path component to external URLs. e.g. + URL of the Carbon server -> https://10.100.1.1:9443/carbon + URL of the reverse proxy -> https://prod.abc.com/appserver/carbon + + appserver - proxy context path. This specially required whenever you are generating URLs to displace in + Carbon UI components. + --> + <!-- + <MgtProxyContextPath></MgtProxyContextPath> + <ProxyContextPath></ProxyContextPath> + --> + + <!-- In-order to get the registry http Port from the back-end when the default http transport is not the same--> + <!--RegistryHttpPort>9763</RegistryHttpPort--> + + <!-- + Number of items to be displayed on a management console page. This is used at the + backend server for pagination of various items. + --> + <ItemsPerPage>15</ItemsPerPage> + + <!-- The endpoint URL of the cloud instance management Web service --> + <!--<InstanceMgtWSEndpoint>https://ec2.amazonaws.com/</InstanceMgtWSEndpoint>--> + + <!-- + Ports used by this server + --> + <Ports> + + <!-- Ports offset. This entry will set the value of the ports defined below to + the define value + Offset. + e.g. Offset=2 and HTTPS port=9443 will set the effective HTTPS port to 9445 + --> + <Offset>0</Offset> + + <!-- The JMX Ports --> + <JMX> + <!--The port RMI registry is exposed--> + <RMIRegistryPort>9999</RMIRegistryPort> + <!--The port RMI server should be exposed--> + <RMIServerPort>11111</RMIServerPort> + </JMX> + + <!-- Embedded LDAP server specific ports --> + <EmbeddedLDAP> + <!-- Port which embedded LDAP server runs --> + <LDAPServerPort>10389</LDAPServerPort> + <!-- Port which KDC (Kerberos Key Distribution Center) server runs --> + <KDCServerPort>8000</KDCServerPort> + </EmbeddedLDAP> + + <!-- + Override datasources JNDIproviderPort defined in bps.xml and datasources.properties files + --> + <!--<JNDIProviderPort>2199</JNDIProviderPort>--> + <!--Override receive port of thrift based entitlement service.--> + <ThriftEntitlementReceivePort>10500</ThriftEntitlementReceivePort> + + <!-- + This is the proxy port of the worker cluster. These need to be configured in a scenario where + manager node is not exposed through the load balancer through which the workers are exposed + therefore doesn't have a proxy port. + <WorkerHttpProxyPort>80</WorkerHttpProxyPort> + <WorkerHttpsProxyPort>443</WorkerHttpsProxyPort> + --> + + </Ports> + + <!-- + JNDI Configuration + --> + <JNDI> + <!-- + The fully qualified name of the default initial context factory + --> + <DefaultInitialContextFactory>org.wso2.carbon.tomcat.jndi.CarbonJavaURLContextFactory</DefaultInitialContextFactory> + <!-- + The restrictions that are done to various JNDI Contexts in a Multi-tenant environment + --> + <Restrictions> + <!-- + Contexts that will be available only to the super-tenant + --> + <!-- <SuperTenantOnly> + <UrlContexts> + <UrlContext> + <Scheme>foo</Scheme> + </UrlContext> + <UrlContext> + <Scheme>bar</Scheme> + </UrlContext> + </UrlContexts> + </SuperTenantOnly> --> + <!-- + Contexts that are common to all tenants + --> + <AllTenants> + <UrlContexts> + <UrlContext> + <Scheme>java</Scheme> + </UrlContext> + <!-- <UrlContext> + <Scheme>foo</Scheme> + </UrlContext> --> + </UrlContexts> + </AllTenants> + <!-- + All other contexts not mentioned above will be available on a per-tenant basis + (i.e. will not be shared among tenants) + --> + </Restrictions> + </JNDI> + + <!-- + Property to determine if the server is running an a cloud deployment environment. + This property should only be used to determine deployment specific details that are + applicable only in a cloud deployment, i.e when the server deployed *-as-a-service. + --> + <IsCloudDeployment>false</IsCloudDeployment> + + <!-- + Property to determine whether usage data should be collected for metering purposes + --> + <EnableMetering>false</EnableMetering> + + <!-- The Max time a thread should take for execution in seconds --> + <MaxThreadExecutionTime>600</MaxThreadExecutionTime> + + <!-- + A flag to enable or disable Ghost Deployer. By default this is set to false. That is + because the Ghost Deployer works only with the HTTP/S transports. If you are using + other transports, don't enable Ghost Deployer. + --> + <GhostDeployment> + <Enabled>false</Enabled> + </GhostDeployment> + + + <!-- + Eager loading or lazy loading is a design pattern commonly used in computer programming which + will initialize an object upon creation or load on-demand. In carbon, lazy loading is used to + load tenant when a request is received only. Similarly Eager loading is used to enable load + existing tenants after carbon server starts up. Using this feature, you will be able to include + or exclude tenants which are to be loaded when server startup. + + We can enable only one LoadingPolicy at a given time. + + 1. Tenant Lazy Loading + This is the default behaviour and enabled by default. With this policy, tenants are not loaded at + server startup, but loaded based on-demand (i.e when a request is received for a tenant). + The default tenant idle time is 30 minutes. + + 2. Tenant Eager Loading + This is by default not enabled. It can be be enabled by un-commenting the <EagerLoading> section. + The eager loading configurations supported are as below. These configurations can be given as the + value for <Include> element with eager loading. + (i)Load all tenants when server startup - * + (ii)Load all tenants except foo.com & bar.com - *,!foo.com,!bar.com + (iii)Load only foo.com & bar.com to be included - foo.com,bar.com + --> + <Tenant> + <LoadingPolicy> + <LazyLoading> + <IdleTime>30</IdleTime> + </LazyLoading> + <!-- <EagerLoading> + <Include>*,!foo.com,!bar.com</Include> + </EagerLoading>--> + </LoadingPolicy> + </Tenant> + + <!-- + Caching related configurations + --> + <Cache> + <!-- Default cache timeout in minutes --> + <DefaultCacheTimeout>15</DefaultCacheTimeout> + </Cache> + + <!-- + Axis2 related configurations + --> + <Axis2Config> + <!-- + Location of the Axis2 Services & Modules repository + + This can be a directory in the local file system, or a URL. + + e.g. + 1. /home/wso2wsas/repository/ - An absolute path + 2. repository - In this case, the path is relative to CARBON_HOME + 3. file:///home/wso2wsas/repository/ + 4. http://wso2wsas/repository/ + --> + <RepositoryLocation>${carbon.home}/repository/deployment/server/</RepositoryLocation> + + <!-- + Deployment update interval in seconds. This is the interval between repository listener + executions. + --> + <DeploymentUpdateInterval>15</DeploymentUpdateInterval> + + <!-- + Location of the main Axis2 configuration descriptor file, a.k.a. axis2.xml file + + This can be a file on the local file system, or a URL + + e.g. + 1. /home/repository/axis2.xml - An absolute path + 2. conf/axis2.xml - In this case, the path is relative to CARBON_HOME + 3. file:///home/carbon/repository/axis2.xml + 4. http://repository/conf/axis2.xml + --> + <ConfigurationFile>${carbon.home}/repository/conf/axis2/axis2.xml</ConfigurationFile> + + <!-- + ServiceGroupContextIdleTime, which will be set in ConfigurationContex + for multiple clients which are going to access the same ServiceGroupContext + Default Value is 30 Sec. + --> + <ServiceGroupContextIdleTime>30000</ServiceGroupContextIdleTime> + + <!-- + This repository location is used to crete the client side configuration + context used by the server when calling admin services. + --> + <ClientRepositoryLocation>${carbon.home}/repository/deployment/client/</ClientRepositoryLocation> + <!-- This axis2 xml is used in createing the configuration context by the FE server + calling to BE server --> + <clientAxis2XmlLocation>${carbon.home}/repository/conf/axis2/axis2_client.xml</clientAxis2XmlLocation> + <!-- If this parameter is set, the ?wsdl on an admin service will not give the admin service wsdl. --> + <HideAdminServiceWSDLs>true</HideAdminServiceWSDLs> + + <!--WARNING-Use With Care! Uncommenting bellow parameter would expose all AdminServices in HTTP transport. + With HTTP transport your credentials and data routed in public channels are vulnerable for sniffing attacks. + Use bellow parameter ONLY if your communication channels are confirmed to be secured by other means --> + <!--HttpAdminServices>*</HttpAdminServices--> + + </Axis2Config> + + <!-- + The default user roles which will be created when the server + is started up for the first time. + --> + <ServiceUserRoles> + <Role> + <Name>admin</Name> + <Description>Default Administrator Role</Description> + </Role> + <Role> + <Name>user</Name> + <Description>Default User Role</Description> + </Role> + </ServiceUserRoles> + + <!-- + Enable following config to allow Emails as usernames. + --> + <!--EnableEmailUserName>true</EnableEmailUserName--> + + <!-- + Security configurations + --> + <Security> + <!-- + KeyStore which will be used for encrypting/decrypting passwords + and other sensitive information. + --> + <KeyStore> + <!-- Keystore file location--> + <Location>${carbon.home}/repository/resources/security/wso2carbon.jks</Location> + <!-- Keystore type (JKS/PKCS12 etc.)--> + <Type>JKS</Type> + <!-- Keystore password--> + <Password>wso2carbon</Password> + <!-- Private Key alias--> + <KeyAlias>wso2carbon</KeyAlias> + <!-- Private Key password--> + <KeyPassword>wso2carbon</KeyPassword> + </KeyStore> + + <!-- + System wide trust-store which is used to maintain the certificates of all + the trusted parties. + --> + <TrustStore> + <!-- trust-store file location --> + <Location>${carbon.home}/repository/resources/security/client-truststore.jks</Location> + <!-- trust-store type (JKS/PKCS12 etc.) --> + <Type>JKS</Type> + <!-- trust-store password --> + <Password>wso2carbon</Password> + </TrustStore> + + <!-- + The Authenticator configuration to be used at the JVM level. We extend the + java.net.Authenticator to make it possible to authenticate to given servers and + proxies. + --> + <NetworkAuthenticatorConfig> + <!-- + Below is a sample configuration for a single authenticator. Please note that + all child elements are mandatory. Not having some child elements would lead to + exceptions at runtime. + --> + <!-- <Credential> --> + <!-- + the pattern that would match a subset of URLs for which this authenticator + would be used + --> + <!-- <Pattern>regularExpression</Pattern> --> + <!-- + the type of this authenticator. Allowed values are: + 1. server + 2. proxy + --> + <!-- <Type>proxy</Type> --> + <!-- the username used to log in to server/proxy --> + <!-- <Username>username</Username> --> + <!-- the password used to log in to server/proxy --> + <!-- <Password>password</Password> --> + <!-- </Credential> --> + </NetworkAuthenticatorConfig> + + <!-- + The Tomcat realm to be used for hosted Web applications. Allowed values are; + 1. UserManager + 2. Memory + + If this is set to 'UserManager', the realm will pick users & roles from the system's + WSO2 User Manager. If it is set to 'memory', the realm will pick users & roles from + CARBON_HOME/repository/conf/tomcat/tomcat-users.xml + --> + <TomcatRealm>UserManager</TomcatRealm> + + <!--Option to disable storing of tokens issued by STS--> + <DisableTokenStore>false</DisableTokenStore> + + <!-- + Security token store class name. If this is not set, default class will be + org.wso2.carbon.security.util.SecurityTokenStore + --> + <TokenStoreClassName>org.wso2.carbon.identity.sts.store.DBTokenStore</TokenStoreClassName> + + + + <!-- Configurations to avoid Cross Site Request Forgery vulnerabilities --> + <CSRFPreventionConfig> + <!-- CSRFPreventionFilter configurations that adopts Synchronizer Token Pattern --> + <CSRFPreventionFilter> + <!-- Set below to true to enable the CSRFPreventionFilter --> + <Enabled>false</Enabled> + <!-- Url Pattern to skip application of CSRF protection--> + <SkipUrlPattern>(.*)(/images|/css|/js|/docs)(.*)</SkipUrlPattern> + </CSRFPreventionFilter> + </CSRFPreventionConfig> + + <!-- Configuration to enable or disable CR and LF sanitization filter--> + <CRLFPreventionConfig> + <!--Set below to true to enable the CRLFPreventionFilter--> + <Enabled>true</Enabled> + </CRLFPreventionConfig> + </Security> + + <!-- + The temporary work directory + --> + <WorkDirectory>${carbon.home}/tmp/work</WorkDirectory> + + <!-- + House-keeping configuration + --> + <HouseKeeping> + + <!-- + true - Start House-keeping thread on server startup + false - Do not start House-keeping thread on server startup. + The user will run it manually as and when he wishes. + --> + <AutoStart>true</AutoStart> + + <!-- + The interval in *minutes*, between house-keeping runs + --> + <Interval>10</Interval> + + <!-- + The maximum time in *minutes*, temp files are allowed to live + in the system. Files/directories which were modified more than + "MaxTempFileLifetime" minutes ago will be removed by the + house-keeping task + --> + <MaxTempFileLifetime>30</MaxTempFileLifetime> + </HouseKeeping> + + <!-- + Configuration for handling different types of file upload & other file uploading related + config parameters. + To map all actions to a particular FileUploadExecutor, use + <Action>*</Action> + --> + <FileUploadConfig> + <!-- + The total file upload size limit in MB + --> + <TotalFileSizeLimit>100</TotalFileSizeLimit> + + <Mapping> + <Actions> + <Action>keystore</Action> + <Action>certificate</Action> + <Action>*</Action> + </Actions> + <Class>org.wso2.carbon.ui.transports.fileupload.AnyFileUploadExecutor</Class> + </Mapping> + + <Mapping> + <Actions> + <Action>jarZip</Action> + </Actions> + <Class>org.wso2.carbon.ui.transports.fileupload.JarZipUploadExecutor</Class> + </Mapping> + <Mapping> + <Actions> + <Action>dbs</Action> + </Actions> + <Class>org.wso2.carbon.ui.transports.fileupload.DBSFileUploadExecutor</Class> + </Mapping> + <Mapping> + <Actions> + <Action>tools</Action> + </Actions> + <Class>org.wso2.carbon.ui.transports.fileupload.ToolsFileUploadExecutor</Class> + </Mapping> + <Mapping> + <Actions> + <Action>toolsAny</Action> + </Actions> + <Class>org.wso2.carbon.ui.transports.fileupload.ToolsAnyFileUploadExecutor</Class> + </Mapping> + </FileUploadConfig> + + <!-- FileNameRegEx is used to validate the file input/upload/write-out names. + e.g. + <FileNameRegEx>^(?!(?:CON|PRN|AUX|NUL|COM[1-9]|LPT[1-9])(?:\.[^.])?$)[^<>:"/\\|?*\x00-\x1F][^<>:"/\\|?*\x00-\x1F\ .]$</FileNameRegEx> + --> + <!--<FileNameRegEx></FileNameRegEx>--> + + <!-- + Processors which process special HTTP GET requests such as ?wsdl, ?policy etc. + + In order to plug in a processor to handle a special request, simply add an entry to this + section. + + The value of the Item element is the first parameter in the query string(e.g. ?wsdl) + which needs special processing + + The value of the Class element is a class which implements + org.wso2.carbon.transport.HttpGetRequestProcessor + --> + <HttpGetRequestProcessors> + <Processor> + <Item>info</Item> + <Class>org.wso2.carbon.core.transports.util.InfoProcessor</Class> + </Processor> + <Processor> + <Item>wsdl</Item> + <Class>org.wso2.carbon.core.transports.util.Wsdl11Processor</Class> + </Processor> + <Processor> + <Item>wsdl2</Item> + <Class>org.wso2.carbon.core.transports.util.Wsdl20Processor</Class> + </Processor> + <Processor> + <Item>xsd</Item> + <Class>org.wso2.carbon.core.transports.util.XsdProcessor</Class> + </Processor> + </HttpGetRequestProcessors> + + <!-- Deployment Synchronizer Configuration. t Enabled value to true when running with "svn based" dep sync. + In master nodes you need to set both AutoCommit and AutoCheckout to true + and in worker nodes set only AutoCheckout to true. + --> + <DeploymentSynchronizer> + <Enabled>false</Enabled> + <AutoCommit>false</AutoCommit> + <AutoCheckout>true</AutoCheckout> + <RepositoryType>svn</RepositoryType> + <SvnUrl>http://svnrepo.example.com/repos/</SvnUrl> + <SvnUser>username</SvnUser> + <SvnPassword>password</SvnPassword> + <SvnUrlAppendTenantId>true</SvnUrlAppendTenantId> + </DeploymentSynchronizer> + + <!-- Deployment Synchronizer Configuration. Uncomment the following section when running with "registry based" dep sync. + In master nodes you need to set both AutoCommit and AutoCheckout to true + and in worker nodes set only AutoCheckout to true. + --> + <!--<DeploymentSynchronizer> + <Enabled>true</Enabled> + <AutoCommit>false</AutoCommit> + <AutoCheckout>true</AutoCheckout> + </DeploymentSynchronizer>--> + + <!-- Mediation persistence configurations. Only valid if mediation features are available i.e. ESB --> + <!--<MediationConfig> + <LoadFromRegistry>false</LoadFromRegistry> + <SaveToFile>false</SaveToFile> + <Persistence>enabled</Persistence> + <RegistryPersistence>enabled</RegistryPersistence> + </MediationConfig>--> + + <!-- + Server intializing code, specified as implementation classes of org.wso2.carbon.core.ServerInitializer. + This code will be run when the Carbon server is initialized + --> + <ServerInitializers> + <!--<Initializer></Initializer>--> + </ServerInitializers> + + <!-- + Indicates whether the Carbon Servlet is required by the system, and whether it should be + registered + --> + <RequireCarbonServlet>${require.carbon.servlet}</RequireCarbonServlet> + + <!-- + Carbon H2 OSGI Configuration + By default non of the servers start. + name="web" - Start the web server with the H2 Console + name="webPort" - The port (default: 8082) + name="webAllowOthers" - Allow other computers to connect + name="webSSL" - Use encrypted (HTTPS) connections + name="tcp" - Start the TCP server + name="tcpPort" - The port (default: 9092) + name="tcpAllowOthers" - Allow other computers to connect + name="tcpSSL" - Use encrypted (SSL) connections + name="pg" - Start the PG server + name="pgPort" - The port (default: 5435) + name="pgAllowOthers" - Allow other computers to connect + name="trace" - Print additional trace information; for all servers + name="baseDir" - The base directory for H2 databases; for all servers + --> + <!--H2DatabaseConfiguration> + <property name="web" /> + <property name="webPort">8082</property> + <property name="webAllowOthers" /> + <property name="webSSL" /> + <property name="tcp" /> + <property name="tcpPort">9092</property> + <property name="tcpAllowOthers" /> + <property name="tcpSSL" /> + <property name="pg" /> + <property name="pgPort">5435</property> + <property name="pgAllowOthers" /> + <property name="trace" /> + <property name="baseDir">${carbon.home}</property> + </H2DatabaseConfiguration--> + <!--Disabling statistics reporter by default--> + <StatisticsReporterDisabled>true</StatisticsReporterDisabled> + + <!-- Enable accessing Admin Console via HTTP --> + <!-- EnableHTTPAdminConsole>true</EnableHTTPAdminConsole --> + + <!-- + Default Feature Repository of WSO2 Carbon. + --> + <FeatureRepository> + <RepositoryName>default repository</RepositoryName> + <RepositoryURL>http://product-dist.wso2.com/p2/carbon/releases/wilkes/</RepositoryURL> + </FeatureRepository> + + <!-- + Configure API Management + --> + <APIManagement> + + <!--Uses the embedded API Manager by default. If you want to use an external + API Manager instance to manage APIs, configure below externalAPIManager--> + + <Enabled>true</Enabled> + + <!--Uncomment and configure API Gateway and + Publisher URLs to use external API Manager instance--> + + <!--ExternalAPIManager> + + <APIGatewayURL>http://localhost:8281</APIGatewayURL> + <APIPublisherURL>http://localhost:8281/publisher</APIPublisherURL> + + </ExternalAPIManager--> + + <LoadAPIContextsInServerStartup>true</LoadAPIContextsInServerStartup> + </APIManagement> +</Server> http://git-wip-us.apache.org/repos/asf/airavata/blob/93ec75b6/roles/wso2_is/vars/main.yml ---------------------------------------------------------------------- diff --git a/roles/wso2_is/vars/main.yml b/roles/wso2_is/vars/main.yml new file mode 100644 index 0000000..f7b4eb7 --- /dev/null +++ b/roles/wso2_is/vars/main.yml @@ -0,0 +1,18 @@ +--- +#Variables associated with this role +# Oracle Java 8 +java_dir_source: "/usr/local/src" + +java_version: 8 +java_version_update: 91 +java_version_build: '14' +java_version_string: "1.{{ java_version }}.0_{{ java_version_update }}" +java_home: "/usr/java/jdk1.{{ java_version }}.0_{{ java_version_update }}" + +java_rpm_filename: "jdk-{{ java_version }}u{{ java_version_update }}-linux-x64.rpm" +java_rpm_url: "http://download.oracle.com/otn-pub/java/jdk/{{ java_version }}u{{ java_version_update }}-b{{ java_version_build }}/{{ java_rpm_filename }}" + +wso2_is_rul: http://wso2.com/products/identity-server/#download +wso2_is_dist: wso2is-5.1.0.zip +wso2_is_dir: wso2is-5.1.0 +... http://git-wip-us.apache.org/repos/asf/airavata/blob/93ec75b6/site.yml ---------------------------------------------------------------------- diff --git a/site.yml b/site.yml index 63c2fae..0de15ef 100644 --- a/site.yml +++ b/site.yml @@ -36,4 +36,8 @@ roles: - database +- hosts: wso2is + tags: wso2is + roles: + - wso2_is ...
