Reorganized pga config files into include files Ansible doesn't support having multiple group_vars for the same host, so configuring each pga instance as a different group doesn't work. Ansible will load all of the groups' variables for a host and they overwrite one another.
As an alternative I refactored the pga group vars files into vars include files in the inventory. Project: http://git-wip-us.apache.org/repos/asf/airavata/repo Commit: http://git-wip-us.apache.org/repos/asf/airavata/commit/67eed40b Tree: http://git-wip-us.apache.org/repos/asf/airavata/tree/67eed40b Diff: http://git-wip-us.apache.org/repos/asf/airavata/diff/67eed40b Branch: refs/heads/develop Commit: 67eed40b9a56db71d45f18b23384da0ea14e9199 Parents: cda1172 Author: Marcus Christie <[email protected]> Authored: Wed Apr 5 16:05:58 2017 -0400 Committer: Marcus Christie <[email protected]> Committed: Wed Apr 5 16:05:58 2017 -0400 ---------------------------------------------------------------------- .../production/group_vars/pga-seagrid/vars.yml | 59 -------------------- .../production/group_vars/pga-seagrid/vault.yml | 18 ------ .../ansible/inventories/scigap/production/hosts | 6 +- .../production/pga_config/seagrid/vars.yml | 59 ++++++++++++++++++++ .../production/pga_config/seagrid/vault.yml | 18 ++++++ .../production/pga_config/testdrive/vars.yml | 57 +++++++++++++++++++ .../production/pga_config/testdrive/vault.yml | 18 ++++++ dev-tools/ansible/pga-scigap-prod.yml | 25 +++++++++ dev-tools/ansible/pga-single-vhost.yml | 36 ++++++++++++ 9 files changed, 214 insertions(+), 82 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/airavata/blob/67eed40b/dev-tools/ansible/inventories/scigap/production/group_vars/pga-seagrid/vars.yml ---------------------------------------------------------------------- diff --git a/dev-tools/ansible/inventories/scigap/production/group_vars/pga-seagrid/vars.yml b/dev-tools/ansible/inventories/scigap/production/group_vars/pga-seagrid/vars.yml deleted file mode 100644 index 89f300f..0000000 --- a/dev-tools/ansible/inventories/scigap/production/group_vars/pga-seagrid/vars.yml +++ /dev/null @@ -1,59 +0,0 @@ -# -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# - ---- -pga_repo: "https://github.com/apache/airavata-php-gateway.git"; -git_branch: "master" -user: "pga" -group: "pga" -doc_root_dir: "/var/www/portals/{{ gateway_id }}" -# TODO: disable SSL temporarily for testing -#vhost_servername: "seagrid.org" -#vhost_serveralias: "www.portal.seagrid.org" -vhost_servername: "{{ groups['pga'][0][0] }}" -vhost_ssl: False -# TODO: have Ansible manage these files as well -ssl_certificate_file: "/etc/pki/tls/certs/seagrid_org_cert.cer" -ssl_certificate_chain_file: "/etc/pki/tls/certs/seagrid_org_interm.cer" -ssl_certificate_key_file: "/etc/pki/tls/private/portal.seagrid.key" - -## WSO2 IS related variables -tenant_domain: "prod.seagrid" -admin_username: "admin" -admin_password: "{{ vault_admin_password }}" -oauth_client_key: "{{ vault_oauth_client_key }}" -oauth_client_secret: "{{ vault_oauth_client_secret }}" - -gateway_id: "seagrid" -# relative to document root dir -experiment_data_dir: "{{ user_data_dir }}/seagrid" -# TODO: this is only for testing, we'll need to update this again during the real migration -gateway_data_store_resource_id: "gf4.ucs.indiana.edu_71a8409a-0713-4a45-985f-22847f63df4e" -gateway_data_store_ssh_public_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCApfdud3cJ7rx44M41gEKVgRfefk/Vd/7dIp9Xr9juX4jqmGuLoZR+hk287Hmbps6hZv23Av97XkCLldH0pueDekthcBDo4cRiQMDBp9NLz/9muqYVBl985psEbazYygagy/q/3ebi4CVEYVd4cHBee1V3GYyuJS2RklF0s/Otyf8x8auJSMniHGbTbVqtFlEOYuPdXlRBfH37k55N7+2iXKsIVvgn1MDweHEbQWJMx2LDCkLfJitreTiwcuST55w6N/n8WYZM2t+ie3BJEr6tcGAVIuyxj7CbMYMziM/hM5J+oQGPY/IBtiNZoxiZ0DeAC9SiEvE9fbTEW2iRWnQL" - -## Portal related variables -super_admin_portal: "false" -admin_emails: "['[email protected]', '[email protected]']" -portal_email_username: "[email protected]" -portal_email_password: "{{ vault_portal_email_password }}" -portal_theme: "seagrid" -portal_theme_repo: "https://github.com/SciGaP/seagrid-website-theme.git"; -portal_title: "SEAGrid Portal" -... http://git-wip-us.apache.org/repos/asf/airavata/blob/67eed40b/dev-tools/ansible/inventories/scigap/production/group_vars/pga-seagrid/vault.yml ---------------------------------------------------------------------- diff --git a/dev-tools/ansible/inventories/scigap/production/group_vars/pga-seagrid/vault.yml b/dev-tools/ansible/inventories/scigap/production/group_vars/pga-seagrid/vault.yml deleted file mode 100644 index b253227..0000000 --- a/dev-tools/ansible/inventories/scigap/production/group_vars/pga-seagrid/vault.yml +++ /dev/null @@ -1,18 +0,0 @@ -$ANSIBLE_VAULT;1.1;AES256 -66333335376433663761356636313739303836383431366135633735663262366262663737613936 -6238613036636365653530353538373031623562373335300a316462306231653531613330303030 -61383138343832616162353239303331663164326635336566663666316232366562616633316139 -6365666632373662340a666238353135396239373062383331386137353134336539386636623237 -37326237326233303437386666646138666530663766376238366263653730353938363064663336 -62336662643831653833633835653666363134303830633834336162383265666131303434346466 -32323937663766323632396631616264326232613361333834303031636239333435343563396366 -35643766376466613535383938623038653634303035323065363031303032303835343866643330 -37303462333839313265353063613937623431336635623839386137353433396136623162333233 -62633536616437376366663566393430626533323232383733353761643738376366316631353562 -35366133373866393737653665326566353963643138633630393838643363633562623430373132 -62383531356430646633323933633130623935653139363566326232653965333764363238333137 -30663863363566353035393437316135303265643165353034326664656336623930613632376237 -62393231336539656636636530643863323834363130636238323732373738316265306665643962 -62333437313064623566386438636136613461373332343462613733623736666338333064346661 -62643035636435663135613437383036663034363536646634633966666633643033303634633639 -63396139343037353433613936333962366130333336333231353836353161636365 http://git-wip-us.apache.org/repos/asf/airavata/blob/67eed40b/dev-tools/ansible/inventories/scigap/production/hosts ---------------------------------------------------------------------- diff --git a/dev-tools/ansible/inventories/scigap/production/hosts b/dev-tools/ansible/inventories/scigap/production/hosts index dbd7789..1049930 100644 --- a/dev-tools/ansible/inventories/scigap/production/hosts +++ b/dev-tools/ansible/inventories/scigap/production/hosts @@ -16,9 +16,5 @@ gf5.ucs.indiana.edu [gfac] gf6.ucs.indiana.edu -[pga:children] -pga-seagrid - -[pga-seagrid] +[pga] gf4.ucs.indiana.edu - http://git-wip-us.apache.org/repos/asf/airavata/blob/67eed40b/dev-tools/ansible/inventories/scigap/production/pga_config/seagrid/vars.yml ---------------------------------------------------------------------- diff --git a/dev-tools/ansible/inventories/scigap/production/pga_config/seagrid/vars.yml b/dev-tools/ansible/inventories/scigap/production/pga_config/seagrid/vars.yml new file mode 100644 index 0000000..046a119 --- /dev/null +++ b/dev-tools/ansible/inventories/scigap/production/pga_config/seagrid/vars.yml @@ -0,0 +1,59 @@ +# +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +--- +pga_repo: "https://github.com/apache/airavata-php-gateway.git"; +git_branch: "master" +user: "pga" +group: "pga" +doc_root_dir: "/var/www/portals/{{ gateway_id }}" +# TODO: disable SSL temporarily for testing +#vhost_servername: "seagrid.org" +#vhost_serveralias: "www.portal.seagrid.org" +vhost_servername: "gf4.ucs.indiana.edu" +vhost_ssl: False +# TODO: have Ansible manage these files as well +ssl_certificate_file: "/etc/pki/tls/certs/seagrid_org_cert.cer" +ssl_certificate_chain_file: "/etc/pki/tls/certs/seagrid_org_interm.cer" +ssl_certificate_key_file: "/etc/pki/tls/private/portal.seagrid.key" + +## WSO2 IS related variables +tenant_domain: "prod.seagrid" +admin_username: "admin" +admin_password: "{{ vault_admin_password }}" +oauth_client_key: "{{ vault_oauth_client_key }}" +oauth_client_secret: "{{ vault_oauth_client_secret }}" + +gateway_id: "seagrid" +# relative to document root dir +experiment_data_dir: "{{ user_data_dir }}/seagrid" +# TODO: this is only for testing, we'll need to update this again during the real migration +gateway_data_store_resource_id: "gf4.ucs.indiana.edu_71a8409a-0713-4a45-985f-22847f63df4e" +gateway_data_store_ssh_public_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCApfdud3cJ7rx44M41gEKVgRfefk/Vd/7dIp9Xr9juX4jqmGuLoZR+hk287Hmbps6hZv23Av97XkCLldH0pueDekthcBDo4cRiQMDBp9NLz/9muqYVBl985psEbazYygagy/q/3ebi4CVEYVd4cHBee1V3GYyuJS2RklF0s/Otyf8x8auJSMniHGbTbVqtFlEOYuPdXlRBfH37k55N7+2iXKsIVvgn1MDweHEbQWJMx2LDCkLfJitreTiwcuST55w6N/n8WYZM2t+ie3BJEr6tcGAVIuyxj7CbMYMziM/hM5J+oQGPY/IBtiNZoxiZ0DeAC9SiEvE9fbTEW2iRWnQL" + +## Portal related variables +super_admin_portal: "false" +admin_emails: "['[email protected]', '[email protected]']" +portal_email_username: "[email protected]" +portal_email_password: "{{ vault_portal_email_password }}" +portal_theme: "seagrid" +portal_theme_repo: "https://github.com/SciGaP/seagrid-website-theme.git"; +portal_title: "SEAGrid Portal" +... http://git-wip-us.apache.org/repos/asf/airavata/blob/67eed40b/dev-tools/ansible/inventories/scigap/production/pga_config/seagrid/vault.yml ---------------------------------------------------------------------- diff --git a/dev-tools/ansible/inventories/scigap/production/pga_config/seagrid/vault.yml b/dev-tools/ansible/inventories/scigap/production/pga_config/seagrid/vault.yml new file mode 100644 index 0000000..b253227 --- /dev/null +++ b/dev-tools/ansible/inventories/scigap/production/pga_config/seagrid/vault.yml @@ -0,0 +1,18 @@ +$ANSIBLE_VAULT;1.1;AES256 +66333335376433663761356636313739303836383431366135633735663262366262663737613936 +6238613036636365653530353538373031623562373335300a316462306231653531613330303030 +61383138343832616162353239303331663164326635336566663666316232366562616633316139 +6365666632373662340a666238353135396239373062383331386137353134336539386636623237 +37326237326233303437386666646138666530663766376238366263653730353938363064663336 +62336662643831653833633835653666363134303830633834336162383265666131303434346466 +32323937663766323632396631616264326232613361333834303031636239333435343563396366 +35643766376466613535383938623038653634303035323065363031303032303835343866643330 +37303462333839313265353063613937623431336635623839386137353433396136623162333233 +62633536616437376366663566393430626533323232383733353761643738376366316631353562 +35366133373866393737653665326566353963643138633630393838643363633562623430373132 +62383531356430646633323933633130623935653139363566326232653965333764363238333137 +30663863363566353035393437316135303265643165353034326664656336623930613632376237 +62393231336539656636636530643863323834363130636238323732373738316265306665643962 +62333437313064623566386438636136613461373332343462613733623736666338333064346661 +62643035636435663135613437383036663034363536646634633966666633643033303634633639 +63396139343037353433613936333962366130333336333231353836353161636365 http://git-wip-us.apache.org/repos/asf/airavata/blob/67eed40b/dev-tools/ansible/inventories/scigap/production/pga_config/testdrive/vars.yml ---------------------------------------------------------------------- diff --git a/dev-tools/ansible/inventories/scigap/production/pga_config/testdrive/vars.yml b/dev-tools/ansible/inventories/scigap/production/pga_config/testdrive/vars.yml new file mode 100644 index 0000000..0b6b715 --- /dev/null +++ b/dev-tools/ansible/inventories/scigap/production/pga_config/testdrive/vars.yml @@ -0,0 +1,57 @@ +# +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +--- +pga_repo: "https://github.com/apache/airavata-php-gateway.git"; +git_branch: "master" +user: "pga" +group: "pga" +doc_root_dir: "/var/www/portals/testdrive" +vhost_servername: "testdrive.airavata.org" +vhost_serveralias: "www.testdrive.airavata.org" +vhost_ssl: True +# TODO: have Ansible manage these files as well +ssl_certificate_file: "/etc/pki/tls/certs/testdrive_airavata_org_cert.cer" +ssl_certificate_chain_file: "/etc/pki/tls/certs/testdrive_airavata_org_interm.cer" +ssl_certificate_key_file: "/etc/pki/tls/private/testdrive-airavata.key" + +## WSO2 IS related variables +tenant_domain: "prod.testdrive" +admin_username: "tdaadmin" +admin_password: "{{ vault_admin_password }}" +oauth_client_key: "{{ vault_oauth_client_key }}" +oauth_client_secret: "{{ vault_oauth_client_secret }}" + +gateway_id: "default" +# relative to document root dir +experiment_data_dir: "{{ user_data_dir }}/testdrive" +# TODO: this is only for testing, we'll need to update this again during the real migration +gateway_data_store_resource_id: "gf4.ucs.indiana.edu_71a8409a-0713-4a45-985f-22847f63df4e" +gateway_data_store_ssh_public_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCUF51b2cYYqqadLHL9M/oPY0ZHZlWbdOdaIgjpzIzMnO7M9hKrHVY2pqyLPvqCLzaunxITPWsTqw0E8hwub4ttGLAx/O4kIf+BgyZK7iuwXWhI7u85/o58IfrD4B+jVCYKRNayuLR+lJWsiOeS6HSlunpTKTEhFGeOHn2UzdbLfgWYQ3VUFDtKN1oDPDT78ml5c2RCibJ21jltpevVfEtCUctERpTfniWSuQZggP1qiLNa1+PfiJ3mGsEzJFDntQvQetdinaAbEaT7+sctS8nBNjapkmYMf6tBl3S0bLttYPH51f8lUQAFaAzrestO1JpJNnIeY01/S3MWIlAWASnn" + +## Portal related variables +super_admin_portal: "false" +admin_emails: "['[email protected]','[email protected]','[email protected]']" +portal_email_username: "[email protected]" +portal_email_password: "{{ vault_portal_email_password }}" +#portal_theme: "base" +#portal_theme_repo: "" +portal_title: "Airavata Test Drive" +... http://git-wip-us.apache.org/repos/asf/airavata/blob/67eed40b/dev-tools/ansible/inventories/scigap/production/pga_config/testdrive/vault.yml ---------------------------------------------------------------------- diff --git a/dev-tools/ansible/inventories/scigap/production/pga_config/testdrive/vault.yml b/dev-tools/ansible/inventories/scigap/production/pga_config/testdrive/vault.yml new file mode 100644 index 0000000..2719a75 --- /dev/null +++ b/dev-tools/ansible/inventories/scigap/production/pga_config/testdrive/vault.yml @@ -0,0 +1,18 @@ +$ANSIBLE_VAULT;1.1;AES256 +62343936613436343730626461303331313361373265653231623265646366343037303261643162 +3730386162363861626462626432373932363365323233610a643637633565333538633462383530 +61333833323534356430343461363531663035386637623836366361653430323861333639653762 +6239626461646433380a376139303561346661316131376366623538643433326335363032653966 +63393732653961666637343966623839386564643339653665623433613132363832363061356665 +63346637373235623332613561303162356363323937303630623036386636393465346662336365 +63386238306534613136643466323564626336386165616137653133316532613465626365393961 +34373466613439346534366263633261643936323334316636376538613233663333646636383838 +66333437316165656262386337326131396432616137326631643532613438366633396337633065 +62363833616239626666613062623730326633616532336662653234393863373962396564353662 +66366461343066366161366633666562613031613036363237636333343734393730383332363534 +62306435633163303864636639613465633936636462333636633361613431396265626333373761 +32346234383639363163326435356330633062383162353666303931376133393431356336663665 +34303265386334623332303336633662323563643661623566353734303362326661643062613637 +31666239313065316633613162646631636534356233323533663666613537303263646261643363 +32303539633332386566623435353732396532396537643736356334383565316433633261333630 +36336263323934643764323263393362373531643165373435326539623266383936 http://git-wip-us.apache.org/repos/asf/airavata/blob/67eed40b/dev-tools/ansible/pga-scigap-prod.yml ---------------------------------------------------------------------- diff --git a/dev-tools/ansible/pga-scigap-prod.yml b/dev-tools/ansible/pga-scigap-prod.yml new file mode 100644 index 0000000..e40417c --- /dev/null +++ b/dev-tools/ansible/pga-scigap-prod.yml @@ -0,0 +1,25 @@ +# +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +--- +- include: pga-single-vhost.yml vars_dir="{{ inventory_dir }}/pga_config/seagrid" +- include: pga-single-vhost.yml vars_dir="{{ inventory_dir }}/pga_config/testdrive" + +... http://git-wip-us.apache.org/repos/asf/airavata/blob/67eed40b/dev-tools/ansible/pga-single-vhost.yml ---------------------------------------------------------------------- diff --git a/dev-tools/ansible/pga-single-vhost.yml b/dev-tools/ansible/pga-single-vhost.yml new file mode 100644 index 0000000..618c613 --- /dev/null +++ b/dev-tools/ansible/pga-single-vhost.yml @@ -0,0 +1,36 @@ +# +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +# This playbook is meant to be included and can be used to +# deploy multiple PGA instances onto the same host by using +# virtual hosting. Turns out in Ansible you can't setup these +# different PGA instances as different groups on the same host. +# The group_vars for each PGA instance will overwrite each other. +# See https://github.com/ansible/ansible/issues/9065 for more info. +--- +- hosts: pga + vars_files: + - "{{ vars_dir }}/vars.yml" + - "{{ vars_dir }}/vault.yml" + roles: + - env_setup + - pga + +...
