dREG PGA configuration dREG PGA configuration needs to override the virtual host configuration to allow some non-HTTPS requests, so a way to override the virtual host file was implemented.
Project: http://git-wip-us.apache.org/repos/asf/airavata/repo Commit: http://git-wip-us.apache.org/repos/asf/airavata/commit/f8e55d34 Tree: http://git-wip-us.apache.org/repos/asf/airavata/tree/f8e55d34 Diff: http://git-wip-us.apache.org/repos/asf/airavata/diff/f8e55d34 Branch: refs/heads/develop Commit: f8e55d34576d5d7c6afbd0848daf05841defb361 Parents: 2fb19efc Author: Marcus Christie <[email protected]> Authored: Wed Apr 26 10:06:32 2017 -0400 Committer: Marcus Christie <[email protected]> Committed: Wed Apr 26 10:31:45 2017 -0400 ---------------------------------------------------------------------- dev-tools/ansible/ansible.cfg | 2 +- .../cornell-dnasequence/pga-ssl-vhost.conf.j2 | 31 ++++++++++ .../pga_config/cornell-dnasequence/vars.yml | 63 ++++++++++++++++++++ .../pga_config/cornell-dnasequence/vault.yml | 18 ++++++ dev-tools/ansible/pga-scigap-prod.yml | 1 + dev-tools/ansible/roles/pga/defaults/main.yml | 3 + dev-tools/ansible/roles/pga/tasks/main.yml | 6 +- 7 files changed, 120 insertions(+), 4 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/airavata/blob/f8e55d34/dev-tools/ansible/ansible.cfg ---------------------------------------------------------------------- diff --git a/dev-tools/ansible/ansible.cfg b/dev-tools/ansible/ansible.cfg index 9af1301..bf32223 100644 --- a/dev-tools/ansible/ansible.cfg +++ b/dev-tools/ansible/ansible.cfg @@ -1,2 +1,2 @@ [defaults] -inventory_ignore_extensions = .jks \ No newline at end of file +inventory_ignore_extensions = .jks, .j2 http://git-wip-us.apache.org/repos/asf/airavata/blob/f8e55d34/dev-tools/ansible/inventories/scigap/production/pga_config/cornell-dnasequence/pga-ssl-vhost.conf.j2 ---------------------------------------------------------------------- diff --git a/dev-tools/ansible/inventories/scigap/production/pga_config/cornell-dnasequence/pga-ssl-vhost.conf.j2 b/dev-tools/ansible/inventories/scigap/production/pga_config/cornell-dnasequence/pga-ssl-vhost.conf.j2 new file mode 100644 index 0000000..ee053cc --- /dev/null +++ b/dev-tools/ansible/inventories/scigap/production/pga_config/cornell-dnasequence/pga-ssl-vhost.conf.j2 @@ -0,0 +1,31 @@ +<VirtualHost *:80> + ServerName {{ vhost_servername }} + {% if vhost_serveralias is defined %} + ServerAlias {{ vhost_serveralias }} + {% endif %} + + ## Redirect all http traffic to https + RewriteEngine On + RewriteCond %{HTTPS} off + # Don't redirect /gbrowser and /gbfile requests to HTTPS + RewriteCond %{THE_REQUEST} !\s/(gbrowser|gbfile) + RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} +</VirtualHost> + +<VirtualHost *:443> + ServerName {{ vhost_servername }} + {% if vhost_serveralias is defined %} + ServerAlias {{ vhost_serveralias }} + {% endif %} + + DocumentRoot {{ doc_root_dir }}/public + <Directory "{{ doc_root_dir }}/public"> + AllowOverride All + </Directory> + ErrorLog {{ httpd_log_dir[ansible_os_family] }}/{{ gateway_id }}.error.log + CustomLog {{ httpd_log_dir[ansible_os_family] }}/{{ gateway_id }}.requests.log combined + SSLEngine on + SSLCertificateFile {{ ssl_certificate_file }} + SSLCertificateChainFile {{ ssl_certificate_chain_file }} + SSLCertificateKeyFile {{ ssl_certificate_key_file }} +</VirtualHost> http://git-wip-us.apache.org/repos/asf/airavata/blob/f8e55d34/dev-tools/ansible/inventories/scigap/production/pga_config/cornell-dnasequence/vars.yml ---------------------------------------------------------------------- diff --git a/dev-tools/ansible/inventories/scigap/production/pga_config/cornell-dnasequence/vars.yml b/dev-tools/ansible/inventories/scigap/production/pga_config/cornell-dnasequence/vars.yml new file mode 100644 index 0000000..56cc201 --- /dev/null +++ b/dev-tools/ansible/inventories/scigap/production/pga_config/cornell-dnasequence/vars.yml @@ -0,0 +1,63 @@ +# +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +--- + +# FIXME Temporarily dREG is pointed to gw56 (dev) +airavata_server: "tls://gw56.iu.xsede.org" +airavata_port: "9930" + +pga_repo: "https://github.com/apache/airavata-php-gateway.git"; +git_branch: "dreg-gateway" +user: "pga" +group: "pga" +doc_root_dir: "/var/www/portals/{{ gateway_id }}" +vhost_servername: "dreg.dnasequence.org" +vhost_ssl: True +# TODO: have Ansible manage these files as well +ssl_certificate_file: "/etc/letsencrypt/live/dreg.dnasequence.org/cert.pem" +ssl_certificate_chain_file: "/etc/letsencrypt/live/dreg.dnasequence.org/fullchain.pem" +ssl_certificate_key_file: "/etc/letsencrypt/live/dreg.dnasequence.org/privkey.pem" +pga_ssl_vhost_template: "{{ inventory_dir }}/pga_config/cornell-dnasequence/pga-ssl-vhost.conf.j2" + +## WSO2 IS related variables +tenant_domain: "dreg.cornell" +admin_username: "admin" +admin_password: "{{ vault_admin_password }}" +oauth_client_key: "{{ vault_oauth_client_key }}" +oauth_client_secret: "{{ vault_oauth_client_secret }}" +# dREG gateway automatically gives users the gateway-user role so they don't have to wait on admin approval +initial_role_name: "gateway-user" + +gateway_id: "cornelldna" +# relative to document root dir +experiment_data_dir: "{{ user_data_dir }}/cornell-dnasequence" +gateway_data_store_resource_id: "gf4.ucs.indiana.edu_61552681-96f0-462a-a36c-a62a010bffc6" +gateway_data_store_ssh_public_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCTs6k2lSt5nn+UF3N1rAko9WjdtHZ1xLcKxCG4+4AVMdTIeng12g+1qB5hIFiDgesT/D/nzoA27EFj5nWiYanxBySNgl1Re8kR0nEqQbR0zj1dSibmfjW+vmOZzEiNSrNoLlc4KbFgqFCRGIlZ1bWZ7yHtJ3I7xxfKhvvxCTzJ4K71v1aovnDTUYophy2lUsdOcOq84Qhv3ITZafgblz3mJSwVpnnI72IepzonzDUdcf/w0lKCl70L9MgQAZ2V4e9sQZWJLI5s1VtJsqKggtgI4goPyxXROoH9PTUZFqvvYjLGW8JVS9eZKblSKil09yckPfZCSk1i/UD/uY6O7bjf" + +## Portal related variables +super_admin_portal: "false" +admin_emails: "['[email protected]','[email protected]']" +portal_email_username: "[email protected]" +portal_email_password: "{{ vault_portal_email_password }}" +# The portal theme is included in the dreg-gateway branch of airavata-php-gateway +portal_theme: "dreg" +portal_title: "dREG DNA Sequencing" +... http://git-wip-us.apache.org/repos/asf/airavata/blob/f8e55d34/dev-tools/ansible/inventories/scigap/production/pga_config/cornell-dnasequence/vault.yml ---------------------------------------------------------------------- diff --git a/dev-tools/ansible/inventories/scigap/production/pga_config/cornell-dnasequence/vault.yml b/dev-tools/ansible/inventories/scigap/production/pga_config/cornell-dnasequence/vault.yml new file mode 100644 index 0000000..eaca63b --- /dev/null +++ b/dev-tools/ansible/inventories/scigap/production/pga_config/cornell-dnasequence/vault.yml @@ -0,0 +1,18 @@ +$ANSIBLE_VAULT;1.1;AES256 +37653231363231666433316261313238643763633234663866393832386236643436623566303263 +3334323065363831656435383564623034393661323037300a343263316666633131366134613661 +39633030386362623966303630653462373762373034323134356539313036376563613335383135 +3962646533323362370a383064616634303730373232353663386165313666303732396635643562 +39313037323264656236323337643862636265626138656435303064353531616264633435643965 +38616138613039336666313436643635666337643533343264326637653864356563343532333262 +35323335336437333964373366653737343032306238643032343162353437666664376636353236 +32363138633432396330613832656266663734616131383735393565343133626666313766313164 +35386534313033623563613635343163633564613636636236316633623263313437626337663530 +64313166323263353266623135616236653463356439363530373630653232363863303238356265 +65363630393364636238643861386161356635666331336530626533666434373931393237643861 +33383663653439313064393735653064323836656666343366636161643938396136383234386232 +33343238636238373936663365316663653532616364636336363936316235353164636365613738 +33346462386230623735376132306663633932363838643935373539316565626435646565393833 +66623065373162623964363665646436356464643366633764323232343736353032616561643637 +30326166396262316335323463323763653930653263613162663336343863313937393934313765 +30626235653162643566366361303630616437346539333436616666313738346232 http://git-wip-us.apache.org/repos/asf/airavata/blob/f8e55d34/dev-tools/ansible/pga-scigap-prod.yml ---------------------------------------------------------------------- diff --git a/dev-tools/ansible/pga-scigap-prod.yml b/dev-tools/ansible/pga-scigap-prod.yml index a4192b5..6ab9c9d 100644 --- a/dev-tools/ansible/pga-scigap-prod.yml +++ b/dev-tools/ansible/pga-scigap-prod.yml @@ -21,6 +21,7 @@ --- - include: pga-single-vhost.yml vars_dir="{{ inventory_dir }}/pga_config/brandeis" - include: pga-single-vhost.yml vars_dir="{{ inventory_dir }}/pga_config/cinetvtech" +- include: pga-single-vhost.yml vars_dir="{{ inventory_dir }}/pga_config/cornell-dnasequence" - include: pga-single-vhost.yml vars_dir="{{ inventory_dir }}/pga_config/georgiastate" - include: pga-single-vhost.yml vars_dir="{{ inventory_dir }}/pga_config/iugateway" - include: pga-single-vhost.yml vars_dir="{{ inventory_dir }}/pga_config/lsu" http://git-wip-us.apache.org/repos/asf/airavata/blob/f8e55d34/dev-tools/ansible/roles/pga/defaults/main.yml ---------------------------------------------------------------------- diff --git a/dev-tools/ansible/roles/pga/defaults/main.yml b/dev-tools/ansible/roles/pga/defaults/main.yml index e2690f3..4b66323 100644 --- a/dev-tools/ansible/roles/pga/defaults/main.yml +++ b/dev-tools/ansible/roles/pga/defaults/main.yml @@ -33,6 +33,9 @@ httpd_log_dir: Debian: /var/log/apache2 RedHat: /var/log/httpd +pga_vhost_template: "pga-vhost.conf.j2" +pga_ssl_vhost_template: "pga-ssl-vhost.conf.j2" + ## WSO2 IS related variables tenant_domain: "prod.testdrive" admin_username: "tdaadmin" http://git-wip-us.apache.org/repos/asf/airavata/blob/f8e55d34/dev-tools/ansible/roles/pga/tasks/main.yml ---------------------------------------------------------------------- diff --git a/dev-tools/ansible/roles/pga/tasks/main.yml b/dev-tools/ansible/roles/pga/tasks/main.yml index 384ef25..3279a97 100644 --- a/dev-tools/ansible/roles/pga/tasks/main.yml +++ b/dev-tools/ansible/roles/pga/tasks/main.yml @@ -101,7 +101,7 @@ dest: "{{ doc_root_dir }}/public/themes/{{ portal_theme }}" version: "master" update: yes - when: portal_theme != "base" + when: portal_theme != "base" and portal_theme_repo != "" become: yes become_user: "{{user}}" @@ -127,14 +127,14 @@ become: yes - name: copy virtual host config file - template: src=pga-vhost.conf.j2 dest={{ httpd_confd_file_location[ansible_os_family] }} backup=yes + template: src={{ pga_vhost_template }} dest={{ httpd_confd_file_location[ansible_os_family] }} backup=yes become: yes notify: - restart httpd when: not vhost_ssl - name: copy SSL enabled virtual host config file - template: src=pga-ssl-vhost.conf.j2 dest={{ httpd_confd_file_location[ansible_os_family] }} backup=yes + template: src={{ pga_ssl_vhost_template }} dest={{ httpd_confd_file_location[ansible_os_family] }} backup=yes become: yes notify: - restart httpd
