Updated production SciGaP deployment for Keycloak migration
Project: http://git-wip-us.apache.org/repos/asf/airavata/repo Commit: http://git-wip-us.apache.org/repos/asf/airavata/commit/48995ea3 Tree: http://git-wip-us.apache.org/repos/asf/airavata/tree/48995ea3 Diff: http://git-wip-us.apache.org/repos/asf/airavata/diff/48995ea3 Branch: refs/heads/keycloak-prod-migration Commit: 48995ea35f1ba308a39ee356199502cc09ed3539 Parents: c48982d Author: Marcus Christie <[email protected]> Authored: Wed Jun 28 15:56:41 2017 -0400 Committer: Marcus Christie <[email protected]> Committed: Mon Jul 3 14:10:27 2017 -0400 ---------------------------------------------------------------------- .../scigap/production/files/keycloak.jks | 143 +++++++++++++++++++ .../scigap/production/group_vars/all/vars.yml | 24 +++- .../scigap/production/group_vars/all/vault.yml | 50 ++++--- .../production/pga_config/brandeis/vars.yml | 10 +- .../production/pga_config/cinetvtech/vars.yml | 10 +- .../production/pga_config/georgiastate/vars.yml | 10 +- .../production/pga_config/iugateway/vars.yml | 14 +- .../scigap/production/pga_config/lsu/vars.yml | 10 +- .../pga_config/nanoconfinement/vars.yml | 10 +- .../scigap/production/pga_config/nsg/vars.yml | 13 +- .../production/pga_config/oiitandy/vars.yml | 10 +- .../scigap/production/pga_config/oscer/vars.yml | 14 +- .../production/pga_config/phasta/vars.yml | 10 +- .../production/pga_config/scigap/vars.yml | 15 +- .../production/pga_config/seagrid/vars.yml | 29 +++- .../production/pga_config/simvascular/vars.yml | 10 +- .../production/pga_config/southdakota/vars.yml | 10 +- .../pga_config/southernillinois/vars.yml | 10 +- .../production/pga_config/testdrive/vars.yml | 14 +- .../production/pga_config/ultrascan/vars.yml | 13 +- .../scigap/production/pga_config/utah/vars.yml | 10 +- 21 files changed, 371 insertions(+), 68 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/airavata/blob/48995ea3/dev-tools/ansible/inventories/scigap/production/files/keycloak.jks ---------------------------------------------------------------------- diff --git a/dev-tools/ansible/inventories/scigap/production/files/keycloak.jks b/dev-tools/ansible/inventories/scigap/production/files/keycloak.jks new file mode 100644 index 0000000..44b438c --- /dev/null +++ b/dev-tools/ansible/inventories/scigap/production/files/keycloak.jks @@ -0,0 +1,143 @@ +$ANSIBLE_VAULT;1.1;AES256 +30366331303865323462333764326263383166393537356230336538633135666336653666363561 +3035643264363462633734326562643336653866653938380a653634333866326130316234623037 +32353361323362356365353661353537663765633731633436303362383962383234303839393831 +6630653035646262300a316134613233396332653739313736333265373435633839393662366462 +37653633333637666365363364616635363362353239633636626636633139666232363432386232 +34313861323064656262303165363134336432373135613565623935623863396136336136336263 +66363762323031323861663066343330663462623338383735613063616235626437613930313236 +35656530363932373433356136636563366336383936346234303563386138616665396364326330 +62303731333364313631343032643230626161613063613861383035366630396339633031353662 +35393535366130373037663062323138333365383037656537333963393066613365643563323832 +37363037663765333135663534396338653934383665623633653537316562636136633065343365 +39363263353333363562633337343361343134663666396630626332636539343939643066383538 +61303362663865373866373363643538386638663531333537656432303137343334393630656436 +30393232316332663038366537386535336565626538643661616433646431323936393530656639 +36343866666265626663653330633438666461313137393662353638346539376334366634616630 +64356237383836333638623337396633653162616564616561306238643663383636323865383736 +32653031383536383732643238316465666331323033373038636330663266353530356337343739 +37663734613365653130396332383463623666653636376236626439613830633232343937303034 +35313563396566303134336131313837663332626639313162663636633737383164366136383836 +32633331333066356631393935623734343430666139613735656262333064346433613934366534 +65383533396466653065376338336636313338633934623734633136393635366636356436333233 +63386263323161646335353939656361333964373962633065343536663230626434396232303863 +33303832396665383233386434353738303135623637656663646631623539626633333336383464 +32373431633738383435323465303430356239336433316339363665613337396335633465366531 +39646137646235626235623032393863333864623634313835393966373965356133646336343231 +65346365656333333361383463303036306262383438383765653838373332643236633965356632 +30353239616566386334663936646531336135363838303064373536353663333433336664336133 +35343733323539653330386131353236626161666461303661613365313135626136626634663065 +66306239353932363435323662346334356430663338623561373937396338653331343830346432 +33353964363063383037376366646261306463336162396163323063643463366336333161393361 +33363736313436303938333062663065386531346332346366343036633435653037316639313538 +37363562393338353565356565366331313163653163323263346136343266313764356135656365 +64653839626562303736346166636464323038323937326561306439306364303865336639316639 +35313662623737326538393766616235396137663762323461613132623939393165616132303836 +30386232353463356266396537396336633166363037656665333361336533353637383738383137 +30636431643964373265636132343664363961303933646332646534376166363932373036653433 +32656263613863653131373137376661323939306235366162323165633863666333326637643437 +39656366363531633532663334393334333630373132653662656161313438326531663232343730 +39653838386266353561656632623365353161303730346263666436656239343230313262626566 +30333563623763636138363263656335373636383661626665373733663363346663396163313934 +35393432393863353632633366346264306363303861373435363164396436616535373432356434 +32643337623534386330353633393132383737353137646630386238323763313063653561636162 +66636438363838383136663931623664616434326639386535396437653562663732323936386634 +38373537306231313664313963303337666166353438393232646536366130303366333635393364 +36363031356461633662323730363536383631396566616661303031353735386234316265313366 +65356138323262633431623366303136356630616364303838663434626266643638346664333835 +38633732613234626637643335613463333661366337356365653036376664363339316465356564 +37393433633934323935386561663862396435316664396164363733613930333538316261613335 +39663538656166306630303136346563613131633931366531626166363564626361393564363531 +31383730666338386637313130333161383237636564363536363838366361306437323165363038 +32373964353134636665303865653263386230353132626361393337653365646565393262633961 +37623738663336303963356661356539346264383364343366613030393333623437323164343939 +35623534363663656331363734626163323834613861386630353230626630393932396532623634 +62316565303134616364363563343639643463666464656136396234376463386265653162333832 +38373630313966616230623831656230363333653664383137373234316134306165313630623466 +35363932333433323061336661363632336134643166326238653237323530303937646663363332 +65643339663130613131643665616361656464303034666264393264326531303561633730323337 +36636331386534626232393533376363333034343432306461303438663164623566323265663664 +65346161633538343931336365393661336661336363633430333033366466636639353466646334 +37353532343364363438616635636566376239393839666563346664393730326630313538626264 +32643039366266306130653231336132303239633531306439656335343262626665313933313064 +31313834646664383465346432633437303139636166663236313630633436623431316664353766 +36356462636538663339656131653038316564623831313830326137373333623331393430663236 +39613931363661316137316539356264663032366262333063653236346537346230653932663435 +31356439303461346236376432366664366363636633353963323537643264643361636632336333 +31383163366362343765386332346536313561386636393832393234643566636535666438646132 +64373039376333636465373131646661663538653664386335383834653132653266363461633064 +63663363376565336239323335646636376438653938316531643334636466633061646337343664 +61643037316437356363663033623638323064633530366534613132656137636537663333636133 +31663364623134396434313334313263363636343362653766653664623663653936646331343438 +62636661343965393033313339356539383233363430666563363764386336343839303633353633 +61613333376130633064633666626133383838303936303936633937653664656237313466346465 +30316564336164643864663062646564643839313330373230356166336534633765613031656535 +39663234356437383131383331356332656265306362636462366337306265316437363432323632 +35653261396530333862613565353161306237653065353431396465366164666462303532653136 +65303736646136336233623837633761373730623865316164343932623737666131663337636163 +39336335343432383639633830396134316434393764653235613737633435646238363537623632 +36616261333834613765303132656135316330643964313961646364343638636233316364373137 +35663630366431623665393064663634393734613339363863636164373764623734303531326534 +39663264343834623536366231366664346365396638336263313832366133623561303335386362 +34366632356166623163363230656339346337306531386636663434376231626135313763643134 +34626637346166303933383533653435323039373433646364383934623663363234316366353635 +32303739356638346539363134333037353830343735656162616230306439306634366631663635 +36343865333263656466633036386439653066336233656262383238303766356131383266303432 +63323336393237633131336238333263613464636266666466653333373365643435623936636464 +35343531386461333762383834323837353734616561623331306166653331616239333232383561 +31336430616137366664633737626266326339343836633033316632326438363434643565633738 +32623634643564633435633931376663643266663761643031333433616233323234663238323461 +32386235343533626331396531346634643566636539363161363133313436383638643266633436 +33353363636635353164306235353162313963653734383739323366666235333663373735393439 +33336337336365303030376430653535313833313337666235636331366462653731393631373030 +62616431336439623164333162393062363933316234383431313162666233363765353634346536 +35326164373332623138623038656263353665613230376438343861373337316237343833653361 +66303038613339633038313236363136646361386134343266303266333365373537623166333965 +61653363623263663231623765346232653037633863383331623038303964373131343532333266 +63346336633166393337343031366237363633323736323565633331376566356437323633653862 +33393263346237613739316536306366383863323065633738663337303265643038363838363263 +33393666316262383135366361316439376636333866643138613639306231643866663264373835 +37393731376330326633623931663261316337636338333733663766326264376436313136373734 +35363238303135323136383563656263383437386431666238346661363534333237613533646365 +34633862323537366338353138303063623032623136316338313533393430323233306437383363 +30663333356230343837366531346437633832333836343937346261303862343334363034333861 +38636130376466353066643065646339656637343464383439323263326536396139306235373033 +66656238363435356536326134336133663533383735616463333133613437346232393364633033 +63633432396231646165643634363535653336313833323434356331343132393866396339366434 +37613736303165313539333033613234646237336230613134643362366232336131616335393538 +64663361383466623831653265653461346665393264653533323466636666326565383163663465 +33623133636261633636346335306634306538623035356630666136636161306566666565313030 +63346231336565666366386565636361383465313833613836613432356431313637633837363866 +65333761636236316534656262383365303064393465636134383661323834393165643766626234 +61636539373966646262663231363031616333393033666565636336346561363261313564373736 +37646535613536616463663264623131656165646337616262396138333232383032383661303863 +66363936666364376539626135623463326439393664346261333530306563613137343736383365 +36366536343035326662633562396533366264336630613165346166313339306635353863663436 +36373539303064663932326562353166613432623364656535616132393431616332363635396638 +65616331333063636664353633376363366164636462393934383434663364333861636532633437 +64353337623939626437633436626665303436306338346337346535663439376163623861633864 +64326639626438373661383438623266303664356332653534393037343336343034376430616536 +32336362643630343464326138313662626533306437616138343036336639373161386437303161 +66393739393930663762616333643431373237633639666338633735353236663037373237646435 +37666537323662623431343833643161393932336662666538633765656432663761323865663436 +30623532343635633734663165396366616365313966386162666435633166316531323235653764 +32336537336539653331643734633564653863306630356639623936346336333131373731633536 +34653561636539326633323963376338326432633639306530616631646538383238646238333061 +38306432363535396239333634393739306664313931333864316464383430373065653132616166 +61626461396238326463616530663136313230663239333530643466653865346634613465313034 +64333330663831643130373038343935376265343366613363326638376433373139393664656264 +39393266643339366163323732333962353632323233366430346431643432383039323736656330 +33656334616330653563663966656438613965336638653234313831623864383463623866653761 +32326364386631616264663634656436316365303739663736626635393838643031383732383462 +35633861383163333163386163616439663165616533303064303434386134366631663062643462 +33646361376365666635343637343038313435613965623664646663316239323536633033613664 +39316237306166396132373566313166306361313565383937393338303764616230633534376338 +63383033306631396634616639356561613261356266613831653333626364643631666431633932 +65616132356163663261363630373738343565313230386639376364353739343364303835386664 +64313065616264343830313061303161313966643439643335626639656135626664366365633430 +38323332316462326531306639393638626565663339366331663935666134333231396235633134 +66316363343539666334323233393438646134626433373433383531626166353937633739343834 +62303133613735653961316139356165626365653665633439653363356663303732323038356233 +64386633363133393033343462643731333039396466386136363066663762353062313532646336 +65663263663063323030343338613331623035633763666535323966663432393065373734306464 +6234303833653065643264613135343731373634666632313938 http://git-wip-us.apache.org/repos/asf/airavata/blob/48995ea3/dev-tools/ansible/inventories/scigap/production/group_vars/all/vars.yml ---------------------------------------------------------------------- diff --git a/dev-tools/ansible/inventories/scigap/production/group_vars/all/vars.yml b/dev-tools/ansible/inventories/scigap/production/group_vars/all/vars.yml index 2313795..9d3b75e 100644 --- a/dev-tools/ansible/inventories/scigap/production/group_vars/all/vars.yml +++ b/dev-tools/ansible/inventories/scigap/production/group_vars/all/vars.yml @@ -47,6 +47,7 @@ replica_catalog: "replica_catalog" sharing_catalog: "sharing_catalog" workflow_catalog: "workflow_catalog" credential_store: "credential_store" +profile_service: "profile_service" mysql_connector_jar: "mysql-connector-java-5.1.37-bin.jar" @@ -70,6 +71,9 @@ api_secured: "false" tls_enable: "true" api_server_tls_port: "9930" enable_sharing: "true" +iam_server_url: "https://iam.scigap.org/auth"; +iam_server_super_admin_username: "AiravataAdmin" +iam_server_super_admin_password: "{{ vault_iam_server_super_admin_password }}" # Orchestrator related variables orchestrator_name: "orchestrator-node0" @@ -86,8 +90,6 @@ registry_port: 8970 default_gateway: "default" # Credential and keystore related variables -#authorization_server: "https://{{ groups['wso2is'][0]}}:9443/services/" -authorization_server: "https://idp.scigap.org:9443/services/"; keystore_src_path: "{{inventory_dir}}/files/airavata.jks" keystore_passwd: "{{ vault_keystore_passwd }}" client_truststore_src_path: "{{inventory_dir}}/files/client_truststore.jks" @@ -118,9 +120,23 @@ real_user_data_dir: "/data/gateway-user-data" #airavata_server: "tls://gw77.iu.xsede.org" airavata_server: "tls://{{ groups['api-orch'][0] }}" airavata_port: "9930" -# FIXME: temporarily turn off SSL verification for WSO2 IS -auth_verify_peer: "false" +airavata_profile_service_server: "{{ groups['api-orch'][0] }}" +auth_verify_peer: "true" +oauth_service_url: "{{ iam_server_url }}" # Sharing Registry related variables sharing_registry_host: "{{ groups['api-orch'][0] }}" sharing_registry_port: 7878 + +# Profile Service related variables +profile_service_host: "{{ groups['api-orch'][0] }}" +profile_service_port: 8962 + +# Keycloak +keycloak_ssl_keystore_file: "{{ inventory_dir }}/files/keycloak.jks" +keycloak_ssl_keystore_password: "{{ vault_keycloak_ssl_keystore_password }}" +keycloak_db_host: "localhost" +keycloak_db_username: "keycloak" +keycloak_db_password: "{{ vault_keycloak_db_password }}" +keycloak_master_account_username: "AiravataAdmin" +keycloak_master_account_password: "{{ vault_keycloak_master_account_password }}" http://git-wip-us.apache.org/repos/asf/airavata/blob/48995ea3/dev-tools/ansible/inventories/scigap/production/group_vars/all/vault.yml ---------------------------------------------------------------------- diff --git a/dev-tools/ansible/inventories/scigap/production/group_vars/all/vault.yml b/dev-tools/ansible/inventories/scigap/production/group_vars/all/vault.yml index e63e4ae..e5d7671 100644 --- a/dev-tools/ansible/inventories/scigap/production/group_vars/all/vault.yml +++ b/dev-tools/ansible/inventories/scigap/production/group_vars/all/vault.yml @@ -1,20 +1,32 @@ $ANSIBLE_VAULT;1.1;AES256 -32393636303631613537663430383839636363376162653935623036373062663734383863316435 -3039646665353363346261616636363633346665616263620a636438333561623935643234303236 -35616237333034613263303438356137663162313065343361363163633230653561323963333665 -3139646633323338370a323537353433633961613763333633393634643138653166356338333434 -35373733356265343635323436343064636535336361393764616631663136376565646331303730 -32613064646239616434303932656231643466396330633731336665376261383030363065316130 -30393031616532303264616164363430323866353936303333326266366166323566336235303531 -33613537363962626166323465313130343362393634323132626535363866333364326238356130 -35306430663630653534363631393731646262366135633761376533303264326662666235663965 -64323836313663376237383135646466336334393235356230343364663232393635643561336462 -38613838633762616633656131623733333336313661373564366532343732643537663636376166 -30333633313262336538303539363063303538333131356563343165383861363736616432663666 -35663731623038376464373239303438353761376531373061663861656231663437383461633334 -30323430363235366536373663646630333562613163346337393638623166303739323736363230 -37656232353163326638616230613661346436633339373239343036616334633263393566383965 -31633832336338373264613664333064363238653035373466396635396430343634666463636530 -62383332646362353635646236323735626266383933363833643636643631373965323464613531 -66373563353536633064643839383634646632376132646233656536386135643530333963373437 -313436303763626261636165303932336361 +36656438643034386437333735643963306462343964333131646432353464333663656462623261 +6537633832376334666261346438346466363263373135390a313962303637396532366231376336 +65636236353137383061636664386133363838316230376664333265633564343633653333623736 +6536363430653439650a633431393961333438363462356434333735646566353263366565336533 +31633462353766356562616236363964656265363537636166613931366130303135386330383939 +65613230363762326164643432323661636639653763373130373433356666323466353361333338 +61336331646139323033613037643839353430343737363234386233353936646264386538396164 +63303435373266653137383238356136333962323130663766616465313537663333663130653066 +64313838623634643632323862316437333764366364656266353232643036393262363130616465 +33383465383838643561653035336563383366623737336235336266393134636332666561356536 +39623961613966333130613936656332353331653863363138666338363064633130343936393134 +65613132653934313632626261316663646266636237666437613739383965653531343862313538 +66313130613862623435666665393363383638313962633938353064386633346266623264373561 +66336430323361366131613163323861373563656133323335636237306332356637353766636164 +37343639346533616462303234303930343938323537346537663938336531623034373335313061 +65376636653834626364356536383666333337656163323235613332396638636365643363666239 +64333434656130646533306330626635313132633536616363333139643866396136373132646239 +65386232353139366338356130653831623539393263343137313739643430616566363232366661 +66383731393931326432636231366434343364336264643436633639373134373565643466663933 +39383835363635623461313365666562383365313339363766313638656238623139363833643638 +66653732613035303365646137643333653061643263396266396639626633386536663462373663 +64633331383161313337343063373461623534373630353239633930366165633931663462303234 +62666662393234633034313732646436326562336637336136623766616634386439313937346363 +66613730376531663833646133633736326633656538383966326232336633316662313235653063 +61386365353266613665333935343165356263663164383635313632613935636333386538303934 +61323733636263623439656339316139313163376565363032353236313738626261643064316364 +38643937323136386233303566376462663836626538386261356333323637353861613836666663 +34396137636561333738663035653939656230633838343766343432366466383537653334326462 +33366431346465333562306164353934316261643330376565336364373231363335303733653439 +37376639326335323137306161366439333465393432396638343837343930313635333433346263 +306562646366333162653131396234633362 http://git-wip-us.apache.org/repos/asf/airavata/blob/48995ea3/dev-tools/ansible/inventories/scigap/production/pga_config/brandeis/vars.yml ---------------------------------------------------------------------- diff --git a/dev-tools/ansible/inventories/scigap/production/pga_config/brandeis/vars.yml b/dev-tools/ansible/inventories/scigap/production/pga_config/brandeis/vars.yml index 67e66f2..1d2b909 100644 --- a/dev-tools/ansible/inventories/scigap/production/pga_config/brandeis/vars.yml +++ b/dev-tools/ansible/inventories/scigap/production/pga_config/brandeis/vars.yml @@ -27,12 +27,18 @@ doc_root_dir: "/var/www/portals/brandeis" vhost_servername: "sciencegateway.sci.brandeis.edu" vhost_ssl: False -## WSO2 IS related variables -tenant_domain: "airavata.brandeis" +## Keycloak related variables +tenant_domain: "{{ gateway_id }}" admin_username: "adminuser" admin_password: "{{ vault_admin_password }}" oauth_client_key: "{{ vault_oauth_client_key }}" oauth_client_secret: "{{ vault_oauth_client_secret }}" +oidc_discovery_url: "https://iam.scigap.org/auth/realms/{{ tenant_domain }}/.well-known/openid-configuration" + +auth_options: + - name: "Brandeis University Science Gateway" + oauth_grant_type: "password" +oauth_callback_url: "http://{{ vhost_servername }}/callback-url" gateway_id: "brandeis" # relative to document root dir http://git-wip-us.apache.org/repos/asf/airavata/blob/48995ea3/dev-tools/ansible/inventories/scigap/production/pga_config/cinetvtech/vars.yml ---------------------------------------------------------------------- diff --git a/dev-tools/ansible/inventories/scigap/production/pga_config/cinetvtech/vars.yml b/dev-tools/ansible/inventories/scigap/production/pga_config/cinetvtech/vars.yml index 627f99b..e9dddbd 100644 --- a/dev-tools/ansible/inventories/scigap/production/pga_config/cinetvtech/vars.yml +++ b/dev-tools/ansible/inventories/scigap/production/pga_config/cinetvtech/vars.yml @@ -31,12 +31,18 @@ ssl_certificate_file: "/etc/letsencrypt/live/cinet.scigap.org/cert.pem" ssl_certificate_chain_file: "/etc/letsencrypt/live/cinet.scigap.org/fullchain.pem" ssl_certificate_key_file: "/etc/letsencrypt/live/cinet.scigap.org/privkey.pem" -## WSO2 IS related variables -tenant_domain: "airavata.cinet" +## Keycloak related variables +tenant_domain: "{{ gateway_id }}" admin_username: "adminuser" admin_password: "{{ vault_admin_password }}" oauth_client_key: "{{ vault_oauth_client_key }}" oauth_client_secret: "{{ vault_oauth_client_secret }}" +oidc_discovery_url: "https://iam.scigap.org/auth/realms/{{ tenant_domain }}/.well-known/openid-configuration" + +auth_options: + - name: "Virginia Tech Cinet Gateway" + oauth_grant_type: "password" +oauth_callback_url: "https://{{ vhost_servername }}/callback-url" gateway_id: "cinetvtech" # relative to document root dir http://git-wip-us.apache.org/repos/asf/airavata/blob/48995ea3/dev-tools/ansible/inventories/scigap/production/pga_config/georgiastate/vars.yml ---------------------------------------------------------------------- diff --git a/dev-tools/ansible/inventories/scigap/production/pga_config/georgiastate/vars.yml b/dev-tools/ansible/inventories/scigap/production/pga_config/georgiastate/vars.yml index 7d79862..161302e 100644 --- a/dev-tools/ansible/inventories/scigap/production/pga_config/georgiastate/vars.yml +++ b/dev-tools/ansible/inventories/scigap/production/pga_config/georgiastate/vars.yml @@ -31,12 +31,18 @@ ssl_certificate_file: "/etc/letsencrypt/live/hpcgateway.gsu.edu/cert.pem" ssl_certificate_chain_file: "/etc/letsencrypt/live/hpcgateway.gsu.edu/fullchain.pem" ssl_certificate_key_file: "/etc/letsencrypt/live/hpcgateway.gsu.edu/privkey.pem" -## WSO2 IS related variables -tenant_domain: "airavata.geo" +## Keycloak related variables +tenant_domain: "{{ gateway_id }}" admin_username: "adminuser" admin_password: "{{ vault_admin_password }}" oauth_client_key: "{{ vault_oauth_client_key }}" oauth_client_secret: "{{ vault_oauth_client_secret }}" +oidc_discovery_url: "https://iam.scigap.org/auth/realms/{{ tenant_domain }}/.well-known/openid-configuration" + +auth_options: + - name: "Georgia State PHP Gateway" + oauth_grant_type: "password" +oauth_callback_url: "https://{{ vhost_servername }}/callback-url" gateway_id: "georgiastate" # relative to document root dir http://git-wip-us.apache.org/repos/asf/airavata/blob/48995ea3/dev-tools/ansible/inventories/scigap/production/pga_config/iugateway/vars.yml ---------------------------------------------------------------------- diff --git a/dev-tools/ansible/inventories/scigap/production/pga_config/iugateway/vars.yml b/dev-tools/ansible/inventories/scigap/production/pga_config/iugateway/vars.yml index 7bce4c5..c63e223 100644 --- a/dev-tools/ansible/inventories/scigap/production/pga_config/iugateway/vars.yml +++ b/dev-tools/ansible/inventories/scigap/production/pga_config/iugateway/vars.yml @@ -31,12 +31,22 @@ ssl_certificate_file: "/etc/pki/tls/certs/cybergateway_iu_edu_cert.cer" ssl_certificate_chain_file: "/etc/pki/tls/certs/cybergateway_iu_edu_interm.cer" ssl_certificate_key_file: "/etc/pki/tls/private/iugateway.key" -## WSO2 IS related variables -tenant_domain: "airavata.iub" +## Keycloak related variables +tenant_domain: "{{ gateway_id }}" admin_username: "admin" admin_password: "{{ vault_admin_password }}" oauth_client_key: "{{ vault_oauth_client_key }}" oauth_client_secret: "{{ vault_oauth_client_secret }}" +oidc_discovery_url: "https://iam.scigap.org/auth/realms/{{ tenant_domain }}/.well-known/openid-configuration" + +auth_options: + - name: "IU Gateway" + oauth_grant_type: "password" + - name: "CILogon" + oauth_grant_type: "authorization_code" + oauth_authorize_url_extra_params: "kc_idp_hint=oidc" + logo: "/assets/cilogon-logo-24x24-b.png" +oauth_callback_url: "https://{{ vhost_servername }}/callback-url" gateway_id: "iugateway" # relative to document root dir http://git-wip-us.apache.org/repos/asf/airavata/blob/48995ea3/dev-tools/ansible/inventories/scigap/production/pga_config/lsu/vars.yml ---------------------------------------------------------------------- diff --git a/dev-tools/ansible/inventories/scigap/production/pga_config/lsu/vars.yml b/dev-tools/ansible/inventories/scigap/production/pga_config/lsu/vars.yml index 5d7ecb8..d7bd5fb 100644 --- a/dev-tools/ansible/inventories/scigap/production/pga_config/lsu/vars.yml +++ b/dev-tools/ansible/inventories/scigap/production/pga_config/lsu/vars.yml @@ -27,12 +27,18 @@ doc_root_dir: "/var/www/portals/lsu" vhost_servername: "lsu.scigap.org" vhost_ssl: False -## WSO2 IS related variables -tenant_domain: "lsu.edu" +## Keycloak related variables +tenant_domain: "{{ gateway_id }}" admin_username: "lsuadmin" admin_password: "{{ vault_admin_password }}" oauth_client_key: "{{ vault_oauth_client_key }}" oauth_client_secret: "{{ vault_oauth_client_secret }}" +oidc_discovery_url: "https://iam.scigap.org/auth/realms/{{ tenant_domain }}/.well-known/openid-configuration" + +auth_options: + - name: "LSU Cybergateway" + oauth_grant_type: "password" +oauth_callback_url: "http://{{ vhost_servername }}/callback-url" gateway_id: "lsu" # relative to document root dir http://git-wip-us.apache.org/repos/asf/airavata/blob/48995ea3/dev-tools/ansible/inventories/scigap/production/pga_config/nanoconfinement/vars.yml ---------------------------------------------------------------------- diff --git a/dev-tools/ansible/inventories/scigap/production/pga_config/nanoconfinement/vars.yml b/dev-tools/ansible/inventories/scigap/production/pga_config/nanoconfinement/vars.yml index 3f2e2b6..865ebe4 100644 --- a/dev-tools/ansible/inventories/scigap/production/pga_config/nanoconfinement/vars.yml +++ b/dev-tools/ansible/inventories/scigap/production/pga_config/nanoconfinement/vars.yml @@ -31,12 +31,18 @@ ssl_certificate_file: "/etc/letsencrypt/live/nanoconfinement.sciencegateways.iu. ssl_certificate_chain_file: "/etc/letsencrypt/live/nanoconfinement.sciencegateways.iu.edu/fullchain.pem" ssl_certificate_key_file: "/etc/letsencrypt/live/nanoconfinement.sciencegateways.iu.edu/privkey.pem" -## WSO2 IS related variables -tenant_domain: "airavata.nanoconfinement" +## Keycloak related variables +tenant_domain: "{{ gateway_id }}" admin_username: "admin" admin_password: "{{ vault_admin_password }}" oauth_client_key: "{{ vault_oauth_client_key }}" oauth_client_secret: "{{ vault_oauth_client_secret }}" +oidc_discovery_url: "https://iam.scigap.org/auth/realms/{{ tenant_domain }}/.well-known/openid-configuration" + +auth_options: + - name: "Nano Confinement" + oauth_grant_type: "password" +oauth_callback_url: "https://{{ vhost_servername }}/callback-url" gateway_id: "nanoconfinement" # relative to document root dir http://git-wip-us.apache.org/repos/asf/airavata/blob/48995ea3/dev-tools/ansible/inventories/scigap/production/pga_config/nsg/vars.yml ---------------------------------------------------------------------- diff --git a/dev-tools/ansible/inventories/scigap/production/pga_config/nsg/vars.yml b/dev-tools/ansible/inventories/scigap/production/pga_config/nsg/vars.yml index 9487e44..b4d5d0d 100644 --- a/dev-tools/ansible/inventories/scigap/production/pga_config/nsg/vars.yml +++ b/dev-tools/ansible/inventories/scigap/production/pga_config/nsg/vars.yml @@ -31,13 +31,20 @@ ssl_certificate_file: "/etc/pki/tls/certs/nsg_scigap_org_cert.cer" ssl_certificate_chain_file: "/etc/pki/tls/certs/nsg_scigap_org_interm.cer" ssl_certificate_key_file: "/etc/pki/tls/private/nsg.scigap.key" -## WSO2 IS related variables -tenant_domain: "prod.nsg" +## Keycloak related variables +tenant_domain: "{{ gateway_id }}" admin_username: "nsgadmin" admin_password: "{{ vault_admin_password }}" oauth_client_key: "{{ vault_oauth_client_key }}" oauth_client_secret: "{{ vault_oauth_client_secret }}" -user_role_name: "airavata-user" +# With Keycloak, we have to have static role names +#user_role_name: "airavata-user" +oidc_discovery_url: "https://iam.scigap.org/auth/realms/{{ tenant_domain }}/.well-known/openid-configuration" + +auth_options: + - name: "NSG" + oauth_grant_type: "password" +oauth_callback_url: "https://{{ vhost_servername }}/callback-url" gateway_id: "nsg" # relative to document root dir http://git-wip-us.apache.org/repos/asf/airavata/blob/48995ea3/dev-tools/ansible/inventories/scigap/production/pga_config/oiitandy/vars.yml ---------------------------------------------------------------------- diff --git a/dev-tools/ansible/inventories/scigap/production/pga_config/oiitandy/vars.yml b/dev-tools/ansible/inventories/scigap/production/pga_config/oiitandy/vars.yml index 37321cb..65a6cb1 100644 --- a/dev-tools/ansible/inventories/scigap/production/pga_config/oiitandy/vars.yml +++ b/dev-tools/ansible/inventories/scigap/production/pga_config/oiitandy/vars.yml @@ -31,12 +31,18 @@ ssl_certificate_file: "/etc/letsencrypt/live/scigw.oii.org/cert.pem" ssl_certificate_chain_file: "/etc/letsencrypt/live/scigw.oii.org/fullchain.pem" ssl_certificate_key_file: "/etc/letsencrypt/live/scigw.oii.org/privkey.pem" -## WSO2 IS related variables -tenant_domain: "prod.oii" +## Keycloak related variables +tenant_domain: "{{ gateway_id }}" admin_username: "admin" admin_password: "{{ vault_admin_password }}" oauth_client_key: "{{ vault_oauth_client_key }}" oauth_client_secret: "{{ vault_oauth_client_secret }}" +oidc_discovery_url: "https://iam.scigap.org/auth/realms/{{ tenant_domain }}/.well-known/openid-configuration" + +auth_options: + - name: "OII Science Gateway" + oauth_grant_type: "password" +oauth_callback_url: "https://{{ vhost_servername }}/callback-url" gateway_id: "oiitandy" # relative to document root dir http://git-wip-us.apache.org/repos/asf/airavata/blob/48995ea3/dev-tools/ansible/inventories/scigap/production/pga_config/oscer/vars.yml ---------------------------------------------------------------------- diff --git a/dev-tools/ansible/inventories/scigap/production/pga_config/oscer/vars.yml b/dev-tools/ansible/inventories/scigap/production/pga_config/oscer/vars.yml index eb15b34..7d2f6e8 100644 --- a/dev-tools/ansible/inventories/scigap/production/pga_config/oscer/vars.yml +++ b/dev-tools/ansible/inventories/scigap/production/pga_config/oscer/vars.yml @@ -31,12 +31,22 @@ ssl_certificate_file: "/etc/letsencrypt/live/sciencegateway.oscer.ou.edu/cert.pe ssl_certificate_chain_file: "/etc/letsencrypt/live/sciencegateway.oscer.ou.edu/fullchain.pem" ssl_certificate_key_file: "/etc/letsencrypt/live/sciencegateway.oscer.ou.edu/privkey.pem" -## WSO2 IS related variables -tenant_domain: "prod.oscer" +## Keycloak related variables +tenant_domain: "{{ tenant_domain }}" admin_username: "admin" admin_password: "{{ vault_admin_password }}" oauth_client_key: "{{ vault_oauth_client_key }}" oauth_client_secret: "{{ vault_oauth_client_secret }}" +oidc_discovery_url: "https://iam.scigap.org/auth/realms/{{ tenant_domain }}/.well-known/openid-configuration" + +auth_options: + - name: "OU Science Gateway" + oauth_grant_type: "password" + - name: "CILogon" + oauth_grant_type: "authorization_code" + oauth_authorize_url_extra_params: "kc_idp_hint=oidc" + logo: "/assets/cilogon-logo-24x24-b.png" +oauth_callback_url: "https://{{ vhost_servername }}/callback-url" gateway_id: "oscer" # relative to document root dir http://git-wip-us.apache.org/repos/asf/airavata/blob/48995ea3/dev-tools/ansible/inventories/scigap/production/pga_config/phasta/vars.yml ---------------------------------------------------------------------- diff --git a/dev-tools/ansible/inventories/scigap/production/pga_config/phasta/vars.yml b/dev-tools/ansible/inventories/scigap/production/pga_config/phasta/vars.yml index 2542690..6a15508 100644 --- a/dev-tools/ansible/inventories/scigap/production/pga_config/phasta/vars.yml +++ b/dev-tools/ansible/inventories/scigap/production/pga_config/phasta/vars.yml @@ -31,12 +31,18 @@ ssl_certificate_file: "/etc/pki/tls/certs/phasta_scigap_org_cert.cer" ssl_certificate_chain_file: "/etc/pki/tls/certs/phasta_scigap_org_interm.cer" ssl_certificate_key_file: "/etc/pki/tls/private/phasta.scigap.key" -## WSO2 IS related variables -tenant_domain: "product.phasta" +## Keycloak related variables +tenant_domain: "{{ gateway_id }}" admin_username: "phasta_admin" admin_password: "{{ vault_admin_password }}" oauth_client_key: "{{ vault_oauth_client_key }}" oauth_client_secret: "{{ vault_oauth_client_secret }}" +oidc_discovery_url: "https://iam.scigap.org/auth/realms/{{ tenant_domain }}/.well-known/openid-configuration" + +auth_options: + - name: "PHASTA" + oauth_grant_type: "password" +oauth_callback_url: "https://{{ vhost_servername }}/callback-url" gateway_id: "phasta" # relative to document root dir http://git-wip-us.apache.org/repos/asf/airavata/blob/48995ea3/dev-tools/ansible/inventories/scigap/production/pga_config/scigap/vars.yml ---------------------------------------------------------------------- diff --git a/dev-tools/ansible/inventories/scigap/production/pga_config/scigap/vars.yml b/dev-tools/ansible/inventories/scigap/production/pga_config/scigap/vars.yml index 8cb7375..1f01bed 100644 --- a/dev-tools/ansible/inventories/scigap/production/pga_config/scigap/vars.yml +++ b/dev-tools/ansible/inventories/scigap/production/pga_config/scigap/vars.yml @@ -31,18 +31,25 @@ ssl_certificate_file: "/etc/pki/tls/certs/scigap_org_cert.cer" ssl_certificate_chain_file: "/etc/pki/tls/certs/scigap_org_interm.cer" ssl_certificate_key_file: "/etc/pki/tls/private/scigap.key" -## WSO2 IS related variables -tenant_domain: "" +## Keycloak related variables +tenant_domain: "{{ gateway_id }}" admin_username: "scigap_admin" admin_password: "{{ vault_admin_password }}" oauth_client_key: "{{ vault_oauth_client_key }}" oauth_client_secret: "{{ vault_oauth_client_secret }}" -user_role_name: "airavata-user" +# With Keycloak, we have to have static role names +#user_role_name: "airavata-user" +initial_role_name: "gateway-provider" +oidc_discovery_url: "https://iam.scigap.org/auth/realms/{{ tenant_domain }}/.well-known/openid-configuration" + +auth_options: + - name: "SciGaP" + oauth_grant_type: "password" +oauth_callback_url: "https://{{ vhost_servername }}/callback-url" gateway_id: "scigap" # relative to document root dir experiment_data_dir: "{{ user_data_dir }}/scigap" -# TODO: this is only for testing, we'll need to update this again during the real migration gateway_data_store_resource_id: "gf4.ucs.indiana.edu_61552681-96f0-462a-a36c-a62a010bffc6" ## Portal related variables http://git-wip-us.apache.org/repos/asf/airavata/blob/48995ea3/dev-tools/ansible/inventories/scigap/production/pga_config/seagrid/vars.yml ---------------------------------------------------------------------- diff --git a/dev-tools/ansible/inventories/scigap/production/pga_config/seagrid/vars.yml b/dev-tools/ansible/inventories/scigap/production/pga_config/seagrid/vars.yml index 7ad0bda..57c143b 100644 --- a/dev-tools/ansible/inventories/scigap/production/pga_config/seagrid/vars.yml +++ b/dev-tools/ansible/inventories/scigap/production/pga_config/seagrid/vars.yml @@ -24,20 +24,35 @@ git_branch: "master" user: "pga" group: "pga" doc_root_dir: "/var/www/portals/{{ gateway_id }}" -vhost_servername: "seagrid.org" -vhost_serveralias: "www.seagrid.org" +#vhost_servername: "seagrid.org" +#vhost_serveralias: "www.seagrid.org" +vhost_servername: "beta.seagrid.org" vhost_ssl: True # TODO: have Ansible manage these files as well -ssl_certificate_file: "/etc/pki/tls/certs/seagrid_org_cert.cer" -ssl_certificate_chain_file: "/etc/pki/tls/certs/seagrid_org_interm.cer" -ssl_certificate_key_file: "/etc/pki/tls/private/portal.seagrid.key" +#ssl_certificate_file: "/etc/pki/tls/certs/seagrid_org_cert.cer" +#ssl_certificate_chain_file: "/etc/pki/tls/certs/seagrid_org_interm.cer" +#ssl_certificate_key_file: "/etc/pki/tls/private/portal.seagrid.key" +ssl_certificate_file: "/etc/letsencrypt/live/beta.seagrid.org/cert.pem" +ssl_certificate_chain_file: "/etc/letsencrypt/live/beta.seagrid.org/fullchain.pem" +ssl_certificate_key_file: "/etc/letsencrypt/live/beta.seagrid.org/privkey.pem" -## WSO2 IS related variables -tenant_domain: "prod.seagrid" + +## Keycloak related variables +tenant_domain: "{{ gateway_id }}" admin_username: "admin" admin_password: "{{ vault_admin_password }}" oauth_client_key: "{{ vault_oauth_client_key }}" oauth_client_secret: "{{ vault_oauth_client_secret }}" +oidc_discovery_url: "https://iam.scigap.org/auth/realms/{{ tenant_domain }}/.well-known/openid-configuration" + +auth_options: + - name: "SEAGrid" + oauth_grant_type: "password" + - name: "CILogon" + oauth_grant_type: "authorization_code" + oauth_authorize_url_extra_params: "kc_idp_hint=oidc" + logo: "/assets/cilogon-logo-24x24-b.png" +oauth_callback_url: "https://{{ vhost_servername }}/callback-url" gateway_id: "seagrid" # relative to document root dir http://git-wip-us.apache.org/repos/asf/airavata/blob/48995ea3/dev-tools/ansible/inventories/scigap/production/pga_config/simvascular/vars.yml ---------------------------------------------------------------------- diff --git a/dev-tools/ansible/inventories/scigap/production/pga_config/simvascular/vars.yml b/dev-tools/ansible/inventories/scigap/production/pga_config/simvascular/vars.yml index 97cd515..ae301d6 100644 --- a/dev-tools/ansible/inventories/scigap/production/pga_config/simvascular/vars.yml +++ b/dev-tools/ansible/inventories/scigap/production/pga_config/simvascular/vars.yml @@ -31,12 +31,18 @@ ssl_certificate_file: "/etc/letsencrypt/live/gateway.simvascular.org/cert.pem" ssl_certificate_chain_file: "/etc/letsencrypt/live/gateway.simvascular.org/fullchain.pem" ssl_certificate_key_file: "/etc/letsencrypt/live/gateway.simvascular.org/privkey.pem" -## WSO2 IS related variables -tenant_domain: "airavata.simvascular" +## Keycloak related variables +tenant_domain: "{{ gateway_id }}" admin_username: "admin" admin_password: "{{ vault_admin_password }}" oauth_client_key: "{{ vault_oauth_client_key }}" oauth_client_secret: "{{ vault_oauth_client_secret }}" +oauth_callback_url: "https://{{ vhost_servername }}/callback-url" + +auth_options: + - name: "SimVascular" + oauth_grant_type: "password" +oauth_callback_url: "https://{{ vhost_servername }}/callback-url" gateway_id: "simvascular" # relative to document root dir http://git-wip-us.apache.org/repos/asf/airavata/blob/48995ea3/dev-tools/ansible/inventories/scigap/production/pga_config/southdakota/vars.yml ---------------------------------------------------------------------- diff --git a/dev-tools/ansible/inventories/scigap/production/pga_config/southdakota/vars.yml b/dev-tools/ansible/inventories/scigap/production/pga_config/southdakota/vars.yml index c0e8ce5..1b30bf1 100644 --- a/dev-tools/ansible/inventories/scigap/production/pga_config/southdakota/vars.yml +++ b/dev-tools/ansible/inventories/scigap/production/pga_config/southdakota/vars.yml @@ -31,12 +31,18 @@ ssl_certificate_file: "/etc/pki/tls/certs/sciencegateway_usd_edu_cert.cer" ssl_certificate_chain_file: "/etc/pki/tls/certs/sciencegateway_usd_edu_interm.cer" ssl_certificate_key_file: "/etc/pki/tls/private/southdakota-sg.key" -## WSO2 IS related variables -tenant_domain: "southdakota.edu" +## Keycloak related variables +tenant_domain: "{{ gateway_id }}" admin_username: "usdadmin" admin_password: "{{ vault_admin_password }}" oauth_client_key: "{{ vault_oauth_client_key }}" oauth_client_secret: "{{ vault_oauth_client_secret }}" +oidc_discovery_url: "https://iam.scigap.org/auth/realms/{{ tenant_domain }}/.well-known/openid-configuration" + +auth_options: + - name: "South Dakota Sciencegateway" + oauth_grant_type: "password" +oauth_callback_url: "https://{{ vhost_servername }}/callback-url" gateway_id: "southdakota" # relative to document root dir http://git-wip-us.apache.org/repos/asf/airavata/blob/48995ea3/dev-tools/ansible/inventories/scigap/production/pga_config/southernillinois/vars.yml ---------------------------------------------------------------------- diff --git a/dev-tools/ansible/inventories/scigap/production/pga_config/southernillinois/vars.yml b/dev-tools/ansible/inventories/scigap/production/pga_config/southernillinois/vars.yml index 9e0839a..0c49e40 100644 --- a/dev-tools/ansible/inventories/scigap/production/pga_config/southernillinois/vars.yml +++ b/dev-tools/ansible/inventories/scigap/production/pga_config/southernillinois/vars.yml @@ -31,12 +31,18 @@ ssl_certificate_file: "/etc/letsencrypt/live/sciencegateway.siu.edu/cert.pem" ssl_certificate_chain_file: "/etc/letsencrypt/live/sciencegateway.siu.edu/fullchain.pem" ssl_certificate_key_file: "/etc/letsencrypt/live/sciencegateway.siu.edu/privkey.pem" -## WSO2 IS related variables -tenant_domain: "airavata.southill" +## Keycloak related variables +tenant_domain: "{{ gateway_id }}" admin_username: "admin" admin_password: "{{ vault_admin_password }}" oauth_client_key: "{{ vault_oauth_client_key }}" oauth_client_secret: "{{ vault_oauth_client_secret }}" +oidc_discovery_url: "https://iam.scigap.org/auth/realms/{{ tenant_domain }}/.well-known/openid-configuration" + +auth_options: + - name: "Southern Illinois PHP Gateway" + oauth_grant_type: "password" +oauth_callback_url: "https://{{ vhost_servername }}/callback-url" gateway_id: "southill" # relative to document root dir http://git-wip-us.apache.org/repos/asf/airavata/blob/48995ea3/dev-tools/ansible/inventories/scigap/production/pga_config/testdrive/vars.yml ---------------------------------------------------------------------- diff --git a/dev-tools/ansible/inventories/scigap/production/pga_config/testdrive/vars.yml b/dev-tools/ansible/inventories/scigap/production/pga_config/testdrive/vars.yml index 0e07e38..cc96188 100644 --- a/dev-tools/ansible/inventories/scigap/production/pga_config/testdrive/vars.yml +++ b/dev-tools/ansible/inventories/scigap/production/pga_config/testdrive/vars.yml @@ -32,12 +32,22 @@ ssl_certificate_file: "/etc/pki/tls/certs/testdrive_airavata_org_cert.cer" ssl_certificate_chain_file: "/etc/pki/tls/certs/testdrive_airavata_org_interm.cer" ssl_certificate_key_file: "/etc/pki/tls/private/testdrive-airavata.key" -## WSO2 IS related variables -tenant_domain: "prod.testdrive" +## Keycloak related variables +tenant_domain: "{{ gateway_id }}" admin_username: "tdaadmin" admin_password: "{{ vault_admin_password }}" oauth_client_key: "{{ vault_oauth_client_key }}" oauth_client_secret: "{{ vault_oauth_client_secret }}" +oidc_discovery_url: "https://iam.scigap.org/auth/realms/{{ tenant_domain }}/.well-known/openid-configuration" + +auth_options: + - name: "Test Drive" + oauth_grant_type: "password" + - name: "CILogon" + oauth_grant_type: "authorization_code" + oauth_authorize_url_extra_params: "kc_idp_hint=oidc" + logo: "/assets/cilogon-logo-24x24-b.png" +oauth_callback_url: "https://{{ vhost_servername }}/callback-url" gateway_id: "default" # relative to document root dir http://git-wip-us.apache.org/repos/asf/airavata/blob/48995ea3/dev-tools/ansible/inventories/scigap/production/pga_config/ultrascan/vars.yml ---------------------------------------------------------------------- diff --git a/dev-tools/ansible/inventories/scigap/production/pga_config/ultrascan/vars.yml b/dev-tools/ansible/inventories/scigap/production/pga_config/ultrascan/vars.yml index 3110a94..de9a356 100644 --- a/dev-tools/ansible/inventories/scigap/production/pga_config/ultrascan/vars.yml +++ b/dev-tools/ansible/inventories/scigap/production/pga_config/ultrascan/vars.yml @@ -36,14 +36,21 @@ ssl_certificate_file: "/etc/pki/tls/certs/ultrascan_scigap_org_cert.cer" ssl_certificate_chain_file: "/etc/pki/tls/certs/ultrascan_scigap_org_interm.cer" ssl_certificate_key_file: "/etc/pki/tls/private/ultrascan.scigap.key" -## WSO2 IS related variables -tenant_domain: "prod.ultrascan" +## Keycloak related variables +tenant_domain: "{{ gateway_id }}" admin_username: "uslimsadmin" admin_password: "{{ vault_admin_password }}" oauth_client_key: "{{ vault_oauth_client_key }}" oauth_client_secret: "{{ vault_oauth_client_secret }}" +oidc_discovery_url: "https://iam.scigap.org/auth/realms/{{ tenant_domain }}/.well-known/openid-configuration" -user_role_name: "airavata-user" +auth_options: + - name: "Ultrascan" + oauth_grant_type: "password" +oauth_callback_url: "https://{{ vhost_servername }}/callback-url" + +# With Keycloak, we have to have static role names +#user_role_name: "airavata-user" gateway_id: "Ultrascan_Production" # relative to document root dir http://git-wip-us.apache.org/repos/asf/airavata/blob/48995ea3/dev-tools/ansible/inventories/scigap/production/pga_config/utah/vars.yml ---------------------------------------------------------------------- diff --git a/dev-tools/ansible/inventories/scigap/production/pga_config/utah/vars.yml b/dev-tools/ansible/inventories/scigap/production/pga_config/utah/vars.yml index a92897f..6608485 100644 --- a/dev-tools/ansible/inventories/scigap/production/pga_config/utah/vars.yml +++ b/dev-tools/ansible/inventories/scigap/production/pga_config/utah/vars.yml @@ -31,12 +31,18 @@ ssl_certificate_file: "/etc/letsencrypt/live/cybergateway.chpc.utah.edu/cert.pem ssl_certificate_chain_file: "/etc/letsencrypt/live/cybergateway.chpc.utah.edu/fullchain.pem" ssl_certificate_key_file: "/etc/letsencrypt/live/cybergateway.chpc.utah.edu/privkey.pem" -## WSO2 IS related variables -tenant_domain: "airavata.utah" +## Keycloak related variables +tenant_domain: "{{ gateway_id }}" admin_username: "adminuser" admin_password: "{{ vault_admin_password }}" oauth_client_key: "{{ vault_oauth_client_key }}" oauth_client_secret: "{{ vault_oauth_client_secret }}" +oidc_discovery_url: "https://iam.scigap.org/auth/realms/{{ tenant_domain }}/.well-known/openid-configuration" + +auth_options: + - name: "Utah Gateway" + oauth_grant_type: "password" +oauth_callback_url: "https://{{ vhost_servername }}/callback-url" gateway_id: "utah" # relative to document root dir
