This is an automated email from the ASF dual-hosted git repository. machristie pushed a commit to branch AIRAVATA-3609 in repository https://gitbox.apache.org/repos/asf/airavata.git
commit a013318fdfffaf5d9527937dea39d1c9c5c77313 Author: Marcus Christie <[email protected]> AuthorDate: Wed Apr 20 17:20:08 2022 -0400 WIP --- .../scigap/develop/group_vars/all/vars.yml | 4 + .../scigap/develop/group_vars/django/vars.yml | 11 ++- .../scigap/develop/host_vars/geo/vars.yml | 22 ++--- .../scigap/develop/host_vars/interactwel/vars.yml | 18 ++-- .../scigap/develop/host_vars/rnamake/vars.yml | 14 +-- .../scigap/develop/host_vars/seagrid/vars.yml | 11 ++- .../scigap/develop/host_vars/simccs/vars.yml | 13 ++- dev-tools/ansible/inventories/scigap/develop/hosts | 34 +++---- .../scigap/develop/pga_config/scigap/vars.yml | 57 ----------- .../scigap/develop/pga_config/scigap/vault.yml | 18 ---- .../scigap/develop/pga_config/seagrid/vars.yml | 67 ------------- .../scigap/develop/pga_config/seagrid/vault.yml | 18 ---- .../scigap/develop/pga_config/simvascular/vars.yml | 65 ------------- .../develop/pga_config/simvascular/vault.yml | 18 ---- .../scigap/develop/pga_config/testdrive/vars.yml | 65 ------------- .../scigap/develop/pga_config/testdrive/vault.yml | 18 ---- dev-tools/ansible/requirements.txt | 20 +++- dev-tools/ansible/roles/django/tasks/database.yml | 19 +++- .../django/tasks/install_deps_Centos_7.yml} | 19 +++- .../django/tasks/install_deps_Rocky_8.yml} | 20 +++- dev-tools/ansible/roles/django/tasks/main.yml | 25 +++-- .../django_setup/tasks/install_deps_Rocky_8.yml | 108 +++++++++++++++++++++ dev-tools/ansible/roles/env_setup/tasks/main.yml | 37 +++---- .../httpd/tasks/install_deps_Rocky_8.yml} | 26 ++++- dev-tools/ansible/roles/httpd/tasks/main.yml | 5 +- .../letsencrypt/tasks/install_deps_CentOS_7.yml} | 22 ++++- .../letsencrypt/tasks/install_deps_Rocky_8.yml} | 22 ++++- dev-tools/ansible/roles/letsencrypt/tasks/main.yml | 10 +- 28 files changed, 336 insertions(+), 450 deletions(-) diff --git a/dev-tools/ansible/inventories/scigap/develop/group_vars/all/vars.yml b/dev-tools/ansible/inventories/scigap/develop/group_vars/all/vars.yml index ac50e8a390..d3bdf30110 100644 --- a/dev-tools/ansible/inventories/scigap/develop/group_vars/all/vars.yml +++ b/dev-tools/ansible/inventories/scigap/develop/group_vars/all/vars.yml @@ -21,6 +21,10 @@ --- ansible_connection: ssh ansible_user: centos +# https://stackoverflow.com/a/41431540 +# ansible_python_interpreter: /usr/bin/python3 +# ansible_python_interpreter: /usr/bin/python2 + user: airavata group: airavata diff --git a/dev-tools/ansible/inventories/scigap/develop/group_vars/django/vars.yml b/dev-tools/ansible/inventories/scigap/develop/group_vars/django/vars.yml index b5e9ba4f0f..f3560f919b 100644 --- a/dev-tools/ansible/inventories/scigap/develop/group_vars/django/vars.yml +++ b/dev-tools/ansible/inventories/scigap/develop/group_vars/django/vars.yml @@ -21,16 +21,19 @@ --- user: "pga" group: "pga" -gateway_data_store_hostname: "pgadev.scigap.org" -gateway_data_store_resource_id: "pgadev.scigap.org_7ddf28fd-d503-4ff8-bbc5-3279a7c3b99e" +gateway_data_store_hostname: "web.dev.scigap.org" +# TODO: setup storage resource +# gateway_data_store_resource_id: "pgadev.scigap.org_7ddf28fd-d503-4ff8-bbc5-3279a7c3b99e" +gateway_data_store_resource_id: "web.dev.scigap.org_ba01452f-44e5-4e03-b35f-756630539198" django_wsgi_processes: 1 doc_root_dir: "/var/www/portals/django-{{gateway_id}}" admin_emails: "[('SGRC Group', '[email protected]')]" django_error_emails: "[('Marcus Christie', '[email protected]'), ('Eroma Abeysinghe', '[email protected]')]" django_database_name: "django_{{ gateway_id }}" django_hidden_airavata_apps: "['django_airavata_dataparsers']" -tusd_vhost_servername: "tus.dev.scigap.org" -tusd_upload_dir: "{{real_user_data_dir}}/tus-temp-dir" +# TODO: setup tusd server +# tusd_vhost_servername: "tus.dev.scigap.org" +# tusd_upload_dir: "{{real_user_data_dir}}/tus-temp-dir" airavata_django_git_branch: "develop" # django_keycloak_ca_certfile_path: 'os.path.join(BASE_DIR, "django_airavata", "resources", "incommon_rsa_server_ca.pem")' cilogon_userinfo_url: "https://cilogon.org/oauth2/userinfo"; diff --git a/dev-tools/ansible/inventories/scigap/develop/host_vars/geo/vars.yml b/dev-tools/ansible/inventories/scigap/develop/host_vars/geo/vars.yml index 7a06a2cc97..c9bb4ba628 100644 --- a/dev-tools/ansible/inventories/scigap/develop/host_vars/geo/vars.yml +++ b/dev-tools/ansible/inventories/scigap/develop/host_vars/geo/vars.yml @@ -21,19 +21,16 @@ --- airavata_django_extra_dependencies: - - "git+https://github.com/GeoGateway/geogateway-django-app.git@master#egg=geogateway_django_app"; + # - "git+https://github.com/GeoGateway/geogateway-django-app.git@master#egg=geogateway_django_app"; + +vhost_servername: "geogateway.js2.scigap.org" +vhost_ssl: True +ssl_certificate_file: "/etc/letsencrypt/live/{{ vhost_servername }}/cert.pem" +ssl_certificate_chain_file: "/etc/letsencrypt/live/{{ vhost_servername }}/fullchain.pem" +ssl_certificate_key_file: "/etc/letsencrypt/live/{{ vhost_servername }}/privkey.pem" + +real_user_data_dir: "/media/volume/sdb/gateway-user-data" -# No symlink, user_data_dir is same as real_user_data_dir -user_data_dir: "{{ real_user_data_dir }}" -#airavata_django_git_branch: "simccs" -vhost_servername: "beta.geogateway.scigap.org" -vhost_ssl: true -# tus isn't setup yet -tusd_vhost_servername: -# sudo certbot --apache certonly -d django.simccs.scigap.org -ssl_certificate_file: "/etc/letsencrypt/live/beta.geogateway.scigap.org/cert.pem" -ssl_certificate_chain_file: "/etc/letsencrypt/live/beta.geogateway.scigap.org/fullchain.pem" -ssl_certificate_key_file: "/etc/letsencrypt/live/beta.geogateway.scigap.org/privkey.pem" django_extra_settings: LOGIN_REDIRECT_URL: "/geogateway_django_app/" @@ -46,6 +43,7 @@ oauth_client_secret: "{{ vault_oauth_client_secret }}" auth_options: password: name: "Beta GEO" + hidden: true external: - name: "Existing Institute Login" idp_alias: "cilogon" diff --git a/dev-tools/ansible/inventories/scigap/develop/host_vars/interactwel/vars.yml b/dev-tools/ansible/inventories/scigap/develop/host_vars/interactwel/vars.yml index 5d19dd95bd..8706257218 100644 --- a/dev-tools/ansible/inventories/scigap/develop/host_vars/interactwel/vars.yml +++ b/dev-tools/ansible/inventories/scigap/develop/host_vars/interactwel/vars.yml @@ -20,18 +20,17 @@ --- #airavata_django_git_branch: "simccs" -#vhost_servername: "django.interactwel.scigap.org" -vhost_servername: "interactwel.org" -vhost_server_redirect: "www.interactwel.org" -vhost_ssl: true -# sudo certbot --apache certonly -d django.simccs.scigap.org -ssl_certificate_file: "/etc/letsencrypt/live/interactwel.org/cert.pem" -ssl_certificate_chain_file: "/etc/letsencrypt/live/interactwel.org/fullchain.pem" -ssl_certificate_key_file: "/etc/letsencrypt/live/interactwel.org/privkey.pem" +vhost_servername: "interactwel.js2.scigap.org" +vhost_ssl: True +ssl_certificate_file: "/etc/letsencrypt/live/{{ vhost_servername }}/cert.pem" +ssl_certificate_chain_file: "/etc/letsencrypt/live/{{ vhost_servername }}/fullchain.pem" +ssl_certificate_key_file: "/etc/letsencrypt/live/{{ vhost_servername }}/privkey.pem" + +real_user_data_dir: "/media/volume/sdb/gateway-user-data" interactwel_django_app_branch: "api-integration" airavata_django_extra_dependencies: - - git+https://github.com/InterACTWEL/interactactwel-django-app.git@{{ interactwel_django_app_branch }}#egg=interactwel-django-app + # - git+https://github.com/InterACTWEL/interactactwel-django-app.git@{{ interactwel_django_app_branch }}#egg=interactwel-django-app django_extra_settings: LOGIN_REDIRECT_URL: "/interactwel/" @@ -44,6 +43,7 @@ oauth_client_secret: "{{ vault_oauth_client_secret }}" auth_options: password: name: "InterACTWEL" + hidden: true external: - name: "CILogon" idp_alias: "cilogon" diff --git a/dev-tools/ansible/inventories/scigap/develop/host_vars/rnamake/vars.yml b/dev-tools/ansible/inventories/scigap/develop/host_vars/rnamake/vars.yml index 624a742c04..b7ea8d6b15 100644 --- a/dev-tools/ansible/inventories/scigap/develop/host_vars/rnamake/vars.yml +++ b/dev-tools/ansible/inventories/scigap/develop/host_vars/rnamake/vars.yml @@ -20,12 +20,13 @@ --- #airavata_django_git_branch: "simccs" -vhost_servername: "dev.rnamake.scigap.org" -vhost_ssl: true -# sudo certbot --apache certonly -d django.simccs.scigap.org -ssl_certificate_file: "/etc/letsencrypt/live/dev.rnamake.scigap.org/cert.pem" -ssl_certificate_chain_file: "/etc/letsencrypt/live/dev.rnamake.scigap.org/fullchain.pem" -ssl_certificate_key_file: "/etc/letsencrypt/live/dev.rnamake.scigap.org/privkey.pem" +vhost_servername: "rnamake.js2.scigap.org" +vhost_ssl: True +ssl_certificate_file: "/etc/letsencrypt/live/{{ vhost_servername }}/cert.pem" +ssl_certificate_chain_file: "/etc/letsencrypt/live/{{ vhost_servername }}/fullchain.pem" +ssl_certificate_key_file: "/etc/letsencrypt/live/{{ vhost_servername }}/privkey.pem" + +real_user_data_dir: "/media/volume/sdb/gateway-user-data" ## Keycloak related variables tenant_domain: "rnamake" @@ -35,6 +36,7 @@ oauth_client_secret: "{{ vault_oauth_client_secret }}" auth_options: password: name: "RNAMake" + hidden: true external: - name: "Existing Institute Login" idp_alias: "cilogon" diff --git a/dev-tools/ansible/inventories/scigap/develop/host_vars/seagrid/vars.yml b/dev-tools/ansible/inventories/scigap/develop/host_vars/seagrid/vars.yml index 922710f3b4..f1b67267ad 100644 --- a/dev-tools/ansible/inventories/scigap/develop/host_vars/seagrid/vars.yml +++ b/dev-tools/ansible/inventories/scigap/develop/host_vars/seagrid/vars.yml @@ -19,11 +19,13 @@ # --- -vhost_servername: "django.seagrid.org" +vhost_servername: "js2.seagrid.org" vhost_ssl: True -ssl_certificate_file: "/etc/letsencrypt/live/django.seagrid.org/cert.pem" -ssl_certificate_chain_file: "/etc/letsencrypt/live/django.seagrid.org/fullchain.pem" -ssl_certificate_key_file: "/etc/letsencrypt/live/django.seagrid.org/privkey.pem" +ssl_certificate_file: "/etc/letsencrypt/live/{{ vhost_servername }}/cert.pem" +ssl_certificate_chain_file: "/etc/letsencrypt/live/{{ vhost_servername }}/fullchain.pem" +ssl_certificate_key_file: "/etc/letsencrypt/live/{{ vhost_servername }}/privkey.pem" + +real_user_data_dir: "/media/volume/sdb/gateway-user-data" ## Keycloak related variables tenant_domain: "seagrid" @@ -33,6 +35,7 @@ oauth_client_secret: "{{ vault_oauth_client_secret }}" auth_options: password: name: "SEAGrid" + hidden: true external: - name: "CILogon" idp_alias: "oidc" diff --git a/dev-tools/ansible/inventories/scigap/develop/host_vars/simccs/vars.yml b/dev-tools/ansible/inventories/scigap/develop/host_vars/simccs/vars.yml index 54c007ca6c..1b6b139205 100644 --- a/dev-tools/ansible/inventories/scigap/develop/host_vars/simccs/vars.yml +++ b/dev-tools/ansible/inventories/scigap/develop/host_vars/simccs/vars.yml @@ -31,14 +31,18 @@ airavata_django_extra_dependencies: - pyjnius # vhost_servername: "beta.simccs.org" # Temporary use a *.scigap.org domain name -vhost_servername: "beta.simccs.scigap.org" + +vhost_servername: "simccs.js2.scigap.org" vhost_ssl: True -# Some of the maptool views call into Java code and can take 2-3 minutes to execute -vhost_timeout: 300 -# sudo certbot --apache certonly -d django.simccs.scigap.org ssl_certificate_file: "/etc/letsencrypt/live/{{ vhost_servername }}/cert.pem" ssl_certificate_chain_file: "/etc/letsencrypt/live/{{ vhost_servername }}/fullchain.pem" ssl_certificate_key_file: "/etc/letsencrypt/live/{{ vhost_servername }}/privkey.pem" + +real_user_data_dir: "/media/volume/sdb/gateway-user-data" + +# Some of the maptool views call into Java code and can take 2-3 minutes to execute +vhost_timeout: 300 + # Custom vhost config file to specify the geoserver reverse proxy django_ssl_vhost_template: "{{ inventory_dir }}/host_vars/simccs/files/django-ssl-vhost.conf.j2" @@ -50,6 +54,7 @@ oauth_client_secret: "{{ vault_oauth_client_secret }}" auth_options: password: name: "SimCCS" + hidden: true external: - name: "CILogon" idp_alias: "cilogon" diff --git a/dev-tools/ansible/inventories/scigap/develop/hosts b/dev-tools/ansible/inventories/scigap/develop/hosts index ae562e0aea..630806cd5a 100644 --- a/dev-tools/ansible/inventories/scigap/develop/hosts +++ b/dev-tools/ansible/inventories/scigap/develop/hosts @@ -7,7 +7,7 @@ 149.165.156.195 [database] -149.165.156.27 +149.165.156.27 ansible_user=centos [api-orch] 149.165.156.195 @@ -22,22 +22,22 @@ 149.165.156.151 [django] -seagrid ansible_host=149.165.156.46 -simvascular ansible_host=149.165.156.46 -simccs ansible_host=149.165.156.46 -interactwel ansible_host=149.165.156.46 -usd ansible_host=149.165.156.46 -csbglsu ansible_host=149.165.156.46 -nexttdb ansible_host=149.165.156.46 -saver-x ansible_host=149.165.156.46 -pfec-hydro ansible_host=149.165.156.46 -cyberwater ansible_host=149.165.156.46 -mines ansible_host=149.165.156.46 -amp ansible_host=149.165.170.199 -geo ansible_host=149.165.156.46 -delta ansible_host=149.165.169.250 -custos-testdrive ansible_host=pgadev.scigap.org -rnamake ansible_host=149.165.156.46 +seagrid ansible_host=149.165.152.203 ansible_user=exouser ansible_python_interpreter=/usr/bin/python3 +; simvascular ansible_host=149.165.156.46 +simccs ansible_host=149.165.152.203 ansible_user=exouser ansible_python_interpreter=/usr/bin/python3 +interactwel ansible_host=149.165.152.203 ansible_user=exouser ansible_python_interpreter=/usr/bin/python3 +; usd ansible_host=149.165.156.46 +; csbglsu ansible_host=149.165.156.46 +; nexttdb ansible_host=149.165.156.46 +; saver-x ansible_host=149.165.156.46 +; pfec-hydro ansible_host=149.165.156.46 +; cyberwater ansible_host=149.165.156.46 +; mines ansible_host=149.165.156.46 +; amp ansible_host=149.165.170.199 +geo ansible_host=149.165.152.203 ansible_user=exouser ansible_python_interpreter=/usr/bin/python3 +; delta ansible_host=149.165.169.250 +; custos-testdrive ansible_host=pgadev.scigap.org +rnamake ansible_host=149.165.152.203 ansible_user=exouser ansible_python_interpreter=/usr/bin/python3 #149.165.169.129 diff --git a/dev-tools/ansible/inventories/scigap/develop/pga_config/scigap/vars.yml b/dev-tools/ansible/inventories/scigap/develop/pga_config/scigap/vars.yml deleted file mode 100644 index b4e6e44922..0000000000 --- a/dev-tools/ansible/inventories/scigap/develop/pga_config/scigap/vars.yml +++ /dev/null @@ -1,57 +0,0 @@ -# -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# - ---- -pga_repo: "https://github.com/apache/airavata-php-gateway.git"; -pga_git_branch: "develop" -user: "pga" -group: "pga" -doc_root_dir: "/var/www/portals/dev-scigap" -vhost_servername: "dev.scigap.org" -vhost_ssl: True -ssl_certificate_file: "/etc/letsencrypt/live/dev.scigap.org/cert.pem" -ssl_certificate_chain_file: "/etc/letsencrypt/live/dev.scigap.org/fullchain.pem" -ssl_certificate_key_file: "/etc/letsencrypt/live/dev.scigap.org/privkey.pem" - -## Keycloak related variables -tenant_domain: "scigap" -admin_username: "scigap_admin" -admin_password: "{{ vault_admin_password }}" -oauth_client_key: "{{ vault_oauth_client_key }}" -oauth_client_secret: "{{ vault_oauth_client_secret }}" -oauth_grant_type: "password" -oidc_discovery_url: "https://iamdev.scigap.org/auth/realms/scigap/.well-known/openid-configuration"; -oauth_callback_url: "https://{{ vhost_servername }}/callback-url" -initial_role_name: "gateway-provider" - -gateway_id: "scigap" -# relative to document root dir -experiment_data_dir: "{{ user_data_dir }}/dev-scigap" -# NOTE: scigap portal doesn't make use of the gateway data store, only used to manage other gateways -gateway_data_store_resource_id: "" - -## Portal related variables -super_admin_portal: "true" -admin_emails: "['[email protected]']" -portal_email_username: "[email protected]" -portal_email_password: "{{ vault_portal_email_password }}" -portal_theme: "base" -portal_title: "SciGaP Admin Portal" -... diff --git a/dev-tools/ansible/inventories/scigap/develop/pga_config/scigap/vault.yml b/dev-tools/ansible/inventories/scigap/develop/pga_config/scigap/vault.yml deleted file mode 100644 index 8b3b27474a..0000000000 --- a/dev-tools/ansible/inventories/scigap/develop/pga_config/scigap/vault.yml +++ /dev/null @@ -1,18 +0,0 @@ -$ANSIBLE_VAULT;1.1;AES256 -66643536656361636339616663393332663862623736333263353739396330333833666336663564 -6332613062363366333265376537656436306438343164380a383362623064383237396433353139 -36323038313235323962613864376562386165353365343430306635383131663636616131323962 -6237356432313434660a346364303238343938376437663939363361336666323234366266666161 -65396434313232323463363965623130333637323134653234383962313566323161626535613533 -32303632633137306436356265386533643634663561366131646234343734656161373463653432 -30336132396634343339323466663132313666343631346430643131363939373564383766356266 -36383336373361333139323038623638633130616330313461656566663164353166373466343232 -37346665663566646562356363376638336330353838646634373633646133653163656138373336 -35346434316466616535393332373839636161363038643937616533306433656335373134313036 -63346462623637643461303364353637623166633235373835306338333435656333633731376461 -35643330323064366137383530346234383266363531346265616530306363383463623234623137 -34343637353430373936393766396135383461323832353165393839653236653135613266376236 -30643438316431373566653639353931323030343030303762376431306231336336633131613963 -65656361363961316338373135333864363766616466376539613061663364353937613664393462 -62323562666634653936323837363738316330353163393632376463336165336439306530363139 -3465 diff --git a/dev-tools/ansible/inventories/scigap/develop/pga_config/seagrid/vars.yml b/dev-tools/ansible/inventories/scigap/develop/pga_config/seagrid/vars.yml deleted file mode 100644 index f512cf21dd..0000000000 --- a/dev-tools/ansible/inventories/scigap/develop/pga_config/seagrid/vars.yml +++ /dev/null @@ -1,67 +0,0 @@ -# -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# - ---- -pga_repo: "https://github.com/apache/airavata-php-gateway.git"; -pga_git_branch: "develop" -user: "pga" -group: "pga" -doc_root_dir: "/var/www/portals/dev-seagrid" -vhost_servername: "dev.seagrid.org" -vhost_ssl: True -# TODO: have Ansible manage these files as well -ssl_certificate_file: "/etc/letsencrypt/live/dev.seagrid.org/cert.pem" -ssl_certificate_chain_file: "/etc/letsencrypt/live/dev.seagrid.org/fullchain.pem" -ssl_certificate_key_file: "/etc/letsencrypt/live/dev.seagrid.org/privkey.pem" - -## Keycloak related variables -tenant_domain: "seagrid" -admin_username: "admin" -admin_password: "{{ vault_admin_password }}" -oauth_client_key: "{{ vault_oauth_client_key }}" -oauth_client_secret: "{{ vault_oauth_client_secret }}" -oidc_discovery_url: "https://iamdev.scigap.org/auth/realms/seagrid/.well-known/openid-configuration"; - -auth_options: - - name: "SEAGrid" - oauth_grant_type: "password" - - name: "existing accounts" - oauth_grant_type: "authorization_code" - oauth_authorize_url_extra_params: "kc_idp_hint=oidc" - logo: "/assets/cilogon-logo-24x24-b.png" -oauth_callback_url: "https://{{ vhost_servername }}/callback-url" - -gateway_id: "seagrid" -# relative to document root dir -experiment_data_dir: "{{ user_data_dir }}/dev-seagrid" -# TODO: Fix the data store resource id -gateway_data_store_resource_id: "pgadev.scigap.org_7ddf28fd-d503-4ff8-bbc5-3279a7c3b99e" -gateway_data_store_ssh_public_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDWgLve4J9WCohF/4UnbBZsh/nRkP1aM9FmA1FjKwK2gQAnKwhU+NrbsjW38h2Hi+8s9N2oZ9cCJHrvDi2U0cMxz4exIUBcVoRhw37ThlREHADeKR1FbKw0QLhTyfJb0K+1/8GWRluiFx0vHPptJe0KTqu+RJY0NSe+d/BEuGyCZ1hR+SKNuTgcb05Ia6opbSN5D68N9biseEux60d69ARQxLw+VN3Kr/UaBNpGIAfKLlLSUQlTyPA6G6UKCcJZv+/ye10oa0SK0qtrxMpL+4VJcVx+d56U7CUFWKEgPAaQrX1qdGUNDA7HKmD+EBtzw6DJqNJ0Cue/XuPe/RT62tpf" -group_resource_profile_id: "6a642772-15fd-4d10-a847-8aef89b71830" - -## Portal related variables -super_admin_portal: "false" -admin_emails: "['[email protected]','[email protected]', '[email protected]']" -portal_email_username: "[email protected]" -portal_email_password: "{{ vault_portal_email_password }}" -portal_theme: "seagrid" -portal_theme_repo: "https://github.com/SciGaP/seagrid-website-theme.git"; -portal_title: "SEAGrid Portal" -... diff --git a/dev-tools/ansible/inventories/scigap/develop/pga_config/seagrid/vault.yml b/dev-tools/ansible/inventories/scigap/develop/pga_config/seagrid/vault.yml deleted file mode 100644 index 4fa5716ddd..0000000000 --- a/dev-tools/ansible/inventories/scigap/develop/pga_config/seagrid/vault.yml +++ /dev/null @@ -1,18 +0,0 @@ -$ANSIBLE_VAULT;1.1;AES256 -35363834376232323532383937363965643066346662646162623433363134396438383566373532 -3166626337666161386532363635386338366439643935310a316430613738343939333932386333 -65313532396532323834346437643366376465393637326137333838366536373438643434653663 -3735333530316164340a626331396161636332663765653465303335306162653232313863303762 -39666330626562646533656639386639653635623735333432386431323532623334313964393732 -65383465353438366438383938393165353235383438636265653731616235613839363566396635 -38653763353363316233373932313638376231366531306462666436353437376139303939343433 -65613532666230366239626132323661646137333031336230343862306534613564623161303066 -62376132666365303632626639643835623465643564393033623866383836323932383533613861 -62363336393361363266323636356164383962343939336432396538373662396264633361353162 -66663935316236316533633134393136356361373936306438333932666662653263613662636166 -62326139646537326334376464303466366563636465343362656131643735626633393835636265 -63343833396434366637626539653536343539383763393234333466623031393634343930393836 -31636136386135336430303035376533343038336662383139653831666230663232616533653461 -61363665633937666162303638366435613838356665613361313730383734383163666537386330 -38386238316366306466346432663139333038353339376336346166393639336137313231356333 -3336 diff --git a/dev-tools/ansible/inventories/scigap/develop/pga_config/simvascular/vars.yml b/dev-tools/ansible/inventories/scigap/develop/pga_config/simvascular/vars.yml deleted file mode 100644 index 5068a7e58e..0000000000 --- a/dev-tools/ansible/inventories/scigap/develop/pga_config/simvascular/vars.yml +++ /dev/null @@ -1,65 +0,0 @@ -# -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# - ---- -pga_repo: "https://github.com/apache/airavata-php-gateway.git"; -pga_git_branch: "develop" -user: "pga" -group: "pga" -doc_root_dir: "/var/www/portals/pga-simvascular" -vhost_servername: "beta.simvascular.scigap.org" -vhost_ssl: True -# TODO: have Ansible manage these files as well -ssl_certificate_file: "/etc/letsencrypt/live/beta.simvascular.scigap.org/cert.pem" -ssl_certificate_chain_file: "/etc/letsencrypt/live/beta.simvascular.scigap.org/fullchain.pem" -ssl_certificate_key_file: "/etc/letsencrypt/live/beta.simvascular.scigap.org/privkey.pem" - -## Keycloak related variables -tenant_domain: "simvascular" -admin_username: "admin" -admin_password: "{{ vault_admin_password }}" -oauth_client_key: "{{ vault_oauth_client_key }}" -oauth_client_secret: "{{ vault_oauth_client_secret }}" -oidc_discovery_url: "https://iamdev.scigap.org/auth/realms/simvascular/.well-known/openid-configuration"; - -auth_options: - - name: "SimVascular" - oauth_grant_type: "password" - - name: "CILogon" - oauth_grant_type: "authorization_code" - oauth_authorize_url_extra_params: "kc_idp_hint=cilogon" - logo: "/assets/cilogon-logo-24x24-b.png" -oauth_callback_url: "https://{{ vhost_servername }}/callback-url" - -gateway_id: "simvascular" -# relative to document root dir -experiment_data_dir: "{{ user_data_dir }}/simvascular" -gateway_data_store_resource_id: "pgadev.scigap.org_7ddf28fd-d503-4ff8-bbc5-3279a7c3b99e" -gateway_data_store_ssh_public_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDWgLve4J9WCohF/4UnbBZsh/nRkP1aM9FmA1FjKwK2gQAnKwhU+NrbsjW38h2Hi+8s9N2oZ9cCJHrvDi2U0cMxz4exIUBcVoRhw37ThlREHADeKR1FbKw0QLhTyfJb0K+1/8GWRluiFx0vHPptJe0KTqu+RJY0NSe+d/BEuGyCZ1hR+SKNuTgcb05Ia6opbSN5D68N9biseEux60d69ARQxLw+VN3Kr/UaBNpGIAfKLlLSUQlTyPA6G6UKCcJZv+/ye10oa0SK0qtrxMpL+4VJcVx+d56U7CUFWKEgPAaQrX1qdGUNDA7HKmD+EBtzw6DJqNJ0Cue/XuPe/RT62tpf" - -## Portal related variables -super_admin_portal: "false" -admin_emails: "['[email protected]','[email protected]']" -portal_email_username: "[email protected]" -portal_email_password: "{{ vault_portal_email_password }}" -portal_theme: "simvascular-gateway-theme" -portal_theme_repo: "https://github.com/SciGaP/simvascular-gateway-theme.git"; -portal_title: "SimVascular Gateway Portal" -... diff --git a/dev-tools/ansible/inventories/scigap/develop/pga_config/simvascular/vault.yml b/dev-tools/ansible/inventories/scigap/develop/pga_config/simvascular/vault.yml deleted file mode 100644 index a24744d444..0000000000 --- a/dev-tools/ansible/inventories/scigap/develop/pga_config/simvascular/vault.yml +++ /dev/null @@ -1,18 +0,0 @@ -$ANSIBLE_VAULT;1.1;AES256 -39663235396339383266663136613561633834356536323232346264343839636663656366636638 -3562636339363061343532656234303966613261386635620a656433623538643961663866383563 -32366138333464646337316139383230396165393439666439383463326531656365306266326265 -3030646232393538340a356432663330303064363631626666633138313832323332663965393364 -36613764343037346565343632643964306330623136323532343837393362636664663763333437 -65343133313433346538663133326465616465363031643966313963666636303534356437316231 -39663239316133383035383239303731306163373362353164396364653964353533623633646335 -61386464646132353939373761383037343637616133626665383330366636643537356163323962 -66663938666166373830646136333265323561363036336236663964623662356639623866376137 -36336537633836313839633737393435666537386463343862333235663961653437303462383930 -65383762666536393732613466393763373434383661356337306539613766356138353033613530 -34613938613237663662333064616664666138333435363835346434316161663933386335303438 -39343437346665326334336537316264656265313663623331626339323933383064343539326439 -35666133373639356261353166353332663936643433386539373533313832336164373466386331 -32616138303838353431316239376630383437373466663463323230306532353632656231313230 -36343532363965306333646161663638366364643131303135653239663264623366653933343538 -3266 diff --git a/dev-tools/ansible/inventories/scigap/develop/pga_config/testdrive/vars.yml b/dev-tools/ansible/inventories/scigap/develop/pga_config/testdrive/vars.yml deleted file mode 100644 index e1b0034736..0000000000 --- a/dev-tools/ansible/inventories/scigap/develop/pga_config/testdrive/vars.yml +++ /dev/null @@ -1,65 +0,0 @@ -# -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# - ---- -pga_repo: "https://github.com/apache/airavata-php-gateway.git"; -pga_git_branch: "develop" -user: "pga" -group: "pga" -doc_root_dir: "/var/www/portals/dev-testdrive" -vhost_servername: "dev.testdrive.airavata.org" -vhost_ssl: True -ssl_certificate_file: "/etc/letsencrypt/live/dev.testdrive.airavata.org/cert.pem" -ssl_certificate_chain_file: "/etc/letsencrypt/live/dev.testdrive.airavata.org/fullchain.pem" -ssl_certificate_key_file: "/etc/letsencrypt/live/dev.testdrive.airavata.org/privkey.pem" - -## Keycloak related variables -tenant_domain: "{{ gateway_id }}" -admin_username: "admin" -admin_password: "{{ vault_admin_password }}" -oauth_client_key: "{{ vault_oauth_client_key }}" -oauth_client_secret: "{{ vault_oauth_client_secret }}" -oidc_discovery_url: "https://iamdev.scigap.org/auth/realms/{{ tenant_domain }}/.well-known/openid-configuration" - -auth_options: - - name: "Test Drive" - oauth_grant_type: "password" - - name: "CILogon" - oauth_grant_type: "authorization_code" - oauth_authorize_url_extra_params: "kc_idp_hint=cilogon" - logo: "/assets/cilogon-logo-24x24-b.png" -oauth_callback_url: "https://{{ vhost_servername }}/callback-url" - -gateway_id: "default" -# relative to document root dir -experiment_data_dir: "{{ user_data_dir }}/dev-testdrive" -gateway_data_store_resource_id: "pgadev.scigap.org_7ddf28fd-d503-4ff8-bbc5-3279a7c3b99e" -gateway_data_store_ssh_public_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCEK6v8oMNUKDqQtlHlXRUpRZVqCL6CbQlJTL5QajevPFtvM0hauS/Rjj6M/bjgTfRyef2/E100l1pH3xhFuL65+OTnOZgC5DQ0T3J1OtldTTuP1Rl7mKZR4xKYzx/hxSgB6kn8tZb3IgDCYnHNcTLYGj1rEpNEO6ju8e9qVR02ex+hbC+4Q4bJgX6FxHL4+rQHcqT6I1k3JmwRsPzr3P1hiRgUUkxAlQuXFXsoa4+9BzEU5D0qXq0o/Q12jKOhPwWyOyhV2X++bc50VKkm0G6M6n78OL8CBIKmZyczgEwD2zB9gx3aTHXTEgUqaVHyOMc3aE8Kt1Us33PDyXpn8sk3" -group_resource_profile_id: "1cee1887-6774-49c4-9f3c-edfc3558cf9b" - -## Portal related variables -super_admin_portal: "false" -admin_emails: "['[email protected]']" -portal_email_username: "[email protected]" -portal_email_password: "{{ vault_portal_email_password }}" -portal_theme: "base" -#portal_theme_repo: "https://github.com/SciGaP/seagrid-website-theme.git"; -portal_title: "Airavata Test Drive" -... diff --git a/dev-tools/ansible/inventories/scigap/develop/pga_config/testdrive/vault.yml b/dev-tools/ansible/inventories/scigap/develop/pga_config/testdrive/vault.yml deleted file mode 100644 index 59eb48fc75..0000000000 --- a/dev-tools/ansible/inventories/scigap/develop/pga_config/testdrive/vault.yml +++ /dev/null @@ -1,18 +0,0 @@ -$ANSIBLE_VAULT;1.1;AES256 -37653330653661316166336135653863643435656234363935346436646433353061613333376462 -3031393162356336393430333763663764633263353637310a386662313137383733333666396539 -39313331373262323031613561633835663266386663613037393235366533333130303438306564 -3631313831323765630a653331363766343836326135393131646264613361646266333662666663 -34336561356230623239613237393161616263333638613765616134633837393161393933643433 -61383030316464633961313965653365373037326234636234306661346234316630656634626264 -32666265633261666330623262303462643932336463303231303935643936613638326363363262 -39363237353038626437646230623565353038383566303662663033623066383938656530613939 -39343339643062313830633165323135346330636133663632366436336263363232646431663239 -32663434333032353632373735333434613066386132646561643930626466306433623639386266 -33313366383036313161373736656530366339646333373664333364373531633463333838303334 -39626330646361636238303261343164343834623065393131646336306430383331333364313937 -37333539303361386234663930613130363564333232326535313864306132646361353132393638 -31343338636466353338656261633437616330636631326564353032393162383465343137383163 -61666265336465366263636435336436343764356133653963653866353166356138353837346434 -35326265666365393963356231313964333763316464633636656332653132633931393064626630 -3966 diff --git a/dev-tools/ansible/requirements.txt b/dev-tools/ansible/requirements.txt index dc30cfd1fd..da3380cc96 100644 --- a/dev-tools/ansible/requirements.txt +++ b/dev-tools/ansible/requirements.txt @@ -15,5 +15,21 @@ # specific language governing permissions and limitations # under the License. -ansible~=2.3.1 -docker<3.0 +ansible==5.6.0 +ansible-core==2.12.4 +certifi==2021.10.8 +cffi==1.15.0 +charset-normalizer==2.0.12 +cryptography==36.0.2 +docker==5.0.3 +idna==3.3 +Jinja2==3.1.1 +MarkupSafe==2.1.1 +packaging==21.3 +pycparser==2.21 +pyparsing==3.0.8 +PyYAML==6.0 +requests==2.27.1 +resolvelib==0.5.4 +urllib3==1.26.9 +websocket-client==1.3.2 diff --git a/dev-tools/ansible/roles/django/tasks/database.yml b/dev-tools/ansible/roles/django/tasks/database.yml index 4589562088..31548a66f1 100644 --- a/dev-tools/ansible/roles/django/tasks/database.yml +++ b/dev-tools/ansible/roles/django/tasks/database.yml @@ -22,16 +22,25 @@ - name: Adds Python MySQL support on Debian/Ubuntu apt: pkg="python-mysqldb" state=present - become_user: root + become: true when: ansible_os_family == 'Debian' -- name: Adds Python MySQL support on RedHat/CentOS - yum: name=MySQL-python state=present - become_user: root - when: ansible_os_family == 'RedHat' +# - name: inventory_hostname var +# debug: +# var: inventory_hostname + +# - name: user var +# debug: +# var: user + +# TODO: fix propagating delegation and become_user +# - include: install_deps_{{ ansible_distribution }}_{{ ansible_distribution_major_version }}.yml +# when: ansible_os_family == "RedHat" - name: create django database ({{ django_database_name }}) mysql_db: name="{{ django_database_name }}" state=present encoding=utf8 collation=utf8_bin + # become: true + # become_user: "{{user}}" - name: give access to {{ django_db_username }} from remote (internal ip) mysql_user: name="{{ django_db_username }}" password="{{ django_db_password }}" host="{{ ansible_default_ipv4.address }}" diff --git a/dev-tools/ansible/requirements.txt b/dev-tools/ansible/roles/django/tasks/install_deps_Centos_7.yml similarity index 81% copy from dev-tools/ansible/requirements.txt copy to dev-tools/ansible/roles/django/tasks/install_deps_Centos_7.yml index dc30cfd1fd..fbde07fdcd 100644 --- a/dev-tools/ansible/requirements.txt +++ b/dev-tools/ansible/roles/django/tasks/install_deps_Centos_7.yml @@ -1,3 +1,5 @@ +# +# # Licensed to the Apache Software Foundation (ASF) under one # or more contributor license agreements. See the NOTICE file # distributed with this work for additional information @@ -5,15 +7,22 @@ # to you under the Apache License, Version 2.0 (the # "License"); you may not use this file except in compliance # with the License. You may obtain a copy of the License at - -# http://www.apache.org/licenses/LICENSE-2.0 - +# +# http://www.apache.org/licenses/LICENSE-2.0 +# # Unless required by applicable law or agreed to in writing, # software distributed under the License is distributed on an # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY # KIND, either express or implied. See the License for the # specific language governing permissions and limitations # under the License. +# + +--- + +- name: Adds Python MySQL support (Centos 7) + yum: name=MySQL-python state=present + become: true + -ansible~=2.3.1 -docker<3.0 +... diff --git a/dev-tools/ansible/requirements.txt b/dev-tools/ansible/roles/django/tasks/install_deps_Rocky_8.yml similarity index 79% copy from dev-tools/ansible/requirements.txt copy to dev-tools/ansible/roles/django/tasks/install_deps_Rocky_8.yml index dc30cfd1fd..1aa0d81042 100644 --- a/dev-tools/ansible/requirements.txt +++ b/dev-tools/ansible/roles/django/tasks/install_deps_Rocky_8.yml @@ -1,3 +1,5 @@ +# +# # Licensed to the Apache Software Foundation (ASF) under one # or more contributor license agreements. See the NOTICE file # distributed with this work for additional information @@ -5,15 +7,23 @@ # to you under the Apache License, Version 2.0 (the # "License"); you may not use this file except in compliance # with the License. You may obtain a copy of the License at - -# http://www.apache.org/licenses/LICENSE-2.0 - +# +# http://www.apache.org/licenses/LICENSE-2.0 +# # Unless required by applicable law or agreed to in writing, # software distributed under the License is distributed on an # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY # KIND, either express or implied. See the License for the # specific language governing permissions and limitations # under the License. +# + +--- + +- name: Adds Python MySQL support (Rocky 8) + dnf: name={{ item }} state=latest + with_items: + - python3-mysql + become: true -ansible~=2.3.1 -docker<3.0 +... diff --git a/dev-tools/ansible/roles/django/tasks/main.yml b/dev-tools/ansible/roles/django/tasks/main.yml index 172b7f0abf..1f0c264a3c 100644 --- a/dev-tools/ansible/roles/django/tasks/main.yml +++ b/dev-tools/ansible/roles/django/tasks/main.yml @@ -27,11 +27,19 @@ with_items: - "{{ groups['database'] }}" +# - name: Hostvars +# debug: +# var: hostvars[item] +# with_items: +# - "{{ django_database_hosts }}" + - name: Run tasks to setup Django database - include: database.yml - delegate_to: "{{ item }}" - become: yes - become_user: "{{ hostvars[item]['user'] }}" + include_tasks: database.yml + args: + apply: + delegate_to: "{{ item }}" + become: yes + become_user: "{{ hostvars[item]['user'] }}" with_items: - "{{ django_database_hosts }}" @@ -88,10 +96,12 @@ - name: build airavata-django-portal Docker image local_action: module: docker_image - path: "{{ airavata_django_portal_tempdir.path }}/" + build: + path: "{{ airavata_django_portal_tempdir.path }}/" name: airavata-django-portal - force: true - # source: build + force_source: true + force_tag: true + source: build run_once: true - name: create Docker container so we can copy built files out of it @@ -178,6 +188,7 @@ pip: name: "{{ item }}" virtualenv: "{{ django_venv_dir }}" + # TODO: maybe set editable to true if a git url? become: yes become_user: "{{user}}" with_list: "{{ airavata_django_extra_dependencies }}" diff --git a/dev-tools/ansible/roles/django_setup/tasks/install_deps_Rocky_8.yml b/dev-tools/ansible/roles/django_setup/tasks/install_deps_Rocky_8.yml new file mode 100644 index 0000000000..80f8266702 --- /dev/null +++ b/dev-tools/ansible/roles/django_setup/tasks/install_deps_Rocky_8.yml @@ -0,0 +1,108 @@ +# +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +--- + +- name: Install Airavata Django Portal prerequisites (Rocky 8) + dnf: name={{ item }} state=latest + with_items: + - python36 + - httpd-devel + - python36-devel + - mysql-devel + - gcc + - zlib-devel + - openssl-devel + become: yes + +- name: Create mod_wsgi directory + file: path={{ mod_wsgi_dir }} state=directory + become: yes + +- name: Fetch mod_wsgi + get_url: + url: "{{ mod_wsgi_url }}" + dest: "{{ mod_wsgi_tarball_dest }}" + become: yes + +- name: Untar mod_wsgi + unarchive: + src: "{{ mod_wsgi_tarball_dest }}" + remote_src: yes + dest: "{{ mod_wsgi_dir }}" + creates: "{{ mod_wsgi_unarchive_dir }}" + become: yes + +- name: Configure mod_wsgi + command: ./configure --with-python=/usr/bin/python3 + args: + chdir: "{{ mod_wsgi_unarchive_dir }}" + creates: "{{ mod_wsgi_unarchive_dir }}/Makefile" + become: yes + +- name: make mod_wsgi + command: make + args: + chdir: "{{ mod_wsgi_unarchive_dir }}" + creates: "{{ mod_wsgi_unarchive_dir }}/src/server/mod_wsgi.la" + become: yes + +- name: make install mod_wsgi + command: make install + args: + chdir: "{{ mod_wsgi_unarchive_dir }}" + become: yes + +- name: Copy mod_wsgi config file + copy: + src: 00-wsgi.conf + dest: "{{ httpd_conf_modules_dir }}/00-wsgi.conf" + become: yes + +# Allow httpd to copy file attributes when handling uploaded files and moving +# them from temporary to final destination (which may cross partitions) +- name: double check policycoreutils installed + dnf: name=python3-policycoreutils state=installed + become: yes + +- name: Copy SELinux type enforcement file + copy: src=django-httpd.te dest=/tmp/ + +- name: Compile SELinux module file + command: checkmodule -M -m -o /tmp/django-httpd.mod /tmp/django-httpd.te + +- name: Build SELinux policy package + command: semodule_package -o /tmp/django-httpd.pp -m /tmp/django-httpd.mod + +- name: unLoad SELinux policy package + command: semodule -r django-httpd + become: yes + ignore_errors: True + +- name: Load SELinux policy package + command: semodule -i /tmp/django-httpd.pp + become: yes + +- name: Remove temporary files + file: path={{ item }} state=absent + with_items: + - /tmp/django-httpd.mod + - /tmp/django-httpd.pp + - /tmp/django-httpd.te diff --git a/dev-tools/ansible/roles/env_setup/tasks/main.yml b/dev-tools/ansible/roles/env_setup/tasks/main.yml index 4d36c76fd2..b038e840dd 100644 --- a/dev-tools/ansible/roles/env_setup/tasks/main.yml +++ b/dev-tools/ansible/roles/env_setup/tasks/main.yml @@ -73,24 +73,25 @@ # Automatic security updates installation -- name: Install yum-cron, yum-utils (RedHat) - yum: name={{ item }} state=latest update_cache=yes - become: yes - when: ansible_os_family == "RedHat" - with_items: - - yum-cron - - yum-utils +# TODO: switch to dnf-automatic for Rocky Linux +# - name: Install yum-cron, yum-utils (RedHat) +# yum: name={{ item }} state=latest update_cache=yes +# become: yes +# when: ansible_os_family == "RedHat" +# with_items: +# - yum-cron +# - yum-utils -- name: Copy yum-cron.conf config file - copy: - src: yum-cron.conf - dest: /etc/yum/yum-cron.conf - backup: yes - become: yes - when: ansible_os_family == "RedHat" +# - name: Copy yum-cron.conf config file +# copy: +# src: yum-cron.conf +# dest: /etc/yum/yum-cron.conf +# backup: yes +# become: yes +# when: ansible_os_family == "RedHat" -- name: Enable and start yum-cron - service: name=yum-cron state=started enabled=yes daemon_reload=yes - become: yes - when: ansible_os_family == "RedHat" +# - name: Enable and start yum-cron +# service: name=yum-cron state=started enabled=yes daemon_reload=yes +# become: yes +# when: ansible_os_family == "RedHat" ... diff --git a/dev-tools/ansible/requirements.txt b/dev-tools/ansible/roles/httpd/tasks/install_deps_Rocky_8.yml similarity index 69% copy from dev-tools/ansible/requirements.txt copy to dev-tools/ansible/roles/httpd/tasks/install_deps_Rocky_8.yml index dc30cfd1fd..698932ee25 100644 --- a/dev-tools/ansible/requirements.txt +++ b/dev-tools/ansible/roles/httpd/tasks/install_deps_Rocky_8.yml @@ -1,3 +1,5 @@ +# +# # Licensed to the Apache Software Foundation (ASF) under one # or more contributor license agreements. See the NOTICE file # distributed with this work for additional information @@ -5,15 +7,29 @@ # to you under the Apache License, Version 2.0 (the # "License"); you may not use this file except in compliance # with the License. You may obtain a copy of the License at - -# http://www.apache.org/licenses/LICENSE-2.0 - +# +# http://www.apache.org/licenses/LICENSE-2.0 +# # Unless required by applicable law or agreed to in writing, # software distributed under the License is distributed on an # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY # KIND, either express or implied. See the License for the # specific language governing permissions and limitations # under the License. +# + +--- + +- name: Install pre-requisites + dnf: name="{{ item }}" state=latest + with_items: + - git + - httpd + - mod_ssl + - python3-libselinux + - python3-policycoreutils + become: yes -ansible~=2.3.1 -docker<3.0 +- name: install epel release + dnf: name=epel-release state=present + become: yes diff --git a/dev-tools/ansible/roles/httpd/tasks/main.yml b/dev-tools/ansible/roles/httpd/tasks/main.yml index 15a71fd9ed..90a3ee840b 100644 --- a/dev-tools/ansible/roles/httpd/tasks/main.yml +++ b/dev-tools/ansible/roles/httpd/tasks/main.yml @@ -34,7 +34,7 @@ - name: create default ssl vhost certificate command: openssl req -x509 -sha256 -newkey rsa:2048 -keyout {{ httpd_default_ssl_vhost_certificate_key_location[ansible_os_family]}} -out {{ httpd_default_ssl_vhost_certificate_location[ansible_os_family]}} -days 1024 -nodes -subj '/CN={{ ansible_host }}' become: yes - when: default_vhost_ssl_cert_check|failed + when: default_vhost_ssl_cert_check is failed - name: Change permissions for default ssl vhost certificate private key file: path="{{ httpd_default_ssl_vhost_certificate_key_location[ansible_os_family] }}" state=file owner="root" group="root" mode="600" @@ -59,6 +59,7 @@ file: path="{{ real_user_data_dir }}" state=directory owner="{{user}}" group="{{group}}" become: yes +# TODO: create the parent directory of the symlink if missing - name: Symlink user data dir {{ user_data_dir }} to {{ real_user_data_dir }} file: src="{{ real_user_data_dir }}" dest="{{ user_data_dir }}" state=link owner="{{user}}" group="{{group}}" become: yes @@ -76,7 +77,7 @@ when: ansible_os_family == "RedHat" - name: run restorecon on user data directory - command: restorecon -F -R {{ user_data_dir }} + command: restorecon -F -R {{ real_user_data_dir }} become: yes when: ansible_os_family == "RedHat" diff --git a/dev-tools/ansible/requirements.txt b/dev-tools/ansible/roles/letsencrypt/tasks/install_deps_CentOS_7.yml similarity index 69% copy from dev-tools/ansible/requirements.txt copy to dev-tools/ansible/roles/letsencrypt/tasks/install_deps_CentOS_7.yml index dc30cfd1fd..2415c7584f 100644 --- a/dev-tools/ansible/requirements.txt +++ b/dev-tools/ansible/roles/letsencrypt/tasks/install_deps_CentOS_7.yml @@ -1,3 +1,5 @@ +# +# # Licensed to the Apache Software Foundation (ASF) under one # or more contributor license agreements. See the NOTICE file # distributed with this work for additional information @@ -5,15 +7,25 @@ # to you under the Apache License, Version 2.0 (the # "License"); you may not use this file except in compliance # with the License. You may obtain a copy of the License at - -# http://www.apache.org/licenses/LICENSE-2.0 - +# +# http://www.apache.org/licenses/LICENSE-2.0 +# # Unless required by applicable law or agreed to in writing, # software distributed under the License is distributed on an # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY # KIND, either express or implied. See the License for the # specific language governing permissions and limitations # under the License. +# + +--- -ansible~=2.3.1 -docker<3.0 +- name: install certbot and dependencies + yum: name={{ item }} state=installed update_cache=yes + with_items: + - certbot-1.11.0 + - python2-acme-1.11.0 + - python2-certbot-apache-1.11.0 + - ca-certificates-2021.2.50 + become: true + become_user: root diff --git a/dev-tools/ansible/requirements.txt b/dev-tools/ansible/roles/letsencrypt/tasks/install_deps_Rocky_8.yml similarity index 73% copy from dev-tools/ansible/requirements.txt copy to dev-tools/ansible/roles/letsencrypt/tasks/install_deps_Rocky_8.yml index dc30cfd1fd..574127dec3 100644 --- a/dev-tools/ansible/requirements.txt +++ b/dev-tools/ansible/roles/letsencrypt/tasks/install_deps_Rocky_8.yml @@ -1,3 +1,5 @@ +# +# # Licensed to the Apache Software Foundation (ASF) under one # or more contributor license agreements. See the NOTICE file # distributed with this work for additional information @@ -5,15 +7,25 @@ # to you under the Apache License, Version 2.0 (the # "License"); you may not use this file except in compliance # with the License. You may obtain a copy of the License at - -# http://www.apache.org/licenses/LICENSE-2.0 - +# +# http://www.apache.org/licenses/LICENSE-2.0 +# # Unless required by applicable law or agreed to in writing, # software distributed under the License is distributed on an # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY # KIND, either express or implied. See the License for the # specific language governing permissions and limitations # under the License. +# + +--- -ansible~=2.3.1 -docker<3.0 +- name: install certbot and dependencies + dnf: name={{ item }} state=latest + with_items: + - certbot + - python3-acme + - python3-certbot-apache + - ca-certificates + become: true + become_user: root diff --git a/dev-tools/ansible/roles/letsencrypt/tasks/main.yml b/dev-tools/ansible/roles/letsencrypt/tasks/main.yml index 75a4956333..51d4bb5ef2 100644 --- a/dev-tools/ansible/roles/letsencrypt/tasks/main.yml +++ b/dev-tools/ansible/roles/letsencrypt/tasks/main.yml @@ -20,15 +20,7 @@ --- -- name: install certbot and dependencies - yum: name={{ item }} state=installed update_cache=yes - with_items: - - certbot-1.11.0 - - python2-acme-1.11.0 - - python2-certbot-apache-1.11.0 - - ca-certificates-2021.2.50 - become: true - become_user: root +- include: install_deps_{{ ansible_distribution }}_{{ ansible_distribution_major_version }}.yml when: ansible_os_family == "RedHat" - name: add Certbot PPA repository
