This is an automated email from the ASF dual-hosted git repository. machristie pushed a commit to branch develop in repository https://gitbox.apache.org/repos/asf/airavata.git
commit 65134efef90e48c677e6c37d26bbf8560224e7d5 Author: Marcus Christie <[email protected]> AuthorDate: Wed Jul 6 11:49:29 2022 -0400 AIRAVATA-3609 Ansible 2.13/Rocky Linux 8 updates for Django deploy --- .../roles/django/tasks/install_deps_Centos_7.yml | 28 ++++++ .../roles/django/tasks/install_deps_Rocky_8.yml | 31 ++++++ dev-tools/ansible/roles/django/tasks/main.yml | 8 +- .../django_setup/tasks/install_deps_Rocky_8.yml | 108 +++++++++++++++++++++ dev-tools/ansible/roles/env_setup/tasks/main.yml | 37 +++---- .../roles/httpd/tasks/install_deps_Rocky_8.yml | 35 +++++++ dev-tools/ansible/roles/httpd/tasks/main.yml | 5 +- .../tasks/{main.yml => install_deps_CentOS_7.yml} | 37 ------- .../letsencrypt/tasks/install_deps_Rocky_8.yml | 31 ++++++ dev-tools/ansible/roles/letsencrypt/tasks/main.yml | 10 +- 10 files changed, 261 insertions(+), 69 deletions(-) diff --git a/dev-tools/ansible/roles/django/tasks/install_deps_Centos_7.yml b/dev-tools/ansible/roles/django/tasks/install_deps_Centos_7.yml new file mode 100644 index 0000000000..fbde07fdcd --- /dev/null +++ b/dev-tools/ansible/roles/django/tasks/install_deps_Centos_7.yml @@ -0,0 +1,28 @@ +# +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +--- + +- name: Adds Python MySQL support (Centos 7) + yum: name=MySQL-python state=present + become: true + + +... diff --git a/dev-tools/ansible/roles/django/tasks/install_deps_Rocky_8.yml b/dev-tools/ansible/roles/django/tasks/install_deps_Rocky_8.yml new file mode 100644 index 0000000000..d81472cad9 --- /dev/null +++ b/dev-tools/ansible/roles/django/tasks/install_deps_Rocky_8.yml @@ -0,0 +1,31 @@ +# +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +--- + +- name: Adds Python MySQL support (Rocky 8) + dnf: name={{ package }} state=latest + loop: + - python3-mysql + loop_control: + loop_var: package + become: true + +... diff --git a/dev-tools/ansible/roles/django/tasks/main.yml b/dev-tools/ansible/roles/django/tasks/main.yml index 819eb821b7..bbe1f10fed 100644 --- a/dev-tools/ansible/roles/django/tasks/main.yml +++ b/dev-tools/ansible/roles/django/tasks/main.yml @@ -96,10 +96,12 @@ - name: build airavata-django-portal Docker image local_action: module: docker_image - path: "{{ airavata_django_portal_tempdir.path }}/" + build: + path: "{{ airavata_django_portal_tempdir.path }}/" name: airavata-django-portal - force: true - # source: build + force_source: true + force_tag: true + source: build run_once: true - name: create Docker container so we can copy built files out of it diff --git a/dev-tools/ansible/roles/django_setup/tasks/install_deps_Rocky_8.yml b/dev-tools/ansible/roles/django_setup/tasks/install_deps_Rocky_8.yml new file mode 100644 index 0000000000..80f8266702 --- /dev/null +++ b/dev-tools/ansible/roles/django_setup/tasks/install_deps_Rocky_8.yml @@ -0,0 +1,108 @@ +# +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +--- + +- name: Install Airavata Django Portal prerequisites (Rocky 8) + dnf: name={{ item }} state=latest + with_items: + - python36 + - httpd-devel + - python36-devel + - mysql-devel + - gcc + - zlib-devel + - openssl-devel + become: yes + +- name: Create mod_wsgi directory + file: path={{ mod_wsgi_dir }} state=directory + become: yes + +- name: Fetch mod_wsgi + get_url: + url: "{{ mod_wsgi_url }}" + dest: "{{ mod_wsgi_tarball_dest }}" + become: yes + +- name: Untar mod_wsgi + unarchive: + src: "{{ mod_wsgi_tarball_dest }}" + remote_src: yes + dest: "{{ mod_wsgi_dir }}" + creates: "{{ mod_wsgi_unarchive_dir }}" + become: yes + +- name: Configure mod_wsgi + command: ./configure --with-python=/usr/bin/python3 + args: + chdir: "{{ mod_wsgi_unarchive_dir }}" + creates: "{{ mod_wsgi_unarchive_dir }}/Makefile" + become: yes + +- name: make mod_wsgi + command: make + args: + chdir: "{{ mod_wsgi_unarchive_dir }}" + creates: "{{ mod_wsgi_unarchive_dir }}/src/server/mod_wsgi.la" + become: yes + +- name: make install mod_wsgi + command: make install + args: + chdir: "{{ mod_wsgi_unarchive_dir }}" + become: yes + +- name: Copy mod_wsgi config file + copy: + src: 00-wsgi.conf + dest: "{{ httpd_conf_modules_dir }}/00-wsgi.conf" + become: yes + +# Allow httpd to copy file attributes when handling uploaded files and moving +# them from temporary to final destination (which may cross partitions) +- name: double check policycoreutils installed + dnf: name=python3-policycoreutils state=installed + become: yes + +- name: Copy SELinux type enforcement file + copy: src=django-httpd.te dest=/tmp/ + +- name: Compile SELinux module file + command: checkmodule -M -m -o /tmp/django-httpd.mod /tmp/django-httpd.te + +- name: Build SELinux policy package + command: semodule_package -o /tmp/django-httpd.pp -m /tmp/django-httpd.mod + +- name: unLoad SELinux policy package + command: semodule -r django-httpd + become: yes + ignore_errors: True + +- name: Load SELinux policy package + command: semodule -i /tmp/django-httpd.pp + become: yes + +- name: Remove temporary files + file: path={{ item }} state=absent + with_items: + - /tmp/django-httpd.mod + - /tmp/django-httpd.pp + - /tmp/django-httpd.te diff --git a/dev-tools/ansible/roles/env_setup/tasks/main.yml b/dev-tools/ansible/roles/env_setup/tasks/main.yml index 4d36c76fd2..b038e840dd 100644 --- a/dev-tools/ansible/roles/env_setup/tasks/main.yml +++ b/dev-tools/ansible/roles/env_setup/tasks/main.yml @@ -73,24 +73,25 @@ # Automatic security updates installation -- name: Install yum-cron, yum-utils (RedHat) - yum: name={{ item }} state=latest update_cache=yes - become: yes - when: ansible_os_family == "RedHat" - with_items: - - yum-cron - - yum-utils +# TODO: switch to dnf-automatic for Rocky Linux +# - name: Install yum-cron, yum-utils (RedHat) +# yum: name={{ item }} state=latest update_cache=yes +# become: yes +# when: ansible_os_family == "RedHat" +# with_items: +# - yum-cron +# - yum-utils -- name: Copy yum-cron.conf config file - copy: - src: yum-cron.conf - dest: /etc/yum/yum-cron.conf - backup: yes - become: yes - when: ansible_os_family == "RedHat" +# - name: Copy yum-cron.conf config file +# copy: +# src: yum-cron.conf +# dest: /etc/yum/yum-cron.conf +# backup: yes +# become: yes +# when: ansible_os_family == "RedHat" -- name: Enable and start yum-cron - service: name=yum-cron state=started enabled=yes daemon_reload=yes - become: yes - when: ansible_os_family == "RedHat" +# - name: Enable and start yum-cron +# service: name=yum-cron state=started enabled=yes daemon_reload=yes +# become: yes +# when: ansible_os_family == "RedHat" ... diff --git a/dev-tools/ansible/roles/httpd/tasks/install_deps_Rocky_8.yml b/dev-tools/ansible/roles/httpd/tasks/install_deps_Rocky_8.yml new file mode 100644 index 0000000000..698932ee25 --- /dev/null +++ b/dev-tools/ansible/roles/httpd/tasks/install_deps_Rocky_8.yml @@ -0,0 +1,35 @@ +# +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +--- + +- name: Install pre-requisites + dnf: name="{{ item }}" state=latest + with_items: + - git + - httpd + - mod_ssl + - python3-libselinux + - python3-policycoreutils + become: yes + +- name: install epel release + dnf: name=epel-release state=present + become: yes diff --git a/dev-tools/ansible/roles/httpd/tasks/main.yml b/dev-tools/ansible/roles/httpd/tasks/main.yml index 15a71fd9ed..90a3ee840b 100644 --- a/dev-tools/ansible/roles/httpd/tasks/main.yml +++ b/dev-tools/ansible/roles/httpd/tasks/main.yml @@ -34,7 +34,7 @@ - name: create default ssl vhost certificate command: openssl req -x509 -sha256 -newkey rsa:2048 -keyout {{ httpd_default_ssl_vhost_certificate_key_location[ansible_os_family]}} -out {{ httpd_default_ssl_vhost_certificate_location[ansible_os_family]}} -days 1024 -nodes -subj '/CN={{ ansible_host }}' become: yes - when: default_vhost_ssl_cert_check|failed + when: default_vhost_ssl_cert_check is failed - name: Change permissions for default ssl vhost certificate private key file: path="{{ httpd_default_ssl_vhost_certificate_key_location[ansible_os_family] }}" state=file owner="root" group="root" mode="600" @@ -59,6 +59,7 @@ file: path="{{ real_user_data_dir }}" state=directory owner="{{user}}" group="{{group}}" become: yes +# TODO: create the parent directory of the symlink if missing - name: Symlink user data dir {{ user_data_dir }} to {{ real_user_data_dir }} file: src="{{ real_user_data_dir }}" dest="{{ user_data_dir }}" state=link owner="{{user}}" group="{{group}}" become: yes @@ -76,7 +77,7 @@ when: ansible_os_family == "RedHat" - name: run restorecon on user data directory - command: restorecon -F -R {{ user_data_dir }} + command: restorecon -F -R {{ real_user_data_dir }} become: yes when: ansible_os_family == "RedHat" diff --git a/dev-tools/ansible/roles/letsencrypt/tasks/main.yml b/dev-tools/ansible/roles/letsencrypt/tasks/install_deps_CentOS_7.yml similarity index 52% copy from dev-tools/ansible/roles/letsencrypt/tasks/main.yml copy to dev-tools/ansible/roles/letsencrypt/tasks/install_deps_CentOS_7.yml index 75a4956333..2415c7584f 100644 --- a/dev-tools/ansible/roles/letsencrypt/tasks/main.yml +++ b/dev-tools/ansible/roles/letsencrypt/tasks/install_deps_CentOS_7.yml @@ -29,40 +29,3 @@ - ca-certificates-2021.2.50 become: true become_user: root - when: ansible_os_family == "RedHat" - -- name: add Certbot PPA repository - apt_repository: - repo: "ppa:certbot/certbot" - become: yes - when: ansible_os_family == "Debian" - -- name: Install Certbot and dependencies (Debian) - apt: name={{ item }} state=latest update_cache=yes - with_items: - - certbot - - python-certbot-apache - become: yes - when: ansible_os_family == "Debian" - -# Note: on Ubuntu crontab is automatically created to run cert renewal. Only -# CentOS requires enabling the certbot-renew timer. - -- name: enable certbot (letsencrypt) renewal - systemd: - enabled: true - name: certbot-renew - daemon_reload: true - become: true - become_user: root - when: ansible_os_family == "RedHat" - -- name: enable certbot (letsencrypt) renewal timer - systemd: - state: started - enabled: true - name: certbot-renew.timer - daemon_reload: true - become: true - become_user: root - when: ansible_os_family == "RedHat" diff --git a/dev-tools/ansible/roles/letsencrypt/tasks/install_deps_Rocky_8.yml b/dev-tools/ansible/roles/letsencrypt/tasks/install_deps_Rocky_8.yml new file mode 100644 index 0000000000..574127dec3 --- /dev/null +++ b/dev-tools/ansible/roles/letsencrypt/tasks/install_deps_Rocky_8.yml @@ -0,0 +1,31 @@ +# +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +--- + +- name: install certbot and dependencies + dnf: name={{ item }} state=latest + with_items: + - certbot + - python3-acme + - python3-certbot-apache + - ca-certificates + become: true + become_user: root diff --git a/dev-tools/ansible/roles/letsencrypt/tasks/main.yml b/dev-tools/ansible/roles/letsencrypt/tasks/main.yml index 75a4956333..978204d680 100644 --- a/dev-tools/ansible/roles/letsencrypt/tasks/main.yml +++ b/dev-tools/ansible/roles/letsencrypt/tasks/main.yml @@ -20,15 +20,7 @@ --- -- name: install certbot and dependencies - yum: name={{ item }} state=installed update_cache=yes - with_items: - - certbot-1.11.0 - - python2-acme-1.11.0 - - python2-certbot-apache-1.11.0 - - ca-certificates-2021.2.50 - become: true - become_user: root +- include_tasks: install_deps_{{ ansible_distribution }}_{{ ansible_distribution_major_version }}.yml when: ansible_os_family == "RedHat" - name: add Certbot PPA repository
