You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airavata.apache.org by sc...@apache.org on 2016/10/03 15:38:36 UTC
[16/50] [abbrv] airavata git commit: Imported ansible-airavata repo
to airavata repo
Imported ansible-airavata repo to airavata repo
Project: http://git-wip-us.apache.org/repos/asf/airavata/repo
Commit: http://git-wip-us.apache.org/repos/asf/airavata/commit/514567c8
Tree: http://git-wip-us.apache.org/repos/asf/airavata/tree/514567c8
Diff: http://git-wip-us.apache.org/repos/asf/airavata/diff/514567c8
Branch: refs/heads/airavata-gov-registry
Commit: 514567c8baeb61846c198a7b111f988bab037284
Parents: 7071ef1 f513f56
Author: Shameera Rathnayaka <sh...@gmail.com>
Authored: Fri Sep 23 21:55:35 2016 -0400
Committer: Shameera Rathnayaka <sh...@gmail.com>
Committed: Fri Sep 23 21:58:00 2016 -0400
----------------------------------------------------------------------
dev-tools/ansible/NOTE | 5 +
dev-tools/ansible/README.md | 31 +
dev-tools/ansible/group_vars/all.yml | 88 +++
dev-tools/ansible/hosts | 26 +
.../files/mysql-connector-java-5.1.37-bin.jar | Bin 0 -> 985603 bytes
.../ansible/roles/api-orch/handlers/main.yml | 14 +
dev-tools/ansible/roles/api-orch/tasks/main.yml | 71 ++
.../templates/airavata-server.properties.j2 | 281 ++++++++
.../api-orch/templates/gfac-config.yaml.j2 | 111 +++
.../ansible/roles/common/files/airavata.jks | Bin 0 -> 2289 bytes
.../ansible/roles/common/files/airavata_sym.jks | Bin 0 -> 501 bytes
dev-tools/ansible/roles/common/tasks/main.yml | 55 ++
dev-tools/ansible/roles/common/vars/main.yml | 4 +
.../ansible/roles/database/handlers/main.yml | 14 +
dev-tools/ansible/roles/database/tasks/main.yml | 60 ++
.../roles/database/tasks/secure_install.yml | 23 +
.../ansible/roles/database/templates/my.cnf.j2 | 4 +
dev-tools/ansible/roles/database/vars/main.yml | 21 +
.../ansible/roles/env_setup/tasks/main.yml | 28 +
.../ansible/roles/env_setup/tasks/redhat.yml | 12 +
.../files/mysql-connector-java-5.1.37-bin.jar | Bin 0 -> 985603 bytes
dev-tools/ansible/roles/gfac/handlers/main.yml | 8 +
dev-tools/ansible/roles/gfac/tasks/main.yml | 67 ++
.../templates/airavata-server.properties.j2 | 281 ++++++++
.../roles/gfac/templates/gfac-config.yaml.j2 | 111 +++
dev-tools/ansible/roles/java/tasks/main.yml | 21 +
dev-tools/ansible/roles/java/vars/main.yml | 15 +
dev-tools/ansible/roles/pga/handlers/main.yml | 13 +
dev-tools/ansible/roles/pga/tasks/main.yml | 112 +++
.../ansible/roles/pga/templates/httpd.conf.j2 | 353 ++++++++++
.../roles/pga/templates/pga_config.php.j2 | 248 +++++++
dev-tools/ansible/roles/pga/vars/main.yml | 30 +
.../ansible/roles/rabbitmq/handlers/main.yml | 13 +
dev-tools/ansible/roles/rabbitmq/tasks/main.yml | 60 ++
dev-tools/ansible/roles/rabbitmq/vars/main.yml | 2 +
.../files/mysql-connector-java-5.1.37-bin.jar | Bin 0 -> 985603 bytes
dev-tools/ansible/roles/registry/tasks/main.yml | 59 ++
.../templates/airavata-server.properties.j2 | 281 ++++++++
dev-tools/ansible/roles/wso2_is/tasks/main.yml | 41 ++
.../roles/wso2_is/templates/carbon.xml.j2 | 688 +++++++++++++++++++
dev-tools/ansible/roles/wso2_is/vars/main.yml | 18 +
.../ansible/roles/zookeeper/handlers/main.yml | 12 +
.../ansible/roles/zookeeper/tasks/main.yml | 34 +
.../roles/zookeeper/templates/zoo.cfg.j2 | 28 +
.../zookeeper/templates/zookeeper.service.j2 | 15 +
dev-tools/ansible/roles/zookeeper/vars/main.yml | 17 +
dev-tools/ansible/site.yml | 76 ++
47 files changed, 3451 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/airavata/blob/514567c8/dev-tools/ansible/NOTE
----------------------------------------------------------------------
diff --cc dev-tools/ansible/NOTE
index 0000000,0000000..b4979b5
new file mode 100644
--- /dev/null
+++ b/dev-tools/ansible/NOTE
@@@ -1,0 -1,0 +1,5 @@@
++#Bind to 'hostname -f' output to access from outside.
++
++#aws
++add new tcp rule under associate security group to open ports
++disable or add firewall rule to open ports
http://git-wip-us.apache.org/repos/asf/airavata/blob/514567c8/dev-tools/ansible/README.md
----------------------------------------------------------------------
diff --cc dev-tools/ansible/README.md
index 0000000,0000000..f497fb5
new file mode 100644
--- /dev/null
+++ b/dev-tools/ansible/README.md
@@@ -1,0 -1,0 +1,31 @@@
++# airavata-ansible
++
++Ansible script to deploy Apache Airavata
++
++## Support OS
++
++- Centos 7
++
++## Roles
++
++- **env_setup** :- Create user and group, install oracle java 8
++- **zookeeper** :- Download and install zookeeper.
++- **rabbitmq** :- Download and install rabbitmq as service.
++- **common** :- Checkout Airavata source from git and run maven build. Move keystore files.
++- **gfac** :- Setup Gfac deployment and Change configurations.
++- **api-orch** :- Setup Api-Orch deployment and Change configurations.
++- **pga** :- Deploy Airavata PHP Gateway._(Under development)_
++
++## Useful commands
++
++- `ansible-playbook -i hosts site.yml`
++- `ansible-playbook -i hosts site.yml -t "tags"`
++- `ansible-playbook -i hosts site.yml --start-at-task="name of the ansible task"`
++
++To deploy pga run following. see site.yml (playbook) file for other available tags.
++
++- `ansible-playbook -i hosts site.yml -t "pga"`
++
++## Configurations
++
++- Set correct private key file to `ansible_ssh_private_key_file` property in group_vars/all
http://git-wip-us.apache.org/repos/asf/airavata/blob/514567c8/dev-tools/ansible/group_vars/all.yml
----------------------------------------------------------------------
diff --cc dev-tools/ansible/group_vars/all.yml
index 0000000,0000000..5a159c3
new file mode 100644
--- /dev/null
+++ b/dev-tools/ansible/group_vars/all.yml
@@@ -1,0 -1,0 +1,88 @@@
++---
++ansible_connection: ssh
++# ansible_ssh_user: centos
++ansible_ssh_user: root
++ansible_ssh_private_key_file: /Users/syodage/Projects/airavata-ansible/dev-deployment-key.pem
++# ansible_ssh_private_key_file: /Users/syodage/Projects/airavata-ansible/shameera-aws.pem.txt
++
++user: centos
++group: centos
++user_home: "/home/{{ user }}"
++
++# deployment related variables
++deployment_dir: "{{ user_home }}/dev-deployment"
++airavata_source_dir: "{{ user_home }}/source"
++airavata_dist: "apache-airavata-server-0.17-SNAPSHOT"
++airavata_dist_name: "{{ airavata_dist }}-bin.tar.gz"
++git_branch: develop
++
++# Database related variables
++db_server: "{{ groups['database'][0] }}"
++db_server_port: "3306"
++db_user: "airavata"
++db_password: "airavata"
++app_catalog: "app_catalog"
++exp_catalog: "exp_catalog"
++replica_catalog: "replica_catalog"
++workflow_catalog: "wf_catalog"
++credential_store: "credential_store"
++
++mysql_connector_jar: "mysql-connector-java-5.1.37-bin.jar"
++
++# Rabbitmq related vareables
++rabbitmq_server: "{{ groups['rabbitmq'][0] }}"
++rabbitmq_vhost: "develop"
++rabbitmq_user: "airavata"
++rabbitmq_password: "airavata"
++rabbitmq_port: "5672"
++rabbitmq_broker_url: "amqp://{{ rabbitmq_user }}:{{ rabbitmq_password }}@{{ rabbitmq_server}}:{{ rabbitmq_port }}/{{ rabbitmq_vhost }}"
++
++# Zoookeeper related variables
++zookeeper_client_port: 2181
++zookeeper_url: "{{ groups['zookeeper'][0] }}:{{ zookeeper_client_port }}"
++# API Server related variables
++api_server_name: "apiserver-node0"
++api_server_host: "{{ansible_fqdn}}"
++api_server_port: "8930"
++api_secured: "false"
++tls_enable: "false"
++api_server_tls_port: "9930"
++enable_sharing: "false"
++
++# Orchestrator related variables
++orchestrator_name: "orchestrator-node0"
++orchestrator_host: "{{ansible_fqdn}}"
++orchestrator_port: "8940"
++api_orch_dir: "{{ deployment_dir }}/api-orchestrator"
++
++# registry related variables
++registry_name: regserver-node0
++registry_host: "{{groups['registry'][0]}}"
++registry_port: 8970
++registry_dir: "{{ deployment_dir }}/registry"
++default_gateway: "php_reference_gateway"
++
++# Credential and keystore related variables
++#authorization_server: "https://{{ groups['wso2is'][0]}}:9443/services/"
++authorization_server: "https://idp.scigap.org:9443/services/"
++keystore: "airavata.jks"
++keystore_passwd: "airavata"
++#client_truststore: "client_truststore.jks"
++client_truststore: "airavata.jks"
++client_truststore_passwd: "airavata"
++cred_keystore: "airavata_sym.jks"
++cred_keystore_passwd: "airavata"
++cred_keystore_alias: "airavata"
++cred_store_server_host: "{{ ansible_fqdn }}"
++cred_store_port: "8960"
++keystores_location: "{{ deployment_dir }}/keystores"
++
++# Gfac related variables
++gfac_name: "gfac-node0"
++gfac_host: "{{ ansible_fqdn }}"
++gfac_port: "8950"
++gfac_dir: "{{ deployment_dir }}/gfac-instance"
++
++# Monitoring variables
++monitor_email_address: "test.airavata@gmail.com"
++monitor_email_password: "airavata"
http://git-wip-us.apache.org/repos/asf/airavata/blob/514567c8/dev-tools/ansible/hosts
----------------------------------------------------------------------
diff --cc dev-tools/ansible/hosts
index 0000000,0000000..4fc8675
new file mode 100644
--- /dev/null
+++ b/dev-tools/ansible/hosts
@@@ -1,0 -1,0 +1,26 @@@
++---
++# inventory file : production
++
++[zookeeper]
++54.221.13.4
++
++[rabbitmq]
++54.221.13.4
++
++[database]
++54.196.189.115
++
++[wso2is]
++#52.87.209.219
++
++[registry]
++54.89.119.195
++
++[api-orch]
++54.89.119.195
++
++[gfac]
++54.165.169.111
++
++[pga]
++#54.237.220.234
http://git-wip-us.apache.org/repos/asf/airavata/blob/514567c8/dev-tools/ansible/roles/api-orch/files/mysql-connector-java-5.1.37-bin.jar
----------------------------------------------------------------------
diff --cc dev-tools/ansible/roles/api-orch/files/mysql-connector-java-5.1.37-bin.jar
index 0000000,0000000..465af67
new file mode 100644
Binary files differ
http://git-wip-us.apache.org/repos/asf/airavata/blob/514567c8/dev-tools/ansible/roles/api-orch/handlers/main.yml
----------------------------------------------------------------------
diff --cc dev-tools/ansible/roles/api-orch/handlers/main.yml
index 0000000,0000000..a2288d9
new file mode 100644
--- /dev/null
+++ b/dev-tools/ansible/roles/api-orch/handlers/main.yml
@@@ -1,0 -1,0 +1,14 @@@
++---
++
++# Api server, Orchestrator related handlers
++- name: start api-orch
++ command: ./bin/airavata-server-start.sh api-orch -d
++ chdir="{{ api_orch_dir }}/{{ airavata_dist }}/"
++ creates="{{ api_orch_dir }}/{{ airavata_dist }}/bin/server_start_*"
++
++- name: stop api-orch
++ command: ./bin/airavata-server-stop.sh -f
++ chdir="{{ api_orch_dir }}/{{ airavata_dist }}/"
++ removes="{{ api_orch_dir }}/{{ airavata_dist }}/bin/server_start_*"
++
++...
http://git-wip-us.apache.org/repos/asf/airavata/blob/514567c8/dev-tools/ansible/roles/api-orch/tasks/main.yml
----------------------------------------------------------------------
diff --cc dev-tools/ansible/roles/api-orch/tasks/main.yml
index 0000000,0000000..c9c5227
new file mode 100644
--- /dev/null
+++ b/dev-tools/ansible/roles/api-orch/tasks/main.yml
@@@ -1,0 -1,0 +1,71 @@@
++---
++################################################################################
++# api-orch deployment
++- name: Create api-orchestrator deployment directory
++ file: path="{{ api_orch_dir }}" state=directory owner="{{ user }}" group="{{ group }}"
++ when: build|success
++
++- name: Check previous deployments
++ stat: path="{{ api_orch_dir }}/{{ airavata_dist }}" get_md5=no get_checksum=no
++ register: check
++
++- name: stop api-orch
++ command: ./bin/airavata-server-stop.sh -f
++ chdir="{{ api_orch_dir }}/{{ airavata_dist }}/"
++ removes="{{ api_orch_dir }}/{{ airavata_dist }}/bin/server_start_*"
++ when: check.stat.exists == True
++
++- name: Delete previous deployments
++ file: path="{{ api_orch_dir }}/{{ airavata_dist }}" state=absent
++
++- name: Copy distribution to api-orcheatrator deployment directory
++ unarchive: src="{{ airavata_source_dir }}/modules/distribution/target/{{ airavata_dist_name }}"
++ dest="{{ api_orch_dir }}/"
++ copy=no
++
++- name: set api-orch private ip
++ set_fact:
++ api_server_host: "{{ ansible_eth0.ipv4.address }}"
++ orchestrator_host: "{{ ansible_eth0.ipv4.address }}"
++ cred_store_server_host: "{{ ansible_eth0.ipv4.address }}"
++
++
++- name: Copy Airavata server properties file
++ template: src=airavata-server.properties.j2
++ dest="{{ api_orch_dir }}/{{ airavata_dist }}/bin/airavata-server.properties"
++ owner={{ user }}
++ group={{ group }}
++ mode="u=rw,g=r,o=r"
++
++- name: Copy Gfac configuration file
++ template: src=gfac-config.yaml.j2
++ dest="{{ api_orch_dir }}/{{ airavata_dist }}/bin/gfac-config.yaml"
++ owner={{ user }}
++ group={{ group }}
++ mode="u=rw,g=r,o=r"
++
++- name: Copy Mysql jar to lib
++ copy: src={{ mysql_connector_jar }}
++ dest="{{ api_orch_dir }}/{{ airavata_dist }}/lib/{{ mysql_connector_jar }}"
++ owner={{ user }}
++ group={{ group }}
++
++- name: Open firwall ports
++ firewalld: port={{ item }} zone=public permanent=true state=enabled immediate=yes
++ with_items:
++ - "{{ api_server_port }}/tcp"
++ - "{{ orchestrator_port }}/tcp"
++ - "{{ cred_store_port }}/tcp"
++ become_user: root
++
++- name: stop api-orch
++ command: ./bin/airavata-server-stop.sh -f
++ chdir="{{ api_orch_dir }}/{{ airavata_dist }}/"
++ removes="{{ api_orch_dir }}/{{ airavata_dist }}/bin/server_start_*"
++
++- name: start api-orch
++ command: ./bin/airavata-server-start.sh api-orch -d
++ chdir="{{ api_orch_dir }}/{{ airavata_dist }}/"
++ creates="{{ api_orch_dir }}/{{ airavata_dist }}/bin/server_start_*"
++
++...
http://git-wip-us.apache.org/repos/asf/airavata/blob/514567c8/dev-tools/ansible/roles/api-orch/templates/airavata-server.properties.j2
----------------------------------------------------------------------
diff --cc dev-tools/ansible/roles/api-orch/templates/airavata-server.properties.j2
index 0000000,0000000..b8d093e
new file mode 100644
--- /dev/null
+++ b/dev-tools/ansible/roles/api-orch/templates/airavata-server.properties.j2
@@@ -1,0 -1,0 +1,281 @@@
++#
++#
++# Licensed to the Apache Software Foundation (ASF) under one
++# or more contributor license agreements. See the NOTICE file
++# distributed with this work for additional information
++# regarding copyright ownership. The ASF licenses this file
++# to you under the Apache License, Version 2.0 (the
++# "License"); you may not use this file except in compliance
++# with the License. You may obtain a copy of the License at
++#
++# http://www.apache.org/licenses/LICENSE-2.0
++#
++# Unless required by applicable law or agreed to in writing,
++# software distributed under the License is distributed on an
++# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
++# KIND, either express or implied. See the License for the
++# specific language governing permissions and limitations
++# under the License.
++#
++
++###########################################################################
++#
++# This properties file provides configuration for all Airavata Services:
++# API Server, Registry, Workflow Interpreter, GFac, Orchestrator
++#
++###########################################################################
++
++###########################################################################
++# API Server Registry Configuration
++###########################################################################
++
++#for derby [AiravataJPARegistry]
++#registry.jdbc.driver=org.apache.derby.jdbc.ClientDriver
++#registry.jdbc.url=jdbc:derby://localhost:1527/experiment_catalog;create=true;user=airavata;password=airavata
++# MySql database configuration
++registry.jdbc.driver=com.mysql.jdbc.Driver
++registry.jdbc.url=jdbc:mysql://{{ db_server }}:{{ db_server_port }}/{{ exp_catalog }}
++registry.jdbc.user={{ db_user }}
++registry.jdbc.password={{ db_password }}
++#FIXME: Probably the following property should be removed.
++start.derby.server.mode=false
++validationQuery=SELECT 1 from CONFIGURATION
++cache.enable=false
++jpa.cache.size=-1
++#jpa.connection.properties=MaxActive=10,MaxIdle=5,MinIdle=2,MaxWait=60000,testWhileIdle=true,testOnBorrow=true
++enable.sharing={{enable_sharing}}
++
++# Properties for default user mode
++default.registry.user=admin
++default.registry.password=admin
++default.registry.password.hash.method=SHA
++default.registry.gateway={{ default_gateway }}
++
++###########################################################################
++# Application Catalog DB Configuration
++###########################################################################
++#for derby [AiravataJPARegistry]
++#appcatalog.jdbc.driver=org.apache.derby.jdbc.ClientDriver
++#appcatalog.jdbc.url=jdbc:derby://localhost:1527/app_catalog;create=true;user=airavata;password=airavata
++# MySql database configuration
++appcatalog.jdbc.driver=com.mysql.jdbc.Driver
++appcatalog.jdbc.url=jdbc:mysql://{{ db_server }}:3306/{{ app_catalog }}
++appcatalog.jdbc.user={{ db_user }}
++appcatalog.jdbc.password={{ db_password }}
++appcatalog.validationQuery=SELECT 1 from CONFIGURATION
++
++##########################################################################
++# Replica Catalog DB Configuration
++###########################################################################
++#for derby [AiravataJPARegistry]
++#replicacatalog.jdbc.driver=org.apache.derby.jdbc.ClientDriver
++#replicacatalog.jdbc.url=jdbc:derby://localhost:1527/replica_catalog;create=true;user=airavata;password=airavata
++# MySql database configuration
++replicacatalog.jdbc.driver=com.mysql.jdbc.Driver
++replicacatalog.jdbc.url=jdbc:mysql://{{ db_server }}:3306/{{ replica_catalog }}
++replicacatalog.jdbc.user={{ db_user }}
++replicacatalog.jdbc.password={{ db_password }}
++replicacatalog.validationQuery=SELECT 1 from CONFIGURATION
++
++###########################################################################
++# Workflow Catalog DB Configuration
++###########################################################################
++#for derby [AiravataJPARegistry]
++#workflowcatalog.jdbc.driver=org.apache.derby.jdbc.ClientDriver
++#workflowcatalog.jdbc.url=jdbc:derby://localhost:1527/workflow_catalog;create=true;user=airavata;password=airavata
++# MySql database configuration
++workflowcatalog.jdbc.driver=com.mysql.jdbc.Driver
++workflowcatalog.jdbc.url=jdbc:mysql://{{ db_server }}:3306/{{ replica_catalog }}
++workflowcatalog.jdbc.user={{ db_user }}
++workflowcatalog.jdbc.password={{ db_password }}
++workflowcatalog.validationQuery=SELECT 1 from CONFIGURATION
++
++###########################################################################
++# User Profile MongoDB Configuration
++###########################################################################
++userprofile.mongodb.host=localhost
++userprofile.mongodb.port=27017
++
++
++###########################################################################
++# Server module Configuration
++###########################################################################
++#credential store server should be started before API server
++#This is obsolete property with new script files.
++#servers=credentialstore,apiserver,orchestrator
++
++
++###########################################################################
++# API Server Configurations
++###########################################################################
++apiserver=org.apache.airavata.api.server.AiravataAPIServer
++apiserver.name={{ api_server_name }}
++apiserver.host={{ api_server_host }}
++apiserver.port={{ api_server_port }}
++apiserver.min.threads=50
++
++###########################################################################
++# Orchestrator Server Configurations
++###########################################################################
++orchestrator=org.apache.airavata.orchestrator.server.OrchestratorServer
++orchestrator.server.name={{ orchestrator_name }}
++orchestrator.server.host={{ orchestrator_host }}
++orchestrator.server.port={{ orchestrator_port }}
++orchestrator.server.min.threads=50
++job.validators=org.apache.airavata.orchestrator.core.validator.impl.BatchQueueValidator,org.apache.airavata.orchestrator.core.validator.impl.ExperimentStatusValidator
++submitter.interval=10000
++threadpool.size=10
++start.submitter=true
++embedded.mode=true
++enable.validation=true
++
++###########################################################################
++# Registry Server Configurations
++###########################################################################
++regserver=org.apache.airavata.registry.api.service.RegistryAPIServer
++regserver.server.name={{registry_name}}
++regserver.server.host={{registry_host}}
++regserver.server.port={{registry_port}}
++regserver.server.min.threads=50
++
++###########################################################################
++# GFac Server Configurations
++###########################################################################
++gfac=org.apache.airavata.gfac.server.GfacServer
++gfac.server.name={{ gfac_name }}
++gfac.server.host={{ gfac_host }}
++gfac.server.port={{ gfac_port }}
++gfac.thread.pool.size=50
++host.scheduler=org.apache.airavata.gfac.impl.DefaultHostScheduler
++
++
++
++###########################################################################
++# Airavata Workflow Interpreter Configurations
++###########################################################################
++workflowserver=org.apache.airavata.api.server.WorkflowServer
++enactment.thread.pool.size=10
++
++#to define custom workflow parser user following property
++#workflow.parser=org.apache.airavata.workflow.core.parser.AiravataWorkflowBuilder
++
++
++
++###########################################################################
++# Job Scheduler can send informative email messages to you about the status of your job.
++# Specify a string which consists of either the single character "n" (no mail), or one or more
++# of the characters "a" (send mail when job is aborted), "b" (send mail when job begins),
++# and "e" (send mail when job terminates). The default is "a" if not specified.
++###########################################################################
++
++job.notification.enable=true
++#Provide comma separated email ids as a string if more than one
++job.notification.emailids=
++job.notification.flags=abe
++
++###########################################################################
++# Credential Store module Configuration
++###########################################################################
++credential.store.keystore.url={{ keystores_location }}/{{ cred_keystore }}
++credential.store.keystore.alias={{ cred_keystore_alias }}
++credential.store.keystore.password={{ cred_keystore_passwd }}
++credential.store.jdbc.url=jdbc:mysql://{{ db_server }}:3306/{{ credential_store }}
++credential.store.jdbc.user={{ db_user }}
++credential.store.jdbc.password={{ db_password }}
++credential.store.jdbc.driver=com.mysql.jdbc.Driver
++credential.store.server.host={{ cred_store_server_host }}
++credential.store.server.port={{ cred_store_port }}
++credentialstore=org.apache.airavata.credential.store.server.CredentialStoreServer
++credential.stroe.jdbc.validationQuery=SELECT 1 from CONFIGURATION
++
++# these properties used by credential store email notifications
++email.server=smtp.googlemail.com
++email.server.port=465
++email.user=airavata
++email.password=xxx
++email.ssl=true
++email.from=airavata@apache.org
++
++# SSH PKI key pair or ssh password can be used SSH based sshKeyAuthentication is used.
++# if user specify both password sshKeyAuthentication gets the higher preference
++
++################# ---------- For ssh key pair sshKeyAuthentication ------------------- ################
++#ssh.public.key=/path to public key for ssh
++#ssh.private.key=/path to private key file for ssh
++#ssh.keypass=passphrase for the private key
++#ssh.username=username for ssh connection
++## If you set "yes" for ssh.strict.hostKey.checking, then you must provide known hosts file path
++#ssh.strict.hostKey.checking=yes/no
++#ssh.known.hosts.file=/path to known hosts file
++### Incase of password sshKeyAuthentication.
++#ssh.password=Password for ssh connection
++
++################ ---------- BES Properties ------------------- ###############
++#bes.ca.cert.path=<location>/certificates/cacert.pem
++#bes.ca.key.path=<location>/certificates/cakey.pem
++#bes.ca.key.pass=passphrase
++
++###########################################################################
++# Monitoring module Configuration
++###########################################################################
++
++#This will be the primary monitoring tool which runs in airavata, in future there will be multiple monitoring
++#mechanisms and one would be able to start a monitor
++monitors=org.apache.airavata.gfac.monitor.impl.pull.qstat.QstatMonitor,org.apache.airavata.gfac.monitor.impl.LocalJobMonitor
++
++#These properties will used to enable email base monitoring
++email.based.monitor.host=imap.gmail.com
++email.based.monitor.address={{ monitor_email_address }}
++email.based.monitor.password={{ monitor_email_password }}
++email.based.monitor.folder.name=INBOX
++# either imaps or pop3
++email.based.monitor.store.protocol=imaps
++#These property will be used to query the email server periodically. value in milliseconds(ms).
++email.based.monitoring.period=10000
++
++###########################################################################
++# AMQP Notification Configuration
++###########################################################################
++#for simple scenarios we can use the guest user
++#rabbitmq.broker.url=amqp://localhost:5672
++#for production scenarios, give url as amqp://userName:password@hostName:portNumber/virtualHost, create user, virtualhost
++# and give permissions, refer: http://blog.dtzq.com/2012/06/rabbitmq-users-and-virtual-hosts.html
++rabbitmq.broker.url={{ rabbitmq_broker_url }}
++rabbitmq.status.exchange.name=status_exchange
++rabbitmq.process.exchange.name=process_exchange
++rabbitmq.experiment.exchange.name=experiment_exchange
++durable.queue=false
++prefetch.count=200
++process.launch.queue.name=process.launch.queue
++experiment.launch..queue.name=experiment.launch.queue
++
++###########################################################################
++# Zookeeper Server Configuration
++###########################################################################
++embedded.zk=false
++zookeeper.server.connection={{ zookeeper_url }}
++zookeeper.timeout=30000
++
++########################################################################
++## API Security Configuration
++########################################################################
++api.secured={{ api_secured }}
++security.manager.class=org.apache.airavata.api.server.security.DefaultAiravataSecurityManager
++### TLS related configuration ####
++TLS.enabled={{ tls_enable }}
++TLS.api.server.port={{ api_server_tls_port }}
++TLS.client.timeout=10000
++#### keystore configuration ####
++keystore.path={{ keystores_location }}/{{ keystore }}
++keystore.password={{ keystore_passwd }}
++#### trust store configuration ####
++trust.store={{ keystores_location }}/{{ client_truststore }}
++trust.store.password=airavata
++#### remote authorization server url ####
++remote.oauth.authorization.server=https://idp.scigap.org:9443/services/
++#### xacml based authorization policy ####
++authorization.policy=airavata-default-xacml-policy
++#### authorization cache related configuration ####
++authz.cache.enabled=true
++authz.cache.manager.class=org.apache.airavata.api.server.security.authzcache.DefaultAuthzCacheManager
++in.memory.cache.size=1000
http://git-wip-us.apache.org/repos/asf/airavata/blob/514567c8/dev-tools/ansible/roles/api-orch/templates/gfac-config.yaml.j2
----------------------------------------------------------------------
diff --cc dev-tools/ansible/roles/api-orch/templates/gfac-config.yaml.j2
index 0000000,0000000..3df5832
new file mode 100644
--- /dev/null
+++ b/dev-tools/ansible/roles/api-orch/templates/gfac-config.yaml.j2
@@@ -1,0 -1,0 +1,111 @@@
++##################################################################
++# Licensed to the Apache Software Foundation (ASF) under one
++# or more contributor license agreements. See the NOTICE file
++# distributed with this work for additional information
++# regarding copyright ownership. The ASF licenses this file
++# to you under the Apache License, Version 2.0 (the
++# "License"); you may not use this file except in compliance
++# with the License. You may obtain a copy of the License at
++#
++# http://www.apache.org/licenses/LICENSE-2.0
++#
++# Unless required by applicable law or agreed to in writing,
++# software distributed under the License is distributed on an
++# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
++# KIND, either express or implied. See the License for the
++# specific language governing permissions and limitations
++# under the License.
++#
++################################################################
++
++jobSubmitters:
++ - submissionProtocol: SSH
++ taskClass: org.apache.airavata.gfac.impl.task.DefaultJobSubmissionTask
++# properties:
++# - userName: airavata
++# passPhrase: airavata
++# privateKey: /path/to/the/privatekey
++# publicKey: /path/to/the/publickey
++# hostName: remote.client.hostName
++
++ - submissionProtocol: SSH_FORK
++ taskClass: org.apache.airavata.gfac.impl.task.ForkJobSubmissionTask
++
++ - submissionProtocol: LOCAL
++ taskClass: org.apache.airavata.gfac.impl.task.DefaultJobSubmissionTask
++
++# Following job subbmitters are not yet implemented.
++
++ # - submissionProtocol: GSISSH
++ # taskClass: org.apache.airavata.task.adapters.GSISSHJobSubmissionTask
++commonTasks:
++ - type: SETUP
++ taskClass: org.apache.airavata.task.common.SetupTask
++
++ - type: CLEANUP
++ taskClass: org.apache.airavata.task.common.CleanupTask
++
++fileTransferTasks:
++# - transferProtocol: SCP
++# taskClass: org.apache.airavata.gfac.impl.task.DataStageTask
++
++# If your client doen't run the same instance where airavata server is running then you need to comment above
++# DataStageTask and uncomment SCPDataStageTask. To work with SCPDataStageTask, you either need to
++# provide ssh keys or password.
++
++ - transferProtocol: SCP
++ taskClass: org.apache.airavata.gfac.impl.task.SCPDataStageTask
++ properties:
++ - userName: root
++ passPhrase: ultrascan
++ privateKeyPath: /home/airavata/.ssh/id_rsa
++ publicKeyPath: /home/airavata/.ssh/id_rsa.pub
++ hostName: gw75.iu.xsede.org
++ inputPath: /var/www/portal/experimentData/
++# password: password
++
++# Following transfer tasks are not yet implemented.
++ #- transferProtocol: SFTP
++ # taskClass: org.apache.airavata.task.adapters.SFTPFileTransferTask
++
++ #- transferProtocol: GRIDFTP
++ # taskClass: org.apache.airavata.task.adapters.GRIDFTPFileTransferTask
++
++ #- transferProtocol: LOCAL
++ # taskClass: org.apache.airavata.task.adapters.LocalFileTransferTask
++
++resources:
++ - jobManagerType: PBS
++ commandOutputParser: org.apache.airavata.gfac.impl.job.PBSOutputParser
++ emailParser: org.apache.airavata.gfac.monitor.email.parser.PBSEmailParser
++ resourceEmailAddresses:
++ - pbsconsult@sdsc.edu # gordon
++ - adm@trident.bigred2.uits.iu.edu # Bigred2
++ - root <ad...@trident.bigred2.uits.iu.edu> # Bigred2
++ - root <ad...@scyld.localdomain> # alamo
++ - root <ad...@m2.karst.uits.iu.edu> #karst
++
++ - jobManagerType: SLURM
++ commandOutputParser: org.apache.airavata.gfac.impl.job.SlurmOutputParser
++ emailParser: org.apache.airavata.gfac.monitor.email.parser.SLURMEmailParser
++ resourceEmailAddresses:
++ - SDSC Admin <sl...@comet-fe3.sdsc.edu> # comet
++ - slurm@batch1.stampede.tacc.utexas.edu # stampede
++ - SDSC Admin <sl...@comet-fe4.sdsc.edu> # comet new
++ - Slurm <sl...@psc.edu> # bridges
++ - Slurm Daemon <sl...@odin.oscer.ou.edu> # OU Schooner
++
++ - jobManagerType: UGE
++ commandOutputParser: org.apache.airavata.gfac.impl.job.UGEOutputParser
++ emailParser: org.apache.airavata.gfac.monitor.email.parser.UGEEmailParser
++ resourceEmailAddresses:
++ - ls4.tacc.utexas.edu # contain Lonestar
++
++ - jobManagerType: LSF
++ commandOutputParser: org.apache.airavata.gfac.impl.job.LSFOutputParser
++ emailParser: org.apache.airavata.gfac.monitor.email.parser.LSFEmailParser
++ resourceEmailAddresses:
++ - iu.xsede.edu # test resource mail address
++
++ - jobManagerType: FORK
++ commandOutputParser: org.apache.airavata.gfac.impl.job.ForkOutputParser
http://git-wip-us.apache.org/repos/asf/airavata/blob/514567c8/dev-tools/ansible/roles/common/files/airavata.jks
----------------------------------------------------------------------
diff --cc dev-tools/ansible/roles/common/files/airavata.jks
index 0000000,0000000..685cc00
new file mode 100644
Binary files differ
http://git-wip-us.apache.org/repos/asf/airavata/blob/514567c8/dev-tools/ansible/roles/common/files/airavata_sym.jks
----------------------------------------------------------------------
diff --cc dev-tools/ansible/roles/common/files/airavata_sym.jks
index 0000000,0000000..3dd27d6
new file mode 100644
Binary files differ
http://git-wip-us.apache.org/repos/asf/airavata/blob/514567c8/dev-tools/ansible/roles/common/tasks/main.yml
----------------------------------------------------------------------
diff --cc dev-tools/ansible/roles/common/tasks/main.yml
index 0000000,0000000..eac1a60
new file mode 100644
--- /dev/null
+++ b/dev-tools/ansible/roles/common/tasks/main.yml
@@@ -1,0 -1,0 +1,55 @@@
++---
++- name: Install Airavata pre-requireties
++ yum: name={{ item }} state=latest update_cache=yes
++ with_items:
++ - git
++ - maven
++ become_user: root
++
++# Setup airavata source
++- name: Create deployment directory {{ deployment_dir }}
++ file: path={{ deployment_dir }} state=directory mode=0755
++
++- name: Create source directory
++ file: path={{airavata_source_dir}}
++ state=directory
++ mode=0755
++ owner={{ user }}
++ group={{ group }}
++
++- name: git checkout from airavata github
++ git: repo=https://git-wip-us.apache.org/repos/asf/airavata.git
++ dest="{{ airavata_source_dir }}"
++ version="{{ git_branch }}"
++ register: checkout
++ tags: update
++
++- name: Run maven build
++ command: mvn clean install -Dmaven.test.skip=true chdir="{{ airavata_source_dir }}/"
++ environment:
++ MAVEN_OPTS: "-Xmx2048m"
++ register: build
++ tags: update
++ # when: (checkout|success) and (checkout.changed == true)
++
++################################################################################
++# copy key store and trust store files
++- name: Create KeyStores directory
++ file: path={{ keystores_location }}
++ state=directory
++ owner={{ user }} group={{ group }}
++
++- name: Transfer airavata.jks KeyStore file
++ copy: src={{ keystore }}
++ dest="{{ keystores_location }}/{{ keystore }}"
++ owner={{ user }} group={{ group }}
++
++- name: Transfer airavata_sym.jks KeyStore file
++ copy: src={{ cred_keystore }}
++ dest="{{ keystores_location }}/{{ cred_keystore }}"
++ owner={{ user }} group={{ group }}
++
++- name: Transfer client trust store KeyStore file
++ copy: src={{ client_truststore }}
++ dest="{{ keystores_location }}/{{ client_truststore }}"
++ owner={{ user }} group={{ group }}
http://git-wip-us.apache.org/repos/asf/airavata/blob/514567c8/dev-tools/ansible/roles/common/vars/main.yml
----------------------------------------------------------------------
diff --cc dev-tools/ansible/roles/common/vars/main.yml
index 0000000,0000000..e2d93e7
new file mode 100644
--- /dev/null
+++ b/dev-tools/ansible/roles/common/vars/main.yml
@@@ -1,0 -1,0 +1,4 @@@
++---
++# Common variables
++
++...
http://git-wip-us.apache.org/repos/asf/airavata/blob/514567c8/dev-tools/ansible/roles/database/handlers/main.yml
----------------------------------------------------------------------
diff --cc dev-tools/ansible/roles/database/handlers/main.yml
index 0000000,0000000..1906365
new file mode 100644
--- /dev/null
+++ b/dev-tools/ansible/roles/database/handlers/main.yml
@@@ -1,0 -1,0 +1,14 @@@
++---
++- name: start mariadb
++ service: name=mariadb state=started enabled=yes
++ become: yes
++
++- name: stop mariadb
++ service: name=mariadb state=stopped
++ become: yes
++
++- name: restart mariadb
++ service: name=mariadb state=restarted enabled=yes
++ become: yes
++
++...
http://git-wip-us.apache.org/repos/asf/airavata/blob/514567c8/dev-tools/ansible/roles/database/tasks/main.yml
----------------------------------------------------------------------
diff --cc dev-tools/ansible/roles/database/tasks/main.yml
index 0000000,0000000..17e5b0d
new file mode 100644
--- /dev/null
+++ b/dev-tools/ansible/roles/database/tasks/main.yml
@@@ -1,0 -1,0 +1,60 @@@
++---
++# - name: yum update
++# yum: name=* state=latest
++
++# Install Mysql
++- name: install epel release
++ yum: name=epel-release state=present
++ become_user: root
++
++- name: install pip
++ yum: name=python-pip state=latest update_cache=yes
++ become_user: root
++
++- name: install pexpect
++ pip: name=pexpect
++ become_user: root
++
++# - name: Adds Python MySQL support on Debian/Ubuntu
++# apt: pkg="python-mysqldb" state=present
++# when: ansible_os_family == 'Debian'
++
++- name: Adds Python MySQL support on RedHat/CentOS
++ yum: name=MySQL-python state=present
++ become_user: root
++ # when: ansible_os_family == 'RedHat'
++
++- name: install mariadb
++ yum: name="{{ item }}" state=latest update_cache=yes
++ with_items: "{{ mysql_packages }}"
++ become_user: root
++
++- name: start mariadb
++ service: name=mariadb state=started enabled=yes
++ become_user: root
++
++- include: secure_install.yml
++
++- name: create databases
++ mysql_db: name="{{ item }}" state=present
++ with_items:
++ - "{{ mysql_databases }}"
++
++- name: give access to {{ db_user }} from remote
++ mysql_user: name="{{ db_user }}" password="{{ db_password }}" host="{{ item }}"
++ with_items:
++ - "{{ groups['api-orch'] }}"
++ - "{{ groups['gfac'] }}"
++ - "{{ groups['registry'] }}"
++
++- name: create new user {{ db_user }} with all privilege
++ mysql_user: name="{{ db_user }}"
++ password="{{ db_password }}"
++ append_privs=yes
++ host_all=yes
++ priv=*.*:ALL,GRANT state=present
++
++- name: open firewall port {{ db_server_port }}
++ firewalld: port="{{ db_server_port }}/tcp"
++ zone=public permanent=true state=enabled immediate=yes
++ become_user: root
http://git-wip-us.apache.org/repos/asf/airavata/blob/514567c8/dev-tools/ansible/roles/database/tasks/secure_install.yml
----------------------------------------------------------------------
diff --cc dev-tools/ansible/roles/database/tasks/secure_install.yml
index 0000000,0000000..a747419
new file mode 100644
--- /dev/null
+++ b/dev-tools/ansible/roles/database/tasks/secure_install.yml
@@@ -1,0 -1,0 +1,23 @@@
++---
++# This is ansible equivalent for mysql_secure_installation
++- name: Sets the root password
++ mysql_user: user=root
++ password="{{ mysql_root_password }}"
++ host=localhost
++ login_user=root
++ # login_password="{{ mysql_root_password }}"
++
++- name: Copy .my.cnf file
++ template: src=my.cnf.j2 dest="{{ user_home }}/.my.cnf"
++ # become: yes
++
++- name: Removes all anonymous user accounts
++ mysql_user: name='' host_all=yes state=absent
++
++- name: Secures the MySQL root user for all hosts
++ mysql_user: user=root password="{{ mysql_root_password }}" host_all=yes
++
++- name: Removes the MySQL test database
++ mysql_db: db=test state=absent
++
++...
http://git-wip-us.apache.org/repos/asf/airavata/blob/514567c8/dev-tools/ansible/roles/database/templates/my.cnf.j2
----------------------------------------------------------------------
diff --cc dev-tools/ansible/roles/database/templates/my.cnf.j2
index 0000000,0000000..ebe5b5b
new file mode 100644
--- /dev/null
+++ b/dev-tools/ansible/roles/database/templates/my.cnf.j2
@@@ -1,0 -1,0 +1,4 @@@
++# Example .my.cnf file for setting the root password
++[client]
++user=root
++password="{{ mysql_root_password }}"
http://git-wip-us.apache.org/repos/asf/airavata/blob/514567c8/dev-tools/ansible/roles/database/vars/main.yml
----------------------------------------------------------------------
diff --cc dev-tools/ansible/roles/database/vars/main.yml
index 0000000,0000000..1f37424
new file mode 100644
--- /dev/null
+++ b/dev-tools/ansible/roles/database/vars/main.yml
@@@ -1,0 -1,0 +1,21 @@@
++---
++mysql_packages:
++ - mariadb-server
++ - mariadb
++mysql_root_password: "admin"
++
++mysql_databases:
++ - "{{ app_catalog }}"
++ - "{{ exp_catalog }}"
++ - "{{ replica_catalog }}"
++ - "{{ workflow_catalog }}"
++ - "{{ credential_store }}"
++
++mysql_privs:
++ - "{{ app_catalog }}.*:ALL"
++ - "{{ exp_catalog }}.*:ALL"
++ - "{{ replica_catalog }}.*:ALL"
++ - "{{ workflow_catalog }}.*:ALL"
++ - "{{ credential_store }}.*:ALL"
++
++...
http://git-wip-us.apache.org/repos/asf/airavata/blob/514567c8/dev-tools/ansible/roles/env_setup/tasks/main.yml
----------------------------------------------------------------------
diff --cc dev-tools/ansible/roles/env_setup/tasks/main.yml
index 0000000,0000000..a3ecb8c
new file mode 100644
--- /dev/null
+++ b/dev-tools/ansible/roles/env_setup/tasks/main.yml
@@@ -1,0 -1,0 +1,28 @@@
++---
++#Tasks file can include smaller files if wanted
++#All commons tasks goes here
++- name: Create a new user group "{{ group }}"
++ group: name={{ group }}
++ become: yes
++
++- name: Create a new user "{{ user }}"
++ user: name={{ user }} group={{ group }}
++ become: yes
++
++- name: Install Firewalld
++ yum: name=firewalld state=latest update_cache=yes
++ become: yes
++
++ # TODO: stop iptables service, can't have both iptables and firewalld on same host
++ # if we try to stop non existing service ansible fails.
++# - name: Stop iptables, ip6tables services
++# service: name="{{ item }}" state=stopped
++# with_items:
++# - iptables
++# - ip6tables
++
++- name: Start firewalld service
++ service: name=firewalld state=started
++ become: yes
++
++...
http://git-wip-us.apache.org/repos/asf/airavata/blob/514567c8/dev-tools/ansible/roles/env_setup/tasks/redhat.yml
----------------------------------------------------------------------
diff --cc dev-tools/ansible/roles/env_setup/tasks/redhat.yml
index 0000000,0000000..a0e56c7
new file mode 100644
--- /dev/null
+++ b/dev-tools/ansible/roles/env_setup/tasks/redhat.yml
@@@ -1,0 -1,0 +1,12 @@@
++---
++- name: Install git latest version
++ yum: name=git state=latest update_cache=yes
++# become: true
++# become_user: airavata
++ tags: env_setup
++
++- name: Install maven latest version
++ yum: name=maven state=latest update_cache=yes
++ tags: env_setup
++
++...
http://git-wip-us.apache.org/repos/asf/airavata/blob/514567c8/dev-tools/ansible/roles/gfac/files/mysql-connector-java-5.1.37-bin.jar
----------------------------------------------------------------------
diff --cc dev-tools/ansible/roles/gfac/files/mysql-connector-java-5.1.37-bin.jar
index 0000000,0000000..465af67
new file mode 100644
Binary files differ
http://git-wip-us.apache.org/repos/asf/airavata/blob/514567c8/dev-tools/ansible/roles/gfac/handlers/main.yml
----------------------------------------------------------------------
diff --cc dev-tools/ansible/roles/gfac/handlers/main.yml
index 0000000,0000000..b3d85a9
new file mode 100644
--- /dev/null
+++ b/dev-tools/ansible/roles/gfac/handlers/main.yml
@@@ -1,0 -1,0 +1,8 @@@
++---
++
++# Gfac related handlers
++- name: start gfac
++ command: ./bin/airavata-server-start.sh gfac -d chdir="{{ gfac_dir }}/{{ airavata_dist }}/" creates="{{ gfac_dir }}/{{ airavata_dist }}/bin/server_start_*"
++
++- name: stop gfac
++ command: ./bin/airavata-server-stop.sh -f chdir="{{ gfac_dir }}/{{ airavata_dist }}/" removes="{{ gfac_dir }}/{{ airavata_dist }}/bin/server_start_*"
http://git-wip-us.apache.org/repos/asf/airavata/blob/514567c8/dev-tools/ansible/roles/gfac/tasks/main.yml
----------------------------------------------------------------------
diff --cc dev-tools/ansible/roles/gfac/tasks/main.yml
index 0000000,0000000..30874e6
new file mode 100644
--- /dev/null
+++ b/dev-tools/ansible/roles/gfac/tasks/main.yml
@@@ -1,0 -1,0 +1,67 @@@
++---
++
++################################################################################
++# gfac deployments
++- name: Create Gfac deployment directory
++ file: path="{{ gfac_dir }}" state=directory owner={{ user }} group={{ group }}
++ when: build|success
++
++- name: Check previous deployments
++ stat: path="{{ gfac_dir }}/{{ airavata_dist }}" get_md5=no get_checksum=no
++ register: check
++
++- name: stop gfac
++ command: ./bin/airavata-server-stop.sh -f
++ chdir="{{ gfac_dir }}/{{ airavata_dist }}/"
++ removes="{{ gfac_dir }}/{{ airavata_dist }}/bin/server_start_*"
++ when: check.stat.exists == True
++
++- name: Delete previous deployments
++ file: path="{{ gfac_dir }}/{{ airavata_dist }}" state=absent
++
++- name: Copy distribution to gfac deployment directory
++ unarchive: src="{{ airavata_source_dir }}/modules/distribution/target/{{ airavata_dist_name }}"
++ dest="{{ gfac_dir }}/"
++ copy=no
++
++- name: set gfac private ip
++ set_fact:
++ gfac_host: "{{ ansible_eth0.ipv4.address }}"
++
++- name: Copy Airavata server properties file
++ template: src=airavata-server.properties.j2
++ dest="{{ gfac_dir }}/{{ airavata_dist }}/bin/airavata-server.properties"
++ owner={{ user }}
++ group={{ group }}
++ mode="u=rw,g=r,o=r"
++
++- name: Copy Gfac configuration file
++ template: src=gfac-config.yaml.j2
++ dest="{{ gfac_dir }}/{{ airavata_dist }}/bin/gfac-config.yaml"
++ owner={{ user }}
++ group={{ group }}
++ mode="u=rw,g=r,o=r"
++
++- name: Copy Mysql jar to lib
++ copy: src="{{ mysql_connector_jar }}"
++ dest="{{ gfac_dir }}/{{ airavata_dist }}/lib/{{ mysql_connector_jar }}"
++ owner={{ user }}
++ group={{ group }}
++
++
++- name: Open firwall ports
++ firewalld: port="{{ gfac_port }}/tcp" zone=public permanent=true state=enabled immediate=yes
++ become_user: root
++
++- name: stop gfac
++ command: ./bin/airavata-server-stop.sh -f
++ chdir="{{ gfac_dir }}/{{ airavata_dist }}/"
++ removes="{{ gfac_dir }}/{{ airavata_dist }}/bin/server_start_*"
++
++- name: start gfac
++ command: ./bin/airavata-server-start.sh gfac -d
++ chdir="{{ gfac_dir }}/{{ airavata_dist }}/"
++ creates="{{ gfac_dir }}/{{ airavata_dist }}/bin/server_start_*"
++
++
++...
http://git-wip-us.apache.org/repos/asf/airavata/blob/514567c8/dev-tools/ansible/roles/gfac/templates/airavata-server.properties.j2
----------------------------------------------------------------------
diff --cc dev-tools/ansible/roles/gfac/templates/airavata-server.properties.j2
index 0000000,0000000..b8d093e
new file mode 100644
--- /dev/null
+++ b/dev-tools/ansible/roles/gfac/templates/airavata-server.properties.j2
@@@ -1,0 -1,0 +1,281 @@@
++#
++#
++# Licensed to the Apache Software Foundation (ASF) under one
++# or more contributor license agreements. See the NOTICE file
++# distributed with this work for additional information
++# regarding copyright ownership. The ASF licenses this file
++# to you under the Apache License, Version 2.0 (the
++# "License"); you may not use this file except in compliance
++# with the License. You may obtain a copy of the License at
++#
++# http://www.apache.org/licenses/LICENSE-2.0
++#
++# Unless required by applicable law or agreed to in writing,
++# software distributed under the License is distributed on an
++# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
++# KIND, either express or implied. See the License for the
++# specific language governing permissions and limitations
++# under the License.
++#
++
++###########################################################################
++#
++# This properties file provides configuration for all Airavata Services:
++# API Server, Registry, Workflow Interpreter, GFac, Orchestrator
++#
++###########################################################################
++
++###########################################################################
++# API Server Registry Configuration
++###########################################################################
++
++#for derby [AiravataJPARegistry]
++#registry.jdbc.driver=org.apache.derby.jdbc.ClientDriver
++#registry.jdbc.url=jdbc:derby://localhost:1527/experiment_catalog;create=true;user=airavata;password=airavata
++# MySql database configuration
++registry.jdbc.driver=com.mysql.jdbc.Driver
++registry.jdbc.url=jdbc:mysql://{{ db_server }}:{{ db_server_port }}/{{ exp_catalog }}
++registry.jdbc.user={{ db_user }}
++registry.jdbc.password={{ db_password }}
++#FIXME: Probably the following property should be removed.
++start.derby.server.mode=false
++validationQuery=SELECT 1 from CONFIGURATION
++cache.enable=false
++jpa.cache.size=-1
++#jpa.connection.properties=MaxActive=10,MaxIdle=5,MinIdle=2,MaxWait=60000,testWhileIdle=true,testOnBorrow=true
++enable.sharing={{enable_sharing}}
++
++# Properties for default user mode
++default.registry.user=admin
++default.registry.password=admin
++default.registry.password.hash.method=SHA
++default.registry.gateway={{ default_gateway }}
++
++###########################################################################
++# Application Catalog DB Configuration
++###########################################################################
++#for derby [AiravataJPARegistry]
++#appcatalog.jdbc.driver=org.apache.derby.jdbc.ClientDriver
++#appcatalog.jdbc.url=jdbc:derby://localhost:1527/app_catalog;create=true;user=airavata;password=airavata
++# MySql database configuration
++appcatalog.jdbc.driver=com.mysql.jdbc.Driver
++appcatalog.jdbc.url=jdbc:mysql://{{ db_server }}:3306/{{ app_catalog }}
++appcatalog.jdbc.user={{ db_user }}
++appcatalog.jdbc.password={{ db_password }}
++appcatalog.validationQuery=SELECT 1 from CONFIGURATION
++
++##########################################################################
++# Replica Catalog DB Configuration
++###########################################################################
++#for derby [AiravataJPARegistry]
++#replicacatalog.jdbc.driver=org.apache.derby.jdbc.ClientDriver
++#replicacatalog.jdbc.url=jdbc:derby://localhost:1527/replica_catalog;create=true;user=airavata;password=airavata
++# MySql database configuration
++replicacatalog.jdbc.driver=com.mysql.jdbc.Driver
++replicacatalog.jdbc.url=jdbc:mysql://{{ db_server }}:3306/{{ replica_catalog }}
++replicacatalog.jdbc.user={{ db_user }}
++replicacatalog.jdbc.password={{ db_password }}
++replicacatalog.validationQuery=SELECT 1 from CONFIGURATION
++
++###########################################################################
++# Workflow Catalog DB Configuration
++###########################################################################
++#for derby [AiravataJPARegistry]
++#workflowcatalog.jdbc.driver=org.apache.derby.jdbc.ClientDriver
++#workflowcatalog.jdbc.url=jdbc:derby://localhost:1527/workflow_catalog;create=true;user=airavata;password=airavata
++# MySql database configuration
++workflowcatalog.jdbc.driver=com.mysql.jdbc.Driver
++workflowcatalog.jdbc.url=jdbc:mysql://{{ db_server }}:3306/{{ replica_catalog }}
++workflowcatalog.jdbc.user={{ db_user }}
++workflowcatalog.jdbc.password={{ db_password }}
++workflowcatalog.validationQuery=SELECT 1 from CONFIGURATION
++
++###########################################################################
++# User Profile MongoDB Configuration
++###########################################################################
++userprofile.mongodb.host=localhost
++userprofile.mongodb.port=27017
++
++
++###########################################################################
++# Server module Configuration
++###########################################################################
++#credential store server should be started before API server
++#This is obsolete property with new script files.
++#servers=credentialstore,apiserver,orchestrator
++
++
++###########################################################################
++# API Server Configurations
++###########################################################################
++apiserver=org.apache.airavata.api.server.AiravataAPIServer
++apiserver.name={{ api_server_name }}
++apiserver.host={{ api_server_host }}
++apiserver.port={{ api_server_port }}
++apiserver.min.threads=50
++
++###########################################################################
++# Orchestrator Server Configurations
++###########################################################################
++orchestrator=org.apache.airavata.orchestrator.server.OrchestratorServer
++orchestrator.server.name={{ orchestrator_name }}
++orchestrator.server.host={{ orchestrator_host }}
++orchestrator.server.port={{ orchestrator_port }}
++orchestrator.server.min.threads=50
++job.validators=org.apache.airavata.orchestrator.core.validator.impl.BatchQueueValidator,org.apache.airavata.orchestrator.core.validator.impl.ExperimentStatusValidator
++submitter.interval=10000
++threadpool.size=10
++start.submitter=true
++embedded.mode=true
++enable.validation=true
++
++###########################################################################
++# Registry Server Configurations
++###########################################################################
++regserver=org.apache.airavata.registry.api.service.RegistryAPIServer
++regserver.server.name={{registry_name}}
++regserver.server.host={{registry_host}}
++regserver.server.port={{registry_port}}
++regserver.server.min.threads=50
++
++###########################################################################
++# GFac Server Configurations
++###########################################################################
++gfac=org.apache.airavata.gfac.server.GfacServer
++gfac.server.name={{ gfac_name }}
++gfac.server.host={{ gfac_host }}
++gfac.server.port={{ gfac_port }}
++gfac.thread.pool.size=50
++host.scheduler=org.apache.airavata.gfac.impl.DefaultHostScheduler
++
++
++
++###########################################################################
++# Airavata Workflow Interpreter Configurations
++###########################################################################
++workflowserver=org.apache.airavata.api.server.WorkflowServer
++enactment.thread.pool.size=10
++
++#to define custom workflow parser user following property
++#workflow.parser=org.apache.airavata.workflow.core.parser.AiravataWorkflowBuilder
++
++
++
++###########################################################################
++# Job Scheduler can send informative email messages to you about the status of your job.
++# Specify a string which consists of either the single character "n" (no mail), or one or more
++# of the characters "a" (send mail when job is aborted), "b" (send mail when job begins),
++# and "e" (send mail when job terminates). The default is "a" if not specified.
++###########################################################################
++
++job.notification.enable=true
++#Provide comma separated email ids as a string if more than one
++job.notification.emailids=
++job.notification.flags=abe
++
++###########################################################################
++# Credential Store module Configuration
++###########################################################################
++credential.store.keystore.url={{ keystores_location }}/{{ cred_keystore }}
++credential.store.keystore.alias={{ cred_keystore_alias }}
++credential.store.keystore.password={{ cred_keystore_passwd }}
++credential.store.jdbc.url=jdbc:mysql://{{ db_server }}:3306/{{ credential_store }}
++credential.store.jdbc.user={{ db_user }}
++credential.store.jdbc.password={{ db_password }}
++credential.store.jdbc.driver=com.mysql.jdbc.Driver
++credential.store.server.host={{ cred_store_server_host }}
++credential.store.server.port={{ cred_store_port }}
++credentialstore=org.apache.airavata.credential.store.server.CredentialStoreServer
++credential.stroe.jdbc.validationQuery=SELECT 1 from CONFIGURATION
++
++# these properties used by credential store email notifications
++email.server=smtp.googlemail.com
++email.server.port=465
++email.user=airavata
++email.password=xxx
++email.ssl=true
++email.from=airavata@apache.org
++
++# SSH PKI key pair or ssh password can be used SSH based sshKeyAuthentication is used.
++# if user specify both password sshKeyAuthentication gets the higher preference
++
++################# ---------- For ssh key pair sshKeyAuthentication ------------------- ################
++#ssh.public.key=/path to public key for ssh
++#ssh.private.key=/path to private key file for ssh
++#ssh.keypass=passphrase for the private key
++#ssh.username=username for ssh connection
++## If you set "yes" for ssh.strict.hostKey.checking, then you must provide known hosts file path
++#ssh.strict.hostKey.checking=yes/no
++#ssh.known.hosts.file=/path to known hosts file
++### Incase of password sshKeyAuthentication.
++#ssh.password=Password for ssh connection
++
++################ ---------- BES Properties ------------------- ###############
++#bes.ca.cert.path=<location>/certificates/cacert.pem
++#bes.ca.key.path=<location>/certificates/cakey.pem
++#bes.ca.key.pass=passphrase
++
++###########################################################################
++# Monitoring module Configuration
++###########################################################################
++
++#This will be the primary monitoring tool which runs in airavata, in future there will be multiple monitoring
++#mechanisms and one would be able to start a monitor
++monitors=org.apache.airavata.gfac.monitor.impl.pull.qstat.QstatMonitor,org.apache.airavata.gfac.monitor.impl.LocalJobMonitor
++
++#These properties will used to enable email base monitoring
++email.based.monitor.host=imap.gmail.com
++email.based.monitor.address={{ monitor_email_address }}
++email.based.monitor.password={{ monitor_email_password }}
++email.based.monitor.folder.name=INBOX
++# either imaps or pop3
++email.based.monitor.store.protocol=imaps
++#These property will be used to query the email server periodically. value in milliseconds(ms).
++email.based.monitoring.period=10000
++
++###########################################################################
++# AMQP Notification Configuration
++###########################################################################
++#for simple scenarios we can use the guest user
++#rabbitmq.broker.url=amqp://localhost:5672
++#for production scenarios, give url as amqp://userName:password@hostName:portNumber/virtualHost, create user, virtualhost
++# and give permissions, refer: http://blog.dtzq.com/2012/06/rabbitmq-users-and-virtual-hosts.html
++rabbitmq.broker.url={{ rabbitmq_broker_url }}
++rabbitmq.status.exchange.name=status_exchange
++rabbitmq.process.exchange.name=process_exchange
++rabbitmq.experiment.exchange.name=experiment_exchange
++durable.queue=false
++prefetch.count=200
++process.launch.queue.name=process.launch.queue
++experiment.launch..queue.name=experiment.launch.queue
++
++###########################################################################
++# Zookeeper Server Configuration
++###########################################################################
++embedded.zk=false
++zookeeper.server.connection={{ zookeeper_url }}
++zookeeper.timeout=30000
++
++########################################################################
++## API Security Configuration
++########################################################################
++api.secured={{ api_secured }}
++security.manager.class=org.apache.airavata.api.server.security.DefaultAiravataSecurityManager
++### TLS related configuration ####
++TLS.enabled={{ tls_enable }}
++TLS.api.server.port={{ api_server_tls_port }}
++TLS.client.timeout=10000
++#### keystore configuration ####
++keystore.path={{ keystores_location }}/{{ keystore }}
++keystore.password={{ keystore_passwd }}
++#### trust store configuration ####
++trust.store={{ keystores_location }}/{{ client_truststore }}
++trust.store.password=airavata
++#### remote authorization server url ####
++remote.oauth.authorization.server=https://idp.scigap.org:9443/services/
++#### xacml based authorization policy ####
++authorization.policy=airavata-default-xacml-policy
++#### authorization cache related configuration ####
++authz.cache.enabled=true
++authz.cache.manager.class=org.apache.airavata.api.server.security.authzcache.DefaultAuthzCacheManager
++in.memory.cache.size=1000
http://git-wip-us.apache.org/repos/asf/airavata/blob/514567c8/dev-tools/ansible/roles/gfac/templates/gfac-config.yaml.j2
----------------------------------------------------------------------
diff --cc dev-tools/ansible/roles/gfac/templates/gfac-config.yaml.j2
index 0000000,0000000..3df5832
new file mode 100644
--- /dev/null
+++ b/dev-tools/ansible/roles/gfac/templates/gfac-config.yaml.j2
@@@ -1,0 -1,0 +1,111 @@@
++##################################################################
++# Licensed to the Apache Software Foundation (ASF) under one
++# or more contributor license agreements. See the NOTICE file
++# distributed with this work for additional information
++# regarding copyright ownership. The ASF licenses this file
++# to you under the Apache License, Version 2.0 (the
++# "License"); you may not use this file except in compliance
++# with the License. You may obtain a copy of the License at
++#
++# http://www.apache.org/licenses/LICENSE-2.0
++#
++# Unless required by applicable law or agreed to in writing,
++# software distributed under the License is distributed on an
++# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
++# KIND, either express or implied. See the License for the
++# specific language governing permissions and limitations
++# under the License.
++#
++################################################################
++
++jobSubmitters:
++ - submissionProtocol: SSH
++ taskClass: org.apache.airavata.gfac.impl.task.DefaultJobSubmissionTask
++# properties:
++# - userName: airavata
++# passPhrase: airavata
++# privateKey: /path/to/the/privatekey
++# publicKey: /path/to/the/publickey
++# hostName: remote.client.hostName
++
++ - submissionProtocol: SSH_FORK
++ taskClass: org.apache.airavata.gfac.impl.task.ForkJobSubmissionTask
++
++ - submissionProtocol: LOCAL
++ taskClass: org.apache.airavata.gfac.impl.task.DefaultJobSubmissionTask
++
++# Following job subbmitters are not yet implemented.
++
++ # - submissionProtocol: GSISSH
++ # taskClass: org.apache.airavata.task.adapters.GSISSHJobSubmissionTask
++commonTasks:
++ - type: SETUP
++ taskClass: org.apache.airavata.task.common.SetupTask
++
++ - type: CLEANUP
++ taskClass: org.apache.airavata.task.common.CleanupTask
++
++fileTransferTasks:
++# - transferProtocol: SCP
++# taskClass: org.apache.airavata.gfac.impl.task.DataStageTask
++
++# If your client doen't run the same instance where airavata server is running then you need to comment above
++# DataStageTask and uncomment SCPDataStageTask. To work with SCPDataStageTask, you either need to
++# provide ssh keys or password.
++
++ - transferProtocol: SCP
++ taskClass: org.apache.airavata.gfac.impl.task.SCPDataStageTask
++ properties:
++ - userName: root
++ passPhrase: ultrascan
++ privateKeyPath: /home/airavata/.ssh/id_rsa
++ publicKeyPath: /home/airavata/.ssh/id_rsa.pub
++ hostName: gw75.iu.xsede.org
++ inputPath: /var/www/portal/experimentData/
++# password: password
++
++# Following transfer tasks are not yet implemented.
++ #- transferProtocol: SFTP
++ # taskClass: org.apache.airavata.task.adapters.SFTPFileTransferTask
++
++ #- transferProtocol: GRIDFTP
++ # taskClass: org.apache.airavata.task.adapters.GRIDFTPFileTransferTask
++
++ #- transferProtocol: LOCAL
++ # taskClass: org.apache.airavata.task.adapters.LocalFileTransferTask
++
++resources:
++ - jobManagerType: PBS
++ commandOutputParser: org.apache.airavata.gfac.impl.job.PBSOutputParser
++ emailParser: org.apache.airavata.gfac.monitor.email.parser.PBSEmailParser
++ resourceEmailAddresses:
++ - pbsconsult@sdsc.edu # gordon
++ - adm@trident.bigred2.uits.iu.edu # Bigred2
++ - root <ad...@trident.bigred2.uits.iu.edu> # Bigred2
++ - root <ad...@scyld.localdomain> # alamo
++ - root <ad...@m2.karst.uits.iu.edu> #karst
++
++ - jobManagerType: SLURM
++ commandOutputParser: org.apache.airavata.gfac.impl.job.SlurmOutputParser
++ emailParser: org.apache.airavata.gfac.monitor.email.parser.SLURMEmailParser
++ resourceEmailAddresses:
++ - SDSC Admin <sl...@comet-fe3.sdsc.edu> # comet
++ - slurm@batch1.stampede.tacc.utexas.edu # stampede
++ - SDSC Admin <sl...@comet-fe4.sdsc.edu> # comet new
++ - Slurm <sl...@psc.edu> # bridges
++ - Slurm Daemon <sl...@odin.oscer.ou.edu> # OU Schooner
++
++ - jobManagerType: UGE
++ commandOutputParser: org.apache.airavata.gfac.impl.job.UGEOutputParser
++ emailParser: org.apache.airavata.gfac.monitor.email.parser.UGEEmailParser
++ resourceEmailAddresses:
++ - ls4.tacc.utexas.edu # contain Lonestar
++
++ - jobManagerType: LSF
++ commandOutputParser: org.apache.airavata.gfac.impl.job.LSFOutputParser
++ emailParser: org.apache.airavata.gfac.monitor.email.parser.LSFEmailParser
++ resourceEmailAddresses:
++ - iu.xsede.edu # test resource mail address
++
++ - jobManagerType: FORK
++ commandOutputParser: org.apache.airavata.gfac.impl.job.ForkOutputParser
http://git-wip-us.apache.org/repos/asf/airavata/blob/514567c8/dev-tools/ansible/roles/java/tasks/main.yml
----------------------------------------------------------------------
diff --cc dev-tools/ansible/roles/java/tasks/main.yml
index 0000000,0000000..92f2039
new file mode 100644
--- /dev/null
+++ b/dev-tools/ansible/roles/java/tasks/main.yml
@@@ -1,0 -1,0 +1,21 @@@
++---
++# Install Orcal Java
++- name: download oracle java 8 rpm
++ get_url: url="{{ java_rpm_url }}" dest="{{ java_dir_source }}" headers='Cookie:oraclelicense=accept-securebackup-cookie'
++ become: yes
++
++- name: Install oracle java 8
++ yum: name="{{ java_dir_source }}/{{ java_rpm_filename }}" state=present
++ become: yes
++
++- name: set Oracle Java {{ java_version_string }} as default
++ alternatives:
++ name="{{ item.exe }}"
++ link="/usr/bin/{{ item.exe }}"
++ path="{{ item.path }}/{{ item.exe }}"
++ with_items:
++ - { path: "{{ java_home }}/jre/bin", exe: 'java' }
++ - { path: "{{ java_home }}/jre/bin", exe: 'keytool' }
++ - { path: "{{ java_home }}/bin", exe: 'javac' }
++ - { path: "{{ java_home }}/bin", exe: 'javadoc' }
++ become: yes
http://git-wip-us.apache.org/repos/asf/airavata/blob/514567c8/dev-tools/ansible/roles/java/vars/main.yml
----------------------------------------------------------------------
diff --cc dev-tools/ansible/roles/java/vars/main.yml
index 0000000,0000000..a995684
new file mode 100644
--- /dev/null
+++ b/dev-tools/ansible/roles/java/vars/main.yml
@@@ -1,0 -1,0 +1,15 @@@
++---
++#Variables associated with this role
++# Oracle Java 8
++java_dir_source: "/usr/local/src"
++
++java_version: 8
++java_version_update: 91
++java_version_build: '14'
++java_version_string: "1.{{ java_version }}.0_{{ java_version_update }}"
++java_home: "/usr/java/jdk1.{{ java_version }}.0_{{ java_version_update }}"
++
++java_rpm_filename: "jdk-{{ java_version }}u{{ java_version_update }}-linux-x64.rpm"
++java_rpm_url: "http://download.oracle.com/otn-pub/java/jdk/{{ java_version }}u{{ java_version_update }}-b{{ java_version_build }}/{{ java_rpm_filename }}"
++
++...
http://git-wip-us.apache.org/repos/asf/airavata/blob/514567c8/dev-tools/ansible/roles/pga/handlers/main.yml
----------------------------------------------------------------------
diff --cc dev-tools/ansible/roles/pga/handlers/main.yml
index 0000000,0000000..9c6c12f
new file mode 100644
--- /dev/null
+++ b/dev-tools/ansible/roles/pga/handlers/main.yml
@@@ -1,0 -1,0 +1,13 @@@
++---
++
++- name: composer update
++ composer: command=update working_dir="{{ doc_root_dir }}"
++ become: yes
++
++- name: start httpd
++ service: name=httpd state=started
++ become: yes
++
++- name: restart httpd
++ service: name=httpd state=restarted
++ become: yes
http://git-wip-us.apache.org/repos/asf/airavata/blob/514567c8/dev-tools/ansible/roles/pga/tasks/main.yml
----------------------------------------------------------------------
diff --cc dev-tools/ansible/roles/pga/tasks/main.yml
index 0000000,0000000..b267119
new file mode 100644
--- /dev/null
+++ b/dev-tools/ansible/roles/pga/tasks/main.yml
@@@ -1,0 -1,0 +1,112 @@@
++---
++- name: Create root directory
++ file: path="{{ doc_root_dir }}" state=directory
++ become: yes
++
++- name: Install pre-requireties
++ yum: name="{{ item }}" state=latest update_cache=yes
++ with_items:
++ - git
++ - httpd
++ - php
++ - php-soap
++ - libselinux-python
++ - php-pdo
++ become: yes
++
++# - name: Allow selinux outbound connection from web server
++ # command: setsebool -P httpd_can_network_connect 1
++
++- name: install composer
++ shell: curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer
++ args:
++ creates: /usr/local/bin/composer
++ become: yes
++
++- name: install epel release
++ yum: name=epel-release state=present
++ become: yes
++
++# depend on epel release
++- name: install mcrypt
++ yum: name=php-mcrypt state=latest update_cache=yes
++ become: yes
++
++# - name: Check previous deployments
++# stat: path="{{ doc_root_dir }}" get_md5=no get_checksum=no
++# register: check
++
++- name: delete previous deployments
++ file: path="{{ doc_root_dir }}" state=absent
++
++
++- name: Git clone php gateway
++ git: repo=https://github.com/apache/airavata-php-gateway.git
++ dest="{{ doc_root_dir }}" version="{{ git_branch }}"
++ become: yes
++
++- name: Create user data dir {{ user_data_dir }}
++ file: path="{{ user_data_dir }}" state=directory owner="{{user}}" group="{{group}}" mode=0777 recurse=yes
++ become: yes
++
++ #Make sure selinux is dissabled in remote machine
++- name: Disable selinux
++ selinux: state=disabled
++ become: yes
++ register: selinux_disable
++
++# need to restart after disable selinux
++- name: restart machine
++ shell: sleep 2 && shutdown -r now "Ansible updates triggered"
++ async: 1
++ poll: 0
++ become: yes
++ ignore_errors: true
++ when: (selinux_disable|success) and (selinux_disable.changed == true)
++ register: restart
++
++- name: waiting for server to come back
++ local_action: wait_for host={{ inventory_hostname }} state=started delay=30 timeout=60
++ when: (restart|success) and (restart.changed == true)
++
++
++- name: Run composer update
++ composer: command=update working_dir="{{ doc_root_dir }}"
++ become: yes
++
++# step 6: Change pga configurations
++- name: Copy pga config file
++ template: src=pga_config.php.j2 dest="{{ doc_root_dir }}/app/config/pga_config.php"
++ become: yes
++
++# give write permission to storage directory
++- name: give read permissions to doc root
++ file: path="{{ doc_root_dir }}" state=directory mode=0755 recurse=yes
++ become: yes
++
++- name: give write permissions to storage dir
++ file: path="{{ doc_root_dir }}/app/storage" state=directory mode=0777 owner="{{user}}" group="{{group}}" recurse=yes
++ become: yes
++
++- name: Eanble https and http service on public zone
++ firewalld: service="{{ item }}" permanent=true state=enabled zone=public immediate=True
++ with_items:
++ - http
++ - https
++ become: yes
++
++# - name: Edit file
++# lineinfile: dest="{{ httpd_conf_file }}" regexp="#\n\s*AllowOverride None" line="#\nAllowOverride All"
++# notify:
++# - restart httpd
++# become: yes
++
++- name: copy httpd.conf file
++ template: src=httpd.conf.j2 dest="{{ httpd_conf_file_location }}/httpd.conf"
++ become: yes
++ notify:
++ - restart httpd
++
++- name: start httpd service
++ service: name=httpd state=started
++ become: yes
http://git-wip-us.apache.org/repos/asf/airavata/blob/514567c8/dev-tools/ansible/roles/pga/templates/httpd.conf.j2
----------------------------------------------------------------------
diff --cc dev-tools/ansible/roles/pga/templates/httpd.conf.j2
index 0000000,0000000..37c05e2
new file mode 100644
--- /dev/null
+++ b/dev-tools/ansible/roles/pga/templates/httpd.conf.j2
@@@ -1,0 -1,0 +1,353 @@@
++#
++# This is the main Apache HTTP server configuration file. It contains the
++# configuration directives that give the server its instructions.
++# See <URL:http://httpd.apache.org/docs/2.4/> for detailed information.
++# In particular, see
++# <URL:http://httpd.apache.org/docs/2.4/mod/directives.html>
++# for a discussion of each configuration directive.
++#
++# Do NOT simply read the instructions in here without understanding
++# what they do. They're here only as hints or reminders. If you are unsure
++# consult the online docs. You have been warned.
++#
++# Configuration and logfile names: If the filenames you specify for many
++# of the server's control files begin with "/" (or "drive:/" for Win32), the
++# server will use that explicit path. If the filenames do *not* begin
++# with "/", the value of ServerRoot is prepended -- so 'log/access_log'
++# with ServerRoot set to '/www' will be interpreted by the
++# server as '/www/log/access_log', where as '/log/access_log' will be
++# interpreted as '/log/access_log'.
++
++#
++# ServerRoot: The top of the directory tree under which the server's
++# configuration, error, and log files are kept.
++#
++# Do not add a slash at the end of the directory path. If you point
++# ServerRoot at a non-local disk, be sure to specify a local disk on the
++# Mutex directive, if file-based mutexes are used. If you wish to share the
++# same ServerRoot for multiple httpd daemons, you will need to change at
++# least PidFile.
++#
++ServerRoot "/etc/httpd"
++
++#
++# Listen: Allows you to bind Apache to specific IP addresses and/or
++# ports, instead of the default. See also the <VirtualHost>
++# directive.
++#
++# Change this to Listen on specific IP addresses as shown below to
++# prevent Apache from glomming onto all bound IP addresses.
++#
++#Listen 12.34.56.78:80
++Listen 80
++
++#
++# Dynamic Shared Object (DSO) Support
++#
++# To be able to use the functionality of a module which was built as a DSO you
++# have to place corresponding `LoadModule' lines at this location so the
++# directives contained in it are actually available _before_ they are used.
++# Statically compiled modules (those listed by `httpd -l') do not need
++# to be loaded here.
++#
++# Example:
++# LoadModule foo_module modules/mod_foo.so
++#
++Include conf.modules.d/*.conf
++
++#
++# If you wish httpd to run as a different user or group, you must run
++# httpd as root initially and it will switch.
++#
++# User/Group: The name (or #number) of the user/group to run httpd as.
++# It is usually good practice to create a dedicated user and group for
++# running httpd, as with most system services.
++#
++User apache
++Group apache
++
++# 'Main' server configuration
++#
++# The directives in this section set up the values used by the 'main'
++# server, which responds to any requests that aren't handled by a
++# <VirtualHost> definition. These values also provide defaults for
++# any <VirtualHost> containers you may define later in the file.
++#
++# All of these directives may appear inside <VirtualHost> containers,
++# in which case these default settings will be overridden for the
++# virtual host being defined.
++#
++
++#
++# ServerAdmin: Your address, where problems with the server should be
++# e-mailed. This address appears on some server-generated pages, such
++# as error documents. e.g. admin@your-domain.com
++#
++ServerAdmin root@localhost
++
++#
++# ServerName gives the name and port that the server uses to identify itself.
++# This can often be determined automatically, but we recommend you specify
++# it explicitly to prevent problems during startup.
++#
++# If your host doesn't have a registered DNS name, enter its IP address here.
++#
++#ServerName www.example.com:80
++
++#
++# Deny access to the entirety of your server's filesystem. You must
++# explicitly permit access to web content directories in other
++# <Directory> blocks below.
++#
++<Directory />
++ AllowOverride none
++ Require all denied
++</Directory>
++
++#
++# Note that from this point forward you must specifically allow
++# particular features to be enabled - so if something's not working as
++# you might expect, make sure that you have specifically enabled it
++# below.
++#
++
++#
++# DocumentRoot: The directory out of which you will serve your
++# documents. By default, all requests are taken from this directory, but
++# symbolic links and aliases may be used to point to other locations.
++#
++DocumentRoot "/var/www/html"
++
++#
++# Relax access to content within /var/www.
++#
++<Directory "/var/www">
++ AllowOverride None
++ # Allow open access:
++ Require all granted
++</Directory>
++
++# Further relax access to the default document root:
++<Directory "/var/www/html">
++ #
++ # Possible values for the Options directive are "None", "All",
++ # or any combination of:
++ # Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
++ #
++ # Note that "MultiViews" must be named *explicitly* --- "Options All"
++ # doesn't give it to you.
++ #
++ # The Options directive is both complicated and important. Please see
++ # http://httpd.apache.org/docs/2.4/mod/core.html#options
++ # for more information.
++ #
++ Options Indexes FollowSymLinks
++
++ #
++ # AllowOverride controls what directives may be placed in .htaccess files.
++ # It can be "All", "None", or any combination of the keywords:
++ # Options FileInfo AuthConfig Limit
++ #
++ AllowOverride All
++
++ #
++ # Controls who can get stuff from this server.
++ #
++ Require all granted
++</Directory>
++
++#
++# DirectoryIndex: sets the file that Apache will serve if a directory
++# is requested.
++#
++<IfModule dir_module>
++ DirectoryIndex index.html
++</IfModule>
++
++#
++# The following lines prevent .htaccess and .htpasswd files from being
++# viewed by Web clients.
++#
++<Files ".ht*">
++ Require all denied
++</Files>
++
++#
++# ErrorLog: The location of the error log file.
++# If you do not specify an ErrorLog directive within a <VirtualHost>
++# container, error messages relating to that virtual host will be
++# logged here. If you *do* define an error logfile for a <VirtualHost>
++# container, that host's errors will be logged there and not here.
++#
++ErrorLog "logs/error_log"
++
++#
++# LogLevel: Control the number of messages logged to the error_log.
++# Possible values include: debug, info, notice, warn, error, crit,
++# alert, emerg.
++#
++LogLevel warn
++
++<IfModule log_config_module>
++ #
++ # The following directives define some format nicknames for use with
++ # a CustomLog directive (see below).
++ #
++ LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
++ LogFormat "%h %l %u %t \"%r\" %>s %b" common
++
++ <IfModule logio_module>
++ # You need to enable mod_logio.c to use %I and %O
++ LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
++ </IfModule>
++
++ #
++ # The location and format of the access logfile (Common Logfile Format).
++ # If you do not define any access logfiles within a <VirtualHost>
++ # container, they will be logged here. Contrariwise, if you *do*
++ # define per-<VirtualHost> access logfiles, transactions will be
++ # logged therein and *not* in this file.
++ #
++ #CustomLog "logs/access_log" common
++
++ #
++ # If you prefer a logfile with access, agent, and referer information
++ # (Combined Logfile Format) you can use the following directive.
++ #
++ CustomLog "logs/access_log" combined
++</IfModule>
++
++<IfModule alias_module>
++ #
++ # Redirect: Allows you to tell clients about documents that used to
++ # exist in your server's namespace, but do not anymore. The client
++ # will make a new request for the document at its new location.
++ # Example:
++ # Redirect permanent /foo http://www.example.com/bar
++
++ #
++ # Alias: Maps web paths into filesystem paths and is used to
++ # access content that does not live under the DocumentRoot.
++ # Example:
++ # Alias /webpath /full/filesystem/path
++ #
++ # If you include a trailing / on /webpath then the server will
++ # require it to be present in the URL. You will also likely
++ # need to provide a <Directory> section to allow access to
++ # the filesystem path.
++
++ #
++ # ScriptAlias: This controls which directories contain server scripts.
++ # ScriptAliases are essentially the same as Aliases, except that
++ # documents in the target directory are treated as applications and
++ # run by the server when requested rather than as documents sent to the
++ # client. The same rules about trailing "/" apply to ScriptAlias
++ # directives as to Alias.
++ #
++ ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"
++
++</IfModule>
++
++#
++# "/var/www/cgi-bin" should be changed to whatever your ScriptAliased
++# CGI directory exists, if you have that configured.
++#
++<Directory "/var/www/cgi-bin">
++ AllowOverride None
++ Options None
++ Require all granted
++</Directory>
++
++<IfModule mime_module>
++ #
++ # TypesConfig points to the file containing the list of mappings from
++ # filename extension to MIME-type.
++ #
++ TypesConfig /etc/mime.types
++
++ #
++ # AddType allows you to add to or override the MIME configuration
++ # file specified in TypesConfig for specific file types.
++ #
++ #AddType application/x-gzip .tgz
++ #
++ # AddEncoding allows you to have certain browsers uncompress
++ # information on the fly. Note: Not all browsers support this.
++ #
++ #AddEncoding x-compress .Z
++ #AddEncoding x-gzip .gz .tgz
++ #
++ # If the AddEncoding directives above are commented-out, then you
++ # probably should define those extensions to indicate media types:
++ #
++ AddType application/x-compress .Z
++ AddType application/x-gzip .gz .tgz
++
++ #
++ # AddHandler allows you to map certain file extensions to "handlers":
++ # actions unrelated to filetype. These can be either built into the server
++ # or added with the Action directive (see below)
++ #
++ # To use CGI scripts outside of ScriptAliased directories:
++ # (You will also need to add "ExecCGI" to the "Options" directive.)
++ #
++ #AddHandler cgi-script .cgi
++
++ # For type maps (negotiated resources):
++ #AddHandler type-map var
++
++ #
++ # Filters allow you to process content before it is sent to the client.
++ #
++ # To parse .shtml files for server-side includes (SSI):
++ # (You will also need to add "Includes" to the "Options" directive.)
++ #
++ AddType text/html .shtml
++ AddOutputFilter INCLUDES .shtml
++</IfModule>
++
++#
++# Specify a default charset for all content served; this enables
++# interpretation of all content as UTF-8 by default. To use the
++# default browser choice (ISO-8859-1), or to allow the META tags
++# in HTML content to override this choice, comment out this
++# directive:
++#
++AddDefaultCharset UTF-8
++
++<IfModule mime_magic_module>
++ #
++ # The mod_mime_magic module allows the server to use various hints from the
++ # contents of the file itself to determine its type. The MIMEMagicFile
++ # directive tells the module where the hint definitions are located.
++ #
++ MIMEMagicFile conf/magic
++</IfModule>
++
++#
++# Customizable error responses come in three flavors:
++# 1) plain text 2) local redirects 3) external redirects
++#
++# Some examples:
++#ErrorDocument 500 "The server made a boo boo."
++#ErrorDocument 404 /missing.html
++#ErrorDocument 404 "/cgi-bin/missing_handler.pl"
++#ErrorDocument 402 http://www.example.com/subscription_info.html
++#
++
++#
++# EnableMMAP and EnableSendfile: On systems that support it,
++# memory-mapping or the sendfile syscall may be used to deliver
++# files. This usually improves server performance, but must
++# be turned off when serving from networked-mounted
++# filesystems or if support for these functions is otherwise
++# broken on your system.
++# Defaults if commented: EnableMMAP On, EnableSendfile Off
++#
++#EnableMMAP off
++EnableSendfile on
++
++# Supplemental configuration
++#
++# Load config files in the "/etc/httpd/conf.d" directory, if any.
++IncludeOptional conf.d/*.conf