You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airavata.apache.org by ma...@apache.org on 2022/07/27 13:35:24 UTC
[airavata] 07/10: AIRAVATA-3609 Ansible 2.13/Rocky Linux 8 updates for Django deploy

This is an automated email from the ASF dual-hosted git repository.

machristie pushed a commit to branch develop
in repository https://gitbox.apache.org/repos/asf/airavata.git

commit 65134efef90e48c677e6c37d26bbf8560224e7d5
Author: Marcus Christie <ma...@apache.org>
AuthorDate: Wed Jul 6 11:49:29 2022 -0400

    AIRAVATA-3609 Ansible 2.13/Rocky Linux 8 updates for Django deploy
---
 .../roles/django/tasks/install_deps_Centos_7.yml   |  28 ++++++
 .../roles/django/tasks/install_deps_Rocky_8.yml    |  31 ++++++
 dev-tools/ansible/roles/django/tasks/main.yml      |   8 +-
 .../django_setup/tasks/install_deps_Rocky_8.yml    | 108 +++++++++++++++++++++
 dev-tools/ansible/roles/env_setup/tasks/main.yml   |  37 +++----
 .../roles/httpd/tasks/install_deps_Rocky_8.yml     |  35 +++++++
 dev-tools/ansible/roles/httpd/tasks/main.yml       |   5 +-
 .../tasks/{main.yml => install_deps_CentOS_7.yml}  |  37 -------
 .../letsencrypt/tasks/install_deps_Rocky_8.yml     |  31 ++++++
 dev-tools/ansible/roles/letsencrypt/tasks/main.yml |  10 +-
 10 files changed, 261 insertions(+), 69 deletions(-)

diff --git a/dev-tools/ansible/roles/django/tasks/install_deps_Centos_7.yml b/dev-tools/ansible/roles/django/tasks/install_deps_Centos_7.yml
new file mode 100644
index 0000000000..fbde07fdcd
--- /dev/null
+++ b/dev-tools/ansible/roles/django/tasks/install_deps_Centos_7.yml
@@ -0,0 +1,28 @@
+#
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+
+---
+
+- name: Adds Python MySQL support (Centos 7)
+  yum: name=MySQL-python state=present
+  become: true
+
+
+...
diff --git a/dev-tools/ansible/roles/django/tasks/install_deps_Rocky_8.yml b/dev-tools/ansible/roles/django/tasks/install_deps_Rocky_8.yml
new file mode 100644
index 0000000000..d81472cad9
--- /dev/null
+++ b/dev-tools/ansible/roles/django/tasks/install_deps_Rocky_8.yml
@@ -0,0 +1,31 @@
+#
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+
+---
+
+- name: Adds Python MySQL support (Rocky 8)
+  dnf: name={{ package }} state=latest
+  loop:
+    - python3-mysql
+  loop_control:
+    loop_var: package
+  become: true
+
+...
diff --git a/dev-tools/ansible/roles/django/tasks/main.yml b/dev-tools/ansible/roles/django/tasks/main.yml
index 819eb821b7..bbe1f10fed 100644
--- a/dev-tools/ansible/roles/django/tasks/main.yml
+++ b/dev-tools/ansible/roles/django/tasks/main.yml
@@ -96,10 +96,12 @@
 - name: build airavata-django-portal Docker image
   local_action:
     module: docker_image
-    path: "{{ airavata_django_portal_tempdir.path }}/"
+    build:
+      path: "{{ airavata_django_portal_tempdir.path }}/"
     name: airavata-django-portal
-    force: true
-    # source: build
+    force_source: true
+    force_tag: true
+    source: build
   run_once: true
 
 - name: create Docker container so we can copy built files out of it
diff --git a/dev-tools/ansible/roles/django_setup/tasks/install_deps_Rocky_8.yml b/dev-tools/ansible/roles/django_setup/tasks/install_deps_Rocky_8.yml
new file mode 100644
index 0000000000..80f8266702
--- /dev/null
+++ b/dev-tools/ansible/roles/django_setup/tasks/install_deps_Rocky_8.yml
@@ -0,0 +1,108 @@
+#
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+
+---
+
+- name: Install Airavata Django Portal prerequisites (Rocky 8)
+  dnf: name={{ item }} state=latest
+  with_items:
+    - python36
+    - httpd-devel
+    - python36-devel
+    - mysql-devel
+    - gcc
+    - zlib-devel
+    - openssl-devel
+  become: yes
+
+- name: Create mod_wsgi directory
+  file: path={{ mod_wsgi_dir }} state=directory
+  become: yes
+
+- name: Fetch mod_wsgi
+  get_url:
+    url: "{{ mod_wsgi_url }}"
+    dest: "{{ mod_wsgi_tarball_dest }}"
+  become: yes
+
+- name: Untar mod_wsgi
+  unarchive:
+    src: "{{ mod_wsgi_tarball_dest }}"
+    remote_src: yes
+    dest: "{{ mod_wsgi_dir }}"
+    creates: "{{ mod_wsgi_unarchive_dir }}"
+  become: yes
+
+- name: Configure mod_wsgi
+  command: ./configure --with-python=/usr/bin/python3
+  args:
+    chdir: "{{ mod_wsgi_unarchive_dir }}"
+    creates: "{{ mod_wsgi_unarchive_dir }}/Makefile"
+  become: yes
+
+- name: make mod_wsgi
+  command: make
+  args:
+    chdir: "{{ mod_wsgi_unarchive_dir }}"
+    creates: "{{ mod_wsgi_unarchive_dir }}/src/server/mod_wsgi.la"
+  become: yes
+
+- name: make install mod_wsgi
+  command: make install
+  args:
+    chdir: "{{ mod_wsgi_unarchive_dir }}"
+  become: yes
+
+- name: Copy mod_wsgi config file
+  copy:
+    src: 00-wsgi.conf
+    dest: "{{ httpd_conf_modules_dir }}/00-wsgi.conf"
+  become: yes
+
+# Allow httpd to copy file attributes when handling uploaded files and moving
+# them from temporary to final destination (which may cross partitions)
+- name: double check policycoreutils installed
+  dnf: name=python3-policycoreutils state=installed
+  become: yes
+
+- name: Copy SELinux type enforcement file
+  copy: src=django-httpd.te dest=/tmp/
+
+- name: Compile SELinux module file
+  command: checkmodule -M -m -o /tmp/django-httpd.mod /tmp/django-httpd.te
+
+- name: Build SELinux policy package
+  command: semodule_package -o /tmp/django-httpd.pp -m /tmp/django-httpd.mod
+
+- name: unLoad SELinux policy package
+  command: semodule -r django-httpd
+  become: yes
+  ignore_errors: True
+
+- name: Load SELinux policy package
+  command: semodule -i /tmp/django-httpd.pp
+  become: yes
+
+- name: Remove temporary files
+  file: path={{ item }} state=absent
+  with_items:
+    - /tmp/django-httpd.mod
+    - /tmp/django-httpd.pp
+    - /tmp/django-httpd.te
diff --git a/dev-tools/ansible/roles/env_setup/tasks/main.yml b/dev-tools/ansible/roles/env_setup/tasks/main.yml
index 4d36c76fd2..b038e840dd 100644
--- a/dev-tools/ansible/roles/env_setup/tasks/main.yml
+++ b/dev-tools/ansible/roles/env_setup/tasks/main.yml
@@ -73,24 +73,25 @@
 
 # Automatic security updates installation
 
-- name: Install yum-cron, yum-utils (RedHat)
-  yum: name={{ item }} state=latest update_cache=yes
-  become: yes
-  when: ansible_os_family == "RedHat"
-  with_items:
-    - yum-cron
-    - yum-utils
+# TODO: switch to dnf-automatic for Rocky Linux
+# - name: Install yum-cron, yum-utils (RedHat)
+#   yum: name={{ item }} state=latest update_cache=yes
+#   become: yes
+#   when: ansible_os_family == "RedHat"
+#   with_items:
+#     - yum-cron
+#     - yum-utils
 
-- name: Copy yum-cron.conf config file
-  copy:
-    src: yum-cron.conf
-    dest: /etc/yum/yum-cron.conf
-    backup: yes
-  become: yes
-  when: ansible_os_family == "RedHat"
+# - name: Copy yum-cron.conf config file
+#   copy:
+#     src: yum-cron.conf
+#     dest: /etc/yum/yum-cron.conf
+#     backup: yes
+#   become: yes
+#   when: ansible_os_family == "RedHat"
 
-- name: Enable and start yum-cron
-  service: name=yum-cron state=started enabled=yes daemon_reload=yes
-  become: yes
-  when: ansible_os_family == "RedHat"
+# - name: Enable and start yum-cron
+#   service: name=yum-cron state=started enabled=yes daemon_reload=yes
+#   become: yes
+#   when: ansible_os_family == "RedHat"
 ...
diff --git a/dev-tools/ansible/roles/httpd/tasks/install_deps_Rocky_8.yml b/dev-tools/ansible/roles/httpd/tasks/install_deps_Rocky_8.yml
new file mode 100644
index 0000000000..698932ee25
--- /dev/null
+++ b/dev-tools/ansible/roles/httpd/tasks/install_deps_Rocky_8.yml
@@ -0,0 +1,35 @@
+#
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+
+---
+
+- name: Install pre-requisites
+  dnf: name="{{ item }}" state=latest
+  with_items:
+    - git
+    - httpd
+    - mod_ssl
+    - python3-libselinux
+    - python3-policycoreutils
+  become: yes
+
+- name: install epel release
+  dnf: name=epel-release state=present
+  become: yes
diff --git a/dev-tools/ansible/roles/httpd/tasks/main.yml b/dev-tools/ansible/roles/httpd/tasks/main.yml
index 15a71fd9ed..90a3ee840b 100644
--- a/dev-tools/ansible/roles/httpd/tasks/main.yml
+++ b/dev-tools/ansible/roles/httpd/tasks/main.yml
@@ -34,7 +34,7 @@
 - name: create default ssl vhost certificate
   command: openssl req -x509 -sha256 -newkey rsa:2048 -keyout {{ httpd_default_ssl_vhost_certificate_key_location[ansible_os_family]}} -out {{ httpd_default_ssl_vhost_certificate_location[ansible_os_family]}} -days 1024 -nodes -subj '/CN={{ ansible_host }}'
   become: yes
-  when: default_vhost_ssl_cert_check|failed
+  when: default_vhost_ssl_cert_check is failed
 
 - name: Change permissions for default ssl vhost certificate private key
   file: path="{{ httpd_default_ssl_vhost_certificate_key_location[ansible_os_family] }}" state=file owner="root" group="root" mode="600"
@@ -59,6 +59,7 @@
   file: path="{{ real_user_data_dir }}" state=directory owner="{{user}}" group="{{group}}"
   become: yes
 
+# TODO: create the parent directory of the symlink if missing
 - name: Symlink user data dir {{ user_data_dir }} to {{ real_user_data_dir }}
   file: src="{{ real_user_data_dir }}" dest="{{ user_data_dir }}" state=link owner="{{user}}" group="{{group}}"
   become: yes
@@ -76,7 +77,7 @@
   when: ansible_os_family == "RedHat"
 
 - name: run restorecon on user data directory
-  command: restorecon -F -R {{ user_data_dir }}
+  command: restorecon -F -R {{ real_user_data_dir }}
   become: yes
   when: ansible_os_family == "RedHat"
 
diff --git a/dev-tools/ansible/roles/letsencrypt/tasks/main.yml b/dev-tools/ansible/roles/letsencrypt/tasks/install_deps_CentOS_7.yml
similarity index 52%
copy from dev-tools/ansible/roles/letsencrypt/tasks/main.yml
copy to dev-tools/ansible/roles/letsencrypt/tasks/install_deps_CentOS_7.yml
index 75a4956333..2415c7584f 100644
--- a/dev-tools/ansible/roles/letsencrypt/tasks/main.yml
+++ b/dev-tools/ansible/roles/letsencrypt/tasks/install_deps_CentOS_7.yml
@@ -29,40 +29,3 @@
     - ca-certificates-2021.2.50
   become: true
   become_user: root
-  when: ansible_os_family == "RedHat"
-
-- name: add Certbot PPA repository
-  apt_repository:
-    repo: "ppa:certbot/certbot"
-  become: yes
-  when: ansible_os_family == "Debian"
-
-- name: Install Certbot and dependencies (Debian)
-  apt: name={{ item }} state=latest update_cache=yes
-  with_items:
-    - certbot
-    - python-certbot-apache
-  become: yes
-  when: ansible_os_family == "Debian"
-
-# Note: on Ubuntu crontab is automatically created to run cert renewal. Only
-# CentOS requires enabling the certbot-renew timer.
-
-- name: enable certbot (letsencrypt) renewal
-  systemd:
-    enabled: true
-    name: certbot-renew
-    daemon_reload: true
-  become: true
-  become_user: root
-  when: ansible_os_family == "RedHat"
-
-- name: enable certbot (letsencrypt) renewal timer
-  systemd:
-    state: started
-    enabled: true
-    name: certbot-renew.timer
-    daemon_reload: true
-  become: true
-  become_user: root
-  when: ansible_os_family == "RedHat"
diff --git a/dev-tools/ansible/roles/letsencrypt/tasks/install_deps_Rocky_8.yml b/dev-tools/ansible/roles/letsencrypt/tasks/install_deps_Rocky_8.yml
new file mode 100644
index 0000000000..574127dec3
--- /dev/null
+++ b/dev-tools/ansible/roles/letsencrypt/tasks/install_deps_Rocky_8.yml
@@ -0,0 +1,31 @@
+#
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+
+---
+
+- name: install certbot and dependencies
+  dnf: name={{ item }} state=latest
+  with_items:
+    - certbot
+    - python3-acme
+    - python3-certbot-apache
+    - ca-certificates
+  become: true
+  become_user: root
diff --git a/dev-tools/ansible/roles/letsencrypt/tasks/main.yml b/dev-tools/ansible/roles/letsencrypt/tasks/main.yml
index 75a4956333..978204d680 100644
--- a/dev-tools/ansible/roles/letsencrypt/tasks/main.yml
+++ b/dev-tools/ansible/roles/letsencrypt/tasks/main.yml
@@ -20,15 +20,7 @@
 
 ---
 
-- name: install certbot and dependencies
-  yum: name={{ item }} state=installed update_cache=yes
-  with_items:
-    - certbot-1.11.0
-    - python2-acme-1.11.0
-    - python2-certbot-apache-1.11.0
-    - ca-certificates-2021.2.50
-  become: true
-  become_user: root
+- include_tasks: install_deps_{{ ansible_distribution }}_{{ ansible_distribution_major_version }}.yml
   when: ansible_os_family == "RedHat"
 
 - name: add Certbot PPA repository