You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airavata.apache.org by ma...@apache.org on 2022/07/27 13:35:24 UTC
[airavata] 07/10: AIRAVATA-3609 Ansible 2.13/Rocky Linux 8 updates for Django deploy
This is an automated email from the ASF dual-hosted git repository.
machristie pushed a commit to branch develop
in repository https://gitbox.apache.org/repos/asf/airavata.git
commit 65134efef90e48c677e6c37d26bbf8560224e7d5
Author: Marcus Christie <ma...@apache.org>
AuthorDate: Wed Jul 6 11:49:29 2022 -0400
AIRAVATA-3609 Ansible 2.13/Rocky Linux 8 updates for Django deploy
---
.../roles/django/tasks/install_deps_Centos_7.yml | 28 ++++++
.../roles/django/tasks/install_deps_Rocky_8.yml | 31 ++++++
dev-tools/ansible/roles/django/tasks/main.yml | 8 +-
.../django_setup/tasks/install_deps_Rocky_8.yml | 108 +++++++++++++++++++++
dev-tools/ansible/roles/env_setup/tasks/main.yml | 37 +++----
.../roles/httpd/tasks/install_deps_Rocky_8.yml | 35 +++++++
dev-tools/ansible/roles/httpd/tasks/main.yml | 5 +-
.../tasks/{main.yml => install_deps_CentOS_7.yml} | 37 -------
.../letsencrypt/tasks/install_deps_Rocky_8.yml | 31 ++++++
dev-tools/ansible/roles/letsencrypt/tasks/main.yml | 10 +-
10 files changed, 261 insertions(+), 69 deletions(-)
diff --git a/dev-tools/ansible/roles/django/tasks/install_deps_Centos_7.yml b/dev-tools/ansible/roles/django/tasks/install_deps_Centos_7.yml
new file mode 100644
index 0000000000..fbde07fdcd
--- /dev/null
+++ b/dev-tools/ansible/roles/django/tasks/install_deps_Centos_7.yml
@@ -0,0 +1,28 @@
+#
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+
+---
+
+- name: Adds Python MySQL support (Centos 7)
+ yum: name=MySQL-python state=present
+ become: true
+
+
+...
diff --git a/dev-tools/ansible/roles/django/tasks/install_deps_Rocky_8.yml b/dev-tools/ansible/roles/django/tasks/install_deps_Rocky_8.yml
new file mode 100644
index 0000000000..d81472cad9
--- /dev/null
+++ b/dev-tools/ansible/roles/django/tasks/install_deps_Rocky_8.yml
@@ -0,0 +1,31 @@
+#
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+
+---
+
+- name: Adds Python MySQL support (Rocky 8)
+ dnf: name={{ package }} state=latest
+ loop:
+ - python3-mysql
+ loop_control:
+ loop_var: package
+ become: true
+
+...
diff --git a/dev-tools/ansible/roles/django/tasks/main.yml b/dev-tools/ansible/roles/django/tasks/main.yml
index 819eb821b7..bbe1f10fed 100644
--- a/dev-tools/ansible/roles/django/tasks/main.yml
+++ b/dev-tools/ansible/roles/django/tasks/main.yml
@@ -96,10 +96,12 @@
- name: build airavata-django-portal Docker image
local_action:
module: docker_image
- path: "{{ airavata_django_portal_tempdir.path }}/"
+ build:
+ path: "{{ airavata_django_portal_tempdir.path }}/"
name: airavata-django-portal
- force: true
- # source: build
+ force_source: true
+ force_tag: true
+ source: build
run_once: true
- name: create Docker container so we can copy built files out of it
diff --git a/dev-tools/ansible/roles/django_setup/tasks/install_deps_Rocky_8.yml b/dev-tools/ansible/roles/django_setup/tasks/install_deps_Rocky_8.yml
new file mode 100644
index 0000000000..80f8266702
--- /dev/null
+++ b/dev-tools/ansible/roles/django_setup/tasks/install_deps_Rocky_8.yml
@@ -0,0 +1,108 @@
+#
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+
+---
+
+- name: Install Airavata Django Portal prerequisites (Rocky 8)
+ dnf: name={{ item }} state=latest
+ with_items:
+ - python36
+ - httpd-devel
+ - python36-devel
+ - mysql-devel
+ - gcc
+ - zlib-devel
+ - openssl-devel
+ become: yes
+
+- name: Create mod_wsgi directory
+ file: path={{ mod_wsgi_dir }} state=directory
+ become: yes
+
+- name: Fetch mod_wsgi
+ get_url:
+ url: "{{ mod_wsgi_url }}"
+ dest: "{{ mod_wsgi_tarball_dest }}"
+ become: yes
+
+- name: Untar mod_wsgi
+ unarchive:
+ src: "{{ mod_wsgi_tarball_dest }}"
+ remote_src: yes
+ dest: "{{ mod_wsgi_dir }}"
+ creates: "{{ mod_wsgi_unarchive_dir }}"
+ become: yes
+
+- name: Configure mod_wsgi
+ command: ./configure --with-python=/usr/bin/python3
+ args:
+ chdir: "{{ mod_wsgi_unarchive_dir }}"
+ creates: "{{ mod_wsgi_unarchive_dir }}/Makefile"
+ become: yes
+
+- name: make mod_wsgi
+ command: make
+ args:
+ chdir: "{{ mod_wsgi_unarchive_dir }}"
+ creates: "{{ mod_wsgi_unarchive_dir }}/src/server/mod_wsgi.la"
+ become: yes
+
+- name: make install mod_wsgi
+ command: make install
+ args:
+ chdir: "{{ mod_wsgi_unarchive_dir }}"
+ become: yes
+
+- name: Copy mod_wsgi config file
+ copy:
+ src: 00-wsgi.conf
+ dest: "{{ httpd_conf_modules_dir }}/00-wsgi.conf"
+ become: yes
+
+# Allow httpd to copy file attributes when handling uploaded files and moving
+# them from temporary to final destination (which may cross partitions)
+- name: double check policycoreutils installed
+ dnf: name=python3-policycoreutils state=installed
+ become: yes
+
+- name: Copy SELinux type enforcement file
+ copy: src=django-httpd.te dest=/tmp/
+
+- name: Compile SELinux module file
+ command: checkmodule -M -m -o /tmp/django-httpd.mod /tmp/django-httpd.te
+
+- name: Build SELinux policy package
+ command: semodule_package -o /tmp/django-httpd.pp -m /tmp/django-httpd.mod
+
+- name: unLoad SELinux policy package
+ command: semodule -r django-httpd
+ become: yes
+ ignore_errors: True
+
+- name: Load SELinux policy package
+ command: semodule -i /tmp/django-httpd.pp
+ become: yes
+
+- name: Remove temporary files
+ file: path={{ item }} state=absent
+ with_items:
+ - /tmp/django-httpd.mod
+ - /tmp/django-httpd.pp
+ - /tmp/django-httpd.te
diff --git a/dev-tools/ansible/roles/env_setup/tasks/main.yml b/dev-tools/ansible/roles/env_setup/tasks/main.yml
index 4d36c76fd2..b038e840dd 100644
--- a/dev-tools/ansible/roles/env_setup/tasks/main.yml
+++ b/dev-tools/ansible/roles/env_setup/tasks/main.yml
@@ -73,24 +73,25 @@
# Automatic security updates installation
-- name: Install yum-cron, yum-utils (RedHat)
- yum: name={{ item }} state=latest update_cache=yes
- become: yes
- when: ansible_os_family == "RedHat"
- with_items:
- - yum-cron
- - yum-utils
+# TODO: switch to dnf-automatic for Rocky Linux
+# - name: Install yum-cron, yum-utils (RedHat)
+# yum: name={{ item }} state=latest update_cache=yes
+# become: yes
+# when: ansible_os_family == "RedHat"
+# with_items:
+# - yum-cron
+# - yum-utils
-- name: Copy yum-cron.conf config file
- copy:
- src: yum-cron.conf
- dest: /etc/yum/yum-cron.conf
- backup: yes
- become: yes
- when: ansible_os_family == "RedHat"
+# - name: Copy yum-cron.conf config file
+# copy:
+# src: yum-cron.conf
+# dest: /etc/yum/yum-cron.conf
+# backup: yes
+# become: yes
+# when: ansible_os_family == "RedHat"
-- name: Enable and start yum-cron
- service: name=yum-cron state=started enabled=yes daemon_reload=yes
- become: yes
- when: ansible_os_family == "RedHat"
+# - name: Enable and start yum-cron
+# service: name=yum-cron state=started enabled=yes daemon_reload=yes
+# become: yes
+# when: ansible_os_family == "RedHat"
...
diff --git a/dev-tools/ansible/roles/httpd/tasks/install_deps_Rocky_8.yml b/dev-tools/ansible/roles/httpd/tasks/install_deps_Rocky_8.yml
new file mode 100644
index 0000000000..698932ee25
--- /dev/null
+++ b/dev-tools/ansible/roles/httpd/tasks/install_deps_Rocky_8.yml
@@ -0,0 +1,35 @@
+#
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+
+---
+
+- name: Install pre-requisites
+ dnf: name="{{ item }}" state=latest
+ with_items:
+ - git
+ - httpd
+ - mod_ssl
+ - python3-libselinux
+ - python3-policycoreutils
+ become: yes
+
+- name: install epel release
+ dnf: name=epel-release state=present
+ become: yes
diff --git a/dev-tools/ansible/roles/httpd/tasks/main.yml b/dev-tools/ansible/roles/httpd/tasks/main.yml
index 15a71fd9ed..90a3ee840b 100644
--- a/dev-tools/ansible/roles/httpd/tasks/main.yml
+++ b/dev-tools/ansible/roles/httpd/tasks/main.yml
@@ -34,7 +34,7 @@
- name: create default ssl vhost certificate
command: openssl req -x509 -sha256 -newkey rsa:2048 -keyout {{ httpd_default_ssl_vhost_certificate_key_location[ansible_os_family]}} -out {{ httpd_default_ssl_vhost_certificate_location[ansible_os_family]}} -days 1024 -nodes -subj '/CN={{ ansible_host }}'
become: yes
- when: default_vhost_ssl_cert_check|failed
+ when: default_vhost_ssl_cert_check is failed
- name: Change permissions for default ssl vhost certificate private key
file: path="{{ httpd_default_ssl_vhost_certificate_key_location[ansible_os_family] }}" state=file owner="root" group="root" mode="600"
@@ -59,6 +59,7 @@
file: path="{{ real_user_data_dir }}" state=directory owner="{{user}}" group="{{group}}"
become: yes
+# TODO: create the parent directory of the symlink if missing
- name: Symlink user data dir {{ user_data_dir }} to {{ real_user_data_dir }}
file: src="{{ real_user_data_dir }}" dest="{{ user_data_dir }}" state=link owner="{{user}}" group="{{group}}"
become: yes
@@ -76,7 +77,7 @@
when: ansible_os_family == "RedHat"
- name: run restorecon on user data directory
- command: restorecon -F -R {{ user_data_dir }}
+ command: restorecon -F -R {{ real_user_data_dir }}
become: yes
when: ansible_os_family == "RedHat"
diff --git a/dev-tools/ansible/roles/letsencrypt/tasks/main.yml b/dev-tools/ansible/roles/letsencrypt/tasks/install_deps_CentOS_7.yml
similarity index 52%
copy from dev-tools/ansible/roles/letsencrypt/tasks/main.yml
copy to dev-tools/ansible/roles/letsencrypt/tasks/install_deps_CentOS_7.yml
index 75a4956333..2415c7584f 100644
--- a/dev-tools/ansible/roles/letsencrypt/tasks/main.yml
+++ b/dev-tools/ansible/roles/letsencrypt/tasks/install_deps_CentOS_7.yml
@@ -29,40 +29,3 @@
- ca-certificates-2021.2.50
become: true
become_user: root
- when: ansible_os_family == "RedHat"
-
-- name: add Certbot PPA repository
- apt_repository:
- repo: "ppa:certbot/certbot"
- become: yes
- when: ansible_os_family == "Debian"
-
-- name: Install Certbot and dependencies (Debian)
- apt: name={{ item }} state=latest update_cache=yes
- with_items:
- - certbot
- - python-certbot-apache
- become: yes
- when: ansible_os_family == "Debian"
-
-# Note: on Ubuntu crontab is automatically created to run cert renewal. Only
-# CentOS requires enabling the certbot-renew timer.
-
-- name: enable certbot (letsencrypt) renewal
- systemd:
- enabled: true
- name: certbot-renew
- daemon_reload: true
- become: true
- become_user: root
- when: ansible_os_family == "RedHat"
-
-- name: enable certbot (letsencrypt) renewal timer
- systemd:
- state: started
- enabled: true
- name: certbot-renew.timer
- daemon_reload: true
- become: true
- become_user: root
- when: ansible_os_family == "RedHat"
diff --git a/dev-tools/ansible/roles/letsencrypt/tasks/install_deps_Rocky_8.yml b/dev-tools/ansible/roles/letsencrypt/tasks/install_deps_Rocky_8.yml
new file mode 100644
index 0000000000..574127dec3
--- /dev/null
+++ b/dev-tools/ansible/roles/letsencrypt/tasks/install_deps_Rocky_8.yml
@@ -0,0 +1,31 @@
+#
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+
+---
+
+- name: install certbot and dependencies
+ dnf: name={{ item }} state=latest
+ with_items:
+ - certbot
+ - python3-acme
+ - python3-certbot-apache
+ - ca-certificates
+ become: true
+ become_user: root
diff --git a/dev-tools/ansible/roles/letsencrypt/tasks/main.yml b/dev-tools/ansible/roles/letsencrypt/tasks/main.yml
index 75a4956333..978204d680 100644
--- a/dev-tools/ansible/roles/letsencrypt/tasks/main.yml
+++ b/dev-tools/ansible/roles/letsencrypt/tasks/main.yml
@@ -20,15 +20,7 @@
---
-- name: install certbot and dependencies
- yum: name={{ item }} state=installed update_cache=yes
- with_items:
- - certbot-1.11.0
- - python2-acme-1.11.0
- - python2-certbot-apache-1.11.0
- - ca-certificates-2021.2.50
- become: true
- become_user: root
+- include_tasks: install_deps_{{ ansible_distribution }}_{{ ansible_distribution_major_version }}.yml
when: ansible_os_family == "RedHat"
- name: add Certbot PPA repository