You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airavata.apache.org by ma...@apache.org on 2020/06/18 20:59:29 UTC
[airavata] branch develop updated (18caaf5 -> 538d3f4)
This is an automated email from the ASF dual-hosted git repository.
machristie pushed a change to branch develop
in repository https://gitbox.apache.org/repos/asf/airavata.git.
from 18caaf5 Ansible: update interactwel LOGIN_REDIRECT_URL
add 9825a15 Adding the new domain gateway.physicell.org to physicell gateway
add 211ba2b Ansible: miga django app config
add 7ef3f58 Adding google analytics ID to the mines gateway
add 18f4cf0 Ansible: allow overriding selinux mode of portal server
add 81ce637 Creating the archieve directory if it does not exist
add f3e174a Fixing a typo in email notifications in SMALTR
add d0bd675 Adding BCB gateway
add 934efdd Adding BCB gateway
add 1c1a897 Adding BCB gateway
add 0fc42c7 Adding BCB gateway
add 7c6d606 Adding BCB gateway
add aa00afd Adding BCB gateway
add dac4edf Updated the gateway domain with the new domain
new 5aeea33 Ansible: update keycloak role to setup httpd proxy
new 538d3f4 Merge branch 'keycloak-letsencrypt-proxy' into develop
The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
.../scigap/develop/group_vars/all/vars.yml | 1 +
.../scigap/production/group_vars/all/vars.yml | 3 +-
.../host_vars/{v4i => bcbportal}/vars.yml | 20 ++---
.../production/host_vars/bcbportal/vault.yml | 15 ++++
.../scigap/production/host_vars/dreg/vars.yml | 3 +
.../host_vars/microbial-genomes/vars.yml | 4 +
.../scigap/production/host_vars/mines/vars.yml | 1 +
.../scigap/production/host_vars/physicell/vars.yml | 8 +-
.../scigap/production/host_vars/smaltr/vars.yml | 2 +-
.../ansible/inventories/scigap/production/hosts | 1 +
.../scigap/staging/group_vars/all/vars.yml | 1 +
dev-tools/ansible/keycloak.yml | 3 +-
dev-tools/ansible/roles/httpd/defaults/main.yml | 7 ++
dev-tools/ansible/roles/httpd/tasks/main.yml | 2 +-
dev-tools/ansible/roles/keycloak/README.md | 10 +--
dev-tools/ansible/roles/keycloak/defaults/main.yml | 15 ++--
dev-tools/ansible/roles/keycloak/files/README.md | 36 ---------
.../roles/{httpd => keycloak}/handlers/main.yml | 2 +-
dev-tools/ansible/roles/keycloak/tasks/main.yml | 94 +++++++++++-----------
.../roles/keycloak/templates/basic-vhost.conf.j2 | 9 +++
.../roles/keycloak/templates/standalone.xml.j2 | 15 ++--
.../ansible/roles/keycloak/templates/vhost.conf.j2 | 52 ++++++++++++
.../helix/impl/task/staging/ArchiveTask.java | 2 +-
23 files changed, 180 insertions(+), 126 deletions(-)
copy dev-tools/ansible/inventories/scigap/production/host_vars/{v4i => bcbportal}/vars.yml (60%)
create mode 100644 dev-tools/ansible/inventories/scigap/production/host_vars/bcbportal/vault.yml
delete mode 100644 dev-tools/ansible/roles/keycloak/files/README.md
copy dev-tools/ansible/roles/{httpd => keycloak}/handlers/main.yml (91%)
create mode 100644 dev-tools/ansible/roles/keycloak/templates/basic-vhost.conf.j2
create mode 100644 dev-tools/ansible/roles/keycloak/templates/vhost.conf.j2
[airavata] 01/02: Ansible: update keycloak role to setup httpd proxy
Posted by ma...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
machristie pushed a commit to branch develop
in repository https://gitbox.apache.org/repos/asf/airavata.git
commit 5aeea3337561e3289e70dd55bd8832fd3bd77cb4
Author: Marcus Christie <ma...@iu.edu>
AuthorDate: Thu Jun 18 16:56:41 2020 -0400
Ansible: update keycloak role to setup httpd proxy
---
.../scigap/develop/group_vars/all/vars.yml | 1 +
.../scigap/production/group_vars/all/vars.yml | 3 +-
.../scigap/staging/group_vars/all/vars.yml | 1 +
dev-tools/ansible/keycloak.yml | 3 +-
dev-tools/ansible/roles/keycloak/README.md | 10 +--
dev-tools/ansible/roles/keycloak/defaults/main.yml | 15 ++--
dev-tools/ansible/roles/keycloak/files/README.md | 36 ---------
.../keycloak/handlers/main.yml} | 11 +--
dev-tools/ansible/roles/keycloak/tasks/main.yml | 94 +++++++++++-----------
.../roles/keycloak/templates/basic-vhost.conf.j2 | 9 +++
.../roles/keycloak/templates/standalone.xml.j2 | 15 ++--
.../ansible/roles/keycloak/templates/vhost.conf.j2 | 52 ++++++++++++
12 files changed, 135 insertions(+), 115 deletions(-)
diff --git a/dev-tools/ansible/inventories/scigap/develop/group_vars/all/vars.yml b/dev-tools/ansible/inventories/scigap/develop/group_vars/all/vars.yml
index 6cde1aa..9cc0b34 100644
--- a/dev-tools/ansible/inventories/scigap/develop/group_vars/all/vars.yml
+++ b/dev-tools/ansible/inventories/scigap/develop/group_vars/all/vars.yml
@@ -144,6 +144,7 @@ keycloak_db_username: "keycloak"
keycloak_db_password: "{{ vault_keycloak_db_password }}"
keycloak_master_account_username: "admin"
keycloak_master_account_password: "{{ vault_keycloak_master_account_password }}"
+keycloak_vhost_servername: "iamdev.scigap.org"
# Helix
helix_version: 0.7.1
diff --git a/dev-tools/ansible/inventories/scigap/production/group_vars/all/vars.yml b/dev-tools/ansible/inventories/scigap/production/group_vars/all/vars.yml
index 01661e1..2cd74c2 100644
--- a/dev-tools/ansible/inventories/scigap/production/group_vars/all/vars.yml
+++ b/dev-tools/ansible/inventories/scigap/production/group_vars/all/vars.yml
@@ -133,6 +133,7 @@ keycloak_db_username: "keycloak"
keycloak_db_password: "{{ vault_keycloak_db_password }}"
keycloak_master_account_username: "AiravataAdmin"
keycloak_master_account_password: "{{ vault_keycloak_master_account_password }}"
+keycloak_vhost_servername: "iam.scigap.org"
# Helix
helix_version: 0.7.1
@@ -177,4 +178,4 @@ parser_broker_url: "{{ groups['kafka'][0] }}:{{ kafka_listener_port }}"
parser_broker_topic: "completed-messages"
parser_broker_consumer_group: "ParsingConsumer"
parser_storage_resource_id: "pgadev.scigap.org_7ddf28fd-d503-4ff8-bbc5-3279a7c3b99e"
-parser_broker_publisher_id: "ParserProducer"
\ No newline at end of file
+parser_broker_publisher_id: "ParserProducer"
diff --git a/dev-tools/ansible/inventories/scigap/staging/group_vars/all/vars.yml b/dev-tools/ansible/inventories/scigap/staging/group_vars/all/vars.yml
index 00f3396..69cdf57 100644
--- a/dev-tools/ansible/inventories/scigap/staging/group_vars/all/vars.yml
+++ b/dev-tools/ansible/inventories/scigap/staging/group_vars/all/vars.yml
@@ -140,6 +140,7 @@ keycloak_db_username: "keycloak"
keycloak_db_password: "{{ vault_keycloak_db_password }}"
keycloak_master_account_username: "AiravataAdmin"
keycloak_master_account_password: "{{ vault_keycloak_master_account_password }}"
+keycloak_vhost_servername: "iam.scigap.org"
# Helix
helix_version: 0.7.1
diff --git a/dev-tools/ansible/keycloak.yml b/dev-tools/ansible/keycloak.yml
index 292a821..8cca98b 100644
--- a/dev-tools/ansible/keycloak.yml
+++ b/dev-tools/ansible/keycloak.yml
@@ -24,6 +24,7 @@
roles:
- env_setup
- java
+ - letsencrypt
- keycloak
-...
\ No newline at end of file
+...
diff --git a/dev-tools/ansible/roles/keycloak/README.md b/dev-tools/ansible/roles/keycloak/README.md
index f6f95d9..42f6bd9 100644
--- a/dev-tools/ansible/roles/keycloak/README.md
+++ b/dev-tools/ansible/roles/keycloak/README.md
@@ -6,9 +6,7 @@
###Running instructions:
-1. Make sure SSL certificates and keystore files are present in roles/keycloak/files directory
-2. Make sure all the variables are configured correctly
-3. Dont use the Database role, rather set up the VM with default version provided by centos, tested with MySql 5.6 & MariaDB 5.5.52), Ansible role for the same is coming soon.
-4. Ensure the host file: `inventories/airavata-iam/hosts` has correct IP address
-4. For Standalone mode deployment : `ansible-playbook -i inventories/airavata-iam airavata-iam-setup.yml -t "standalone"`
-5. For HaCluster mode deployment : `ansible-playbook -i inventories/airavata-iam airavata-iam-setup.yml -t "hacluster"`
\ No newline at end of file
+1. Make sure all the variables are configured correctly
+2. Dont use the Database role, rather set up the VM with default version provided by centos, tested with MySql 5.6 & MariaDB 5.5.52), Ansible role for the same is coming soon.
+3. Ensure the host file: `inventories/airavata-iam/hosts` has correct IP address
+4. For Standalone mode deployment : `ansible-playbook -i inventories/airavata-iam keycloak.yml`
diff --git a/dev-tools/ansible/roles/keycloak/defaults/main.yml b/dev-tools/ansible/roles/keycloak/defaults/main.yml
index a55be33..d94bfe7 100644
--- a/dev-tools/ansible/roles/keycloak/defaults/main.yml
+++ b/dev-tools/ansible/roles/keycloak/defaults/main.yml
@@ -23,13 +23,13 @@ keycloak_version: "2.5.4.Final"
keycloak_downlaod_url: "https://downloads.jboss.org/keycloak/{{keycloak_version}}/keycloak-{{keycloak_version}}.tar.gz"
keycloak_install_dir: "keycloak-{{keycloak_version}}"
keycloak_db_connector_name: "mysql-connector-java-5.1.41"
-keycloak_ssl_keystore_file: "keycloak.jks"
-keycloak_ssl_keystore_file_name: "keycloak.jks"
-keycloak_ssl_keystore_password: "Airavata"
+# keycloak_ssl_keystore_file: "keycloak.jks"
+# keycloak_ssl_keystore_file_name: "keycloak.jks"
+# keycloak_ssl_keystore_password: "Airavata"
mysql_db_connector_download_url: "https://dev.mysql.com/get/Downloads/Connector-J/{{keycloak_db_connector_name}}.tar.gz"
keycloak_master_account_username: "username"
keycloak_master_account_password: "password"
-keycloak_server_port: "443"
+# keycloak_server_port: "443"
keycloak_db_host: "localhost"
keycloak_db_port: "3306"
@@ -38,4 +38,9 @@ keycloak_db_url: "jdbc:mysql://{{keycloak_db_host}}:{{keycloak_db_port}}/{{keycl
keycloak_db_username: "username"
keycloak_db_password: "password"
keycloak_db_pool_size: "20"
-...
\ No newline at end of file
+
+keycloak_vhost_servername: "changeme.org"
+keycloak_ssl_certificate_file: "/etc/letsencrypt/live/{{ keycloak_vhost_servername }}/cert.pem"
+keycloak_ssl_certificate_chain_file: "/etc/letsencrypt/live/{{ keycloak_vhost_servername }}/fullchain.pem"
+keycloak_ssl_certificate_key_file: "/etc/letsencrypt/live/{{ keycloak_vhost_servername }}/privkey.pem"
+...
diff --git a/dev-tools/ansible/roles/keycloak/files/README.md b/dev-tools/ansible/roles/keycloak/files/README.md
deleted file mode 100644
index 6463636..0000000
--- a/dev-tools/ansible/roles/keycloak/files/README.md
+++ /dev/null
@@ -1,36 +0,0 @@
-## Generating Keystore for SSL certificates
-
-**Note:** will only work on Mac and Linux
-
-### Files Needed:
-1. SSL certificate for the domain (ex: .cer or .crt or .pem)
-2. Private key used to acquire that SSL Certificate, i.e. key used to create certificate request (.key).
-
-### Process:
-1. Place both file in airavata/dev-tools/roles/keycloak/files
-2. The first step is to convert them into a single PKCS12 file using the following command, You will be asked for various passwords (the password to access the key (if set) and then the password for the PKCS12 file being created):
-```
-openssl pkcs12 -export -in host.crt -inkey host.key > host.p12
-```
-3. Then import the PKCS12 file into a keystore using the command:
-```
-keytool -importkeystore -srckeystore host.p12 -destkeystore keycloak.jks -srcstoretype pkcs12
-```
-
-###Sample output:
-```$shell
-$ openssl pkcs12 -export -in host.crt -inkey host.key > host.p12
-Enter pass phrase for host.key:
-Enter Export Password:
-Verifying - Enter Export Password:
-```
-```
-$ keytool -importkeystore -srckeystore host.p12 -destkeystore host.jks
--srcstoretype pkcs12
-Enter destination keystore password:
-Re-enter new password:
-Enter source keystore password:
-Entry for alias 1 successfully imported.
-Import command completed: 1 entries successfully imported, 0 entries failed
-or cancelled
-```
\ No newline at end of file
diff --git a/dev-tools/ansible/keycloak.yml b/dev-tools/ansible/roles/keycloak/handlers/main.yml
similarity index 87%
copy from dev-tools/ansible/keycloak.yml
copy to dev-tools/ansible/roles/keycloak/handlers/main.yml
index 292a821..589bdab 100644
--- a/dev-tools/ansible/keycloak.yml
+++ b/dev-tools/ansible/roles/keycloak/handlers/main.yml
@@ -19,11 +19,8 @@
#
---
-- hosts: keycloak
- tags: keycloak
- roles:
- - env_setup
- - java
- - keycloak
-...
\ No newline at end of file
+# Gracefully reload httpd
+- name: restart httpd
+ service: name=httpd state=reloaded enabled=yes
+ become: yes
diff --git a/dev-tools/ansible/roles/keycloak/tasks/main.yml b/dev-tools/ansible/roles/keycloak/tasks/main.yml
index ecab7db..44a5506 100644
--- a/dev-tools/ansible/roles/keycloak/tasks/main.yml
+++ b/dev-tools/ansible/roles/keycloak/tasks/main.yml
@@ -19,6 +19,50 @@
#
---
+- name: Install httpd
+ yum: name="httpd" state=latest update_cache=yes
+ become: yes
+
+- name: allow httpd to proxy to Keycloak process
+ seboolean:
+ name: httpd_can_network_connect
+ state: yes
+ persistent: yes
+ become: yes
+
+- name: Enable http/s service on public zone (for certbot verification)
+ firewalld: service={{ item }} permanent=true state=enabled zone=public immediate=True
+ with_items:
+ - http
+ - https
+ become: yes
+
+# TODO: it seems like a virtual host config of some type is needed for the following to work
+- name: copy basic virtual host file so certbot can verify domain
+ template: src="basic-vhost.conf.j2" dest=/etc/httpd/conf.d/basic-vhost.conf backup=yes
+ become: yes
+
+- name: start httpd
+ service: name=httpd state=started enabled=yes
+ become: yes
+
+- name: check if SSL certificate exists
+ stat:
+ path: "{{ keycloak_ssl_certificate_file }}"
+ register: stat_ssl_cert_result
+ become: yes
+
+- name: generate certificate if it doesn't exist
+ command: certbot --apache -d {{ keycloak_vhost_servername }} certonly
+ become: yes
+ when: not stat_ssl_cert_result.stat.exists
+
+- name: Add keycloak virtual host config that proxies to the keycloak server
+ template: src="vhost.conf.j2" dest=/etc/httpd/conf.d/keycloak.conf backup=yes
+ become: yes
+ notify:
+ - restart httpd
+
# Download keycloak distribution
- name: Download and unarchive keycloak
unarchive: src="{{ keycloak_downlaod_url }}"
@@ -79,19 +123,6 @@
# <---------------------------- Server Configuration -------------------------------->
-# Only Executed for haCluster mode (Mysql setup & without SSl configuration)
-- name: copy keycloak configuration file (HaCluster)
- template: >
- src=standalone-ha.xml.j2
- dest="{{ user_home }}/{{ keycloak_install_dir }}/standalone/configuration/standalone-ha.xml"
- owner="{{ user }}"
- group="{{ group }}"
- mode="u=rw,g=r,o=r"
- become: true
- become_user: "{{ user }}"
- tags:
- - hacluster
-
# Only Executed for standalone mode (SSL Configuration & MySql)
- name: copy keycloak configuration file (Standalone)
template: >
@@ -105,36 +136,10 @@
tags:
- standalone
-# Copy the SSL certificate files to remote
-
-- name: copy ssl certificate files to remote
- copy:
- src: "{{keycloak_ssl_keystore_file}}"
- dest: "{{ user_home }}/{{ keycloak_install_dir }}/standalone/configuration/{{keycloak_ssl_keystore_file_name}}"
- owner: "{{ user }}"
- group: "{{ group }}"
- mode: 0644
- become: true
- become_user: "{{ user }}"
- tags:
- - standalone
# </------------------------------ Server Configuration ends ---------------------------->
# <---------- setup init script for keycloak, starts the server after reboot ----------->
-# Init script to start keycloak in HaCluster mode
-- name: copy init script file (HaCluster)
- template: >
- src=keycloak-hacluster-init.j2
- dest="/etc/init.d/keycloak"
- owner="{{ user }}"
- group="{{ group }}"
- mode="u=rwx,g=r,o=r"
- become: yes
- become_user: root
- tags:
- - hacluster
-
# Init script to start keycloak in Standalone mode
- name: copy init script file (Standalone)
template: >
@@ -170,15 +175,6 @@
- always
-# <--------------------------open keycloak Identity server firewall port------------------------------>
-- name: open firewall port {{ keycloak_server_port }}
- firewalld: port="{{ keycloak_server_port }}/tcp"
- zone=public permanent=true state=enabled immediate=yes
- become: yes
- become_user: root
- tags:
- - always
-
# <--------------------------start keycloak Identity server------------------------------>
- name: reload Keycloak init script
command: systemctl daemon-reload
@@ -202,4 +198,4 @@
become_user: root
tags:
- always
-...
\ No newline at end of file
+...
diff --git a/dev-tools/ansible/roles/keycloak/templates/basic-vhost.conf.j2 b/dev-tools/ansible/roles/keycloak/templates/basic-vhost.conf.j2
new file mode 100644
index 0000000..da78c4c
--- /dev/null
+++ b/dev-tools/ansible/roles/keycloak/templates/basic-vhost.conf.j2
@@ -0,0 +1,9 @@
+<VirtualHost *:80>
+ ServerName {{ groups['keycloak'][0] }}
+ DocumentRoot "/var/www/html"
+
+ <Directory /var/www/html>
+ Options -Indexes +FollowSymLinks
+ AllowOverride All
+ </Directory>
+</VirtualHost>
diff --git a/dev-tools/ansible/roles/keycloak/templates/standalone.xml.j2 b/dev-tools/ansible/roles/keycloak/templates/standalone.xml.j2
index cf4aebe..bd75c79 100644
--- a/dev-tools/ansible/roles/keycloak/templates/standalone.xml.j2
+++ b/dev-tools/ansible/roles/keycloak/templates/standalone.xml.j2
@@ -45,13 +45,6 @@
<properties path="application-roles.properties" relative-to="jboss.server.config.dir"/>
</authorization>
</security-realm>
- <security-realm name="UndertowRealm">
- <server-identities>
- <ssl>
- <keystore path="{{keycloak_ssl_keystore_file_name}}" relative-to="jboss.server.config.dir" keystore-password="{{keycloak_ssl_keystore_password}}" />
- </ssl>
- </server-identities>
- </security-realm>
</security-realms>
<audit-log>
<formatters>
@@ -377,8 +370,9 @@
<subsystem xmlns="urn:jboss:domain:undertow:3.0">
<buffer-cache name="default"/>
<server name="default-server">
- <http-listener name="default" socket-binding="http" redirect-socket="https"/>
- <https-listener name="https" socket-binding="https" security-realm="UndertowRealm"/>
+ <http-listener name="default" socket-binding="http" redirect-socket="proxy-https" proxy-address-forwarding="true"/>
+ <!-- <http-listener name="default" socket-binding="http" redirect-socket="https"/> -->
+ <!-- <https-listener name="https" socket-binding="https" security-realm="UndertowRealm"/> -->
<host name="default-host" alias="localhost">
<location name="/" handler="welcome-content"/>
<filter-ref name="server-header"/>
@@ -489,7 +483,8 @@
<socket-binding name="management-https" interface="management" port="${jboss.management.https.port:9993}"/>
<socket-binding name="ajp" port="${jboss.ajp.port:8009}"/>
<socket-binding name="http" port="${jboss.http.port:8080}"/>
- <socket-binding name="https" port="${jboss.https.port:443}"/>
+ <!-- <socket-binding name="https" port="${jboss.https.port:8443}"/> -->
+ <socket-binding name="proxy-https" port="443"/>
<socket-binding name="txn-recovery-environment" port="4712"/>
<socket-binding name="txn-status-manager" port="4713"/>
<outbound-socket-binding name="mail-smtp">
diff --git a/dev-tools/ansible/roles/keycloak/templates/vhost.conf.j2 b/dev-tools/ansible/roles/keycloak/templates/vhost.conf.j2
new file mode 100644
index 0000000..4d7f40d
--- /dev/null
+++ b/dev-tools/ansible/roles/keycloak/templates/vhost.conf.j2
@@ -0,0 +1,52 @@
+#
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+
+
+<VirtualHost *:80>
+ ServerName {{ keycloak_vhost_servername }}
+
+ ## Redirect all http traffic to https
+ RewriteEngine On
+ RewriteCond %{HTTPS} off
+ RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
+</VirtualHost>
+
+<VirtualHost *:443>
+ ServerName {{ keycloak_vhost_servername }}
+
+ RequestHeader set X-Forwarded-Proto "https"
+ ProxyPass / "http://localhost:8080/"
+ ProxyPassReverse / "http://localhost:8080/"
+ ProxyPreserveHost On
+ # See https://issues.redhat.com/browse/KEYCLOAK-3067 for more info
+ LimitRequestFieldSize 32768
+
+ ErrorLog /var/log/httpd/keycloak.error.log
+ CustomLog /var/log/httpd/keycloak.requests.log combined
+
+ SSLEngine on
+ # Disable SSLv3 which is vulnerable to the POODLE attack
+ SSLProtocol All -SSLv2 -SSLv3
+ # Created cert with certbot:
+ # certbot --apache certonly -d iamdev.scigap.org
+ SSLCertificateFile {{ keycloak_ssl_certificate_file }}
+ SSLCertificateChainFile {{ keycloak_ssl_certificate_chain_file }}
+ SSLCertificateKeyFile {{ keycloak_ssl_certificate_key_file }}
+</VirtualHost>
[airavata] 02/02: Merge branch 'keycloak-letsencrypt-proxy' into
develop
Posted by ma...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
machristie pushed a commit to branch develop
in repository https://gitbox.apache.org/repos/asf/airavata.git
commit 538d3f477be199fd16789c094aea5524d17db5cb
Merge: 18caaf5 5aeea33
Author: Marcus Christie <ma...@iu.edu>
AuthorDate: Thu Jun 18 16:58:31 2020 -0400
Merge branch 'keycloak-letsencrypt-proxy' into develop
.../scigap/develop/group_vars/all/vars.yml | 1 +
.../scigap/production/group_vars/all/vars.yml | 3 +-
.../host_vars/{smaltr => bcbportal}/vars.yml | 22 ++---
.../production/host_vars/bcbportal/vault.yml | 15 ++++
.../scigap/production/host_vars/dreg/vars.yml | 3 +
.../host_vars/microbial-genomes/vars.yml | 4 +
.../scigap/production/host_vars/mines/vars.yml | 1 +
.../scigap/production/host_vars/physicell/vars.yml | 8 +-
.../scigap/production/host_vars/smaltr/vars.yml | 2 +-
.../ansible/inventories/scigap/production/hosts | 1 +
.../scigap/staging/group_vars/all/vars.yml | 1 +
dev-tools/ansible/keycloak.yml | 3 +-
dev-tools/ansible/roles/httpd/defaults/main.yml | 7 ++
dev-tools/ansible/roles/httpd/tasks/main.yml | 2 +-
dev-tools/ansible/roles/keycloak/README.md | 10 +--
dev-tools/ansible/roles/keycloak/defaults/main.yml | 15 ++--
dev-tools/ansible/roles/keycloak/files/README.md | 36 ---------
.../keycloak/handlers/main.yml} | 11 +--
dev-tools/ansible/roles/keycloak/tasks/main.yml | 94 +++++++++++-----------
.../roles/keycloak/templates/basic-vhost.conf.j2 | 9 +++
.../roles/keycloak/templates/standalone.xml.j2 | 15 ++--
.../ansible/roles/keycloak/templates/vhost.conf.j2 | 52 ++++++++++++
.../helix/impl/task/staging/ArchiveTask.java | 2 +-
23 files changed, 184 insertions(+), 133 deletions(-)
diff --cc dev-tools/ansible/inventories/scigap/production/group_vars/all/vars.yml
index e102856,2cd74c2..1ccaecd
--- a/dev-tools/ansible/inventories/scigap/production/group_vars/all/vars.yml
+++ b/dev-tools/ansible/inventories/scigap/production/group_vars/all/vars.yml
@@@ -178,5 -179,3 +179,5 @@@ parser_broker_topic: "completed-message
parser_broker_consumer_group: "ParsingConsumer"
parser_storage_resource_id: "pgadev.scigap.org_7ddf28fd-d503-4ff8-bbc5-3279a7c3b99e"
parser_broker_publisher_id: "ParserProducer"
+
- usage_reporting_key: "{{ vault_usage_reporting_key }}"
++usage_reporting_key: "{{ vault_usage_reporting_key }}"