You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airavata.apache.org by ma...@apache.org on 2017/05/02 18:07:56 UTC

[4/5] airavata git commit: AIRAVATA-2342 Updated PGA deploy for Keycloak

AIRAVATA-2342 Updated PGA deploy for Keycloak


Project: http://git-wip-us.apache.org/repos/asf/airavata/repo
Commit: http://git-wip-us.apache.org/repos/asf/airavata/commit/d81d3ad2
Tree: http://git-wip-us.apache.org/repos/asf/airavata/tree/d81d3ad2
Diff: http://git-wip-us.apache.org/repos/asf/airavata/diff/d81d3ad2

Branch: refs/heads/develop
Commit: d81d3ad23bc134774916698cda95878752ac58cf
Parents: f46b19e
Author: Marcus Christie <ma...@apache.org>
Authored: Fri Apr 28 16:20:48 2017 -0400
Committer: Marcus Christie <ma...@apache.org>
Committed: Tue May 2 14:04:08 2017 -0400

----------------------------------------------------------------------
 .../testing-0.17/group_vars/pga/vars.yml           |  9 +++++----
 dev-tools/ansible/roles/pga/defaults/main.yml      |  1 +
 .../ansible/roles/pga/templates/pga_config.php.j2  | 17 ++++++-----------
 3 files changed, 12 insertions(+), 15 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/airavata/blob/d81d3ad2/dev-tools/ansible/inventories/testing-0.17/group_vars/pga/vars.yml
----------------------------------------------------------------------
diff --git a/dev-tools/ansible/inventories/testing-0.17/group_vars/pga/vars.yml b/dev-tools/ansible/inventories/testing-0.17/group_vars/pga/vars.yml
index 7a5f361..b8df166 100644
--- a/dev-tools/ansible/inventories/testing-0.17/group_vars/pga/vars.yml
+++ b/dev-tools/ansible/inventories/testing-0.17/group_vars/pga/vars.yml
@@ -21,11 +21,12 @@
 ---
 pga_repo: "https://github.com/apache/airavata-php-gateway.git"
 git_branch: "keycloak-integration"
-pga_user: "pga"
-pga_group: "pga"
+user: "pga"
+group: "pga"
 doc_root_dir: "/var/www/html/php-gateway"
 user_data_dir: "/var/www/user_data"
-#vhost_servername: "{{ groups['pga'][0] }}"
+vhost_servername: "{{ groups['pga'][0] }}"
+vhost_ssl: False
 
 ## Keycloak related variables
 tenant_domain: "test.seagrid"
@@ -33,7 +34,7 @@ admin_username: "admin"
 admin_password: "{{ vault_admin_password }}"
 oauth_client_key: "{{ vault_oauth_client_key }}"
 oauth_client_secret: "{{ vault_oauth_client_secret }}"
-oauth_grant_type: "authorization_code"
+oauth_grant_type: "password"
 oidc_discovery_url: "https://iam.scigap.org/auth/realms/test.seagrid/.well-known/openid-configuration"
 
 ## Airavata Client related variables

http://git-wip-us.apache.org/repos/asf/airavata/blob/d81d3ad2/dev-tools/ansible/roles/pga/defaults/main.yml
----------------------------------------------------------------------
diff --git a/dev-tools/ansible/roles/pga/defaults/main.yml b/dev-tools/ansible/roles/pga/defaults/main.yml
index 7b9e1e3..721547a 100644
--- a/dev-tools/ansible/roles/pga/defaults/main.yml
+++ b/dev-tools/ansible/roles/pga/defaults/main.yml
@@ -46,6 +46,7 @@ admin_password: "SciDeploy"
 oauth_client_key: "RuLl_Uw7i_KXaLoAGJkiasTfyBYa"
 oauth_client_secret: "vD9yi2ANkChzgWiih3RahrIcfsoa"
 oauth_grant_type: "password"
+oauth_service_url: "https://iam.scigap.org/auth"
 admin_role_name: "admin"
 admin_readonly_role_name: "admin-read-only"
 user_role_name: "gateway-user"

http://git-wip-us.apache.org/repos/asf/airavata/blob/d81d3ad2/dev-tools/ansible/roles/pga/templates/pga_config.php.j2
----------------------------------------------------------------------
diff --git a/dev-tools/ansible/roles/pga/templates/pga_config.php.j2 b/dev-tools/ansible/roles/pga/templates/pga_config.php.j2
index 97ddc11..ed7025c 100644
--- a/dev-tools/ansible/roles/pga/templates/pga_config.php.j2
+++ b/dev-tools/ansible/roles/pga/templates/pga_config.php.j2
@@ -62,19 +62,19 @@ return array(
         'oauth-grant-type' => '{{ oauth_grant_type }}',
 
         /**
-         * For OIDC servers that support the discovery protocol.
+         * OAuth call back url (only if the grant type is authorization_code)
          */
-        'openid-connect-discovery-url' => '{{ oidc_discovery_url }}',
+        'oauth-callback-url' => 'http://localhost/callback-url',
 
         /**
-         * Identity server domain
+         * For OIDC servers that support the discovery protocol.
          */
-        'server' => 'idp.scigap.org',
+        'openid-connect-discovery-url' => '{{ oidc_discovery_url }}',
 
         /**
          * Identity server url
          */
-        'service-url' => 'https://idp.scigap.org:9443/',
+        'service-url' => '{{ oauth_service_url }}',
 
         /**
          * Enable HTTPS server verification
@@ -84,12 +84,7 @@ return array(
         /**
          * Path to the server certificate file
          */
-        'cafile-path' => app_path() . '/resources/security/idp_scigap_org.pem',
-
-        /**
-         * Allow self signed server certificates
-         */
-        'allow-self-signed-cert' => false
+        'cafile-path' => app_path() . '/resources/security/incommon_rsa_server_ca.pem',
     ],