You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airavata.apache.org by ma...@apache.org on 2017/05/02 18:07:56 UTC
[4/5] airavata git commit: AIRAVATA-2342 Updated PGA deploy for
Keycloak
AIRAVATA-2342 Updated PGA deploy for Keycloak
Project: http://git-wip-us.apache.org/repos/asf/airavata/repo
Commit: http://git-wip-us.apache.org/repos/asf/airavata/commit/d81d3ad2
Tree: http://git-wip-us.apache.org/repos/asf/airavata/tree/d81d3ad2
Diff: http://git-wip-us.apache.org/repos/asf/airavata/diff/d81d3ad2
Branch: refs/heads/develop
Commit: d81d3ad23bc134774916698cda95878752ac58cf
Parents: f46b19e
Author: Marcus Christie <ma...@apache.org>
Authored: Fri Apr 28 16:20:48 2017 -0400
Committer: Marcus Christie <ma...@apache.org>
Committed: Tue May 2 14:04:08 2017 -0400
----------------------------------------------------------------------
.../testing-0.17/group_vars/pga/vars.yml | 9 +++++----
dev-tools/ansible/roles/pga/defaults/main.yml | 1 +
.../ansible/roles/pga/templates/pga_config.php.j2 | 17 ++++++-----------
3 files changed, 12 insertions(+), 15 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/airavata/blob/d81d3ad2/dev-tools/ansible/inventories/testing-0.17/group_vars/pga/vars.yml
----------------------------------------------------------------------
diff --git a/dev-tools/ansible/inventories/testing-0.17/group_vars/pga/vars.yml b/dev-tools/ansible/inventories/testing-0.17/group_vars/pga/vars.yml
index 7a5f361..b8df166 100644
--- a/dev-tools/ansible/inventories/testing-0.17/group_vars/pga/vars.yml
+++ b/dev-tools/ansible/inventories/testing-0.17/group_vars/pga/vars.yml
@@ -21,11 +21,12 @@
---
pga_repo: "https://github.com/apache/airavata-php-gateway.git"
git_branch: "keycloak-integration"
-pga_user: "pga"
-pga_group: "pga"
+user: "pga"
+group: "pga"
doc_root_dir: "/var/www/html/php-gateway"
user_data_dir: "/var/www/user_data"
-#vhost_servername: "{{ groups['pga'][0] }}"
+vhost_servername: "{{ groups['pga'][0] }}"
+vhost_ssl: False
## Keycloak related variables
tenant_domain: "test.seagrid"
@@ -33,7 +34,7 @@ admin_username: "admin"
admin_password: "{{ vault_admin_password }}"
oauth_client_key: "{{ vault_oauth_client_key }}"
oauth_client_secret: "{{ vault_oauth_client_secret }}"
-oauth_grant_type: "authorization_code"
+oauth_grant_type: "password"
oidc_discovery_url: "https://iam.scigap.org/auth/realms/test.seagrid/.well-known/openid-configuration"
## Airavata Client related variables
http://git-wip-us.apache.org/repos/asf/airavata/blob/d81d3ad2/dev-tools/ansible/roles/pga/defaults/main.yml
----------------------------------------------------------------------
diff --git a/dev-tools/ansible/roles/pga/defaults/main.yml b/dev-tools/ansible/roles/pga/defaults/main.yml
index 7b9e1e3..721547a 100644
--- a/dev-tools/ansible/roles/pga/defaults/main.yml
+++ b/dev-tools/ansible/roles/pga/defaults/main.yml
@@ -46,6 +46,7 @@ admin_password: "SciDeploy"
oauth_client_key: "RuLl_Uw7i_KXaLoAGJkiasTfyBYa"
oauth_client_secret: "vD9yi2ANkChzgWiih3RahrIcfsoa"
oauth_grant_type: "password"
+oauth_service_url: "https://iam.scigap.org/auth"
admin_role_name: "admin"
admin_readonly_role_name: "admin-read-only"
user_role_name: "gateway-user"
http://git-wip-us.apache.org/repos/asf/airavata/blob/d81d3ad2/dev-tools/ansible/roles/pga/templates/pga_config.php.j2
----------------------------------------------------------------------
diff --git a/dev-tools/ansible/roles/pga/templates/pga_config.php.j2 b/dev-tools/ansible/roles/pga/templates/pga_config.php.j2
index 97ddc11..ed7025c 100644
--- a/dev-tools/ansible/roles/pga/templates/pga_config.php.j2
+++ b/dev-tools/ansible/roles/pga/templates/pga_config.php.j2
@@ -62,19 +62,19 @@ return array(
'oauth-grant-type' => '{{ oauth_grant_type }}',
/**
- * For OIDC servers that support the discovery protocol.
+ * OAuth call back url (only if the grant type is authorization_code)
*/
- 'openid-connect-discovery-url' => '{{ oidc_discovery_url }}',
+ 'oauth-callback-url' => 'http://localhost/callback-url',
/**
- * Identity server domain
+ * For OIDC servers that support the discovery protocol.
*/
- 'server' => 'idp.scigap.org',
+ 'openid-connect-discovery-url' => '{{ oidc_discovery_url }}',
/**
* Identity server url
*/
- 'service-url' => 'https://idp.scigap.org:9443/',
+ 'service-url' => '{{ oauth_service_url }}',
/**
* Enable HTTPS server verification
@@ -84,12 +84,7 @@ return array(
/**
* Path to the server certificate file
*/
- 'cafile-path' => app_path() . '/resources/security/idp_scigap_org.pem',
-
- /**
- * Allow self signed server certificates
- */
- 'allow-self-signed-cert' => false
+ 'cafile-path' => app_path() . '/resources/security/incommon_rsa_server_ca.pem',
],