You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airavata.apache.org by ma...@apache.org on 2017/04/26 14:52:16 UTC
airavata git commit: dREG PGA configuration
Repository: airavata
Updated Branches:
refs/heads/master 2fb19efcc -> f8e55d345
dREG PGA configuration
dREG PGA configuration needs to override the virtual host configuration
to allow some non-HTTPS requests, so a way to override the virtual host
file was implemented.
Project: http://git-wip-us.apache.org/repos/asf/airavata/repo
Commit: http://git-wip-us.apache.org/repos/asf/airavata/commit/f8e55d34
Tree: http://git-wip-us.apache.org/repos/asf/airavata/tree/f8e55d34
Diff: http://git-wip-us.apache.org/repos/asf/airavata/diff/f8e55d34
Branch: refs/heads/master
Commit: f8e55d34576d5d7c6afbd0848daf05841defb361
Parents: 2fb19efc
Author: Marcus Christie <ma...@apache.org>
Authored: Wed Apr 26 10:06:32 2017 -0400
Committer: Marcus Christie <ma...@apache.org>
Committed: Wed Apr 26 10:31:45 2017 -0400
----------------------------------------------------------------------
dev-tools/ansible/ansible.cfg | 2 +-
.../cornell-dnasequence/pga-ssl-vhost.conf.j2 | 31 ++++++++++
.../pga_config/cornell-dnasequence/vars.yml | 63 ++++++++++++++++++++
.../pga_config/cornell-dnasequence/vault.yml | 18 ++++++
dev-tools/ansible/pga-scigap-prod.yml | 1 +
dev-tools/ansible/roles/pga/defaults/main.yml | 3 +
dev-tools/ansible/roles/pga/tasks/main.yml | 6 +-
7 files changed, 120 insertions(+), 4 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/airavata/blob/f8e55d34/dev-tools/ansible/ansible.cfg
----------------------------------------------------------------------
diff --git a/dev-tools/ansible/ansible.cfg b/dev-tools/ansible/ansible.cfg
index 9af1301..bf32223 100644
--- a/dev-tools/ansible/ansible.cfg
+++ b/dev-tools/ansible/ansible.cfg
@@ -1,2 +1,2 @@
[defaults]
-inventory_ignore_extensions = .jks
\ No newline at end of file
+inventory_ignore_extensions = .jks, .j2
http://git-wip-us.apache.org/repos/asf/airavata/blob/f8e55d34/dev-tools/ansible/inventories/scigap/production/pga_config/cornell-dnasequence/pga-ssl-vhost.conf.j2
----------------------------------------------------------------------
diff --git a/dev-tools/ansible/inventories/scigap/production/pga_config/cornell-dnasequence/pga-ssl-vhost.conf.j2 b/dev-tools/ansible/inventories/scigap/production/pga_config/cornell-dnasequence/pga-ssl-vhost.conf.j2
new file mode 100644
index 0000000..ee053cc
--- /dev/null
+++ b/dev-tools/ansible/inventories/scigap/production/pga_config/cornell-dnasequence/pga-ssl-vhost.conf.j2
@@ -0,0 +1,31 @@
+<VirtualHost *:80>
+ ServerName {{ vhost_servername }}
+ {% if vhost_serveralias is defined %}
+ ServerAlias {{ vhost_serveralias }}
+ {% endif %}
+
+ ## Redirect all http traffic to https
+ RewriteEngine On
+ RewriteCond %{HTTPS} off
+ # Don't redirect /gbrowser and /gbfile requests to HTTPS
+ RewriteCond %{THE_REQUEST} !\s/(gbrowser|gbfile)
+ RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
+</VirtualHost>
+
+<VirtualHost *:443>
+ ServerName {{ vhost_servername }}
+ {% if vhost_serveralias is defined %}
+ ServerAlias {{ vhost_serveralias }}
+ {% endif %}
+
+ DocumentRoot {{ doc_root_dir }}/public
+ <Directory "{{ doc_root_dir }}/public">
+ AllowOverride All
+ </Directory>
+ ErrorLog {{ httpd_log_dir[ansible_os_family] }}/{{ gateway_id }}.error.log
+ CustomLog {{ httpd_log_dir[ansible_os_family] }}/{{ gateway_id }}.requests.log combined
+ SSLEngine on
+ SSLCertificateFile {{ ssl_certificate_file }}
+ SSLCertificateChainFile {{ ssl_certificate_chain_file }}
+ SSLCertificateKeyFile {{ ssl_certificate_key_file }}
+</VirtualHost>
http://git-wip-us.apache.org/repos/asf/airavata/blob/f8e55d34/dev-tools/ansible/inventories/scigap/production/pga_config/cornell-dnasequence/vars.yml
----------------------------------------------------------------------
diff --git a/dev-tools/ansible/inventories/scigap/production/pga_config/cornell-dnasequence/vars.yml b/dev-tools/ansible/inventories/scigap/production/pga_config/cornell-dnasequence/vars.yml
new file mode 100644
index 0000000..56cc201
--- /dev/null
+++ b/dev-tools/ansible/inventories/scigap/production/pga_config/cornell-dnasequence/vars.yml
@@ -0,0 +1,63 @@
+#
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+
+---
+
+# FIXME Temporarily dREG is pointed to gw56 (dev)
+airavata_server: "tls://gw56.iu.xsede.org"
+airavata_port: "9930"
+
+pga_repo: "https://github.com/apache/airavata-php-gateway.git"
+git_branch: "dreg-gateway"
+user: "pga"
+group: "pga"
+doc_root_dir: "/var/www/portals/{{ gateway_id }}"
+vhost_servername: "dreg.dnasequence.org"
+vhost_ssl: True
+# TODO: have Ansible manage these files as well
+ssl_certificate_file: "/etc/letsencrypt/live/dreg.dnasequence.org/cert.pem"
+ssl_certificate_chain_file: "/etc/letsencrypt/live/dreg.dnasequence.org/fullchain.pem"
+ssl_certificate_key_file: "/etc/letsencrypt/live/dreg.dnasequence.org/privkey.pem"
+pga_ssl_vhost_template: "{{ inventory_dir }}/pga_config/cornell-dnasequence/pga-ssl-vhost.conf.j2"
+
+## WSO2 IS related variables
+tenant_domain: "dreg.cornell"
+admin_username: "admin"
+admin_password: "{{ vault_admin_password }}"
+oauth_client_key: "{{ vault_oauth_client_key }}"
+oauth_client_secret: "{{ vault_oauth_client_secret }}"
+# dREG gateway automatically gives users the gateway-user role so they don't have to wait on admin approval
+initial_role_name: "gateway-user"
+
+gateway_id: "cornelldna"
+# relative to document root dir
+experiment_data_dir: "{{ user_data_dir }}/cornell-dnasequence"
+gateway_data_store_resource_id: "gf4.ucs.indiana.edu_61552681-96f0-462a-a36c-a62a010bffc6"
+gateway_data_store_ssh_public_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCTs6k2lSt5nn+UF3N1rAko9WjdtHZ1xLcKxCG4+4AVMdTIeng12g+1qB5hIFiDgesT/D/nzoA27EFj5nWiYanxBySNgl1Re8kR0nEqQbR0zj1dSibmfjW+vmOZzEiNSrNoLlc4KbFgqFCRGIlZ1bWZ7yHtJ3I7xxfKhvvxCTzJ4K71v1aovnDTUYophy2lUsdOcOq84Qhv3ITZafgblz3mJSwVpnnI72IepzonzDUdcf/w0lKCl70L9MgQAZ2V4e9sQZWJLI5s1VtJsqKggtgI4goPyxXROoH9PTUZFqvvYjLGW8JVS9eZKblSKil09yckPfZCSk1i/UD/uY6O7bjf"
+
+## Portal related variables
+super_admin_portal: "false"
+admin_emails: "['zw355@cornell.edu','sgg@iu.edu']"
+portal_email_username: "pga.airavata@gmail.com"
+portal_email_password: "{{ vault_portal_email_password }}"
+# The portal theme is included in the dreg-gateway branch of airavata-php-gateway
+portal_theme: "dreg"
+portal_title: "dREG DNA Sequencing"
+...
http://git-wip-us.apache.org/repos/asf/airavata/blob/f8e55d34/dev-tools/ansible/inventories/scigap/production/pga_config/cornell-dnasequence/vault.yml
----------------------------------------------------------------------
diff --git a/dev-tools/ansible/inventories/scigap/production/pga_config/cornell-dnasequence/vault.yml b/dev-tools/ansible/inventories/scigap/production/pga_config/cornell-dnasequence/vault.yml
new file mode 100644
index 0000000..eaca63b
--- /dev/null
+++ b/dev-tools/ansible/inventories/scigap/production/pga_config/cornell-dnasequence/vault.yml
@@ -0,0 +1,18 @@
+$ANSIBLE_VAULT;1.1;AES256
+37653231363231666433316261313238643763633234663866393832386236643436623566303263
+3334323065363831656435383564623034393661323037300a343263316666633131366134613661
+39633030386362623966303630653462373762373034323134356539313036376563613335383135
+3962646533323362370a383064616634303730373232353663386165313666303732396635643562
+39313037323264656236323337643862636265626138656435303064353531616264633435643965
+38616138613039336666313436643635666337643533343264326637653864356563343532333262
+35323335336437333964373366653737343032306238643032343162353437666664376636353236
+32363138633432396330613832656266663734616131383735393565343133626666313766313164
+35386534313033623563613635343163633564613636636236316633623263313437626337663530
+64313166323263353266623135616236653463356439363530373630653232363863303238356265
+65363630393364636238643861386161356635666331336530626533666434373931393237643861
+33383663653439313064393735653064323836656666343366636161643938396136383234386232
+33343238636238373936663365316663653532616364636336363936316235353164636365613738
+33346462386230623735376132306663633932363838643935373539316565626435646565393833
+66623065373162623964363665646436356464643366633764323232343736353032616561643637
+30326166396262316335323463323763653930653263613162663336343863313937393934313765
+30626235653162643566366361303630616437346539333436616666313738346232
http://git-wip-us.apache.org/repos/asf/airavata/blob/f8e55d34/dev-tools/ansible/pga-scigap-prod.yml
----------------------------------------------------------------------
diff --git a/dev-tools/ansible/pga-scigap-prod.yml b/dev-tools/ansible/pga-scigap-prod.yml
index a4192b5..6ab9c9d 100644
--- a/dev-tools/ansible/pga-scigap-prod.yml
+++ b/dev-tools/ansible/pga-scigap-prod.yml
@@ -21,6 +21,7 @@
---
- include: pga-single-vhost.yml vars_dir="{{ inventory_dir }}/pga_config/brandeis"
- include: pga-single-vhost.yml vars_dir="{{ inventory_dir }}/pga_config/cinetvtech"
+- include: pga-single-vhost.yml vars_dir="{{ inventory_dir }}/pga_config/cornell-dnasequence"
- include: pga-single-vhost.yml vars_dir="{{ inventory_dir }}/pga_config/georgiastate"
- include: pga-single-vhost.yml vars_dir="{{ inventory_dir }}/pga_config/iugateway"
- include: pga-single-vhost.yml vars_dir="{{ inventory_dir }}/pga_config/lsu"
http://git-wip-us.apache.org/repos/asf/airavata/blob/f8e55d34/dev-tools/ansible/roles/pga/defaults/main.yml
----------------------------------------------------------------------
diff --git a/dev-tools/ansible/roles/pga/defaults/main.yml b/dev-tools/ansible/roles/pga/defaults/main.yml
index e2690f3..4b66323 100644
--- a/dev-tools/ansible/roles/pga/defaults/main.yml
+++ b/dev-tools/ansible/roles/pga/defaults/main.yml
@@ -33,6 +33,9 @@ httpd_log_dir:
Debian: /var/log/apache2
RedHat: /var/log/httpd
+pga_vhost_template: "pga-vhost.conf.j2"
+pga_ssl_vhost_template: "pga-ssl-vhost.conf.j2"
+
## WSO2 IS related variables
tenant_domain: "prod.testdrive"
admin_username: "tdaadmin"
http://git-wip-us.apache.org/repos/asf/airavata/blob/f8e55d34/dev-tools/ansible/roles/pga/tasks/main.yml
----------------------------------------------------------------------
diff --git a/dev-tools/ansible/roles/pga/tasks/main.yml b/dev-tools/ansible/roles/pga/tasks/main.yml
index 384ef25..3279a97 100644
--- a/dev-tools/ansible/roles/pga/tasks/main.yml
+++ b/dev-tools/ansible/roles/pga/tasks/main.yml
@@ -101,7 +101,7 @@
dest: "{{ doc_root_dir }}/public/themes/{{ portal_theme }}"
version: "master"
update: yes
- when: portal_theme != "base"
+ when: portal_theme != "base" and portal_theme_repo != ""
become: yes
become_user: "{{user}}"
@@ -127,14 +127,14 @@
become: yes
- name: copy virtual host config file
- template: src=pga-vhost.conf.j2 dest={{ httpd_confd_file_location[ansible_os_family] }} backup=yes
+ template: src={{ pga_vhost_template }} dest={{ httpd_confd_file_location[ansible_os_family] }} backup=yes
become: yes
notify:
- restart httpd
when: not vhost_ssl
- name: copy SSL enabled virtual host config file
- template: src=pga-ssl-vhost.conf.j2 dest={{ httpd_confd_file_location[ansible_os_family] }} backup=yes
+ template: src={{ pga_ssl_vhost_template }} dest={{ httpd_confd_file_location[ansible_os_family] }} backup=yes
become: yes
notify:
- restart httpd