You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airavata.apache.org by sh...@apache.org on 2016/09/24 01:58:39 UTC
[14/29] airavata git commit: Deploy wso2is on aws EC2 instance
Deploy wso2is on aws EC2 instance
Project: http://git-wip-us.apache.org/repos/asf/airavata/repo
Commit: http://git-wip-us.apache.org/repos/asf/airavata/commit/93ec75b6
Tree: http://git-wip-us.apache.org/repos/asf/airavata/tree/93ec75b6
Diff: http://git-wip-us.apache.org/repos/asf/airavata/diff/93ec75b6
Branch: refs/heads/develop
Commit: 93ec75b61ddaa5585700fed81a6e173b2850817d
Parents: 433ae48
Author: Shameera Rathnayaka <sh...@gmail.com>
Authored: Tue Aug 16 22:19:12 2016 -0400
Committer: Shameera Rathnayaka <sh...@gmail.com>
Committed: Tue Aug 16 22:19:12 2016 -0400
----------------------------------------------------------------------
group_vars/all | 12 +-
hosts | 28 +-
roles/env_setup/tasks/main.yml | 33 +-
roles/rabbitmq/tasks/main.yml | 17 +-
roles/rabbitmq/vars/main.yml | 2 +
roles/wso2_is/tasks/main.yml | 69 +++
roles/wso2_is/templates/carbon.xml.j2 | 688 +++++++++++++++++++++++++++++
roles/wso2_is/vars/main.yml | 18 +
site.yml | 4 +
9 files changed, 837 insertions(+), 34 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/airavata/blob/93ec75b6/group_vars/all
----------------------------------------------------------------------
diff --git a/group_vars/all b/group_vars/all
index bae52a5..e1b8187 100644
--- a/group_vars/all
+++ b/group_vars/all
@@ -1,10 +1,11 @@
---
ansible_connection: ssh
-ansible_ssh_user: root
-ansible_ssh_private_key_file: /Users/syodage/Projects/scigap/JetCloud/jetcloud.key
+ansible_ssh_user: centos
+#ansible_ssh_private_key_file: /Users/syodage/Projects/scigap/JetCloud/jetcloud.key
+ansible_ssh_private_key_file: /Users/syodage/Projects/airavata-ansible/shameera-aws.pem.txt
-user: airavata
-group: airavata
+user: centos
+group: centos
user_home: "/home/{{ user }}"
deployment_dir: "{{ user_home }}/master-deployment"
@@ -24,7 +25,8 @@ rabbitmq_server: "localhost"
rabbitmq_vhost: "master"
rabbitmq_user: "airavata"
rabbitmq_password: "airavata"
-rabbitmq_broker_url: "amqp://{{ rabbitmq_user }}:{{ rabbitmq_password }}@{{ rabbitmq_server}}:5672/{{ rabbitmq_vhost }}"
+rabbitmq_port: "5672"
+rabbitmq_broker_url: "amqp://{{ rabbitmq_user }}:{{ rabbitmq_password }}@{{ rabbitmq_server}}:{{ rabbitmq_port }}/{{ rabbitmq_vhost }}"
key_store: "airavata.jks"
cred_key_store: "client_truststore.jks"
http://git-wip-us.apache.org/repos/asf/airavata/blob/93ec75b6/hosts
----------------------------------------------------------------------
diff --git a/hosts b/hosts
index 8a317b8..819e1ab 100644
--- a/hosts
+++ b/hosts
@@ -1,25 +1,29 @@
+---
# inventory file : production
[api-orch]
-#149.165.156.196 host_name=js-156-196 host_address=149.165.156.196
-js-171-11.jetstream-cloud.org
+#js-156.196.jetstream-cloud.org
+#js-171-11.jetstream-cloud.org
[gfac]
-#149.165.156.196 host_name=js-156-196 host_address=149.165.156.196
-js-171-11.jetstream-cloud.org
+#js-156.196.jetstream-cloud.org
+#js-171-11.jetstream-cloud.org
[pga]
-#149.165.156.196
-js-171-11.jetstream-cloud.org
+#js-156.196.jetstream-cloud.org
+#js-171-11.jetstream-cloud.org
[zookeeper]
-#149.165.156.196 host_name=js-156-196 host_address=149.165.156.196
-js-171-11.jetstream-cloud.org
+#js-156.196.jetstream-cloud.org
+#js-171-11.jetstream-cloud.org
[rabbitmq]
-#149.165.156.196 host_name=js-156-196 host_address=149.165.156.196
-js-171-11.jetstream-cloud.org
+#js-156.196.jetstream-cloud.org
+#js-171-11.jetstream-cloud.org rabbit_hostName="jetcloud-1-centos-7"
[database]
-#149.165.156.196
-js-171-11.jetstream-cloud.org
+#js-156.196.jetstream-cloud.org
+#js-171-11.jetstream-cloud.org
+
+[wso2is]
+107.23.143.252
http://git-wip-us.apache.org/repos/asf/airavata/blob/93ec75b6/roles/env_setup/tasks/main.yml
----------------------------------------------------------------------
diff --git a/roles/env_setup/tasks/main.yml b/roles/env_setup/tasks/main.yml
index a20b018..395d0a8 100644
--- a/roles/env_setup/tasks/main.yml
+++ b/roles/env_setup/tasks/main.yml
@@ -3,32 +3,29 @@
#All commons tasks goes here
- name: Create a new user group "{{ group }}"
group: name={{ group }}
- tags: user
- name: Create a new user "{{ user }}"
user: name={{ user }} group={{ group }}
- tags: user
################################################################################
-- name: Install git latest version
- yum: name=git state=latest update_cache=yes
- tags: env
+- name: Install pre-requireties
+ yum: name={{ item }} state=latest update_cache=yes
+ with_items:
+ - git
+ - maven
+ - firewalld
+ - unzip #need for wso2
-- name: Install maven latest version
- yum: name=maven state=latest update_cache=yes
- tags: env
################################################################################
# Install Orcal Java
- name: download oracle java 8 rpm
get_url: url="{{ java_rpm_url }}" dest="{{ java_dir_source }}" headers='Cookie:oraclelicense=accept-securebackup-cookie'
- tags: env
- name: Install oracle java 8
yum: name="{{ java_dir_source }}/{{ java_rpm_filename }}" state=present
- tags: env
-- name: set Java version as default
+- name: set Oracle Java {{ java_version_string }} as default
alternatives:
name="{{ item.exe }}"
link="/usr/bin/{{ item.exe }}"
@@ -38,7 +35,17 @@
- { path: "{{ java_home }}/jre/bin", exe: 'keytool' }
- { path: "{{ java_home }}/bin", exe: 'javac' }
- { path: "{{ java_home }}/bin", exe: 'javadoc' }
- tags: env
-# End
+ # TODO: stop iptables service, can't have both iptables and firewalld on same host
+ # if we try to stop non existing service ansible fails.
+# - name: Stop iptables, ip6tables services
+# service: name="{{ item }}" state=stopped
+# with_items:
+# - iptables
+# - ip6tables
+
+- name: Start firewalld service
+ service: name=firewalld state=started
+ become: yes
+
...
http://git-wip-us.apache.org/repos/asf/airavata/blob/93ec75b6/roles/rabbitmq/tasks/main.yml
----------------------------------------------------------------------
diff --git a/roles/rabbitmq/tasks/main.yml b/roles/rabbitmq/tasks/main.yml
index 56ae071..d1e7ce5 100644
--- a/roles/rabbitmq/tasks/main.yml
+++ b/roles/rabbitmq/tasks/main.yml
@@ -1,23 +1,32 @@
---
-
-
################################################################################
# Setup and run rabbitmq
- name: Install erlang latest version
yum: name=https://www.rabbitmq.com/releases/erlang/erlang-18.3-1.el7.centos.x86_64.rpm state=present
+ become: yes
- name: Install Rabbitmq rpm
yum: name=https://www.rabbitmq.com/releases/rabbitmq-server/v3.6.3/rabbitmq-server-3.6.3-1.noarch.rpm state=present
+ become: yes
# add hostname to /etc/hosts file
- name: get ip4 address
- command: dig +short myip.opendns.com @resolver1.opendns.com
+ # command: dig +short myip.opendns.com @resolver1.opendns.com
+ command: hostname -i
register: _ip4
+- name: open rabbitmq ports
+ firewalld: port={{ item }} zone=public permanent=true state=enabled immediate=yes
+ with_items:
+ - "{{ rabbitmq_port }}/tcp"
+ - "{{ management_plugin_port }}/tcp"
+ become: yes
+
- name: Edit /etc/hosts file
- lineinfile: dest=/etc/hosts line="{{ _ip4.stdout }} {{ ansible_hostname }} {{ ansible_fqdn }}"
+ lineinfile: dest=/etc/hosts line="{{ _ip4.stdout }} {{ rabbit_hostName }}"
notify:
- restart rabbitmq
+ become: yes
- name: Start Rabbitmq server
service: name=rabbitmq-server state=started
http://git-wip-us.apache.org/repos/asf/airavata/blob/93ec75b6/roles/rabbitmq/vars/main.yml
----------------------------------------------------------------------
diff --git a/roles/rabbitmq/vars/main.yml b/roles/rabbitmq/vars/main.yml
new file mode 100644
index 0000000..c5ab904
--- /dev/null
+++ b/roles/rabbitmq/vars/main.yml
@@ -0,0 +1,2 @@
+---
+management_plugin_port: "15672"
http://git-wip-us.apache.org/repos/asf/airavata/blob/93ec75b6/roles/wso2_is/tasks/main.yml
----------------------------------------------------------------------
diff --git a/roles/wso2_is/tasks/main.yml b/roles/wso2_is/tasks/main.yml
new file mode 100644
index 0000000..6cd03b0
--- /dev/null
+++ b/roles/wso2_is/tasks/main.yml
@@ -0,0 +1,69 @@
+---
+# TODO- replace java install with env_setup role
+# Install Orcal Java
+- name: download oracle java 8 rpm
+ get_url: url="{{ java_rpm_url }}" dest="{{ java_dir_source }}" headers='Cookie:oraclelicense=accept-securebackup-cookie'
+ become: yes
+ become_user: root
+
+- name: Install oracle java 8
+ yum: name="{{ java_dir_source }}/{{ java_rpm_filename }}" state=present
+ become: yes
+ become_user: root
+
+- name: set Oracle Java {{ java_version_string }} as default
+ alternatives:
+ name="{{ item.exe }}"
+ link="/usr/bin/{{ item.exe }}"
+ path="{{ item.path }}/{{ item.exe }}"
+ with_items:
+ - { path: "{{ java_home }}/jre/bin", exe: 'java' }
+ - { path: "{{ java_home }}/jre/bin", exe: 'keytool' }
+ - { path: "{{ java_home }}/bin", exe: 'javac' }
+ - { path: "{{ java_home }}/bin", exe: 'javadoc' }
+ become: yes
+ become_user: root
+
+- name: Install pre-requireties
+ yum: name=unzip state=latest update_cache=yes
+ become: yes
+
+- name: Install pre-requireties
+ yum: name=firewalld state=latest update_cache=yes
+ become: yes
+# downlaod wso2 is
+# extract it
+# - name: Download and unarchive wso2 is
+# unarchive: src="{{ zookeeper_url }}" dest="{{ user_home }}" copy=no owner="{{ user }}" group="{{ group }}"
+# for now wso2is from localhost
+- name: Copy WSO2 IS
+ unarchive: >
+ src="{{ wso2_is_dist }}"
+ dest="{{ user_home }}/"
+ owner="{{ user }}"
+ group="{{ group }}"
+ creates="{{ user_home }}/{{ wso2_is_dir }}/bin/wso2server.sh"
+
+- name: Copy carbon.xml
+ template: src=carbon.xml.j2 dest="{{ user_home }}/{{ wso2_is_dir }}/repository/conf/carbon.xml" owner="{{ user }}" group="{{ group }}" mode="u=rw,g=r,o=r"
+
+
+- name: Start firewalld service
+ service: name=firewalld state=started
+ become: yes
+
+- name: open carabon management console port
+ firewalld: port=9443/tcp zone=public permanent=true state=enabled immediate=yes
+ become: yes
+
+# start wso2 is server
+- name: start wso2 is
+ command: ./bin/wso2server.sh start chdir="{{ user_home }}/{{ wso2_is_dir }}/" creates="{{ user_home }}/{{ wso2_is_dir }}/wso2carbon.pid"
+ environment:
+ JAVA_HOME: "{{ java_home }}"
+
+# - name: stop wso2 is
+ # command: ./bin/airavata-server-stop.sh -f chdir="{{ gfac_dir }}/{{ airavata_dist }}/" removes="{{ gfac_dir }}/{{ airavata_dist }}/bin/server_start_*"
+
+
+...
http://git-wip-us.apache.org/repos/asf/airavata/blob/93ec75b6/roles/wso2_is/templates/carbon.xml.j2
----------------------------------------------------------------------
diff --git a/roles/wso2_is/templates/carbon.xml.j2 b/roles/wso2_is/templates/carbon.xml.j2
new file mode 100755
index 0000000..5f421f2
--- /dev/null
+++ b/roles/wso2_is/templates/carbon.xml.j2
@@ -0,0 +1,688 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!--
+ Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+
+<!--
+ This is the main server configuration file
+
+ ${carbon.home} represents the carbon.home system property.
+ Other system properties can be specified in a similar manner.
+-->
+<Server xmlns="http://wso2.org/projects/carbon/carbon.xml">
+
+ <!--
+ Product Name
+ -->
+ <Name>WSO2 Identity Server</Name>
+
+ <!--
+ machine readable unique key to identify each product
+ -->
+ <ServerKey>IS</ServerKey>
+
+ <!--
+ Product Version
+ -->
+ <Version>5.1.0</Version>
+
+ <!--
+ Host name or IP address of the machine hosting this server
+ e.g. www.wso2.org, 192.168.1.10
+ This is will become part of the End Point Reference of the
+ services deployed on this server instance.
+ -->
+ <HostName>{{ ansible_fqdn }}</HostName>
+
+ <!--
+ Host name to be used for the Carbon management console
+ -->
+ <MgtHostName>localhost</MgtHostName>
+
+ <!--
+ The URL of the back end server. This is where the admin services are hosted and
+ will be used by the clients in the front end server.
+ This is required only for the Front-end server. This is used when seperating BE server from FE server
+ -->
+ <ServerURL>local:/${carbon.context}/services/</ServerURL>
+ <!--
+ <ServerURL>https://localhost:${carbon.management.port}${carbon.context}/services/</ServerURL>
+ -->
+ <!--
+ The URL of the index page. This is where the user will be redirected after signing in to the
+ carbon server.
+ -->
+ <!-- IndexPageURL>/carbon/admin/index.jsp</IndexPageURL-->
+
+ <!--
+ For cApp deployment, we have to identify the roles that can be acted by the current server.
+ The following property is used for that purpose. Any number of roles can be defined here.
+ Regular expressions can be used in the role.
+ Ex : <Role>.*</Role> means this server can act any role
+ -->
+ <ServerRoles>
+ <Role>IdentityServer</Role>
+ </ServerRoles>
+
+ <!-- uncommnet this line to subscribe to a bam instance automatically -->
+ <!--<BamServerURL>https://bamhost:bamport/services/</BamServerURL>-->
+
+ <!--
+ The fully qualified name of the server
+ -->
+ <Package>org.wso2.carbon</Package>
+
+ <!--
+ Webapp context root of WSO2 Carbon management console.
+ -->
+ <WebContextRoot>/</WebContextRoot>
+
+ <!--
+ Proxy context path is a useful parameter to add a proxy path when a Carbon server is fronted by reverse proxy. In addtion
+ to the proxy host and proxy port this parameter allows you add a path component to external URLs. e.g.
+ URL of the Carbon server -> https://10.100.1.1:9443/carbon
+ URL of the reverse proxy -> https://prod.abc.com/appserver/carbon
+
+ appserver - proxy context path. This specially required whenever you are generating URLs to displace in
+ Carbon UI components.
+ -->
+ <!--
+ <MgtProxyContextPath></MgtProxyContextPath>
+ <ProxyContextPath></ProxyContextPath>
+ -->
+
+ <!-- In-order to get the registry http Port from the back-end when the default http transport is not the same-->
+ <!--RegistryHttpPort>9763</RegistryHttpPort-->
+
+ <!--
+ Number of items to be displayed on a management console page. This is used at the
+ backend server for pagination of various items.
+ -->
+ <ItemsPerPage>15</ItemsPerPage>
+
+ <!-- The endpoint URL of the cloud instance management Web service -->
+ <!--<InstanceMgtWSEndpoint>https://ec2.amazonaws.com/</InstanceMgtWSEndpoint>-->
+
+ <!--
+ Ports used by this server
+ -->
+ <Ports>
+
+ <!-- Ports offset. This entry will set the value of the ports defined below to
+ the define value + Offset.
+ e.g. Offset=2 and HTTPS port=9443 will set the effective HTTPS port to 9445
+ -->
+ <Offset>0</Offset>
+
+ <!-- The JMX Ports -->
+ <JMX>
+ <!--The port RMI registry is exposed-->
+ <RMIRegistryPort>9999</RMIRegistryPort>
+ <!--The port RMI server should be exposed-->
+ <RMIServerPort>11111</RMIServerPort>
+ </JMX>
+
+ <!-- Embedded LDAP server specific ports -->
+ <EmbeddedLDAP>
+ <!-- Port which embedded LDAP server runs -->
+ <LDAPServerPort>10389</LDAPServerPort>
+ <!-- Port which KDC (Kerberos Key Distribution Center) server runs -->
+ <KDCServerPort>8000</KDCServerPort>
+ </EmbeddedLDAP>
+
+ <!--
+ Override datasources JNDIproviderPort defined in bps.xml and datasources.properties files
+ -->
+ <!--<JNDIProviderPort>2199</JNDIProviderPort>-->
+ <!--Override receive port of thrift based entitlement service.-->
+ <ThriftEntitlementReceivePort>10500</ThriftEntitlementReceivePort>
+
+ <!--
+ This is the proxy port of the worker cluster. These need to be configured in a scenario where
+ manager node is not exposed through the load balancer through which the workers are exposed
+ therefore doesn't have a proxy port.
+ <WorkerHttpProxyPort>80</WorkerHttpProxyPort>
+ <WorkerHttpsProxyPort>443</WorkerHttpsProxyPort>
+ -->
+
+ </Ports>
+
+ <!--
+ JNDI Configuration
+ -->
+ <JNDI>
+ <!--
+ The fully qualified name of the default initial context factory
+ -->
+ <DefaultInitialContextFactory>org.wso2.carbon.tomcat.jndi.CarbonJavaURLContextFactory</DefaultInitialContextFactory>
+ <!--
+ The restrictions that are done to various JNDI Contexts in a Multi-tenant environment
+ -->
+ <Restrictions>
+ <!--
+ Contexts that will be available only to the super-tenant
+ -->
+ <!-- <SuperTenantOnly>
+ <UrlContexts>
+ <UrlContext>
+ <Scheme>foo</Scheme>
+ </UrlContext>
+ <UrlContext>
+ <Scheme>bar</Scheme>
+ </UrlContext>
+ </UrlContexts>
+ </SuperTenantOnly> -->
+ <!--
+ Contexts that are common to all tenants
+ -->
+ <AllTenants>
+ <UrlContexts>
+ <UrlContext>
+ <Scheme>java</Scheme>
+ </UrlContext>
+ <!-- <UrlContext>
+ <Scheme>foo</Scheme>
+ </UrlContext> -->
+ </UrlContexts>
+ </AllTenants>
+ <!--
+ All other contexts not mentioned above will be available on a per-tenant basis
+ (i.e. will not be shared among tenants)
+ -->
+ </Restrictions>
+ </JNDI>
+
+ <!--
+ Property to determine if the server is running an a cloud deployment environment.
+ This property should only be used to determine deployment specific details that are
+ applicable only in a cloud deployment, i.e when the server deployed *-as-a-service.
+ -->
+ <IsCloudDeployment>false</IsCloudDeployment>
+
+ <!--
+ Property to determine whether usage data should be collected for metering purposes
+ -->
+ <EnableMetering>false</EnableMetering>
+
+ <!-- The Max time a thread should take for execution in seconds -->
+ <MaxThreadExecutionTime>600</MaxThreadExecutionTime>
+
+ <!--
+ A flag to enable or disable Ghost Deployer. By default this is set to false. That is
+ because the Ghost Deployer works only with the HTTP/S transports. If you are using
+ other transports, don't enable Ghost Deployer.
+ -->
+ <GhostDeployment>
+ <Enabled>false</Enabled>
+ </GhostDeployment>
+
+
+ <!--
+ Eager loading or lazy loading is a design pattern commonly used in computer programming which
+ will initialize an object upon creation or load on-demand. In carbon, lazy loading is used to
+ load tenant when a request is received only. Similarly Eager loading is used to enable load
+ existing tenants after carbon server starts up. Using this feature, you will be able to include
+ or exclude tenants which are to be loaded when server startup.
+
+ We can enable only one LoadingPolicy at a given time.
+
+ 1. Tenant Lazy Loading
+ This is the default behaviour and enabled by default. With this policy, tenants are not loaded at
+ server startup, but loaded based on-demand (i.e when a request is received for a tenant).
+ The default tenant idle time is 30 minutes.
+
+ 2. Tenant Eager Loading
+ This is by default not enabled. It can be be enabled by un-commenting the <EagerLoading> section.
+ The eager loading configurations supported are as below. These configurations can be given as the
+ value for <Include> element with eager loading.
+ (i)Load all tenants when server startup - *
+ (ii)Load all tenants except foo.com & bar.com - *,!foo.com,!bar.com
+ (iii)Load only foo.com & bar.com to be included - foo.com,bar.com
+ -->
+ <Tenant>
+ <LoadingPolicy>
+ <LazyLoading>
+ <IdleTime>30</IdleTime>
+ </LazyLoading>
+ <!-- <EagerLoading>
+ <Include>*,!foo.com,!bar.com</Include>
+ </EagerLoading>-->
+ </LoadingPolicy>
+ </Tenant>
+
+ <!--
+ Caching related configurations
+ -->
+ <Cache>
+ <!-- Default cache timeout in minutes -->
+ <DefaultCacheTimeout>15</DefaultCacheTimeout>
+ </Cache>
+
+ <!--
+ Axis2 related configurations
+ -->
+ <Axis2Config>
+ <!--
+ Location of the Axis2 Services & Modules repository
+
+ This can be a directory in the local file system, or a URL.
+
+ e.g.
+ 1. /home/wso2wsas/repository/ - An absolute path
+ 2. repository - In this case, the path is relative to CARBON_HOME
+ 3. file:///home/wso2wsas/repository/
+ 4. http://wso2wsas/repository/
+ -->
+ <RepositoryLocation>${carbon.home}/repository/deployment/server/</RepositoryLocation>
+
+ <!--
+ Deployment update interval in seconds. This is the interval between repository listener
+ executions.
+ -->
+ <DeploymentUpdateInterval>15</DeploymentUpdateInterval>
+
+ <!--
+ Location of the main Axis2 configuration descriptor file, a.k.a. axis2.xml file
+
+ This can be a file on the local file system, or a URL
+
+ e.g.
+ 1. /home/repository/axis2.xml - An absolute path
+ 2. conf/axis2.xml - In this case, the path is relative to CARBON_HOME
+ 3. file:///home/carbon/repository/axis2.xml
+ 4. http://repository/conf/axis2.xml
+ -->
+ <ConfigurationFile>${carbon.home}/repository/conf/axis2/axis2.xml</ConfigurationFile>
+
+ <!--
+ ServiceGroupContextIdleTime, which will be set in ConfigurationContex
+ for multiple clients which are going to access the same ServiceGroupContext
+ Default Value is 30 Sec.
+ -->
+ <ServiceGroupContextIdleTime>30000</ServiceGroupContextIdleTime>
+
+ <!--
+ This repository location is used to crete the client side configuration
+ context used by the server when calling admin services.
+ -->
+ <ClientRepositoryLocation>${carbon.home}/repository/deployment/client/</ClientRepositoryLocation>
+ <!-- This axis2 xml is used in createing the configuration context by the FE server
+ calling to BE server -->
+ <clientAxis2XmlLocation>${carbon.home}/repository/conf/axis2/axis2_client.xml</clientAxis2XmlLocation>
+ <!-- If this parameter is set, the ?wsdl on an admin service will not give the admin service wsdl. -->
+ <HideAdminServiceWSDLs>true</HideAdminServiceWSDLs>
+
+ <!--WARNING-Use With Care! Uncommenting bellow parameter would expose all AdminServices in HTTP transport.
+ With HTTP transport your credentials and data routed in public channels are vulnerable for sniffing attacks.
+ Use bellow parameter ONLY if your communication channels are confirmed to be secured by other means -->
+ <!--HttpAdminServices>*</HttpAdminServices-->
+
+ </Axis2Config>
+
+ <!--
+ The default user roles which will be created when the server
+ is started up for the first time.
+ -->
+ <ServiceUserRoles>
+ <Role>
+ <Name>admin</Name>
+ <Description>Default Administrator Role</Description>
+ </Role>
+ <Role>
+ <Name>user</Name>
+ <Description>Default User Role</Description>
+ </Role>
+ </ServiceUserRoles>
+
+ <!--
+ Enable following config to allow Emails as usernames.
+ -->
+ <!--EnableEmailUserName>true</EnableEmailUserName-->
+
+ <!--
+ Security configurations
+ -->
+ <Security>
+ <!--
+ KeyStore which will be used for encrypting/decrypting passwords
+ and other sensitive information.
+ -->
+ <KeyStore>
+ <!-- Keystore file location-->
+ <Location>${carbon.home}/repository/resources/security/wso2carbon.jks</Location>
+ <!-- Keystore type (JKS/PKCS12 etc.)-->
+ <Type>JKS</Type>
+ <!-- Keystore password-->
+ <Password>wso2carbon</Password>
+ <!-- Private Key alias-->
+ <KeyAlias>wso2carbon</KeyAlias>
+ <!-- Private Key password-->
+ <KeyPassword>wso2carbon</KeyPassword>
+ </KeyStore>
+
+ <!--
+ System wide trust-store which is used to maintain the certificates of all
+ the trusted parties.
+ -->
+ <TrustStore>
+ <!-- trust-store file location -->
+ <Location>${carbon.home}/repository/resources/security/client-truststore.jks</Location>
+ <!-- trust-store type (JKS/PKCS12 etc.) -->
+ <Type>JKS</Type>
+ <!-- trust-store password -->
+ <Password>wso2carbon</Password>
+ </TrustStore>
+
+ <!--
+ The Authenticator configuration to be used at the JVM level. We extend the
+ java.net.Authenticator to make it possible to authenticate to given servers and
+ proxies.
+ -->
+ <NetworkAuthenticatorConfig>
+ <!--
+ Below is a sample configuration for a single authenticator. Please note that
+ all child elements are mandatory. Not having some child elements would lead to
+ exceptions at runtime.
+ -->
+ <!-- <Credential> -->
+ <!--
+ the pattern that would match a subset of URLs for which this authenticator
+ would be used
+ -->
+ <!-- <Pattern>regularExpression</Pattern> -->
+ <!--
+ the type of this authenticator. Allowed values are:
+ 1. server
+ 2. proxy
+ -->
+ <!-- <Type>proxy</Type> -->
+ <!-- the username used to log in to server/proxy -->
+ <!-- <Username>username</Username> -->
+ <!-- the password used to log in to server/proxy -->
+ <!-- <Password>password</Password> -->
+ <!-- </Credential> -->
+ </NetworkAuthenticatorConfig>
+
+ <!--
+ The Tomcat realm to be used for hosted Web applications. Allowed values are;
+ 1. UserManager
+ 2. Memory
+
+ If this is set to 'UserManager', the realm will pick users & roles from the system's
+ WSO2 User Manager. If it is set to 'memory', the realm will pick users & roles from
+ CARBON_HOME/repository/conf/tomcat/tomcat-users.xml
+ -->
+ <TomcatRealm>UserManager</TomcatRealm>
+
+ <!--Option to disable storing of tokens issued by STS-->
+ <DisableTokenStore>false</DisableTokenStore>
+
+ <!--
+ Security token store class name. If this is not set, default class will be
+ org.wso2.carbon.security.util.SecurityTokenStore
+ -->
+ <TokenStoreClassName>org.wso2.carbon.identity.sts.store.DBTokenStore</TokenStoreClassName>
+
+
+
+ <!-- Configurations to avoid Cross Site Request Forgery vulnerabilities -->
+ <CSRFPreventionConfig>
+ <!-- CSRFPreventionFilter configurations that adopts Synchronizer Token Pattern -->
+ <CSRFPreventionFilter>
+ <!-- Set below to true to enable the CSRFPreventionFilter -->
+ <Enabled>false</Enabled>
+ <!-- Url Pattern to skip application of CSRF protection-->
+ <SkipUrlPattern>(.*)(/images|/css|/js|/docs)(.*)</SkipUrlPattern>
+ </CSRFPreventionFilter>
+ </CSRFPreventionConfig>
+
+ <!-- Configuration to enable or disable CR and LF sanitization filter-->
+ <CRLFPreventionConfig>
+ <!--Set below to true to enable the CRLFPreventionFilter-->
+ <Enabled>true</Enabled>
+ </CRLFPreventionConfig>
+ </Security>
+
+ <!--
+ The temporary work directory
+ -->
+ <WorkDirectory>${carbon.home}/tmp/work</WorkDirectory>
+
+ <!--
+ House-keeping configuration
+ -->
+ <HouseKeeping>
+
+ <!--
+ true - Start House-keeping thread on server startup
+ false - Do not start House-keeping thread on server startup.
+ The user will run it manually as and when he wishes.
+ -->
+ <AutoStart>true</AutoStart>
+
+ <!--
+ The interval in *minutes*, between house-keeping runs
+ -->
+ <Interval>10</Interval>
+
+ <!--
+ The maximum time in *minutes*, temp files are allowed to live
+ in the system. Files/directories which were modified more than
+ "MaxTempFileLifetime" minutes ago will be removed by the
+ house-keeping task
+ -->
+ <MaxTempFileLifetime>30</MaxTempFileLifetime>
+ </HouseKeeping>
+
+ <!--
+ Configuration for handling different types of file upload & other file uploading related
+ config parameters.
+ To map all actions to a particular FileUploadExecutor, use
+ <Action>*</Action>
+ -->
+ <FileUploadConfig>
+ <!--
+ The total file upload size limit in MB
+ -->
+ <TotalFileSizeLimit>100</TotalFileSizeLimit>
+
+ <Mapping>
+ <Actions>
+ <Action>keystore</Action>
+ <Action>certificate</Action>
+ <Action>*</Action>
+ </Actions>
+ <Class>org.wso2.carbon.ui.transports.fileupload.AnyFileUploadExecutor</Class>
+ </Mapping>
+
+ <Mapping>
+ <Actions>
+ <Action>jarZip</Action>
+ </Actions>
+ <Class>org.wso2.carbon.ui.transports.fileupload.JarZipUploadExecutor</Class>
+ </Mapping>
+ <Mapping>
+ <Actions>
+ <Action>dbs</Action>
+ </Actions>
+ <Class>org.wso2.carbon.ui.transports.fileupload.DBSFileUploadExecutor</Class>
+ </Mapping>
+ <Mapping>
+ <Actions>
+ <Action>tools</Action>
+ </Actions>
+ <Class>org.wso2.carbon.ui.transports.fileupload.ToolsFileUploadExecutor</Class>
+ </Mapping>
+ <Mapping>
+ <Actions>
+ <Action>toolsAny</Action>
+ </Actions>
+ <Class>org.wso2.carbon.ui.transports.fileupload.ToolsAnyFileUploadExecutor</Class>
+ </Mapping>
+ </FileUploadConfig>
+
+ <!-- FileNameRegEx is used to validate the file input/upload/write-out names.
+ e.g.
+ <FileNameRegEx>^(?!(?:CON|PRN|AUX|NUL|COM[1-9]|LPT[1-9])(?:\.[^.])?$)[^<>:"/\\|?*\x00-\x1F][^<>:"/\\|?*\x00-\x1F\ .]$</FileNameRegEx>
+ -->
+ <!--<FileNameRegEx></FileNameRegEx>-->
+
+ <!--
+ Processors which process special HTTP GET requests such as ?wsdl, ?policy etc.
+
+ In order to plug in a processor to handle a special request, simply add an entry to this
+ section.
+
+ The value of the Item element is the first parameter in the query string(e.g. ?wsdl)
+ which needs special processing
+
+ The value of the Class element is a class which implements
+ org.wso2.carbon.transport.HttpGetRequestProcessor
+ -->
+ <HttpGetRequestProcessors>
+ <Processor>
+ <Item>info</Item>
+ <Class>org.wso2.carbon.core.transports.util.InfoProcessor</Class>
+ </Processor>
+ <Processor>
+ <Item>wsdl</Item>
+ <Class>org.wso2.carbon.core.transports.util.Wsdl11Processor</Class>
+ </Processor>
+ <Processor>
+ <Item>wsdl2</Item>
+ <Class>org.wso2.carbon.core.transports.util.Wsdl20Processor</Class>
+ </Processor>
+ <Processor>
+ <Item>xsd</Item>
+ <Class>org.wso2.carbon.core.transports.util.XsdProcessor</Class>
+ </Processor>
+ </HttpGetRequestProcessors>
+
+ <!-- Deployment Synchronizer Configuration. t Enabled value to true when running with "svn based" dep sync.
+ In master nodes you need to set both AutoCommit and AutoCheckout to true
+ and in worker nodes set only AutoCheckout to true.
+ -->
+ <DeploymentSynchronizer>
+ <Enabled>false</Enabled>
+ <AutoCommit>false</AutoCommit>
+ <AutoCheckout>true</AutoCheckout>
+ <RepositoryType>svn</RepositoryType>
+ <SvnUrl>http://svnrepo.example.com/repos/</SvnUrl>
+ <SvnUser>username</SvnUser>
+ <SvnPassword>password</SvnPassword>
+ <SvnUrlAppendTenantId>true</SvnUrlAppendTenantId>
+ </DeploymentSynchronizer>
+
+ <!-- Deployment Synchronizer Configuration. Uncomment the following section when running with "registry based" dep sync.
+ In master nodes you need to set both AutoCommit and AutoCheckout to true
+ and in worker nodes set only AutoCheckout to true.
+ -->
+ <!--<DeploymentSynchronizer>
+ <Enabled>true</Enabled>
+ <AutoCommit>false</AutoCommit>
+ <AutoCheckout>true</AutoCheckout>
+ </DeploymentSynchronizer>-->
+
+ <!-- Mediation persistence configurations. Only valid if mediation features are available i.e. ESB -->
+ <!--<MediationConfig>
+ <LoadFromRegistry>false</LoadFromRegistry>
+ <SaveToFile>false</SaveToFile>
+ <Persistence>enabled</Persistence>
+ <RegistryPersistence>enabled</RegistryPersistence>
+ </MediationConfig>-->
+
+ <!--
+ Server intializing code, specified as implementation classes of org.wso2.carbon.core.ServerInitializer.
+ This code will be run when the Carbon server is initialized
+ -->
+ <ServerInitializers>
+ <!--<Initializer></Initializer>-->
+ </ServerInitializers>
+
+ <!--
+ Indicates whether the Carbon Servlet is required by the system, and whether it should be
+ registered
+ -->
+ <RequireCarbonServlet>${require.carbon.servlet}</RequireCarbonServlet>
+
+ <!--
+ Carbon H2 OSGI Configuration
+ By default non of the servers start.
+ name="web" - Start the web server with the H2 Console
+ name="webPort" - The port (default: 8082)
+ name="webAllowOthers" - Allow other computers to connect
+ name="webSSL" - Use encrypted (HTTPS) connections
+ name="tcp" - Start the TCP server
+ name="tcpPort" - The port (default: 9092)
+ name="tcpAllowOthers" - Allow other computers to connect
+ name="tcpSSL" - Use encrypted (SSL) connections
+ name="pg" - Start the PG server
+ name="pgPort" - The port (default: 5435)
+ name="pgAllowOthers" - Allow other computers to connect
+ name="trace" - Print additional trace information; for all servers
+ name="baseDir" - The base directory for H2 databases; for all servers
+ -->
+ <!--H2DatabaseConfiguration>
+ <property name="web" />
+ <property name="webPort">8082</property>
+ <property name="webAllowOthers" />
+ <property name="webSSL" />
+ <property name="tcp" />
+ <property name="tcpPort">9092</property>
+ <property name="tcpAllowOthers" />
+ <property name="tcpSSL" />
+ <property name="pg" />
+ <property name="pgPort">5435</property>
+ <property name="pgAllowOthers" />
+ <property name="trace" />
+ <property name="baseDir">${carbon.home}</property>
+ </H2DatabaseConfiguration-->
+ <!--Disabling statistics reporter by default-->
+ <StatisticsReporterDisabled>true</StatisticsReporterDisabled>
+
+ <!-- Enable accessing Admin Console via HTTP -->
+ <!-- EnableHTTPAdminConsole>true</EnableHTTPAdminConsole -->
+
+ <!--
+ Default Feature Repository of WSO2 Carbon.
+ -->
+ <FeatureRepository>
+ <RepositoryName>default repository</RepositoryName>
+ <RepositoryURL>http://product-dist.wso2.com/p2/carbon/releases/wilkes/</RepositoryURL>
+ </FeatureRepository>
+
+ <!--
+ Configure API Management
+ -->
+ <APIManagement>
+
+ <!--Uses the embedded API Manager by default. If you want to use an external
+ API Manager instance to manage APIs, configure below externalAPIManager-->
+
+ <Enabled>true</Enabled>
+
+ <!--Uncomment and configure API Gateway and
+ Publisher URLs to use external API Manager instance-->
+
+ <!--ExternalAPIManager>
+
+ <APIGatewayURL>http://localhost:8281</APIGatewayURL>
+ <APIPublisherURL>http://localhost:8281/publisher</APIPublisherURL>
+
+ </ExternalAPIManager-->
+
+ <LoadAPIContextsInServerStartup>true</LoadAPIContextsInServerStartup>
+ </APIManagement>
+</Server>
http://git-wip-us.apache.org/repos/asf/airavata/blob/93ec75b6/roles/wso2_is/vars/main.yml
----------------------------------------------------------------------
diff --git a/roles/wso2_is/vars/main.yml b/roles/wso2_is/vars/main.yml
new file mode 100644
index 0000000..f7b4eb7
--- /dev/null
+++ b/roles/wso2_is/vars/main.yml
@@ -0,0 +1,18 @@
+---
+#Variables associated with this role
+# Oracle Java 8
+java_dir_source: "/usr/local/src"
+
+java_version: 8
+java_version_update: 91
+java_version_build: '14'
+java_version_string: "1.{{ java_version }}.0_{{ java_version_update }}"
+java_home: "/usr/java/jdk1.{{ java_version }}.0_{{ java_version_update }}"
+
+java_rpm_filename: "jdk-{{ java_version }}u{{ java_version_update }}-linux-x64.rpm"
+java_rpm_url: "http://download.oracle.com/otn-pub/java/jdk/{{ java_version }}u{{ java_version_update }}-b{{ java_version_build }}/{{ java_rpm_filename }}"
+
+wso2_is_rul: http://wso2.com/products/identity-server/#download
+wso2_is_dist: wso2is-5.1.0.zip
+wso2_is_dir: wso2is-5.1.0
+...
http://git-wip-us.apache.org/repos/asf/airavata/blob/93ec75b6/site.yml
----------------------------------------------------------------------
diff --git a/site.yml b/site.yml
index 63c2fae..0de15ef 100644
--- a/site.yml
+++ b/site.yml
@@ -36,4 +36,8 @@
roles:
- database
+- hosts: wso2is
+ tags: wso2is
+ roles:
+ - wso2_is
...