You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airavata.apache.org by ma...@apache.org on 2017/06/28 19:57:26 UTC
airavata git commit: Updated production SciGaP deployment for
Keycloak migration
Repository: airavata
Updated Branches:
refs/heads/keycloak-prod-migration [created] 604646890
Updated production SciGaP deployment for Keycloak migration
Project: http://git-wip-us.apache.org/repos/asf/airavata/repo
Commit: http://git-wip-us.apache.org/repos/asf/airavata/commit/60464689
Tree: http://git-wip-us.apache.org/repos/asf/airavata/tree/60464689
Diff: http://git-wip-us.apache.org/repos/asf/airavata/diff/60464689
Branch: refs/heads/keycloak-prod-migration
Commit: 604646890a5300ea63a88682ecae3a8268a1d1e3
Parents: cb4565d
Author: Marcus Christie <ma...@apache.org>
Authored: Wed Jun 28 15:56:41 2017 -0400
Committer: Marcus Christie <ma...@apache.org>
Committed: Wed Jun 28 15:56:41 2017 -0400
----------------------------------------------------------------------
.../scigap/production/files/keycloak.jks | 143 +++++++++++++++++++
.../scigap/production/group_vars/all/vars.yml | 24 +++-
.../scigap/production/group_vars/all/vault.yml | 50 ++++---
.../production/pga_config/brandeis/vars.yml | 10 +-
.../production/pga_config/cinetvtech/vars.yml | 10 +-
.../production/pga_config/georgiastate/vars.yml | 10 +-
.../production/pga_config/iugateway/vars.yml | 14 +-
.../scigap/production/pga_config/lsu/vars.yml | 10 +-
.../pga_config/nanoconfinement/vars.yml | 10 +-
.../scigap/production/pga_config/nsg/vars.yml | 13 +-
.../production/pga_config/oiitandy/vars.yml | 10 +-
.../scigap/production/pga_config/oscer/vars.yml | 14 +-
.../production/pga_config/phasta/vars.yml | 10 +-
.../production/pga_config/scigap/vars.yml | 15 +-
.../production/pga_config/seagrid/vars.yml | 29 +++-
.../production/pga_config/simvascular/vars.yml | 10 +-
.../production/pga_config/southdakota/vars.yml | 10 +-
.../pga_config/southernillinois/vars.yml | 10 +-
.../production/pga_config/testdrive/vars.yml | 14 +-
.../production/pga_config/ultrascan/vars.yml | 13 +-
.../scigap/production/pga_config/utah/vars.yml | 10 +-
21 files changed, 371 insertions(+), 68 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/airavata/blob/60464689/dev-tools/ansible/inventories/scigap/production/files/keycloak.jks
----------------------------------------------------------------------
diff --git a/dev-tools/ansible/inventories/scigap/production/files/keycloak.jks b/dev-tools/ansible/inventories/scigap/production/files/keycloak.jks
new file mode 100644
index 0000000..44b438c
--- /dev/null
+++ b/dev-tools/ansible/inventories/scigap/production/files/keycloak.jks
@@ -0,0 +1,143 @@
+$ANSIBLE_VAULT;1.1;AES256
+30366331303865323462333764326263383166393537356230336538633135666336653666363561
+3035643264363462633734326562643336653866653938380a653634333866326130316234623037
+32353361323362356365353661353537663765633731633436303362383962383234303839393831
+6630653035646262300a316134613233396332653739313736333265373435633839393662366462
+37653633333637666365363364616635363362353239633636626636633139666232363432386232
+34313861323064656262303165363134336432373135613565623935623863396136336136336263
+66363762323031323861663066343330663462623338383735613063616235626437613930313236
+35656530363932373433356136636563366336383936346234303563386138616665396364326330
+62303731333364313631343032643230626161613063613861383035366630396339633031353662
+35393535366130373037663062323138333365383037656537333963393066613365643563323832
+37363037663765333135663534396338653934383665623633653537316562636136633065343365
+39363263353333363562633337343361343134663666396630626332636539343939643066383538
+61303362663865373866373363643538386638663531333537656432303137343334393630656436
+30393232316332663038366537386535336565626538643661616433646431323936393530656639
+36343866666265626663653330633438666461313137393662353638346539376334366634616630
+64356237383836333638623337396633653162616564616561306238643663383636323865383736
+32653031383536383732643238316465666331323033373038636330663266353530356337343739
+37663734613365653130396332383463623666653636376236626439613830633232343937303034
+35313563396566303134336131313837663332626639313162663636633737383164366136383836
+32633331333066356631393935623734343430666139613735656262333064346433613934366534
+65383533396466653065376338336636313338633934623734633136393635366636356436333233
+63386263323161646335353939656361333964373962633065343536663230626434396232303863
+33303832396665383233386434353738303135623637656663646631623539626633333336383464
+32373431633738383435323465303430356239336433316339363665613337396335633465366531
+39646137646235626235623032393863333864623634313835393966373965356133646336343231
+65346365656333333361383463303036306262383438383765653838373332643236633965356632
+30353239616566386334663936646531336135363838303064373536353663333433336664336133
+35343733323539653330386131353236626161666461303661613365313135626136626634663065
+66306239353932363435323662346334356430663338623561373937396338653331343830346432
+33353964363063383037376366646261306463336162396163323063643463366336333161393361
+33363736313436303938333062663065386531346332346366343036633435653037316639313538
+37363562393338353565356565366331313163653163323263346136343266313764356135656365
+64653839626562303736346166636464323038323937326561306439306364303865336639316639
+35313662623737326538393766616235396137663762323461613132623939393165616132303836
+30386232353463356266396537396336633166363037656665333361336533353637383738383137
+30636431643964373265636132343664363961303933646332646534376166363932373036653433
+32656263613863653131373137376661323939306235366162323165633863666333326637643437
+39656366363531633532663334393334333630373132653662656161313438326531663232343730
+39653838386266353561656632623365353161303730346263666436656239343230313262626566
+30333563623763636138363263656335373636383661626665373733663363346663396163313934
+35393432393863353632633366346264306363303861373435363164396436616535373432356434
+32643337623534386330353633393132383737353137646630386238323763313063653561636162
+66636438363838383136663931623664616434326639386535396437653562663732323936386634
+38373537306231313664313963303337666166353438393232646536366130303366333635393364
+36363031356461633662323730363536383631396566616661303031353735386234316265313366
+65356138323262633431623366303136356630616364303838663434626266643638346664333835
+38633732613234626637643335613463333661366337356365653036376664363339316465356564
+37393433633934323935386561663862396435316664396164363733613930333538316261613335
+39663538656166306630303136346563613131633931366531626166363564626361393564363531
+31383730666338386637313130333161383237636564363536363838366361306437323165363038
+32373964353134636665303865653263386230353132626361393337653365646565393262633961
+37623738663336303963356661356539346264383364343366613030393333623437323164343939
+35623534363663656331363734626163323834613861386630353230626630393932396532623634
+62316565303134616364363563343639643463666464656136396234376463386265653162333832
+38373630313966616230623831656230363333653664383137373234316134306165313630623466
+35363932333433323061336661363632336134643166326238653237323530303937646663363332
+65643339663130613131643665616361656464303034666264393264326531303561633730323337
+36636331386534626232393533376363333034343432306461303438663164623566323265663664
+65346161633538343931336365393661336661336363633430333033366466636639353466646334
+37353532343364363438616635636566376239393839666563346664393730326630313538626264
+32643039366266306130653231336132303239633531306439656335343262626665313933313064
+31313834646664383465346432633437303139636166663236313630633436623431316664353766
+36356462636538663339656131653038316564623831313830326137373333623331393430663236
+39613931363661316137316539356264663032366262333063653236346537346230653932663435
+31356439303461346236376432366664366363636633353963323537643264643361636632336333
+31383163366362343765386332346536313561386636393832393234643566636535666438646132
+64373039376333636465373131646661663538653664386335383834653132653266363461633064
+63663363376565336239323335646636376438653938316531643334636466633061646337343664
+61643037316437356363663033623638323064633530366534613132656137636537663333636133
+31663364623134396434313334313263363636343362653766653664623663653936646331343438
+62636661343965393033313339356539383233363430666563363764386336343839303633353633
+61613333376130633064633666626133383838303936303936633937653664656237313466346465
+30316564336164643864663062646564643839313330373230356166336534633765613031656535
+39663234356437383131383331356332656265306362636462366337306265316437363432323632
+35653261396530333862613565353161306237653065353431396465366164666462303532653136
+65303736646136336233623837633761373730623865316164343932623737666131663337636163
+39336335343432383639633830396134316434393764653235613737633435646238363537623632
+36616261333834613765303132656135316330643964313961646364343638636233316364373137
+35663630366431623665393064663634393734613339363863636164373764623734303531326534
+39663264343834623536366231366664346365396638336263313832366133623561303335386362
+34366632356166623163363230656339346337306531386636663434376231626135313763643134
+34626637346166303933383533653435323039373433646364383934623663363234316366353635
+32303739356638346539363134333037353830343735656162616230306439306634366631663635
+36343865333263656466633036386439653066336233656262383238303766356131383266303432
+63323336393237633131336238333263613464636266666466653333373365643435623936636464
+35343531386461333762383834323837353734616561623331306166653331616239333232383561
+31336430616137366664633737626266326339343836633033316632326438363434643565633738
+32623634643564633435633931376663643266663761643031333433616233323234663238323461
+32386235343533626331396531346634643566636539363161363133313436383638643266633436
+33353363636635353164306235353162313963653734383739323366666235333663373735393439
+33336337336365303030376430653535313833313337666235636331366462653731393631373030
+62616431336439623164333162393062363933316234383431313162666233363765353634346536
+35326164373332623138623038656263353665613230376438343861373337316237343833653361
+66303038613339633038313236363136646361386134343266303266333365373537623166333965
+61653363623263663231623765346232653037633863383331623038303964373131343532333266
+63346336633166393337343031366237363633323736323565633331376566356437323633653862
+33393263346237613739316536306366383863323065633738663337303265643038363838363263
+33393666316262383135366361316439376636333866643138613639306231643866663264373835
+37393731376330326633623931663261316337636338333733663766326264376436313136373734
+35363238303135323136383563656263383437386431666238346661363534333237613533646365
+34633862323537366338353138303063623032623136316338313533393430323233306437383363
+30663333356230343837366531346437633832333836343937346261303862343334363034333861
+38636130376466353066643065646339656637343464383439323263326536396139306235373033
+66656238363435356536326134336133663533383735616463333133613437346232393364633033
+63633432396231646165643634363535653336313833323434356331343132393866396339366434
+37613736303165313539333033613234646237336230613134643362366232336131616335393538
+64663361383466623831653265653461346665393264653533323466636666326565383163663465
+33623133636261633636346335306634306538623035356630666136636161306566666565313030
+63346231336565666366386565636361383465313833613836613432356431313637633837363866
+65333761636236316534656262383365303064393465636134383661323834393165643766626234
+61636539373966646262663231363031616333393033666565636336346561363261313564373736
+37646535613536616463663264623131656165646337616262396138333232383032383661303863
+66363936666364376539626135623463326439393664346261333530306563613137343736383365
+36366536343035326662633562396533366264336630613165346166313339306635353863663436
+36373539303064663932326562353166613432623364656535616132393431616332363635396638
+65616331333063636664353633376363366164636462393934383434663364333861636532633437
+64353337623939626437633436626665303436306338346337346535663439376163623861633864
+64326639626438373661383438623266303664356332653534393037343336343034376430616536
+32336362643630343464326138313662626533306437616138343036336639373161386437303161
+66393739393930663762616333643431373237633639666338633735353236663037373237646435
+37666537323662623431343833643161393932336662666538633765656432663761323865663436
+30623532343635633734663165396366616365313966386162666435633166316531323235653764
+32336537336539653331643734633564653863306630356639623936346336333131373731633536
+34653561636539326633323963376338326432633639306530616631646538383238646238333061
+38306432363535396239333634393739306664313931333864316464383430373065653132616166
+61626461396238326463616530663136313230663239333530643466653865346634613465313034
+64333330663831643130373038343935376265343366613363326638376433373139393664656264
+39393266643339366163323732333962353632323233366430346431643432383039323736656330
+33656334616330653563663966656438613965336638653234313831623864383463623866653761
+32326364386631616264663634656436316365303739663736626635393838643031383732383462
+35633861383163333163386163616439663165616533303064303434386134366631663062643462
+33646361376365666635343637343038313435613965623664646663316239323536633033613664
+39316237306166396132373566313166306361313565383937393338303764616230633534376338
+63383033306631396634616639356561613261356266613831653333626364643631666431633932
+65616132356163663261363630373738343565313230386639376364353739343364303835386664
+64313065616264343830313061303161313966643439643335626639656135626664366365633430
+38323332316462326531306639393638626565663339366331663935666134333231396235633134
+66316363343539666334323233393438646134626433373433383531626166353937633739343834
+62303133613735653961316139356165626365653665633439653363356663303732323038356233
+64386633363133393033343462643731333039396466386136363066663762353062313532646336
+65663263663063323030343338613331623035633763666535323966663432393065373734306464
+6234303833653065643264613135343731373634666632313938
http://git-wip-us.apache.org/repos/asf/airavata/blob/60464689/dev-tools/ansible/inventories/scigap/production/group_vars/all/vars.yml
----------------------------------------------------------------------
diff --git a/dev-tools/ansible/inventories/scigap/production/group_vars/all/vars.yml b/dev-tools/ansible/inventories/scigap/production/group_vars/all/vars.yml
index 2313795..9d3b75e 100644
--- a/dev-tools/ansible/inventories/scigap/production/group_vars/all/vars.yml
+++ b/dev-tools/ansible/inventories/scigap/production/group_vars/all/vars.yml
@@ -47,6 +47,7 @@ replica_catalog: "replica_catalog"
sharing_catalog: "sharing_catalog"
workflow_catalog: "workflow_catalog"
credential_store: "credential_store"
+profile_service: "profile_service"
mysql_connector_jar: "mysql-connector-java-5.1.37-bin.jar"
@@ -70,6 +71,9 @@ api_secured: "false"
tls_enable: "true"
api_server_tls_port: "9930"
enable_sharing: "true"
+iam_server_url: "https://iam.scigap.org/auth"
+iam_server_super_admin_username: "AiravataAdmin"
+iam_server_super_admin_password: "{{ vault_iam_server_super_admin_password }}"
# Orchestrator related variables
orchestrator_name: "orchestrator-node0"
@@ -86,8 +90,6 @@ registry_port: 8970
default_gateway: "default"
# Credential and keystore related variables
-#authorization_server: "https://{{ groups['wso2is'][0]}}:9443/services/"
-authorization_server: "https://idp.scigap.org:9443/services/"
keystore_src_path: "{{inventory_dir}}/files/airavata.jks"
keystore_passwd: "{{ vault_keystore_passwd }}"
client_truststore_src_path: "{{inventory_dir}}/files/client_truststore.jks"
@@ -118,9 +120,23 @@ real_user_data_dir: "/data/gateway-user-data"
#airavata_server: "tls://gw77.iu.xsede.org"
airavata_server: "tls://{{ groups['api-orch'][0] }}"
airavata_port: "9930"
-# FIXME: temporarily turn off SSL verification for WSO2 IS
-auth_verify_peer: "false"
+airavata_profile_service_server: "{{ groups['api-orch'][0] }}"
+auth_verify_peer: "true"
+oauth_service_url: "{{ iam_server_url }}"
# Sharing Registry related variables
sharing_registry_host: "{{ groups['api-orch'][0] }}"
sharing_registry_port: 7878
+
+# Profile Service related variables
+profile_service_host: "{{ groups['api-orch'][0] }}"
+profile_service_port: 8962
+
+# Keycloak
+keycloak_ssl_keystore_file: "{{ inventory_dir }}/files/keycloak.jks"
+keycloak_ssl_keystore_password: "{{ vault_keycloak_ssl_keystore_password }}"
+keycloak_db_host: "localhost"
+keycloak_db_username: "keycloak"
+keycloak_db_password: "{{ vault_keycloak_db_password }}"
+keycloak_master_account_username: "AiravataAdmin"
+keycloak_master_account_password: "{{ vault_keycloak_master_account_password }}"
http://git-wip-us.apache.org/repos/asf/airavata/blob/60464689/dev-tools/ansible/inventories/scigap/production/group_vars/all/vault.yml
----------------------------------------------------------------------
diff --git a/dev-tools/ansible/inventories/scigap/production/group_vars/all/vault.yml b/dev-tools/ansible/inventories/scigap/production/group_vars/all/vault.yml
index e63e4ae..e5d7671 100644
--- a/dev-tools/ansible/inventories/scigap/production/group_vars/all/vault.yml
+++ b/dev-tools/ansible/inventories/scigap/production/group_vars/all/vault.yml
@@ -1,20 +1,32 @@
$ANSIBLE_VAULT;1.1;AES256
-32393636303631613537663430383839636363376162653935623036373062663734383863316435
-3039646665353363346261616636363633346665616263620a636438333561623935643234303236
-35616237333034613263303438356137663162313065343361363163633230653561323963333665
-3139646633323338370a323537353433633961613763333633393634643138653166356338333434
-35373733356265343635323436343064636535336361393764616631663136376565646331303730
-32613064646239616434303932656231643466396330633731336665376261383030363065316130
-30393031616532303264616164363430323866353936303333326266366166323566336235303531
-33613537363962626166323465313130343362393634323132626535363866333364326238356130
-35306430663630653534363631393731646262366135633761376533303264326662666235663965
-64323836313663376237383135646466336334393235356230343364663232393635643561336462
-38613838633762616633656131623733333336313661373564366532343732643537663636376166
-30333633313262336538303539363063303538333131356563343165383861363736616432663666
-35663731623038376464373239303438353761376531373061663861656231663437383461633334
-30323430363235366536373663646630333562613163346337393638623166303739323736363230
-37656232353163326638616230613661346436633339373239343036616334633263393566383965
-31633832336338373264613664333064363238653035373466396635396430343634666463636530
-62383332646362353635646236323735626266383933363833643636643631373965323464613531
-66373563353536633064643839383634646632376132646233656536386135643530333963373437
-313436303763626261636165303932336361
+36656438643034386437333735643963306462343964333131646432353464333663656462623261
+6537633832376334666261346438346466363263373135390a313962303637396532366231376336
+65636236353137383061636664386133363838316230376664333265633564343633653333623736
+6536363430653439650a633431393961333438363462356434333735646566353263366565336533
+31633462353766356562616236363964656265363537636166613931366130303135386330383939
+65613230363762326164643432323661636639653763373130373433356666323466353361333338
+61336331646139323033613037643839353430343737363234386233353936646264386538396164
+63303435373266653137383238356136333962323130663766616465313537663333663130653066
+64313838623634643632323862316437333764366364656266353232643036393262363130616465
+33383465383838643561653035336563383366623737336235336266393134636332666561356536
+39623961613966333130613936656332353331653863363138666338363064633130343936393134
+65613132653934313632626261316663646266636237666437613739383965653531343862313538
+66313130613862623435666665393363383638313962633938353064386633346266623264373561
+66336430323361366131613163323861373563656133323335636237306332356637353766636164
+37343639346533616462303234303930343938323537346537663938336531623034373335313061
+65376636653834626364356536383666333337656163323235613332396638636365643363666239
+64333434656130646533306330626635313132633536616363333139643866396136373132646239
+65386232353139366338356130653831623539393263343137313739643430616566363232366661
+66383731393931326432636231366434343364336264643436633639373134373565643466663933
+39383835363635623461313365666562383365313339363766313638656238623139363833643638
+66653732613035303365646137643333653061643263396266396639626633386536663462373663
+64633331383161313337343063373461623534373630353239633930366165633931663462303234
+62666662393234633034313732646436326562336637336136623766616634386439313937346363
+66613730376531663833646133633736326633656538383966326232336633316662313235653063
+61386365353266613665333935343165356263663164383635313632613935636333386538303934
+61323733636263623439656339316139313163376565363032353236313738626261643064316364
+38643937323136386233303566376462663836626538386261356333323637353861613836666663
+34396137636561333738663035653939656230633838343766343432366466383537653334326462
+33366431346465333562306164353934316261643330376565336364373231363335303733653439
+37376639326335323137306161366439333465393432396638343837343930313635333433346263
+306562646366333162653131396234633362
http://git-wip-us.apache.org/repos/asf/airavata/blob/60464689/dev-tools/ansible/inventories/scigap/production/pga_config/brandeis/vars.yml
----------------------------------------------------------------------
diff --git a/dev-tools/ansible/inventories/scigap/production/pga_config/brandeis/vars.yml b/dev-tools/ansible/inventories/scigap/production/pga_config/brandeis/vars.yml
index 67e66f2..1d2b909 100644
--- a/dev-tools/ansible/inventories/scigap/production/pga_config/brandeis/vars.yml
+++ b/dev-tools/ansible/inventories/scigap/production/pga_config/brandeis/vars.yml
@@ -27,12 +27,18 @@ doc_root_dir: "/var/www/portals/brandeis"
vhost_servername: "sciencegateway.sci.brandeis.edu"
vhost_ssl: False
-## WSO2 IS related variables
-tenant_domain: "airavata.brandeis"
+## Keycloak related variables
+tenant_domain: "{{ gateway_id }}"
admin_username: "adminuser"
admin_password: "{{ vault_admin_password }}"
oauth_client_key: "{{ vault_oauth_client_key }}"
oauth_client_secret: "{{ vault_oauth_client_secret }}"
+oidc_discovery_url: "https://iam.scigap.org/auth/realms/{{ tenant_domain }}/.well-known/openid-configuration"
+
+auth_options:
+ - name: "Brandeis University Science Gateway"
+ oauth_grant_type: "password"
+oauth_callback_url: "http://{{ vhost_servername }}/callback-url"
gateway_id: "brandeis"
# relative to document root dir
http://git-wip-us.apache.org/repos/asf/airavata/blob/60464689/dev-tools/ansible/inventories/scigap/production/pga_config/cinetvtech/vars.yml
----------------------------------------------------------------------
diff --git a/dev-tools/ansible/inventories/scigap/production/pga_config/cinetvtech/vars.yml b/dev-tools/ansible/inventories/scigap/production/pga_config/cinetvtech/vars.yml
index 627f99b..e9dddbd 100644
--- a/dev-tools/ansible/inventories/scigap/production/pga_config/cinetvtech/vars.yml
+++ b/dev-tools/ansible/inventories/scigap/production/pga_config/cinetvtech/vars.yml
@@ -31,12 +31,18 @@ ssl_certificate_file: "/etc/letsencrypt/live/cinet.scigap.org/cert.pem"
ssl_certificate_chain_file: "/etc/letsencrypt/live/cinet.scigap.org/fullchain.pem"
ssl_certificate_key_file: "/etc/letsencrypt/live/cinet.scigap.org/privkey.pem"
-## WSO2 IS related variables
-tenant_domain: "airavata.cinet"
+## Keycloak related variables
+tenant_domain: "{{ gateway_id }}"
admin_username: "adminuser"
admin_password: "{{ vault_admin_password }}"
oauth_client_key: "{{ vault_oauth_client_key }}"
oauth_client_secret: "{{ vault_oauth_client_secret }}"
+oidc_discovery_url: "https://iam.scigap.org/auth/realms/{{ tenant_domain }}/.well-known/openid-configuration"
+
+auth_options:
+ - name: "Virginia Tech Cinet Gateway"
+ oauth_grant_type: "password"
+oauth_callback_url: "https://{{ vhost_servername }}/callback-url"
gateway_id: "cinetvtech"
# relative to document root dir
http://git-wip-us.apache.org/repos/asf/airavata/blob/60464689/dev-tools/ansible/inventories/scigap/production/pga_config/georgiastate/vars.yml
----------------------------------------------------------------------
diff --git a/dev-tools/ansible/inventories/scigap/production/pga_config/georgiastate/vars.yml b/dev-tools/ansible/inventories/scigap/production/pga_config/georgiastate/vars.yml
index 7d79862..161302e 100644
--- a/dev-tools/ansible/inventories/scigap/production/pga_config/georgiastate/vars.yml
+++ b/dev-tools/ansible/inventories/scigap/production/pga_config/georgiastate/vars.yml
@@ -31,12 +31,18 @@ ssl_certificate_file: "/etc/letsencrypt/live/hpcgateway.gsu.edu/cert.pem"
ssl_certificate_chain_file: "/etc/letsencrypt/live/hpcgateway.gsu.edu/fullchain.pem"
ssl_certificate_key_file: "/etc/letsencrypt/live/hpcgateway.gsu.edu/privkey.pem"
-## WSO2 IS related variables
-tenant_domain: "airavata.geo"
+## Keycloak related variables
+tenant_domain: "{{ gateway_id }}"
admin_username: "adminuser"
admin_password: "{{ vault_admin_password }}"
oauth_client_key: "{{ vault_oauth_client_key }}"
oauth_client_secret: "{{ vault_oauth_client_secret }}"
+oidc_discovery_url: "https://iam.scigap.org/auth/realms/{{ tenant_domain }}/.well-known/openid-configuration"
+
+auth_options:
+ - name: "Georgia State PHP Gateway"
+ oauth_grant_type: "password"
+oauth_callback_url: "https://{{ vhost_servername }}/callback-url"
gateway_id: "georgiastate"
# relative to document root dir
http://git-wip-us.apache.org/repos/asf/airavata/blob/60464689/dev-tools/ansible/inventories/scigap/production/pga_config/iugateway/vars.yml
----------------------------------------------------------------------
diff --git a/dev-tools/ansible/inventories/scigap/production/pga_config/iugateway/vars.yml b/dev-tools/ansible/inventories/scigap/production/pga_config/iugateway/vars.yml
index 7bce4c5..c63e223 100644
--- a/dev-tools/ansible/inventories/scigap/production/pga_config/iugateway/vars.yml
+++ b/dev-tools/ansible/inventories/scigap/production/pga_config/iugateway/vars.yml
@@ -31,12 +31,22 @@ ssl_certificate_file: "/etc/pki/tls/certs/cybergateway_iu_edu_cert.cer"
ssl_certificate_chain_file: "/etc/pki/tls/certs/cybergateway_iu_edu_interm.cer"
ssl_certificate_key_file: "/etc/pki/tls/private/iugateway.key"
-## WSO2 IS related variables
-tenant_domain: "airavata.iub"
+## Keycloak related variables
+tenant_domain: "{{ gateway_id }}"
admin_username: "admin"
admin_password: "{{ vault_admin_password }}"
oauth_client_key: "{{ vault_oauth_client_key }}"
oauth_client_secret: "{{ vault_oauth_client_secret }}"
+oidc_discovery_url: "https://iam.scigap.org/auth/realms/{{ tenant_domain }}/.well-known/openid-configuration"
+
+auth_options:
+ - name: "IU Gateway"
+ oauth_grant_type: "password"
+ - name: "CILogon"
+ oauth_grant_type: "authorization_code"
+ oauth_authorize_url_extra_params: "kc_idp_hint=oidc"
+ logo: "/assets/cilogon-logo-24x24-b.png"
+oauth_callback_url: "https://{{ vhost_servername }}/callback-url"
gateway_id: "iugateway"
# relative to document root dir
http://git-wip-us.apache.org/repos/asf/airavata/blob/60464689/dev-tools/ansible/inventories/scigap/production/pga_config/lsu/vars.yml
----------------------------------------------------------------------
diff --git a/dev-tools/ansible/inventories/scigap/production/pga_config/lsu/vars.yml b/dev-tools/ansible/inventories/scigap/production/pga_config/lsu/vars.yml
index 5d7ecb8..d7bd5fb 100644
--- a/dev-tools/ansible/inventories/scigap/production/pga_config/lsu/vars.yml
+++ b/dev-tools/ansible/inventories/scigap/production/pga_config/lsu/vars.yml
@@ -27,12 +27,18 @@ doc_root_dir: "/var/www/portals/lsu"
vhost_servername: "lsu.scigap.org"
vhost_ssl: False
-## WSO2 IS related variables
-tenant_domain: "lsu.edu"
+## Keycloak related variables
+tenant_domain: "{{ gateway_id }}"
admin_username: "lsuadmin"
admin_password: "{{ vault_admin_password }}"
oauth_client_key: "{{ vault_oauth_client_key }}"
oauth_client_secret: "{{ vault_oauth_client_secret }}"
+oidc_discovery_url: "https://iam.scigap.org/auth/realms/{{ tenant_domain }}/.well-known/openid-configuration"
+
+auth_options:
+ - name: "LSU Cybergateway"
+ oauth_grant_type: "password"
+oauth_callback_url: "http://{{ vhost_servername }}/callback-url"
gateway_id: "lsu"
# relative to document root dir
http://git-wip-us.apache.org/repos/asf/airavata/blob/60464689/dev-tools/ansible/inventories/scigap/production/pga_config/nanoconfinement/vars.yml
----------------------------------------------------------------------
diff --git a/dev-tools/ansible/inventories/scigap/production/pga_config/nanoconfinement/vars.yml b/dev-tools/ansible/inventories/scigap/production/pga_config/nanoconfinement/vars.yml
index 3f2e2b6..865ebe4 100644
--- a/dev-tools/ansible/inventories/scigap/production/pga_config/nanoconfinement/vars.yml
+++ b/dev-tools/ansible/inventories/scigap/production/pga_config/nanoconfinement/vars.yml
@@ -31,12 +31,18 @@ ssl_certificate_file: "/etc/letsencrypt/live/nanoconfinement.sciencegateways.iu.
ssl_certificate_chain_file: "/etc/letsencrypt/live/nanoconfinement.sciencegateways.iu.edu/fullchain.pem"
ssl_certificate_key_file: "/etc/letsencrypt/live/nanoconfinement.sciencegateways.iu.edu/privkey.pem"
-## WSO2 IS related variables
-tenant_domain: "airavata.nanoconfinement"
+## Keycloak related variables
+tenant_domain: "{{ gateway_id }}"
admin_username: "admin"
admin_password: "{{ vault_admin_password }}"
oauth_client_key: "{{ vault_oauth_client_key }}"
oauth_client_secret: "{{ vault_oauth_client_secret }}"
+oidc_discovery_url: "https://iam.scigap.org/auth/realms/{{ tenant_domain }}/.well-known/openid-configuration"
+
+auth_options:
+ - name: "Nano Confinement"
+ oauth_grant_type: "password"
+oauth_callback_url: "https://{{ vhost_servername }}/callback-url"
gateway_id: "nanoconfinement"
# relative to document root dir
http://git-wip-us.apache.org/repos/asf/airavata/blob/60464689/dev-tools/ansible/inventories/scigap/production/pga_config/nsg/vars.yml
----------------------------------------------------------------------
diff --git a/dev-tools/ansible/inventories/scigap/production/pga_config/nsg/vars.yml b/dev-tools/ansible/inventories/scigap/production/pga_config/nsg/vars.yml
index 9487e44..b4d5d0d 100644
--- a/dev-tools/ansible/inventories/scigap/production/pga_config/nsg/vars.yml
+++ b/dev-tools/ansible/inventories/scigap/production/pga_config/nsg/vars.yml
@@ -31,13 +31,20 @@ ssl_certificate_file: "/etc/pki/tls/certs/nsg_scigap_org_cert.cer"
ssl_certificate_chain_file: "/etc/pki/tls/certs/nsg_scigap_org_interm.cer"
ssl_certificate_key_file: "/etc/pki/tls/private/nsg.scigap.key"
-## WSO2 IS related variables
-tenant_domain: "prod.nsg"
+## Keycloak related variables
+tenant_domain: "{{ gateway_id }}"
admin_username: "nsgadmin"
admin_password: "{{ vault_admin_password }}"
oauth_client_key: "{{ vault_oauth_client_key }}"
oauth_client_secret: "{{ vault_oauth_client_secret }}"
-user_role_name: "airavata-user"
+# With Keycloak, we have to have static role names
+#user_role_name: "airavata-user"
+oidc_discovery_url: "https://iam.scigap.org/auth/realms/{{ tenant_domain }}/.well-known/openid-configuration"
+
+auth_options:
+ - name: "NSG"
+ oauth_grant_type: "password"
+oauth_callback_url: "https://{{ vhost_servername }}/callback-url"
gateway_id: "nsg"
# relative to document root dir
http://git-wip-us.apache.org/repos/asf/airavata/blob/60464689/dev-tools/ansible/inventories/scigap/production/pga_config/oiitandy/vars.yml
----------------------------------------------------------------------
diff --git a/dev-tools/ansible/inventories/scigap/production/pga_config/oiitandy/vars.yml b/dev-tools/ansible/inventories/scigap/production/pga_config/oiitandy/vars.yml
index 37321cb..65a6cb1 100644
--- a/dev-tools/ansible/inventories/scigap/production/pga_config/oiitandy/vars.yml
+++ b/dev-tools/ansible/inventories/scigap/production/pga_config/oiitandy/vars.yml
@@ -31,12 +31,18 @@ ssl_certificate_file: "/etc/letsencrypt/live/scigw.oii.org/cert.pem"
ssl_certificate_chain_file: "/etc/letsencrypt/live/scigw.oii.org/fullchain.pem"
ssl_certificate_key_file: "/etc/letsencrypt/live/scigw.oii.org/privkey.pem"
-## WSO2 IS related variables
-tenant_domain: "prod.oii"
+## Keycloak related variables
+tenant_domain: "{{ gateway_id }}"
admin_username: "admin"
admin_password: "{{ vault_admin_password }}"
oauth_client_key: "{{ vault_oauth_client_key }}"
oauth_client_secret: "{{ vault_oauth_client_secret }}"
+oidc_discovery_url: "https://iam.scigap.org/auth/realms/{{ tenant_domain }}/.well-known/openid-configuration"
+
+auth_options:
+ - name: "OII Science Gateway"
+ oauth_grant_type: "password"
+oauth_callback_url: "https://{{ vhost_servername }}/callback-url"
gateway_id: "oiitandy"
# relative to document root dir
http://git-wip-us.apache.org/repos/asf/airavata/blob/60464689/dev-tools/ansible/inventories/scigap/production/pga_config/oscer/vars.yml
----------------------------------------------------------------------
diff --git a/dev-tools/ansible/inventories/scigap/production/pga_config/oscer/vars.yml b/dev-tools/ansible/inventories/scigap/production/pga_config/oscer/vars.yml
index eb15b34..7d2f6e8 100644
--- a/dev-tools/ansible/inventories/scigap/production/pga_config/oscer/vars.yml
+++ b/dev-tools/ansible/inventories/scigap/production/pga_config/oscer/vars.yml
@@ -31,12 +31,22 @@ ssl_certificate_file: "/etc/letsencrypt/live/sciencegateway.oscer.ou.edu/cert.pe
ssl_certificate_chain_file: "/etc/letsencrypt/live/sciencegateway.oscer.ou.edu/fullchain.pem"
ssl_certificate_key_file: "/etc/letsencrypt/live/sciencegateway.oscer.ou.edu/privkey.pem"
-## WSO2 IS related variables
-tenant_domain: "prod.oscer"
+## Keycloak related variables
+tenant_domain: "{{ tenant_domain }}"
admin_username: "admin"
admin_password: "{{ vault_admin_password }}"
oauth_client_key: "{{ vault_oauth_client_key }}"
oauth_client_secret: "{{ vault_oauth_client_secret }}"
+oidc_discovery_url: "https://iam.scigap.org/auth/realms/{{ tenant_domain }}/.well-known/openid-configuration"
+
+auth_options:
+ - name: "OU Science Gateway"
+ oauth_grant_type: "password"
+ - name: "CILogon"
+ oauth_grant_type: "authorization_code"
+ oauth_authorize_url_extra_params: "kc_idp_hint=oidc"
+ logo: "/assets/cilogon-logo-24x24-b.png"
+oauth_callback_url: "https://{{ vhost_servername }}/callback-url"
gateway_id: "oscer"
# relative to document root dir
http://git-wip-us.apache.org/repos/asf/airavata/blob/60464689/dev-tools/ansible/inventories/scigap/production/pga_config/phasta/vars.yml
----------------------------------------------------------------------
diff --git a/dev-tools/ansible/inventories/scigap/production/pga_config/phasta/vars.yml b/dev-tools/ansible/inventories/scigap/production/pga_config/phasta/vars.yml
index 2542690..6a15508 100644
--- a/dev-tools/ansible/inventories/scigap/production/pga_config/phasta/vars.yml
+++ b/dev-tools/ansible/inventories/scigap/production/pga_config/phasta/vars.yml
@@ -31,12 +31,18 @@ ssl_certificate_file: "/etc/pki/tls/certs/phasta_scigap_org_cert.cer"
ssl_certificate_chain_file: "/etc/pki/tls/certs/phasta_scigap_org_interm.cer"
ssl_certificate_key_file: "/etc/pki/tls/private/phasta.scigap.key"
-## WSO2 IS related variables
-tenant_domain: "product.phasta"
+## Keycloak related variables
+tenant_domain: "{{ gateway_id }}"
admin_username: "phasta_admin"
admin_password: "{{ vault_admin_password }}"
oauth_client_key: "{{ vault_oauth_client_key }}"
oauth_client_secret: "{{ vault_oauth_client_secret }}"
+oidc_discovery_url: "https://iam.scigap.org/auth/realms/{{ tenant_domain }}/.well-known/openid-configuration"
+
+auth_options:
+ - name: "PHASTA"
+ oauth_grant_type: "password"
+oauth_callback_url: "https://{{ vhost_servername }}/callback-url"
gateway_id: "phasta"
# relative to document root dir
http://git-wip-us.apache.org/repos/asf/airavata/blob/60464689/dev-tools/ansible/inventories/scigap/production/pga_config/scigap/vars.yml
----------------------------------------------------------------------
diff --git a/dev-tools/ansible/inventories/scigap/production/pga_config/scigap/vars.yml b/dev-tools/ansible/inventories/scigap/production/pga_config/scigap/vars.yml
index 8cb7375..1f01bed 100644
--- a/dev-tools/ansible/inventories/scigap/production/pga_config/scigap/vars.yml
+++ b/dev-tools/ansible/inventories/scigap/production/pga_config/scigap/vars.yml
@@ -31,18 +31,25 @@ ssl_certificate_file: "/etc/pki/tls/certs/scigap_org_cert.cer"
ssl_certificate_chain_file: "/etc/pki/tls/certs/scigap_org_interm.cer"
ssl_certificate_key_file: "/etc/pki/tls/private/scigap.key"
-## WSO2 IS related variables
-tenant_domain: ""
+## Keycloak related variables
+tenant_domain: "{{ gateway_id }}"
admin_username: "scigap_admin"
admin_password: "{{ vault_admin_password }}"
oauth_client_key: "{{ vault_oauth_client_key }}"
oauth_client_secret: "{{ vault_oauth_client_secret }}"
-user_role_name: "airavata-user"
+# With Keycloak, we have to have static role names
+#user_role_name: "airavata-user"
+initial_role_name: "gateway-provider"
+oidc_discovery_url: "https://iam.scigap.org/auth/realms/{{ tenant_domain }}/.well-known/openid-configuration"
+
+auth_options:
+ - name: "SciGaP"
+ oauth_grant_type: "password"
+oauth_callback_url: "https://{{ vhost_servername }}/callback-url"
gateway_id: "scigap"
# relative to document root dir
experiment_data_dir: "{{ user_data_dir }}/scigap"
-# TODO: this is only for testing, we'll need to update this again during the real migration
gateway_data_store_resource_id: "gf4.ucs.indiana.edu_61552681-96f0-462a-a36c-a62a010bffc6"
## Portal related variables
http://git-wip-us.apache.org/repos/asf/airavata/blob/60464689/dev-tools/ansible/inventories/scigap/production/pga_config/seagrid/vars.yml
----------------------------------------------------------------------
diff --git a/dev-tools/ansible/inventories/scigap/production/pga_config/seagrid/vars.yml b/dev-tools/ansible/inventories/scigap/production/pga_config/seagrid/vars.yml
index 7ad0bda..57c143b 100644
--- a/dev-tools/ansible/inventories/scigap/production/pga_config/seagrid/vars.yml
+++ b/dev-tools/ansible/inventories/scigap/production/pga_config/seagrid/vars.yml
@@ -24,20 +24,35 @@ git_branch: "master"
user: "pga"
group: "pga"
doc_root_dir: "/var/www/portals/{{ gateway_id }}"
-vhost_servername: "seagrid.org"
-vhost_serveralias: "www.seagrid.org"
+#vhost_servername: "seagrid.org"
+#vhost_serveralias: "www.seagrid.org"
+vhost_servername: "beta.seagrid.org"
vhost_ssl: True
# TODO: have Ansible manage these files as well
-ssl_certificate_file: "/etc/pki/tls/certs/seagrid_org_cert.cer"
-ssl_certificate_chain_file: "/etc/pki/tls/certs/seagrid_org_interm.cer"
-ssl_certificate_key_file: "/etc/pki/tls/private/portal.seagrid.key"
+#ssl_certificate_file: "/etc/pki/tls/certs/seagrid_org_cert.cer"
+#ssl_certificate_chain_file: "/etc/pki/tls/certs/seagrid_org_interm.cer"
+#ssl_certificate_key_file: "/etc/pki/tls/private/portal.seagrid.key"
+ssl_certificate_file: "/etc/letsencrypt/live/beta.seagrid.org/cert.pem"
+ssl_certificate_chain_file: "/etc/letsencrypt/live/beta.seagrid.org/fullchain.pem"
+ssl_certificate_key_file: "/etc/letsencrypt/live/beta.seagrid.org/privkey.pem"
-## WSO2 IS related variables
-tenant_domain: "prod.seagrid"
+
+## Keycloak related variables
+tenant_domain: "{{ gateway_id }}"
admin_username: "admin"
admin_password: "{{ vault_admin_password }}"
oauth_client_key: "{{ vault_oauth_client_key }}"
oauth_client_secret: "{{ vault_oauth_client_secret }}"
+oidc_discovery_url: "https://iam.scigap.org/auth/realms/{{ tenant_domain }}/.well-known/openid-configuration"
+
+auth_options:
+ - name: "SEAGrid"
+ oauth_grant_type: "password"
+ - name: "CILogon"
+ oauth_grant_type: "authorization_code"
+ oauth_authorize_url_extra_params: "kc_idp_hint=oidc"
+ logo: "/assets/cilogon-logo-24x24-b.png"
+oauth_callback_url: "https://{{ vhost_servername }}/callback-url"
gateway_id: "seagrid"
# relative to document root dir
http://git-wip-us.apache.org/repos/asf/airavata/blob/60464689/dev-tools/ansible/inventories/scigap/production/pga_config/simvascular/vars.yml
----------------------------------------------------------------------
diff --git a/dev-tools/ansible/inventories/scigap/production/pga_config/simvascular/vars.yml b/dev-tools/ansible/inventories/scigap/production/pga_config/simvascular/vars.yml
index 97cd515..ae301d6 100644
--- a/dev-tools/ansible/inventories/scigap/production/pga_config/simvascular/vars.yml
+++ b/dev-tools/ansible/inventories/scigap/production/pga_config/simvascular/vars.yml
@@ -31,12 +31,18 @@ ssl_certificate_file: "/etc/letsencrypt/live/gateway.simvascular.org/cert.pem"
ssl_certificate_chain_file: "/etc/letsencrypt/live/gateway.simvascular.org/fullchain.pem"
ssl_certificate_key_file: "/etc/letsencrypt/live/gateway.simvascular.org/privkey.pem"
-## WSO2 IS related variables
-tenant_domain: "airavata.simvascular"
+## Keycloak related variables
+tenant_domain: "{{ gateway_id }}"
admin_username: "admin"
admin_password: "{{ vault_admin_password }}"
oauth_client_key: "{{ vault_oauth_client_key }}"
oauth_client_secret: "{{ vault_oauth_client_secret }}"
+oauth_callback_url: "https://{{ vhost_servername }}/callback-url"
+
+auth_options:
+ - name: "SimVascular"
+ oauth_grant_type: "password"
+oauth_callback_url: "https://{{ vhost_servername }}/callback-url"
gateway_id: "simvascular"
# relative to document root dir
http://git-wip-us.apache.org/repos/asf/airavata/blob/60464689/dev-tools/ansible/inventories/scigap/production/pga_config/southdakota/vars.yml
----------------------------------------------------------------------
diff --git a/dev-tools/ansible/inventories/scigap/production/pga_config/southdakota/vars.yml b/dev-tools/ansible/inventories/scigap/production/pga_config/southdakota/vars.yml
index c0e8ce5..1b30bf1 100644
--- a/dev-tools/ansible/inventories/scigap/production/pga_config/southdakota/vars.yml
+++ b/dev-tools/ansible/inventories/scigap/production/pga_config/southdakota/vars.yml
@@ -31,12 +31,18 @@ ssl_certificate_file: "/etc/pki/tls/certs/sciencegateway_usd_edu_cert.cer"
ssl_certificate_chain_file: "/etc/pki/tls/certs/sciencegateway_usd_edu_interm.cer"
ssl_certificate_key_file: "/etc/pki/tls/private/southdakota-sg.key"
-## WSO2 IS related variables
-tenant_domain: "southdakota.edu"
+## Keycloak related variables
+tenant_domain: "{{ gateway_id }}"
admin_username: "usdadmin"
admin_password: "{{ vault_admin_password }}"
oauth_client_key: "{{ vault_oauth_client_key }}"
oauth_client_secret: "{{ vault_oauth_client_secret }}"
+oidc_discovery_url: "https://iam.scigap.org/auth/realms/{{ tenant_domain }}/.well-known/openid-configuration"
+
+auth_options:
+ - name: "South Dakota Sciencegateway"
+ oauth_grant_type: "password"
+oauth_callback_url: "https://{{ vhost_servername }}/callback-url"
gateway_id: "southdakota"
# relative to document root dir
http://git-wip-us.apache.org/repos/asf/airavata/blob/60464689/dev-tools/ansible/inventories/scigap/production/pga_config/southernillinois/vars.yml
----------------------------------------------------------------------
diff --git a/dev-tools/ansible/inventories/scigap/production/pga_config/southernillinois/vars.yml b/dev-tools/ansible/inventories/scigap/production/pga_config/southernillinois/vars.yml
index 9e0839a..0c49e40 100644
--- a/dev-tools/ansible/inventories/scigap/production/pga_config/southernillinois/vars.yml
+++ b/dev-tools/ansible/inventories/scigap/production/pga_config/southernillinois/vars.yml
@@ -31,12 +31,18 @@ ssl_certificate_file: "/etc/letsencrypt/live/sciencegateway.siu.edu/cert.pem"
ssl_certificate_chain_file: "/etc/letsencrypt/live/sciencegateway.siu.edu/fullchain.pem"
ssl_certificate_key_file: "/etc/letsencrypt/live/sciencegateway.siu.edu/privkey.pem"
-## WSO2 IS related variables
-tenant_domain: "airavata.southill"
+## Keycloak related variables
+tenant_domain: "{{ gateway_id }}"
admin_username: "admin"
admin_password: "{{ vault_admin_password }}"
oauth_client_key: "{{ vault_oauth_client_key }}"
oauth_client_secret: "{{ vault_oauth_client_secret }}"
+oidc_discovery_url: "https://iam.scigap.org/auth/realms/{{ tenant_domain }}/.well-known/openid-configuration"
+
+auth_options:
+ - name: "Southern Illinois PHP Gateway"
+ oauth_grant_type: "password"
+oauth_callback_url: "https://{{ vhost_servername }}/callback-url"
gateway_id: "southill"
# relative to document root dir
http://git-wip-us.apache.org/repos/asf/airavata/blob/60464689/dev-tools/ansible/inventories/scigap/production/pga_config/testdrive/vars.yml
----------------------------------------------------------------------
diff --git a/dev-tools/ansible/inventories/scigap/production/pga_config/testdrive/vars.yml b/dev-tools/ansible/inventories/scigap/production/pga_config/testdrive/vars.yml
index 0e07e38..cc96188 100644
--- a/dev-tools/ansible/inventories/scigap/production/pga_config/testdrive/vars.yml
+++ b/dev-tools/ansible/inventories/scigap/production/pga_config/testdrive/vars.yml
@@ -32,12 +32,22 @@ ssl_certificate_file: "/etc/pki/tls/certs/testdrive_airavata_org_cert.cer"
ssl_certificate_chain_file: "/etc/pki/tls/certs/testdrive_airavata_org_interm.cer"
ssl_certificate_key_file: "/etc/pki/tls/private/testdrive-airavata.key"
-## WSO2 IS related variables
-tenant_domain: "prod.testdrive"
+## Keycloak related variables
+tenant_domain: "{{ gateway_id }}"
admin_username: "tdaadmin"
admin_password: "{{ vault_admin_password }}"
oauth_client_key: "{{ vault_oauth_client_key }}"
oauth_client_secret: "{{ vault_oauth_client_secret }}"
+oidc_discovery_url: "https://iam.scigap.org/auth/realms/{{ tenant_domain }}/.well-known/openid-configuration"
+
+auth_options:
+ - name: "Test Drive"
+ oauth_grant_type: "password"
+ - name: "CILogon"
+ oauth_grant_type: "authorization_code"
+ oauth_authorize_url_extra_params: "kc_idp_hint=oidc"
+ logo: "/assets/cilogon-logo-24x24-b.png"
+oauth_callback_url: "https://{{ vhost_servername }}/callback-url"
gateway_id: "default"
# relative to document root dir
http://git-wip-us.apache.org/repos/asf/airavata/blob/60464689/dev-tools/ansible/inventories/scigap/production/pga_config/ultrascan/vars.yml
----------------------------------------------------------------------
diff --git a/dev-tools/ansible/inventories/scigap/production/pga_config/ultrascan/vars.yml b/dev-tools/ansible/inventories/scigap/production/pga_config/ultrascan/vars.yml
index 3110a94..de9a356 100644
--- a/dev-tools/ansible/inventories/scigap/production/pga_config/ultrascan/vars.yml
+++ b/dev-tools/ansible/inventories/scigap/production/pga_config/ultrascan/vars.yml
@@ -36,14 +36,21 @@ ssl_certificate_file: "/etc/pki/tls/certs/ultrascan_scigap_org_cert.cer"
ssl_certificate_chain_file: "/etc/pki/tls/certs/ultrascan_scigap_org_interm.cer"
ssl_certificate_key_file: "/etc/pki/tls/private/ultrascan.scigap.key"
-## WSO2 IS related variables
-tenant_domain: "prod.ultrascan"
+## Keycloak related variables
+tenant_domain: "{{ gateway_id }}"
admin_username: "uslimsadmin"
admin_password: "{{ vault_admin_password }}"
oauth_client_key: "{{ vault_oauth_client_key }}"
oauth_client_secret: "{{ vault_oauth_client_secret }}"
+oidc_discovery_url: "https://iam.scigap.org/auth/realms/{{ tenant_domain }}/.well-known/openid-configuration"
-user_role_name: "airavata-user"
+auth_options:
+ - name: "Ultrascan"
+ oauth_grant_type: "password"
+oauth_callback_url: "https://{{ vhost_servername }}/callback-url"
+
+# With Keycloak, we have to have static role names
+#user_role_name: "airavata-user"
gateway_id: "Ultrascan_Production"
# relative to document root dir
http://git-wip-us.apache.org/repos/asf/airavata/blob/60464689/dev-tools/ansible/inventories/scigap/production/pga_config/utah/vars.yml
----------------------------------------------------------------------
diff --git a/dev-tools/ansible/inventories/scigap/production/pga_config/utah/vars.yml b/dev-tools/ansible/inventories/scigap/production/pga_config/utah/vars.yml
index a92897f..6608485 100644
--- a/dev-tools/ansible/inventories/scigap/production/pga_config/utah/vars.yml
+++ b/dev-tools/ansible/inventories/scigap/production/pga_config/utah/vars.yml
@@ -31,12 +31,18 @@ ssl_certificate_file: "/etc/letsencrypt/live/cybergateway.chpc.utah.edu/cert.pem
ssl_certificate_chain_file: "/etc/letsencrypt/live/cybergateway.chpc.utah.edu/fullchain.pem"
ssl_certificate_key_file: "/etc/letsencrypt/live/cybergateway.chpc.utah.edu/privkey.pem"
-## WSO2 IS related variables
-tenant_domain: "airavata.utah"
+## Keycloak related variables
+tenant_domain: "{{ gateway_id }}"
admin_username: "adminuser"
admin_password: "{{ vault_admin_password }}"
oauth_client_key: "{{ vault_oauth_client_key }}"
oauth_client_secret: "{{ vault_oauth_client_secret }}"
+oidc_discovery_url: "https://iam.scigap.org/auth/realms/{{ tenant_domain }}/.well-known/openid-configuration"
+
+auth_options:
+ - name: "Utah Gateway"
+ oauth_grant_type: "password"
+oauth_callback_url: "https://{{ vhost_servername }}/callback-url"
gateway_id: "utah"
# relative to document root dir