You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airavata.apache.org by ma...@apache.org on 2020/09/18 18:06:06 UTC
[airavata] 03/09: Ansible: PGA deploy on Ubuntu 18
This is an automated email from the ASF dual-hosted git repository.
machristie pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/airavata.git
commit 05b734d34bfd2c06af989451ee7a2113730d1134
Author: Marcus Christie <ma...@apache.org>
AuthorDate: Thu Mar 12 20:13:52 2020 -0400
Ansible: PGA deploy on Ubuntu 18
---
dev-tools/ansible/pga-single-vhost.yml | 1 +
dev-tools/ansible/pga.yml | 1 +
dev-tools/ansible/roles/django/defaults/main.yml | 5 ++-
dev-tools/ansible/roles/django/tasks/main.yml | 2 +-
.../pga/tasks/install_deps_Ubuntu_18.yml} | 43 ++++++++++++++--------
dev-tools/ansible/roles/pga/tasks/main.yml | 30 ++-------------
6 files changed, 36 insertions(+), 46 deletions(-)
diff --git a/dev-tools/ansible/pga-single-vhost.yml b/dev-tools/ansible/pga-single-vhost.yml
index cb0d2c1..7c24198 100644
--- a/dev-tools/ansible/pga-single-vhost.yml
+++ b/dev-tools/ansible/pga-single-vhost.yml
@@ -32,6 +32,7 @@
- "{{ vars_dir }}/vault.yml"
roles:
- env_setup
+ - httpd
- letsencrypt
- pga
diff --git a/dev-tools/ansible/pga.yml b/dev-tools/ansible/pga.yml
index d86f82e..16e3c64 100644
--- a/dev-tools/ansible/pga.yml
+++ b/dev-tools/ansible/pga.yml
@@ -23,6 +23,7 @@
tags: pga
roles:
- env_setup
+ - httpd
- letsencrypt
- pga
diff --git a/dev-tools/ansible/roles/django/defaults/main.yml b/dev-tools/ansible/roles/django/defaults/main.yml
index 90a6237..dc55fab 100644
--- a/dev-tools/ansible/roles/django/defaults/main.yml
+++ b/dev-tools/ansible/roles/django/defaults/main.yml
@@ -28,9 +28,10 @@ vhost_servername: "{{ groups['django'][0] }}"
vhost_ssl: False
vhost_aliases: []
vhost_timeout: 60
+django_vhost_conf_name: "django-{{ gateway_id }}"
httpd_confd_file_location:
- RedHat: "/etc/httpd/conf.d/django-{{ gateway_id }}.conf"
- Debian: "/etc/apache2/sites-available/django-{{ gateway_id }}.conf"
+ RedHat: "/etc/httpd/conf.d/{{ django_vhost_conf_name }}.conf"
+ Debian: "/etc/apache2/sites-available/{{ django_vhost_conf_name }}.conf"
httpd_name:
Debian: apache2
RedHat: httpd
diff --git a/dev-tools/ansible/roles/django/tasks/main.yml b/dev-tools/ansible/roles/django/tasks/main.yml
index 13d449b..c819c14 100644
--- a/dev-tools/ansible/roles/django/tasks/main.yml
+++ b/dev-tools/ansible/roles/django/tasks/main.yml
@@ -271,7 +271,7 @@
when: vhost_ssl
- name: Enable site in Apache (Debian)
- command: a2ensite django-{{ gateway_id }}
+ command: a2ensite {{ django_vhost_conf_name }}
become: yes
notify:
- restart httpd
diff --git a/dev-tools/ansible/pga-single-vhost.yml b/dev-tools/ansible/roles/pga/tasks/install_deps_Ubuntu_18.yml
similarity index 56%
copy from dev-tools/ansible/pga-single-vhost.yml
copy to dev-tools/ansible/roles/pga/tasks/install_deps_Ubuntu_18.yml
index cb0d2c1..cf14489 100644
--- a/dev-tools/ansible/pga-single-vhost.yml
+++ b/dev-tools/ansible/roles/pga/tasks/install_deps_Ubuntu_18.yml
@@ -18,21 +18,32 @@
# under the License.
#
-# This playbook is meant to be included and can be used to
-# deploy multiple PGA instances onto the same host by using
-# virtual hosting. Turns out in Ansible you can't setup these
-# different PGA instances as different groups on the same host.
-# The group_vars for each PGA instance will overwrite each other.
-# See https://github.com/ansible/ansible/issues/9065 for more info.
---
-- hosts: pga
- name: Create/update pga for gateway {{ gateway_id }}
- vars_files:
- - "{{ vars_dir }}/vars.yml"
- - "{{ vars_dir }}/vault.yml"
- roles:
- - env_setup
- - letsencrypt
- - pga
-...
+- name: Add the PHP PPA Ubuntu archive
+ apt_repository:
+ repo: ppa:ondrej/php
+ become: yes
+
+- name: Install prerequisites
+ apt: name="{{ item }}" state=latest update_cache=yes
+ with_items:
+ - libapache2-mod-php5.6
+ - php5.6
+ - php5.6-curl
+ - php5.6-soap
+ - php5.6-mysql
+ - php5.6-mcrypt
+ - composer
+ become: yes
+
+- name: Set php version
+ alternatives:
+ name: php
+ path: /usr/bin/php5.6
+ become: yes
+
+# this just creates symlinks in /etc/php5/{apache2,cli}/conf.d/20-mcryp.ini to /etc/php5/modules-avail/mcrypt.ini
+- name: enable mcrypt
+ command: phpenmod mcrypt
+ become: yes
diff --git a/dev-tools/ansible/roles/pga/tasks/main.yml b/dev-tools/ansible/roles/pga/tasks/main.yml
index 72f5d67..25c3dfa 100644
--- a/dev-tools/ansible/roles/pga/tasks/main.yml
+++ b/dev-tools/ansible/roles/pga/tasks/main.yml
@@ -129,13 +129,6 @@
become: yes
when: ansible_os_family == "RedHat"
-- name: Enable https and http service on public zone
- firewalld: service="{{ item }}" permanent=true state=enabled zone=public immediate=True
- with_items:
- - http
- - https
- become: yes
-
- name: copy virtual host config file
template: src={{ pga_vhost_template }} dest={{ httpd_confd_file_location[ansible_os_family] }} backup=yes
become: yes
@@ -150,19 +143,12 @@
- restart httpd
when: vhost_ssl
-- name: copy default virtual host file
- template: src={{ pga_default_conf_template }} dest={{ default_conf_file_location[ansible_os_family] }} backup=yes
+- name: Enable site in Apache (Debian)
+ command: a2ensite pga-{{ gateway_id }}
become: yes
notify:
- restart httpd
-
-- name: copy modified ssl.conf file
- template: src={{ pga_ssl_conf_template }} dest={{ ssl_conf_file_location[ansible_os_family] }} backup=yes
- become: yes
- notify:
- - restart httpd
- # TODO: make the same fix (disabling SSLv3) on Debian systems too
- when: ansible_os_family == "RedHat"
+ when: ansible_os_family == "Debian"
- name: copy pga user's SSH key for the gateway data store
authorized_key:
@@ -170,13 +156,3 @@
key: "{{ gateway_data_store_ssh_public_key }}"
become: yes
when: gateway_data_store_ssh_public_key != ""
-
-- name: open firewall port {{ pga_default_http_port }}
- firewalld: port="{{ pga_default_http_port }}/tcp"
- zone=public permanent=true state=enabled immediate=yes
- become: yes
-
-- name: open firewall port {{ pga_default_https_port }}
- firewalld: port="{{ pga_default_https_port }}/tcp"
- zone=public permanent=true state=enabled immediate=yes
- become: yes