You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airavata.apache.org by ma...@apache.org on 2022/07/27 13:35:17 UTC
[airavata] branch develop updated (dcba17a72d -> c02b3a5674)
This is an automated email from the ASF dual-hosted git repository.
machristie pushed a change to branch develop
in repository https://gitbox.apache.org/repos/asf/airavata.git
from dcba17a72d Merge pull request #322 from isururanawaka/develop
add cf6d8b24c1 Ansible: configuring shared dir for SEAGrid
add 9f8c2f9652 Ansible: add HiCOPS Django App to gateway
add fbdbff47ba Handling special characters in output staging
add 8df7f78a4a Revert "Handling special characters in output staging"
add bbcf79945b AIRAVATA-3633 update production email account
add dc54dd8925 Changed the admin emails who receive notifications
new c90bdc6737 AIRAVATA-3609 Allow configuring editable django app installs
new ed1e86aa16 AIRAVATA-3609 Fix delegation of database setup tasks for Ansible 2.13
new 45f8dac6d1 AIRAVATA-3609 keycloak updates for js2, switched to systemd for init script
new bb1366355e AIRAVATA-3609 fix installing Java for Keycloak
new 65134efef9 AIRAVATA-3609 Ansible 2.13/Rocky Linux 8 updates for Django deploy
new 834c381b1b Merge branch 'AIRAVATA-3609-develop-inventory' into develop
new da6231272a AIRAVATA-3609 mark custom django apps editable in develop inv
new 5cddfe352d Ansible: js2 inventory for django portals, keycloak
new 7ac5d08b51 Ansible: js2 inventory for Django portals
new c02b3a5674 Merge branch 'AIRAVATA-3609-develop-inventory' into develop
The 10 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
.../scigap/develop-js2/group_vars/all/vars.yml | 5 +-
.../scigap/develop-js2/group_vars/django/vars.yml | 11 ++--
.../scigap/develop-js2/host_vars/amp/vars.yml | 3 +-
.../scigap/develop-js2/host_vars/geo/vars.yml | 18 +++---
.../develop-js2/host_vars/interactwel/vars.yml | 15 ++---
.../scigap/develop-js2/host_vars/rnamake/vars.yml | 10 ++-
.../scigap/develop-js2/host_vars/seagrid/vars.yml | 10 +--
.../scigap/develop-js2/host_vars/simccs/vars.yml | 12 ++--
.../ansible/inventories/scigap/develop-js2/hosts | 18 ++++++
.../scigap/production/group_vars/django/vars.yml | 2 +-
.../production/host_vars/ampgateway/vault.yml | 25 ++++----
.../production/host_vars/bcbportal/vault.yml | 25 ++++----
.../production/host_vars/covid-geoact/vault.yml | 25 ++++----
.../scigap/production/host_vars/csbglsu/vault.yml | 25 ++++----
.../scigap/production/host_vars/deeppdb/vault.yml | 25 ++++----
.../scigap/production/host_vars/delta/vault.yml | 25 ++++----
.../production/host_vars/distantreader/vault.yml | 25 ++++----
.../scigap/production/host_vars/dreg/vault.yml | 25 ++++----
.../production/host_vars/epwgateway/vault.yml | 25 ++++----
.../production/host_vars/futurewater/vault.yml | 25 ++++----
.../scigap/production/host_vars/geo/vault.yml | 25 ++++----
.../production/host_vars/georgiastate/vault.yml | 25 ++++----
.../production/host_vars/global-flood/vault.yml | 25 ++++----
.../production/host_vars/hicops-deepsnap/vars.yml | 3 +
.../production/host_vars/hicops-deepsnap/vault.yml | 25 ++++----
.../scigap/production/host_vars/hubzero/vault.yml | 25 ++++----
.../scigap/production/host_vars/immune/vault.yml | 25 ++++----
.../production/host_vars/interactwel/vault.yml | 25 ++++----
.../production/host_vars/iugateway/vault.yml | 25 ++++----
.../scigap/production/host_vars/kentucky/vault.yml | 25 ++++----
.../production/host_vars/louisiana-state/vault.yml | 25 ++++----
.../scigap/production/host_vars/lrose/vault.yml | 25 ++++----
.../host_vars/microbial-genomes/vault.yml | 25 ++++----
.../scigap/production/host_vars/mines/vault.yml | 25 ++++----
.../production/host_vars/nanoconfinement/vault.yml | 25 ++++----
.../production/host_vars/nanoshape/vault.yml | 25 ++++----
.../production/host_vars/ncsaindustry/vault.yml | 25 ++++----
.../production/host_vars/newmexicostate/vault.yml | 25 ++++----
.../scigap/production/host_vars/nexttdb/vault.yml | 25 ++++----
.../scigap/production/host_vars/oscer/vault.yml | 25 ++++----
.../production/host_vars/pace-gatech/vault.yml | 25 ++++----
.../production/host_vars/pathogenomics/vault.yml | 25 ++++----
.../scigap/production/host_vars/phasta/vault.yml | 25 ++++----
.../production/host_vars/physicell/vault.yml | 25 ++++----
.../scigap/production/host_vars/r-hpc/vault.yml | 25 ++++----
.../scigap/production/host_vars/regsnps/vault.yml | 25 ++++----
.../scigap/production/host_vars/saverx/vault.yml | 25 ++++----
.../scigap/production/host_vars/sdstate/vault.yml | 25 ++++----
.../scigap/production/host_vars/seagrid/vars.yml | 5 ++
.../scigap/production/host_vars/seagrid/vault.yml | 25 ++++----
.../production/host_vars/searchsra/vault.yml | 25 ++++----
.../scigap/production/host_vars/simccs/vault.yml | 25 ++++----
.../production/host_vars/simvascular/vars.yml | 4 +-
.../production/host_vars/simvascular/vault.yml | 32 +++++-----
.../production/host_vars/simvascular_old/vault.yml | 25 ++++----
.../scigap/production/host_vars/smaltr/vault.yml | 25 ++++----
.../production/host_vars/snowvision/vault.yml | 25 ++++----
.../production/host_vars/southdakota/vault.yml | 25 ++++----
.../production/host_vars/testdrive/vault.yml | 25 ++++----
.../scigap/production/host_vars/toppic/vault.yml | 25 ++++----
.../scigap/production/host_vars/tsunami/vault.yml | 25 ++++----
.../scigap/production/host_vars/tutorial/vault.yml | 25 ++++----
.../scigap/production/host_vars/uab/vault.yml | 25 ++++----
.../scigap/production/host_vars/ucmerced/vault.yml | 25 ++++----
.../production/host_vars/ultrascan/vault.yml | 25 ++++----
.../production/host_vars/unggateway/vault.yml | 25 ++++----
.../scigap/production/host_vars/v4i/vault.yml | 25 ++++----
.../scigap/production/host_vars/wvsu/vault.yml | 25 ++++----
dev-tools/ansible/keycloak.yml | 1 -
dev-tools/ansible/requirements.txt | 20 +++++-
dev-tools/ansible/roles/django/tasks/database.yml | 16 ++---
.../django/tasks/install_deps_Centos_7.yml} | 12 ++--
.../tasks/install_deps_Rocky_8.yml} | 9 ++-
dev-tools/ansible/roles/django/tasks/main.yml | 29 ++++++---
..._deps_CentOS_7.yml => install_deps_Rocky_8.yml} | 6 +-
dev-tools/ansible/roles/env_setup/tasks/main.yml | 31 ++++-----
..._deps_CentOS_7.yml => install_deps_Rocky_8.yml} | 8 +--
dev-tools/ansible/roles/httpd/tasks/main.yml | 5 +-
dev-tools/ansible/roles/keycloak/defaults/main.yml | 1 +
dev-tools/ansible/roles/keycloak/tasks/main.yml | 74 +++++++++++-----------
.../templates/keycloak.service.j2} | 4 +-
.../letsencrypt/tasks/install_deps_CentOS_7.yml} | 15 +++--
.../letsencrypt/tasks/install_deps_Rocky_8.yml} | 15 +++--
dev-tools/ansible/roles/letsencrypt/tasks/main.yml | 10 +--
84 files changed, 824 insertions(+), 930 deletions(-)
copy dev-tools/ansible/{pga.yml => roles/django/tasks/install_deps_Centos_7.yml} (88%)
copy dev-tools/ansible/roles/{zabbix/defaults/main.yml => django/tasks/install_deps_Rocky_8.yml} (83%)
copy dev-tools/ansible/roles/django_setup/tasks/{install_deps_CentOS_7.yml => install_deps_Rocky_8.yml} (94%)
copy dev-tools/ansible/roles/httpd/tasks/{install_deps_CentOS_7.yml => install_deps_Rocky_8.yml} (86%)
copy dev-tools/ansible/roles/{tusd/templates/tus.service.j2 => keycloak/templates/keycloak.service.j2} (89%)
copy dev-tools/ansible/{airavata-iam-setup.yml => roles/letsencrypt/tasks/install_deps_CentOS_7.yml} (75%)
copy dev-tools/ansible/{airavata-iam-setup.yml => roles/letsencrypt/tasks/install_deps_Rocky_8.yml} (79%)
[airavata] 03/10: AIRAVATA-3609 Fix delegation of database setup tasks for Ansible 2.13
Posted by ma...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
machristie pushed a commit to branch develop
in repository https://gitbox.apache.org/repos/asf/airavata.git
commit ed1e86aa16ad812f7698b77f47b20dcedb0291bd
Author: Marcus Christie <ma...@apache.org>
AuthorDate: Wed Jul 6 11:09:17 2022 -0400
AIRAVATA-3609 Fix delegation of database setup tasks for Ansible 2.13
---
dev-tools/ansible/requirements.txt | 20 ++++++++++++++++++--
dev-tools/ansible/roles/django/tasks/database.yml | 16 ++++++++--------
dev-tools/ansible/roles/django/tasks/main.yml | 16 ++++++++++++----
3 files changed, 38 insertions(+), 14 deletions(-)
diff --git a/dev-tools/ansible/requirements.txt b/dev-tools/ansible/requirements.txt
index dc30cfd1fd..85f5923373 100644
--- a/dev-tools/ansible/requirements.txt
+++ b/dev-tools/ansible/requirements.txt
@@ -15,5 +15,21 @@
# specific language governing permissions and limitations
# under the License.
-ansible~=2.3.1
-docker<3.0
+ansible==6.0.0
+ansible-core==2.13.1
+certifi==2021.10.8
+cffi==1.15.0
+charset-normalizer==2.0.12
+cryptography==36.0.2
+docker==5.0.3
+idna==3.3
+Jinja2==3.1.1
+MarkupSafe==2.1.1
+packaging==21.3
+pycparser==2.21
+pyparsing==3.0.8
+PyYAML==6.0
+requests==2.27.1
+resolvelib==0.5.4
+urllib3==1.26.9
+websocket-client==1.3.2
diff --git a/dev-tools/ansible/roles/django/tasks/database.yml b/dev-tools/ansible/roles/django/tasks/database.yml
index 4589562088..4b69a1b233 100644
--- a/dev-tools/ansible/roles/django/tasks/database.yml
+++ b/dev-tools/ansible/roles/django/tasks/database.yml
@@ -22,22 +22,22 @@
- name: Adds Python MySQL support on Debian/Ubuntu
apt: pkg="python-mysqldb" state=present
- become_user: root
- when: ansible_os_family == 'Debian'
+ become: true
+ when: hostvars[delegated_host].ansible_os_family == 'Debian'
-- name: Adds Python MySQL support on RedHat/CentOS
- yum: name=MySQL-python state=present
- become_user: root
- when: ansible_os_family == 'RedHat'
+# Explicitly lookup hostvars for delegated host. There seem to be bugs around
+# delegation and ansible facts, see https://github.com/ansible/ansible/issues/30630
+- include_tasks: install_deps_{{ hostvars[delegated_host].ansible_distribution }}_{{ hostvars[delegated_host].ansible_distribution_major_version }}.yml
+ when: hostvars[delegated_host].ansible_os_family == "RedHat"
- name: create django database ({{ django_database_name }})
mysql_db: name="{{ django_database_name }}" state=present encoding=utf8 collation=utf8_bin
- name: give access to {{ django_db_username }} from remote (internal ip)
- mysql_user: name="{{ django_db_username }}" password="{{ django_db_password }}" host="{{ ansible_default_ipv4.address }}"
+ mysql_user: name="{{ django_db_username }}" password="{{ django_db_password }}" host="{{ django_internal_ip }}"
- name: give access to {{ django_db_username }} from remote (public ip)
- mysql_user: name="{{ django_db_username }}" password="{{ django_db_password }}" host="{{ ansible_host }}"
+ mysql_user: name="{{ django_db_username }}" password="{{ django_db_password }}" host="{{ django_public_ip }}"
- name: give access to {{ django_db_username }} from localhost
mysql_user: name="{{ django_db_username }}" password="{{ django_db_password }}" host="localhost"
diff --git a/dev-tools/ansible/roles/django/tasks/main.yml b/dev-tools/ansible/roles/django/tasks/main.yml
index 75b4e88d51..819eb821b7 100644
--- a/dev-tools/ansible/roles/django/tasks/main.yml
+++ b/dev-tools/ansible/roles/django/tasks/main.yml
@@ -27,11 +27,19 @@
with_items:
- "{{ groups['database'] }}"
+# Use 'apply' to propagate delegate_to and become* to included tasks, see
+# https://github.com/ansible/ansible/issues/35398
- name: Run tasks to setup Django database
- include: database.yml
- delegate_to: "{{ item }}"
- become: yes
- become_user: "{{ hostvars[item]['user'] }}"
+ include_tasks: database.yml
+ args:
+ apply:
+ delegate_to: "{{ item }}"
+ become: yes
+ become_user: "{{ hostvars[item]['user'] }}"
+ vars:
+ delegated_host: "{{ item }}"
+ django_public_ip: "{{ ansible_host }}"
+ django_internal_ip: "{{ ansible_default_ipv4.address }}"
with_items:
- "{{ django_database_hosts }}"
[airavata] 09/10: Merge branch 'AIRAVATA-3609-develop-inventory' into develop
Posted by ma...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
machristie pushed a commit to branch develop
in repository https://gitbox.apache.org/repos/asf/airavata.git
commit 834c381b1b48c25d6acdbdc0500a07a534eaa841
Merge: dcba17a72d 65134efef9
Author: Marcus Christie <ma...@apache.org>
AuthorDate: Wed Jul 27 09:33:52 2022 -0400
Merge branch 'AIRAVATA-3609-develop-inventory' into develop
.../scigap/production/group_vars/django/vars.yml | 2 +-
.../production/host_vars/ampgateway/vault.yml | 25 +++--
.../production/host_vars/bcbportal/vault.yml | 25 +++--
.../production/host_vars/covid-geoact/vault.yml | 25 +++--
.../scigap/production/host_vars/csbglsu/vault.yml | 25 +++--
.../scigap/production/host_vars/deeppdb/vault.yml | 25 +++--
.../scigap/production/host_vars/delta/vault.yml | 25 +++--
.../production/host_vars/distantreader/vault.yml | 25 +++--
.../scigap/production/host_vars/dreg/vault.yml | 25 +++--
.../production/host_vars/epwgateway/vault.yml | 25 +++--
.../production/host_vars/futurewater/vault.yml | 25 +++--
.../scigap/production/host_vars/geo/vault.yml | 25 +++--
.../production/host_vars/georgiastate/vault.yml | 25 +++--
.../production/host_vars/global-flood/vault.yml | 25 +++--
.../production/host_vars/hicops-deepsnap/vars.yml | 3 +
.../production/host_vars/hicops-deepsnap/vault.yml | 25 +++--
.../scigap/production/host_vars/hubzero/vault.yml | 25 +++--
.../scigap/production/host_vars/immune/vault.yml | 25 +++--
.../production/host_vars/interactwel/vault.yml | 25 +++--
.../production/host_vars/iugateway/vault.yml | 25 +++--
.../scigap/production/host_vars/kentucky/vault.yml | 25 +++--
.../production/host_vars/louisiana-state/vault.yml | 25 +++--
.../scigap/production/host_vars/lrose/vault.yml | 25 +++--
.../host_vars/microbial-genomes/vault.yml | 25 +++--
.../scigap/production/host_vars/mines/vault.yml | 25 +++--
.../production/host_vars/nanoconfinement/vault.yml | 25 +++--
.../production/host_vars/nanoshape/vault.yml | 25 +++--
.../production/host_vars/ncsaindustry/vault.yml | 25 +++--
.../production/host_vars/newmexicostate/vault.yml | 25 +++--
.../scigap/production/host_vars/nexttdb/vault.yml | 25 +++--
.../scigap/production/host_vars/oscer/vault.yml | 25 +++--
.../production/host_vars/pace-gatech/vault.yml | 25 +++--
.../production/host_vars/pathogenomics/vault.yml | 25 +++--
.../scigap/production/host_vars/phasta/vault.yml | 25 +++--
.../production/host_vars/physicell/vault.yml | 25 +++--
.../scigap/production/host_vars/r-hpc/vault.yml | 25 +++--
.../scigap/production/host_vars/regsnps/vault.yml | 25 +++--
.../scigap/production/host_vars/saverx/vault.yml | 25 +++--
.../scigap/production/host_vars/sdstate/vault.yml | 25 +++--
.../scigap/production/host_vars/seagrid/vars.yml | 5 +
.../scigap/production/host_vars/seagrid/vault.yml | 25 +++--
.../production/host_vars/searchsra/vault.yml | 25 +++--
.../scigap/production/host_vars/simccs/vault.yml | 25 +++--
.../production/host_vars/simvascular/vars.yml | 4 +-
.../production/host_vars/simvascular/vault.yml | 32 +++---
.../production/host_vars/simvascular_old/vault.yml | 25 +++--
.../scigap/production/host_vars/smaltr/vault.yml | 25 +++--
.../production/host_vars/snowvision/vault.yml | 25 +++--
.../production/host_vars/southdakota/vault.yml | 25 +++--
.../production/host_vars/testdrive/vault.yml | 25 +++--
.../scigap/production/host_vars/toppic/vault.yml | 25 +++--
.../scigap/production/host_vars/tsunami/vault.yml | 25 +++--
.../scigap/production/host_vars/tutorial/vault.yml | 25 +++--
.../scigap/production/host_vars/uab/vault.yml | 25 +++--
.../scigap/production/host_vars/ucmerced/vault.yml | 25 +++--
.../production/host_vars/ultrascan/vault.yml | 25 +++--
.../production/host_vars/unggateway/vault.yml | 25 +++--
.../scigap/production/host_vars/v4i/vault.yml | 25 +++--
.../scigap/production/host_vars/wvsu/vault.yml | 25 +++--
dev-tools/ansible/keycloak.yml | 1 -
dev-tools/ansible/requirements.txt | 20 +++-
dev-tools/ansible/roles/django/tasks/database.yml | 16 +--
.../django/tasks/install_deps_Centos_7.yml} | 12 +--
.../django/tasks/install_deps_Rocky_8.yml} | 15 +--
dev-tools/ansible/roles/django/tasks/main.yml | 29 ++++--
.../django_setup/tasks/install_deps_Rocky_8.yml | 108 +++++++++++++++++++++
dev-tools/ansible/roles/env_setup/tasks/main.yml | 31 +++---
.../httpd/tasks/install_deps_Rocky_8.yml} | 21 ++--
dev-tools/ansible/roles/httpd/tasks/main.yml | 5 +-
dev-tools/ansible/roles/keycloak/defaults/main.yml | 1 +
dev-tools/ansible/roles/keycloak/tasks/main.yml | 74 +++++++-------
.../keycloak/templates/keycloak.service.j2} | 20 ++--
.../letsencrypt/tasks/install_deps_CentOS_7.yml} | 17 ++--
.../letsencrypt/tasks/install_deps_Rocky_8.yml} | 17 ++--
dev-tools/ansible/roles/letsencrypt/tasks/main.yml | 10 +-
75 files changed, 888 insertions(+), 905 deletions(-)
diff --cc dev-tools/ansible/roles/env_setup/tasks/main.yml
index 0756da011a,b038e840dd..44645cdd46
--- a/dev-tools/ansible/roles/env_setup/tasks/main.yml
+++ b/dev-tools/ansible/roles/env_setup/tasks/main.yml
@@@ -78,32 -73,25 +78,33 @@@
# Automatic security updates installation
- - name: Install yum-cron, yum-utils (RedHat)
- yum: name={{ item }} state=latest update_cache=yes
- become: yes
- when: ansible_os_family == "RedHat"
- with_items:
- - yum-cron
- - yum-utils
-
- - name: Copy yum-cron.conf config file
- copy:
- src: yum-cron.conf
- dest: /etc/yum/yum-cron.conf
- backup: yes
- become: yes
- when: ansible_os_family == "RedHat"
+ # TODO: switch to dnf-automatic for Rocky Linux
+ # - name: Install yum-cron, yum-utils (RedHat)
+ # yum: name={{ item }} state=latest update_cache=yes
+ # become: yes
+ # when: ansible_os_family == "RedHat"
+ # with_items:
+ # - yum-cron
+ # - yum-utils
+
+ # - name: Copy yum-cron.conf config file
+ # copy:
+ # src: yum-cron.conf
+ # dest: /etc/yum/yum-cron.conf
+ # backup: yes
+ # become: yes
+ # when: ansible_os_family == "RedHat"
-# - name: Enable and start yum-cron
-# service: name=yum-cron state=started enabled=yes daemon_reload=yes
-# become: yes
-# when: ansible_os_family == "RedHat"
+- name: Copy dnf-cron.conf config file (RedHat or Rocky)
+ copy:
+ src: dnf-cron.conf
+ dest: /etc/dnf/automatic.conf
+ backup: yes
+ become: yes
+ when: ansible_os_family == "Rocky"
+
+- name: Enable and start yum-cron
+ service: name=yum-cron state=started enabled=yes daemon_reload=yes
+ become: yes
+ when: ansible_os_family == "RedHat"
...
diff --cc dev-tools/ansible/roles/keycloak/tasks/main.yml
index 9d61d283ce,78764959c5..e8e7a615d9
--- a/dev-tools/ansible/roles/keycloak/tasks/main.yml
+++ b/dev-tools/ansible/roles/keycloak/tasks/main.yml
@@@ -22,13 -22,33 +22,39 @@@
- name: Install httpd
yum: name="httpd" state=latest update_cache=yes
become: yes
+ when: ansible_os_family == "RedHat"
+
+- name: Install httpd (Rocky)
+ dnf: name="httpd"
+ become: yes
+ when: ansible_os_family == "Rocky"
+ - name: Install java
+ yum: name="java-1.8.0-openjdk-devel" state=present update_cache=yes
+ become: yes
+ tags:
+ - always
+
+ # NOTE: If you see a file not found error, try running rm /var/lib/alternatives/{{ item.exe }} in the target machine
+ - name: set {{ keycloak_java_home }} as default
+ alternatives:
+ name="{{ item.exe }}"
+ link="/usr/bin/{{ item.exe }}"
+ path="{{ item.path }}/{{ item.exe }}"
+ with_items:
+ - { path: "{{ keycloak_java_home }}/bin", exe: 'java' }
+ - { path: "{{ keycloak_java_home }}/bin", exe: 'keytool' }
+ - { path: "{{ keycloak_java_home }}/bin", exe: 'javac' }
+ - { path: "{{ keycloak_java_home }}/bin", exe: 'javadoc' }
+ become: yes
+ tags:
+ - always
+
+ - name: set selinux to permissive
+ selinux: state=permissive policy=targeted
+ become: yes
+ when: ansible_os_family == "RedHat"
+
- name: allow httpd to proxy to Keycloak process
seboolean:
name: httpd_can_network_connect
diff --cc dev-tools/ansible/roles/letsencrypt/tasks/main.yml
index 309610503a,978204d680..413f792673
--- a/dev-tools/ansible/roles/letsencrypt/tasks/main.yml
+++ b/dev-tools/ansible/roles/letsencrypt/tasks/main.yml
@@@ -20,28 -20,9 +20,20 @@@
---
- - name: install certbot and dependencies
- yum: name={{ item }} state=installed update_cache=yes
- with_items:
- - certbot-1.11.0
- - python2-acme-1.11.0
- - python2-certbot-apache-1.11.0
- - ca-certificates-2021.2.50
- become: true
- become_user: root
+ - include_tasks: install_deps_{{ ansible_distribution }}_{{ ansible_distribution_major_version }}.yml
when: ansible_os_family == "RedHat"
+- name: install certbot and dependencies (Rocky)
+ dnf: name={{ item }}
+ with_items:
+ - epel-release
+ - mod_ssl
+ - certbot
+ - python3-certbot-apache
+ become: true
+ become_user: root
+ when: ansible_os_family == "Rocky"
+
- name: add Certbot PPA repository
apt_repository:
repo: "ppa:certbot/certbot"
[airavata] 10/10: Merge branch 'AIRAVATA-3609-develop-inventory' into develop
Posted by ma...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
machristie pushed a commit to branch develop
in repository https://gitbox.apache.org/repos/asf/airavata.git
commit c02b3a56749d7f0d970dbb98ea1c419271da155e
Merge: 834c381b1b 7ac5d08b51
Author: Marcus Christie <ma...@apache.org>
AuthorDate: Wed Jul 27 09:34:55 2022 -0400
Merge branch 'AIRAVATA-3609-develop-inventory' into develop
.../scigap/develop-js2/group_vars/all/vars.yml | 5 ++++-
.../scigap/develop-js2/group_vars/django/vars.yml | 11 +++++++----
.../scigap/develop-js2/host_vars/amp/vars.yml | 3 ++-
.../scigap/develop-js2/host_vars/geo/vars.yml | 18 ++++++++----------
.../scigap/develop-js2/host_vars/interactwel/vars.yml | 15 ++++++---------
.../scigap/develop-js2/host_vars/rnamake/vars.yml | 10 ++++------
.../scigap/develop-js2/host_vars/seagrid/vars.yml | 10 +++++-----
.../scigap/develop-js2/host_vars/simccs/vars.yml | 12 ++++++------
dev-tools/ansible/inventories/scigap/develop-js2/hosts | 18 ++++++++++++++++++
9 files changed, 60 insertions(+), 42 deletions(-)
diff --cc dev-tools/ansible/inventories/scigap/develop-js2/group_vars/all/vars.yml
index e979e5a128,28517bab67..3b28cfcc39
--- a/dev-tools/ansible/inventories/scigap/develop-js2/group_vars/all/vars.yml
+++ b/dev-tools/ansible/inventories/scigap/develop-js2/group_vars/all/vars.yml
@@@ -232,5 -235,3 +235,5 @@@ monitoring_subnets: "{{ iu_subnets }}
# Zabbix
zabbix_server: "rt-watch.uits.indiana.edu"
+
- letsencrypt_email: "circ-iu-group@iu.edu"
++letsencrypt_email: "circ-iu-group@iu.edu"
diff --cc dev-tools/ansible/inventories/scigap/develop-js2/hosts
index c86d67547c,dbd2d81439..fdb0628370
--- a/dev-tools/ansible/inventories/scigap/develop-js2/hosts
+++ b/dev-tools/ansible/inventories/scigap/develop-js2/hosts
@@@ -1,22 -1,40 +1,40 @@@
# inventory file : scigap js2 develop deployment
[zookeeper]
-helix.js2.scigap.org
+helix.js2.scigap.org ansible_python_interpreter=/usr/bin/python3
[rabbitmq]
-api.js2.scigap.org
+api.js2.scigap.org ansible_python_interpreter=/usr/bin/python3
[database]
-db.js2.scigap.org ansible_user=exouser
+db.js2.scigap.org ansible_python_interpreter=/usr/bin/python3
[api-orch]
-api.js2.scigap.org
+api.js2.scigap.org ansible_python_interpreter=/usr/bin/python3
[keycloak]
-iam.js2.scigap.org ansible_user=exouser
+iam.js2.scigap.org ansible_python_interpreter=/usr/bin/python3
[helix]
-helix.js2.scigap.org
+helix.js2.scigap.org ansible_python_interpreter=/usr/bin/python3
[kafka]
-helix.js2.scigap.org
+helix.js2.scigap.org ansible_python_interpreter=/usr/bin/python3
+
+ [django]
-seagrid ansible_host=web.dev.scigap.org ansible_user=exouser
++seagrid ansible_host=web.dev.scigap.org
+ ; simvascular ansible_host=149.165.156.46
-simccs ansible_host=web.dev.scigap.org ansible_user=exouser
-interactwel ansible_host=web.dev.scigap.org ansible_user=exouser
++simccs ansible_host=web.dev.scigap.org
++interactwel ansible_host=web.dev.scigap.org
+ ; usd ansible_host=149.165.156.46
+ ; csbglsu ansible_host=149.165.156.46
+ ; nexttdb ansible_host=149.165.156.46
+ ; saver-x ansible_host=149.165.156.46
+ ; pfec-hydro ansible_host=149.165.156.46
+ ; cyberwater ansible_host=149.165.156.46
+ ; mines ansible_host=149.165.156.46
+ ; amp ansible_host=149.165.170.199
-geo ansible_host=web.dev.scigap.org ansible_user=exouser
++geo ansible_host=web.dev.scigap.org
+ ; delta ansible_host=149.165.169.250
+ ; custos-testdrive ansible_host=pgadev.scigap.org
-rnamake ansible_host=web.dev.scigap.org ansible_user=exouser
++rnamake ansible_host=web.dev.scigap.org
[airavata] 02/10: AIRAVATA-3609 Allow configuring editable django app installs
Posted by ma...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
machristie pushed a commit to branch develop
in repository https://gitbox.apache.org/repos/asf/airavata.git
commit c90bdc67371c671916d39250659792901b903428
Author: Marcus Christie <ma...@apache.org>
AuthorDate: Wed Jul 6 11:08:37 2022 -0400
AIRAVATA-3609 Allow configuring editable django app installs
---
dev-tools/ansible/roles/django/tasks/main.yml | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/dev-tools/ansible/roles/django/tasks/main.yml b/dev-tools/ansible/roles/django/tasks/main.yml
index 172b7f0abf..75b4e88d51 100644
--- a/dev-tools/ansible/roles/django/tasks/main.yml
+++ b/dev-tools/ansible/roles/django/tasks/main.yml
@@ -176,11 +176,12 @@
- name: Install additional dependencies
pip:
- name: "{{ item }}"
+ name: "{{ item.name }}"
virtualenv: "{{ django_venv_dir }}"
+ editable: "{{ item.editable | default(false) }}"
become: yes
become_user: "{{user}}"
- with_list: "{{ airavata_django_extra_dependencies }}"
+ loop: "{{ airavata_django_extra_dependencies }}"
- name: Copy the settings_local.py file
template: src={{ django_settings_local_template }} dest="{{ airavata_django_checkout }}/django_airavata/settings_local.py" owner="{{user}}" group="{{group}}"
[airavata] 07/10: AIRAVATA-3609 Ansible 2.13/Rocky Linux 8 updates for Django deploy
Posted by ma...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
machristie pushed a commit to branch develop
in repository https://gitbox.apache.org/repos/asf/airavata.git
commit 65134efef90e48c677e6c37d26bbf8560224e7d5
Author: Marcus Christie <ma...@apache.org>
AuthorDate: Wed Jul 6 11:49:29 2022 -0400
AIRAVATA-3609 Ansible 2.13/Rocky Linux 8 updates for Django deploy
---
.../roles/django/tasks/install_deps_Centos_7.yml | 28 ++++++
.../roles/django/tasks/install_deps_Rocky_8.yml | 31 ++++++
dev-tools/ansible/roles/django/tasks/main.yml | 8 +-
.../django_setup/tasks/install_deps_Rocky_8.yml | 108 +++++++++++++++++++++
dev-tools/ansible/roles/env_setup/tasks/main.yml | 37 +++----
.../roles/httpd/tasks/install_deps_Rocky_8.yml | 35 +++++++
dev-tools/ansible/roles/httpd/tasks/main.yml | 5 +-
.../tasks/{main.yml => install_deps_CentOS_7.yml} | 37 -------
.../letsencrypt/tasks/install_deps_Rocky_8.yml | 31 ++++++
dev-tools/ansible/roles/letsencrypt/tasks/main.yml | 10 +-
10 files changed, 261 insertions(+), 69 deletions(-)
diff --git a/dev-tools/ansible/roles/django/tasks/install_deps_Centos_7.yml b/dev-tools/ansible/roles/django/tasks/install_deps_Centos_7.yml
new file mode 100644
index 0000000000..fbde07fdcd
--- /dev/null
+++ b/dev-tools/ansible/roles/django/tasks/install_deps_Centos_7.yml
@@ -0,0 +1,28 @@
+#
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+
+---
+
+- name: Adds Python MySQL support (Centos 7)
+ yum: name=MySQL-python state=present
+ become: true
+
+
+...
diff --git a/dev-tools/ansible/roles/django/tasks/install_deps_Rocky_8.yml b/dev-tools/ansible/roles/django/tasks/install_deps_Rocky_8.yml
new file mode 100644
index 0000000000..d81472cad9
--- /dev/null
+++ b/dev-tools/ansible/roles/django/tasks/install_deps_Rocky_8.yml
@@ -0,0 +1,31 @@
+#
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+
+---
+
+- name: Adds Python MySQL support (Rocky 8)
+ dnf: name={{ package }} state=latest
+ loop:
+ - python3-mysql
+ loop_control:
+ loop_var: package
+ become: true
+
+...
diff --git a/dev-tools/ansible/roles/django/tasks/main.yml b/dev-tools/ansible/roles/django/tasks/main.yml
index 819eb821b7..bbe1f10fed 100644
--- a/dev-tools/ansible/roles/django/tasks/main.yml
+++ b/dev-tools/ansible/roles/django/tasks/main.yml
@@ -96,10 +96,12 @@
- name: build airavata-django-portal Docker image
local_action:
module: docker_image
- path: "{{ airavata_django_portal_tempdir.path }}/"
+ build:
+ path: "{{ airavata_django_portal_tempdir.path }}/"
name: airavata-django-portal
- force: true
- # source: build
+ force_source: true
+ force_tag: true
+ source: build
run_once: true
- name: create Docker container so we can copy built files out of it
diff --git a/dev-tools/ansible/roles/django_setup/tasks/install_deps_Rocky_8.yml b/dev-tools/ansible/roles/django_setup/tasks/install_deps_Rocky_8.yml
new file mode 100644
index 0000000000..80f8266702
--- /dev/null
+++ b/dev-tools/ansible/roles/django_setup/tasks/install_deps_Rocky_8.yml
@@ -0,0 +1,108 @@
+#
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+
+---
+
+- name: Install Airavata Django Portal prerequisites (Rocky 8)
+ dnf: name={{ item }} state=latest
+ with_items:
+ - python36
+ - httpd-devel
+ - python36-devel
+ - mysql-devel
+ - gcc
+ - zlib-devel
+ - openssl-devel
+ become: yes
+
+- name: Create mod_wsgi directory
+ file: path={{ mod_wsgi_dir }} state=directory
+ become: yes
+
+- name: Fetch mod_wsgi
+ get_url:
+ url: "{{ mod_wsgi_url }}"
+ dest: "{{ mod_wsgi_tarball_dest }}"
+ become: yes
+
+- name: Untar mod_wsgi
+ unarchive:
+ src: "{{ mod_wsgi_tarball_dest }}"
+ remote_src: yes
+ dest: "{{ mod_wsgi_dir }}"
+ creates: "{{ mod_wsgi_unarchive_dir }}"
+ become: yes
+
+- name: Configure mod_wsgi
+ command: ./configure --with-python=/usr/bin/python3
+ args:
+ chdir: "{{ mod_wsgi_unarchive_dir }}"
+ creates: "{{ mod_wsgi_unarchive_dir }}/Makefile"
+ become: yes
+
+- name: make mod_wsgi
+ command: make
+ args:
+ chdir: "{{ mod_wsgi_unarchive_dir }}"
+ creates: "{{ mod_wsgi_unarchive_dir }}/src/server/mod_wsgi.la"
+ become: yes
+
+- name: make install mod_wsgi
+ command: make install
+ args:
+ chdir: "{{ mod_wsgi_unarchive_dir }}"
+ become: yes
+
+- name: Copy mod_wsgi config file
+ copy:
+ src: 00-wsgi.conf
+ dest: "{{ httpd_conf_modules_dir }}/00-wsgi.conf"
+ become: yes
+
+# Allow httpd to copy file attributes when handling uploaded files and moving
+# them from temporary to final destination (which may cross partitions)
+- name: double check policycoreutils installed
+ dnf: name=python3-policycoreutils state=installed
+ become: yes
+
+- name: Copy SELinux type enforcement file
+ copy: src=django-httpd.te dest=/tmp/
+
+- name: Compile SELinux module file
+ command: checkmodule -M -m -o /tmp/django-httpd.mod /tmp/django-httpd.te
+
+- name: Build SELinux policy package
+ command: semodule_package -o /tmp/django-httpd.pp -m /tmp/django-httpd.mod
+
+- name: unLoad SELinux policy package
+ command: semodule -r django-httpd
+ become: yes
+ ignore_errors: True
+
+- name: Load SELinux policy package
+ command: semodule -i /tmp/django-httpd.pp
+ become: yes
+
+- name: Remove temporary files
+ file: path={{ item }} state=absent
+ with_items:
+ - /tmp/django-httpd.mod
+ - /tmp/django-httpd.pp
+ - /tmp/django-httpd.te
diff --git a/dev-tools/ansible/roles/env_setup/tasks/main.yml b/dev-tools/ansible/roles/env_setup/tasks/main.yml
index 4d36c76fd2..b038e840dd 100644
--- a/dev-tools/ansible/roles/env_setup/tasks/main.yml
+++ b/dev-tools/ansible/roles/env_setup/tasks/main.yml
@@ -73,24 +73,25 @@
# Automatic security updates installation
-- name: Install yum-cron, yum-utils (RedHat)
- yum: name={{ item }} state=latest update_cache=yes
- become: yes
- when: ansible_os_family == "RedHat"
- with_items:
- - yum-cron
- - yum-utils
+# TODO: switch to dnf-automatic for Rocky Linux
+# - name: Install yum-cron, yum-utils (RedHat)
+# yum: name={{ item }} state=latest update_cache=yes
+# become: yes
+# when: ansible_os_family == "RedHat"
+# with_items:
+# - yum-cron
+# - yum-utils
-- name: Copy yum-cron.conf config file
- copy:
- src: yum-cron.conf
- dest: /etc/yum/yum-cron.conf
- backup: yes
- become: yes
- when: ansible_os_family == "RedHat"
+# - name: Copy yum-cron.conf config file
+# copy:
+# src: yum-cron.conf
+# dest: /etc/yum/yum-cron.conf
+# backup: yes
+# become: yes
+# when: ansible_os_family == "RedHat"
-- name: Enable and start yum-cron
- service: name=yum-cron state=started enabled=yes daemon_reload=yes
- become: yes
- when: ansible_os_family == "RedHat"
+# - name: Enable and start yum-cron
+# service: name=yum-cron state=started enabled=yes daemon_reload=yes
+# become: yes
+# when: ansible_os_family == "RedHat"
...
diff --git a/dev-tools/ansible/roles/httpd/tasks/install_deps_Rocky_8.yml b/dev-tools/ansible/roles/httpd/tasks/install_deps_Rocky_8.yml
new file mode 100644
index 0000000000..698932ee25
--- /dev/null
+++ b/dev-tools/ansible/roles/httpd/tasks/install_deps_Rocky_8.yml
@@ -0,0 +1,35 @@
+#
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+
+---
+
+- name: Install pre-requisites
+ dnf: name="{{ item }}" state=latest
+ with_items:
+ - git
+ - httpd
+ - mod_ssl
+ - python3-libselinux
+ - python3-policycoreutils
+ become: yes
+
+- name: install epel release
+ dnf: name=epel-release state=present
+ become: yes
diff --git a/dev-tools/ansible/roles/httpd/tasks/main.yml b/dev-tools/ansible/roles/httpd/tasks/main.yml
index 15a71fd9ed..90a3ee840b 100644
--- a/dev-tools/ansible/roles/httpd/tasks/main.yml
+++ b/dev-tools/ansible/roles/httpd/tasks/main.yml
@@ -34,7 +34,7 @@
- name: create default ssl vhost certificate
command: openssl req -x509 -sha256 -newkey rsa:2048 -keyout {{ httpd_default_ssl_vhost_certificate_key_location[ansible_os_family]}} -out {{ httpd_default_ssl_vhost_certificate_location[ansible_os_family]}} -days 1024 -nodes -subj '/CN={{ ansible_host }}'
become: yes
- when: default_vhost_ssl_cert_check|failed
+ when: default_vhost_ssl_cert_check is failed
- name: Change permissions for default ssl vhost certificate private key
file: path="{{ httpd_default_ssl_vhost_certificate_key_location[ansible_os_family] }}" state=file owner="root" group="root" mode="600"
@@ -59,6 +59,7 @@
file: path="{{ real_user_data_dir }}" state=directory owner="{{user}}" group="{{group}}"
become: yes
+# TODO: create the parent directory of the symlink if missing
- name: Symlink user data dir {{ user_data_dir }} to {{ real_user_data_dir }}
file: src="{{ real_user_data_dir }}" dest="{{ user_data_dir }}" state=link owner="{{user}}" group="{{group}}"
become: yes
@@ -76,7 +77,7 @@
when: ansible_os_family == "RedHat"
- name: run restorecon on user data directory
- command: restorecon -F -R {{ user_data_dir }}
+ command: restorecon -F -R {{ real_user_data_dir }}
become: yes
when: ansible_os_family == "RedHat"
diff --git a/dev-tools/ansible/roles/letsencrypt/tasks/main.yml b/dev-tools/ansible/roles/letsencrypt/tasks/install_deps_CentOS_7.yml
similarity index 52%
copy from dev-tools/ansible/roles/letsencrypt/tasks/main.yml
copy to dev-tools/ansible/roles/letsencrypt/tasks/install_deps_CentOS_7.yml
index 75a4956333..2415c7584f 100644
--- a/dev-tools/ansible/roles/letsencrypt/tasks/main.yml
+++ b/dev-tools/ansible/roles/letsencrypt/tasks/install_deps_CentOS_7.yml
@@ -29,40 +29,3 @@
- ca-certificates-2021.2.50
become: true
become_user: root
- when: ansible_os_family == "RedHat"
-
-- name: add Certbot PPA repository
- apt_repository:
- repo: "ppa:certbot/certbot"
- become: yes
- when: ansible_os_family == "Debian"
-
-- name: Install Certbot and dependencies (Debian)
- apt: name={{ item }} state=latest update_cache=yes
- with_items:
- - certbot
- - python-certbot-apache
- become: yes
- when: ansible_os_family == "Debian"
-
-# Note: on Ubuntu crontab is automatically created to run cert renewal. Only
-# CentOS requires enabling the certbot-renew timer.
-
-- name: enable certbot (letsencrypt) renewal
- systemd:
- enabled: true
- name: certbot-renew
- daemon_reload: true
- become: true
- become_user: root
- when: ansible_os_family == "RedHat"
-
-- name: enable certbot (letsencrypt) renewal timer
- systemd:
- state: started
- enabled: true
- name: certbot-renew.timer
- daemon_reload: true
- become: true
- become_user: root
- when: ansible_os_family == "RedHat"
diff --git a/dev-tools/ansible/roles/letsencrypt/tasks/install_deps_Rocky_8.yml b/dev-tools/ansible/roles/letsencrypt/tasks/install_deps_Rocky_8.yml
new file mode 100644
index 0000000000..574127dec3
--- /dev/null
+++ b/dev-tools/ansible/roles/letsencrypt/tasks/install_deps_Rocky_8.yml
@@ -0,0 +1,31 @@
+#
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+
+---
+
+- name: install certbot and dependencies
+ dnf: name={{ item }} state=latest
+ with_items:
+ - certbot
+ - python3-acme
+ - python3-certbot-apache
+ - ca-certificates
+ become: true
+ become_user: root
diff --git a/dev-tools/ansible/roles/letsencrypt/tasks/main.yml b/dev-tools/ansible/roles/letsencrypt/tasks/main.yml
index 75a4956333..978204d680 100644
--- a/dev-tools/ansible/roles/letsencrypt/tasks/main.yml
+++ b/dev-tools/ansible/roles/letsencrypt/tasks/main.yml
@@ -20,15 +20,7 @@
---
-- name: install certbot and dependencies
- yum: name={{ item }} state=installed update_cache=yes
- with_items:
- - certbot-1.11.0
- - python2-acme-1.11.0
- - python2-certbot-apache-1.11.0
- - ca-certificates-2021.2.50
- become: true
- become_user: root
+- include_tasks: install_deps_{{ ansible_distribution }}_{{ ansible_distribution_major_version }}.yml
when: ansible_os_family == "RedHat"
- name: add Certbot PPA repository
[airavata] 01/10: AIRAVATA-3609 mark custom django apps editable in develop inv
Posted by ma...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
machristie pushed a commit to branch develop
in repository https://gitbox.apache.org/repos/asf/airavata.git
commit da6231272a182936715002b78dee8f069f789f54
Author: Marcus Christie <ma...@apache.org>
AuthorDate: Thu Jun 30 16:49:41 2022 -0400
AIRAVATA-3609 mark custom django apps editable in develop inv
---
.../ansible/inventories/scigap/develop-js2/host_vars/amp/vars.yml | 3 ++-
.../ansible/inventories/scigap/develop-js2/host_vars/geo/vars.yml | 5 +++--
.../inventories/scigap/develop-js2/host_vars/interactwel/vars.yml | 3 ++-
.../inventories/scigap/develop-js2/host_vars/simccs/vars.yml | 7 ++++---
4 files changed, 11 insertions(+), 7 deletions(-)
diff --git a/dev-tools/ansible/inventories/scigap/develop-js2/host_vars/amp/vars.yml b/dev-tools/ansible/inventories/scigap/develop-js2/host_vars/amp/vars.yml
index 876fd5025c..77123e60b1 100644
--- a/dev-tools/ansible/inventories/scigap/develop-js2/host_vars/amp/vars.yml
+++ b/dev-tools/ansible/inventories/scigap/develop-js2/host_vars/amp/vars.yml
@@ -30,7 +30,8 @@ vhost_ssl: true
httpd_selinux_mode: "permissive"
airavata_django_extra_dependencies:
- - "git+ssh://git@github.com/SciGaP/trecx-django-app.git#egg=trecx-django-app"
+ - name: "git+ssh://git@github.com/SciGaP/trecx-django-app.git#egg=trecx-django-app"
+ editable: true
# tus isn't setup yet
tusd_vhost_servername:
diff --git a/dev-tools/ansible/inventories/scigap/develop-js2/host_vars/geo/vars.yml b/dev-tools/ansible/inventories/scigap/develop-js2/host_vars/geo/vars.yml
index fff2208f63..22df7267a0 100644
--- a/dev-tools/ansible/inventories/scigap/develop-js2/host_vars/geo/vars.yml
+++ b/dev-tools/ansible/inventories/scigap/develop-js2/host_vars/geo/vars.yml
@@ -21,8 +21,9 @@
---
airavata_django_extra_dependencies:
- - "git+https://github.com/GeoGateway/geogateway-django-app.git@ui-update#egg=geogateway_django_app"
-# - "git+https://github.com/GeoGateway/geogateway-django-app.git@master#egg=geogateway_django_app"
+ - name: "git+https://github.com/GeoGateway/geogateway-django-app.git@ui-update#egg=geogateway_django_app"
+# - name: "git+https://github.com/GeoGateway/geogateway-django-app.git@master#egg=geogateway_django_app"
+ editable: true
#Git hook is not set for this gateway
diff --git a/dev-tools/ansible/inventories/scigap/develop-js2/host_vars/interactwel/vars.yml b/dev-tools/ansible/inventories/scigap/develop-js2/host_vars/interactwel/vars.yml
index 5d19dd95bd..49c0381832 100644
--- a/dev-tools/ansible/inventories/scigap/develop-js2/host_vars/interactwel/vars.yml
+++ b/dev-tools/ansible/inventories/scigap/develop-js2/host_vars/interactwel/vars.yml
@@ -31,7 +31,8 @@ ssl_certificate_key_file: "/etc/letsencrypt/live/interactwel.org/privkey.pem"
interactwel_django_app_branch: "api-integration"
airavata_django_extra_dependencies:
- - git+https://github.com/InterACTWEL/interactactwel-django-app.git@{{ interactwel_django_app_branch }}#egg=interactwel-django-app
+ - name: git+https://github.com/InterACTWEL/interactactwel-django-app.git@{{ interactwel_django_app_branch }}#egg=interactwel-django-app
+ editable: true
django_extra_settings:
LOGIN_REDIRECT_URL: "/interactwel/"
diff --git a/dev-tools/ansible/inventories/scigap/develop-js2/host_vars/simccs/vars.yml b/dev-tools/ansible/inventories/scigap/develop-js2/host_vars/simccs/vars.yml
index 54c007ca6c..db5f0e600a 100644
--- a/dev-tools/ansible/inventories/scigap/develop-js2/host_vars/simccs/vars.yml
+++ b/dev-tools/ansible/inventories/scigap/develop-js2/host_vars/simccs/vars.yml
@@ -26,9 +26,10 @@ airavata_django_extra_dependencies:
# just cython, then a second with the other dependencies. Reason: pyjnius
# requires that cython already be installed and they can't both be installed
# at the same time.
- - cython
- - "git+https://github.com/SciGaP/simccs-maptool.git@{{ simccs_maptool_branch }}#egg=simccs-maptool"
- - pyjnius
+ - name: cython
+ - name: "git+https://github.com/SciGaP/simccs-maptool.git@{{ simccs_maptool_branch }}#egg=simccs-maptool"
+ editable: true
+ - name: pyjnius
# vhost_servername: "beta.simccs.org"
# Temporary use a *.scigap.org domain name
vhost_servername: "beta.simccs.scigap.org"
[airavata] 04/10: AIRAVATA-3609 keycloak updates for js2, switched to systemd for init script
Posted by ma...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
machristie pushed a commit to branch develop
in repository https://gitbox.apache.org/repos/asf/airavata.git
commit 45f8dac6d16673deda5fdc1f1717f60bebda8e09
Author: Marcus Christie <ma...@apache.org>
AuthorDate: Wed Jul 6 11:34:57 2022 -0400
AIRAVATA-3609 keycloak updates for js2, switched to systemd for init script
---
dev-tools/ansible/roles/keycloak/tasks/main.yml | 53 +++++++---------------
.../roles/keycloak/templates/keycloak.service.j2 | 32 +++++++++++++
2 files changed, 49 insertions(+), 36 deletions(-)
diff --git a/dev-tools/ansible/roles/keycloak/tasks/main.yml b/dev-tools/ansible/roles/keycloak/tasks/main.yml
index 45f3df6291..bf79733519 100644
--- a/dev-tools/ansible/roles/keycloak/tasks/main.yml
+++ b/dev-tools/ansible/roles/keycloak/tasks/main.yml
@@ -23,6 +23,11 @@
yum: name="httpd" state=latest update_cache=yes
become: yes
+- name: set selinux to permissive
+ selinux: state=permissive policy=targeted
+ become: yes
+ when: ansible_os_family == "RedHat"
+
- name: allow httpd to proxy to Keycloak process
seboolean:
name: httpd_can_network_connect
@@ -140,27 +145,16 @@
# <---------- setup init script for keycloak, starts the server after reboot ----------->
-# Init script to start keycloak in Standalone mode
-- name: copy init script file (Standalone)
- template: >
- src=keycloak-standalone-init.j2
- dest="/etc/init.d/keycloak"
- owner="{{ user }}"
- group="{{ group }}"
- mode="u=rwx,g=rx,o=rx"
- become: yes
- become_user: root
- tags:
- - standalone
-
-# System command to add the init script to enable on startup
-- name: add init script to chkconfig and startup on boot
- command: chkconfig --level 345 keycloak on
+- name: copy keycloak.service systemd unit file
+ template:
+ src: "keycloak.service.j2"
+ dest: "/etc/systemd/system/keycloak.service"
+ backup: yes
become: yes
- become_user: root
tags:
- always
+
# </---------- setup init script for keycloak, starts the server after reboot ----------->
# <-------------------------Initialize a new admin for keycloak-------------------------->
@@ -176,26 +170,13 @@
# <--------------------------start keycloak Identity server------------------------------>
-- name: reload Keycloak init script
- command: systemctl daemon-reload
+- name: start/restart keycloak
+ service:
+ name: keycloak
+ state: restarted
+ enabled: yes
+ daemon_reload: yes
become: yes
- become_user: root
- tags:
- - always
-
-# FIXME: restarting Keycloak server doesn't work
-- name: stop Keycloak server
- service: name=keycloak state=stopped
- ignore_errors: yes
- become: yes
- become_user: root
- tags:
- - always
-
-- name: start Keycloak server
- service: name=keycloak state=started
- become: yes
- become_user: root
tags:
- always
...
diff --git a/dev-tools/ansible/roles/keycloak/templates/keycloak.service.j2 b/dev-tools/ansible/roles/keycloak/templates/keycloak.service.j2
new file mode 100644
index 0000000000..da3be9f2ce
--- /dev/null
+++ b/dev-tools/ansible/roles/keycloak/templates/keycloak.service.j2
@@ -0,0 +1,32 @@
+#
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+
+# {{ansible_managed}}
+
+[Unit]
+Description=Keycloak
+
+[Service]
+ExecStart={{ user_home }}/{{ keycloak_install_dir }}/bin/standalone.sh -b 0.0.0.0
+User={{user}}
+Group={{group}}
+
+[Install]
+WantedBy=multi-user.target
[airavata] 05/10: AIRAVATA-3609 fix installing Java for Keycloak
Posted by ma...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
machristie pushed a commit to branch develop
in repository https://gitbox.apache.org/repos/asf/airavata.git
commit bb1366355e11903e9b18f1a4316c371b358c4af4
Author: Marcus Christie <ma...@apache.org>
AuthorDate: Thu Jun 30 16:10:47 2022 -0400
AIRAVATA-3609 fix installing Java for Keycloak
---
dev-tools/ansible/keycloak.yml | 1 -
dev-tools/ansible/roles/java/vars/main.yml | 2 +-
dev-tools/ansible/roles/keycloak/defaults/main.yml | 1 +
dev-tools/ansible/roles/keycloak/tasks/main.yml | 21 +++++++++++++++++++++
4 files changed, 23 insertions(+), 2 deletions(-)
diff --git a/dev-tools/ansible/keycloak.yml b/dev-tools/ansible/keycloak.yml
index 8cca98b762..440def0488 100644
--- a/dev-tools/ansible/keycloak.yml
+++ b/dev-tools/ansible/keycloak.yml
@@ -23,7 +23,6 @@
tags: keycloak
roles:
- env_setup
- - java
- letsencrypt
- keycloak
diff --git a/dev-tools/ansible/roles/java/vars/main.yml b/dev-tools/ansible/roles/java/vars/main.yml
index 107bd61995..cd3e1fda7b 100644
--- a/dev-tools/ansible/roles/java/vars/main.yml
+++ b/dev-tools/ansible/roles/java/vars/main.yml
@@ -22,5 +22,5 @@
#Variables associated with this role
java_home: "/usr/lib/jvm/java-11"
-openjdk_version: "java-11-openjdk-devel-11.0.11.0.9"
+openjdk_version: "java-11-openjdk-devel"
...
diff --git a/dev-tools/ansible/roles/keycloak/defaults/main.yml b/dev-tools/ansible/roles/keycloak/defaults/main.yml
index d94bfe713a..a6d0d6bf82 100644
--- a/dev-tools/ansible/roles/keycloak/defaults/main.yml
+++ b/dev-tools/ansible/roles/keycloak/defaults/main.yml
@@ -30,6 +30,7 @@ mysql_db_connector_download_url: "https://dev.mysql.com/get/Downloads/Connector-
keycloak_master_account_username: "username"
keycloak_master_account_password: "password"
# keycloak_server_port: "443"
+keycloak_java_home: /usr/lib/jvm/java-1.8.0
keycloak_db_host: "localhost"
keycloak_db_port: "3306"
diff --git a/dev-tools/ansible/roles/keycloak/tasks/main.yml b/dev-tools/ansible/roles/keycloak/tasks/main.yml
index bf79733519..78764959c5 100644
--- a/dev-tools/ansible/roles/keycloak/tasks/main.yml
+++ b/dev-tools/ansible/roles/keycloak/tasks/main.yml
@@ -23,6 +23,27 @@
yum: name="httpd" state=latest update_cache=yes
become: yes
+- name: Install java
+ yum: name="java-1.8.0-openjdk-devel" state=present update_cache=yes
+ become: yes
+ tags:
+ - always
+
+# NOTE: If you see a file not found error, try running rm /var/lib/alternatives/{{ item.exe }} in the target machine
+- name: set {{ keycloak_java_home }} as default
+ alternatives:
+ name="{{ item.exe }}"
+ link="/usr/bin/{{ item.exe }}"
+ path="{{ item.path }}/{{ item.exe }}"
+ with_items:
+ - { path: "{{ keycloak_java_home }}/bin", exe: 'java' }
+ - { path: "{{ keycloak_java_home }}/bin", exe: 'keytool' }
+ - { path: "{{ keycloak_java_home }}/bin", exe: 'javac' }
+ - { path: "{{ keycloak_java_home }}/bin", exe: 'javadoc' }
+ become: yes
+ tags:
+ - always
+
- name: set selinux to permissive
selinux: state=permissive policy=targeted
become: yes
[airavata] 08/10: Ansible: js2 inventory for Django portals
Posted by ma...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
machristie pushed a commit to branch develop
in repository https://gitbox.apache.org/repos/asf/airavata.git
commit 7ac5d08b51655be44a6090909bf31036aa0334dd
Author: Marcus Christie <ma...@apache.org>
AuthorDate: Wed Jul 6 12:06:21 2022 -0400
Ansible: js2 inventory for Django portals
---
.../scigap/develop-js2/group_vars/django/vars.yml | 11 +++++++----
.../inventories/scigap/develop-js2/host_vars/geo/vars.yml | 13 +++++--------
.../scigap/develop-js2/host_vars/interactwel/vars.yml | 12 ++++--------
.../scigap/develop-js2/host_vars/rnamake/vars.yml | 10 ++++------
.../scigap/develop-js2/host_vars/seagrid/vars.yml | 10 +++++-----
.../scigap/develop-js2/host_vars/simccs/vars.yml | 5 ++---
6 files changed, 27 insertions(+), 34 deletions(-)
diff --git a/dev-tools/ansible/inventories/scigap/develop-js2/group_vars/django/vars.yml b/dev-tools/ansible/inventories/scigap/develop-js2/group_vars/django/vars.yml
index b5e9ba4f0f..2d710f7d25 100644
--- a/dev-tools/ansible/inventories/scigap/develop-js2/group_vars/django/vars.yml
+++ b/dev-tools/ansible/inventories/scigap/develop-js2/group_vars/django/vars.yml
@@ -21,16 +21,19 @@
---
user: "pga"
group: "pga"
-gateway_data_store_hostname: "pgadev.scigap.org"
-gateway_data_store_resource_id: "pgadev.scigap.org_7ddf28fd-d503-4ff8-bbc5-3279a7c3b99e"
+gateway_data_store_hostname: "web.dev.scigap.org"
+# gateway_data_store_resource_id: "pgadev.scigap.org_7ddf28fd-d503-4ff8-bbc5-3279a7c3b99e"
+gateway_data_store_resource_id: "web.dev.scigap.org_ba01452f-44e5-4e03-b35f-756630539198"
django_wsgi_processes: 1
doc_root_dir: "/var/www/portals/django-{{gateway_id}}"
admin_emails: "[('SGRC Group', 'sgrc-iu-group@iu.edu')]"
django_error_emails: "[('Marcus Christie', 'machrist@iu.edu'), ('Eroma Abeysinghe', 'eabeysin@iu.edu')]"
django_database_name: "django_{{ gateway_id }}"
django_hidden_airavata_apps: "['django_airavata_dataparsers']"
-tusd_vhost_servername: "tus.dev.scigap.org"
-tusd_upload_dir: "{{real_user_data_dir}}/tus-temp-dir"
+# TODO: setup tusd server
+# tusd_vhost_servername: "tus.dev.scigap.org"
+# tusd_upload_dir: "{{real_user_data_dir}}/tus-temp-dir"
airavata_django_git_branch: "develop"
# django_keycloak_ca_certfile_path: 'os.path.join(BASE_DIR, "django_airavata", "resources", "incommon_rsa_server_ca.pem")'
cilogon_userinfo_url: "https://cilogon.org/oauth2/userinfo"
+real_user_data_dir: "/media/volume/sdb/gateway-user-data"
diff --git a/dev-tools/ansible/inventories/scigap/develop-js2/host_vars/geo/vars.yml b/dev-tools/ansible/inventories/scigap/develop-js2/host_vars/geo/vars.yml
index 22df7267a0..b85467db39 100644
--- a/dev-tools/ansible/inventories/scigap/develop-js2/host_vars/geo/vars.yml
+++ b/dev-tools/ansible/inventories/scigap/develop-js2/host_vars/geo/vars.yml
@@ -27,17 +27,14 @@ airavata_django_extra_dependencies:
#Git hook is not set for this gateway
-# No symlink, user_data_dir is same as real_user_data_dir
-user_data_dir: "{{ real_user_data_dir }}"
#airavata_django_git_branch: "simccs"
-vhost_servername: "beta.geogateway.scigap.org"
+# vhost_servername: "beta.geogateway.scigap.org"
+vhost_servername: "geogateway.js2.scigap.org"
vhost_ssl: true
-# tus isn't setup yet
-tusd_vhost_servername:
# sudo certbot --apache certonly -d django.simccs.scigap.org
-ssl_certificate_file: "/etc/letsencrypt/live/beta.geogateway.scigap.org/cert.pem"
-ssl_certificate_chain_file: "/etc/letsencrypt/live/beta.geogateway.scigap.org/fullchain.pem"
-ssl_certificate_key_file: "/etc/letsencrypt/live/beta.geogateway.scigap.org/privkey.pem"
+ssl_certificate_file: "/etc/letsencrypt/live/{{ vhost_servername }}/cert.pem"
+ssl_certificate_chain_file: "/etc/letsencrypt/live/{{ vhost_servername }}/fullchain.pem"
+ssl_certificate_key_file: "/etc/letsencrypt/live/{{ vhost_servername }}/privkey.pem"
django_extra_settings:
LOGIN_REDIRECT_URL: "/geogateway_django_app/"
diff --git a/dev-tools/ansible/inventories/scigap/develop-js2/host_vars/interactwel/vars.yml b/dev-tools/ansible/inventories/scigap/develop-js2/host_vars/interactwel/vars.yml
index 49c0381832..33008b7dae 100644
--- a/dev-tools/ansible/inventories/scigap/develop-js2/host_vars/interactwel/vars.yml
+++ b/dev-tools/ansible/inventories/scigap/develop-js2/host_vars/interactwel/vars.yml
@@ -19,15 +19,11 @@
#
---
-#airavata_django_git_branch: "simccs"
-#vhost_servername: "django.interactwel.scigap.org"
-vhost_servername: "interactwel.org"
-vhost_server_redirect: "www.interactwel.org"
+vhost_servername: "interactwel.js2.scigap.org"
vhost_ssl: true
-# sudo certbot --apache certonly -d django.simccs.scigap.org
-ssl_certificate_file: "/etc/letsencrypt/live/interactwel.org/cert.pem"
-ssl_certificate_chain_file: "/etc/letsencrypt/live/interactwel.org/fullchain.pem"
-ssl_certificate_key_file: "/etc/letsencrypt/live/interactwel.org/privkey.pem"
+ssl_certificate_file: "/etc/letsencrypt/live/{{ vhost_servername }}/cert.pem"
+ssl_certificate_chain_file: "/etc/letsencrypt/live/{{ vhost_servername }}/fullchain.pem"
+ssl_certificate_key_file: "/etc/letsencrypt/live/{{ vhost_servername }}/privkey.pem"
interactwel_django_app_branch: "api-integration"
airavata_django_extra_dependencies:
diff --git a/dev-tools/ansible/inventories/scigap/develop-js2/host_vars/rnamake/vars.yml b/dev-tools/ansible/inventories/scigap/develop-js2/host_vars/rnamake/vars.yml
index 624a742c04..9b296ba2de 100644
--- a/dev-tools/ansible/inventories/scigap/develop-js2/host_vars/rnamake/vars.yml
+++ b/dev-tools/ansible/inventories/scigap/develop-js2/host_vars/rnamake/vars.yml
@@ -19,13 +19,11 @@
#
---
-#airavata_django_git_branch: "simccs"
-vhost_servername: "dev.rnamake.scigap.org"
+vhost_servername: "rnamake.js2.scigap.org"
vhost_ssl: true
-# sudo certbot --apache certonly -d django.simccs.scigap.org
-ssl_certificate_file: "/etc/letsencrypt/live/dev.rnamake.scigap.org/cert.pem"
-ssl_certificate_chain_file: "/etc/letsencrypt/live/dev.rnamake.scigap.org/fullchain.pem"
-ssl_certificate_key_file: "/etc/letsencrypt/live/dev.rnamake.scigap.org/privkey.pem"
+ssl_certificate_file: "/etc/letsencrypt/live/{{ vhost_servername }}/cert.pem"
+ssl_certificate_chain_file: "/etc/letsencrypt/live/{{ vhost_servername }}/fullchain.pem"
+ssl_certificate_key_file: "/etc/letsencrypt/live/{{ vhost_servername }}/privkey.pem"
## Keycloak related variables
tenant_domain: "rnamake"
diff --git a/dev-tools/ansible/inventories/scigap/develop-js2/host_vars/seagrid/vars.yml b/dev-tools/ansible/inventories/scigap/develop-js2/host_vars/seagrid/vars.yml
index 922710f3b4..3c5266208e 100644
--- a/dev-tools/ansible/inventories/scigap/develop-js2/host_vars/seagrid/vars.yml
+++ b/dev-tools/ansible/inventories/scigap/develop-js2/host_vars/seagrid/vars.yml
@@ -19,11 +19,11 @@
#
---
-vhost_servername: "django.seagrid.org"
-vhost_ssl: True
-ssl_certificate_file: "/etc/letsencrypt/live/django.seagrid.org/cert.pem"
-ssl_certificate_chain_file: "/etc/letsencrypt/live/django.seagrid.org/fullchain.pem"
-ssl_certificate_key_file: "/etc/letsencrypt/live/django.seagrid.org/privkey.pem"
+vhost_servername: "js2.seagrid.org"
+vhost_ssl: true
+ssl_certificate_file: "/etc/letsencrypt/live/{{ vhost_servername }}/cert.pem"
+ssl_certificate_chain_file: "/etc/letsencrypt/live/{{ vhost_servername }}/fullchain.pem"
+ssl_certificate_key_file: "/etc/letsencrypt/live/{{ vhost_servername }}/privkey.pem"
## Keycloak related variables
tenant_domain: "seagrid"
diff --git a/dev-tools/ansible/inventories/scigap/develop-js2/host_vars/simccs/vars.yml b/dev-tools/ansible/inventories/scigap/develop-js2/host_vars/simccs/vars.yml
index db5f0e600a..c9d36fa213 100644
--- a/dev-tools/ansible/inventories/scigap/develop-js2/host_vars/simccs/vars.yml
+++ b/dev-tools/ansible/inventories/scigap/develop-js2/host_vars/simccs/vars.yml
@@ -32,11 +32,10 @@ airavata_django_extra_dependencies:
- name: pyjnius
# vhost_servername: "beta.simccs.org"
# Temporary use a *.scigap.org domain name
-vhost_servername: "beta.simccs.scigap.org"
-vhost_ssl: True
# Some of the maptool views call into Java code and can take 2-3 minutes to execute
vhost_timeout: 300
-# sudo certbot --apache certonly -d django.simccs.scigap.org
+vhost_servername: "simccs.js2.scigap.org"
+vhost_ssl: true
ssl_certificate_file: "/etc/letsencrypt/live/{{ vhost_servername }}/cert.pem"
ssl_certificate_chain_file: "/etc/letsencrypt/live/{{ vhost_servername }}/fullchain.pem"
ssl_certificate_key_file: "/etc/letsencrypt/live/{{ vhost_servername }}/privkey.pem"
[airavata] 06/10: Ansible: js2 inventory for django portals, keycloak
Posted by ma...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
machristie pushed a commit to branch develop
in repository https://gitbox.apache.org/repos/asf/airavata.git
commit 5cddfe352d4628172bfefbec46f15b6880b0ecde
Author: Marcus Christie <ma...@apache.org>
AuthorDate: Wed Jul 6 11:44:20 2022 -0400
Ansible: js2 inventory for django portals, keycloak
---
.../scigap/develop-js2/group_vars/all/vars.yml | 5 ++++-
.../ansible/inventories/scigap/develop-js2/hosts | 22 ++++++++++++++++++++--
2 files changed, 24 insertions(+), 3 deletions(-)
diff --git a/dev-tools/ansible/inventories/scigap/develop-js2/group_vars/all/vars.yml b/dev-tools/ansible/inventories/scigap/develop-js2/group_vars/all/vars.yml
index 5f1a36c285..28517bab67 100644
--- a/dev-tools/ansible/inventories/scigap/develop-js2/group_vars/all/vars.yml
+++ b/dev-tools/ansible/inventories/scigap/develop-js2/group_vars/all/vars.yml
@@ -144,7 +144,10 @@ keycloak_db_username: "keycloak"
keycloak_db_password: "{{ vault_keycloak_db_password }}"
keycloak_master_account_username: "admin"
keycloak_master_account_password: "{{ vault_keycloak_master_account_password }}"
-keycloak_vhost_servername: "iamdev.scigap.org"
+keycloak_vhost_servername: "iam.js2.scigap.org"
+
+# Letsencrypt
+letsencrypt_email: "circ-iu-group@iu.edu"
# Helix
helix_version: 0.9.9
diff --git a/dev-tools/ansible/inventories/scigap/develop-js2/hosts b/dev-tools/ansible/inventories/scigap/develop-js2/hosts
index ea8027bb24..dbd2d81439 100644
--- a/dev-tools/ansible/inventories/scigap/develop-js2/hosts
+++ b/dev-tools/ansible/inventories/scigap/develop-js2/hosts
@@ -7,16 +7,34 @@ helix.js2.scigap.org
api.js2.scigap.org
[database]
-db.js2.scigap.org
+db.js2.scigap.org ansible_user=exouser
[api-orch]
api.js2.scigap.org
[keycloak]
-iam.js2.scigap.org
+iam.js2.scigap.org ansible_user=exouser
[helix]
helix.js2.scigap.org
[kafka]
helix.js2.scigap.org
+
+[django]
+seagrid ansible_host=web.dev.scigap.org ansible_user=exouser
+; simvascular ansible_host=149.165.156.46
+simccs ansible_host=web.dev.scigap.org ansible_user=exouser
+interactwel ansible_host=web.dev.scigap.org ansible_user=exouser
+; usd ansible_host=149.165.156.46
+; csbglsu ansible_host=149.165.156.46
+; nexttdb ansible_host=149.165.156.46
+; saver-x ansible_host=149.165.156.46
+; pfec-hydro ansible_host=149.165.156.46
+; cyberwater ansible_host=149.165.156.46
+; mines ansible_host=149.165.156.46
+; amp ansible_host=149.165.170.199
+geo ansible_host=web.dev.scigap.org ansible_user=exouser
+; delta ansible_host=149.165.169.250
+; custos-testdrive ansible_host=pgadev.scigap.org
+rnamake ansible_host=web.dev.scigap.org ansible_user=exouser