You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airavata.apache.org by ma...@apache.org on 2020/01/15 20:39:03 UTC
[airavata] branch master updated (739c1d8 -> 2aa1e53)
This is an automated email from the ASF dual-hosted git repository.
machristie pushed a change to branch master
in repository https://gitbox.apache.org/repos/asf/airavata.git.
from 739c1d8 Ansible: comment out external auth in cgpe
new cea84c3 Ansible: disable tus uploads on delta
new 2aa1e53 Ansible: move simccs to dedicated vm
The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
.../scigap/production/host_vars/delta/vars.yml | 1 +
.../newsimccs/files/django-ssl-vhost.conf.j2 | 82 ----------------------
.../scigap/production/host_vars/newsimccs/vars.yml | 70 ------------------
.../production/host_vars/newsimccs/vault.yml | 15 ----
.../scigap/production/host_vars/simccs/vars.yml | 15 ++--
.../ansible/inventories/scigap/production/hosts | 3 +-
6 files changed, 13 insertions(+), 173 deletions(-)
delete mode 100644 dev-tools/ansible/inventories/scigap/production/host_vars/newsimccs/files/django-ssl-vhost.conf.j2
delete mode 100644 dev-tools/ansible/inventories/scigap/production/host_vars/newsimccs/vars.yml
delete mode 100644 dev-tools/ansible/inventories/scigap/production/host_vars/newsimccs/vault.yml
[airavata] 02/02: Ansible: move simccs to dedicated vm
Posted by ma...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
machristie pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/airavata.git
commit 2aa1e53c5a171b9be40c9abf8332c6463eb65c49
Author: Marcus Christie <ma...@apache.org>
AuthorDate: Wed Jan 15 15:38:40 2020 -0500
Ansible: move simccs to dedicated vm
---
.../newsimccs/files/django-ssl-vhost.conf.j2 | 82 ----------------------
.../scigap/production/host_vars/newsimccs/vars.yml | 70 ------------------
.../production/host_vars/newsimccs/vault.yml | 15 ----
.../scigap/production/host_vars/simccs/vars.yml | 15 ++--
.../ansible/inventories/scigap/production/hosts | 3 +-
5 files changed, 12 insertions(+), 173 deletions(-)
diff --git a/dev-tools/ansible/inventories/scigap/production/host_vars/newsimccs/files/django-ssl-vhost.conf.j2 b/dev-tools/ansible/inventories/scigap/production/host_vars/newsimccs/files/django-ssl-vhost.conf.j2
deleted file mode 100644
index b6be6da..0000000
--- a/dev-tools/ansible/inventories/scigap/production/host_vars/newsimccs/files/django-ssl-vhost.conf.j2
+++ /dev/null
@@ -1,82 +0,0 @@
-{#
-#
-#
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-#
-#}
-
-{% if vhost_server_redirect is defined %}
-<VirtualHost *:{{httpd_default_http_port}}>
- ServerName {{ vhost_server_redirect }}
- Redirect "/" "https://{{ vhost_servername }}"
-</VirtualHost>
-{% endif %}
-
-<VirtualHost *:{{ httpd_default_http_port }}>
- ServerName {{ vhost_servername }}
-
- ## Redirect all http traffic to https
- RewriteEngine On
- RewriteCond %{HTTPS} off
- RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
-</VirtualHost>
-
-<VirtualHost *:{{ httpd_default_https_port }}>
- ServerName {{ vhost_servername }}
-
- # Reverse proxy to geoserver on gf8
- ProxyPass /geoserver "http://gf8.ucs.indiana.edu/geoserver"
- ProxyPassReverse /geoserver "http://gf8.ucs.indiana.edu/geoserver"
-
- Alias /robots.txt {{ doc_root_dir }}/static/robots.txt
- Alias /favicon.ico {{ doc_root_dir }}/static/favicon.ico
-
- Alias /static/ {{ doc_root_dir }}/static/
-
- <Directory {{ doc_root_dir }}/static>
- Require all granted
- AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/javascript
- </Directory>
-
- Alias /media/ {{ airavata_django_checkout }}/django_airavata/media/
-
- <Directory {{ airavata_django_checkout }}/django_airavata/media>
- Require all granted
- </Directory>
-
- WSGIDaemonProcess {{ vhost_servername }} display-name=%{GROUP} python-home={{ doc_root_dir }}/venv python-path={{ doc_root_dir }}/airavata-django-portal processes={{ django_wsgi_processes }} user={{ user }} group={{ group }}
- WSGIProcessGroup {{ vhost_servername }}
-
- WSGIScriptAlias / {{ doc_root_dir }}/airavata-django-portal/django_airavata/wsgi.py
-
- <Directory {{ doc_root_dir }}/airavata-django-portal/django_airavata>
- <Files wsgi.py>
- Require all granted
- </Files>
- </Directory>
-
- ErrorLog {{ httpd_log_dir[ansible_os_family] }}/django-{{ gateway_id }}.error.log
- CustomLog {{ httpd_log_dir[ansible_os_family] }}/django-{{ gateway_id }}.requests.log combined
-
- SSLEngine on
- # Disable SSLv3 which is vulnerable to the POODLE attack
- SSLProtocol All -SSLv2 -SSLv3
- SSLCertificateFile {{ ssl_certificate_file }}
- SSLCertificateChainFile {{ ssl_certificate_chain_file }}
- SSLCertificateKeyFile {{ ssl_certificate_key_file }}
-</VirtualHost>
diff --git a/dev-tools/ansible/inventories/scigap/production/host_vars/newsimccs/vars.yml b/dev-tools/ansible/inventories/scigap/production/host_vars/newsimccs/vars.yml
deleted file mode 100644
index fae82fb..0000000
--- a/dev-tools/ansible/inventories/scigap/production/host_vars/newsimccs/vars.yml
+++ /dev/null
@@ -1,70 +0,0 @@
-#
-#
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-#
-
----
-
-# NOTE: simccs is deployed on scigap11
-gateway_data_store_hostname: "scigap11.sciencegateways.iu.edu"
-gateway_data_store_resource_id: "scigap11.sciencegateways.iu.edu_96b8dcec-ac84-438a-9927-91baaf87758b"
-
-django_tus_endpoint: "https://tus.simccs.scigap.org/files/"
-
-airavata_django_extra_dependencies:
- # Need to separately install cython in the VM or do two deploys, one with
- # just cython, then a second with the other dependencies. Reason: pyjnius
- # requires that cython already be installed and they can't both be installed
- # at the same time.
- - cython
- - git+https://github.com/SciGaP/simccs-maptool.git#egg=simccs-maptool
- - pyjnius
-
-django_extra_settings:
- JAVA_HOME: "/usr/java/default"
- MAPTOOL_SETTINGS:
- CPLEX_APPLICATION_ID: "cplex-solver_99721933-c9e4-4285-9ef1-d035ca82b541"
- DATASETS_DIR: "/data/gateway-user-data/simccs-datasets"
-
-vhost_servername: "simccs.scigap.org"
-vhost_ssl: true
-ssl_certificate_file: "/etc/letsencrypt/live/simccs.scigap.org/cert.pem"
-ssl_certificate_chain_file: "/etc/letsencrypt/live/simccs.scigap.org/fullchain.pem"
-ssl_certificate_key_file: "/etc/letsencrypt/live/simccs.scigap.org/privkey.pem"
-
-## Keycloak related variables
-tenant_domain: "iu-geology-survey"
-oauth_client_key: "{{ vault_oauth_client_key }}"
-oauth_client_secret: "{{ vault_oauth_client_secret }}"
-
-auth_options:
- password:
- name: "SimCCS"
- external:
- - name: "existing institution credentials"
- idp_alias: "cilogon"
- logo: "images/cilogon-logo-24x24-b.png"
-
-gateway_id: "iu-geology-survey"
-experiment_data_dir: "{{ user_data_dir }}/iu-geology-survey"
-gateway_data_store_ssh_public_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDEuA1indjdczBXg2qrmD0bB0QfKq0u2q3o25DegTaty5LoogW+APEvXmwc2g6PzkM75MgfMsTErMQaQ3/PoElADQKg2/NePz05YWobn9zrPZFeRWfOqWMjFDx72cffHKBzgnahFDBlR/YJhf4IZJ+EOA1zMiMF2oZQmEYQtbQFhbKPF+jrScEQeuXVuXWSS2sKNAVKj3pY4kmi9kEOYELee/O6ghBUfrVhB95vDKJPgmQSuo3pgkLRdflTBSAQ54UchwjXi2RA9Xv0RXJF/JyyRGn6bSbRxYhsm5RJeiBVj4ua7p2b36rSYVqtVsTKEonx5kYdKzwyjJXWpjB2KtQp"
-
-admin_emails: "[('SGRC', 'sgrc-iu-group@iu.edu'), ('Kevin Ellett', 'kmellett@indiana.edu'),('Ryan Kammer', 'rkammer@indiana.edu'), ('Eroma Abeysinghe', 'eabeysin@iu.edu')]"
-portal_title: "SimCCS Portal"
-
-...
diff --git a/dev-tools/ansible/inventories/scigap/production/host_vars/newsimccs/vault.yml b/dev-tools/ansible/inventories/scigap/production/host_vars/newsimccs/vault.yml
deleted file mode 100644
index 7de5f3c..0000000
--- a/dev-tools/ansible/inventories/scigap/production/host_vars/newsimccs/vault.yml
+++ /dev/null
@@ -1,15 +0,0 @@
-$ANSIBLE_VAULT;1.1;AES256
-32303938663931376464373435373336356365613066333233363261633334333266633064633730
-3937316131366235636466623763333833326635376433630a613563623734333362333332346630
-34666338323132333037643337353962313165663762376462383962313537306662313665363063
-3337376331373535650a333936393135333364613764656362353731613135623363333330343031
-33343063333134393166393666336562646135333930346237316264333263363232653464353938
-31613062653563326564613237666338346564626136666362653463396435386565633537383363
-37306463663131333032663763383334373232316266343165636632336365353665313331393336
-62323262333633653930626536313839333562653062653834333163633833386131303332333031
-37303831376265313034373134666538333333656438306134653464306433326232356133353832
-65383062653265333966326631393666303032353937343835663636646439633738613266393430
-30363566383538373363653765326239393535373663616661393164373031356230356165386338
-37353261343463363635353131366232393532383930373734623036613234396531386538343834
-30353333653837346530376664373661363434373232396132666339313931323732666661373064
-3634393163613436326430353838363561633639353535633538
diff --git a/dev-tools/ansible/inventories/scigap/production/host_vars/simccs/vars.yml b/dev-tools/ansible/inventories/scigap/production/host_vars/simccs/vars.yml
index 7cfb011..fae82fb 100644
--- a/dev-tools/ansible/inventories/scigap/production/host_vars/simccs/vars.yml
+++ b/dev-tools/ansible/inventories/scigap/production/host_vars/simccs/vars.yml
@@ -19,6 +19,13 @@
#
---
+
+# NOTE: simccs is deployed on scigap11
+gateway_data_store_hostname: "scigap11.sciencegateways.iu.edu"
+gateway_data_store_resource_id: "scigap11.sciencegateways.iu.edu_96b8dcec-ac84-438a-9927-91baaf87758b"
+
+django_tus_endpoint: "https://tus.simccs.scigap.org/files/"
+
airavata_django_extra_dependencies:
# Need to separately install cython in the VM or do two deploys, one with
# just cython, then a second with the other dependencies. Reason: pyjnius
@@ -34,11 +41,11 @@ django_extra_settings:
CPLEX_APPLICATION_ID: "cplex-solver_99721933-c9e4-4285-9ef1-d035ca82b541"
DATASETS_DIR: "/data/gateway-user-data/simccs-datasets"
-vhost_servername: "simccs.org"
+vhost_servername: "simccs.scigap.org"
vhost_ssl: true
-ssl_certificate_file: "/etc/letsencrypt/live/simccs.org/cert.pem"
-ssl_certificate_chain_file: "/etc/letsencrypt/live/simccs.org/fullchain.pem"
-ssl_certificate_key_file: "/etc/letsencrypt/live/simccs.org/privkey.pem"
+ssl_certificate_file: "/etc/letsencrypt/live/simccs.scigap.org/cert.pem"
+ssl_certificate_chain_file: "/etc/letsencrypt/live/simccs.scigap.org/fullchain.pem"
+ssl_certificate_key_file: "/etc/letsencrypt/live/simccs.scigap.org/privkey.pem"
## Keycloak related variables
tenant_domain: "iu-geology-survey"
diff --git a/dev-tools/ansible/inventories/scigap/production/hosts b/dev-tools/ansible/inventories/scigap/production/hosts
index 6536e6e..c423963 100644
--- a/dev-tools/ansible/inventories/scigap/production/hosts
+++ b/dev-tools/ansible/inventories/scigap/production/hosts
@@ -48,7 +48,6 @@ saverx ansible_host=156.56.104.84
sdstate ansible_host=156.56.104.84
seagrid ansible_host=156.56.104.84
searchsra ansible_host=156.56.104.84
-simccs ansible_host=156.56.104.84
simvascular ansible_host=156.56.104.84
snowvision ansible_host=156.56.104.84
southdakota ansible_host=156.56.104.84
@@ -68,4 +67,4 @@ futurewater ansible_host=149.165.171.92 ansible_user=centos
delta ansible_host=149.165.169.250 ansible_user=centos
# simccs server
-newsimccs ansible_host=scigap11.sciencegateways.iu.edu ansible_user=root
+simccs ansible_host=scigap11.sciencegateways.iu.edu ansible_user=root
[airavata] 01/02: Ansible: disable tus uploads on delta
Posted by ma...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
machristie pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/airavata.git
commit cea84c382508a6f1f561f7dd07fcc6f2c56afc6f
Author: Marcus Christie <ma...@apache.org>
AuthorDate: Wed Jan 15 15:37:31 2020 -0500
Ansible: disable tus uploads on delta
---
dev-tools/ansible/inventories/scigap/production/host_vars/delta/vars.yml | 1 +
1 file changed, 1 insertion(+)
diff --git a/dev-tools/ansible/inventories/scigap/production/host_vars/delta/vars.yml b/dev-tools/ansible/inventories/scigap/production/host_vars/delta/vars.yml
index b9559fc..eaa1382 100644
--- a/dev-tools/ansible/inventories/scigap/production/host_vars/delta/vars.yml
+++ b/dev-tools/ansible/inventories/scigap/production/host_vars/delta/vars.yml
@@ -25,6 +25,7 @@
gateway_data_store_hostname: "delta-topology.org"
gateway_data_store_resource_id: "delta-topology.jetstream-cloud.org_61fe21d4-07ea-41fc-9f2e-104bc3061318"
#django_tus_endpoint: "https://tus.scigap.org/files/" this requires manual installation steps outside of Ansible.
+django_tus_endpoint:
vhost_servername: "delta-topology.org"
vhost_ssl: True