You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airavata.apache.org by ma...@apache.org on 2020/09/18 18:06:03 UTC
[airavata] branch master updated (29e0ac9 -> 181834e)
This is an automated email from the ASF dual-hosted git repository.
machristie pushed a change to branch master
in repository https://gitbox.apache.org/repos/asf/airavata.git.
from 29e0ac9 Merge pull request #262 from apache:AIRAVATA-3368-ansible-create-django-database-as-part-of-django-
new 32318dc Ansible: rename, keep old simvascular deploy until migration is complete
new b40a934 Ansible: enable Django deploy on Ubuntu 18
new 05b734d Ansible: PGA deploy on Ubuntu 18
new aef45ae Ansible: fix default DocumentRoot on Ubuntu 18
new 0476158 Ansible: for PGA, enable php5.6 module on Ubuntu 18
new 5aa09d0 Ansible: configure django db backend
new 7724d22 Ansible: simvascular.stanford.edu deployment
new 24bd94c Ansible: simvascular tus endpoint
new 181834e Ansible: deploy Django portal to simvascular server with its own local database
The 9 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
dev-tools/ansible/django.yml | 2 +-
.../production/host_vars/simvascular/vars.yml | 23 ++++--
.../production/host_vars/simvascular/vault.yml | 31 ++++----
.../{simvascular => simvascular_old}/vars.yml | 1 +
.../{simvascular => simvascular_old}/vault.yml | 0
.../ansible/inventories/scigap/production/hosts | 6 +-
.../production/pga_config/simvascular/vars.yml | 14 ++--
dev-tools/ansible/pga-single-vhost.yml | 1 +
dev-tools/ansible/pga.yml | 1 +
dev-tools/ansible/roles/django/defaults/main.yml | 6 +-
dev-tools/ansible/roles/django/tasks/database.yml | 10 +++
dev-tools/ansible/roles/django/tasks/main.yml | 7 ++
.../roles/django/templates/settings_local.py.j2 | 2 +
.../tasks/{main.yml => install_deps_CentOS_7.yml} | 5 +-
.../tasks/install_deps_Ubuntu_18.yml} | 21 +++---
.../ansible/roles/django_setup/tasks/main.yml | 87 +---------------------
dev-tools/ansible/roles/env_setup/tasks/main.yml | 13 ++++
dev-tools/ansible/roles/httpd/defaults/main.yml | 3 +
.../roles/httpd/tasks/install_deps_Ubuntu_16.yml | 7 --
...eps_CentOS_7.yml => install_deps_Ubuntu_18.yml} | 21 ++++--
dev-tools/ansible/roles/httpd/tasks/main.yml | 41 ++++++++++
.../ansible/roles/httpd/templates/default.conf.j2 | 4 +-
dev-tools/ansible/roles/letsencrypt/tasks/main.yml | 20 +++++
...ps_Ubuntu_14.yml => install_deps_Ubuntu_18.yml} | 59 ++++++---------
dev-tools/ansible/roles/pga/tasks/main.yml | 30 +-------
25 files changed, 208 insertions(+), 207 deletions(-)
copy dev-tools/ansible/inventories/scigap/production/host_vars/{simvascular => simvascular_old}/vars.yml (98%)
copy dev-tools/ansible/inventories/scigap/production/host_vars/{simvascular => simvascular_old}/vault.yml (100%)
copy dev-tools/ansible/roles/django_setup/tasks/{main.yml => install_deps_CentOS_7.yml} (97%)
copy dev-tools/ansible/roles/{httpd/tasks/install_deps_CentOS_7.yml => django_setup/tasks/install_deps_Ubuntu_18.yml} (69%)
copy dev-tools/ansible/roles/httpd/tasks/{install_deps_CentOS_7.yml => install_deps_Ubuntu_18.yml} (75%)
copy dev-tools/ansible/roles/pga/tasks/{install_deps_Ubuntu_14.yml => install_deps_Ubuntu_18.yml} (58%)
[airavata] 08/09: Ansible: simvascular tus endpoint
Posted by ma...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
machristie pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/airavata.git
commit 24bd94c7325ea48e65e7dfa1fd5f9a384e4ba86c
Author: Marcus Christie <ma...@apache.org>
AuthorDate: Wed Mar 25 13:44:43 2020 -0400
Ansible: simvascular tus endpoint
---
.../inventories/scigap/production/host_vars/simvascular/vars.yml | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/dev-tools/ansible/inventories/scigap/production/host_vars/simvascular/vars.yml b/dev-tools/ansible/inventories/scigap/production/host_vars/simvascular/vars.yml
index f52dda6..f1896f0 100644
--- a/dev-tools/ansible/inventories/scigap/production/host_vars/simvascular/vars.yml
+++ b/dev-tools/ansible/inventories/scigap/production/host_vars/simvascular/vars.yml
@@ -22,8 +22,7 @@
# Simvascular is deployed on its own server at simvascular.stanford.edu
-# TODO: install and enable tus endpoint
-django_tus_endpoint:
+django_tus_endpoint: "https://tus.simvascular.scigap.org/files/"
# configure user_data_dir and real_user_data_dir
user_data_dir: "/var/www/portals/gateway-user-data"
real_user_data_dir: "/home/www-shared/gateway-user-data"
[airavata] 05/09: Ansible: for PGA,
enable php5.6 module on Ubuntu 18
Posted by ma...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
machristie pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/airavata.git
commit 0476158b68b4a26fcccdf4c2533433cfc99d972f
Author: Marcus Christie <ma...@apache.org>
AuthorDate: Fri Mar 13 17:53:11 2020 -0400
Ansible: for PGA, enable php5.6 module on Ubuntu 18
---
dev-tools/ansible/roles/pga/tasks/install_deps_Ubuntu_18.yml | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/dev-tools/ansible/roles/pga/tasks/install_deps_Ubuntu_18.yml b/dev-tools/ansible/roles/pga/tasks/install_deps_Ubuntu_18.yml
index cf14489..3750d01 100644
--- a/dev-tools/ansible/roles/pga/tasks/install_deps_Ubuntu_18.yml
+++ b/dev-tools/ansible/roles/pga/tasks/install_deps_Ubuntu_18.yml
@@ -43,6 +43,12 @@
path: /usr/bin/php5.6
become: yes
+- name: enable apache rewrite
+ command: a2enmod {{ item }}
+ with_items:
+ - php5.6
+ become: yes
+
# this just creates symlinks in /etc/php5/{apache2,cli}/conf.d/20-mcryp.ini to /etc/php5/modules-avail/mcrypt.ini
- name: enable mcrypt
command: phpenmod mcrypt
[airavata] 06/09: Ansible: configure django db backend
Posted by ma...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
machristie pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/airavata.git
commit 5aa09d0dad852589e875b5a112e9a2c507a27560
Author: Marcus Christie <ma...@apache.org>
AuthorDate: Fri Mar 20 15:19:57 2020 -0400
Ansible: configure django db backend
---
dev-tools/ansible/roles/django/defaults/main.yml | 1 +
dev-tools/ansible/roles/django/templates/settings_local.py.j2 | 2 ++
2 files changed, 3 insertions(+)
diff --git a/dev-tools/ansible/roles/django/defaults/main.yml b/dev-tools/ansible/roles/django/defaults/main.yml
index dc55fab..6dc25e8 100644
--- a/dev-tools/ansible/roles/django/defaults/main.yml
+++ b/dev-tools/ansible/roles/django/defaults/main.yml
@@ -44,6 +44,7 @@ django_ssl_vhost_template: "django-ssl-vhost.conf.j2"
django_settings_local_template: "settings_local.py.j2"
django_extra_settings: {}
django_database_name: "django_{{ gateway_id }}"
+django_database_backend: "mysql"
django_hidden_airavata_apps: "[]"
django_tus_data_dir: "{{user_data_dir}}/tus-temp-dir"
django_file_upload_max_file_size_mb: 64
diff --git a/dev-tools/ansible/roles/django/templates/settings_local.py.j2 b/dev-tools/ansible/roles/django/templates/settings_local.py.j2
index bffcd8d..90e5bda 100644
--- a/dev-tools/ansible/roles/django/templates/settings_local.py.j2
+++ b/dev-tools/ansible/roles/django/templates/settings_local.py.j2
@@ -38,6 +38,7 @@ DEBUG = {{ django_debug | ternary("True", "False") }}
STATIC_ROOT = "{{ doc_root_dir }}/static/"
ALLOWED_HOSTS = ['{{ vhost_servername }}']
+{% if django_database_backend == "mysql" %}
DATABASES = {
'default': {
'ENGINE': 'django.db.backends.mysql',
@@ -50,6 +51,7 @@ DATABASES = {
'init_command': 'SET default_storage_engine=INNODB,collation_connection=utf8_bin',
}
}
+{% endif %}
# Django - Email settings
# Uncomment and specify the following for sending emails (default email backend
[airavata] 07/09: Ansible: simvascular.stanford.edu deployment
Posted by ma...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
machristie pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/airavata.git
commit 7724d22070ba4787ba1865d7f69af1c857fc5d25
Author: Marcus Christie <ma...@apache.org>
AuthorDate: Fri Mar 20 15:45:24 2020 -0400
Ansible: simvascular.stanford.edu deployment
---
.../production/host_vars/simvascular/vars.yml | 22 ++++++++++++++++++----
.../ansible/inventories/scigap/production/hosts | 6 +++++-
.../production/pga_config/simvascular/vars.yml | 14 ++++++++------
3 files changed, 31 insertions(+), 11 deletions(-)
diff --git a/dev-tools/ansible/inventories/scigap/production/host_vars/simvascular/vars.yml b/dev-tools/ansible/inventories/scigap/production/host_vars/simvascular/vars.yml
index 70e2c91..f52dda6 100644
--- a/dev-tools/ansible/inventories/scigap/production/host_vars/simvascular/vars.yml
+++ b/dev-tools/ansible/inventories/scigap/production/host_vars/simvascular/vars.yml
@@ -19,11 +19,23 @@
#
---
-vhost_servername: "django.simvascular.scigap.org"
+
+# Simvascular is deployed on its own server at simvascular.stanford.edu
+
+# TODO: install and enable tus endpoint
+django_tus_endpoint:
+# configure user_data_dir and real_user_data_dir
+user_data_dir: "/var/www/portals/gateway-user-data"
+real_user_data_dir: "/home/www-shared/gateway-user-data"
+# TODO: until we can fix the networking issue between simvascular.stanford.edu
+# and scigap01, we'll just use a sqlite database
+django_database_backend: "sqlite3"
+
+vhost_servername: "new.django.simvascular.scigap.org"
vhost_ssl: True
-ssl_certificate_file: "/etc/letsencrypt/live/django.simvascular.scigap.org/cert.pem"
-ssl_certificate_chain_file: "/etc/letsencrypt/live/django.simvascular.scigap.org/fullchain.pem"
-ssl_certificate_key_file: "/etc/letsencrypt/live/django.simvascular.scigap.org/privkey.pem"
+ssl_certificate_file: "/etc/letsencrypt/live/{{ vhost_servername }}/cert.pem"
+ssl_certificate_chain_file: "/etc/letsencrypt/live/{{ vhost_servername }}/fullchain.pem"
+ssl_certificate_key_file: "/etc/letsencrypt/live/{{ vhost_servername }}/privkey.pem"
django_file_upload_max_file_size_mb: 2000
django_pga_url: "https://gateway.simvascular.org"
@@ -43,6 +55,8 @@ auth_options:
gateway_id: "simvascular"
experiment_data_dir: "{{ user_data_dir }}/simvascular"
+gateway_data_store_hostname: "simvascular.stanford.edu"
+gateway_data_store_resource_id: "simvascular.stanford.edu_758fc879-e037-4a10-980f-3566ac7cab1b"
gateway_data_store_ssh_public_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCNdivlUyLh11poF2vufwa8pCjVY0/fkvym9qdpEeu6nS55CVZe5VXqA1NZ+IwVDabAFwoLrUvaWt7eE8POEZNiBgtonZ21x6KIK5/HilSM6jHds1u6NY436AiHqmcybO/u+NkUI8gUjWTbs4S/i/2WfvAHZc3dbcCHls3QgG55TqOdNnh2pjFLSA1wu0d1qRnrPwnje/yC4GD+3XU1HPLHb9FXLHO4umswKq8sDk2lOIN7u08pCF8Y+BPYfmEdvY8oFwdVsj3OoA3fWEE42xTjb3g65X2oCbhco1g1ya0cfJMgSUbHCcOc2D//rXD+L4/z0/A2VCiEFJtTllrws609"
admin_emails: "[('CIRC', 'circ-iu-group@iu.edu'), ('Alison Marsden', 'amarsden@stanford.edu'), ('Nathan Wilson', 'nwilson@osmsc.com'), ('Eroma Abeysinghe', 'eabeysin@iu.edu'), ('Martin Pfaller','pfaller@stanford.edu'), ('Weiguang Yang','wgyang@stanford.edu'), ('David W. Parker','davep@stanford.edu')]"
diff --git a/dev-tools/ansible/inventories/scigap/production/hosts b/dev-tools/ansible/inventories/scigap/production/hosts
index f93c6ac..0f1fe30 100644
--- a/dev-tools/ansible/inventories/scigap/production/hosts
+++ b/dev-tools/ansible/inventories/scigap/production/hosts
@@ -48,7 +48,6 @@ saverx ansible_host=156.56.104.84
sdstate ansible_host=156.56.104.84
seagrid ansible_host=156.56.104.84
searchsra ansible_host=156.56.104.84
-simvascular_old ansible_host=156.56.104.84
snowvision ansible_host=156.56.104.84
southdakota ansible_host=156.56.104.84
testdrive ansible_host=156.56.104.84
@@ -79,3 +78,8 @@ tutorial ansible_host=149.165.168.166 ansible_user=centos
# simccs server
simccs ansible_host=scigap11.sciencegateways.iu.edu ansible_user=root
+
+# simvascular server
+simvascular ansible_host=simvascular.stanford.edu ansible_user=gateway
+# we can remove this once the migration is complete
+simvascular_old ansible_host=156.56.104.84
diff --git a/dev-tools/ansible/inventories/scigap/production/pga_config/simvascular/vars.yml b/dev-tools/ansible/inventories/scigap/production/pga_config/simvascular/vars.yml
index cb286e7..a0878f9 100644
--- a/dev-tools/ansible/inventories/scigap/production/pga_config/simvascular/vars.yml
+++ b/dev-tools/ansible/inventories/scigap/production/pga_config/simvascular/vars.yml
@@ -19,16 +19,18 @@
#
---
+# Simvascular is deployed on its own server at simvascular.stanford.edu
+
pga_repo: "https://github.com/apache/airavata-php-gateway.git"
user: "pga"
group: "pga"
doc_root_dir: "/var/www/portals/simvascular"
-vhost_servername: "gateway.simvascular.org"
+vhost_servername: "pga.simvascular.scigap.org"
vhost_ssl: True
# TODO: have Ansible manage these files as well
-ssl_certificate_file: "/etc/letsencrypt/live/gateway.simvascular.org/cert.pem"
-ssl_certificate_chain_file: "/etc/letsencrypt/live/gateway.simvascular.org/fullchain.pem"
-ssl_certificate_key_file: "/etc/letsencrypt/live/gateway.simvascular.org/privkey.pem"
+ssl_certificate_file: "/etc/letsencrypt/live/{{ vhost_servername }}/cert.pem"
+ssl_certificate_chain_file: "/etc/letsencrypt/live/{{ vhost_servername }}/fullchain.pem"
+ssl_certificate_key_file: "/etc/letsencrypt/live/{{ vhost_servername }}/privkey.pem"
php_upload_max_filesize: "300M"
php_post_max_size: "2000M"
@@ -56,8 +58,8 @@ oauth_callback_url: "https://{{ vhost_servername }}/callback-url"
gateway_id: "simvascular"
# relative to document root dir
experiment_data_dir: "{{ user_data_dir }}/simvascular"
-gateway_data_store_resource_id: "gf4.ucs.indiana.edu_61552681-96f0-462a-a36c-a62a010bffc6"
-gateway_data_store_ssh_public_key: ""
+gateway_data_store_resource_id: "simvascular.stanford.edu_758fc879-e037-4a10-980f-3566ac7cab1b"
+gateway_data_store_ssh_public_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCNdivlUyLh11poF2vufwa8pCjVY0/fkvym9qdpEeu6nS55CVZe5VXqA1NZ+IwVDabAFwoLrUvaWt7eE8POEZNiBgtonZ21x6KIK5/HilSM6jHds1u6NY436AiHqmcybO/u+NkUI8gUjWTbs4S/i/2WfvAHZc3dbcCHls3QgG55TqOdNnh2pjFLSA1wu0d1qRnrPwnje/yC4GD+3XU1HPLHb9FXLHO4umswKq8sDk2lOIN7u08pCF8Y+BPYfmEdvY8oFwdVsj3OoA3fWEE42xTjb3g65X2oCbhco1g1ya0cfJMgSUbHCcOc2D//rXD+L4/z0/A2VCiEFJtTllrws609"
group_resource_profile_id: "6359d7f5-be13-4548-9762-943c1cc1a6f2"
## Portal related variables
[airavata] 03/09: Ansible: PGA deploy on Ubuntu 18
Posted by ma...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
machristie pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/airavata.git
commit 05b734d34bfd2c06af989451ee7a2113730d1134
Author: Marcus Christie <ma...@apache.org>
AuthorDate: Thu Mar 12 20:13:52 2020 -0400
Ansible: PGA deploy on Ubuntu 18
---
dev-tools/ansible/pga-single-vhost.yml | 1 +
dev-tools/ansible/pga.yml | 1 +
dev-tools/ansible/roles/django/defaults/main.yml | 5 ++-
dev-tools/ansible/roles/django/tasks/main.yml | 2 +-
.../pga/tasks/install_deps_Ubuntu_18.yml} | 43 ++++++++++++++--------
dev-tools/ansible/roles/pga/tasks/main.yml | 30 ++-------------
6 files changed, 36 insertions(+), 46 deletions(-)
diff --git a/dev-tools/ansible/pga-single-vhost.yml b/dev-tools/ansible/pga-single-vhost.yml
index cb0d2c1..7c24198 100644
--- a/dev-tools/ansible/pga-single-vhost.yml
+++ b/dev-tools/ansible/pga-single-vhost.yml
@@ -32,6 +32,7 @@
- "{{ vars_dir }}/vault.yml"
roles:
- env_setup
+ - httpd
- letsencrypt
- pga
diff --git a/dev-tools/ansible/pga.yml b/dev-tools/ansible/pga.yml
index d86f82e..16e3c64 100644
--- a/dev-tools/ansible/pga.yml
+++ b/dev-tools/ansible/pga.yml
@@ -23,6 +23,7 @@
tags: pga
roles:
- env_setup
+ - httpd
- letsencrypt
- pga
diff --git a/dev-tools/ansible/roles/django/defaults/main.yml b/dev-tools/ansible/roles/django/defaults/main.yml
index 90a6237..dc55fab 100644
--- a/dev-tools/ansible/roles/django/defaults/main.yml
+++ b/dev-tools/ansible/roles/django/defaults/main.yml
@@ -28,9 +28,10 @@ vhost_servername: "{{ groups['django'][0] }}"
vhost_ssl: False
vhost_aliases: []
vhost_timeout: 60
+django_vhost_conf_name: "django-{{ gateway_id }}"
httpd_confd_file_location:
- RedHat: "/etc/httpd/conf.d/django-{{ gateway_id }}.conf"
- Debian: "/etc/apache2/sites-available/django-{{ gateway_id }}.conf"
+ RedHat: "/etc/httpd/conf.d/{{ django_vhost_conf_name }}.conf"
+ Debian: "/etc/apache2/sites-available/{{ django_vhost_conf_name }}.conf"
httpd_name:
Debian: apache2
RedHat: httpd
diff --git a/dev-tools/ansible/roles/django/tasks/main.yml b/dev-tools/ansible/roles/django/tasks/main.yml
index 13d449b..c819c14 100644
--- a/dev-tools/ansible/roles/django/tasks/main.yml
+++ b/dev-tools/ansible/roles/django/tasks/main.yml
@@ -271,7 +271,7 @@
when: vhost_ssl
- name: Enable site in Apache (Debian)
- command: a2ensite django-{{ gateway_id }}
+ command: a2ensite {{ django_vhost_conf_name }}
become: yes
notify:
- restart httpd
diff --git a/dev-tools/ansible/pga-single-vhost.yml b/dev-tools/ansible/roles/pga/tasks/install_deps_Ubuntu_18.yml
similarity index 56%
copy from dev-tools/ansible/pga-single-vhost.yml
copy to dev-tools/ansible/roles/pga/tasks/install_deps_Ubuntu_18.yml
index cb0d2c1..cf14489 100644
--- a/dev-tools/ansible/pga-single-vhost.yml
+++ b/dev-tools/ansible/roles/pga/tasks/install_deps_Ubuntu_18.yml
@@ -18,21 +18,32 @@
# under the License.
#
-# This playbook is meant to be included and can be used to
-# deploy multiple PGA instances onto the same host by using
-# virtual hosting. Turns out in Ansible you can't setup these
-# different PGA instances as different groups on the same host.
-# The group_vars for each PGA instance will overwrite each other.
-# See https://github.com/ansible/ansible/issues/9065 for more info.
---
-- hosts: pga
- name: Create/update pga for gateway {{ gateway_id }}
- vars_files:
- - "{{ vars_dir }}/vars.yml"
- - "{{ vars_dir }}/vault.yml"
- roles:
- - env_setup
- - letsencrypt
- - pga
-...
+- name: Add the PHP PPA Ubuntu archive
+ apt_repository:
+ repo: ppa:ondrej/php
+ become: yes
+
+- name: Install prerequisites
+ apt: name="{{ item }}" state=latest update_cache=yes
+ with_items:
+ - libapache2-mod-php5.6
+ - php5.6
+ - php5.6-curl
+ - php5.6-soap
+ - php5.6-mysql
+ - php5.6-mcrypt
+ - composer
+ become: yes
+
+- name: Set php version
+ alternatives:
+ name: php
+ path: /usr/bin/php5.6
+ become: yes
+
+# this just creates symlinks in /etc/php5/{apache2,cli}/conf.d/20-mcryp.ini to /etc/php5/modules-avail/mcrypt.ini
+- name: enable mcrypt
+ command: phpenmod mcrypt
+ become: yes
diff --git a/dev-tools/ansible/roles/pga/tasks/main.yml b/dev-tools/ansible/roles/pga/tasks/main.yml
index 72f5d67..25c3dfa 100644
--- a/dev-tools/ansible/roles/pga/tasks/main.yml
+++ b/dev-tools/ansible/roles/pga/tasks/main.yml
@@ -129,13 +129,6 @@
become: yes
when: ansible_os_family == "RedHat"
-- name: Enable https and http service on public zone
- firewalld: service="{{ item }}" permanent=true state=enabled zone=public immediate=True
- with_items:
- - http
- - https
- become: yes
-
- name: copy virtual host config file
template: src={{ pga_vhost_template }} dest={{ httpd_confd_file_location[ansible_os_family] }} backup=yes
become: yes
@@ -150,19 +143,12 @@
- restart httpd
when: vhost_ssl
-- name: copy default virtual host file
- template: src={{ pga_default_conf_template }} dest={{ default_conf_file_location[ansible_os_family] }} backup=yes
+- name: Enable site in Apache (Debian)
+ command: a2ensite pga-{{ gateway_id }}
become: yes
notify:
- restart httpd
-
-- name: copy modified ssl.conf file
- template: src={{ pga_ssl_conf_template }} dest={{ ssl_conf_file_location[ansible_os_family] }} backup=yes
- become: yes
- notify:
- - restart httpd
- # TODO: make the same fix (disabling SSLv3) on Debian systems too
- when: ansible_os_family == "RedHat"
+ when: ansible_os_family == "Debian"
- name: copy pga user's SSH key for the gateway data store
authorized_key:
@@ -170,13 +156,3 @@
key: "{{ gateway_data_store_ssh_public_key }}"
become: yes
when: gateway_data_store_ssh_public_key != ""
-
-- name: open firewall port {{ pga_default_http_port }}
- firewalld: port="{{ pga_default_http_port }}/tcp"
- zone=public permanent=true state=enabled immediate=yes
- become: yes
-
-- name: open firewall port {{ pga_default_https_port }}
- firewalld: port="{{ pga_default_https_port }}/tcp"
- zone=public permanent=true state=enabled immediate=yes
- become: yes
[airavata] 01/09: Ansible: rename,
keep old simvascular deploy until migration is complete
Posted by ma...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
machristie pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/airavata.git
commit 32318dc0f3b454246ab2932df9db36a2d57aa21d
Author: Marcus Christie <ma...@apache.org>
AuthorDate: Fri Sep 18 13:56:53 2020 -0400
Ansible: rename, keep old simvascular deploy until migration is complete
---
.../production/host_vars/simvascular_old/vars.yml | 53 ++++++++++++++++++++++
.../production/host_vars/simvascular_old/vault.yml | 15 ++++++
.../ansible/inventories/scigap/production/hosts | 2 +-
3 files changed, 69 insertions(+), 1 deletion(-)
diff --git a/dev-tools/ansible/inventories/scigap/production/host_vars/simvascular_old/vars.yml b/dev-tools/ansible/inventories/scigap/production/host_vars/simvascular_old/vars.yml
new file mode 100644
index 0000000..76c92ea
--- /dev/null
+++ b/dev-tools/ansible/inventories/scigap/production/host_vars/simvascular_old/vars.yml
@@ -0,0 +1,53 @@
+#
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+
+---
+vhost_servername: "django.simvascular.scigap.org"
+vhost_ssl: True
+ssl_certificate_file: "/etc/letsencrypt/live/django.simvascular.scigap.org/cert.pem"
+ssl_certificate_chain_file: "/etc/letsencrypt/live/django.simvascular.scigap.org/fullchain.pem"
+ssl_certificate_key_file: "/etc/letsencrypt/live/django.simvascular.scigap.org/privkey.pem"
+django_database_name: "django_simvascular"
+
+django_file_upload_max_file_size_mb: 2000
+django_pga_url: "https://gateway.simvascular.org"
+
+## Keycloak related variables
+tenant_domain: "simvascular"
+oauth_client_key: "{{ vault_oauth_client_key }}"
+oauth_client_secret: "{{ vault_oauth_client_secret }}"
+
+auth_options:
+ password:
+ name: "SimVascular"
+ external:
+ - name: "existing institution credentials"
+ idp_alias: "cilogon"
+ logo: "images/cilogon-logo-24x24-b.png"
+
+gateway_id: "simvascular"
+experiment_data_dir: "{{ user_data_dir }}/simvascular"
+gateway_data_store_ssh_public_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCNdivlUyLh11poF2vufwa8pCjVY0/fkvym9qdpEeu6nS55CVZe5VXqA1NZ+IwVDabAFwoLrUvaWt7eE8POEZNiBgtonZ21x6KIK5/HilSM6jHds1u6NY436AiHqmcybO/u+NkUI8gUjWTbs4S/i/2WfvAHZc3dbcCHls3QgG55TqOdNnh2pjFLSA1wu0d1qRnrPwnje/yC4GD+3XU1HPLHb9FXLHO4umswKq8sDk2lOIN7u08pCF8Y+BPYfmEdvY8oFwdVsj3OoA3fWEE42xTjb3g65X2oCbhco1g1ya0cfJMgSUbHCcOc2D//rXD+L4/z0/A2VCiEFJtTllrws609"
+
+admin_emails: "[('CIRC', 'circ-iu-group@iu.edu'), ('Alison Marsden', 'amarsden@stanford.edu'), ('Nathan Wilson', 'nwilson@osmsc.com'), ('Eroma Abeysinghe', 'eabeysin@iu.edu'), ('Martin Pfaller','pfaller@stanford.edu'), ('Weiguang Yang','wgyang@stanford.edu'), ('David W. Parker','davep@stanford.edu')]"
+portal_title: "SimVascular Gateway Portal"
+
+django_google_analytics_tracking_id: "UA-111528347-7"
+...
diff --git a/dev-tools/ansible/inventories/scigap/production/host_vars/simvascular_old/vault.yml b/dev-tools/ansible/inventories/scigap/production/host_vars/simvascular_old/vault.yml
new file mode 100644
index 0000000..aecdd17
--- /dev/null
+++ b/dev-tools/ansible/inventories/scigap/production/host_vars/simvascular_old/vault.yml
@@ -0,0 +1,15 @@
+$ANSIBLE_VAULT;1.1;AES256
+33323735346138626633386636373833613861656535663834366466343266666239626466623062
+6237336437386537613964613233313965343632386430310a303532646239633533333631636236
+34333630363961663936663037643362316262386330313935666634653062623937356234306662
+3766366539316437300a633165313136623366663561633961383138626161333962303633363134
+31666430633339353838313931616164613832663031643939336339326135623761343264356430
+35363264326334623761643363386539326461303338633862333239363561326137616166376162
+39353837653565343837663063363330386538353334666162663838616263306364396339346338
+65303761376431313865323534656639346365633265303639396465656334636139383434626365
+31616430666437323162343135316435306231646630323364353962316135643262343634386530
+65663439643333393534343233343463356635323738383930613064633032333664386631383033
+66316165633930643664363531346164616632353533393436623230626162373965313366313832
+66633963613134366539306166343339623136336132373138353435613435326132663332373065
+38306164623938303133303866616231666136313434333835663264373536363663636538646536
+6134613564643561346338633932313739623431333530613465
diff --git a/dev-tools/ansible/inventories/scigap/production/hosts b/dev-tools/ansible/inventories/scigap/production/hosts
index 1a833bf..f93c6ac 100644
--- a/dev-tools/ansible/inventories/scigap/production/hosts
+++ b/dev-tools/ansible/inventories/scigap/production/hosts
@@ -48,7 +48,7 @@ saverx ansible_host=156.56.104.84
sdstate ansible_host=156.56.104.84
seagrid ansible_host=156.56.104.84
searchsra ansible_host=156.56.104.84
-simvascular ansible_host=156.56.104.84
+simvascular_old ansible_host=156.56.104.84
snowvision ansible_host=156.56.104.84
southdakota ansible_host=156.56.104.84
testdrive ansible_host=156.56.104.84
[airavata] 02/09: Ansible: enable Django deploy on Ubuntu 18
Posted by ma...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
machristie pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/airavata.git
commit b40a9349746a8c97b734bd2e2199f0b79ed22b5c
Author: Marcus Christie <ma...@apache.org>
AuthorDate: Fri Mar 6 10:55:26 2020 -0500
Ansible: enable Django deploy on Ubuntu 18
---
dev-tools/ansible/django.yml | 2 +-
dev-tools/ansible/roles/django/tasks/main.yml | 7 ++
.../tasks/{main.yml => install_deps_CentOS_7.yml} | 5 +-
.../tasks/install_deps_Ubuntu_18.yml} | 37 ++++-----
.../ansible/roles/django_setup/tasks/main.yml | 87 +---------------------
dev-tools/ansible/roles/env_setup/tasks/main.yml | 13 ++++
.../roles/httpd/tasks/install_deps_Ubuntu_16.yml | 7 --
.../tasks/install_deps_Ubuntu_18.yml} | 39 ++++------
dev-tools/ansible/roles/httpd/tasks/main.yml | 41 ++++++++++
dev-tools/ansible/roles/letsencrypt/tasks/main.yml | 20 +++++
10 files changed, 115 insertions(+), 143 deletions(-)
diff --git a/dev-tools/ansible/django.yml b/dev-tools/ansible/django.yml
index 02c2220..9f9227f 100644
--- a/dev-tools/ansible/django.yml
+++ b/dev-tools/ansible/django.yml
@@ -30,7 +30,7 @@
when: inventory_hostname == groups['django_' + ansible_hostname][0]
# Oracle JDK is needed by Django apps that call Java code (e.g., SimCCS Maptool)
# - role: java
- # when: inventory_hostname == groups['django_' + ansible_hostname][0]
+ # when: inventory_hostname == groups['django_' + ansible_hostname][0] and ansible_os_family == "RedHat"
- role: httpd
when: inventory_hostname == groups['django_' + ansible_hostname][0]
- role: letsencrypt
diff --git a/dev-tools/ansible/roles/django/tasks/main.yml b/dev-tools/ansible/roles/django/tasks/main.yml
index 831725a..13d449b 100644
--- a/dev-tools/ansible/roles/django/tasks/main.yml
+++ b/dev-tools/ansible/roles/django/tasks/main.yml
@@ -270,6 +270,13 @@
- restart httpd
when: vhost_ssl
+- name: Enable site in Apache (Debian)
+ command: a2ensite django-{{ gateway_id }}
+ become: yes
+ notify:
+ - restart httpd
+ when: ansible_os_family == "Debian"
+
- name: copy user's SSH key for the gateway data store
authorized_key:
user: "{{user}}"
diff --git a/dev-tools/ansible/roles/django_setup/tasks/main.yml b/dev-tools/ansible/roles/django_setup/tasks/install_deps_CentOS_7.yml
similarity index 97%
copy from dev-tools/ansible/roles/django_setup/tasks/main.yml
copy to dev-tools/ansible/roles/django_setup/tasks/install_deps_CentOS_7.yml
index 408c8be..b3d78ee 100644
--- a/dev-tools/ansible/roles/django_setup/tasks/main.yml
+++ b/dev-tools/ansible/roles/django_setup/tasks/install_deps_CentOS_7.yml
@@ -17,9 +17,10 @@
# specific language governing permissions and limitations
# under the License.
#
+
---
-- name: Install Airavata Django Portal prerequisites
+- name: Install Airavata Django Portal prerequisites (CentOS 7)
yum: name={{ item }} state=latest update_cache=yes
with_items:
- python36
@@ -105,5 +106,3 @@
- /tmp/django-httpd.mod
- /tmp/django-httpd.pp
- /tmp/django-httpd.te
-
-...
diff --git a/dev-tools/ansible/roles/letsencrypt/tasks/main.yml b/dev-tools/ansible/roles/django_setup/tasks/install_deps_Ubuntu_18.yml
similarity index 59%
copy from dev-tools/ansible/roles/letsencrypt/tasks/main.yml
copy to dev-tools/ansible/roles/django_setup/tasks/install_deps_Ubuntu_18.yml
index 0c46e46..37ae751 100644
--- a/dev-tools/ansible/roles/letsencrypt/tasks/main.yml
+++ b/dev-tools/ansible/roles/django_setup/tasks/install_deps_Ubuntu_18.yml
@@ -20,28 +20,19 @@
---
-- name: install certbot and dependencies
- yum: name={{ item }} state=installed update_cache=yes
+- name: Install prerequisites
+ apt: name="{{ item }}" state=latest update_cache=yes
with_items:
- - certbot
- - python2-acme
- - python2-certbot-apache
- become_user: root
+ - python3.6
+ - apache2-dev
+ - python3.6-dev
+ - python3-venv
+ # Needed by https://pypi.org/project/mysqlclient/
+ - default-libmysqlclient-dev
+ # mod_wsgi Apache module
+ - libapache2-mod-wsgi-py3
+ become: yes
-- name: enable certbot (letsencrypt) renewal
- systemd:
- state: started
- enabled: true
- name: certbot-renew
- daemon_reload: true
- become: true
- become_user: root
-
-- name: enable certbot (letsencrypt) renewal timer
- systemd:
- state: started
- enabled: true
- name: certbot-renew.timer
- daemon_reload: true
- become: true
- become_user: root
+- name: enable Apache mod_wsgi module
+ command: a2enmod wsgi
+ become: yes
diff --git a/dev-tools/ansible/roles/django_setup/tasks/main.yml b/dev-tools/ansible/roles/django_setup/tasks/main.yml
index 408c8be..2d453e3 100644
--- a/dev-tools/ansible/roles/django_setup/tasks/main.yml
+++ b/dev-tools/ansible/roles/django_setup/tasks/main.yml
@@ -19,91 +19,6 @@
#
---
-- name: Install Airavata Django Portal prerequisites
- yum: name={{ item }} state=latest update_cache=yes
- with_items:
- - python36
- - httpd-devel
- - python36-devel
- - mysql-devel
- - gcc
- - zlib-devel
- - openssl-devel
- become: yes
-
-- name: Create mod_wsgi directory
- file: path={{ mod_wsgi_dir }} state=directory
- become: yes
-
-- name: Fetch mod_wsgi
- get_url:
- url: "{{ mod_wsgi_url }}"
- dest: "{{ mod_wsgi_tarball_dest }}"
- become: yes
-
-- name: Untar mod_wsgi
- unarchive:
- src: "{{ mod_wsgi_tarball_dest }}"
- remote_src: yes
- dest: "{{ mod_wsgi_dir }}"
- creates: "{{ mod_wsgi_unarchive_dir }}"
- become: yes
-
-- name: Configure mod_wsgi
- command: ./configure --with-python=/usr/bin/python3
- args:
- chdir: "{{ mod_wsgi_unarchive_dir }}"
- creates: "{{ mod_wsgi_unarchive_dir }}/Makefile"
- become: yes
-
-- name: make mod_wsgi
- command: make
- args:
- chdir: "{{ mod_wsgi_unarchive_dir }}"
- creates: "{{ mod_wsgi_unarchive_dir }}/src/server/mod_wsgi.la"
- become: yes
-
-- name: make install mod_wsgi
- command: make install
- args:
- chdir: "{{ mod_wsgi_unarchive_dir }}"
- become: yes
-
-- name: Copy mod_wsgi config file
- copy:
- src: 00-wsgi.conf
- dest: "{{ httpd_conf_modules_dir }}/00-wsgi.conf"
- become: yes
-
-# Allow httpd to copy file attributes when handling uploaded files and moving
-# them from temporary to final destination (which may cross partitions)
-- name: double check policycoreutils installed
- yum: name=policycoreutils-python state=installed
- become: yes
-
-- name: Copy SELinux type enforcement file
- copy: src=django-httpd.te dest=/tmp/
-
-- name: Compile SELinux module file
- command: checkmodule -M -m -o /tmp/django-httpd.mod /tmp/django-httpd.te
-
-- name: Build SELinux policy package
- command: semodule_package -o /tmp/django-httpd.pp -m /tmp/django-httpd.mod
-
-- name: unLoad SELinux policy package
- command: semodule -r django-httpd
- become: yes
- ignore_errors: True
-
-- name: Load SELinux policy package
- command: semodule -i /tmp/django-httpd.pp
- become: yes
-
-- name: Remove temporary files
- file: path={{ item }} state=absent
- with_items:
- - /tmp/django-httpd.mod
- - /tmp/django-httpd.pp
- - /tmp/django-httpd.te
+- include: install_deps_{{ ansible_distribution }}_{{ ansible_distribution_major_version }}.yml
...
diff --git a/dev-tools/ansible/roles/env_setup/tasks/main.yml b/dev-tools/ansible/roles/env_setup/tasks/main.yml
index 716cffd..38abc04 100644
--- a/dev-tools/ansible/roles/env_setup/tasks/main.yml
+++ b/dev-tools/ansible/roles/env_setup/tasks/main.yml
@@ -57,4 +57,17 @@
firewalld: port="22/tcp"
zone=public permanent=true state=enabled immediate=yes
become: yes
+ when: ansible_os_family == "RedHat"
+
+# Issues with firewalld module on Ubuntu https://github.com/ansible/ansible/issues/24855
+# So as workaround, just calling firewall-cmd directly for now
+- name: open firewall port 22 for SSH connections (Debian)
+ command: firewall-cmd --zone=public --add-port=22/tcp
+ become: yes
+ when: ansible_os_family == "Debian"
+
+- name: open firewall port 22 for SSH connections permanently (Debian)
+ command: firewall-cmd --zone=public --permanent --add-port=22/tcp
+ become: yes
+ when: ansible_os_family == "Debian"
...
diff --git a/dev-tools/ansible/roles/httpd/tasks/install_deps_Ubuntu_16.yml b/dev-tools/ansible/roles/httpd/tasks/install_deps_Ubuntu_16.yml
index 7ceabda..7a83d57 100644
--- a/dev-tools/ansible/roles/httpd/tasks/install_deps_Ubuntu_16.yml
+++ b/dev-tools/ansible/roles/httpd/tasks/install_deps_Ubuntu_16.yml
@@ -55,10 +55,3 @@
owner: www-data
group: www-data
mode: 0775
-
-- name: set DocumentRoot in default site-enabled
- lineinfile:
- dest: /etc/apache2/sites-enabled/000-default.conf
- line: ' DocumentRoot "/var/www/html/php-gateway/public"'
- regexp: '^\s+DocumentRoot'
- state: present
diff --git a/dev-tools/ansible/roles/letsencrypt/tasks/main.yml b/dev-tools/ansible/roles/httpd/tasks/install_deps_Ubuntu_18.yml
similarity index 59%
copy from dev-tools/ansible/roles/letsencrypt/tasks/main.yml
copy to dev-tools/ansible/roles/httpd/tasks/install_deps_Ubuntu_18.yml
index 0c46e46..40ae0e1 100644
--- a/dev-tools/ansible/roles/letsencrypt/tasks/main.yml
+++ b/dev-tools/ansible/roles/httpd/tasks/install_deps_Ubuntu_18.yml
@@ -20,28 +20,21 @@
---
-- name: install certbot and dependencies
- yum: name={{ item }} state=installed update_cache=yes
+- name: Install prerequisites
+ apt: name="{{ item }}" state=latest update_cache=yes
with_items:
- - certbot
- - python2-acme
- - python2-certbot-apache
- become_user: root
+ - git
+ - apache2
+ - python-selinux
+ - python-apt
+ - unzip
+ - openssl
+ - curl
+ become: yes
-- name: enable certbot (letsencrypt) renewal
- systemd:
- state: started
- enabled: true
- name: certbot-renew
- daemon_reload: true
- become: true
- become_user: root
-
-- name: enable certbot (letsencrypt) renewal timer
- systemd:
- state: started
- enabled: true
- name: certbot-renew.timer
- daemon_reload: true
- become: true
- become_user: root
+- name: enable apache rewrite
+ command: a2enmod {{ item }}
+ with_items:
+ - rewrite
+ - ssl
+ become: yes
diff --git a/dev-tools/ansible/roles/httpd/tasks/main.yml b/dev-tools/ansible/roles/httpd/tasks/main.yml
index 2f7be68..15a71fd 100644
--- a/dev-tools/ansible/roles/httpd/tasks/main.yml
+++ b/dev-tools/ansible/roles/httpd/tasks/main.yml
@@ -87,13 +87,54 @@
- http
- https
become: yes
+ when: ansible_os_family == "RedHat"
- name: open firewall port {{ httpd_default_http_port }}
firewalld: port="{{ httpd_default_http_port }}/tcp"
zone=public permanent=true state=enabled immediate=yes
become: yes
+ when: ansible_os_family == "RedHat"
- name: open firewall port {{ httpd_default_https_port }}
firewalld: port="{{ httpd_default_https_port }}/tcp"
zone=public permanent=true state=enabled immediate=yes
become: yes
+ when: ansible_os_family == "RedHat"
+
+# Issues with firewalld module oon Ubuntu https://github.com/ansible/ansible/issues/24855
+# So as workaround, just calling firewall-cmd directly for now
+- name: Enable https and http service on public zone (Debian)
+ command: firewall-cmd --zone=public --add-service={{ item }}
+ with_items:
+ - http
+ - https
+ become: yes
+ when: ansible_os_family == "Debian"
+
+- name: Enable https and http service on public zone permanently (Debian)
+ command: firewall-cmd --zone=public --permanent --add-service={{ item }}
+ with_items:
+ - http
+ - https
+ become: yes
+ when: ansible_os_family == "Debian"
+
+- name: open firewall port {{ httpd_default_http_port }} (Debian)
+ command: firewall-cmd --zone=public --add-port={{ httpd_default_http_port}}/tcp
+ become: yes
+ when: ansible_os_family == "Debian"
+
+- name: open firewall port {{ httpd_default_http_port }} permanently (Debian)
+ command: firewall-cmd --zone=public --permanent --add-port={{ httpd_default_http_port}}/tcp
+ become: yes
+ when: ansible_os_family == "Debian"
+
+- name: open firewall port {{ httpd_default_https_port }} (Debian)
+ command: firewall-cmd --zone=public --add-port={{ httpd_default_https_port }}/tcp
+ become: yes
+ when: ansible_os_family == "Debian"
+
+- name: open firewall port {{ httpd_default_https_port }} permanently (Debian)
+ command: firewall-cmd --zone=public --permanent --add-port={{ httpd_default_https_port }}/tcp
+ become: yes
+ when: ansible_os_family == "Debian"
diff --git a/dev-tools/ansible/roles/letsencrypt/tasks/main.yml b/dev-tools/ansible/roles/letsencrypt/tasks/main.yml
index 0c46e46..a217077 100644
--- a/dev-tools/ansible/roles/letsencrypt/tasks/main.yml
+++ b/dev-tools/ansible/roles/letsencrypt/tasks/main.yml
@@ -27,6 +27,24 @@
- python2-acme
- python2-certbot-apache
become_user: root
+ when: ansible_os_family == "RedHat"
+
+- name: add Certbot PPA repository
+ apt_repository:
+ repo: "ppa:certbot/certbot"
+ become: yes
+ when: ansible_os_family == "Debian"
+
+- name: Install Certbot and dependencies (Debian)
+ apt: name={{ item }} state=latest update_cache=yes
+ with_items:
+ - certbot
+ - python-certbot-apache
+ become: yes
+ when: ansible_os_family == "Debian"
+
+# Note: on Ubuntu crontab is automatically created to run cert renewal. Only
+# CentOS requires enabling the certbot-renew timer.
- name: enable certbot (letsencrypt) renewal
systemd:
@@ -36,6 +54,7 @@
daemon_reload: true
become: true
become_user: root
+ when: ansible_os_family == "RedHat"
- name: enable certbot (letsencrypt) renewal timer
systemd:
@@ -45,3 +64,4 @@
daemon_reload: true
become: true
become_user: root
+ when: ansible_os_family == "RedHat"
[airavata] 04/09: Ansible: fix default DocumentRoot on Ubuntu 18
Posted by ma...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
machristie pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/airavata.git
commit aef45ae0154bd27efa1fb355a85e181baecf6230
Author: Marcus Christie <ma...@apache.org>
AuthorDate: Fri Mar 13 10:03:39 2020 -0400
Ansible: fix default DocumentRoot on Ubuntu 18
---
dev-tools/ansible/roles/httpd/defaults/main.yml | 3 +++
dev-tools/ansible/roles/httpd/templates/default.conf.j2 | 4 ++--
2 files changed, 5 insertions(+), 2 deletions(-)
diff --git a/dev-tools/ansible/roles/httpd/defaults/main.yml b/dev-tools/ansible/roles/httpd/defaults/main.yml
index 1317100..d1e6053 100644
--- a/dev-tools/ansible/roles/httpd/defaults/main.yml
+++ b/dev-tools/ansible/roles/httpd/defaults/main.yml
@@ -42,6 +42,9 @@ httpd_default_ssl_vhost_certificate_key_dir:
httpd_default_ssl_vhost_certificate_key_location:
RedHat: "/etc/httpd/ssl/private/default_vhost.key"
Debian: "/etc/apache2/ssl/private/default_vhost.key"
+httpd_default_document_root:
+ RedHat: "/www/default"
+ Debian: "/var/www/html"
httpd_name:
Debian: apache2
RedHat: httpd
diff --git a/dev-tools/ansible/roles/httpd/templates/default.conf.j2 b/dev-tools/ansible/roles/httpd/templates/default.conf.j2
index 1bf550d..ee83a03 100644
--- a/dev-tools/ansible/roles/httpd/templates/default.conf.j2
+++ b/dev-tools/ansible/roles/httpd/templates/default.conf.j2
@@ -1,10 +1,10 @@
# Setup default virtual host as a catchall to prevent resolving to the first defined virtual host
# This will show the welcome page when requesting on the ip address or server default hostname
<VirtualHost *:{{ httpd_default_http_port }}>
- DocumentRoot "/www/default"
+ DocumentRoot "{{ httpd_default_document_root[ansible_os_family] }}"
</VirtualHost>
<VirtualHost *:{{ httpd_default_https_port }}>
- DocumentRoot "/www/default"
+ DocumentRoot "{{ httpd_default_document_root[ansible_os_family] }}"
SSLEngine on
SSLCertificateFile "{{ httpd_default_ssl_vhost_certificate_location[ansible_os_family] }}"
SSLCertificateKeyFile "{{ httpd_default_ssl_vhost_certificate_key_location[ansible_os_family] }}"
[airavata] 09/09: Ansible: deploy Django portal to simvascular
server with its own local database
Posted by ma...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
machristie pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/airavata.git
commit 181834ec0648edc8d47c359c7ecec95fb40ead36
Author: Marcus Christie <ma...@apache.org>
AuthorDate: Fri Sep 18 10:51:02 2020 -0400
Ansible: deploy Django portal to simvascular server with its own local database
---
.../production/host_vars/simvascular/vars.yml | 8 +++---
.../production/host_vars/simvascular/vault.yml | 31 ++++++++++++----------
dev-tools/ansible/roles/django/tasks/database.yml | 10 +++++++
3 files changed, 31 insertions(+), 18 deletions(-)
diff --git a/dev-tools/ansible/inventories/scigap/production/host_vars/simvascular/vars.yml b/dev-tools/ansible/inventories/scigap/production/host_vars/simvascular/vars.yml
index f1896f0..3c9195f 100644
--- a/dev-tools/ansible/inventories/scigap/production/host_vars/simvascular/vars.yml
+++ b/dev-tools/ansible/inventories/scigap/production/host_vars/simvascular/vars.yml
@@ -26,9 +26,10 @@ django_tus_endpoint: "https://tus.simvascular.scigap.org/files/"
# configure user_data_dir and real_user_data_dir
user_data_dir: "/var/www/portals/gateway-user-data"
real_user_data_dir: "/home/www-shared/gateway-user-data"
-# TODO: until we can fix the networking issue between simvascular.stanford.edu
-# and scigap01, we'll just use a sqlite database
-django_database_backend: "sqlite3"
+django_database_host_ip_address: "localhost"
+django_database_hosts:
+ # Database is installed on the same host as the Django server
+ - simvascular
vhost_servername: "new.django.simvascular.scigap.org"
vhost_ssl: True
@@ -37,7 +38,6 @@ ssl_certificate_chain_file: "/etc/letsencrypt/live/{{ vhost_servername }}/fullch
ssl_certificate_key_file: "/etc/letsencrypt/live/{{ vhost_servername }}/privkey.pem"
django_file_upload_max_file_size_mb: 2000
-django_pga_url: "https://gateway.simvascular.org"
## Keycloak related variables
tenant_domain: "simvascular"
diff --git a/dev-tools/ansible/inventories/scigap/production/host_vars/simvascular/vault.yml b/dev-tools/ansible/inventories/scigap/production/host_vars/simvascular/vault.yml
index aecdd17..929364c 100644
--- a/dev-tools/ansible/inventories/scigap/production/host_vars/simvascular/vault.yml
+++ b/dev-tools/ansible/inventories/scigap/production/host_vars/simvascular/vault.yml
@@ -1,15 +1,18 @@
$ANSIBLE_VAULT;1.1;AES256
-33323735346138626633386636373833613861656535663834366466343266666239626466623062
-6237336437386537613964613233313965343632386430310a303532646239633533333631636236
-34333630363961663936663037643362316262386330313935666634653062623937356234306662
-3766366539316437300a633165313136623366663561633961383138626161333962303633363134
-31666430633339353838313931616164613832663031643939336339326135623761343264356430
-35363264326334623761643363386539326461303338633862333239363561326137616166376162
-39353837653565343837663063363330386538353334666162663838616263306364396339346338
-65303761376431313865323534656639346365633265303639396465656334636139383434626365
-31616430666437323162343135316435306231646630323364353962316135643262343634386530
-65663439643333393534343233343463356635323738383930613064633032333664386631383033
-66316165633930643664363531346164616632353533393436623230626162373965313366313832
-66633963613134366539306166343339623136336132373138353435613435326132663332373065
-38306164623938303133303866616231666136313434333835663264373536363663636538646536
-6134613564643561346338633932313739623431333530613465
+39656265613239336132643464393439353834333938363462333835356235613837366431376435
+3661323464643837663338623333386132666534663031320a666134633334663333663035646366
+64653734663437613361613736396565393162663465666133323530613166613165366130333961
+3264336232666161630a393064356331346566646261393939373730356635353063643138373761
+33393866383935383837306565343830306564346165666361303036353566303639306365666465
+35323135356433656663663166653936373433663039313464346530643837303235663030393934
+38326436336137393035616238333764383939393234366131383836316565343134323734626665
+38313139633032643338336431623436623333353832323936303035393535656436643036663731
+39343638333938386239323035356561646236323366333331363966613731333332333237633431
+39366535613037343334356338373439356234656139383339346537323363323835333433623266
+36373734636533376566613032326363336332306438363536636265336339336264346664643038
+65373431393164386561376565313862313866316334326333633263626365663731323035353363
+62646230343664316366323961353566356334356332306661646235653938366562313935396363
+65643261343335663333663538323335366265386564346164346662353832643763336438646362
+66653963343961303264363033663635656161363130343762346235326632353333396630323732
+37383630653133386266386332356631663932643365646330616436323366373439653365343134
+61336161616566356433386636376130316563396662623063303364323935313730
diff --git a/dev-tools/ansible/roles/django/tasks/database.yml b/dev-tools/ansible/roles/django/tasks/database.yml
index 964f8b0..4589562 100644
--- a/dev-tools/ansible/roles/django/tasks/database.yml
+++ b/dev-tools/ansible/roles/django/tasks/database.yml
@@ -20,6 +20,16 @@
---
+- name: Adds Python MySQL support on Debian/Ubuntu
+ apt: pkg="python-mysqldb" state=present
+ become_user: root
+ when: ansible_os_family == 'Debian'
+
+- name: Adds Python MySQL support on RedHat/CentOS
+ yum: name=MySQL-python state=present
+ become_user: root
+ when: ansible_os_family == 'RedHat'
+
- name: create django database ({{ django_database_name }})
mysql_db: name="{{ django_database_name }}" state=present encoding=utf8 collation=utf8_bin