You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airavata.apache.org by sc...@apache.org on 2016/10/03 15:38:35 UTC
[15/50] [abbrv] airavata git commit: Imported ansible-airavata repo
to airavata repo
http://git-wip-us.apache.org/repos/asf/airavata/blob/514567c8/dev-tools/ansible/roles/pga/templates/pga_config.php.j2
----------------------------------------------------------------------
diff --cc dev-tools/ansible/roles/pga/templates/pga_config.php.j2
index 0000000,0000000..7b38575
new file mode 100644
--- /dev/null
+++ b/dev-tools/ansible/roles/pga/templates/pga_config.php.j2
@@@ -1,0 -1,0 +1,248 @@@
++<?php
++return array(
++ /**
++ * *****************************************************************
++ * WSO2 Identity Server Related Configurations
++ * *****************************************************************
++ */
++
++ 'wsis' => [
++
++ /**
++ * Admin Role Name
++ */
++ 'admin-role-name' => 'admin',
++
++ /**
++ * Read only Admin Role Name
++ */
++ 'read-only-admin-role-name' => 'admin-read-only',
++
++ /**
++ * Gateway user role
++ */
++ 'user-role-name' => 'gateway-user',
++
++ /**
++ * Tenant Domain
++ */
++ 'tenant-domain' => '{{ tenant_domain }}',
++
++ /**
++ * Tenant admin's username
++ */
++ 'admin-username' => '{{ admin_username }}',
++
++ /**
++ * Tenant admin's password
++ */
++ 'admin-password' => '{{ admin_password }}',
++
++ /**
++ * OAuth client key
++ */
++ 'oauth-client-key' => '{{ oauth_client_key }}',
++
++ /**
++ * OAuth client secret
++ */
++ 'oauth-client-secret' => '{{ oauth_client_secret }}',
++
++ /**
++ * OAuth Grant Type (password or authorization_code)
++ */
++ 'oauth-grant-type' => 'password',
++
++ /**
++ * Identity server domain
++ */
++ 'server' => 'idp.scigap.org',
++
++ /**
++ * Identity server url
++ */
++ 'service-url' => 'https://idp.scigap.org:9443/',
++
++ /**
++ * Enable HTTPS server verification
++ */
++ 'verify-peer' => true,
++
++ /**
++ * Path to the server certificate file
++ */
++ 'cafile-path' => app_path() . '/resources/security/idp_scigap_org.pem',
++
++ /**
++ * Allow self signed server certificates
++ */
++ 'allow-self-signed-cert' => false
++ ],
++
++
++ /**
++ * *****************************************************************
++ * Airavata Client Configurations
++ * *****************************************************************
++ */
++ 'airavata' => [
++
++ /**
++ * Airavata API server location. Use tls:// as the protocol to
++ * connect TLS enabled Airavata
++ */
++ 'airavata-server' => '{{ airavata_server }}',
++
++ /**
++ * Airavata API server port
++ */
++ 'airavata-port' => '{{ airavata_port }}',
++
++ /**
++ * Airavata API server thrift communication timeout
++ */
++ 'airavata-timeout' => '1000000',
++
++ /**
++ * PGA Gateway ID
++ */
++ 'gateway-id' => '{{ gateway_id }}',
++
++ /**
++ * Maximum size of a file which is allowed to upload to the server
++ */
++ 'server-allowed-file-size' => 64,
++
++ /**
++ * absolute path of the data dir
++ */
++ 'experiment-data-absolute-path' => '{{ experiment_data_dir }}',
++
++ /**
++ * Advanced experiments options
++ */
++ 'advanced-experiment-options' => '',
++
++ /**
++ * Default queue name
++ */
++ 'queue-name' => 'long',
++
++ /**
++ * Default node count
++ */
++ 'node-count' => '1',
++
++ /**
++ * Default total core count
++ */
++ 'total-cpu-count' => '16',
++
++ /**
++ * Default wall time limit
++ */
++ 'wall-time-limit' => '30',
++
++ /**
++ * Enable app-catalog cache
++ */
++ 'enable-app-catalog-cache' => true,
++
++ /**
++ * Life time of app catalog data cache in minutes
++ */
++ 'app-catalog-cache-duration' => 5,
++
++ /**
++ * Gateway data store resource id
++ */
++ 'gateway-data-store-resource-id' => '{{ gateway_data_store_resource_id }}',
++
++ /**
++ * Data Sharing enabled
++ */
++ 'data-sharing-enabled' => false
++ ],
++
++ /**
++ * *****************************************************************
++ * Portal Related Configurations
++ * *****************************************************************
++ */
++ 'portal' => [
++ /**
++ * Whether this portal is the SciGaP admin portal
++ */
++ 'super-admin-portal' => {{ super_admin_portal }},
++
++ /**
++ * Set the name of theme in use here
++ */
++ 'theme' => 'base',
++
++ /**
++ * Portal title
++ */
++ 'portal-title' => 'Airavata PHP Gateway',
++
++ /**
++ * Email address of the portal admin. Portal admin well get email notifications for events
++ * such as new user creation
++ */
++ 'admin-emails' => [{{ admin_emails }}],
++
++ /**
++ * Email account that the portal should login to send emails
++ */
++ 'portal-email-username' => '{{ portal_email_username }}',
++
++ /**
++ * Password for the portal's email account
++ */
++ 'portal-email-password' => '{{ portal_email_password }}',
++
++ /**
++ * SMTP server on which the portal should connect
++ */
++ 'portal-smtp-server-host' => 'smtp.gmail.com',
++
++ /**
++ * SMTP server port on which the portal should connect
++ */
++ 'portal-smtp-server-port' => '587',
++
++ /**
++ * Set JIRA Issue Collector scripts here.
++ */
++ 'jira-help' =>
++ [
++ /**
++ * Report Issue Script issued for your app by Atlassian JIRA
++ */
++ 'report-issue-script' => '',
++ /**
++ * Collector id at the end of the above script
++ */
++ 'report-issue-collector-id' => '',
++ /**
++ * Create Report Script issued for your app by Atlassian JIRA
++ */
++ 'request-feature-script' => '',
++ /**
++ * Collector id at the end of the above script
++ */
++ 'request-feature-collector-id' => ''
++ ],
++
++ /**
++ * Set Google Analytics Id here. ID format that generates from
++ * creating tracker object should be
++ *
++ * UA-XXXXX-Y
++ *
++ * for it to be working correctly. Currently it is only set for
++ * sending pageviews.
++ */
++ 'google-analytics-id' => ''
++ ]
++);
http://git-wip-us.apache.org/repos/asf/airavata/blob/514567c8/dev-tools/ansible/roles/pga/vars/main.yml
----------------------------------------------------------------------
diff --cc dev-tools/ansible/roles/pga/vars/main.yml
index 0000000,0000000..298e897
new file mode 100644
--- /dev/null
+++ b/dev-tools/ansible/roles/pga/vars/main.yml
@@@ -1,0 -1,0 +1,30 @@@
++---
++pga_user: "pga"
++pga_group: "pga"
++doc_root_dir: "/var/www/html/php-gateway"
++user_data_dir: "/var/www/user_data"
++#httpd_conf_file: "/etc/httpd/conf/httpd.conf"
++httpd_conf_file_location: "/etc/httpd/conf"
++
++## WSO2 IS related variables
++tenant_domain: "prod.testdrive"
++admin_username: "tdaadmin"
++admin_password: "SciDeploy"
++oauth_client_key: "RuLl_Uw7i_KXaLoAGJkiasTfyBYa"
++oauth_client_secret: "vD9yi2ANkChzgWiih3RahrIcfsoa"
++
++## Airavata Client related variables
++#airavata_server: "tls://gw77.iu.xsede.org"
++airavata_server: "{{ groups['api-orch'][0] }}"
++airavata_port: "8930"
++gateway_id: "{{ default_gateway }}"
++# relative to document root dir
++experiment_data_dir: "{{ user_data_dir }}"
++gateway_data_store_resource_id: "js-170-103.jetstream-cloud.org_6497a464-3121-4b64-a7cb-d195b0a26c19"
++
++## Portal related variables
++super_admin_portal: "true"
++admin_emails: "'sgg@iu.edu'"
++portal_email_username: "pga.airavata@gmail.com"
++portal_email_password: "airavata12"
++...
http://git-wip-us.apache.org/repos/asf/airavata/blob/514567c8/dev-tools/ansible/roles/rabbitmq/handlers/main.yml
----------------------------------------------------------------------
diff --cc dev-tools/ansible/roles/rabbitmq/handlers/main.yml
index 0000000,0000000..fef807a
new file mode 100644
--- /dev/null
+++ b/dev-tools/ansible/roles/rabbitmq/handlers/main.yml
@@@ -1,0 -1,0 +1,13 @@@
++---
++# Rabbitmq related handlers
++- name: start rabbitmq
++ service: name=rabbitmq-server state=started enabled=yes
++ become: yes
++
++- name: stop rabbitmq
++ service: name=rabbitmq-server state=stopped
++ become: yes
++
++- name: restart rabbitmq
++ service: name=rabbitmq-server state=restarted enabled=yes
++ become: yes
http://git-wip-us.apache.org/repos/asf/airavata/blob/514567c8/dev-tools/ansible/roles/rabbitmq/tasks/main.yml
----------------------------------------------------------------------
diff --cc dev-tools/ansible/roles/rabbitmq/tasks/main.yml
index 0000000,0000000..f44a0a6
new file mode 100644
--- /dev/null
+++ b/dev-tools/ansible/roles/rabbitmq/tasks/main.yml
@@@ -1,0 -1,0 +1,60 @@@
++---
++################################################################################
++# Setup and run rabbitmq
++- name: Install erlang latest version
++ yum: name=https://www.rabbitmq.com/releases/erlang/erlang-18.3-1.el7.centos.x86_64.rpm state=present
++ become: yes
++
++- name: Install Rabbitmq rpm
++ yum: name=https://www.rabbitmq.com/releases/rabbitmq-server/v3.6.3/rabbitmq-server-3.6.3-1.noarch.rpm state=present
++ become: yes
++
++ # add hostname to /etc/hosts file
++- name: get ip4 address
++ # command: dig +short myip.opendns.com @resolver1.opendns.com
++ command: hostname -i
++ register: _ip4
++
++- name: open rabbitmq ports
++ firewalld: port={{ item }} zone=public permanent=true state=enabled immediate=yes
++ with_items:
++ - "{{ rabbitmq_port }}/tcp"
++ - "{{ management_plugin_port }}/tcp"
++ become: yes
++
++- name: Edit /etc/hosts file
++ lineinfile: dest=/etc/hosts line="{{ _ip4.stdout }} {{ ansible_fqdn }}"
++ notify:
++ - restart rabbitmq
++ become: yes
++
++- name: Start Rabbitmq server
++ service: name=rabbitmq-server state=started enabled=yes
++ become: yes
++
++- name: Enable rabbitmq management plugin
++ rabbitmq_plugin: names=rabbitmq_management state=enabled
++ notify:
++ - restart rabbitmq
++ become: yes
++
++- name: Create rabbitmq vhost {{ rabbitmq_vhost }}
++ rabbitmq_vhost: name="{{ rabbitmq_vhost }}" state=present
++ become: yes
++
++- name: Add user {{ rabbitmq_user }} to vhost {{ rabbitmq_vhost }} and give permission
++ rabbitmq_user: user="{{ rabbitmq_user }}"
++ password="{{ rabbitmq_password }}"
++ vhost="{{ rabbitmq_vhost }}"
++ tags="administrator"
++ configure_priv=.*
++ read_priv=.*
++ write_priv=.*
++ state=present
++ become: yes
++
++- name: restart rabbitmq
++ service: name=rabbitmq-server state=restarted
++ become: yes
++
++...
http://git-wip-us.apache.org/repos/asf/airavata/blob/514567c8/dev-tools/ansible/roles/rabbitmq/vars/main.yml
----------------------------------------------------------------------
diff --cc dev-tools/ansible/roles/rabbitmq/vars/main.yml
index 0000000,0000000..c5ab904
new file mode 100644
--- /dev/null
+++ b/dev-tools/ansible/roles/rabbitmq/vars/main.yml
@@@ -1,0 -1,0 +1,2 @@@
++---
++management_plugin_port: "15672"
http://git-wip-us.apache.org/repos/asf/airavata/blob/514567c8/dev-tools/ansible/roles/registry/files/mysql-connector-java-5.1.37-bin.jar
----------------------------------------------------------------------
diff --cc dev-tools/ansible/roles/registry/files/mysql-connector-java-5.1.37-bin.jar
index 0000000,0000000..465af67
new file mode 100644
Binary files differ
http://git-wip-us.apache.org/repos/asf/airavata/blob/514567c8/dev-tools/ansible/roles/registry/tasks/main.yml
----------------------------------------------------------------------
diff --cc dev-tools/ansible/roles/registry/tasks/main.yml
index 0000000,0000000..9bd2784
new file mode 100644
--- /dev/null
+++ b/dev-tools/ansible/roles/registry/tasks/main.yml
@@@ -1,0 -1,0 +1,59 @@@
++---
++
++################################################################################
++- name: Create registry deployment directory
++ file: path="{{ registry_dir }}" state=directory owner={{ user }} group={{ group }}
++ when: build|success
++
++- name: Check previous deployments
++ stat: path="{{ registry_dir }}/{{ airavata_dist }}" get_md5=no get_checksum=no
++ register: check
++
++- name: stop registry
++ command: ./bin/airavata-server-stop.sh -f
++ chdir="{{ registry_dir }}/{{ airavata_dist }}/"
++ removes="{{ registry_dir }}/{{ airavata_dist }}/bin/server_start_*"
++ when: check.stat.exists == True
++
++- name: Delete previous deployments
++ file: path="{{ registry_dir }}/{{ airavata_dist }}" state=absent
++
++- name: Copy distribution to registry deployment directory
++ unarchive: src="{{ airavata_source_dir }}/modules/distribution/target/{{ airavata_dist_name }}"
++ dest="{{ registry_dir }}/"
++ copy=no
++
++- name: set gfac private ip
++ set_fact:
++ registry_host: "{{ ansible_eth0.ipv4.address }}"
++
++- name: Copy Airavata server properties file
++ template: src=airavata-server.properties.j2
++ dest="{{ registry_dir }}/{{ airavata_dist }}/bin/airavata-server.properties"
++ owner={{ user }}
++ group={{ group }}
++ mode="u=rw,g=r,o=r"
++
++- name: Copy Mysql jar to lib
++ copy: src="{{ mysql_connector_jar }}"
++ dest="{{ registry_dir }}/{{ airavata_dist }}/lib/{{ mysql_connector_jar }}"
++ owner={{ user }}
++ group={{ group }}
++
++
++- name: Open firwall ports
++ firewalld: port="{{ registry_port }}/tcp" zone=public permanent=true state=enabled immediate=yes
++ become_user: root
++
++- name: stop registry
++ command: ./bin/airavata-server-stop.sh -f
++ chdir="{{ registry_dir }}/{{ airavata_dist }}/"
++ removes="{{ registry_dir }}/{{ airavata_dist }}/bin/server_start_*"
++
++- name: start registry
++ command: ./bin/airavata-server-start.sh regserver -d
++ chdir="{{ registry_dir }}/{{ airavata_dist }}/"
++ creates="{{ registry_dir }}/{{ airavata_dist }}/bin/server_start_*"
++
++
++...
http://git-wip-us.apache.org/repos/asf/airavata/blob/514567c8/dev-tools/ansible/roles/registry/templates/airavata-server.properties.j2
----------------------------------------------------------------------
diff --cc dev-tools/ansible/roles/registry/templates/airavata-server.properties.j2
index 0000000,0000000..b8d093e
new file mode 100644
--- /dev/null
+++ b/dev-tools/ansible/roles/registry/templates/airavata-server.properties.j2
@@@ -1,0 -1,0 +1,281 @@@
++#
++#
++# Licensed to the Apache Software Foundation (ASF) under one
++# or more contributor license agreements. See the NOTICE file
++# distributed with this work for additional information
++# regarding copyright ownership. The ASF licenses this file
++# to you under the Apache License, Version 2.0 (the
++# "License"); you may not use this file except in compliance
++# with the License. You may obtain a copy of the License at
++#
++# http://www.apache.org/licenses/LICENSE-2.0
++#
++# Unless required by applicable law or agreed to in writing,
++# software distributed under the License is distributed on an
++# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
++# KIND, either express or implied. See the License for the
++# specific language governing permissions and limitations
++# under the License.
++#
++
++###########################################################################
++#
++# This properties file provides configuration for all Airavata Services:
++# API Server, Registry, Workflow Interpreter, GFac, Orchestrator
++#
++###########################################################################
++
++###########################################################################
++# API Server Registry Configuration
++###########################################################################
++
++#for derby [AiravataJPARegistry]
++#registry.jdbc.driver=org.apache.derby.jdbc.ClientDriver
++#registry.jdbc.url=jdbc:derby://localhost:1527/experiment_catalog;create=true;user=airavata;password=airavata
++# MySql database configuration
++registry.jdbc.driver=com.mysql.jdbc.Driver
++registry.jdbc.url=jdbc:mysql://{{ db_server }}:{{ db_server_port }}/{{ exp_catalog }}
++registry.jdbc.user={{ db_user }}
++registry.jdbc.password={{ db_password }}
++#FIXME: Probably the following property should be removed.
++start.derby.server.mode=false
++validationQuery=SELECT 1 from CONFIGURATION
++cache.enable=false
++jpa.cache.size=-1
++#jpa.connection.properties=MaxActive=10,MaxIdle=5,MinIdle=2,MaxWait=60000,testWhileIdle=true,testOnBorrow=true
++enable.sharing={{enable_sharing}}
++
++# Properties for default user mode
++default.registry.user=admin
++default.registry.password=admin
++default.registry.password.hash.method=SHA
++default.registry.gateway={{ default_gateway }}
++
++###########################################################################
++# Application Catalog DB Configuration
++###########################################################################
++#for derby [AiravataJPARegistry]
++#appcatalog.jdbc.driver=org.apache.derby.jdbc.ClientDriver
++#appcatalog.jdbc.url=jdbc:derby://localhost:1527/app_catalog;create=true;user=airavata;password=airavata
++# MySql database configuration
++appcatalog.jdbc.driver=com.mysql.jdbc.Driver
++appcatalog.jdbc.url=jdbc:mysql://{{ db_server }}:3306/{{ app_catalog }}
++appcatalog.jdbc.user={{ db_user }}
++appcatalog.jdbc.password={{ db_password }}
++appcatalog.validationQuery=SELECT 1 from CONFIGURATION
++
++##########################################################################
++# Replica Catalog DB Configuration
++###########################################################################
++#for derby [AiravataJPARegistry]
++#replicacatalog.jdbc.driver=org.apache.derby.jdbc.ClientDriver
++#replicacatalog.jdbc.url=jdbc:derby://localhost:1527/replica_catalog;create=true;user=airavata;password=airavata
++# MySql database configuration
++replicacatalog.jdbc.driver=com.mysql.jdbc.Driver
++replicacatalog.jdbc.url=jdbc:mysql://{{ db_server }}:3306/{{ replica_catalog }}
++replicacatalog.jdbc.user={{ db_user }}
++replicacatalog.jdbc.password={{ db_password }}
++replicacatalog.validationQuery=SELECT 1 from CONFIGURATION
++
++###########################################################################
++# Workflow Catalog DB Configuration
++###########################################################################
++#for derby [AiravataJPARegistry]
++#workflowcatalog.jdbc.driver=org.apache.derby.jdbc.ClientDriver
++#workflowcatalog.jdbc.url=jdbc:derby://localhost:1527/workflow_catalog;create=true;user=airavata;password=airavata
++# MySql database configuration
++workflowcatalog.jdbc.driver=com.mysql.jdbc.Driver
++workflowcatalog.jdbc.url=jdbc:mysql://{{ db_server }}:3306/{{ replica_catalog }}
++workflowcatalog.jdbc.user={{ db_user }}
++workflowcatalog.jdbc.password={{ db_password }}
++workflowcatalog.validationQuery=SELECT 1 from CONFIGURATION
++
++###########################################################################
++# User Profile MongoDB Configuration
++###########################################################################
++userprofile.mongodb.host=localhost
++userprofile.mongodb.port=27017
++
++
++###########################################################################
++# Server module Configuration
++###########################################################################
++#credential store server should be started before API server
++#This is obsolete property with new script files.
++#servers=credentialstore,apiserver,orchestrator
++
++
++###########################################################################
++# API Server Configurations
++###########################################################################
++apiserver=org.apache.airavata.api.server.AiravataAPIServer
++apiserver.name={{ api_server_name }}
++apiserver.host={{ api_server_host }}
++apiserver.port={{ api_server_port }}
++apiserver.min.threads=50
++
++###########################################################################
++# Orchestrator Server Configurations
++###########################################################################
++orchestrator=org.apache.airavata.orchestrator.server.OrchestratorServer
++orchestrator.server.name={{ orchestrator_name }}
++orchestrator.server.host={{ orchestrator_host }}
++orchestrator.server.port={{ orchestrator_port }}
++orchestrator.server.min.threads=50
++job.validators=org.apache.airavata.orchestrator.core.validator.impl.BatchQueueValidator,org.apache.airavata.orchestrator.core.validator.impl.ExperimentStatusValidator
++submitter.interval=10000
++threadpool.size=10
++start.submitter=true
++embedded.mode=true
++enable.validation=true
++
++###########################################################################
++# Registry Server Configurations
++###########################################################################
++regserver=org.apache.airavata.registry.api.service.RegistryAPIServer
++regserver.server.name={{registry_name}}
++regserver.server.host={{registry_host}}
++regserver.server.port={{registry_port}}
++regserver.server.min.threads=50
++
++###########################################################################
++# GFac Server Configurations
++###########################################################################
++gfac=org.apache.airavata.gfac.server.GfacServer
++gfac.server.name={{ gfac_name }}
++gfac.server.host={{ gfac_host }}
++gfac.server.port={{ gfac_port }}
++gfac.thread.pool.size=50
++host.scheduler=org.apache.airavata.gfac.impl.DefaultHostScheduler
++
++
++
++###########################################################################
++# Airavata Workflow Interpreter Configurations
++###########################################################################
++workflowserver=org.apache.airavata.api.server.WorkflowServer
++enactment.thread.pool.size=10
++
++#to define custom workflow parser user following property
++#workflow.parser=org.apache.airavata.workflow.core.parser.AiravataWorkflowBuilder
++
++
++
++###########################################################################
++# Job Scheduler can send informative email messages to you about the status of your job.
++# Specify a string which consists of either the single character "n" (no mail), or one or more
++# of the characters "a" (send mail when job is aborted), "b" (send mail when job begins),
++# and "e" (send mail when job terminates). The default is "a" if not specified.
++###########################################################################
++
++job.notification.enable=true
++#Provide comma separated email ids as a string if more than one
++job.notification.emailids=
++job.notification.flags=abe
++
++###########################################################################
++# Credential Store module Configuration
++###########################################################################
++credential.store.keystore.url={{ keystores_location }}/{{ cred_keystore }}
++credential.store.keystore.alias={{ cred_keystore_alias }}
++credential.store.keystore.password={{ cred_keystore_passwd }}
++credential.store.jdbc.url=jdbc:mysql://{{ db_server }}:3306/{{ credential_store }}
++credential.store.jdbc.user={{ db_user }}
++credential.store.jdbc.password={{ db_password }}
++credential.store.jdbc.driver=com.mysql.jdbc.Driver
++credential.store.server.host={{ cred_store_server_host }}
++credential.store.server.port={{ cred_store_port }}
++credentialstore=org.apache.airavata.credential.store.server.CredentialStoreServer
++credential.stroe.jdbc.validationQuery=SELECT 1 from CONFIGURATION
++
++# these properties used by credential store email notifications
++email.server=smtp.googlemail.com
++email.server.port=465
++email.user=airavata
++email.password=xxx
++email.ssl=true
++email.from=airavata@apache.org
++
++# SSH PKI key pair or ssh password can be used SSH based sshKeyAuthentication is used.
++# if user specify both password sshKeyAuthentication gets the higher preference
++
++################# ---------- For ssh key pair sshKeyAuthentication ------------------- ################
++#ssh.public.key=/path to public key for ssh
++#ssh.private.key=/path to private key file for ssh
++#ssh.keypass=passphrase for the private key
++#ssh.username=username for ssh connection
++## If you set "yes" for ssh.strict.hostKey.checking, then you must provide known hosts file path
++#ssh.strict.hostKey.checking=yes/no
++#ssh.known.hosts.file=/path to known hosts file
++### Incase of password sshKeyAuthentication.
++#ssh.password=Password for ssh connection
++
++################ ---------- BES Properties ------------------- ###############
++#bes.ca.cert.path=<location>/certificates/cacert.pem
++#bes.ca.key.path=<location>/certificates/cakey.pem
++#bes.ca.key.pass=passphrase
++
++###########################################################################
++# Monitoring module Configuration
++###########################################################################
++
++#This will be the primary monitoring tool which runs in airavata, in future there will be multiple monitoring
++#mechanisms and one would be able to start a monitor
++monitors=org.apache.airavata.gfac.monitor.impl.pull.qstat.QstatMonitor,org.apache.airavata.gfac.monitor.impl.LocalJobMonitor
++
++#These properties will used to enable email base monitoring
++email.based.monitor.host=imap.gmail.com
++email.based.monitor.address={{ monitor_email_address }}
++email.based.monitor.password={{ monitor_email_password }}
++email.based.monitor.folder.name=INBOX
++# either imaps or pop3
++email.based.monitor.store.protocol=imaps
++#These property will be used to query the email server periodically. value in milliseconds(ms).
++email.based.monitoring.period=10000
++
++###########################################################################
++# AMQP Notification Configuration
++###########################################################################
++#for simple scenarios we can use the guest user
++#rabbitmq.broker.url=amqp://localhost:5672
++#for production scenarios, give url as amqp://userName:password@hostName:portNumber/virtualHost, create user, virtualhost
++# and give permissions, refer: http://blog.dtzq.com/2012/06/rabbitmq-users-and-virtual-hosts.html
++rabbitmq.broker.url={{ rabbitmq_broker_url }}
++rabbitmq.status.exchange.name=status_exchange
++rabbitmq.process.exchange.name=process_exchange
++rabbitmq.experiment.exchange.name=experiment_exchange
++durable.queue=false
++prefetch.count=200
++process.launch.queue.name=process.launch.queue
++experiment.launch..queue.name=experiment.launch.queue
++
++###########################################################################
++# Zookeeper Server Configuration
++###########################################################################
++embedded.zk=false
++zookeeper.server.connection={{ zookeeper_url }}
++zookeeper.timeout=30000
++
++########################################################################
++## API Security Configuration
++########################################################################
++api.secured={{ api_secured }}
++security.manager.class=org.apache.airavata.api.server.security.DefaultAiravataSecurityManager
++### TLS related configuration ####
++TLS.enabled={{ tls_enable }}
++TLS.api.server.port={{ api_server_tls_port }}
++TLS.client.timeout=10000
++#### keystore configuration ####
++keystore.path={{ keystores_location }}/{{ keystore }}
++keystore.password={{ keystore_passwd }}
++#### trust store configuration ####
++trust.store={{ keystores_location }}/{{ client_truststore }}
++trust.store.password=airavata
++#### remote authorization server url ####
++remote.oauth.authorization.server=https://idp.scigap.org:9443/services/
++#### xacml based authorization policy ####
++authorization.policy=airavata-default-xacml-policy
++#### authorization cache related configuration ####
++authz.cache.enabled=true
++authz.cache.manager.class=org.apache.airavata.api.server.security.authzcache.DefaultAuthzCacheManager
++in.memory.cache.size=1000
http://git-wip-us.apache.org/repos/asf/airavata/blob/514567c8/dev-tools/ansible/roles/wso2_is/tasks/main.yml
----------------------------------------------------------------------
diff --cc dev-tools/ansible/roles/wso2_is/tasks/main.yml
index 0000000,0000000..1e506c2
new file mode 100644
--- /dev/null
+++ b/dev-tools/ansible/roles/wso2_is/tasks/main.yml
@@@ -1,0 -1,0 +1,41 @@@
++---
++- name: install role pre-requireties
++ yum: name=unzip state=latest update_cache=yes
++ become: yes
++
++# downlaod wso2 is
++# extract it
++# - name: Download and unarchive wso2 is
++# unarchive: src="{{ zookeeper_url }}" dest="{{ user_home }}" copy=no owner="{{ user }}" group="{{ group }}"
++# for now wso2is from localhost
++
++- name: copy WSO2 IS
++ unarchive: >
++ src="{{ wso2_is_dist }}"
++ dest="{{ user_home }}/"
++ owner="{{ user }}"
++ group="{{ group }}"
++ creates="{{ user_home }}/{{ wso2_is_dir }}/bin/wso2server.sh"
++
++- name: copy carbon.xml
++ template: >
++ src=carbon.xml.j2
++ dest="{{ user_home }}/{{ wso2_is_dir }}/repository/conf/carbon.xml"
++ owner="{{ user }}"
++ group="{{ group }}"
++ mode="u=rw,g=r,o=r"
++
++- name: open carabon management console port
++ firewalld: port=9443/tcp zone=public permanent=true state=enabled immediate=yes
++ become: yes
++
++# start wso2 is server
++- name: start wso2 is
++ command: ./bin/wso2server.sh start chdir="{{ user_home }}/{{ wso2_is_dir }}/" creates="{{ user_home }}/{{ wso2_is_dir }}/wso2carbon.pid"
++ environment:
++ JAVA_HOME: "{{ java_home }}"
++
++# - name: stop wso2 is
++ # command: ./bin/airavata-server-stop.sh -f chdir="{{ gfac_dir }}/{{ airavata_dist }}/" removes="{{ gfac_dir }}/{{ airavata_dist }}/bin/server_start_*"
++
++...
http://git-wip-us.apache.org/repos/asf/airavata/blob/514567c8/dev-tools/ansible/roles/wso2_is/templates/carbon.xml.j2
----------------------------------------------------------------------
diff --cc dev-tools/ansible/roles/wso2_is/templates/carbon.xml.j2
index 0000000,0000000..5f421f2
new file mode 100755
--- /dev/null
+++ b/dev-tools/ansible/roles/wso2_is/templates/carbon.xml.j2
@@@ -1,0 -1,0 +1,688 @@@
++<?xml version="1.0" encoding="ISO-8859-1"?>
++<!--
++ Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
++
++ Licensed under the Apache License, Version 2.0 (the "License");
++ you may not use this file except in compliance with the License.
++ You may obtain a copy of the License at
++
++ http://www.apache.org/licenses/LICENSE-2.0
++
++ Unless required by applicable law or agreed to in writing, software
++ distributed under the License is distributed on an "AS IS" BASIS,
++ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
++ See the License for the specific language governing permissions and
++ limitations under the License.
++-->
++
++<!--
++ This is the main server configuration file
++
++ ${carbon.home} represents the carbon.home system property.
++ Other system properties can be specified in a similar manner.
++-->
++<Server xmlns="http://wso2.org/projects/carbon/carbon.xml">
++
++ <!--
++ Product Name
++ -->
++ <Name>WSO2 Identity Server</Name>
++
++ <!--
++ machine readable unique key to identify each product
++ -->
++ <ServerKey>IS</ServerKey>
++
++ <!--
++ Product Version
++ -->
++ <Version>5.1.0</Version>
++
++ <!--
++ Host name or IP address of the machine hosting this server
++ e.g. www.wso2.org, 192.168.1.10
++ This is will become part of the End Point Reference of the
++ services deployed on this server instance.
++ -->
++ <HostName>{{ ansible_fqdn }}</HostName>
++
++ <!--
++ Host name to be used for the Carbon management console
++ -->
++ <MgtHostName>localhost</MgtHostName>
++
++ <!--
++ The URL of the back end server. This is where the admin services are hosted and
++ will be used by the clients in the front end server.
++ This is required only for the Front-end server. This is used when seperating BE server from FE server
++ -->
++ <ServerURL>local:/${carbon.context}/services/</ServerURL>
++ <!--
++ <ServerURL>https://localhost:${carbon.management.port}${carbon.context}/services/</ServerURL>
++ -->
++ <!--
++ The URL of the index page. This is where the user will be redirected after signing in to the
++ carbon server.
++ -->
++ <!-- IndexPageURL>/carbon/admin/index.jsp</IndexPageURL-->
++
++ <!--
++ For cApp deployment, we have to identify the roles that can be acted by the current server.
++ The following property is used for that purpose. Any number of roles can be defined here.
++ Regular expressions can be used in the role.
++ Ex : <Role>.*</Role> means this server can act any role
++ -->
++ <ServerRoles>
++ <Role>IdentityServer</Role>
++ </ServerRoles>
++
++ <!-- uncommnet this line to subscribe to a bam instance automatically -->
++ <!--<BamServerURL>https://bamhost:bamport/services/</BamServerURL>-->
++
++ <!--
++ The fully qualified name of the server
++ -->
++ <Package>org.wso2.carbon</Package>
++
++ <!--
++ Webapp context root of WSO2 Carbon management console.
++ -->
++ <WebContextRoot>/</WebContextRoot>
++
++ <!--
++ Proxy context path is a useful parameter to add a proxy path when a Carbon server is fronted by reverse proxy. In addtion
++ to the proxy host and proxy port this parameter allows you add a path component to external URLs. e.g.
++ URL of the Carbon server -> https://10.100.1.1:9443/carbon
++ URL of the reverse proxy -> https://prod.abc.com/appserver/carbon
++
++ appserver - proxy context path. This specially required whenever you are generating URLs to displace in
++ Carbon UI components.
++ -->
++ <!--
++ <MgtProxyContextPath></MgtProxyContextPath>
++ <ProxyContextPath></ProxyContextPath>
++ -->
++
++ <!-- In-order to get the registry http Port from the back-end when the default http transport is not the same-->
++ <!--RegistryHttpPort>9763</RegistryHttpPort-->
++
++ <!--
++ Number of items to be displayed on a management console page. This is used at the
++ backend server for pagination of various items.
++ -->
++ <ItemsPerPage>15</ItemsPerPage>
++
++ <!-- The endpoint URL of the cloud instance management Web service -->
++ <!--<InstanceMgtWSEndpoint>https://ec2.amazonaws.com/</InstanceMgtWSEndpoint>-->
++
++ <!--
++ Ports used by this server
++ -->
++ <Ports>
++
++ <!-- Ports offset. This entry will set the value of the ports defined below to
++ the define value + Offset.
++ e.g. Offset=2 and HTTPS port=9443 will set the effective HTTPS port to 9445
++ -->
++ <Offset>0</Offset>
++
++ <!-- The JMX Ports -->
++ <JMX>
++ <!--The port RMI registry is exposed-->
++ <RMIRegistryPort>9999</RMIRegistryPort>
++ <!--The port RMI server should be exposed-->
++ <RMIServerPort>11111</RMIServerPort>
++ </JMX>
++
++ <!-- Embedded LDAP server specific ports -->
++ <EmbeddedLDAP>
++ <!-- Port which embedded LDAP server runs -->
++ <LDAPServerPort>10389</LDAPServerPort>
++ <!-- Port which KDC (Kerberos Key Distribution Center) server runs -->
++ <KDCServerPort>8000</KDCServerPort>
++ </EmbeddedLDAP>
++
++ <!--
++ Override datasources JNDIproviderPort defined in bps.xml and datasources.properties files
++ -->
++ <!--<JNDIProviderPort>2199</JNDIProviderPort>-->
++ <!--Override receive port of thrift based entitlement service.-->
++ <ThriftEntitlementReceivePort>10500</ThriftEntitlementReceivePort>
++
++ <!--
++ This is the proxy port of the worker cluster. These need to be configured in a scenario where
++ manager node is not exposed through the load balancer through which the workers are exposed
++ therefore doesn't have a proxy port.
++ <WorkerHttpProxyPort>80</WorkerHttpProxyPort>
++ <WorkerHttpsProxyPort>443</WorkerHttpsProxyPort>
++ -->
++
++ </Ports>
++
++ <!--
++ JNDI Configuration
++ -->
++ <JNDI>
++ <!--
++ The fully qualified name of the default initial context factory
++ -->
++ <DefaultInitialContextFactory>org.wso2.carbon.tomcat.jndi.CarbonJavaURLContextFactory</DefaultInitialContextFactory>
++ <!--
++ The restrictions that are done to various JNDI Contexts in a Multi-tenant environment
++ -->
++ <Restrictions>
++ <!--
++ Contexts that will be available only to the super-tenant
++ -->
++ <!-- <SuperTenantOnly>
++ <UrlContexts>
++ <UrlContext>
++ <Scheme>foo</Scheme>
++ </UrlContext>
++ <UrlContext>
++ <Scheme>bar</Scheme>
++ </UrlContext>
++ </UrlContexts>
++ </SuperTenantOnly> -->
++ <!--
++ Contexts that are common to all tenants
++ -->
++ <AllTenants>
++ <UrlContexts>
++ <UrlContext>
++ <Scheme>java</Scheme>
++ </UrlContext>
++ <!-- <UrlContext>
++ <Scheme>foo</Scheme>
++ </UrlContext> -->
++ </UrlContexts>
++ </AllTenants>
++ <!--
++ All other contexts not mentioned above will be available on a per-tenant basis
++ (i.e. will not be shared among tenants)
++ -->
++ </Restrictions>
++ </JNDI>
++
++ <!--
++ Property to determine if the server is running an a cloud deployment environment.
++ This property should only be used to determine deployment specific details that are
++ applicable only in a cloud deployment, i.e when the server deployed *-as-a-service.
++ -->
++ <IsCloudDeployment>false</IsCloudDeployment>
++
++ <!--
++ Property to determine whether usage data should be collected for metering purposes
++ -->
++ <EnableMetering>false</EnableMetering>
++
++ <!-- The Max time a thread should take for execution in seconds -->
++ <MaxThreadExecutionTime>600</MaxThreadExecutionTime>
++
++ <!--
++ A flag to enable or disable Ghost Deployer. By default this is set to false. That is
++ because the Ghost Deployer works only with the HTTP/S transports. If you are using
++ other transports, don't enable Ghost Deployer.
++ -->
++ <GhostDeployment>
++ <Enabled>false</Enabled>
++ </GhostDeployment>
++
++
++ <!--
++ Eager loading or lazy loading is a design pattern commonly used in computer programming which
++ will initialize an object upon creation or load on-demand. In carbon, lazy loading is used to
++ load tenant when a request is received only. Similarly Eager loading is used to enable load
++ existing tenants after carbon server starts up. Using this feature, you will be able to include
++ or exclude tenants which are to be loaded when server startup.
++
++ We can enable only one LoadingPolicy at a given time.
++
++ 1. Tenant Lazy Loading
++ This is the default behaviour and enabled by default. With this policy, tenants are not loaded at
++ server startup, but loaded based on-demand (i.e when a request is received for a tenant).
++ The default tenant idle time is 30 minutes.
++
++ 2. Tenant Eager Loading
++ This is by default not enabled. It can be be enabled by un-commenting the <EagerLoading> section.
++ The eager loading configurations supported are as below. These configurations can be given as the
++ value for <Include> element with eager loading.
++ (i)Load all tenants when server startup - *
++ (ii)Load all tenants except foo.com & bar.com - *,!foo.com,!bar.com
++ (iii)Load only foo.com & bar.com to be included - foo.com,bar.com
++ -->
++ <Tenant>
++ <LoadingPolicy>
++ <LazyLoading>
++ <IdleTime>30</IdleTime>
++ </LazyLoading>
++ <!-- <EagerLoading>
++ <Include>*,!foo.com,!bar.com</Include>
++ </EagerLoading>-->
++ </LoadingPolicy>
++ </Tenant>
++
++ <!--
++ Caching related configurations
++ -->
++ <Cache>
++ <!-- Default cache timeout in minutes -->
++ <DefaultCacheTimeout>15</DefaultCacheTimeout>
++ </Cache>
++
++ <!--
++ Axis2 related configurations
++ -->
++ <Axis2Config>
++ <!--
++ Location of the Axis2 Services & Modules repository
++
++ This can be a directory in the local file system, or a URL.
++
++ e.g.
++ 1. /home/wso2wsas/repository/ - An absolute path
++ 2. repository - In this case, the path is relative to CARBON_HOME
++ 3. file:///home/wso2wsas/repository/
++ 4. http://wso2wsas/repository/
++ -->
++ <RepositoryLocation>${carbon.home}/repository/deployment/server/</RepositoryLocation>
++
++ <!--
++ Deployment update interval in seconds. This is the interval between repository listener
++ executions.
++ -->
++ <DeploymentUpdateInterval>15</DeploymentUpdateInterval>
++
++ <!--
++ Location of the main Axis2 configuration descriptor file, a.k.a. axis2.xml file
++
++ This can be a file on the local file system, or a URL
++
++ e.g.
++ 1. /home/repository/axis2.xml - An absolute path
++ 2. conf/axis2.xml - In this case, the path is relative to CARBON_HOME
++ 3. file:///home/carbon/repository/axis2.xml
++ 4. http://repository/conf/axis2.xml
++ -->
++ <ConfigurationFile>${carbon.home}/repository/conf/axis2/axis2.xml</ConfigurationFile>
++
++ <!--
++ ServiceGroupContextIdleTime, which will be set in ConfigurationContex
++ for multiple clients which are going to access the same ServiceGroupContext
++ Default Value is 30 Sec.
++ -->
++ <ServiceGroupContextIdleTime>30000</ServiceGroupContextIdleTime>
++
++ <!--
++ This repository location is used to crete the client side configuration
++ context used by the server when calling admin services.
++ -->
++ <ClientRepositoryLocation>${carbon.home}/repository/deployment/client/</ClientRepositoryLocation>
++ <!-- This axis2 xml is used in createing the configuration context by the FE server
++ calling to BE server -->
++ <clientAxis2XmlLocation>${carbon.home}/repository/conf/axis2/axis2_client.xml</clientAxis2XmlLocation>
++ <!-- If this parameter is set, the ?wsdl on an admin service will not give the admin service wsdl. -->
++ <HideAdminServiceWSDLs>true</HideAdminServiceWSDLs>
++
++ <!--WARNING-Use With Care! Uncommenting bellow parameter would expose all AdminServices in HTTP transport.
++ With HTTP transport your credentials and data routed in public channels are vulnerable for sniffing attacks.
++ Use bellow parameter ONLY if your communication channels are confirmed to be secured by other means -->
++ <!--HttpAdminServices>*</HttpAdminServices-->
++
++ </Axis2Config>
++
++ <!--
++ The default user roles which will be created when the server
++ is started up for the first time.
++ -->
++ <ServiceUserRoles>
++ <Role>
++ <Name>admin</Name>
++ <Description>Default Administrator Role</Description>
++ </Role>
++ <Role>
++ <Name>user</Name>
++ <Description>Default User Role</Description>
++ </Role>
++ </ServiceUserRoles>
++
++ <!--
++ Enable following config to allow Emails as usernames.
++ -->
++ <!--EnableEmailUserName>true</EnableEmailUserName-->
++
++ <!--
++ Security configurations
++ -->
++ <Security>
++ <!--
++ KeyStore which will be used for encrypting/decrypting passwords
++ and other sensitive information.
++ -->
++ <KeyStore>
++ <!-- Keystore file location-->
++ <Location>${carbon.home}/repository/resources/security/wso2carbon.jks</Location>
++ <!-- Keystore type (JKS/PKCS12 etc.)-->
++ <Type>JKS</Type>
++ <!-- Keystore password-->
++ <Password>wso2carbon</Password>
++ <!-- Private Key alias-->
++ <KeyAlias>wso2carbon</KeyAlias>
++ <!-- Private Key password-->
++ <KeyPassword>wso2carbon</KeyPassword>
++ </KeyStore>
++
++ <!--
++ System wide trust-store which is used to maintain the certificates of all
++ the trusted parties.
++ -->
++ <TrustStore>
++ <!-- trust-store file location -->
++ <Location>${carbon.home}/repository/resources/security/client-truststore.jks</Location>
++ <!-- trust-store type (JKS/PKCS12 etc.) -->
++ <Type>JKS</Type>
++ <!-- trust-store password -->
++ <Password>wso2carbon</Password>
++ </TrustStore>
++
++ <!--
++ The Authenticator configuration to be used at the JVM level. We extend the
++ java.net.Authenticator to make it possible to authenticate to given servers and
++ proxies.
++ -->
++ <NetworkAuthenticatorConfig>
++ <!--
++ Below is a sample configuration for a single authenticator. Please note that
++ all child elements are mandatory. Not having some child elements would lead to
++ exceptions at runtime.
++ -->
++ <!-- <Credential> -->
++ <!--
++ the pattern that would match a subset of URLs for which this authenticator
++ would be used
++ -->
++ <!-- <Pattern>regularExpression</Pattern> -->
++ <!--
++ the type of this authenticator. Allowed values are:
++ 1. server
++ 2. proxy
++ -->
++ <!-- <Type>proxy</Type> -->
++ <!-- the username used to log in to server/proxy -->
++ <!-- <Username>username</Username> -->
++ <!-- the password used to log in to server/proxy -->
++ <!-- <Password>password</Password> -->
++ <!-- </Credential> -->
++ </NetworkAuthenticatorConfig>
++
++ <!--
++ The Tomcat realm to be used for hosted Web applications. Allowed values are;
++ 1. UserManager
++ 2. Memory
++
++ If this is set to 'UserManager', the realm will pick users & roles from the system's
++ WSO2 User Manager. If it is set to 'memory', the realm will pick users & roles from
++ CARBON_HOME/repository/conf/tomcat/tomcat-users.xml
++ -->
++ <TomcatRealm>UserManager</TomcatRealm>
++
++ <!--Option to disable storing of tokens issued by STS-->
++ <DisableTokenStore>false</DisableTokenStore>
++
++ <!--
++ Security token store class name. If this is not set, default class will be
++ org.wso2.carbon.security.util.SecurityTokenStore
++ -->
++ <TokenStoreClassName>org.wso2.carbon.identity.sts.store.DBTokenStore</TokenStoreClassName>
++
++
++
++ <!-- Configurations to avoid Cross Site Request Forgery vulnerabilities -->
++ <CSRFPreventionConfig>
++ <!-- CSRFPreventionFilter configurations that adopts Synchronizer Token Pattern -->
++ <CSRFPreventionFilter>
++ <!-- Set below to true to enable the CSRFPreventionFilter -->
++ <Enabled>false</Enabled>
++ <!-- Url Pattern to skip application of CSRF protection-->
++ <SkipUrlPattern>(.*)(/images|/css|/js|/docs)(.*)</SkipUrlPattern>
++ </CSRFPreventionFilter>
++ </CSRFPreventionConfig>
++
++ <!-- Configuration to enable or disable CR and LF sanitization filter-->
++ <CRLFPreventionConfig>
++ <!--Set below to true to enable the CRLFPreventionFilter-->
++ <Enabled>true</Enabled>
++ </CRLFPreventionConfig>
++ </Security>
++
++ <!--
++ The temporary work directory
++ -->
++ <WorkDirectory>${carbon.home}/tmp/work</WorkDirectory>
++
++ <!--
++ House-keeping configuration
++ -->
++ <HouseKeeping>
++
++ <!--
++ true - Start House-keeping thread on server startup
++ false - Do not start House-keeping thread on server startup.
++ The user will run it manually as and when he wishes.
++ -->
++ <AutoStart>true</AutoStart>
++
++ <!--
++ The interval in *minutes*, between house-keeping runs
++ -->
++ <Interval>10</Interval>
++
++ <!--
++ The maximum time in *minutes*, temp files are allowed to live
++ in the system. Files/directories which were modified more than
++ "MaxTempFileLifetime" minutes ago will be removed by the
++ house-keeping task
++ -->
++ <MaxTempFileLifetime>30</MaxTempFileLifetime>
++ </HouseKeeping>
++
++ <!--
++ Configuration for handling different types of file upload & other file uploading related
++ config parameters.
++ To map all actions to a particular FileUploadExecutor, use
++ <Action>*</Action>
++ -->
++ <FileUploadConfig>
++ <!--
++ The total file upload size limit in MB
++ -->
++ <TotalFileSizeLimit>100</TotalFileSizeLimit>
++
++ <Mapping>
++ <Actions>
++ <Action>keystore</Action>
++ <Action>certificate</Action>
++ <Action>*</Action>
++ </Actions>
++ <Class>org.wso2.carbon.ui.transports.fileupload.AnyFileUploadExecutor</Class>
++ </Mapping>
++
++ <Mapping>
++ <Actions>
++ <Action>jarZip</Action>
++ </Actions>
++ <Class>org.wso2.carbon.ui.transports.fileupload.JarZipUploadExecutor</Class>
++ </Mapping>
++ <Mapping>
++ <Actions>
++ <Action>dbs</Action>
++ </Actions>
++ <Class>org.wso2.carbon.ui.transports.fileupload.DBSFileUploadExecutor</Class>
++ </Mapping>
++ <Mapping>
++ <Actions>
++ <Action>tools</Action>
++ </Actions>
++ <Class>org.wso2.carbon.ui.transports.fileupload.ToolsFileUploadExecutor</Class>
++ </Mapping>
++ <Mapping>
++ <Actions>
++ <Action>toolsAny</Action>
++ </Actions>
++ <Class>org.wso2.carbon.ui.transports.fileupload.ToolsAnyFileUploadExecutor</Class>
++ </Mapping>
++ </FileUploadConfig>
++
++ <!-- FileNameRegEx is used to validate the file input/upload/write-out names.
++ e.g.
++ <FileNameRegEx>^(?!(?:CON|PRN|AUX|NUL|COM[1-9]|LPT[1-9])(?:\.[^.])?$)[^<>:"/\\|?*\x00-\x1F][^<>:"/\\|?*\x00-\x1F\ .]$</FileNameRegEx>
++ -->
++ <!--<FileNameRegEx></FileNameRegEx>-->
++
++ <!--
++ Processors which process special HTTP GET requests such as ?wsdl, ?policy etc.
++
++ In order to plug in a processor to handle a special request, simply add an entry to this
++ section.
++
++ The value of the Item element is the first parameter in the query string(e.g. ?wsdl)
++ which needs special processing
++
++ The value of the Class element is a class which implements
++ org.wso2.carbon.transport.HttpGetRequestProcessor
++ -->
++ <HttpGetRequestProcessors>
++ <Processor>
++ <Item>info</Item>
++ <Class>org.wso2.carbon.core.transports.util.InfoProcessor</Class>
++ </Processor>
++ <Processor>
++ <Item>wsdl</Item>
++ <Class>org.wso2.carbon.core.transports.util.Wsdl11Processor</Class>
++ </Processor>
++ <Processor>
++ <Item>wsdl2</Item>
++ <Class>org.wso2.carbon.core.transports.util.Wsdl20Processor</Class>
++ </Processor>
++ <Processor>
++ <Item>xsd</Item>
++ <Class>org.wso2.carbon.core.transports.util.XsdProcessor</Class>
++ </Processor>
++ </HttpGetRequestProcessors>
++
++ <!-- Deployment Synchronizer Configuration. t Enabled value to true when running with "svn based" dep sync.
++ In master nodes you need to set both AutoCommit and AutoCheckout to true
++ and in worker nodes set only AutoCheckout to true.
++ -->
++ <DeploymentSynchronizer>
++ <Enabled>false</Enabled>
++ <AutoCommit>false</AutoCommit>
++ <AutoCheckout>true</AutoCheckout>
++ <RepositoryType>svn</RepositoryType>
++ <SvnUrl>http://svnrepo.example.com/repos/</SvnUrl>
++ <SvnUser>username</SvnUser>
++ <SvnPassword>password</SvnPassword>
++ <SvnUrlAppendTenantId>true</SvnUrlAppendTenantId>
++ </DeploymentSynchronizer>
++
++ <!-- Deployment Synchronizer Configuration. Uncomment the following section when running with "registry based" dep sync.
++ In master nodes you need to set both AutoCommit and AutoCheckout to true
++ and in worker nodes set only AutoCheckout to true.
++ -->
++ <!--<DeploymentSynchronizer>
++ <Enabled>true</Enabled>
++ <AutoCommit>false</AutoCommit>
++ <AutoCheckout>true</AutoCheckout>
++ </DeploymentSynchronizer>-->
++
++ <!-- Mediation persistence configurations. Only valid if mediation features are available i.e. ESB -->
++ <!--<MediationConfig>
++ <LoadFromRegistry>false</LoadFromRegistry>
++ <SaveToFile>false</SaveToFile>
++ <Persistence>enabled</Persistence>
++ <RegistryPersistence>enabled</RegistryPersistence>
++ </MediationConfig>-->
++
++ <!--
++ Server intializing code, specified as implementation classes of org.wso2.carbon.core.ServerInitializer.
++ This code will be run when the Carbon server is initialized
++ -->
++ <ServerInitializers>
++ <!--<Initializer></Initializer>-->
++ </ServerInitializers>
++
++ <!--
++ Indicates whether the Carbon Servlet is required by the system, and whether it should be
++ registered
++ -->
++ <RequireCarbonServlet>${require.carbon.servlet}</RequireCarbonServlet>
++
++ <!--
++ Carbon H2 OSGI Configuration
++ By default non of the servers start.
++ name="web" - Start the web server with the H2 Console
++ name="webPort" - The port (default: 8082)
++ name="webAllowOthers" - Allow other computers to connect
++ name="webSSL" - Use encrypted (HTTPS) connections
++ name="tcp" - Start the TCP server
++ name="tcpPort" - The port (default: 9092)
++ name="tcpAllowOthers" - Allow other computers to connect
++ name="tcpSSL" - Use encrypted (SSL) connections
++ name="pg" - Start the PG server
++ name="pgPort" - The port (default: 5435)
++ name="pgAllowOthers" - Allow other computers to connect
++ name="trace" - Print additional trace information; for all servers
++ name="baseDir" - The base directory for H2 databases; for all servers
++ -->
++ <!--H2DatabaseConfiguration>
++ <property name="web" />
++ <property name="webPort">8082</property>
++ <property name="webAllowOthers" />
++ <property name="webSSL" />
++ <property name="tcp" />
++ <property name="tcpPort">9092</property>
++ <property name="tcpAllowOthers" />
++ <property name="tcpSSL" />
++ <property name="pg" />
++ <property name="pgPort">5435</property>
++ <property name="pgAllowOthers" />
++ <property name="trace" />
++ <property name="baseDir">${carbon.home}</property>
++ </H2DatabaseConfiguration-->
++ <!--Disabling statistics reporter by default-->
++ <StatisticsReporterDisabled>true</StatisticsReporterDisabled>
++
++ <!-- Enable accessing Admin Console via HTTP -->
++ <!-- EnableHTTPAdminConsole>true</EnableHTTPAdminConsole -->
++
++ <!--
++ Default Feature Repository of WSO2 Carbon.
++ -->
++ <FeatureRepository>
++ <RepositoryName>default repository</RepositoryName>
++ <RepositoryURL>http://product-dist.wso2.com/p2/carbon/releases/wilkes/</RepositoryURL>
++ </FeatureRepository>
++
++ <!--
++ Configure API Management
++ -->
++ <APIManagement>
++
++ <!--Uses the embedded API Manager by default. If you want to use an external
++ API Manager instance to manage APIs, configure below externalAPIManager-->
++
++ <Enabled>true</Enabled>
++
++ <!--Uncomment and configure API Gateway and
++ Publisher URLs to use external API Manager instance-->
++
++ <!--ExternalAPIManager>
++
++ <APIGatewayURL>http://localhost:8281</APIGatewayURL>
++ <APIPublisherURL>http://localhost:8281/publisher</APIPublisherURL>
++
++ </ExternalAPIManager-->
++
++ <LoadAPIContextsInServerStartup>true</LoadAPIContextsInServerStartup>
++ </APIManagement>
++</Server>
http://git-wip-us.apache.org/repos/asf/airavata/blob/514567c8/dev-tools/ansible/roles/wso2_is/vars/main.yml
----------------------------------------------------------------------
diff --cc dev-tools/ansible/roles/wso2_is/vars/main.yml
index 0000000,0000000..f7b4eb7
new file mode 100644
--- /dev/null
+++ b/dev-tools/ansible/roles/wso2_is/vars/main.yml
@@@ -1,0 -1,0 +1,18 @@@
++---
++#Variables associated with this role
++# Oracle Java 8
++java_dir_source: "/usr/local/src"
++
++java_version: 8
++java_version_update: 91
++java_version_build: '14'
++java_version_string: "1.{{ java_version }}.0_{{ java_version_update }}"
++java_home: "/usr/java/jdk1.{{ java_version }}.0_{{ java_version_update }}"
++
++java_rpm_filename: "jdk-{{ java_version }}u{{ java_version_update }}-linux-x64.rpm"
++java_rpm_url: "http://download.oracle.com/otn-pub/java/jdk/{{ java_version }}u{{ java_version_update }}-b{{ java_version_build }}/{{ java_rpm_filename }}"
++
++wso2_is_rul: http://wso2.com/products/identity-server/#download
++wso2_is_dist: wso2is-5.1.0.zip
++wso2_is_dir: wso2is-5.1.0
++...
http://git-wip-us.apache.org/repos/asf/airavata/blob/514567c8/dev-tools/ansible/roles/zookeeper/handlers/main.yml
----------------------------------------------------------------------
diff --cc dev-tools/ansible/roles/zookeeper/handlers/main.yml
index 0000000,0000000..daefebe
new file mode 100644
--- /dev/null
+++ b/dev-tools/ansible/roles/zookeeper/handlers/main.yml
@@@ -1,0 -1,0 +1,12 @@@
++---
++- name: start zookeeper
++ service: name=zookeeper state=started enabled=yes
++ become: yes
++
++- name: stop zookeeper
++ service: name=zookeeper state=stopped
++ become: yes
++
++- name: restart zookeeper
++ service: name=zookeeper state=restarted enabled=yes
++ become: yes
http://git-wip-us.apache.org/repos/asf/airavata/blob/514567c8/dev-tools/ansible/roles/zookeeper/tasks/main.yml
----------------------------------------------------------------------
diff --cc dev-tools/ansible/roles/zookeeper/tasks/main.yml
index 0000000,0000000..78bcec2
new file mode 100644
--- /dev/null
+++ b/dev-tools/ansible/roles/zookeeper/tasks/main.yml
@@@ -1,0 -1,0 +1,34 @@@
++---
++################################################################################
++# Setup and run Zookeeper
++- name: Download and unarchive zookeeper
++ unarchive: src="{{ zookeeper_url }}"
++ dest="{{ user_home }}"
++ copy=no
++ owner="{{ user }}"
++ group="{{ group }}"
++
++- name: open zookeeper port
++ firewalld: port=2181/tcp zone=public permanent=true state=enabled immediate=yes
++ become: yes
++
++- name: Copy zoo.cfg file
++ template: src=zoo.cfg.j2 dest="{{ zookeeper_dir }}/conf/zoo.cfg" owner="{{ user }}" group="{{ group }}" mode="u=rw,g=r,o=r"
++ notify:
++ - restart zookeeper
++
++- name: Check if systemd exists
++ stat: path=/usr/lib/systemd/system/
++ register: systemd_check
++
++- name: Systemd script.
++ template: src=zookeeper.service.j2 dest=/usr/lib/systemd/system/zookeeper.service
++ when: systemd_check.stat.exists == true
++ notify:
++ - restart zookeeper
++ become: yes
++
++- name: reload systemd daemons
++ command: systemctl daemon-reload
++ become: yes
++...
http://git-wip-us.apache.org/repos/asf/airavata/blob/514567c8/dev-tools/ansible/roles/zookeeper/templates/zoo.cfg.j2
----------------------------------------------------------------------
diff --cc dev-tools/ansible/roles/zookeeper/templates/zoo.cfg.j2
index 0000000,0000000..8426b98
new file mode 100644
--- /dev/null
+++ b/dev-tools/ansible/roles/zookeeper/templates/zoo.cfg.j2
@@@ -1,0 -1,0 +1,28 @@@
++# The number of milliseconds of each tick
++tickTime={{tick_time}}
++# The number of ticks that the initial
++# synchronization phase can take
++initLimit={{init_limit}}
++# The number of ticks that can pass between
++# sending a request and getting an acknowledgement
++syncLimit={{sync_limit}}
++# the directory where the snapshot is stored.
++# do not use /tmp for storage, /tmp here is just
++# example sakes.
++dataDir={{zookeeper_data_dir}}
++# the port at which the clients will connect
++clientPort={{ client_port }}
++# the maximum number of client connections.
++# increase this if you need to handle more clients
++#maxClientCnxns=60
++#
++# Be sure to read the maintenance section of the
++# administrator guide before turning on autopurge.
++#
++# http://zookeeper.apache.org/doc/current/zookeeperAdmin.html#sc_maintenance
++#
++# The number of snapshots to retain in dataDir
++#autopurge.snapRetainCount=3
++# Purge task interval in hours
++# Set to "0" to disable auto purge feature
++#autopurge.purgeInterval=1
http://git-wip-us.apache.org/repos/asf/airavata/blob/514567c8/dev-tools/ansible/roles/zookeeper/templates/zookeeper.service.j2
----------------------------------------------------------------------
diff --cc dev-tools/ansible/roles/zookeeper/templates/zookeeper.service.j2
index 0000000,0000000..19c3718
new file mode 100644
--- /dev/null
+++ b/dev-tools/ansible/roles/zookeeper/templates/zookeeper.service.j2
@@@ -1,0 -1,0 +1,15 @@@
++# {{ansible_managed}}
++
++[Unit]
++Description=ZooKeeper
++
++
++[Service]
++Type=forking
++ExecStart={{zookeeper_dir}}/bin/zkServer.sh start
++ExecStop={{ zookeeper_dir }}/bin/zkServer.sh stop
++Restart=always
++TimeoutSec=300
++
++[Install]
++WantedBy=multi-user.target
http://git-wip-us.apache.org/repos/asf/airavata/blob/514567c8/dev-tools/ansible/roles/zookeeper/vars/main.yml
----------------------------------------------------------------------
diff --cc dev-tools/ansible/roles/zookeeper/vars/main.yml
index 0000000,0000000..a3e10db
new file mode 100644
--- /dev/null
+++ b/dev-tools/ansible/roles/zookeeper/vars/main.yml
@@@ -1,0 -1,0 +1,17 @@@
++---
++#Variables associated with this role
++# zookeeper related variable
++zookeeper_version: 3.4.8
++zookeeper_url: http://www.us.apache.org/dist/zookeeper/zookeeper-{{zookeeper_version}}/zookeeper-{{zookeeper_version}}.tar.gz
++
++apt_cache_timeout: 3600
++client_port: "{{ zookeeper_client_port }}"
++init_limit: 5
++sync_limit: 2
++tick_time: 2000
++data_dir: /var/lib/zookeeper
++log_dir: /var/log/zookeeper
++zookeeper_dir: "{{ user_home }}/zookeeper-{{zookeeper_version}}"
++zookeeper_data_dir: "{{ zookeeper_dir }}/data"
++
++...
http://git-wip-us.apache.org/repos/asf/airavata/blob/514567c8/dev-tools/ansible/site.yml
----------------------------------------------------------------------
diff --cc dev-tools/ansible/site.yml
index 0000000,0000000..69ff15b
new file mode 100644
--- /dev/null
+++ b/dev-tools/ansible/site.yml
@@@ -1,0 -1,0 +1,76 @@@
++---
++#Master playbook
++- hosts: zookeeper
++ tags: zookeeper, airavata
++ roles:
++ - env_setup
++ - java
++ - zookeeper
++
++- hosts: rabbitmq
++ tags: rabbitmq, airavata
++ roles:
++ - env_setup
++ - rabbitmq
++
++- hosts: database
++ tags: mysql , airavata
++ roles:
++ - env_setup
++ - role: database
++ become: yes
++ become_user: "{{user}}"
++
++- hosts: wso2is
++ tags: wso2is
++ roles:
++ - env_setup
++ - java
++ - role: wso2_is
++ become: yes
++ become_user: "{{user}}"
++
++
++- hosts: gfac
++ tags: gfac, airavata
++ roles:
++ - env_setup
++ - java
++ - role: common
++ become: yes
++ become_user: "{{user}}"
++ - role: gfac
++ become: yes
++ become_user: "{{user}}"
++
++- hosts: api-orch
++ tags: api-orch, airavata
++ roles:
++ - env_setup
++ - java
++ - role: common
++ become: yes
++ become_user: "{{user}}"
++ - role: api-orch
++ become: yes
++ become_user: "{{user}}"
++
++- hosts: registry
++ tags: registry, airavata
++ roles:
++ - env_setup
++ - java
++ - role: common
++ become: yes
++ become_user: "{{user}}"
++ - role: registry
++ become: yes
++ become_user: "{{user}}"
++
++- hosts: pga
++ tags: pga
++ roles:
++ - env_setup
++ - pga
++
++...