You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airavata.apache.org by ma...@apache.org on 2017/06/24 17:59:13 UTC
[1/4] airavata git commit: Moving composer update after permissions
update
Repository: airavata
Updated Branches:
refs/heads/develop f0f6b3404 -> 280068981
Moving composer update after permissions update
Some files get created in app storage by the httpd server process and
are owned by 'apache'. When that happens the composer update fails since
it runs as user 'pga'. Moving the composer update after the permissions
update, which gives 'pga' ownership of app storage files, fixes this
problem.
Project: http://git-wip-us.apache.org/repos/asf/airavata/repo
Commit: http://git-wip-us.apache.org/repos/asf/airavata/commit/da4a5706
Tree: http://git-wip-us.apache.org/repos/asf/airavata/tree/da4a5706
Diff: http://git-wip-us.apache.org/repos/asf/airavata/diff/da4a5706
Branch: refs/heads/develop
Commit: da4a57069c14f2d579bc4db89ba6e26858dc473d
Parents: f6f2adc
Author: Marcus Christie <ma...@iu.edu>
Authored: Mon Jun 12 15:38:34 2017 -0400
Committer: Marcus Christie <ma...@iu.edu>
Committed: Mon Jun 12 15:38:34 2017 -0400
----------------------------------------------------------------------
dev-tools/ansible/roles/pga/tasks/main.yml | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/airavata/blob/da4a5706/dev-tools/ansible/roles/pga/tasks/main.yml
----------------------------------------------------------------------
diff --git a/dev-tools/ansible/roles/pga/tasks/main.yml b/dev-tools/ansible/roles/pga/tasks/main.yml
index f510b70..954fa0d 100644
--- a/dev-tools/ansible/roles/pga/tasks/main.yml
+++ b/dev-tools/ansible/roles/pga/tasks/main.yml
@@ -86,11 +86,6 @@
- restart httpd
when: ansible_os_family == "RedHat"
-- name: Run composer update
- composer: command=update working_dir="{{ doc_root_dir }}"
- become: yes
- become_user: "{{user}}"
-
# step 6: Change pga configurations
- name: Copy pga config file
template: src=pga_config.php.j2 dest="{{ doc_root_dir }}/app/config/pga_config.php" owner="{{user}}" group="{{group}}"
@@ -114,6 +109,11 @@
file: path="{{ doc_root_dir }}/app/storage" state=directory mode=0777 owner="{{user}}" group="{{group}}" recurse=yes
become: yes
+- name: Run composer update
+ composer: command=update working_dir="{{ doc_root_dir }}"
+ become: yes
+ become_user: "{{user}}"
+
# For SELinux, need to apply file contexts, but I'm not sure why since the contexts were created before the files/directories
- name: run restorecon on those directories
command: restorecon -R {{ doc_root_dir }} {{ user_data_dir }}
[4/4] airavata git commit: AIRAVATA-2430 Ansible template/vars for
PGA auth options
Posted by ma...@apache.org.
AIRAVATA-2430 Ansible template/vars for PGA auth options
Project: http://git-wip-us.apache.org/repos/asf/airavata/repo
Commit: http://git-wip-us.apache.org/repos/asf/airavata/commit/28006898
Tree: http://git-wip-us.apache.org/repos/asf/airavata/tree/28006898
Diff: http://git-wip-us.apache.org/repos/asf/airavata/diff/28006898
Branch: refs/heads/develop
Commit: 280068981af49e1f4d54f87d2e1f9dd7f06b9d8d
Parents: a445590
Author: Marcus Christie <ma...@apache.org>
Authored: Sat Jun 24 13:58:39 2017 -0400
Committer: Marcus Christie <ma...@apache.org>
Committed: Sat Jun 24 13:58:39 2017 -0400
----------------------------------------------------------------------
.../scigap/develop/pga_config/scigap/vars.yml | 3 ++-
.../scigap/develop/pga_config/seagrid/vars.yml | 9 ++++++++-
dev-tools/ansible/roles/pga/defaults/main.yml | 6 ++++++
.../ansible/roles/pga/templates/pga_config.php.j2 | 18 ++++++++++++++----
4 files changed, 30 insertions(+), 6 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/airavata/blob/28006898/dev-tools/ansible/inventories/scigap/develop/pga_config/scigap/vars.yml
----------------------------------------------------------------------
diff --git a/dev-tools/ansible/inventories/scigap/develop/pga_config/scigap/vars.yml b/dev-tools/ansible/inventories/scigap/develop/pga_config/scigap/vars.yml
index 099a9bd..ae0c2ba 100644
--- a/dev-tools/ansible/inventories/scigap/develop/pga_config/scigap/vars.yml
+++ b/dev-tools/ansible/inventories/scigap/develop/pga_config/scigap/vars.yml
@@ -39,7 +39,8 @@ oauth_client_key: "{{ vault_oauth_client_key }}"
oauth_client_secret: "{{ vault_oauth_client_secret }}"
oauth_grant_type: "password"
oidc_discovery_url: "https://iamdev.scigap.org/auth/realms/scigap/.well-known/openid-configuration"
-user_role_name: "airavata-user"
+oauth_callback_url: "https://{{ vhost_servername }}/callback-url"
+initial_role_name: "gateway-provider"
gateway_id: "scigap"
# relative to document root dir
http://git-wip-us.apache.org/repos/asf/airavata/blob/28006898/dev-tools/ansible/inventories/scigap/develop/pga_config/seagrid/vars.yml
----------------------------------------------------------------------
diff --git a/dev-tools/ansible/inventories/scigap/develop/pga_config/seagrid/vars.yml b/dev-tools/ansible/inventories/scigap/develop/pga_config/seagrid/vars.yml
index 3f5c015..2e17fde 100644
--- a/dev-tools/ansible/inventories/scigap/develop/pga_config/seagrid/vars.yml
+++ b/dev-tools/ansible/inventories/scigap/develop/pga_config/seagrid/vars.yml
@@ -37,9 +37,16 @@ admin_username: "admin"
admin_password: "{{ vault_admin_password }}"
oauth_client_key: "{{ vault_oauth_client_key }}"
oauth_client_secret: "{{ vault_oauth_client_secret }}"
-oauth_grant_type: "password"
oidc_discovery_url: "https://iamdev.scigap.org/auth/realms/seagrid/.well-known/openid-configuration"
+auth_options:
+ - name: "SEAGrid"
+ oauth_grant_type: "password"
+ - name: "CILogon"
+ oauth_grant_type: "authorization_code"
+ oauth_authorize_url_extra_params: "kc_idp_hint=oidc"
+oauth_callback_url: "https://{{ vhost_servername }}/callback-url"
+
gateway_id: "seagrid"
# relative to document root dir
experiment_data_dir: "{{ user_data_dir }}/dev-seagrid"
http://git-wip-us.apache.org/repos/asf/airavata/blob/28006898/dev-tools/ansible/roles/pga/defaults/main.yml
----------------------------------------------------------------------
diff --git a/dev-tools/ansible/roles/pga/defaults/main.yml b/dev-tools/ansible/roles/pga/defaults/main.yml
index 1801883..9635bfc 100644
--- a/dev-tools/ansible/roles/pga/defaults/main.yml
+++ b/dev-tools/ansible/roles/pga/defaults/main.yml
@@ -58,6 +58,12 @@ admin_readonly_role_name: "admin-read-only"
user_role_name: "gateway-user"
initial_role_name: "user-pending"
auth_verify_peer: "true"
+auth_options:
+ - name: "{{ portal_title }}"
+ oauth_grant_type: "password"
+# oauth_authorize_url_extra_params: "kc_idp_hint=oidc"
+oauth_callback_url: "http://{{ vhost_servername }}/callback-url"
+
## Airavata Client related variables
#airavata_server: "tls://gw77.iu.xsede.org"
http://git-wip-us.apache.org/repos/asf/airavata/blob/28006898/dev-tools/ansible/roles/pga/templates/pga_config.php.j2
----------------------------------------------------------------------
diff --git a/dev-tools/ansible/roles/pga/templates/pga_config.php.j2 b/dev-tools/ansible/roles/pga/templates/pga_config.php.j2
index 1981ccb..c102e65 100644
--- a/dev-tools/ansible/roles/pga/templates/pga_config.php.j2
+++ b/dev-tools/ansible/roles/pga/templates/pga_config.php.j2
@@ -57,14 +57,24 @@ return array(
'oauth-client-secret' => '{{ oauth_client_secret }}',
/**
- * OAuth Grant Type (password or authorization_code)
- */
- 'oauth-grant-type' => '{{ oauth_grant_type }}',
+ * Authentication options
+ */
+ 'auth-options' => [
+ {% for auth_option in auth_options %}
+ [
+ 'oauth-grant-type' => '{{ auth_option["oauth_grant_type"] }}',
+ 'name' => '{{ auth_option["name"] }}',
+ {% if "oauth_authorize_url_extra_params" in auth_option %}
+ 'oauth-authorize-url-extra-params' => '{{ auth_option["oauth_authorize_url_extra_params"] }}',
+ {% endif %}
+ ],
+ {% endfor %}
+ ],
/**
* OAuth call back url (only if the grant type is authorization_code)
*/
- 'oauth-callback-url' => 'http://localhost/callback-url',
+ 'oauth-callback-url' => '{{ oauth_callback_url }}',
/**
* For OIDC servers that support the discovery protocol.
[2/4] airavata git commit: updating nanoconfinement url
Posted by ma...@apache.org.
updating nanoconfinement url
Project: http://git-wip-us.apache.org/repos/asf/airavata/repo
Commit: http://git-wip-us.apache.org/repos/asf/airavata/commit/883c3f4b
Tree: http://git-wip-us.apache.org/repos/asf/airavata/tree/883c3f4b
Diff: http://git-wip-us.apache.org/repos/asf/airavata/diff/883c3f4b
Branch: refs/heads/develop
Commit: 883c3f4b0f108f0ff180395a08591163a5c5415c
Parents: da4a570
Author: Suresh Marru <sm...@apache.org>
Authored: Mon Jun 12 16:15:49 2017 -0400
Committer: Suresh Marru <sm...@apache.org>
Committed: Mon Jun 12 16:15:49 2017 -0400
----------------------------------------------------------------------
.../scigap/production/pga_config/nanoconfinement/vars.yml | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/airavata/blob/883c3f4b/dev-tools/ansible/inventories/scigap/production/pga_config/nanoconfinement/vars.yml
----------------------------------------------------------------------
diff --git a/dev-tools/ansible/inventories/scigap/production/pga_config/nanoconfinement/vars.yml b/dev-tools/ansible/inventories/scigap/production/pga_config/nanoconfinement/vars.yml
index c7c360c..3f2e2b6 100644
--- a/dev-tools/ansible/inventories/scigap/production/pga_config/nanoconfinement/vars.yml
+++ b/dev-tools/ansible/inventories/scigap/production/pga_config/nanoconfinement/vars.yml
@@ -24,12 +24,12 @@ git_branch: "master"
user: "pga"
group: "pga"
doc_root_dir: "/var/www/portals/nanoconfinement"
-vhost_servername: "nanoconfinement.jadhaolab.indiana.edu"
+vhost_servername: "nanoconfinement.sciencegateways.iu.edu"
vhost_ssl: True
# TODO: have Ansible manage these files as well
-ssl_certificate_file: "/etc/letsencrypt/live/nanoconfinement.jadhaolab.indiana.edu/cert.pem"
-ssl_certificate_chain_file: "/etc/letsencrypt/live/nanoconfinement.jadhaolab.indiana.edu/fullchain.pem"
-ssl_certificate_key_file: "/etc/letsencrypt/live/nanoconfinement.jadhaolab.indiana.edu/privkey.pem"
+ssl_certificate_file: "/etc/letsencrypt/live/nanoconfinement.sciencegateways.iu.edu/cert.pem"
+ssl_certificate_chain_file: "/etc/letsencrypt/live/nanoconfinement.sciencegateways.iu.edu/fullchain.pem"
+ssl_certificate_key_file: "/etc/letsencrypt/live/nanoconfinement.sciencegateways.iu.edu/privkey.pem"
## WSO2 IS related variables
tenant_domain: "airavata.nanoconfinement"
[3/4] airavata git commit: Merge remote-tracking branch
'origin/master' into develop
Posted by ma...@apache.org.
Merge remote-tracking branch 'origin/master' into develop
Project: http://git-wip-us.apache.org/repos/asf/airavata/repo
Commit: http://git-wip-us.apache.org/repos/asf/airavata/commit/a445590b
Tree: http://git-wip-us.apache.org/repos/asf/airavata/tree/a445590b
Diff: http://git-wip-us.apache.org/repos/asf/airavata/diff/a445590b
Branch: refs/heads/develop
Commit: a445590b880ddd3c0671d959f28131406b37e205
Parents: f0f6b34 883c3f4
Author: Marcus Christie <ma...@apache.org>
Authored: Fri Jun 23 17:41:50 2017 -0400
Committer: Marcus Christie <ma...@apache.org>
Committed: Fri Jun 23 17:42:16 2017 -0400
----------------------------------------------------------------------
.../scigap/production/pga_config/nanoconfinement/vars.yml | 8 ++++----
dev-tools/ansible/roles/pga/tasks/main.yml | 10 +++++-----
2 files changed, 9 insertions(+), 9 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/airavata/blob/a445590b/dev-tools/ansible/roles/pga/tasks/main.yml
----------------------------------------------------------------------