You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airavata.apache.org by ma...@apache.org on 2019/12/17 16:39:39 UTC
[airavata] branch master updated (e6292fd -> f437d23)
This is an automated email from the ASF dual-hosted git repository.
machristie pushed a change to branch master
in repository https://gitbox.apache.org/repos/asf/airavata.git.
from e6292fd Ansible: add amp_gateway_django_app to amp
new 2f9e72d AIRAVATA-2880 Ansible: django_setup role
new f437d23 Ansible: deploy simccs to new server
The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
.../newsimccs}/files/django-ssl-vhost.conf.j2 | 0
.../host_vars/{simccs => newsimccs}/vars.yml | 16 +++-
.../host_vars/newsimccs}/vault.yml | 0
.../ansible/inventories/scigap/production/hosts | 2 +
.../roles/django/templates/settings_local.py.j2 | 4 +-
.../handlers => django_setup/defaults}/main.yml | 16 ++--
.../ansible/roles/django_setup/files/00-wsgi.conf | 1 +
.../ansible/roles/django_setup/tasks/main.yml | 91 ++++++++++++----------
dev-tools/ansible/roles/httpd/defaults/main.yml | 4 +
.../tasks/install_deps_CentOS_7.yml} | 19 ++---
.../tasks/install_deps_Ubuntu_16.yml | 17 ----
dev-tools/ansible/roles/httpd/tasks/main.yml | 2 +
12 files changed, 90 insertions(+), 82 deletions(-)
copy dev-tools/ansible/inventories/scigap/{staging/host_vars/simccs => production/host_vars/newsimccs}/files/django-ssl-vhost.conf.j2 (100%)
copy dev-tools/ansible/inventories/scigap/production/host_vars/{simccs => newsimccs}/vars.yml (82%)
copy dev-tools/ansible/inventories/scigap/{staging/host_vars/simccs => production/host_vars/newsimccs}/vault.yml (100%)
copy dev-tools/ansible/roles/{database/handlers => django_setup/defaults}/main.yml (73%)
create mode 100644 dev-tools/ansible/roles/django_setup/files/00-wsgi.conf
copy dev-tools/ansible/roles/{database/handlers/main.yml => httpd/tasks/install_deps_CentOS_7.yml} (76%)
copy dev-tools/ansible/roles/{pga => httpd}/tasks/install_deps_Ubuntu_16.yml (79%)
[airavata] 02/02: Ansible: deploy simccs to new server
Posted by ma...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
machristie pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/airavata.git
commit f437d23fda2a79d7db7a2af43f4df30ea0fd4557
Author: Marcus Christie <ma...@iu.edu>
AuthorDate: Tue Dec 17 11:38:18 2019 -0500
Ansible: deploy simccs to new server
---
.../newsimccs/files/django-ssl-vhost.conf.j2 | 82 ++++++++++++++++++++++
.../scigap/production/host_vars/newsimccs/vars.yml | 71 +++++++++++++++++++
.../production/host_vars/newsimccs/vault.yml | 15 ++++
.../ansible/inventories/scigap/production/hosts | 2 +
.../roles/django/templates/settings_local.py.j2 | 4 +-
5 files changed, 172 insertions(+), 2 deletions(-)
diff --git a/dev-tools/ansible/inventories/scigap/production/host_vars/newsimccs/files/django-ssl-vhost.conf.j2 b/dev-tools/ansible/inventories/scigap/production/host_vars/newsimccs/files/django-ssl-vhost.conf.j2
new file mode 100644
index 0000000..b6be6da
--- /dev/null
+++ b/dev-tools/ansible/inventories/scigap/production/host_vars/newsimccs/files/django-ssl-vhost.conf.j2
@@ -0,0 +1,82 @@
+{#
+#
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+#}
+
+{% if vhost_server_redirect is defined %}
+<VirtualHost *:{{httpd_default_http_port}}>
+ ServerName {{ vhost_server_redirect }}
+ Redirect "/" "https://{{ vhost_servername }}"
+</VirtualHost>
+{% endif %}
+
+<VirtualHost *:{{ httpd_default_http_port }}>
+ ServerName {{ vhost_servername }}
+
+ ## Redirect all http traffic to https
+ RewriteEngine On
+ RewriteCond %{HTTPS} off
+ RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
+</VirtualHost>
+
+<VirtualHost *:{{ httpd_default_https_port }}>
+ ServerName {{ vhost_servername }}
+
+ # Reverse proxy to geoserver on gf8
+ ProxyPass /geoserver "http://gf8.ucs.indiana.edu/geoserver"
+ ProxyPassReverse /geoserver "http://gf8.ucs.indiana.edu/geoserver"
+
+ Alias /robots.txt {{ doc_root_dir }}/static/robots.txt
+ Alias /favicon.ico {{ doc_root_dir }}/static/favicon.ico
+
+ Alias /static/ {{ doc_root_dir }}/static/
+
+ <Directory {{ doc_root_dir }}/static>
+ Require all granted
+ AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/javascript
+ </Directory>
+
+ Alias /media/ {{ airavata_django_checkout }}/django_airavata/media/
+
+ <Directory {{ airavata_django_checkout }}/django_airavata/media>
+ Require all granted
+ </Directory>
+
+ WSGIDaemonProcess {{ vhost_servername }} display-name=%{GROUP} python-home={{ doc_root_dir }}/venv python-path={{ doc_root_dir }}/airavata-django-portal processes={{ django_wsgi_processes }} user={{ user }} group={{ group }}
+ WSGIProcessGroup {{ vhost_servername }}
+
+ WSGIScriptAlias / {{ doc_root_dir }}/airavata-django-portal/django_airavata/wsgi.py
+
+ <Directory {{ doc_root_dir }}/airavata-django-portal/django_airavata>
+ <Files wsgi.py>
+ Require all granted
+ </Files>
+ </Directory>
+
+ ErrorLog {{ httpd_log_dir[ansible_os_family] }}/django-{{ gateway_id }}.error.log
+ CustomLog {{ httpd_log_dir[ansible_os_family] }}/django-{{ gateway_id }}.requests.log combined
+
+ SSLEngine on
+ # Disable SSLv3 which is vulnerable to the POODLE attack
+ SSLProtocol All -SSLv2 -SSLv3
+ SSLCertificateFile {{ ssl_certificate_file }}
+ SSLCertificateChainFile {{ ssl_certificate_chain_file }}
+ SSLCertificateKeyFile {{ ssl_certificate_key_file }}
+</VirtualHost>
diff --git a/dev-tools/ansible/inventories/scigap/production/host_vars/newsimccs/vars.yml b/dev-tools/ansible/inventories/scigap/production/host_vars/newsimccs/vars.yml
new file mode 100644
index 0000000..0159481
--- /dev/null
+++ b/dev-tools/ansible/inventories/scigap/production/host_vars/newsimccs/vars.yml
@@ -0,0 +1,71 @@
+#
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+
+---
+
+# NOTE: simccs is deployed on scigap11
+gateway_data_store_hostname: "scigap11.sciencegateways.iu.edu"
+gateway_data_store_resource_id: "scigap11.sciencegateways.iu.edu_96b8dcec-ac84-438a-9927-91baaf87758b"
+
+# TODO: deploy tus endpoint
+django_tus_endpoint: null
+
+airavata_django_extra_dependencies:
+ # Need to separately install cython in the VM or do two deploys, one with
+ # just cython, then a second with the other dependencies. Reason: pyjnius
+ # requires that cython already be installed and they can't both be installed
+ # at the same time.
+ - cython
+ - git+https://github.com/SciGaP/simccs-maptool.git#egg=simccs-maptool
+ - pyjnius
+
+django_extra_settings:
+ JAVA_HOME: "/usr/java/default"
+ MAPTOOL_SETTINGS:
+ CPLEX_APPLICATION_ID: "cplex-solver_99721933-c9e4-4285-9ef1-d035ca82b541"
+ DATASETS_DIR: "/data/gateway-user-data/simccs-datasets"
+
+vhost_servername: "simccs.scigap.org"
+vhost_ssl: true
+ssl_certificate_file: "/etc/letsencrypt/live/simccs.scigap.org/cert.pem"
+ssl_certificate_chain_file: "/etc/letsencrypt/live/simccs.scigap.org/fullchain.pem"
+ssl_certificate_key_file: "/etc/letsencrypt/live/simccs.scigap.org/privkey.pem"
+
+## Keycloak related variables
+tenant_domain: "iu-geology-survey"
+oauth_client_key: "{{ vault_oauth_client_key }}"
+oauth_client_secret: "{{ vault_oauth_client_secret }}"
+
+auth_options:
+ password:
+ name: "SimCCS"
+ external:
+ - name: "existing institution credentials"
+ idp_alias: "cilogon"
+ logo: "images/cilogon-logo-24x24-b.png"
+
+gateway_id: "iu-geology-survey"
+experiment_data_dir: "{{ user_data_dir }}/iu-geology-survey"
+gateway_data_store_ssh_public_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDEuA1indjdczBXg2qrmD0bB0QfKq0u2q3o25DegTaty5LoogW+APEvXmwc2g6PzkM75MgfMsTErMQaQ3/PoElADQKg2/NePz05YWobn9zrPZFeRWfOqWMjFDx72cffHKBzgnahFDBlR/YJhf4IZJ+EOA1zMiMF2oZQmEYQtbQFhbKPF+jrScEQeuXVuXWSS2sKNAVKj3pY4kmi9kEOYELee/O6ghBUfrVhB95vDKJPgmQSuo3pgkLRdflTBSAQ54UchwjXi2RA9Xv0RXJF/JyyRGn6bSbRxYhsm5RJeiBVj4ua7p2b36rSYVqtVsTKEonx5kYdKzwyjJXWpjB2KtQp"
+
+admin_emails: "[('SGRC', 'sgrc-iu-group@iu.edu'), ('Kevin Ellett', 'kmellett@indiana.edu'),('Ryan Kammer', 'rkammer@indiana.edu'), ('Eroma Abeysinghe', 'eabeysin@iu.edu')]"
+portal_title: "SimCCS Portal"
+
+...
diff --git a/dev-tools/ansible/inventories/scigap/production/host_vars/newsimccs/vault.yml b/dev-tools/ansible/inventories/scigap/production/host_vars/newsimccs/vault.yml
new file mode 100644
index 0000000..7de5f3c
--- /dev/null
+++ b/dev-tools/ansible/inventories/scigap/production/host_vars/newsimccs/vault.yml
@@ -0,0 +1,15 @@
+$ANSIBLE_VAULT;1.1;AES256
+32303938663931376464373435373336356365613066333233363261633334333266633064633730
+3937316131366235636466623763333833326635376433630a613563623734333362333332346630
+34666338323132333037643337353962313165663762376462383962313537306662313665363063
+3337376331373535650a333936393135333364613764656362353731613135623363333330343031
+33343063333134393166393666336562646135333930346237316264333263363232653464353938
+31613062653563326564613237666338346564626136666362653463396435386565633537383363
+37306463663131333032663763383334373232316266343165636632336365353665313331393336
+62323262333633653930626536313839333562653062653834333163633833386131303332333031
+37303831376265313034373134666538333333656438306134653464306433326232356133353832
+65383062653265333966326631393666303032353937343835663636646439633738613266393430
+30363566383538373363653765326239393535373663616661393164373031356230356165386338
+37353261343463363635353131366232393532383930373734623036613234396531386538343834
+30353333653837346530376664373661363434373232396132666339313931323732666661373064
+3634393163613436326430353838363561633639353535633538
diff --git a/dev-tools/ansible/inventories/scigap/production/hosts b/dev-tools/ansible/inventories/scigap/production/hosts
index 0731dcf..4bcaa7a 100644
--- a/dev-tools/ansible/inventories/scigap/production/hosts
+++ b/dev-tools/ansible/inventories/scigap/production/hosts
@@ -66,3 +66,5 @@ futurewater ansible_host=149.165.171.92 ansible_user=centos
# Delta Jetstream server
delta ansible_host=149.165.169.250 ansible_user=centos
+# simccs server
+newsimccs ansible_host=scigap11.sciencegateways.iu.edu ansible_user=root
diff --git a/dev-tools/ansible/roles/django/templates/settings_local.py.j2 b/dev-tools/ansible/roles/django/templates/settings_local.py.j2
index bd7b815..1f5c1cb 100644
--- a/dev-tools/ansible/roles/django/templates/settings_local.py.j2
+++ b/dev-tools/ansible/roles/django/templates/settings_local.py.j2
@@ -134,15 +134,15 @@ PORTAL_TITLE = '{{ portal_title }}'
# Hidden Airavata apps (not all gateways need all functionality)
HIDDEN_AIRAVATA_APPS = {{ django_hidden_airavata_apps }}
+{% if django_tus_endpoint is defined and django_tus_endpoint %}
# Tus uploads
-{% if django_tus_endpoint is defined %}
TUS_ENDPOINT = "{{ django_tus_endpoint }}"
TUS_DATA_DIR = "{{ django_tus_data_dir }}"
{% endif %}
FILE_UPLOAD_MAX_FILE_SIZE = {{ django_file_upload_max_file_size_mb }} * 1024 * 1024
-{% if django_pga_url is defined %}
+{% if django_pga_url is defined and django_pga_url %}
PGA_URL = "{{ django_pga_url }}"
{% endif %}
[airavata] 01/02: AIRAVATA-2880 Ansible: django_setup role
Posted by ma...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
machristie pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/airavata.git
commit 2f9e72daa0f65c2b7c23c8396bbf2ffe487e88c0
Author: Marcus Christie <ma...@iu.edu>
AuthorDate: Tue Dec 17 10:25:37 2019 -0500
AIRAVATA-2880 Ansible: django_setup role
---
.../{httpd => django_setup}/defaults/main.yml | 17 ++--
.../ansible/roles/django_setup/files/00-wsgi.conf | 1 +
.../ansible/roles/django_setup/tasks/main.yml | 91 ++++++++++++----------
dev-tools/ansible/roles/httpd/defaults/main.yml | 4 +
.../main.yml => tasks/install_deps_CentOS_7.yml} | 24 +++---
.../roles/httpd/tasks/install_deps_Ubuntu_16.yml | 64 +++++++++++++++
dev-tools/ansible/roles/httpd/tasks/main.yml | 2 +
7 files changed, 140 insertions(+), 63 deletions(-)
diff --git a/dev-tools/ansible/roles/httpd/defaults/main.yml b/dev-tools/ansible/roles/django_setup/defaults/main.yml
similarity index 62%
copy from dev-tools/ansible/roles/httpd/defaults/main.yml
copy to dev-tools/ansible/roles/django_setup/defaults/main.yml
index f1f7588..e09cec4 100644
--- a/dev-tools/ansible/roles/httpd/defaults/main.yml
+++ b/dev-tools/ansible/roles/django_setup/defaults/main.yml
@@ -19,17 +19,10 @@
#
---
-httpd_default_conf_file_location:
- RedHat: "/etc/httpd/conf.d/default.conf"
- Debian: "/etc/apache2/sites-available/default.conf"
-httpd_ssl_conf_file_location:
- RedHat: "/etc/httpd/conf.d/ssl.conf"
- # TODO: Debian file layout is different, so we really need a different ssl.conf for Debian
- Debian: "/etc/apache2/mods-available/ssl.conf"
+mod_wsgi_dir: /opt/mod_wsgi
+mod_wsgi_url: https://github.com/GrahamDumpleton/mod_wsgi/archive/4.5.17.tar.gz
+mod_wsgi_tarball_dest: "{{ mod_wsgi_dir }}/{{ mod_wsgi_url | basename }}"
+mod_wsgi_unarchive_dir: "{{ mod_wsgi_dir }}/mod_wsgi-4.5.17"
+httpd_conf_modules_dir: "/etc/httpd/conf.modules.d"
-httpd_default_conf_template: "default.conf.j2"
-httpd_ssl_conf_template: "ssl.conf.j2"
-
-httpd_default_http_port: 80
-httpd_default_https_port: 443
...
diff --git a/dev-tools/ansible/roles/django_setup/files/00-wsgi.conf b/dev-tools/ansible/roles/django_setup/files/00-wsgi.conf
new file mode 100644
index 0000000..19f3567
--- /dev/null
+++ b/dev-tools/ansible/roles/django_setup/files/00-wsgi.conf
@@ -0,0 +1 @@
+LoadModule wsgi_module modules/mod_wsgi.so
diff --git a/dev-tools/ansible/roles/django_setup/tasks/main.yml b/dev-tools/ansible/roles/django_setup/tasks/main.yml
index a689d29..e457d94 100644
--- a/dev-tools/ansible/roles/django_setup/tasks/main.yml
+++ b/dev-tools/ansible/roles/django_setup/tasks/main.yml
@@ -18,46 +18,59 @@
# under the License.
#
---
-# TODO: install python36
-# sudo yum -y install python36
-# sudo yum -y install httpd-devel
-# sudo yum -y install python36-devel
-# sudo yum -y install mysql-devel
-# sudo yum -y install gcc
-
-# TODO: fetch and build mod_wsgi
-# mkdir mod_wsgi
-# cd mod_wsgi/
-# curl -LO https://github.com/GrahamDumpleton/mod_wsgi/archive/4.5.17.tar.gz
-# tar zxf 4.5.17.tar.gz
-# cd mod_wsgi-4.5.17/
-# ./configure --with-python=/usr/bin/python3
-# make
-# sudo make install
-
-# TODO: configure apache to load mod_wsgi
-# * configure Apache to load mod_wsgi
-# ```
-# sudo vim /etc/httpd/conf.modules.d/00-wsgi.conf
-# ```
-# * 00-wsgi.conf file contains
-# ```
-# LoadModule wsgi_module modules/mod_wsgi.so
-# ```
-
-# TODO: install Node.js EPEL repository and then install nodejs
-# sudo curl --silent --location https://rpm.nodesource.com/setup_8.x | sudo bash -
-# sudo yum install nodejs
-
-# Install yarn
-- name: Add yarn yum repository on CentOS
+
+- name: Install Airavata Django Portal prerequisites
+ yum: name={{ item }} state=latest update_cache=yes
+ with_items:
+ - python36
+ - httpd-devel
+ - python36-devel
+ - mysql-devel
+ - gcc
+ become_user: root
+
+- name: Create mod_wsgi directory
+ file: path={{ mod_wsgi_dir }} state=directory
+ become: yes
+
+- name: Fetch mod_wsgi
get_url:
- url: "https://dl.yarnpkg.com/rpm/yarn.repo"
- dest: "/etc/yum.repos.d/yarn.repo"
+ url: "{{ mod_wsgi_url }}"
+ dest: "{{ mod_wsgi_tarball_dest }}"
become: yes
- when: ansible_distribution == 'CentOS'
-- name: Install yarn (RedHat)
- yum: name=yarn state=latest update_cache=yes
+- name: Untar mod_wsgi
+ unarchive:
+ src: "{{ mod_wsgi_tarball_dest }}"
+ remote_src: yes
+ dest: "{{ mod_wsgi_dir }}"
+ creates: "{{ mod_wsgi_unarchive_dir }}"
become: yes
- when: ansible_os_family == "RedHat"
+
+- name: Configure mod_wsgi
+ command: ./configure --with-python=/usr/bin/python3
+ args:
+ chdir: "{{ mod_wsgi_unarchive_dir }}"
+ creates: "{{ mod_wsgi_unarchive_dir }}/Makefile"
+ become: yes
+
+- name: make mod_wsgi
+ command: make
+ args:
+ chdir: "{{ mod_wsgi_unarchive_dir }}"
+ creates: "{{ mod_wsgi_unarchive_dir }}/src/server/mod_wsgi.la"
+ become: yes
+
+- name: make install mod_wsgi
+ command: make install
+ args:
+ chdir: "{{ mod_wsgi_unarchive_dir }}"
+ become: yes
+
+- name: Copy mod_wsgi config file
+ copy:
+ src: 00-wsgi.conf
+ dest: "{{ httpd_conf_modules_dir }}/00-wsgi.conf"
+ become: yes
+
+...
diff --git a/dev-tools/ansible/roles/httpd/defaults/main.yml b/dev-tools/ansible/roles/httpd/defaults/main.yml
index f1f7588..4eb89db 100644
--- a/dev-tools/ansible/roles/httpd/defaults/main.yml
+++ b/dev-tools/ansible/roles/httpd/defaults/main.yml
@@ -19,6 +19,10 @@
#
---
+doc_root_dir: "/var/www/{{ gateway_id }}"
+user_data_dir: "/var/www/user_data"
+# real_user_data_dir is the same as user_data_dir but without symbolic links in it
+real_user_data_dir: "{{ user_data_dir }}"
httpd_default_conf_file_location:
RedHat: "/etc/httpd/conf.d/default.conf"
Debian: "/etc/apache2/sites-available/default.conf"
diff --git a/dev-tools/ansible/roles/httpd/defaults/main.yml b/dev-tools/ansible/roles/httpd/tasks/install_deps_CentOS_7.yml
similarity index 62%
copy from dev-tools/ansible/roles/httpd/defaults/main.yml
copy to dev-tools/ansible/roles/httpd/tasks/install_deps_CentOS_7.yml
index f1f7588..bc3dd91 100644
--- a/dev-tools/ansible/roles/httpd/defaults/main.yml
+++ b/dev-tools/ansible/roles/httpd/tasks/install_deps_CentOS_7.yml
@@ -19,17 +19,17 @@
#
---
-httpd_default_conf_file_location:
- RedHat: "/etc/httpd/conf.d/default.conf"
- Debian: "/etc/apache2/sites-available/default.conf"
-httpd_ssl_conf_file_location:
- RedHat: "/etc/httpd/conf.d/ssl.conf"
- # TODO: Debian file layout is different, so we really need a different ssl.conf for Debian
- Debian: "/etc/apache2/mods-available/ssl.conf"
-httpd_default_conf_template: "default.conf.j2"
-httpd_ssl_conf_template: "ssl.conf.j2"
+- name: Install pre-requisites
+ yum: name="{{ item }}" state=latest update_cache=yes
+ with_items:
+ - git
+ - httpd
+ - mod_ssl
+ - libselinux-python
+ - policycoreutils-python
+ become: yes
-httpd_default_http_port: 80
-httpd_default_https_port: 443
-...
+- name: install epel release
+ yum: name=epel-release state=present
+ become: yes
diff --git a/dev-tools/ansible/roles/httpd/tasks/install_deps_Ubuntu_16.yml b/dev-tools/ansible/roles/httpd/tasks/install_deps_Ubuntu_16.yml
new file mode 100644
index 0000000..7ceabda
--- /dev/null
+++ b/dev-tools/ansible/roles/httpd/tasks/install_deps_Ubuntu_16.yml
@@ -0,0 +1,64 @@
+#
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+
+---
+
+- name: Install prerequisites
+ apt: name="{{ item }}" state=latest update_cache=yes
+ with_items:
+ - git
+ - apache2
+ - python-selinux
+ - python-apt
+ - unzip
+ - openssl
+ - curl
+ - python-software-properties
+ become: yes
+
+- name: get python2-firewalld module...
+ unarchive:
+ src: https://github.com/hryamzik/python-firewalld/files/182007/python-firewalld_0.1-0.deb.zip
+ dest: /tmp/
+ remote_src: true
+
+- name: install python-firewalld
+ apt:
+ deb: /tmp/python-firewalld_0.1-0.deb
+#https://github.com/hryamzik/python-firewalld/files/182007/python-firewalld_0.1-0.deb.zip
+
+- name: enable apache rewrite
+ command: a2enmod rewrite
+ become: yes
+
+- name: create apache2 logdir
+ file:
+ path: /etc/apache2/logs
+ state: directory
+ owner: www-data
+ group: www-data
+ mode: 0775
+
+- name: set DocumentRoot in default site-enabled
+ lineinfile:
+ dest: /etc/apache2/sites-enabled/000-default.conf
+ line: ' DocumentRoot "/var/www/html/php-gateway/public"'
+ regexp: '^\s+DocumentRoot'
+ state: present
diff --git a/dev-tools/ansible/roles/httpd/tasks/main.yml b/dev-tools/ansible/roles/httpd/tasks/main.yml
index 85bc93a..9ee2802 100644
--- a/dev-tools/ansible/roles/httpd/tasks/main.yml
+++ b/dev-tools/ansible/roles/httpd/tasks/main.yml
@@ -5,6 +5,8 @@
become: yes
when: ansible_os_family == "RedHat"
+- include: install_deps_{{ ansible_distribution }}_{{ ansible_distribution_major_version }}.yml
+
- name: allow httpd to connect out to the network
seboolean:
name: httpd_can_network_connect