You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airavata.apache.org by ma...@apache.org on 2022/04/20 21:20:52 UTC
[airavata] branch AIRAVATA-3609 created (now a013318fdf)
This is an automated email from the ASF dual-hosted git repository.
machristie pushed a change to branch AIRAVATA-3609
in repository https://gitbox.apache.org/repos/asf/airavata.git
at a013318fdf WIP
This branch includes the following new commits:
new a013318fdf WIP
The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
[airavata] 01/01: WIP
Posted by ma...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
machristie pushed a commit to branch AIRAVATA-3609
in repository https://gitbox.apache.org/repos/asf/airavata.git
commit a013318fdfffaf5d9527937dea39d1c9c5c77313
Author: Marcus Christie <ma...@apache.org>
AuthorDate: Wed Apr 20 17:20:08 2022 -0400
WIP
---
.../scigap/develop/group_vars/all/vars.yml | 4 +
.../scigap/develop/group_vars/django/vars.yml | 11 ++-
.../scigap/develop/host_vars/geo/vars.yml | 22 ++---
.../scigap/develop/host_vars/interactwel/vars.yml | 18 ++--
.../scigap/develop/host_vars/rnamake/vars.yml | 14 +--
.../scigap/develop/host_vars/seagrid/vars.yml | 11 ++-
.../scigap/develop/host_vars/simccs/vars.yml | 13 ++-
dev-tools/ansible/inventories/scigap/develop/hosts | 34 +++----
.../scigap/develop/pga_config/scigap/vars.yml | 57 -----------
.../scigap/develop/pga_config/scigap/vault.yml | 18 ----
.../scigap/develop/pga_config/seagrid/vars.yml | 67 -------------
.../scigap/develop/pga_config/seagrid/vault.yml | 18 ----
.../scigap/develop/pga_config/simvascular/vars.yml | 65 -------------
.../develop/pga_config/simvascular/vault.yml | 18 ----
.../scigap/develop/pga_config/testdrive/vars.yml | 65 -------------
.../scigap/develop/pga_config/testdrive/vault.yml | 18 ----
dev-tools/ansible/requirements.txt | 20 +++-
dev-tools/ansible/roles/django/tasks/database.yml | 19 +++-
.../django/tasks/install_deps_Centos_7.yml} | 19 +++-
.../django/tasks/install_deps_Rocky_8.yml} | 20 +++-
dev-tools/ansible/roles/django/tasks/main.yml | 25 +++--
.../django_setup/tasks/install_deps_Rocky_8.yml | 108 +++++++++++++++++++++
dev-tools/ansible/roles/env_setup/tasks/main.yml | 37 +++----
.../httpd/tasks/install_deps_Rocky_8.yml} | 26 ++++-
dev-tools/ansible/roles/httpd/tasks/main.yml | 5 +-
.../letsencrypt/tasks/install_deps_CentOS_7.yml} | 22 ++++-
.../letsencrypt/tasks/install_deps_Rocky_8.yml} | 22 ++++-
dev-tools/ansible/roles/letsencrypt/tasks/main.yml | 10 +-
28 files changed, 336 insertions(+), 450 deletions(-)
diff --git a/dev-tools/ansible/inventories/scigap/develop/group_vars/all/vars.yml b/dev-tools/ansible/inventories/scigap/develop/group_vars/all/vars.yml
index ac50e8a390..d3bdf30110 100644
--- a/dev-tools/ansible/inventories/scigap/develop/group_vars/all/vars.yml
+++ b/dev-tools/ansible/inventories/scigap/develop/group_vars/all/vars.yml
@@ -21,6 +21,10 @@
---
ansible_connection: ssh
ansible_user: centos
+# https://stackoverflow.com/a/41431540
+# ansible_python_interpreter: /usr/bin/python3
+# ansible_python_interpreter: /usr/bin/python2
+
user: airavata
group: airavata
diff --git a/dev-tools/ansible/inventories/scigap/develop/group_vars/django/vars.yml b/dev-tools/ansible/inventories/scigap/develop/group_vars/django/vars.yml
index b5e9ba4f0f..f3560f919b 100644
--- a/dev-tools/ansible/inventories/scigap/develop/group_vars/django/vars.yml
+++ b/dev-tools/ansible/inventories/scigap/develop/group_vars/django/vars.yml
@@ -21,16 +21,19 @@
---
user: "pga"
group: "pga"
-gateway_data_store_hostname: "pgadev.scigap.org"
-gateway_data_store_resource_id: "pgadev.scigap.org_7ddf28fd-d503-4ff8-bbc5-3279a7c3b99e"
+gateway_data_store_hostname: "web.dev.scigap.org"
+# TODO: setup storage resource
+# gateway_data_store_resource_id: "pgadev.scigap.org_7ddf28fd-d503-4ff8-bbc5-3279a7c3b99e"
+gateway_data_store_resource_id: "web.dev.scigap.org_ba01452f-44e5-4e03-b35f-756630539198"
django_wsgi_processes: 1
doc_root_dir: "/var/www/portals/django-{{gateway_id}}"
admin_emails: "[('SGRC Group', 'sgrc-iu-group@iu.edu')]"
django_error_emails: "[('Marcus Christie', 'machrist@iu.edu'), ('Eroma Abeysinghe', 'eabeysin@iu.edu')]"
django_database_name: "django_{{ gateway_id }}"
django_hidden_airavata_apps: "['django_airavata_dataparsers']"
-tusd_vhost_servername: "tus.dev.scigap.org"
-tusd_upload_dir: "{{real_user_data_dir}}/tus-temp-dir"
+# TODO: setup tusd server
+# tusd_vhost_servername: "tus.dev.scigap.org"
+# tusd_upload_dir: "{{real_user_data_dir}}/tus-temp-dir"
airavata_django_git_branch: "develop"
# django_keycloak_ca_certfile_path: 'os.path.join(BASE_DIR, "django_airavata", "resources", "incommon_rsa_server_ca.pem")'
cilogon_userinfo_url: "https://cilogon.org/oauth2/userinfo"
diff --git a/dev-tools/ansible/inventories/scigap/develop/host_vars/geo/vars.yml b/dev-tools/ansible/inventories/scigap/develop/host_vars/geo/vars.yml
index 7a06a2cc97..c9bb4ba628 100644
--- a/dev-tools/ansible/inventories/scigap/develop/host_vars/geo/vars.yml
+++ b/dev-tools/ansible/inventories/scigap/develop/host_vars/geo/vars.yml
@@ -21,19 +21,16 @@
---
airavata_django_extra_dependencies:
- - "git+https://github.com/GeoGateway/geogateway-django-app.git@master#egg=geogateway_django_app"
+ # - "git+https://github.com/GeoGateway/geogateway-django-app.git@master#egg=geogateway_django_app"
+
+vhost_servername: "geogateway.js2.scigap.org"
+vhost_ssl: True
+ssl_certificate_file: "/etc/letsencrypt/live/{{ vhost_servername }}/cert.pem"
+ssl_certificate_chain_file: "/etc/letsencrypt/live/{{ vhost_servername }}/fullchain.pem"
+ssl_certificate_key_file: "/etc/letsencrypt/live/{{ vhost_servername }}/privkey.pem"
+
+real_user_data_dir: "/media/volume/sdb/gateway-user-data"
-# No symlink, user_data_dir is same as real_user_data_dir
-user_data_dir: "{{ real_user_data_dir }}"
-#airavata_django_git_branch: "simccs"
-vhost_servername: "beta.geogateway.scigap.org"
-vhost_ssl: true
-# tus isn't setup yet
-tusd_vhost_servername:
-# sudo certbot --apache certonly -d django.simccs.scigap.org
-ssl_certificate_file: "/etc/letsencrypt/live/beta.geogateway.scigap.org/cert.pem"
-ssl_certificate_chain_file: "/etc/letsencrypt/live/beta.geogateway.scigap.org/fullchain.pem"
-ssl_certificate_key_file: "/etc/letsencrypt/live/beta.geogateway.scigap.org/privkey.pem"
django_extra_settings:
LOGIN_REDIRECT_URL: "/geogateway_django_app/"
@@ -46,6 +43,7 @@ oauth_client_secret: "{{ vault_oauth_client_secret }}"
auth_options:
password:
name: "Beta GEO"
+ hidden: true
external:
- name: "Existing Institute Login"
idp_alias: "cilogon"
diff --git a/dev-tools/ansible/inventories/scigap/develop/host_vars/interactwel/vars.yml b/dev-tools/ansible/inventories/scigap/develop/host_vars/interactwel/vars.yml
index 5d19dd95bd..8706257218 100644
--- a/dev-tools/ansible/inventories/scigap/develop/host_vars/interactwel/vars.yml
+++ b/dev-tools/ansible/inventories/scigap/develop/host_vars/interactwel/vars.yml
@@ -20,18 +20,17 @@
---
#airavata_django_git_branch: "simccs"
-#vhost_servername: "django.interactwel.scigap.org"
-vhost_servername: "interactwel.org"
-vhost_server_redirect: "www.interactwel.org"
-vhost_ssl: true
-# sudo certbot --apache certonly -d django.simccs.scigap.org
-ssl_certificate_file: "/etc/letsencrypt/live/interactwel.org/cert.pem"
-ssl_certificate_chain_file: "/etc/letsencrypt/live/interactwel.org/fullchain.pem"
-ssl_certificate_key_file: "/etc/letsencrypt/live/interactwel.org/privkey.pem"
+vhost_servername: "interactwel.js2.scigap.org"
+vhost_ssl: True
+ssl_certificate_file: "/etc/letsencrypt/live/{{ vhost_servername }}/cert.pem"
+ssl_certificate_chain_file: "/etc/letsencrypt/live/{{ vhost_servername }}/fullchain.pem"
+ssl_certificate_key_file: "/etc/letsencrypt/live/{{ vhost_servername }}/privkey.pem"
+
+real_user_data_dir: "/media/volume/sdb/gateway-user-data"
interactwel_django_app_branch: "api-integration"
airavata_django_extra_dependencies:
- - git+https://github.com/InterACTWEL/interactactwel-django-app.git@{{ interactwel_django_app_branch }}#egg=interactwel-django-app
+ # - git+https://github.com/InterACTWEL/interactactwel-django-app.git@{{ interactwel_django_app_branch }}#egg=interactwel-django-app
django_extra_settings:
LOGIN_REDIRECT_URL: "/interactwel/"
@@ -44,6 +43,7 @@ oauth_client_secret: "{{ vault_oauth_client_secret }}"
auth_options:
password:
name: "InterACTWEL"
+ hidden: true
external:
- name: "CILogon"
idp_alias: "cilogon"
diff --git a/dev-tools/ansible/inventories/scigap/develop/host_vars/rnamake/vars.yml b/dev-tools/ansible/inventories/scigap/develop/host_vars/rnamake/vars.yml
index 624a742c04..b7ea8d6b15 100644
--- a/dev-tools/ansible/inventories/scigap/develop/host_vars/rnamake/vars.yml
+++ b/dev-tools/ansible/inventories/scigap/develop/host_vars/rnamake/vars.yml
@@ -20,12 +20,13 @@
---
#airavata_django_git_branch: "simccs"
-vhost_servername: "dev.rnamake.scigap.org"
-vhost_ssl: true
-# sudo certbot --apache certonly -d django.simccs.scigap.org
-ssl_certificate_file: "/etc/letsencrypt/live/dev.rnamake.scigap.org/cert.pem"
-ssl_certificate_chain_file: "/etc/letsencrypt/live/dev.rnamake.scigap.org/fullchain.pem"
-ssl_certificate_key_file: "/etc/letsencrypt/live/dev.rnamake.scigap.org/privkey.pem"
+vhost_servername: "rnamake.js2.scigap.org"
+vhost_ssl: True
+ssl_certificate_file: "/etc/letsencrypt/live/{{ vhost_servername }}/cert.pem"
+ssl_certificate_chain_file: "/etc/letsencrypt/live/{{ vhost_servername }}/fullchain.pem"
+ssl_certificate_key_file: "/etc/letsencrypt/live/{{ vhost_servername }}/privkey.pem"
+
+real_user_data_dir: "/media/volume/sdb/gateway-user-data"
## Keycloak related variables
tenant_domain: "rnamake"
@@ -35,6 +36,7 @@ oauth_client_secret: "{{ vault_oauth_client_secret }}"
auth_options:
password:
name: "RNAMake"
+ hidden: true
external:
- name: "Existing Institute Login"
idp_alias: "cilogon"
diff --git a/dev-tools/ansible/inventories/scigap/develop/host_vars/seagrid/vars.yml b/dev-tools/ansible/inventories/scigap/develop/host_vars/seagrid/vars.yml
index 922710f3b4..f1b67267ad 100644
--- a/dev-tools/ansible/inventories/scigap/develop/host_vars/seagrid/vars.yml
+++ b/dev-tools/ansible/inventories/scigap/develop/host_vars/seagrid/vars.yml
@@ -19,11 +19,13 @@
#
---
-vhost_servername: "django.seagrid.org"
+vhost_servername: "js2.seagrid.org"
vhost_ssl: True
-ssl_certificate_file: "/etc/letsencrypt/live/django.seagrid.org/cert.pem"
-ssl_certificate_chain_file: "/etc/letsencrypt/live/django.seagrid.org/fullchain.pem"
-ssl_certificate_key_file: "/etc/letsencrypt/live/django.seagrid.org/privkey.pem"
+ssl_certificate_file: "/etc/letsencrypt/live/{{ vhost_servername }}/cert.pem"
+ssl_certificate_chain_file: "/etc/letsencrypt/live/{{ vhost_servername }}/fullchain.pem"
+ssl_certificate_key_file: "/etc/letsencrypt/live/{{ vhost_servername }}/privkey.pem"
+
+real_user_data_dir: "/media/volume/sdb/gateway-user-data"
## Keycloak related variables
tenant_domain: "seagrid"
@@ -33,6 +35,7 @@ oauth_client_secret: "{{ vault_oauth_client_secret }}"
auth_options:
password:
name: "SEAGrid"
+ hidden: true
external:
- name: "CILogon"
idp_alias: "oidc"
diff --git a/dev-tools/ansible/inventories/scigap/develop/host_vars/simccs/vars.yml b/dev-tools/ansible/inventories/scigap/develop/host_vars/simccs/vars.yml
index 54c007ca6c..1b6b139205 100644
--- a/dev-tools/ansible/inventories/scigap/develop/host_vars/simccs/vars.yml
+++ b/dev-tools/ansible/inventories/scigap/develop/host_vars/simccs/vars.yml
@@ -31,14 +31,18 @@ airavata_django_extra_dependencies:
- pyjnius
# vhost_servername: "beta.simccs.org"
# Temporary use a *.scigap.org domain name
-vhost_servername: "beta.simccs.scigap.org"
+
+vhost_servername: "simccs.js2.scigap.org"
vhost_ssl: True
-# Some of the maptool views call into Java code and can take 2-3 minutes to execute
-vhost_timeout: 300
-# sudo certbot --apache certonly -d django.simccs.scigap.org
ssl_certificate_file: "/etc/letsencrypt/live/{{ vhost_servername }}/cert.pem"
ssl_certificate_chain_file: "/etc/letsencrypt/live/{{ vhost_servername }}/fullchain.pem"
ssl_certificate_key_file: "/etc/letsencrypt/live/{{ vhost_servername }}/privkey.pem"
+
+real_user_data_dir: "/media/volume/sdb/gateway-user-data"
+
+# Some of the maptool views call into Java code and can take 2-3 minutes to execute
+vhost_timeout: 300
+
# Custom vhost config file to specify the geoserver reverse proxy
django_ssl_vhost_template: "{{ inventory_dir }}/host_vars/simccs/files/django-ssl-vhost.conf.j2"
@@ -50,6 +54,7 @@ oauth_client_secret: "{{ vault_oauth_client_secret }}"
auth_options:
password:
name: "SimCCS"
+ hidden: true
external:
- name: "CILogon"
idp_alias: "cilogon"
diff --git a/dev-tools/ansible/inventories/scigap/develop/hosts b/dev-tools/ansible/inventories/scigap/develop/hosts
index ae562e0aea..630806cd5a 100644
--- a/dev-tools/ansible/inventories/scigap/develop/hosts
+++ b/dev-tools/ansible/inventories/scigap/develop/hosts
@@ -7,7 +7,7 @@
149.165.156.195
[database]
-149.165.156.27
+149.165.156.27 ansible_user=centos
[api-orch]
149.165.156.195
@@ -22,22 +22,22 @@
149.165.156.151
[django]
-seagrid ansible_host=149.165.156.46
-simvascular ansible_host=149.165.156.46
-simccs ansible_host=149.165.156.46
-interactwel ansible_host=149.165.156.46
-usd ansible_host=149.165.156.46
-csbglsu ansible_host=149.165.156.46
-nexttdb ansible_host=149.165.156.46
-saver-x ansible_host=149.165.156.46
-pfec-hydro ansible_host=149.165.156.46
-cyberwater ansible_host=149.165.156.46
-mines ansible_host=149.165.156.46
-amp ansible_host=149.165.170.199
-geo ansible_host=149.165.156.46
-delta ansible_host=149.165.169.250
-custos-testdrive ansible_host=pgadev.scigap.org
-rnamake ansible_host=149.165.156.46
+seagrid ansible_host=149.165.152.203 ansible_user=exouser ansible_python_interpreter=/usr/bin/python3
+; simvascular ansible_host=149.165.156.46
+simccs ansible_host=149.165.152.203 ansible_user=exouser ansible_python_interpreter=/usr/bin/python3
+interactwel ansible_host=149.165.152.203 ansible_user=exouser ansible_python_interpreter=/usr/bin/python3
+; usd ansible_host=149.165.156.46
+; csbglsu ansible_host=149.165.156.46
+; nexttdb ansible_host=149.165.156.46
+; saver-x ansible_host=149.165.156.46
+; pfec-hydro ansible_host=149.165.156.46
+; cyberwater ansible_host=149.165.156.46
+; mines ansible_host=149.165.156.46
+; amp ansible_host=149.165.170.199
+geo ansible_host=149.165.152.203 ansible_user=exouser ansible_python_interpreter=/usr/bin/python3
+; delta ansible_host=149.165.169.250
+; custos-testdrive ansible_host=pgadev.scigap.org
+rnamake ansible_host=149.165.152.203 ansible_user=exouser ansible_python_interpreter=/usr/bin/python3
#149.165.169.129
diff --git a/dev-tools/ansible/inventories/scigap/develop/pga_config/scigap/vars.yml b/dev-tools/ansible/inventories/scigap/develop/pga_config/scigap/vars.yml
deleted file mode 100644
index b4e6e44922..0000000000
--- a/dev-tools/ansible/inventories/scigap/develop/pga_config/scigap/vars.yml
+++ /dev/null
@@ -1,57 +0,0 @@
-#
-#
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-#
-
----
-pga_repo: "https://github.com/apache/airavata-php-gateway.git"
-pga_git_branch: "develop"
-user: "pga"
-group: "pga"
-doc_root_dir: "/var/www/portals/dev-scigap"
-vhost_servername: "dev.scigap.org"
-vhost_ssl: True
-ssl_certificate_file: "/etc/letsencrypt/live/dev.scigap.org/cert.pem"
-ssl_certificate_chain_file: "/etc/letsencrypt/live/dev.scigap.org/fullchain.pem"
-ssl_certificate_key_file: "/etc/letsencrypt/live/dev.scigap.org/privkey.pem"
-
-## Keycloak related variables
-tenant_domain: "scigap"
-admin_username: "scigap_admin"
-admin_password: "{{ vault_admin_password }}"
-oauth_client_key: "{{ vault_oauth_client_key }}"
-oauth_client_secret: "{{ vault_oauth_client_secret }}"
-oauth_grant_type: "password"
-oidc_discovery_url: "https://iamdev.scigap.org/auth/realms/scigap/.well-known/openid-configuration"
-oauth_callback_url: "https://{{ vhost_servername }}/callback-url"
-initial_role_name: "gateway-provider"
-
-gateway_id: "scigap"
-# relative to document root dir
-experiment_data_dir: "{{ user_data_dir }}/dev-scigap"
-# NOTE: scigap portal doesn't make use of the gateway data store, only used to manage other gateways
-gateway_data_store_resource_id: ""
-
-## Portal related variables
-super_admin_portal: "true"
-admin_emails: "['sgrc-iu-group@iu.edu']"
-portal_email_username: "pga.airavata@gmail.com"
-portal_email_password: "{{ vault_portal_email_password }}"
-portal_theme: "base"
-portal_title: "SciGaP Admin Portal"
-...
diff --git a/dev-tools/ansible/inventories/scigap/develop/pga_config/scigap/vault.yml b/dev-tools/ansible/inventories/scigap/develop/pga_config/scigap/vault.yml
deleted file mode 100644
index 8b3b27474a..0000000000
--- a/dev-tools/ansible/inventories/scigap/develop/pga_config/scigap/vault.yml
+++ /dev/null
@@ -1,18 +0,0 @@
-$ANSIBLE_VAULT;1.1;AES256
-66643536656361636339616663393332663862623736333263353739396330333833666336663564
-6332613062363366333265376537656436306438343164380a383362623064383237396433353139
-36323038313235323962613864376562386165353365343430306635383131663636616131323962
-6237356432313434660a346364303238343938376437663939363361336666323234366266666161
-65396434313232323463363965623130333637323134653234383962313566323161626535613533
-32303632633137306436356265386533643634663561366131646234343734656161373463653432
-30336132396634343339323466663132313666343631346430643131363939373564383766356266
-36383336373361333139323038623638633130616330313461656566663164353166373466343232
-37346665663566646562356363376638336330353838646634373633646133653163656138373336
-35346434316466616535393332373839636161363038643937616533306433656335373134313036
-63346462623637643461303364353637623166633235373835306338333435656333633731376461
-35643330323064366137383530346234383266363531346265616530306363383463623234623137
-34343637353430373936393766396135383461323832353165393839653236653135613266376236
-30643438316431373566653639353931323030343030303762376431306231336336633131613963
-65656361363961316338373135333864363766616466376539613061663364353937613664393462
-62323562666634653936323837363738316330353163393632376463336165336439306530363139
-3465
diff --git a/dev-tools/ansible/inventories/scigap/develop/pga_config/seagrid/vars.yml b/dev-tools/ansible/inventories/scigap/develop/pga_config/seagrid/vars.yml
deleted file mode 100644
index f512cf21dd..0000000000
--- a/dev-tools/ansible/inventories/scigap/develop/pga_config/seagrid/vars.yml
+++ /dev/null
@@ -1,67 +0,0 @@
-#
-#
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-#
-
----
-pga_repo: "https://github.com/apache/airavata-php-gateway.git"
-pga_git_branch: "develop"
-user: "pga"
-group: "pga"
-doc_root_dir: "/var/www/portals/dev-seagrid"
-vhost_servername: "dev.seagrid.org"
-vhost_ssl: True
-# TODO: have Ansible manage these files as well
-ssl_certificate_file: "/etc/letsencrypt/live/dev.seagrid.org/cert.pem"
-ssl_certificate_chain_file: "/etc/letsencrypt/live/dev.seagrid.org/fullchain.pem"
-ssl_certificate_key_file: "/etc/letsencrypt/live/dev.seagrid.org/privkey.pem"
-
-## Keycloak related variables
-tenant_domain: "seagrid"
-admin_username: "admin"
-admin_password: "{{ vault_admin_password }}"
-oauth_client_key: "{{ vault_oauth_client_key }}"
-oauth_client_secret: "{{ vault_oauth_client_secret }}"
-oidc_discovery_url: "https://iamdev.scigap.org/auth/realms/seagrid/.well-known/openid-configuration"
-
-auth_options:
- - name: "SEAGrid"
- oauth_grant_type: "password"
- - name: "existing accounts"
- oauth_grant_type: "authorization_code"
- oauth_authorize_url_extra_params: "kc_idp_hint=oidc"
- logo: "/assets/cilogon-logo-24x24-b.png"
-oauth_callback_url: "https://{{ vhost_servername }}/callback-url"
-
-gateway_id: "seagrid"
-# relative to document root dir
-experiment_data_dir: "{{ user_data_dir }}/dev-seagrid"
-# TODO: Fix the data store resource id
-gateway_data_store_resource_id: "pgadev.scigap.org_7ddf28fd-d503-4ff8-bbc5-3279a7c3b99e"
-gateway_data_store_ssh_public_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDWgLve4J9WCohF/4UnbBZsh/nRkP1aM9FmA1FjKwK2gQAnKwhU+NrbsjW38h2Hi+8s9N2oZ9cCJHrvDi2U0cMxz4exIUBcVoRhw37ThlREHADeKR1FbKw0QLhTyfJb0K+1/8GWRluiFx0vHPptJe0KTqu+RJY0NSe+d/BEuGyCZ1hR+SKNuTgcb05Ia6opbSN5D68N9biseEux60d69ARQxLw+VN3Kr/UaBNpGIAfKLlLSUQlTyPA6G6UKCcJZv+/ye10oa0SK0qtrxMpL+4VJcVx+d56U7CUFWKEgPAaQrX1qdGUNDA7HKmD+EBtzw6DJqNJ0Cue/XuPe/RT62tpf"
-group_resource_profile_id: "6a642772-15fd-4d10-a847-8aef89b71830"
-
-## Portal related variables
-super_admin_portal: "false"
-admin_emails: "['sgg@iu.edu','pamidigs@iu.edu', 'eroma.abeysinghe@gmail.com']"
-portal_email_username: "pga.airavata@gmail.com"
-portal_email_password: "{{ vault_portal_email_password }}"
-portal_theme: "seagrid"
-portal_theme_repo: "https://github.com/SciGaP/seagrid-website-theme.git"
-portal_title: "SEAGrid Portal"
-...
diff --git a/dev-tools/ansible/inventories/scigap/develop/pga_config/seagrid/vault.yml b/dev-tools/ansible/inventories/scigap/develop/pga_config/seagrid/vault.yml
deleted file mode 100644
index 4fa5716ddd..0000000000
--- a/dev-tools/ansible/inventories/scigap/develop/pga_config/seagrid/vault.yml
+++ /dev/null
@@ -1,18 +0,0 @@
-$ANSIBLE_VAULT;1.1;AES256
-35363834376232323532383937363965643066346662646162623433363134396438383566373532
-3166626337666161386532363635386338366439643935310a316430613738343939333932386333
-65313532396532323834346437643366376465393637326137333838366536373438643434653663
-3735333530316164340a626331396161636332663765653465303335306162653232313863303762
-39666330626562646533656639386639653635623735333432386431323532623334313964393732
-65383465353438366438383938393165353235383438636265653731616235613839363566396635
-38653763353363316233373932313638376231366531306462666436353437376139303939343433
-65613532666230366239626132323661646137333031336230343862306534613564623161303066
-62376132666365303632626639643835623465643564393033623866383836323932383533613861
-62363336393361363266323636356164383962343939336432396538373662396264633361353162
-66663935316236316533633134393136356361373936306438333932666662653263613662636166
-62326139646537326334376464303466366563636465343362656131643735626633393835636265
-63343833396434366637626539653536343539383763393234333466623031393634343930393836
-31636136386135336430303035376533343038336662383139653831666230663232616533653461
-61363665633937666162303638366435613838356665613361313730383734383163666537386330
-38386238316366306466346432663139333038353339376336346166393639336137313231356333
-3336
diff --git a/dev-tools/ansible/inventories/scigap/develop/pga_config/simvascular/vars.yml b/dev-tools/ansible/inventories/scigap/develop/pga_config/simvascular/vars.yml
deleted file mode 100644
index 5068a7e58e..0000000000
--- a/dev-tools/ansible/inventories/scigap/develop/pga_config/simvascular/vars.yml
+++ /dev/null
@@ -1,65 +0,0 @@
-#
-#
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-#
-
----
-pga_repo: "https://github.com/apache/airavata-php-gateway.git"
-pga_git_branch: "develop"
-user: "pga"
-group: "pga"
-doc_root_dir: "/var/www/portals/pga-simvascular"
-vhost_servername: "beta.simvascular.scigap.org"
-vhost_ssl: True
-# TODO: have Ansible manage these files as well
-ssl_certificate_file: "/etc/letsencrypt/live/beta.simvascular.scigap.org/cert.pem"
-ssl_certificate_chain_file: "/etc/letsencrypt/live/beta.simvascular.scigap.org/fullchain.pem"
-ssl_certificate_key_file: "/etc/letsencrypt/live/beta.simvascular.scigap.org/privkey.pem"
-
-## Keycloak related variables
-tenant_domain: "simvascular"
-admin_username: "admin"
-admin_password: "{{ vault_admin_password }}"
-oauth_client_key: "{{ vault_oauth_client_key }}"
-oauth_client_secret: "{{ vault_oauth_client_secret }}"
-oidc_discovery_url: "https://iamdev.scigap.org/auth/realms/simvascular/.well-known/openid-configuration"
-
-auth_options:
- - name: "SimVascular"
- oauth_grant_type: "password"
- - name: "CILogon"
- oauth_grant_type: "authorization_code"
- oauth_authorize_url_extra_params: "kc_idp_hint=cilogon"
- logo: "/assets/cilogon-logo-24x24-b.png"
-oauth_callback_url: "https://{{ vhost_servername }}/callback-url"
-
-gateway_id: "simvascular"
-# relative to document root dir
-experiment_data_dir: "{{ user_data_dir }}/simvascular"
-gateway_data_store_resource_id: "pgadev.scigap.org_7ddf28fd-d503-4ff8-bbc5-3279a7c3b99e"
-gateway_data_store_ssh_public_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDWgLve4J9WCohF/4UnbBZsh/nRkP1aM9FmA1FjKwK2gQAnKwhU+NrbsjW38h2Hi+8s9N2oZ9cCJHrvDi2U0cMxz4exIUBcVoRhw37ThlREHADeKR1FbKw0QLhTyfJb0K+1/8GWRluiFx0vHPptJe0KTqu+RJY0NSe+d/BEuGyCZ1hR+SKNuTgcb05Ia6opbSN5D68N9biseEux60d69ARQxLw+VN3Kr/UaBNpGIAfKLlLSUQlTyPA6G6UKCcJZv+/ye10oa0SK0qtrxMpL+4VJcVx+d56U7CUFWKEgPAaQrX1qdGUNDA7HKmD+EBtzw6DJqNJ0Cue/XuPe/RT62tpf"
-
-## Portal related variables
-super_admin_portal: "false"
-admin_emails: "['sgg@iu.edu','eroma.abeysinghe@gmail.com']"
-portal_email_username: "pga.airavata@gmail.com"
-portal_email_password: "{{ vault_portal_email_password }}"
-portal_theme: "simvascular-gateway-theme"
-portal_theme_repo: "https://github.com/SciGaP/simvascular-gateway-theme.git"
-portal_title: "SimVascular Gateway Portal"
-...
diff --git a/dev-tools/ansible/inventories/scigap/develop/pga_config/simvascular/vault.yml b/dev-tools/ansible/inventories/scigap/develop/pga_config/simvascular/vault.yml
deleted file mode 100644
index a24744d444..0000000000
--- a/dev-tools/ansible/inventories/scigap/develop/pga_config/simvascular/vault.yml
+++ /dev/null
@@ -1,18 +0,0 @@
-$ANSIBLE_VAULT;1.1;AES256
-39663235396339383266663136613561633834356536323232346264343839636663656366636638
-3562636339363061343532656234303966613261386635620a656433623538643961663866383563
-32366138333464646337316139383230396165393439666439383463326531656365306266326265
-3030646232393538340a356432663330303064363631626666633138313832323332663965393364
-36613764343037346565343632643964306330623136323532343837393362636664663763333437
-65343133313433346538663133326465616465363031643966313963666636303534356437316231
-39663239316133383035383239303731306163373362353164396364653964353533623633646335
-61386464646132353939373761383037343637616133626665383330366636643537356163323962
-66663938666166373830646136333265323561363036336236663964623662356639623866376137
-36336537633836313839633737393435666537386463343862333235663961653437303462383930
-65383762666536393732613466393763373434383661356337306539613766356138353033613530
-34613938613237663662333064616664666138333435363835346434316161663933386335303438
-39343437346665326334336537316264656265313663623331626339323933383064343539326439
-35666133373639356261353166353332663936643433386539373533313832336164373466386331
-32616138303838353431316239376630383437373466663463323230306532353632656231313230
-36343532363965306333646161663638366364643131303135653239663264623366653933343538
-3266
diff --git a/dev-tools/ansible/inventories/scigap/develop/pga_config/testdrive/vars.yml b/dev-tools/ansible/inventories/scigap/develop/pga_config/testdrive/vars.yml
deleted file mode 100644
index e1b0034736..0000000000
--- a/dev-tools/ansible/inventories/scigap/develop/pga_config/testdrive/vars.yml
+++ /dev/null
@@ -1,65 +0,0 @@
-#
-#
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-#
-
----
-pga_repo: "https://github.com/apache/airavata-php-gateway.git"
-pga_git_branch: "develop"
-user: "pga"
-group: "pga"
-doc_root_dir: "/var/www/portals/dev-testdrive"
-vhost_servername: "dev.testdrive.airavata.org"
-vhost_ssl: True
-ssl_certificate_file: "/etc/letsencrypt/live/dev.testdrive.airavata.org/cert.pem"
-ssl_certificate_chain_file: "/etc/letsencrypt/live/dev.testdrive.airavata.org/fullchain.pem"
-ssl_certificate_key_file: "/etc/letsencrypt/live/dev.testdrive.airavata.org/privkey.pem"
-
-## Keycloak related variables
-tenant_domain: "{{ gateway_id }}"
-admin_username: "admin"
-admin_password: "{{ vault_admin_password }}"
-oauth_client_key: "{{ vault_oauth_client_key }}"
-oauth_client_secret: "{{ vault_oauth_client_secret }}"
-oidc_discovery_url: "https://iamdev.scigap.org/auth/realms/{{ tenant_domain }}/.well-known/openid-configuration"
-
-auth_options:
- - name: "Test Drive"
- oauth_grant_type: "password"
- - name: "CILogon"
- oauth_grant_type: "authorization_code"
- oauth_authorize_url_extra_params: "kc_idp_hint=cilogon"
- logo: "/assets/cilogon-logo-24x24-b.png"
-oauth_callback_url: "https://{{ vhost_servername }}/callback-url"
-
-gateway_id: "default"
-# relative to document root dir
-experiment_data_dir: "{{ user_data_dir }}/dev-testdrive"
-gateway_data_store_resource_id: "pgadev.scigap.org_7ddf28fd-d503-4ff8-bbc5-3279a7c3b99e"
-gateway_data_store_ssh_public_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCEK6v8oMNUKDqQtlHlXRUpRZVqCL6CbQlJTL5QajevPFtvM0hauS/Rjj6M/bjgTfRyef2/E100l1pH3xhFuL65+OTnOZgC5DQ0T3J1OtldTTuP1Rl7mKZR4xKYzx/hxSgB6kn8tZb3IgDCYnHNcTLYGj1rEpNEO6ju8e9qVR02ex+hbC+4Q4bJgX6FxHL4+rQHcqT6I1k3JmwRsPzr3P1hiRgUUkxAlQuXFXsoa4+9BzEU5D0qXq0o/Q12jKOhPwWyOyhV2X++bc50VKkm0G6M6n78OL8CBIKmZyczgEwD2zB9gx3aTHXTEgUqaVHyOMc3aE8Kt1Us33PDyXpn8sk3"
-group_resource_profile_id: "1cee1887-6774-49c4-9f3c-edfc3558cf9b"
-
-## Portal related variables
-super_admin_portal: "false"
-admin_emails: "['sgg@iu.edu']"
-portal_email_username: "pga.airavata@gmail.com"
-portal_email_password: "{{ vault_portal_email_password }}"
-portal_theme: "base"
-#portal_theme_repo: "https://github.com/SciGaP/seagrid-website-theme.git"
-portal_title: "Airavata Test Drive"
-...
diff --git a/dev-tools/ansible/inventories/scigap/develop/pga_config/testdrive/vault.yml b/dev-tools/ansible/inventories/scigap/develop/pga_config/testdrive/vault.yml
deleted file mode 100644
index 59eb48fc75..0000000000
--- a/dev-tools/ansible/inventories/scigap/develop/pga_config/testdrive/vault.yml
+++ /dev/null
@@ -1,18 +0,0 @@
-$ANSIBLE_VAULT;1.1;AES256
-37653330653661316166336135653863643435656234363935346436646433353061613333376462
-3031393162356336393430333763663764633263353637310a386662313137383733333666396539
-39313331373262323031613561633835663266386663613037393235366533333130303438306564
-3631313831323765630a653331363766343836326135393131646264613361646266333662666663
-34336561356230623239613237393161616263333638613765616134633837393161393933643433
-61383030316464633961313965653365373037326234636234306661346234316630656634626264
-32666265633261666330623262303462643932336463303231303935643936613638326363363262
-39363237353038626437646230623565353038383566303662663033623066383938656530613939
-39343339643062313830633165323135346330636133663632366436336263363232646431663239
-32663434333032353632373735333434613066386132646561643930626466306433623639386266
-33313366383036313161373736656530366339646333373664333364373531633463333838303334
-39626330646361636238303261343164343834623065393131646336306430383331333364313937
-37333539303361386234663930613130363564333232326535313864306132646361353132393638
-31343338636466353338656261633437616330636631326564353032393162383465343137383163
-61666265336465366263636435336436343764356133653963653866353166356138353837346434
-35326265666365393963356231313964333763316464633636656332653132633931393064626630
-3966
diff --git a/dev-tools/ansible/requirements.txt b/dev-tools/ansible/requirements.txt
index dc30cfd1fd..da3380cc96 100644
--- a/dev-tools/ansible/requirements.txt
+++ b/dev-tools/ansible/requirements.txt
@@ -15,5 +15,21 @@
# specific language governing permissions and limitations
# under the License.
-ansible~=2.3.1
-docker<3.0
+ansible==5.6.0
+ansible-core==2.12.4
+certifi==2021.10.8
+cffi==1.15.0
+charset-normalizer==2.0.12
+cryptography==36.0.2
+docker==5.0.3
+idna==3.3
+Jinja2==3.1.1
+MarkupSafe==2.1.1
+packaging==21.3
+pycparser==2.21
+pyparsing==3.0.8
+PyYAML==6.0
+requests==2.27.1
+resolvelib==0.5.4
+urllib3==1.26.9
+websocket-client==1.3.2
diff --git a/dev-tools/ansible/roles/django/tasks/database.yml b/dev-tools/ansible/roles/django/tasks/database.yml
index 4589562088..31548a66f1 100644
--- a/dev-tools/ansible/roles/django/tasks/database.yml
+++ b/dev-tools/ansible/roles/django/tasks/database.yml
@@ -22,16 +22,25 @@
- name: Adds Python MySQL support on Debian/Ubuntu
apt: pkg="python-mysqldb" state=present
- become_user: root
+ become: true
when: ansible_os_family == 'Debian'
-- name: Adds Python MySQL support on RedHat/CentOS
- yum: name=MySQL-python state=present
- become_user: root
- when: ansible_os_family == 'RedHat'
+# - name: inventory_hostname var
+# debug:
+# var: inventory_hostname
+
+# - name: user var
+# debug:
+# var: user
+
+# TODO: fix propagating delegation and become_user
+# - include: install_deps_{{ ansible_distribution }}_{{ ansible_distribution_major_version }}.yml
+# when: ansible_os_family == "RedHat"
- name: create django database ({{ django_database_name }})
mysql_db: name="{{ django_database_name }}" state=present encoding=utf8 collation=utf8_bin
+ # become: true
+ # become_user: "{{user}}"
- name: give access to {{ django_db_username }} from remote (internal ip)
mysql_user: name="{{ django_db_username }}" password="{{ django_db_password }}" host="{{ ansible_default_ipv4.address }}"
diff --git a/dev-tools/ansible/requirements.txt b/dev-tools/ansible/roles/django/tasks/install_deps_Centos_7.yml
similarity index 81%
copy from dev-tools/ansible/requirements.txt
copy to dev-tools/ansible/roles/django/tasks/install_deps_Centos_7.yml
index dc30cfd1fd..fbde07fdcd 100644
--- a/dev-tools/ansible/requirements.txt
+++ b/dev-tools/ansible/roles/django/tasks/install_deps_Centos_7.yml
@@ -1,3 +1,5 @@
+#
+#
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
@@ -5,15 +7,22 @@
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
-
-# http://www.apache.org/licenses/LICENSE-2.0
-
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
+#
+
+---
+
+- name: Adds Python MySQL support (Centos 7)
+ yum: name=MySQL-python state=present
+ become: true
+
-ansible~=2.3.1
-docker<3.0
+...
diff --git a/dev-tools/ansible/requirements.txt b/dev-tools/ansible/roles/django/tasks/install_deps_Rocky_8.yml
similarity index 79%
copy from dev-tools/ansible/requirements.txt
copy to dev-tools/ansible/roles/django/tasks/install_deps_Rocky_8.yml
index dc30cfd1fd..1aa0d81042 100644
--- a/dev-tools/ansible/requirements.txt
+++ b/dev-tools/ansible/roles/django/tasks/install_deps_Rocky_8.yml
@@ -1,3 +1,5 @@
+#
+#
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
@@ -5,15 +7,23 @@
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
-
-# http://www.apache.org/licenses/LICENSE-2.0
-
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
+#
+
+---
+
+- name: Adds Python MySQL support (Rocky 8)
+ dnf: name={{ item }} state=latest
+ with_items:
+ - python3-mysql
+ become: true
-ansible~=2.3.1
-docker<3.0
+...
diff --git a/dev-tools/ansible/roles/django/tasks/main.yml b/dev-tools/ansible/roles/django/tasks/main.yml
index 172b7f0abf..1f0c264a3c 100644
--- a/dev-tools/ansible/roles/django/tasks/main.yml
+++ b/dev-tools/ansible/roles/django/tasks/main.yml
@@ -27,11 +27,19 @@
with_items:
- "{{ groups['database'] }}"
+# - name: Hostvars
+# debug:
+# var: hostvars[item]
+# with_items:
+# - "{{ django_database_hosts }}"
+
- name: Run tasks to setup Django database
- include: database.yml
- delegate_to: "{{ item }}"
- become: yes
- become_user: "{{ hostvars[item]['user'] }}"
+ include_tasks: database.yml
+ args:
+ apply:
+ delegate_to: "{{ item }}"
+ become: yes
+ become_user: "{{ hostvars[item]['user'] }}"
with_items:
- "{{ django_database_hosts }}"
@@ -88,10 +96,12 @@
- name: build airavata-django-portal Docker image
local_action:
module: docker_image
- path: "{{ airavata_django_portal_tempdir.path }}/"
+ build:
+ path: "{{ airavata_django_portal_tempdir.path }}/"
name: airavata-django-portal
- force: true
- # source: build
+ force_source: true
+ force_tag: true
+ source: build
run_once: true
- name: create Docker container so we can copy built files out of it
@@ -178,6 +188,7 @@
pip:
name: "{{ item }}"
virtualenv: "{{ django_venv_dir }}"
+ # TODO: maybe set editable to true if a git url?
become: yes
become_user: "{{user}}"
with_list: "{{ airavata_django_extra_dependencies }}"
diff --git a/dev-tools/ansible/roles/django_setup/tasks/install_deps_Rocky_8.yml b/dev-tools/ansible/roles/django_setup/tasks/install_deps_Rocky_8.yml
new file mode 100644
index 0000000000..80f8266702
--- /dev/null
+++ b/dev-tools/ansible/roles/django_setup/tasks/install_deps_Rocky_8.yml
@@ -0,0 +1,108 @@
+#
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+
+---
+
+- name: Install Airavata Django Portal prerequisites (Rocky 8)
+ dnf: name={{ item }} state=latest
+ with_items:
+ - python36
+ - httpd-devel
+ - python36-devel
+ - mysql-devel
+ - gcc
+ - zlib-devel
+ - openssl-devel
+ become: yes
+
+- name: Create mod_wsgi directory
+ file: path={{ mod_wsgi_dir }} state=directory
+ become: yes
+
+- name: Fetch mod_wsgi
+ get_url:
+ url: "{{ mod_wsgi_url }}"
+ dest: "{{ mod_wsgi_tarball_dest }}"
+ become: yes
+
+- name: Untar mod_wsgi
+ unarchive:
+ src: "{{ mod_wsgi_tarball_dest }}"
+ remote_src: yes
+ dest: "{{ mod_wsgi_dir }}"
+ creates: "{{ mod_wsgi_unarchive_dir }}"
+ become: yes
+
+- name: Configure mod_wsgi
+ command: ./configure --with-python=/usr/bin/python3
+ args:
+ chdir: "{{ mod_wsgi_unarchive_dir }}"
+ creates: "{{ mod_wsgi_unarchive_dir }}/Makefile"
+ become: yes
+
+- name: make mod_wsgi
+ command: make
+ args:
+ chdir: "{{ mod_wsgi_unarchive_dir }}"
+ creates: "{{ mod_wsgi_unarchive_dir }}/src/server/mod_wsgi.la"
+ become: yes
+
+- name: make install mod_wsgi
+ command: make install
+ args:
+ chdir: "{{ mod_wsgi_unarchive_dir }}"
+ become: yes
+
+- name: Copy mod_wsgi config file
+ copy:
+ src: 00-wsgi.conf
+ dest: "{{ httpd_conf_modules_dir }}/00-wsgi.conf"
+ become: yes
+
+# Allow httpd to copy file attributes when handling uploaded files and moving
+# them from temporary to final destination (which may cross partitions)
+- name: double check policycoreutils installed
+ dnf: name=python3-policycoreutils state=installed
+ become: yes
+
+- name: Copy SELinux type enforcement file
+ copy: src=django-httpd.te dest=/tmp/
+
+- name: Compile SELinux module file
+ command: checkmodule -M -m -o /tmp/django-httpd.mod /tmp/django-httpd.te
+
+- name: Build SELinux policy package
+ command: semodule_package -o /tmp/django-httpd.pp -m /tmp/django-httpd.mod
+
+- name: unLoad SELinux policy package
+ command: semodule -r django-httpd
+ become: yes
+ ignore_errors: True
+
+- name: Load SELinux policy package
+ command: semodule -i /tmp/django-httpd.pp
+ become: yes
+
+- name: Remove temporary files
+ file: path={{ item }} state=absent
+ with_items:
+ - /tmp/django-httpd.mod
+ - /tmp/django-httpd.pp
+ - /tmp/django-httpd.te
diff --git a/dev-tools/ansible/roles/env_setup/tasks/main.yml b/dev-tools/ansible/roles/env_setup/tasks/main.yml
index 4d36c76fd2..b038e840dd 100644
--- a/dev-tools/ansible/roles/env_setup/tasks/main.yml
+++ b/dev-tools/ansible/roles/env_setup/tasks/main.yml
@@ -73,24 +73,25 @@
# Automatic security updates installation
-- name: Install yum-cron, yum-utils (RedHat)
- yum: name={{ item }} state=latest update_cache=yes
- become: yes
- when: ansible_os_family == "RedHat"
- with_items:
- - yum-cron
- - yum-utils
+# TODO: switch to dnf-automatic for Rocky Linux
+# - name: Install yum-cron, yum-utils (RedHat)
+# yum: name={{ item }} state=latest update_cache=yes
+# become: yes
+# when: ansible_os_family == "RedHat"
+# with_items:
+# - yum-cron
+# - yum-utils
-- name: Copy yum-cron.conf config file
- copy:
- src: yum-cron.conf
- dest: /etc/yum/yum-cron.conf
- backup: yes
- become: yes
- when: ansible_os_family == "RedHat"
+# - name: Copy yum-cron.conf config file
+# copy:
+# src: yum-cron.conf
+# dest: /etc/yum/yum-cron.conf
+# backup: yes
+# become: yes
+# when: ansible_os_family == "RedHat"
-- name: Enable and start yum-cron
- service: name=yum-cron state=started enabled=yes daemon_reload=yes
- become: yes
- when: ansible_os_family == "RedHat"
+# - name: Enable and start yum-cron
+# service: name=yum-cron state=started enabled=yes daemon_reload=yes
+# become: yes
+# when: ansible_os_family == "RedHat"
...
diff --git a/dev-tools/ansible/requirements.txt b/dev-tools/ansible/roles/httpd/tasks/install_deps_Rocky_8.yml
similarity index 69%
copy from dev-tools/ansible/requirements.txt
copy to dev-tools/ansible/roles/httpd/tasks/install_deps_Rocky_8.yml
index dc30cfd1fd..698932ee25 100644
--- a/dev-tools/ansible/requirements.txt
+++ b/dev-tools/ansible/roles/httpd/tasks/install_deps_Rocky_8.yml
@@ -1,3 +1,5 @@
+#
+#
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
@@ -5,15 +7,29 @@
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
-
-# http://www.apache.org/licenses/LICENSE-2.0
-
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
+#
+
+---
+
+- name: Install pre-requisites
+ dnf: name="{{ item }}" state=latest
+ with_items:
+ - git
+ - httpd
+ - mod_ssl
+ - python3-libselinux
+ - python3-policycoreutils
+ become: yes
-ansible~=2.3.1
-docker<3.0
+- name: install epel release
+ dnf: name=epel-release state=present
+ become: yes
diff --git a/dev-tools/ansible/roles/httpd/tasks/main.yml b/dev-tools/ansible/roles/httpd/tasks/main.yml
index 15a71fd9ed..90a3ee840b 100644
--- a/dev-tools/ansible/roles/httpd/tasks/main.yml
+++ b/dev-tools/ansible/roles/httpd/tasks/main.yml
@@ -34,7 +34,7 @@
- name: create default ssl vhost certificate
command: openssl req -x509 -sha256 -newkey rsa:2048 -keyout {{ httpd_default_ssl_vhost_certificate_key_location[ansible_os_family]}} -out {{ httpd_default_ssl_vhost_certificate_location[ansible_os_family]}} -days 1024 -nodes -subj '/CN={{ ansible_host }}'
become: yes
- when: default_vhost_ssl_cert_check|failed
+ when: default_vhost_ssl_cert_check is failed
- name: Change permissions for default ssl vhost certificate private key
file: path="{{ httpd_default_ssl_vhost_certificate_key_location[ansible_os_family] }}" state=file owner="root" group="root" mode="600"
@@ -59,6 +59,7 @@
file: path="{{ real_user_data_dir }}" state=directory owner="{{user}}" group="{{group}}"
become: yes
+# TODO: create the parent directory of the symlink if missing
- name: Symlink user data dir {{ user_data_dir }} to {{ real_user_data_dir }}
file: src="{{ real_user_data_dir }}" dest="{{ user_data_dir }}" state=link owner="{{user}}" group="{{group}}"
become: yes
@@ -76,7 +77,7 @@
when: ansible_os_family == "RedHat"
- name: run restorecon on user data directory
- command: restorecon -F -R {{ user_data_dir }}
+ command: restorecon -F -R {{ real_user_data_dir }}
become: yes
when: ansible_os_family == "RedHat"
diff --git a/dev-tools/ansible/requirements.txt b/dev-tools/ansible/roles/letsencrypt/tasks/install_deps_CentOS_7.yml
similarity index 69%
copy from dev-tools/ansible/requirements.txt
copy to dev-tools/ansible/roles/letsencrypt/tasks/install_deps_CentOS_7.yml
index dc30cfd1fd..2415c7584f 100644
--- a/dev-tools/ansible/requirements.txt
+++ b/dev-tools/ansible/roles/letsencrypt/tasks/install_deps_CentOS_7.yml
@@ -1,3 +1,5 @@
+#
+#
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
@@ -5,15 +7,25 @@
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
-
-# http://www.apache.org/licenses/LICENSE-2.0
-
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
+#
+
+---
-ansible~=2.3.1
-docker<3.0
+- name: install certbot and dependencies
+ yum: name={{ item }} state=installed update_cache=yes
+ with_items:
+ - certbot-1.11.0
+ - python2-acme-1.11.0
+ - python2-certbot-apache-1.11.0
+ - ca-certificates-2021.2.50
+ become: true
+ become_user: root
diff --git a/dev-tools/ansible/requirements.txt b/dev-tools/ansible/roles/letsencrypt/tasks/install_deps_Rocky_8.yml
similarity index 73%
copy from dev-tools/ansible/requirements.txt
copy to dev-tools/ansible/roles/letsencrypt/tasks/install_deps_Rocky_8.yml
index dc30cfd1fd..574127dec3 100644
--- a/dev-tools/ansible/requirements.txt
+++ b/dev-tools/ansible/roles/letsencrypt/tasks/install_deps_Rocky_8.yml
@@ -1,3 +1,5 @@
+#
+#
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
@@ -5,15 +7,25 @@
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
-
-# http://www.apache.org/licenses/LICENSE-2.0
-
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
+#
+
+---
-ansible~=2.3.1
-docker<3.0
+- name: install certbot and dependencies
+ dnf: name={{ item }} state=latest
+ with_items:
+ - certbot
+ - python3-acme
+ - python3-certbot-apache
+ - ca-certificates
+ become: true
+ become_user: root
diff --git a/dev-tools/ansible/roles/letsencrypt/tasks/main.yml b/dev-tools/ansible/roles/letsencrypt/tasks/main.yml
index 75a4956333..51d4bb5ef2 100644
--- a/dev-tools/ansible/roles/letsencrypt/tasks/main.yml
+++ b/dev-tools/ansible/roles/letsencrypt/tasks/main.yml
@@ -20,15 +20,7 @@
---
-- name: install certbot and dependencies
- yum: name={{ item }} state=installed update_cache=yes
- with_items:
- - certbot-1.11.0
- - python2-acme-1.11.0
- - python2-certbot-apache-1.11.0
- - ca-certificates-2021.2.50
- become: true
- become_user: root
+- include: install_deps_{{ ansible_distribution }}_{{ ansible_distribution_major_version }}.yml
when: ansible_os_family == "RedHat"
- name: add Certbot PPA repository