You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airavata.apache.org by ma...@apache.org on 2020/01/15 20:39:05 UTC
[airavata] 02/02: Ansible: move simccs to dedicated vm
This is an automated email from the ASF dual-hosted git repository.
machristie pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/airavata.git
commit 2aa1e53c5a171b9be40c9abf8332c6463eb65c49
Author: Marcus Christie <ma...@apache.org>
AuthorDate: Wed Jan 15 15:38:40 2020 -0500
Ansible: move simccs to dedicated vm
---
.../newsimccs/files/django-ssl-vhost.conf.j2 | 82 ----------------------
.../scigap/production/host_vars/newsimccs/vars.yml | 70 ------------------
.../production/host_vars/newsimccs/vault.yml | 15 ----
.../scigap/production/host_vars/simccs/vars.yml | 15 ++--
.../ansible/inventories/scigap/production/hosts | 3 +-
5 files changed, 12 insertions(+), 173 deletions(-)
diff --git a/dev-tools/ansible/inventories/scigap/production/host_vars/newsimccs/files/django-ssl-vhost.conf.j2 b/dev-tools/ansible/inventories/scigap/production/host_vars/newsimccs/files/django-ssl-vhost.conf.j2
deleted file mode 100644
index b6be6da..0000000
--- a/dev-tools/ansible/inventories/scigap/production/host_vars/newsimccs/files/django-ssl-vhost.conf.j2
+++ /dev/null
@@ -1,82 +0,0 @@
-{#
-#
-#
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-#
-#}
-
-{% if vhost_server_redirect is defined %}
-<VirtualHost *:{{httpd_default_http_port}}>
- ServerName {{ vhost_server_redirect }}
- Redirect "/" "https://{{ vhost_servername }}"
-</VirtualHost>
-{% endif %}
-
-<VirtualHost *:{{ httpd_default_http_port }}>
- ServerName {{ vhost_servername }}
-
- ## Redirect all http traffic to https
- RewriteEngine On
- RewriteCond %{HTTPS} off
- RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
-</VirtualHost>
-
-<VirtualHost *:{{ httpd_default_https_port }}>
- ServerName {{ vhost_servername }}
-
- # Reverse proxy to geoserver on gf8
- ProxyPass /geoserver "http://gf8.ucs.indiana.edu/geoserver"
- ProxyPassReverse /geoserver "http://gf8.ucs.indiana.edu/geoserver"
-
- Alias /robots.txt {{ doc_root_dir }}/static/robots.txt
- Alias /favicon.ico {{ doc_root_dir }}/static/favicon.ico
-
- Alias /static/ {{ doc_root_dir }}/static/
-
- <Directory {{ doc_root_dir }}/static>
- Require all granted
- AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/javascript
- </Directory>
-
- Alias /media/ {{ airavata_django_checkout }}/django_airavata/media/
-
- <Directory {{ airavata_django_checkout }}/django_airavata/media>
- Require all granted
- </Directory>
-
- WSGIDaemonProcess {{ vhost_servername }} display-name=%{GROUP} python-home={{ doc_root_dir }}/venv python-path={{ doc_root_dir }}/airavata-django-portal processes={{ django_wsgi_processes }} user={{ user }} group={{ group }}
- WSGIProcessGroup {{ vhost_servername }}
-
- WSGIScriptAlias / {{ doc_root_dir }}/airavata-django-portal/django_airavata/wsgi.py
-
- <Directory {{ doc_root_dir }}/airavata-django-portal/django_airavata>
- <Files wsgi.py>
- Require all granted
- </Files>
- </Directory>
-
- ErrorLog {{ httpd_log_dir[ansible_os_family] }}/django-{{ gateway_id }}.error.log
- CustomLog {{ httpd_log_dir[ansible_os_family] }}/django-{{ gateway_id }}.requests.log combined
-
- SSLEngine on
- # Disable SSLv3 which is vulnerable to the POODLE attack
- SSLProtocol All -SSLv2 -SSLv3
- SSLCertificateFile {{ ssl_certificate_file }}
- SSLCertificateChainFile {{ ssl_certificate_chain_file }}
- SSLCertificateKeyFile {{ ssl_certificate_key_file }}
-</VirtualHost>
diff --git a/dev-tools/ansible/inventories/scigap/production/host_vars/newsimccs/vars.yml b/dev-tools/ansible/inventories/scigap/production/host_vars/newsimccs/vars.yml
deleted file mode 100644
index fae82fb..0000000
--- a/dev-tools/ansible/inventories/scigap/production/host_vars/newsimccs/vars.yml
+++ /dev/null
@@ -1,70 +0,0 @@
-#
-#
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-#
-
----
-
-# NOTE: simccs is deployed on scigap11
-gateway_data_store_hostname: "scigap11.sciencegateways.iu.edu"
-gateway_data_store_resource_id: "scigap11.sciencegateways.iu.edu_96b8dcec-ac84-438a-9927-91baaf87758b"
-
-django_tus_endpoint: "https://tus.simccs.scigap.org/files/"
-
-airavata_django_extra_dependencies:
- # Need to separately install cython in the VM or do two deploys, one with
- # just cython, then a second with the other dependencies. Reason: pyjnius
- # requires that cython already be installed and they can't both be installed
- # at the same time.
- - cython
- - git+https://github.com/SciGaP/simccs-maptool.git#egg=simccs-maptool
- - pyjnius
-
-django_extra_settings:
- JAVA_HOME: "/usr/java/default"
- MAPTOOL_SETTINGS:
- CPLEX_APPLICATION_ID: "cplex-solver_99721933-c9e4-4285-9ef1-d035ca82b541"
- DATASETS_DIR: "/data/gateway-user-data/simccs-datasets"
-
-vhost_servername: "simccs.scigap.org"
-vhost_ssl: true
-ssl_certificate_file: "/etc/letsencrypt/live/simccs.scigap.org/cert.pem"
-ssl_certificate_chain_file: "/etc/letsencrypt/live/simccs.scigap.org/fullchain.pem"
-ssl_certificate_key_file: "/etc/letsencrypt/live/simccs.scigap.org/privkey.pem"
-
-## Keycloak related variables
-tenant_domain: "iu-geology-survey"
-oauth_client_key: "{{ vault_oauth_client_key }}"
-oauth_client_secret: "{{ vault_oauth_client_secret }}"
-
-auth_options:
- password:
- name: "SimCCS"
- external:
- - name: "existing institution credentials"
- idp_alias: "cilogon"
- logo: "images/cilogon-logo-24x24-b.png"
-
-gateway_id: "iu-geology-survey"
-experiment_data_dir: "{{ user_data_dir }}/iu-geology-survey"
-gateway_data_store_ssh_public_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDEuA1indjdczBXg2qrmD0bB0QfKq0u2q3o25DegTaty5LoogW+APEvXmwc2g6PzkM75MgfMsTErMQaQ3/PoElADQKg2/NePz05YWobn9zrPZFeRWfOqWMjFDx72cffHKBzgnahFDBlR/YJhf4IZJ+EOA1zMiMF2oZQmEYQtbQFhbKPF+jrScEQeuXVuXWSS2sKNAVKj3pY4kmi9kEOYELee/O6ghBUfrVhB95vDKJPgmQSuo3pgkLRdflTBSAQ54UchwjXi2RA9Xv0RXJF/JyyRGn6bSbRxYhsm5RJeiBVj4ua7p2b36rSYVqtVsTKEonx5kYdKzwyjJXWpjB2KtQp"
-
-admin_emails: "[('SGRC', 'sgrc-iu-group@iu.edu'), ('Kevin Ellett', 'kmellett@indiana.edu'),('Ryan Kammer', 'rkammer@indiana.edu'), ('Eroma Abeysinghe', 'eabeysin@iu.edu')]"
-portal_title: "SimCCS Portal"
-
-...
diff --git a/dev-tools/ansible/inventories/scigap/production/host_vars/newsimccs/vault.yml b/dev-tools/ansible/inventories/scigap/production/host_vars/newsimccs/vault.yml
deleted file mode 100644
index 7de5f3c..0000000
--- a/dev-tools/ansible/inventories/scigap/production/host_vars/newsimccs/vault.yml
+++ /dev/null
@@ -1,15 +0,0 @@
-$ANSIBLE_VAULT;1.1;AES256
-32303938663931376464373435373336356365613066333233363261633334333266633064633730
-3937316131366235636466623763333833326635376433630a613563623734333362333332346630
-34666338323132333037643337353962313165663762376462383962313537306662313665363063
-3337376331373535650a333936393135333364613764656362353731613135623363333330343031
-33343063333134393166393666336562646135333930346237316264333263363232653464353938
-31613062653563326564613237666338346564626136666362653463396435386565633537383363
-37306463663131333032663763383334373232316266343165636632336365353665313331393336
-62323262333633653930626536313839333562653062653834333163633833386131303332333031
-37303831376265313034373134666538333333656438306134653464306433326232356133353832
-65383062653265333966326631393666303032353937343835663636646439633738613266393430
-30363566383538373363653765326239393535373663616661393164373031356230356165386338
-37353261343463363635353131366232393532383930373734623036613234396531386538343834
-30353333653837346530376664373661363434373232396132666339313931323732666661373064
-3634393163613436326430353838363561633639353535633538
diff --git a/dev-tools/ansible/inventories/scigap/production/host_vars/simccs/vars.yml b/dev-tools/ansible/inventories/scigap/production/host_vars/simccs/vars.yml
index 7cfb011..fae82fb 100644
--- a/dev-tools/ansible/inventories/scigap/production/host_vars/simccs/vars.yml
+++ b/dev-tools/ansible/inventories/scigap/production/host_vars/simccs/vars.yml
@@ -19,6 +19,13 @@
#
---
+
+# NOTE: simccs is deployed on scigap11
+gateway_data_store_hostname: "scigap11.sciencegateways.iu.edu"
+gateway_data_store_resource_id: "scigap11.sciencegateways.iu.edu_96b8dcec-ac84-438a-9927-91baaf87758b"
+
+django_tus_endpoint: "https://tus.simccs.scigap.org/files/"
+
airavata_django_extra_dependencies:
# Need to separately install cython in the VM or do two deploys, one with
# just cython, then a second with the other dependencies. Reason: pyjnius
@@ -34,11 +41,11 @@ django_extra_settings:
CPLEX_APPLICATION_ID: "cplex-solver_99721933-c9e4-4285-9ef1-d035ca82b541"
DATASETS_DIR: "/data/gateway-user-data/simccs-datasets"
-vhost_servername: "simccs.org"
+vhost_servername: "simccs.scigap.org"
vhost_ssl: true
-ssl_certificate_file: "/etc/letsencrypt/live/simccs.org/cert.pem"
-ssl_certificate_chain_file: "/etc/letsencrypt/live/simccs.org/fullchain.pem"
-ssl_certificate_key_file: "/etc/letsencrypt/live/simccs.org/privkey.pem"
+ssl_certificate_file: "/etc/letsencrypt/live/simccs.scigap.org/cert.pem"
+ssl_certificate_chain_file: "/etc/letsencrypt/live/simccs.scigap.org/fullchain.pem"
+ssl_certificate_key_file: "/etc/letsencrypt/live/simccs.scigap.org/privkey.pem"
## Keycloak related variables
tenant_domain: "iu-geology-survey"
diff --git a/dev-tools/ansible/inventories/scigap/production/hosts b/dev-tools/ansible/inventories/scigap/production/hosts
index 6536e6e..c423963 100644
--- a/dev-tools/ansible/inventories/scigap/production/hosts
+++ b/dev-tools/ansible/inventories/scigap/production/hosts
@@ -48,7 +48,6 @@ saverx ansible_host=156.56.104.84
sdstate ansible_host=156.56.104.84
seagrid ansible_host=156.56.104.84
searchsra ansible_host=156.56.104.84
-simccs ansible_host=156.56.104.84
simvascular ansible_host=156.56.104.84
snowvision ansible_host=156.56.104.84
southdakota ansible_host=156.56.104.84
@@ -68,4 +67,4 @@ futurewater ansible_host=149.165.171.92 ansible_user=centos
delta ansible_host=149.165.169.250 ansible_user=centos
# simccs server
-newsimccs ansible_host=scigap11.sciencegateways.iu.edu ansible_user=root
+simccs ansible_host=scigap11.sciencegateways.iu.edu ansible_user=root