You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airavata.apache.org by ma...@apache.org on 2017/04/04 21:06:04 UTC
airavata git commit: Ansible handling of Apache SSL config
Repository: airavata
Updated Branches:
refs/heads/master 749a84d9b -> ca9f93823
Ansible handling of Apache SSL config
Project: http://git-wip-us.apache.org/repos/asf/airavata/repo
Commit: http://git-wip-us.apache.org/repos/asf/airavata/commit/ca9f9382
Tree: http://git-wip-us.apache.org/repos/asf/airavata/tree/ca9f9382
Diff: http://git-wip-us.apache.org/repos/asf/airavata/diff/ca9f9382
Branch: refs/heads/master
Commit: ca9f938238fbbc79fc5ced5576fc580c49443f8f
Parents: 749a84d
Author: Marcus Christie <ma...@apache.org>
Authored: Tue Apr 4 17:04:36 2017 -0400
Committer: Marcus Christie <ma...@apache.org>
Committed: Tue Apr 4 17:04:36 2017 -0400
----------------------------------------------------------------------
.../scigap/production/group_vars/all/vars.yml | 4 ++
.../production/group_vars/pga-seagrid/vars.yml | 56 ++++++++++++++++++++
.../production/group_vars/pga-seagrid/vault.yml | 18 +++++++
.../ansible/inventories/scigap/production/hosts | 3 ++
dev-tools/ansible/roles/pga/defaults/main.yml | 5 +-
dev-tools/ansible/roles/pga/tasks/main.yml | 10 +++-
.../roles/pga/templates/pga-ssl-vhost.conf.j2 | 29 ++++++++++
.../roles/pga/templates/pga-vhost.conf.j2 | 3 ++
8 files changed, 124 insertions(+), 4 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/airavata/blob/ca9f9382/dev-tools/ansible/inventories/scigap/production/group_vars/all/vars.yml
----------------------------------------------------------------------
diff --git a/dev-tools/ansible/inventories/scigap/production/group_vars/all/vars.yml b/dev-tools/ansible/inventories/scigap/production/group_vars/all/vars.yml
index ecc6641..3984024 100644
--- a/dev-tools/ansible/inventories/scigap/production/group_vars/all/vars.yml
+++ b/dev-tools/ansible/inventories/scigap/production/group_vars/all/vars.yml
@@ -111,6 +111,10 @@ monitor_email_password: "{{ vault_monitor_email_password }}"
# PGA variables
pga_repo: "https://github.com/apache/airavata-php-gateway.git"
user_data_dir: "/var/www/portals/gateway-user-data"
+## Airavata Client related variables
+#airavata_server: "tls://gw77.iu.xsede.org"
+airavata_server: "tls://{{ groups['api-orch'][0] }}"
+airavata_port: "9930"
# Sharing Registry related variables
sharing_registry_host: "{{ groups['api-orch'][0] }}"
http://git-wip-us.apache.org/repos/asf/airavata/blob/ca9f9382/dev-tools/ansible/inventories/scigap/production/group_vars/pga-seagrid/vars.yml
----------------------------------------------------------------------
diff --git a/dev-tools/ansible/inventories/scigap/production/group_vars/pga-seagrid/vars.yml b/dev-tools/ansible/inventories/scigap/production/group_vars/pga-seagrid/vars.yml
new file mode 100644
index 0000000..90ac459
--- /dev/null
+++ b/dev-tools/ansible/inventories/scigap/production/group_vars/pga-seagrid/vars.yml
@@ -0,0 +1,56 @@
+#
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+
+---
+pga_repo: "https://github.com/apache/airavata-php-gateway.git"
+git_branch: "master"
+user: "pga"
+group: "pga"
+doc_root_dir: "/var/www/portals/{{ gateway_id }}"
+# TODO: disable SSL temporarily for testing
+#vhost_servername: "seagrid.org"
+#vhost_serveralias: "www.portal.seagrid.org"
+vhost_servername: "{{ groups['pga'][0][0] }}"
+vhost_ssl: False
+# TODO: have Ansible manage these files as well
+ssl_certificate_file: "/etc/pki/tls/certs/seagrid_org_cert.cer"
+ssl_certificate_chain_file: "/etc/pki/tls/certs/seagrid_org_interm.cer"
+ssl_certificate_key_file: "/etc/pki/tls/private/portal.seagrid.key"
+
+## WSO2 IS related variables
+tenant_domain: "prod.seagrid"
+admin_username: "admin"
+admin_password: "{{ vault_admin_password }}"
+oauth_client_key: "{{ vault_oauth_client_key }}"
+oauth_client_secret: "{{ vault_oauth_client_secret }}"
+
+gateway_id: "seagrid"
+# relative to document root dir
+experiment_data_dir: "{{ user_data_dir }}/seagrid"
+# TODO: fix this
+gateway_data_store_resource_id: "149.165.156.11_b5f26430-14d5-4372-8a7e-39b125aa640b"
+
+## Portal related variables
+super_admin_portal: "false"
+admin_emails: "['pamidigs@iu.edu', 'sgg@iu.edu']"
+portal_email_username: "pga.airavata@gmail.com"
+portal_email_password: "{{ vault_portal_email_password }}"
+
+...
http://git-wip-us.apache.org/repos/asf/airavata/blob/ca9f9382/dev-tools/ansible/inventories/scigap/production/group_vars/pga-seagrid/vault.yml
----------------------------------------------------------------------
diff --git a/dev-tools/ansible/inventories/scigap/production/group_vars/pga-seagrid/vault.yml b/dev-tools/ansible/inventories/scigap/production/group_vars/pga-seagrid/vault.yml
new file mode 100644
index 0000000..b253227
--- /dev/null
+++ b/dev-tools/ansible/inventories/scigap/production/group_vars/pga-seagrid/vault.yml
@@ -0,0 +1,18 @@
+$ANSIBLE_VAULT;1.1;AES256
+66333335376433663761356636313739303836383431366135633735663262366262663737613936
+6238613036636365653530353538373031623562373335300a316462306231653531613330303030
+61383138343832616162353239303331663164326635336566663666316232366562616633316139
+6365666632373662340a666238353135396239373062383331386137353134336539386636623237
+37326237326233303437386666646138666530663766376238366263653730353938363064663336
+62336662643831653833633835653666363134303830633834336162383265666131303434346466
+32323937663766323632396631616264326232613361333834303031636239333435343563396366
+35643766376466613535383938623038653634303035323065363031303032303835343866643330
+37303462333839313265353063613937623431336635623839386137353433396136623162333233
+62633536616437376366663566393430626533323232383733353761643738376366316631353562
+35366133373866393737653665326566353963643138633630393838643363633562623430373132
+62383531356430646633323933633130623935653139363566326232653965333764363238333137
+30663863363566353035393437316135303265643165353034326664656336623930613632376237
+62393231336539656636636530643863323834363130636238323732373738316265306665643962
+62333437313064623566386438636136613461373332343462613733623736666338333064346661
+62643035636435663135613437383036663034363536646634633966666633643033303634633639
+63396139343037353433613936333962366130333336333231353836353161636365
http://git-wip-us.apache.org/repos/asf/airavata/blob/ca9f9382/dev-tools/ansible/inventories/scigap/production/hosts
----------------------------------------------------------------------
diff --git a/dev-tools/ansible/inventories/scigap/production/hosts b/dev-tools/ansible/inventories/scigap/production/hosts
index 3d4d311..dbd7789 100644
--- a/dev-tools/ansible/inventories/scigap/production/hosts
+++ b/dev-tools/ansible/inventories/scigap/production/hosts
@@ -16,6 +16,9 @@ gf5.ucs.indiana.edu
[gfac]
gf6.ucs.indiana.edu
+[pga:children]
+pga-seagrid
+
[pga-seagrid]
gf4.ucs.indiana.edu
http://git-wip-us.apache.org/repos/asf/airavata/blob/ca9f9382/dev-tools/ansible/roles/pga/defaults/main.yml
----------------------------------------------------------------------
diff --git a/dev-tools/ansible/roles/pga/defaults/main.yml b/dev-tools/ansible/roles/pga/defaults/main.yml
index 19dc062..aec2ea6 100644
--- a/dev-tools/ansible/roles/pga/defaults/main.yml
+++ b/dev-tools/ansible/roles/pga/defaults/main.yml
@@ -19,11 +19,10 @@
#
---
-pga_user: "pga"
-pga_group: "pga"
-doc_root_dir: "/var/www/html/php-gateway"
+doc_root_dir: "/var/www/{{ gateway_id }}"
user_data_dir: "/var/www/user_data"
vhost_servername: "{{ groups['pga'][0] }}"
+vhost_ssl: False
httpd_confd_file_location:
RedHat: "/etc/httpd/conf.d/pga-{{ gateway_id }}.conf"
Debian: "/etc/apache2/sites-available/pga-{{ gateway_id }}.conf"
http://git-wip-us.apache.org/repos/asf/airavata/blob/ca9f9382/dev-tools/ansible/roles/pga/tasks/main.yml
----------------------------------------------------------------------
diff --git a/dev-tools/ansible/roles/pga/tasks/main.yml b/dev-tools/ansible/roles/pga/tasks/main.yml
index 3018f1c..8caa24b 100644
--- a/dev-tools/ansible/roles/pga/tasks/main.yml
+++ b/dev-tools/ansible/roles/pga/tasks/main.yml
@@ -84,8 +84,16 @@
- https
become: yes
-- name: copy httpd.conf file
+- name: copy virtual host config file
template: src=pga-vhost.conf.j2 dest={{ httpd_confd_file_location[ansible_os_family] }} backup=yes
become: yes
notify:
- restart httpd
+ when: not vhost_ssl
+
+- name: copy SSL enabled virtual host config file
+ template: src=pga-ssl-vhost.conf.j2 dest={{ httpd_confd_file_location[ansible_os_family] }} backup=yes
+ become: yes
+ notify:
+ - restart httpd
+ when: vhost_ssl
http://git-wip-us.apache.org/repos/asf/airavata/blob/ca9f9382/dev-tools/ansible/roles/pga/templates/pga-ssl-vhost.conf.j2
----------------------------------------------------------------------
diff --git a/dev-tools/ansible/roles/pga/templates/pga-ssl-vhost.conf.j2 b/dev-tools/ansible/roles/pga/templates/pga-ssl-vhost.conf.j2
new file mode 100644
index 0000000..b55697d
--- /dev/null
+++ b/dev-tools/ansible/roles/pga/templates/pga-ssl-vhost.conf.j2
@@ -0,0 +1,29 @@
+<VirtualHost *:80>
+ ServerName {{ vhost_servername }}
+ {% if vhost_serveralias is defined %}
+ ServerAlias {{ vhost_serveralias }}
+ {% endif %}
+
+ ## Redirect all http traffic to https
+ RewriteEngine On
+ RewriteCond %{HTTPS} off
+ RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
+</VirtualHost>
+
+<VirtualHost *:443>
+ ServerName {{ vhost_servername }}
+ {% if vhost_serveralias is defined %}
+ ServerAlias {{ vhost_serveralias }}
+ {% endif %}
+
+ DocumentRoot {{ doc_root_dir }}/public
+ <Directory "{{ doc_root_dir }}/public">
+ AllowOverride All
+ </Directory>
+ ErrorLog {{ httpd_log_dir[ansible_os_family] }}/{{ gateway_id }}.error.log
+ CustomLog {{ httpd_log_dir[ansible_os_family] }}/{{ gateway_id }}.requests.log combined
+ SSLEngine on
+ SSLCertificateFile {{ ssl_certificate_file }}
+ SSLCertificateChainFile {{ ssl_certificate_chain_file }}
+ SSLCertificateKeyFile {{ ssl_certificate_key_file }}
+</VirtualHost>
http://git-wip-us.apache.org/repos/asf/airavata/blob/ca9f9382/dev-tools/ansible/roles/pga/templates/pga-vhost.conf.j2
----------------------------------------------------------------------
diff --git a/dev-tools/ansible/roles/pga/templates/pga-vhost.conf.j2 b/dev-tools/ansible/roles/pga/templates/pga-vhost.conf.j2
index 59e8406..0305ef2 100644
--- a/dev-tools/ansible/roles/pga/templates/pga-vhost.conf.j2
+++ b/dev-tools/ansible/roles/pga/templates/pga-vhost.conf.j2
@@ -1,5 +1,8 @@
<VirtualHost *:80>
ServerName {{ vhost_servername }}
+ {% if vhost_serveralias is defined %}
+ ServerAlias {{ vhost_serveralias }}
+ {% endif %}
DocumentRoot {{ doc_root_dir }}/public
<Directory "{{ doc_root_dir }}/public">