You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airavata.apache.org by ma...@apache.org on 2017/04/04 21:06:04 UTC

airavata git commit: Ansible handling of Apache SSL config

Repository: airavata
Updated Branches:
  refs/heads/master 749a84d9b -> ca9f93823


Ansible handling of Apache SSL config


Project: http://git-wip-us.apache.org/repos/asf/airavata/repo
Commit: http://git-wip-us.apache.org/repos/asf/airavata/commit/ca9f9382
Tree: http://git-wip-us.apache.org/repos/asf/airavata/tree/ca9f9382
Diff: http://git-wip-us.apache.org/repos/asf/airavata/diff/ca9f9382

Branch: refs/heads/master
Commit: ca9f938238fbbc79fc5ced5576fc580c49443f8f
Parents: 749a84d
Author: Marcus Christie <ma...@apache.org>
Authored: Tue Apr 4 17:04:36 2017 -0400
Committer: Marcus Christie <ma...@apache.org>
Committed: Tue Apr 4 17:04:36 2017 -0400

----------------------------------------------------------------------
 .../scigap/production/group_vars/all/vars.yml   |  4 ++
 .../production/group_vars/pga-seagrid/vars.yml  | 56 ++++++++++++++++++++
 .../production/group_vars/pga-seagrid/vault.yml | 18 +++++++
 .../ansible/inventories/scigap/production/hosts |  3 ++
 dev-tools/ansible/roles/pga/defaults/main.yml   |  5 +-
 dev-tools/ansible/roles/pga/tasks/main.yml      | 10 +++-
 .../roles/pga/templates/pga-ssl-vhost.conf.j2   | 29 ++++++++++
 .../roles/pga/templates/pga-vhost.conf.j2       |  3 ++
 8 files changed, 124 insertions(+), 4 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/airavata/blob/ca9f9382/dev-tools/ansible/inventories/scigap/production/group_vars/all/vars.yml
----------------------------------------------------------------------
diff --git a/dev-tools/ansible/inventories/scigap/production/group_vars/all/vars.yml b/dev-tools/ansible/inventories/scigap/production/group_vars/all/vars.yml
index ecc6641..3984024 100644
--- a/dev-tools/ansible/inventories/scigap/production/group_vars/all/vars.yml
+++ b/dev-tools/ansible/inventories/scigap/production/group_vars/all/vars.yml
@@ -111,6 +111,10 @@ monitor_email_password: "{{ vault_monitor_email_password }}"
 # PGA variables
 pga_repo: "https://github.com/apache/airavata-php-gateway.git"
 user_data_dir: "/var/www/portals/gateway-user-data"
+## Airavata Client related variables
+#airavata_server: "tls://gw77.iu.xsede.org"
+airavata_server: "tls://{{ groups['api-orch'][0] }}"
+airavata_port: "9930"
 
 # Sharing Registry related variables
 sharing_registry_host: "{{ groups['api-orch'][0] }}"

http://git-wip-us.apache.org/repos/asf/airavata/blob/ca9f9382/dev-tools/ansible/inventories/scigap/production/group_vars/pga-seagrid/vars.yml
----------------------------------------------------------------------
diff --git a/dev-tools/ansible/inventories/scigap/production/group_vars/pga-seagrid/vars.yml b/dev-tools/ansible/inventories/scigap/production/group_vars/pga-seagrid/vars.yml
new file mode 100644
index 0000000..90ac459
--- /dev/null
+++ b/dev-tools/ansible/inventories/scigap/production/group_vars/pga-seagrid/vars.yml
@@ -0,0 +1,56 @@
+#
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+
+---
+pga_repo: "https://github.com/apache/airavata-php-gateway.git"
+git_branch: "master"
+user: "pga"
+group: "pga"
+doc_root_dir: "/var/www/portals/{{ gateway_id }}"
+# TODO: disable SSL temporarily for testing
+#vhost_servername: "seagrid.org"
+#vhost_serveralias: "www.portal.seagrid.org"
+vhost_servername: "{{ groups['pga'][0][0] }}"
+vhost_ssl: False
+# TODO: have Ansible manage these files as well
+ssl_certificate_file: "/etc/pki/tls/certs/seagrid_org_cert.cer"
+ssl_certificate_chain_file: "/etc/pki/tls/certs/seagrid_org_interm.cer"
+ssl_certificate_key_file: "/etc/pki/tls/private/portal.seagrid.key"
+
+## WSO2 IS related variables
+tenant_domain: "prod.seagrid"
+admin_username: "admin"
+admin_password: "{{ vault_admin_password }}"
+oauth_client_key: "{{ vault_oauth_client_key }}"
+oauth_client_secret: "{{ vault_oauth_client_secret }}"
+
+gateway_id: "seagrid"
+# relative to document root dir
+experiment_data_dir: "{{ user_data_dir }}/seagrid"
+# TODO: fix this
+gateway_data_store_resource_id: "149.165.156.11_b5f26430-14d5-4372-8a7e-39b125aa640b"
+
+## Portal related variables
+super_admin_portal: "false"
+admin_emails: "['pamidigs@iu.edu', 'sgg@iu.edu']"
+portal_email_username: "pga.airavata@gmail.com"
+portal_email_password: "{{ vault_portal_email_password }}"
+
+...

http://git-wip-us.apache.org/repos/asf/airavata/blob/ca9f9382/dev-tools/ansible/inventories/scigap/production/group_vars/pga-seagrid/vault.yml
----------------------------------------------------------------------
diff --git a/dev-tools/ansible/inventories/scigap/production/group_vars/pga-seagrid/vault.yml b/dev-tools/ansible/inventories/scigap/production/group_vars/pga-seagrid/vault.yml
new file mode 100644
index 0000000..b253227
--- /dev/null
+++ b/dev-tools/ansible/inventories/scigap/production/group_vars/pga-seagrid/vault.yml
@@ -0,0 +1,18 @@
+$ANSIBLE_VAULT;1.1;AES256
+66333335376433663761356636313739303836383431366135633735663262366262663737613936
+6238613036636365653530353538373031623562373335300a316462306231653531613330303030
+61383138343832616162353239303331663164326635336566663666316232366562616633316139
+6365666632373662340a666238353135396239373062383331386137353134336539386636623237
+37326237326233303437386666646138666530663766376238366263653730353938363064663336
+62336662643831653833633835653666363134303830633834336162383265666131303434346466
+32323937663766323632396631616264326232613361333834303031636239333435343563396366
+35643766376466613535383938623038653634303035323065363031303032303835343866643330
+37303462333839313265353063613937623431336635623839386137353433396136623162333233
+62633536616437376366663566393430626533323232383733353761643738376366316631353562
+35366133373866393737653665326566353963643138633630393838643363633562623430373132
+62383531356430646633323933633130623935653139363566326232653965333764363238333137
+30663863363566353035393437316135303265643165353034326664656336623930613632376237
+62393231336539656636636530643863323834363130636238323732373738316265306665643962
+62333437313064623566386438636136613461373332343462613733623736666338333064346661
+62643035636435663135613437383036663034363536646634633966666633643033303634633639
+63396139343037353433613936333962366130333336333231353836353161636365

http://git-wip-us.apache.org/repos/asf/airavata/blob/ca9f9382/dev-tools/ansible/inventories/scigap/production/hosts
----------------------------------------------------------------------
diff --git a/dev-tools/ansible/inventories/scigap/production/hosts b/dev-tools/ansible/inventories/scigap/production/hosts
index 3d4d311..dbd7789 100644
--- a/dev-tools/ansible/inventories/scigap/production/hosts
+++ b/dev-tools/ansible/inventories/scigap/production/hosts
@@ -16,6 +16,9 @@ gf5.ucs.indiana.edu
 [gfac]
 gf6.ucs.indiana.edu
 
+[pga:children]
+pga-seagrid
+
 [pga-seagrid]
 gf4.ucs.indiana.edu
 

http://git-wip-us.apache.org/repos/asf/airavata/blob/ca9f9382/dev-tools/ansible/roles/pga/defaults/main.yml
----------------------------------------------------------------------
diff --git a/dev-tools/ansible/roles/pga/defaults/main.yml b/dev-tools/ansible/roles/pga/defaults/main.yml
index 19dc062..aec2ea6 100644
--- a/dev-tools/ansible/roles/pga/defaults/main.yml
+++ b/dev-tools/ansible/roles/pga/defaults/main.yml
@@ -19,11 +19,10 @@
 #
 
 ---
-pga_user: "pga"
-pga_group: "pga"
-doc_root_dir: "/var/www/html/php-gateway"
+doc_root_dir: "/var/www/{{ gateway_id }}"
 user_data_dir: "/var/www/user_data"
 vhost_servername: "{{ groups['pga'][0] }}"
+vhost_ssl: False
 httpd_confd_file_location:
  RedHat: "/etc/httpd/conf.d/pga-{{ gateway_id }}.conf"
  Debian: "/etc/apache2/sites-available/pga-{{ gateway_id }}.conf"

http://git-wip-us.apache.org/repos/asf/airavata/blob/ca9f9382/dev-tools/ansible/roles/pga/tasks/main.yml
----------------------------------------------------------------------
diff --git a/dev-tools/ansible/roles/pga/tasks/main.yml b/dev-tools/ansible/roles/pga/tasks/main.yml
index 3018f1c..8caa24b 100644
--- a/dev-tools/ansible/roles/pga/tasks/main.yml
+++ b/dev-tools/ansible/roles/pga/tasks/main.yml
@@ -84,8 +84,16 @@
     - https
   become: yes
 
-- name: copy httpd.conf file
+- name: copy virtual host config file
   template: src=pga-vhost.conf.j2 dest={{ httpd_confd_file_location[ansible_os_family] }} backup=yes
   become: yes
   notify:
     - restart httpd
+  when: not vhost_ssl
+
+- name: copy SSL enabled virtual host config file
+  template: src=pga-ssl-vhost.conf.j2 dest={{ httpd_confd_file_location[ansible_os_family] }} backup=yes
+  become: yes
+  notify:
+    - restart httpd
+  when: vhost_ssl

http://git-wip-us.apache.org/repos/asf/airavata/blob/ca9f9382/dev-tools/ansible/roles/pga/templates/pga-ssl-vhost.conf.j2
----------------------------------------------------------------------
diff --git a/dev-tools/ansible/roles/pga/templates/pga-ssl-vhost.conf.j2 b/dev-tools/ansible/roles/pga/templates/pga-ssl-vhost.conf.j2
new file mode 100644
index 0000000..b55697d
--- /dev/null
+++ b/dev-tools/ansible/roles/pga/templates/pga-ssl-vhost.conf.j2
@@ -0,0 +1,29 @@
+<VirtualHost *:80>
+    ServerName {{ vhost_servername }}
+    {% if vhost_serveralias is defined %}
+    ServerAlias {{ vhost_serveralias }}
+    {% endif %}
+
+    ## Redirect all http traffic to https
+    RewriteEngine On
+    RewriteCond %{HTTPS} off
+    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
+</VirtualHost>
+
+<VirtualHost *:443>
+    ServerName {{ vhost_servername }}
+    {% if vhost_serveralias is defined %}
+    ServerAlias {{ vhost_serveralias }}
+    {% endif %}
+
+    DocumentRoot {{ doc_root_dir }}/public
+    <Directory "{{ doc_root_dir }}/public">
+       AllowOverride All
+    </Directory>
+    ErrorLog {{ httpd_log_dir[ansible_os_family] }}/{{ gateway_id }}.error.log
+    CustomLog {{ httpd_log_dir[ansible_os_family] }}/{{ gateway_id }}.requests.log combined
+    SSLEngine on
+    SSLCertificateFile {{ ssl_certificate_file }}
+    SSLCertificateChainFile {{ ssl_certificate_chain_file }}
+    SSLCertificateKeyFile {{ ssl_certificate_key_file }}
+</VirtualHost>

http://git-wip-us.apache.org/repos/asf/airavata/blob/ca9f9382/dev-tools/ansible/roles/pga/templates/pga-vhost.conf.j2
----------------------------------------------------------------------
diff --git a/dev-tools/ansible/roles/pga/templates/pga-vhost.conf.j2 b/dev-tools/ansible/roles/pga/templates/pga-vhost.conf.j2
index 59e8406..0305ef2 100644
--- a/dev-tools/ansible/roles/pga/templates/pga-vhost.conf.j2
+++ b/dev-tools/ansible/roles/pga/templates/pga-vhost.conf.j2
@@ -1,5 +1,8 @@
 <VirtualHost *:80>
     ServerName {{ vhost_servername }}
+    {% if vhost_serveralias is defined %}
+    ServerAlias {{ vhost_serveralias }}
+    {% endif %}
 
     DocumentRoot {{ doc_root_dir }}/public
     <Directory "{{ doc_root_dir }}/public">