WIP
diff --git a/dev-tools/ansible/inventories/scigap/develop/group_vars/all/vars.yml b/dev-tools/ansible/inventories/scigap/develop/group_vars/all/vars.yml
index ac50e8a..d3bdf30 100644
--- a/dev-tools/ansible/inventories/scigap/develop/group_vars/all/vars.yml
+++ b/dev-tools/ansible/inventories/scigap/develop/group_vars/all/vars.yml
@@ -21,6 +21,10 @@
---
ansible_connection: ssh
ansible_user: centos
+# https://stackoverflow.com/a/41431540
+# ansible_python_interpreter: /usr/bin/python3
+# ansible_python_interpreter: /usr/bin/python2
+
user: airavata
group: airavata
diff --git a/dev-tools/ansible/inventories/scigap/develop/group_vars/django/vars.yml b/dev-tools/ansible/inventories/scigap/develop/group_vars/django/vars.yml
index b5e9ba4..f3560f9 100644
--- a/dev-tools/ansible/inventories/scigap/develop/group_vars/django/vars.yml
+++ b/dev-tools/ansible/inventories/scigap/develop/group_vars/django/vars.yml
@@ -21,16 +21,19 @@
---
user: "pga"
group: "pga"
-gateway_data_store_hostname: "pgadev.scigap.org"
-gateway_data_store_resource_id: "pgadev.scigap.org_7ddf28fd-d503-4ff8-bbc5-3279a7c3b99e"
+gateway_data_store_hostname: "web.dev.scigap.org"
+# TODO: setup storage resource
+# gateway_data_store_resource_id: "pgadev.scigap.org_7ddf28fd-d503-4ff8-bbc5-3279a7c3b99e"
+gateway_data_store_resource_id: "web.dev.scigap.org_ba01452f-44e5-4e03-b35f-756630539198"
django_wsgi_processes: 1
doc_root_dir: "/var/www/portals/django-{{gateway_id}}"
admin_emails: "[('SGRC Group', 'sgrc-iu-group@iu.edu')]"
django_error_emails: "[('Marcus Christie', 'machrist@iu.edu'), ('Eroma Abeysinghe', 'eabeysin@iu.edu')]"
django_database_name: "django_{{ gateway_id }}"
django_hidden_airavata_apps: "['django_airavata_dataparsers']"
-tusd_vhost_servername: "tus.dev.scigap.org"
-tusd_upload_dir: "{{real_user_data_dir}}/tus-temp-dir"
+# TODO: setup tusd server
+# tusd_vhost_servername: "tus.dev.scigap.org"
+# tusd_upload_dir: "{{real_user_data_dir}}/tus-temp-dir"
airavata_django_git_branch: "develop"
# django_keycloak_ca_certfile_path: 'os.path.join(BASE_DIR, "django_airavata", "resources", "incommon_rsa_server_ca.pem")'
cilogon_userinfo_url: "https://cilogon.org/oauth2/userinfo"
diff --git a/dev-tools/ansible/inventories/scigap/develop/host_vars/geo/vars.yml b/dev-tools/ansible/inventories/scigap/develop/host_vars/geo/vars.yml
index 7a06a2c..c9bb4ba 100644
--- a/dev-tools/ansible/inventories/scigap/develop/host_vars/geo/vars.yml
+++ b/dev-tools/ansible/inventories/scigap/develop/host_vars/geo/vars.yml
@@ -21,19 +21,16 @@
---
airavata_django_extra_dependencies:
- - "git+https://github.com/GeoGateway/geogateway-django-app.git@master#egg=geogateway_django_app"
+ # - "git+https://github.com/GeoGateway/geogateway-django-app.git@master#egg=geogateway_django_app"
-# No symlink, user_data_dir is same as real_user_data_dir
-user_data_dir: "{{ real_user_data_dir }}"
-#airavata_django_git_branch: "simccs"
-vhost_servername: "beta.geogateway.scigap.org"
-vhost_ssl: true
-# tus isn't setup yet
-tusd_vhost_servername:
-# sudo certbot --apache certonly -d django.simccs.scigap.org
-ssl_certificate_file: "/etc/letsencrypt/live/beta.geogateway.scigap.org/cert.pem"
-ssl_certificate_chain_file: "/etc/letsencrypt/live/beta.geogateway.scigap.org/fullchain.pem"
-ssl_certificate_key_file: "/etc/letsencrypt/live/beta.geogateway.scigap.org/privkey.pem"
+vhost_servername: "geogateway.js2.scigap.org"
+vhost_ssl: True
+ssl_certificate_file: "/etc/letsencrypt/live/{{ vhost_servername }}/cert.pem"
+ssl_certificate_chain_file: "/etc/letsencrypt/live/{{ vhost_servername }}/fullchain.pem"
+ssl_certificate_key_file: "/etc/letsencrypt/live/{{ vhost_servername }}/privkey.pem"
+
+real_user_data_dir: "/media/volume/sdb/gateway-user-data"
+
django_extra_settings:
LOGIN_REDIRECT_URL: "/geogateway_django_app/"
@@ -46,6 +43,7 @@
auth_options:
password:
name: "Beta GEO"
+ hidden: true
external:
- name: "Existing Institute Login"
idp_alias: "cilogon"
diff --git a/dev-tools/ansible/inventories/scigap/develop/host_vars/interactwel/vars.yml b/dev-tools/ansible/inventories/scigap/develop/host_vars/interactwel/vars.yml
index 5d19dd9..8706257 100644
--- a/dev-tools/ansible/inventories/scigap/develop/host_vars/interactwel/vars.yml
+++ b/dev-tools/ansible/inventories/scigap/develop/host_vars/interactwel/vars.yml
@@ -20,18 +20,17 @@
---
#airavata_django_git_branch: "simccs"
-#vhost_servername: "django.interactwel.scigap.org"
-vhost_servername: "interactwel.org"
-vhost_server_redirect: "www.interactwel.org"
-vhost_ssl: true
-# sudo certbot --apache certonly -d django.simccs.scigap.org
-ssl_certificate_file: "/etc/letsencrypt/live/interactwel.org/cert.pem"
-ssl_certificate_chain_file: "/etc/letsencrypt/live/interactwel.org/fullchain.pem"
-ssl_certificate_key_file: "/etc/letsencrypt/live/interactwel.org/privkey.pem"
+vhost_servername: "interactwel.js2.scigap.org"
+vhost_ssl: True
+ssl_certificate_file: "/etc/letsencrypt/live/{{ vhost_servername }}/cert.pem"
+ssl_certificate_chain_file: "/etc/letsencrypt/live/{{ vhost_servername }}/fullchain.pem"
+ssl_certificate_key_file: "/etc/letsencrypt/live/{{ vhost_servername }}/privkey.pem"
+
+real_user_data_dir: "/media/volume/sdb/gateway-user-data"
interactwel_django_app_branch: "api-integration"
airavata_django_extra_dependencies:
- - git+https://github.com/InterACTWEL/interactactwel-django-app.git@{{ interactwel_django_app_branch }}#egg=interactwel-django-app
+ # - git+https://github.com/InterACTWEL/interactactwel-django-app.git@{{ interactwel_django_app_branch }}#egg=interactwel-django-app
django_extra_settings:
LOGIN_REDIRECT_URL: "/interactwel/"
@@ -44,6 +43,7 @@
auth_options:
password:
name: "InterACTWEL"
+ hidden: true
external:
- name: "CILogon"
idp_alias: "cilogon"
diff --git a/dev-tools/ansible/inventories/scigap/develop/host_vars/rnamake/vars.yml b/dev-tools/ansible/inventories/scigap/develop/host_vars/rnamake/vars.yml
index 624a742..b7ea8d6 100644
--- a/dev-tools/ansible/inventories/scigap/develop/host_vars/rnamake/vars.yml
+++ b/dev-tools/ansible/inventories/scigap/develop/host_vars/rnamake/vars.yml
@@ -20,12 +20,13 @@
---
#airavata_django_git_branch: "simccs"
-vhost_servername: "dev.rnamake.scigap.org"
-vhost_ssl: true
-# sudo certbot --apache certonly -d django.simccs.scigap.org
-ssl_certificate_file: "/etc/letsencrypt/live/dev.rnamake.scigap.org/cert.pem"
-ssl_certificate_chain_file: "/etc/letsencrypt/live/dev.rnamake.scigap.org/fullchain.pem"
-ssl_certificate_key_file: "/etc/letsencrypt/live/dev.rnamake.scigap.org/privkey.pem"
+vhost_servername: "rnamake.js2.scigap.org"
+vhost_ssl: True
+ssl_certificate_file: "/etc/letsencrypt/live/{{ vhost_servername }}/cert.pem"
+ssl_certificate_chain_file: "/etc/letsencrypt/live/{{ vhost_servername }}/fullchain.pem"
+ssl_certificate_key_file: "/etc/letsencrypt/live/{{ vhost_servername }}/privkey.pem"
+
+real_user_data_dir: "/media/volume/sdb/gateway-user-data"
## Keycloak related variables
tenant_domain: "rnamake"
@@ -35,6 +36,7 @@
auth_options:
password:
name: "RNAMake"
+ hidden: true
external:
- name: "Existing Institute Login"
idp_alias: "cilogon"
diff --git a/dev-tools/ansible/inventories/scigap/develop/host_vars/seagrid/vars.yml b/dev-tools/ansible/inventories/scigap/develop/host_vars/seagrid/vars.yml
index 922710f..f1b6726 100644
--- a/dev-tools/ansible/inventories/scigap/develop/host_vars/seagrid/vars.yml
+++ b/dev-tools/ansible/inventories/scigap/develop/host_vars/seagrid/vars.yml
@@ -19,11 +19,13 @@
#
---
-vhost_servername: "django.seagrid.org"
+vhost_servername: "js2.seagrid.org"
vhost_ssl: True
-ssl_certificate_file: "/etc/letsencrypt/live/django.seagrid.org/cert.pem"
-ssl_certificate_chain_file: "/etc/letsencrypt/live/django.seagrid.org/fullchain.pem"
-ssl_certificate_key_file: "/etc/letsencrypt/live/django.seagrid.org/privkey.pem"
+ssl_certificate_file: "/etc/letsencrypt/live/{{ vhost_servername }}/cert.pem"
+ssl_certificate_chain_file: "/etc/letsencrypt/live/{{ vhost_servername }}/fullchain.pem"
+ssl_certificate_key_file: "/etc/letsencrypt/live/{{ vhost_servername }}/privkey.pem"
+
+real_user_data_dir: "/media/volume/sdb/gateway-user-data"
## Keycloak related variables
tenant_domain: "seagrid"
@@ -33,6 +35,7 @@
auth_options:
password:
name: "SEAGrid"
+ hidden: true
external:
- name: "CILogon"
idp_alias: "oidc"
diff --git a/dev-tools/ansible/inventories/scigap/develop/host_vars/simccs/vars.yml b/dev-tools/ansible/inventories/scigap/develop/host_vars/simccs/vars.yml
index 54c007c..1b6b139 100644
--- a/dev-tools/ansible/inventories/scigap/develop/host_vars/simccs/vars.yml
+++ b/dev-tools/ansible/inventories/scigap/develop/host_vars/simccs/vars.yml
@@ -31,14 +31,18 @@
- pyjnius
# vhost_servername: "beta.simccs.org"
# Temporary use a *.scigap.org domain name
-vhost_servername: "beta.simccs.scigap.org"
+
+vhost_servername: "simccs.js2.scigap.org"
vhost_ssl: True
-# Some of the maptool views call into Java code and can take 2-3 minutes to execute
-vhost_timeout: 300
-# sudo certbot --apache certonly -d django.simccs.scigap.org
ssl_certificate_file: "/etc/letsencrypt/live/{{ vhost_servername }}/cert.pem"
ssl_certificate_chain_file: "/etc/letsencrypt/live/{{ vhost_servername }}/fullchain.pem"
ssl_certificate_key_file: "/etc/letsencrypt/live/{{ vhost_servername }}/privkey.pem"
+
+real_user_data_dir: "/media/volume/sdb/gateway-user-data"
+
+# Some of the maptool views call into Java code and can take 2-3 minutes to execute
+vhost_timeout: 300
+
# Custom vhost config file to specify the geoserver reverse proxy
django_ssl_vhost_template: "{{ inventory_dir }}/host_vars/simccs/files/django-ssl-vhost.conf.j2"
@@ -50,6 +54,7 @@
auth_options:
password:
name: "SimCCS"
+ hidden: true
external:
- name: "CILogon"
idp_alias: "cilogon"
diff --git a/dev-tools/ansible/inventories/scigap/develop/hosts b/dev-tools/ansible/inventories/scigap/develop/hosts
index ae562e0..630806c 100644
--- a/dev-tools/ansible/inventories/scigap/develop/hosts
+++ b/dev-tools/ansible/inventories/scigap/develop/hosts
@@ -7,7 +7,7 @@
149.165.156.195
[database]
-149.165.156.27
+149.165.156.27 ansible_user=centos
[api-orch]
149.165.156.195
@@ -22,22 +22,22 @@
149.165.156.151
[django]
-seagrid ansible_host=149.165.156.46
-simvascular ansible_host=149.165.156.46
-simccs ansible_host=149.165.156.46
-interactwel ansible_host=149.165.156.46
-usd ansible_host=149.165.156.46
-csbglsu ansible_host=149.165.156.46
-nexttdb ansible_host=149.165.156.46
-saver-x ansible_host=149.165.156.46
-pfec-hydro ansible_host=149.165.156.46
-cyberwater ansible_host=149.165.156.46
-mines ansible_host=149.165.156.46
-amp ansible_host=149.165.170.199
-geo ansible_host=149.165.156.46
-delta ansible_host=149.165.169.250
-custos-testdrive ansible_host=pgadev.scigap.org
-rnamake ansible_host=149.165.156.46
+seagrid ansible_host=149.165.152.203 ansible_user=exouser ansible_python_interpreter=/usr/bin/python3
+; simvascular ansible_host=149.165.156.46
+simccs ansible_host=149.165.152.203 ansible_user=exouser ansible_python_interpreter=/usr/bin/python3
+interactwel ansible_host=149.165.152.203 ansible_user=exouser ansible_python_interpreter=/usr/bin/python3
+; usd ansible_host=149.165.156.46
+; csbglsu ansible_host=149.165.156.46
+; nexttdb ansible_host=149.165.156.46
+; saver-x ansible_host=149.165.156.46
+; pfec-hydro ansible_host=149.165.156.46
+; cyberwater ansible_host=149.165.156.46
+; mines ansible_host=149.165.156.46
+; amp ansible_host=149.165.170.199
+geo ansible_host=149.165.152.203 ansible_user=exouser ansible_python_interpreter=/usr/bin/python3
+; delta ansible_host=149.165.169.250
+; custos-testdrive ansible_host=pgadev.scigap.org
+rnamake ansible_host=149.165.152.203 ansible_user=exouser ansible_python_interpreter=/usr/bin/python3
#149.165.169.129
diff --git a/dev-tools/ansible/inventories/scigap/develop/pga_config/scigap/vars.yml b/dev-tools/ansible/inventories/scigap/develop/pga_config/scigap/vars.yml
deleted file mode 100644
index b4e6e44..0000000
--- a/dev-tools/ansible/inventories/scigap/develop/pga_config/scigap/vars.yml
+++ /dev/null
@@ -1,57 +0,0 @@
-#
-#
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-#
-
----
-pga_repo: "https://github.com/apache/airavata-php-gateway.git"
-pga_git_branch: "develop"
-user: "pga"
-group: "pga"
-doc_root_dir: "/var/www/portals/dev-scigap"
-vhost_servername: "dev.scigap.org"
-vhost_ssl: True
-ssl_certificate_file: "/etc/letsencrypt/live/dev.scigap.org/cert.pem"
-ssl_certificate_chain_file: "/etc/letsencrypt/live/dev.scigap.org/fullchain.pem"
-ssl_certificate_key_file: "/etc/letsencrypt/live/dev.scigap.org/privkey.pem"
-
-## Keycloak related variables
-tenant_domain: "scigap"
-admin_username: "scigap_admin"
-admin_password: "{{ vault_admin_password }}"
-oauth_client_key: "{{ vault_oauth_client_key }}"
-oauth_client_secret: "{{ vault_oauth_client_secret }}"
-oauth_grant_type: "password"
-oidc_discovery_url: "https://iamdev.scigap.org/auth/realms/scigap/.well-known/openid-configuration"
-oauth_callback_url: "https://{{ vhost_servername }}/callback-url"
-initial_role_name: "gateway-provider"
-
-gateway_id: "scigap"
-# relative to document root dir
-experiment_data_dir: "{{ user_data_dir }}/dev-scigap"
-# NOTE: scigap portal doesn't make use of the gateway data store, only used to manage other gateways
-gateway_data_store_resource_id: ""
-
-## Portal related variables
-super_admin_portal: "true"
-admin_emails: "['sgrc-iu-group@iu.edu']"
-portal_email_username: "pga.airavata@gmail.com"
-portal_email_password: "{{ vault_portal_email_password }}"
-portal_theme: "base"
-portal_title: "SciGaP Admin Portal"
-...
diff --git a/dev-tools/ansible/inventories/scigap/develop/pga_config/scigap/vault.yml b/dev-tools/ansible/inventories/scigap/develop/pga_config/scigap/vault.yml
deleted file mode 100644
index 8b3b274..0000000
--- a/dev-tools/ansible/inventories/scigap/develop/pga_config/scigap/vault.yml
+++ /dev/null
@@ -1,18 +0,0 @@
-$ANSIBLE_VAULT;1.1;AES256
-66643536656361636339616663393332663862623736333263353739396330333833666336663564
-6332613062363366333265376537656436306438343164380a383362623064383237396433353139
-36323038313235323962613864376562386165353365343430306635383131663636616131323962
-6237356432313434660a346364303238343938376437663939363361336666323234366266666161
-65396434313232323463363965623130333637323134653234383962313566323161626535613533
-32303632633137306436356265386533643634663561366131646234343734656161373463653432
-30336132396634343339323466663132313666343631346430643131363939373564383766356266
-36383336373361333139323038623638633130616330313461656566663164353166373466343232
-37346665663566646562356363376638336330353838646634373633646133653163656138373336
-35346434316466616535393332373839636161363038643937616533306433656335373134313036
-63346462623637643461303364353637623166633235373835306338333435656333633731376461
-35643330323064366137383530346234383266363531346265616530306363383463623234623137
-34343637353430373936393766396135383461323832353165393839653236653135613266376236
-30643438316431373566653639353931323030343030303762376431306231336336633131613963
-65656361363961316338373135333864363766616466376539613061663364353937613664393462
-62323562666634653936323837363738316330353163393632376463336165336439306530363139
-3465
diff --git a/dev-tools/ansible/inventories/scigap/develop/pga_config/seagrid/vars.yml b/dev-tools/ansible/inventories/scigap/develop/pga_config/seagrid/vars.yml
deleted file mode 100644
index f512cf2..0000000
--- a/dev-tools/ansible/inventories/scigap/develop/pga_config/seagrid/vars.yml
+++ /dev/null
@@ -1,67 +0,0 @@
-#
-#
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-#
-
----
-pga_repo: "https://github.com/apache/airavata-php-gateway.git"
-pga_git_branch: "develop"
-user: "pga"
-group: "pga"
-doc_root_dir: "/var/www/portals/dev-seagrid"
-vhost_servername: "dev.seagrid.org"
-vhost_ssl: True
-# TODO: have Ansible manage these files as well
-ssl_certificate_file: "/etc/letsencrypt/live/dev.seagrid.org/cert.pem"
-ssl_certificate_chain_file: "/etc/letsencrypt/live/dev.seagrid.org/fullchain.pem"
-ssl_certificate_key_file: "/etc/letsencrypt/live/dev.seagrid.org/privkey.pem"
-
-## Keycloak related variables
-tenant_domain: "seagrid"
-admin_username: "admin"
-admin_password: "{{ vault_admin_password }}"
-oauth_client_key: "{{ vault_oauth_client_key }}"
-oauth_client_secret: "{{ vault_oauth_client_secret }}"
-oidc_discovery_url: "https://iamdev.scigap.org/auth/realms/seagrid/.well-known/openid-configuration"
-
-auth_options:
- - name: "SEAGrid"
- oauth_grant_type: "password"
- - name: "existing accounts"
- oauth_grant_type: "authorization_code"
- oauth_authorize_url_extra_params: "kc_idp_hint=oidc"
- logo: "/assets/cilogon-logo-24x24-b.png"
-oauth_callback_url: "https://{{ vhost_servername }}/callback-url"
-
-gateway_id: "seagrid"
-# relative to document root dir
-experiment_data_dir: "{{ user_data_dir }}/dev-seagrid"
-# TODO: Fix the data store resource id
-gateway_data_store_resource_id: "pgadev.scigap.org_7ddf28fd-d503-4ff8-bbc5-3279a7c3b99e"
-gateway_data_store_ssh_public_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDWgLve4J9WCohF/4UnbBZsh/nRkP1aM9FmA1FjKwK2gQAnKwhU+NrbsjW38h2Hi+8s9N2oZ9cCJHrvDi2U0cMxz4exIUBcVoRhw37ThlREHADeKR1FbKw0QLhTyfJb0K+1/8GWRluiFx0vHPptJe0KTqu+RJY0NSe+d/BEuGyCZ1hR+SKNuTgcb05Ia6opbSN5D68N9biseEux60d69ARQxLw+VN3Kr/UaBNpGIAfKLlLSUQlTyPA6G6UKCcJZv+/ye10oa0SK0qtrxMpL+4VJcVx+d56U7CUFWKEgPAaQrX1qdGUNDA7HKmD+EBtzw6DJqNJ0Cue/XuPe/RT62tpf"
-group_resource_profile_id: "6a642772-15fd-4d10-a847-8aef89b71830"
-
-## Portal related variables
-super_admin_portal: "false"
-admin_emails: "['sgg@iu.edu','pamidigs@iu.edu', 'eroma.abeysinghe@gmail.com']"
-portal_email_username: "pga.airavata@gmail.com"
-portal_email_password: "{{ vault_portal_email_password }}"
-portal_theme: "seagrid"
-portal_theme_repo: "https://github.com/SciGaP/seagrid-website-theme.git"
-portal_title: "SEAGrid Portal"
-...
diff --git a/dev-tools/ansible/inventories/scigap/develop/pga_config/seagrid/vault.yml b/dev-tools/ansible/inventories/scigap/develop/pga_config/seagrid/vault.yml
deleted file mode 100644
index 4fa5716..0000000
--- a/dev-tools/ansible/inventories/scigap/develop/pga_config/seagrid/vault.yml
+++ /dev/null
@@ -1,18 +0,0 @@
-$ANSIBLE_VAULT;1.1;AES256
-35363834376232323532383937363965643066346662646162623433363134396438383566373532
-3166626337666161386532363635386338366439643935310a316430613738343939333932386333
-65313532396532323834346437643366376465393637326137333838366536373438643434653663
-3735333530316164340a626331396161636332663765653465303335306162653232313863303762
-39666330626562646533656639386639653635623735333432386431323532623334313964393732
-65383465353438366438383938393165353235383438636265653731616235613839363566396635
-38653763353363316233373932313638376231366531306462666436353437376139303939343433
-65613532666230366239626132323661646137333031336230343862306534613564623161303066
-62376132666365303632626639643835623465643564393033623866383836323932383533613861
-62363336393361363266323636356164383962343939336432396538373662396264633361353162
-66663935316236316533633134393136356361373936306438333932666662653263613662636166
-62326139646537326334376464303466366563636465343362656131643735626633393835636265
-63343833396434366637626539653536343539383763393234333466623031393634343930393836
-31636136386135336430303035376533343038336662383139653831666230663232616533653461
-61363665633937666162303638366435613838356665613361313730383734383163666537386330
-38386238316366306466346432663139333038353339376336346166393639336137313231356333
-3336
diff --git a/dev-tools/ansible/inventories/scigap/develop/pga_config/simvascular/vars.yml b/dev-tools/ansible/inventories/scigap/develop/pga_config/simvascular/vars.yml
deleted file mode 100644
index 5068a7e..0000000
--- a/dev-tools/ansible/inventories/scigap/develop/pga_config/simvascular/vars.yml
+++ /dev/null
@@ -1,65 +0,0 @@
-#
-#
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-#
-
----
-pga_repo: "https://github.com/apache/airavata-php-gateway.git"
-pga_git_branch: "develop"
-user: "pga"
-group: "pga"
-doc_root_dir: "/var/www/portals/pga-simvascular"
-vhost_servername: "beta.simvascular.scigap.org"
-vhost_ssl: True
-# TODO: have Ansible manage these files as well
-ssl_certificate_file: "/etc/letsencrypt/live/beta.simvascular.scigap.org/cert.pem"
-ssl_certificate_chain_file: "/etc/letsencrypt/live/beta.simvascular.scigap.org/fullchain.pem"
-ssl_certificate_key_file: "/etc/letsencrypt/live/beta.simvascular.scigap.org/privkey.pem"
-
-## Keycloak related variables
-tenant_domain: "simvascular"
-admin_username: "admin"
-admin_password: "{{ vault_admin_password }}"
-oauth_client_key: "{{ vault_oauth_client_key }}"
-oauth_client_secret: "{{ vault_oauth_client_secret }}"
-oidc_discovery_url: "https://iamdev.scigap.org/auth/realms/simvascular/.well-known/openid-configuration"
-
-auth_options:
- - name: "SimVascular"
- oauth_grant_type: "password"
- - name: "CILogon"
- oauth_grant_type: "authorization_code"
- oauth_authorize_url_extra_params: "kc_idp_hint=cilogon"
- logo: "/assets/cilogon-logo-24x24-b.png"
-oauth_callback_url: "https://{{ vhost_servername }}/callback-url"
-
-gateway_id: "simvascular"
-# relative to document root dir
-experiment_data_dir: "{{ user_data_dir }}/simvascular"
-gateway_data_store_resource_id: "pgadev.scigap.org_7ddf28fd-d503-4ff8-bbc5-3279a7c3b99e"
-gateway_data_store_ssh_public_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDWgLve4J9WCohF/4UnbBZsh/nRkP1aM9FmA1FjKwK2gQAnKwhU+NrbsjW38h2Hi+8s9N2oZ9cCJHrvDi2U0cMxz4exIUBcVoRhw37ThlREHADeKR1FbKw0QLhTyfJb0K+1/8GWRluiFx0vHPptJe0KTqu+RJY0NSe+d/BEuGyCZ1hR+SKNuTgcb05Ia6opbSN5D68N9biseEux60d69ARQxLw+VN3Kr/UaBNpGIAfKLlLSUQlTyPA6G6UKCcJZv+/ye10oa0SK0qtrxMpL+4VJcVx+d56U7CUFWKEgPAaQrX1qdGUNDA7HKmD+EBtzw6DJqNJ0Cue/XuPe/RT62tpf"
-
-## Portal related variables
-super_admin_portal: "false"
-admin_emails: "['sgg@iu.edu','eroma.abeysinghe@gmail.com']"
-portal_email_username: "pga.airavata@gmail.com"
-portal_email_password: "{{ vault_portal_email_password }}"
-portal_theme: "simvascular-gateway-theme"
-portal_theme_repo: "https://github.com/SciGaP/simvascular-gateway-theme.git"
-portal_title: "SimVascular Gateway Portal"
-...
diff --git a/dev-tools/ansible/inventories/scigap/develop/pga_config/simvascular/vault.yml b/dev-tools/ansible/inventories/scigap/develop/pga_config/simvascular/vault.yml
deleted file mode 100644
index a24744d..0000000
--- a/dev-tools/ansible/inventories/scigap/develop/pga_config/simvascular/vault.yml
+++ /dev/null
@@ -1,18 +0,0 @@
-$ANSIBLE_VAULT;1.1;AES256
-39663235396339383266663136613561633834356536323232346264343839636663656366636638
-3562636339363061343532656234303966613261386635620a656433623538643961663866383563
-32366138333464646337316139383230396165393439666439383463326531656365306266326265
-3030646232393538340a356432663330303064363631626666633138313832323332663965393364
-36613764343037346565343632643964306330623136323532343837393362636664663763333437
-65343133313433346538663133326465616465363031643966313963666636303534356437316231
-39663239316133383035383239303731306163373362353164396364653964353533623633646335
-61386464646132353939373761383037343637616133626665383330366636643537356163323962
-66663938666166373830646136333265323561363036336236663964623662356639623866376137
-36336537633836313839633737393435666537386463343862333235663961653437303462383930
-65383762666536393732613466393763373434383661356337306539613766356138353033613530
-34613938613237663662333064616664666138333435363835346434316161663933386335303438
-39343437346665326334336537316264656265313663623331626339323933383064343539326439
-35666133373639356261353166353332663936643433386539373533313832336164373466386331
-32616138303838353431316239376630383437373466663463323230306532353632656231313230
-36343532363965306333646161663638366364643131303135653239663264623366653933343538
-3266
diff --git a/dev-tools/ansible/inventories/scigap/develop/pga_config/testdrive/vars.yml b/dev-tools/ansible/inventories/scigap/develop/pga_config/testdrive/vars.yml
deleted file mode 100644
index e1b0034..0000000
--- a/dev-tools/ansible/inventories/scigap/develop/pga_config/testdrive/vars.yml
+++ /dev/null
@@ -1,65 +0,0 @@
-#
-#
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-#
-
----
-pga_repo: "https://github.com/apache/airavata-php-gateway.git"
-pga_git_branch: "develop"
-user: "pga"
-group: "pga"
-doc_root_dir: "/var/www/portals/dev-testdrive"
-vhost_servername: "dev.testdrive.airavata.org"
-vhost_ssl: True
-ssl_certificate_file: "/etc/letsencrypt/live/dev.testdrive.airavata.org/cert.pem"
-ssl_certificate_chain_file: "/etc/letsencrypt/live/dev.testdrive.airavata.org/fullchain.pem"
-ssl_certificate_key_file: "/etc/letsencrypt/live/dev.testdrive.airavata.org/privkey.pem"
-
-## Keycloak related variables
-tenant_domain: "{{ gateway_id }}"
-admin_username: "admin"
-admin_password: "{{ vault_admin_password }}"
-oauth_client_key: "{{ vault_oauth_client_key }}"
-oauth_client_secret: "{{ vault_oauth_client_secret }}"
-oidc_discovery_url: "https://iamdev.scigap.org/auth/realms/{{ tenant_domain }}/.well-known/openid-configuration"
-
-auth_options:
- - name: "Test Drive"
- oauth_grant_type: "password"
- - name: "CILogon"
- oauth_grant_type: "authorization_code"
- oauth_authorize_url_extra_params: "kc_idp_hint=cilogon"
- logo: "/assets/cilogon-logo-24x24-b.png"
-oauth_callback_url: "https://{{ vhost_servername }}/callback-url"
-
-gateway_id: "default"
-# relative to document root dir
-experiment_data_dir: "{{ user_data_dir }}/dev-testdrive"
-gateway_data_store_resource_id: "pgadev.scigap.org_7ddf28fd-d503-4ff8-bbc5-3279a7c3b99e"
-gateway_data_store_ssh_public_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCEK6v8oMNUKDqQtlHlXRUpRZVqCL6CbQlJTL5QajevPFtvM0hauS/Rjj6M/bjgTfRyef2/E100l1pH3xhFuL65+OTnOZgC5DQ0T3J1OtldTTuP1Rl7mKZR4xKYzx/hxSgB6kn8tZb3IgDCYnHNcTLYGj1rEpNEO6ju8e9qVR02ex+hbC+4Q4bJgX6FxHL4+rQHcqT6I1k3JmwRsPzr3P1hiRgUUkxAlQuXFXsoa4+9BzEU5D0qXq0o/Q12jKOhPwWyOyhV2X++bc50VKkm0G6M6n78OL8CBIKmZyczgEwD2zB9gx3aTHXTEgUqaVHyOMc3aE8Kt1Us33PDyXpn8sk3"
-group_resource_profile_id: "1cee1887-6774-49c4-9f3c-edfc3558cf9b"
-
-## Portal related variables
-super_admin_portal: "false"
-admin_emails: "['sgg@iu.edu']"
-portal_email_username: "pga.airavata@gmail.com"
-portal_email_password: "{{ vault_portal_email_password }}"
-portal_theme: "base"
-#portal_theme_repo: "https://github.com/SciGaP/seagrid-website-theme.git"
-portal_title: "Airavata Test Drive"
-...
diff --git a/dev-tools/ansible/inventories/scigap/develop/pga_config/testdrive/vault.yml b/dev-tools/ansible/inventories/scigap/develop/pga_config/testdrive/vault.yml
deleted file mode 100644
index 59eb48f..0000000
--- a/dev-tools/ansible/inventories/scigap/develop/pga_config/testdrive/vault.yml
+++ /dev/null
@@ -1,18 +0,0 @@
-$ANSIBLE_VAULT;1.1;AES256
-37653330653661316166336135653863643435656234363935346436646433353061613333376462
-3031393162356336393430333763663764633263353637310a386662313137383733333666396539
-39313331373262323031613561633835663266386663613037393235366533333130303438306564
-3631313831323765630a653331363766343836326135393131646264613361646266333662666663
-34336561356230623239613237393161616263333638613765616134633837393161393933643433
-61383030316464633961313965653365373037326234636234306661346234316630656634626264
-32666265633261666330623262303462643932336463303231303935643936613638326363363262
-39363237353038626437646230623565353038383566303662663033623066383938656530613939
-39343339643062313830633165323135346330636133663632366436336263363232646431663239
-32663434333032353632373735333434613066386132646561643930626466306433623639386266
-33313366383036313161373736656530366339646333373664333364373531633463333838303334
-39626330646361636238303261343164343834623065393131646336306430383331333364313937
-37333539303361386234663930613130363564333232326535313864306132646361353132393638
-31343338636466353338656261633437616330636631326564353032393162383465343137383163
-61666265336465366263636435336436343764356133653963653866353166356138353837346434
-35326265666365393963356231313964333763316464633636656332653132633931393064626630
-3966
diff --git a/dev-tools/ansible/requirements.txt b/dev-tools/ansible/requirements.txt
index dc30cfd..da3380c 100644
--- a/dev-tools/ansible/requirements.txt
+++ b/dev-tools/ansible/requirements.txt
@@ -15,5 +15,21 @@
# specific language governing permissions and limitations
# under the License.
-ansible~=2.3.1
-docker<3.0
+ansible==5.6.0
+ansible-core==2.12.4
+certifi==2021.10.8
+cffi==1.15.0
+charset-normalizer==2.0.12
+cryptography==36.0.2
+docker==5.0.3
+idna==3.3
+Jinja2==3.1.1
+MarkupSafe==2.1.1
+packaging==21.3
+pycparser==2.21
+pyparsing==3.0.8
+PyYAML==6.0
+requests==2.27.1
+resolvelib==0.5.4
+urllib3==1.26.9
+websocket-client==1.3.2
diff --git a/dev-tools/ansible/roles/django/tasks/database.yml b/dev-tools/ansible/roles/django/tasks/database.yml
index 4589562..31548a6 100644
--- a/dev-tools/ansible/roles/django/tasks/database.yml
+++ b/dev-tools/ansible/roles/django/tasks/database.yml
@@ -22,16 +22,25 @@
- name: Adds Python MySQL support on Debian/Ubuntu
apt: pkg="python-mysqldb" state=present
- become_user: root
+ become: true
when: ansible_os_family == 'Debian'
-- name: Adds Python MySQL support on RedHat/CentOS
- yum: name=MySQL-python state=present
- become_user: root
- when: ansible_os_family == 'RedHat'
+# - name: inventory_hostname var
+# debug:
+# var: inventory_hostname
+
+# - name: user var
+# debug:
+# var: user
+
+# TODO: fix propagating delegation and become_user
+# - include: install_deps_{{ ansible_distribution }}_{{ ansible_distribution_major_version }}.yml
+# when: ansible_os_family == "RedHat"
- name: create django database ({{ django_database_name }})
mysql_db: name="{{ django_database_name }}" state=present encoding=utf8 collation=utf8_bin
+ # become: true
+ # become_user: "{{user}}"
- name: give access to {{ django_db_username }} from remote (internal ip)
mysql_user: name="{{ django_db_username }}" password="{{ django_db_password }}" host="{{ ansible_default_ipv4.address }}"
diff --git a/dev-tools/ansible/roles/django/tasks/install_deps_Centos_7.yml b/dev-tools/ansible/roles/django/tasks/install_deps_Centos_7.yml
new file mode 100644
index 0000000..fbde07f
--- /dev/null
+++ b/dev-tools/ansible/roles/django/tasks/install_deps_Centos_7.yml
@@ -0,0 +1,28 @@
+#
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+
+---
+
+- name: Adds Python MySQL support (Centos 7)
+ yum: name=MySQL-python state=present
+ become: true
+
+
+...
diff --git a/dev-tools/ansible/roles/django/tasks/install_deps_Rocky_8.yml b/dev-tools/ansible/roles/django/tasks/install_deps_Rocky_8.yml
new file mode 100644
index 0000000..1aa0d81
--- /dev/null
+++ b/dev-tools/ansible/roles/django/tasks/install_deps_Rocky_8.yml
@@ -0,0 +1,29 @@
+#
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+
+---
+
+- name: Adds Python MySQL support (Rocky 8)
+ dnf: name={{ item }} state=latest
+ with_items:
+ - python3-mysql
+ become: true
+
+...
diff --git a/dev-tools/ansible/roles/django/tasks/main.yml b/dev-tools/ansible/roles/django/tasks/main.yml
index 172b7f0..1f0c264 100644
--- a/dev-tools/ansible/roles/django/tasks/main.yml
+++ b/dev-tools/ansible/roles/django/tasks/main.yml
@@ -27,11 +27,19 @@
with_items:
- "{{ groups['database'] }}"
+# - name: Hostvars
+# debug:
+# var: hostvars[item]
+# with_items:
+# - "{{ django_database_hosts }}"
+
- name: Run tasks to setup Django database
- include: database.yml
- delegate_to: "{{ item }}"
- become: yes
- become_user: "{{ hostvars[item]['user'] }}"
+ include_tasks: database.yml
+ args:
+ apply:
+ delegate_to: "{{ item }}"
+ become: yes
+ become_user: "{{ hostvars[item]['user'] }}"
with_items:
- "{{ django_database_hosts }}"
@@ -88,10 +96,12 @@
- name: build airavata-django-portal Docker image
local_action:
module: docker_image
- path: "{{ airavata_django_portal_tempdir.path }}/"
+ build:
+ path: "{{ airavata_django_portal_tempdir.path }}/"
name: airavata-django-portal
- force: true
- # source: build
+ force_source: true
+ force_tag: true
+ source: build
run_once: true
- name: create Docker container so we can copy built files out of it
@@ -178,6 +188,7 @@
pip:
name: "{{ item }}"
virtualenv: "{{ django_venv_dir }}"
+ # TODO: maybe set editable to true if a git url?
become: yes
become_user: "{{user}}"
with_list: "{{ airavata_django_extra_dependencies }}"
diff --git a/dev-tools/ansible/roles/django_setup/tasks/install_deps_Rocky_8.yml b/dev-tools/ansible/roles/django_setup/tasks/install_deps_Rocky_8.yml
new file mode 100644
index 0000000..80f8266
--- /dev/null
+++ b/dev-tools/ansible/roles/django_setup/tasks/install_deps_Rocky_8.yml
@@ -0,0 +1,108 @@
+#
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+
+---
+
+- name: Install Airavata Django Portal prerequisites (Rocky 8)
+ dnf: name={{ item }} state=latest
+ with_items:
+ - python36
+ - httpd-devel
+ - python36-devel
+ - mysql-devel
+ - gcc
+ - zlib-devel
+ - openssl-devel
+ become: yes
+
+- name: Create mod_wsgi directory
+ file: path={{ mod_wsgi_dir }} state=directory
+ become: yes
+
+- name: Fetch mod_wsgi
+ get_url:
+ url: "{{ mod_wsgi_url }}"
+ dest: "{{ mod_wsgi_tarball_dest }}"
+ become: yes
+
+- name: Untar mod_wsgi
+ unarchive:
+ src: "{{ mod_wsgi_tarball_dest }}"
+ remote_src: yes
+ dest: "{{ mod_wsgi_dir }}"
+ creates: "{{ mod_wsgi_unarchive_dir }}"
+ become: yes
+
+- name: Configure mod_wsgi
+ command: ./configure --with-python=/usr/bin/python3
+ args:
+ chdir: "{{ mod_wsgi_unarchive_dir }}"
+ creates: "{{ mod_wsgi_unarchive_dir }}/Makefile"
+ become: yes
+
+- name: make mod_wsgi
+ command: make
+ args:
+ chdir: "{{ mod_wsgi_unarchive_dir }}"
+ creates: "{{ mod_wsgi_unarchive_dir }}/src/server/mod_wsgi.la"
+ become: yes
+
+- name: make install mod_wsgi
+ command: make install
+ args:
+ chdir: "{{ mod_wsgi_unarchive_dir }}"
+ become: yes
+
+- name: Copy mod_wsgi config file
+ copy:
+ src: 00-wsgi.conf
+ dest: "{{ httpd_conf_modules_dir }}/00-wsgi.conf"
+ become: yes
+
+# Allow httpd to copy file attributes when handling uploaded files and moving
+# them from temporary to final destination (which may cross partitions)
+- name: double check policycoreutils installed
+ dnf: name=python3-policycoreutils state=installed
+ become: yes
+
+- name: Copy SELinux type enforcement file
+ copy: src=django-httpd.te dest=/tmp/
+
+- name: Compile SELinux module file
+ command: checkmodule -M -m -o /tmp/django-httpd.mod /tmp/django-httpd.te
+
+- name: Build SELinux policy package
+ command: semodule_package -o /tmp/django-httpd.pp -m /tmp/django-httpd.mod
+
+- name: unLoad SELinux policy package
+ command: semodule -r django-httpd
+ become: yes
+ ignore_errors: True
+
+- name: Load SELinux policy package
+ command: semodule -i /tmp/django-httpd.pp
+ become: yes
+
+- name: Remove temporary files
+ file: path={{ item }} state=absent
+ with_items:
+ - /tmp/django-httpd.mod
+ - /tmp/django-httpd.pp
+ - /tmp/django-httpd.te
diff --git a/dev-tools/ansible/roles/env_setup/tasks/main.yml b/dev-tools/ansible/roles/env_setup/tasks/main.yml
index 4d36c76..b038e84 100644
--- a/dev-tools/ansible/roles/env_setup/tasks/main.yml
+++ b/dev-tools/ansible/roles/env_setup/tasks/main.yml
@@ -73,24 +73,25 @@
# Automatic security updates installation
-- name: Install yum-cron, yum-utils (RedHat)
- yum: name={{ item }} state=latest update_cache=yes
- become: yes
- when: ansible_os_family == "RedHat"
- with_items:
- - yum-cron
- - yum-utils
+# TODO: switch to dnf-automatic for Rocky Linux
+# - name: Install yum-cron, yum-utils (RedHat)
+# yum: name={{ item }} state=latest update_cache=yes
+# become: yes
+# when: ansible_os_family == "RedHat"
+# with_items:
+# - yum-cron
+# - yum-utils
-- name: Copy yum-cron.conf config file
- copy:
- src: yum-cron.conf
- dest: /etc/yum/yum-cron.conf
- backup: yes
- become: yes
- when: ansible_os_family == "RedHat"
+# - name: Copy yum-cron.conf config file
+# copy:
+# src: yum-cron.conf
+# dest: /etc/yum/yum-cron.conf
+# backup: yes
+# become: yes
+# when: ansible_os_family == "RedHat"
-- name: Enable and start yum-cron
- service: name=yum-cron state=started enabled=yes daemon_reload=yes
- become: yes
- when: ansible_os_family == "RedHat"
+# - name: Enable and start yum-cron
+# service: name=yum-cron state=started enabled=yes daemon_reload=yes
+# become: yes
+# when: ansible_os_family == "RedHat"
...
diff --git a/dev-tools/ansible/roles/httpd/tasks/install_deps_Rocky_8.yml b/dev-tools/ansible/roles/httpd/tasks/install_deps_Rocky_8.yml
new file mode 100644
index 0000000..698932e
--- /dev/null
+++ b/dev-tools/ansible/roles/httpd/tasks/install_deps_Rocky_8.yml
@@ -0,0 +1,35 @@
+#
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+
+---
+
+- name: Install pre-requisites
+ dnf: name="{{ item }}" state=latest
+ with_items:
+ - git
+ - httpd
+ - mod_ssl
+ - python3-libselinux
+ - python3-policycoreutils
+ become: yes
+
+- name: install epel release
+ dnf: name=epel-release state=present
+ become: yes
diff --git a/dev-tools/ansible/roles/httpd/tasks/main.yml b/dev-tools/ansible/roles/httpd/tasks/main.yml
index 15a71fd..90a3ee8 100644
--- a/dev-tools/ansible/roles/httpd/tasks/main.yml
+++ b/dev-tools/ansible/roles/httpd/tasks/main.yml
@@ -34,7 +34,7 @@
- name: create default ssl vhost certificate
command: openssl req -x509 -sha256 -newkey rsa:2048 -keyout {{ httpd_default_ssl_vhost_certificate_key_location[ansible_os_family]}} -out {{ httpd_default_ssl_vhost_certificate_location[ansible_os_family]}} -days 1024 -nodes -subj '/CN={{ ansible_host }}'
become: yes
- when: default_vhost_ssl_cert_check|failed
+ when: default_vhost_ssl_cert_check is failed
- name: Change permissions for default ssl vhost certificate private key
file: path="{{ httpd_default_ssl_vhost_certificate_key_location[ansible_os_family] }}" state=file owner="root" group="root" mode="600"
@@ -59,6 +59,7 @@
file: path="{{ real_user_data_dir }}" state=directory owner="{{user}}" group="{{group}}"
become: yes
+# TODO: create the parent directory of the symlink if missing
- name: Symlink user data dir {{ user_data_dir }} to {{ real_user_data_dir }}
file: src="{{ real_user_data_dir }}" dest="{{ user_data_dir }}" state=link owner="{{user}}" group="{{group}}"
become: yes
@@ -76,7 +77,7 @@
when: ansible_os_family == "RedHat"
- name: run restorecon on user data directory
- command: restorecon -F -R {{ user_data_dir }}
+ command: restorecon -F -R {{ real_user_data_dir }}
become: yes
when: ansible_os_family == "RedHat"
diff --git a/dev-tools/ansible/roles/letsencrypt/tasks/install_deps_CentOS_7.yml b/dev-tools/ansible/roles/letsencrypt/tasks/install_deps_CentOS_7.yml
new file mode 100644
index 0000000..2415c75
--- /dev/null
+++ b/dev-tools/ansible/roles/letsencrypt/tasks/install_deps_CentOS_7.yml
@@ -0,0 +1,31 @@
+#
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+
+---
+
+- name: install certbot and dependencies
+ yum: name={{ item }} state=installed update_cache=yes
+ with_items:
+ - certbot-1.11.0
+ - python2-acme-1.11.0
+ - python2-certbot-apache-1.11.0
+ - ca-certificates-2021.2.50
+ become: true
+ become_user: root
diff --git a/dev-tools/ansible/roles/letsencrypt/tasks/install_deps_Rocky_8.yml b/dev-tools/ansible/roles/letsencrypt/tasks/install_deps_Rocky_8.yml
new file mode 100644
index 0000000..574127d
--- /dev/null
+++ b/dev-tools/ansible/roles/letsencrypt/tasks/install_deps_Rocky_8.yml
@@ -0,0 +1,31 @@
+#
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+
+---
+
+- name: install certbot and dependencies
+ dnf: name={{ item }} state=latest
+ with_items:
+ - certbot
+ - python3-acme
+ - python3-certbot-apache
+ - ca-certificates
+ become: true
+ become_user: root
diff --git a/dev-tools/ansible/roles/letsencrypt/tasks/main.yml b/dev-tools/ansible/roles/letsencrypt/tasks/main.yml
index 75a4956..51d4bb5 100644
--- a/dev-tools/ansible/roles/letsencrypt/tasks/main.yml
+++ b/dev-tools/ansible/roles/letsencrypt/tasks/main.yml
@@ -20,15 +20,7 @@
---
-- name: install certbot and dependencies
- yum: name={{ item }} state=installed update_cache=yes
- with_items:
- - certbot-1.11.0
- - python2-acme-1.11.0
- - python2-certbot-apache-1.11.0
- - ca-certificates-2021.2.50
- become: true
- become_user: root
+- include: install_deps_{{ ansible_distribution }}_{{ ansible_distribution_major_version }}.yml
when: ansible_os_family == "RedHat"
- name: add Certbot PPA repository