airavata-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From lah...@apache.org
Subject [13/50] [abbrv] airavata git commit: Deploy wso2is on aws EC2 instance
Date Thu, 29 Sep 2016 12:44:50 GMT
Deploy wso2is on aws EC2 instance


Project: http://git-wip-us.apache.org/repos/asf/airavata/repo
Commit: http://git-wip-us.apache.org/repos/asf/airavata/commit/93ec75b6
Tree: http://git-wip-us.apache.org/repos/asf/airavata/tree/93ec75b6
Diff: http://git-wip-us.apache.org/repos/asf/airavata/diff/93ec75b6

Branch: refs/heads/lahiru/AIRAVATA-2065
Commit: 93ec75b61ddaa5585700fed81a6e173b2850817d
Parents: 433ae48
Author: Shameera Rathnayaka <shameerainfo@gmail.com>
Authored: Tue Aug 16 22:19:12 2016 -0400
Committer: Shameera Rathnayaka <shameerainfo@gmail.com>
Committed: Tue Aug 16 22:19:12 2016 -0400

----------------------------------------------------------------------
 group_vars/all                        |  12 +-
 hosts                                 |  28 +-
 roles/env_setup/tasks/main.yml        |  33 +-
 roles/rabbitmq/tasks/main.yml         |  17 +-
 roles/rabbitmq/vars/main.yml          |   2 +
 roles/wso2_is/tasks/main.yml          |  69 +++
 roles/wso2_is/templates/carbon.xml.j2 | 688 +++++++++++++++++++++++++++++
 roles/wso2_is/vars/main.yml           |  18 +
 site.yml                              |   4 +
 9 files changed, 837 insertions(+), 34 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/airavata/blob/93ec75b6/group_vars/all
----------------------------------------------------------------------
diff --git a/group_vars/all b/group_vars/all
index bae52a5..e1b8187 100644
--- a/group_vars/all
+++ b/group_vars/all
@@ -1,10 +1,11 @@
 ---
 ansible_connection: ssh
-ansible_ssh_user: root
-ansible_ssh_private_key_file: /Users/syodage/Projects/scigap/JetCloud/jetcloud.key
+ansible_ssh_user: centos
+#ansible_ssh_private_key_file: /Users/syodage/Projects/scigap/JetCloud/jetcloud.key
+ansible_ssh_private_key_file: /Users/syodage/Projects/airavata-ansible/shameera-aws.pem.txt
 
-user: airavata
-group: airavata
+user: centos
+group: centos 
 user_home: "/home/{{ user }}"
 deployment_dir: "{{ user_home }}/master-deployment"
 
@@ -24,7 +25,8 @@ rabbitmq_server: "localhost"
 rabbitmq_vhost: "master"
 rabbitmq_user: "airavata"
 rabbitmq_password: "airavata"
-rabbitmq_broker_url: "amqp://{{ rabbitmq_user }}:{{ rabbitmq_password }}@{{ rabbitmq_server}}:5672/{{
rabbitmq_vhost }}"
+rabbitmq_port: "5672"
+rabbitmq_broker_url: "amqp://{{ rabbitmq_user }}:{{ rabbitmq_password }}@{{ rabbitmq_server}}:{{
rabbitmq_port }}/{{ rabbitmq_vhost }}"
 
 key_store: "airavata.jks"
 cred_key_store: "client_truststore.jks"

http://git-wip-us.apache.org/repos/asf/airavata/blob/93ec75b6/hosts
----------------------------------------------------------------------
diff --git a/hosts b/hosts
index 8a317b8..819e1ab 100644
--- a/hosts
+++ b/hosts
@@ -1,25 +1,29 @@
+---
 # inventory file : production
 
 [api-orch]
-#149.165.156.196 host_name=js-156-196 host_address=149.165.156.196
-js-171-11.jetstream-cloud.org
+#js-156.196.jetstream-cloud.org
+#js-171-11.jetstream-cloud.org
 
 [gfac]
-#149.165.156.196 host_name=js-156-196 host_address=149.165.156.196
-js-171-11.jetstream-cloud.org
+#js-156.196.jetstream-cloud.org
+#js-171-11.jetstream-cloud.org
 
 [pga]
-#149.165.156.196
-js-171-11.jetstream-cloud.org
+#js-156.196.jetstream-cloud.org
+#js-171-11.jetstream-cloud.org
 
 [zookeeper]
-#149.165.156.196 host_name=js-156-196 host_address=149.165.156.196
-js-171-11.jetstream-cloud.org
+#js-156.196.jetstream-cloud.org
+#js-171-11.jetstream-cloud.org
 
 [rabbitmq]
-#149.165.156.196 host_name=js-156-196 host_address=149.165.156.196
-js-171-11.jetstream-cloud.org
+#js-156.196.jetstream-cloud.org
+#js-171-11.jetstream-cloud.org rabbit_hostName="jetcloud-1-centos-7"
 
 [database]
-#149.165.156.196
-js-171-11.jetstream-cloud.org
+#js-156.196.jetstream-cloud.org
+#js-171-11.jetstream-cloud.org
+
+[wso2is]
+107.23.143.252

http://git-wip-us.apache.org/repos/asf/airavata/blob/93ec75b6/roles/env_setup/tasks/main.yml
----------------------------------------------------------------------
diff --git a/roles/env_setup/tasks/main.yml b/roles/env_setup/tasks/main.yml
index a20b018..395d0a8 100644
--- a/roles/env_setup/tasks/main.yml
+++ b/roles/env_setup/tasks/main.yml
@@ -3,32 +3,29 @@
 #All commons tasks goes here
 - name: Create a new user group "{{ group }}"
   group: name={{ group }}
-  tags: user
 
 - name: Create a new user "{{ user }}"
   user: name={{ user }} group={{ group }}
-  tags: user
 
 ################################################################################
-- name: Install git latest version
-  yum: name=git state=latest update_cache=yes
-  tags: env
+- name: Install pre-requireties
+  yum: name={{ item }} state=latest update_cache=yes
+  with_items:
+    - git
+    - maven
+    - firewalld
+    - unzip  #need for wso2
 
-- name: Install maven latest version
-  yum: name=maven state=latest update_cache=yes
-  tags: env
 
 ################################################################################
 # Install Orcal Java
 - name: download oracle java 8 rpm
   get_url: url="{{ java_rpm_url }}" dest="{{ java_dir_source }}" headers='Cookie:oraclelicense=accept-securebackup-cookie'
-  tags: env
 
 - name: Install oracle java 8
   yum: name="{{ java_dir_source }}/{{ java_rpm_filename }}" state=present
-  tags: env
 
-- name: set Java version as default
+- name: set Oracle Java {{ java_version_string }} as default
   alternatives:
     name="{{ item.exe }}"
     link="/usr/bin/{{ item.exe }}"
@@ -38,7 +35,17 @@
     - { path: "{{ java_home }}/jre/bin", exe: 'keytool' }
     - { path: "{{ java_home }}/bin", exe: 'javac' }
     - { path: "{{ java_home }}/bin", exe: 'javadoc' }
-  tags: env
 
-# End
+  # TODO: stop iptables service, can't have both iptables and firewalld on same host
+  # if we try to stop non existing service ansible fails.
+# - name: Stop iptables, ip6tables services
+#   service: name="{{ item }}" state=stopped
+#   with_items:
+#     - iptables
+#     - ip6tables
+
+- name: Start firewalld service
+  service: name=firewalld state=started
+  become: yes
+
 ...

http://git-wip-us.apache.org/repos/asf/airavata/blob/93ec75b6/roles/rabbitmq/tasks/main.yml
----------------------------------------------------------------------
diff --git a/roles/rabbitmq/tasks/main.yml b/roles/rabbitmq/tasks/main.yml
index 56ae071..d1e7ce5 100644
--- a/roles/rabbitmq/tasks/main.yml
+++ b/roles/rabbitmq/tasks/main.yml
@@ -1,23 +1,32 @@
 ---
-
-
 ################################################################################
 # Setup and run rabbitmq
 - name: Install erlang latest version
   yum: name=https://www.rabbitmq.com/releases/erlang/erlang-18.3-1.el7.centos.x86_64.rpm
state=present
+  become: yes
 
 - name: Install Rabbitmq rpm
   yum: name=https://www.rabbitmq.com/releases/rabbitmq-server/v3.6.3/rabbitmq-server-3.6.3-1.noarch.rpm
state=present
+  become: yes
 
   # add hostname to /etc/hosts file
 - name: get ip4 address
-  command: dig +short myip.opendns.com @resolver1.opendns.com
+  # command: dig +short myip.opendns.com @resolver1.opendns.com
+  command: hostname -i
   register: _ip4
 
+- name: open rabbitmq ports
+  firewalld: port={{ item }} zone=public permanent=true state=enabled immediate=yes
+  with_items:
+    - "{{ rabbitmq_port }}/tcp"
+    - "{{ management_plugin_port }}/tcp"
+  become: yes
+
 - name: Edit /etc/hosts file
-  lineinfile: dest=/etc/hosts line="{{ _ip4.stdout }} {{ ansible_hostname }} {{ ansible_fqdn
}}"
+  lineinfile: dest=/etc/hosts line="{{ _ip4.stdout }} {{ rabbit_hostName }}"
   notify:
     - restart rabbitmq
+  become: yes
 
 - name: Start Rabbitmq server
   service: name=rabbitmq-server state=started

http://git-wip-us.apache.org/repos/asf/airavata/blob/93ec75b6/roles/rabbitmq/vars/main.yml
----------------------------------------------------------------------
diff --git a/roles/rabbitmq/vars/main.yml b/roles/rabbitmq/vars/main.yml
new file mode 100644
index 0000000..c5ab904
--- /dev/null
+++ b/roles/rabbitmq/vars/main.yml
@@ -0,0 +1,2 @@
+---
+management_plugin_port: "15672"

http://git-wip-us.apache.org/repos/asf/airavata/blob/93ec75b6/roles/wso2_is/tasks/main.yml
----------------------------------------------------------------------
diff --git a/roles/wso2_is/tasks/main.yml b/roles/wso2_is/tasks/main.yml
new file mode 100644
index 0000000..6cd03b0
--- /dev/null
+++ b/roles/wso2_is/tasks/main.yml
@@ -0,0 +1,69 @@
+---
+# TODO- replace java install with env_setup role
+# Install Orcal Java
+- name: download oracle java 8 rpm
+  get_url: url="{{ java_rpm_url }}" dest="{{ java_dir_source }}" headers='Cookie:oraclelicense=accept-securebackup-cookie'
+  become: yes
+  become_user: root
+
+- name: Install oracle java 8
+  yum: name="{{ java_dir_source }}/{{ java_rpm_filename }}" state=present
+  become: yes
+  become_user: root
+
+- name: set Oracle Java {{ java_version_string }} as default
+  alternatives:
+    name="{{ item.exe }}"
+    link="/usr/bin/{{ item.exe }}"
+    path="{{ item.path }}/{{ item.exe }}"
+  with_items:
+    - { path: "{{ java_home }}/jre/bin", exe: 'java' }
+    - { path: "{{ java_home }}/jre/bin", exe: 'keytool' }
+    - { path: "{{ java_home }}/bin", exe: 'javac' }
+    - { path: "{{ java_home }}/bin", exe: 'javadoc' }
+  become: yes
+  become_user: root
+
+- name: Install pre-requireties
+  yum: name=unzip state=latest update_cache=yes
+  become: yes
+
+- name: Install pre-requireties
+  yum: name=firewalld state=latest update_cache=yes
+  become: yes
+# downlaod wso2 is
+# extract it
+# - name: Download and unarchive wso2 is
+#   unarchive: src="{{ zookeeper_url }}" dest="{{ user_home }}" copy=no owner="{{ user }}"
group="{{ group }}"
+# for now wso2is from localhost
+- name: Copy WSO2 IS
+  unarchive: >
+    src="{{ wso2_is_dist }}"
+    dest="{{ user_home }}/"
+    owner="{{ user }}"
+    group="{{ group }}"
+    creates="{{ user_home }}/{{ wso2_is_dir }}/bin/wso2server.sh"
+
+- name: Copy carbon.xml
+  template: src=carbon.xml.j2 dest="{{ user_home }}/{{ wso2_is_dir }}/repository/conf/carbon.xml"
owner="{{ user }}" group="{{ group }}" mode="u=rw,g=r,o=r"
+
+
+- name: Start firewalld service
+  service: name=firewalld state=started
+  become: yes
+
+- name: open carabon management console port
+  firewalld: port=9443/tcp zone=public permanent=true state=enabled immediate=yes
+  become: yes
+
+# start wso2 is server
+- name: start wso2 is
+  command: ./bin/wso2server.sh start chdir="{{ user_home }}/{{ wso2_is_dir }}/" creates="{{
user_home }}/{{ wso2_is_dir }}/wso2carbon.pid"
+  environment:
+    JAVA_HOME: "{{ java_home }}"
+
+# - name: stop wso2 is
+  # command: ./bin/airavata-server-stop.sh -f chdir="{{ gfac_dir }}/{{ airavata_dist }}/"
removes="{{ gfac_dir }}/{{ airavata_dist }}/bin/server_start_*"
+
+
+...

http://git-wip-us.apache.org/repos/asf/airavata/blob/93ec75b6/roles/wso2_is/templates/carbon.xml.j2
----------------------------------------------------------------------
diff --git a/roles/wso2_is/templates/carbon.xml.j2 b/roles/wso2_is/templates/carbon.xml.j2
new file mode 100755
index 0000000..5f421f2
--- /dev/null
+++ b/roles/wso2_is/templates/carbon.xml.j2
@@ -0,0 +1,688 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!--
+ Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+
+<!--
+    This is the main server configuration file
+
+    ${carbon.home} represents the carbon.home system property.
+    Other system properties can be specified in a similar manner.
+-->
+<Server xmlns="http://wso2.org/projects/carbon/carbon.xml">
+
+    <!--
+       Product Name
+    -->
+    <Name>WSO2 Identity Server</Name>
+
+    <!--
+       machine readable unique key to identify each product
+    -->
+    <ServerKey>IS</ServerKey>
+
+    <!--
+       Product Version
+    -->
+    <Version>5.1.0</Version>
+
+    <!--
+       Host name or IP address of the machine hosting this server
+       e.g. www.wso2.org, 192.168.1.10
+       This is will become part of the End Point Reference of the
+       services deployed on this server instance.
+    -->
+    <HostName>{{ ansible_fqdn }}</HostName>
+
+    <!--
+    Host name to be used for the Carbon management console
+    -->
+    <MgtHostName>localhost</MgtHostName>
+
+    <!--
+        The URL of the back end server. This is where the admin services are hosted and
+        will be used by the clients in the front end server.
+        This is required only for the Front-end server. This is used when seperating BE server
from FE server
+       -->
+    <ServerURL>local:/${carbon.context}/services/</ServerURL>
+    <!--
+    <ServerURL>https://localhost:${carbon.management.port}${carbon.context}/services/</ServerURL>
+    -->
+     <!--
+     The URL of the index page. This is where the user will be redirected after signing in
to the
+     carbon server.
+     -->
+    <!-- IndexPageURL>/carbon/admin/index.jsp</IndexPageURL-->
+
+    <!--
+    For cApp deployment, we have to identify the roles that can be acted by the current server.
+    The following property is used for that purpose. Any number of roles can be defined here.
+    Regular expressions can be used in the role.
+    Ex : <Role>.*</Role> means this server can act any role
+    -->
+    <ServerRoles>
+        <Role>IdentityServer</Role>
+    </ServerRoles>
+
+    <!-- uncommnet this line to subscribe to a bam instance automatically -->
+    <!--<BamServerURL>https://bamhost:bamport/services/</BamServerURL>-->
+
+    <!--
+       The fully qualified name of the server
+    -->
+    <Package>org.wso2.carbon</Package>
+
+    <!--
+       Webapp context root of WSO2 Carbon management console.
+    -->
+    <WebContextRoot>/</WebContextRoot>
+
+    <!--
+    	Proxy context path is a useful parameter to add a proxy path when a Carbon server is
fronted by reverse proxy. In addtion
+        to the proxy host and proxy port this parameter allows you add a path component to
external URLs. e.g.
+     		URL of the Carbon server -> https://10.100.1.1:9443/carbon
+   		URL of the reverse proxy -> https://prod.abc.com/appserver/carbon
+
+   	appserver - proxy context path. This specially required whenever you are generating URLs
to displace in
+   	Carbon UI components.
+    -->
+    <!--
+    	<MgtProxyContextPath></MgtProxyContextPath>
+    	<ProxyContextPath></ProxyContextPath>
+    -->
+
+    <!-- In-order to  get the registry http Port from the back-end when the default http
transport is not the same-->
+    <!--RegistryHttpPort>9763</RegistryHttpPort-->
+
+    <!--
+    Number of items to be displayed on a management console page. This is used at the
+    backend server for pagination of various items.
+    -->
+    <ItemsPerPage>15</ItemsPerPage>
+
+    <!-- The endpoint URL of the cloud instance management Web service -->
+    <!--<InstanceMgtWSEndpoint>https://ec2.amazonaws.com/</InstanceMgtWSEndpoint>-->
+
+    <!--
+       Ports used by this server
+    -->
+    <Ports>
+
+        <!-- Ports offset. This entry will set the value of the ports defined below to
+         the define value + Offset.
+         e.g. Offset=2 and HTTPS port=9443 will set the effective HTTPS port to 9445
+         -->
+        <Offset>0</Offset>
+
+        <!-- The JMX Ports -->
+        <JMX>
+            <!--The port RMI registry is exposed-->
+            <RMIRegistryPort>9999</RMIRegistryPort>
+            <!--The port RMI server should be exposed-->
+            <RMIServerPort>11111</RMIServerPort>
+        </JMX>
+
+        <!-- Embedded LDAP server specific ports -->
+        <EmbeddedLDAP>
+            <!-- Port which embedded LDAP server runs -->
+            <LDAPServerPort>10389</LDAPServerPort>
+            <!-- Port which KDC (Kerberos Key Distribution Center) server runs -->
+            <KDCServerPort>8000</KDCServerPort>
+        </EmbeddedLDAP>
+
+	<!--
+             Override datasources JNDIproviderPort defined in bps.xml and datasources.properties
files
+	-->
+	<!--<JNDIProviderPort>2199</JNDIProviderPort>-->
+	<!--Override receive port of thrift based entitlement service.-->
+	<ThriftEntitlementReceivePort>10500</ThriftEntitlementReceivePort>
+
+    <!--
+     This is the proxy port of the worker cluster. These need to be configured in a scenario
where
+     manager node is not exposed through the load balancer through which the workers are
exposed
+     therefore doesn't have a proxy port.
+    <WorkerHttpProxyPort>80</WorkerHttpProxyPort>
+    <WorkerHttpsProxyPort>443</WorkerHttpsProxyPort>
+    -->
+
+    </Ports>
+
+    <!--
+        JNDI Configuration
+    -->
+    <JNDI>
+        <!--
+             The fully qualified name of the default initial context factory
+        -->
+        <DefaultInitialContextFactory>org.wso2.carbon.tomcat.jndi.CarbonJavaURLContextFactory</DefaultInitialContextFactory>
+        <!--
+             The restrictions that are done to various JNDI Contexts in a Multi-tenant environment
+        -->
+        <Restrictions>
+            <!--
+                Contexts that will be available only to the super-tenant
+            -->
+            <!-- <SuperTenantOnly>
+                <UrlContexts>
+                    <UrlContext>
+                        <Scheme>foo</Scheme>
+                    </UrlContext>
+                    <UrlContext>
+                        <Scheme>bar</Scheme>
+                    </UrlContext>
+                </UrlContexts>
+            </SuperTenantOnly> -->
+            <!--
+                Contexts that are common to all tenants
+            -->
+            <AllTenants>
+                <UrlContexts>
+                    <UrlContext>
+                        <Scheme>java</Scheme>
+                    </UrlContext>
+                    <!-- <UrlContext>
+                        <Scheme>foo</Scheme>
+                    </UrlContext> -->
+                </UrlContexts>
+            </AllTenants>
+            <!--
+                 All other contexts not mentioned above will be available on a per-tenant
basis
+                 (i.e. will not be shared among tenants)
+            -->
+        </Restrictions>
+    </JNDI>
+
+    <!--
+        Property to determine if the server is running an a cloud deployment environment.
+        This property should only be used to determine deployment specific details that are
+        applicable only in a cloud deployment, i.e when the server deployed *-as-a-service.
+    -->
+    <IsCloudDeployment>false</IsCloudDeployment>
+
+    <!--
+	Property to determine whether usage data should be collected for metering purposes
+    -->
+    <EnableMetering>false</EnableMetering>
+
+    <!-- The Max time a thread should take for execution in seconds -->
+    <MaxThreadExecutionTime>600</MaxThreadExecutionTime>
+
+    <!--
+        A flag to enable or disable Ghost Deployer. By default this is set to false. That
is
+        because the Ghost Deployer works only with the HTTP/S transports. If you are using
+        other transports, don't enable Ghost Deployer.
+    -->
+    <GhostDeployment>
+        <Enabled>false</Enabled>
+    </GhostDeployment>
+
+
+    <!--
+        Eager loading or lazy loading is a design pattern commonly used in computer programming
which
+        will initialize an object upon creation or load on-demand. In carbon, lazy loading
is used to
+        load tenant when a request is received only. Similarly Eager loading is used to enable
load
+        existing tenants after carbon server starts up. Using this feature, you will be able
to include
+        or exclude tenants which are to be loaded when server startup.
+
+        We can enable only one LoadingPolicy at a given time.
+
+        1. Tenant Lazy Loading
+           This is the default behaviour and enabled by default. With this policy, tenants
are not loaded at
+           server startup, but loaded based on-demand (i.e when a request is received for
a tenant).
+           The default tenant idle time is 30 minutes.
+
+        2. Tenant Eager Loading
+           This is by default not enabled. It can be be enabled by un-commenting the <EagerLoading>
section.
+           The eager loading configurations supported are as below. These configurations
can be given as the
+           value for <Include> element with eager loading.
+                (i)Load all tenants when server startup             -   *
+                (ii)Load all tenants except foo.com & bar.com       -   *,!foo.com,!bar.com
+                (iii)Load only foo.com &  bar.com to be included    -   foo.com,bar.com
+    -->
+    <Tenant>
+        <LoadingPolicy>
+            <LazyLoading>
+                <IdleTime>30</IdleTime>
+            </LazyLoading>
+            <!-- <EagerLoading>
+                   <Include>*,!foo.com,!bar.com</Include>
+            </EagerLoading>-->
+        </LoadingPolicy>
+    </Tenant>
+
+    <!--
+     Caching related configurations
+    -->
+    <Cache>
+        <!-- Default cache timeout in minutes -->
+        <DefaultCacheTimeout>15</DefaultCacheTimeout>
+    </Cache>
+
+    <!--
+    Axis2 related configurations
+    -->
+    <Axis2Config>
+        <!--
+             Location of the Axis2 Services & Modules repository
+
+             This can be a directory in the local file system, or a URL.
+
+             e.g.
+             1. /home/wso2wsas/repository/ - An absolute path
+             2. repository - In this case, the path is relative to CARBON_HOME
+             3. file:///home/wso2wsas/repository/
+             4. http://wso2wsas/repository/
+        -->
+        <RepositoryLocation>${carbon.home}/repository/deployment/server/</RepositoryLocation>
+
+        <!--
+         Deployment update interval in seconds. This is the interval between repository listener
+         executions.
+        -->
+        <DeploymentUpdateInterval>15</DeploymentUpdateInterval>
+
+        <!--
+            Location of the main Axis2 configuration descriptor file, a.k.a. axis2.xml file
+
+            This can be a file on the local file system, or a URL
+
+            e.g.
+            1. /home/repository/axis2.xml - An absolute path
+            2. conf/axis2.xml - In this case, the path is relative to CARBON_HOME
+            3. file:///home/carbon/repository/axis2.xml
+            4. http://repository/conf/axis2.xml
+        -->
+        <ConfigurationFile>${carbon.home}/repository/conf/axis2/axis2.xml</ConfigurationFile>
+
+        <!--
+          ServiceGroupContextIdleTime, which will be set in ConfigurationContex
+          for multiple clients which are going to access the same ServiceGroupContext
+          Default Value is 30 Sec.
+        -->
+        <ServiceGroupContextIdleTime>30000</ServiceGroupContextIdleTime>
+
+        <!--
+          This repository location is used to crete the client side configuration
+          context used by the server when calling admin services.
+        -->
+        <ClientRepositoryLocation>${carbon.home}/repository/deployment/client/</ClientRepositoryLocation>
+        <!-- This axis2 xml is used in createing the configuration context by the FE server
+         calling to BE server -->
+        <clientAxis2XmlLocation>${carbon.home}/repository/conf/axis2/axis2_client.xml</clientAxis2XmlLocation>
+        <!-- If this parameter is set, the ?wsdl on an admin service will not give the
admin service wsdl. -->
+        <HideAdminServiceWSDLs>true</HideAdminServiceWSDLs>
+
+	<!--WARNING-Use With Care! Uncommenting bellow parameter would expose all AdminServices
in HTTP transport.
+	With HTTP transport your credentials and data routed in public channels are vulnerable for
sniffing attacks.
+	Use bellow parameter ONLY if your communication channels are confirmed to be secured by
other means -->
+        <!--HttpAdminServices>*</HttpAdminServices-->
+
+    </Axis2Config>
+
+    <!--
+       The default user roles which will be created when the server
+       is started up for the first time.
+    -->
+    <ServiceUserRoles>
+        <Role>
+            <Name>admin</Name>
+            <Description>Default Administrator Role</Description>
+        </Role>
+        <Role>
+            <Name>user</Name>
+            <Description>Default User Role</Description>
+        </Role>
+    </ServiceUserRoles>
+
+    <!--
+      Enable following config to allow Emails as usernames.
+    -->
+    <!--EnableEmailUserName>true</EnableEmailUserName-->
+
+    <!--
+      Security configurations
+    -->
+    <Security>
+        <!--
+            KeyStore which will be used for encrypting/decrypting passwords
+            and other sensitive information.
+        -->
+        <KeyStore>
+            <!-- Keystore file location-->
+            <Location>${carbon.home}/repository/resources/security/wso2carbon.jks</Location>
+            <!-- Keystore type (JKS/PKCS12 etc.)-->
+            <Type>JKS</Type>
+            <!-- Keystore password-->
+            <Password>wso2carbon</Password>
+            <!-- Private Key alias-->
+            <KeyAlias>wso2carbon</KeyAlias>
+            <!-- Private Key password-->
+            <KeyPassword>wso2carbon</KeyPassword>
+        </KeyStore>
+
+        <!--
+            System wide trust-store which is used to maintain the certificates of all
+            the trusted parties.
+        -->
+        <TrustStore>
+            <!-- trust-store file location -->
+            <Location>${carbon.home}/repository/resources/security/client-truststore.jks</Location>
+            <!-- trust-store type (JKS/PKCS12 etc.) -->
+            <Type>JKS</Type>
+            <!-- trust-store password -->
+            <Password>wso2carbon</Password>
+        </TrustStore>
+
+        <!--
+            The Authenticator configuration to be used at the JVM level. We extend the
+            java.net.Authenticator to make it possible to authenticate to given servers and
+            proxies.
+        -->
+        <NetworkAuthenticatorConfig>
+            <!--
+                Below is a sample configuration for a single authenticator. Please note that
+                all child elements are mandatory. Not having some child elements would lead
to
+                exceptions at runtime.
+            -->
+            <!-- <Credential> -->
+                <!--
+                    the pattern that would match a subset of URLs for which this authenticator
+                    would be used
+                -->
+                <!-- <Pattern>regularExpression</Pattern> -->
+                <!--
+                    the type of this authenticator. Allowed values are:
+                    1. server
+                    2. proxy
+                -->
+                <!-- <Type>proxy</Type> -->
+                <!-- the username used to log in to server/proxy -->
+                <!-- <Username>username</Username> -->
+                <!-- the password used to log in to server/proxy -->
+                <!-- <Password>password</Password> -->
+            <!-- </Credential> -->
+        </NetworkAuthenticatorConfig>
+
+        <!--
+         The Tomcat realm to be used for hosted Web applications. Allowed values are;
+         1. UserManager
+         2. Memory
+
+         If this is set to 'UserManager', the realm will pick users & roles from the
system's
+         WSO2 User Manager. If it is set to 'memory', the realm will pick users & roles
from
+         CARBON_HOME/repository/conf/tomcat/tomcat-users.xml
+        -->
+        <TomcatRealm>UserManager</TomcatRealm>
+
+	<!--Option to disable storing of tokens issued by STS-->
+	<DisableTokenStore>false</DisableTokenStore>
+
+	<!--
+	 Security token store class name. If this is not set, default class will be
+	 org.wso2.carbon.security.util.SecurityTokenStore
+	-->
+	<TokenStoreClassName>org.wso2.carbon.identity.sts.store.DBTokenStore</TokenStoreClassName>
+
+
+
+        <!-- Configurations to avoid Cross Site Request Forgery vulnerabilities -->
+        <CSRFPreventionConfig>
+            <!-- CSRFPreventionFilter configurations that adopts Synchronizer Token Pattern
-->
+            <CSRFPreventionFilter>
+                <!-- Set below to true to enable the CSRFPreventionFilter -->
+                <Enabled>false</Enabled>
+                <!-- Url Pattern to skip application of CSRF protection-->
+                <SkipUrlPattern>(.*)(/images|/css|/js|/docs)(.*)</SkipUrlPattern>
+            </CSRFPreventionFilter>
+        </CSRFPreventionConfig>
+
+        <!-- Configuration to enable or disable CR and LF sanitization filter-->
+        <CRLFPreventionConfig>
+            <!--Set below to true to enable the CRLFPreventionFilter-->
+            <Enabled>true</Enabled>
+        </CRLFPreventionConfig>
+    </Security>
+
+    <!--
+       The temporary work directory
+    -->
+    <WorkDirectory>${carbon.home}/tmp/work</WorkDirectory>
+
+    <!--
+       House-keeping configuration
+    -->
+    <HouseKeeping>
+
+        <!--
+           true  - Start House-keeping thread on server startup
+           false - Do not start House-keeping thread on server startup.
+                   The user will run it manually as and when he wishes.
+        -->
+        <AutoStart>true</AutoStart>
+
+        <!--
+           The interval in *minutes*, between house-keeping runs
+        -->
+        <Interval>10</Interval>
+
+        <!--
+          The maximum time in *minutes*, temp files are allowed to live
+          in the system. Files/directories which were modified more than
+          "MaxTempFileLifetime" minutes ago will be removed by the
+          house-keeping task
+        -->
+        <MaxTempFileLifetime>30</MaxTempFileLifetime>
+    </HouseKeeping>
+
+    <!--
+       Configuration for handling different types of file upload & other file uploading
related
+       config parameters.
+       To map all actions to a particular FileUploadExecutor, use
+       <Action>*</Action>
+    -->
+    <FileUploadConfig>
+        <!--
+           The total file upload size limit in MB
+        -->
+        <TotalFileSizeLimit>100</TotalFileSizeLimit>
+
+        <Mapping>
+            <Actions>
+                <Action>keystore</Action>
+                <Action>certificate</Action>
+                <Action>*</Action>
+            </Actions>
+            <Class>org.wso2.carbon.ui.transports.fileupload.AnyFileUploadExecutor</Class>
+        </Mapping>
+
+        <Mapping>
+            <Actions>
+                <Action>jarZip</Action>
+            </Actions>
+            <Class>org.wso2.carbon.ui.transports.fileupload.JarZipUploadExecutor</Class>
+        </Mapping>
+        <Mapping>
+            <Actions>
+                <Action>dbs</Action>
+            </Actions>
+            <Class>org.wso2.carbon.ui.transports.fileupload.DBSFileUploadExecutor</Class>
+        </Mapping>
+        <Mapping>
+            <Actions>
+                <Action>tools</Action>
+            </Actions>
+            <Class>org.wso2.carbon.ui.transports.fileupload.ToolsFileUploadExecutor</Class>
+        </Mapping>
+        <Mapping>
+            <Actions>
+                <Action>toolsAny</Action>
+            </Actions>
+            <Class>org.wso2.carbon.ui.transports.fileupload.ToolsAnyFileUploadExecutor</Class>
+        </Mapping>
+    </FileUploadConfig>
+
+    <!-- FileNameRegEx is used to validate the file input/upload/write-out names.
+    e.g.
+     <FileNameRegEx>^(?!(?:CON|PRN|AUX|NUL|COM[1-9]|LPT[1-9])(?:\.[^.])?$)[^&lt;&gt:"/\\|?*\x00-\x1F][^&lt;&gt:"/\\|?*\x00-\x1F\
.]$</FileNameRegEx>
+    -->
+    <!--<FileNameRegEx></FileNameRegEx>-->
+
+    <!--
+       Processors which process special HTTP GET requests such as ?wsdl, ?policy etc.
+
+       In order to plug in a processor to handle a special request, simply add an entry to
this
+       section.
+
+       The value of the Item element is the first parameter in the query string(e.g. ?wsdl)
+       which needs special processing
+
+       The value of the Class element is a class which implements
+       org.wso2.carbon.transport.HttpGetRequestProcessor
+    -->
+    <HttpGetRequestProcessors>
+        <Processor>
+            <Item>info</Item>
+            <Class>org.wso2.carbon.core.transports.util.InfoProcessor</Class>
+        </Processor>
+        <Processor>
+            <Item>wsdl</Item>
+            <Class>org.wso2.carbon.core.transports.util.Wsdl11Processor</Class>
+        </Processor>
+        <Processor>
+            <Item>wsdl2</Item>
+            <Class>org.wso2.carbon.core.transports.util.Wsdl20Processor</Class>
+        </Processor>
+        <Processor>
+            <Item>xsd</Item>
+            <Class>org.wso2.carbon.core.transports.util.XsdProcessor</Class>
+        </Processor>
+    </HttpGetRequestProcessors>
+
+    <!-- Deployment Synchronizer Configuration. t Enabled value to true when running with
"svn based" dep sync.
+	In master nodes you need to set both AutoCommit and AutoCheckout to true
+	and in  worker nodes set only AutoCheckout to true.
+    -->
+    <DeploymentSynchronizer>
+        <Enabled>false</Enabled>
+        <AutoCommit>false</AutoCommit>
+        <AutoCheckout>true</AutoCheckout>
+        <RepositoryType>svn</RepositoryType>
+        <SvnUrl>http://svnrepo.example.com/repos/</SvnUrl>
+        <SvnUser>username</SvnUser>
+        <SvnPassword>password</SvnPassword>
+        <SvnUrlAppendTenantId>true</SvnUrlAppendTenantId>
+    </DeploymentSynchronizer>
+
+    <!-- Deployment Synchronizer Configuration. Uncomment the following section when running
with "registry based" dep sync.
+        In master nodes you need to set both AutoCommit and AutoCheckout to true
+        and in  worker nodes set only AutoCheckout to true.
+    -->
+    <!--<DeploymentSynchronizer>
+        <Enabled>true</Enabled>
+        <AutoCommit>false</AutoCommit>
+        <AutoCheckout>true</AutoCheckout>
+    </DeploymentSynchronizer>-->
+
+    <!-- Mediation persistence configurations. Only valid if mediation features are available
i.e. ESB -->
+    <!--<MediationConfig>
+        <LoadFromRegistry>false</LoadFromRegistry>
+        <SaveToFile>false</SaveToFile>
+        <Persistence>enabled</Persistence>
+        <RegistryPersistence>enabled</RegistryPersistence>
+    </MediationConfig>-->
+
+    <!--
+    Server intializing code, specified as implementation classes of org.wso2.carbon.core.ServerInitializer.
+    This code will be run when the Carbon server is initialized
+    -->
+    <ServerInitializers>
+        <!--<Initializer></Initializer>-->
+    </ServerInitializers>
+
+    <!--
+    Indicates whether the Carbon Servlet is required by the system, and whether it should
be
+    registered
+    -->
+    <RequireCarbonServlet>${require.carbon.servlet}</RequireCarbonServlet>
+
+    <!--
+    Carbon H2 OSGI Configuration
+    By default non of the servers start.
+        name="web" - Start the web server with the H2 Console
+        name="webPort" - The port (default: 8082)
+        name="webAllowOthers" - Allow other computers to connect
+        name="webSSL" - Use encrypted (HTTPS) connections
+        name="tcp" - Start the TCP server
+        name="tcpPort" - The port (default: 9092)
+        name="tcpAllowOthers" - Allow other computers to connect
+        name="tcpSSL" - Use encrypted (SSL) connections
+        name="pg" - Start the PG server
+        name="pgPort"  - The port (default: 5435)
+        name="pgAllowOthers"  - Allow other computers to connect
+        name="trace" - Print additional trace information; for all servers
+        name="baseDir" - The base directory for H2 databases; for all servers
+    -->
+    <!--H2DatabaseConfiguration>
+        <property name="web" />
+        <property name="webPort">8082</property>
+        <property name="webAllowOthers" />
+        <property name="webSSL" />
+        <property name="tcp" />
+        <property name="tcpPort">9092</property>
+        <property name="tcpAllowOthers" />
+        <property name="tcpSSL" />
+        <property name="pg" />
+        <property name="pgPort">5435</property>
+        <property name="pgAllowOthers" />
+        <property name="trace" />
+        <property name="baseDir">${carbon.home}</property>
+    </H2DatabaseConfiguration-->
+    <!--Disabling statistics reporter by default-->
+    <StatisticsReporterDisabled>true</StatisticsReporterDisabled>
+
+    <!-- Enable accessing Admin Console via HTTP -->
+    <!-- EnableHTTPAdminConsole>true</EnableHTTPAdminConsole -->
+
+    <!--
+       Default Feature Repository of WSO2 Carbon.
+    -->
+    <FeatureRepository>
+	    <RepositoryName>default repository</RepositoryName>
+	    <RepositoryURL>http://product-dist.wso2.com/p2/carbon/releases/wilkes/</RepositoryURL>
+    </FeatureRepository>
+
+    <!--
+	Configure API Management
+   -->
+   <APIManagement>
+
+	<!--Uses the embedded API Manager by default. If you want to use an external
+	API Manager instance to manage APIs, configure below  externalAPIManager-->
+
+	<Enabled>true</Enabled>
+
+	<!--Uncomment and configure API Gateway and
+	Publisher URLs to use external API Manager instance-->
+
+	<!--ExternalAPIManager>
+
+		<APIGatewayURL>http://localhost:8281</APIGatewayURL>
+		<APIPublisherURL>http://localhost:8281/publisher</APIPublisherURL>
+
+	</ExternalAPIManager-->
+
+	<LoadAPIContextsInServerStartup>true</LoadAPIContextsInServerStartup>
+   </APIManagement>
+</Server>

http://git-wip-us.apache.org/repos/asf/airavata/blob/93ec75b6/roles/wso2_is/vars/main.yml
----------------------------------------------------------------------
diff --git a/roles/wso2_is/vars/main.yml b/roles/wso2_is/vars/main.yml
new file mode 100644
index 0000000..f7b4eb7
--- /dev/null
+++ b/roles/wso2_is/vars/main.yml
@@ -0,0 +1,18 @@
+---
+#Variables associated with this role
+# Oracle Java 8
+java_dir_source: "/usr/local/src"
+
+java_version: 8
+java_version_update: 91
+java_version_build: '14'
+java_version_string: "1.{{ java_version }}.0_{{ java_version_update }}"
+java_home: "/usr/java/jdk1.{{ java_version }}.0_{{ java_version_update }}"
+
+java_rpm_filename: "jdk-{{ java_version }}u{{ java_version_update }}-linux-x64.rpm"
+java_rpm_url: "http://download.oracle.com/otn-pub/java/jdk/{{ java_version }}u{{ java_version_update
}}-b{{ java_version_build }}/{{ java_rpm_filename }}"
+
+wso2_is_rul: http://wso2.com/products/identity-server/#download
+wso2_is_dist: wso2is-5.1.0.zip
+wso2_is_dir: wso2is-5.1.0
+...

http://git-wip-us.apache.org/repos/asf/airavata/blob/93ec75b6/site.yml
----------------------------------------------------------------------
diff --git a/site.yml b/site.yml
index 63c2fae..0de15ef 100644
--- a/site.yml
+++ b/site.yml
@@ -36,4 +36,8 @@
   roles:
     - database
 
+- hosts: wso2is
+  tags: wso2is
+  roles:
+    - wso2_is
 ...


Mime
View raw message