airavata-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From scnakand...@apache.org
Subject [16/50] [abbrv] airavata git commit: Imported ansible-airavata repo to airavata repo
Date Mon, 03 Oct 2016 15:38:36 GMT
Imported ansible-airavata repo to airavata repo


Project: http://git-wip-us.apache.org/repos/asf/airavata/repo
Commit: http://git-wip-us.apache.org/repos/asf/airavata/commit/514567c8
Tree: http://git-wip-us.apache.org/repos/asf/airavata/tree/514567c8
Diff: http://git-wip-us.apache.org/repos/asf/airavata/diff/514567c8

Branch: refs/heads/airavata-gov-registry
Commit: 514567c8baeb61846c198a7b111f988bab037284
Parents: 7071ef1 f513f56
Author: Shameera Rathnayaka <shameerainfo@gmail.com>
Authored: Fri Sep 23 21:55:35 2016 -0400
Committer: Shameera Rathnayaka <shameerainfo@gmail.com>
Committed: Fri Sep 23 21:58:00 2016 -0400

----------------------------------------------------------------------
 dev-tools/ansible/NOTE                          |   5 +
 dev-tools/ansible/README.md                     |  31 +
 dev-tools/ansible/group_vars/all.yml            |  88 +++
 dev-tools/ansible/hosts                         |  26 +
 .../files/mysql-connector-java-5.1.37-bin.jar   | Bin 0 -> 985603 bytes
 .../ansible/roles/api-orch/handlers/main.yml    |  14 +
 dev-tools/ansible/roles/api-orch/tasks/main.yml |  71 ++
 .../templates/airavata-server.properties.j2     | 281 ++++++++
 .../api-orch/templates/gfac-config.yaml.j2      | 111 +++
 .../ansible/roles/common/files/airavata.jks     | Bin 0 -> 2289 bytes
 .../ansible/roles/common/files/airavata_sym.jks | Bin 0 -> 501 bytes
 dev-tools/ansible/roles/common/tasks/main.yml   |  55 ++
 dev-tools/ansible/roles/common/vars/main.yml    |   4 +
 .../ansible/roles/database/handlers/main.yml    |  14 +
 dev-tools/ansible/roles/database/tasks/main.yml |  60 ++
 .../roles/database/tasks/secure_install.yml     |  23 +
 .../ansible/roles/database/templates/my.cnf.j2  |   4 +
 dev-tools/ansible/roles/database/vars/main.yml  |  21 +
 .../ansible/roles/env_setup/tasks/main.yml      |  28 +
 .../ansible/roles/env_setup/tasks/redhat.yml    |  12 +
 .../files/mysql-connector-java-5.1.37-bin.jar   | Bin 0 -> 985603 bytes
 dev-tools/ansible/roles/gfac/handlers/main.yml  |   8 +
 dev-tools/ansible/roles/gfac/tasks/main.yml     |  67 ++
 .../templates/airavata-server.properties.j2     | 281 ++++++++
 .../roles/gfac/templates/gfac-config.yaml.j2    | 111 +++
 dev-tools/ansible/roles/java/tasks/main.yml     |  21 +
 dev-tools/ansible/roles/java/vars/main.yml      |  15 +
 dev-tools/ansible/roles/pga/handlers/main.yml   |  13 +
 dev-tools/ansible/roles/pga/tasks/main.yml      | 112 +++
 .../ansible/roles/pga/templates/httpd.conf.j2   | 353 ++++++++++
 .../roles/pga/templates/pga_config.php.j2       | 248 +++++++
 dev-tools/ansible/roles/pga/vars/main.yml       |  30 +
 .../ansible/roles/rabbitmq/handlers/main.yml    |  13 +
 dev-tools/ansible/roles/rabbitmq/tasks/main.yml |  60 ++
 dev-tools/ansible/roles/rabbitmq/vars/main.yml  |   2 +
 .../files/mysql-connector-java-5.1.37-bin.jar   | Bin 0 -> 985603 bytes
 dev-tools/ansible/roles/registry/tasks/main.yml |  59 ++
 .../templates/airavata-server.properties.j2     | 281 ++++++++
 dev-tools/ansible/roles/wso2_is/tasks/main.yml  |  41 ++
 .../roles/wso2_is/templates/carbon.xml.j2       | 688 +++++++++++++++++++
 dev-tools/ansible/roles/wso2_is/vars/main.yml   |  18 +
 .../ansible/roles/zookeeper/handlers/main.yml   |  12 +
 .../ansible/roles/zookeeper/tasks/main.yml      |  34 +
 .../roles/zookeeper/templates/zoo.cfg.j2        |  28 +
 .../zookeeper/templates/zookeeper.service.j2    |  15 +
 dev-tools/ansible/roles/zookeeper/vars/main.yml |  17 +
 dev-tools/ansible/site.yml                      |  76 ++
 47 files changed, 3451 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/airavata/blob/514567c8/dev-tools/ansible/NOTE
----------------------------------------------------------------------
diff --cc dev-tools/ansible/NOTE
index 0000000,0000000..b4979b5
new file mode 100644
--- /dev/null
+++ b/dev-tools/ansible/NOTE
@@@ -1,0 -1,0 +1,5 @@@
++#Bind to 'hostname -f' output to access from outside.
++
++#aws
++add new tcp rule under associate security group to open ports
++disable or add firewall rule to open ports

http://git-wip-us.apache.org/repos/asf/airavata/blob/514567c8/dev-tools/ansible/README.md
----------------------------------------------------------------------
diff --cc dev-tools/ansible/README.md
index 0000000,0000000..f497fb5
new file mode 100644
--- /dev/null
+++ b/dev-tools/ansible/README.md
@@@ -1,0 -1,0 +1,31 @@@
++# airavata-ansible
++
++Ansible script to deploy Apache Airavata
++
++## Support OS
++
++- Centos 7
++
++## Roles
++
++- **env_setup** :- Create user and group, install oracle java 8
++- **zookeeper** :- Download and install zookeeper.
++- **rabbitmq** :- Download and install rabbitmq as service.
++- **common** :- Checkout Airavata source from git and run maven build. Move keystore files.
++- **gfac** :- Setup Gfac deployment and Change configurations.
++- **api-orch** :- Setup Api-Orch deployment and Change configurations.
++- **pga** :- Deploy Airavata PHP Gateway._(Under development)_
++
++## Useful commands
++
++- `ansible-playbook -i hosts site.yml`
++- `ansible-playbook -i hosts site.yml -t "tags"`
++- `ansible-playbook -i hosts site.yml --start-at-task="name of the ansible task"`
++
++To deploy pga run following. see site.yml (playbook) file for other available tags.
++
++- `ansible-playbook -i hosts site.yml -t "pga"`
++
++## Configurations
++
++- Set correct private key file to `ansible_ssh_private_key_file` property in group_vars/all

http://git-wip-us.apache.org/repos/asf/airavata/blob/514567c8/dev-tools/ansible/group_vars/all.yml
----------------------------------------------------------------------
diff --cc dev-tools/ansible/group_vars/all.yml
index 0000000,0000000..5a159c3
new file mode 100644
--- /dev/null
+++ b/dev-tools/ansible/group_vars/all.yml
@@@ -1,0 -1,0 +1,88 @@@
++---
++ansible_connection: ssh
++# ansible_ssh_user: centos
++ansible_ssh_user: root
++ansible_ssh_private_key_file: /Users/syodage/Projects/airavata-ansible/dev-deployment-key.pem
++# ansible_ssh_private_key_file: /Users/syodage/Projects/airavata-ansible/shameera-aws.pem.txt
++
++user: centos
++group: centos
++user_home: "/home/{{ user }}"
++
++# deployment related variables
++deployment_dir: "{{ user_home }}/dev-deployment"
++airavata_source_dir: "{{ user_home }}/source"
++airavata_dist: "apache-airavata-server-0.17-SNAPSHOT"
++airavata_dist_name: "{{ airavata_dist }}-bin.tar.gz"
++git_branch: develop
++
++# Database related variables
++db_server: "{{ groups['database'][0] }}"
++db_server_port: "3306"
++db_user: "airavata"
++db_password: "airavata"
++app_catalog: "app_catalog"
++exp_catalog: "exp_catalog"
++replica_catalog: "replica_catalog"
++workflow_catalog: "wf_catalog"
++credential_store: "credential_store"
++
++mysql_connector_jar: "mysql-connector-java-5.1.37-bin.jar"
++
++# Rabbitmq related vareables
++rabbitmq_server: "{{ groups['rabbitmq'][0] }}"
++rabbitmq_vhost: "develop"
++rabbitmq_user: "airavata"
++rabbitmq_password: "airavata"
++rabbitmq_port: "5672"
++rabbitmq_broker_url: "amqp://{{ rabbitmq_user }}:{{ rabbitmq_password }}@{{ rabbitmq_server}}:{{ rabbitmq_port }}/{{ rabbitmq_vhost }}"
++
++# Zoookeeper related variables
++zookeeper_client_port: 2181
++zookeeper_url: "{{ groups['zookeeper'][0] }}:{{ zookeeper_client_port }}"
++# API Server related variables
++api_server_name: "apiserver-node0"
++api_server_host: "{{ansible_fqdn}}"
++api_server_port: "8930"
++api_secured: "false"
++tls_enable: "false"
++api_server_tls_port: "9930"
++enable_sharing: "false"
++
++# Orchestrator  related variables
++orchestrator_name: "orchestrator-node0"
++orchestrator_host: "{{ansible_fqdn}}"
++orchestrator_port: "8940"
++api_orch_dir: "{{ deployment_dir }}/api-orchestrator"
++
++# registry related variables
++registry_name: regserver-node0
++registry_host: "{{groups['registry'][0]}}"
++registry_port: 8970
++registry_dir: "{{ deployment_dir }}/registry"
++default_gateway: "php_reference_gateway"
++
++# Credential and keystore related variables
++#authorization_server: "https://{{ groups['wso2is'][0]}}:9443/services/"
++authorization_server: "https://idp.scigap.org:9443/services/"
++keystore: "airavata.jks"
++keystore_passwd: "airavata"
++#client_truststore: "client_truststore.jks"
++client_truststore: "airavata.jks"
++client_truststore_passwd: "airavata"
++cred_keystore: "airavata_sym.jks"
++cred_keystore_passwd: "airavata"
++cred_keystore_alias: "airavata"
++cred_store_server_host: "{{ ansible_fqdn }}"
++cred_store_port: "8960"
++keystores_location: "{{ deployment_dir }}/keystores"
++
++# Gfac related variables
++gfac_name: "gfac-node0"
++gfac_host: "{{ ansible_fqdn }}"
++gfac_port: "8950"
++gfac_dir: "{{ deployment_dir }}/gfac-instance"
++
++# Monitoring variables
++monitor_email_address: "test.airavata@gmail.com"
++monitor_email_password: "airavata"

http://git-wip-us.apache.org/repos/asf/airavata/blob/514567c8/dev-tools/ansible/hosts
----------------------------------------------------------------------
diff --cc dev-tools/ansible/hosts
index 0000000,0000000..4fc8675
new file mode 100644
--- /dev/null
+++ b/dev-tools/ansible/hosts
@@@ -1,0 -1,0 +1,26 @@@
++---
++# inventory file : production
++
++[zookeeper]
++54.221.13.4
++
++[rabbitmq]
++54.221.13.4
++
++[database]
++54.196.189.115
++
++[wso2is]
++#52.87.209.219
++
++[registry]
++54.89.119.195
++
++[api-orch]
++54.89.119.195
++
++[gfac]
++54.165.169.111
++
++[pga]
++#54.237.220.234

http://git-wip-us.apache.org/repos/asf/airavata/blob/514567c8/dev-tools/ansible/roles/api-orch/files/mysql-connector-java-5.1.37-bin.jar
----------------------------------------------------------------------
diff --cc dev-tools/ansible/roles/api-orch/files/mysql-connector-java-5.1.37-bin.jar
index 0000000,0000000..465af67
new file mode 100644
Binary files differ

http://git-wip-us.apache.org/repos/asf/airavata/blob/514567c8/dev-tools/ansible/roles/api-orch/handlers/main.yml
----------------------------------------------------------------------
diff --cc dev-tools/ansible/roles/api-orch/handlers/main.yml
index 0000000,0000000..a2288d9
new file mode 100644
--- /dev/null
+++ b/dev-tools/ansible/roles/api-orch/handlers/main.yml
@@@ -1,0 -1,0 +1,14 @@@
++---
++
++# Api server, Orchestrator related handlers
++- name: start api-orch
++  command: ./bin/airavata-server-start.sh api-orch -d
++           chdir="{{ api_orch_dir }}/{{ airavata_dist }}/"
++           creates="{{ api_orch_dir }}/{{ airavata_dist }}/bin/server_start_*"
++
++- name: stop api-orch
++  command: ./bin/airavata-server-stop.sh -f
++           chdir="{{ api_orch_dir }}/{{ airavata_dist }}/"
++           removes="{{ api_orch_dir }}/{{ airavata_dist }}/bin/server_start_*"
++
++...

http://git-wip-us.apache.org/repos/asf/airavata/blob/514567c8/dev-tools/ansible/roles/api-orch/tasks/main.yml
----------------------------------------------------------------------
diff --cc dev-tools/ansible/roles/api-orch/tasks/main.yml
index 0000000,0000000..c9c5227
new file mode 100644
--- /dev/null
+++ b/dev-tools/ansible/roles/api-orch/tasks/main.yml
@@@ -1,0 -1,0 +1,71 @@@
++---
++################################################################################
++# api-orch deployment
++- name: Create api-orchestrator deployment directory
++  file: path="{{ api_orch_dir }}" state=directory owner="{{ user }}" group="{{ group }}"
++  when: build|success
++
++- name: Check previous deployments
++  stat: path="{{ api_orch_dir }}/{{ airavata_dist }}" get_md5=no get_checksum=no
++  register: check
++
++- name: stop api-orch
++  command: ./bin/airavata-server-stop.sh -f
++            chdir="{{ api_orch_dir }}/{{ airavata_dist }}/"
++            removes="{{ api_orch_dir }}/{{ airavata_dist }}/bin/server_start_*"
++  when: check.stat.exists == True
++
++- name: Delete previous deployments
++  file: path="{{ api_orch_dir }}/{{ airavata_dist }}" state=absent
++
++- name: Copy distribution to api-orcheatrator deployment directory
++  unarchive: src="{{ airavata_source_dir }}/modules/distribution/target/{{ airavata_dist_name }}"
++             dest="{{ api_orch_dir }}/"
++             copy=no
++
++- name: set api-orch private ip
++  set_fact:
++    api_server_host: "{{ ansible_eth0.ipv4.address }}"
++    orchestrator_host: "{{ ansible_eth0.ipv4.address }}"
++    cred_store_server_host: "{{ ansible_eth0.ipv4.address }}"
++
++
++- name: Copy Airavata server properties file
++  template: src=airavata-server.properties.j2
++            dest="{{ api_orch_dir }}/{{ airavata_dist }}/bin/airavata-server.properties"
++            owner={{ user }}
++            group={{ group }}
++            mode="u=rw,g=r,o=r"
++
++- name: Copy Gfac configuration file
++  template: src=gfac-config.yaml.j2
++            dest="{{ api_orch_dir }}/{{ airavata_dist }}/bin/gfac-config.yaml"
++            owner={{ user }}
++            group={{ group }}
++            mode="u=rw,g=r,o=r"
++
++- name: Copy Mysql jar to lib
++  copy: src={{ mysql_connector_jar }}
++        dest="{{ api_orch_dir }}/{{ airavata_dist }}/lib/{{ mysql_connector_jar }}"
++        owner={{ user }}
++        group={{ group }}
++
++- name: Open firwall ports
++  firewalld: port={{ item }} zone=public permanent=true state=enabled immediate=yes
++  with_items:
++    - "{{ api_server_port }}/tcp"
++    - "{{ orchestrator_port }}/tcp"
++    - "{{ cred_store_port }}/tcp"
++  become_user: root
++
++- name: stop api-orch
++  command: ./bin/airavata-server-stop.sh -f
++           chdir="{{ api_orch_dir }}/{{ airavata_dist }}/"
++           removes="{{ api_orch_dir }}/{{ airavata_dist }}/bin/server_start_*"
++
++- name: start api-orch
++  command: ./bin/airavata-server-start.sh api-orch -d
++           chdir="{{ api_orch_dir }}/{{ airavata_dist }}/"
++           creates="{{ api_orch_dir }}/{{ airavata_dist }}/bin/server_start_*"
++
++...

http://git-wip-us.apache.org/repos/asf/airavata/blob/514567c8/dev-tools/ansible/roles/api-orch/templates/airavata-server.properties.j2
----------------------------------------------------------------------
diff --cc dev-tools/ansible/roles/api-orch/templates/airavata-server.properties.j2
index 0000000,0000000..b8d093e
new file mode 100644
--- /dev/null
+++ b/dev-tools/ansible/roles/api-orch/templates/airavata-server.properties.j2
@@@ -1,0 -1,0 +1,281 @@@
++#
++#
++# Licensed to the Apache Software Foundation (ASF) under one
++# or more contributor license agreements.  See the NOTICE file
++# distributed with this work for additional information
++# regarding copyright ownership.  The ASF licenses this file
++# to you under the Apache License, Version 2.0 (the
++# "License"); you may not use this file except in compliance
++# with the License.  You may obtain a copy of the License at
++#
++#   http://www.apache.org/licenses/LICENSE-2.0
++#
++# Unless required by applicable law or agreed to in writing,
++# software distributed under the License is distributed on an
++# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
++# KIND, either express or implied.  See the License for the
++# specific language governing permissions and limitations
++# under the License.
++#
++
++###########################################################################
++#
++#  This properties file provides configuration for all Airavata Services:
++#  API Server, Registry, Workflow Interpreter, GFac, Orchestrator
++#
++###########################################################################
++
++###########################################################################
++#  API Server Registry Configuration
++###########################################################################
++
++#for derby [AiravataJPARegistry]
++#registry.jdbc.driver=org.apache.derby.jdbc.ClientDriver
++#registry.jdbc.url=jdbc:derby://localhost:1527/experiment_catalog;create=true;user=airavata;password=airavata
++# MySql database configuration
++registry.jdbc.driver=com.mysql.jdbc.Driver
++registry.jdbc.url=jdbc:mysql://{{ db_server }}:{{ db_server_port }}/{{ exp_catalog }}
++registry.jdbc.user={{ db_user }}
++registry.jdbc.password={{ db_password }}
++#FIXME: Probably the following property should be removed.
++start.derby.server.mode=false
++validationQuery=SELECT 1 from CONFIGURATION
++cache.enable=false
++jpa.cache.size=-1
++#jpa.connection.properties=MaxActive=10,MaxIdle=5,MinIdle=2,MaxWait=60000,testWhileIdle=true,testOnBorrow=true
++enable.sharing={{enable_sharing}}
++
++# Properties for default user mode
++default.registry.user=admin
++default.registry.password=admin
++default.registry.password.hash.method=SHA
++default.registry.gateway={{ default_gateway }}
++
++###########################################################################
++#  Application Catalog DB Configuration
++###########################################################################
++#for derby [AiravataJPARegistry]
++#appcatalog.jdbc.driver=org.apache.derby.jdbc.ClientDriver
++#appcatalog.jdbc.url=jdbc:derby://localhost:1527/app_catalog;create=true;user=airavata;password=airavata
++# MySql database configuration
++appcatalog.jdbc.driver=com.mysql.jdbc.Driver
++appcatalog.jdbc.url=jdbc:mysql://{{ db_server }}:3306/{{ app_catalog }}
++appcatalog.jdbc.user={{ db_user }}
++appcatalog.jdbc.password={{ db_password }}
++appcatalog.validationQuery=SELECT 1 from CONFIGURATION
++
++##########################################################################
++#  Replica Catalog DB Configuration
++###########################################################################
++#for derby [AiravataJPARegistry]
++#replicacatalog.jdbc.driver=org.apache.derby.jdbc.ClientDriver
++#replicacatalog.jdbc.url=jdbc:derby://localhost:1527/replica_catalog;create=true;user=airavata;password=airavata
++# MySql database configuration
++replicacatalog.jdbc.driver=com.mysql.jdbc.Driver
++replicacatalog.jdbc.url=jdbc:mysql://{{ db_server }}:3306/{{ replica_catalog }}
++replicacatalog.jdbc.user={{ db_user }}
++replicacatalog.jdbc.password={{ db_password }}
++replicacatalog.validationQuery=SELECT 1 from CONFIGURATION
++
++###########################################################################
++#  Workflow Catalog DB Configuration
++###########################################################################
++#for derby [AiravataJPARegistry]
++#workflowcatalog.jdbc.driver=org.apache.derby.jdbc.ClientDriver
++#workflowcatalog.jdbc.url=jdbc:derby://localhost:1527/workflow_catalog;create=true;user=airavata;password=airavata
++# MySql database configuration
++workflowcatalog.jdbc.driver=com.mysql.jdbc.Driver
++workflowcatalog.jdbc.url=jdbc:mysql://{{ db_server }}:3306/{{ replica_catalog }}
++workflowcatalog.jdbc.user={{ db_user }}
++workflowcatalog.jdbc.password={{ db_password }}
++workflowcatalog.validationQuery=SELECT 1 from CONFIGURATION
++
++###########################################################################
++#  User Profile MongoDB Configuration
++###########################################################################
++userprofile.mongodb.host=localhost
++userprofile.mongodb.port=27017
++
++
++###########################################################################
++#  Server module Configuration
++###########################################################################
++#credential store server should be started before API server
++#This is obsolete property with new script files.
++#servers=credentialstore,apiserver,orchestrator
++
++
++###########################################################################
++#  API Server Configurations
++###########################################################################
++apiserver=org.apache.airavata.api.server.AiravataAPIServer
++apiserver.name={{ api_server_name }}
++apiserver.host={{ api_server_host }}
++apiserver.port={{ api_server_port }}
++apiserver.min.threads=50
++
++###########################################################################
++#  Orchestrator Server Configurations
++###########################################################################
++orchestrator=org.apache.airavata.orchestrator.server.OrchestratorServer
++orchestrator.server.name={{ orchestrator_name }}
++orchestrator.server.host={{ orchestrator_host }}
++orchestrator.server.port={{ orchestrator_port }}
++orchestrator.server.min.threads=50
++job.validators=org.apache.airavata.orchestrator.core.validator.impl.BatchQueueValidator,org.apache.airavata.orchestrator.core.validator.impl.ExperimentStatusValidator
++submitter.interval=10000
++threadpool.size=10
++start.submitter=true
++embedded.mode=true
++enable.validation=true
++
++###########################################################################
++#  Registry Server Configurations
++###########################################################################
++regserver=org.apache.airavata.registry.api.service.RegistryAPIServer
++regserver.server.name={{registry_name}}
++regserver.server.host={{registry_host}}
++regserver.server.port={{registry_port}}
++regserver.server.min.threads=50
++
++###########################################################################
++#  GFac Server Configurations
++###########################################################################
++gfac=org.apache.airavata.gfac.server.GfacServer
++gfac.server.name={{ gfac_name }}
++gfac.server.host={{ gfac_host }}
++gfac.server.port={{ gfac_port }}
++gfac.thread.pool.size=50
++host.scheduler=org.apache.airavata.gfac.impl.DefaultHostScheduler
++
++
++
++###########################################################################
++# Airavata Workflow Interpreter Configurations
++###########################################################################
++workflowserver=org.apache.airavata.api.server.WorkflowServer
++enactment.thread.pool.size=10
++
++#to define custom workflow parser user following property
++#workflow.parser=org.apache.airavata.workflow.core.parser.AiravataWorkflowBuilder
++
++
++
++###########################################################################
++#  Job Scheduler can send informative email messages to you about the status of your job.
++# Specify a string which consists of either the single character "n" (no mail), or one or more
++#  of the characters "a" (send mail when job is aborted), "b" (send mail when job begins),
++# and "e" (send mail when job terminates).  The default is "a" if not specified.
++###########################################################################
++
++job.notification.enable=true
++#Provide comma separated email ids as a string if more than one
++job.notification.emailids=
++job.notification.flags=abe
++
++###########################################################################
++# Credential Store module Configuration
++###########################################################################
++credential.store.keystore.url={{ keystores_location }}/{{ cred_keystore }}
++credential.store.keystore.alias={{ cred_keystore_alias }}
++credential.store.keystore.password={{ cred_keystore_passwd }}
++credential.store.jdbc.url=jdbc:mysql://{{ db_server }}:3306/{{ credential_store }}
++credential.store.jdbc.user={{ db_user }}
++credential.store.jdbc.password={{ db_password }}
++credential.store.jdbc.driver=com.mysql.jdbc.Driver
++credential.store.server.host={{ cred_store_server_host }}
++credential.store.server.port={{ cred_store_port }}
++credentialstore=org.apache.airavata.credential.store.server.CredentialStoreServer
++credential.stroe.jdbc.validationQuery=SELECT 1 from CONFIGURATION
++
++# these properties used by credential store email notifications
++email.server=smtp.googlemail.com
++email.server.port=465
++email.user=airavata
++email.password=xxx
++email.ssl=true
++email.from=airavata@apache.org
++
++# SSH PKI key pair or ssh password can be used SSH based sshKeyAuthentication is used.
++# if user specify both password sshKeyAuthentication gets the higher preference
++
++################# ---------- For ssh key pair sshKeyAuthentication ------------------- ################
++#ssh.public.key=/path to public key for ssh
++#ssh.private.key=/path to private key file for ssh
++#ssh.keypass=passphrase for the private key
++#ssh.username=username for ssh connection
++## If you set "yes" for ssh.strict.hostKey.checking, then you must provide known hosts file path
++#ssh.strict.hostKey.checking=yes/no
++#ssh.known.hosts.file=/path to known hosts file
++### Incase of password sshKeyAuthentication.
++#ssh.password=Password for ssh connection
++
++################ ---------- BES Properties ------------------- ###############
++#bes.ca.cert.path=<location>/certificates/cacert.pem
++#bes.ca.key.path=<location>/certificates/cakey.pem
++#bes.ca.key.pass=passphrase
++
++###########################################################################
++# Monitoring module Configuration
++###########################################################################
++
++#This will be the primary monitoring tool which runs in airavata, in future there will be multiple monitoring
++#mechanisms and one would be able to start a monitor
++monitors=org.apache.airavata.gfac.monitor.impl.pull.qstat.QstatMonitor,org.apache.airavata.gfac.monitor.impl.LocalJobMonitor
++
++#These properties will used to enable email base monitoring
++email.based.monitor.host=imap.gmail.com
++email.based.monitor.address={{ monitor_email_address }}
++email.based.monitor.password={{ monitor_email_password }}
++email.based.monitor.folder.name=INBOX
++# either imaps or pop3
++email.based.monitor.store.protocol=imaps
++#These property will be used to query the email server periodically. value in milliseconds(ms).
++email.based.monitoring.period=10000
++
++###########################################################################
++# AMQP Notification Configuration
++###########################################################################
++#for simple scenarios we can use the guest user
++#rabbitmq.broker.url=amqp://localhost:5672
++#for production scenarios, give url as amqp://userName:password@hostName:portNumber/virtualHost, create user, virtualhost
++# and give permissions, refer: http://blog.dtzq.com/2012/06/rabbitmq-users-and-virtual-hosts.html
++rabbitmq.broker.url={{ rabbitmq_broker_url }}
++rabbitmq.status.exchange.name=status_exchange
++rabbitmq.process.exchange.name=process_exchange
++rabbitmq.experiment.exchange.name=experiment_exchange
++durable.queue=false
++prefetch.count=200
++process.launch.queue.name=process.launch.queue
++experiment.launch..queue.name=experiment.launch.queue
++
++###########################################################################
++# Zookeeper Server Configuration
++###########################################################################
++embedded.zk=false
++zookeeper.server.connection={{ zookeeper_url }}
++zookeeper.timeout=30000
++
++########################################################################
++## API Security Configuration
++########################################################################
++api.secured={{ api_secured }}
++security.manager.class=org.apache.airavata.api.server.security.DefaultAiravataSecurityManager
++### TLS related configuration ####
++TLS.enabled={{ tls_enable }}
++TLS.api.server.port={{ api_server_tls_port }}
++TLS.client.timeout=10000
++#### keystore configuration ####
++keystore.path={{ keystores_location }}/{{ keystore }}
++keystore.password={{ keystore_passwd }}
++#### trust store configuration ####
++trust.store={{ keystores_location }}/{{ client_truststore }}
++trust.store.password=airavata
++#### remote authorization server url ####
++remote.oauth.authorization.server=https://idp.scigap.org:9443/services/
++#### xacml based authorization policy ####
++authorization.policy=airavata-default-xacml-policy
++#### authorization cache related configuration ####
++authz.cache.enabled=true
++authz.cache.manager.class=org.apache.airavata.api.server.security.authzcache.DefaultAuthzCacheManager
++in.memory.cache.size=1000

http://git-wip-us.apache.org/repos/asf/airavata/blob/514567c8/dev-tools/ansible/roles/api-orch/templates/gfac-config.yaml.j2
----------------------------------------------------------------------
diff --cc dev-tools/ansible/roles/api-orch/templates/gfac-config.yaml.j2
index 0000000,0000000..3df5832
new file mode 100644
--- /dev/null
+++ b/dev-tools/ansible/roles/api-orch/templates/gfac-config.yaml.j2
@@@ -1,0 -1,0 +1,111 @@@
++##################################################################
++# Licensed to the Apache Software Foundation (ASF) under one
++# or more contributor license agreements.  See the NOTICE file
++# distributed with this work for additional information
++# regarding copyright ownership.  The ASF licenses this file
++# to you under the Apache License, Version 2.0 (the
++# "License"); you may not use this file except in compliance
++# with the License.  You may obtain a copy of the License at
++#
++#   http://www.apache.org/licenses/LICENSE-2.0
++#
++# Unless required by applicable law or agreed to in writing,
++# software distributed under the License is distributed on an
++# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
++# KIND, either express or implied.  See the License for the
++# specific language governing permissions and limitations
++# under the License.
++#
++################################################################
++
++jobSubmitters:
++  - submissionProtocol: SSH
++    taskClass: org.apache.airavata.gfac.impl.task.DefaultJobSubmissionTask
++#   properties:
++#     - userName: airavata
++#       passPhrase: airavata
++#       privateKey: /path/to/the/privatekey
++#       publicKey: /path/to/the/publickey
++#       hostName: remote.client.hostName
++
++  - submissionProtocol: SSH_FORK
++    taskClass: org.apache.airavata.gfac.impl.task.ForkJobSubmissionTask
++
++  - submissionProtocol: LOCAL
++    taskClass: org.apache.airavata.gfac.impl.task.DefaultJobSubmissionTask
++
++# Following job subbmitters are not yet implemented.
++
++ # - submissionProtocol: GSISSH
++ #   taskClass: org.apache.airavata.task.adapters.GSISSHJobSubmissionTask
++commonTasks:
++   - type: SETUP
++     taskClass: org.apache.airavata.task.common.SetupTask
++
++   - type: CLEANUP
++     taskClass: org.apache.airavata.task.common.CleanupTask
++
++fileTransferTasks:
++#  - transferProtocol: SCP
++#    taskClass: org.apache.airavata.gfac.impl.task.DataStageTask
++
++# If your client doen't run the same instance where airavata server is running then you need to comment above
++# DataStageTask and uncomment SCPDataStageTask. To work with SCPDataStageTask, you either need to
++# provide ssh keys or password.
++
++  - transferProtocol: SCP
++    taskClass: org.apache.airavata.gfac.impl.task.SCPDataStageTask
++    properties:
++     - userName: root
++       passPhrase: ultrascan 
++       privateKeyPath: /home/airavata/.ssh/id_rsa
++       publicKeyPath: /home/airavata/.ssh/id_rsa.pub
++       hostName: gw75.iu.xsede.org 
++       inputPath: /var/www/portal/experimentData/
++#      password: password
++
++# Following transfer tasks are not yet implemented.
++  #- transferProtocol: SFTP
++  #  taskClass: org.apache.airavata.task.adapters.SFTPFileTransferTask
++
++  #- transferProtocol: GRIDFTP
++  #  taskClass: org.apache.airavata.task.adapters.GRIDFTPFileTransferTask
++
++  #- transferProtocol: LOCAL
++  #  taskClass: org.apache.airavata.task.adapters.LocalFileTransferTask
++
++resources:
++  - jobManagerType: PBS
++    commandOutputParser: org.apache.airavata.gfac.impl.job.PBSOutputParser
++    emailParser: org.apache.airavata.gfac.monitor.email.parser.PBSEmailParser
++    resourceEmailAddresses:
++      - pbsconsult@sdsc.edu  # gordon
++      - adm@trident.bigred2.uits.iu.edu # Bigred2
++      - root <adm@trident.bigred2.uits.iu.edu> # Bigred2
++      - root <adm@scyld.localdomain> # alamo
++      - root <adm@m2.karst.uits.iu.edu> #karst
++
++  - jobManagerType: SLURM
++    commandOutputParser: org.apache.airavata.gfac.impl.job.SlurmOutputParser
++    emailParser: org.apache.airavata.gfac.monitor.email.parser.SLURMEmailParser
++    resourceEmailAddresses:
++      - SDSC Admin <slurm@comet-fe3.sdsc.edu> # comet
++      - slurm@batch1.stampede.tacc.utexas.edu # stampede
++      - SDSC Admin <slurm@comet-fe4.sdsc.edu> # comet new
++      - Slurm <slurm@psc.edu> # bridges 
++      - Slurm Daemon <slurm@odin.oscer.ou.edu> # OU Schooner
++
++  - jobManagerType: UGE
++    commandOutputParser: org.apache.airavata.gfac.impl.job.UGEOutputParser
++    emailParser: org.apache.airavata.gfac.monitor.email.parser.UGEEmailParser
++    resourceEmailAddresses:
++      - ls4.tacc.utexas.edu # contain Lonestar
++
++  - jobManagerType: LSF
++    commandOutputParser: org.apache.airavata.gfac.impl.job.LSFOutputParser
++    emailParser: org.apache.airavata.gfac.monitor.email.parser.LSFEmailParser
++    resourceEmailAddresses:
++      - iu.xsede.edu # test resource mail address
++
++  - jobManagerType: FORK
++    commandOutputParser: org.apache.airavata.gfac.impl.job.ForkOutputParser

http://git-wip-us.apache.org/repos/asf/airavata/blob/514567c8/dev-tools/ansible/roles/common/files/airavata.jks
----------------------------------------------------------------------
diff --cc dev-tools/ansible/roles/common/files/airavata.jks
index 0000000,0000000..685cc00
new file mode 100644
Binary files differ

http://git-wip-us.apache.org/repos/asf/airavata/blob/514567c8/dev-tools/ansible/roles/common/files/airavata_sym.jks
----------------------------------------------------------------------
diff --cc dev-tools/ansible/roles/common/files/airavata_sym.jks
index 0000000,0000000..3dd27d6
new file mode 100644
Binary files differ

http://git-wip-us.apache.org/repos/asf/airavata/blob/514567c8/dev-tools/ansible/roles/common/tasks/main.yml
----------------------------------------------------------------------
diff --cc dev-tools/ansible/roles/common/tasks/main.yml
index 0000000,0000000..eac1a60
new file mode 100644
--- /dev/null
+++ b/dev-tools/ansible/roles/common/tasks/main.yml
@@@ -1,0 -1,0 +1,55 @@@
++---
++- name: Install Airavata pre-requireties
++  yum: name={{ item }} state=latest update_cache=yes
++  with_items:
++    - git
++    - maven
++  become_user: root
++
++# Setup airavata source
++- name: Create deployment directory {{ deployment_dir }}
++  file: path={{ deployment_dir }} state=directory mode=0755
++
++- name: Create source directory
++  file: path={{airavata_source_dir}}
++        state=directory
++        mode=0755
++        owner={{ user }}
++        group={{ group }}
++
++- name: git checkout from airavata github
++  git: repo=https://git-wip-us.apache.org/repos/asf/airavata.git
++       dest="{{ airavata_source_dir }}"
++       version="{{ git_branch }}"
++  register: checkout
++  tags: update
++
++- name: Run maven build
++  command: mvn clean install -Dmaven.test.skip=true chdir="{{ airavata_source_dir }}/"
++  environment:
++      MAVEN_OPTS: "-Xmx2048m"
++  register: build
++  tags: update
++  # when: (checkout|success) and (checkout.changed == true)
++
++################################################################################
++# copy key store and trust store files
++- name: Create KeyStores directory
++  file: path={{ keystores_location }}
++        state=directory
++        owner={{ user }} group={{ group }}
++
++- name: Transfer airavata.jks KeyStore file
++  copy: src={{ keystore }}
++        dest="{{ keystores_location }}/{{ keystore }}"
++        owner={{ user }} group={{ group }}
++
++- name: Transfer airavata_sym.jks KeyStore file
++  copy: src={{ cred_keystore }}
++        dest="{{ keystores_location }}/{{ cred_keystore }}"
++        owner={{ user }} group={{ group }}
++
++- name: Transfer client trust store KeyStore file
++  copy: src={{ client_truststore }}
++        dest="{{ keystores_location }}/{{ client_truststore }}"
++        owner={{ user }} group={{ group }}

http://git-wip-us.apache.org/repos/asf/airavata/blob/514567c8/dev-tools/ansible/roles/common/vars/main.yml
----------------------------------------------------------------------
diff --cc dev-tools/ansible/roles/common/vars/main.yml
index 0000000,0000000..e2d93e7
new file mode 100644
--- /dev/null
+++ b/dev-tools/ansible/roles/common/vars/main.yml
@@@ -1,0 -1,0 +1,4 @@@
++---
++# Common variables
++
++...

http://git-wip-us.apache.org/repos/asf/airavata/blob/514567c8/dev-tools/ansible/roles/database/handlers/main.yml
----------------------------------------------------------------------
diff --cc dev-tools/ansible/roles/database/handlers/main.yml
index 0000000,0000000..1906365
new file mode 100644
--- /dev/null
+++ b/dev-tools/ansible/roles/database/handlers/main.yml
@@@ -1,0 -1,0 +1,14 @@@
++---
++- name: start mariadb
++  service: name=mariadb state=started enabled=yes
++  become: yes
++
++- name: stop mariadb
++  service: name=mariadb state=stopped
++  become: yes
++
++- name: restart mariadb
++  service: name=mariadb state=restarted enabled=yes
++  become: yes
++
++...

http://git-wip-us.apache.org/repos/asf/airavata/blob/514567c8/dev-tools/ansible/roles/database/tasks/main.yml
----------------------------------------------------------------------
diff --cc dev-tools/ansible/roles/database/tasks/main.yml
index 0000000,0000000..17e5b0d
new file mode 100644
--- /dev/null
+++ b/dev-tools/ansible/roles/database/tasks/main.yml
@@@ -1,0 -1,0 +1,60 @@@
++---
++# - name: yum update
++#   yum: name=* state=latest
++
++# Install Mysql
++- name: install epel release
++  yum: name=epel-release state=present
++  become_user: root
++
++- name: install pip
++  yum: name=python-pip state=latest update_cache=yes
++  become_user: root
++
++- name: install pexpect
++  pip: name=pexpect
++  become_user: root
++
++# - name: Adds Python MySQL support on Debian/Ubuntu
++#   apt: pkg="python-mysqldb" state=present
++#   when: ansible_os_family == 'Debian'
++
++- name: Adds Python MySQL support on RedHat/CentOS
++  yum: name=MySQL-python state=present
++  become_user: root
++  # when: ansible_os_family == 'RedHat'
++
++- name: install mariadb
++  yum: name="{{ item }}" state=latest update_cache=yes
++  with_items: "{{ mysql_packages }}"
++  become_user: root
++
++- name: start mariadb
++  service: name=mariadb state=started enabled=yes
++  become_user: root
++
++- include: secure_install.yml
++
++- name: create databases
++  mysql_db: name="{{ item }}" state=present
++  with_items:
++    - "{{ mysql_databases }}"
++
++- name: give access to {{ db_user }} from remote
++  mysql_user: name="{{ db_user }}" password="{{ db_password }}" host="{{ item }}"
++  with_items:
++    - "{{ groups['api-orch'] }}"
++    - "{{ groups['gfac'] }}"
++    - "{{ groups['registry'] }}"
++
++- name: create new user {{ db_user }} with all privilege
++  mysql_user: name="{{ db_user }}"
++              password="{{ db_password }}"
++              append_privs=yes
++              host_all=yes
++              priv=*.*:ALL,GRANT state=present
++
++- name: open firewall port {{ db_server_port }}
++  firewalld: port="{{ db_server_port }}/tcp"
++             zone=public permanent=true state=enabled immediate=yes
++  become_user: root

http://git-wip-us.apache.org/repos/asf/airavata/blob/514567c8/dev-tools/ansible/roles/database/tasks/secure_install.yml
----------------------------------------------------------------------
diff --cc dev-tools/ansible/roles/database/tasks/secure_install.yml
index 0000000,0000000..a747419
new file mode 100644
--- /dev/null
+++ b/dev-tools/ansible/roles/database/tasks/secure_install.yml
@@@ -1,0 -1,0 +1,23 @@@
++---
++# This is ansible equivalent for mysql_secure_installation
++- name: Sets the root password
++  mysql_user: user=root
++              password="{{ mysql_root_password }}"
++              host=localhost
++              login_user=root
++              # login_password="{{ mysql_root_password }}"
++
++- name: Copy .my.cnf file
++  template: src=my.cnf.j2 dest="{{ user_home }}/.my.cnf"
++  # become: yes
++
++- name: Removes all anonymous user accounts
++  mysql_user: name='' host_all=yes state=absent
++
++- name: Secures the MySQL root user for all hosts
++  mysql_user: user=root password="{{ mysql_root_password }}" host_all=yes
++
++- name: Removes the MySQL test database
++  mysql_db: db=test state=absent
++
++...

http://git-wip-us.apache.org/repos/asf/airavata/blob/514567c8/dev-tools/ansible/roles/database/templates/my.cnf.j2
----------------------------------------------------------------------
diff --cc dev-tools/ansible/roles/database/templates/my.cnf.j2
index 0000000,0000000..ebe5b5b
new file mode 100644
--- /dev/null
+++ b/dev-tools/ansible/roles/database/templates/my.cnf.j2
@@@ -1,0 -1,0 +1,4 @@@
++# Example .my.cnf file for setting the root password
++[client]
++user=root
++password="{{ mysql_root_password }}"

http://git-wip-us.apache.org/repos/asf/airavata/blob/514567c8/dev-tools/ansible/roles/database/vars/main.yml
----------------------------------------------------------------------
diff --cc dev-tools/ansible/roles/database/vars/main.yml
index 0000000,0000000..1f37424
new file mode 100644
--- /dev/null
+++ b/dev-tools/ansible/roles/database/vars/main.yml
@@@ -1,0 -1,0 +1,21 @@@
++---
++mysql_packages:
++  - mariadb-server
++  - mariadb
++mysql_root_password: "admin"
++
++mysql_databases:
++    - "{{ app_catalog }}"
++    - "{{ exp_catalog }}"
++    - "{{ replica_catalog }}"
++    - "{{ workflow_catalog }}"
++    - "{{ credential_store }}"
++
++mysql_privs:
++    - "{{ app_catalog }}.*:ALL"
++    - "{{ exp_catalog }}.*:ALL"
++    - "{{ replica_catalog }}.*:ALL"
++    - "{{ workflow_catalog }}.*:ALL"
++    - "{{ credential_store }}.*:ALL"
++
++...

http://git-wip-us.apache.org/repos/asf/airavata/blob/514567c8/dev-tools/ansible/roles/env_setup/tasks/main.yml
----------------------------------------------------------------------
diff --cc dev-tools/ansible/roles/env_setup/tasks/main.yml
index 0000000,0000000..a3ecb8c
new file mode 100644
--- /dev/null
+++ b/dev-tools/ansible/roles/env_setup/tasks/main.yml
@@@ -1,0 -1,0 +1,28 @@@
++---
++#Tasks file can include smaller files if wanted
++#All commons tasks goes here
++- name: Create a new user group "{{ group }}"
++  group: name={{ group }}
++  become: yes
++
++- name: Create a new user "{{ user }}"
++  user: name={{ user }} group={{ group }}
++  become: yes
++
++- name: Install Firewalld
++  yum: name=firewalld state=latest update_cache=yes
++  become: yes
++
++  # TODO: stop iptables service, can't have both iptables and firewalld on same host
++  # if we try to stop non existing service ansible fails.
++# - name: Stop iptables, ip6tables services
++#   service: name="{{ item }}" state=stopped
++#   with_items:
++#     - iptables
++#     - ip6tables
++
++- name: Start firewalld service
++  service: name=firewalld state=started
++  become: yes
++
++...

http://git-wip-us.apache.org/repos/asf/airavata/blob/514567c8/dev-tools/ansible/roles/env_setup/tasks/redhat.yml
----------------------------------------------------------------------
diff --cc dev-tools/ansible/roles/env_setup/tasks/redhat.yml
index 0000000,0000000..a0e56c7
new file mode 100644
--- /dev/null
+++ b/dev-tools/ansible/roles/env_setup/tasks/redhat.yml
@@@ -1,0 -1,0 +1,12 @@@
++---
++- name: Install git latest version
++  yum: name=git state=latest update_cache=yes
++#  become: true
++#  become_user: airavata
++  tags: env_setup
++
++- name: Install maven latest version
++  yum: name=maven state=latest update_cache=yes
++  tags: env_setup
++
++...

http://git-wip-us.apache.org/repos/asf/airavata/blob/514567c8/dev-tools/ansible/roles/gfac/files/mysql-connector-java-5.1.37-bin.jar
----------------------------------------------------------------------
diff --cc dev-tools/ansible/roles/gfac/files/mysql-connector-java-5.1.37-bin.jar
index 0000000,0000000..465af67
new file mode 100644
Binary files differ

http://git-wip-us.apache.org/repos/asf/airavata/blob/514567c8/dev-tools/ansible/roles/gfac/handlers/main.yml
----------------------------------------------------------------------
diff --cc dev-tools/ansible/roles/gfac/handlers/main.yml
index 0000000,0000000..b3d85a9
new file mode 100644
--- /dev/null
+++ b/dev-tools/ansible/roles/gfac/handlers/main.yml
@@@ -1,0 -1,0 +1,8 @@@
++---
++
++# Gfac related handlers
++- name: start gfac
++  command: ./bin/airavata-server-start.sh gfac -d chdir="{{ gfac_dir }}/{{ airavata_dist }}/" creates="{{ gfac_dir }}/{{ airavata_dist }}/bin/server_start_*"
++
++- name: stop gfac
++  command: ./bin/airavata-server-stop.sh -f chdir="{{ gfac_dir }}/{{ airavata_dist }}/" removes="{{ gfac_dir }}/{{ airavata_dist }}/bin/server_start_*"

http://git-wip-us.apache.org/repos/asf/airavata/blob/514567c8/dev-tools/ansible/roles/gfac/tasks/main.yml
----------------------------------------------------------------------
diff --cc dev-tools/ansible/roles/gfac/tasks/main.yml
index 0000000,0000000..30874e6
new file mode 100644
--- /dev/null
+++ b/dev-tools/ansible/roles/gfac/tasks/main.yml
@@@ -1,0 -1,0 +1,67 @@@
++---
++
++################################################################################
++# gfac deployments
++- name: Create Gfac deployment directory
++  file: path="{{ gfac_dir }}" state=directory owner={{ user }} group={{ group }}
++  when: build|success
++
++- name: Check previous deployments
++  stat: path="{{ gfac_dir }}/{{ airavata_dist }}" get_md5=no get_checksum=no
++  register: check
++
++- name: stop gfac
++  command: ./bin/airavata-server-stop.sh -f
++           chdir="{{ gfac_dir }}/{{ airavata_dist }}/"
++           removes="{{ gfac_dir }}/{{ airavata_dist }}/bin/server_start_*"
++  when: check.stat.exists == True
++
++- name: Delete previous deployments
++  file: path="{{ gfac_dir }}/{{ airavata_dist }}" state=absent
++
++- name: Copy distribution to gfac deployment directory
++  unarchive: src="{{ airavata_source_dir }}/modules/distribution/target/{{ airavata_dist_name }}"
++             dest="{{ gfac_dir }}/"
++             copy=no
++
++- name: set gfac private ip
++  set_fact:
++    gfac_host: "{{ ansible_eth0.ipv4.address }}"
++
++- name: Copy Airavata server properties file
++  template: src=airavata-server.properties.j2
++            dest="{{ gfac_dir }}/{{ airavata_dist }}/bin/airavata-server.properties"
++            owner={{ user }}
++            group={{ group }}
++            mode="u=rw,g=r,o=r"
++
++- name: Copy Gfac configuration file
++  template: src=gfac-config.yaml.j2
++            dest="{{ gfac_dir }}/{{ airavata_dist }}/bin/gfac-config.yaml"
++            owner={{ user }}
++            group={{ group }}
++            mode="u=rw,g=r,o=r"
++
++- name: Copy Mysql jar to lib
++  copy: src="{{ mysql_connector_jar }}"
++        dest="{{ gfac_dir }}/{{ airavata_dist }}/lib/{{ mysql_connector_jar }}"
++        owner={{ user }}
++        group={{ group }}
++
++
++- name: Open firwall ports
++  firewalld: port="{{ gfac_port }}/tcp" zone=public permanent=true state=enabled immediate=yes
++  become_user: root
++
++- name: stop gfac
++  command: ./bin/airavata-server-stop.sh -f
++           chdir="{{ gfac_dir }}/{{ airavata_dist }}/"
++           removes="{{ gfac_dir }}/{{ airavata_dist }}/bin/server_start_*"
++
++- name: start gfac
++  command: ./bin/airavata-server-start.sh gfac -d
++           chdir="{{ gfac_dir }}/{{ airavata_dist }}/"
++           creates="{{ gfac_dir }}/{{ airavata_dist }}/bin/server_start_*"
++
++
++...

http://git-wip-us.apache.org/repos/asf/airavata/blob/514567c8/dev-tools/ansible/roles/gfac/templates/airavata-server.properties.j2
----------------------------------------------------------------------
diff --cc dev-tools/ansible/roles/gfac/templates/airavata-server.properties.j2
index 0000000,0000000..b8d093e
new file mode 100644
--- /dev/null
+++ b/dev-tools/ansible/roles/gfac/templates/airavata-server.properties.j2
@@@ -1,0 -1,0 +1,281 @@@
++#
++#
++# Licensed to the Apache Software Foundation (ASF) under one
++# or more contributor license agreements.  See the NOTICE file
++# distributed with this work for additional information
++# regarding copyright ownership.  The ASF licenses this file
++# to you under the Apache License, Version 2.0 (the
++# "License"); you may not use this file except in compliance
++# with the License.  You may obtain a copy of the License at
++#
++#   http://www.apache.org/licenses/LICENSE-2.0
++#
++# Unless required by applicable law or agreed to in writing,
++# software distributed under the License is distributed on an
++# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
++# KIND, either express or implied.  See the License for the
++# specific language governing permissions and limitations
++# under the License.
++#
++
++###########################################################################
++#
++#  This properties file provides configuration for all Airavata Services:
++#  API Server, Registry, Workflow Interpreter, GFac, Orchestrator
++#
++###########################################################################
++
++###########################################################################
++#  API Server Registry Configuration
++###########################################################################
++
++#for derby [AiravataJPARegistry]
++#registry.jdbc.driver=org.apache.derby.jdbc.ClientDriver
++#registry.jdbc.url=jdbc:derby://localhost:1527/experiment_catalog;create=true;user=airavata;password=airavata
++# MySql database configuration
++registry.jdbc.driver=com.mysql.jdbc.Driver
++registry.jdbc.url=jdbc:mysql://{{ db_server }}:{{ db_server_port }}/{{ exp_catalog }}
++registry.jdbc.user={{ db_user }}
++registry.jdbc.password={{ db_password }}
++#FIXME: Probably the following property should be removed.
++start.derby.server.mode=false
++validationQuery=SELECT 1 from CONFIGURATION
++cache.enable=false
++jpa.cache.size=-1
++#jpa.connection.properties=MaxActive=10,MaxIdle=5,MinIdle=2,MaxWait=60000,testWhileIdle=true,testOnBorrow=true
++enable.sharing={{enable_sharing}}
++
++# Properties for default user mode
++default.registry.user=admin
++default.registry.password=admin
++default.registry.password.hash.method=SHA
++default.registry.gateway={{ default_gateway }}
++
++###########################################################################
++#  Application Catalog DB Configuration
++###########################################################################
++#for derby [AiravataJPARegistry]
++#appcatalog.jdbc.driver=org.apache.derby.jdbc.ClientDriver
++#appcatalog.jdbc.url=jdbc:derby://localhost:1527/app_catalog;create=true;user=airavata;password=airavata
++# MySql database configuration
++appcatalog.jdbc.driver=com.mysql.jdbc.Driver
++appcatalog.jdbc.url=jdbc:mysql://{{ db_server }}:3306/{{ app_catalog }}
++appcatalog.jdbc.user={{ db_user }}
++appcatalog.jdbc.password={{ db_password }}
++appcatalog.validationQuery=SELECT 1 from CONFIGURATION
++
++##########################################################################
++#  Replica Catalog DB Configuration
++###########################################################################
++#for derby [AiravataJPARegistry]
++#replicacatalog.jdbc.driver=org.apache.derby.jdbc.ClientDriver
++#replicacatalog.jdbc.url=jdbc:derby://localhost:1527/replica_catalog;create=true;user=airavata;password=airavata
++# MySql database configuration
++replicacatalog.jdbc.driver=com.mysql.jdbc.Driver
++replicacatalog.jdbc.url=jdbc:mysql://{{ db_server }}:3306/{{ replica_catalog }}
++replicacatalog.jdbc.user={{ db_user }}
++replicacatalog.jdbc.password={{ db_password }}
++replicacatalog.validationQuery=SELECT 1 from CONFIGURATION
++
++###########################################################################
++#  Workflow Catalog DB Configuration
++###########################################################################
++#for derby [AiravataJPARegistry]
++#workflowcatalog.jdbc.driver=org.apache.derby.jdbc.ClientDriver
++#workflowcatalog.jdbc.url=jdbc:derby://localhost:1527/workflow_catalog;create=true;user=airavata;password=airavata
++# MySql database configuration
++workflowcatalog.jdbc.driver=com.mysql.jdbc.Driver
++workflowcatalog.jdbc.url=jdbc:mysql://{{ db_server }}:3306/{{ replica_catalog }}
++workflowcatalog.jdbc.user={{ db_user }}
++workflowcatalog.jdbc.password={{ db_password }}
++workflowcatalog.validationQuery=SELECT 1 from CONFIGURATION
++
++###########################################################################
++#  User Profile MongoDB Configuration
++###########################################################################
++userprofile.mongodb.host=localhost
++userprofile.mongodb.port=27017
++
++
++###########################################################################
++#  Server module Configuration
++###########################################################################
++#credential store server should be started before API server
++#This is obsolete property with new script files.
++#servers=credentialstore,apiserver,orchestrator
++
++
++###########################################################################
++#  API Server Configurations
++###########################################################################
++apiserver=org.apache.airavata.api.server.AiravataAPIServer
++apiserver.name={{ api_server_name }}
++apiserver.host={{ api_server_host }}
++apiserver.port={{ api_server_port }}
++apiserver.min.threads=50
++
++###########################################################################
++#  Orchestrator Server Configurations
++###########################################################################
++orchestrator=org.apache.airavata.orchestrator.server.OrchestratorServer
++orchestrator.server.name={{ orchestrator_name }}
++orchestrator.server.host={{ orchestrator_host }}
++orchestrator.server.port={{ orchestrator_port }}
++orchestrator.server.min.threads=50
++job.validators=org.apache.airavata.orchestrator.core.validator.impl.BatchQueueValidator,org.apache.airavata.orchestrator.core.validator.impl.ExperimentStatusValidator
++submitter.interval=10000
++threadpool.size=10
++start.submitter=true
++embedded.mode=true
++enable.validation=true
++
++###########################################################################
++#  Registry Server Configurations
++###########################################################################
++regserver=org.apache.airavata.registry.api.service.RegistryAPIServer
++regserver.server.name={{registry_name}}
++regserver.server.host={{registry_host}}
++regserver.server.port={{registry_port}}
++regserver.server.min.threads=50
++
++###########################################################################
++#  GFac Server Configurations
++###########################################################################
++gfac=org.apache.airavata.gfac.server.GfacServer
++gfac.server.name={{ gfac_name }}
++gfac.server.host={{ gfac_host }}
++gfac.server.port={{ gfac_port }}
++gfac.thread.pool.size=50
++host.scheduler=org.apache.airavata.gfac.impl.DefaultHostScheduler
++
++
++
++###########################################################################
++# Airavata Workflow Interpreter Configurations
++###########################################################################
++workflowserver=org.apache.airavata.api.server.WorkflowServer
++enactment.thread.pool.size=10
++
++#to define custom workflow parser user following property
++#workflow.parser=org.apache.airavata.workflow.core.parser.AiravataWorkflowBuilder
++
++
++
++###########################################################################
++#  Job Scheduler can send informative email messages to you about the status of your job.
++# Specify a string which consists of either the single character "n" (no mail), or one or more
++#  of the characters "a" (send mail when job is aborted), "b" (send mail when job begins),
++# and "e" (send mail when job terminates).  The default is "a" if not specified.
++###########################################################################
++
++job.notification.enable=true
++#Provide comma separated email ids as a string if more than one
++job.notification.emailids=
++job.notification.flags=abe
++
++###########################################################################
++# Credential Store module Configuration
++###########################################################################
++credential.store.keystore.url={{ keystores_location }}/{{ cred_keystore }}
++credential.store.keystore.alias={{ cred_keystore_alias }}
++credential.store.keystore.password={{ cred_keystore_passwd }}
++credential.store.jdbc.url=jdbc:mysql://{{ db_server }}:3306/{{ credential_store }}
++credential.store.jdbc.user={{ db_user }}
++credential.store.jdbc.password={{ db_password }}
++credential.store.jdbc.driver=com.mysql.jdbc.Driver
++credential.store.server.host={{ cred_store_server_host }}
++credential.store.server.port={{ cred_store_port }}
++credentialstore=org.apache.airavata.credential.store.server.CredentialStoreServer
++credential.stroe.jdbc.validationQuery=SELECT 1 from CONFIGURATION
++
++# these properties used by credential store email notifications
++email.server=smtp.googlemail.com
++email.server.port=465
++email.user=airavata
++email.password=xxx
++email.ssl=true
++email.from=airavata@apache.org
++
++# SSH PKI key pair or ssh password can be used SSH based sshKeyAuthentication is used.
++# if user specify both password sshKeyAuthentication gets the higher preference
++
++################# ---------- For ssh key pair sshKeyAuthentication ------------------- ################
++#ssh.public.key=/path to public key for ssh
++#ssh.private.key=/path to private key file for ssh
++#ssh.keypass=passphrase for the private key
++#ssh.username=username for ssh connection
++## If you set "yes" for ssh.strict.hostKey.checking, then you must provide known hosts file path
++#ssh.strict.hostKey.checking=yes/no
++#ssh.known.hosts.file=/path to known hosts file
++### Incase of password sshKeyAuthentication.
++#ssh.password=Password for ssh connection
++
++################ ---------- BES Properties ------------------- ###############
++#bes.ca.cert.path=<location>/certificates/cacert.pem
++#bes.ca.key.path=<location>/certificates/cakey.pem
++#bes.ca.key.pass=passphrase
++
++###########################################################################
++# Monitoring module Configuration
++###########################################################################
++
++#This will be the primary monitoring tool which runs in airavata, in future there will be multiple monitoring
++#mechanisms and one would be able to start a monitor
++monitors=org.apache.airavata.gfac.monitor.impl.pull.qstat.QstatMonitor,org.apache.airavata.gfac.monitor.impl.LocalJobMonitor
++
++#These properties will used to enable email base monitoring
++email.based.monitor.host=imap.gmail.com
++email.based.monitor.address={{ monitor_email_address }}
++email.based.monitor.password={{ monitor_email_password }}
++email.based.monitor.folder.name=INBOX
++# either imaps or pop3
++email.based.monitor.store.protocol=imaps
++#These property will be used to query the email server periodically. value in milliseconds(ms).
++email.based.monitoring.period=10000
++
++###########################################################################
++# AMQP Notification Configuration
++###########################################################################
++#for simple scenarios we can use the guest user
++#rabbitmq.broker.url=amqp://localhost:5672
++#for production scenarios, give url as amqp://userName:password@hostName:portNumber/virtualHost, create user, virtualhost
++# and give permissions, refer: http://blog.dtzq.com/2012/06/rabbitmq-users-and-virtual-hosts.html
++rabbitmq.broker.url={{ rabbitmq_broker_url }}
++rabbitmq.status.exchange.name=status_exchange
++rabbitmq.process.exchange.name=process_exchange
++rabbitmq.experiment.exchange.name=experiment_exchange
++durable.queue=false
++prefetch.count=200
++process.launch.queue.name=process.launch.queue
++experiment.launch..queue.name=experiment.launch.queue
++
++###########################################################################
++# Zookeeper Server Configuration
++###########################################################################
++embedded.zk=false
++zookeeper.server.connection={{ zookeeper_url }}
++zookeeper.timeout=30000
++
++########################################################################
++## API Security Configuration
++########################################################################
++api.secured={{ api_secured }}
++security.manager.class=org.apache.airavata.api.server.security.DefaultAiravataSecurityManager
++### TLS related configuration ####
++TLS.enabled={{ tls_enable }}
++TLS.api.server.port={{ api_server_tls_port }}
++TLS.client.timeout=10000
++#### keystore configuration ####
++keystore.path={{ keystores_location }}/{{ keystore }}
++keystore.password={{ keystore_passwd }}
++#### trust store configuration ####
++trust.store={{ keystores_location }}/{{ client_truststore }}
++trust.store.password=airavata
++#### remote authorization server url ####
++remote.oauth.authorization.server=https://idp.scigap.org:9443/services/
++#### xacml based authorization policy ####
++authorization.policy=airavata-default-xacml-policy
++#### authorization cache related configuration ####
++authz.cache.enabled=true
++authz.cache.manager.class=org.apache.airavata.api.server.security.authzcache.DefaultAuthzCacheManager
++in.memory.cache.size=1000

http://git-wip-us.apache.org/repos/asf/airavata/blob/514567c8/dev-tools/ansible/roles/gfac/templates/gfac-config.yaml.j2
----------------------------------------------------------------------
diff --cc dev-tools/ansible/roles/gfac/templates/gfac-config.yaml.j2
index 0000000,0000000..3df5832
new file mode 100644
--- /dev/null
+++ b/dev-tools/ansible/roles/gfac/templates/gfac-config.yaml.j2
@@@ -1,0 -1,0 +1,111 @@@
++##################################################################
++# Licensed to the Apache Software Foundation (ASF) under one
++# or more contributor license agreements.  See the NOTICE file
++# distributed with this work for additional information
++# regarding copyright ownership.  The ASF licenses this file
++# to you under the Apache License, Version 2.0 (the
++# "License"); you may not use this file except in compliance
++# with the License.  You may obtain a copy of the License at
++#
++#   http://www.apache.org/licenses/LICENSE-2.0
++#
++# Unless required by applicable law or agreed to in writing,
++# software distributed under the License is distributed on an
++# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
++# KIND, either express or implied.  See the License for the
++# specific language governing permissions and limitations
++# under the License.
++#
++################################################################
++
++jobSubmitters:
++  - submissionProtocol: SSH
++    taskClass: org.apache.airavata.gfac.impl.task.DefaultJobSubmissionTask
++#   properties:
++#     - userName: airavata
++#       passPhrase: airavata
++#       privateKey: /path/to/the/privatekey
++#       publicKey: /path/to/the/publickey
++#       hostName: remote.client.hostName
++
++  - submissionProtocol: SSH_FORK
++    taskClass: org.apache.airavata.gfac.impl.task.ForkJobSubmissionTask
++
++  - submissionProtocol: LOCAL
++    taskClass: org.apache.airavata.gfac.impl.task.DefaultJobSubmissionTask
++
++# Following job subbmitters are not yet implemented.
++
++ # - submissionProtocol: GSISSH
++ #   taskClass: org.apache.airavata.task.adapters.GSISSHJobSubmissionTask
++commonTasks:
++   - type: SETUP
++     taskClass: org.apache.airavata.task.common.SetupTask
++
++   - type: CLEANUP
++     taskClass: org.apache.airavata.task.common.CleanupTask
++
++fileTransferTasks:
++#  - transferProtocol: SCP
++#    taskClass: org.apache.airavata.gfac.impl.task.DataStageTask
++
++# If your client doen't run the same instance where airavata server is running then you need to comment above
++# DataStageTask and uncomment SCPDataStageTask. To work with SCPDataStageTask, you either need to
++# provide ssh keys or password.
++
++  - transferProtocol: SCP
++    taskClass: org.apache.airavata.gfac.impl.task.SCPDataStageTask
++    properties:
++     - userName: root
++       passPhrase: ultrascan 
++       privateKeyPath: /home/airavata/.ssh/id_rsa
++       publicKeyPath: /home/airavata/.ssh/id_rsa.pub
++       hostName: gw75.iu.xsede.org 
++       inputPath: /var/www/portal/experimentData/
++#      password: password
++
++# Following transfer tasks are not yet implemented.
++  #- transferProtocol: SFTP
++  #  taskClass: org.apache.airavata.task.adapters.SFTPFileTransferTask
++
++  #- transferProtocol: GRIDFTP
++  #  taskClass: org.apache.airavata.task.adapters.GRIDFTPFileTransferTask
++
++  #- transferProtocol: LOCAL
++  #  taskClass: org.apache.airavata.task.adapters.LocalFileTransferTask
++
++resources:
++  - jobManagerType: PBS
++    commandOutputParser: org.apache.airavata.gfac.impl.job.PBSOutputParser
++    emailParser: org.apache.airavata.gfac.monitor.email.parser.PBSEmailParser
++    resourceEmailAddresses:
++      - pbsconsult@sdsc.edu  # gordon
++      - adm@trident.bigred2.uits.iu.edu # Bigred2
++      - root <adm@trident.bigred2.uits.iu.edu> # Bigred2
++      - root <adm@scyld.localdomain> # alamo
++      - root <adm@m2.karst.uits.iu.edu> #karst
++
++  - jobManagerType: SLURM
++    commandOutputParser: org.apache.airavata.gfac.impl.job.SlurmOutputParser
++    emailParser: org.apache.airavata.gfac.monitor.email.parser.SLURMEmailParser
++    resourceEmailAddresses:
++      - SDSC Admin <slurm@comet-fe3.sdsc.edu> # comet
++      - slurm@batch1.stampede.tacc.utexas.edu # stampede
++      - SDSC Admin <slurm@comet-fe4.sdsc.edu> # comet new
++      - Slurm <slurm@psc.edu> # bridges 
++      - Slurm Daemon <slurm@odin.oscer.ou.edu> # OU Schooner
++
++  - jobManagerType: UGE
++    commandOutputParser: org.apache.airavata.gfac.impl.job.UGEOutputParser
++    emailParser: org.apache.airavata.gfac.monitor.email.parser.UGEEmailParser
++    resourceEmailAddresses:
++      - ls4.tacc.utexas.edu # contain Lonestar
++
++  - jobManagerType: LSF
++    commandOutputParser: org.apache.airavata.gfac.impl.job.LSFOutputParser
++    emailParser: org.apache.airavata.gfac.monitor.email.parser.LSFEmailParser
++    resourceEmailAddresses:
++      - iu.xsede.edu # test resource mail address
++
++  - jobManagerType: FORK
++    commandOutputParser: org.apache.airavata.gfac.impl.job.ForkOutputParser

http://git-wip-us.apache.org/repos/asf/airavata/blob/514567c8/dev-tools/ansible/roles/java/tasks/main.yml
----------------------------------------------------------------------
diff --cc dev-tools/ansible/roles/java/tasks/main.yml
index 0000000,0000000..92f2039
new file mode 100644
--- /dev/null
+++ b/dev-tools/ansible/roles/java/tasks/main.yml
@@@ -1,0 -1,0 +1,21 @@@
++---
++# Install Orcal Java
++- name: download oracle java 8 rpm
++  get_url: url="{{ java_rpm_url }}" dest="{{ java_dir_source }}" headers='Cookie:oraclelicense=accept-securebackup-cookie'
++  become: yes
++
++- name: Install oracle java 8
++  yum: name="{{ java_dir_source }}/{{ java_rpm_filename }}" state=present
++  become: yes
++
++- name: set Oracle Java {{ java_version_string }} as default
++  alternatives:
++    name="{{ item.exe }}"
++    link="/usr/bin/{{ item.exe }}"
++    path="{{ item.path }}/{{ item.exe }}"
++  with_items:
++    - { path: "{{ java_home }}/jre/bin", exe: 'java' }
++    - { path: "{{ java_home }}/jre/bin", exe: 'keytool' }
++    - { path: "{{ java_home }}/bin", exe: 'javac' }
++    - { path: "{{ java_home }}/bin", exe: 'javadoc' }
++  become: yes

http://git-wip-us.apache.org/repos/asf/airavata/blob/514567c8/dev-tools/ansible/roles/java/vars/main.yml
----------------------------------------------------------------------
diff --cc dev-tools/ansible/roles/java/vars/main.yml
index 0000000,0000000..a995684
new file mode 100644
--- /dev/null
+++ b/dev-tools/ansible/roles/java/vars/main.yml
@@@ -1,0 -1,0 +1,15 @@@
++---
++#Variables associated with this role
++# Oracle Java 8
++java_dir_source: "/usr/local/src"
++
++java_version: 8
++java_version_update: 91
++java_version_build: '14'
++java_version_string: "1.{{ java_version }}.0_{{ java_version_update }}"
++java_home: "/usr/java/jdk1.{{ java_version }}.0_{{ java_version_update }}"
++
++java_rpm_filename: "jdk-{{ java_version }}u{{ java_version_update }}-linux-x64.rpm"
++java_rpm_url: "http://download.oracle.com/otn-pub/java/jdk/{{ java_version }}u{{ java_version_update }}-b{{ java_version_build }}/{{ java_rpm_filename }}"
++
++...

http://git-wip-us.apache.org/repos/asf/airavata/blob/514567c8/dev-tools/ansible/roles/pga/handlers/main.yml
----------------------------------------------------------------------
diff --cc dev-tools/ansible/roles/pga/handlers/main.yml
index 0000000,0000000..9c6c12f
new file mode 100644
--- /dev/null
+++ b/dev-tools/ansible/roles/pga/handlers/main.yml
@@@ -1,0 -1,0 +1,13 @@@
++---
++
++- name: composer update
++  composer: command=update working_dir="{{ doc_root_dir }}"
++  become: yes
++
++- name: start httpd
++  service: name=httpd state=started
++  become: yes
++
++- name: restart httpd
++  service: name=httpd state=restarted
++  become: yes

http://git-wip-us.apache.org/repos/asf/airavata/blob/514567c8/dev-tools/ansible/roles/pga/tasks/main.yml
----------------------------------------------------------------------
diff --cc dev-tools/ansible/roles/pga/tasks/main.yml
index 0000000,0000000..b267119
new file mode 100644
--- /dev/null
+++ b/dev-tools/ansible/roles/pga/tasks/main.yml
@@@ -1,0 -1,0 +1,112 @@@
++---
++- name: Create root directory
++  file: path="{{ doc_root_dir }}" state=directory
++  become: yes
++
++- name: Install pre-requireties
++  yum: name="{{ item }}" state=latest update_cache=yes
++  with_items:
++    - git
++    - httpd
++    - php
++    - php-soap
++    - libselinux-python
++    - php-pdo
++  become: yes
++
++# - name: Allow selinux outbound connection from web server
++  # command: setsebool -P httpd_can_network_connect 1
++
++- name: install composer
++  shell: curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer
++  args:
++    creates: /usr/local/bin/composer
++  become: yes
++
++- name: install epel release
++  yum: name=epel-release state=present
++  become: yes
++
++# depend on epel release
++- name: install mcrypt
++  yum: name=php-mcrypt state=latest update_cache=yes
++  become: yes
++
++# - name: Check previous deployments
++#   stat: path="{{ doc_root_dir }}" get_md5=no get_checksum=no
++#   register: check
++
++- name: delete previous deployments
++  file: path="{{ doc_root_dir }}" state=absent
++
++
++- name: Git clone php gateway
++  git: repo=https://github.com/apache/airavata-php-gateway.git
++       dest="{{ doc_root_dir }}" version="{{ git_branch }}"
++  become: yes
++
++- name: Create user data dir {{ user_data_dir }}
++  file: path="{{ user_data_dir }}" state=directory owner="{{user}}" group="{{group}}" mode=0777 recurse=yes
++  become: yes
++
++  #Make sure selinux is dissabled in remote machine
++- name: Disable selinux
++  selinux: state=disabled
++  become: yes
++  register: selinux_disable
++
++# need to restart after disable selinux
++- name: restart machine
++  shell: sleep 2 && shutdown -r now "Ansible updates triggered"
++  async: 1
++  poll: 0
++  become: yes
++  ignore_errors: true
++  when: (selinux_disable|success) and (selinux_disable.changed == true)
++  register: restart
++
++- name: waiting for server to come back
++  local_action: wait_for host={{ inventory_hostname }} state=started delay=30 timeout=60
++  when: (restart|success) and (restart.changed == true)
++
++
++- name: Run composer update
++  composer: command=update working_dir="{{ doc_root_dir }}"
++  become: yes
++
++# step 6: Change pga configurations
++- name: Copy pga config file
++  template: src=pga_config.php.j2 dest="{{ doc_root_dir }}/app/config/pga_config.php"
++  become: yes
++
++# give write permission to storage directory
++- name: give read permissions to doc root
++  file: path="{{ doc_root_dir }}" state=directory mode=0755 recurse=yes
++  become: yes
++
++- name: give write permissions to storage dir
++  file: path="{{ doc_root_dir }}/app/storage" state=directory mode=0777 owner="{{user}}" group="{{group}}" recurse=yes
++  become: yes
++
++- name: Eanble https and http service on public zone
++  firewalld: service="{{ item }}" permanent=true state=enabled zone=public immediate=True
++  with_items:
++    - http
++    - https
++  become: yes
++
++# - name: Edit file
++#   lineinfile: dest="{{ httpd_conf_file }}" regexp="#\n\s*AllowOverride None" line="#\nAllowOverride All"
++#   notify:
++#     - restart httpd
++#   become: yes
++
++- name: copy httpd.conf file
++  template: src=httpd.conf.j2 dest="{{ httpd_conf_file_location }}/httpd.conf"
++  become: yes
++  notify:
++    - restart httpd
++
++- name: start httpd service
++  service: name=httpd state=started
++  become: yes

http://git-wip-us.apache.org/repos/asf/airavata/blob/514567c8/dev-tools/ansible/roles/pga/templates/httpd.conf.j2
----------------------------------------------------------------------
diff --cc dev-tools/ansible/roles/pga/templates/httpd.conf.j2
index 0000000,0000000..37c05e2
new file mode 100644
--- /dev/null
+++ b/dev-tools/ansible/roles/pga/templates/httpd.conf.j2
@@@ -1,0 -1,0 +1,353 @@@
++#
++# This is the main Apache HTTP server configuration file.  It contains the
++# configuration directives that give the server its instructions.
++# See <URL:http://httpd.apache.org/docs/2.4/> for detailed information.
++# In particular, see
++# <URL:http://httpd.apache.org/docs/2.4/mod/directives.html>
++# for a discussion of each configuration directive.
++#
++# Do NOT simply read the instructions in here without understanding
++# what they do.  They're here only as hints or reminders.  If you are unsure
++# consult the online docs. You have been warned.
++#
++# Configuration and logfile names: If the filenames you specify for many
++# of the server's control files begin with "/" (or "drive:/" for Win32), the
++# server will use that explicit path.  If the filenames do *not* begin
++# with "/", the value of ServerRoot is prepended -- so 'log/access_log'
++# with ServerRoot set to '/www' will be interpreted by the
++# server as '/www/log/access_log', where as '/log/access_log' will be
++# interpreted as '/log/access_log'.
++
++#
++# ServerRoot: The top of the directory tree under which the server's
++# configuration, error, and log files are kept.
++#
++# Do not add a slash at the end of the directory path.  If you point
++# ServerRoot at a non-local disk, be sure to specify a local disk on the
++# Mutex directive, if file-based mutexes are used.  If you wish to share the
++# same ServerRoot for multiple httpd daemons, you will need to change at
++# least PidFile.
++#
++ServerRoot "/etc/httpd"
++
++#
++# Listen: Allows you to bind Apache to specific IP addresses and/or
++# ports, instead of the default. See also the <VirtualHost>
++# directive.
++#
++# Change this to Listen on specific IP addresses as shown below to
++# prevent Apache from glomming onto all bound IP addresses.
++#
++#Listen 12.34.56.78:80
++Listen 80
++
++#
++# Dynamic Shared Object (DSO) Support
++#
++# To be able to use the functionality of a module which was built as a DSO you
++# have to place corresponding `LoadModule' lines at this location so the
++# directives contained in it are actually available _before_ they are used.
++# Statically compiled modules (those listed by `httpd -l') do not need
++# to be loaded here.
++#
++# Example:
++# LoadModule foo_module modules/mod_foo.so
++#
++Include conf.modules.d/*.conf
++
++#
++# If you wish httpd to run as a different user or group, you must run
++# httpd as root initially and it will switch.
++#
++# User/Group: The name (or #number) of the user/group to run httpd as.
++# It is usually good practice to create a dedicated user and group for
++# running httpd, as with most system services.
++#
++User apache
++Group apache
++
++# 'Main' server configuration
++#
++# The directives in this section set up the values used by the 'main'
++# server, which responds to any requests that aren't handled by a
++# <VirtualHost> definition.  These values also provide defaults for
++# any <VirtualHost> containers you may define later in the file.
++#
++# All of these directives may appear inside <VirtualHost> containers,
++# in which case these default settings will be overridden for the
++# virtual host being defined.
++#
++
++#
++# ServerAdmin: Your address, where problems with the server should be
++# e-mailed.  This address appears on some server-generated pages, such
++# as error documents.  e.g. admin@your-domain.com
++#
++ServerAdmin root@localhost
++
++#
++# ServerName gives the name and port that the server uses to identify itself.
++# This can often be determined automatically, but we recommend you specify
++# it explicitly to prevent problems during startup.
++#
++# If your host doesn't have a registered DNS name, enter its IP address here.
++#
++#ServerName www.example.com:80
++
++#
++# Deny access to the entirety of your server's filesystem. You must
++# explicitly permit access to web content directories in other
++# <Directory> blocks below.
++#
++<Directory />
++    AllowOverride none
++    Require all denied
++</Directory>
++
++#
++# Note that from this point forward you must specifically allow
++# particular features to be enabled - so if something's not working as
++# you might expect, make sure that you have specifically enabled it
++# below.
++#
++
++#
++# DocumentRoot: The directory out of which you will serve your
++# documents. By default, all requests are taken from this directory, but
++# symbolic links and aliases may be used to point to other locations.
++#
++DocumentRoot "/var/www/html"
++
++#
++# Relax access to content within /var/www.
++#
++<Directory "/var/www">
++    AllowOverride None
++    # Allow open access:
++    Require all granted
++</Directory>
++
++# Further relax access to the default document root:
++<Directory "/var/www/html">
++    #
++    # Possible values for the Options directive are "None", "All",
++    # or any combination of:
++    #   Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
++    #
++    # Note that "MultiViews" must be named *explicitly* --- "Options All"
++    # doesn't give it to you.
++    #
++    # The Options directive is both complicated and important.  Please see
++    # http://httpd.apache.org/docs/2.4/mod/core.html#options
++    # for more information.
++    #
++    Options Indexes FollowSymLinks
++
++    #
++    # AllowOverride controls what directives may be placed in .htaccess files.
++    # It can be "All", "None", or any combination of the keywords:
++    #   Options FileInfo AuthConfig Limit
++    #
++    AllowOverride All
++
++    #
++    # Controls who can get stuff from this server.
++    #
++    Require all granted
++</Directory>
++
++#
++# DirectoryIndex: sets the file that Apache will serve if a directory
++# is requested.
++#
++<IfModule dir_module>
++    DirectoryIndex index.html
++</IfModule>
++
++#
++# The following lines prevent .htaccess and .htpasswd files from being
++# viewed by Web clients.
++#
++<Files ".ht*">
++    Require all denied
++</Files>
++
++#
++# ErrorLog: The location of the error log file.
++# If you do not specify an ErrorLog directive within a <VirtualHost>
++# container, error messages relating to that virtual host will be
++# logged here.  If you *do* define an error logfile for a <VirtualHost>
++# container, that host's errors will be logged there and not here.
++#
++ErrorLog "logs/error_log"
++
++#
++# LogLevel: Control the number of messages logged to the error_log.
++# Possible values include: debug, info, notice, warn, error, crit,
++# alert, emerg.
++#
++LogLevel warn
++
++<IfModule log_config_module>
++    #
++    # The following directives define some format nicknames for use with
++    # a CustomLog directive (see below).
++    #
++    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
++    LogFormat "%h %l %u %t \"%r\" %>s %b" common
++
++    <IfModule logio_module>
++      # You need to enable mod_logio.c to use %I and %O
++      LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
++    </IfModule>
++
++    #
++    # The location and format of the access logfile (Common Logfile Format).
++    # If you do not define any access logfiles within a <VirtualHost>
++    # container, they will be logged here.  Contrariwise, if you *do*
++    # define per-<VirtualHost> access logfiles, transactions will be
++    # logged therein and *not* in this file.
++    #
++    #CustomLog "logs/access_log" common
++
++    #
++    # If you prefer a logfile with access, agent, and referer information
++    # (Combined Logfile Format) you can use the following directive.
++    #
++    CustomLog "logs/access_log" combined
++</IfModule>
++
++<IfModule alias_module>
++    #
++    # Redirect: Allows you to tell clients about documents that used to
++    # exist in your server's namespace, but do not anymore. The client
++    # will make a new request for the document at its new location.
++    # Example:
++    # Redirect permanent /foo http://www.example.com/bar
++
++    #
++    # Alias: Maps web paths into filesystem paths and is used to
++    # access content that does not live under the DocumentRoot.
++    # Example:
++    # Alias /webpath /full/filesystem/path
++    #
++    # If you include a trailing / on /webpath then the server will
++    # require it to be present in the URL.  You will also likely
++    # need to provide a <Directory> section to allow access to
++    # the filesystem path.
++
++    #
++    # ScriptAlias: This controls which directories contain server scripts.
++    # ScriptAliases are essentially the same as Aliases, except that
++    # documents in the target directory are treated as applications and
++    # run by the server when requested rather than as documents sent to the
++    # client.  The same rules about trailing "/" apply to ScriptAlias
++    # directives as to Alias.
++    #
++    ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"
++
++</IfModule>
++
++#
++# "/var/www/cgi-bin" should be changed to whatever your ScriptAliased
++# CGI directory exists, if you have that configured.
++#
++<Directory "/var/www/cgi-bin">
++    AllowOverride None
++    Options None
++    Require all granted
++</Directory>
++
++<IfModule mime_module>
++    #
++    # TypesConfig points to the file containing the list of mappings from
++    # filename extension to MIME-type.
++    #
++    TypesConfig /etc/mime.types
++
++    #
++    # AddType allows you to add to or override the MIME configuration
++    # file specified in TypesConfig for specific file types.
++    #
++    #AddType application/x-gzip .tgz
++    #
++    # AddEncoding allows you to have certain browsers uncompress
++    # information on the fly. Note: Not all browsers support this.
++    #
++    #AddEncoding x-compress .Z
++    #AddEncoding x-gzip .gz .tgz
++    #
++    # If the AddEncoding directives above are commented-out, then you
++    # probably should define those extensions to indicate media types:
++    #
++    AddType application/x-compress .Z
++    AddType application/x-gzip .gz .tgz
++
++    #
++    # AddHandler allows you to map certain file extensions to "handlers":
++    # actions unrelated to filetype. These can be either built into the server
++    # or added with the Action directive (see below)
++    #
++    # To use CGI scripts outside of ScriptAliased directories:
++    # (You will also need to add "ExecCGI" to the "Options" directive.)
++    #
++    #AddHandler cgi-script .cgi
++
++    # For type maps (negotiated resources):
++    #AddHandler type-map var
++
++    #
++    # Filters allow you to process content before it is sent to the client.
++    #
++    # To parse .shtml files for server-side includes (SSI):
++    # (You will also need to add "Includes" to the "Options" directive.)
++    #
++    AddType text/html .shtml
++    AddOutputFilter INCLUDES .shtml
++</IfModule>
++
++#
++# Specify a default charset for all content served; this enables
++# interpretation of all content as UTF-8 by default.  To use the
++# default browser choice (ISO-8859-1), or to allow the META tags
++# in HTML content to override this choice, comment out this
++# directive:
++#
++AddDefaultCharset UTF-8
++
++<IfModule mime_magic_module>
++    #
++    # The mod_mime_magic module allows the server to use various hints from the
++    # contents of the file itself to determine its type.  The MIMEMagicFile
++    # directive tells the module where the hint definitions are located.
++    #
++    MIMEMagicFile conf/magic
++</IfModule>
++
++#
++# Customizable error responses come in three flavors:
++# 1) plain text 2) local redirects 3) external redirects
++#
++# Some examples:
++#ErrorDocument 500 "The server made a boo boo."
++#ErrorDocument 404 /missing.html
++#ErrorDocument 404 "/cgi-bin/missing_handler.pl"
++#ErrorDocument 402 http://www.example.com/subscription_info.html
++#
++
++#
++# EnableMMAP and EnableSendfile: On systems that support it,
++# memory-mapping or the sendfile syscall may be used to deliver
++# files.  This usually improves server performance, but must
++# be turned off when serving from networked-mounted
++# filesystems or if support for these functions is otherwise
++# broken on your system.
++# Defaults if commented: EnableMMAP On, EnableSendfile Off
++#
++#EnableMMAP off
++EnableSendfile on
++
++# Supplemental configuration
++#
++# Load config files in the "/etc/httpd/conf.d" directory, if any.
++IncludeOptional conf.d/*.conf


Mime
View raw message