airavata-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From lah...@apache.org
Subject [42/49] airavata git commit: Imported ansible-airavata repo to airavata repo
Date Sat, 01 Oct 2016 23:47:04 GMT
http://git-wip-us.apache.org/repos/asf/airavata/blob/514567c8/dev-tools/ansible/roles/pga/templates/pga_config.php.j2
----------------------------------------------------------------------
diff --cc dev-tools/ansible/roles/pga/templates/pga_config.php.j2
index 0000000,0000000..7b38575
new file mode 100644
--- /dev/null
+++ b/dev-tools/ansible/roles/pga/templates/pga_config.php.j2
@@@ -1,0 -1,0 +1,248 @@@
++<?php
++return array(
++    /**
++     * *****************************************************************
++     *  WSO2 Identity Server Related Configurations
++     * *****************************************************************
++     */
++
++    'wsis' => [
++
++        /**
++         * Admin Role Name
++         */
++        'admin-role-name' => 'admin',
++
++        /**
++         * Read only Admin Role Name
++         */
++        'read-only-admin-role-name' => 'admin-read-only',
++
++        /**
++         * Gateway user role
++         */
++        'user-role-name' => 'gateway-user',
++
++        /**
++         * Tenant Domain
++         */
++        'tenant-domain' => '{{ tenant_domain }}',
++
++        /**
++         * Tenant admin's username
++         */
++        'admin-username' => '{{ admin_username }}',
++
++        /**
++         * Tenant admin's password
++         */
++        'admin-password' => '{{ admin_password }}',
++
++        /**
++         * OAuth client key
++         */
++        'oauth-client-key' => '{{ oauth_client_key }}',
++
++        /**
++         * OAuth client secret
++         */
++        'oauth-client-secret' => '{{ oauth_client_secret }}',
++
++        /**
++         * OAuth Grant Type (password or authorization_code)
++         */
++        'oauth-grant-type' => 'password',
++
++        /**
++         * Identity server domain
++         */
++        'server' => 'idp.scigap.org',
++
++        /**
++         * Identity server url
++         */
++        'service-url' => 'https://idp.scigap.org:9443/',
++
++        /**
++         * Enable HTTPS server verification
++         */
++        'verify-peer' => true,
++
++        /**
++         * Path to the server certificate file
++         */
++        'cafile-path' => app_path() . '/resources/security/idp_scigap_org.pem',
++
++        /**
++         * Allow self signed server certificates
++         */
++        'allow-self-signed-cert' => false
++    ],
++
++
++    /**
++     * *****************************************************************
++     *  Airavata Client Configurations
++     * *****************************************************************
++     */
++    'airavata' => [
++
++        /**
++         * Airavata API server location. Use tls:// as the protocol to
++         * connect TLS enabled Airavata
++         */
++        'airavata-server' => '{{ airavata_server }}',
++
++        /**
++         * Airavata API server port
++         */
++        'airavata-port' => '{{ airavata_port }}',
++
++        /**
++         * Airavata API server thrift communication timeout
++         */
++        'airavata-timeout' => '1000000',
++
++        /**
++         * PGA Gateway ID
++         */
++        'gateway-id' => '{{ gateway_id }}',
++
++        /**
++         * Maximum size of a file which is allowed to upload to the server
++         */
++        'server-allowed-file-size' => 64,
++
++        /**
++         * absolute path of the data dir
++         */
++        'experiment-data-absolute-path' => '{{ experiment_data_dir }}',
++
++        /**
++         * Advanced experiments options
++         */
++        'advanced-experiment-options' => '',
++
++        /**
++         * Default queue name
++         */
++        'queue-name' => 'long',
++
++        /**
++         * Default node count
++         */
++        'node-count' => '1',
++
++        /**
++         * Default total core count
++         */
++        'total-cpu-count' => '16',
++
++        /**
++         * Default wall time limit
++         */
++        'wall-time-limit' => '30',
++
++        /**
++         * Enable app-catalog cache
++         */
++        'enable-app-catalog-cache' => true,
++
++        /**
++         * Life time of app catalog data cache in minutes
++         */
++        'app-catalog-cache-duration' => 5,
++
++         /**
++         * Gateway data store resource id
++         */
++         'gateway-data-store-resource-id' => '{{ gateway_data_store_resource_id }}',
++
++         /**
++          * Data Sharing enabled
++          */
++          'data-sharing-enabled' => false
++    ],
++
++    /**
++     * *****************************************************************
++     *  Portal Related Configurations
++     * *****************************************************************
++     */
++    'portal' => [
++        /**
++         * Whether this portal is the SciGaP admin portal
++         */
++        'super-admin-portal' => {{ super_admin_portal }},
++
++        /**
++         * Set the name of theme in use here
++         */
++        'theme' => 'base',
++
++        /**
++         * Portal title
++         */
++        'portal-title' => 'Airavata PHP Gateway',
++
++        /**
++         * Email address of the portal admin. Portal admin well get email notifications for events
++         * such as new user creation
++         */
++        'admin-emails' => [{{ admin_emails }}],
++
++        /**
++         * Email account that the portal should login to send emails
++         */
++        'portal-email-username' => '{{ portal_email_username }}',
++
++        /**
++         * Password for the portal's email account
++         */
++        'portal-email-password' => '{{ portal_email_password }}',
++
++        /**
++         * SMTP server on which the portal should connect
++         */
++        'portal-smtp-server-host' => 'smtp.gmail.com',
++
++        /**
++         * SMTP server port on which the portal should connect
++         */
++        'portal-smtp-server-port' => '587',
++
++        /**
++         * Set JIRA Issue Collector scripts here.
++         */
++        'jira-help' =>
++        [
++            /**
++             * Report Issue Script issued for your app by Atlassian JIRA
++             */
++            'report-issue-script' => '',
++            /**
++             * Collector id at the end of the above script
++             */
++            'report-issue-collector-id' => '',
++            /**
++             * Create Report Script issued for your app by Atlassian JIRA
++             */
++            'request-feature-script' => '',
++            /**
++             * Collector id at the end of the above script
++             */
++            'request-feature-collector-id' => ''
++        ],
++
++        /**
++         * Set Google Analytics Id here. ID format that generates from
++         * creating tracker object should be
++         *
++         * UA-XXXXX-Y
++         *
++         * for it to be working correctly. Currently it is only set for
++         * sending pageviews.
++         */
++        'google-analytics-id' => ''
++    ]
++);

http://git-wip-us.apache.org/repos/asf/airavata/blob/514567c8/dev-tools/ansible/roles/pga/vars/main.yml
----------------------------------------------------------------------
diff --cc dev-tools/ansible/roles/pga/vars/main.yml
index 0000000,0000000..298e897
new file mode 100644
--- /dev/null
+++ b/dev-tools/ansible/roles/pga/vars/main.yml
@@@ -1,0 -1,0 +1,30 @@@
++---
++pga_user: "pga"
++pga_group: "pga"
++doc_root_dir: "/var/www/html/php-gateway"
++user_data_dir: "/var/www/user_data"
++#httpd_conf_file: "/etc/httpd/conf/httpd.conf"
++httpd_conf_file_location: "/etc/httpd/conf"
++
++## WSO2 IS related variables
++tenant_domain: "prod.testdrive"
++admin_username: "tdaadmin"
++admin_password: "SciDeploy"
++oauth_client_key: "RuLl_Uw7i_KXaLoAGJkiasTfyBYa"
++oauth_client_secret: "vD9yi2ANkChzgWiih3RahrIcfsoa"
++
++## Airavata Client related variables
++#airavata_server: "tls://gw77.iu.xsede.org"
++airavata_server: "{{ groups['api-orch'][0] }}"
++airavata_port: "8930"
++gateway_id: "{{ default_gateway }}"
++# relative to document root dir
++experiment_data_dir: "{{ user_data_dir }}"
++gateway_data_store_resource_id: "js-170-103.jetstream-cloud.org_6497a464-3121-4b64-a7cb-d195b0a26c19"
++
++## Portal related variables
++super_admin_portal: "true"
++admin_emails: "'sgg@iu.edu'"
++portal_email_username: "pga.airavata@gmail.com"
++portal_email_password: "airavata12"
++...

http://git-wip-us.apache.org/repos/asf/airavata/blob/514567c8/dev-tools/ansible/roles/rabbitmq/handlers/main.yml
----------------------------------------------------------------------
diff --cc dev-tools/ansible/roles/rabbitmq/handlers/main.yml
index 0000000,0000000..fef807a
new file mode 100644
--- /dev/null
+++ b/dev-tools/ansible/roles/rabbitmq/handlers/main.yml
@@@ -1,0 -1,0 +1,13 @@@
++---
++# Rabbitmq related handlers
++- name: start rabbitmq
++  service: name=rabbitmq-server state=started enabled=yes
++  become: yes
++
++- name: stop rabbitmq
++  service: name=rabbitmq-server state=stopped
++  become: yes
++
++- name: restart rabbitmq
++  service: name=rabbitmq-server state=restarted enabled=yes
++  become: yes

http://git-wip-us.apache.org/repos/asf/airavata/blob/514567c8/dev-tools/ansible/roles/rabbitmq/tasks/main.yml
----------------------------------------------------------------------
diff --cc dev-tools/ansible/roles/rabbitmq/tasks/main.yml
index 0000000,0000000..f44a0a6
new file mode 100644
--- /dev/null
+++ b/dev-tools/ansible/roles/rabbitmq/tasks/main.yml
@@@ -1,0 -1,0 +1,60 @@@
++---
++################################################################################
++# Setup and run rabbitmq
++- name: Install erlang latest version
++  yum: name=https://www.rabbitmq.com/releases/erlang/erlang-18.3-1.el7.centos.x86_64.rpm state=present
++  become: yes
++
++- name: Install Rabbitmq rpm
++  yum: name=https://www.rabbitmq.com/releases/rabbitmq-server/v3.6.3/rabbitmq-server-3.6.3-1.noarch.rpm state=present
++  become: yes
++
++  # add hostname to /etc/hosts file
++- name: get ip4 address
++  # command: dig +short myip.opendns.com @resolver1.opendns.com
++  command: hostname -i
++  register: _ip4
++
++- name: open rabbitmq ports
++  firewalld: port={{ item }} zone=public permanent=true state=enabled immediate=yes
++  with_items:
++    - "{{ rabbitmq_port }}/tcp"
++    - "{{ management_plugin_port }}/tcp"
++  become: yes
++
++- name: Edit /etc/hosts file
++  lineinfile: dest=/etc/hosts line="{{ _ip4.stdout }} {{ ansible_fqdn }}"
++  notify:
++    - restart rabbitmq
++  become: yes
++
++- name: Start Rabbitmq server
++  service: name=rabbitmq-server state=started enabled=yes
++  become: yes
++
++- name: Enable rabbitmq management plugin
++  rabbitmq_plugin: names=rabbitmq_management state=enabled
++  notify:
++    - restart rabbitmq
++  become: yes
++
++- name: Create rabbitmq vhost {{ rabbitmq_vhost }}
++  rabbitmq_vhost: name="{{ rabbitmq_vhost }}" state=present
++  become: yes
++
++- name: Add user {{ rabbitmq_user }} to vhost {{ rabbitmq_vhost }}  and give permission
++  rabbitmq_user: user="{{ rabbitmq_user }}"
++                 password="{{ rabbitmq_password }}"
++                 vhost="{{ rabbitmq_vhost }}"
++                 tags="administrator"
++                 configure_priv=.*
++                 read_priv=.*
++                 write_priv=.*
++                 state=present
++  become: yes
++
++- name: restart rabbitmq
++  service: name=rabbitmq-server state=restarted
++  become: yes
++
++...

http://git-wip-us.apache.org/repos/asf/airavata/blob/514567c8/dev-tools/ansible/roles/rabbitmq/vars/main.yml
----------------------------------------------------------------------
diff --cc dev-tools/ansible/roles/rabbitmq/vars/main.yml
index 0000000,0000000..c5ab904
new file mode 100644
--- /dev/null
+++ b/dev-tools/ansible/roles/rabbitmq/vars/main.yml
@@@ -1,0 -1,0 +1,2 @@@
++---
++management_plugin_port: "15672"

http://git-wip-us.apache.org/repos/asf/airavata/blob/514567c8/dev-tools/ansible/roles/registry/files/mysql-connector-java-5.1.37-bin.jar
----------------------------------------------------------------------
diff --cc dev-tools/ansible/roles/registry/files/mysql-connector-java-5.1.37-bin.jar
index 0000000,0000000..465af67
new file mode 100644
Binary files differ

http://git-wip-us.apache.org/repos/asf/airavata/blob/514567c8/dev-tools/ansible/roles/registry/tasks/main.yml
----------------------------------------------------------------------
diff --cc dev-tools/ansible/roles/registry/tasks/main.yml
index 0000000,0000000..9bd2784
new file mode 100644
--- /dev/null
+++ b/dev-tools/ansible/roles/registry/tasks/main.yml
@@@ -1,0 -1,0 +1,59 @@@
++---
++
++################################################################################
++- name: Create registry deployment directory
++  file: path="{{ registry_dir }}" state=directory owner={{ user }} group={{ group }}
++  when: build|success
++
++- name: Check previous deployments
++  stat: path="{{ registry_dir }}/{{ airavata_dist }}" get_md5=no get_checksum=no
++  register: check
++
++- name: stop registry
++  command: ./bin/airavata-server-stop.sh -f
++           chdir="{{ registry_dir }}/{{ airavata_dist }}/"
++           removes="{{ registry_dir }}/{{ airavata_dist }}/bin/server_start_*"
++  when: check.stat.exists == True
++
++- name: Delete previous deployments
++  file: path="{{ registry_dir }}/{{ airavata_dist }}" state=absent
++
++- name: Copy distribution to registry deployment directory
++  unarchive: src="{{ airavata_source_dir }}/modules/distribution/target/{{ airavata_dist_name }}"
++             dest="{{ registry_dir }}/"
++             copy=no
++
++- name: set gfac private ip
++  set_fact:
++    registry_host: "{{ ansible_eth0.ipv4.address }}"
++
++- name: Copy Airavata server properties file
++  template: src=airavata-server.properties.j2
++            dest="{{ registry_dir }}/{{ airavata_dist }}/bin/airavata-server.properties"
++            owner={{ user }}
++            group={{ group }}
++            mode="u=rw,g=r,o=r"
++
++- name: Copy Mysql jar to lib
++  copy: src="{{ mysql_connector_jar }}"
++        dest="{{ registry_dir }}/{{ airavata_dist }}/lib/{{ mysql_connector_jar }}"
++        owner={{ user }}
++        group={{ group }}
++
++
++- name: Open firwall ports
++  firewalld: port="{{ registry_port }}/tcp" zone=public permanent=true state=enabled immediate=yes
++  become_user: root
++
++- name: stop registry
++  command: ./bin/airavata-server-stop.sh -f
++           chdir="{{ registry_dir }}/{{ airavata_dist }}/"
++           removes="{{ registry_dir }}/{{ airavata_dist }}/bin/server_start_*"
++
++- name: start registry
++  command: ./bin/airavata-server-start.sh regserver -d
++           chdir="{{ registry_dir }}/{{ airavata_dist }}/"
++           creates="{{ registry_dir }}/{{ airavata_dist }}/bin/server_start_*"
++
++
++...

http://git-wip-us.apache.org/repos/asf/airavata/blob/514567c8/dev-tools/ansible/roles/registry/templates/airavata-server.properties.j2
----------------------------------------------------------------------
diff --cc dev-tools/ansible/roles/registry/templates/airavata-server.properties.j2
index 0000000,0000000..b8d093e
new file mode 100644
--- /dev/null
+++ b/dev-tools/ansible/roles/registry/templates/airavata-server.properties.j2
@@@ -1,0 -1,0 +1,281 @@@
++#
++#
++# Licensed to the Apache Software Foundation (ASF) under one
++# or more contributor license agreements.  See the NOTICE file
++# distributed with this work for additional information
++# regarding copyright ownership.  The ASF licenses this file
++# to you under the Apache License, Version 2.0 (the
++# "License"); you may not use this file except in compliance
++# with the License.  You may obtain a copy of the License at
++#
++#   http://www.apache.org/licenses/LICENSE-2.0
++#
++# Unless required by applicable law or agreed to in writing,
++# software distributed under the License is distributed on an
++# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
++# KIND, either express or implied.  See the License for the
++# specific language governing permissions and limitations
++# under the License.
++#
++
++###########################################################################
++#
++#  This properties file provides configuration for all Airavata Services:
++#  API Server, Registry, Workflow Interpreter, GFac, Orchestrator
++#
++###########################################################################
++
++###########################################################################
++#  API Server Registry Configuration
++###########################################################################
++
++#for derby [AiravataJPARegistry]
++#registry.jdbc.driver=org.apache.derby.jdbc.ClientDriver
++#registry.jdbc.url=jdbc:derby://localhost:1527/experiment_catalog;create=true;user=airavata;password=airavata
++# MySql database configuration
++registry.jdbc.driver=com.mysql.jdbc.Driver
++registry.jdbc.url=jdbc:mysql://{{ db_server }}:{{ db_server_port }}/{{ exp_catalog }}
++registry.jdbc.user={{ db_user }}
++registry.jdbc.password={{ db_password }}
++#FIXME: Probably the following property should be removed.
++start.derby.server.mode=false
++validationQuery=SELECT 1 from CONFIGURATION
++cache.enable=false
++jpa.cache.size=-1
++#jpa.connection.properties=MaxActive=10,MaxIdle=5,MinIdle=2,MaxWait=60000,testWhileIdle=true,testOnBorrow=true
++enable.sharing={{enable_sharing}}
++
++# Properties for default user mode
++default.registry.user=admin
++default.registry.password=admin
++default.registry.password.hash.method=SHA
++default.registry.gateway={{ default_gateway }}
++
++###########################################################################
++#  Application Catalog DB Configuration
++###########################################################################
++#for derby [AiravataJPARegistry]
++#appcatalog.jdbc.driver=org.apache.derby.jdbc.ClientDriver
++#appcatalog.jdbc.url=jdbc:derby://localhost:1527/app_catalog;create=true;user=airavata;password=airavata
++# MySql database configuration
++appcatalog.jdbc.driver=com.mysql.jdbc.Driver
++appcatalog.jdbc.url=jdbc:mysql://{{ db_server }}:3306/{{ app_catalog }}
++appcatalog.jdbc.user={{ db_user }}
++appcatalog.jdbc.password={{ db_password }}
++appcatalog.validationQuery=SELECT 1 from CONFIGURATION
++
++##########################################################################
++#  Replica Catalog DB Configuration
++###########################################################################
++#for derby [AiravataJPARegistry]
++#replicacatalog.jdbc.driver=org.apache.derby.jdbc.ClientDriver
++#replicacatalog.jdbc.url=jdbc:derby://localhost:1527/replica_catalog;create=true;user=airavata;password=airavata
++# MySql database configuration
++replicacatalog.jdbc.driver=com.mysql.jdbc.Driver
++replicacatalog.jdbc.url=jdbc:mysql://{{ db_server }}:3306/{{ replica_catalog }}
++replicacatalog.jdbc.user={{ db_user }}
++replicacatalog.jdbc.password={{ db_password }}
++replicacatalog.validationQuery=SELECT 1 from CONFIGURATION
++
++###########################################################################
++#  Workflow Catalog DB Configuration
++###########################################################################
++#for derby [AiravataJPARegistry]
++#workflowcatalog.jdbc.driver=org.apache.derby.jdbc.ClientDriver
++#workflowcatalog.jdbc.url=jdbc:derby://localhost:1527/workflow_catalog;create=true;user=airavata;password=airavata
++# MySql database configuration
++workflowcatalog.jdbc.driver=com.mysql.jdbc.Driver
++workflowcatalog.jdbc.url=jdbc:mysql://{{ db_server }}:3306/{{ replica_catalog }}
++workflowcatalog.jdbc.user={{ db_user }}
++workflowcatalog.jdbc.password={{ db_password }}
++workflowcatalog.validationQuery=SELECT 1 from CONFIGURATION
++
++###########################################################################
++#  User Profile MongoDB Configuration
++###########################################################################
++userprofile.mongodb.host=localhost
++userprofile.mongodb.port=27017
++
++
++###########################################################################
++#  Server module Configuration
++###########################################################################
++#credential store server should be started before API server
++#This is obsolete property with new script files.
++#servers=credentialstore,apiserver,orchestrator
++
++
++###########################################################################
++#  API Server Configurations
++###########################################################################
++apiserver=org.apache.airavata.api.server.AiravataAPIServer
++apiserver.name={{ api_server_name }}
++apiserver.host={{ api_server_host }}
++apiserver.port={{ api_server_port }}
++apiserver.min.threads=50
++
++###########################################################################
++#  Orchestrator Server Configurations
++###########################################################################
++orchestrator=org.apache.airavata.orchestrator.server.OrchestratorServer
++orchestrator.server.name={{ orchestrator_name }}
++orchestrator.server.host={{ orchestrator_host }}
++orchestrator.server.port={{ orchestrator_port }}
++orchestrator.server.min.threads=50
++job.validators=org.apache.airavata.orchestrator.core.validator.impl.BatchQueueValidator,org.apache.airavata.orchestrator.core.validator.impl.ExperimentStatusValidator
++submitter.interval=10000
++threadpool.size=10
++start.submitter=true
++embedded.mode=true
++enable.validation=true
++
++###########################################################################
++#  Registry Server Configurations
++###########################################################################
++regserver=org.apache.airavata.registry.api.service.RegistryAPIServer
++regserver.server.name={{registry_name}}
++regserver.server.host={{registry_host}}
++regserver.server.port={{registry_port}}
++regserver.server.min.threads=50
++
++###########################################################################
++#  GFac Server Configurations
++###########################################################################
++gfac=org.apache.airavata.gfac.server.GfacServer
++gfac.server.name={{ gfac_name }}
++gfac.server.host={{ gfac_host }}
++gfac.server.port={{ gfac_port }}
++gfac.thread.pool.size=50
++host.scheduler=org.apache.airavata.gfac.impl.DefaultHostScheduler
++
++
++
++###########################################################################
++# Airavata Workflow Interpreter Configurations
++###########################################################################
++workflowserver=org.apache.airavata.api.server.WorkflowServer
++enactment.thread.pool.size=10
++
++#to define custom workflow parser user following property
++#workflow.parser=org.apache.airavata.workflow.core.parser.AiravataWorkflowBuilder
++
++
++
++###########################################################################
++#  Job Scheduler can send informative email messages to you about the status of your job.
++# Specify a string which consists of either the single character "n" (no mail), or one or more
++#  of the characters "a" (send mail when job is aborted), "b" (send mail when job begins),
++# and "e" (send mail when job terminates).  The default is "a" if not specified.
++###########################################################################
++
++job.notification.enable=true
++#Provide comma separated email ids as a string if more than one
++job.notification.emailids=
++job.notification.flags=abe
++
++###########################################################################
++# Credential Store module Configuration
++###########################################################################
++credential.store.keystore.url={{ keystores_location }}/{{ cred_keystore }}
++credential.store.keystore.alias={{ cred_keystore_alias }}
++credential.store.keystore.password={{ cred_keystore_passwd }}
++credential.store.jdbc.url=jdbc:mysql://{{ db_server }}:3306/{{ credential_store }}
++credential.store.jdbc.user={{ db_user }}
++credential.store.jdbc.password={{ db_password }}
++credential.store.jdbc.driver=com.mysql.jdbc.Driver
++credential.store.server.host={{ cred_store_server_host }}
++credential.store.server.port={{ cred_store_port }}
++credentialstore=org.apache.airavata.credential.store.server.CredentialStoreServer
++credential.stroe.jdbc.validationQuery=SELECT 1 from CONFIGURATION
++
++# these properties used by credential store email notifications
++email.server=smtp.googlemail.com
++email.server.port=465
++email.user=airavata
++email.password=xxx
++email.ssl=true
++email.from=airavata@apache.org
++
++# SSH PKI key pair or ssh password can be used SSH based sshKeyAuthentication is used.
++# if user specify both password sshKeyAuthentication gets the higher preference
++
++################# ---------- For ssh key pair sshKeyAuthentication ------------------- ################
++#ssh.public.key=/path to public key for ssh
++#ssh.private.key=/path to private key file for ssh
++#ssh.keypass=passphrase for the private key
++#ssh.username=username for ssh connection
++## If you set "yes" for ssh.strict.hostKey.checking, then you must provide known hosts file path
++#ssh.strict.hostKey.checking=yes/no
++#ssh.known.hosts.file=/path to known hosts file
++### Incase of password sshKeyAuthentication.
++#ssh.password=Password for ssh connection
++
++################ ---------- BES Properties ------------------- ###############
++#bes.ca.cert.path=<location>/certificates/cacert.pem
++#bes.ca.key.path=<location>/certificates/cakey.pem
++#bes.ca.key.pass=passphrase
++
++###########################################################################
++# Monitoring module Configuration
++###########################################################################
++
++#This will be the primary monitoring tool which runs in airavata, in future there will be multiple monitoring
++#mechanisms and one would be able to start a monitor
++monitors=org.apache.airavata.gfac.monitor.impl.pull.qstat.QstatMonitor,org.apache.airavata.gfac.monitor.impl.LocalJobMonitor
++
++#These properties will used to enable email base monitoring
++email.based.monitor.host=imap.gmail.com
++email.based.monitor.address={{ monitor_email_address }}
++email.based.monitor.password={{ monitor_email_password }}
++email.based.monitor.folder.name=INBOX
++# either imaps or pop3
++email.based.monitor.store.protocol=imaps
++#These property will be used to query the email server periodically. value in milliseconds(ms).
++email.based.monitoring.period=10000
++
++###########################################################################
++# AMQP Notification Configuration
++###########################################################################
++#for simple scenarios we can use the guest user
++#rabbitmq.broker.url=amqp://localhost:5672
++#for production scenarios, give url as amqp://userName:password@hostName:portNumber/virtualHost, create user, virtualhost
++# and give permissions, refer: http://blog.dtzq.com/2012/06/rabbitmq-users-and-virtual-hosts.html
++rabbitmq.broker.url={{ rabbitmq_broker_url }}
++rabbitmq.status.exchange.name=status_exchange
++rabbitmq.process.exchange.name=process_exchange
++rabbitmq.experiment.exchange.name=experiment_exchange
++durable.queue=false
++prefetch.count=200
++process.launch.queue.name=process.launch.queue
++experiment.launch..queue.name=experiment.launch.queue
++
++###########################################################################
++# Zookeeper Server Configuration
++###########################################################################
++embedded.zk=false
++zookeeper.server.connection={{ zookeeper_url }}
++zookeeper.timeout=30000
++
++########################################################################
++## API Security Configuration
++########################################################################
++api.secured={{ api_secured }}
++security.manager.class=org.apache.airavata.api.server.security.DefaultAiravataSecurityManager
++### TLS related configuration ####
++TLS.enabled={{ tls_enable }}
++TLS.api.server.port={{ api_server_tls_port }}
++TLS.client.timeout=10000
++#### keystore configuration ####
++keystore.path={{ keystores_location }}/{{ keystore }}
++keystore.password={{ keystore_passwd }}
++#### trust store configuration ####
++trust.store={{ keystores_location }}/{{ client_truststore }}
++trust.store.password=airavata
++#### remote authorization server url ####
++remote.oauth.authorization.server=https://idp.scigap.org:9443/services/
++#### xacml based authorization policy ####
++authorization.policy=airavata-default-xacml-policy
++#### authorization cache related configuration ####
++authz.cache.enabled=true
++authz.cache.manager.class=org.apache.airavata.api.server.security.authzcache.DefaultAuthzCacheManager
++in.memory.cache.size=1000

http://git-wip-us.apache.org/repos/asf/airavata/blob/514567c8/dev-tools/ansible/roles/wso2_is/tasks/main.yml
----------------------------------------------------------------------
diff --cc dev-tools/ansible/roles/wso2_is/tasks/main.yml
index 0000000,0000000..1e506c2
new file mode 100644
--- /dev/null
+++ b/dev-tools/ansible/roles/wso2_is/tasks/main.yml
@@@ -1,0 -1,0 +1,41 @@@
++---
++- name: install role pre-requireties
++  yum: name=unzip state=latest update_cache=yes
++  become: yes
++
++# downlaod wso2 is
++# extract it
++# - name: Download and unarchive wso2 is
++#   unarchive: src="{{ zookeeper_url }}" dest="{{ user_home }}" copy=no owner="{{ user }}" group="{{ group }}"
++# for now wso2is from localhost
++
++- name: copy WSO2 IS
++  unarchive: >
++    src="{{ wso2_is_dist }}"
++    dest="{{ user_home }}/"
++    owner="{{ user }}"
++    group="{{ group }}"
++    creates="{{ user_home }}/{{ wso2_is_dir }}/bin/wso2server.sh"
++
++- name: copy carbon.xml
++  template: >
++    src=carbon.xml.j2
++    dest="{{ user_home }}/{{ wso2_is_dir }}/repository/conf/carbon.xml"
++    owner="{{ user }}"
++    group="{{ group }}"
++    mode="u=rw,g=r,o=r"
++
++- name: open carabon management console port
++  firewalld: port=9443/tcp zone=public permanent=true state=enabled immediate=yes
++  become: yes
++
++# start wso2 is server
++- name: start wso2 is
++  command: ./bin/wso2server.sh start chdir="{{ user_home }}/{{ wso2_is_dir }}/" creates="{{ user_home }}/{{ wso2_is_dir }}/wso2carbon.pid"
++  environment:
++    JAVA_HOME: "{{ java_home }}"
++
++# - name: stop wso2 is
++  # command: ./bin/airavata-server-stop.sh -f chdir="{{ gfac_dir }}/{{ airavata_dist }}/" removes="{{ gfac_dir }}/{{ airavata_dist }}/bin/server_start_*"
++
++...

http://git-wip-us.apache.org/repos/asf/airavata/blob/514567c8/dev-tools/ansible/roles/wso2_is/templates/carbon.xml.j2
----------------------------------------------------------------------
diff --cc dev-tools/ansible/roles/wso2_is/templates/carbon.xml.j2
index 0000000,0000000..5f421f2
new file mode 100755
--- /dev/null
+++ b/dev-tools/ansible/roles/wso2_is/templates/carbon.xml.j2
@@@ -1,0 -1,0 +1,688 @@@
++<?xml version="1.0" encoding="ISO-8859-1"?>
++<!--
++ Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
++
++ Licensed under the Apache License, Version 2.0 (the "License");
++ you may not use this file except in compliance with the License.
++ You may obtain a copy of the License at
++
++ http://www.apache.org/licenses/LICENSE-2.0
++
++ Unless required by applicable law or agreed to in writing, software
++ distributed under the License is distributed on an "AS IS" BASIS,
++ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
++ See the License for the specific language governing permissions and
++ limitations under the License.
++-->
++
++<!--
++    This is the main server configuration file
++
++    ${carbon.home} represents the carbon.home system property.
++    Other system properties can be specified in a similar manner.
++-->
++<Server xmlns="http://wso2.org/projects/carbon/carbon.xml">
++
++    <!--
++       Product Name
++    -->
++    <Name>WSO2 Identity Server</Name>
++
++    <!--
++       machine readable unique key to identify each product
++    -->
++    <ServerKey>IS</ServerKey>
++
++    <!--
++       Product Version
++    -->
++    <Version>5.1.0</Version>
++
++    <!--
++       Host name or IP address of the machine hosting this server
++       e.g. www.wso2.org, 192.168.1.10
++       This is will become part of the End Point Reference of the
++       services deployed on this server instance.
++    -->
++    <HostName>{{ ansible_fqdn }}</HostName>
++
++    <!--
++    Host name to be used for the Carbon management console
++    -->
++    <MgtHostName>localhost</MgtHostName>
++
++    <!--
++        The URL of the back end server. This is where the admin services are hosted and
++        will be used by the clients in the front end server.
++        This is required only for the Front-end server. This is used when seperating BE server from FE server
++       -->
++    <ServerURL>local:/${carbon.context}/services/</ServerURL>
++    <!--
++    <ServerURL>https://localhost:${carbon.management.port}${carbon.context}/services/</ServerURL>
++    -->
++     <!--
++     The URL of the index page. This is where the user will be redirected after signing in to the
++     carbon server.
++     -->
++    <!-- IndexPageURL>/carbon/admin/index.jsp</IndexPageURL-->
++
++    <!--
++    For cApp deployment, we have to identify the roles that can be acted by the current server.
++    The following property is used for that purpose. Any number of roles can be defined here.
++    Regular expressions can be used in the role.
++    Ex : <Role>.*</Role> means this server can act any role
++    -->
++    <ServerRoles>
++        <Role>IdentityServer</Role>
++    </ServerRoles>
++
++    <!-- uncommnet this line to subscribe to a bam instance automatically -->
++    <!--<BamServerURL>https://bamhost:bamport/services/</BamServerURL>-->
++
++    <!--
++       The fully qualified name of the server
++    -->
++    <Package>org.wso2.carbon</Package>
++
++    <!--
++       Webapp context root of WSO2 Carbon management console.
++    -->
++    <WebContextRoot>/</WebContextRoot>
++
++    <!--
++    	Proxy context path is a useful parameter to add a proxy path when a Carbon server is fronted by reverse proxy. In addtion
++        to the proxy host and proxy port this parameter allows you add a path component to external URLs. e.g.
++     		URL of the Carbon server -> https://10.100.1.1:9443/carbon
++   		URL of the reverse proxy -> https://prod.abc.com/appserver/carbon
++
++   	appserver - proxy context path. This specially required whenever you are generating URLs to displace in
++   	Carbon UI components.
++    -->
++    <!--
++    	<MgtProxyContextPath></MgtProxyContextPath>
++    	<ProxyContextPath></ProxyContextPath>
++    -->
++
++    <!-- In-order to  get the registry http Port from the back-end when the default http transport is not the same-->
++    <!--RegistryHttpPort>9763</RegistryHttpPort-->
++
++    <!--
++    Number of items to be displayed on a management console page. This is used at the
++    backend server for pagination of various items.
++    -->
++    <ItemsPerPage>15</ItemsPerPage>
++
++    <!-- The endpoint URL of the cloud instance management Web service -->
++    <!--<InstanceMgtWSEndpoint>https://ec2.amazonaws.com/</InstanceMgtWSEndpoint>-->
++
++    <!--
++       Ports used by this server
++    -->
++    <Ports>
++
++        <!-- Ports offset. This entry will set the value of the ports defined below to
++         the define value + Offset.
++         e.g. Offset=2 and HTTPS port=9443 will set the effective HTTPS port to 9445
++         -->
++        <Offset>0</Offset>
++
++        <!-- The JMX Ports -->
++        <JMX>
++            <!--The port RMI registry is exposed-->
++            <RMIRegistryPort>9999</RMIRegistryPort>
++            <!--The port RMI server should be exposed-->
++            <RMIServerPort>11111</RMIServerPort>
++        </JMX>
++
++        <!-- Embedded LDAP server specific ports -->
++        <EmbeddedLDAP>
++            <!-- Port which embedded LDAP server runs -->
++            <LDAPServerPort>10389</LDAPServerPort>
++            <!-- Port which KDC (Kerberos Key Distribution Center) server runs -->
++            <KDCServerPort>8000</KDCServerPort>
++        </EmbeddedLDAP>
++
++	<!--
++             Override datasources JNDIproviderPort defined in bps.xml and datasources.properties files
++	-->
++	<!--<JNDIProviderPort>2199</JNDIProviderPort>-->
++	<!--Override receive port of thrift based entitlement service.-->
++	<ThriftEntitlementReceivePort>10500</ThriftEntitlementReceivePort>
++
++    <!--
++     This is the proxy port of the worker cluster. These need to be configured in a scenario where
++     manager node is not exposed through the load balancer through which the workers are exposed
++     therefore doesn't have a proxy port.
++    <WorkerHttpProxyPort>80</WorkerHttpProxyPort>
++    <WorkerHttpsProxyPort>443</WorkerHttpsProxyPort>
++    -->
++
++    </Ports>
++
++    <!--
++        JNDI Configuration
++    -->
++    <JNDI>
++        <!--
++             The fully qualified name of the default initial context factory
++        -->
++        <DefaultInitialContextFactory>org.wso2.carbon.tomcat.jndi.CarbonJavaURLContextFactory</DefaultInitialContextFactory>
++        <!--
++             The restrictions that are done to various JNDI Contexts in a Multi-tenant environment
++        -->
++        <Restrictions>
++            <!--
++                Contexts that will be available only to the super-tenant
++            -->
++            <!-- <SuperTenantOnly>
++                <UrlContexts>
++                    <UrlContext>
++                        <Scheme>foo</Scheme>
++                    </UrlContext>
++                    <UrlContext>
++                        <Scheme>bar</Scheme>
++                    </UrlContext>
++                </UrlContexts>
++            </SuperTenantOnly> -->
++            <!--
++                Contexts that are common to all tenants
++            -->
++            <AllTenants>
++                <UrlContexts>
++                    <UrlContext>
++                        <Scheme>java</Scheme>
++                    </UrlContext>
++                    <!-- <UrlContext>
++                        <Scheme>foo</Scheme>
++                    </UrlContext> -->
++                </UrlContexts>
++            </AllTenants>
++            <!--
++                 All other contexts not mentioned above will be available on a per-tenant basis
++                 (i.e. will not be shared among tenants)
++            -->
++        </Restrictions>
++    </JNDI>
++
++    <!--
++        Property to determine if the server is running an a cloud deployment environment.
++        This property should only be used to determine deployment specific details that are
++        applicable only in a cloud deployment, i.e when the server deployed *-as-a-service.
++    -->
++    <IsCloudDeployment>false</IsCloudDeployment>
++
++    <!--
++	Property to determine whether usage data should be collected for metering purposes
++    -->
++    <EnableMetering>false</EnableMetering>
++
++    <!-- The Max time a thread should take for execution in seconds -->
++    <MaxThreadExecutionTime>600</MaxThreadExecutionTime>
++
++    <!--
++        A flag to enable or disable Ghost Deployer. By default this is set to false. That is
++        because the Ghost Deployer works only with the HTTP/S transports. If you are using
++        other transports, don't enable Ghost Deployer.
++    -->
++    <GhostDeployment>
++        <Enabled>false</Enabled>
++    </GhostDeployment>
++
++
++    <!--
++        Eager loading or lazy loading is a design pattern commonly used in computer programming which
++        will initialize an object upon creation or load on-demand. In carbon, lazy loading is used to
++        load tenant when a request is received only. Similarly Eager loading is used to enable load
++        existing tenants after carbon server starts up. Using this feature, you will be able to include
++        or exclude tenants which are to be loaded when server startup.
++
++        We can enable only one LoadingPolicy at a given time.
++
++        1. Tenant Lazy Loading
++           This is the default behaviour and enabled by default. With this policy, tenants are not loaded at
++           server startup, but loaded based on-demand (i.e when a request is received for a tenant).
++           The default tenant idle time is 30 minutes.
++
++        2. Tenant Eager Loading
++           This is by default not enabled. It can be be enabled by un-commenting the <EagerLoading> section.
++           The eager loading configurations supported are as below. These configurations can be given as the
++           value for <Include> element with eager loading.
++                (i)Load all tenants when server startup             -   *
++                (ii)Load all tenants except foo.com & bar.com       -   *,!foo.com,!bar.com
++                (iii)Load only foo.com &  bar.com to be included    -   foo.com,bar.com
++    -->
++    <Tenant>
++        <LoadingPolicy>
++            <LazyLoading>
++                <IdleTime>30</IdleTime>
++            </LazyLoading>
++            <!-- <EagerLoading>
++                   <Include>*,!foo.com,!bar.com</Include>
++            </EagerLoading>-->
++        </LoadingPolicy>
++    </Tenant>
++
++    <!--
++     Caching related configurations
++    -->
++    <Cache>
++        <!-- Default cache timeout in minutes -->
++        <DefaultCacheTimeout>15</DefaultCacheTimeout>
++    </Cache>
++
++    <!--
++    Axis2 related configurations
++    -->
++    <Axis2Config>
++        <!--
++             Location of the Axis2 Services & Modules repository
++
++             This can be a directory in the local file system, or a URL.
++
++             e.g.
++             1. /home/wso2wsas/repository/ - An absolute path
++             2. repository - In this case, the path is relative to CARBON_HOME
++             3. file:///home/wso2wsas/repository/
++             4. http://wso2wsas/repository/
++        -->
++        <RepositoryLocation>${carbon.home}/repository/deployment/server/</RepositoryLocation>
++
++        <!--
++         Deployment update interval in seconds. This is the interval between repository listener
++         executions.
++        -->
++        <DeploymentUpdateInterval>15</DeploymentUpdateInterval>
++
++        <!--
++            Location of the main Axis2 configuration descriptor file, a.k.a. axis2.xml file
++
++            This can be a file on the local file system, or a URL
++
++            e.g.
++            1. /home/repository/axis2.xml - An absolute path
++            2. conf/axis2.xml - In this case, the path is relative to CARBON_HOME
++            3. file:///home/carbon/repository/axis2.xml
++            4. http://repository/conf/axis2.xml
++        -->
++        <ConfigurationFile>${carbon.home}/repository/conf/axis2/axis2.xml</ConfigurationFile>
++
++        <!--
++          ServiceGroupContextIdleTime, which will be set in ConfigurationContex
++          for multiple clients which are going to access the same ServiceGroupContext
++          Default Value is 30 Sec.
++        -->
++        <ServiceGroupContextIdleTime>30000</ServiceGroupContextIdleTime>
++
++        <!--
++          This repository location is used to crete the client side configuration
++          context used by the server when calling admin services.
++        -->
++        <ClientRepositoryLocation>${carbon.home}/repository/deployment/client/</ClientRepositoryLocation>
++        <!-- This axis2 xml is used in createing the configuration context by the FE server
++         calling to BE server -->
++        <clientAxis2XmlLocation>${carbon.home}/repository/conf/axis2/axis2_client.xml</clientAxis2XmlLocation>
++        <!-- If this parameter is set, the ?wsdl on an admin service will not give the admin service wsdl. -->
++        <HideAdminServiceWSDLs>true</HideAdminServiceWSDLs>
++
++	<!--WARNING-Use With Care! Uncommenting bellow parameter would expose all AdminServices in HTTP transport.
++	With HTTP transport your credentials and data routed in public channels are vulnerable for sniffing attacks.
++	Use bellow parameter ONLY if your communication channels are confirmed to be secured by other means -->
++        <!--HttpAdminServices>*</HttpAdminServices-->
++
++    </Axis2Config>
++
++    <!--
++       The default user roles which will be created when the server
++       is started up for the first time.
++    -->
++    <ServiceUserRoles>
++        <Role>
++            <Name>admin</Name>
++            <Description>Default Administrator Role</Description>
++        </Role>
++        <Role>
++            <Name>user</Name>
++            <Description>Default User Role</Description>
++        </Role>
++    </ServiceUserRoles>
++
++    <!--
++      Enable following config to allow Emails as usernames.
++    -->
++    <!--EnableEmailUserName>true</EnableEmailUserName-->
++
++    <!--
++      Security configurations
++    -->
++    <Security>
++        <!--
++            KeyStore which will be used for encrypting/decrypting passwords
++            and other sensitive information.
++        -->
++        <KeyStore>
++            <!-- Keystore file location-->
++            <Location>${carbon.home}/repository/resources/security/wso2carbon.jks</Location>
++            <!-- Keystore type (JKS/PKCS12 etc.)-->
++            <Type>JKS</Type>
++            <!-- Keystore password-->
++            <Password>wso2carbon</Password>
++            <!-- Private Key alias-->
++            <KeyAlias>wso2carbon</KeyAlias>
++            <!-- Private Key password-->
++            <KeyPassword>wso2carbon</KeyPassword>
++        </KeyStore>
++
++        <!--
++            System wide trust-store which is used to maintain the certificates of all
++            the trusted parties.
++        -->
++        <TrustStore>
++            <!-- trust-store file location -->
++            <Location>${carbon.home}/repository/resources/security/client-truststore.jks</Location>
++            <!-- trust-store type (JKS/PKCS12 etc.) -->
++            <Type>JKS</Type>
++            <!-- trust-store password -->
++            <Password>wso2carbon</Password>
++        </TrustStore>
++
++        <!--
++            The Authenticator configuration to be used at the JVM level. We extend the
++            java.net.Authenticator to make it possible to authenticate to given servers and
++            proxies.
++        -->
++        <NetworkAuthenticatorConfig>
++            <!--
++                Below is a sample configuration for a single authenticator. Please note that
++                all child elements are mandatory. Not having some child elements would lead to
++                exceptions at runtime.
++            -->
++            <!-- <Credential> -->
++                <!--
++                    the pattern that would match a subset of URLs for which this authenticator
++                    would be used
++                -->
++                <!-- <Pattern>regularExpression</Pattern> -->
++                <!--
++                    the type of this authenticator. Allowed values are:
++                    1. server
++                    2. proxy
++                -->
++                <!-- <Type>proxy</Type> -->
++                <!-- the username used to log in to server/proxy -->
++                <!-- <Username>username</Username> -->
++                <!-- the password used to log in to server/proxy -->
++                <!-- <Password>password</Password> -->
++            <!-- </Credential> -->
++        </NetworkAuthenticatorConfig>
++
++        <!--
++         The Tomcat realm to be used for hosted Web applications. Allowed values are;
++         1. UserManager
++         2. Memory
++
++         If this is set to 'UserManager', the realm will pick users & roles from the system's
++         WSO2 User Manager. If it is set to 'memory', the realm will pick users & roles from
++         CARBON_HOME/repository/conf/tomcat/tomcat-users.xml
++        -->
++        <TomcatRealm>UserManager</TomcatRealm>
++
++	<!--Option to disable storing of tokens issued by STS-->
++	<DisableTokenStore>false</DisableTokenStore>
++
++	<!--
++	 Security token store class name. If this is not set, default class will be
++	 org.wso2.carbon.security.util.SecurityTokenStore
++	-->
++	<TokenStoreClassName>org.wso2.carbon.identity.sts.store.DBTokenStore</TokenStoreClassName>
++
++
++
++        <!-- Configurations to avoid Cross Site Request Forgery vulnerabilities -->
++        <CSRFPreventionConfig>
++            <!-- CSRFPreventionFilter configurations that adopts Synchronizer Token Pattern -->
++            <CSRFPreventionFilter>
++                <!-- Set below to true to enable the CSRFPreventionFilter -->
++                <Enabled>false</Enabled>
++                <!-- Url Pattern to skip application of CSRF protection-->
++                <SkipUrlPattern>(.*)(/images|/css|/js|/docs)(.*)</SkipUrlPattern>
++            </CSRFPreventionFilter>
++        </CSRFPreventionConfig>
++
++        <!-- Configuration to enable or disable CR and LF sanitization filter-->
++        <CRLFPreventionConfig>
++            <!--Set below to true to enable the CRLFPreventionFilter-->
++            <Enabled>true</Enabled>
++        </CRLFPreventionConfig>
++    </Security>
++
++    <!--
++       The temporary work directory
++    -->
++    <WorkDirectory>${carbon.home}/tmp/work</WorkDirectory>
++
++    <!--
++       House-keeping configuration
++    -->
++    <HouseKeeping>
++
++        <!--
++           true  - Start House-keeping thread on server startup
++           false - Do not start House-keeping thread on server startup.
++                   The user will run it manually as and when he wishes.
++        -->
++        <AutoStart>true</AutoStart>
++
++        <!--
++           The interval in *minutes*, between house-keeping runs
++        -->
++        <Interval>10</Interval>
++
++        <!--
++          The maximum time in *minutes*, temp files are allowed to live
++          in the system. Files/directories which were modified more than
++          "MaxTempFileLifetime" minutes ago will be removed by the
++          house-keeping task
++        -->
++        <MaxTempFileLifetime>30</MaxTempFileLifetime>
++    </HouseKeeping>
++
++    <!--
++       Configuration for handling different types of file upload & other file uploading related
++       config parameters.
++       To map all actions to a particular FileUploadExecutor, use
++       <Action>*</Action>
++    -->
++    <FileUploadConfig>
++        <!--
++           The total file upload size limit in MB
++        -->
++        <TotalFileSizeLimit>100</TotalFileSizeLimit>
++
++        <Mapping>
++            <Actions>
++                <Action>keystore</Action>
++                <Action>certificate</Action>
++                <Action>*</Action>
++            </Actions>
++            <Class>org.wso2.carbon.ui.transports.fileupload.AnyFileUploadExecutor</Class>
++        </Mapping>
++
++        <Mapping>
++            <Actions>
++                <Action>jarZip</Action>
++            </Actions>
++            <Class>org.wso2.carbon.ui.transports.fileupload.JarZipUploadExecutor</Class>
++        </Mapping>
++        <Mapping>
++            <Actions>
++                <Action>dbs</Action>
++            </Actions>
++            <Class>org.wso2.carbon.ui.transports.fileupload.DBSFileUploadExecutor</Class>
++        </Mapping>
++        <Mapping>
++            <Actions>
++                <Action>tools</Action>
++            </Actions>
++            <Class>org.wso2.carbon.ui.transports.fileupload.ToolsFileUploadExecutor</Class>
++        </Mapping>
++        <Mapping>
++            <Actions>
++                <Action>toolsAny</Action>
++            </Actions>
++            <Class>org.wso2.carbon.ui.transports.fileupload.ToolsAnyFileUploadExecutor</Class>
++        </Mapping>
++    </FileUploadConfig>
++
++    <!-- FileNameRegEx is used to validate the file input/upload/write-out names.
++    e.g.
++     <FileNameRegEx>^(?!(?:CON|PRN|AUX|NUL|COM[1-9]|LPT[1-9])(?:\.[^.])?$)[^&lt;&gt:"/\\|?*\x00-\x1F][^&lt;&gt:"/\\|?*\x00-\x1F\ .]$</FileNameRegEx>
++    -->
++    <!--<FileNameRegEx></FileNameRegEx>-->
++
++    <!--
++       Processors which process special HTTP GET requests such as ?wsdl, ?policy etc.
++
++       In order to plug in a processor to handle a special request, simply add an entry to this
++       section.
++
++       The value of the Item element is the first parameter in the query string(e.g. ?wsdl)
++       which needs special processing
++
++       The value of the Class element is a class which implements
++       org.wso2.carbon.transport.HttpGetRequestProcessor
++    -->
++    <HttpGetRequestProcessors>
++        <Processor>
++            <Item>info</Item>
++            <Class>org.wso2.carbon.core.transports.util.InfoProcessor</Class>
++        </Processor>
++        <Processor>
++            <Item>wsdl</Item>
++            <Class>org.wso2.carbon.core.transports.util.Wsdl11Processor</Class>
++        </Processor>
++        <Processor>
++            <Item>wsdl2</Item>
++            <Class>org.wso2.carbon.core.transports.util.Wsdl20Processor</Class>
++        </Processor>
++        <Processor>
++            <Item>xsd</Item>
++            <Class>org.wso2.carbon.core.transports.util.XsdProcessor</Class>
++        </Processor>
++    </HttpGetRequestProcessors>
++
++    <!-- Deployment Synchronizer Configuration. t Enabled value to true when running with "svn based" dep sync.
++	In master nodes you need to set both AutoCommit and AutoCheckout to true
++	and in  worker nodes set only AutoCheckout to true.
++    -->
++    <DeploymentSynchronizer>
++        <Enabled>false</Enabled>
++        <AutoCommit>false</AutoCommit>
++        <AutoCheckout>true</AutoCheckout>
++        <RepositoryType>svn</RepositoryType>
++        <SvnUrl>http://svnrepo.example.com/repos/</SvnUrl>
++        <SvnUser>username</SvnUser>
++        <SvnPassword>password</SvnPassword>
++        <SvnUrlAppendTenantId>true</SvnUrlAppendTenantId>
++    </DeploymentSynchronizer>
++
++    <!-- Deployment Synchronizer Configuration. Uncomment the following section when running with "registry based" dep sync.
++        In master nodes you need to set both AutoCommit and AutoCheckout to true
++        and in  worker nodes set only AutoCheckout to true.
++    -->
++    <!--<DeploymentSynchronizer>
++        <Enabled>true</Enabled>
++        <AutoCommit>false</AutoCommit>
++        <AutoCheckout>true</AutoCheckout>
++    </DeploymentSynchronizer>-->
++
++    <!-- Mediation persistence configurations. Only valid if mediation features are available i.e. ESB -->
++    <!--<MediationConfig>
++        <LoadFromRegistry>false</LoadFromRegistry>
++        <SaveToFile>false</SaveToFile>
++        <Persistence>enabled</Persistence>
++        <RegistryPersistence>enabled</RegistryPersistence>
++    </MediationConfig>-->
++
++    <!--
++    Server intializing code, specified as implementation classes of org.wso2.carbon.core.ServerInitializer.
++    This code will be run when the Carbon server is initialized
++    -->
++    <ServerInitializers>
++        <!--<Initializer></Initializer>-->
++    </ServerInitializers>
++
++    <!--
++    Indicates whether the Carbon Servlet is required by the system, and whether it should be
++    registered
++    -->
++    <RequireCarbonServlet>${require.carbon.servlet}</RequireCarbonServlet>
++
++    <!--
++    Carbon H2 OSGI Configuration
++    By default non of the servers start.
++        name="web" - Start the web server with the H2 Console
++        name="webPort" - The port (default: 8082)
++        name="webAllowOthers" - Allow other computers to connect
++        name="webSSL" - Use encrypted (HTTPS) connections
++        name="tcp" - Start the TCP server
++        name="tcpPort" - The port (default: 9092)
++        name="tcpAllowOthers" - Allow other computers to connect
++        name="tcpSSL" - Use encrypted (SSL) connections
++        name="pg" - Start the PG server
++        name="pgPort"  - The port (default: 5435)
++        name="pgAllowOthers"  - Allow other computers to connect
++        name="trace" - Print additional trace information; for all servers
++        name="baseDir" - The base directory for H2 databases; for all servers
++    -->
++    <!--H2DatabaseConfiguration>
++        <property name="web" />
++        <property name="webPort">8082</property>
++        <property name="webAllowOthers" />
++        <property name="webSSL" />
++        <property name="tcp" />
++        <property name="tcpPort">9092</property>
++        <property name="tcpAllowOthers" />
++        <property name="tcpSSL" />
++        <property name="pg" />
++        <property name="pgPort">5435</property>
++        <property name="pgAllowOthers" />
++        <property name="trace" />
++        <property name="baseDir">${carbon.home}</property>
++    </H2DatabaseConfiguration-->
++    <!--Disabling statistics reporter by default-->
++    <StatisticsReporterDisabled>true</StatisticsReporterDisabled>
++
++    <!-- Enable accessing Admin Console via HTTP -->
++    <!-- EnableHTTPAdminConsole>true</EnableHTTPAdminConsole -->
++
++    <!--
++       Default Feature Repository of WSO2 Carbon.
++    -->
++    <FeatureRepository>
++	    <RepositoryName>default repository</RepositoryName>
++	    <RepositoryURL>http://product-dist.wso2.com/p2/carbon/releases/wilkes/</RepositoryURL>
++    </FeatureRepository>
++
++    <!--
++	Configure API Management
++   -->
++   <APIManagement>
++
++	<!--Uses the embedded API Manager by default. If you want to use an external
++	API Manager instance to manage APIs, configure below  externalAPIManager-->
++
++	<Enabled>true</Enabled>
++
++	<!--Uncomment and configure API Gateway and
++	Publisher URLs to use external API Manager instance-->
++
++	<!--ExternalAPIManager>
++
++		<APIGatewayURL>http://localhost:8281</APIGatewayURL>
++		<APIPublisherURL>http://localhost:8281/publisher</APIPublisherURL>
++
++	</ExternalAPIManager-->
++
++	<LoadAPIContextsInServerStartup>true</LoadAPIContextsInServerStartup>
++   </APIManagement>
++</Server>

http://git-wip-us.apache.org/repos/asf/airavata/blob/514567c8/dev-tools/ansible/roles/wso2_is/vars/main.yml
----------------------------------------------------------------------
diff --cc dev-tools/ansible/roles/wso2_is/vars/main.yml
index 0000000,0000000..f7b4eb7
new file mode 100644
--- /dev/null
+++ b/dev-tools/ansible/roles/wso2_is/vars/main.yml
@@@ -1,0 -1,0 +1,18 @@@
++---
++#Variables associated with this role
++# Oracle Java 8
++java_dir_source: "/usr/local/src"
++
++java_version: 8
++java_version_update: 91
++java_version_build: '14'
++java_version_string: "1.{{ java_version }}.0_{{ java_version_update }}"
++java_home: "/usr/java/jdk1.{{ java_version }}.0_{{ java_version_update }}"
++
++java_rpm_filename: "jdk-{{ java_version }}u{{ java_version_update }}-linux-x64.rpm"
++java_rpm_url: "http://download.oracle.com/otn-pub/java/jdk/{{ java_version }}u{{ java_version_update }}-b{{ java_version_build }}/{{ java_rpm_filename }}"
++
++wso2_is_rul: http://wso2.com/products/identity-server/#download
++wso2_is_dist: wso2is-5.1.0.zip
++wso2_is_dir: wso2is-5.1.0
++...

http://git-wip-us.apache.org/repos/asf/airavata/blob/514567c8/dev-tools/ansible/roles/zookeeper/handlers/main.yml
----------------------------------------------------------------------
diff --cc dev-tools/ansible/roles/zookeeper/handlers/main.yml
index 0000000,0000000..daefebe
new file mode 100644
--- /dev/null
+++ b/dev-tools/ansible/roles/zookeeper/handlers/main.yml
@@@ -1,0 -1,0 +1,12 @@@
++---
++- name: start zookeeper
++  service: name=zookeeper state=started enabled=yes
++  become: yes
++
++- name: stop zookeeper
++  service: name=zookeeper state=stopped
++  become: yes
++
++- name: restart zookeeper
++  service: name=zookeeper state=restarted enabled=yes
++  become: yes

http://git-wip-us.apache.org/repos/asf/airavata/blob/514567c8/dev-tools/ansible/roles/zookeeper/tasks/main.yml
----------------------------------------------------------------------
diff --cc dev-tools/ansible/roles/zookeeper/tasks/main.yml
index 0000000,0000000..78bcec2
new file mode 100644
--- /dev/null
+++ b/dev-tools/ansible/roles/zookeeper/tasks/main.yml
@@@ -1,0 -1,0 +1,34 @@@
++---
++################################################################################
++# Setup and run Zookeeper
++- name: Download and unarchive zookeeper
++  unarchive: src="{{ zookeeper_url }}"
++      dest="{{ user_home }}"
++      copy=no
++      owner="{{ user }}"
++      group="{{ group }}"
++
++- name: open zookeeper port
++  firewalld: port=2181/tcp zone=public permanent=true state=enabled immediate=yes
++  become: yes
++
++- name: Copy zoo.cfg file
++  template: src=zoo.cfg.j2 dest="{{ zookeeper_dir }}/conf/zoo.cfg" owner="{{ user }}" group="{{ group }}" mode="u=rw,g=r,o=r"
++  notify:
++    - restart zookeeper
++
++- name: Check if systemd exists
++  stat: path=/usr/lib/systemd/system/
++  register: systemd_check
++
++- name: Systemd script.
++  template: src=zookeeper.service.j2 dest=/usr/lib/systemd/system/zookeeper.service
++  when: systemd_check.stat.exists == true
++  notify:
++    - restart zookeeper
++  become: yes
++
++- name: reload systemd daemons
++  command: systemctl daemon-reload
++  become: yes
++...

http://git-wip-us.apache.org/repos/asf/airavata/blob/514567c8/dev-tools/ansible/roles/zookeeper/templates/zoo.cfg.j2
----------------------------------------------------------------------
diff --cc dev-tools/ansible/roles/zookeeper/templates/zoo.cfg.j2
index 0000000,0000000..8426b98
new file mode 100644
--- /dev/null
+++ b/dev-tools/ansible/roles/zookeeper/templates/zoo.cfg.j2
@@@ -1,0 -1,0 +1,28 @@@
++# The number of milliseconds of each tick
++tickTime={{tick_time}}
++# The number of ticks that the initial
++# synchronization phase can take
++initLimit={{init_limit}}
++# The number of ticks that can pass between
++# sending a request and getting an acknowledgement
++syncLimit={{sync_limit}}
++# the directory where the snapshot is stored.
++# do not use /tmp for storage, /tmp here is just
++# example sakes.
++dataDir={{zookeeper_data_dir}}
++# the port at which the clients will connect
++clientPort={{ client_port }}
++# the maximum number of client connections.
++# increase this if you need to handle more clients
++#maxClientCnxns=60
++#
++# Be sure to read the maintenance section of the
++# administrator guide before turning on autopurge.
++#
++# http://zookeeper.apache.org/doc/current/zookeeperAdmin.html#sc_maintenance
++#
++# The number of snapshots to retain in dataDir
++#autopurge.snapRetainCount=3
++# Purge task interval in hours
++# Set to "0" to disable auto purge feature
++#autopurge.purgeInterval=1

http://git-wip-us.apache.org/repos/asf/airavata/blob/514567c8/dev-tools/ansible/roles/zookeeper/templates/zookeeper.service.j2
----------------------------------------------------------------------
diff --cc dev-tools/ansible/roles/zookeeper/templates/zookeeper.service.j2
index 0000000,0000000..19c3718
new file mode 100644
--- /dev/null
+++ b/dev-tools/ansible/roles/zookeeper/templates/zookeeper.service.j2
@@@ -1,0 -1,0 +1,15 @@@
++# {{ansible_managed}}
++
++[Unit]
++Description=ZooKeeper
++
++
++[Service]
++Type=forking
++ExecStart={{zookeeper_dir}}/bin/zkServer.sh start
++ExecStop={{ zookeeper_dir }}/bin/zkServer.sh stop
++Restart=always
++TimeoutSec=300
++
++[Install]
++WantedBy=multi-user.target

http://git-wip-us.apache.org/repos/asf/airavata/blob/514567c8/dev-tools/ansible/roles/zookeeper/vars/main.yml
----------------------------------------------------------------------
diff --cc dev-tools/ansible/roles/zookeeper/vars/main.yml
index 0000000,0000000..a3e10db
new file mode 100644
--- /dev/null
+++ b/dev-tools/ansible/roles/zookeeper/vars/main.yml
@@@ -1,0 -1,0 +1,17 @@@
++---
++#Variables associated with this role
++# zookeeper related variable
++zookeeper_version: 3.4.8
++zookeeper_url: http://www.us.apache.org/dist/zookeeper/zookeeper-{{zookeeper_version}}/zookeeper-{{zookeeper_version}}.tar.gz
++
++apt_cache_timeout: 3600
++client_port: "{{ zookeeper_client_port }}" 
++init_limit: 5
++sync_limit: 2
++tick_time: 2000
++data_dir: /var/lib/zookeeper
++log_dir: /var/log/zookeeper
++zookeeper_dir: "{{ user_home }}/zookeeper-{{zookeeper_version}}"
++zookeeper_data_dir: "{{ zookeeper_dir }}/data"
++
++...

http://git-wip-us.apache.org/repos/asf/airavata/blob/514567c8/dev-tools/ansible/site.yml
----------------------------------------------------------------------
diff --cc dev-tools/ansible/site.yml
index 0000000,0000000..69ff15b
new file mode 100644
--- /dev/null
+++ b/dev-tools/ansible/site.yml
@@@ -1,0 -1,0 +1,76 @@@
++---
++#Master playbook
++- hosts: zookeeper
++  tags: zookeeper, airavata
++  roles:
++    - env_setup
++    - java
++    - zookeeper
++
++- hosts: rabbitmq
++  tags: rabbitmq, airavata
++  roles:
++    - env_setup
++    - rabbitmq
++
++- hosts: database
++  tags: mysql , airavata
++  roles:
++    - env_setup
++    - role: database
++      become: yes
++      become_user: "{{user}}"
++
++- hosts: wso2is
++  tags: wso2is
++  roles:
++    - env_setup
++    - java
++    - role: wso2_is
++      become: yes
++      become_user: "{{user}}"
++
++
++- hosts: gfac
++  tags: gfac, airavata
++  roles:
++    - env_setup
++    - java
++    - role: common
++      become: yes
++      become_user: "{{user}}"
++    - role: gfac
++      become: yes
++      become_user: "{{user}}"
++
++- hosts: api-orch
++  tags: api-orch, airavata
++  roles:
++    - env_setup
++    - java
++    - role: common
++      become: yes
++      become_user: "{{user}}"
++    - role: api-orch
++      become: yes
++      become_user: "{{user}}"
++
++- hosts: registry
++  tags: registry, airavata
++  roles:
++    - env_setup
++    - java
++    - role: common
++      become: yes
++      become_user: "{{user}}"
++    - role: registry
++      become: yes
++      become_user: "{{user}}"
++
++- hosts: pga
++  tags: pga
++  roles:
++    - env_setup
++    - pga
++
++...


Mime
View raw message