diff --git a/buildCert.yml b/buildCert.yml
deleted file mode 100644
index eb6a72f3154d9632effe3b54a6c008ecf1b836c1..0000000000000000000000000000000000000000
--- a/buildCert.yml
+++ /dev/null
@@ -1,88 +0,0 @@
----
-- name: "Check client ca certificate"
- register: ca_cert
- stat: "path={{ x509_cacert_file }}"
-
-- name: "Check certificate and key"
- shell: (openssl x509 -noout -modulus -in {{ x509_cert_file }} | openssl md5 ; openssl rsa -noout -modulus -in {{ x509_key_file }} | openssl md5) | uniq | wc -l
- register: certcheck
-
-- name: "Check certificate"
- register: cert
- stat: "path={{ x509_cert_file }}"
-
-- name: "Check key"
- register: key
- stat: "path={{ x509_key_file }}"
- become: true
-
-- name: "Default: we don't need a new certificate"
- set_fact: needcert=False
-
-- name: "Set need cert if key is missing"
- set_fact: needcert=True
- when: key.stat.exists == false
-
-- name: "set needcert if cert is missing"
- set_fact: needcert=True
- when: cert.stat.exists == false
-
-- name: "set needcert if cert doesn't match key"
- set_fact: needcert=True
- when: certcheck.stdout == '2'
-
-
-- name: "Creating Keypair"
- shell: "echo noop when using easy-rsa"
- when: needcert
-
-- name: "Creating CSR"
- shell: " cd /etc/easy-rsa/2.0; source ./vars; export EASY_RSA=\"${EASY_RSA:-.}\"; \"$EASY_RSA\"/pkitool --csr {{ x509_csr_args }} {{ common_name }}"
- when: needcert
- become: true
-
-- name: "Copy CSR to ansible host"
- fetch: "src=/etc/easy-rsa/2.0/keys/{{ common_name }}.csr dest=/tmp/{{ common_name }}/ fail_on_missing=yes validate_md5=yes flat=yes"
- become: true
- when: needcert
-
-- name: "Copy CSR to CA"
- delegate_to: "{{ x509_ca_server }}"
- copy: "src=/tmp/{{ ansible_fqdn }}/{{ common_name }}.csr dest=/etc/easy-rsa/2.0/keys/{{ common_name }}.csr force=yes"
- when: needcert
- become: true
-
-- name: "Sign Certificate"
- delegate_to: "{{ x509_ca_server }}"
- shell: "source ./vars; export EASY_RSA=\"${EASY_RSA:-.}\" ;\"$EASY_RSA\"/pkitool --sign {{ common_name }}"
- args:
- chdir: "/etc/easy-rsa/2.0"
- become: true
- when: needcert
-
-- name: "Copy the Certificate to ansible host"
- delegate_to: "{{ x509_ca_server }}"
- fetch: "src=/etc/easy-rsa/2.0/keys/{{ common_name }}.crt dest=/tmp/{{ common_name }}/ fail_on_missing=yes validate_md5=yes flat=yes"
- become: true
- when: needcert
-
-- name: "Copy the CA Certificate to the ansible host"
- delegate_to: "{{ x509_ca_server }}"
- fetch: "src=/etc/easy-rsa/2.0/keys/ca.crt dest=/tmp/ca.crt fail_on_missing=yes validate_md5=yes flat=yes"
- become: true
- when: "ca_cert.stat.exists == false"
-
-- name: "Copy the certificate to the node"
- copy: "src=/tmp/{{ common_name }}/{{ common_name }}.crt dest={{ x509_cert_file }} force=yes"
- become: true
- when: needcert
-
-- name: "Copy the CA certificate to the node"
- copy: "src=/tmp/ca.crt dest={{ x509_cacert_file }}"
- become: true
- when: "ca_cert.stat.exists == false"
-
-- name: "Copy the key to the correct location"
- shell: "mkdir -p `dirname {{ x509_key_file }}` ; chmod 700 `dirname {{ x509_key_file }}` ; cp /etc/easy-rsa/2.0/keys/{{ common_name }}.key {{ x509_key_file }}"
- become: true
- when: needcert
diff --git a/buildKaraage3.x.yml b/buildKaraage3.x.yml
deleted file mode 100644
index fcd336022770c1aace87d490ab52404741fb7bdd..0000000000000000000000000000000000000000
--- a/buildKaraage3.x.yml
+++ /dev/null
@@ -1,216 +0,0 @@
----
--
- hosts: ldap-server
- pre_tasks:
- - sysctl: name=kernel.hostname value={{ inventory_hostname }} state=present
- ignore_errors: yes
- - service: name=network state=restarted
- when: ansible_os_family == 'RedHat'
- roles:
- - etcHosts
- - easy-rsa-CA
- - easy-rsa-certificate
- - ldapserver
- become: true
- vars:
- - x509_ca_server: "{% for host in groups['ldap-server'] %}{{ hostvars[host]['ansible_fqdn'] }}{% endfor %}"
- - countryName: "AU"
- - reginalName: "Victoria"
- - cityName: "Melbourne"
- - organizationName: "Monash University"
- - emailAddress: "shahaan@gmail.com"
- - organizationUnit: "defaultUnit"
- - ldapDomain: "dc=monash,dc=edu,dc=au"
- - ldapManager: "cn=Manager,dc=monash,dc=edu,dc=au"
- - ldapBindDN: "cn=ldapuser,ou=users,dc=monash,dc=edu,dc=au"
- - ldapUserBase: "ou=users,dc=monash,dc=edu,dc=au"
- - ldapGroupBase: "ou=groups,dc=monash,dc=edu,dc=au"
- - ldapBase: "dc=monash,dc=edu,dc=au"
- - ldapURI: "{% for host in groups['ldap-server'] %}ldaps://{{ hostvars[host]['ansible_fqdn'] }}{% endfor %}"
- - smtp_smarthost: "{{ ansible_hostname }}"
- - ldapManagerPassword: "imldap"
- - ldapBindDNPassword: "imbinddn"
- - domain: ""
- - karaage_sql_password: "imkaraage"
- - mysql_root_password: "immysql"
- - x509_key_file: "/etc/ssl/private/server.key"
- - x509_cert_file: "/etc/ssl/certs/server.crt"
- - x509_cacert_file: "/etc/ssl/certs/ca.crt"
- - x509_csr_args: ""
- - x509_sign_args: "{{ x509_csr_args }}"
- - x509_common_name: "{{ inventory_hostname }}"
--
- hosts: karaage-server
- pre_tasks:
- - sysctl: name=kernel.hostname value={{ inventory_hostname }} state=present
- ignore_errors: yes
- - service: name=network state=restarted
- when: ansible_os_family == 'RedHat'
- roles:
- - etcHosts
- - easy-rsa-certificate
- - karaage3.1.17
- - shibboleth-sp
- become: true
- vars:
- - x509_ca_server: "{% for host in groups['ldap-server'] %}{{ hostvars[host]['ansible_fqdn'] }}{% endfor %}"
- - countryName: "AU"
- - reginalName: "Victoria"
- - cityName: "Melbourne"
- - organizationName: "Monash University"
- - emailAddress: "shahaan@gmail.com"
- - organizationUnit: "defaultUnit"
- - ldapDomain: "dc=monash,dc=edu,dc=au"
- - ldapManager: "cn=Manager,dc=monash,dc=edu,dc=au"
- - ldapBindDN: "cn=ldapuser,ou=users,dc=monash,dc=edu,dc=au"
- - ldapUserBase: "ou=users,dc=monash,dc=edu,dc=au"
- - ldapGroupBase: "ou=groups,dc=monash,dc=edu,dc=au"
- - ldapBase: "dc=monash,dc=edu,dc=au"
- - ldapURI: "{% for host in groups['ldap-server'] %}ldaps://{{ hostvars[host]['ansible_fqdn'] }}{% endfor %}"
- - smtp_smarthost: "{{ ansible_hostname }}"
- - ldapManagerPassword: "imldap"
- - ldapBindDNPassword: "imbinddn"
- - domain: ""
- - karaage_sql_password: "imkaraage"
- - mysql_root_password: "immysql"
- - x509_key_file: "/etc/ssl/private/server.key"
- - x509_cert_file: "/etc/ssl/certs/server.crt"
- - x509_cacert_file: "/etc/ssl/certs/ca.crt"
- - x509_csr_args: ""
- - x509_sign_args: "{{ x509_csr_args }}"
- - x509_common_name: "{{ inventory_hostname }}"
- - aaf_federation_url: "https://ds.test.aaf.edu.au/distribution/metadata"
- - aaf_discovery_url: "https://ds.test.aaf.edu.au/discovery/DS"
- - admin_email: "shahaan@gmail.com"
- - aaf_metadata_xml: '<EntityDescriptor entityID="https://vm-118-138-241-159.erc.monash.edu.au/shibboleth" xmlns="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xsi:schemaLocation="urn:oasis:names:tc:SAML:2.0:metadata saml-schema-metadata-2.0.xsd urn:mace:shibboleth:metadata:1.0 shibboleth-metadata-1.0.xsd http://www.w3.org/2000/09/xmldsig# xmldsig-core-schema.xsd">
- <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
- <Extensions>
- <dsr:DiscoveryResponse xmlns:dsr="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Binding="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Location="https://vm-118-138-241-159.erc.monash.edu.au/Shibboleth.sso/Login" index="0" isDefault="true" />
- </Extensions>
- <KeyDescriptor use="signing">
- <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
- <ds:X509Data>
- <ds:X509Certificate>
-MIIFDDCCA/SgAwIBAgIJALO1/Blx64tvMA0GCSqGSIb3DQEBCwUAMIG0MQswCQYD
-VQQGEwJBVTEMMAoGA1UECBMDVklDMRIwEAYDVQQHEwlNZWxib3VybmUxDTALBgNV
-BAoTBE1lUkMxETAPBgNVBAsTCG9wZW5sZGFwMS0wKwYDVQQDEyR2bS0xMTgtMTM4
-LTI0MS0xNTkuZXJjLm1vbmFzaC5lZHUuYXUxEDAOBgNVBCkTB0Vhc3lSU0ExIDAe
-BgkqhkiG9w0BCQEWEXNoYWhhYW5AZ21haWwuY29tMB4XDTE1MDMyMzEyMjYzOFoX
-DTI1MDMyMDEyMjYzOFowgbQxCzAJBgNVBAYTAkFVMQwwCgYDVQQIEwNWSUMxEjAQ
-BgNVBAcTCU1lbGJvdXJuZTENMAsGA1UEChMETWVSQzERMA8GA1UECxMIb3Blbmxk
-YXAxLTArBgNVBAMTJHZtLTExOC0xMzgtMjQxLTE1OS5lcmMubW9uYXNoLmVkdS5h
-dTEQMA4GA1UEKRMHRWFzeVJTQTEgMB4GCSqGSIb3DQEJARYRc2hhaGFhbkBnbWFp
-bC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDTcsIqn/HKgeRK
-gj4rXYu8V/kTkv63d2Rtmv6zSlRwtjKBCvePEo/4ZpwOK235kBfX9KZKU9wlyFhf
-DdmOvIBYvhrLqtIYNfMWLt8iUFkdt2N/dNmftu7WUXuZezsRXMqbPG7dLjMLyJ7D
-7UCox1IB2SYzHx0K9w7PtCleV5A/o9Eg/7G8/FvOCB5askY/YywzEWLrxIYYn6Cr
-Gsioh5hXxac9p3KuO6dvbMLIMHVZ4u7mbLrdp/e6TZTlyZN+Tfbjta0VYBw0beuS
-KpwZc8Toow2B22O3K15o6tr0nvVSTEj2Qrd+LPolFSFBKVaD+9G/i0FMLHNOuQVP
-Cw/62vEnAgMBAAGjggEdMIIBGTAdBgNVHQ4EFgQUouRhu/Wc+jU1rfUd+kiqbtg/
-q3cwgekGA1UdIwSB4TCB3oAUouRhu/Wc+jU1rfUd+kiqbtg/q3ehgbqkgbcwgbQx
-CzAJBgNVBAYTAkFVMQwwCgYDVQQIEwNWSUMxEjAQBgNVBAcTCU1lbGJvdXJuZTEN
-MAsGA1UEChMETWVSQzERMA8GA1UECxMIb3BlbmxkYXAxLTArBgNVBAMTJHZtLTEx
-OC0xMzgtMjQxLTE1OS5lcmMubW9uYXNoLmVkdS5hdTEQMA4GA1UEKRMHRWFzeVJT
-QTEgMB4GCSqGSIb3DQEJARYRc2hhaGFhbkBnbWFpbC5jb22CCQCztfwZceuLbzAM
-BgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQDFKPmj1TGpUZsdviOwMjU/
-IHqZ+3RwFcvkfBu8JmwxaO86GrC1mwZyQExvQLQF6LLaGHyVlZa3PxUkmcqq1for
-ZcYYyVRip4fgtOI6WcKg+nWI9+rDX5fU5gZAYm3er4MNZ/R7sTmgHEemOcuSiatQ
-hDoUkv9GOZKoxw4uJJq/yUumAkziAIuMWoTHYrR9cqOkoKQiFUjqmhI3m4phtoV4
-OaeVf3hkhXakbk1OkAAAzPxsrpAaUM5eLC75SV5Hopid9ltpFjpD457TXKdE+IyB
-oBDUnCaHSkrDmbeX6iSUHLWjjcOs0MI0UOXH+XNKNR3kUUvS+0ZCwRIPXc11/AFN
-</ds:X509Certificate>
- </ds:X509Data>
- </ds:KeyInfo>
- </KeyDescriptor>
- <KeyDescriptor use="encryption">
- <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
- <ds:X509Data>
- <ds:X509Certificate>
-MIIFDDCCA/SgAwIBAgIJALO1/Blx64tvMA0GCSqGSIb3DQEBCwUAMIG0MQswCQYD
-VQQGEwJBVTEMMAoGA1UECBMDVklDMRIwEAYDVQQHEwlNZWxib3VybmUxDTALBgNV
-BAoTBE1lUkMxETAPBgNVBAsTCG9wZW5sZGFwMS0wKwYDVQQDEyR2bS0xMTgtMTM4
-LTI0MS0xNTkuZXJjLm1vbmFzaC5lZHUuYXUxEDAOBgNVBCkTB0Vhc3lSU0ExIDAe
-BgkqhkiG9w0BCQEWEXNoYWhhYW5AZ21haWwuY29tMB4XDTE1MDMyMzEyMjYzOFoX
-DTI1MDMyMDEyMjYzOFowgbQxCzAJBgNVBAYTAkFVMQwwCgYDVQQIEwNWSUMxEjAQ
-BgNVBAcTCU1lbGJvdXJuZTENMAsGA1UEChMETWVSQzERMA8GA1UECxMIb3Blbmxk
-YXAxLTArBgNVBAMTJHZtLTExOC0xMzgtMjQxLTE1OS5lcmMubW9uYXNoLmVkdS5h
-dTEQMA4GA1UEKRMHRWFzeVJTQTEgMB4GCSqGSIb3DQEJARYRc2hhaGFhbkBnbWFp
-bC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDTcsIqn/HKgeRK
-gj4rXYu8V/kTkv63d2Rtmv6zSlRwtjKBCvePEo/4ZpwOK235kBfX9KZKU9wlyFhf
-DdmOvIBYvhrLqtIYNfMWLt8iUFkdt2N/dNmftu7WUXuZezsRXMqbPG7dLjMLyJ7D
-7UCox1IB2SYzHx0K9w7PtCleV5A/o9Eg/7G8/FvOCB5askY/YywzEWLrxIYYn6Cr
-Gsioh5hXxac9p3KuO6dvbMLIMHVZ4u7mbLrdp/e6TZTlyZN+Tfbjta0VYBw0beuS
-KpwZc8Toow2B22O3K15o6tr0nvVSTEj2Qrd+LPolFSFBKVaD+9G/i0FMLHNOuQVP
-Cw/62vEnAgMBAAGjggEdMIIBGTAdBgNVHQ4EFgQUouRhu/Wc+jU1rfUd+kiqbtg/
-q3cwgekGA1UdIwSB4TCB3oAUouRhu/Wc+jU1rfUd+kiqbtg/q3ehgbqkgbcwgbQx
-CzAJBgNVBAYTAkFVMQwwCgYDVQQIEwNWSUMxEjAQBgNVBAcTCU1lbGJvdXJuZTEN
-MAsGA1UEChMETWVSQzERMA8GA1UECxMIb3BlbmxkYXAxLTArBgNVBAMTJHZtLTEx
-OC0xMzgtMjQxLTE1OS5lcmMubW9uYXNoLmVkdS5hdTEQMA4GA1UEKRMHRWFzeVJT
-QTEgMB4GCSqGSIb3DQEJARYRc2hhaGFhbkBnbWFpbC5jb22CCQCztfwZceuLbzAM
-BgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQDFKPmj1TGpUZsdviOwMjU/
-IHqZ+3RwFcvkfBu8JmwxaO86GrC1mwZyQExvQLQF6LLaGHyVlZa3PxUkmcqq1for
-ZcYYyVRip4fgtOI6WcKg+nWI9+rDX5fU5gZAYm3er4MNZ/R7sTmgHEemOcuSiatQ
-hDoUkv9GOZKoxw4uJJq/yUumAkziAIuMWoTHYrR9cqOkoKQiFUjqmhI3m4phtoV4
-OaeVf3hkhXakbk1OkAAAzPxsrpAaUM5eLC75SV5Hopid9ltpFjpD457TXKdE+IyB
-oBDUnCaHSkrDmbeX6iSUHLWjjcOs0MI0UOXH+XNKNR3kUUvS+0ZCwRIPXc11/AFN
-</ds:X509Certificate>
- </ds:X509Data>
- </ds:KeyInfo>
- </KeyDescriptor>
- <ContactPerson contactType="technical">
- <Company>Monash University</Company>
- <GivenName>Shahaan</GivenName>
- <SurName>Ayyub</SurName>
- <EmailAddress>mailto:shahaan.ayyub@monash.edu</EmailAddress>
- </ContactPerson>
- <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="https://vm-118-138-241-159.erc.monash.edu.au/Shibboleth.sso/SLO/Artifact" />
- <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://vm-118-138-241-159.erc.monash.edu.au/Shibboleth.sso/SLO/POST" />
- <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://vm-118-138-241-159.erc.monash.edu.au/Shibboleth.sso/SLO/SOAP" />
- <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://vm-118-138-241-159.erc.monash.edu.au/Shibboleth.sso/SLO/Redirect" />
- <ManageNameIDService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://vm-118-138-241-159.erc.monash.edu.au/Shibboleth.sso/NIM/POST" />
- <ManageNameIDService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://vm-118-138-241-159.erc.monash.edu.au/Shibboleth.sso/NIM/Redirect" />
- <ManageNameIDService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://vm-118-138-241-159.erc.monash.edu.au/Shibboleth.sso/NIM/SOAP" />
- <ManageNameIDService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="https://vm-118-138-241-159.erc.monash.edu.au/Shibboleth.sso/NIM/Artifact" />
- <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>
- <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="https://vm-118-138-241-159.erc.monash.edu.au/Shibboleth.sso/SAML2/Artifact" index="3" isDefault="false" />
- <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://vm-118-138-241-159.erc.monash.edu.au/Shibboleth.sso/SAML2/POST" index="1" isDefault="true" />
- <AttributeConsumingService index="1" isDefault="false">
- <ServiceName xml:lang="en">vm-118-138-241-159.erc.monash.edu.au</ServiceName>
- <RequestedAttribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" Name="urn:oid:2.5.4.3" FriendlyName="commonName" isRequired="true" />
- <RequestedAttribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" Name="urn:oid:0.9.2342.19200300.100.1.3" FriendlyName="email" isRequired="true" />
- <RequestedAttribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" Name="urn:oid:2.5.4.42" FriendlyName="givenName" isRequired="false" />
- <RequestedAttribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" Name="urn:oid:2.5.4.4" FriendlyName="surname" isRequired="true" />
- </AttributeConsumingService>
- </SPSSODescriptor>
- <Organization>
- <OrganizationName xml:lang="en">monash.edu.au</OrganizationName>
- <OrganizationDisplayName xml:lang="en">Monash University</OrganizationDisplayName>
- <OrganizationURL xml:lang="en">https://manager.aaf.edu.au/support</OrganizationURL>
- </Organization>
-</EntityDescriptor>'
- - aaf_metadata_cert: '-----BEGIN CERTIFICATE-----
-MIIEbDCCA1SgAwIBAgIESWrmGDANBgkqhkiG9w0BAQUFADCB9zEQMA4GA1UEBhMH
-VW5rbm93bjEQMA4GA1UECBMHVW5rbm93bjEQMA4GA1UEBxMHVW5rbm93bjEQMA4G
-A1UEChMHVW5rbm93bjFaMFgGA1UECxNRb3BlbnNzbCB4NTA5IC1vdXQgbWV0YWRh
-dGEtY2VydC5wZW0gLW91dGZvcm0gcGVtIC1pbiBtZXRhZGF0YS1kZXIuY3J0IC1p
-bmZvcm0gZGVyMVEwTwYDVQQDDEhrZXl0b29sIC1rZXlzdG9yZSBrZXlzdG9yZS5r
-cyAtZXhwb3J0IC1hbGlhcyBtZXRhZGF0YSA+IG1ldGFkYXRhLWRlci5jcnQwHhcN
-MDkwMTEyMDY0MTI4WhcNMTQwMTExMDY0MTI4WjCB9zEQMA4GA1UEBhMHVW5rbm93
-bjEQMA4GA1UECBMHVW5rbm93bjEQMA4GA1UEBxMHVW5rbm93bjEQMA4GA1UEChMH
-VW5rbm93bjFaMFgGA1UECxNRb3BlbnNzbCB4NTA5IC1vdXQgbWV0YWRhdGEtY2Vy
-dC5wZW0gLW91dGZvcm0gcGVtIC1pbiBtZXRhZGF0YS1kZXIuY3J0IC1pbmZvcm0g
-ZGVyMVEwTwYDVQQDDEhrZXl0b29sIC1rZXlzdG9yZSBrZXlzdG9yZS5rcyAtZXhw
-b3J0IC1hbGlhcyBtZXRhZGF0YSA+IG1ldGFkYXRhLWRlci5jcnQwggEiMA0GCSqG
-SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZgh/InL2LixNtzuA+dNXSn19/W4IMbD6+
-Zzysk/jMi4Sgr4FrEfMeTi2G2/rpf32TeSG1P4MZqqyy5yuhNX7RQTFSZyl5D9cs
-98dE7FY/g7uySGv7oao1rkJfEmFmcZQIvRkLs89PQqKok2/m807DnzF1zCAt+YcY
-wqHyXyTrzxr4hMDDB2Ij8PeDZeSIB3s/CK2F6hIg13VeYEZjAWf4KPwsOteuzR4Y
-uuuGDlNFjcJGu+97N4LTnOBb6uW8qNtAAq6UWtA28A4KQejrzBZrfBGPLGbe6KHs
-WrziN2uk8kEY1TQw0cp+Am/ph8nl00KU+oVrswjS8oUklL98C5LnAgMBAAEwDQYJ
-KoZIhvcNAQEFBQADggEBAEy0xLMJBneC+DQ0cSNH3kXaW9cdqzsoD/UawJHaDqIJ
-UjIslR38p5H3pRQ7rZ1+c7z0lUaBqQO/i+MZUEMHCpbhEcZK0Ep5dlWc80DFGSxS
-ItbghQ5loS4JOgKYZZdRSzCxV3PAqlzqXoZrFeaeJL7xFIRglpphN06joOlX0zQM
-0iN8qn7oTTaR3U2Kxkh6NQ2qTH3IvP71YJnjSzljqZHFughhTpl8cA8i9ijcmeyP
-Y5TYJTbtwQ0X+435LTX8xxW/B4E8XnH7iEOykvfZMYxt5cSrtzF1eAMQ/ln2r54O
-bk0oX1BGue0XcgeMObQrs/eC+2uspENHKtUdYDU0OK4=
------END CERTIFICATE-----'
diff --git a/createNode b/createNode
deleted file mode 100644
index 779ebebe678008647f49ab17d56a89398188be10..0000000000000000000000000000000000000000
--- a/createNode
+++ /dev/null
@@ -1,157 +0,0 @@
-#!/usr/bin/env python
-import sys, os, string, subprocess, socket, ansible.runner, re
-import copy, shlex,uuid, random, multiprocessing, time, shutil
-import novaclient.v1_1.client as nvclient
-import novaclient.exceptions as nvexceptions
-import glanceclient.v2.client as glclient
-import keystoneclient.v2_0.client as ksclient
-
-class Authenticate:
-
- def __init__(self, username, passwd):
- self.username=username
- self.passwd=passwd
- self.tenantName= os.environ['OS_TENANT_NAME']
- self.authUrl="https://keystone.rc.nectar.org.au:5000/v2.0"
- kc = ksclient.Client( auth_url=self.authUrl,
- username=self.username,
- password=self.passwd)
- self.tenantList=kc.tenants.list()
- self.novaSemaphore = multiprocessing.BoundedSemaphore(value=1)
-
- def createNovaObject(self,tenantName):
- for tenant in self.tenantList:
- if tenant.name == tenantName:
- try:
- nc = nvclient.Client( auth_url=self.authUrl,
- username=self.username,
- api_key=self.passwd,
- project_id=tenant.name,
- tenant_id=tenant.id,
- service_type="compute"
- )
- return nc
- except nvexceptions.ClientException:
- raise
-
- def gatherInfo(self):
-
- for tenant in self.tenantList: print tenant.name
- tenantName = raw_input("Please select a project: (Default MCC-On-R@CMON):")
- if not tenantName or tenantName not in [tenant.name for tenant in self.tenantList]:
- tenantName = "MCC_On_R@CMON"
- print tenantName,"selected\n"
-
- ## Fetch the Nova Object
-
- nc = self.createNovaObject(tenantName)
-
- ## Get the Flavor
- flavorList = nc.flavors.list()
- for flavor in flavorList: print flavor.name
- flavorName = raw_input("Please select a Flavor Name: (Default m1.xxlarge):")
- if not flavorName or flavorName not in [flavor.name for flavor in flavorList]:
- flavorName = "m1.xxlarge"
- print flavorName,"selected\n"
-
-
- ## Get the Availability Zones
- az_p1 = subprocess.Popen(shlex.split\
- ("nova availability-zone-list"),stdout=subprocess.PIPE)
- az_p2 = subprocess.Popen(shlex.split\
- ("""awk '{if ($2 && $2 != "Name")print $2}'"""),\
- stdin=az_p1.stdout,stdout=subprocess.PIPE)
- availabilityZonesList = subprocess.Popen(shlex.split\
- ("sort"),stdin=az_p2.stdout,stdout=subprocess.PIPE).communicate()[0]
- print availabilityZonesList
- availabilityZone = raw_input("Please select an availability zone: (Default monash-01):")
- if not availabilityZone or \
- availabilityZone not in [ zone for zone in availabilityZonesList.split()]:
- availabilityZone = "monash-01"
- print availabilityZone,"selected\n"
-
- ## Get the number of instances to spawn
- numberOfInstances = raw_input\
- ("Please specify the number of instances to launch: (Default 1):")
- if not numberOfInstances or \
- not isinstance(int(numberOfInstances), int):
- numberOfInstances = 1
- subprocess.call(['clear'])
- flavorObj = nc.flavors.find(name=flavorName)
- print "Creating",numberOfInstances,\
- "instance(s) in",availabilityZone,"zone..."
- instanceList = []
- for counter in range(0,int(numberOfInstances)):
- nodeName = "MCC-Node"+str(random.randrange(1,1000))
- try:
- novaInstance = nc.servers.create\
- (name=nodeName,image="ddc13ccd-483c-4f5d-a5fb-4b968aaf385b",\
- flavor=flavorObj,key_name="shahaan",\
- availability_zone=availabilityZone)
- instanceList.append(novaInstance)
- except nvexceptions.ClientException:
- raise
- continue
-
- while 'BUILD' in [novaInstance.status \
- for novaInstance in instanceList]:
- for count in range(0,len(instanceList)):
- time.sleep(5)
- if instanceList[count].status != 'BUILD':
- continue
- else:
- try:
- instanceList[count] = nc.servers.get(instanceList[count].id)
- except nvexceptions.ClientException or \
- nvexceptions.ConnectionRefused or \
- nvexceptions.InstanceInErrorState:
- raise
- del instanceList[count]
- continue
- activeHostsList = []
- SSHports = []
- for novaInstance in instanceList:
- if novaInstance.status == 'ACTIVE':
- hostname = socket.gethostbyaddr(novaInstance.networks.values()[0][0])[0]
- activeHostsList.append(hostname)
- SSHDict = {}
- SSHDict['IP'] = novaInstance.networks.values()[0][0]
- SSHDict['status'] = 'CLOSED'
- SSHports.append(SSHDict)
- print "Scanning if port 22 is open..."
- sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
- while 'CLOSED' in [host['status'] for host in SSHports]:
- for instance in range(0,len(SSHports)):
- sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
- if SSHports[instance]['status'] == 'CLOSED' and not sock.connect_ex((SSHports[instance]['IP'], 22)):
- SSHports[instance]['status'] = 'OPEN'
- print "Port 22, opened for IP:",SSHports[instance]['IP']
- else:
- time.sleep(5)
- sock.close()
-
- fr = open('/etc/ansible/hosts.rpmsave','r+')
- fw = open('hosts.temp','w+')
- lines = fr.readlines()
- for line in lines:
- fw.write(line)
- if re.search('\[new-servers\]',line):
- for host in activeHostsList: fw.write(host+'\n')
- fr.close()
- fw.close()
- shutil.move('hosts.temp','/etc/ansible/hosts')
- print "Building the Nodes now..."
- subprocess.call(shlex.split("/mnt/nectar-nfs/root/swStack/ansible/bin/ansible-playbook /mnt/nectar-nfs/root/ansible-config-root/mcc-nectar-dev/buildNew.yml -v"))
-
-if __name__ == "__main__":
- username = os.environ['OS_USERNAME']
- passwd = os.environ['OS_PASSWORD']
- choice = raw_input(username + " ? (y/n):")
- while choice and choice not in ("n","y"):
- print "y or n please"
- choice = raw_input()
- if choice == "n":
- username = raw_input("username :")
- passwd = raw_input("password :")
- auth = Authenticate(username, passwd)
- auth.gatherInfo()
diff --git a/dynamicInventory-mcc2 b/dynamicInventory-mcc2
deleted file mode 100755
index dd761641e840f69e8c20ecf3d19965069f4a3e61..0000000000000000000000000000000000000000
--- a/dynamicInventory-mcc2
+++ /dev/null
@@ -1,76 +0,0 @@
-#!/usr/bin/env python
-import sys, os, string, socket, re
-import shlex, multiprocessing, time, shutil, json
-from novaclient import client as nvclient
-import novaclient.exceptions as nvexceptions
-import keystoneclient.v2_0.client as ksclient
-from joblib import Parallel, delayed
-from multiprocessing import Process, Manager, Pool
-from libnmap.process import NmapProcess
-from libnmap.parser import NmapParser, NmapParserException
-
-def gatherInfo(tenantName, tenantID, userName, passwd, authUrl, inventory):
- ## Fetch the Nova Object
- projectName = os.path.basename(sys.argv[0])
- nc = nvclient.Client( auth_url=authUrl,
- username=userName,
- api_key=passwd,
- project_id=tenantName,
- tenant_id=tenantID,
- version="2"
- )
- for server in nc.servers.list():
- if server.metadata and \
- 'ansible_host_groups' in server.metadata and \
- 'project_name' in server.metadata:
- if server.metadata['project_name'].strip() != projectName.strip(): continue
- unwantedChars = """][")("""
- rgx = re.compile('[%s]' % unwantedChars)
- ansible_groups = rgx.sub('', server.metadata['ansible_host_groups']).split(',')
- hostname = socket.gethostbyaddr(server.networks.values()[0][0])[0]
- novaVolumes = nc.volumes.get_server_volumes(server.id)
- # Let's do some port scanning using nmap
- nmproc = NmapProcess(hostname, "-p 22 -sV -Pn")
- rc = nmproc.run()
- if rc != 0: continue
- parsed = NmapParser.parse(nmproc.stdout)
- # Set Ansible Host Group
- for group in ansible_groups:
- groupName = group.strip()
- if groupName not in inventory: inventory[groupName] = []
- inventory[groupName].append(hostname)
- # Add other metadata
- for key, value in server.metadata.iteritems():
- if key not in ('project_name','ansible_host_groups'):
- inventory['_meta']['hostvars'][hostname] = { key:value }
- if novaVolumes:
- inventory['_meta']['hostvars'][hostname]['volumeList'] = [ volume.id for volume in novaVolumes ]
- inventory['_meta']['hostvars'][hostname]['status'] = parsed.hosts[0].status
- else:
- continue
- #print inventory
-
-if __name__ == "__main__":
- inventory = {}
- inventory['_meta'] = { 'hostvars': {} }
- try:
- authUrl = os.environ['OS_AUTH_URL']
- userName = os.environ['OS_USERNAME']
- passwd = os.environ['OS_PASSWORD']
- except KeyError:
- print "Env Variables not set, Please run: source <openstack rc file>"
- sys.exit()
- kc = ksclient.Client(auth_url=authUrl, username=userName, password=passwd)
- tenancies = kc.tenants.list()
- Parallel(n_jobs=len(tenancies), backend="threading")(delayed(gatherInfo)
- (tenant.name, tenant.id, userName, passwd, authUrl, inventory)
- for tenant in tenancies)
- if not inventory['_meta']['hostvars']:
- print "I could not find any project called ", os.path.basename(sys.argv[0]), "in any of "
- for tenancy in tenancies: print tenancy.name
- print "\n1. You can select a project by symlinking to it, for example if you have a project called myProject do ln -s dynamicInventory-mcc2 myProject\n and then run ./myProject"
- print "2. It is also possible that none of your VMs are allocated to myProject, please add them to the project: e.g. by running"
- print 'nova --os-tenant-name TF_NNF --os-tenant-id 033asdda60d7046b6affdf31d14asdasb meta nodex set project_name="myProject"'
- sys.exit()
- else:
- print json.dumps(inventory)
diff --git a/extra_packages/tasks/main.yml b/extra_packages/tasks/main.yml
deleted file mode 100644
index 5a8c87642139c65c2e5f8ae7aad81ec894964306..0000000000000000000000000000000000000000
--- a/extra_packages/tasks/main.yml
+++ /dev/null
@@ -1,20 +0,0 @@
----
-- name: "Install extra packages"
- yum: "name={{ item }} state=present"
- with_items: "{{ pkgs }}"
- become: true
- ignore_errors: true
- when: ansible_os_family == 'RedHat'
-
-- name: "Check fusermount user access permission"
- shell: fusermount --version
- ignore_errors: true
- register: fusermount_user_access_error
- when: ansible_os_family == 'RedHat'
-
-- name: "Fix fusermount user access permission"
- file: path=/bin/fusermount mode="o=rx"
- become: true
- when: ansible_os_family == 'RedHat' and fusermount_user_access_error.failed
-
-
diff --git a/extra_packages/vars/main.yml b/extra_packages/vars/main.yml
deleted file mode 100644
index b70d611e95a35d73562b2d50a066f34d98c685d8..0000000000000000000000000000000000000000
--- a/extra_packages/vars/main.yml
+++ /dev/null
@@ -1,254 +0,0 @@
-pkgs:
- - atlas
- - babel
- - bc
- - bitmap-console-fonts
- - bitmap-fangsongti-fonts
- - bitmap-fixed-fonts
- - bitmap-fonts-compat
- - bitmap-lucida-typewriter-fonts
- - bitmap-miscfixed-fonts
- - blas
- - compiz-gnome
- - db4-cxx
- - db4-devel
- - dejavu-sans-fonts
- - enchant
- - eog
- - evince
- - finger
- - fftw
- - file-roller
- - firefox
- - firstboot
- - fltk
- - fontconfig
- - fontpackages-filesystem
- - freeglut
- - ftgl
- - fuse-sshfs
- - gd
- - gdbm-devel
- - gdm
- - gedit
- - gettext
- - gettext-libs
- - ghostscript-fonts
- - giflib
- - giflib
- - glibc
- - glibc
- - glx-utils
- - gnome-applets
- - gnome-backgrounds
- - gnome-bluetooth-libs
- - gnome-desktop
- - gnome-disk-utility
- - gnome-disk-utility-libs
- - gnome-disk-utility-ui-libs
- - gnome-doc-utils-stylesheets
- - gnome-icon-theme
- - gnome-keyring
- - gnome-keyring-pam
- - gnome-mag
- - gnome-media
- - gnome-media-libs
- - gnome-menus
- - gnome-panel
- - gnome-panel-libs
- - gnome-python2
- - gnome-python2-applet
- - gnome-python2-bonobo
- - gnome-python2-canvas
- - gnome-python2-desktop
- - gnome-python2-extras
- - gnome-python2-gconf
- - gnome-python2-gnome
- - gnome-python2-gnomevfs
- - gnome-python2-libegg
- - gnome-python2-libwnck
- - gnome-screensaver
- - gnome-session
- - gnome-session-xsession
- - gnome-settings-daemon
- - gnome-speech
- - gnome-system-monitor
- - gnome-terminal
- - gnome-themes
- - gnome-user-docs
- - gnome-user-share
- - gnome-utils
- - gnome-utils-libs
- - gnome-vfs2
- - gnome-vfs2-smb
- - graphviz
- - gsl
- - gtkglext-libs
- - gtksourceview2
- - gvfs-fuse
- - hal
- - hdf
- - hdf
- - hdf5
- - ImageMagick
- - ImageMagick-c++
- - inotify-tools
- - java-1.7.0-openjdk
- - jline
- - lapack
- - leafpad
- - libblkid
- - libdrm
- - libfontenc
- - libgail-gnome
- - libgnome
- - libgnomecanvas
- - libgnomekbd
- - libgnomeui
- - libICE
- - libjpeg
- - libopenraw-gnome
- - libSM
- - libuuid
- - libX11
- - libXau
- - libXaw
- - libxcb
- - libXext
- - libXext-devel
- - libXfont
- - libXi
- - libXinerama
- - libxml2
- - libxml2-python
- - libXp
- - libXpm
- - libXt
- - libXtst
- - mailx
- - man
- - mod_ssl
- - mysql-server
- - nagios-plugins
- - nagios-plugins-disk
- - nagios-plugins-load
- - nagios-plugins-nrpe
- - nagios-plugins-perl
- - nagios-plugins-users
- - nautilus
- - nautilus-open-terminal
- - neon
- - nrpe
- - nss-softokn-freebl
- - numactl
- - numpy
- - numpy-f2py
- - openmotif
- - openssh-askpass
- - openssl098e
- - oxygen-icon-theme
- - perl-devel
- - perl-ExtUtils-MakeMaker
- - perl-ExtUtils-ParseXS
- - perl-HTML-Parser
- - perl-HTML-Tagset
- - perl-Test-Harness
- - perl-Time-HiRes
- - pexpect
- - php
- - php-cli
- - php-common
- - php-ldap
- - php-mysql
- - php-pdo
- - php-pear
- - pinentry-gtk
- - plymouth-system-theme
- - polkit-gnome
- - postgresql
- - postgresql-contrib
- - postgresql-devel
- - postgresql-libs
- - postgresql-server
- - PyGreSQL
- - pygtksourceview
- - python-babel
- - python-dateutil
- - python-devel
- - python-ldap
- - python-matplotlib
- - python-nose
- - python-paramiko
- - python-pmw
- - python-setuptools
- - python-psycopg2
- - pytz
- - qhull
- - qt
- - qt3
- - qt-sqlite
- - qt-x11
- - rhino
- - rsync
- - samba-client
- - scipy
- - spice-vdagent
- - suitesparse
- - system-gnome-theme
- - tcl
- - tcsh
- - Terminal
- - texlive-texmf-errata-fonts
- - texlive-texmf-fonts
- - tk
- - tkinter
- - tumbler
- - tzdata-java
- - unixODBC
- - unzip
- - util-linux-ng
- - uuid
- - vim-X11
- - vim-common
- - vim-enhanced
- - vim-minimal
- - wacomexpresskeys
- - wdaemon
- - wxBase
- - wxGTK
- - wxGTK-gl
- - wxGTK-media
- - wxpropgrid
- - wxPython
- - xml-common
- - xml-commons-apis
- - xml-commons-resolver
- - xmlrpc-c
- - xmlrpc-c-client
- - xorg-x11-drivers
- - xorg-x11-fonts-100dpi
- - xorg-x11-fonts-75dpi
- - xorg-x11-fonts-cyrillic
- - xorg-x11-fonts-ethiopic
- - xorg-x11-fonts-ISO8859-1-100dpi
- - xorg-x11-fonts-ISO8859-14-100dpi
- - xorg-x11-fonts-ISO8859-14-75dpi
- - xorg-x11-fonts-ISO8859-15-100dpi
- - xorg-x11-fonts-ISO8859-15-75dpi
- - xorg-x11-fonts-ISO8859-1-75dpi
- - xorg-x11-fonts-ISO8859-2-100dpi
- - xorg-x11-fonts-ISO8859-2-75dpi
- - xorg-x11-fonts-ISO8859-9-100dpi
- - xorg-x11-fonts-ISO8859-9-75dpi
- - xorg-x11-fonts-misc
- - xorg-x11-fonts-Type1
- - xorg-x11-font-utils
- - xorg-x11-server-utils
- - xorg-x11-server-Xorg
- - xorg-x11-util-macros
- - xorg-x11-utils
- - xorg-x11-xauth
- - xorg-x11-xinit
- - xvattr
- - yum-utils
- - zip
diff --git a/headNode.yaml b/headNode.yaml
deleted file mode 100644
index d8fc004d334cfd70bc0ffeb6f8f6468b3b109a1b..0000000000000000000000000000000000000000
--- a/headNode.yaml
+++ /dev/null
@@ -1,44 +0,0 @@
----
-description: " A simple template to boot a 3 node cluster"
-heat_template_version: 2013-05-23
-parameters:
- image_id:
- type: string
- label: Image ID
- description: Image to be used for compute instance
- default: a5e74703-f343-415a-aa23-bd0f0aacfc9e
- key_name:
- type: string
- label: Key Name
- description: Name of key-pair to be used for compute instance
- default: shahaan
- availability_z:
- type: string
- label: Availability Zone
- description: Availability Zone to be used for launching compute instance
- default: monash-01
-resources:
- headNode:
- type: "OS::Nova::Server"
- properties:
- availability_zone: { get_param: availability_z }
- flavor: m1.small
- image: { get_param: image_id }
- key_name: { get_param: key_name }
- security_groups: [OpenVPN, NSF, default]
- metadata:
- ansible_host_group: headNode
- ansible_ssh_user: ec2-user
- ansible_ssh_private_key_file: /home/sgeadmin/.ssh/shahaan.pem
- headVolume:
- type: OS::Cinder::Volume
- properties:
- availability_zone: { get_param: availability_z }
- description: Volume that will attach the headNode
- name: headNodeVolume
- size: 50
- volumeAttachment:
- type: OS::Cinder::VolumeAttachment
- properties:
- instance_uuid: { get_resource: headNode }
- volume_id: { get_resource: headVolume }
diff --git a/installNFS.yml b/installNFS.yml
deleted file mode 100644
index 6568c45077cdba9a1f26dae797dc20cb059632eb..0000000000000000000000000000000000000000
--- a/installNFS.yml
+++ /dev/null
@@ -1,24 +0,0 @@
----
--
- hosts: openvpn-servers
- remote_user: ec2-user
- roles:
- #- OpenVPN-Server
- - nfs-server
- become: true
- vars:
- x509_ca_server: vm-118-138-240-224.erc.monash.edu.au
--
- hosts: openvpn-clients
- remote_user: ec2-user
- roles:
- #- easy-rsa-common
- #- easy-rsa-certificate
- #- OpenVPN-Client
- - syncExports
- - nfs-client
- become: true
- vars:
- x509_ca_server: vm-118-138-240-224.erc.monash.edu.au
- openvpn_servers: ['vm-118-138-240-224.erc.monash.edu.au']
- nfs_server: "vm-118-138-240-224.erc.monash.edu.au"
diff --git a/playbook/cvl2.yml b/playbook/cvl2.yml
deleted file mode 100644
index 908e3af3416db7b0808a0b0b1535ecbc2fdc4d06..0000000000000000000000000000000000000000
--- a/playbook/cvl2.yml
+++ /dev/null
@@ -1,192 +0,0 @@
----
-- hosts: all
- vars_files:
- - massive_var/main.yml
- vars:
- x509_ca_server: "{{ groups['ManagementNodes'][0] }}"
- openvpn_servers: "{{ groups['ManagementNodes'] }}"
- slurmctrl: "{{ groups['ManagementNodes'][0] }}"
- slurmqueues:
- - {name: batch, group: ComputeNodes, default: true}
- roles:
- - { role: etcHosts, domain: "{{ ldapDomain }}" }
-
-- hosts: 'ManagementNodes'
- vars_files:
- - massive_var/main.yml
- - massive_var/package.yml
- - massive_var/passwords.yml
- vars:
- x509_ca_server: "{{ groups['ManagementNodes'][0] }}"
- openvpn_servers: "{{ groups['ManagementNodes'] }}"
- slurmctrl: "{{ groups['ManagementNodes'][0] }}"
- slurmqueues:
- - {name: batch, group: ComputeNodes, default: true}
- - {name: dev, group: ComputeNodesDev, default: false}
- - {name: multicore, group: ComputeNodesLarge, default: false}
- mkFileSystems:
- - {fstype : 'ext4', dev: '/dev/vdc1', opts: ''}
- - {fstype : 'ext4', dev: '/dev/vdc2', opts: ''}
- - {fstype : 'ext4', dev: '/dev/vdc3', opts: ''}
- mountFileSystems:
- - {fstype : 'ext4', dev: '/dev/vdc1', opts: 'defaults,nofail', name: '/cvl/scratch'}
- - {fstype : 'ext4', dev: '/dev/vdc2', opts: 'defaults,nofail', name: '/cvl/home'}
- - {fstype : 'ext4', dev: '/dev/vdc3', opts: 'defaults,nofail', name: '/cvl/local'}
- roles:
- - { role: easy-rsa-CA }
- - { role: OpenVPN-Server }
- - { role: ntp }
- - { role: openLdapClient }
- - { role: slurm-build }
- - { role: nfs-server, configDiskDevice: true }
- - { role: slurm, slurm_use_vpn: true}
- - { role: installPackage, yumGroupPackageList: ['CVL Pre-installation', 'CVL Base Packages'], cliCopy: {'run': 'cp -r /usr/local/Modules/modulefiles/cvl /usr/local/Modules/modulefiles/massive', 'check': '/usr/local/Modules/modulefiles/massive'} }
-
-- hosts: all
- vars_files:
- - massive_var/main.yml
- vars:
- x509_ca_server: "{{ groups['ManagementNodes'][0] }}"
- openvpn_servers: "{{ groups['ManagementNodes'] }}"
- roles:
- - { role: etcHosts, domain: "{{ ldapDomain }}" }
-
-- hosts: 'ComputeNodes*'
- vars_files:
- - massive_var/main.yml
- - massive_var/passwords.yml
- - massive_var/package.yml
- vars:
- x509_ca_server: "{{ groups['ManagementNodes'][0] }}"
- openvpn_servers: "{{ groups['ManagementNodes'] }}"
- roles:
- - { role: OpenVPN-Client }
-
-- hosts: 'LoginNodes'
- vars_files:
- - massive_var/main.yml
- - massive_var/passwords.yml
- - massive_var/package.yml
- vars:
- x509_ca_server: "{{ groups['ManagementNodes'][0] }}"
- openvpn_servers: "{{ groups['ManagementNodes'] }}"
- roles:
- - { role: OpenVPN-Client }
-
-- hosts: all
- vars_files:
- - massive_var/main.yml
- - massive_var/passwords.yml
- - massive_var/package.yml
- vars:
- x509_ca_server: "{{ groups['ManagementNodes'][0] }}"
- nfs_server: "{{ groups['ManagementNodes'][0] }}"
- openvpn_servers: "{{ groups['ManagementNodes'] }}"
- groupList:
- - { name : 'ComputeNodes', interface : 'tun0' }
- - { name : 'ComputeNodesDev', interface : 'tun0' }
- - { name : 'ComputeNodesLarge', interface : 'tun0' }
- - { name : 'LoginNodes', interface : 'tun0' }
- exportList:
- - { name: '/usr/local', src: '/cvl/local', fstype: 'nfs4', opts: 'defaults,ro,nofail', interface : 'tun0', srvopts: 'ro,sync' }
- - { name: '/home', src: '/cvl/home', fstype: 'nfs4', opts: 'defaults,nofail', interface : 'tun0', srvopts: 'rw,root_squash,sync' }
- - { name: '/scratch', src: '/cvl/scratch', fstype: 'nfs4', opts: 'defaults,nofail', interface : 'tun0', srvopts: 'rw,root_squash,sync' }
- roles:
- - { role: etcHosts, domain: "{{ ldapDomain }}" }
- - { role: syncExports }
-
-- hosts: 'ComputeNodes'
- vars_files:
- - massive_var/main.yml
- - massive_var/passwords.yml
- - massive_var/package.yml
- vars:
- x509_ca_server: "{{ groups['ManagementNodes'][0] }}"
- openvpn_servers: "{{ groups['ManagementNodes'] }}"
- slurmctrl: "{{ groups['ManagementNodes'][0] }}"
- slurmqueues:
- - {name: batch, group: ComputeNodes, default: true}
- nfs_server: "{{ groups['ManagementNodes'][0] }}"
- groupList:
- - { name : 'ComputeNodes', interface : 'tun0' }
- exportList:
- - { name: '/usr/local', src: '/cvl/local', fstype: 'nfs4', opts: 'defaults,ro,nofail', interface : 'tun0', srvopts: 'ro,sync' }
- - { name: '/home', src: '/cvl/home', fstype: 'nfs4', opts: 'defaults,nofail', interface : 'tun0', srvopts: 'rw,root_squash,sync' }
- - { name: '/scratch', src: '/cvl/scratch', fstype: 'nfs4', opts: 'defaults,nofail', interface : 'tun0', srvopts: 'rw,root_squash,sync' }
- roles:
- - { role: ntp }
- - { role: openLdapClient }
- - { role: nfs-client }
- - { role: slurm, slurm_use_vpn: true}
- - { role: installPackage, preInstallation: "umount /usr/local", postInstallation: "mount /usr/local", yumGroupPackageList: ["CVL Pre-installation", "CVL Base Packages"], cliFileCopy: {'src': '/tmp/gconf_path', 'dest': '/etc/gconf/2/path'} }
-
-- hosts: 'ComputeNodesDev'
- vars_files:
- - massive_var/main.yml
- - massive_var/passwords.yml
- - massive_var/package.yml
- vars:
- x509_ca_server: "{{ groups['ManagementNodes'][0] }}"
- openvpn_servers: "{{ groups['ManagementNodes'] }}"
- slurmctrl: "{{ groups['ManagementNodes'][0] }}"
- slurmqueues:
- - {name: dev, group: ComputeNodesDev, default: false}
- nfs_server: "{{ groups['ManagementNodes'][0] }}"
- groupList:
- - { name : 'ComputeNodes', interface : 'tun0' }
- exportList:
- - { name: '/home', src: '/cvl/home', fstype: 'nfs4', opts: 'defaults,nofail', interface : 'tun0', srvopts: 'rw,root_squash,sync' }
- - { name: '/scratch', src: '/cvl/scratch', fstype: 'nfs4', opts: 'defaults,nofail', interface : 'tun0', srvopts: 'rw,root_squash,sync' }
- roles:
- - { role: ntp }
- - { role: openLdapClient }
- - { role: nfs-client }
- - { role: slurm, slurm_use_vpn: true}
- - { role: installPackage, preInstallation: "umount /usr/local", postInstallation: "mount /usr/local", yumGroupPackageList: ["CVL Pre-installation", "CVL Base Packages"], cliFileCopy: {'src': '/tmp/gconf_path', 'dest': '/etc/gconf/2/path'} }
-
-- hosts: 'ComputeNodesLarge'
- vars_files:
- - massive_var/main.yml
- - massive_var/passwords.yml
- - massive_var/package.yml
- vars:
- x509_ca_server: "{{ groups['ManagementNodes'][0] }}"
- openvpn_servers: "{{ groups['ManagementNodes'] }}"
- slurmctrl: "{{ groups['ManagementNodes'][0] }}"
- slurmqueues:
- - {name: multicore, group: ComputeNodesLarge, default: false}
- nfs_server: "{{ groups['ManagementNodes'][0] }}"
- groupList:
- - { name : 'ComputeNodes', interface : 'tun0' }
- exportList:
- - { name: '/usr/local', src: '/cvl/local', fstype: 'nfs4', opts: 'defaults,ro,nofail', interface : 'tun0', srvopts: 'ro,sync' }
- - { name: '/home', src: '/cvl/home', fstype: 'nfs4', opts: 'defaults,nofail', interface : 'tun0', srvopts: 'rw,root_squash,sync' }
- - { name: '/scratch', src: '/cvl/scratch', fstype: 'nfs4', opts: 'defaults,nofail', interface : 'tun0', srvopts: 'rw,root_squash,sync' }
- roles:
- - { role: ntp }
- - { role: openLdapClient }
- - { role: nfs-client }
- - { role: slurm, slurm_use_vpn: true}
- - { role: installPackage, preInstallation: "umount /usr/local", postInstallation: "mount /usr/local", yumGroupPackageList: ["CVL Pre-installation", "CVL Base Packages"], cliFileCopy: {'src': '/tmp/gconf_path', 'dest': '/etc/gconf/2/path'} }
-
-- hosts: 'LoginNodes'
- vars_files:
- - massive_var/main.yml
- - massive_var/passwords.yml
- vars:
- groupList:
- - { name : 'ComputeNodes', interface : 'tun0' }
- x509_ca_server: "{{ groups['ManagementNodes'][0] }}"
- openvpn_servers: "{{ groups['ManagementNodes'] }}"
- slurmctrl: "{{ groups['ManagementNodes'][0] }}"
- slurmqueues:
- - {name: batch, group: ComputeNodes, default: true}
- exportList:
- - { name: '/home', src: '/cvl/home', fstype: 'nfs4', opts: 'defaults,nofail', interface : 'tun0', srvopts: 'rw,root_squash,sync' }
- roles:
- - { role: ntp }
- - { role: openLdapClient }
- - { role: nfs-client }
- - { role: slurm, slurm_use_vpn: true}
- - { role: installPackage, importRepo: { command: "wget http://cvlrepo.massive.org.au/repo/cvl.repo -O", destination: "/etc/yum.repos.d/cvl.repo" }, yumGroupPackageList: ['CVL Pre-installation', 'CVL Base Packages'], cliCopy: {'run': 'cp -r /usr/local/Modules/modulefiles/cvl /usr/local/Modules/modulefiles/massive', 'check': '/usr/local/Modules/modulefiles/massive'} }
-
diff --git a/playbook/massive_var/main.yml b/playbook/massive_var/main.yml
deleted file mode 100644
index 22b784529a43f4a50abc243f365b9d0328b4f288..0000000000000000000000000000000000000000
--- a/playbook/massive_var/main.yml
+++ /dev/null
@@ -1,71 +0,0 @@
----
-ldapServerHostIpLine: "130.220.209.234 m2-w.massive.org.au"
-ldapCaCertSrc: "/tmp/m1-w-ca.pem"
-countryName: "AU"
-reginalName: "Victoria"
-cityName: "Melbourne"
-organizationName: "Monash University"
-emailAddress: "help@massive.org.au"
-organizationUnit: "MASSIVE"
-nfsServerIpAddress: m2-login3.massive.org.au
-
-x509_cert_file: "/etc/openvpn/certs/{{ x509_ca_server }}.crt"
-x509_key_file: "/etc/openvpn/private/{{ x509_ca_server }}.key"
-x509_cacert_file: "/etc/ssl/certs/ca_{{ x509_ca_server }}.crt"
-###x509_common_name: "{{ x509_ca_server }}CommonName"
-x509_common_name: "{{ inventory_hostname }}"
-x509_csr_args: "--server"
-x509_sign_args: "{{ x509_csr_args }}"
-dhparms_file: "/etc/openvpn/private/dh.pem"
-server_network: "10.8.0.0"
-server_netmask: "255.255.255.0"
-
-slurm_version: 14.11.2
-munge_version: 0.5.11
-userRelocationName: "ec2-user"
-userNewHome: "/local_home"
-#nfs_type: "nfs4"
-#nfs_options: "defaults"
-#nfs_server: "m2-login3.massive.org.au"
-ldapServerHost: "130.220.209.234 m2-w.massive.org.au"
-ldapDomain: "massive.org.au"
-ldapURI: "ldaps://m2-w.massive.org.au:1637/"
-ldapBindDN: "cn=ldapbind,cn=users,dc=massive,dc=org,dc=au"
-ldapBase: "cn=users,dc=massive,dc=org,dc=au"
-ldapUserClass: "user"
-ldapUserHomeDirectory: "unixHomeDirectory"
-ldapUserPricipal: "userPrincipalName"
-ldapGroupBase: "ou=groups,dc=massive,dc=org,dc=au"
-tlsCaCertDirectory: "/etc/openldap/certs"
-ldapCaCertFile: "/etc/openldap/certs/m1-w-ca.pem"
-ldapCaCertFileSource: "/tmp/cvl2server/m1-w-ca.pem"
-cacertFile: "cacert.pem"
-#domain: "cvl.massive.org.au"
-domain: "massive.org.au"
-ldapRfc2307: |
- ldap_schema = rfc2307
- ldap_search_base = cn=users,dc=massive,dc=org,dc=au
- ldap_user_search_base = cn=users,dc=massive,dc=org,dc=au
- ldap_user_object_class = user
- ldap_user_home_directory = unixHomeDirectory
- ldap_user_principal = userPrincipalName
- ldap_user_name = uid
- ldap_group_search_base = ou=groups,dc=massive,dc=org,dc=au
- ldap_group_object_class = group
- ldap_access_order = expire
- ldap_account_expire_policy = ad
-
-ldapRfc2307Pam: |
- scope sub
- nss_base_passwd cn=users,dc=massive,dc=org,dc=au?sub
- nss_base_shadow cn=users,dc=massive,dc=org,dc=au?sub
- nss_base_group cn=users,dc=massive,dc=org,dc=au?sub
- nss_map_objectclass posixAccount user
- nss_map_objectclass shadowAccount user
- nss_map_objectclass posixGroup group
- nss_map_attribute homeDirectory unixHomeDirectory
- nss_map_attribute uniqueMember member
- nss_map_attribute shadowLastChange pwdLastSet
- pam_login_attribute sAMAccountName
- pam_filter objectClass=User
- pam_password ad
diff --git a/playbook/massive_var/package.yml b/playbook/massive_var/package.yml
deleted file mode 100644
index 26d13db3708730b0ab3500e97c4b3346b3bd6641..0000000000000000000000000000000000000000
--- a/playbook/massive_var/package.yml
+++ /dev/null
@@ -1,8 +0,0 @@
----
-importRepo: { command: "wget http://cvlrepo.massive.org.au/repo/cvl.repo -O", destination: "/etc/yum.repos.d/cvl.repo" }
-#yumGroupPackageList:
-# - CVL Pre-installation
-# - CVL Base Packages
-# - CVL System
-# - CVL System Extension
-# - CVL General Imaging Tools
diff --git a/playbook/readme.txt b/playbook/readme.txt
deleted file mode 100644
index 59ab5815af15b6ffa3932a2ed065761fc1fb52e2..0000000000000000000000000000000000000000
--- a/playbook/readme.txt
+++ /dev/null
@@ -1 +0,0 @@
-Files in the playbook directory should be used as examples for the reference only.
diff --git a/roles/commonVars/vars/readme.txt b/roles/commonVars/vars/readme.txt
deleted file mode 100644
index 8faa3c3c117df7693ebf8d4aff2cd6283e5766d1..0000000000000000000000000000000000000000
--- a/roles/commonVars/vars/readme.txt
+++ /dev/null
@@ -1,2 +0,0 @@
----
-domain: testdomain.massive.org.au
diff --git a/roles/enable_root/tasks/main.yml b/roles/enable_root/tasks/main.yml
deleted file mode 100644
index 660c74f29556f6253a425d6fcb2822ddf9ae520b..0000000000000000000000000000000000000000
--- a/roles/enable_root/tasks/main.yml
+++ /dev/null
@@ -1,3 +0,0 @@
-- name: add key to root ssh
- template: dest=/root/.ssh/authorized_keys mode=600 owner=root group=root src=authorized_keys.j2
- become: true
diff --git a/roles/enable_root/templates/authorized_keys.j2 b/roles/enable_root/templates/authorized_keys.j2
deleted file mode 100644
index f7eff2cc56bea11fdd047d2e1741798a1da2c71b..0000000000000000000000000000000000000000
--- a/roles/enable_root/templates/authorized_keys.j2
+++ /dev/null
@@ -1,11 +0,0 @@
-ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAvjn5cQuMkqTo04ZnkuDXfUBeAt7oZ6xrT4phfMemqx12dDqLyFrMgUWOoVMFj+TNyR5M8WOCI6CRT6EXOMtqaxhPtWB1QlDNo0Ml8xTzSKckUO0EhdqNKh+nlQfVeaVIx0DZZeWWNpPCrKPCM4TSAXXiwtZuImd6/Zo4RI1x+oTcFR9zQulUGUuX8rf7+4c/oKr58B+La8bXP8QujtfLm29pl1kawSouCfdxt93wRfbISM7mGs/WqzttRXL9m5AeOMuo5S4Ia0GPMcIEUfsQhEyEU7tiTpEq5lDdf6H7a9SlHXzhd9f2Dn3mlv3mmQHaGBJvUuWmVwydxkdtCRQhOQ== root@m2-m
-ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA2xrAkFRdYBpYs14AYSzdPFcIOt2zKXIgjPpyj/6eg/yl3y8N84T9VNw9ATRzb3+PJEw1lOfah6xLkFl7FueT6359y14c7wkNByGHgcL022SludkhM2zBe/3ebhcBs11L4Z725rqVnGDSKdKuwZjbCmUtu/nHwGYU/BnLKbQXMVyq53L5cbIyWGfvItPnwCF2ZMy1v0lmnFs1O3qDK9U/qcwc/77MTB0Z/ey0zsoXvmxjkdYr+zgQLRNm2+fkCXn+ZorbeDwWjhHE21arhMym5x3VG0XU2Ob9nL1Z2xEGQVSnBVWeadTMNzkfM8U07Md2tSOIC5B3ePETxk97puxbEQ== root@m2-m
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDPijQ597uLqEPAvVZXQlSjrUfFl2h7SRBTCRhH4hQJMVu55dhFYiojJZ0tjjV3jTcgWs1AsyRp3wDtNp8iQxbwEY2JPxCOjNuH0et4I/y3y6VUjcVWanSaIkdPf5AFNb9KIXo3Hvdyvav8SfFpioRQ0FKp8SZs1JYXpuQ0mZY26oKCKcNsWXv9ZN7knUN0xvYNMycpCnI2Nl666Zrs0gGyJ6e+Xq5bpk1lm8nuK9q52bTRjxqtdEBuSGwkZea+NBJzpYw5rEucteQI66y6tzFuYJk2WC4bUifffIxnkQXKYVynJg1MJ2CGI69r9hXt9eUtH3WrDxrJGmCau8jD3lib hines@sparge
-ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAnakq6Lgq2n6yjcMaC7xQXMDMRdN33T6mPCqRy+TPdu0aPvVty0UFeAWsCyTxHeVfst9Vr0HwRRBvNihp1CJuOWGbk0H5a8yALDhLqoHazv2jlMQcLDgTktw0Jgo38+tcBShJyey1iHh8X5WgsS5/hgxR3OzoNBEzqzHUidMO/EI0ahNlM60l8EYL8Ww799NmPgqdPbwxK9nHsoFmx/NKhnUdronSg33L0CJZT3t2fccXAq+4Pbm7uYEkL3T/NgMdgpG5mKS3mKDtKyyKm2gOf3fVzExFew2etBxB3ANPEWvSuJ2XwXQv8sFE1722XQVR4RFgilCWUqXSN7EmqoHkNQ== jupiter@cvlproject
-ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAsBtPRJtDJzyW+Utu0v03wklUpvzS5c1E34ysGDMepGU8VT1phJQ2EwRPWVLdRjVHnuhrEeeUHMyQwOtLEdvTPFnw5u/4bHQ+37iwtAeTV6oyPARJVzJLRGuDUuFdkQbXN7xxi/0KUljWgswLN34UV+p5PL79kQlErh1QCN06z5k=
-
-ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA2xrAkFRdYBpYs14AYSzdPFcIOt2zKXIgjPpyj/6eg/yl3y8N84T9VNw9ATRzb3+PJEw1lOfah6xLkFl7FueT6359y14c7wkNByGHgcL022SludkhM2zBe/3ebhcBs11L4Z725rqVnGDSKdKuwZjbCmUtu/nHwGYU/BnLKbQXMVyq53L5cbIyWGfvItPnwCF2ZMy1v0lmnFs1O3qDK9U/qcwc/77MTB0Z/ey0zsoXvmxjkdYr+zgQLRNm2+fkCXn+ZorbeDwWjhHE21arhMym5x3VG0XU2Ob9nL1Z2xEGQVSnBVWeadTMNzkfM8U07Md2tSOIC5B3ePETxk97puxbEQ== root@m2-m
-
-ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEApJTDPfappcYbNE3Z0+5Vsm4Sw2xD3PdcW+V1w6X6tpebG/bpUhnn9XsALkZYyKttql2vV3bqL6Fx5ZAFhHRhH0exdQEgc8hSvpX5gCCCUNqrL+mP8f4S59E0ha5+nBmMaf4WABHiZYfeoGhn7HHNQY0Up/qfzDPSvWo+ZaVQAqXcYLGTxaP70yywHOYABakJtBVKKkI1YPu83HFDVfw1PoYVaS5GAmEscq6nwoyC0Jm/pDirUtMoRibG2iiV6uYKQDvWrO9fBrGmavpmUT/ECtmcnrWj7V9zXzSi17HJhkq6gYc68iu6h8TBNJrIUE9Kgi07aWFRM9fbIM1ZVD/aEQ== ec2-user@cvl23server
-
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCpuXUhr1Vzl1WljuFYSFIArU8wtlKWpkVLF4hCUb4dVWNEPU/FM1gkg4hPH+rTNPManRAJ8vxiCtMgLtvae2j1elO0edkM6BZReVDFMYo0fZVBbVR8fzvXRWD5ArXJeNI2uZ4fYTil3SoC3N0n+ySjqFriIkcBpxthKVcoOlK+yccOvCPGNWgqcSGFfMEKTR8P18ED83i7sOF2nzpH0RBo2/N7ry5Gzvfw859W7KScw/3uI7fzog6hW/P4niOQIZfG56enHHos0l7oymxeQRiYITqvf9Es1VatEfybk+tJhTVf1LcIqoM9v9bc0yd6QqST0+6ZiTJXCQCthmS0JVX1 hines@tun
diff --git a/roles/gpu_update/files/NVIDIA-Linux-x86_64-352.93.run.REMOVED.git-id b/roles/gpu_update/files/NVIDIA-Linux-x86_64-352.93.run.REMOVED.git-id
deleted file mode 100644
index 38a7bca176fcdd29040fe72acc76d2c44c093cab..0000000000000000000000000000000000000000
--- a/roles/gpu_update/files/NVIDIA-Linux-x86_64-352.93.run.REMOVED.git-id
+++ /dev/null
@@ -1 +0,0 @@
-48758c1a73f2a27c14f351a99923c3aa6e4c0cdf
\ No newline at end of file
diff --git a/scripts/get_or_make_passwd.py b/scripts/get_or_make_passwd.py
deleted file mode 100755
index 5242f1f9c52fb93d8016f48598a9192149aef10c..0000000000000000000000000000000000000000
--- a/scripts/get_or_make_passwd.py
+++ /dev/null
@@ -1,28 +0,0 @@
-#!/usr/bin/python
-import random
-import sys
-import string
-def get_passwd(f,passname):
- f.seek(0)
- for line in f.readlines():
- (key,passwd)=line.split(':')
- if key==passname:
- f.close()
- return passwd.rstrip()
- return None
-
-def mk_passwd(f,passname):
- passwd=''.join(random.choice(string.ascii_uppercase + string.digits+string.ascii_lowercase) for _ in range(16))
- f.write("%s:%s\n"%(passname,passwd))
- return passwd
-
-try:
- f=open('../passwd.txt','at+')
-except:
- f=open('./passwd.txt','at+')
-passname = sys.argv[1]
-passwd = get_passwd(f,passname)
-if passwd == None:
- passwd = mk_passwd(f,passname)
-print passwd
-f.close()
diff --git a/scripts/userData.sh b/scripts/userData.sh
deleted file mode 100644
index 545e92248baa6d17f64115cc634c87b689ad0ae8..0000000000000000000000000000000000000000
--- a/scripts/userData.sh
+++ /dev/null
@@ -1,5 +0,0 @@
-#!/bin/sh
-
-mkdir /local_home
-usermod -m -d /local_home/ec2-user ec2-user
-
diff --git a/syncNFS.yml b/syncNFS.yml
deleted file mode 100644
index 9095bfc8008c18aa940c5a63e760685b67f56fae..0000000000000000000000000000000000000000
--- a/syncNFS.yml
+++ /dev/null
@@ -1,14 +0,0 @@
----
--
- hosts: openvpn-clients
- remote_user: ec2-user
- roles:
- - syncExports
- - nfs-client
- become: true
- vars:
- nfs_server: "vm-118-138-240-224.erc.monash.edu.au"
- openvpn_servers:
- - vm-118-138-240-224.erc.monash.edu.au
- x509_ca_server: vm-118-138-240-224.erc.monash.edu.au
-
diff --git a/templates/easy-rsa/vars.j2 b/templates/easy-rsa/vars.j2
deleted file mode 100644
index 77adaead4782e8dcc923bf902401b7ad725623f5..0000000000000000000000000000000000000000
--- a/templates/easy-rsa/vars.j2
+++ /dev/null
@@ -1,80 +0,0 @@
-# easy-rsa parameter settings
-
-# NOTE: If you installed from an RPM,
-# don't edit this file in place in
-# /usr/share/openvpn/easy-rsa --
-# instead, you should copy the whole
-# easy-rsa directory to another location
-# (such as /etc/openvpn) so that your
-# edits will not be wiped out by a future
-# OpenVPN package upgrade.
-
-# This variable should point to
-# the top level of the easy-rsa
-# tree.
-export EASY_RSA="/etc/easy-rsa/2.0"
-
-#
-# This variable should point to
-# the requested executables
-#
-export OPENSSL="openssl"
-export PKCS11TOOL="pkcs11-tool"
-export GREP="grep"
-
-
-# This variable should point to
-# the openssl.cnf file included
-# with easy-rsa.
-export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`
-
-# Edit this variable to point to
-# your soon-to-be-created key
-# directory.
-#
-# WARNING: clean-all will do
-# a rm -rf on this directory
-# so make sure you define
-# it correctly!
-export KEY_DIR="$EASY_RSA/keys"
-
-# Issue rm -rf warning
-echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR
-
-# PKCS11 fixes
-export PKCS11_MODULE_PATH="dummy"
-export PKCS11_PIN="dummy"
-
-# Increase this to 2048 if you
-# are paranoid. This will slow
-# down TLS negotiation performance
-# as well as the one-time DH parms
-# generation process.
-export KEY_SIZE={{ keySize }}
-
-# In how many days should the root CA key expire?
-export CA_EXPIRE=3650
-
-# In how many days should certificates expire?
-export KEY_EXPIRE=3650
-
-# These are the default values for fields
-# which will be placed in the certificate.
-# Don't leave any of these fields blank.
-export KEY_COUNTRY={{ countryName }}
-export KEY_PROVINCE={{ reginalName }}
-export KEY_CITY={{ cityName }}
-export KEY_ORG={{ organizationName }}
-export KEY_EMAIL={{ emailAddress }}
-export KEY_OU={{ organizationUnit }}
-
-# X509 Subject Field
-export KEY_NAME="EasyRSA"
-
-# PKCS11 Smart Card
-# export PKCS11_MODULE_PATH="/usr/lib/changeme.so"
-# export PKCS11_PIN=1234
-
-# If you'd like to sign all keys with the same Common Name, uncomment the KEY_CN export below
-# You will also need to make sure your OpenVPN server config has the duplicate-cn option set
-# export KEY_CN="CommonName"