From 470d6698ea3b15aeb4e7e84c86b7b516c577b9db Mon Sep 17 00:00:00 2001
From: shahaan <shahaan@gmail.com>
Date: Thu, 23 Jul 2015 15:00:12 +1000
Subject: [PATCH] Implemented some more changes as suggested by Chris...
---
buildKaraage3.x.yml | 13 +-
roles/karaage3.1.17/tasks/apacheRedHat.yml | 8 +-
roles/karaage3.1.17/tasks/karaage.yml | 24 +-
.../{settingsDebian.py.j2 => settings.py.j2} | 10 +-
.../templates/settingsRedHat.py.j2 | 330 ------------------
roles/ldapserver/tasks/installOpenLdap.yml | 27 --
roles/ldapserver/tasks/main.yml | 8 +-
7 files changed, 25 insertions(+), 395 deletions(-)
rename roles/karaage3.1.17/templates/{settingsDebian.py.j2 => settings.py.j2} (97%)
delete mode 100644 roles/karaage3.1.17/templates/settingsRedHat.py.j2
delete mode 100644 roles/ldapserver/tasks/installOpenLdap.yml
diff --git a/buildKaraage3.x.yml b/buildKaraage3.x.yml
index acc96c0f..1a349bc4 100644
--- a/buildKaraage3.x.yml
+++ b/buildKaraage3.x.yml
@@ -5,12 +5,12 @@
- sysctl: name=kernel.hostname value={{ inventory_hostname }} state=present
ignore_errors: yes
- service: name=network state=restarted
- when: ansible_os_family == 'Redhat'
+ when: ansible_os_family == 'RedHat'
roles:
- - etcHosts
- - easy-rsa-CA
- - easy-rsa-certificate
- - ldapserver
+ - etcHosts
+ - easy-rsa-CA
+ - easy-rsa-certificate
+ - ldapserver
sudo: true
vars:
- x509_ca_server: "{% for host in groups['ldap-server'] %}{{ hostvars[host]['ansible_fqdn'] }}{% endfor %}"
@@ -45,7 +45,7 @@
- sysctl: name=kernel.hostname value={{ inventory_hostname }} state=present
ignore_errors: yes
- service: name=network state=restarted
- when: ansible_os_family == 'Redhat'
+ when: ansible_os_family == 'RedHat'
roles:
- etcHosts
- easy-rsa-certificate
@@ -78,3 +78,4 @@
- x509_csr_args: ""
- x509_sign_args: "{{ x509_csr_args }}"
- x509_common_name: "{{ inventory_hostname }}"
+ - apache_user: "{% if ansible_os_family == 'RedHat' %}apache{% else %}www-data{% endif %}"
diff --git a/roles/karaage3.1.17/tasks/apacheRedHat.yml b/roles/karaage3.1.17/tasks/apacheRedHat.yml
index 73a14f4c..6c7d2ad0 100644
--- a/roles/karaage3.1.17/tasks/apacheRedHat.yml
+++ b/roles/karaage3.1.17/tasks/apacheRedHat.yml
@@ -13,8 +13,12 @@
name: Setting httpd.conf
replace: dest=/etc/httpd/conf/httpd.conf regexp="^#ServerName www.example.com:80" replace="ServerName {{ ansible_fqdn }}"
-
- name: Templating ssl.conf
- template: src=ssl.conf.j2 dest=/etc/httpd/conf.d/ssl.conf owner=root group=root
+ name: Setting ssl.conf
+ lineinfile: dest=/etc/httpd/conf.d/ssl.conf regexp="{{ item.regexp }}" line="{{ item.line }}" backrefs=yes
+ with_items:
+ - { regexp : "^SSLCertificateFile", line : "SSLCertificateFile {{ x509_cert_file }}" }
+ - { regexp : "SSLCertificateKeyFile", line : "SSLCertificateKeyFile {{ x509_key_file }}" }
+ - { regexp : "SSLCACertificateFile", line : "SSLCACertificateFile {{ x509_cacert_file }}" }
-
name: Templating wsgi.conf
template: src=wsgi.conf.j2 dest=/etc/httpd/conf.d/wsgi.conf owner=root group=root
diff --git a/roles/karaage3.1.17/tasks/karaage.yml b/roles/karaage3.1.17/tasks/karaage.yml
index a1aa9a6e..0787d00a 100644
--- a/roles/karaage3.1.17/tasks/karaage.yml
+++ b/roles/karaage3.1.17/tasks/karaage.yml
@@ -60,35 +60,17 @@
creates: /root/karaage3.1.7/build/bdist.linux-x86_64
-
name: "Templating Karaage settings"
- template: src=settingsDebian.py.j2 dest=/etc/karaage3/settings.py owner=root group=www-data mode=0640
- when: ansible_os_family == "Debian"
--
- name: "Templating Karaage settings"
- template: src=settingsRedHat.py.j2 dest=/etc/karaage3/settings.py owner=root group=apache mode=0640
- when: ansible_os_family == "RedHat"
--
- name: "Creating karaage3 in /var directories log, lib and www"
- file: path={{ item }} state=directory owner=root group=www-data mode=0775
- with_items:
- - /var/log/karaage3
- - /var/lib/karaage3
- when: ansible_os_family == "Debian"
+ template: src=settings.py.j2 dest=/etc/karaage3/settings.py owner=root group={{ apache_user }} mode=0640
-
name: "Creating karaage3 in /var directories log, lib "
- file: path={{ item }} state=directory owner=root group=apache mode=0775
+ file: path={{ item }} state=directory owner=root group={{ apache_user }} mode=0775
with_items:
- /var/log/karaage3
- /var/lib/karaage3
- /var/cache/karaage3
- when: ansible_os_family == "RedHat"
-
name: "Change permissions for /var/www"
- file: path=/var/www state=directory owner=root group=www-data mode=0775
- when: ansible_os_family == "Debian"
--
- name: "Change permissions for /var/www"
- file: path=/var/www state=directory owner=root group=apache mode=0775
- when: ansible_os_family == "RedHat"
+ file: path=/var/www state=directory owner=root group={{ apache_user }} mode=0775
-
name: Create a symlink to mod_wsgi-py27.so
file: src=/opt/rh/python27/root/usr/lib64/python2.7/site-packages/mod_wsgi/server/mod_wsgi-py27.so dest=/usr/lib64/httpd/modules/mod_wsgi.so owner=root group=root state=link
diff --git a/roles/karaage3.1.17/templates/settingsDebian.py.j2 b/roles/karaage3.1.17/templates/settings.py.j2
similarity index 97%
rename from roles/karaage3.1.17/templates/settingsDebian.py.j2
rename to roles/karaage3.1.17/templates/settings.py.j2
index 90b9cf6c..1db75154 100644
--- a/roles/karaage3.1.17/templates/settingsDebian.py.j2
+++ b/roles/karaage3.1.17/templates/settings.py.j2
@@ -186,35 +186,35 @@ LOGGING = {
'class': 'karaage.common.logging.FileHandler',
'filename': '/var/log/karaage3/django.log',
'formatter': 'verbose',
- 'owner': ['www-data', 'www-data'],
+ 'owner': ['{{ apache_user }}', '{{ apache_user }}'],
},
'karaage_file': {
'level': 'WARNING',
'class': 'karaage.common.logging.FileHandler',
'filename': '/var/log/karaage3/karaage.log',
'formatter': 'verbose',
- 'owner': ['www-data', 'www-data'],
+ 'owner': ['{{ apache_user }}', '{{ apache_user }}'],
},
# 'ldap_file': {
# 'level': 'DEBUG',
# 'class': 'karaage.common.logging.FileHandler',
# 'filename': '/var/log/karaage3/ldap.log',
# 'formatter': 'verbose',
- # 'owner': ['www-data', 'www-data'],
+ # 'owner': ['{{ apache_user }}', '{{ apache_user }}'],
# },
# 'mam_file': {
# 'level': 'DEBUG',
# 'class': 'karaage.common.logging.FileHandler',
# 'filename': '/var/log/karaage3/mam.log',
# 'formatter': 'verbose',
- # 'owner': ['www-data', 'www-data'],
+ # 'owner': ['{{ apache_user }}', '{{ apache_user }}'],
# },
# 'slurm_file': {
# 'level': 'DEBUG',
# 'class': 'karaage.common.logging.FileHandler',
# 'filename': '/var/log/karaage3/slurm.log',
# 'formatter': 'verbose',
- # 'owner': ['www-data', 'www-data'],
+ # 'owner': ['{{ apache_user }}', '{{ apache_user }}'],
# },
},
'loggers': {
diff --git a/roles/karaage3.1.17/templates/settingsRedHat.py.j2 b/roles/karaage3.1.17/templates/settingsRedHat.py.j2
deleted file mode 100644
index 38de5474..00000000
--- a/roles/karaage3.1.17/templates/settingsRedHat.py.j2
+++ /dev/null
@@ -1,330 +0,0 @@
-# -*- coding: utf-8 -*-
-
-# Globally defined Karaage settings
-# These settings will be used for karaage-admin and karaage-registration.
-
-# Some of these values have sensible defaults. Settings that don't have a
-# sensible default must be configured manually.
-
-# Other Django settings are also possible, this list is not a comprehensive
-# list of all settings.
-
-# Copyright 2010-2011, 2014-2015 VPAC
-# Copyright 2010-2011 The University of Melbourne
-#
-# Django settings
-#
-
-# A boolean that turns on/off debug mode.
-#
-# Never deploy a site into production with DEBUG turned on.
-#
-# Did you catch that? NEVER deploy a site into production with DEBUG turned on.
-#
-# One of the main features of debug mode is the display of detailed error
-# pages. If your app raises an exception when DEBUG is True, Django will
-# display a detailed traceback, including a lot of metadata about your
-# environment, such as all the currently defined Django settings (from
-# settings.py).
-#
-# default: DEBUG = False
-#
-# DEBUG = True
-
-# Implemented by Shahaan due to the django-pipeline bug
-PIPELINE_ENABLED = False
-STATICFILES_STORAGE = 'pipeline.storage.PipelineStorage'
-
-# FQDN host, used in default settings for :setting:`ALLOWED_HOSTS`,
-# :setting:`REGISTRATION_BASE_URL`, and :setting:`ADMIN_BASE_URL`.
-#
-# default: HTTP_HOST = FQDN hostname
-#
-HTTP_HOST = "{{ x509_common_name }}"
-
-# A list of strings representing the host/domain names that this Django site
-# can serve. This is a security measure to prevent an attacker from poisoning
-# caches and password reset emails with links to malicious hosts by submitting
-# requests with a fake HTTP Host header, which is possible even under many
-# seemingly-safe web server configurations.
-#
-# %(HOST) will be substituted with the HTTP_HOST setting.
-#
-# default: ALLOWED_HOSTS = ["%(HOST)s"]
-#
-# ALLOWED_HOSTS = ["www.example.org"]
-
-# Whether to use a secure cookie for the session cookie. If this is set to
-# True, the cookie will be marked as “secure,†which means browsers may ensure
-# that the cookie is only sent under an HTTPS connection.
-#
-# default: SESSION_COOKIE_SECURE = True
-#
-# SESSION_COOKIE_SECURE = False
-
-# A tuple that lists people who get code error notifications. When DEBUG=False
-# and a view raises an exception, Django will email these people with the full
-# exception information. Each member of the tuple should be a tuple of (Full
-# name, email address).
-ADMINS = (
- # ('Your Name', 'your_email@domain.com'),
-)
-
-# A tuple in the same format as ADMINS that specifies who should get broken
-# link notifications when BrokenLinkEmailsMiddleware is enabled.
-MANAGERS = ADMINS
-
-# A dictionary containing the settings for all databases to be used with
-# Django. It is a nested dictionary whose contents maps database aliases to a
-# dictionary containing the options for an individual database.
-DATABASES = {
- 'default': {
- 'ENGINE': 'django.db.backends.mysql',
- 'NAME': 'karaage',
- 'USER': 'karaage',
- 'PASSWORD': 'imkaraage',
- 'HOST': 'localhost',
- 'PORT': '',
- 'ATOMIC_REQUESTS': True,
- }
-}
-
-LDAP = {
- 'default': {
- 'ENGINE': 'tldap.backend.fake_transactions',
- 'URI': 'ldaps://{% for host in groups['ldap-server'] %}{{ hostvars[host]['ansible_fqdn'] }}{% endfor %}/',
- 'USER': '{{ ldapManager }}',
- 'PASSWORD': '{{ ldapManagerPassword }}',
- 'REQUIRE_TLS': True,
- 'START_TLS': True,
- 'TLS_CA': '{{ x509_cacert_file }}',
- }
-}
-
-MACHINE_CATEGORY_DATASTORES = {
- 'ldap': [
- {
- 'DESCRIPTION': 'LDAP datastore',
- 'ENGINE': 'karaage.datastores.ldap.MachineCategoryDataStore',
- 'LDAP': 'default',
- 'ACCOUNT': 'karaage.datastores.ldap_schemas.openldap_account',
- 'GROUP': 'karaage.datastores.ldap_schemas.openldap_account_group',
- 'PRIMARY_GROUP': "institute",
- 'DEFAULT_PRIMARY_GROUP': "ldap",
- 'HOME_DIRECTORY': "/home/%(uid)s",
- 'LOCKED_SHELL': "/usr/local/sbin/locked",
- 'NUMBER_SCHEME': 'default',
- 'LDAP_ACCOUNT_BASE': 'ou=Accounts,dc=monash,dc=edu,dc=au',
- 'LDAP_GROUP_BASE': 'ou=Groups,dc=monash,dc=edu,dc=au',
- },
- ],
- 'dummy': [
- ],
-}
-
-GLOBAL_DATASTORES = [
- {
- 'DESCRIPTION': 'LDAP datastore',
- 'ENGINE': 'karaage.datastores.ldap.GlobalDataStore',
- 'LDAP': 'default',
- 'PERSON': 'karaage.datastores.ldap_schemas.openldap_person',
- 'GROUP': 'karaage.datastores.ldap_schemas.openldap_person_group',
- 'NUMBER_SCHEME': 'global',
- 'LDAP_PERSON_BASE': 'ou=People,dc=monash,dc=edu,dc=au',
- 'LDAP_GROUP_BASE': 'ou=People_Groups,dc=monash,dc=edu,dc=au',
- },
-]
-# The email address that error messages come from, such as those sent to ADMINS
-# and MANAGERS.
-SERVER_EMAIL = 'karaage@example.org'
-
-# The host to use for sending email.
-EMAIL_HOST = 'localhost'
-
-# Subject-line prefix for email messages sent with django.core.mail.mail_admins
-# or django.core.mail.mail_managers. You’ll probably want to include the
-# trailing space.
-EMAIL_SUBJECT_PREFIX = '[Karaage] - '
-
-# Local time zone for this installation. Choices can be found here:
-# http://en.wikipedia.org/wiki/List_of_tz_zones_by_name
-# although not all choices may be available on all operating systems.
-# If running in a Windows environment this must be set to the same as your
-# system time zone.
-TIME_ZONE = 'Australia/Melbourne'
-
-# Language code for this installation. All choices can be found here:
-# http://www.i18nguy.com/unicode/language-identifiers.html
-LANGUAGE_CODE = 'en-au'
-
-# A secret key for a particular Django installation. This is used to provide
-# cryptographic signing, and should be set to a unique, unpredictable value.
-SECRET_KEY = ''
-
-# A data structure containing configuration information. The contents of this
-# data structure will be passed as the argument to the configuration method
-# described in LOGGING_CONFIG.
-LOGGING = {
- 'version': 1,
- 'disable_existing_loggers': False,
- 'formatters': {
- 'verbose': {
- 'format': '%(levelname)s %(asctime)s '
- '%(module)s %(process)d %(thread)d %(message)s'
- },
- 'simple': {
- 'format': '%(levelname)s %(message)s'
- },
- },
- 'handlers': {
- 'mail_admins': {
- 'level': 'ERROR',
- 'class': 'django.utils.log.AdminEmailHandler'
- },
- 'django_file': {
- 'level': 'WARNING',
- 'class': 'karaage.common.logging.FileHandler',
- 'filename': '/var/log/karaage3/django.log',
- 'formatter': 'verbose',
- 'owner': ['apache', 'apache'],
- },
- 'karaage_file': {
- 'level': 'WARNING',
- 'class': 'karaage.common.logging.FileHandler',
- 'filename': '/var/log/karaage3/karaage.log',
- 'formatter': 'verbose',
- 'owner': ['apache', 'apache'],
- },
- # 'ldap_file': {
- # 'level': 'DEBUG',
- # 'class': 'karaage.common.logging.FileHandler',
- # 'filename': '/var/log/karaage3/ldap.log',
- # 'formatter': 'verbose',
- # 'owner': ['apache', 'apache'],
- # },
- # 'mam_file': {
- # 'level': 'DEBUG',
- # 'class': 'karaage.common.logging.FileHandler',
- # 'filename': '/var/log/karaage3/mam.log',
- # 'formatter': 'verbose',
- # 'owner': ['apache', 'apache'],
- # },
- # 'slurm_file': {
- # 'level': 'DEBUG',
- # 'class': 'karaage.common.logging.FileHandler',
- # 'filename': '/var/log/karaage3/slurm.log',
- # 'formatter': 'verbose',
- # 'owner': ['apache', 'apache'],
- # },
- },
- 'loggers': {
- '': {
- 'handlers': ['mail_admins'],
- 'level': 'ERROR',
- 'propagate': True,
- },
- 'django': {
- 'handlers': ['django_file'],
- 'level': 'DEBUG',
- 'propagate': True,
- },
- 'karaage': {
- 'handlers': ['karaage_file'],
- 'level': 'DEBUG',
- 'propagate': True,
- },
- # 'karaage.datastores.ldap': {
- # 'handlers': ['ldap_file'],
- # 'level': 'DEBUG',
- # 'propagate': True,
- # },
- # 'karaage.datastores.mam': {
- # 'handlers': ['mam_file'],
- # 'level': 'DEBUG',
- # 'propagate': True,
- # },
- # 'karaage.datastores.slurm': {
- # 'handlers': ['slurm_file'],
- # 'level': 'DEBUG',
- # 'propagate': True,
- # },
- },
-}
-
-
-#
-# Karaage settings
-#
-
-# Users are advised to contact this address if having problems.
-# This is also used as the from address in outgoing emails.
-ACCOUNTS_EMAIL = 'accounts@example.com'
-
-# This organisation name, used in outgoing emails.
-ACCOUNTS_ORG_NAME = 'Example'
-
-# Registration base URL - Used in email templates
-# Uncomment to override default
-#
-# %(HOST) will be substituted with the HTTP_HOST setting.
-#
-# default: REGISTRATION_BASE_URL = 'https://%(HOST)s/users'
-#
-# REGISTRATION_BASE_URL = 'https://accounts.example.org/users'
-
-# Admin base URL - Used in email templates
-# Uncomment to override default
-#
-# %(HOST) will be substituted with the HTTP_HOST setting.
-#
-# default: ADMIN_BASE_URL = 'https://%(HOST)s/kgadmin'
-#
-# ADMIN_BASE_URL = 'https://accounts.example.org/kgadmin'
-
-# Is Shibboleth supported?
-#
-# default: SHIB_SUPPORTED = False
-#
-# SHIB_SUPPORTED = True
-
-# Path to AUP policy. Note that setting this will not disable the Karaage
-# default page, it might be better to replace the AUP with a file in
-# the templates directory ``karaage/common/aup-detail.html`` if required.
-#
-# default: Django template ``karaage/common/aup-detail.html``
-#
-# AUP_URL = "https://site.example.org/users/aup/"
-
-# Do we allow anonymous users to request accounts?
-#
-# default: ALLOW_REGISTRATIONS = False
-#
-# ALLOW_REGISTRATIONS = True
-
-# Do we allow any logged in user to access all usage information?
-#
-# default: USAGE_IS_PUBLIC = True
-#
-# USAGE_IS_PUBLIC = False
-
-# Settings to restrict the valid list of email addresses we allow in
-# applications. EMAIL_MATCH_TYPE can be "include" or "exclude". If "include"
-# then the email address must match one of the RE entries in EMAIL_MATCH_LIST.
-# If "exclude" then then email address must not match of the the RE entries in
-# EMAIL_MATCH_LIST.
-#
-# default: allow any email address
-#
-# EMAIL_MATCH_TYPE="include"
-# EMAIL_MATCH_LIST=["@vpac.org$", "@v3.org.au$", "^tux@.*au$"]
-
-# List of Karaage plugins
-#
-# default: PLUGINS = []
-#
-PLUGINS = [
- 'karaage.plugins.kgapplications.plugin',
- 'karaage.plugins.kgsoftware.plugin',
- 'karaage.plugins.kgsoftware.applications.plugin',
- 'karaage.plugins.kgusage.plugin',
- ]
diff --git a/roles/ldapserver/tasks/installOpenLdap.yml b/roles/ldapserver/tasks/installOpenLdap.yml
deleted file mode 100644
index e1c8d258..00000000
--- a/roles/ldapserver/tasks/installOpenLdap.yml
+++ /dev/null
@@ -1,27 +0,0 @@
----
--
- name: Install yum packages
- yum: name={{ item }} state=present
- with_items:
- - gcc
- - openssl-devel
- - db4-devel
--
- name: Download Openldap
- get_url: url=ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/openldap-2.4.40.tgz dest=/tmp/openldap-2.4.40.tgz
--
- name: Untar OpenLdap
- shell: tar xvf openldap-2.4.40.tgz chdir=/tmp creates=/tmp/openldap-2.4.40
--
- name: Configure Openldap
- shell: ./configure --with-tls=openssl --with-cyrus-sasl chdir=/tmp/openldap-2.4.40 creates=/tmp/openldap-2.4.40/config.log
--
- name: Install Openldap
- shell: make -j 4; make install
- args:
- chdir: /tmp/openldap-2.4.40/
- creates: /usr/local/libexec/slapd
--
- name: Start the server
- shell: /usr/local/libexec/slapd
- ignore_errors: yes
diff --git a/roles/ldapserver/tasks/main.yml b/roles/ldapserver/tasks/main.yml
index ea6df04a..86c6b1f0 100644
--- a/roles/ldapserver/tasks/main.yml
+++ b/roles/ldapserver/tasks/main.yml
@@ -167,10 +167,10 @@
sudo: true
when: managerConfigured|failed
-#- name: initialise server acls
-# shell: ldapmodify -Y EXTERNAL -H ldapi:/// -f /tmp/acls.ldif -D cn=config
-# sudo: true
-# when: aclConfigured|failed
+- name: initialise server acls
+ shell: ldapmodify -Y EXTERNAL -H ldapi:/// -f /tmp/acls.ldif -D cn=config
+ sudo: true
+ when: aclConfigured|failed
- name: add DIT root
shell: ldapadd -x -D {{ ldapManager }} -w {{ ldapManagerPassword }} -x -H ldap://localhost -f /tmp/root.ldif
--
GitLab