From 536d86954ade9c66c4e1bb390a4306d548be9c48 Mon Sep 17 00:00:00 2001 From: don sizemore Date: Mon, 7 Mar 2016 09:03:32 -0500 Subject: [PATCH] #14 adding untracked templates --- .../templates/de-application.properties.j2 | 3 + .../templates/de.properties.j2 | 153 ++++++++++++++++++ .../templates/nginx.properties.j2 | 98 +++++++++++ 3 files changed, 254 insertions(+) create mode 100644 ansible/roles/util-cfg-service/templates/de-application.properties.j2 create mode 100644 ansible/roles/util-cfg-service/templates/de.properties.j2 create mode 100644 ansible/roles/util-cfg-service/templates/nginx.properties.j2 diff --git a/ansible/roles/util-cfg-service/templates/de-application.properties.j2 b/ansible/roles/util-cfg-service/templates/de-application.properties.j2 new file mode 100644 index 000000000..2472dafd8 --- /dev/null +++ b/ansible/roles/util-cfg-service/templates/de-application.properties.j2 @@ -0,0 +1,3 @@ +multipart: + max-file-size: 1946Mb + max-request-size: 2048Mb diff --git a/ansible/roles/util-cfg-service/templates/de.properties.j2 b/ansible/roles/util-cfg-service/templates/de.properties.j2 new file mode 100644 index 000000000..39465f21d --- /dev/null +++ b/ansible/roles/util-cfg-service/templates/de.properties.j2 @@ -0,0 +1,153 @@ +############################################################################### +# Configuration Properties for the Discovery Environment (DE) +############################################################################### + +############################################################################### +# Deployed Version Metadata +# +# This values are used since reading the MANIFEST.MF file from a deployed WAR +# is a tricky environment. +############################################################################### +org.iplantc.discoveryenvironment.about.defaultBuildNumber = {{ app_version_name }} +org.iplantc.discoveryenvironment.about.releaseVersion = {{ app_version }} + +############################################################################### +# CAS Authentication Settings +############################################################################### +org.iplantc.discoveryenvironment.cas.base-url = {{ cas.base }} +org.iplantc.discoveryenvironment.cas.server-name = {{ de.app_base }} +org.iplantc.discoveryenvironment.cas.validation = /iplant-cas-ticket-validator +org.iplantc.discoveryenvironment.cas.logout-url = /iplant-cas-logout +org.iplantc.discoveryenvironment.cas.app-name = {{ de.description }} +org.iplantc.discoveryenvironment.cas.login-url = /login +org.iplantc.admin.cas.authorized-groups = {{ admin_groups }} +org.iplantc.admin.cas.group-attribute-name = {{ cas.group_attribute }} +org.iplantc.discoveryenvironment.cas.no-logout-url = {{ cas.no_logout_url }} +org.iplantc.discoveryenvironment.cas.app-list = {{ cas.app_list }} + +############################################################################### +# CAS Session Keepalive Settings +############################################################################### +org.iplantc.discoveryenvironment.keepalive.service = {{ de.app_base }}/de/{{ de.rpc_name }}/{{ de.empty_url }} +org.iplantc.discoveryenvironment.keepalive.target = {{ cas.base }}/login?service={{ de.app_base }}/de/{{ de.rpc_name }}/{{ de.empty_url }} +org.iplantc.discoveryenvironment.keepalive.interval = 90 + +############################################################################### +# JWT Signing Key Settings +############################################################################### +org.iplantc.discoveryenvironment.jwt.private-key-path = {{ jwt.signing_key.private }} +org.iplantc.discoveryenvironment.jwt.private-key-password = {{ jwt.signing_key.password }} + +############################################################################### +# Backend Services URL/Endpoint Configuration +############################################################################### +# this is the service-endpoint keys prefix +# (this value is utilized by classes/components in de-common-*.jar) +prefix=org.iplantc.services +rpc.prefix=discoveryenvironment/deservice + +# The URL prefix to use when accessing the DE Mule services. +org.iplantc.discoveryenvironment.muleServiceBaseUrl = {{ terrain.base }}/secured/ +org.iplantc.discoveryenvironment.unprotectedMuleServiceBaseUrl = {{ terrain.base }}/ + + +# Bootstrap +org.iplantc.services.bootstrap = {{ terrain.base }}/secured/bootstrap +org.iplantc.services.logout = {{ terrain.base }}/secured/logout + +# DE Data Management Endpoints +org.iplantc.services.de-data-mgmt.base = {{ terrain.base }}/secured/filesystem/ +org.iplantc.services.admin.de-data-mgmt.base = {{ terrain.base }}/admin/filesystem/ + +# DE File I/O endpoints +org.iplantc.services.file-io.base.secured = {{ terrain.base }}/secured/fileio/ +org.iplantc.services.file-io.file-upload = {{ terrain.base }}/fileio/upload +org.iplantc.services.file-io.secured.file-upload = {{ terrain.base }}/secured/fileio/upload + +# Buggalo Endpoint +#FIXME change 'buggalo' name +org.iplantc.services.buggalo.baseUrl = {{ terrain.base }}/secured/tree-viewer-urls + +# Tool Request Endpoint +org.iplantc.services.toolRequests = {{ terrain.base }}/tool-requests +org.iplantc.services.toolRequests.statusCodes = {{ terrain.base }}/tool-requests/status-codes +org.iplantc.services.admin.toolRequests = {{ terrain.base }}/admin/tool-requests + +# Permanent Id Endpoint +org.iplantc.services.permIdRequests = {{ terrain.base }}/permanent-id-requests +org.iplantc.services.permIdRequests.statusCodes = {{ terrain.base }}/permanent-id-requests/status-codes +org.iplantc.services.admin.permIdRequests = {{ terrain.base }}/admin/permanent-id-requests + +# Apps endponts +org.iplantc.services.apps = {{ terrain.base }}/apps +org.iplantc.services.apps.ids = {{ terrain.base }}/apps/ids +org.iplantc.services.apps.categories = {{ terrain.base }}/apps/categories +org.iplantc.services.apps.elements = {{ terrain.base }}/apps/elements +org.iplantc.services.apps.elements.tools = {{ terrain.base }}/apps/elements/tools +org.iplantc.services.apps.elements.infoTypes = {{ terrain.base }}/apps/elements/info-types +org.iplantc.services.apps.elements.dataSources = {{ terrain.base }}/apps/elements/data-sources +org.iplantc.services.apps.argPreview = {{ terrain.base }}/apps/arg-preview +org.iplantc.services.admin.apps = {{ terrain.base }}/admin/apps +org.iplantc.services.admin.apps.categories = {{ terrain.base }}/admin/apps/categories + +# Pipelines endpoints +org.iplantc.services.apps.pipelines = {{ terrain.base }}/apps/pipelines + +# Reference Genomes +org.iplantc.services.admin.referenceGenomes = {{ terrain.base }}/admin/reference-genomes +org.iplantc.services.referenceGenomes = {{ terrain.base }}/reference-genomes + +# Analysis Endpoints +org.iplantc.services.analyses = {{ terrain.base }}/analyses + +# Tools Endpoints +org.iplantc.services.admin.tools = {{ terrain.base }}/admin/tools +org.iplantc.services.tools = {{ terrain.base }}/tools + +# Path List File Identifier +org.iplantc.pathList.fileIdentifier = {{ path_list_file_identifier }} + +org.iplantc.services.filesystem.index = {{ terrain.base }}/secured/filesystem/index +org.iplantc.services.filesystem.index-status = {{ terrain.base }}/secured/filesystem/index-status + +# The base URL used to contact the iPlant e-mail service +org.iplantc.services.email-base = {{ iplant_email.base }}/ + +# System-Message Services +org.iplantc.services.admin.notifications.system = {{ terrain.base }}/admin/notifications/system +org.iplantc.services.admin.notifications.system.types = {{ terrain.base }}/admin/notifications/system-types + +############################################################################### +# Default workspace App Categories. +############################################################################### +org.iplantc.discoveryenvironment.workspace.rootAppCategory = {{ apps.user_root }} +org.iplantc.discoveryenvironment.workspace.defaultAppCategories = {{ apps.user_subs }} +org.iplantc.discoveryenvironment.workspace.defaultBetaAppCategoryId = {{ apps.beta_category }} +org.iplantc.discoveryenvironment.workspace.defaultTrashAppCategoryId = {{ apps.trash_category }} + +############################################################################### +# Enable / Disable right click for QA team. QA Team will use the right click functionality +# to access the context menu from some of their testing tools. +# Should be set to false in all environments other than QA +############################################################################### +org.iplantc.discoveryenvironment.contextMenu.enabled = {{ de.context_menu_enabled }} + +# Default community data directory +org.iplantc.communitydata.path = /iplant/home/shared + +############################################################################### +# Maintenance Settings +############################################################################### +org.iplantc.discoveryenvironment.maintenance-file = {{ de.maintenance_file }} + +############################################################################### +# Environment Information +############################################################################### +org.iplantc.discoveryenvironment.environment.name = {{ environment_name }} +org.iplantc.discoveryenvironment.environment.prod-deployment = {{ prod_deployment }} + +############################################################################### +# Notification Agent Settings +############################################################################### +# The Notification Polling Interval in Seconds +org.iplantc.discoveryenvironment.notifications.poll-interval = {{ de.notification_poll }} diff --git a/ansible/roles/util-cfg-service/templates/nginx.properties.j2 b/ansible/roles/util-cfg-service/templates/nginx.properties.j2 new file mode 100644 index 000000000..d9bfd4d42 --- /dev/null +++ b/ansible/roles/util-cfg-service/templates/nginx.properties.j2 @@ -0,0 +1,98 @@ +events { + worker_connections 4096; +} + +http { + client_max_body_size 2G; + +{% if de.http_server.ssl.insecure_redirects is defined and de.http_server.ssl.insecure_redirects != None %} +{% for redirect in de.http_server.ssl.insecure_redirects %} + server { + listen 80; + server_name {{ redirect.server_name }}; + return 301 {{ redirect.return }}; + } +{% endfor %} +{% endif %} + +{% if de.http_server.ssl.redirects is defined and de.http_server.ssl.redirects != None %} +{% for redirect in de.http_server.ssl.redirects %} + server { + listen 443 ssl http2; + server_name {{ redirect.server_name }}; + + ssl_certificate {{ redirect.ssl_certificate }}; + ssl_certificate_key {{ redirect.ssl_certificate_key }}; + + access_log /var/log/nginx/access.log; + error_log /var/log/nginx/error.log; + + return 301 {{ redirect.return }}; + } +{% endfor %} +{% endif %} + + upstream de { + ip_hash; + + server de-host:8080; + } + + upstream kifshare { + server {{ kifshare.host }}:{{ kifshare.port }}; + } + + server { + listen 443 ssl http2; + server_name {{ de.http_server.ssl.server_name }}; + + ssl_certificate {{ de.http_server.ssl.cert }}; + ssl_certificate_key {{ de.http_server.ssl.cert_key }}; + + access_log /var/log/nginx/access.log; + error_log /var/log/nginx/error.log; + + location /anon-files/ { + add_header 'Access-Control-Allow-Origin' '*'; + add_header 'Access-Control-Allow-Credentials' 'true'; + add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; + add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range'; + + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded_Proto $scheme; + + proxy_pass {{ anon_files.base }}/; + } + + location /dl/ { + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded_Proto $scheme; + + proxy_pass http://kifshare/; + } + + location /de/agave-cb { + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded_Proto $scheme; + + proxy_pass {{ apps.base }}/callbacks/agave-job; + } + + location / { + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded_Proto $scheme; + + proxy_read_timeout 3600s; + + proxy_pass http://de; + } + } +}