diff --git a/ansible/example_group_vars/AnnotatedGroupVars.md b/ansible/example_group_vars/AnnotatedGroupVars.md deleted file mode 100644 index afc11f933..000000000 --- a/ansible/example_group_vars/AnnotatedGroupVars.md +++ /dev/null @@ -1,1090 +0,0 @@ -# Included for backwards compatibility with Ansible-1.9. Should no longer be needed. -#ansible_ssh_port: 22 -#ansible_ssh_user: hamilton - -global_config_dir: /etc/iplant -de_config_dir: "{{ global_config_dir }}/de" -local_cfg_dest: /home/hamilton/DE/ansible/config_files - -java: - version: 1.7.0 - -# Indicates whether or not this environment is a complete environment -# or piggybacks off some other environment -parasitic: false - -max_heap: - low: "512M" - high: "1G" - -################################################################################ -# Configuration Settings -################################################################################ - -# LDAP groups allowed to sign in to the admin interface -admin_groups: dummy,group2,group4 - -default_service_port: 60000 - -agave: - base_url: https://agave.iplantc.org - read_timeout: 10000 - page_length: 5000 - oauth_refresh_window: 5 - client_key: sk3l3t0n - client_secret: happygoat - -# old-style vars. should go away. -amqp_broker_host: CHANGEME -amqp_broker_port: 5672 -amqp_password: CHANGEME -amqp_user: CHANGEME -amqp_de_exchange: CHANGEME -amqp_de_exchange_durable: true -amqp_de_exchange_auto_delete: false -amqp_condor_events_exchange: condor_events -amqp_condor_events_exchange_type: fanout -amqp_condor_events_exchange_durable: true -amqp_condor_events_exchange_routing_key: sk3l3t0n -amqp_condor_events_queue_name: happygoat -amqp_condor_events_exchange_auto_delete: false -amqp_irods_exchange: irods -amqp_irods_exchange_type: topic -amqp_irods_exchange_durable: true -amqp_irods_exchange_auto_delete: false -amqp_irods_queue_routing_key: "data-object.#" -amqp_irods_message_auto_ack: true -amqp_irods_connection_health_check_interval: 5000 - -amqp_broker: - host: "{{ groups['amqp-brokers'][0] }}" - port: 5672 - mgmt_port: 15672 - password: CHANGEME - user: CHANGEME - condor_events: - exchange: condor_events - exchange_type: fanout - exchange_durable: true - exchange_routing_key: - queue_name: CHANGEME - exchange_auto_delete: false - -#anon_files_base_url: "http://{{ services_host }}:{{ anon_files_port }}/anon-files/" -#anon_files_port: 60000 -#anon_files_proxy_url: -#anon_files_anon_user: anonymous -#anon_files_log_file: /home/iplant/logs/anon-files.log - -anon_files: - host: "{{ groups['anon-files'][0] }}" - # iplant docs recommend against changing this - port: 60000 - base: "http://{{ groups['anon-files'][0] }}:60000" - proxy_url: "https://{{ groups['ui'][0] }}/anon-files/" - anon_user: anonymous - service_name: anon-files.service - service_name_short: anon-files - service_description: anon-files service - compose_service: anon_files - image_name: anon-files - log_driver: "{{ docker.log_driver }}" - container_name: anon-files - properties_file: anon-files.properties - log_file: anon-files-docker.log - max_heap: "{{ max_heap.low }}" - -compose: - # don't change this - hard-coded in(?) - de_env: de - de_tag: latest - -## App Settings -de_base: "https://{{ groups['ui'][0] }}/de" -de: - host: "{{ groups['ui'][0] }}" - base: "https://{{ groups['ui'][0] }}/de" - app_base: "https://{{ groups['ui'][0] }}" - service_name: de-ui.service - service_name_short: ui - service_description: DE UI; iPlant Discovery Environment user interface - image_name: de-ui - compose_service: de_ui - container_name: de-ui - log_driver: "{{ docker.log_driver }}" - log_file: de-ui.log - context_menu_enabled: false - description: the CyVerse Discovery Environment - empty_url: empty - app_name: de - rpc_name: discoveryenvironment - notification_poll: 15 - maintenance_file: de-maintenance - http_server: - service_name: de-ui-nginx.service - service_name_short: de-ui-nginx - service_description: DE UI nginx - image_name: nginx-ssl - container_name: de_ui_nginx - compose_service: de_ui_nginx - log_driver: "{{ docker.log_driver }}" - log_file: nginx-de-ui.log - ssl: - server_name: "{{ nginx_ssl.server_name }}" - cert: "{{ nginx_ssl.cert }}" - cert_key: "{{ nginx_ssl.cert_key }}" - insecure_redirects: - - server_name: "{{ nginx_ssl.server_name }}" - return: "https://$host$request_uri" - tomcat_ks_cert: de-id_irss_unc_edu_cert.cer - tomcat_ks_chain: de-id_irss_unc_edu_interm.cer - tomcat_ks_pass: changeit -# redirects: -# - server_name: "~^(?[^.]+)[.]example[.]com$" -# return: "https://$basename.example.org$request_uri" -# ssl_certificate: "/etc/ssl/example.com.crt" -# ssl_certificate_key: "/etc/ssl/example.com.key" - -# populates the "About" dialog, won't affect functionality -app_version_name: Phthalo -app_version: 2.4.0 - -apps: - host: "{{ groups['apps'][0] }}" - port: 5014 - base: "http://{{ groups['apps'][0] }}:5014" - service_name: apps.service - service_name_short: apps - compose_service: apps - service_description: apps service - image_name: apps - container_name: apps - properties_file: apps.properties - log_file: apps-docker.log - out_dir: analyses - path_list_max_paths: 16 - path_list_max_size: 1048576 - beta_category: 5401bd14-6c14-4470-aedd-57b47ea1b979 - user_root: Workspace - user_subs: "[\"Apps under development\",\"Favorite Apps\"]" - trash_category: Trash - max_heap: "{{ max_heap.high }}" - -#app_server_base_url: "http://{{ ansible_default_ipv4.address }}:8080" -app_server_base_url: https://{{ app_server_hostname }} -app_server_hostname: "{{ groups['ui][0] }}" - -de_feedback_to_addr: "CHANGEME" -de_mail_from_addr: "{{ de_feedback_to_addr }}" -de_mail_to_addr: "{{ de_feedback_to_addr }}" - -#de_maintenance_file: de-maintenance - -de_notification_poll: 15 - -docker: - log_driver: syslog - tag: latest - user: discoenv - version: 1.10.11 - compose_path: /etc/compose.yaml - registry: - host: "{{ groups['docker-registry'][0] }}" - port: 443 - base: "CHANGEME" - user: CHANGEME - pass: CHANGEME - login: yes - internal_registry: "CHANGEME" - -drop_number: 0 - -# --- CAS properties --- # -cas: - app_list: all iPlant applications - base: CHANGEME - context_path: cas - do_ssl_config: true - git_url: CHANGEME - git_project_name: cas-overlay - group_attribute: entitlement - no_logout_url: http://"{{ groups['ui'][0] }}" - port: CHANGEME - uid_domain: CHANGEME - -# old-style notation. these should be updated -cas_app_list: all iPlant applications -cas_base: https://de-id.irss.unc.edu:8443/cas -cas_context_path: cas -cas_do_ssl_config: true -# including DICE-UNC's CAS overlay for reference. YMMV. -cas_git_url: https://github.com/DICE-UNC/cas-overlay.git -cas_git_project_name: cas-overlay -cas_group_attribute: entitlement -cas_no_logout_url: http://de-ui.irss.unc.edu -cas_port: 443 -cas_ssl_cert_file: de-id_cas_ssl_cert_file.crt -cas_ssl_key_file: de-id_cas_ssl_key_file.key -cas_tomcat_user: tomcat -cas_uid_domain: irss.unc.edu -# --- /CAS properties --- # - -############################################################################### -# CAS Authentication Settings -############################################################################### -org.iplantc.discoveryenvironment.cas.base-url: "https://de-id.irss.unc.edu:8443/cas" -org.iplantc.discoveryenvironment.cas.server-name: "https://de-id.irss.unc.edu:8443" -org.iplantc.discoveryenvironment.cas.validation: /iplant-cas-ticket-validator -org.iplantc.discoveryenvironment.cas.logout-url: /iplant-cas-logout -org.iplantc.discoveryenvironment.cas.app-name: DFC Test Lab Discovery Environment -org.iplantc.discoveryenvironment.cas.login-url: /login -org.iplantc.admin.cas.authorized-groups: "{{ admin_groups }}" -org.iplantc.admin.cas.group-attribute-name: entitlement -org.iplantc.discoveryenvironment.cas.no-logout-url: "https://de-id.irss.unc.edu:8443/cas" -org.iplantc.discoveryenvironment.cas.app-list: all iPlant applications - -############################################################################### -# CAS Session Keepalive Settings -############################################################################### -org.iplantc.discoveryenvironment.keepalive.service: https://de-id.irss.unc.edu/de/discoveryenvironment/empty -org.iplantc.discoveryenvironment.keepalive.target: https://de-id.irss.unc.edu:8443/cas/login?service=https://de-ui.irss.unc.edu/de/discoveryenvironment/empty -org.iplantc.discoveryenvironment.keepalive.interval: 90 - -chat_room_url: - -condor_submission_ip_range: 152.2.32.0/24 -condor_allow_write: "{{ condor_submission_ip_range }}" -condor: - host: de-condor-submission.irss.unc.edu - admin: dls@email.unc.edu - collector_name: "{{ environment_name }} pool" - cred_dir: /var/cred_dir - flock_to: de-condor-submission.irss.unc.edu - filesystem_domain: "{{ ansible_fqdn }}" - rhel7_repo: htcondor-stable-rhel7.repo - uid_domain: irss.unc.edu - allow_write: "{{ condor_allow_write }}" - allow_read: "{{ condor_allow_write }}" - -condor_log_monitor_event_log: /var/log/condor/event_log -condor_log_monitor: - service_name: condor-log-monitor.service - service_name_short: condor-log-monitor - service_description: CLM; Condor log monitor - image_name: condor-log-monitor - container_name: clm - compose_service: clm - properties_file: condor_log_monitor.properties - log_file: condor-log-monitor-docker.log - -coge_genome_load_url: https://genomevolution.org/CoGe/services/service.pl/genome/load -coge_base_url: https://genomevolution.org/coge/api/v1 -coge_data_folder_name: coge_data -coge_user: coge - -coge: - user: coge - base_url: https://genomevolution.org/coge/api/v1 - data_folder_name: coge_data - -clockwork: - service_name: clockwork.service - service_name_short: clockwork - service_description: clockwork service - image_name: clockwork - container_name: clockwork - compose_service: clockwork - properties_file: clockwork.properties - log_file: clockwork-docker.log - max_heap: "{{ max_heap.low }}" - -data_info_host: "{{ services_host }}" -data_info: - host: "{{ groups['data-info'][0] }}" - port: 5001 - service_name: data-info.service - service_name_short: data-info - service_description: data-info service - compose_service: data_info - image_name: data-info - container_name: data-info - properties_file: data-info.properties - log_file: data-info-docker.log - max_heap: "{{ max_heap.high }}" - -dataverse_adminpass: d4t4v3rs3$DM\!N -dataverse_db: dvndb -dataverse_dbhost: localhost -dataverse_dbuser: dvnuser -dataverse_dbpass: dvnS3cr3t -dataverse_dbport: 5432 -dataverse_filesdir: /usr/local/dvn/data -dataverse_gf_user: glassfish -dataverse_gf_group: glassfish -dataverse_gf_root: /usr/local/glassfish4 -dataverse_gf_domain: domain1 -dataverse_gf_adminuser: admin -dataverse_gf_adminpass: d4t4v3rs3$DM\!N -dataverse_host_address: de-dataverse.irss.unc.edu -dataverse_memheap: 16389 -dataverse_shib: true -dataverse_smtp: localhost -dataverse_version: 4.2.4 - -#de_version: "{{ app_version }}" - -dewey_listen_port: 5002 - -db_driver: org.postgresql.Driver -db_user: irssde -db_password: n0tpr0d -db_host: de-db.irss.unc.edu -db_address: 152.2.32.240 -db_name: de -db_port: 5432 -db_admin: postgres -db_admin_password: n0tpr0d4dm1n -db_targz: https://everdene.iplantcollaborative.org/jenkins/job/databases-dev/lastSuccessfulBuild/artifact/databases/de-database-schema/database.tar.gz - -db_vendor: postgresql -db_allowed_IPv4_remote: 152.2.32.0/24 - -dewey: - service_name: dewey.service - service_name_short: dewey - compose_service: dewey - service_description: dewey service - image_name: dewey - container_name: dewey - properties_file: dewey.properties - log_file: dewey-docker.log - max_heap: "{{ max_heap.low }}" - -terrain: - host: "{{ groups['terrain'][0] }}" - port: 5007 - base: "http://{{ groups['terrain'][0] }}:5007" - service_name: terrain.service - service_name_short: terrain - compose_service: terrain - service_description: terrain service - image_name: terrain - container_name: terrain - properties_file: terrain.properties - log_file: terrain-docker.log - max_heap: "{{ max_heap.high }}" - -#systemd: -# syslogFacility: local6 -# services: -# - "{{dewey}}" -# - "{{data_info}}" -# - "{{anon_files}}" -# - "{{de}}" -# - "{{condor_log_monitor}}" -# - "{{clockwork}}" -# - "{{donkey}}" -# - "{{iplant_email}}" -# - "{{exim}}" -# - "{{infosquito}}" -# - "{{info_typer}}" -# - "{{jexevents}}" -# - "{{kifshare}}" -# - "{{metadactyl}}" -# - "{{metadata}}" -# - "{{monkey}}" -# - "{{notificationagent}}" -# - "{{saved_searches}}" -# - "{{tree_urls}}" -# - "{{user_preferences}}" -# - "{{user_sessions}}" -# - "{{jex}}" - -donkey_host: "{{ services_host }}" -donkey_base: "http://{{ donkey_host }}:{{ donkey.port }}" -donkey: - service_name: donkey.service - service_name_short: donkey - service_description: donkey service - port: 5003 - image_name: donkey - container_name: donkey - properties_file: donkey.properties - log_file: donkey-docker.log - -email_smtp_host: relay.unc.edu -email_smtp_from_address: noreply@relay.unc.edu -email_host: relay.unc.edu -#email_base: http://{{ email_host }}:{{ iplant_email.port }} -email_base: smtp://relay.unc.edu:25 - -iplant_email: - host: "{{ groups['iplant-email'][0] }}" - port: 587 - base: "http://{{ groups['iplant-email'][0] }}:587" - service_name: iplant-email.service - service_name_short: iplant-email - service_description: iPlant Email service - image_name: iplant-email - container_name: iplant-email - compose_service: iplant_email - properties_file: iplant-email.properties - log_file: iplant-email-docker.log - max_heap: "{{ max_heap.low }}" - -# don't change this - some things are still hard-coded. -environment_name: de - -# for ansible-elasticsearch role https://github.com/cyverse/ansible-elasticsearch -elasticsearch_user: elasticsearch -elasticsearch_group: elasticsearch -elasticsearch_heap_size: 2g -elasticsearch_cluster_name: happygoat - -elasticsearch_network_http_port: 9200 -elasticsearch: - host: "{{ groups['elasticsearch'][0] }}" - port: 9200 - base: "http://{{ groups['elasticsearch'][0] }}:9200" - scroll_size: 1000 - cluster_name: elasticsearch - heap_size: - network_http_port: - network_transport_tcp_port: - -elk_host: de-elk.irss.unc.edu -elk: - conf_dir: "{{de_config_dir}}/elk" - logstash: - port: 5000 - container_name: elk_logstash - service_name: elk-logstash.service - service_name_short: elk-logstash - service_description: ELK logstash - image_name: de-logstash - data: - container_name: elk_data - service_name: elk-data.service - service_name_short: elk-data - service_description: ELK data container - image_name: busybox - elasticsearch: - port: 9200 - container_name: elk_elasticsearch - service_name: elk-elasticsearch.service - service_name_short: elk-elasticsearch - service_description: ELK elasticsearch - image_name: elasticsearch - heap_size: "12g" - cluster_name: "de-elk-dev" - kibana: - port: 5601 - container_name: elk_kibana - service_name: elk-kibana.service - service_name_short: elk-kibana - service_description: ELK kibana - version: 4.2 - image_name: "kibana:4.2" - -es_base: "http://{{ es_host }}:{{ es_port }}:9200" -es_host: de-elk.irss.unc.edu -es_port: 9200 -es_scroll_size: 1000 - -exim: - service_name: exim-sender.service - service_name_short: exim-sender - compose_service: exim_sender - service_description: exim-sender service - image_name: exim-sender - container_name: exim - log_file: exim-docker.log - -#facepalm_jar: https://github.com/DICE-UNC/de-ansible/blob/vmlab/downloads/facepalm/facepalm-standalone.jar?raw=true -#facepalm_proxy_host: -#facepalm_proxy_port: - -fs_max_paths_in_request: 1000 - -gpg_home_dir: - -# this is a condor group quota setting and should be numeric -group_config: 0 - -grouper: - service_name: iplant-grouper.service - service_name_short: iplant-grouper - compose_service: iplant_grouper - service_description: Grouper UI and Web Services - image_name: grouper - image_tag: 2.2.2 - init: false - init_image: sharkbait - container_name: iplant-grouper - log_driver: "{{ docker.log_driver }}" - max_heap_size: 2048M - max_perm_size: 256M - #ssl_certificate: de-grouper_irss_unc_edu_cert.cer - #ssl_certificate_key: de-grouper_irss_unc_edu.key - admin: - user: GrouperSystem - pass: n0tpr0dgr0up3r - api: - env_name: de - container_name: grouper - db: - url: "jdbc:postgresql://{{db_host}}/subjectdata" - user: degrouper - pass: n0tpr0dgr0up3r - http_server: - service_name: grouper-nginx.service - service_name_short: grouper-nginx - service_description: Grouper nginx - image_name: "{{ de.http_server.image_name }}" - container_name: grouper-nginx - log_driver: "{{ docker.log_driver }}" - ssl: - servers: - - server_name: "{{ nginx_ssl.server_name }}" - #ssl_certificate: "{{ nginx_ssl.cert }}" - ssl_certificate: /etc/iplant/ssl/de-grouper_irss_unc_edu_cert.cer - #ssl_certificate_key: "{{ nginx_ssl.cert_key }}" - ssl_certificate_key: /etc/iplant/ssl/de-grouper_irss_unc_edu.key - insecure_redirects: - - server_name: "{{ nginx_ssl.server_name }}" - return: "https://$host$request_uri" - subject_source: - id: irss - name: DE - url: ldap://de-id.irss.unc.edu:389 - auth_type: simple - principal: "{{ ldap.manager_dn }}" - credentials: "{{ ldap.admin_password }}" - ui: - base_url: "https://{{ groups['ui'][0] }}" - ws: - base_url: "http://{{ groups['grouper'][0] }}:8080/grouper-ws/" - -infosquito_notify_enabled: true -infosquito_notify_count: 10000 -infosquito_retry_interval: 900 - -infosquito: - host: "{{ groups['infosquito'][0] }}" - service_name: infosquito.service - service_name_short: infosquito - compose_service: infosquito - service_description: infosquito service - image_name: infosquito - container_name: infosquito - properties_file: infosquito.properties - log_file: infosquito-docker.log - notify_enabled: true - notify_count: 10000 - retry_interval: 900 - max_heap: "{{ max_heap.low }}" - -info_typer: - host: "{{ groups['info-typer'][0] }}" - service_name: info-typer.service - service_name_short: info-typer - service_description: info-typer service - image_name: info-typer - compose_service: info_typer - container_name: info-typer - properties_file: info-typer.properties - log_file: info-typer-docker.log - max_heap: "{{ max_heap.low }}" - -iplant_groups_docker_repo: diceunc -iplant_groups_host: de-grouper.irss.unc.edu -iplant_groups_port: 5012 -iplant_groups: - host: de-grouper.irss.unc.edu - port: 5012 - base_url: "http://{{ groups['iplant-groups'][0] }}:5012" - #base_url: "http://{{ iplant_groups_host }}:{{ iplant_groups_port }}" - service_name: iplant-groups.service - service_name_short: iplant-groups - service_description: iplant-groups service - image_name: iplant-groups-odum - container_name: iplant-groups - compose_service: iplant_groups - properties_file: iplant-groups.properties - log_file: iplant-groups-docker.log - grouper: - username: "{{ grouper.admin.user }}" - password: "{{ grouper.admin.pass }}" - api_version: "v2_2_000" - base_url: "{{ grouper.ws.base_url }}" - max_heap: "{{ max_heap.low }}" - -icat: - host: "{{ irods_icat_host }}" - port: "{{ irods_icat_dbport }}" - user: "{{ irods_icat_user }}" - password: "{{ irods_icat_password }}" - db: "{{ irods_icat_db }}" - -irods_icat_host: de-irods1.irss.unc.edu -irods_icat_dbport: 5432 -irods_icat_user: odumicatuser -irods_icat_password: n0tpr0d1c4t -irods_icat_db: odumicatdb - -irods_admin: irods -irods_admin_password: n0tpr0d1r0dz -irods_host: de-irods1.irss.unc.edu -irods_federation_host: -irods_db: odumde -irods_port: 1247 -irods_user: de-rodsadmin -irods_password: 0dum-p4ssw0rd -irods_zone: OdumDEZone -irods_home: /{{ irods_zone }}/home -irods_default_resource: "odumDEResc" -irods_default_resource_path: "/var/lib/irods/iRODS/OdumDEResc" -irods_admins: "de-rodsadmin" -irods_admin_users: "{{ irods_user }},{{ irods_admins }}" -irods_bad_chars: \u0060\u0027\u000A\u0009 - -irods: - admins: "{{ irods_user }}" - bad_chars: \u0060\u0027\u000A\u0009 - # used by staff to create permanent id requests - data_curators_group: data_curators - default_resource: "{{ irods_default_resource }}" - home: "{{ irods_home }}" - host: "{{ irods_host }}" - password: "{{ irods_password }}" - port: 1247 - portrange: - start: 20000 - end: 20199 - resc: "{{ irods_default_resource }}" - # irods.user is used to authenticate DE to irods - user: "{{ irods_user }}" - vault: "{{ irods_default_resource_path }}" - zone: "{{ irods_zone }}" - icat: - db_port: 5432 - -jex_host: "de-condor-submission.irss.unc.edu" -jex_port: 5004 -jex_base: http://{{ jex_host }}:{{ jex_port }} -jex_batch_group: batch_processing -# used for backwards compatibility container and reference genomes. new stand-ups probs won't need this. -jex_nfs_base: /export/condor -# iPlant uses this; a new stand-up can probably use the default path. -jex_icommands_path: /usr/local/icommands/:/usr/local2/icommands/:/usr/local/bin/:/usr/local2/bin/:/usr/bin/ -jex_request_disk: 0 - -# Jex does not actually have a container. The container name is how most syslog entries -# are identified. See rsyslog-config role. -jex: - host: "{{ groups['jex'][0] }}" - port: 5004 - # ansible didn't like nested vars, so we specified the base port here. - base: "http://{{ groups['jex'][0] }}:5004" - service_name: jex.service - service_name_short: jex - compose_service: jex - log_file: jex/jex.log - batch_group: batch_processing - # used for backwards compatibility container and reference genomes. new stand-ups probs won't need this. - nfs_base: /export/condor - #container_name: jex - # iPlant uses this; a new stand-up can probably use the default path. - icommands_path: /usr/local/icommands:/usr/local2/icommands:/usr/local/bin:/usr/local2/bin:/usr/bin - request_disk: 0 - -# old-style notation. switch to the below stanza. -jexdb_driver: "{{db_driver}}" -jexdb_host: "{{db_host}}" -jexdb_db: jex -jexdb_password: CHANGEME -jexdb_port: "{{db_port}}" -jexdb_targz: https://everdene.iplantcollaborative.org/jenkins/job/databases-dev/lastSuccessfulBuild/artifact/databases/jex-db/jex-db.tar.gz -jexdb_user: irssjex -jexdb_vendor: "{{db_vendor}}" - -jex_events_event_url: http://{{ services_host }}:{{ jexevents.port }}/ -jexevents: - base: "http://{{ groups['jexevents'][0] }}:5005/" - port: 5005 - event_url: "{{ apps.base }}/callbacks/de-job" - service_name: jex-events.service - service_name_short: jex-events - compose_service: jex_events - service_description: jex events service - image_name: jex-events - container_name: jex-events - properties_file: jex-events.properties - log_file: jex-events-docker.log - -job_status_poll_interval: 15 - -jwt: - signing_key: - private: "{{ global_config_dir }}/crypto/private-key.pem" - public: "{{ global_config_dir }}/crypto/public-key.pem" - password: CHANGEME - algorithm: "rs256" - accepted_keys: - dir: "{{ global_config_dir }}/crypto/accepted_keys" - validity_window: - end: 300 - wso2: - header: x-jwt-assertion-iplant-org - -#kifshare_de_url: \{\{url\}\}/d/\{\{ticket-id\}\}/\{\{filename\}\} -kifshare_external_url: "http://{{ de.host }}/{{ kifshare.external_url_suffix }}" -kifshare_download_buffer_size: 100 - -kifshare: - host: "{{ groups['kifshare'][0] }}" - port: 1025 - external_url_suffix: dl - service_name: kifshare.service - service_name_short: kifshare - compose_service: kifshare - service_description: kifshare service - image_name: kifshare - container_name: kifshare - properties_file: kifshare.properties - log_file: kifshare-docker.log - de_url: \{\{url\}\}/d/\{\{ticket-id\}\}/\{\{filename\}\} - mode: prod - download_buffer_size: 100 - max_heap: "{{ max_heap.low }}" - -ldap: - dc: dc=your,dc=org,dc=edu - domain_name: your.org.edu - country: CHANGEME - state: CHANGEME - location: CHANGEME - organization: CHANGEME - tld: CHANGEME - host: "{{ groups['cas'][0] }}" - use_starttls: false - enable_ssl: false - base_dn: - search_base_dn: ou=Users,dc=your,dc=org,dc=edu - group_base_dn: ou=Groups,dc=your,dc=org,dc=edu - manager_dn: cn=Manager,dc=your,dc=org,dc=edu - admin_password: CHANGEME - authn_format: - trusted_cert: - port: 389 - password: CHANGEME - password_size: 8 - g_suffix: Groups - u_suffix: Users - m_suffix: Machines - -# killing these, will update playbooks -#ldap_port: 389 -#ldap_user: ldap -#ldap_use_starttls: false -#ldap_search_base_dn: ou=Users,DC=irss,DC=unc,DC=edu -#ldap_tld: irss -#ldap_dc: dc=irss,dc=unc,dc=edu -#ldap_manager_dn: cn=admin,dc=irss,dc=unc,dc=edu -#ldap_admin_password: p4sswurd -# -#ldap_genadminpw: p4sswurd -#ldap_password: p4sswurd -#ldap_password_size: 8 -##ldap_host: "{{ groups['cas']}}" -#ldap_host: localhost -#ldap_dpkg_reconfigure: false -#ldap_global_user: root -#ldap_global_use_sudo: false -#ldap_include_create_user_and_groups: true -#ldap_include_create_indexes: true -#ldap_include_create_autofs: false -#ldap_include_create_automount: false -#ldap_include_create_sudo: false -#ldap_include_create_sudo_master: false -#ldap_include_testde: true -# -#ldap_g_suffix: Groups -#ldap_u_suffix: Users -#ldap_m_suffix: Machines -# -#ldap_ansible_done_dir: /etc/ansible/.done -#ldap_done_dir: "{{ldap_ansible_done_dir}}/ldap" -# -#ldap_create_user_and_groups_done: "{{ldap_done_dir}}/create-users-and-groups" -#ldap_create_indexes_done: "{{ldap_done_dir}}/create-indexes" -#ldap_create_autofs_done: "{{ldap_done_dir}}/create-autofs" -#ldap_create_automount_done: "{{ldap_done_dir}}/create-automount" -#ldap_create_sudo_done: "{{ldap_done_dir}}/create-sudo" -#ldap_create_sudo_master_done: "{{ldap_done_dir}}/create-sudo-master" -#ldap_create_testde_done: "{{ldap_done_dir}}/create-testde" -# -#ldap_slapd_dpkg_reconfigure_done: "{{ldap_done_dir}}/slapd-dpkg-reconfigure-done" -# -#ldap_domain_name: irss.unc.edu -#ldap_enable_ssl: false -#ldap_country: US -#ldap_state: North Carolina -#ldap_location: Chapel Hill -#ldap_organization: Odum Institute -# -# --- /LDAP properties --- # - -logstash_elasticsearch_host: de-elk.irss.unc.edu - -logstash: - port: 5000 - ssl: - key: /etc/ssl/certs/de-elk_irss_unc_edu.key - cert: /etc/ssl/certs/de-elk_irss_unc_edu_cert.cer - -logstash_forwarder: - service_description: logstash forwarder service - service_name: logstash-forwarder.service - service_name_short: logstash-forwarder - image_name: willdurand/logstash-forwarder - container_name: logstash-fowarder - -max_edit_file_size: 2147483647 - -metadata_db_driver: "{{ db_driver }}" -metadata_db_vendor: "{{ db_vendor }}" -metadata_db_host: "{{ db_host }}" -metadata_db_port: "{{ db_port }}" -metadata_db_user: irssmetadata -metadata_db_password: n0tpr0dm3t4d4t4 -metadata_db_name: metadata -metadata_db_admin: "{{ db_admin }}" -metadata_db_admin_password: "{{ db_admin_password }}" -metadata_db_targz: https://everdene.iplantcollaborative.org/jenkins/job/databases-dev/lastSuccessfulBuild/artifact/databases/metadata/metadata-db.tar.gz - -metadata: - host: "{{ groups['metadata'][0] }}" - port: 5013 - service_name: metadata.service - service_name_short: metadata - compose_service: metadata - service_description: metadata service - image_name: metadata - container_name: metadata - properties_file: metadata.properties - log_file: metadata-docker.log - max_heap: "{{ max_heap.high }}" - -#metadata_host: localhost - -monkey: - host: "{{ groups['monkey'][0] }}" - service_name: monkey.service - service_name_short: monkey - compose_service: monkey - service_description: monkey service - image_name: monkey - container_name: monkey - properties_file: monkey.properties - log_file: monkey-docker.log - max_heap: "{{ max_heap.low }}" - -# UNC-specific network needs. modify templates as you see fit. -net: - campus: CHANGEME - dmz: CHANGEME - trust: CHANGEME - vpn: CHANGEME - wifi: CHANGEME - docker: CHANGEME - -nginx_ssl: - server_name: "{{ groups['ui'][0] }}" - cert: /etc/iplant/ssl/iplant.crt - cert_key: /etc/iplant/ssl/iplant.key - # don't think we need these. - # server_name: "~^[^.]+[.]example[.]org$" - # cert: "/etc/ssl/example.crt" - # cert_key: "/etc/ssl/example.key" - -#nibblonian_perms_filter: "{{ irods_admins }}" - -notificationagent_base: "http://{{ notificationagent_host }}:{{ notificationagent.port }}:5008" -notificationagent_host: "{{ services_host }}" - -notificationagent: - host: "{{ groups['notificationagent'][0] }}" - port: 5008 - base: "http://{{ groups['notificationagent'][0] }}:5008" - service_name: notification-agent.service - service_name_short: notificationagent - compose_service: notification_agent - service_description: notification agent service - image_name: notificationagent - container_name: notificationagent - properties_file: notificationagent.properties - log_file: notificationagent-docker.log - clean_start: "1:45:00" - clean_age: 90 - clean_enable: "true" - max_heap: "{{ max_heap.low }}" - -#notification_clean_start: "1:45:00" -#notification_clean_age: 90 -#notification_clean_enable: "true" - -notification_db_driver: "{{ db_driver }}" -notification_db_vendor: "{{ db_vendor }}" -notification_db_port: "{{ db_port }}" -notification_db_host: "{{ db_host }}" -notification_db_name: notifications -notification_db_password: CHANGEME -notification_db_user: irssnotifications -notification_db_admin: "{{ db_admin }}" -notification_db_admin_password: "{{ db_admin_password }}" -notification_db_targz: https://everdene.iplantcollaborative.org/jenkins/job/databases-dev/lastSuccessfulBuild/artifact/databases/notification-db/notification-db.tar.gz - -path_list_file_identifier: "# application/vnd.de.path-list+csv; version=1" -path_list_info_type: ht-analysis-path-list - -permanent_id: - admin_email_addr: "{{ de_mail_to_addr }}" - email_from_addr: "{{ de_mail_from_addr }}" - ezid: - username: apitest - password: CHANGEME - shoulders: - ark: "ark:/99999/fk4" - doi: "doi:10.5072/FK2" - -pgp_keyring_path: "{{ gpg_home_dir }}/secring.gpg" -pgp_key_password: CHANGEME - -prod_deployment: false - -proxy_env: - http_maven_proxy_host: - http_maven_proxy_port: - https_proxy: - http_proxy: - use_proxy: false - -registry_host: dockerhub.com - -rserve: - host: "{{ groups['rserve'][0] }}" - user: rserve - pass: CHANGEME - port: 6311 - -#saved_searches_host: "{{ services_host }}" -saved_searches_log_file: /home/iplant/logs/saved-searches.log -saved_searches: - host: "{{ groups['saved-searches'][0] }}" - port: 5009 - service_name: saved-searches.service - service_name_short: saved-searches - compose_service: saved_searches - service_description: saved searches services - image_name: saved-searches - container_name: saved-searches - properties_file: saved-searches.properties - log_file: saved-searches-docker.log - max_heap: "{{ max_heap.low }}" - -search_default_limit: 200 - -services_host: "{{ groups['services'][0] }}" - -# dls: this stuff is CAS-specific. move to cas.* section. -tomcat_admin_username: admin -tomcat_admin_password: CHANGEME -tomcat_http_port: 8080 -tomcat_https_port: 8443 -tomcat_user: tomcat -ssl_certificate_local_dir: /etc/pki/tls/certs -ssl_certificate_server_dir: /usr/share/tomcat/cert -ssl_cert_file: server.crt -ssl_key_file: server.key - -tree_parser_base: http://portnoy.iplantcollaborative.org/parseTree - -tree_urls_host: "{{ services_host }}" -tree_urls_log_file: /home/iplant/logs/tree-urls.log -tree_urls_cleanup_age: 30 -tree_urls_cleanup_start: "1:30:00" -tree_urls_cleanup_enable: "true" -tree_urls_avu: tree-urls -tree_urls: - host: "{{ groups['tree-urls'][0] }}" - port: 5010 - service_name: tree-urls.service - service_name_short: tree-urls - compose_service: tree_urls - service_description: Tree urls service - image_name: tree-urls - container_name: tree-urls - properties_file: tree-urls.properties - log_file: tree-urls-docker.log - cleanup_age: 30 - cleanup_start: "1:30:00" - cleanup_enable: "true" - avu: tree-urls - max_heap: "{{ max_heap.low }}" - -# wants America/New_York, etc. format -timezone: CHANGEME - -#user_preferences_host: "{{ services_host }}" -user_preferences_log_file: /home/iplant/logs/user-preferences.log -user_preferences: - host: "{{ groups['user-preferences'][0] }}" - port: 5011 - service_name: user-preferences.service - service_name_short: user-preferences - compose_service: user_preferences - service_description: user preferences service - image_name: user-preferences - container_name: user-preferences - properties_file: user-preferences.properties - log_file: user-preferences-docker.log - max_heap: "{{ max_heap.low }}" - -user_sessions_host: "{{ services_host }}" -user_sessions_log_file: /logs/user-sessions.log -user_sessions: - host: "{{ groups['user-sessions'][0] }}" - port: 1834 - service_name: user-sessions.service - service_name_short: user-sessions - compose_service: user_sessions - service_description: user sessions service - image_name: user-sessions - container_name: user-sessions - properties_file: user-sessions.properties - log_file: user-sessions-docker.log - max_heap: "{{ max_heap.low }}" - -# iPlant data container settings -data_container: - image_name: de-data - container_name: de-data - service_name: iplant-data.service - service_name_short: iplant-data - compose_service: iplant_data - service_description: The Discovery Environment data container - ssl: - cert: "{{ nginx_ssl.cert }}" - key: "{{ nginx_ssl.cert_key }}" - gd_bundle_crt: /etc/ssl/gd_bundle.crt - keystore: - path: /etc/ssl/example.pkcs12 - password: - type: pkcs12 - -time: "{{ansible_date_time.date}}:{{ansible_date_time.time}}" - -logging: - dir: /var/log/de - conf_dir: "{{de_config_dir}}/logging"