diff --git a/ansible.cfg b/ansible.cfg index c825a8b0..a5aaab79 100644 --- a/ansible.cfg +++ b/ansible.cfg @@ -3,5 +3,20 @@ private_role_vars = True retry_files_enabled = False inventory = ./inventory/headnode +# change the default callback, you can only have one 'stdout' type enabled at a time. +#stdout_callback = skippy +stdout_callback = yaml + +## Ansible ships with some plugins that require whitelisting, +## this is done to avoid running all of a type by default. +## These setting lists those that you want enabled for your system. +## Custom plugins should not need this unless plugin author specifies it. + +# enable callback plugins, they can output to stdout but cannot be 'stdout' type. +callbacks_enabled = timer, debug, profile_roles, profile_tasks, minimal + +# Force color +force_color = true + [ssh_connection] control_path = ~/.ssh/ansible-%%r@%%h:%%p diff --git a/cod.yaml b/cod.yaml index 50905b20..885bfe03 100644 --- a/cod.yaml +++ b/cod.yaml @@ -7,6 +7,6 @@ - { name: 'enable_lmod', tags: 'enable_lmod_image', vars: [{ enable_lmod_prefix: "{{ cm_def_img_path }}" }] } - { name: 'cod_rabbitmq_agents_cloud', tags: 'cod_rabbitmq_agents_cloud' } - { name: 'cod_slurm', tags: 'cod_slurm'} - - { name: 'cod_login_node', tags: 'cod_login_node' } + - { name: 'cod_login_node', tags: 'cod_login_node', when: enable_cod_login_node } - { name: 'cod_compute_node', tags: 'cod_compute_node' } - { name: 'job_submit_plugin', tags: 'job_submit_plugin', when: enable_job_submit_plugin} diff --git a/group_vars/all b/group_vars/all index 984ccf17..a8560a25 100644 --- a/group_vars/all +++ b/group_vars/all @@ -230,20 +230,20 @@ s3_shibboleth_object_name: UAB_SHIB_OBJECT # User Registration - enable_user_reg: true - user_register_app: "flask_user_reg" - user_register_app_tag: "master" - user_register_app_path: "/var/www/ood/register/{{ user_register_app }}" - user_register_app_key: "1234" - user_register_app_repo: "https://gitlab.rc.uab.edu/rc/self-reg-form.git" - user_register_app_refspec: "{{ gitlab_refspec }}" - user_register_app_port: 8000 - user_register_app_host: "login005" - user_register_app_def_groups: [] + enable_account_app: true + account_app: "account" + account_app_tag: "master" + account_app_path: "/var/www/ood/register/{{ account_app }}" + account_app_key: "1234" + account_app_repo: "https://gitlab.rc.uab.edu/rc/account-app.git" + account_app_refspec: "{{ gitlab_refspec }}" + account_app_port: 8000 + account_app_host: "login005" + account_app_def_groups: [] cors_allowed_origins: "*" mod_wsgi_pkg_name: "uab-httpd24-mod_wsgi" RegUser_app_user: "reggie" - RegUser_app_user_full_name: "RegUser of user register app" + RegUser_app_user_full_name: "Service user of account app" RegUser_app_user_passwd: "qweasd" # Authorized user group valid_eppa: ["faculty", "staff", "student", "affiliate"] @@ -292,6 +292,8 @@ cod_deploy: true post_create_script: PostAddUserScript.sh cm_def_img_path: "/cm/images/default-image" + enable_cod_login_node: false + centos_base_url: "http://vault.centos.org" # Lmod lmod_loc: "/usr/share/lmod/lmod" @@ -349,12 +351,13 @@ go_download_url: "https://go.dev/dl/go1.22.4.linux-amd64.tar.gz" go_download_path: "/tmp/go1.22.4.linux-amd64.tar.gz" go_binary_path: "/usr/local" - sshpiper_git_repo: "https://github.com/eesaanatluri/sshpiper" - sshpiper_version: "feat-routing-by-group" + sshpiper_git_repo: "https://github.com/tg123/sshpiper" + sshpiper_version: "3dda361863e1eb2ceac1a421456b7c2f47987776" sshpiper_dest_dir: "/opt/sshpiper" sshpiper_bin_dir: "{{ sshpiper_dest_dir }}/out" sshpiper_bantime: 1200s sshpiper_maxfailures: 5 + sshpiper_whitelist: "127.0.0.1/8" # http_proxy enable_http_proxy: false diff --git a/ohpc-build.yaml b/ohpc-build.yaml index 3261670d..60e88161 100644 --- a/ohpc-build.yaml +++ b/ohpc-build.yaml @@ -8,8 +8,8 @@ - { name: 'ohpc_jupyter', tags: 'ohpc_jupyter', when: jupyter_provision} - { name: 'ohpc_matlab', tags: 'ohpc_matlab', when: matlab_provision } - { name: 'ohpc_sas', tags: 'ohpc_sas', when: sas_provision } - - { name: 'ohpc_rabbitmq', tags: 'ohpc_rabbitmq', when: enable_user_reg } + - { name: 'ohpc_rabbitmq', tags: 'ohpc_rabbitmq', when:enable_account_app } - { name: 'ohpc_add_rstudio', tags: 'ohpc_add_rstudio', when: rstudio_provision } - - { name: 'ohpc_user_reg', tags: 'ohpc_user_reg', when: enable_user_reg } - - { name: 'ohpc_add_rabbitmq_agents', tags: 'ohpc_add_rabbitmq_agents', when: enable_user_reg } + - { name: 'ohpc_user_reg', tags: 'ohpc_user_reg', when:enable_account_app } + - { name: 'ohpc_add_rabbitmq_agents', tags: 'ohpc_add_rabbitmq_agents', when:enable_account_app } diff --git a/ohpc.yaml b/ohpc.yaml index be83d4f9..483e42d0 100644 --- a/ohpc.yaml +++ b/ohpc.yaml @@ -15,4 +15,4 @@ - { name: 'ohpc_igv', tags: 'ohpc_igv', when: igv_provision } - { name: 'ohpc_ansys', tags: 'ohpc_ansys', when: ansys_provision } - { name: 'ohpc_add_rstudio', tags: 'ohpc_add_rstudio', when: rstudio_provision } - - { name: 'ohpc_user_reg', tags: 'ohpc_user_reg', when: enable_user_reg } + - { name: 'ohpc_user_reg', tags: 'ohpc_user_reg', when: enable_account_app } diff --git a/ood-build.yaml b/ood-build.yaml index 58adccf2..c07f93b3 100644 --- a/ood-build.yaml +++ b/ood-build.yaml @@ -16,5 +16,5 @@ - { name: 'ood_shib_install', tags: 'ood_shib_install', when: install_shib } - { name: 'ood_shib_config', tags: 'ood_shib_config', when: configure_shib } - { name: 'ood_user_reg_cloud', tags: 'ood_user_reg_cloud' } - - { name: 'ood_add_rabbitmq_agents', tags: 'ood_add_rabbitmq_agents', when: enable_user_reg } + - { name: 'ood_add_rabbitmq_agents', tags: 'ood_add_rabbitmq_agents', when: enable_account_app } - { name: 'ood_polling', tags: 'ood_polling'} diff --git a/ood-packer.yaml b/ood-packer.yaml index 3a8da808..acbacc74 100644 --- a/ood-packer.yaml +++ b/ood-packer.yaml @@ -10,8 +10,8 @@ - { name: 'ood_shib_config', tags: 'ood_shib_config', when: configure_shib } - { name: 'ood_enable_ssl', tags: 'ood_enable_ssl' } - { name: 'enable_lmod', tags: 'enable_lmod' } - - { name: 'ood_user_reg_ops', tags: 'ood_user_reg_cloud' } - - { name: 'ood_user_reg_cloud', tags: 'ood_user_reg_cloud' } + - { name: 'ood_user_reg_ops', tags: 'ood_user_reg_cloud', when: enable_account_app } + - { name: 'ood_user_reg_cloud', tags: 'ood_user_reg_cloud', when: enable_account_app } - { name: 'ood_vnc_form', tags: 'ood_vnc_form' } - { name: 'ood_jupyter', tags: 'ood_jupyter', when: jupyter_provision} - { name: 'ood_jupyterlab', tags: 'ood_jupyterlab', when: jupyterlab_provision} diff --git a/ood.yaml b/ood.yaml index ae4f8e88..3acb203e 100644 --- a/ood.yaml +++ b/ood.yaml @@ -21,7 +21,7 @@ - { name: 'ood_easter_egg', tags: 'ood_easter_egg' } - { name: 'ood_static_user_reg', tags: 'ood_static_user_reg', when: enable_user_reg == false } - { name: 'ood_shib_sso', tags: 'ood_shib_sso', when: enable_shib } - - { name: 'ood_user_reg', tags: 'ood_user_reg', when: enable_user_reg } + - { name: 'ood_user_reg', tags: 'ood_user_reg', when: enable_account_app } - { name: 'warewulf_sync', tags: 'warewulf_sync' } - { name: 'ood_enable_sandbox', tags: 'ood_enable_sandbox', when: enable_sandbox } - { name: 'ood_jupyter_lab', tags: 'ood_jupyter_lab', when: jupyter_provision} diff --git a/roles/cod_fix_centos_yum/tasks/main.yaml b/roles/cod_fix_centos_yum/tasks/main.yaml index 6ff9e95d..bd339538 100644 --- a/roles/cod_fix_centos_yum/tasks/main.yaml +++ b/roles/cod_fix_centos_yum/tasks/main.yaml @@ -22,6 +22,6 @@ ansible.builtin.replace: path: "{{ item }}" regexp: '^#baseurl=http://mirror.centos.org' - replace: 'baseurl=http://vault.centos.org' + replace: 'baseurl={{ centos_base_url }}' backup: yes with_items: "{{ repo_files }}" diff --git a/roles/cod_split_fs/tasks/main.yaml b/roles/cod_split_fs/tasks/main.yaml index f9b9f36f..13d93537 100644 --- a/roles/cod_split_fs/tasks/main.yaml +++ b/roles/cod_split_fs/tasks/main.yaml @@ -33,13 +33,13 @@ dest: "/cm/images/login-image/opt/rh/httpd24/root/etc/httpd/conf.d/{{ item }}" state: absent loop: - - "user-reg-{{ user_register_app }}.conf" + - "user-reg-{{ account_app }}.conf" - "user-reg.conf" - name: Replace account app conf ansible.builtin.template: src: user-reg-account_conf.j2 - dest: "/cm/images/login-image/opt/rh/httpd24/root/etc/httpd/conf.d/user-reg-{{ user_register_app }}.conf" + dest: "/cm/images/login-image/opt/rh/httpd24/root/etc/httpd/conf.d/user-reg-{{ account_app }}.conf" - name: Create ood app folders ansible.builtin.file: diff --git a/roles/ohpc_add_rabbitmq_agents/templates/config.j2 b/roles/ohpc_add_rabbitmq_agents/templates/config.j2 index b8dd01be..8ea3ad8f 100644 --- a/roles/ohpc_add_rabbitmq_agents/templates/config.j2 +++ b/roles/ohpc_add_rabbitmq_agents/templates/config.j2 @@ -19,7 +19,7 @@ state_groups = { {% endfor %} } -default_groups = {{ user_register_app_def_groups }} +default_groups = {{ account_app_def_groups }} # Default function timeout Function_timeout = {{ function_timeout }} diff --git a/roles/ood/tasks/main.yaml b/roles/ood/tasks/main.yaml index 27f746f4..d2d9f334 100644 --- a/roles/ood/tasks/main.yaml +++ b/roles/ood/tasks/main.yaml @@ -21,7 +21,7 @@ path: "/etc/yum.repos.d/{{ item.filename }}" section: "{{ item.section }}" option: baseurl - value: "http://vault.centos.org/centos/7/sclo/$basearch/{{ item.subfolder }}/" + value: "{{ centos_base_url }}/centos/7/sclo/$basearch/{{ item.subfolder }}/" backup: yes loop: - {"filename": "CentOS-SCLo-scl-rh.repo", "section": "centos-sclo-rh", "subfolder": "rh"} diff --git a/roles/ood_user_reg/tasks/main.yml b/roles/ood_user_reg/tasks/main.yml index 3900c944..31f9479f 100644 --- a/roles/ood_user_reg/tasks/main.yml +++ b/roles/ood_user_reg/tasks/main.yml @@ -15,26 +15,26 @@ - name: Remove existing user register app install file: - path: "{{ user_register_app_path }}" + path: "{{ account_app_path }}" state: absent - name: Creates directory to clone the user register app file: - path: "{{ user_register_app_path }}" + path: "{{ account_app_path }}" state: directory - name: Clone user register app form from gitlab git: - repo: "{{ user_register_app_repo }}" - dest: "{{ user_register_app_path }}" - refspec: "{{ user_register_app_refspec }}" - version: "{{ user_register_app_tag }}" + repo: "{{ account_app_repo }}" + dest: "{{ account_app_path }}" + refspec: "{{ account_app_refspec }}" + version: "{{ account_app_tag }}" - name: Install requirements in virtualenv pip: requirements: requirements.txt virtualenv: venv - chdir: "{{ user_register_app_path }}" + chdir: "{{ account_app_path }}" - name: Put apache config file in place template: @@ -44,7 +44,7 @@ - name: Put wsgi config file in place template: src: wsgi.j2 - dest: "{{ user_register_app_path }}/{{ user_register_app }}.wsgi" + dest: "{{ account_app_path }}/{{ account_app }}.wsgi" - name: Enable user registration redirect replace: @@ -54,8 +54,8 @@ backup: yes with_items: - { regexp: "^#?(user_map_cmd:).*", replace: "\\1 '/opt/ood/ood_auth_map/bin/uab_ood_auth.regex'" } - - { regexp: "^#?(map_fail_uri:).*", replace: "\\1 '/{{ user_register_app }}'" } - - { regexp: "^#?(register_uri:).*", replace: "\\1 '/{{ user_register_app }}'" } + - { regexp: "^#?(map_fail_uri:).*", replace: "\\1 '/{{ account_app }}'" } + - { regexp: "^#?(register_uri:).*", replace: "\\1 '/{{ account_app }}'" } - name: Stage regex file for ood copy: diff --git a/roles/ood_user_reg/templates/user-reg_conf.j2 b/roles/ood_user_reg/templates/user-reg_conf.j2 index b2d50d85..620be5fa 100644 --- a/roles/ood_user_reg/templates/user-reg_conf.j2 +++ b/roles/ood_user_reg/templates/user-reg_conf.j2 @@ -1,15 +1,15 @@ -WSGIDaemonProcess "{{ user_register_app }}" user={{ RegUser_app_user }} group={{ RegUser_app_user }} threads=5 -WSGIProcessGroup "{{ user_register_app }}" -WSGIScriptAlias /{{ user_register_app }} "{{ user_register_app_path}}/{{ user_register_app }}.wsgi" - +WSGIDaemonProcess "{{ account_app }}" user={{ account_app_user }} group={{ account_app_user }} threads=5 +WSGIProcessGroup "{{ account_app }}" +WSGIScriptAlias /{{ account_app }} "{{ account_app_path}}/{{ account_app }}.wsgi" + AuthType Basic AuthName "Private" AuthUserFile "/opt/rh/httpd24/root/etc/httpd/.htpasswd" RequestHeader unset Authorization Require valid-user - - WSGIProcessGroup {{ user_register_app }} + + WSGIProcessGroup {{ account_app }} WSGIApplicationGroup %{GLOBAL} Require all granted diff --git a/roles/ood_user_reg/templates/wsgi.j2 b/roles/ood_user_reg/templates/wsgi.j2 index 689d8e6b..b1d5025d 100644 --- a/roles/ood_user_reg/templates/wsgi.j2 +++ b/roles/ood_user_reg/templates/wsgi.j2 @@ -1,12 +1,12 @@ #!/bin/python # Activate virtualenv -activate_this = '{{ user_register_app_path }}/venv/bin/activate_this.py' +activate_this = '{{ account_app_path }}/venv/bin/activate_this.py' execfile(activate_this, dict(__file__=activate_this)) import sys import os -sys.path.append("{{ user_register_app_path }}") +sys.path.append("{{ account_app_path }}") os.environ['FLASK_CONFIG'] = 'production' from run import app as application diff --git a/roles/ood_user_reg_cloud/tasks/main.yml b/roles/ood_user_reg_cloud/tasks/main.yml index 8ce97828..19c3b14d 100644 --- a/roles/ood_user_reg_cloud/tasks/main.yml +++ b/roles/ood_user_reg_cloud/tasks/main.yml @@ -8,19 +8,19 @@ - name: Remove existing user register app install file: - path: "{{ user_register_app_path }}" + path: "{{ account_app_path }}" state: absent - name: Clone user register app form from gitlab git: - repo: "{{ user_register_app_repo }}" - dest: "{{ user_register_app_path }}" - refspec: "{{ user_register_app_refspec }}" - version: "{{ user_register_app_tag }}" + repo: "{{ account_app_repo }}" + dest: "{{ account_app_path }}" + refspec: "{{ account_app_refspec }}" + version: "{{ account_app_tag }}" - name: Change ownership of directory file: - path: "{{ user_register_app_path }}" + path: "{{ account_app_path }}" owner: root group: root state: directory @@ -28,14 +28,14 @@ - name: Create __pycache__ in app dir file: - path: "{{ user_register_app_path }}/__pycache__" + path: "{{ account_app_path }}/__pycache__" owner: "{{ RegUser_app_user }}" group: "{{ RegUser_app_user }}" state: directory - name: Create __pycache__ in app dir file: - path: "{{ user_register_app_path }}/app/__pycache__" + path: "{{ account_app_path }}/app/__pycache__" owner: "{{ RegUser_app_user }}" group: "{{ RegUser_app_user }}" state: directory @@ -43,25 +43,25 @@ - name: Copy Self-Reg app variables file template: src: app_vars.j2 - dest: "{{ user_register_app_path }}/app_vars.py" + dest: "{{ account_app_path }}/app_vars.py" - name: Install requirements in virtualenv pip: requirements: requirements.txt virtualenv: venv virtualenv_command: /usr/bin/python3 -m venv - chdir: "{{ user_register_app_path }}" + chdir: "{{ account_app_path }}" - name: Install gunicorn in virtualenv pip: name: gunicorn virtualenv: venv virtualenv_command: /usr/bin/python3 -m venv - chdir: "{{ user_register_app_path }}" + chdir: "{{ account_app_path }}" - name: Create log directory file: - path: "/var/log/{{ user_register_app }}" + path: "/var/log/{{ account_app }}" owner: "{{ RegUser_app_user }}" group: "{{ RegUser_app_user }}" state: directory @@ -69,22 +69,22 @@ - name: Set up log rotate for module usage template: src: logrotate.j2 - dest: "/etc/logrotate.d/{{ user_register_app }}" + dest: "/etc/logrotate.d/{{ account_app }}" - name: Copy Celery service template template: src: celery.service.j2 - dest: "/etc/systemd/system/celery-{{ user_register_app }}.service" + dest: "/etc/systemd/system/celery-{{ account_app }}.service" - name: Enable celery.service systemd: - name: celery-{{ user_register_app }}.service + name: celery-{{ account_app }}.service enabled: yes - name: Put apache config file in place (user-reg_conf_shib.j2 in case of shib) template: src: user-reg_conf_shib.j2 - dest: "/opt/rh/httpd24/root/etc/httpd/conf.d/user-reg-{{ user_register_app }}.conf" + dest: "/opt/rh/httpd24/root/etc/httpd/conf.d/user-reg-{{ account_app }}.conf" when: configure_shib - name: Put apache config file in place (user-reg_conf.j2 in case of basicauth) @@ -96,17 +96,17 @@ - name: Put wsgi file in place template: src: wsgi.j2 - dest: "{{ user_register_app_path }}/wsgi.py" + dest: "{{ account_app_path }}/wsgi.py" - name: Put gunicorn config file in place template: src: ini.j2 - dest: "{{ user_register_app_path }}/{{ user_register_app }}.ini" + dest: "{{ account_app_path }}/{{ account_app }}.ini" - name: Create gunicorn system service template: src: service.j2 - dest: "/etc/systemd/system/{{ user_register_app }}.service" + dest: "/etc/systemd/system/{{ account_app }}.service" - name: Enable user registration redirect replace: @@ -116,8 +116,8 @@ backup: yes with_items: - { regexp: "^#?(user_map_cmd:).*", replace: "\\1 '/opt/ood/ood_auth_map/bin/user_auth.py'" } - - { regexp: "^#?(map_fail_uri:).*", replace: "\\1 '/{{ user_register_app }}'" } - - { regexp: "^#?(register_uri:).*", replace: "\\1 '/{{ user_register_app }}'" } + - { regexp: "^#?(map_fail_uri:).*", replace: "\\1 '/{{ account_app }}'" } + - { regexp: "^#?(register_uri:).*", replace: "\\1 '/{{ account_app }}'" } when: activate_namespace - name: Stage regex file for ood @@ -139,5 +139,5 @@ - name: Start and enable flask app gunicorn service service: - name: "{{ user_register_app }}" + name: "{{ account_app }}" enabled: yes diff --git a/roles/ood_user_reg_cloud/templates/app_vars.j2 b/roles/ood_user_reg_cloud/templates/app_vars.j2 index 8b58a587..dc90d54f 100644 --- a/roles/ood_user_reg_cloud/templates/app_vars.j2 +++ b/roles/ood_user_reg_cloud/templates/app_vars.j2 @@ -1,11 +1,11 @@ id = "{{ celery_user }}" password = "{{ celery_user_password }}" -key = "{{ user_register_app_key }}" -celery_app = "{{ user_register_app }}" +key = "{{ account_app_key }}" +celery_app = "{{ account_app }}" broker_url = 'amqp://' + id + ':' + password + '@{{ rabbitmq_host }}:5672/' message_queue = broker_url + 'socketio' default_referrer = "/pun/sys/dashboard" -app_host = "{{ user_register_app_host }}" +app_host = "{{ account_app_host }}" cors_allowed_origins= "{{ cors_allowed_origins }}" rabbitmq_agents_loc= "{{ rabbitmq_agents_loc }}" valid_eppa= {{ valid_eppa }} diff --git a/roles/ood_user_reg_cloud/templates/celery.service.j2 b/roles/ood_user_reg_cloud/templates/celery.service.j2 index a3ba76c5..dab8b594 100644 --- a/roles/ood_user_reg_cloud/templates/celery.service.j2 +++ b/roles/ood_user_reg_cloud/templates/celery.service.j2 @@ -8,9 +8,9 @@ StartLimitInterval=0 Restart=always RestartSec=5 User={{ celery_user }} -WorkingDirectory={{ user_register_app_path }} -Environment="PATH={{ user_register_app_path }}/venv/bin" -ExecStart={{ user_register_app_path }}/venv/bin/celery -A tasks worker --loglevel=info --concurrency=4 +WorkingDirectory={{ account_app_path }} +Environment="PATH={{ account_app_path }}/venv/bin" +ExecStart={{ account_app_path }}/venv/bin/celery -A tasks worker --loglevel=info --concurrency=4 [Install] WantedBy=multi-user.target diff --git a/roles/ood_user_reg_cloud/templates/ini.j2 b/roles/ood_user_reg_cloud/templates/ini.j2 index e82da753..b3e3b69f 100644 --- a/roles/ood_user_reg_cloud/templates/ini.j2 +++ b/roles/ood_user_reg_cloud/templates/ini.j2 @@ -18,7 +18,7 @@ # range. # -bind = '127.0.0.1:{{ user_register_app_port }}' +bind = '127.0.0.1:{{ account_app_port }}' backlog = 2048 # @@ -146,10 +146,10 @@ spew = False # #errorlog = '-' -errorlog = '/var/log/{{ user_register_app }}/error.log' +errorlog = '/var/log/{{ account_app }}/error.log' loglevel = 'info' #accesslog = '-' -accesslog = '/var/log/{{ user_register_app }}/access.log' +accesslog = '/var/log/{{ account_app }}/access.log' access_log_format = '%(h)s %(l)s %(u)s %(t)s "%(r)s" %(s)s %(b)s "%(f)s" "%(a)s"' # diff --git a/roles/ood_user_reg_cloud/templates/logrotate.j2 b/roles/ood_user_reg_cloud/templates/logrotate.j2 index f02bfc8e..85b6a037 100644 --- a/roles/ood_user_reg_cloud/templates/logrotate.j2 +++ b/roles/ood_user_reg_cloud/templates/logrotate.j2 @@ -1,10 +1,10 @@ -/var/log/{{ user_register_app }}/*log { +/var/log/{{ account_app }}/*log { missingok copytruncate notifempty weekly compress postrotate - /sbin/service {{ user_register_app }} restart > /dev/null 2>/dev/null || true + /sbin/service {{ account_app }} restart > /dev/null 2>/dev/null || true endscript } diff --git a/roles/ood_user_reg_cloud/templates/service.j2 b/roles/ood_user_reg_cloud/templates/service.j2 index ee78d0ac..317c27bf 100644 --- a/roles/ood_user_reg_cloud/templates/service.j2 +++ b/roles/ood_user_reg_cloud/templates/service.j2 @@ -8,9 +8,9 @@ User={{ RegUser_app_user }} Group={{ RegUser_app_user }} Restart=always RestartSec=5 -WorkingDirectory={{ user_register_app_path }} -Environment="PATH={{ user_register_app_path }}/venv/bin" -ExecStart={{ user_register_app_path }}/venv/bin/gunicorn -k gevent -c {{ user_register_app }}.ini wsgi:application +WorkingDirectory={{ account_app_path }} +Environment="PATH={{ account_app_path }}/venv/bin" +ExecStart={{ account_app_path }}/venv/bin/gunicorn -k gevent -c {{ account_app }}.ini wsgi:application [Install] WantedBy=multi-user.target diff --git a/roles/ood_user_reg_cloud/templates/user-reg_conf.j2 b/roles/ood_user_reg_cloud/templates/user-reg_conf.j2 index bc8b99c7..3a5feec0 100644 --- a/roles/ood_user_reg_cloud/templates/user-reg_conf.j2 +++ b/roles/ood_user_reg_cloud/templates/user-reg_conf.j2 @@ -1,13 +1,13 @@ -ProxyPass /socket.io/ http://127.0.0.1:{{ user_register_app_port }}/socket.io/ -ProxyPassReverse /socket.io/ http://127.0.0.1:{{ user_register_app_port }}/socket.io/ +ProxyPass /socket.io/ http://127.0.0.1:{{ account_app_port }}/socket.io/ +ProxyPassReverse /socket.io/ http://127.0.0.1:{{ account_app_port }}/socket.io/ -ProxyPass /{{ user_register_app }} http://127.0.0.1:{{ user_register_app_port }}/ -ProxyPassReverse /{{ user_register_app }} http://127.0.0.1:{{ user_register_app_port }}/ +ProxyPass /{{ account_app }} http://127.0.0.1:{{ account_app_port }}/ +ProxyPassReverse /{{ account_app }} http://127.0.0.1:{{ account_app_port }}/ -ProxyPass /static http://127.0.0.1:{{ user_register_app_port }}/static -ProxyPassReverse /static http://127.0.0.1:{{ user_register_app_port }}/static +ProxyPass /static http://127.0.0.1:{{ account_app_port }}/static +ProxyPassReverse /static http://127.0.0.1:{{ account_app_port }}/static - + AuthType Basic AuthName "Private" AuthUserFile "/opt/rh/httpd24/root/etc/httpd/.htpasswd" diff --git a/roles/ood_user_reg_cloud/templates/user-reg_conf_shib.j2 b/roles/ood_user_reg_cloud/templates/user-reg_conf_shib.j2 index 2e87fc64..94849923 100644 --- a/roles/ood_user_reg_cloud/templates/user-reg_conf_shib.j2 +++ b/roles/ood_user_reg_cloud/templates/user-reg_conf_shib.j2 @@ -1,13 +1,13 @@ -ProxyPass /socket.io/ http://127.0.0.1:{{ user_register_app_port }}/socket.io/ -ProxyPassReverse /socket.io/ http://127.0.0.1:{{ user_register_app_port }}/socket.io/ +ProxyPass /socket.io/ http://127.0.0.1:{{ account_app_port }}/socket.io/ +ProxyPassReverse /socket.io/ http://127.0.0.1:{{ account_app_port }}/socket.io/ -ProxyPass /{{ user_register_app }} http://127.0.0.1:{{ user_register_app_port }}/ -ProxyPassReverse /{{ user_register_app }} http://127.0.0.1:{{ user_register_app_port }}/ +ProxyPass /{{ account_app }} http://127.0.0.1:{{ account_app_port }}/ +ProxyPassReverse /{{ account_app }} http://127.0.0.1:{{ account_app_port }}/ -ProxyPass /static http://127.0.0.1:{{ user_register_app_port }}/static -ProxyPassReverse /static http://127.0.0.1:{{ user_register_app_port }}/static +ProxyPass /static http://127.0.0.1:{{ account_app_port }}/static +ProxyPassReverse /static http://127.0.0.1:{{ account_app_port }}/static - + AuthType shibboleth ShibRequestSetting requireSession 1 Require valid-user diff --git a/roles/ood_user_reg_cloud/templates/wsgi.j2 b/roles/ood_user_reg_cloud/templates/wsgi.j2 index 7288b902..4fb6b38a 100644 --- a/roles/ood_user_reg_cloud/templates/wsgi.j2 +++ b/roles/ood_user_reg_cloud/templates/wsgi.j2 @@ -1,7 +1,7 @@ import sys import os -sys.path.append("{{ user_register_app_path }}") +sys.path.append("{{ account_app_path }}") os.environ['FLASK_CONFIG'] = 'production' from run import app as application diff --git a/roles/ssh_proxy/templates/sshpiperd.service.j2 b/roles/ssh_proxy/templates/sshpiperd.service.j2 index eab3057d..9f18c90e 100644 --- a/roles/ssh_proxy/templates/sshpiperd.service.j2 +++ b/roles/ssh_proxy/templates/sshpiperd.service.j2 @@ -4,7 +4,7 @@ After=network.target [Service] Type=simple -ExecStart= {{ sshpiper_bin_dir }}/sshpiperd -p 22 --log-level=trace {{ sshpiper_bin_dir }}/yaml --config {{ sshpiper_dest_dir }}/sshpiperd.yaml --no-check-perm -- {{ sshpiper_bin_dir }}/failtoban --max-failures {{ sshpiper_maxfailures }} --ban-duration {{ sshpiper_bantime }} +ExecStart= {{ sshpiper_bin_dir }}/sshpiperd --upstream-banner-mode dedup -p 22 -i '/etc/ssh/ssh_host_[er]*_key' --log-level=trace {{ sshpiper_bin_dir }}/yaml --config {{ sshpiper_dest_dir }}/sshpiperd.yaml --no-check-perm -- {{ sshpiper_bin_dir }}/failtoban --max-failures {{ sshpiper_maxfailures }} --ban-duration {{ sshpiper_bantime }} --ignore-ip {{ sshpiper_whitelist }} Restart=on-failure User=root