Update uab prod

ansible.cfg

@@ -3,5 +3,20 @@ private_role_vars = True
 retry_files_enabled = False
 inventory = ./inventory/headnode
 
+# change the default callback, you can only have one 'stdout' type  enabled at a time.
+#stdout_callback = skippy
+stdout_callback = yaml
+
+## Ansible ships with some plugins that require whitelisting,
+## this is done to avoid running all of a type by default.
+## These setting lists those that you want enabled for your system.
+## Custom plugins should not need this unless plugin author specifies it.
+
+# enable callback plugins, they can output to stdout but cannot be 'stdout' type.
+callbacks_enabled = timer, debug, profile_roles, profile_tasks, minimal
+
+# Force color
+force_color = true
+
 [ssh_connection]
 control_path = ~/.ssh/ansible-%%r@%%h:%%p

cod.yaml

@@ -7,6 +7,6 @@
     - { name: 'enable_lmod', tags: 'enable_lmod_image', vars: [{ enable_lmod_prefix: "{{ cm_def_img_path }}" }] }
     - { name: 'cod_rabbitmq_agents_cloud', tags: 'cod_rabbitmq_agents_cloud' }
     - { name: 'cod_slurm', tags: 'cod_slurm'}
-    - { name: 'cod_login_node', tags: 'cod_login_node' }
+    - { name: 'cod_login_node', tags: 'cod_login_node', when: enable_cod_login_node }
     - { name: 'cod_compute_node', tags: 'cod_compute_node' }
     - { name: 'job_submit_plugin', tags: 'job_submit_plugin', when: enable_job_submit_plugin}

group_vars/all

@@ -230,20 +230,20 @@
   s3_shibboleth_object_name: UAB_SHIB_OBJECT
 
 # User Registration
-  enable_user_reg: true
-  user_register_app: "flask_user_reg"
-  user_register_app_tag: "master"
-  user_register_app_path: "/var/www/ood/register/{{ user_register_app }}"
-  user_register_app_key: "1234"
-  user_register_app_repo: "https://gitlab.rc.uab.edu/rc/self-reg-form.git"
-  user_register_app_refspec: "{{ gitlab_refspec }}"
-  user_register_app_port: 8000
-  user_register_app_host: "login005"
-  user_register_app_def_groups: []
+  enable_account_app: true
+  account_app: "account"
+  account_app_tag: "master"
+  account_app_path: "/var/www/ood/register/{{ account_app }}"
+  account_app_key: "1234"
+  account_app_repo: "https://gitlab.rc.uab.edu/rc/account-app.git"
+  account_app_refspec: "{{ gitlab_refspec }}"
+  account_app_port: 8000
+  account_app_host: "login005"
+  account_app_def_groups: []
   cors_allowed_origins: "*"
   mod_wsgi_pkg_name: "uab-httpd24-mod_wsgi"
   RegUser_app_user: "reggie"
-  RegUser_app_user_full_name: "RegUser of user register app"
+  RegUser_app_user_full_name: "Service user of account app"
   RegUser_app_user_passwd: "qweasd"
 # Authorized user group
   valid_eppa:  ["faculty", "staff", "student", "affiliate"]
@@ -292,6 +292,8 @@
   cod_deploy: true
   post_create_script: PostAddUserScript.sh
   cm_def_img_path: "/cm/images/default-image"
+  enable_cod_login_node: false
+  centos_base_url: "http://vault.centos.org"
 
 # Lmod
   lmod_loc: "/usr/share/lmod/lmod"
@@ -349,12 +351,13 @@
   go_download_url: "https://go.dev/dl/go1.22.4.linux-amd64.tar.gz"
   go_download_path: "/tmp/go1.22.4.linux-amd64.tar.gz"
   go_binary_path: "/usr/local"
-  sshpiper_git_repo: "https://github.com/eesaanatluri/sshpiper"
-  sshpiper_version: "feat-routing-by-group"
+  sshpiper_git_repo: "https://github.com/tg123/sshpiper"
+  sshpiper_version: "3dda361863e1eb2ceac1a421456b7c2f47987776"
   sshpiper_dest_dir: "/opt/sshpiper"
   sshpiper_bin_dir: "{{ sshpiper_dest_dir }}/out"
   sshpiper_bantime: 1200s
   sshpiper_maxfailures: 5
+  sshpiper_whitelist: "127.0.0.1/8"
 
 # http_proxy
   enable_http_proxy: false

ohpc-build.yaml

@@ -8,8 +8,8 @@
     - { name: 'ohpc_jupyter', tags: 'ohpc_jupyter', when: jupyter_provision}
     - { name: 'ohpc_matlab', tags: 'ohpc_matlab', when: matlab_provision }
     - { name: 'ohpc_sas', tags: 'ohpc_sas', when: sas_provision }
-    - { name: 'ohpc_rabbitmq', tags: 'ohpc_rabbitmq', when: enable_user_reg }
+    - { name: 'ohpc_rabbitmq', tags: 'ohpc_rabbitmq', when:enable_account_app }
     - { name: 'ohpc_add_rstudio', tags: 'ohpc_add_rstudio', when: rstudio_provision }
-    - { name: 'ohpc_user_reg', tags: 'ohpc_user_reg', when: enable_user_reg }
-    - { name: 'ohpc_add_rabbitmq_agents', tags: 'ohpc_add_rabbitmq_agents', when: enable_user_reg }
+    - { name: 'ohpc_user_reg', tags: 'ohpc_user_reg', when:enable_account_app }
+    - { name: 'ohpc_add_rabbitmq_agents', tags: 'ohpc_add_rabbitmq_agents', when:enable_account_app }
 

ohpc.yaml

@@ -15,4 +15,4 @@
     - { name: 'ohpc_igv', tags: 'ohpc_igv', when: igv_provision }
     - { name: 'ohpc_ansys', tags: 'ohpc_ansys', when: ansys_provision }
     - { name: 'ohpc_add_rstudio', tags: 'ohpc_add_rstudio', when: rstudio_provision }
-    - { name: 'ohpc_user_reg', tags: 'ohpc_user_reg', when: enable_user_reg }
+    - { name: 'ohpc_user_reg', tags: 'ohpc_user_reg', when: enable_account_app }

ood-build.yaml

@@ -16,5 +16,5 @@
     - { name: 'ood_shib_install', tags: 'ood_shib_install', when: install_shib }
     - { name: 'ood_shib_config', tags: 'ood_shib_config', when: configure_shib }
     - { name: 'ood_user_reg_cloud', tags: 'ood_user_reg_cloud' }
-    - { name: 'ood_add_rabbitmq_agents', tags: 'ood_add_rabbitmq_agents', when: enable_user_reg }
+    - { name: 'ood_add_rabbitmq_agents', tags: 'ood_add_rabbitmq_agents', when: enable_account_app }
     - { name: 'ood_polling', tags: 'ood_polling'}

ood-packer.yaml

@@ -10,8 +10,8 @@
     - { name: 'ood_shib_config', tags: 'ood_shib_config', when: configure_shib }
     - { name: 'ood_enable_ssl', tags: 'ood_enable_ssl' }
     - { name: 'enable_lmod', tags: 'enable_lmod' }
-    - { name: 'ood_user_reg_ops', tags: 'ood_user_reg_cloud' }
-    - { name: 'ood_user_reg_cloud', tags: 'ood_user_reg_cloud' }
+    - { name: 'ood_user_reg_ops', tags: 'ood_user_reg_cloud', when: enable_account_app }
+    - { name: 'ood_user_reg_cloud', tags: 'ood_user_reg_cloud', when: enable_account_app }
     - { name: 'ood_vnc_form', tags: 'ood_vnc_form' }
     - { name: 'ood_jupyter', tags: 'ood_jupyter', when: jupyter_provision}
     - { name: 'ood_jupyterlab', tags: 'ood_jupyterlab', when: jupyterlab_provision}

ood.yaml

@@ -21,7 +21,7 @@
     - { name: 'ood_easter_egg', tags: 'ood_easter_egg' }
     - { name: 'ood_static_user_reg', tags: 'ood_static_user_reg', when: enable_user_reg == false }
     - { name: 'ood_shib_sso', tags: 'ood_shib_sso', when: enable_shib }
-    - { name: 'ood_user_reg', tags: 'ood_user_reg', when: enable_user_reg }
+    - { name: 'ood_user_reg', tags: 'ood_user_reg', when: enable_account_app }
     - { name: 'warewulf_sync', tags: 'warewulf_sync' }
     - { name: 'ood_enable_sandbox', tags: 'ood_enable_sandbox', when: enable_sandbox }
     - { name: 'ood_jupyter_lab', tags: 'ood_jupyter_lab', when: jupyter_provision}

roles/cod_fix_centos_yum/tasks/main.yaml

@@ -22,6 +22,6 @@
   ansible.builtin.replace:
     path: "{{ item }}"
     regexp: '^#baseurl=http://mirror.centos.org'
-    replace: 'baseurl=http://vault.centos.org'
+    replace: 'baseurl={{ centos_base_url }}'
     backup: yes
   with_items: "{{ repo_files }}"

roles/cod_split_fs/tasks/main.yaml

@@ -33,13 +33,13 @@
         dest: "/cm/images/login-image/opt/rh/httpd24/root/etc/httpd/conf.d/{{ item }}"
         state: absent
       loop:
-        - "user-reg-{{ user_register_app }}.conf"
+        - "user-reg-{{ account_app }}.conf"
         - "user-reg.conf"
 
     - name: Replace account app conf
       ansible.builtin.template:
         src: user-reg-account_conf.j2
-        dest: "/cm/images/login-image/opt/rh/httpd24/root/etc/httpd/conf.d/user-reg-{{ user_register_app }}.conf"
+        dest: "/cm/images/login-image/opt/rh/httpd24/root/etc/httpd/conf.d/user-reg-{{ account_app }}.conf"
 
     - name: Create ood app folders
       ansible.builtin.file:

roles/ohpc_add_rabbitmq_agents/templates/config.j2

@@ -19,7 +19,7 @@ state_groups = {
   {% endfor %}
 }
 
-default_groups = {{ user_register_app_def_groups }}
+default_groups = {{ account_app_def_groups }}
 
 # Default function timeout
 Function_timeout = {{ function_timeout }}

roles/ood/tasks/main.yaml

@@ -21,7 +21,7 @@
     path: "/etc/yum.repos.d/{{ item.filename }}"
     section: "{{ item.section }}"
     option: baseurl
-    value: "http://vault.centos.org/centos/7/sclo/$basearch/{{ item.subfolder }}/"
+    value: "{{ centos_base_url }}/centos/7/sclo/$basearch/{{ item.subfolder }}/"
     backup: yes
   loop:
     - {"filename": "CentOS-SCLo-scl-rh.repo", "section": "centos-sclo-rh", "subfolder": "rh"}

roles/ood_user_reg/tasks/main.yml

@@ -15,26 +15,26 @@
 
 - name: Remove existing user register app install
   file:
-    path: "{{ user_register_app_path }}"
+    path: "{{ account_app_path }}"
     state: absent
 
 - name: Creates directory to clone the user register app
   file:
-    path: "{{ user_register_app_path }}"
+    path: "{{ account_app_path }}"
     state: directory
 
 - name: Clone user register app form from gitlab
   git:
-    repo: "{{ user_register_app_repo }}"
-    dest: "{{ user_register_app_path }}"
-    refspec: "{{ user_register_app_refspec }}"
-    version: "{{ user_register_app_tag }}"
+    repo: "{{ account_app_repo }}"
+    dest: "{{ account_app_path }}"
+    refspec: "{{ account_app_refspec }}"
+    version: "{{ account_app_tag }}"
 
 - name: Install requirements in virtualenv
   pip:
     requirements: requirements.txt
     virtualenv: venv
-    chdir: "{{ user_register_app_path }}"
+    chdir: "{{ account_app_path }}"
 
 - name: Put apache config file in place
   template:
@@ -44,7 +44,7 @@
 - name: Put wsgi config file in place
   template:
     src: wsgi.j2
-    dest: "{{ user_register_app_path }}/{{ user_register_app }}.wsgi"
+    dest: "{{ account_app_path }}/{{ account_app }}.wsgi"
 
 - name: Enable user registration redirect
   replace:
@@ -54,8 +54,8 @@
     backup: yes
   with_items:
       - { regexp: "^#?(user_map_cmd:).*", replace: "\\1 '/opt/ood/ood_auth_map/bin/uab_ood_auth.regex'" }
-      - { regexp: "^#?(map_fail_uri:).*", replace: "\\1 '/{{ user_register_app }}'" }
-      - { regexp: "^#?(register_uri:).*", replace: "\\1 '/{{ user_register_app }}'" }
+      - { regexp: "^#?(map_fail_uri:).*", replace: "\\1 '/{{ account_app }}'" }
+      - { regexp: "^#?(register_uri:).*", replace: "\\1 '/{{ account_app }}'" }
 
 - name: Stage regex file for ood
   copy:

roles/ood_user_reg/templates/user-reg_conf.j2

@@ -1,15 +1,15 @@
-WSGIDaemonProcess "{{ user_register_app }}" user={{ RegUser_app_user }} group={{ RegUser_app_user }} threads=5
-WSGIProcessGroup "{{ user_register_app }}"
-WSGIScriptAlias /{{ user_register_app }} "{{ user_register_app_path}}/{{ user_register_app }}.wsgi"
-<Location /{{ user_register_app }}>
+WSGIDaemonProcess "{{ account_app }}" user={{ account_app_user }} group={{ account_app_user }} threads=5
+WSGIProcessGroup "{{ account_app }}"
+WSGIScriptAlias /{{ account_app }} "{{ account_app_path}}/{{ account_app }}.wsgi"
+<Location /{{ account_app }}>
         AuthType Basic
         AuthName "Private"
         AuthUserFile "/opt/rh/httpd24/root/etc/httpd/.htpasswd"
         RequestHeader unset Authorization
         Require valid-user
 </Location>
-<Directory {{ user_register_app_path }}>
-        WSGIProcessGroup {{ user_register_app }}
+<Directory {{ account_app_path }}>
+        WSGIProcessGroup {{ account_app }}
         WSGIApplicationGroup %{GLOBAL}
         Require all granted
 </Directory>

roles/ood_user_reg/templates/wsgi.j2

@@ -1,12 +1,12 @@
 #!/bin/python
 
 # Activate virtualenv
-activate_this = '{{ user_register_app_path }}/venv/bin/activate_this.py'
+activate_this = '{{ account_app_path }}/venv/bin/activate_this.py'
 execfile(activate_this, dict(__file__=activate_this))
 
 import sys
 import os
-sys.path.append("{{ user_register_app_path }}")
+sys.path.append("{{ account_app_path }}")
 os.environ['FLASK_CONFIG'] = 'production'
 
 from run import app as application