Log of /trunk/egi-pilot/master-portal
Directory Listing
Revision
3236 -
Directory Listing
Modified
Tue May 15 14:28:05 2018 UTC
(4 years ago)
by
msalle
Add support in authz_cmd for local file with ssh keys
Revision
3235 -
Directory Listing
Modified
Mon May 14 13:33:25 2018 UTC
(4 years ago)
by
msalle
Merge changed from 'upstream' ansible scripts
- use a locally downloaded Oracle java RPM
- install different trust anchors from basic role (hostcreds task), set the
values (RPMs and/or tarball) in each role separately: credstore needs hostcert
anchors + online CA anchors, sshhost needs hostcert anchors, masterportal
needs hostcert anchors and anchor for hostcert of delegation server. Don't use
cacert and signing_policy files, but use tarball. Set no defaults, but hint
with commented out values.
- Use inventory names to derive the credstore_host and masterportal_host in the
_env.yml files, this prevents defining them twice.
- define x509_cert_dir, hostcert and hostkey variables in the defaults for the
basic role. They are almost never changed.
- rename include: into include_tasks: (include: is deprecated)
- disable firewalld. On RH7 this conflicts with iptables and should not run.
- fix secrets.yml to create passwords: create new file from template, which we
can put in git. The secrets_env.yml file itself we can explicitly ignore.
- Unify mp_server_keystore_pw and mp_client_keystore_pw into mp_keystore_pw as
they have to be identical in any way
- rename secrets_env.yml into secrets_env.yml.PLACEHOLDER
- Update README with some further clarifications and typo-fixes
Add instructions on how to create a mp.jwk file
- Don't install the intermediate CA for non-TERENA CAs: default
hostcert_intermediate should be empty
- Set default passwords for generated passwords all to CHANGEME for easy
matching. Matching rules did not work properly in any case, now do.
- Set selinux to permissive. Ideally the rules are set properly.
- Update the download link for javax.mail.jar file (code is moved to github)
- sync some commented out stuff with DS ansible
Revision
3231 -
Directory Listing
Modified
Fri Apr 20 13:29:00 2018 UTC
(4 years, 1 month ago)
by
msalle
Various minor updates
- Add instructions for creating JSON Web Keys file to README
- Update trusted DNs for myproxy
- Update the URL for javax.mail.jar (now on github)
- sync with onlineCA where possible
Revision
3220 -
Directory Listing
Modified
Tue Nov 21 15:51:09 2017 UTC
(4 years, 5 months ago)
by
msalle
Minor update to help text in myproxy_cmd
Revision
3219 -
Directory Listing
Modified
Sun Nov 19 21:36:11 2017 UTC
(4 years, 6 months ago)
by
msalle
Update myproxy_cmd with the extra options functionality. Update the login.jsp
page since the ssh war file now includes extra help texts.
Revision
3218 -
Directory Listing
Modified
Wed Nov 1 13:33:06 2017 UTC
(4 years, 6 months ago)
by
msalle
Remove now unneeded listing of trust_cas
Revision
3216 -
Directory Listing
Modified
Wed Nov 1 12:35:49 2017 UTC
(4 years, 6 months ago)
by
msalle
Use keyutil instead of keytool to make truststore
Keytool is very slow in adding many certs in the truststore, and since we now
have many more (IGTF distrib), we need a faster tool.
Revision
3215 -
Directory Listing
Modified
Tue Oct 31 14:38:08 2017 UTC
(4 years, 6 months ago)
by
msalle
Credstores need the CA distrib for connecting to VOMS servers.
At least the ca_policy_igtf-classic is needed.
Revision
3213 -
Directory Listing
Modified
Wed Sep 20 15:07:49 2017 UTC
(4 years, 8 months ago)
by
msalle
Update ansible scripts with github.
Update ansible scripts with default for MasterPortal, which includes branding
and css for the sshkeys portal. This requires also a new patch to provide the
EGI-specific text on those jsp pages.
Revision
3207 -
Directory Listing
Modified
Fri Jul 28 11:46:56 2017 UTC
(4 years, 9 months ago)
by
msalle
Rename sshkey-portal into sshkeys, to be in sync with production MasterPortal
Reorder endpoints
Revision
3206 -
Directory Listing
Modified
Fri Jul 28 09:52:44 2017 UTC
(4 years, 9 months ago)
by
msalle
Add wellKnownURI to sshkeys portal config.
Although there is little point in having the SSH keys portal verify the
id_tokens it receives from the MasterPortal, it is still cleaner to provide the
endpoint which will prevent at the very least a warning.
Revision
3201 -
Directory Listing
Modified
Wed Jul 26 12:40:37 2017 UTC
(4 years, 9 months ago)
by
msalle
Need myproxy command line tools for myproxy script
Add quotes around string in authz_cmd script
Revision
3198 -
Directory Listing
Modified
Fri Jun 30 16:01:31 2017 UTC
(4 years, 10 months ago)
by
msalle
Update ansible to match github devel branch:
Add support for SSH keys:
This consists of three different parts:
- the API new in the mp-oa2-server, consisting of two new endpoints.
Managed as config changes in ssl.conf.j2 primarily
- the sshkey-portal, consisting of a new tomcat servlet
Managed as a new masterportal task
- the SSH host, used to ssh to and retrieve a proxy from.
Managed via a new ansible playbook and role
Revision
3167 -
Directory Listing
Modified
Fri Mar 10 14:56:00 2017 UTC
(5 years, 2 months ago)
by
msalle
Master portal is back on the test online CA, not the real RCauth
Revision
3165 -
Directory Listing
Modified
Fri Feb 17 14:43:05 2017 UTC
(5 years, 3 months ago)
by
msalle
Do deployment of JSON web keys in oa4mp-server to prevent accidental race
conditions or the like.
Revision
3160 -
Directory Listing
Modified
Tue Feb 14 17:06:37 2017 UTC
(5 years, 3 months ago)
by
msalle
Add .well-known URIs in client conf
Revision
3158 -
Directory Listing
Modified
Tue Feb 14 16:25:33 2017 UTC
(5 years, 3 months ago)
by
msalle
Fix layout README
Revision
3157 -
Directory Listing
Modified
Tue Feb 14 16:16:41 2017 UTC
(5 years, 3 months ago)
by
msalle
Add changes needed for new code base
Revision
3136 -
Directory Listing
Modified
Fri Nov 18 11:30:03 2016 UTC
(5 years, 6 months ago)
by
msalle
Fix layout to 80 columns
Revision
3129 -
Directory Listing
Modified
Fri Oct 14 14:00:36 2016 UTC
(5 years, 7 months ago)
by
msalle
Update registration-init.jsp in different war files.
Revision
3121 -
Directory Listing
Modified
Thu Oct 13 13:16:23 2016 UTC
(5 years, 7 months ago)
by
tamasb
bring in sync with the original aarc.master-portal
The EGI Master Portal has also been reconnected from
its EGI Demo CA to RCAuth.eu
Revision
2990 -
Directory Listing
Modified
Mon Apr 4 16:28:18 2016 UTC
(6 years, 1 month ago)
by
tamasb
change the way hostname is extracted and refereced from ansible_fqdn to a more appropriate inventory_hostname
Revision
2989 -
Directory Listing
Modified
Mon Apr 4 15:40:57 2016 UTC
(6 years, 1 month ago)
by
tamasb
restart network after disabling NetworkManager in ifcfg files
Revision
2970 -
Directory Listing
Modified
Fri Apr 1 14:51:01 2016 UTC
(6 years, 1 month ago)
by
tamasb
removed unused web.xml templates
Revision
2969 -
Directory Listing
Modified
Fri Apr 1 14:29:18 2016 UTC
(6 years, 1 month ago)
by
msalle
Remove unneeded ansible_fqdn settings, update hostcred filenames
Revision
2968 -
Directory Listing
Modified
Fri Apr 1 14:15:00 2016 UTC
(6 years, 1 month ago)
by
msalle
Remove unneeded ansible_fqan
Rename host credentials into ansible_fqdn plus extension
Revision
2967 -
Directory Listing
Modified
Fri Apr 1 13:58:27 2016 UTC
(6 years, 1 month ago)
by
tamasb
configure sshd: disable pw logins, add verbosity
Revision
2966 -
Directory Listing
Modified
Fri Apr 1 13:28:03 2016 UTC
(6 years, 1 month ago)
by
tamasb
surrounded x.stdout_lines with {{ }} to avoid deprication
Revision
2965 -
Directory Listing
Modified
Fri Apr 1 12:56:38 2016 UTC
(6 years, 1 month ago)
by
tamasb
network.yml sets NM_CONTROLLER to no for every interface
Revision
2964 -
Directory Listing
Modified
Fri Apr 1 12:05:35 2016 UTC
(6 years, 1 month ago)
by
tamasb
moved proxy extfile to templates
Revision
2963 -
Directory Listing
Modified
Fri Apr 1 10:24:05 2016 UTC
(6 years, 1 month ago)
by
tamasb
updated vo-portal interface (simplified)
Revision
2962 -
Directory Listing
Modified
Fri Apr 1 08:52:41 2016 UTC
(6 years, 1 month ago)
by
tamasb
add empty index page in webroot
Revision
2961 -
Directory Listing
Modified
Thu Mar 31 16:21:05 2016 UTC
(6 years, 1 month ago)
by
tamasb
enable iptable task in credstore role
Revision
2960 -
Directory Listing
Modified
Thu Mar 31 16:03:41 2016 UTC
(6 years, 1 month ago)
by
tamasb
install tomacat manager and make tomcat only listen on localhost
Revision
2951 -
Directory Listing
Modified
Thu Mar 31 12:09:13 2016 UTC
(6 years, 1 month ago)
by
msalle
Add basic ansible.cfg file logging
Revision
2947 -
Directory Listing
Modified
Wed Mar 30 16:02:29 2016 UTC
(6 years, 1 month ago)
by
msalle
Add content of basic.yml to other two 'role' files
Revision
2946 -
Directory Listing
Modified
Wed Mar 30 15:55:58 2016 UTC
(6 years, 1 month ago)
by
msalle
Reorganize basic into a proper role.
Revision
2945 -
Directory Listing
Modified
Wed Mar 30 15:19:28 2016 UTC
(6 years, 1 month ago)
by
tamasb
set hostname for hosts from ansible_fqdn
Revision
2925 -
Directory Listing
Modified
Wed Mar 23 11:23:40 2016 UTC
(6 years, 1 month ago)
by
msalle
Backport of updates in masterportal-pusp
Revision
2913 -
Directory Listing
Modified
Fri Mar 18 17:40:10 2016 UTC
(6 years, 2 months ago)
by
tamasb
imporved basic_env and ip6tables
Revision
2912 -
Directory Listing
Modified
Fri Mar 18 16:29:12 2016 UTC
(6 years, 2 months ago)
by
tamasb
updated to latest masterportal ansible scripts
