/[pdpsoft]/trunk/egi-pilot/master-portal
ViewVC logotype

Log of /trunk/egi-pilot/master-portal

View Directory Listing Directory Listing


Sticky Revision:

Revision 3236 - Directory Listing
Modified Tue May 15 14:28:05 2018 UTC (4 years, 2 months ago) by msalle
Add support in authz_cmd for local file with ssh keys


Revision 3235 - Directory Listing
Modified Mon May 14 13:33:25 2018 UTC (4 years, 3 months ago) by msalle
Merge changed from 'upstream' ansible scripts

- use a locally downloaded Oracle java RPM
- install different trust anchors from basic role (hostcreds task), set the
  values (RPMs and/or tarball) in each role separately: credstore needs hostcert
  anchors + online CA anchors, sshhost needs hostcert anchors, masterportal
  needs hostcert anchors and anchor for hostcert of delegation server. Don't use
  cacert and signing_policy files, but use tarball. Set no defaults, but hint
  with commented out values.
- Use inventory names to derive the credstore_host and masterportal_host in the
  _env.yml files, this prevents defining them twice.
- define x509_cert_dir, hostcert and hostkey variables in the defaults for the
  basic role. They are almost never changed.
- rename include: into include_tasks: (include: is deprecated)
- disable firewalld. On RH7 this conflicts with iptables and should not run.
- fix secrets.yml to create passwords: create new file from template, which we
  can put in git. The secrets_env.yml file itself we can explicitly ignore.
- Unify mp_server_keystore_pw and mp_client_keystore_pw into mp_keystore_pw as
  they have to be identical in any way
- rename secrets_env.yml into secrets_env.yml.PLACEHOLDER
- Update README with some further clarifications and typo-fixes
  Add instructions on how to create a mp.jwk file
- Don't install the intermediate CA for non-TERENA CAs: default
  hostcert_intermediate should be empty
- Set default passwords for generated passwords all to CHANGEME for easy
  matching. Matching rules did not work properly in any case, now do.
- Set selinux to permissive. Ideally the rules are set properly.
- Update the download link for javax.mail.jar file (code is moved to github)
- sync some commented out stuff with DS ansible



Revision 3231 - Directory Listing
Modified Fri Apr 20 13:29:00 2018 UTC (4 years, 3 months ago) by msalle
Various minor updates

- Add instructions for creating JSON Web Keys file to README
- Update trusted DNs for myproxy
- Update the URL for javax.mail.jar (now on github)
- sync with onlineCA where possible



Revision 3220 - Directory Listing
Modified Tue Nov 21 15:51:09 2017 UTC (4 years, 8 months ago) by msalle
Minor update to help text in myproxy_cmd


Revision 3219 - Directory Listing
Modified Sun Nov 19 21:36:11 2017 UTC (4 years, 8 months ago) by msalle
Update myproxy_cmd with the extra options functionality. Update the login.jsp
page since the ssh war file now includes extra help texts.


Revision 3218 - Directory Listing
Modified Wed Nov 1 13:33:06 2017 UTC (4 years, 9 months ago) by msalle
Remove now unneeded listing of trust_cas


Revision 3216 - Directory Listing
Modified Wed Nov 1 12:35:49 2017 UTC (4 years, 9 months ago) by msalle
Use keyutil instead of keytool to make truststore

Keytool is very slow in adding many certs in the truststore, and since we now
have many more (IGTF distrib), we need a faster tool.


Revision 3215 - Directory Listing
Modified Tue Oct 31 14:38:08 2017 UTC (4 years, 9 months ago) by msalle
Credstores need the CA distrib for connecting to VOMS servers.
At least the ca_policy_igtf-classic is needed.


Revision 3213 - Directory Listing
Modified Wed Sep 20 15:07:49 2017 UTC (4 years, 10 months ago) by msalle
Update ansible scripts with github.

Update ansible scripts with default for MasterPortal, which includes branding
and css for the sshkeys portal. This requires also a new patch to provide the
EGI-specific text on those jsp pages.


Revision 3207 - Directory Listing
Modified Fri Jul 28 11:46:56 2017 UTC (5 years ago) by msalle
Rename sshkey-portal into sshkeys, to be in sync with production MasterPortal
Reorder endpoints


Revision 3206 - Directory Listing
Modified Fri Jul 28 09:52:44 2017 UTC (5 years ago) by msalle
Add wellKnownURI to sshkeys portal config.
        
Although there is little point in having the SSH keys portal verify the
id_tokens it receives from the MasterPortal, it is still cleaner to provide the
endpoint which will prevent at the very least a warning.



Revision 3201 - Directory Listing
Modified Wed Jul 26 12:40:37 2017 UTC (5 years ago) by msalle
Need myproxy command line tools for myproxy script
Add quotes around string in authz_cmd script


Revision 3198 - Directory Listing
Modified Fri Jun 30 16:01:31 2017 UTC (5 years, 1 month ago) by msalle
Update ansible to match github devel branch:
Add support for SSH keys:

This consists of three different parts:
- the API new in the mp-oa2-server, consisting of two new endpoints.
  Managed as config changes in ssl.conf.j2 primarily
- the sshkey-portal, consisting of a new tomcat servlet
  Managed as a new masterportal task
- the SSH host, used to ssh to and retrieve a proxy from.
  Managed via a new ansible playbook and role



Revision 3167 - Directory Listing
Modified Fri Mar 10 14:56:00 2017 UTC (5 years, 5 months ago) by msalle
Master portal is back on the test online CA, not the real RCauth


Revision 3165 - Directory Listing
Modified Fri Feb 17 14:43:05 2017 UTC (5 years, 5 months ago) by msalle
Do deployment of JSON web keys in oa4mp-server to prevent accidental race
conditions or the like.


Revision 3160 - Directory Listing
Modified Tue Feb 14 17:06:37 2017 UTC (5 years, 5 months ago) by msalle
Add .well-known URIs in client conf


Revision 3158 - Directory Listing
Modified Tue Feb 14 16:25:33 2017 UTC (5 years, 5 months ago) by msalle
Fix layout README


Revision 3157 - Directory Listing
Modified Tue Feb 14 16:16:41 2017 UTC (5 years, 5 months ago) by msalle
Add changes needed for new code base


Revision 3136 - Directory Listing
Modified Fri Nov 18 11:30:03 2016 UTC (5 years, 8 months ago) by msalle
Fix layout to 80 columns


Revision 3129 - Directory Listing
Modified Fri Oct 14 14:00:36 2016 UTC (5 years, 10 months ago) by msalle
Update registration-init.jsp in different war files.


Revision 3121 - Directory Listing
Modified Thu Oct 13 13:16:23 2016 UTC (5 years, 10 months ago) by tamasb
bring in sync with the original aarc.master-portal

The EGI Master Portal has also been reconnected from
its EGI Demo CA to RCAuth.eu 



Revision 2990 - Directory Listing
Modified Mon Apr 4 16:28:18 2016 UTC (6 years, 4 months ago) by tamasb
change the way hostname is extracted and refereced from ansible_fqdn to a more appropriate inventory_hostname


Revision 2989 - Directory Listing
Modified Mon Apr 4 15:40:57 2016 UTC (6 years, 4 months ago) by tamasb
restart network after disabling NetworkManager in ifcfg files


Revision 2970 - Directory Listing
Modified Fri Apr 1 14:51:01 2016 UTC (6 years, 4 months ago) by tamasb
removed unused web.xml templates


Revision 2969 - Directory Listing
Modified Fri Apr 1 14:29:18 2016 UTC (6 years, 4 months ago) by msalle
Remove unneeded ansible_fqdn settings, update hostcred filenames


Revision 2968 - Directory Listing
Modified Fri Apr 1 14:15:00 2016 UTC (6 years, 4 months ago) by msalle
Remove unneeded ansible_fqan
Rename host credentials into ansible_fqdn plus extension


Revision 2967 - Directory Listing
Modified Fri Apr 1 13:58:27 2016 UTC (6 years, 4 months ago) by tamasb
configure sshd: disable pw logins, add verbosity


Revision 2966 - Directory Listing
Modified Fri Apr 1 13:28:03 2016 UTC (6 years, 4 months ago) by tamasb
surrounded x.stdout_lines with {{ }} to avoid deprication 


Revision 2965 - Directory Listing
Modified Fri Apr 1 12:56:38 2016 UTC (6 years, 4 months ago) by tamasb
network.yml sets NM_CONTROLLER to no for every interface


Revision 2964 - Directory Listing
Modified Fri Apr 1 12:05:35 2016 UTC (6 years, 4 months ago) by tamasb
moved proxy extfile to templates


Revision 2963 - Directory Listing
Modified Fri Apr 1 10:24:05 2016 UTC (6 years, 4 months ago) by tamasb
updated vo-portal interface (simplified)


Revision 2962 - Directory Listing
Modified Fri Apr 1 08:52:41 2016 UTC (6 years, 4 months ago) by tamasb
add empty index page in webroot


Revision 2961 - Directory Listing
Modified Thu Mar 31 16:21:05 2016 UTC (6 years, 4 months ago) by tamasb
enable iptable task in credstore role


Revision 2960 - Directory Listing
Modified Thu Mar 31 16:03:41 2016 UTC (6 years, 4 months ago) by tamasb
install tomacat manager and make tomcat only listen on localhost


Revision 2951 - Directory Listing
Modified Thu Mar 31 12:09:13 2016 UTC (6 years, 4 months ago) by msalle
Add basic ansible.cfg file logging


Revision 2947 - Directory Listing
Modified Wed Mar 30 16:02:29 2016 UTC (6 years, 4 months ago) by msalle
Add content of basic.yml to other two 'role' files


Revision 2946 - Directory Listing
Modified Wed Mar 30 15:55:58 2016 UTC (6 years, 4 months ago) by msalle
Reorganize basic into a proper role.


Revision 2945 - Directory Listing
Modified Wed Mar 30 15:19:28 2016 UTC (6 years, 4 months ago) by tamasb
set hostname for hosts from ansible_fqdn


Revision 2925 - Directory Listing
Modified Wed Mar 23 11:23:40 2016 UTC (6 years, 4 months ago) by msalle
Backport of updates in masterportal-pusp


Revision 2913 - Directory Listing
Modified Fri Mar 18 17:40:10 2016 UTC (6 years, 4 months ago) by tamasb
imporved basic_env and ip6tables


Revision 2912 - Directory Listing
Modified Fri Mar 18 16:29:12 2016 UTC (6 years, 4 months ago) by tamasb
updated to latest masterportal ansible scripts


Revision 2892 - Directory Listing
Modified Fri Mar 18 10:10:36 2016 UTC (6 years, 4 months ago) by msalle
Copied from: trunk/aarc.master-portal revision 2889
Clone AARC/Elixir/RCAuth setup for EGI pilot


Revision 2884 - Directory Listing
Modified Wed Mar 16 16:07:02 2016 UTC (6 years, 4 months ago) by tamasb
Original Path: trunk/aarc.master-portal
moved into a subdirectory 


Revision 2883 - Directory Listing
Added Wed Mar 16 16:06:15 2016 UTC (6 years, 4 months ago) by tamasb
Original Path: trunk/aarc.master-portal
ansible scripts for master portal deployment


grid.support@nikhef.nl
ViewVC Help
Powered by ViewVC 1.1.28