Skip to content

Commit

Permalink
update default branch to YDA-5699
Browse files Browse the repository at this point in the history
  • Loading branch information
@FuHsinyu
FuHsinyu committed Jul 2, 2024
1 parent 7661446 commit 5b21816
Show file tree
Hide file tree
Showing 10 changed files with 359 additions and 12 deletions.
7 changes: 4 additions & 3 deletions docker/images/yoda_irods_icat/Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ LABEL maintainer="Yoda team <[email protected]>"
SHELL ["/bin/bash", "-o", "pipefail", "-c"]

# Application settings
ARG TAG=development
ARG TAG=YDA-5699-add-admin-page
ENV IRODS_VERSION "4.2.12-1~bionic"
ENV IRODS_PREP_VERSION "4.2.12.0-1~bionic"
ENV IRODS_INDEX_VERSION "4.2.12.0-1~bionic"
Expand Down Expand Up @@ -53,6 +53,7 @@ RUN apt-get install -y gcc python3 python3-dev python3-pip python3-virtualenv \

# Upload PAM Python library
COPY stage/pam_python.so /tmp/pam_python.so
RUN mkdir -p /usr/lib/x86_64-linux-gnu/security/
RUN install -m 0755 -o root -g root /tmp/pam_python.so /usr/lib/x86_64-linux-gnu/security/pam_python.so

# Install PostgreSQL 15 for ODBC drivers, checks whether database container is up, as well as troubleshooting
Expand Down Expand Up @@ -80,14 +81,14 @@ ENV PY_JSONSCHEMA_PREFIX="http://security.ubuntu.com/ubuntu/pool/main/p/python-j
ENV PY_JSONSCHEMA_FILENAME="python-jsonschema_2.3.0-1build1_all.deb"
ENV PY_ODBC_PREFIX="http://security.ubuntu.com/ubuntu/pool/universe/p/pyodbc"
ENV PY_ODBC_FILENAME="python-pyodbc_4.0.17-1_amd64.deb"
RUN apt-get install libssl-dev

Check warning on line 84 in docker/images/yoda_irods_icat/Dockerfile

View workflow job for this annotation

GitHub Actions / build 

Use the `-y` switch to avoid manual input `apt-get -y install <package>`
RUN apt-get install unixodbc-dev

Check warning on line 85 in docker/images/yoda_irods_icat/Dockerfile

View workflow job for this annotation

GitHub Actions / build 

Use the `-y` switch to avoid manual input `apt-get -y install <package>`
RUN wget -q ${PY_URLLIB_PREFIX}/${PY_URLLIB_FILENAME} && \
wget -q ${PY_REQUESTS_PREFIX}/${PY_REQUESTS_FILENAME} && \
wget -q ${OPENSSL_PREFIX}/${OPENSSL_FILENAME} && \
wget -q ${PY_JSONSCHEMA_PREFIX}/${PY_JSONSCHEMA_FILENAME} && \
wget -q ${PY_ODBC_PREFIX}/${PY_ODBC_FILENAME} && \
dpkg -i ${PY_URLLIB_FILENAME} && \
dpkg -i ${PY_REQUESTS_FILENAME} && \
dpkg -i ${OPENSSL_FILENAME} && \
dpkg -i ${PY_JSONSCHEMA_FILENAME} && \
dpkg -i ${PY_ODBC_FILENAME} && \
rm ${PY_URLLIB_FILENAME} && \
Expand Down
6 changes: 3 additions & 3 deletions docker/images/yoda_irods_icat/irods-icat-init.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -83,10 +83,10 @@ progress_update "iCAT database data loaded"
INSTALL_TIMESTAMP=$(date +'%Y-%m-%dT%H:%M:%S.000000')
cat > /var/lib/irods/VERSION.json << VERSION
{
"catalog_schema_version": 8,
"catalog_schema_version": 8,
"commit_id": "2ed549ca7fe455aaa7755becc6c14b233dcbc0b4",
"configuration_schema_version": 3,
"installation_time": "$INSTALL_TIMESTAMP",
"configuration_schema_version": 3,
"installation_time": "$INSTALL_TIMESTAMP",
"irods_version": "4.2.12"
}
VERSION
Expand Down
5 changes: 3 additions & 2 deletions docker/images/yoda_portal/Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -1,8 +1,9 @@
FROM ubuntu:20.04
LABEL maintainer="Yoda team <[email protected]>"

RUN apt-get install libssl-dev

Check warning on line 3 in docker/images/yoda_portal/Dockerfile

View workflow job for this annotation

GitHub Actions / build 

Use the `-y` switch to avoid manual input `apt-get -y install <package>`
RUN pip3 install pyodbc

Check warning on line 4 in docker/images/yoda_portal/Dockerfile

View workflow job for this annotation

GitHub Actions / build 

Pin versions in pip. Instead of `pip install <package>` use `pip install <package>==<version>` or `pip install --requirement <requirements file>`

Check warning on line 4 in docker/images/yoda_portal/Dockerfile

View workflow job for this annotation

GitHub Actions / build 

Avoid use of cache directory with pip. Use `pip install --no-cache-dir <package>`
# Application settings
ARG TAG=development
ARG TAG=YDA-5699-add-admin-page
ENV YODA_PORTAL_REPO "https://github.com/UtrechtUniversity/yoda-portal.git"
ENV YODA_PORTAL_BRANCH="$TAG"
ENV DEBIAN_FRONTEND="noninteractive"
Expand Down
276 changes: 276 additions & 0 deletions environments/development/allinone-ubuntu/group_vars/allinone.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,276 @@
---
# copyright Utrecht University

# Ansible configuration
ansible_user: vagrant # Administrative user on instance for Ansible
ansible_ssh_private_key_file: vagrant/ssh/vagrant # Path to private key file of administrative user

pgsql_version: 15
postgresql_perform_db_upgrade: true

# Yoda configuration
instance: allinone # Name of Yoda instance, as defined in hosts file
yoda_version: development # Git branch, for example: development or release-1.8
yoda_environment: development # Yoda environment: development, testing, acceptance or production
yoda_portal_fqdn: portal.yoda.test # Yoda Portal fully qualified domain name (FQDN)
yoda_davrods_fqdn: data.yoda.test # Yoda Davrods WebDAV fully qualified domain name (FQDN)
yoda_davrods_anonymous_enabled: true
yoda_davrods_anonymous_fqdn: public.data.yoda.test # Yoda Davrods anonymous WebDAV fully qualified domain name (FQDN)

default_yoda_schema: default-3 # Default Yoda metadata scheme: core-2 or default-3
yoda_prefix: UU01 # Prefix for internal portion of persistent identifier
update_schemas: 1 # Update already installed schemas, formelements and stylesheets: yes (1) or no (0)
credential_files: PLACEHOLDER # Location of Yoda credentials files

# Text file extensions configuration
text_file_extensions: ['bash', 'csv', 'c', 'cpp', 'csharp', 'css', 'diff', 'fortran', 'gams', 'gauss', 'go', 'graphql', 'ini', 'irpf90', 'java', 'js', 'json', 'julia', 'julia-repl', 'kotlin', 'less', 'lua', 'makefile', 'markdown', 'md', 'mathematica', 'matlab', 'maxima', 'mizar', 'objectivec', 'openscad', 'perl', 'php', 'php-template', 'plaintext', 'txt', 'python', 'py', 'python-repl', 'r', 'ruby', 'rust', 'sas', 'scilab', 'scss', 'shell', 'sh', 'sql', 'stan', 'stata', 'swift', 'typescript', 'ts', 'vbnet', 'wasm', 'xml', 'yaml', 'html']

# Research module configuration
enable_research: true # Enable research module

# OpenSearch module configuration
enable_open_search: true # Enable OpenSearch module
opensearch_server: combined.yoda.test

# Deposit module configuration
enable_deposit: true # Enable deposit module

# Intake module configuration
enable_intake: true # Enable intake module

# Datarequest module configuration
enable_datarequest: true # Enable datarequest module
datarequest_help_contact_name: PLACEHOLDER # Help contact name
datarequest_help_contact_email: PLACEHOLDER # Help contact email

# Data Package Reference
enable_data_package_reference: true # Enable Data Package References for vault data packages

# Data Access Tokens
enable_tokens: true # Enable data access tokens for webDAV and iCommands
token_database: /etc/irods/yoda-ruleset/accesstokens.db # Location of the database that contain the tokens
token_database_password: test # Token database password
token_length: 32 # Length of data access tokens
token_lifetime: 72 # Lifetime of data access tokens (in hours)

# DMF tape archive (legacy tape archive implementation)
enable_tape_archive: false

# Data Package Archive
enable_data_package_archive: false # Enable data package archive functionality
enable_data_package_download: false # Enable data package download functionality
data_package_archive_fqdn: "{{ irods_resource_fqdn }}" # Fully qualified domain name (FQDN) of iRODS server connected to data archive
data_package_archive_minimum: 1024 # Minimum data package archive size (1 KB), -1 for no limit
data_package_archive_maximum: -1 # Maximum data package archive size (no limit), -1 for no limit
data_package_archive_resource: mockTapeArchive # Resource to use for data package archive functionality

# SRAM configuration
enable_sram: false # Enable SRAM configuration
sram_rest_api_url: sram-mock.yoda.test # SRAM Rest API URL
sram_api_key: PLACEHOLDER # SRAM Rest API key
sram_service_entity_id: PLACEHOLDER # SRAM Service Entity ID
sram_flow: invitation # SRAM flow to use, 'join_request' or 'invitation'
sram_auto_group_sync: false # Automatic SRAM group sync
sram_verbose_logging: true # SRAM verbose logging
sram_tls_verify: false # Enable TLS verification for SRAM API calls. Enabled by default.

# iRODS check tooling
enable_irods_consistency_check: true
enable_icat_database_checker: true

# Portal customization
yoda_theme_path: /var/www/yoda/themes # Base path holding customised portal themes
yoda_theme: uu # Yoda theme: uu or vu (default: uu)
portal_title_text: Yoda - Dev
yoda_portal_log_api_call_duration: true

# iRODS configuration
irods_password: rods # iRODS admin password
irods_database_password: irodsdev # The password for the iRODS database username
irods_zone: tempZone # The name of the iRODS Zone
irods_icat_fqdn: combined.yoda.test # iRODS iCAT fully qualified domain name (FQDN)
irods_database_fqdn: combined.yoda.test # iRODS database fully qualified domain name (FQDN)
irods_resource_fqdn: combined.yoda.test # iRODS resource fully qualified domain name (FQDN)
irods_ssl_verify_server: none # Verify TLS certificate, use 'cert' for acceptance and production
irods_enable_gocommands: false
irods_resources:
- name: dev001_1
host: "{{ irods_icat_fqdn }}"
vault_path: /var/lib/irods/Vault1_1
resource_type: unixfilesystem

- name: dev001_2
resource_type: unixfilesystem
host: "{{ irods_icat_fqdn }}"
vault_path: /var/lib/irods/Vault1_2

- name: dev001_p1
resource_type: passthru
children:
- dev001_1

- name: dev001_p2
resource_type: passthru
children:
- dev001_2

- name: dev001
resource_type: random
children:
- dev001_p1
- dev001_p2

- name: irodsResc
resource_type: random
children:
- dev001

- name: dev002_1
resource_type: unixfilesystem
host: "{{ irods_resource_fqdn }}"
vault_path: /var/lib/irods/Vault2_1

- name: dev002_p1
resource_type: passthru
children:
- dev002_1

- name: dev002
resource_type: random
children:
- dev002_p1

- name: irodsRescRepl
resource_type: random
children:
- dev002

- name: dev003_1
resource_type: s3
host: "{{ irods_icat_fqdn }}"
vault_path: /yoda
context: "S3_DEFAULT_HOSTNAME=localhost:9000;S3_AUTH_FILE=/var/lib/irods/.s3auth;S3_REGIONNAME=local-s3;S3_RETRY_COUNT=1;S3_WAIT_TIME_SECONDS=3;S3_PROTO=HTTP;ARCHIVE_NAMING_POLICY=decoupled;HOST_MODE=cacheless_attached"

- name: dev003_p1
resource_type: passthru
children:
- dev003_1

- name: dev003
resource_type: random
children:
- dev003_p1

- name: irodsRescReplS3
resource_type: random
children:
- dev003

# List of replication resources
irods_repl_resc:
- irodsRescRepl
- irodsRescReplS3

async_replication_delay_time: 3600 # Delay after last modification to data object before replication job can process it (sec)

# Automatic resource balancing configuration
irods_arb_enabled: true
irods_arb_exempt_resources: ""
irods_arb_min_gb_free: 0
irods_arb_min_percent_free: 5

# S3 configuration
enable_s3_resource: false
s3_access_key: minioadmin
s3_secret_key: minioadmin
s3_hostname: localhost:9000

# Mail notifications
send_notifications: 1 # Enable notifications: yes (1) or no (0)
notifications_sender_email: [email protected] # Notifiations sender email address
notifications_reply_to: [email protected] # Notifiations Reply-To email address
smtp_server: smtp://localhost:25
smtp_auth: false
smtp_starttls: false

# DataCite Configuration
datacite_rest_api_url: datacite-mock.yoda.test # DataCite API server URL
datacite_username: PLACEHOLDER # DataCite username
datacite_password: PLACEHOLDER # DataCite password
datacite_prefix: 10.00012 # DataCite DOI prefix
datacite_publisher: Yoda development team # DataCite publisher: the name of the entity that publishes
datacite_tls_verify: 0 # DataCite TLS verification / disabled on development environment
# since the mock service uses self-signed certificates.

# EPIC PID Configuration
epic_url: PLACEHOLDER # EPIC PID server URI (undefined disables EPIC PID)
epic_handle_prefix: PLACEHOLDER # EPIC PID prefix

# PAM Radius configuration
# server, shared secret, timeout (s)
pam_radius_config: |
127.0.0.1 secret 1
other-server other-secret 3
# Zabbix configuration
zabbix_server: PLACEHOLDER

# Public host configuration
yoda_public_host: combined.yoda.test # Yoda public host
yoda_public_fqdn: public.yoda.test # Yoda public fully qualified domain name (FQDN)

# Yoda public upload private key (base64 encoded)
# These keys are the "insecure" public/private keypair we offer for use in development instances.
# If you use this instance for anything other than development, you should create your own keypair.
# ssh-keygen -t ed25519 -> base64
upload_priv_key: |
LS0tLS1CRUdJTiBPUEVOU1NIIFBSSVZBVEUgS0VZLS0tLS0KYjNCbGJuTnphQzFyWlhrdGRqRUFB
QUFBQkc1dmJtVUFBQUFFYm05dVpRQUFBQUFBQUFBQkFBQUFNd0FBQUF0emMyZ3RaVwpReU5UVXhP
UUFBQUNDTGlhY01DT2xPZzNpSFg4VXdYOHpWUk11cFB2Y2NyTTdmQUNodU9WMi80UUFBQUpoQTVj
YTlRT1hHCnZRQUFBQXR6YzJndFpXUXlOVFV4T1FBQUFDQ0xpYWNNQ09sT2czaUhYOFV3WDh6VlJN
dXBQdmNjck03ZkFDaHVPVjIvNFEKQUFBRUFtRng0MmVDSDBYOHFHaXpmUmFpcFJWa3MzcVo1OWda
SU92TUJkZy85SnhZdUpwd3dJNlU2RGVJZGZ4VEJmek5WRQp5NmsrOXh5c3p0OEFLRzQ1WGIvaEFB
QUFEbWx5YjJSelFHTnZiV0pwYm1Wa0FRSURCQVVHQnc9PQotLS0tLUVORCBPUEVOU1NIIFBSSVZB
VEUgS0VZLS0tLS0K
# Yoda public upload public key (base64 encoded)
upload_pub_key: |
c3NoLWVkMjU1MTkgQUFBQUMzTnphQzFsWkRJMU5URTVBQUFBSUl1SnB3d0k2VTZEZUlkZnhUQmZ6
TlZFeTZrKzl4eXN6dDhBS0c0NVhiL2ggaXJvZHNAY29tYmluZWQK
# External user service configuration
yoda_eus_fqdn: eus.yoda.test
eus_api_fqdn: api.eus.yoda.test
eus_api_secret: PLACEHOLDER
eus_api_tls_verify: false
eus_db_password: PLACEHOLDER
eus_smtp_from_address: [email protected]
eus_smtp_replyto_address: [email protected]
eus_mail_template: uu
external_users_domain_filter: '*.yoda.dev' # Domains to filter, separated by | and wildcard character *

# OpenID Connect configuration (This configuration is for TESTING purposes!)
oidc_active: true # Boolean indicating whether OpenId Connect is enabled
oidc_domains: ['*.yoda.dev'] # Domains that should use OIDC (list, wildcard character *)
oidc_always_redirect: false # Ignore OIDC domains and redirect all domains
oidc_client_id: myClientId # OIDC Client Id
oidc_client_secret: myClientPassword # OIDC Client Secret/Password
oidc_auth_base_uri: https://oauth.wiremockapi.cloud/oauth/authorize # OIDC Authorization URI without parameters
oidc_token_uri: https://oauth.wiremockapi.cloud/oauth/token # OIDC Token URI
oidc_userinfo_uri: https://oauth.wiremockapi.cloud/userinfo # OIDC Userinfo URI
oidc_scopes: openid # OIDC Scopes
oidc_acr_values: "" # OIDC Authentication Context Class Reference Values
oidc_email_field: email # The identifier of the JSON field in the id_token containing the email address (default: email)
oidc_jwks_uri: https://oauth.wiremockapi.cloud/.well-known/jwks.json # The url where the JWKS can be found (Java web key sets)
oidc_jwt_issuer: https://oauth.wiremockapi.cloud # The issuer of the JWT tokens ('iss' value in JWT, for verification)
oidc_req_exp: true # Check that exp (expiration) claim is present
oidc_req_iat: false # Check that iat (issued at) claim is present
oidc_req_nbf: false # Check that nbf (not before) claim is present
oidc_verify_aud: true # Check that aud (audience) claim matches audience
oidc_verify_iat: false # Check that iat (issued at) claim value is an integer
oidc_verify_exp: true # Check that exp (expiration) claim value is OK
oidc_verify_iss: true # Check that iss (issue) claim is as expected

# Mail configuration
enable_mailpit: true
enable_postfix: false
2 changes: 2 additions & 0 deletions environments/development/allinone-ubuntu/host_vars/combined
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
---
ansible_host: 192.168.64.6
Loading

0 comments on commit 5b21816

Please sign in to comment.