-
Notifications
You must be signed in to change notification settings - Fork 26
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
10 changed files
with
359 additions
and
12 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -3,7 +3,7 @@ LABEL maintainer="Yoda team <[email protected]>" | |
SHELL ["/bin/bash", "-o", "pipefail", "-c"] | ||
|
||
# Application settings | ||
ARG TAG=development | ||
ARG TAG=YDA-5699-add-admin-page | ||
ENV IRODS_VERSION "4.2.12-1~bionic" | ||
ENV IRODS_PREP_VERSION "4.2.12.0-1~bionic" | ||
ENV IRODS_INDEX_VERSION "4.2.12.0-1~bionic" | ||
|
@@ -53,6 +53,7 @@ RUN apt-get install -y gcc python3 python3-dev python3-pip python3-virtualenv \ | |
|
||
# Upload PAM Python library | ||
COPY stage/pam_python.so /tmp/pam_python.so | ||
RUN mkdir -p /usr/lib/x86_64-linux-gnu/security/ | ||
RUN install -m 0755 -o root -g root /tmp/pam_python.so /usr/lib/x86_64-linux-gnu/security/pam_python.so | ||
|
||
# Install PostgreSQL 15 for ODBC drivers, checks whether database container is up, as well as troubleshooting | ||
|
@@ -80,14 +81,14 @@ ENV PY_JSONSCHEMA_PREFIX="http://security.ubuntu.com/ubuntu/pool/main/p/python-j | |
ENV PY_JSONSCHEMA_FILENAME="python-jsonschema_2.3.0-1build1_all.deb" | ||
ENV PY_ODBC_PREFIX="http://security.ubuntu.com/ubuntu/pool/universe/p/pyodbc" | ||
ENV PY_ODBC_FILENAME="python-pyodbc_4.0.17-1_amd64.deb" | ||
RUN apt-get install libssl-dev | ||
RUN apt-get install unixodbc-dev | ||
RUN wget -q ${PY_URLLIB_PREFIX}/${PY_URLLIB_FILENAME} && \ | ||
wget -q ${PY_REQUESTS_PREFIX}/${PY_REQUESTS_FILENAME} && \ | ||
wget -q ${OPENSSL_PREFIX}/${OPENSSL_FILENAME} && \ | ||
wget -q ${PY_JSONSCHEMA_PREFIX}/${PY_JSONSCHEMA_FILENAME} && \ | ||
wget -q ${PY_ODBC_PREFIX}/${PY_ODBC_FILENAME} && \ | ||
dpkg -i ${PY_URLLIB_FILENAME} && \ | ||
dpkg -i ${PY_REQUESTS_FILENAME} && \ | ||
dpkg -i ${OPENSSL_FILENAME} && \ | ||
dpkg -i ${PY_JSONSCHEMA_FILENAME} && \ | ||
dpkg -i ${PY_ODBC_FILENAME} && \ | ||
rm ${PY_URLLIB_FILENAME} && \ | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,8 +1,9 @@ | ||
FROM ubuntu:20.04 | ||
LABEL maintainer="Yoda team <[email protected]>" | ||
|
||
RUN apt-get install libssl-dev | ||
RUN pip3 install pyodbc | ||
Check warning on line 4 in docker/images/yoda_portal/Dockerfile GitHub Actions / build
|
||
# Application settings | ||
ARG TAG=development | ||
ARG TAG=YDA-5699-add-admin-page | ||
ENV YODA_PORTAL_REPO "https://github.com/UtrechtUniversity/yoda-portal.git" | ||
ENV YODA_PORTAL_BRANCH="$TAG" | ||
ENV DEBIAN_FRONTEND="noninteractive" | ||
|
276 changes: 276 additions & 0 deletions
276
environments/development/allinone-ubuntu/group_vars/allinone.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,276 @@ | ||
--- | ||
# copyright Utrecht University | ||
|
||
# Ansible configuration | ||
ansible_user: vagrant # Administrative user on instance for Ansible | ||
ansible_ssh_private_key_file: vagrant/ssh/vagrant # Path to private key file of administrative user | ||
|
||
pgsql_version: 15 | ||
postgresql_perform_db_upgrade: true | ||
|
||
# Yoda configuration | ||
instance: allinone # Name of Yoda instance, as defined in hosts file | ||
yoda_version: development # Git branch, for example: development or release-1.8 | ||
yoda_environment: development # Yoda environment: development, testing, acceptance or production | ||
yoda_portal_fqdn: portal.yoda.test # Yoda Portal fully qualified domain name (FQDN) | ||
yoda_davrods_fqdn: data.yoda.test # Yoda Davrods WebDAV fully qualified domain name (FQDN) | ||
yoda_davrods_anonymous_enabled: true | ||
yoda_davrods_anonymous_fqdn: public.data.yoda.test # Yoda Davrods anonymous WebDAV fully qualified domain name (FQDN) | ||
|
||
default_yoda_schema: default-3 # Default Yoda metadata scheme: core-2 or default-3 | ||
yoda_prefix: UU01 # Prefix for internal portion of persistent identifier | ||
update_schemas: 1 # Update already installed schemas, formelements and stylesheets: yes (1) or no (0) | ||
credential_files: PLACEHOLDER # Location of Yoda credentials files | ||
|
||
# Text file extensions configuration | ||
text_file_extensions: ['bash', 'csv', 'c', 'cpp', 'csharp', 'css', 'diff', 'fortran', 'gams', 'gauss', 'go', 'graphql', 'ini', 'irpf90', 'java', 'js', 'json', 'julia', 'julia-repl', 'kotlin', 'less', 'lua', 'makefile', 'markdown', 'md', 'mathematica', 'matlab', 'maxima', 'mizar', 'objectivec', 'openscad', 'perl', 'php', 'php-template', 'plaintext', 'txt', 'python', 'py', 'python-repl', 'r', 'ruby', 'rust', 'sas', 'scilab', 'scss', 'shell', 'sh', 'sql', 'stan', 'stata', 'swift', 'typescript', 'ts', 'vbnet', 'wasm', 'xml', 'yaml', 'html'] | ||
|
||
# Research module configuration | ||
enable_research: true # Enable research module | ||
|
||
# OpenSearch module configuration | ||
enable_open_search: true # Enable OpenSearch module | ||
opensearch_server: combined.yoda.test | ||
|
||
# Deposit module configuration | ||
enable_deposit: true # Enable deposit module | ||
|
||
# Intake module configuration | ||
enable_intake: true # Enable intake module | ||
|
||
# Datarequest module configuration | ||
enable_datarequest: true # Enable datarequest module | ||
datarequest_help_contact_name: PLACEHOLDER # Help contact name | ||
datarequest_help_contact_email: PLACEHOLDER # Help contact email | ||
|
||
# Data Package Reference | ||
enable_data_package_reference: true # Enable Data Package References for vault data packages | ||
|
||
# Data Access Tokens | ||
enable_tokens: true # Enable data access tokens for webDAV and iCommands | ||
token_database: /etc/irods/yoda-ruleset/accesstokens.db # Location of the database that contain the tokens | ||
token_database_password: test # Token database password | ||
token_length: 32 # Length of data access tokens | ||
token_lifetime: 72 # Lifetime of data access tokens (in hours) | ||
|
||
# DMF tape archive (legacy tape archive implementation) | ||
enable_tape_archive: false | ||
|
||
# Data Package Archive | ||
enable_data_package_archive: false # Enable data package archive functionality | ||
enable_data_package_download: false # Enable data package download functionality | ||
data_package_archive_fqdn: "{{ irods_resource_fqdn }}" # Fully qualified domain name (FQDN) of iRODS server connected to data archive | ||
data_package_archive_minimum: 1024 # Minimum data package archive size (1 KB), -1 for no limit | ||
data_package_archive_maximum: -1 # Maximum data package archive size (no limit), -1 for no limit | ||
data_package_archive_resource: mockTapeArchive # Resource to use for data package archive functionality | ||
|
||
# SRAM configuration | ||
enable_sram: false # Enable SRAM configuration | ||
sram_rest_api_url: sram-mock.yoda.test # SRAM Rest API URL | ||
sram_api_key: PLACEHOLDER # SRAM Rest API key | ||
sram_service_entity_id: PLACEHOLDER # SRAM Service Entity ID | ||
sram_flow: invitation # SRAM flow to use, 'join_request' or 'invitation' | ||
sram_auto_group_sync: false # Automatic SRAM group sync | ||
sram_verbose_logging: true # SRAM verbose logging | ||
sram_tls_verify: false # Enable TLS verification for SRAM API calls. Enabled by default. | ||
|
||
# iRODS check tooling | ||
enable_irods_consistency_check: true | ||
enable_icat_database_checker: true | ||
|
||
# Portal customization | ||
yoda_theme_path: /var/www/yoda/themes # Base path holding customised portal themes | ||
yoda_theme: uu # Yoda theme: uu or vu (default: uu) | ||
portal_title_text: Yoda - Dev | ||
yoda_portal_log_api_call_duration: true | ||
|
||
# iRODS configuration | ||
irods_password: rods # iRODS admin password | ||
irods_database_password: irodsdev # The password for the iRODS database username | ||
irods_zone: tempZone # The name of the iRODS Zone | ||
irods_icat_fqdn: combined.yoda.test # iRODS iCAT fully qualified domain name (FQDN) | ||
irods_database_fqdn: combined.yoda.test # iRODS database fully qualified domain name (FQDN) | ||
irods_resource_fqdn: combined.yoda.test # iRODS resource fully qualified domain name (FQDN) | ||
irods_ssl_verify_server: none # Verify TLS certificate, use 'cert' for acceptance and production | ||
irods_enable_gocommands: false | ||
irods_resources: | ||
- name: dev001_1 | ||
host: "{{ irods_icat_fqdn }}" | ||
vault_path: /var/lib/irods/Vault1_1 | ||
resource_type: unixfilesystem | ||
|
||
- name: dev001_2 | ||
resource_type: unixfilesystem | ||
host: "{{ irods_icat_fqdn }}" | ||
vault_path: /var/lib/irods/Vault1_2 | ||
|
||
- name: dev001_p1 | ||
resource_type: passthru | ||
children: | ||
- dev001_1 | ||
|
||
- name: dev001_p2 | ||
resource_type: passthru | ||
children: | ||
- dev001_2 | ||
|
||
- name: dev001 | ||
resource_type: random | ||
children: | ||
- dev001_p1 | ||
- dev001_p2 | ||
|
||
- name: irodsResc | ||
resource_type: random | ||
children: | ||
- dev001 | ||
|
||
- name: dev002_1 | ||
resource_type: unixfilesystem | ||
host: "{{ irods_resource_fqdn }}" | ||
vault_path: /var/lib/irods/Vault2_1 | ||
|
||
- name: dev002_p1 | ||
resource_type: passthru | ||
children: | ||
- dev002_1 | ||
|
||
- name: dev002 | ||
resource_type: random | ||
children: | ||
- dev002_p1 | ||
|
||
- name: irodsRescRepl | ||
resource_type: random | ||
children: | ||
- dev002 | ||
|
||
- name: dev003_1 | ||
resource_type: s3 | ||
host: "{{ irods_icat_fqdn }}" | ||
vault_path: /yoda | ||
context: "S3_DEFAULT_HOSTNAME=localhost:9000;S3_AUTH_FILE=/var/lib/irods/.s3auth;S3_REGIONNAME=local-s3;S3_RETRY_COUNT=1;S3_WAIT_TIME_SECONDS=3;S3_PROTO=HTTP;ARCHIVE_NAMING_POLICY=decoupled;HOST_MODE=cacheless_attached" | ||
|
||
- name: dev003_p1 | ||
resource_type: passthru | ||
children: | ||
- dev003_1 | ||
|
||
- name: dev003 | ||
resource_type: random | ||
children: | ||
- dev003_p1 | ||
|
||
- name: irodsRescReplS3 | ||
resource_type: random | ||
children: | ||
- dev003 | ||
|
||
# List of replication resources | ||
irods_repl_resc: | ||
- irodsRescRepl | ||
- irodsRescReplS3 | ||
|
||
async_replication_delay_time: 3600 # Delay after last modification to data object before replication job can process it (sec) | ||
|
||
# Automatic resource balancing configuration | ||
irods_arb_enabled: true | ||
irods_arb_exempt_resources: "" | ||
irods_arb_min_gb_free: 0 | ||
irods_arb_min_percent_free: 5 | ||
|
||
# S3 configuration | ||
enable_s3_resource: false | ||
s3_access_key: minioadmin | ||
s3_secret_key: minioadmin | ||
s3_hostname: localhost:9000 | ||
|
||
# Mail notifications | ||
send_notifications: 1 # Enable notifications: yes (1) or no (0) | ||
notifications_sender_email: [email protected] # Notifiations sender email address | ||
notifications_reply_to: [email protected] # Notifiations Reply-To email address | ||
smtp_server: smtp://localhost:25 | ||
smtp_auth: false | ||
smtp_starttls: false | ||
|
||
# DataCite Configuration | ||
datacite_rest_api_url: datacite-mock.yoda.test # DataCite API server URL | ||
datacite_username: PLACEHOLDER # DataCite username | ||
datacite_password: PLACEHOLDER # DataCite password | ||
datacite_prefix: 10.00012 # DataCite DOI prefix | ||
datacite_publisher: Yoda development team # DataCite publisher: the name of the entity that publishes | ||
datacite_tls_verify: 0 # DataCite TLS verification / disabled on development environment | ||
# since the mock service uses self-signed certificates. | ||
|
||
# EPIC PID Configuration | ||
epic_url: PLACEHOLDER # EPIC PID server URI (undefined disables EPIC PID) | ||
epic_handle_prefix: PLACEHOLDER # EPIC PID prefix | ||
|
||
# PAM Radius configuration | ||
# server, shared secret, timeout (s) | ||
pam_radius_config: | | ||
127.0.0.1 secret 1 | ||
other-server other-secret 3 | ||
# Zabbix configuration | ||
zabbix_server: PLACEHOLDER | ||
|
||
# Public host configuration | ||
yoda_public_host: combined.yoda.test # Yoda public host | ||
yoda_public_fqdn: public.yoda.test # Yoda public fully qualified domain name (FQDN) | ||
|
||
# Yoda public upload private key (base64 encoded) | ||
# These keys are the "insecure" public/private keypair we offer for use in development instances. | ||
# If you use this instance for anything other than development, you should create your own keypair. | ||
# ssh-keygen -t ed25519 -> base64 | ||
upload_priv_key: | | ||
LS0tLS1CRUdJTiBPUEVOU1NIIFBSSVZBVEUgS0VZLS0tLS0KYjNCbGJuTnphQzFyWlhrdGRqRUFB | ||
QUFBQkc1dmJtVUFBQUFFYm05dVpRQUFBQUFBQUFBQkFBQUFNd0FBQUF0emMyZ3RaVwpReU5UVXhP | ||
UUFBQUNDTGlhY01DT2xPZzNpSFg4VXdYOHpWUk11cFB2Y2NyTTdmQUNodU9WMi80UUFBQUpoQTVj | ||
YTlRT1hHCnZRQUFBQXR6YzJndFpXUXlOVFV4T1FBQUFDQ0xpYWNNQ09sT2czaUhYOFV3WDh6VlJN | ||
dXBQdmNjck03ZkFDaHVPVjIvNFEKQUFBRUFtRng0MmVDSDBYOHFHaXpmUmFpcFJWa3MzcVo1OWda | ||
SU92TUJkZy85SnhZdUpwd3dJNlU2RGVJZGZ4VEJmek5WRQp5NmsrOXh5c3p0OEFLRzQ1WGIvaEFB | ||
QUFEbWx5YjJSelFHTnZiV0pwYm1Wa0FRSURCQVVHQnc9PQotLS0tLUVORCBPUEVOU1NIIFBSSVZB | ||
VEUgS0VZLS0tLS0K | ||
# Yoda public upload public key (base64 encoded) | ||
upload_pub_key: | | ||
c3NoLWVkMjU1MTkgQUFBQUMzTnphQzFsWkRJMU5URTVBQUFBSUl1SnB3d0k2VTZEZUlkZnhUQmZ6 | ||
TlZFeTZrKzl4eXN6dDhBS0c0NVhiL2ggaXJvZHNAY29tYmluZWQK | ||
# External user service configuration | ||
yoda_eus_fqdn: eus.yoda.test | ||
eus_api_fqdn: api.eus.yoda.test | ||
eus_api_secret: PLACEHOLDER | ||
eus_api_tls_verify: false | ||
eus_db_password: PLACEHOLDER | ||
eus_smtp_from_address: [email protected] | ||
eus_smtp_replyto_address: [email protected] | ||
eus_mail_template: uu | ||
external_users_domain_filter: '*.yoda.dev' # Domains to filter, separated by | and wildcard character * | ||
|
||
# OpenID Connect configuration (This configuration is for TESTING purposes!) | ||
oidc_active: true # Boolean indicating whether OpenId Connect is enabled | ||
oidc_domains: ['*.yoda.dev'] # Domains that should use OIDC (list, wildcard character *) | ||
oidc_always_redirect: false # Ignore OIDC domains and redirect all domains | ||
oidc_client_id: myClientId # OIDC Client Id | ||
oidc_client_secret: myClientPassword # OIDC Client Secret/Password | ||
oidc_auth_base_uri: https://oauth.wiremockapi.cloud/oauth/authorize # OIDC Authorization URI without parameters | ||
oidc_token_uri: https://oauth.wiremockapi.cloud/oauth/token # OIDC Token URI | ||
oidc_userinfo_uri: https://oauth.wiremockapi.cloud/userinfo # OIDC Userinfo URI | ||
oidc_scopes: openid # OIDC Scopes | ||
oidc_acr_values: "" # OIDC Authentication Context Class Reference Values | ||
oidc_email_field: email # The identifier of the JSON field in the id_token containing the email address (default: email) | ||
oidc_jwks_uri: https://oauth.wiremockapi.cloud/.well-known/jwks.json # The url where the JWKS can be found (Java web key sets) | ||
oidc_jwt_issuer: https://oauth.wiremockapi.cloud # The issuer of the JWT tokens ('iss' value in JWT, for verification) | ||
oidc_req_exp: true # Check that exp (expiration) claim is present | ||
oidc_req_iat: false # Check that iat (issued at) claim is present | ||
oidc_req_nbf: false # Check that nbf (not before) claim is present | ||
oidc_verify_aud: true # Check that aud (audience) claim matches audience | ||
oidc_verify_iat: false # Check that iat (issued at) claim value is an integer | ||
oidc_verify_exp: true # Check that exp (expiration) claim value is OK | ||
oidc_verify_iss: true # Check that iss (issue) claim is as expected | ||
|
||
# Mail configuration | ||
enable_mailpit: true | ||
enable_postfix: false |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,2 @@ | ||
--- | ||
ansible_host: 192.168.64.6 |
Oops, something went wrong.