Merge branch 'devel' into update-env

ESGF · Oct 24, 2019 · edd8dc9 · edd8dc9
2 parents fe4282e + f7d0a34
commit edd8dc9
Show file tree

Hide file tree

Showing 9 changed files with 70 additions and 65 deletions.
diff --git a/group_vars/data.yml b/group_vars/data.yml
@@ -3,7 +3,7 @@ thredds:
   content: "{{ esg.content }}/thredds"
   tomcat_user:
     name: "dnode_user"
-    pass: "{{ admin_pass |hash('md5') }}"
+    pass: "{{ admin_pass }}"
     roles: "tdrAdmin,tdsConfig"
 
 thredds_webapp:

diff --git a/group_vars/index.yml b/group_vars/index.yml
@@ -18,7 +18,7 @@ solr:
 
 cog:
   repo: https://github.com/EarthSystemCoG/COG.git
-  version: v3.14.3
+  version: v3.15.2
   dest: /usr/local/cog/cog_install
   base: /usr/local/cog
   wsgi_dir: /etc/cog-wsgi-8889

diff --git a/roles/base/tasks/main.yml b/roles/base/tasks/main.yml
@@ -31,5 +31,6 @@
     loop_var: base_task
 
 - name: Include Globus Tools
+  when: globus_user is defined and globus_pass is defined
   include_role:
     name: globus_tools
diff --git a/roles/cog/tasks/main.yml b/roles/cog/tasks/main.yml
@@ -25,19 +25,6 @@
   args:
     chdir: "{{ cog.dest }}"
 
-# Install mkproxy
-- name: Clone Transfer API Client Repo
-  git:
-    repo: "https://github.com/globusonline/transfer-api-client-python.git"
-    dest: "{{ cog.base }}/transfer-api-client-python"
-
-- name: Make and Install mkproxy
-  shell: >
-    {{ conda.actv }} cog && \
-    make && make install
-  args:
-    chdir: "{{ cog.base }}/transfer-api-client-python/mkproxy"
-
 - name: Install CoG into conda env
   shell: >
     {{ conda.actv }} cog && \

diff --git a/roles/data/tasks/thredds.yml b/roles/data/tasks/thredds.yml
@@ -40,6 +40,16 @@
     src: thredds/log4j2.xml
     dest: "{{ tomcat.webapps }}/{{ thredds_webapp.name }}/WEB-INF/classes/log4j2.xml"
 
+- name: Digest thredds user credential
+  no_log: true
+  command: "{{ tomcat.path }}/bin/digest.sh -a 'sha-256' -s 20 -i 5 {{ thredds.tomcat_user.pass }}"
+  register: cred_digest
+
+- name: Set credential digest variable
+  no_log: true
+  set_fact:
+    thredds_pass_digest: "{{ cred_digest.stdout.split(':')[-1] }}"
+
 - name: Install {{ thredds.tomcat_user.name }} into tomcat-users.xml
   template:
     src: thredds/tomcat-users.xml.j2

diff --git a/roles/data/templates/thredds/tomcat-users.xml.j2 b/roles/data/templates/thredds/tomcat-users.xml.j2
@@ -3,5 +3,5 @@
   <role rolename="tdsConfig"/>
   <role rolename="manager"/>
   <role rolename="tdrAdmin"/>
-  <user username="{{ thredds.tomcat_user.name }}" password="{{ thredds.tomcat_user.pass }}" roles="{{ thredds.tomcat_user.roles }}"/>
+  <user username="{{ thredds.tomcat_user.name }}" password="{{ thredds_pass_digest }}" roles="{{ thredds.tomcat_user.roles }}"/>
 </tomcat-users>
diff --git a/roles/httpd/tasks/letsencrypt.yml b/roles/httpd/tasks/letsencrypt.yml
@@ -3,7 +3,9 @@
 # Create an ACME Challenge
 - name: Create ACME Challenge
   acme_certificate:
-    acme_directory: https://acme-v01.api.letsencrypt.org/directory
+    acme_version: 2
+    terms_agreed: yes
+    acme_directory: https://acme-v02.api.letsencrypt.org/directory
     account_key_src: /tmp/account_key.pem
     csr: /tmp/httpdhost.csr
     dest: "{{ httpd.hostcert }}"
@@ -34,7 +36,9 @@
 - name: Run ACME Challenge
   when: acme_challenge is changed
   acme_certificate:
-    acme_directory: https://acme-v01.api.letsencrypt.org/directory
+    acme_directory: https://acme-v02.api.letsencrypt.org/directory
+    acme_version: 2
+    terms_agreed: yes
     account_key_src: /tmp/account_key.pem
     csr: /tmp/httpdhost.csr
     dest: "{{ httpd.hostcert }}"
@@ -45,4 +49,4 @@
   when: acme_challenge is changed
   service:
     name: httpd
-    state: stopped
+    state: stopped
diff --git a/roles/publisher/files/environment.yml b/roles/publisher/files/environment.yml
@@ -3,19 +3,21 @@ channels:
   - defaults
   - conda-forge
 dependencies:
+  - _libgcc_mutex=0.1
   - asn1crypto=0.24.0
   - attrs=19.1.0
-  - blas=1.1
-  - bzip2=1.0.6
-  - ca-certificates=2019.1.23
-  - cdat_info=8.1.1
+  - bzip2=1.0.8
+  - ca-certificates=2019.8.28
+  - cdat_info=8.2
   - cdtime=3.1.2
-  - certifi=2019.3.9
-  - cffi=1.12.2
+  - cdms2=3.1.2
+  - certifi=2019.9.11
+  - cffi=1.12.3
+  - cftime=1.0.3.4
   - chardet=3.0.4
-  - cmor=3.4.0
-  - cryptography=2.6.1
-  - curl=7.64.0
+  - cmor=3.5.0
+  - cryptography=2.7
+  - curl=7.65.3
   - decorator=4.4.0
   - distarray=2.12.2
   - enum34=1.1.6
@@ -26,87 +28,88 @@ dependencies:
   - future=0.17.1
   - g2clib=1.6.0
   - hdf4=4.2.13
-  - hdf5=1.10.4
+  - hdf5=1.10.5
   - ipaddress=1.0.22
   - ipython_genutils=0.2.0
   - jasper=1.900.1
   - jpeg=9c
-  - jsonschema=3.0.1
-  - jupyter_core=4.4.0
+  - json-c=0.13.1
+  - jsonschema=3.0.2
+  - jupyter_core=4.5.0
   - krb5=1.16.1
+  - libblas=3.8.0
+  - libcblas=3.8.0
   - libcdms=3.1.2
-  - libcf=1.0.2
-  - libcurl=7.64.0
+  - libcf=1.0.3
+  - libcurl=7.65.3
   - libdrs=3.1.2
   - libdrs_f=3.1.2
   - libedit=3.1.20181209
   - libffi=3.2.1
-  - libgcc-ng=8.2.0
-  - libgfortran=3.0.0
+  - libgcc-ng=9.1.0
   - libgfortran-ng=7.3.0
+  - liblapack=3.8.0
   - libnetcdf=4.6.2
-  - libopenblas=0.2.20
-  - libpng=1.6.36
-  - libssh2=1.8.0
-  - libstdcxx-ng=8.2.0
+  - libopenblas=0.3.6
+  - libpng=1.6.37
+  - libssh2=1.8.2
+  - libstdcxx-ng=9.1.0
   - libtiff=4.0.10
+  - libuuid=2.32.1
   - mpi=1.0
   - mpich=3.2.1
   - nbformat=4.4.0
   - ncurses=6.1
   - netcdf-fortran=4.4.5
-  - numpy=1.15.2
-  - openblas=0.2.20
-  - openblas-devel=0.2.20
-  - openssl=1.1.1b
-  - ossuuid=1.6.2
-  - pip=19.0.3
+  - numpy=1.16.4
+  - openssl=1.1.1d
+  - pip=19.2.3
   - pycparser=2.19
   - pyopenssl=19.0.0
-  - pyrsistent=0.14.11
-  - pysocks=1.6.8
+  - pyrsistent=0.15.4
+  - pysocks=1.7.1
   - python=2.7.16
   - readline=7.0
-  - setuptools=40.8.0
+  - setuptools=41.2.0
   - six=1.12.0
-  - sqlite=3.27.2
+  - sqlite=3.29.0
   - tk=8.6.8
   - traitlets=4.3.2
-  - udunits2=2.2.27
-  - urllib3=1.24.1
-  - wheel=0.33.1
+  - udunits2=2.2.25
+  - urllib3=1.24.2
+  - wheel=0.33.6
   - xz=5.2.4
   - zlib=1.2.11
   - zstd=1.3.7
   - pip:
     - cdf2cim==0.3.3.0
-    - cdms2==3.0.0
-    - cf-python==2.3.3
-    - cftime==1.0.3.4
+    - cf-python==3.0.1
+    - cfdm==1.7.8
+    - cfunits==3.2.2
     - esgcet==3.7.2
     - esgconfigparser==0.1.17
     - esgf-pyclient==0.2.1
-    - esgfpid==0.7.12
-    - esgprep==2.9.5
+    - esgfpid==0.7.14
+    - esgprep==2.9.7
     - fuzzywuzzy==0.16.0
     - hurry-filesize==0.9
     - idna==2.7
-    - jinja2==2.10
+    - jinja2==2.10.1
     - lockfile==0.12.2
-    - lxml==4.3.2
+    - lxml==4.4.1
     - markupsafe==1.1.1
     - myproxyclient==2.1.0
     - netcdf4==1.4.0
     - nose==1.3.7
-    - pbr==5.1.3
+    - pbr==5.4.3
     - pika==0.11.2
-    - psutil==5.6.1
     - psycopg2==2.7.7
+    - psutil==5.6.3
     - psycopg2_binary==2.7.4
     - regrid2==3.0.0
     - requests==2.20.0
-    - requests-cache==0.4.13
-    - sqlalchemy==1.2.18
+    - requests-cache==0.5.2
+    - sqlalchemy==1.2.19
     - sqlalchemy-migrate==0.11.0
     - sqlparse==0.3.0
     - tempita==0.5.2

diff --git a/roles/tomcat/templates/server.xml.j2 b/roles/tomcat/templates/server.xml.j2
@@ -69,7 +69,7 @@
     <Connector port="8080" protocol="HTTP/1.1"
                connectionTimeout="20000"
                proxyPort="8080"
-               proxyName="{proxyName}"
+               proxyName="{{ hostname.self }}"
                server='X'
                redirectPort="8443" />
 
@@ -122,7 +122,7 @@
       -->
 
       <Realm className="org.apache.catalina.realm.MemoryRealm" pathname="/esg/config/tomcat/tomcat-users.xml">
-          <CredentialHandler className="org.apache.catalina.realm.MessageDigestCredentialHandler" algorithm="MD5" />
+          <CredentialHandler className="org.apache.catalina.realm.MessageDigestCredentialHandler" algorithm="SHA-256" />
       </Realm>
 
       <!-- Use the LockOutRealm to prevent attempts to guess user passwords