diff --git a/base-boxes/base-wildfly10-64-box/Vagrantfile b/base-boxes/base-wildfly10-64-box/Vagrantfile new file mode 100644 index 0000000000000000000000000000000000000000..d7367b1b7bc018e85c865c30a692af0c71809135 --- /dev/null +++ b/base-boxes/base-wildfly10-64-box/Vagrantfile @@ -0,0 +1,150 @@ +# -*- mode: ruby -*- +# vi: set ft=ruby : + +# Vagrantfile API/syntax version. Don't touch unless you know what you're doing! +VAGRANTFILE_API_VERSION = "2" + +Vagrant.configure(VAGRANTFILE_API_VERSION) do |config| + # All Vagrant configuration is done here. The most common configuration + # options are documented and commented below. For a complete reference, + # please see the online documentation at vagrantup.com. + + # Every Vagrant virtual environment requires a box to build off of. + # Every Vagrant virtual environment requires a box to build off of. + config.vm.box = "edu.psu/centos_base_64" + config.vm.box_url = "https://nexus.ci.psu.edu/repository/vagrant-boxes/base_centos_64/centos_base_64.json" + + # Disable automatic box update checking. If you disable this, then + # boxes will only be checked for updates when the user runs + # `vagrant box outdated`. This is not recommended. + # config.vm.box_check_update = false + + # Create a forwarded port mapping which allows access to a specific port + # within the machine from a port on the host machine. In the example below, + # accessing "localhost:8080" will access port 80 on the guest machine. + config.vm.network "forwarded_port", guest: 8080, host: 8080 + config.vm.network "forwarded_port", guest: 8787, host: 8787 + config.vm.network "forwarded_port", guest: 9990, host: 9990 + config.vm.network "forwarded_port", guest: 9999, host: 9999 + + # Create a private network, which allows host-only access to the machine + # using a specific IP. + config.vm.network "private_network", ip: "192.168.33.10", hostname: "vm" + + config.ssh.insert_key = false + + # Create a public network, which generally matched to bridged network. + # Bridged networks make the machine appear as another physical device on + # your network. + # config.vm.network "public_network" + + # If true, then any SSH connections made will enable agent forwarding. + # Default value: false + # config.ssh.forward_agent = true + + # Share an additional folder to the guest VM. The first argument is + # the path on the host to the actual folder. The second argument is + # the path on the guest to mount the folder. And the optional third + # argument is a set of non-required options. + # config.vm.synced_folder "../data", "/vagrant_data" + + # Provider-specific configuration so you can fine-tune various + # backing providers for Vagrant. These expose provider-specific options. + # Example for VirtualBox: + # + # config.vm.provider "virtualbox" do |vb| + # # Don't boot with headless mode + # vb.gui = true + # + # # Use VBoxManage to customize the VM. For example to change memory: + # vb.customize ["modifyvm", :id, "--memory", "1024"] + # end + # + # View the documentation for the provider you're using for more + # information on available options. + + config.vm.provider :virtualbox do |vb| + vb.customize ["modifyvm", :id, "--natdnshostresolver1", "on"] + end + + # Configure VM Ram usage + config.vm.provider :virtualbox do |vb| + vb.customize ["modifyvm", :id, "--memory", "512"] + end + + # Enable provisioning with a Shell script + # config.vm.provision :shell, path: "bootstrap.sh" + + # Enable provisioning with Ansible + config.vm.provision :ansible do |ansible| + ansible.playbook = "playbook.yml" + ansible.groups = { + "vagrant" => ["default"], + } + end + + + # Enable provisioning with CFEngine. CFEngine Community packages are + # automatically installed. For example, configure the host as a + # policy server and optionally a policy file to run: + # + # config.vm.provision "cfengine" do |cf| + # cf.am_policy_hub = true + # # cf.run_file = "motd.cf" + # end + # + # You can also configure and bootstrap a client to an existing + # policy server: + # + # config.vm.provision "cfengine" do |cf| + # cf.policy_server_address = "10.0.2.15" + # end + + # Enable provisioning with Puppet stand alone. Puppet manifests + # are contained in a directory path relative to this Vagrantfile. + # You will need to create the manifests directory and a manifest in + # the file default.pp in the manifests_path directory. + # + # config.vm.provision "puppet" do |puppet| + # puppet.manifests_path = "manifests" + # puppet.manifest_file = "default.pp" + # end + + # Enable provisioning with chef solo, specifying a cookbooks path, roles + # path, and data_bags path (all relative to this Vagrantfile), and adding + # some recipes and/or roles. + # + # config.vm.provision "chef_solo" do |chef| + # chef.cookbooks_path = "../my-recipes/cookbooks" + # chef.roles_path = "../my-recipes/roles" + # chef.data_bags_path = "../my-recipes/data_bags" + # chef.add_recipe "mysql" + # chef.add_role "web" + # + # # You may also specify custom JSON attributes: + # chef.json = { mysql_password: "foo" } + # end + + # Enable provisioning with chef server, specifying the chef server URL, + # and the path to the validation key (relative to this Vagrantfile). + # + # The Opscode Platform uses HTTPS. Substitute your organization for + # ORGNAME in the URL and validation key. + # + # If you have your own Chef Server, use the appropriate URL, which may be + # HTTP instead of HTTPS depending on your configuration. Also change the + # validation key to validation.pem. + # + # config.vm.provision "chef_client" do |chef| + # chef.chef_server_url = "https://api.opscode.com/organizations/ORGNAME" + # chef.validation_key_path = "ORGNAME-validator.pem" + # end + # + # If you're using the Opscode platform, your validator client is + # ORGNAME-validator, replacing ORGNAME with your organization name. + # + # If you have your own Chef Server, the default validation client name is + # chef-validator, unless you changed the configuration. + # + # chef.validation_client_name = "ORGNAME-validator" +end diff --git a/base-boxes/base-wildfly10-64-box/ansible.cfg b/base-boxes/base-wildfly10-64-box/ansible.cfg new file mode 100644 index 0000000000000000000000000000000000000000..920672630bcc61b5a7d60f6b7bb372e0d7e79530 --- /dev/null +++ b/base-boxes/base-wildfly10-64-box/ansible.cfg @@ -0,0 +1,3 @@ +[defaults] + +roles_path = ../../roles diff --git a/base-boxes/base-wildfly10-64-box/base-wildfly10-64.json b/base-boxes/base-wildfly10-64-box/base-wildfly10-64.json new file mode 100644 index 0000000000000000000000000000000000000000..c0cdac9c56b75e08f19e8c138a246438b13f3956 --- /dev/null +++ b/base-boxes/base-wildfly10-64-box/base-wildfly10-64.json @@ -0,0 +1,17 @@ +{ + "name": "edu.psu/base-wildfly10-64", + "description": "CentOS 6.x 64-bit with Wildfly10, Java 8", + "versions": [ + { + "version": "1.0.0", + "providers": [ + { + "name": "virtualbox", + "url": "https://nexus.ci.psu.edu/repository/vagrant-boxes/base-wildfly10-64/base-wildfly10-64_1_0_0.tar.gz", + "checksum_type": "sha1", + "checksum": "f67770d57241ce8809f8b6d7854d8a9fb74d679f" + } + ] + } + ] +} diff --git a/base-boxes/base-wildfly10-64-box/playbook.yml b/base-boxes/base-wildfly10-64-box/playbook.yml new file mode 100644 index 0000000000000000000000000000000000000000..a78b75ebb24c1a96b9ee3dae5f46baeac71bd055 --- /dev/null +++ b/base-boxes/base-wildfly10-64-box/playbook.yml @@ -0,0 +1,22 @@ +--- +# file: security_service.yml +- hosts: vagrant + sudo: yes + roles: + - { role: java8-64 } + - { role: postgresql } + - { role: wildfly10 } + - { role: mock_web_access } + - { role: properties_service } + - { role: swagger_ui } + - { role: deploy_prep } + + tasks: + - name: update build_vars with the list of roles executed. + lineinfile: "dest='/etc/ansible/facts.d/build_vars.fact' create=true regexp='[roles_provisioned]' line='[roles_provisioned]'" + - lineinfile: dest='/etc/ansible/facts.d/build_vars.fact' regexp=java8 line='java8=base-wildfly-10' + - lineinfile: dest='/etc/ansible/facts.d/build_vars.fact' regexp=postgresql line='postgresql=base-wildfly-10' + - lineinfile: dest='/etc/ansible/facts.d/build_vars.fact' regexp=wildfly10 line='wildfly10=base-wildfly-10' + - lineinfile: dest='/etc/ansible/facts.d/build_vars.fact' regexp=mock_web_access line='mock_web_access=base-wildfly-10' + - lineinfile: dest='/etc/ansible/facts.d/build_vars.fact' regexp=properties_service line='properties_service=base-wildfly-10' + - lineinfile: dest='/etc/ansible/facts.d/build_vars.fact' regexp=swagger_ui line='swagger_ui=base-wildfly-10' diff --git a/roles/java8-64/files/US_export_policy.jar b/roles/java8-64/files/US_export_policy.jar new file mode 100644 index 0000000000000000000000000000000000000000..251b102c57c076504ba818330e4fceb4509753d8 Binary files /dev/null and b/roles/java8-64/files/US_export_policy.jar differ diff --git a/roles/java8-64/files/local_policy.jar b/roles/java8-64/files/local_policy.jar new file mode 100644 index 0000000000000000000000000000000000000000..1c58939bf396afd6ff44a56f4578aed3d2ddf80a Binary files /dev/null and b/roles/java8-64/files/local_policy.jar differ diff --git a/roles/java8-64/tasks/main.yml b/roles/java8-64/tasks/main.yml new file mode 100644 index 0000000000000000000000000000000000000000..df2354d4aec4330de2cb61b664f28f6d7aa9d198 --- /dev/null +++ b/roles/java8-64/tasks/main.yml @@ -0,0 +1,21 @@ +--- +# roles/java8/tasks/main.yml + +- name: use yum to install the java8 package + yum: name=java-1.8.0-openjdk + state=latest + +# TODO: remove when java 8 has correct precedence +- name: double workaround for java 1.8 having abnormally low precedence and ansible alternatives task not working + shell: alternatives --install /usr/bin/java java /usr/lib/jvm/jre-1.8.0-openjdk.i386/bin/java 1800000 + +# TODO: remove when java 8 has correct precedence +- name: set current java alternative to java 1.8 + shell: alternatives --set java /usr/lib/jvm/jre-1.8.0-openjdk.x86_64/bin/java + +- name: copy Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files for SE8 + copy: src="{{ item }}" dest="/usr/lib/jvm/jre-1.8.0-openjdk.x86_64/lib/security" + with_items: + - local_policy.jar + - US_export_policy.jar +