diff --git a/Jenkinsfile b/Jenkinsfile index f8d9f45d..ef8dd054 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -27,7 +27,7 @@ pipeline { changeset "molgenis8/**" } steps { - container('toolset') { + container('creator-ee') { dir('molgenis8') { script{ sh 'ansible-lint --force-color roles/*/*/main.yml' @@ -41,7 +41,7 @@ pipeline { changeset "molgenis9/**" } steps { - container('toolset') { + container('creator-ee') { dir('molgenis9') { script{ sh 'ansible-lint --force-color roles/*/*/main.yml' @@ -55,7 +55,7 @@ pipeline { changeset "molgenis10/**" } steps { - container('toolset') { + container('creator-ee') { dir('molgenis10') { script{ sh 'ansible-lint --force-color roles/*/*/main.yml' @@ -69,7 +69,7 @@ pipeline { changeset "armadillo1/**" } steps { - container('toolset') { + container('creator-ee') { dir('armadillo1') { script { sh 'ansible-lint --force-color roles/*/*/main.yml' @@ -90,7 +90,7 @@ pipeline { changeset "molgenis8/**" } steps { - container('toolset') { + container('creator-ee') { dir('molgenis8') { script { sh 'ansible-lint --force-color roles/*/*/main.yml' @@ -107,7 +107,7 @@ pipeline { changeset "molgenis9/**" } steps { - container('toolset') { + container('creator-ee') { dir('molgenis9') { script { sh 'ansible-lint --force-color roles/*/*/main.yml' @@ -124,7 +124,7 @@ pipeline { changeset "molgenis10/**" } steps { - container('toolset') { + container('creator-ee') { dir('molgenis10') { script { sh 'ansible-lint --force-color roles/*/*/main.yml' @@ -141,7 +141,7 @@ pipeline { changeset "armadillo1/**" } steps { - container('toolset') { + container('creator-ee') { dir('armadillo1') { script { sh 'ansible-lint --force-color roles/*/*/main.yml' diff --git a/molgenis10/README.md b/molgenis10/README.md index 041b7eaf..d24bf81a 100644 --- a/molgenis10/README.md +++ b/molgenis10/README.md @@ -1,7 +1,7 @@ # Ansible Collection - molgenis.molgenis10 ## Migration from Molgenis9 (molgenis 9.1.y) -Molgenis 10.x.y uses elasticsearch 7 +Molgenis 10.x.y uses elasticsearch 7. See playbook_upgrade_from_9.yml below. diff --git a/molgenis10/galaxy.yml b/molgenis10/galaxy.yml index 746142e4..89318537 100644 --- a/molgenis10/galaxy.yml +++ b/molgenis10/galaxy.yml @@ -9,7 +9,7 @@ namespace: molgenis name: molgenis10 # The version of the collection. Must be compatible with semantic versioning -version: 10.0.5 +version: 10.0.6 # The path to the Markdown (.md) readme file. This path is relative to the root of the collection readme: README.md diff --git a/molgenis10/playbook.yml b/molgenis10/playbook.yml index 54b1b460..2ecfc923 100644 --- a/molgenis10/playbook.yml +++ b/molgenis10/playbook.yml @@ -31,6 +31,8 @@ access_key: "{{ minio.access_key }}" secret_key: "{{ minio.secret_key }}" - role: tomcat + vars: + tomcat_version: 9.0.64 - role: molgenis_user - role: molgenis_application - role: nginx diff --git a/molgenis10/roles/minio/meta/main.yml b/molgenis10/roles/minio/meta/main.yml index ec66015b..6ed4abe0 100644 --- a/molgenis10/roles/minio/meta/main.yml +++ b/molgenis10/roles/minio/meta/main.yml @@ -5,7 +5,7 @@ galaxy_info: description: Minio file storage, used to get data into the federated platform company: MOLGENIS license: LGPL - min_ansible_version: 1.2 + min_ansible_version: 2.7.9 platforms: - name: EL versions: diff --git a/molgenis10/roles/nginx/README.md b/molgenis10/roles/nginx/README.md index ffe4dbd8..54e5182d 100644 --- a/molgenis10/roles/nginx/README.md +++ b/molgenis10/roles/nginx/README.md @@ -1 +1 @@ -The nginx role creates a proxy that listens on port tcp/80 and forwards that traffic either to molgenis running tomcat (backend) or the remote unpkg.com server for the frontend components. +The nginx role creates a proxy that listens on port tcp/80 and forwards that traffic either to molgenis running tomcat (backend) or the remote unpkg.com server for the frontend components. The molgenis-theme frontend needs to be proxy-passed from unpkg otherwise the icons within it will not load properly. So all frontends are redirected except the molgenis-theme that nginx needs to proxy pass. On Ubuntu 22.04 the new OpenSSL >= 3.0.0 will not work properly with old unkpg.com server, we have a workaround in place on a local mirror server unpkg.molgeniscloud.org. diff --git a/molgenis10/roles/nginx/tasks/main.yml b/molgenis10/roles/nginx/tasks/main.yml index 2e60e25c..9d6154b3 100644 --- a/molgenis10/roles/nginx/tasks/main.yml +++ b/molgenis10/roles/nginx/tasks/main.yml @@ -26,6 +26,15 @@ src: molgenis.j2 dest: /etc/nginx/default.d/molgenis.conf mode: '0644' + when: not ( ansible_distribution == "Ubuntu" and ansible_distribution_major_version == '22' ) + notify: "restart nginx" + +- name: Install special molgenis frontend config for OpenSSL 3.x servers + ansible.builtin.template: + src: molgenis_openssl3.j2 + dest: /etc/nginx/default.d/molgenis.conf + mode: '0644' + when: ansible_distribution == "Ubuntu" and ansible_distribution_major_version == '22' notify: "restart nginx" - name: Register project from molgenis-server.properties diff --git a/molgenis10/roles/nginx/templates/molgenis.j2 b/molgenis10/roles/nginx/templates/molgenis.j2 index 75bce326..80c2e262 100644 --- a/molgenis10/roles/nginx/templates/molgenis.j2 +++ b/molgenis10/roles/nginx/templates/molgenis.j2 @@ -1,3 +1,5 @@ +# Only the theme is proxied, the rest is all retrieved from unpkg.com by clients browser + location / { proxy_pass http://localhost:8080; client_max_body_size 0; @@ -7,15 +9,26 @@ location / { proxy_http_version 1.1; } + +location /@molgenis-ui/molgenis-theme{ + # This is required because of the theme css being dependant on a relative url to images: 'url("/img/icons-rtl.gif")' which will otherwise be resolved as 'url("https://unpkg.com/img/icons-rtl.gif")' + + proxy_pass https://unpkg.com/@molgenis-ui/molgenis-theme; + {% for app in frontend.proxy0[frontend.version] -%} + rewrite ^/@molgenis-ui/{{- app.split('@')[0] }}/(.*) /@molgenis-ui/{{- app }}/$1; + {% endfor %} + + # do not cache these redirects too long + expires 60m; +} + location /@molgenis-ui{ {% for app in frontend.proxy[frontend.version] -%} - rewrite ^/@molgenis-ui/{{- app.split('@')[0] }}/(.*) https://unpkg.com/@molgenis-ui/{{- app }}/$1 redirect; + rewrite ^/@molgenis-ui/{{- app.split('@')[0] }}/(.*) https://unpkg.com/@molgenis-ui/{{- app }}/$1 redirect; {% endfor %} # extra special frontends below - # do not cache these redirects too long - expires 10m; } {% if frontend.proxy2[frontend.version] is defined -%} @@ -25,7 +38,5 @@ location /@molgenis/ { rewrite ^/@molgenis/{{- app.split('@')[0] }}(/(.*))?$ https://unpkg.com/@molgenis/{{- app }}$1 redirect; {% endfor %} - # do not cache these redirects too long - expires 10m; } {% endif %} diff --git a/molgenis10/roles/nginx/templates/molgenis_openssl3.j2 b/molgenis10/roles/nginx/templates/molgenis_openssl3.j2 new file mode 100644 index 00000000..6feb1af0 --- /dev/null +++ b/molgenis10/roles/nginx/templates/molgenis_openssl3.j2 @@ -0,0 +1,44 @@ +# Special config for OpenSSL >= 3.0.0 servers +# Nginx proxy passes to unpkg.com fail over https due to OpenSSl incompatibility +# Only the theme is proxied, the rest is all retrieved from unpkg.com by clients browser + +location / { + proxy_pass http://localhost:8080; + client_max_body_size 0; + proxy_read_timeout 600s; + proxy_redirect http://localhost:8080/ $scheme://$host/; + proxy_set_header Host $host; + proxy_http_version 1.1; +} + +location /@molgenis-ui/molgenis-theme{ + # This is required because of the theme css being dependant on a relative url to images: 'url("/img/icons-rtl.gif")' which will otherwise be resolved as 'url("https://unpkg.com/img/icons-rtl.gif")' + # Needs to use our own theme/unpkg mirror + + proxy_pass https://unpkg.molgeniscloud.org/@molgenis-ui/molgenis-theme; + {% for app in frontend.proxy0[frontend.version] -%} + rewrite ^/@molgenis-ui/{{- app.split('@')[0] }}/(.*) /@molgenis-ui/{{- app }}/$1; + {% endfor %} + + # do not cache these redirects too long + expires 60m; +} + +location /@molgenis-ui{ + + {% for app in frontend.proxy[frontend.version] -%} + rewrite ^/@molgenis-ui/{{- app.split('@')[0] }}/(.*) https://unpkg.com/@molgenis-ui/{{- app }}/$1 redirect; + {% endfor %} + # extra special frontends below + +} + +{% if frontend.proxy2[frontend.version] is defined -%} +location /@molgenis/ { + + {% for app in frontend.proxy2[frontend.version] -%} + rewrite ^/@molgenis/{{- app.split('@')[0] }}(/(.*))?$ https://unpkg.com/@molgenis/{{- app }}$1 redirect; + {% endfor %} + +} +{% endif %} diff --git a/molgenis10/roles/postgres_11/handlers/main.yml b/molgenis10/roles/postgres_11/handlers/main.yml index 9b64b257..d427ac75 100644 --- a/molgenis10/roles/postgres_11/handlers/main.yml +++ b/molgenis10/roles/postgres_11/handlers/main.yml @@ -1,6 +1,6 @@ --- - name: restart postgresql service on Centos - service: + ansible.builtin.service: name: postgresql-11 state: restarted listen: "restart postgresql" @@ -8,7 +8,7 @@ - ansible_distribution == 'CentOS' - name: restart postgresql service on Ubuntu - service: + ansible.builtin.service: name: postgresql state: restarted listen: "restart postgresql" diff --git a/molgenis10/roles/swap/tasks/main.yml b/molgenis10/roles/swap/tasks/main.yml index b89af2d2..04391d7d 100644 --- a/molgenis10/roles/swap/tasks/main.yml +++ b/molgenis10/roles/swap/tasks/main.yml @@ -1,6 +1,6 @@ --- - name: set swap_file variable - set_fact: + ansible.builtin.set_fact: swap_file: /swapfile.swap - name: check if swap file exists diff --git a/molgenis10/roles/tomcat/tasks/main.yml b/molgenis10/roles/tomcat/tasks/main.yml index d4ba0b0a..5088ad4e 100644 --- a/molgenis10/roles/tomcat/tasks/main.yml +++ b/molgenis10/roles/tomcat/tasks/main.yml @@ -14,12 +14,12 @@ - name: Register if tomcat is already there ansible.builtin.stat: - path: /usr/share/apache-tomcat-9.0.59/ + path: /usr/share/apache-tomcat-{{ tomcat_version }}/ register: tomcat_already_there - name: Install Tomcat from source - unarchive: - src: "https://archive.apache.org/dist/tomcat/tomcat-9/v9.0.59/bin/apache-tomcat-9.0.59.tar.gz" + ansible.builtin.unarchive: + src: "https://archive.apache.org/dist/tomcat/tomcat-9/v{{ tomcat_version }}/bin/apache-tomcat-{{ tomcat_version }}.tar.gz" dest: "/usr/share/" owner: tomcat group: molgenis @@ -28,13 +28,13 @@ - name: Register if first install tomcat ansible.builtin.stat: - path: /usr/share/apache-tomcat-9.0.59/webapps/examples + path: /usr/share/apache-tomcat-{{ tomcat_version }}/webapps/examples register: tomcat_first_install - name: Delete default folders tomcat webapps directory ansible.builtin.file: state: absent - path: "/usr/share/apache-tomcat-9.0.59/webapps/{{ item }}" + path: "/usr/share/apache-tomcat-{{ tomcat_version }}/webapps/{{ item }}" with_items: - ROOT - docs @@ -45,26 +45,26 @@ - name: create softlink to tomcat logs ansible.builtin.file: - src: /usr/share/apache-tomcat-9.0.59/logs + src: /usr/share/apache-tomcat-{{ tomcat_version }}/logs dest: /var/log/tomcat state: link - name: create softlink to tomcat conf ansible.builtin.file: - src: /usr/share/apache-tomcat-9.0.59/conf + src: /usr/share/apache-tomcat-{{ tomcat_version }}/conf dest: /etc/tomcat state: link - name: create softlink to tomcat shortname ansible.builtin.file: - src: /usr/share/apache-tomcat-9.0.59 + src: /usr/share/apache-tomcat-{{ tomcat_version }} dest: /usr/share/tomcat state: link - name: Install molgenis server.xml file for tomcat ansible.builtin.copy: src: server.xml - dest: /usr/share/apache-tomcat-9.0.59/conf/server.xml + dest: /usr/share/apache-tomcat-{{ tomcat_version }}/conf/server.xml mode: '0644' - name: Install systemctl services file for tomcat