Ansible playbooks to deploy a fullblown geOrchestra instance
License: ISC License
geOrchestra is a complete Spatial Data Infrastructure solution.
It features a metadata catalog (GeoNetwork), an OGC server (GeoServer) with fine-grained access control (based on GeoFence), an advanced viewer and editor and many more (security and auth system based on proxy/CAS/LDAP, analytics, admin UIs, ...)
Please refer to the documentation for more information.
Hi,
the following file declared in the vars of georchestra postgresql is missing on github and the script fails:
https://raw.github.com/georchestra/georchestra/master/postgresql/04-ldapadmin.sql
Is it possible to re-enable it or to make it available somewhere else?
Thanks a lot.
Jean Pierre Huart
With the following vagrantfile:
VAGRANTFILE_API_VERSION = "2"
Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
config.vm.box = "wheezy"
config.vm.box_url = "https://github.com/jose-lpa/packer-debian_7.6.0/releases/download/1.0/packer_virtualbox-iso_virtualbox.box"
config.vm.network :public_network
config.vm.provision :ansible do |ansible|
ansible.playbook = "playbooks/georchestra.yml"
end
end
... I'm getting during provisioning:
[default] Running provisioner: ansible...
ERROR: apache2_module is not a legal parameter in an Ansible task or handler
Ansible failed to complete successfully. Any error output should be
visible above. Please fix these errors and try again.
I'm using ansible 1.5.4
TASK [postgresql : create georchestra user] ************************************
fatal: [mygeorchestra]: FAILED! => {"msg": "Failed to set permissions on the temporary files Ansible needs to create when becoming an unprivileged user (rc: 1, err: chown: changing ownership of '/var/tmp/ansible-tmp-1530692109.47-98572059002815/': Operation not permitted\nchown: changing ownership of '/var/tmp/ansible-tmp-1530692109.47-98572059002815/postgresql_user.py': Operation not permitted\n}). For information on working around this, see https://docs.ansible.com/ansible/become.html#becoming-an-unprivileged-user"}
Manually modified into:
127.0.0.1 {{ georchestra.fqdn }}
TASK [georchestra : force-disable recaptcha check] *****************************
fatal: [mygeorchestra]: FAILED! => {"changed": false, "msg": "Path /srv/tomcat/georchestra/webapps/console/WEB-INF/views/validation.jsp does not exist !", "rc": 257}
to reproduce:
target must be centos, ansible runs from ubuntu
place a .zip file on the target
verify unzip is installed on the target
call unarchive with remote_src: yes
will get failure:
fatal: [c6-bl-2]: FAILED! => {"changed": false, "failed": true, "msg": "Failed to find handler for "/tmp/ansible-tmp-1490881579.04-112291742753076/source". Make sure the required command
installed."}
Bonjour,
J'ai déployé georchestra via ansible.
J'ai un souci dans l'interface GeoServer (https://xxxxxx/geoserver/web/).
Lorsque je navigue dans les onglets ou en cliquant sur les boutons, j'obtiens une erreur 400.
État HTTP 400 – Requête invalide
Type Rapport d'état
message Origin does not correspond to request
description La requête envoyée par le client était syntaxiquement incorrecte.
Apache Tomcat/9.0.31 (Debian)
A chaque fois c'est une url du style xxxxxxPage?48-1.ILinkListener-charts-tabs~container-tabs-2-link qui est générée et cause l'erreur.
Auriez-vous une piste pour cerner le pb ?
Merci
Georges.
il n'est pas possible de s'authentifier :
http://localhost:8180/
Page Web inaccessible
ERR_CONNECTION_REFUSED
une idée ?
Hi All,
I’m getting below error while sudo’ing to mqadmin id while logging into remote linux machine..
While running the on Redhat server I get this below error
"module_stdout": "\r\nSorry, user mqadmin is not allowed to execute '/bin/sh -c echo BECOME-SUCCESS-frnjqhjiraruzyzodxgpwceqylxjkvbi; /usr/bin/python /var/tmp/ansible-tmp-1531448966.94-199117643620200/setup.py' as mqm on server1.\r\n",
"msg": "MODULE FAILURE",
"rc": 1
TASK [Gathering Facts] *******************************************************************************************************************************
fatal: [server1]: FAILED! => {"changed": false, "module_stderr": "Shared connection to servers1 closed.\r\n", "module_stdout": "\r\nSorry, user mqadmin is not allowed to execute '/bin/bash -c echo BECOME-SUCCESS-ylpnxkqhbsjmcvmbjwhecfwolywoucsv; /usr/bin/python /var/tmp/ansible-tmp-1531457721.05-98554963015284/setup.py' as mqm on server1.\r\n", "msg": "MODULE FAILURE", "rc": 1}
to retry, use: --limit @/etc/ansible/mq/mqver.retry
Pls help me to resolve this.
Thanks
Chinna
TASK [openldap : installing dependencies] **************************************
...
[DEPRECATION WARNING]: State 'installed' is deprecated. Using state 'present'
instead.. This feature will be removed in version 2.9. Deprecation warnings can
be disabled by setting deprecation_warnings=False in ansible.cfg.
Hello friends,
I deployed georchestra via last ansible scripts. The deployment is correctly carried out :)
However I have a problem when I use catalog.edit, I get this error:
runtime_exception Failed to compile stylesheet. 8 errors detected.TransformerConfigurationException
Could you help me please ?
Thank you in advance for your help.
Mak '
Bonjour,
J'ai installé sur une debian 9 "vierge" georchestra avec ansible, apres quelques petits reglages, l'installation s'est effectuée sans encombre, je peux me connecter et voir toutes les pages, sauf Catalogue (geonetwork) qui m'affiche le "header" avec Erreur 404 - Ressource introuvable.
Je n'ai pas fait qu'un seul essai, j'ai a chaque fois le même résultat.
La seule modif faite dans le fichier yml est le nom fqdn de la machine.
Cordialement,
Marc Fleck
Unistra - Geographie
TASK: [postgresql | create georchestra user] **********************************
fatal: [default] => Missing sudo password
FATAL: all hosts have already failed -- aborting
PLAY RECAP ********************************************************************
to retry, use: --limit @/home/fvanderbiest/georchestra.retry
default : ok=13 changed=12 unreachable=1 failed=0
Ansible failed to complete successfully. Any error output should be
visible above. Please fix these errors and try again.
TASK: [georchestra | checkout geonetwork datadir] *****************************
failed: [mygeorchestra] => {"cmd": "/usr/bin/git clone --origin origin --recursive --branch master https://github.com/georchestra/geonetwork_minimal_datadir /srv/data/geonetwork", "failed": true, "rc": 128}
stderr: fatal: destination path '/srv/data/geonetwork' already exists and is not an empty directory.
msg: fatal: destination path '/srv/data/geonetwork' already exists and is not an empty directory.
FATAL: all hosts have already failed -- aborting
georchestra: Running ansible-playbook...
PYTHONUNBUFFERED=1 ANSIBLE_FORCE_COLOR=true ANSIBLE_HOST_KEY_CHECKING=false ANSIBLE_SSH_ARGS='-o UserKnownHostsFile=/dev/null -o IdentitiesOnly=yes -o IdentityFile=/home/fvanderbiest/.vagrant.d/insecure_private_key -o ControlMaster=auto -o ControlPersist=60s' ansible-playbook --connection=ssh --timeout=30 --extra-vars=ansible_user='vagrant' --limit="mygeorchestra" --inventory-file=hosts --extra-vars={"ansible_ssh_host":"127.0.0.1","ansible_ssh_user":"vagrant","ansible_ssh_port":9999} -v playbooks/georchestra.yml
Using /home/fvanderbiest/workspace/georchestra/ansible/ansible.cfg as config file
[DEPRECATION WARNING]: [defaults]hostfile option, The key is misleading as it
can also be a list of hosts, a directory or a list of paths , use [defaults]
inventory=/path/to/file|dir instead. This feature will be removed in version
2.8. Deprecation warnings can be disabled by setting deprecation_warnings=False
in ansible.cfg.
When exporting and importing the vagrant-generated VM in another environment, we noticed that the keyboard layout is qwerty by default. This can be annoying...
We've had to change the XKBLAYOUT="us" line in /etc/default/keyboard.
Should we change the vagrantfile to take this into account or should this be taken care of by the ansible recipe ? Option 1 seems fine to me.
Hi,
on geochestra master SQL filenames have changed. This has an impact on configuration. Postgresql configuration
could be replace by
Not tried yet.
Regards
TASK: [georchestra | checkout geonetwork datadir] *****************************
failed: [default] => {"cmd": "/usr/bin/git clone --origin origin --recursive https://github.com/georchestra/geonetwork_minimal_datadir /srv/data/geonetwork", "failed": true, "rc": 128}
stderr: fatal: destination path '/srv/data/geonetwork' already exists and is not an empty directory.
msg: fatal: destination path '/srv/data/geonetwork' already exists and is not an empty directory.
FATAL: all hosts have already failed -- aborting
Once geOrchestra 14.12 is released, this will require us to add 2 more jobs in CI.
new stable...
[DEPRECATION WARNING]: ALLOW_WORLD_READABLE_TMPFILES option, moved to a per
plugin approach that is more flexible, use mostly the same config will work,
but now controlled from the plugin itself and not using the general constant.
instead. This feature will be removed from ansible-base in version 2.14.
Deprecation warnings can be disabled by setting deprecation_warnings=False in
ansible.cfg.
Hello,
I'm trying to deploy georchestra via ansible but I still get this message at the end of the script:
failed: [mygeorchestra] (item=dict_keys(['proxycas', 'georchestra', 'geoserver'])) => {"changed": false, "item": "dict_keys(['proxycas', 'georchestra', 'geoserver'])", "msg": "Could not find the requested service tomcat@dict_keys(['proxycas', 'georchestra', 'geoserver']): host"}
I have the impression that the tomcat services have not been created but I have no error message to that effect. Where did I get it wrong?
Thank you in advance for your help.
Mak '
https://packages.georchestra.org/debian/pool/main/g/georchestra-cadastrapp/ features 1.7 while we currently offer 1.3 by default:
ansible/playbooks/georchestra.yml
Line 27 in 7f5ebb7
Is there any reason why this is so ?
https://github.com/landryb/georchestra-ansible/blob/master/roles/apache/templates/global.conf.j2#L10
The doc says to load the deflate module and to
AddOutputFilterByType DEFLATE text/html text/plain text/xml application/xml text/css text/javascript application/javascript
As of today, setting logs_basedir: /srv/log has no effect: logs go to /tmp
eg:
Currently hardcoded:
roles/georchestra/templates/extractorapp/extractorapp.properties.j2:smtpHost=localhost
roles/georchestra/templates/extractorapp/extractorapp.properties.j2:smtpPort=25
roles/georchestra/templates/ldapadmin/ldapadmin.properties.j2:smtpHost=localhost
roles/georchestra/templates/ldapadmin/ldapadmin.properties.j2:smtpPort=25
Terranis might be interested in using sendgrid instead.
With up to date sources, and no local additions,
TASK: [postgresql | create georchestra user] **********************************
failed: [mygeorchestra] => {"failed": true}
msg: unable to connect to database: could not connect to server: No such file or directory
Is the server running locally and accepting
connections on Unix domain socket "/var/run/postgresql/.s.PGSQL.5432"?
FATAL: all hosts have already failed -- aborting
PLAY RECAP ********************************************************************
to retry, use: --limit @/home/fvanderbiest/georchestra.retry
mygeorchestra : ok=17 changed=14 unreachable=0 failed=1
Ansible failed to complete successfully. Any error output should be
visible above. Please fix these errors and try again.
When I use the playbook to install geOrchestra, I have errors with encoding character in console.
Encoding errors comes on all fields.
Step to reproduce :
Création new account with accent in name or any attribut :
Go to admin to validate account, user have good encoding char :
Before validate user :
After validate user and click on save :
Each time I try to update a user I have additional characters, samething on all element from console (User and Organisme)
Before click on save, information are OK in LDAP, after they are wrong.
I have the same console.war manually installed on a tomcat8/debian9 instance and I don't have this issue. I guess it comes from tomcat9 or debian10 but I can't manage to find what is the problem.
I had a look at currents issues in geOrchestra and find some interresting conversation, but no reason why this occured.
georchestra/georchestra#3049
georchestra/georchestra#3021
georchestra/georchestra#2996
georchestra/georchestra#2737
georchestra/georchestra#2693
Does anyone have the same error with this ansible playbook ?
To make apache work again I had to run:
vagrant@debian-jessie:~$ sudo a2dissite 000-default
Site 000-default disabled.
To activate the new configuration, you need to run:
service apache2 reload
Maybe a side effect of using
$ cat /etc/debian_version
8.4
This can be a real blocker, as we experienced it recently with @jpklipfel and @gryckelynck ... but they told me they finally succeeded.
TASK [postgresql : installing dependencies]
[DEPRECATION WARNING]: Invoking "apt" only once while using a loop via squash_actions
is deprecated. Instead of using a loop to supply multiple items and specifying `name: {{ item }}`,
please use `name: [u'postgresql-9.6-postgis-2.3', u'postgresql-9.6-postgis-2.3-scripts', u'postgresql-contrib-9.6', u'postgis']`
and remove the loop. This feature will be removed in version 2.11. Deprecation warnings can be
disabled by setting deprecation_warnings=False in ansible.cfg.
By default, I think that we should use GeoServer native's security.
the georchestra_shibd_wars dict seems to be mandatory. it is present test.yml but not in georchestra.yml.
perhaps should you add a shibd var (true or false) in order to use shibd or not ?
TASK: [tomcat | start instance] ***********************************************
changed: [default] => (item=proxycas)
failed: [default] => (item=georchestra) => {"failed": true, "item": "georchestra"}
msg: Starting Tomcat servlet engine: tomcat-georchestra failed!
failed: [default] => (item=geoserver) => {"failed": true, "item": "geoserver"}
msg: Starting Tomcat servlet engine: tomcat-geoserver failed!
Using xubuntu 14.04.5 LTS and after downloading the zip repo the ansible playbook did not run.
I used sudo with the default command and it didn't work.
The ansible book georchestra.yml was updated, mainly the hosts to localhost or local ip 127.0.0.1 but it returned the attached error triggered by openldap.
georchestrra.yml:
georchestra.txt
ansible terminal log:
ansible.txt
In tomcat geoserver context.xml file, one has to change <Context> into <Context useRelativeRedirects="false"> see https://github.com/georchestra/georchestra/tree/master/migrations/17.12#geoserver---notes-for-tomcat-users
2016-02-14 14:27:29 ws [ERROR] org.apache.commons.dbcp.SQLNestedException: Cannot create PoolableConnectionFactory (FATAL: password authentication failed for user "www-data")
when src and dest are not on the same device, the hard link creation fails.
in roles/georchestra/tasks/nativelibs.yml, we have :
question : is hard link necessary ?
MOD and GN not required anymore & useless since 18.06
TASK: [georchestra | unzip WARs] **********************************************
failed: [default] => (item={'key': 'catalogapp', 'value': {'url': 'catalogapp', 'job': 'georchestra-template', 'tomcat': 'georchestra'}}) => {"failed": true, "item": {"key": "catalogapp", "value": {"job": "georchestra-template", "tomcat": "georchestra", "url": "catalogapp"}}}
msg: Failed to find handler to unarchive. Make sure the required command to extract the file is installed.
Fixed with sudo apt-get install unzip in guest.
I tried to customize the ldap admin password in https://github.com/landryb/georchestra-ansible/blob/master/playbooks/georchestra.yml#L9 but this resulted in a failure to create the user.
(sorry, no logs for now ...)
In the main README, I added the following sentence: "Very recently, in June 2016, developments (which happen in geOrchestra's master branch for the 16.12 release) led to breaking changes in the LDAP data model, which, to date, have not been ported to this repository. There's currently no guarantee that the security system works if you deploy a geOrchestra SDI with this ansible recipe for the moment."
See georchestra/georchestra#1415
Maybe it's also time for branches in the current repository ?
Hello, it's not really an issue, but it could help for installation.
When launching playbook with another user than root, I got the error
UNREACHABLE! => {"changed": false, "msg": "Failed to connect to the host via ssh: Permission denied (publickey,password).\r\n", "unreachable": true
To solve this, just add ansible_ssh_user=root in the hosts file.
Regards
To run cadastrapp master, several tables are missing, eg script/commun/tables/prop_type_filiation.sql.
Tentative fix on 18.06 branch with ec44456
This is related with georchestra/cadastrapp@590b603
Pierre recommends using the system wide truststore instead of using a custom one for every tomcat.
This means:
openssl s_client -connect localhost:443/usr/local/share/ca-certificates/georchestra.crtupdate-ca-certificatesjavax.net.ssl.trustStore*Hello,
just to let you know.
I have used this playbook to install from a debian8 to a debian8 server and it worked perfectly.
I am know lanching ansible playbook from a Debian 9 to install georchestra on a remote debian8 server.
I had several issues that I'd like to share, to keep a trace.
First, default version of Ansible on debian 9, is not compatible with the georchestra playbook. Some module attributes have changed in recent Ansible version.
I have reinstall Ansible using https://linuxconfig.org/ansible-installation-on-debian-9-stretch-linux-from-source to be able to change version. Be carefull python version need as well to be changed via pip.
Then I didn't manage to make playbook working with a another user than root. Each time the ssh connection failed.
I have create an ssh passphrase with other users, but ansible failed to connect each time even in sudo.
If i add -vvvv to view the error we can see, there is no user set for connection
Using module file /usr/lib/python2.7/dist-packages/ansible/modules/core/system/setup.py <192.168.1.13> ESTABLISH SSH CONNECTION FOR USER: None <192.168.1.13> SSH: EXEC ssh -vvv -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=/home/pierre/.ansible/cp/ansible-ssh-%h-%p-%r 192.168.1.13 '/bin/sh -c '"'"'( umask 77 && mkdir -p " echo ~/.ansible/tmp/ansible-tmp-1509962416.62-118707537641112 " && echo ansible-tmp-1509962416.62-118707537641112=" echo ~/.ansible/tmp/ansible-tmp-1509962416.62-118707537641112 " ) && sleep 0'"'"''
Using root user, it works and we can see
<192.168.1.13> ESTABLISH SSH CONNECTION FOR USER: Root
Now, I have an other issue, when it try to install slap, it fails
I am working on the solution, I think it's because of python version. Here is the trace, it seems to be on unknow attribute SSL_ST_INIT for installation.
failed: [mygeorchestra] (item=[u'git', u'slapd', u'ldap-utils']) => { "failed": true, "invocation": { "module_name": "apt" }, "item": [ "git", "slapd", "ldap-utils" ], "module_stderr": "OpenSSH_7.4p1 Debian-10+deb9u1, OpenSSL 1.0.2l 25 May 2017\r\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\ndebug1: /etc/ssh/ssh_config line 19: Applying options for *\r\ndebug1: auto-mux: Trying existing master\r\ndebug2: fd 3 setting O_NONBLOCK\r\ndebug2: mux_client_hello_exchange: master version 4\r\ndebug3: mux_client_forwards: request forwardings: 0 local, 0 remote\r\ndebug3: mux_client_request_session: entering\r\ndebug3: mux_client_request_alive: entering\r\ndebug3: mux_client_request_alive: done pid = 6879\r\ndebug3: mux_client_request_session: session request sent\r\ndebug1: mux_client_request_session: master session id: 2\r\ndebug3: mux_client_read_packet: read header failed: Broken pipe\r\ndebug2: Received exit status from master 0\r\nShared connection to 192.168.1.13 closed.\r\n", "module_stdout": "Traceback (most recent call last):\r\n File \"/tmp/ansible_t4uEl_/ansible_module_apt.py\", line 208, in <module>\r\n from ansible.module_utils.urls import fetch_url\r\n File \"/tmp/ansible_t4uEl_/ansible_modlib.zip/ansible/module_utils/urls.py\", line 150, in <module>\r\n File \"/usr/lib/python2.7/dist-packages/urllib3/contrib/pyopenssl.py\", line 55, in <module>\r\n import OpenSSL.SSL\r\n File \"/usr/lib/python2.7/dist-packages/OpenSSL/__init__.py\", line 8, in <module>\r\n from OpenSSL import rand, crypto, SSL\r\n File \"/usr/lib/python2.7/dist-packages/OpenSSL/SSL.py\", line 105, in <module>\r\n SSL_ST_INIT = _lib.SSL_ST_INIT\r\nAttributeError: 'module' object has no attribute 'SSL_ST_INIT'\r\n", "msg": "MODULE FAILURE" }
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google ❤️ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.