forked from smart-on-fhir/installer-legacy
-
Notifications
You must be signed in to change notification settings - Fork 0
/
main.yml
158 lines (133 loc) · 6.74 KB
/
main.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
---
# *** Main configuration file for the SMART-on-FHIR Installer ***
# To customize the SMART-on-FHIR stack, you can either edit the settings directly in
# this file or set up custom settings overrides (such as custom_settings.yml)
# The user account that will host the servers. If a user account of this name
# already exists on the system, the installer will not alter its credentials or
# authentication mechanism
username: fhir
userpass: secretpass
install_dir: "/home/{{username}}"
# Suppresses selective task execution (set this to true if you would like to
# force the playbook to always rebuild the servers and reload them)
force_rebuild: true
# By default Ansible will update the local copies of the servers code from
# the source repositories. Set this to "no" if you would rather not have the
# repositories updated on each run.
update_repositories: yes
# Settigs for Jetty and Oracle Java. You probably won't have to alter these
# unles you are switching to a different version of Jetty or Java
jetty_download_url: "http://repo1.maven.org/maven2/org/eclipse/jetty/jetty-runner/9.1.0.M0/jetty-runner-9.1.0.M0.jar"
java_home_dir: "/usr/lib/jvm/java-7-oracle"
# Database user configuration (used by the SMART-on-FHIR server)
postgres_user: "fhir"
postgres_password: "fhir"
postgresql_version: "9.5"
# Password for the Java keystore used by the authorization server (please change)
keystore_password: "changeme"
# When setting up SSL security for the various services, these settings will allow you to
# specify your own certificates instead of using self-signed certificates.
# See files/sample-certificates for the names of the certificate files expected by the script
use_custom_ssl_certificates: false
#custom_ssl_certificates_path: examples/certificates
# Controls whether HTTP requests on port 80 will be
# redirected to the server's base URLs
http_redirect: true
# The duration of an access token in the API server's cache before it needs to be revalidated
# with the authorization server (30m, 10s, etc)
token_cache_duration: "30m"
# General settings for the SMART-on-FHIR server (override as needed)
fhir_server_secure_http: false
fhir_server_host: "localhost"
fhir_server_port: 9080
fhir_server_client: client
fhir_server_password: secret
fhir_server_repo: "https://github.com/smart-on-fhir/api-server.git"
fhir_server_branch: "master"
fhir_server_name: "Local FHIR dev server"
# Specific settings for the SMART-on-FHIR server authorization behavior
fhir_server_use_auth: true
fhir_server_introspection_uri: "{{auth_server_base}}/introspect?token={token}"
fhir_server_register_uri: "{{auth_server_base}}/register"
fhir_server_authorize_uri: "{{auth_server_base}}/authorize"
fhir_server_token_uri: "{{auth_server_base}}/token"
# When set to true Ansible will not reset the SMART-on-FHIR database
fhir_server_preserve_db: false
# General settings for the applications server
app_server_secure_http: false
app_server_host: "localhost"
app_server_port: 9090
fhir_starter_repo: "https://github.com/smart-on-fhir/fhir-starter.git"
cardiac_risk_repo: "https://github.com/smart-on-fhir/cardiac-risk-app.git"
bp_centiles_repo: "https://github.com/smart-on-fhir/bp-centiles-app.git"
growth_chart_repo: "https://github.com/smart-on-fhir/growth-chart-app.git"
fhir_demo_app_repo: "https://github.com/smart-on-fhir/fhir-demo-app.git"
fhir_starter_branch: "master"
cardiac_risk_branch: "master"
bp_centiles_branch: "master"
growth_chart_branch: "master"
fhir_demo_app_branch: "master"
# To help circumvent some browser security troubles when mixing https and http
# content you may want to serve the sample apps on port 80 in parallel to
# your https port. Set this to true to trigger this functionality, but
# be careful not to use it in production as it may create unitended security
# holes in your infrastructure.
app_server_on_80: false
# General settings for the authorization server
auth_server_secure_http: false
auth_server_host: "localhost"
auth_server_port: 9085
auth_server_client: client
auth_server_password: secret
auth_server_repo: "https://github.com/smart-on-fhir/auth-server.git"
auth_server_branch: "smart-launch"
auth_ldap_server_repo: "https://github.com/smart-on-fhir/auth-server-ldap.git"
auth_ldap_server_branch: "smart-launch"
auth_server_war: auth-server-ldap/ldap-server-overlay/target/ldap-openid-connect-server.war
auth_server_data_context: "{{install_dir}}/auth-server/openid-connect-server-webapp/src/main/webapp/WEB-INF/data-context.xml"
auth_server_db_file: "{{install_dir}}/auth_server_db.hsql"
# When set to true Ansible will not reset the authorization server database
auth_server_preserve_db: false
# LDAP server configuration
ldap_server_host: "localhost"
ldap_server_base: "dc=example,dc=com"
ldap_server_uri: "ldap://{{ldap_server_host}}:389"
ldap_server_tls: false
# General settings for the sample patients set
sample_patients_repo: "https://github.com/smart-on-fhir/sample-patients.git"
sample_patients_branch: "master"
# choose how many sample patients to load in the server or set to 9999 for all of them
sample_patients_limit: 10
include_custom_patients: false
# Self-signed SSL certificates settings (if generating self-signed certificates)
auth_server_ssl_country: US
auth_server_ssl_province: MA
auth_server_ssl_locality: Boston
auth_server_ssl_organization: Example Company
auth_server_ssl_division: support
auth_server_ssl_email: [email protected]
fhir_server_ssl_country: "{{auth_server_ssl_country}}"
fhir_server_ssl_province: "{{auth_server_ssl_province}}"
fhir_server_ssl_locality: "{{auth_server_ssl_locality}}"
fhir_server_ssl_organization: "{{auth_server_ssl_organization}}"
fhir_server_ssl_division: "{{auth_server_ssl_division}}"
fhir_server_ssl_email: "{{auth_server_ssl_email}}"
app_server_ssl_country: "{{auth_server_ssl_country}}"
app_server_ssl_province: "{{auth_server_ssl_province}}"
app_server_ssl_locality: "{{auth_server_ssl_locality}}"
app_server_ssl_organization: "{{auth_server_ssl_organization}}"
app_server_ssl_division: "{{auth_server_ssl_division}}"
app_server_ssl_email: "{{auth_server_ssl_email}}"
# These are convenience variables with the generated base paths of the servers. You
# most likely will never have to touch these.
auth_server_base: "{{
'https' if auth_server_secure_http else 'http' }}://{{auth_server_host}}{{(
':'+auth_server_port|string) if auth_server_port|int not in (80,443) else ''}}"
app_server_base: "{{
'https' if app_server_secure_http else 'http'}}://{{app_server_host}}{{
(':'+app_server_port|string) if app_server_port|int not in (80,443) else ''}}"
fhir_server_base: "{{
'https' if fhir_server_secure_http else 'http'}}://{{fhir_server_host}}{{
(':'+fhir_server_port|string) if fhir_server_port|int not in (80,443) else ''}}"
# Additional parameters for the sample patient generator
sample_patients_generator_params: ""