Custom magick

.gitignore

@@ -1,5 +1,20 @@
+.DS_Store
 roles/fedora4/files/fcrepo-webapp-*.war
 roles/solr/files/solr-*.tgz
 hosts.yml
 admpriv.pem
 vars/common.yml
+*~undo-tree~
+vars/digital_archives.yml
+hosts.prod.yml
+roles/apache-shib/files/httpd/.htpasswd
+roles/apache-shib/files/inc-md-cert.pem
+roles/apache-shib/files/sp-cert.pem
+roles/apache-shib/files/sp-key.pem
+roles/apache-shib/files/shibboleth/metadata/OtherIdP-metadata.xml
+roles/apache-shib/files/ssl/archives.calstate.edu-intermediate.cer
+roles/apache-shib/files/ssl/archives.calstate.edu-private.key
+roles/apache-shib/files/ssl/archives.calstate.edu.cer
+roles/apache-shib/files/ssl/scholarworks.calstate.edu-intermediate.cer
+roles/apache-shib/files/ssl/scholarworks.calstate.edu-private.key
+roles/apache-shib/files/ssl/scholarworks.calstate.edu.cer

README.j2

@@ -135,7 +135,7 @@ FFmpeg is built with:
 |`hyrax_backups_directory` | The location where backup files will be created. | `{{ hyrax_backups_directory }}` |
 |`hyrax_database_pool_size` | The size of the database pool. | `{{ hyrax_database_pool_size }}` |
 |`hyrax_from_email_address ` | The email address to use for the from field when sending emails from Hyrax. | `{{ hyrax_from_email_address }}` |
-|`hyrax_postgresqldatabase_user_password` | **Secure.** The password used by hyrax to connect to Postgresql. | `{{ hyrax_postgresqldatabase_user_password }}` |
+|`hyrax_database_user_password` | **Secure.** The password used by hyrax to connect to Postgresql. | `{{ hyrax_database_user_password }}` |
 |`hyrax_secret_key_base` | **Secure.** The secret used by Rails for sessions etc. | `{{ hyrax_secret_key_base }}` |
 |`hyrax_smtp_address` | Rails smtp address. | `{{ hyrax_smtp_address }}` |
 |`hyrax_smtp_port` | Rails smtp port. | `{{ hyrax_smtp_port }}` |
@@ -203,5 +203,3 @@ vars_files:
 and per-distribution variable files to provide different variables for different distributions.
 
 **Secure**: Variables which should be different per-host and stored securely using Ansible Vaults or a tool like Hashicorp Vault. The test playbook insecurely puts these variables in `vars/common.yml`.
-
-

admpriv.enc.pem

@@ -0,0 +1,21 @@
+{
+	"data": "",
+	"sops": {
+		"kms": null,
+		"gcp_kms": null,
+		"azure_kv": null,
+		"hc_vault": null,
+		"age": null,
+		"lastmodified": "2023-04-21T19:26:06Z",
+		"mac": "ENC[AES256_GCM,data:hF5mJZgwgxXnHs420YiahqgDCHAUK4midspfUdt6DYb3ndPWkh0BetH2Ab7dagkXpwV/MSvt+itUQK5g+XVlcYsNwP3JrcyOv6IWzEShMzNkYlNTF3wSBkRfCXgWZ0ZGMxomcGwzKcAWtGG6mh6my+80mxqcxu8qxiCUiNwZq6w=,iv:CMrHa7/BfJ9DuJMEnYmIhx+wVkzvPB90FIoCwtJeqeQ=,tag:hlMEqpeNYHTaSSL3r0ZS/Q==,type:str]",
+		"pgp": [
+			{
+				"created_at": "2023-04-21T19:26:05Z",
+				"enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMA6iRwjpFsL9RAQ/+JFawZsWAeTHvHgkCx7piiDFhbMyn8eId2VlKsSHgeMrq\nJj7QyM/XU1uPdn/jg7IqT/BUSYXQRWwhXZGYP0kYrDePIOV+B14qQyBhI4g4M/M7\n5bFoAOKkqvRbUCUgFf9/QJJKvtvbktQyngWoYe1FIpeFK9tA56+P1Urt5cU76QdG\nFd1+gACXvPs61yq9dB6j2auVBNDk8AxM3T7ow2vGsNnADgMtiUsHUvj7JKQC4CHj\ncxJIPFB71wBzH3IXUe9iHIesPrgipnSzAHxc5DHEAHCPIaRApWZUFW3JSbKdh/aI\nqW6CtuzpbdnT1V9rTbWTDeZ05P4ArY2Fv9uL0i7fz7py2qU2HaPrq6yloapmkhdr\nwMz/I+imRCz65UYZJ9bbxVyxhbIdyF6OBaZmLLcYpPdmDYgUI//RCVcBpKch5wgB\neK4rHRPKde5Jsu+u1z/NOiZ/XV4cgOfie1U1Ay3Rzeo3FWUzShNJvu8YV6OTHNhL\np9j/8QKQm9mVu9SmCK+oN5ePJoifNAAYAwDuW9QGzmapjuEKjSnN4asS24e2oSV/\nUVAycDDXewlF258d17JbRrcRVorN8vqtZRoiQZwK+DNKZTWW0tc8pysZko0ywCpH\nRa+FZcKesxZR3XGpF3RBtJ5OG0aLpI3No4GDN7lOGAPeFY8ruqkUev9kj9TEr57S\nXAGmgWFwXee9F83XgKmqej4KJIyjAcAuCuZ+gp6wXjySYOfJdPJluQlDkF7KBpVv\ngMf3kFMV4ZuVfUp9SfImqyiavPibaVwvl9JelYkaJfgTegq221E/Wv50mfeP\n=z345\n-----END PGP MESSAGE-----\n",
+				"fp": "548DDC13CC38CDB20535D31582C17179ED64B855"
+			}
+		],
+		"unencrypted_suffix": "_unencrypted",
+		"version": "3.7.2"
+	}
+}

admpriv.pem.enc

@@ -1,21 +1,21 @@
 {
-	"data": "ENC[AES256_GCM,data:nMYxolLtRi+T3OlnEuBOTZm6mJBLK9qyW4FCjfcHgttvZ+Q/mYzgTpILoCGwUN6g0owIbrMb8idYXEG+ZAv/K5BiPLOKWiaE1lucvMfTdFlV2viOVo8hQ/0pOrXtOrYREsEiAJ1bq67u8l2xwhbFMbDCVBWtSfMQeKk1Xu++DDa3iqKIUxUgTclr2aBcHXy4La7Rfn7dkSkCGScpr412rwIlpZkuJRsPLH26XFOWCt+QOvk1WcW4H058bjYLX0MYxwuzn6L7JPegpRHG2CLWCjVDyE74XvtF3rnZzaYkU9SupB/ZIqVFfmtkflU9Hjgr9bIeU95K06VR81wMMFoxxan5p8PWax/bn6VVEaMnC9ZSD2koZOC8d4YXJ0EXgqVwzjLIv2ehf/lUnGwV1yuc+INqLJtFeYyldGxx/6wR5i3RsTsUvP9PxAlPaUugZVpeMH2AT8xyWGmdbQwUh1NYZyVB42gMVvrQ/RsRHOFn4vagQ5tA1p/45feFA71ycXcclLMc7TEHB3V4MpGPU9MT2uDdQN7eMwEQze2nsmTBkxVvoJGtQjqkCo4YhnMpeJAtEBsFaM3OcewbhyUTmusVya375l/xNDXUt8CKX0PJjZoKauFWYoqbmH/NHnDAPh9QDGVWR8f79Jjr0rKvHjm+dbcAplXlOxX/ZkLtX8WXtD0MQQIcKlOoClzmDghGkHHhNkv0dv9EPGO8XmWluNUZA+sW3gR2nCqX8pl3dt8nXrfLtNuPN13J56RiuErMUKkmwSD/L72cg+NVZ6manEPfLEcQUABouXp1cEUi5bz9fITLGlvcEOHZ+d73D3j2PoQxywR5YuH1XKlFsPyKcUmyot6cAO3fxjQdrpqJ+GEsi9PtbFtHIgQxe3w5JxA15MDQlIJmJHExSYVehd8Xo5zHYm0eSliwaeYxNyIwzQPZIzrYgqVof2wuUO2Yz8M8MtU7jtQdaYPQ+86VSDFX80a1n2t1mH/z/cgr0+w6Medhn3Q5aCs523j4B5aYvIg0jnYWOXTeRYzTB94dYD9t0ukTOst5YQhC/8vjTcku++1p4SeTBORJukzJQml7lQWjcHb6FHv2ye3UWa9CmB+o3/fG6vRNiE4eEVu4zIv/ob+n6U2Y1ao/8e8EU4lEMrSpKGCiPvHE5XCnTdbLrSNjIS+ag4gFL1TecajSsbpF4T12ifBGaBfF2SNsoQNVVPcoAreorRtaJm3ZH99VEC8UioPFOdrk3ub7tIUN/nM3/vA/po+E7mp7CK1nkk3/D3egsl2nMtLuw4YJx5ACp0OOxfRpxI2Gq2QmfkMPkRmuwuufw4hcTl+453hhC4TmxqsICRNJGvEsBqIVnJRaAZ3AKbV1nE7AlXhBgNb4/enwXgsFc5qPFTG5+P2BRyrsmECX86ev86hGwkKYeslSTkf3c3HjeZXSV/LMAWN+nDGmetsy4WWAL6exnjXiYOv79N3vwkPghAjMVrXL/ic4EoxVqGLqxo78pjNra69z/Khc2AeQ2ayudgGcUuwzJ/tMCpBQMCqxQ8LY/8DQ3Wi2U/l423GWrsqtZ/zQWaMKJ+R9gN3WBJJZ1nld0HIeKoETTocGnPYyhzGHPdz3lK6ZymVSAoGXNzmBx3Js9Oe96LHnWEpB991H5vP1o253ZLy+uPUcGsAJyVXB24FNOqqVGEtGstJ08mCCvGO7x/zMi5n84UXDDI8xtIX5mOTNBBU7mjDb1aUcWOcZ0z0gCOUCbC7jwicnovw4YFzHEH93LJHZSxjwl5v4B7lRabgWlyCJliXXnXle8KMvzm1JoFRT/2UH1QtVAdVekrt02zEtuqkDLsdNFkoUzmBlfvlchPB0Lgwy6grAJg9P01hnfcO1H+SNhGl873svXoGgheTSNC+ZjJ8BnE+USJlVmY/AaDErGXYC6KE4NBxku9G9gwJIvfVWeZWMGGQkRuFwdW+/vxJoq7aRxJXvYdbGgc7kQKabfErgwIoO4kFbn8dQVtLQXX/KKNObFJdOk54uy1xHohxUsl33CiEF/QvbGm5fpZC5REqD0EfzReSRrki8QGdRF2gUSQW+ruHPfKFqLFNUKxf1gE+6QH0vkiGGza3Jr0eyZvd1B2kjxLmbkkf3cYvfroik8ihsHh+lFNZJHKRyskrkN/5n4maZnJ2cIPt9EFNbU9WduIDsXuH2WeUi8YtgPMvw49hKWAjn3cu4X5uX046NM5mXim1ObAXzmi1z+B+vbgHBgq1p18R5iLW2jh78fy58mZOEzPHrc0Ow8N8Kal78+I3OxKRo/U9ZV+HtVQnuUWk=,iv:ZHeS5Vf+8QQlpPf4TxNP+jc1ZplgVNM9LgEFfGiZUuM=,tag:HV+tL+fqDhipEMMoaLzhpg==,type:str]",
+	"data": "",
 	"sops": {
 		"kms": null,
 		"gcp_kms": null,
 		"azure_kv": null,
 		"hc_vault": null,
 		"age": null,
-		"lastmodified": "2022-02-09T20:28:51Z",
-		"mac": "ENC[AES256_GCM,data:nZ1SAmvagzrFa8i2O3rrKHOJHMOtX+ThFBGKlD/cIJccKeeG2GHhWvNnru5XePydkbKQjGFocCCSvRI+i29RDyARMZkxXYoBhJMjibiTVQuuJhT132X45aU00bM96l3Ds8XsWAYoVrmIjzk8drsbX0IrhiM+AA/U2fhfpfdyWpM=,iv:a6BivPxMwmYmPZxp+rRwZKGczf6KPZ0LQhhhS+N3U7E=,tag:wTcz0aExdzFFivEFhKC/gg==,type:str]",
+		"lastmodified": "2023-04-06T21:27:12Z",
+		"mac": "ENC[AES256_GCM,data:g2751+SDLxlPELhIQ84kZ9EiTmkpAzuJGTQQKrpQcjRrsqMeNewvSeKaT3bAr7UDw9ntKxF6e60263bVFsqxDHi0bx2IVcqVAsVZGlFpv0PMnZm7epPEfAPcX+WLqIbQQwxgRpM4iL64PJpv2vC2ccMnOp+1Kp+EZOzJL1o3554=,iv:K9mn/RKbX4C6sM5SBcCLOAXsRHgsqCWgf8vFRA6xu8s=,tag:i2WxOfK8lZqiaEyxVVmWeA==,type:str]",
 		"pgp": [
 			{
-				"created_at": "2022-02-09T20:28:50Z",
-				"enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMA6iRwjpFsL9RAQ/+LwtOdvzZolbYECqctQ002SOT07iESsLqTnVFKywNha2n\nBsVgSR6ZKzjC+0e7+Qqf2vlROXV0OqMXKg90hvrMiddDbwQWBjH9tRxL5Yh/tuNo\nlG2lSJjj6nQp2gCq3qpwgTezTIajUxes2ro3klwD9a509MSgfrrWVuJa1F5HAq8z\n+4CTV9yBkzDYlbR8cmmQXcLnHfHyCRDS6SEoMLTN7jLi4nZyrpv37Duw5XsH/GWE\nPFyqoej4kbZRQ25Rfxl6w6tPlb6Fod82GeHS2Dp5llHYHEGZqONDwJTdYpk5Y9Dy\n1ZezUFeM7ooEe5DyoD3Z2SR9q2i85/PM9y4AsBGBtaB3vc2z7I7333jZMdTIeCGu\nDyByMklwHg8x+OxVDZ6uLKf0YTuJs2Ska6EZ23hKqUr9TDYH2Au+E9lQoHC9N6dJ\nWRjc3GJLKsoSJRwMxb8Gv5AUvqjBRtYB5+hZAYOP2LkGR5eFYur1vtg1hAtPqe1V\nMT7J36oXkBdF9rJq5Bjed24+S3ozew9Lq0+3UHtKx6RlZWn03wtEDcyd9bGKur2H\nMT0V6M2HFn1wdDeFOpJLa3WQsf6ugN4CNu1d3zaUgMsoAPdZ1h9EjKJzp5vUf0xV\nh5sgkKr5W4iyRlb2b9/nkG44UuLw/2VzmT77wohPFWulUJNbJO86FafGjIANwCnS\nXAH8QVlijuo0MsV7U7CTSNtjr2yCiLwLuoC0eveAImszPO16wa+PNpQ2T2gvE1Yt\nYjt6O8ko2mytc7umO7o499ieldxc6GJpETscxODaS09gIZoQEIiWQ6kjuJHC\n=wxYS\n-----END PGP MESSAGE-----\n",
+				"created_at": "2023-04-06T21:27:11Z",
+				"enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMA6iRwjpFsL9RAQ//V3Jb9gLoaKAcYvJIJheGVT5CIyRSaEIo/7IV+4uRFVOQ\n1zsoJLbWq8o+hE4ritncYIxIXckPXOnz9qnL18HFh5tS+KeVTRcPGXTynVPqa+sH\nEI04/oPbGu34VrcksM5l9RQKrKJJcG2aEtkcwFq5gXGg8vHkqPfO2JOLGWbLc3m+\njBTkC37XJUE8XA541A+j/qzNm11giDR5oJ+YPkAAWd+aOT6mhwbA1IAHLlk2i9US\nWGaUP3TL4JE2mtP34EcyxQjCfYM+VMLUHozVVDLmcJUqpVd2d4hJt+AAxA2UL4WO\nKgRGZGthtB/EsAs81erX0UbpWjQPWWESL2rDQ6xPyU5kmb2VMoh798L6yf62EZEr\n8slWln5rF337mUER38L3L6YcRsyROcaoLuVD8lLmP3AYYyOnPEhc5g75xy6OD7fW\nC2uT2/SMcsjX8IPV3lmFpPswPtIv2Rk2ubCt8owQ+GLWe0KUmmg3e2rdRtU+17Nm\n0NJPOh/FjKi0XSAU4b/7J/17nb9abt3iKy/mlYedBdNgX5pKj28fkahl1IEhSm6e\nAUhG4myGs3m3kE6DHAX3mSayNIYk7NfZq/l/926RP3tfrHPwxd+5CX8HZ4hBbrUh\nPQ21qjMRzBNUu7JRVgSuRYtmP7X/mQM+KDnQDSIlRKhlij0ng8eeClkvO27GQybS\nXAFWkMZO0ICrcO0qv32KjWCap0csLBuvcgx61ervB3cfrO6sW0+K3xgx72cDS1Wp\nAx50eyWsp9gzF/81onB2ssT9KGuo0Vo5GGuc8KUgehrVXVkQVYcktROsUYTC\n=J9DC\n-----END PGP MESSAGE-----\n",
 				"fp": "548DDC13CC38CDB20535D31582C17179ED64B855"
 			}
 		],
 		"unencrypted_suffix": "_unencrypted",
-		"version": "3.7.1"
+		"version": "3.7.2"
 	}
 }

hosts.prod.enc.yml

@@ -0,0 +1,56 @@
+all:
+    hosts:
+        fcrepo:
+            ansible_host: ENC[AES256_GCM,data:gqHsGADlHvfggR2olXk=,iv:+s06Pzc/RGaRUzLPpcd9UNwgdLVB7L2xrKmdCGUt8Y4=,tag:Sx0qQmvc7wn9Ct2J7bOe9g==,type:str]
+            ansible_user: ENC[AES256_GCM,data:2Y2V1DApDxY=,iv:GivVSbfh3ZW03j9KQ1o9dkoZkfvTIwrbKJmoe8Jib5Q=,tag:fWayOwF5kVWHVy+R7mLALw==,type:str]
+        solr:
+            ansible_host: ENC[AES256_GCM,data:uqWWw8TUDl8Wby1OIxg=,iv:oT2JVJ5GJuhwD2zvfgAYTGALKtW4O4il51lpeoR8ods=,tag:jujkEdiD6MzoioDOErCinw==,type:str]
+            ansible_user: ENC[AES256_GCM,data:DyMNQyXaWhI=,iv:y/2otIep0BPQevC3UQ/WW4/JdFPvXoiOmHb62IgCr78=,tag:gOlAfnqzcacYeqNiOlNYTQ==,type:str]
+        hyrax_0:
+            ansible_host: ENC[AES256_GCM,data:MWy4PX5KCs913rJw8Q==,iv:ExvXcErNlh6HfSBEu4pDhG0/RlRGbRDzAzW/kPZxgHQ=,tag:tveTV+xcxQOx7M/Z/V8nmA==,type:str]
+            ansible_user: ENC[AES256_GCM,data:ErgXRX1j1Ww=,iv:M+19+gZvQbiW8NlyUyUcmc+et2n0gg6RWMD6rjGiBiw=,tag:kRekLar7j4Msbmmny+Ogpg==,type:str]
+        hyrax_1:
+            ansible_host: ENC[AES256_GCM,data:zxgIKGByvIjJ4QLMXg==,iv:uz3g5zZGiMdrPeCxCmCNbnv0/YoK2WzU2OGIqIjqiTA=,tag:FNfva/LKFVVJCMTJTDiRjg==,type:str]
+            ansible_user: ENC[AES256_GCM,data:q/GxuD8HBQU=,iv:lPkyig4Sn2RAQZ2rjV6EByLLxIdZT9PRCvqTCfO30GE=,tag:W4g2GvX5bbkpG8BVPc6zYg==,type:str]
+        worker:
+            ansible_host: ENC[AES256_GCM,data:IPzr0vC3c+AFroih,iv:zgC2jz5kwtImHeEl2EE8MbBtnuydBMqidsA2jxuWSK4=,tag:bS520TUXh+pRmcj6WZhuCQ==,type:str]
+            ansible_user: ENC[AES256_GCM,data:EVXjiGFctRU=,iv:Z8wIywhzfHqiezn+qyvaorWPyBoYjjvjBC8n17PWJcU=,tag:ejqrGzxrMTyBoSNfpUZXPw==,type:str]
+digital_archives:
+    hosts:
+        digital_archives_hyrax_0:
+            ansible_host: ENC[AES256_GCM,data:dUbizL3jO2ifWRwFmg==,iv:/ILLPaYA9cuwgRqH4ynG172Sn5MsWznsEYu1DlbjZf8=,tag:JVRa3phCpy3KSjeXGxMiAQ==,type:str]
+            ansible_user: ENC[AES256_GCM,data:CxiGtZLOPC8=,iv:ywHAPImzczrc4cv5RtyFi4IEDGMlyzr4u5K+arQEjwc=,tag:JSfSR7d5JAUf3nyMSdfFyA==,type:str]
+        digital_archives_worker:
+            ansible_host: ENC[AES256_GCM,data:NcsD5irdPAST9+eU,iv:JsJJpQyYSkCW4GTy1jrgYt8lmjRW0XdYDRwagpac5vs=,tag:jLlBCMF45dfEz5LetK26iA==,type:str]
+            ansible_user: ENC[AES256_GCM,data:ldZUAkuTh08=,iv:USKXuzFXeWrvXXKQbpYEOT3FjYjEf8u9TSfdCt/C7UU=,tag:kAIvPbaiVSHO9Sv1XuI1Bg==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age: []
+    lastmodified: "2023-04-06T21:27:12Z"
+    mac: ENC[AES256_GCM,data:Ap/jU7MCIHDSPDIv1ko0oR+ftN1vGIHv11Tf8Vp7oTcNx+wrsuXuBGryoqHvZRAMw0GK1yKh8kSI0lPXbScAtJguOwyJuDwAkFm6gWfOX5GBqDVEzfA+UTHMZWDic2MzdrTxLNh2C+rFPDQUfHqDYChVQ+6mByah5Iv5HSokIrU=,iv:v+40PP+dqJxPBVjarUDi7AolVNZXj4m/+ySpgBy1eFk=,tag:tZ1GWSBjRxkxFSQgrz5KLw==,type:str]
+    pgp:
+        - created_at: "2023-04-06T21:27:12Z"
+          enc: |
+            -----BEGIN PGP MESSAGE-----
+
+            hQIMA6iRwjpFsL9RARAAgJU7QUP9skOXIBZB7ZMb+e0GchK1KycKJYLdED//m39l
+            2ndqO+ndCg1XK5/UNnpsV3NewrAjVyvfx+xT4qZyOSGneihfavAiC61JHpibpXBe
+            5+tscO7aVYVu23xGlEjgvybDf4Xsm3itFEJGcbtn59jA45Wqf6OX5hVsDXrSjP6r
+            844+kGsD/M8hk4AlPy8YXnpkmknVlPd608zzOVb6xoYoCWBpQ2xoXg8I2aG0KYzr
+            eqRFS734Hp68uXKTJRyy+fZz9eiOOmbDDMWX4kPrW3hLcAItXWGGd/h0y0Z8FA2Q
+            CnP6+0YnfM4hmhmmHwHFd3SI2AfmvCIbnePSWAkZlBpHiK8U9FoJs4yF/o7d15lW
+            OuNxqv6B5+hASu/o2dY86CbmxAUIF0SNLjQWCZC1t/c552bgRcLP1TMgsTou4OPx
+            wu40NF4WOHQrt6tWOwzRTi7gt3BqGLxaBw5dXQ35bT4Fq7cLUrIC85yDgkoME92Z
+            9f+uFOPxYI1jzOwmltXhTw+wQibqOIFcu2jhz6E5wI0EkiFjGH8waD/Gn4qIAWVf
+            H4GODzncNCWnTA+KcucRr/P5Jq4VheNNdRNZCit9OEQuC85pZdiEDuNmzRMhyGOY
+            5MJOIUBoW0100X/kmVuDJVO8rGqSAfmt1664e8Q/zBfLgnxDP5JovU2a9r84laDS
+            XgEJE9w//q5kShY62BP3lxfqWFA/6lmmm1PTJIfAyFKbJw90iETUGPvwamGoy3gQ
+            bpnk/PDFK0lsv2RHGQ/3V4XunLWYIehUudIbGrImCiT20iQirPBUdU1oHJ+pU5I=
+            =KOYF
+            -----END PGP MESSAGE-----
+          fp: 548DDC13CC38CDB20535D31582C17179ED64B855
+    unencrypted_suffix: _unencrypted
+    version: 3.7.2

hosts.prod.yml.enc

@@ -0,0 +1,56 @@
+all:
+    hosts:
+        fcrepo:
+            ansible_host: ENC[AES256_GCM,data:gqHsGADlHvfggR2olXk=,iv:+s06Pzc/RGaRUzLPpcd9UNwgdLVB7L2xrKmdCGUt8Y4=,tag:Sx0qQmvc7wn9Ct2J7bOe9g==,type:str]
+            ansible_user: ENC[AES256_GCM,data:2Y2V1DApDxY=,iv:GivVSbfh3ZW03j9KQ1o9dkoZkfvTIwrbKJmoe8Jib5Q=,tag:fWayOwF5kVWHVy+R7mLALw==,type:str]
+        solr:
+            ansible_host: ENC[AES256_GCM,data:uqWWw8TUDl8Wby1OIxg=,iv:oT2JVJ5GJuhwD2zvfgAYTGALKtW4O4il51lpeoR8ods=,tag:jujkEdiD6MzoioDOErCinw==,type:str]
+            ansible_user: ENC[AES256_GCM,data:DyMNQyXaWhI=,iv:y/2otIep0BPQevC3UQ/WW4/JdFPvXoiOmHb62IgCr78=,tag:gOlAfnqzcacYeqNiOlNYTQ==,type:str]
+        hyrax_0:
+            ansible_host: ENC[AES256_GCM,data:MWy4PX5KCs913rJw8Q==,iv:ExvXcErNlh6HfSBEu4pDhG0/RlRGbRDzAzW/kPZxgHQ=,tag:tveTV+xcxQOx7M/Z/V8nmA==,type:str]
+            ansible_user: ENC[AES256_GCM,data:ErgXRX1j1Ww=,iv:M+19+gZvQbiW8NlyUyUcmc+et2n0gg6RWMD6rjGiBiw=,tag:kRekLar7j4Msbmmny+Ogpg==,type:str]
+        hyrax_1:
+            ansible_host: ENC[AES256_GCM,data:zxgIKGByvIjJ4QLMXg==,iv:uz3g5zZGiMdrPeCxCmCNbnv0/YoK2WzU2OGIqIjqiTA=,tag:FNfva/LKFVVJCMTJTDiRjg==,type:str]
+            ansible_user: ENC[AES256_GCM,data:q/GxuD8HBQU=,iv:lPkyig4Sn2RAQZ2rjV6EByLLxIdZT9PRCvqTCfO30GE=,tag:W4g2GvX5bbkpG8BVPc6zYg==,type:str]
+        worker:
+            ansible_host: ENC[AES256_GCM,data:IPzr0vC3c+AFroih,iv:zgC2jz5kwtImHeEl2EE8MbBtnuydBMqidsA2jxuWSK4=,tag:bS520TUXh+pRmcj6WZhuCQ==,type:str]
+            ansible_user: ENC[AES256_GCM,data:EVXjiGFctRU=,iv:Z8wIywhzfHqiezn+qyvaorWPyBoYjjvjBC8n17PWJcU=,tag:ejqrGzxrMTyBoSNfpUZXPw==,type:str]
+digital_archives:
+    hosts:
+        digital_archives_hyrax_0:
+            ansible_host: ENC[AES256_GCM,data:dUbizL3jO2ifWRwFmg==,iv:/ILLPaYA9cuwgRqH4ynG172Sn5MsWznsEYu1DlbjZf8=,tag:JVRa3phCpy3KSjeXGxMiAQ==,type:str]
+            ansible_user: ENC[AES256_GCM,data:CxiGtZLOPC8=,iv:ywHAPImzczrc4cv5RtyFi4IEDGMlyzr4u5K+arQEjwc=,tag:JSfSR7d5JAUf3nyMSdfFyA==,type:str]
+        digital_archives_worker:
+            ansible_host: ENC[AES256_GCM,data:NcsD5irdPAST9+eU,iv:JsJJpQyYSkCW4GTy1jrgYt8lmjRW0XdYDRwagpac5vs=,tag:jLlBCMF45dfEz5LetK26iA==,type:str]
+            ansible_user: ENC[AES256_GCM,data:ldZUAkuTh08=,iv:USKXuzFXeWrvXXKQbpYEOT3FjYjEf8u9TSfdCt/C7UU=,tag:kAIvPbaiVSHO9Sv1XuI1Bg==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age: []
+    lastmodified: "2023-04-06T21:27:12Z"
+    mac: ENC[AES256_GCM,data:Ap/jU7MCIHDSPDIv1ko0oR+ftN1vGIHv11Tf8Vp7oTcNx+wrsuXuBGryoqHvZRAMw0GK1yKh8kSI0lPXbScAtJguOwyJuDwAkFm6gWfOX5GBqDVEzfA+UTHMZWDic2MzdrTxLNh2C+rFPDQUfHqDYChVQ+6mByah5Iv5HSokIrU=,iv:v+40PP+dqJxPBVjarUDi7AolVNZXj4m/+ySpgBy1eFk=,tag:tZ1GWSBjRxkxFSQgrz5KLw==,type:str]
+    pgp:
+        - created_at: "2023-04-06T21:27:12Z"
+          enc: |
+            -----BEGIN PGP MESSAGE-----
+
+            hQIMA6iRwjpFsL9RARAAgJU7QUP9skOXIBZB7ZMb+e0GchK1KycKJYLdED//m39l
+            2ndqO+ndCg1XK5/UNnpsV3NewrAjVyvfx+xT4qZyOSGneihfavAiC61JHpibpXBe
+            5+tscO7aVYVu23xGlEjgvybDf4Xsm3itFEJGcbtn59jA45Wqf6OX5hVsDXrSjP6r
+            844+kGsD/M8hk4AlPy8YXnpkmknVlPd608zzOVb6xoYoCWBpQ2xoXg8I2aG0KYzr
+            eqRFS734Hp68uXKTJRyy+fZz9eiOOmbDDMWX4kPrW3hLcAItXWGGd/h0y0Z8FA2Q
+            CnP6+0YnfM4hmhmmHwHFd3SI2AfmvCIbnePSWAkZlBpHiK8U9FoJs4yF/o7d15lW
+            OuNxqv6B5+hASu/o2dY86CbmxAUIF0SNLjQWCZC1t/c552bgRcLP1TMgsTou4OPx
+            wu40NF4WOHQrt6tWOwzRTi7gt3BqGLxaBw5dXQ35bT4Fq7cLUrIC85yDgkoME92Z
+            9f+uFOPxYI1jzOwmltXhTw+wQibqOIFcu2jhz6E5wI0EkiFjGH8waD/Gn4qIAWVf
+            H4GODzncNCWnTA+KcucRr/P5Jq4VheNNdRNZCit9OEQuC85pZdiEDuNmzRMhyGOY
+            5MJOIUBoW0100X/kmVuDJVO8rGqSAfmt1664e8Q/zBfLgnxDP5JovU2a9r84laDS
+            XgEJE9w//q5kShY62BP3lxfqWFA/6lmmm1PTJIfAyFKbJw90iETUGPvwamGoy3gQ
+            bpnk/PDFK0lsv2RHGQ/3V4XunLWYIehUudIbGrImCiT20iQirPBUdU1oHJ+pU5I=
+            =KOYF
+            -----END PGP MESSAGE-----
+          fp: 548DDC13CC38CDB20535D31582C17179ED64B855
+    unencrypted_suffix: _unencrypted
+    version: 3.7.2

install_da_hyrax_on_remote.yml

@@ -0,0 +1,13 @@
+---
+# Playbook for installing Hyrax IR Stack.
+- name: Install Digital Archives Hyrax on remote hosts.
+  hosts: digital_archives_hyrax_0
+  become: yes
+  vars_files:
+    - "vars/common.yml"
+    - "vars/{{ ansible_distribution }}.yml"
+    - "vars/digital_archives.yml"
+  roles:
+    - apache-shib
+    - hyrax
+    - notch8.ssh

install_da_worker_on_remote.yml

@@ -0,0 +1,12 @@
+---
+# Playbook for installing Hyrax IR Stack.
+- name: Install Digital Archives Worker on remote hosts.
+  hosts: digital_archives_worker
+  become: yes
+  vars_files:
+    - "vars/common.yml"
+    - "vars/{{ ansible_distribution }}.yml"
+    - "vars/digital_archives.yml"
+  roles:
+    - hyrax
+    - notch8.ssh

install_fcrepo_on_remote.yml

@@ -8,3 +8,4 @@
     - "vars/{{ ansible_distribution }}.yml"
   roles:
     - fedora4
+    - notch8.ssh

install_hyrax_on_remote.yml

@@ -1,10 +1,12 @@
 ---
 # Playbook for installing Hyrax IR Stack.
 - name: Install Hyrax on remote hosts.
-  hosts: hyrax
+  hosts: hyrax_0,hyrax_1
   become: yes
   vars_files:
     - "vars/common.yml"
     - "vars/{{ ansible_distribution }}.yml"
   roles:
+    - apache-shib
     - hyrax
+    - notch8.ssh

install_solr_on_remote.yml

@@ -8,3 +8,4 @@
     - "vars/{{ ansible_distribution }}.yml"
   roles:
     - solr
+    - notch8.ssh

install_worker_on_remote.yml

@@ -8,3 +8,4 @@
     - "vars/{{ ansible_distribution }}.yml"
   roles:
     - hyrax
+    - notch8.ssh

roles/apache-shib/files/default.conf

@@ -0,0 +1,44 @@
+#server {
+    #listen       80;
+    #server_name  localhost;
+
+    #charset koi8-r;
+    #access_log  /var/log/nginx/log/host.access.log  main;
+
+    #location / {
+    #    root   /usr/share/nginx/html;
+    #    index  index.html index.htm;
+    #}
+
+    #error_page  404              /404.html;
+
+    # redirect server error pages to the static page /50x.html
+    #
+    #error_page   500 502 503 504  /50x.html;
+    #location = /50x.html {
+    #    root   /usr/share/nginx/html;
+    #}
+
+    # proxy the PHP scripts to Apache listening on 127.0.0.1:80
+    #
+    #location ~ \.php$ {
+    #    proxy_pass   http://127.0.0.1;
+    #}
+
+    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
+    #
+    #location ~ \.php$ {
+    #    root           html;
+    #    fastcgi_pass   127.0.0.1:9000;
+    #    fastcgi_index  index.php;
+    #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
+    #    include        fastcgi_params;
+    #}
+
+    # deny access to .htaccess files, if Apache's document root
+    # concurs with nginx's one
+    #
+    #location ~ /\.ht {
+    #    deny  all;
+    #}
+#}