Deploy default anonymous auto login. ALLOW_ANONYMOUS in hosts can cha…

…nge this.
SoftwareForScience · Jul 24, 2019 · b9c7de8 · b9c7de8
1 parent 06ef9dd
commit b9c7de8
Show file tree

Hide file tree

Showing 8 changed files with 11 additions and 23 deletions.
diff --git a/database.yml b/database.yml
@@ -1,6 +1,6 @@
 ---
 - name: deploy MariaDB and configure the databases
-  hosts: dbservers
+  hosts: dbserver
   remote_user: "{{ remote_privileged_user }}"
   become: yes
 

diff --git a/roles/basevars/vars/main.yml b/roles/basevars/vars/main.yml
@@ -1,16 +1,16 @@
 ---
-remote_user: root
 remote_privileged_user: root
 jiskefet_user: jiskefet
-mysql_root_password: 'abd1516812'
+mysql_root_password: abd1516812
 
 jiskefet_api_general_settings:
-  TYPEORM_HOST: jiskefet-staging.cern.ch
+  TYPEORM_HOST: jiskefet-development.cern.ch
   TYPEORM_USERNAME: jiskefet
   TYPEORM_PASSWORD: Kaas
   TYPEORM_DATABASE: jiskefetdb
   JWT_SECRET_KEY: Kaas123
   PORT: 3000
+  USE_API_PREFIX: true
 jiskefet_api_optional_settings:
   TEST_DB_HOST: localhost
   TEST_DB_DATABASE: 

diff --git a/roles/local/tasks/check-variables.yml b/roles/local/tasks/check-variables.yml
@@ -44,6 +44,7 @@
   # This only happens with the USE_CERN_SSO key. Workaround for now is to use the jinja2 lower filter.
     - { key: USE_CERN_SSO, value: "{{ USE_CERN_SSO | lower }}" }
     - { key: USE_API_BASE_PATH, value: "{{ jiskefet_api_general_settings.USE_API_BASE_PATH }}" }
+    - { key: USE_API_PREFIX, value: "{{ jiskefet_api_general_settings.USE_API_PREFIX }}" }
     - { key: TYPEORM_SYNCHRONIZE, value: "{{ jiskefet_api_general_settings.TYPEORM_SYNCHRONIZE }}" }
     - { key: TYPEORM_LOGGING, value: "{{ jiskefet_api_general_settings.TYPEORM_LOGGING }}" }
     - { key: USE_INFO_LOGGER, value: "{{ jiskefet_api_general_settings.USE_INFO_LOGGER }}" }

diff --git a/roles/mariadb/defaults/main.yml b/roles/mariadb/defaults/main.yml
@@ -1,3 +1,3 @@
 ---
-mysql_root_password:
-mysql_root_old_password:
+mysql_root_password: abd1516812
+mysql_root_old_password: abd1516812
diff --git a/roles/nginx/vars/main.yml b/roles/nginx/vars/main.yml
@@ -1,16 +1 @@
 ---
-jiskefet_oauth_settings:
-  CLIENT_ID: jiskefet-testing
-  CLIENT_SECRET: 1mkB4NSmSEEOWfeSna0iimaiR9DEI2d9WI4utfHg1zk1
-  AUTH_REDIRECT_URI: https://{{ inventory_hostname }}/callback
-jiskefet_cern_oauth_settings:
-  CERN_REGISTERED_URI: https://{{ inventory_hostname }}/callback
-jiskefet_ui_settings:
-  API_URL: http://{{ inventory_hostname }}/api/
-allow_csp_payload: >-
-  "default-src 'self' http://{{ inventory_hostname }} https://{{ inventory_hostname }}
-  http://localhost:{{jiskefet_api_general_settings.PORT}} https://localhost:{{jiskefet_api_general_settings.PORT}}
-  https://github.com https://api.github.com; script-src 'self' https://use.fontawesome.com/releases/v5.3.1/js/all.js
-  https://github.com https://api.github.com; style-src 'self' 'unsafe-inline'; object-src 'none'; font-src 'self'
-  data: fonts.gstatic.com; img-src https://*.githubusercontent.com
-  http://{{ inventory_hostname }} https://{{ inventory_hostname }}"
diff --git a/roles/web/tasks/set-default-values.yml b/roles/web/tasks/set-default-values.yml
@@ -62,8 +62,10 @@
       TEST_DB_SYNCHRONIZE: "{{ jiskefet_api_optional_settings.TEST_DB_SYNCHRONIZE if ((jiskefet_api_optional_settings.TEST_DB_SYNCHRONIZE is defined) and (jiskefet_api_optional_settings.TEST_DB_SYNCHRONIZE | trim != '')) else 'true'}}"
       TEST_DB_LOGGING: "{{ jiskefet_api_optional_settings.TEST_DB_LOGGING if ((jiskefet_api_optional_settings.TEST_DB_LOGGING is defined) and (jiskefet_api_optional_settings.TEST_DB_LOGGING | trim != '')) else 'true'}}"
     jiskefet_ui_settings:
+      USE_API_PREFIX: true
       APPLICATION_NAME: "{{ jiskefet_ui_settings.APPLICATION_NAME if ((jiskefet_ui_settings.APPLICATION_NAME is defined) and (jiskefet_ui_settings.APPLICATION_NAME | trim != '')) else '{{ application_name }}' }}"
       FILE_UPLOAD_LIMIT: "{{ file_upload_limit }}"
+      ALLOW_ANONYMOUS: "{{ jiskefet_ui_settings.ALLOW_ANONYMOUS }}"
   delegate_to: "{{ item }}"
   with_items:
     - "{{ groups.all }}"

diff --git a/roles/web/vars/main.yml b/roles/web/vars/main.yml
@@ -1,7 +1,7 @@
 ---
 use_hostname_as_remote_address: true
 use_local_repository: 'no'
-deploy_environment: test
+deploy_environment: prod
 
 remote_repository_url:
   JISKEFET_API: https://github.com/SoftwareForScience/jiskefet-api 

diff --git a/webserver.yml b/webserver.yml
@@ -1,6 +1,6 @@
 ---
 - name: configure and deploy the webservers and application code
-  hosts: webservers
+  hosts: webserver
   remote_user: "{{ remote_privileged_user }}"
   become: yes
   vars: