From b9c7de87c708a1e10b73a69694e1bdf1388b068f Mon Sep 17 00:00:00 2001 From: Patrick Hendriks Date: Wed, 24 Jul 2019 13:55:02 +0200 Subject: [PATCH] Deploy default anonymous auto login. ALLOW_ANONYMOUS in hosts can change this. --- database.yml | 2 +- roles/basevars/vars/main.yml | 6 +++--- roles/local/tasks/check-variables.yml | 1 + roles/mariadb/defaults/main.yml | 4 ++-- roles/nginx/vars/main.yml | 15 --------------- roles/web/tasks/set-default-values.yml | 2 ++ roles/web/vars/main.yml | 2 +- webserver.yml | 2 +- 8 files changed, 11 insertions(+), 23 deletions(-) diff --git a/database.yml b/database.yml index 49306f2..223e6b1 100644 --- a/database.yml +++ b/database.yml @@ -1,6 +1,6 @@ --- - name: deploy MariaDB and configure the databases - hosts: dbservers + hosts: dbserver remote_user: "{{ remote_privileged_user }}" become: yes diff --git a/roles/basevars/vars/main.yml b/roles/basevars/vars/main.yml index e28a3cf..1711086 100644 --- a/roles/basevars/vars/main.yml +++ b/roles/basevars/vars/main.yml @@ -1,16 +1,16 @@ --- -remote_user: root remote_privileged_user: root jiskefet_user: jiskefet -mysql_root_password: 'abd1516812' +mysql_root_password: abd1516812 jiskefet_api_general_settings: - TYPEORM_HOST: jiskefet-staging.cern.ch + TYPEORM_HOST: jiskefet-development.cern.ch TYPEORM_USERNAME: jiskefet TYPEORM_PASSWORD: Kaas TYPEORM_DATABASE: jiskefetdb JWT_SECRET_KEY: Kaas123 PORT: 3000 + USE_API_PREFIX: true jiskefet_api_optional_settings: TEST_DB_HOST: localhost TEST_DB_DATABASE: diff --git a/roles/local/tasks/check-variables.yml b/roles/local/tasks/check-variables.yml index 92dfd76..a72e863 100644 --- a/roles/local/tasks/check-variables.yml +++ b/roles/local/tasks/check-variables.yml @@ -44,6 +44,7 @@ # This only happens with the USE_CERN_SSO key. Workaround for now is to use the jinja2 lower filter. - { key: USE_CERN_SSO, value: "{{ USE_CERN_SSO | lower }}" } - { key: USE_API_BASE_PATH, value: "{{ jiskefet_api_general_settings.USE_API_BASE_PATH }}" } + - { key: USE_API_PREFIX, value: "{{ jiskefet_api_general_settings.USE_API_PREFIX }}" } - { key: TYPEORM_SYNCHRONIZE, value: "{{ jiskefet_api_general_settings.TYPEORM_SYNCHRONIZE }}" } - { key: TYPEORM_LOGGING, value: "{{ jiskefet_api_general_settings.TYPEORM_LOGGING }}" } - { key: USE_INFO_LOGGER, value: "{{ jiskefet_api_general_settings.USE_INFO_LOGGER }}" } diff --git a/roles/mariadb/defaults/main.yml b/roles/mariadb/defaults/main.yml index 70f22f6..2d30422 100644 --- a/roles/mariadb/defaults/main.yml +++ b/roles/mariadb/defaults/main.yml @@ -1,3 +1,3 @@ --- -mysql_root_password: -mysql_root_old_password: +mysql_root_password: abd1516812 +mysql_root_old_password: abd1516812 diff --git a/roles/nginx/vars/main.yml b/roles/nginx/vars/main.yml index fc24859..ed97d53 100644 --- a/roles/nginx/vars/main.yml +++ b/roles/nginx/vars/main.yml @@ -1,16 +1 @@ --- -jiskefet_oauth_settings: - CLIENT_ID: jiskefet-testing - CLIENT_SECRET: 1mkB4NSmSEEOWfeSna0iimaiR9DEI2d9WI4utfHg1zk1 - AUTH_REDIRECT_URI: https://{{ inventory_hostname }}/callback -jiskefet_cern_oauth_settings: - CERN_REGISTERED_URI: https://{{ inventory_hostname }}/callback -jiskefet_ui_settings: - API_URL: http://{{ inventory_hostname }}/api/ -allow_csp_payload: >- - "default-src 'self' http://{{ inventory_hostname }} https://{{ inventory_hostname }} - http://localhost:{{jiskefet_api_general_settings.PORT}} https://localhost:{{jiskefet_api_general_settings.PORT}} - https://github.com https://api.github.com; script-src 'self' https://use.fontawesome.com/releases/v5.3.1/js/all.js - https://github.com https://api.github.com; style-src 'self' 'unsafe-inline'; object-src 'none'; font-src 'self' - data: fonts.gstatic.com; img-src https://*.githubusercontent.com - http://{{ inventory_hostname }} https://{{ inventory_hostname }}" diff --git a/roles/web/tasks/set-default-values.yml b/roles/web/tasks/set-default-values.yml index 4c6ada1..401f0e0 100644 --- a/roles/web/tasks/set-default-values.yml +++ b/roles/web/tasks/set-default-values.yml @@ -62,8 +62,10 @@ TEST_DB_SYNCHRONIZE: "{{ jiskefet_api_optional_settings.TEST_DB_SYNCHRONIZE if ((jiskefet_api_optional_settings.TEST_DB_SYNCHRONIZE is defined) and (jiskefet_api_optional_settings.TEST_DB_SYNCHRONIZE | trim != '')) else 'true'}}" TEST_DB_LOGGING: "{{ jiskefet_api_optional_settings.TEST_DB_LOGGING if ((jiskefet_api_optional_settings.TEST_DB_LOGGING is defined) and (jiskefet_api_optional_settings.TEST_DB_LOGGING | trim != '')) else 'true'}}" jiskefet_ui_settings: + USE_API_PREFIX: true APPLICATION_NAME: "{{ jiskefet_ui_settings.APPLICATION_NAME if ((jiskefet_ui_settings.APPLICATION_NAME is defined) and (jiskefet_ui_settings.APPLICATION_NAME | trim != '')) else '{{ application_name }}' }}" FILE_UPLOAD_LIMIT: "{{ file_upload_limit }}" + ALLOW_ANONYMOUS: "{{ jiskefet_ui_settings.ALLOW_ANONYMOUS }}" delegate_to: "{{ item }}" with_items: - "{{ groups.all }}" diff --git a/roles/web/vars/main.yml b/roles/web/vars/main.yml index a426ba7..abbc8e7 100644 --- a/roles/web/vars/main.yml +++ b/roles/web/vars/main.yml @@ -1,7 +1,7 @@ --- use_hostname_as_remote_address: true use_local_repository: 'no' -deploy_environment: test +deploy_environment: prod remote_repository_url: JISKEFET_API: https://github.com/SoftwareForScience/jiskefet-api diff --git a/webserver.yml b/webserver.yml index 2d707b5..5773ac5 100644 --- a/webserver.yml +++ b/webserver.yml @@ -1,6 +1,6 @@ --- - name: configure and deploy the webservers and application code - hosts: webservers + hosts: webserver remote_user: "{{ remote_privileged_user }}" become: yes vars: