Skip to content

Commit

Permalink
WRC130 Various small changes (#40)
Browse files Browse the repository at this point in the history
502 problem mitigation, new bucket policy and some variables
  • Loading branch information
mixmixmix authored Nov 27, 2024
1 parent bf48d19 commit 8ad6181
Show file tree
Hide file tree
Showing 5 changed files with 28 additions and 28 deletions.
3 changes: 2 additions & 1 deletion group_vars/all/all.yml
Original file line number Diff line number Diff line change
Expand Up @@ -142,4 +142,5 @@ who_authenticators: |-
ckan.lib.authenticator:UsernamePasswordAuthenticator
storage_class_name: "efs-client"
ckan_login_form_url: "/user/login"
ckan_login_form_view: "user.login"
ckan_cache_expires: "0"
2 changes: 1 addition & 1 deletion roles/ckan/templates/ckan/ckan-uwsgi.ini
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
[uwsgi]

http = :5000
http11-socket = :5000
http-keepalive = 1
http-auto-chunked = true
add-header = Connection: Keep-Alive
Expand Down
8 changes: 6 additions & 2 deletions roles/ckan/templates/ckan/ckan_production.ini
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,7 @@ beaker.session.secret = {{ ckan_beaker_secret }}
## https://github.com/ckan/ckan/issues/8547
## SESSION_TYPE = redis
## SESSION_COOKIE_NAME = ckan
## SESSION_PERMANENT = true
## SESSION_PERMANENT = true
## PERMANENT_SESSION_LIFETIME = 86400
# The secret token that is used for session management and other security related tasks as well
SECRET_KEY = {{ ckan_secret_key }}
Expand Down Expand Up @@ -91,6 +91,7 @@ ckan.auth.public_user_details = true
ckan.auth.public_activity_stream_detail = true
ckan.auth.allow_dataset_collaborators = {{ ckan_collaborators }}
ckan.auth.create_default_api_keys = false
ckan.auth.login_view = {{ ckan_login_form_view }}

## API Token Settings
api_token.nbytes = 60
Expand Down Expand Up @@ -122,6 +123,9 @@ solr_timeout = 60
# cors.origin_whitelist is a space separated list of allowed domains.
# ckan.cors.origin_whitelist = http://example1.com http://example2.com

## Cache settings that are set by CKAN core

ckan.cache_expires = {{ ckan_cache_expires }}

## Plugins Settings

Expand Down Expand Up @@ -224,7 +228,7 @@ ckan.hide_activity_from_users = {{ ckan_hide_activity_from_users }}
## Email settings

# email_to = {{ ckan_error_email_to }}
# error_email_from = {{ ckan_error_email_from }}
# error_email_from = {{ ckan_error_email_from }}
smtp.server = {{ ckan_smtp_server }}
smtp.starttls = {{ ckan_smtp_starttls }}
smtp.mail_from = {{ ckan_smtp_mail_from }}
Expand Down
9 changes: 4 additions & 5 deletions roles/ckan/templates/ckan/ckan_who.ini
Original file line number Diff line number Diff line change
Expand Up @@ -4,12 +4,11 @@ use = ckan.lib.repoze_plugins.auth_tkt:make_plugin
#secret = somesecret
[plugin:friendlyform]
use = ckan.lib.repoze_plugins.friendly_form:FriendlyFormPlugin
login_form_url={{ ckan_login_form_url }}
login_handler_path = /login_generic
logout_handler_path = /user/logout
login_handler_path = /login_generic #possibly deprecated in 2.10/2.11
logout_handler_path = /user/logout #possibly deprecated in 2.10/2.11
rememberer_name = auth_tkt
post_login_url = /user/logged_in
post_logout_url = /user/logged_out
post_login_url = /user/logged_in #possibly deprecated in 2.10/2.11
post_logout_url = /user/logged_out #possibly deprecated in 2.10/2.11
charset = utf-8
[general]
request_classifier = repoze.who.classifiers:default_request_classifier
Expand Down
34 changes: 15 additions & 19 deletions roles/setup-eks/templates/giftless_s3_policy.json
Original file line number Diff line number Diff line change
@@ -1,22 +1,18 @@
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": "*",
"Action": "s3:*",
"Resource": [
"arn:aws:s3:::{{ giftless_s3_bucket }}",
"arn:aws:s3:::{{ giftless_s3_bucket }}/*"
],
"Condition": {
"StringNotLike": {
"aws:userId": [
"{{ sso_admin_role_arn[0] }}*",
"{{ eks_worker_role_arn }}"
]
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": [
"{{ eks_worker_role_arn }}"
]
},
"Action": "s3:*",
"Resource": [
"arn:aws:s3:::{{ giftless_s3_bucket }}",
"arn:aws:s3:::{{ giftless_s3_bucket }}/*"
]
}
}
}
]
]
}

0 comments on commit 8ad6181

Please sign in to comment.