1
0
mirror of https://github.com/ansible/awx.git synced 2024-10-31 23:51:09 +03:00
Commit Graph

55 Commits

Author SHA1 Message Date
Christian Adams
2329c1b797 Add rsyslog config to container from file for consistency 2020-04-13 11:43:59 -04:00
Christian Adams
4d5507d344 Add default rsyslog.conf without including /etc/rsyslog.conf 2020-04-13 11:43:59 -04:00
Shane McDonald
c0af3c537b Configure rsyslog to listen over a unix domain socket instead of a port
- Add a placeholder rsyslog.conf so it doesn't fail on start
 - Create access restricted directory for unix socket to be created in
 - Create RSyslogHandler to exit early when logging socket doesn't exist
 - Write updated logging settings when dispatcher comes up and restart rsyslog so they  take effect
 - Move rsyslogd to the web container and create rpc supervisor.sock
 - Add env var for supervisor.conf path
2020-04-13 11:43:59 -04:00
Christian Adams
955d57bce6 Upstream rsyslog packaging changes
- add rsyslog repo to Dockerfile for AWX installation
 - Update Library Notes for requests-futures removal
2020-04-13 11:43:59 -04:00
Shane McDonald
bb319136e4
Merge pull request #6585 from shanemcd/cleanup-cleanup
Tidy up the dev environment a bit
2020-04-06 13:09:39 -04:00
Shane McDonald
6fc815937b
Tidy up the dev environment a bit 2020-04-06 11:13:51 -04:00
chris meyers
37a715c680 use memcached unix domain socket rather than tcp 2020-04-06 08:35:12 -04:00
chris meyers
770b457430
redis socket support 2020-03-18 16:10:19 -04:00
chris meyers
e94bb44082
replace rabbitmq with redis
* local awx docker-compose and image build only.
2020-03-18 16:10:17 -04:00
chris meyers
0b3e2cc7e3 pin virtualenv < 20 for awx_web builds 2020-02-11 08:43:26 -05:00
Shane McDonald
3f57061509
Add packages missing from base images
Related:

- https://github.com/ansible/awx/issues/5770
- https://github.com/ansible/awx/issues/5724
2020-02-07 13:06:42 -05:00
AlanCoding
d2289fe9c6
add pycurl to container images 2020-02-04 14:41:51 -05:00
Sven-Hendrik Haase
4c32faa448
Use more modern version of OpenShift client
3.9 is pretty old by now.
2019-11-19 13:29:06 +01:00
Andrea Galbusera
1198c067b2
ensure "create_preload_data" is honored in docker-compose deployments
Use a templated version of launch_awx_task.sh which conditionally preloads
sample data according to create_preload_data value.
2019-11-12 10:44:27 -05:00
Shane McDonald
089bafa5d4
Set setuid bit on bwrap
Related: https://github.com/ansible/awx/issues/5224
2019-11-04 11:10:09 -05:00
Shane McDonald
69597c5654
Sync Dockerfiles 2019-11-01 08:38:37 -04:00
Shane McDonald
c019d873b9
Update AWX images to CentOS 8 2019-10-30 16:43:23 -04:00
Shane McDonald
28994d4b0b
Install oc and kubectl in upstream task image 2019-10-30 12:15:51 -04:00
Raphaël COMBEAU
712b07c136
Improve usage of ssl_certificate in local_docker
Remove nginx.conf from container

Move nginx outside ssl_certificate block
2019-10-28 17:37:14 -04:00
Christian Adams
19a6c70858 remove cruft leftover from the postgresql upgrade 2019-10-03 14:43:56 -04:00
softwarefactory-project-zuul[bot]
778b306208
Merge pull request #4824 from rooftopcellist/scl_in_containers
Add needed scl enables for community container installs

Reviewed-by: https://github.com/apps/softwarefactory-project-zuul
2019-09-26 19:40:21 +00:00
Christian Adams
9f8d975a19 revert to get needed scl enables for community container installs 2019-09-26 13:24:26 -04:00
Ryan Petrello
955bb4a44c
allow *.pendo.io as an img-src in our Content Security Policy 2019-09-26 13:12:54 -04:00
Ryan Petrello
d52aa11422
correct CSP header to allow all pendo.io traffic 2019-09-23 09:15:55 -04:00
Shane McDonald
3b89e894db Stop using PG SCL in dev env 2019-09-16 11:41:13 -04:00
Christian Adams
ec1e93cc69 Upgrade to postgres 10.6
- use awx-python in shebang in dev env
  - scl enable where needed for rhel7 & container installs
  - use scram-sha-256 pg user hashing by default
  - ensure psycopg2 is using the correct PG_CONFIG at build time for the right libpq version
2019-09-12 12:52:43 -04:00
Ryan Petrello
b82030b025
hide nginx server version headers 2019-08-20 14:34:04 -04:00
Jorge Machado
76933ed889 * upgrade from git on containers
* agreed with terms of DCO 1.1

Signed-off-by: Jorge Machado <jorge@jmachado.me>
2019-07-30 07:04:04 +02:00
Jeff Byrnes
987cfed649
Update Content Security Policy to allow websockets
Per #4167 a reasonable CSP was put in place, but unfortunately this
broke WebSockets support in Safari.

This is a quick fix to return support immediately. A more secure
implemetation would be beneficial in the longer term, however.
2019-07-05 16:12:27 -04:00
Ryan Petrello
75a72637dd
allow data: images in our Content Security Policy
support for custom login logos relies on data:image/*;base64
see: https://github.com/ansible/awx/issues/4253
2019-07-02 11:35:56 -04:00
Ryan Petrello
eacf819caf
add a reasonable default Content Security Policy
ideally we'd improve this over time to remove the `unsafe-inline` lines,
but we can't due that today because Angular1 makes use of a lot of
inline <script> and <style> tag generation

see: https://github.com/ansible/awx/issues/2056
2019-06-26 10:46:26 -04:00
Anand kumar
3d7bd8579b
Multiple installation of same dependency
python-pip is being installed multiple times.
2019-06-05 12:38:52 +05:30
softwarefactory-project-zuul[bot]
9c90694f12
Merge pull request #3604 from athenahealth/complete-ssl-support
Update SSL support for docker-compose install

Reviewed-by: https://github.com/softwarefactory-project-zuul[bot]
2019-05-28 13:51:43 +00:00
Shane McDonald
0be8fe521a Refactor Dockerfiles
This commit does a few things:

- Add the `--squash` option to the `awx-devel-build` make target. This reduces the resulting image size from 2.12 GB to 1.37 GB. I think we can get this down even more by inspecting the image contents.
- Reorganize commands so that the cache expires less often. Before this commit, any changes to the Makefile would essentially cause the entire image to rebuild.
- Break yum dependencies up into multiple lines. This makes it easier to see what changes in a diff.
- Use `n` to install our required version of node (rather `curl node | bash`). I’ve found this to be easier to maintain / more portable when working with other Dockerfiles.
- General organizational changes to make things easier to parse visually.
2019-05-08 20:36:41 -04:00
Bill Nottingham
0d18d46ccc Sync docker-compose dockerfile with image build dockerfile.
It was installing an IUS repo, rabbitmq-server, and other unneeded things.
2019-04-18 16:50:38 -04:00
Uriel Mandujano
4821a94944 Removes failing symlink to /usr/bin/python3 during the image build
Installing the latest python36-setuptools automatically creates the symlink from python3 -> python3.6 and from python36 -> /usr/bin/python3.6. Building the images fails when the symlink is created explicitly in the AWX installer.

Signed-off-by: Uriel Mandujano <uriel.mandujano14@gmail.com>
2019-04-06 11:13:41 -05:00
Uriel Mandujano
97e030dd1f Revert "Removes failing symlink to /usr/bin/python3 because that file already exists"
This reverts commit 13fadd3838.
2019-04-06 11:10:35 -05:00
Uriel Mandujano
13fadd3838 Removes failing symlink to /usr/bin/python3 because that file already exists 2019-04-05 16:53:20 -05:00
Jeff Byrnes
7b636a7566
Set up HTTPS w/ proper port & HTTP redirect
HTTPS is, by default, expected to be on port 443.

Also, with HSTS set, we need to be sure that users attempting to arrive
via HTTP are properly redirected to HTTPS.

This does so by:

* Setting up a 301 redirect for any URL to its HTTPS version
* Adjusting the internal port for HTTPS traffic to 8053
* Setting docker-compose to share port 443 → 8053
    - This is configurable via an inventory variable
2019-04-05 16:13:23 -04:00
Bruno Thomsen
2e0edcbabd docker: yum: use https for postgresql rpm download.
Signed-off-by: Bruno Thomsen <bruno.thomsen@gmail.com>
2019-03-14 17:14:17 +01:00
Markus Opahle
ed568f569c only use ssl if certificate is specified
Signed-off-by: Markus Opahle <3225748+mopahle@users.noreply.github.com>
2019-02-28 14:06:59 +01:00
walkafwalka
3a7bf6a8ac Add SSL suport for docker install
Signed-off-by: walkafwalka <41709139+walkafwalka@users.noreply.github.com>
2019-02-27 10:45:34 +01:00
Yanis Guenane
44c48d1d66 Nginx: Specify X-Frame-Options "DENY" header
Adding the X-Frame-Options "DENY"; header to avoid possible clickjacking
attack.

More info of the why available here:
https://www.owasp.org/index.php/Testing_for_Clickjacking_(OTG-CLIENT-009)

Signed-off-by: Yanis Guenane <yguenane@redhat.com>
2019-01-21 12:34:17 +01:00
Shane McDonald
04da4503db
Python 3 / Upstream Kubernetes 2019-01-15 14:09:05 -05:00
Ryan Petrello
96b9bd6ab6
make py3 packaging work for k8s 2019-01-15 14:09:05 -05:00
wilmardo
bf5c259d92 Empties /tmp in web Dockerfile 2018-10-25 17:12:26 -04:00
softwarefactory-project-zuul[bot]
0a964b2bf6
Merge pull request #2266 from ansible/celery-tastes-bad
replace the celery-based task queue with a kombu-based implementation

Reviewed-by: https://github.com/softwarefactory-project-zuul[bot]
2018-10-12 18:40:54 +00:00
softwarefactory-project-zuul[bot]
6721ea54e9
Merge pull request #1956 from droopy4096/devel
allow nginx config extension

Reviewed-by: https://github.com/softwarefactory-project-zuul[bot]
2018-10-11 22:38:36 +00:00
Ryan Petrello
ff1e8cc356
replace celery task decorators with a kombu-based publisher
this commit implements the bulk of `awx-manage run_dispatcher`, a new
command that binds to RabbitMQ via kombu and balances messages across
a pool of workers that are similar to celeryd workers in spirit.
Specifically, this includes:

- a new decorator, `awx.main.dispatch.task`, which can be used to
  decorate functions or classes so that they can be designated as
  "Tasks"
- support for fanout/broadcast tasks (at this point in time, only
  `conf.Setting` memcached flushes use this functionality)
- support for job reaping
- support for success/failure hooks for job runs (i.e.,
  `handle_work_success` and `handle_work_error`)
- support for auto scaling worker pool that scale processes up and down
  on demand
- minimal support for RPC, such as status checks and pool recycle/reload
2018-10-11 10:53:30 -04:00
Shane McDonald
3701567ad7 Revert "first-parent requires git >= 1.8.4"
This reverts commit 1af0ee2f8c.

# Conflicts:
#	installer/roles/image_build/templates/Dockerfile.j2
2018-09-28 15:48:33 -04:00