Shane McDonald
c3ba851908
Fix docker-compose installs
...
In a series of unfortunate events, my patch yesterday didnt actually work. This fixes that.
2019-03-27 13:06:55 -04:00
Shane McDonald
c44bf6f903
Allow for platform specific variables in docker-compose install
...
This changes the default docker_compose_dir on macos to a writeable location
2019-03-27 09:32:04 -04:00
Shane McDonald
a6d031f46f
Fix permissions of sensitive files in docker-compose installation
2019-03-27 09:31:10 -04:00
Shane McDonald
2b6cf97157
Do not set credentials via environment variables
2019-03-26 15:13:28 -04:00
Shane McDonald
07e5a00f14
Remove “standalone Docker” installation path
...
This has been a burden to maintain. docker-compose is now required
2019-03-26 15:13:28 -04:00
softwarefactory-project-zuul[bot]
3d9a47f0d9
Merge pull request #3424 from falencastro/devel
...
Makes daphne websocket_timeout infinite.
Reviewed-by: https://github.com/softwarefactory-project-zuul[bot]
2019-03-19 12:08:50 +00:00
Felipe Alencastro
7d384262e4
Makes daphne websocket_timeout infinite.
...
Daphne has a default timeout of 86400 seconds, so after 1 day of starting
awx_web container, the stdout stops refreshing automatically on the web UI.
This fixes this issue by making the timeout infinite, so the connection
between nginx and daphne's websocket never closes.
2019-03-14 17:17:09 -03:00
Bruno Thomsen
2e0edcbabd
docker: yum: use https for postgresql rpm download.
...
Signed-off-by: Bruno Thomsen <bruno.thomsen@gmail.com>
2019-03-14 17:14:17 +01:00
Jake Jackson
9e528ea898
typo in inventory
...
simple typo fix `this` -> `these`
2019-03-12 11:48:41 -04:00
Markus Opahle
ed568f569c
only use ssl if certificate is specified
...
Signed-off-by: Markus Opahle <3225748+mopahle@users.noreply.github.com>
2019-02-28 14:06:59 +01:00
walkafwalka
3a7bf6a8ac
Add SSL suport for docker install
...
Signed-off-by: walkafwalka <41709139+walkafwalka@users.noreply.github.com>
2019-02-27 10:45:34 +01:00
softwarefactory-project-zuul[bot]
889dae357b
Merge pull request #3235 from ryanpetrello/sql-profiling
...
add a custom DB backend that provides system-level SQL profiling
Reviewed-by: https://github.com/softwarefactory-project-zuul[bot]
2019-02-15 21:56:28 +00:00
Klaas Demter
8f36e21c97
Avoid pg password ending up in syslog/shell output
...
Currently if an error occurs the pgpassword would be exposed to syslog / shell during playbook backup.yml
2019-02-15 16:15:33 +01:00
Ryan Petrello
eed94b641e
add a custom DB backend that provides system-level SQL profiling
...
run this command on _any_ node in an awx cluster:
$ awx-manage profile_sql --threshold=2.0 --minutes=1
...and for 1 minute, the timing for _every_ SQL query in _every_ awx
Python process that uses the Django ORM will be measured
queries that run longer than (in this example) 2 seconds will be
written to a per-process sqlite database in /var/lib/awx/profile, and
the file will contain an EXPLAIN VERBOSE for the query and the full
Python stack that led to that SQL query's execution (this includes not
just WSGI requests, but background processes like the runworker and
dispatcher)
$ awx-manage profile_sql --threshold=0
...can be used to disable profiling again (if you don't want to wait for
the minute to expire)
2019-02-14 15:04:46 -05:00
softwarefactory-project-zuul[bot]
a1cef744a7
Merge pull request #3230 from impca/patch-1
...
Update compose configuration
Reviewed-by: https://github.com/softwarefactory-project-zuul[bot]
2019-02-14 15:45:41 +00:00
impca
9add96a0d3
update docker compose installer
...
Only run commands to update certs when config changes.
2019-02-14 08:29:47 +01:00
impca
c29275315e
Update compose configuration
...
When running awx via docker-compose and using custom certificates (for LDAP auth or whatever else...), update-ca-trust has to be called afer starting the container to actually use new certificates (just as it is called when using docker to run - https://github.com/ansible/awx/blob/devel/installer/roles/local_docker/tasks/standalone.yml#L119-L120 ).
2019-02-13 15:39:52 +01:00
Mathieu Mallet
dce3795e0c
update-ca-trust: Ensure CA trust is updated in awx_task container
...
Related #3010
Both awx_web and awx_task containers can have a volume mounted in
specified by the ca_trust_dir variable. Unfortunately only the
awx_web container's trust is updated. This patch makes sure the
awx_task container's trust is updated as well
Testing Done: ansible-playbook --syntax-check installer/install.yml
Signed-off-by: Mathieu Mallet <mmallet@digipok.io>
2019-02-06 16:51:14 +00:00
Marius Rieder
072919040b
Omit DATABASE_SSLMODE if not set.
2019-01-22 17:24:44 +01:00
Marius Rieder
589531163a
Add pg_sslmode option.
...
Allows to use PostgreSQL over SSL #709
2019-01-21 19:47:34 +01:00
Yanis Guenane
44c48d1d66
Nginx: Specify X-Frame-Options "DENY" header
...
Adding the X-Frame-Options "DENY"; header to avoid possible clickjacking
attack.
More info of the why available here:
https://www.owasp.org/index.php/Testing_for_Clickjacking_(OTG-CLIENT-009)
Signed-off-by: Yanis Guenane <yguenane@redhat.com>
2019-01-21 12:34:17 +01:00
softwarefactory-project-zuul[bot]
5f01c3f5a8
Merge pull request #2994 from coreywan/pod-limits
...
Add POD Limits
Reviewed-by: https://github.com/softwarefactory-project-zuul[bot]
2019-01-18 04:28:11 +00:00
softwarefactory-project-zuul[bot]
7b39198f26
Merge pull request #2995 from coreywan/postgres_helm
...
adds persistence.storageClass and limits to postgress helm install
Reviewed-by: https://github.com/softwarefactory-project-zuul[bot]
2019-01-18 04:24:18 +00:00
softwarefactory-project-zuul[bot]
57b8aa4892
Merge pull request #3002 from themr0c/pg_password_10_character_limit
...
pg_password should be random 10 character alphanumeric string, when p…
Reviewed-by: https://github.com/softwarefactory-project-zuul[bot]
2019-01-17 18:15:38 +00:00
softwarefactory-project-zuul[bot]
474876872e
Merge pull request #2999 from themr0c/issue-2991
...
related #2991 - Helm creation of postgreql on multiple namespaces
Reviewed-by: https://github.com/softwarefactory-project-zuul[bot]
2019-01-17 14:28:05 +00:00
Fabrice Flore-Thebault
b6c30e8ef5
it's a limitation of the official postgres helm chart
...
Signed-off-by: Fabrice Flore-Thebault <themr0c@users.noreply.github.com>
2019-01-17 12:56:17 +01:00
Fabrice Flore-Thebault
d938c96a76
pg_password should be random 10 character alphanumeric string, when postgresql is running on kubernetes
...
Signed-off-by: Fabrice Flore-Thebault <themr0c@users.noreply.github.com>
2019-01-17 12:56:06 +01:00
Corey Wanless
aebeeb170e
adds pod limits
...
Signed-off-by: Corey Wanless <corey.wanless@wwt.com>
2019-01-16 09:23:18 -06:00
Fabrice Flore-Thebault
c434d38876
adding helm chart version for postgresql
...
Signed-off-by: Fabrice Flore-Thebault <themr0c@users.noreply.github.com>
2019-01-16 09:40:49 +01:00
Shane McDonald
04da4503db
Python 3 / Upstream Kubernetes
2019-01-15 14:09:05 -05:00
Ryan Petrello
96b9bd6ab6
make py3 packaging work for k8s
2019-01-15 14:09:05 -05:00
Fabrice Flore-Thebault
7b32262f75
revert pg_hostname
...
Signed-off-by: Fabrice Flore-Thebault <themr0c@users.noreply.github.com>
2019-01-15 14:59:17 +01:00
Fabrice Flore-Thebault
d69f6acf64
add helm repo update and fix helm upgrade
...
Signed-off-by: Fabrice Flore-Thebault <themr0c@users.noreply.github.com>
2019-01-15 14:48:26 +01:00
Fabrice Flore-Thebault
ef3aab1357
related #2991 - unify postgresql_service_name
...
Signed-off-by: Fabrice Flore-Thebault <themr0c@users.noreply.github.com>
2019-01-15 11:44:08 +01:00
Corey Wanless
0c074e0988
* adds persistence.storageClass and limits to postgress helm install
...
* adds new variables to the inventory
Signed-off-by: Corey Wanless <corey.wanless@wwt.com>
2019-01-14 11:28:21 -06:00
softwarefactory-project-zuul[bot]
32c705a62a
Merge pull request #2996 from coreywan/setup-postgress-activation-wait
...
adds wait time for postgres setup as a variable
Reviewed-by: https://github.com/softwarefactory-project-zuul[bot]
2019-01-14 17:22:54 +00:00
Fabrice Flore-Thebault
d43521bb77
fix #2991 - make Helm creation of postgreql succeed when installing multiple AWX on different namespaces on same kubernetes
...
Signed-off-by: Fabrice Flore-Thebault <themr0c@users.noreply.github.com>
2019-01-14 10:32:21 +01:00
Corey Wanless
b1710f9523
adds wait time for postgres setup as a variable
2019-01-11 22:23:43 -06:00
marcel
0b3e51458d
Fix typo in ca_trust_dir
...
The correct path is used in docker-compose template:
- "{{ ca_trust_dir +':/etc/pki/ca-trust/source/anchors:ro' }}"
2019-01-07 19:29:34 +01:00
Ryan Petrello
4858868428
configure an HA policy for openshift/k8s installs
2018-12-14 14:08:30 -05:00
Hideki Saito
f16a72081a
Fixed issue where admin_user and password change are not reflected
...
- No effect of changing admin_user and admin_password when using docker-compose #2666
2018-11-13 18:21:18 +09:00
Idan Bidani
a213e01491
updating default Postgresql version to 9.6
2018-11-10 18:27:22 -05:00
westfood
694e494484
Using new Helm parameters for PostgreSQL access.
2018-10-28 11:55:36 +01:00
softwarefactory-project-zuul[bot]
3e4738d948
Merge pull request #2430 from dmt/devel
...
Fix installer volume definitions
Reviewed-by: https://github.com/softwarefactory-project-zuul[bot]
2018-10-25 22:12:25 +00:00
softwarefactory-project-zuul[bot]
94083f55c7
Merge pull request #2510 from Intermax-Cloudsourcing/awx-web-dockerfile-tmp
...
Empties /tmp in awx_web Dockerfile
Reviewed-by: https://github.com/softwarefactory-project-zuul[bot]
2018-10-25 21:59:42 +00:00
Daniel Temme
6ecd18b2e2
make volume concatenation work
...
The second list gets interpreted as part of the else block, effectively
dropping it. Separating both list definitions with braces seems to work.
# Conflicts:
# installer/roles/local_docker/tasks/standalone.yml
2018-10-25 17:54:10 -04:00
Daniel Temme
4e9c705997
Partial revert for "Bugfix for ca_trust_dir"
...
# Conflicts:
# installer/roles/local_docker/tasks/standalone.yml
# Conflicts:
# installer/roles/local_docker/tasks/standalone.yml
2018-10-25 17:53:12 -04:00
softwarefactory-project-zuul[bot]
1803a76a4d
Merge pull request #2485 from wwt/fix-tiller-namespace
...
Pass tiller namespace down to helm task
Reviewed-by: https://github.com/softwarefactory-project-zuul[bot]
2018-10-25 21:40:08 +00:00
softwarefactory-project-zuul[bot]
86ca1875f1
Merge pull request #2486 from wwt/remove-rabbit-cluster-name
...
Remove .cluster.local from service name for rabbitmq
Reviewed-by: https://github.com/softwarefactory-project-zuul[bot]
2018-10-25 21:37:54 +00:00
wilmardo
bf5c259d92
Empties /tmp in web Dockerfile
2018-10-25 17:12:26 -04:00