1
0
mirror of https://github.com/ansible/awx.git synced 2024-10-31 15:21:13 +03:00
Commit Graph

96 Commits

Author SHA1 Message Date
lj020326
65e38aa37d
Update settings.py
This is needed for LB (e.g., traefik) for proxying into nginx
otherwise, get CSRF error
ref: https://stackoverflow.com/questions/27533011/django-csrf-error-casused-by-nginx-x-forwarded-host

resolved by adding USE_X_FORWARDED_HOST using the following similar issue as a reference:
https://github.com/catmaid/CATMAID/issues/1781
2020-03-30 16:27:40 -04:00
chris meyers
770b457430
redis socket support 2020-03-18 16:10:19 -04:00
chris meyers
b6b9802f9e
increase per-channel capacity
* 100 is the default capacity for a channel. If the client doesn't read
the socket fast enough, websocket messages can and will be lost. This
increases the default to 10,000
2020-03-18 16:10:18 -04:00
chris meyers
3c5c9c6fde
move broadcast websocket out into its own process 2020-03-18 16:10:18 -04:00
chris meyers
e94bb44082
replace rabbitmq with redis
* local awx docker-compose and image build only.
2020-03-18 16:10:17 -04:00
chris meyers
0b3e2cc7e3 pin virtualenv < 20 for awx_web builds 2020-02-11 08:43:26 -05:00
Shane McDonald
3f57061509
Add packages missing from base images
Related:

- https://github.com/ansible/awx/issues/5770
- https://github.com/ansible/awx/issues/5724
2020-02-07 13:06:42 -05:00
AlanCoding
d2289fe9c6
add pycurl to container images 2020-02-04 14:41:51 -05:00
Shane McDonald
bd8643d599
Set default value for create_preload_data in image_build role
This caused our AWX release workflow to blow up
2019-12-17 13:40:37 -05:00
Yanis Guenane
ca247182df yamllint: Make all files in awx pass yamllint
This commit updates all files that weren't passing yamllint for them to
pass.

A new yamllint target has been added. One can run `tox -e yamllint` or
`yamllint -s .` locally to ensure yaml files are still passing.

This check will be enabled in the CI so it can get on every new
contributions, and prevent merging non-compliant code.

Signed-off-by: Yanis Guenane <yguenane@redhat.com>
2019-12-02 15:12:51 +01:00
Sven-Hendrik Haase
4c32faa448
Use more modern version of OpenShift client
3.9 is pretty old by now.
2019-11-19 13:29:06 +01:00
Andrea Galbusera
1198c067b2
ensure "create_preload_data" is honored in docker-compose deployments
Use a templated version of launch_awx_task.sh which conditionally preloads
sample data according to create_preload_data value.
2019-11-12 10:44:27 -05:00
Shane McDonald
089bafa5d4
Set setuid bit on bwrap
Related: https://github.com/ansible/awx/issues/5224
2019-11-04 11:10:09 -05:00
Shane McDonald
69597c5654
Sync Dockerfiles 2019-11-01 08:38:37 -04:00
Shane McDonald
c019d873b9
Update AWX images to CentOS 8 2019-10-30 16:43:23 -04:00
Shane McDonald
28994d4b0b
Install oc and kubectl in upstream task image 2019-10-30 12:15:51 -04:00
Raphaël COMBEAU
712b07c136
Improve usage of ssl_certificate in local_docker
Remove nginx.conf from container

Move nginx outside ssl_certificate block
2019-10-28 17:37:14 -04:00
Christian Adams
19a6c70858 remove cruft leftover from the postgresql upgrade 2019-10-03 14:43:56 -04:00
softwarefactory-project-zuul[bot]
778b306208
Merge pull request #4824 from rooftopcellist/scl_in_containers
Add needed scl enables for community container installs

Reviewed-by: https://github.com/apps/softwarefactory-project-zuul
2019-09-26 19:40:21 +00:00
Christian Adams
9f8d975a19 revert to get needed scl enables for community container installs 2019-09-26 13:24:26 -04:00
Ryan Petrello
955bb4a44c
allow *.pendo.io as an img-src in our Content Security Policy 2019-09-26 13:12:54 -04:00
Ryan Petrello
d52aa11422
correct CSP header to allow all pendo.io traffic 2019-09-23 09:15:55 -04:00
softwarefactory-project-zuul[bot]
d3b413c125
Merge pull request #4752 from shanemcd/drop-pg-scl
Stop using PG SCL in dev env

Reviewed-by: https://github.com/apps/softwarefactory-project-zuul
2019-09-16 16:40:11 +00:00
Shane McDonald
3b89e894db Stop using PG SCL in dev env 2019-09-16 11:41:13 -04:00
Christian Adams
bdbbb2a4a2 Fix authentication bug with container installs
- update awx-dev db password where needed
2019-09-15 19:52:41 -04:00
Christian Adams
ec1e93cc69 Upgrade to postgres 10.6
- use awx-python in shebang in dev env
  - scl enable where needed for rhel7 & container installs
  - use scram-sha-256 pg user hashing by default
  - ensure psycopg2 is using the correct PG_CONFIG at build time for the right libpq version
2019-09-12 12:52:43 -04:00
Ryan Petrello
b82030b025
hide nginx server version headers 2019-08-20 14:34:04 -04:00
Jorge Machado
76933ed889 * upgrade from git on containers
* agreed with terms of DCO 1.1

Signed-off-by: Jorge Machado <jorge@jmachado.me>
2019-07-30 07:04:04 +02:00
Jeff Byrnes
987cfed649
Update Content Security Policy to allow websockets
Per #4167 a reasonable CSP was put in place, but unfortunately this
broke WebSockets support in Safari.

This is a quick fix to return support immediately. A more secure
implemetation would be beneficial in the longer term, however.
2019-07-05 16:12:27 -04:00
Ryan Petrello
75a72637dd
allow data: images in our Content Security Policy
support for custom login logos relies on data:image/*;base64
see: https://github.com/ansible/awx/issues/4253
2019-07-02 11:35:56 -04:00
Ryan Petrello
eacf819caf
add a reasonable default Content Security Policy
ideally we'd improve this over time to remove the `unsafe-inline` lines,
but we can't due that today because Angular1 makes use of a lot of
inline <script> and <style> tag generation

see: https://github.com/ansible/awx/issues/2056
2019-06-26 10:46:26 -04:00
softwarefactory-project-zuul[bot]
3fcf3b20c4
Merge pull request #4005 from shanemcd/sdist-builder-node
Update node in AWX installer sdist builder

Reviewed-by: https://github.com/softwarefactory-project-zuul[bot]
2019-06-05 11:48:30 +00:00
Anand kumar
3d7bd8579b
Multiple installation of same dependency
python-pip is being installed multiple times.
2019-06-05 12:38:52 +05:30
Shane McDonald
99704af302 Fix some ansible warnings 2019-06-04 20:37:03 -04:00
Shane McDonald
a13b733191 Update node in sdist builder image 2019-06-04 20:36:39 -04:00
softwarefactory-project-zuul[bot]
9c90694f12
Merge pull request #3604 from athenahealth/complete-ssl-support
Update SSL support for docker-compose install

Reviewed-by: https://github.com/softwarefactory-project-zuul[bot]
2019-05-28 13:51:43 +00:00
itdependsnetworks
f085b828e4 Update the ports for memcache and rabbitmq to be variablized 2019-05-16 19:59:57 -04:00
Shane McDonald
0be8fe521a Refactor Dockerfiles
This commit does a few things:

- Add the `--squash` option to the `awx-devel-build` make target. This reduces the resulting image size from 2.12 GB to 1.37 GB. I think we can get this down even more by inspecting the image contents.
- Reorganize commands so that the cache expires less often. Before this commit, any changes to the Makefile would essentially cause the entire image to rebuild.
- Break yum dependencies up into multiple lines. This makes it easier to see what changes in a diff.
- Use `n` to install our required version of node (rather `curl node | bash`). I’ve found this to be easier to maintain / more portable when working with other Dockerfiles.
- General organizational changes to make things easier to parse visually.
2019-05-08 20:36:41 -04:00
Ryan Petrello
50f9c70afd
remove references to the (now defunct) fact receiver 2019-05-01 23:48:05 -04:00
Bill Nottingham
0d18d46ccc Sync docker-compose dockerfile with image build dockerfile.
It was installing an IUS repo, rabbitmq-server, and other unneeded things.
2019-04-18 16:50:38 -04:00
Shane McDonald
3bfb54d2fd Fix memcached configuration in local Docker installs
Related: https://github.com/ansible/awx/issues/3719
Signed-off-by: Shane McDonald <me@shanemcd.com>
2019-04-16 12:51:28 -04:00
Uriel Mandujano
4821a94944 Removes failing symlink to /usr/bin/python3 during the image build
Installing the latest python36-setuptools automatically creates the symlink from python3 -> python3.6 and from python36 -> /usr/bin/python3.6. Building the images fails when the symlink is created explicitly in the AWX installer.

Signed-off-by: Uriel Mandujano <uriel.mandujano14@gmail.com>
2019-04-06 11:13:41 -05:00
Uriel Mandujano
97e030dd1f Revert "Removes failing symlink to /usr/bin/python3 because that file already exists"
This reverts commit 13fadd3838.
2019-04-06 11:10:35 -05:00
Uriel Mandujano
13fadd3838 Removes failing symlink to /usr/bin/python3 because that file already exists 2019-04-05 16:53:20 -05:00
Jeff Byrnes
7b636a7566
Set up HTTPS w/ proper port & HTTP redirect
HTTPS is, by default, expected to be on port 443.

Also, with HSTS set, we need to be sure that users attempting to arrive
via HTTP are properly redirected to HTTPS.

This does so by:

* Setting up a 301 redirect for any URL to its HTTPS version
* Adjusting the internal port for HTTPS traffic to 8053
* Setting docker-compose to share port 443 → 8053
    - This is configurable via an inventory variable
2019-04-05 16:13:23 -04:00
Shane McDonald
fcf6b4ae45 Fix bug where init scripts didnt create the admin user correctly 2019-03-27 19:43:47 -04:00
Shane McDonald
2b6cf97157 Do not set credentials via environment variables 2019-03-26 15:13:28 -04:00
softwarefactory-project-zuul[bot]
3d9a47f0d9
Merge pull request #3424 from falencastro/devel
Makes daphne websocket_timeout infinite.

Reviewed-by: https://github.com/softwarefactory-project-zuul[bot]
2019-03-19 12:08:50 +00:00
Felipe Alencastro
7d384262e4 Makes daphne websocket_timeout infinite.
Daphne has a default timeout of 86400 seconds, so after 1 day of starting
awx_web container, the stdout stops refreshing automatically on the web UI.
This fixes this issue by making the timeout infinite, so the connection
between nginx and daphne's websocket never closes.
2019-03-14 17:17:09 -03:00
Bruno Thomsen
2e0edcbabd docker: yum: use https for postgresql rpm download.
Signed-off-by: Bruno Thomsen <bruno.thomsen@gmail.com>
2019-03-14 17:14:17 +01:00