1
0
mirror of https://github.com/ansible/awx.git synced 2024-10-31 23:51:09 +03:00
Commit Graph

308 Commits

Author SHA1 Message Date
aubrel
e9ac44f561 Change docker_service to docker_compose.
Signed-off-by: aubrel <red_clover@riseup.net>
2019-06-25 15:58:52 -04:00
Marcelo Mello
52712a0d9a Introduces the ability to pass annotations to the Kubernetes Ingress Controllers 2019-06-20 16:40:08 -04:00
Marcelo Mello
7d77727a60 project_data_dir is not required in the awx_task containers 2019-06-19 21:35:49 -04:00
Marcelo Mello
47560fdf7c Fixes ca_trust_dir and project_data_dir for Kubernetes 2019-06-19 21:21:35 -04:00
softwarefactory-project-zuul[bot]
3fcf3b20c4
Merge pull request #4005 from shanemcd/sdist-builder-node
Update node in AWX installer sdist builder

Reviewed-by: https://github.com/softwarefactory-project-zuul[bot]
2019-06-05 11:48:30 +00:00
Anand kumar
3d7bd8579b
Multiple installation of same dependency
python-pip is being installed multiple times.
2019-06-05 12:38:52 +05:30
Shane McDonald
99704af302 Fix some ansible warnings 2019-06-04 20:37:03 -04:00
Shane McDonald
a13b733191 Update node in sdist builder image 2019-06-04 20:36:39 -04:00
Yanis Guenane
11630a8803 Installer: quote password where it applies
Prior to this change, password having shell interpretable character
would break the installer (e.g '&', '(', etc... )

This commits rely on the `quote` filter from ansible to ensure those
password are properly quoted where it applies

Fixes: https://github.com/ansible/awx/issues/3943
Signed-off-by: Yanis Guenane <yguenane@redhat.com>
2019-06-03 11:50:52 +02:00
Yanis Guenane
99296cf5f1 openshift: Ensure char in password are not interpreted
If password contains ';' (and potentially any shell interpretable chars)
it won't be interpreted properly as the openshift password.

Signed-off-by: Yanis Guenane <yguenane@redhat.com>
2019-05-31 03:00:13 +02:00
Jose OrPa
84b6866875
#3004 Add proxy support to postgresql, memcached and rabbitmq images 2019-05-30 10:04:17 -04:00
softwarefactory-project-zuul[bot]
9c90694f12
Merge pull request #3604 from athenahealth/complete-ssl-support
Update SSL support for docker-compose install

Reviewed-by: https://github.com/softwarefactory-project-zuul[bot]
2019-05-28 13:51:43 +00:00
itdependsnetworks
f085b828e4 Update the ports for memcache and rabbitmq to be variablized 2019-05-16 19:59:57 -04:00
Shane McDonald
0be8fe521a Refactor Dockerfiles
This commit does a few things:

- Add the `--squash` option to the `awx-devel-build` make target. This reduces the resulting image size from 2.12 GB to 1.37 GB. I think we can get this down even more by inspecting the image contents.
- Reorganize commands so that the cache expires less often. Before this commit, any changes to the Makefile would essentially cause the entire image to rebuild.
- Break yum dependencies up into multiple lines. This makes it easier to see what changes in a diff.
- Use `n` to install our required version of node (rather `curl node | bash`). I’ve found this to be easier to maintain / more portable when working with other Dockerfiles.
- General organizational changes to make things easier to parse visually.
2019-05-08 20:36:41 -04:00
Ryan Petrello
50f9c70afd
remove references to the (now defunct) fact receiver 2019-05-01 23:48:05 -04:00
Bill Nottingham
0d18d46ccc Sync docker-compose dockerfile with image build dockerfile.
It was installing an IUS repo, rabbitmq-server, and other unneeded things.
2019-04-18 16:50:38 -04:00
Shane McDonald
3bfb54d2fd Fix memcached configuration in local Docker installs
Related: https://github.com/ansible/awx/issues/3719
Signed-off-by: Shane McDonald <me@shanemcd.com>
2019-04-16 12:51:28 -04:00
Jeff Byrnes
98ec5c8250
Fix comment on awx branding inventory var
Fix a conflict with the “AWX Branding” in INSTALL.md, which
has the correct instructions.
2019-04-10 14:49:37 -04:00
Uriel Mandujano
4821a94944 Removes failing symlink to /usr/bin/python3 during the image build
Installing the latest python36-setuptools automatically creates the symlink from python3 -> python3.6 and from python36 -> /usr/bin/python3.6. Building the images fails when the symlink is created explicitly in the AWX installer.

Signed-off-by: Uriel Mandujano <uriel.mandujano14@gmail.com>
2019-04-06 11:13:41 -05:00
Uriel Mandujano
97e030dd1f Revert "Removes failing symlink to /usr/bin/python3 because that file already exists"
This reverts commit 13fadd3838.
2019-04-06 11:10:35 -05:00
Uriel Mandujano
13fadd3838 Removes failing symlink to /usr/bin/python3 because that file already exists 2019-04-05 16:53:20 -05:00
Jeff Byrnes
7b636a7566
Set up HTTPS w/ proper port & HTTP redirect
HTTPS is, by default, expected to be on port 443.

Also, with HSTS set, we need to be sure that users attempting to arrive
via HTTP are properly redirected to HTTPS.

This does so by:

* Setting up a 301 redirect for any URL to its HTTPS version
* Adjusting the internal port for HTTPS traffic to 8053
* Setting docker-compose to share port 443 → 8053
    - This is configurable via an inventory variable
2019-04-05 16:13:23 -04:00
Jeff Byrnes
28e3c63562
Add optional SSL cert to docker-compose install
In #3322, this mount was added, but only to the standalone
Docker install setup:

github.com/ansible/awx/pull/3322/files#diff-596e32ab54a52bfed763f8a639499fe0

This ensures that the SSL cert is loaded when using docker-compose,
which is the only Docker-based method available as of v4.0.0
2019-04-05 16:13:23 -04:00
Jeff Byrnes
cb806b1699
Set docker_compose_dir like other inventory vars
When docker-compose become the sole method for using
Docker directly, some of this was shifted around in ways that
are inconsistent with other elements.

This adjusts it so that:

* The inventory variable default is set like the others, and
is less confusing
* We no longer mention the Standalone Docker in inventory
* We format our INSTALL docs w/r/t this var
2019-04-03 11:52:10 -04:00
Shane McDonald
298eaa0b32 Move secret key from configmap to secret 2019-03-29 15:24:50 -04:00
Shane McDonald
fcf6b4ae45 Fix bug where init scripts didnt create the admin user correctly 2019-03-27 19:43:47 -04:00
Shane McDonald
c3ba851908 Fix docker-compose installs
In a series of unfortunate events, my patch yesterday didnt actually work. This fixes that.
2019-03-27 13:06:55 -04:00
Shane McDonald
c44bf6f903 Allow for platform specific variables in docker-compose install
This changes the default docker_compose_dir on macos to a writeable location
2019-03-27 09:32:04 -04:00
Shane McDonald
a6d031f46f Fix permissions of sensitive files in docker-compose installation 2019-03-27 09:31:10 -04:00
Shane McDonald
2b6cf97157 Do not set credentials via environment variables 2019-03-26 15:13:28 -04:00
Shane McDonald
07e5a00f14 Remove “standalone Docker” installation path
This has been a burden to maintain. docker-compose is now required
2019-03-26 15:13:28 -04:00
softwarefactory-project-zuul[bot]
3d9a47f0d9
Merge pull request #3424 from falencastro/devel
Makes daphne websocket_timeout infinite.

Reviewed-by: https://github.com/softwarefactory-project-zuul[bot]
2019-03-19 12:08:50 +00:00
Felipe Alencastro
7d384262e4 Makes daphne websocket_timeout infinite.
Daphne has a default timeout of 86400 seconds, so after 1 day of starting
awx_web container, the stdout stops refreshing automatically on the web UI.
This fixes this issue by making the timeout infinite, so the connection
between nginx and daphne's websocket never closes.
2019-03-14 17:17:09 -03:00
Bruno Thomsen
2e0edcbabd docker: yum: use https for postgresql rpm download.
Signed-off-by: Bruno Thomsen <bruno.thomsen@gmail.com>
2019-03-14 17:14:17 +01:00
Jake Jackson
9e528ea898
typo in inventory
simple typo fix `this` -> `these`
2019-03-12 11:48:41 -04:00
Markus Opahle
ed568f569c only use ssl if certificate is specified
Signed-off-by: Markus Opahle <3225748+mopahle@users.noreply.github.com>
2019-02-28 14:06:59 +01:00
walkafwalka
3a7bf6a8ac Add SSL suport for docker install
Signed-off-by: walkafwalka <41709139+walkafwalka@users.noreply.github.com>
2019-02-27 10:45:34 +01:00
softwarefactory-project-zuul[bot]
889dae357b
Merge pull request #3235 from ryanpetrello/sql-profiling
add a custom DB backend that provides system-level SQL profiling

Reviewed-by: https://github.com/softwarefactory-project-zuul[bot]
2019-02-15 21:56:28 +00:00
Klaas Demter
8f36e21c97
Avoid pg password ending up in syslog/shell output
Currently if an error occurs the pgpassword would be exposed to syslog / shell during playbook backup.yml
2019-02-15 16:15:33 +01:00
Ryan Petrello
eed94b641e
add a custom DB backend that provides system-level SQL profiling
run this command on _any_ node in an awx cluster:

$ awx-manage profile_sql --threshold=2.0 --minutes=1

...and for 1 minute, the timing for _every_ SQL query in _every_ awx
Python process that uses the Django ORM will be measured

queries that run longer than (in this example) 2 seconds will be
written to a per-process sqlite database in /var/lib/awx/profile, and
the file will contain an EXPLAIN VERBOSE for the query and the full
Python stack that led to that SQL query's execution (this includes not
just WSGI requests, but background processes like the runworker and
dispatcher)

$ awx-manage profile_sql --threshold=0

...can be used to disable profiling again (if you don't want to wait for
the minute to expire)
2019-02-14 15:04:46 -05:00
softwarefactory-project-zuul[bot]
a1cef744a7
Merge pull request #3230 from impca/patch-1
Update compose configuration

Reviewed-by: https://github.com/softwarefactory-project-zuul[bot]
2019-02-14 15:45:41 +00:00
impca
9add96a0d3
update docker compose installer
Only run commands to update certs when config changes.
2019-02-14 08:29:47 +01:00
impca
c29275315e
Update compose configuration
When running awx via docker-compose and using custom certificates (for LDAP auth or whatever else...), update-ca-trust has to be called afer starting the container to actually use new certificates (just as it is called when using docker to run - https://github.com/ansible/awx/blob/devel/installer/roles/local_docker/tasks/standalone.yml#L119-L120 ).
2019-02-13 15:39:52 +01:00
Mathieu Mallet
dce3795e0c update-ca-trust: Ensure CA trust is updated in awx_task container
Related #3010

Both awx_web and awx_task containers can have a volume mounted in
specified by the ca_trust_dir variable. Unfortunately only the
awx_web container's trust is updated. This patch makes sure the
awx_task container's trust is updated as well

Testing Done: ansible-playbook --syntax-check installer/install.yml

Signed-off-by: Mathieu Mallet <mmallet@digipok.io>
2019-02-06 16:51:14 +00:00
Marius Rieder
072919040b Omit DATABASE_SSLMODE if not set. 2019-01-22 17:24:44 +01:00
Marius Rieder
589531163a Add pg_sslmode option.
Allows to use PostgreSQL over SSL #709
2019-01-21 19:47:34 +01:00
Yanis Guenane
44c48d1d66 Nginx: Specify X-Frame-Options "DENY" header
Adding the X-Frame-Options "DENY"; header to avoid possible clickjacking
attack.

More info of the why available here:
https://www.owasp.org/index.php/Testing_for_Clickjacking_(OTG-CLIENT-009)

Signed-off-by: Yanis Guenane <yguenane@redhat.com>
2019-01-21 12:34:17 +01:00
softwarefactory-project-zuul[bot]
5f01c3f5a8
Merge pull request #2994 from coreywan/pod-limits
Add POD Limits

Reviewed-by: https://github.com/softwarefactory-project-zuul[bot]
2019-01-18 04:28:11 +00:00
softwarefactory-project-zuul[bot]
7b39198f26
Merge pull request #2995 from coreywan/postgres_helm
adds persistence.storageClass and limits to postgress helm install

Reviewed-by: https://github.com/softwarefactory-project-zuul[bot]
2019-01-18 04:24:18 +00:00
softwarefactory-project-zuul[bot]
57b8aa4892
Merge pull request #3002 from themr0c/pg_password_10_character_limit
pg_password should be random 10 character alphanumeric string, when p…

Reviewed-by: https://github.com/softwarefactory-project-zuul[bot]
2019-01-17 18:15:38 +00:00