Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in
Toggle navigation
Menu
Open sidebar
Sébastien Luttringer
infrastructure
Commits
95494a89
Commit
95494a89
authored
Jun 07, 2018
by
Florian Pritz
Browse files
Improve group vars vault usage for archweb
parent
a3a6dc24
Changes
4
Hide whitespace changes
Inline
Side-by-side
group_vars/all/vault_archweb.yml
View file @
95494a89
$ANSIBLE_VAULT;1.1;AES256
65633636613766313863666361643338646438343264323039656632306337313666386261636539
6436643237633235336163653733663630396238313337640a313939313062383462313066636338
64326135396461336139343730313234623833643135323561626336623663366465663630326437
3336383164623039620a626533376130633134613565383762653533333937333838363032646437
32323235333661666332333030363630336435343966396261383466393831353230666538316533
32613765373236313563666335653935646331623132363739393833343235643638356534376363
36663634346135623836356265343462653933666231343434633561626136306435373266373735
38333239313762396364383563653238373939313164613432353162303431396166646532366634
31383731303436353731303739373038333633646165333735383531316638653463656166383739
63333232313937313934373364336634363235656462613339666535626232333339396364613231
32643438396630313033336532393837663538643339333733333134323632363965656333646137
62343034613936393833316562366132343636363634306561363263376135353861653436613633
33616462666662626264303066353535653634323565653033666265613662343666643530666535
32613038663638356134616233343836393534386466656564363836626339373631663363333434
61356134383265396335633236663261353137613037303363613635323265363663356366666364
61323239306533373862646132623764336530646134626461346466363266646266383635366231
35613835313661656163623364383162323234303265333636616133353732343866396632353538
33656538383036626332623464366539613632343565393665333966636437663937633137663466
363663343236636536353430313064663163
66626631383238663762323361393430343261633334343136663961663830313561336466626332
3633386335626464323163653434383564366136303833630a363031333566646164333963663430
38623163373764393335333439393063306435366563656237393564383962303563613330623833
3635313965323931340a663634633036346461656335633034366238326466326561386133373066
34313462313939643136353636663033363436333664303632333731636666366262633464366564
63653534353637666639643239383736663538306666333736303764626439336539396463643233
32643336393732363631303637306663636165656463666363373166326633663434376134663535
38366234306131316462303264316263353036386462376131313464623133313832336566616236
62656562623964353739353133343236356536633739666466383038313534663262636663396361
64393664336430313766643161396466373665303935313764356334306330666465633833313034
38393963303039373731396235316136643533393566623732663461356434616232616435363031
63386164636662656332343835316635616637336332626630326634303937643632323533346565
36383530316537663064383733643632313630393565613737613563653862383532346330303436
39376466393232613665393762666363663364646339303630356431343838653135613232353336
64626466333361323439383837303661646239303334353831353265383263346431303062653435
34313265616134306635626239376532323130383231373463313735636530386435656165353139
63343730396362636235656161633039656533373931363431303733623933363439356634343738
37643931363637306665663332306333393362323265646333613466383062623931623133343236
30343063613636373963393530346661323835386133346262323832353162386165636362393038
35353634336562666637336263656566343261376234646135653063366536383835333263363231
6230
roles/archweb/tasks/main.yml
View file @
95494a89
...
...
@@ -63,10 +63,10 @@
no_log
:
true
when
:
archweb_site or archweb_services
with_items
:
-
{
user
:
"
{{
archweb_db_site_user
}}"
,
password
:
"
{{
archweb_db_site_password
}}"
}
-
{
user
:
"
{{
archweb_db_services_user
}}"
,
password
:
"
{{
archweb_db_services_password
}}"
}
-
{
user
:
"
{{
archweb_db_dbscripts_user
}}"
,
password
:
"
{{
archweb_db_dbscripts_password
}}"
}
-
{
user
:
"
{{
archweb_db_backup_user
}}"
,
password
:
"
{{
archweb_db_backup_password
}}"
}
-
{
user
:
"
{{
archweb_db_site_user
}}"
,
password
:
"
{{
vault_
archweb_db_site_password
}}"
}
-
{
user
:
"
{{
archweb_db_services_user
}}"
,
password
:
"
{{
vault_
archweb_db_services_password
}}"
}
-
{
user
:
"
{{
archweb_db_dbscripts_user
}}"
,
password
:
"
{{
vault_
archweb_db_dbscripts_password
}}"
}
-
{
user
:
"
{{
archweb_db_backup_user
}}"
,
password
:
"
{{
vault_
archweb_db_backup_password
}}"
}
-
name
:
create archweb db
postgresql_db
:
name="{{ archweb_db }}" login_host="{{ archweb_db_host }}" login_password="{{ postgres_users.postgres }}" owner="{{ archweb_db_site_user }}"
...
...
@@ -80,7 +80,7 @@
when
:
archweb_site and (db_created.changed or release.changed or config.changed or virtualenv.changed or archweb_forced_deploy)
-
name
:
db privileges for archweb users
postgresql_privs
:
database="{{ archweb_db }}" host="{{ archweb_db_host }}" login="{{ archweb_db_site_user }}" password="{{ archweb_db_site_password }}"
postgresql_privs
:
database="{{ archweb_db }}" host="{{ archweb_db_host }}" login="{{ archweb_db_site_user }}" password="{{
vault_
archweb_db_site_password }}"
privs=CONNECT roles="{{ item }}" type=database
when
:
archweb_site or archweb_services
with_items
:
...
...
@@ -89,7 +89,7 @@
-
"
{{
archweb_db_backup_user
}}"
-
name
:
table privileges for archweb users
postgresql_privs
:
database="{{ archweb_db }}" host="{{ archweb_db_host }}" login="{{ archweb_db_site_user }}" password="{{ archweb_db_site_password }}"
postgresql_privs
:
database="{{ archweb_db }}" host="{{ archweb_db_host }}" login="{{ archweb_db_site_user }}" password="{{
vault_
archweb_db_site_password }}"
privs=SELECT roles="{{ item.user }}" type=table objs="{{ item.objs }}"
when
:
archweb_site or archweb_services
with_items
:
...
...
@@ -98,7 +98,7 @@
-
{
user
:
"
{{
archweb_db_backup_user
}}"
,
objs
:
"
{{
archweb_db_backup_table_objs
}}"
}
-
name
:
sequence privileges for archweb users
postgresql_privs
:
database="{{ archweb_db }}" host="{{ archweb_db_host }}" login="{{ archweb_db_site_user }}" password="{{ archweb_db_site_password }}"
postgresql_privs
:
database="{{ archweb_db }}" host="{{ archweb_db_host }}" login="{{ archweb_db_site_user }}" password="{{
vault_
archweb_db_site_password }}"
privs=SELECT roles="{{ item.user }}" type=sequence objs="{{ item.objs }}"
when
:
archweb_site or archweb_services
with_items
:
...
...
roles/archweb/templates/local_settings.py.j2
View file @
95494a89
...
...
@@ -28,7 +28,7 @@ DATABASES = {
{% endif %}
'NAME' : '{{ archweb_db }}',
'USER' : '{{ archweb_db_site_user }}',
'PASSWORD': '{{ archweb_db_site_password }}',
'PASSWORD': '{{
vault_
archweb_db_site_password }}',
'OPTIONS' : {
'application_name': 'archweb',
{% if archweb_db_host != 'localhost' %}
...
...
@@ -61,7 +61,7 @@ MEDIA_ROOT = '{{ archweb_dir }}/media/img'
MEDIA_URL = '/img/'
# Make this unique, and don't share it with anybody.
SECRET_KEY = '{{ archweb_secret_key }}'
SECRET_KEY = '{{
vault_
archweb_secret_key }}'
# Hostnames we allow this site to be served under
ALLOWED_HOSTS = ['{{ archweb_domain }}']
...
...
roles/dbscripts/templates/gen_rsyncd.conf.pl
View file @
95494a89
...
...
@@ -7,7 +7,7 @@ use Data::Dumper;
# TODO put these into credentials.ini and use Config::Simple to read it
my
$user
=
'
{{ archweb_db_dbscripts_user }}
';
my
$pass
=
'
{{ archweb_db_dbscripts_password }}
';
my
$pass
=
'
{{
vault_
archweb_db_dbscripts_password }}
';
my
$db
=
'
DBI:Pg:dbname={{ archweb_db }};host={{ archweb_db_host }}{% if postgres_ssl ==
'
on
'
%};sslmode=require{% endif %}
';
my
$scriptdir
=
"
/etc/rsyncd-conf-genscripts
";
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment