Commit 95494a89 authored by Florian Pritz's avatar Florian Pritz
Browse files

Improve group vars vault usage for archweb

parent a3a6dc24
$ANSIBLE_VAULT;1.1;AES256
65633636613766313863666361643338646438343264323039656632306337313666386261636539
6436643237633235336163653733663630396238313337640a313939313062383462313066636338
64326135396461336139343730313234623833643135323561626336623663366465663630326437
3336383164623039620a626533376130633134613565383762653533333937333838363032646437
32323235333661666332333030363630336435343966396261383466393831353230666538316533
32613765373236313563666335653935646331623132363739393833343235643638356534376363
36663634346135623836356265343462653933666231343434633561626136306435373266373735
38333239313762396364383563653238373939313164613432353162303431396166646532366634
31383731303436353731303739373038333633646165333735383531316638653463656166383739
63333232313937313934373364336634363235656462613339666535626232333339396364613231
32643438396630313033336532393837663538643339333733333134323632363965656333646137
62343034613936393833316562366132343636363634306561363263376135353861653436613633
33616462666662626264303066353535653634323565653033666265613662343666643530666535
32613038663638356134616233343836393534386466656564363836626339373631663363333434
61356134383265396335633236663261353137613037303363613635323265363663356366666364
61323239306533373862646132623764336530646134626461346466363266646266383635366231
35613835313661656163623364383162323234303265333636616133353732343866396632353538
33656538383036626332623464366539613632343565393665333966636437663937633137663466
363663343236636536353430313064663163
66626631383238663762323361393430343261633334343136663961663830313561336466626332
3633386335626464323163653434383564366136303833630a363031333566646164333963663430
38623163373764393335333439393063306435366563656237393564383962303563613330623833
3635313965323931340a663634633036346461656335633034366238326466326561386133373066
34313462313939643136353636663033363436333664303632333731636666366262633464366564
63653534353637666639643239383736663538306666333736303764626439336539396463643233
32643336393732363631303637306663636165656463666363373166326633663434376134663535
38366234306131316462303264316263353036386462376131313464623133313832336566616236
62656562623964353739353133343236356536633739666466383038313534663262636663396361
64393664336430313766643161396466373665303935313764356334306330666465633833313034
38393963303039373731396235316136643533393566623732663461356434616232616435363031
63386164636662656332343835316635616637336332626630326634303937643632323533346565
36383530316537663064383733643632313630393565613737613563653862383532346330303436
39376466393232613665393762666363663364646339303630356431343838653135613232353336
64626466333361323439383837303661646239303334353831353265383263346431303062653435
34313265616134306635626239376532323130383231373463313735636530386435656165353139
63343730396362636235656161633039656533373931363431303733623933363439356634343738
37643931363637306665663332306333393362323265646333613466383062623931623133343236
30343063613636373963393530346661323835386133346262323832353162386165636362393038
35353634336562666637336263656566343261376234646135653063366536383835333263363231
6230
......@@ -63,10 +63,10 @@
no_log: true
when: archweb_site or archweb_services
with_items:
- { user: "{{ archweb_db_site_user }}", password: "{{ archweb_db_site_password }}" }
- { user: "{{ archweb_db_services_user }}", password: "{{ archweb_db_services_password }}" }
- { user: "{{ archweb_db_dbscripts_user }}", password: "{{ archweb_db_dbscripts_password }}" }
- { user: "{{ archweb_db_backup_user }}", password: "{{ archweb_db_backup_password }}" }
- { user: "{{ archweb_db_site_user }}", password: "{{ vault_archweb_db_site_password }}" }
- { user: "{{ archweb_db_services_user }}", password: "{{ vault_archweb_db_services_password }}" }
- { user: "{{ archweb_db_dbscripts_user }}", password: "{{ vault_archweb_db_dbscripts_password }}" }
- { user: "{{ archweb_db_backup_user }}", password: "{{ vault_archweb_db_backup_password }}" }
- name: create archweb db
postgresql_db: name="{{ archweb_db }}" login_host="{{ archweb_db_host }}" login_password="{{ postgres_users.postgres }}" owner="{{ archweb_db_site_user }}"
......@@ -80,7 +80,7 @@
when: archweb_site and (db_created.changed or release.changed or config.changed or virtualenv.changed or archweb_forced_deploy)
- name: db privileges for archweb users
postgresql_privs: database="{{ archweb_db }}" host="{{ archweb_db_host }}" login="{{ archweb_db_site_user }}" password="{{ archweb_db_site_password }}"
postgresql_privs: database="{{ archweb_db }}" host="{{ archweb_db_host }}" login="{{ archweb_db_site_user }}" password="{{ vault_archweb_db_site_password }}"
privs=CONNECT roles="{{ item }}" type=database
when: archweb_site or archweb_services
with_items:
......@@ -89,7 +89,7 @@
- "{{ archweb_db_backup_user }}"
- name: table privileges for archweb users
postgresql_privs: database="{{ archweb_db }}" host="{{ archweb_db_host }}" login="{{ archweb_db_site_user }}" password="{{ archweb_db_site_password }}"
postgresql_privs: database="{{ archweb_db }}" host="{{ archweb_db_host }}" login="{{ archweb_db_site_user }}" password="{{ vault_archweb_db_site_password }}"
privs=SELECT roles="{{ item.user }}" type=table objs="{{ item.objs }}"
when: archweb_site or archweb_services
with_items:
......@@ -98,7 +98,7 @@
- { user: "{{ archweb_db_backup_user }}", objs: "{{ archweb_db_backup_table_objs }}" }
- name: sequence privileges for archweb users
postgresql_privs: database="{{ archweb_db }}" host="{{ archweb_db_host }}" login="{{ archweb_db_site_user }}" password="{{ archweb_db_site_password }}"
postgresql_privs: database="{{ archweb_db }}" host="{{ archweb_db_host }}" login="{{ archweb_db_site_user }}" password="{{ vault_archweb_db_site_password }}"
privs=SELECT roles="{{ item.user }}" type=sequence objs="{{ item.objs }}"
when: archweb_site or archweb_services
with_items:
......
......@@ -28,7 +28,7 @@ DATABASES = {
{% endif %}
'NAME' : '{{ archweb_db }}',
'USER' : '{{ archweb_db_site_user }}',
'PASSWORD': '{{ archweb_db_site_password }}',
'PASSWORD': '{{ vault_archweb_db_site_password }}',
'OPTIONS' : {
'application_name': 'archweb',
{% if archweb_db_host != 'localhost' %}
......@@ -61,7 +61,7 @@ MEDIA_ROOT = '{{ archweb_dir }}/media/img'
MEDIA_URL = '/img/'
# Make this unique, and don't share it with anybody.
SECRET_KEY = '{{ archweb_secret_key }}'
SECRET_KEY = '{{ vault_archweb_secret_key }}'
# Hostnames we allow this site to be served under
ALLOWED_HOSTS = ['{{ archweb_domain }}']
......
......@@ -7,7 +7,7 @@ use Data::Dumper;
# TODO put these into credentials.ini and use Config::Simple to read it
my $user = '{{ archweb_db_dbscripts_user }}';
my $pass = '{{ archweb_db_dbscripts_password }}';
my $pass = '{{ vault_archweb_db_dbscripts_password }}';
my $db = 'DBI:Pg:dbname={{ archweb_db }};host={{ archweb_db_host }}{% if postgres_ssl == 'on' %};sslmode=require{% endif %}';
my $scriptdir="/etc/rsyncd-conf-genscripts";
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment