External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-05-06 17:07:36 -02:30
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #3515 from shanemcd/docker-compose-permissions

Browse Source 
Fix permissions of sensitive files in docker-compose installation

Reviewed-by: https://github.com/softwarefactory-project-zuul[bot]
This commit is contained in:
softwarefactory-project-zuul[bot]
2019-03-27 14:11:31 +00:00
committed by GitHub
parent 2129f12085 c44bf6f903
commit 055e7b4974
5 changed files with 16 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
installer/install.yml
View File

@@ -1,7 +1,6 @@
--- ---
- name: Build and deploy AWX - name: Build and deploy AWX
hosts: all hosts: all
gather_facts: false
roles: roles:
- { role: check_vars } - { role: check_vars }
- { role: image_build, when: "dockerhub_base is not defined" } - { role: image_build, when: "dockerhub_base is not defined" }

1
installer/roles/local_docker/defaults/main.yml
View File

@@ -12,4 +12,3 @@ rabbitmq_default_password: "guest"
postgresql_version: "9.6" postgresql_version: "9.6"
postgresql_image: "postgres:{{postgresql_version}}" postgresql_image: "postgres:{{postgresql_version}}"
docker_compose_dir: "/var/lib/awx"

13
installer/roles/local_docker/tasks/compose.yml
View File

@@ -1,4 +1,13 @@
--- ---
- include_vars: '{{ item }}'
with_first_found:
- files:
- '{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yml' # CentOS-7
- '{{ ansible_os_family }}-{{ ansible_distribution_major_version }}.yml' # RedHat-7
- '{{ ansible_distribution }}.yml' # CentOS
- '{{ ansible_os_family }}.yml' # RedHat
- 'default.yml'
- name: Create {{ docker_compose_dir }} directory - name: Create {{ docker_compose_dir }} directory
file: file:
path: "{{ docker_compose_dir }}" path: "{{ docker_compose_dir }}"
@@ -8,22 +17,26 @@
template: template:
src: docker-compose.yml.j2 src: docker-compose.yml.j2
dest: "{{ docker_compose_dir }}/docker-compose.yml" dest: "{{ docker_compose_dir }}/docker-compose.yml"
mode: 0600
register: awx_compose_config register: awx_compose_config
- name: Render secrets file - name: Render secrets file
template: template:
src: environment.sh.j2 src: environment.sh.j2
dest: "{{ docker_compose_dir }}/environment.sh" dest: "{{ docker_compose_dir }}/environment.sh"
mode: 0600
- name: Render application credentials - name: Render application credentials
template: template:
src: credentials.py.j2 src: credentials.py.j2
dest: "{{ docker_compose_dir }}/credentials.py" dest: "{{ docker_compose_dir }}/credentials.py"
mode: 0600
- name: Render SECRET_KEY file - name: Render SECRET_KEY file
copy: copy:
content: "{{ secret_key }}" content: "{{ secret_key }}"
dest: "{{ docker_compose_dir }}/SECRET_KEY" dest: "{{ docker_compose_dir }}/SECRET_KEY"
mode: 0600
- name: Start the containers - name: Start the containers
docker_service: docker_service:

1
installer/roles/local_docker/vars/Darwin.yml Normal file
View File

@@ -0,0 +1 @@
docker_compose_dir: "/usr/local/var/lib/awx"

1
installer/roles/local_docker/vars/default.yml Normal file
View File

@@ -0,0 +1 @@
docker_compose_dir: "/var/lib/awx"