Do not set credentials via environment variables

2026-04-05 01:59:25 -02:30 · 2019-03-26 15:13:20 -04:00
parent 07e5a00f14
commit 2b6cf97157
13 changed files with 83 additions and 97 deletions
--- a/installer/roles/local_docker/defaults/main.yml
+++ b/installer/roles/local_docker/defaults/main.yml
@@ -10,4 +10,6 @@ rabbitmq_default_username: "guest"
 rabbitmq_default_password: "guest"

 postgresql_version: "9.6"
-postgresql_image: "postgres:{{postgresql_version}}"
+postgresql_image: "postgres:{{postgresql_version}}"
+
+docker_compose_dir: "/var/lib/awx"
--- a/installer/roles/local_docker/tasks/compose.yml
+++ b/installer/roles/local_docker/tasks/compose.yml
@@ -10,6 +10,21 @@
    dest: "{{ docker_compose_dir }}/docker-compose.yml"
  register: awx_compose_config

+- name: Render secrets file
+  template:
+    src: environment.sh.j2
+    dest: "{{ docker_compose_dir }}/environment.sh"
+
+- name: Render application credentials
+  template:
+    src: credentials.py.j2
+    dest: "{{ docker_compose_dir }}/credentials.py"
+
+- name: Render SECRET_KEY file
+  copy:
+    content: "{{ secret_key }}"
+    dest: "{{ docker_compose_dir }}/SECRET_KEY"
+
 - name: Start the containers
  docker_service:
    project_src: "{{ docker_compose_dir }}"
--- a/installer/roles/local_docker/templates/credentials.py.j2
+++ b/installer/roles/local_docker/templates/credentials.py.j2
@@ -0,0 +1,22 @@
+DATABASES = {
+    'default': {
+        'ATOMIC_REQUESTS': True,
+        'ENGINE': 'django.db.backends.postgresql',
+        'NAME': "{{ pg_database }}",
+        'USER': "{{ pg_username }}",
+        'PASSWORD': "{{ pg_password }}",
+        'HOST': "{{ pg_hostname|default('postgres') }}",
+        'PORT': "{{ pg_port }}",
+    }
+}
+BROKER_URL = 'amqp://{}:{}@{}:{}/{}'.format(
+    "{{ rabbitmq_user }}",
+    "{{ rabbitmq_password }}",
+    "localhost",
+    "5672",
+    "awx")
+CHANNEL_LAYERS = {
+    'default': {'BACKEND': 'asgi_amqp.AMQPChannelLayer',
+                'ROUTING': 'awx.main.routing.channel_routing',
+                'CONFIG': {'url': BROKER_URL}}
+}
--- a/installer/roles/local_docker/templates/docker-compose.yml.j2
+++ b/installer/roles/local_docker/templates/docker-compose.yml.j2
@@ -15,9 +15,10 @@ services:
    hostname: {{ awx_web_hostname }}
    user: root
    restart: unless-stopped
-    {% if (project_data_dir is defined) or (ca_trust_dir is defined) %}
    volumes:
-    {% endif %}
+      - "{{ docker_compose_dir }}/SECRET_KEY:/etc/tower/SECRET_KEY"
+      - "{{ docker_compose_dir }}/environment.sh:/etc/tower/conf.d/environment.sh"
+      - "{{ docker_compose_dir }}/credentials.py:/etc/tower/conf.d/credentials.py"
    {% if project_data_dir is defined %}
      - "{{ project_data_dir +':/var/lib/awx/projects:rw' }}"
    {% endif %}
@@ -46,21 +47,6 @@ services:
      http_proxy: {{ http_proxy | default('') }}
      https_proxy: {{ https_proxy | default('') }}
      no_proxy: {{ no_proxy | default('') }}
-      SECRET_KEY: {{ secret_key }}
-      DATABASE_NAME: {{ pg_database }}
-      DATABASE_USER: {{ pg_username }}
-      DATABASE_PASSWORD: {{ pg_password }}
-      DATABASE_PORT: {{ pg_port }}
-      DATABASE_HOST: {{ pg_hostname|default("postgres") }}
-      RABBITMQ_USER: guest
-      RABBITMQ_PASSWORD: guest
-      RABBITMQ_HOST: rabbitmq
-      RABBITMQ_PORT: 5672
-      RABBITMQ_VHOST: awx
-      MEMCACHED_HOST: memcached
-      MEMCACHED_PORT: 11211
-      AWX_ADMIN_USER: {{ admin_user|default('admin') }}
-      AWX_ADMIN_PASSWORD: {{ admin_password|default('password') }}

  task:
    image: {{ awx_task_docker_actual_image }}
@@ -74,9 +60,10 @@ services:
    hostname: {{ awx_task_hostname }}
    user: root
    restart: unless-stopped
-    {% if (project_data_dir is defined) or (ca_trust_dir is defined) %}
    volumes:
-    {% endif %}
+      - "{{ docker_compose_dir }}/SECRET_KEY:/etc/tower/SECRET_KEY"
+      - "{{ docker_compose_dir }}/environment.sh:/etc/tower/conf.d/environment.sh"
+      - "{{ docker_compose_dir }}/credentials.py:/etc/tower/conf.d/credentials.py"
    {% if project_data_dir is defined %}
      - "{{ project_data_dir +':/var/lib/awx/projects:rw' }}"
    {% endif %}
@@ -105,21 +92,6 @@ services:
      http_proxy: {{ http_proxy | default('') }}
      https_proxy: {{ https_proxy | default('') }}
      no_proxy: {{ no_proxy | default('') }}
-      SECRET_KEY: {{ secret_key }}
-      DATABASE_NAME: {{ pg_database }}
-      DATABASE_USER: {{ pg_username }}
-      DATABASE_PASSWORD: {{ pg_password }}
-      DATABASE_HOST: {{ pg_hostname|default("postgres") }}
-      DATABASE_PORT: {{ pg_port }}
-      RABBITMQ_USER: guest
-      RABBITMQ_PASSWORD: guest
-      RABBITMQ_HOST: rabbitmq
-      RABBITMQ_PORT: 5672
-      RABBITMQ_VHOST: awx
-      MEMCACHED_HOST: memcached
-      MEMCACHED_PORT: 11211
-      AWX_ADMIN_USER: {{ admin_user|default('admin') }}
-      AWX_ADMIN_PASSWORD: {{ admin_password|default('password') }}

  rabbitmq:
    image: {{ rabbitmq_image }}
--- a/installer/roles/local_docker/templates/environment.sh.j2
+++ b/installer/roles/local_docker/templates/environment.sh.j2
@@ -0,0 +1,7 @@
+DATABASE_USER={{ pg_username }}
+DATABASE_NAME={{ pg_database }}
+DATABASE_HOST={{ pg_hostname|default('postgres') }}
+DATABASE_PORT={{ pg_port|default('5432') }}
+DATABASE_PASSWORD={{ pg_password }}
+MEMCACHED_HOST={{ memcached_hostname|default('memcached') }}
+RABBITMQ_HOST={{ rabbitmq_hostname|default('rabbitmq') }}