diff --git a/awx/__init__.py b/awx/__init__.py index 676d2725a9..6e7a329b5c 100644 --- a/awx/__init__.py +++ b/awx/__init__.py @@ -190,7 +190,7 @@ def manage(): sys.stdout.write('%s\n' % __version__) # If running as a user without permission to read settings, display an # error message. Allow --help to still work. - elif settings.SECRET_KEY == 'permission-denied': + elif not os.getenv('SKIP_SECRET_KEY_CHECK', False) and settings.SECRET_KEY == 'permission-denied': if len(sys.argv) == 1 or len(sys.argv) >= 2 and sys.argv[1] in ('-h', '--help', 'help'): execute_from_command_line(sys.argv) sys.stdout.write('\n') diff --git a/awx/settings/defaults.py b/awx/settings/defaults.py index e0d4262fdb..61d0d2921d 100644 --- a/awx/settings/defaults.py +++ b/awx/settings/defaults.py @@ -6,6 +6,7 @@ import os import re # noqa import sys import tempfile +import socket from datetime import timedelta @@ -1016,3 +1017,6 @@ JOB_WAITING_GRACE_PERIOD = 60 # Number of seconds after a container group job finished time to wait # before the awx_k8s_reaper task will tear down the pods K8S_POD_REAPER_GRACE_PERIOD = 60 + +# This is overridden downstream via /etc/tower/conf.d/cluster_host_id.py +CLUSTER_HOST_ID = socket.gethostname() diff --git a/tools/ansible/roles/dockerfile/files/settings.py b/tools/ansible/roles/dockerfile/files/settings.py deleted file mode 100644 index cf5db204a8..0000000000 --- a/tools/ansible/roles/dockerfile/files/settings.py +++ /dev/null @@ -1,89 +0,0 @@ -# AWX settings file - -import os -import base64 - - -def get_secret(): - if os.path.exists("/etc/tower/SECRET_KEY"): - return open('/etc/tower/SECRET_KEY', 'rb').read().strip() - else: - return base64.encodebytes(os.urandom(32)).decode().rstrip() - - -ADMINS = () - -STATIC_ROOT = '/var/lib/awx/public/static' - -PROJECTS_ROOT = '/var/lib/awx/projects' - -JOBOUTPUT_ROOT = '/var/lib/awx/job_status' - -SECRET_KEY = get_secret() - -ALLOWED_HOSTS = ['*'] - -CLUSTER_HOST_ID = "awx" -SYSTEM_UUID = '00000000-0000-0000-0000-000000000000' - -CSRF_COOKIE_SECURE = False -SESSION_COOKIE_SECURE = False - -############################################################################### -# EMAIL SETTINGS -############################################################################### - -SERVER_EMAIL = 'root@localhost' -DEFAULT_FROM_EMAIL = 'webmaster@localhost' -EMAIL_SUBJECT_PREFIX = '[AWX] ' - -EMAIL_HOST = 'localhost' -EMAIL_PORT = 25 -EMAIL_HOST_USER = '' -EMAIL_HOST_PASSWORD = '' -EMAIL_USE_TLS = False - -LOGGING['handlers']['console'] = { - '()': 'logging.StreamHandler', - 'level': 'DEBUG', - 'formatter': 'simple', - 'filters': ['guid'], -} - -LOGGING['loggers']['django.request']['handlers'] = ['console'] -LOGGING['loggers']['rest_framework.request']['handlers'] = ['console'] -LOGGING['loggers']['awx']['handlers'] = ['console', 'external_logger'] -LOGGING['loggers']['awx.main.commands.run_callback_receiver']['handlers'] = ['console'] -LOGGING['loggers']['awx.main.tasks']['handlers'] = ['console', 'external_logger'] -LOGGING['loggers']['awx.main.scheduler']['handlers'] = ['console', 'external_logger'] -LOGGING['loggers']['django_auth_ldap']['handlers'] = ['console'] -LOGGING['loggers']['social']['handlers'] = ['console'] -LOGGING['loggers']['system_tracking_migrations']['handlers'] = ['console'] -LOGGING['loggers']['rbac_migrations']['handlers'] = ['console'] -LOGGING['handlers']['callback_receiver'] = {'class': 'logging.NullHandler'} -LOGGING['handlers']['task_system'] = {'class': 'logging.NullHandler'} -LOGGING['handlers']['tower_warnings'] = {'class': 'logging.NullHandler'} -LOGGING['handlers']['rbac_migrations'] = {'class': 'logging.NullHandler'} -LOGGING['handlers']['system_tracking_migrations'] = {'class': 'logging.NullHandler'} -LOGGING['handlers']['management_playbooks'] = {'class': 'logging.NullHandler'} -LOGGING['handlers']['dispatcher'] = {'class': 'logging.NullHandler'} -LOGGING['handlers']['job_lifecycle'] = {'class': 'logging.NullHandler'} -LOGGING['handlers']['wsbroadcast'] = {'class': 'logging.NullHandler'} - -DATABASES = { - 'default': { - 'ATOMIC_REQUESTS': True, - 'ENGINE': 'awx.main.db.profiled_pg', - 'NAME': os.getenv("DATABASE_NAME", None), - 'USER': os.getenv("DATABASE_USER", None), - 'PASSWORD': os.getenv("DATABASE_PASSWORD", None), - 'HOST': os.getenv("DATABASE_HOST", None), - 'PORT': os.getenv("DATABASE_PORT", None), - } -} - -if os.getenv("DATABASE_SSLMODE", False): - DATABASES['default']['OPTIONS'] = {'sslmode': os.getenv("DATABASE_SSLMODE")} - -USE_X_FORWARDED_HOST = True -USE_X_FORWARDED_PORT = True diff --git a/tools/ansible/roles/dockerfile/templates/Dockerfile.j2 b/tools/ansible/roles/dockerfile/templates/Dockerfile.j2 index a9891b2b41..81dfaff87b 100644 --- a/tools/ansible/roles/dockerfile/templates/Dockerfile.j2 +++ b/tools/ansible/roles/dockerfile/templates/Dockerfile.j2 @@ -77,8 +77,7 @@ WORKDIR /tmp/src/ RUN make sdist && /var/lib/awx/venv/awx/bin/pip install dist/awx.tar.gz {% if not headless|bool %} -ADD tools/ansible/roles/dockerfile/files/settings.py /etc/tower/settings.py -RUN SKIP_PG_VERSION_CHECK=yes /var/lib/awx/venv/awx/bin/awx-manage collectstatic --noinput --clear +RUN AWX_SETTINGS_FILE=/dev/null SKIP_SECRET_KEY_CHECK=yes SKIP_PG_VERSION_CHECK=yes /var/lib/awx/venv/awx/bin/awx-manage collectstatic --noinput --clear {% endif %} {% endif %} @@ -210,7 +209,6 @@ ADD https://raw.githubusercontent.com/containers/libpod/master/contrib/podmanima {% else %} ADD tools/ansible/roles/dockerfile/files/launch_awx.sh /usr/bin/launch_awx.sh ADD tools/ansible/roles/dockerfile/files/launch_awx_task.sh /usr/bin/launch_awx_task.sh -ADD tools/ansible/roles/dockerfile/files/settings.py /etc/tower/settings.py ADD tools/ansible/roles/dockerfile/files/uwsgi.ini /etc/tower/uwsgi.ini ADD {{ template_dest }}/supervisor.conf /etc/supervisord.conf ADD {{ template_dest }}/supervisor_task.conf /etc/supervisord_task.conf @@ -228,7 +226,6 @@ RUN for dir in \ /var/lib/awx/rsyslog/conf.d \ /var/lib/awx/.local/share/containers/storage \ /var/run/awx-rsyslog \ - /var/log/tower \ /var/log/nginx \ /var/lib/postgresql \ /var/run/supervisor \