From 589531163ab72b7fe304fe23fbd63994c2247720 Mon Sep 17 00:00:00 2001 From: Marius Rieder Date: Mon, 21 Jan 2019 19:47:34 +0100 Subject: [PATCH 1/2] Add pg_sslmode option. Allows to use PostgreSQL over SSL #709 --- installer/inventory | 1 + installer/roles/image_build/files/settings.py | 3 +++ installer/roles/local_docker/tasks/standalone.yml | 2 ++ 3 files changed, 6 insertions(+) diff --git a/installer/inventory b/installer/inventory index e64eef7f3a..b6c32e226e 100644 --- a/installer/inventory +++ b/installer/inventory @@ -85,6 +85,7 @@ pg_username=awx pg_password=awxpass pg_database=awx pg_port=5432 +#pg_sslmode=require # RabbitMQ Configuration rabbitmq_password=awxpass diff --git a/installer/roles/image_build/files/settings.py b/installer/roles/image_build/files/settings.py index e8fd788c00..298792db63 100644 --- a/installer/roles/image_build/files/settings.py +++ b/installer/roles/image_build/files/settings.py @@ -84,6 +84,9 @@ DATABASES = { } } +if os.getenv("DATABASE_SSLMODE", False): + DATABASES['default']['OPTIONS'] = {'sslmode': os.getenv("DATABASE_SSLMODE")} + BROKER_URL = 'amqp://{}:{}@{}:{}/{}'.format( os.getenv("RABBITMQ_USER", None), os.getenv("RABBITMQ_PASSWORD", None), diff --git a/installer/roles/local_docker/tasks/standalone.yml b/installer/roles/local_docker/tasks/standalone.yml index ad7a064921..7994e75d4a 100644 --- a/installer/roles/local_docker/tasks/standalone.yml +++ b/installer/roles/local_docker/tasks/standalone.yml @@ -104,6 +104,7 @@ DATABASE_PASSWORD: "{{ pg_password }}" DATABASE_PORT: "{{ pg_port }}" DATABASE_HOST: "{{ pg_hostname_actual }}" + DATABASE_SSLMODE: "{{ pg_sslmode }}" RABBITMQ_USER: "{{ rabbitmq_default_username }}" RABBITMQ_PASSWORD: "{{ rabbitmq_default_password }}" RABBITMQ_HOST: "rabbitmq" @@ -145,6 +146,7 @@ DATABASE_PASSWORD: "{{ pg_password }}" DATABASE_HOST: "{{ pg_hostname_actual }}" DATABASE_PORT: "{{ pg_port }}" + DATABASE_SSLMODE: "{{ pg_sslmode }}" RABBITMQ_USER: "{{ rabbitmq_default_username }}" RABBITMQ_PASSWORD: "{{ rabbitmq_default_password }}" RABBITMQ_HOST: "rabbitmq" From 072919040b2c67a1bef05c508cff8aeed568a3f7 Mon Sep 17 00:00:00 2001 From: Marius Rieder Date: Tue, 22 Jan 2019 17:24:44 +0100 Subject: [PATCH 2/2] Omit DATABASE_SSLMODE if not set. --- installer/roles/local_docker/tasks/standalone.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/installer/roles/local_docker/tasks/standalone.yml b/installer/roles/local_docker/tasks/standalone.yml index 7994e75d4a..0b903c4a87 100644 --- a/installer/roles/local_docker/tasks/standalone.yml +++ b/installer/roles/local_docker/tasks/standalone.yml @@ -104,7 +104,7 @@ DATABASE_PASSWORD: "{{ pg_password }}" DATABASE_PORT: "{{ pg_port }}" DATABASE_HOST: "{{ pg_hostname_actual }}" - DATABASE_SSLMODE: "{{ pg_sslmode }}" + DATABASE_SSLMODE: "{{ pg_sslmode | default(omit) }}" RABBITMQ_USER: "{{ rabbitmq_default_username }}" RABBITMQ_PASSWORD: "{{ rabbitmq_default_password }}" RABBITMQ_HOST: "rabbitmq" @@ -146,7 +146,7 @@ DATABASE_PASSWORD: "{{ pg_password }}" DATABASE_HOST: "{{ pg_hostname_actual }}" DATABASE_PORT: "{{ pg_port }}" - DATABASE_SSLMODE: "{{ pg_sslmode }}" + DATABASE_SSLMODE: "{{ pg_sslmode | default(omit) }}" RABBITMQ_USER: "{{ rabbitmq_default_username }}" RABBITMQ_PASSWORD: "{{ rabbitmq_default_password }}" RABBITMQ_HOST: "rabbitmq"