Merge pull request #9387 from rooftopcellist/secret_key_dev

Mount SECRET_KEY into dev env & document it Reviewed-by: https://github.com/apps/softwarefactory-project-zuul
2026-01-11 01:57:35 -03:30 · 2021-02-23 20:22:58 +00:00 · 2021-02-23 20:22:58 +00:00 · fb6ce4bed3
commit fb6ce4bed3
parent 240556b5d6 7ae19a8ba3
4 changed files with 15 additions and 2 deletions
--- a/awx/settings/defaults.py
+++ b/awx/settings/defaults.py
@ -1,6 +1,7 @@
 # Copyright (c) 2015 Ansible, Inc.
 # All Rights Reserved.

+import base64
 import os
 import re  # noqa
 import sys
@ -148,7 +149,10 @@ SCHEDULE_MAX_JOBS = 10
 SITE_ID = 1

 # Make this unique, and don't share it with anybody.
-SECRET_KEY = 'p7z7g1ql4%6+(6nlebb6hdk7sd^&fnjpal308%n%+p^_e6vo1y'
+if os.path.exists('/etc/tower/SECRET_KEY'):
+    SECRET_KEY = open('/etc/tower/SECRET_KEY', 'rb').read().strip()
+else:
+    SECRET_KEY = base64.encodebytes(os.urandom(32)).decode().rstrip()

 # Hosts/domain names that are valid for this site; required if DEBUG is False
 # See https://docs.djangoproject.com/en/dev/ref/settings/#allowed-hosts
--- a/tools/docker-compose/ansible/roles/sources/tasks/main.yml
+++ b/tools/docker-compose/ansible/roles/sources/tasks/main.yml
@ -30,6 +30,12 @@
  when: not lookup('vars', item.item, default='')
  loop: "{{ secrets.results }}"

+- name: Write out SECRET_KEY
+  copy:
+    content: "{{ secret_key }}"
+    dest: "{{ sources_dest }}/SECRET_KEY"
+  no_log: true
+
 - name: Render configuration templates
  template:
    src: "{{ item }}.j2"
--- a/tools/docker-compose/ansible/roles/sources/templates/docker-compose.yml.j2
+++ b/tools/docker-compose/ansible/roles/sources/templates/docker-compose.yml.j2
@ -30,6 +30,7 @@ services:
      - "../../docker-compose/_sources/database.py:/etc/tower/conf.d/database.py"
      - "../../docker-compose/_sources/websocket_secret.py:/etc/tower/conf.d/websocket_secret.py"
      - "../../docker-compose/_sources/local_settings.py:/etc/tower/conf.d/local_settings.py"
+      - "../../docker-compose/_sources/SECRET_KEY:/etc/tower/SECRET_KEY"
      - "redis_socket:/var/run/redis/:rw"
    privileged: true
    tty: true
--- a/tools/docker-compose/docs/data_migration.md
+++ b/tools/docker-compose/docs/data_migration.md
@ -5,13 +5,15 @@ migrate your data to the development environment via the migrate.yml playbook, o

 > Note: This will also convert your postgresql bind-mount into a docker volume.

+First, in the  `inventory` file, set your `pg_password`, `broadcast_websocket_secret`, `secret_key`, and any other settings you need for your deployment.  **Make sure you use the same secret key value you had with your previous Local Docker deployment.**  
+
 ### Migrate data with migrate.yml

 If you had a custom pgdocker or awxcompose location, you will need to set the `postgres_data_dir` and `old_docker_compose_dir` variables. 

 1. Run the [migrate playbook](./ansible/migrate.yml) to migrate your data to the new postgresql container and convert the data directory to a volume mount.
 ```bash
-$ ansible-playbook migrate.yml -e "migrate_local_docker=true" -e "postgres_data_dir=~/.awx/pgdocker" -e "old_docker_compose_dir=~/.awx/awxcompose"
+$ ansible-playbook  -i tools/docker-compose/inventory tools/docker-compose/migrate.yml -e "migrate_local_docker=true" -e "postgres_data_dir=~/.awx/pgdocker" -e "old_docker_compose_dir=~/.awx/awxcompose"
 ```

 2. Change directory to the top of your awx checkout and start your containers