- use awx-python in shebang in dev env
- scl enable where needed for rhel7 & container installs
- use scram-sha-256 pg user hashing by default
- ensure psycopg2 is using the correct PG_CONFIG at build time for the right libpq version
Per #4167 a reasonable CSP was put in place, but unfortunately this
broke WebSockets support in Safari.
This is a quick fix to return support immediately. A more secure
implemetation would be beneficial in the longer term, however.
ideally we'd improve this over time to remove the `unsafe-inline` lines,
but we can't due that today because Angular1 makes use of a lot of
inline <script> and <style> tag generation
see: https://github.com/ansible/awx/issues/2056
This commit does a few things:
- Add the `--squash` option to the `awx-devel-build` make target. This reduces the resulting image size from 2.12 GB to 1.37 GB. I think we can get this down even more by inspecting the image contents.
- Reorganize commands so that the cache expires less often. Before this commit, any changes to the Makefile would essentially cause the entire image to rebuild.
- Break yum dependencies up into multiple lines. This makes it easier to see what changes in a diff.
- Use `n` to install our required version of node (rather `curl node | bash`). I’ve found this to be easier to maintain / more portable when working with other Dockerfiles.
- General organizational changes to make things easier to parse visually.
Installing the latest python36-setuptools automatically creates the symlink from python3 -> python3.6 and from python36 -> /usr/bin/python3.6. Building the images fails when the symlink is created explicitly in the AWX installer.
Signed-off-by: Uriel Mandujano <uriel.mandujano14@gmail.com>
HTTPS is, by default, expected to be on port 443.
Also, with HSTS set, we need to be sure that users attempting to arrive
via HTTP are properly redirected to HTTPS.
This does so by:
* Setting up a 301 redirect for any URL to its HTTPS version
* Adjusting the internal port for HTTPS traffic to 8053
* Setting docker-compose to share port 443 → 8053
- This is configurable via an inventory variable
Daphne has a default timeout of 86400 seconds, so after 1 day of starting
awx_web container, the stdout stops refreshing automatically on the web UI.
This fixes this issue by making the timeout infinite, so the connection
between nginx and daphne's websocket never closes.
run this command on _any_ node in an awx cluster:
$ awx-manage profile_sql --threshold=2.0 --minutes=1
...and for 1 minute, the timing for _every_ SQL query in _every_ awx
Python process that uses the Django ORM will be measured
queries that run longer than (in this example) 2 seconds will be
written to a per-process sqlite database in /var/lib/awx/profile, and
the file will contain an EXPLAIN VERBOSE for the query and the full
Python stack that led to that SQL query's execution (this includes not
just WSGI requests, but background processes like the runworker and
dispatcher)
$ awx-manage profile_sql --threshold=0
...can be used to disable profiling again (if you don't want to wait for
the minute to expire)
