mirror of
https://github.com/ansible/awx.git
synced 2026-02-04 02:58:13 -03:30
fcf75af6a7
update test data files Adopt official vendor location openstack not published yet Add collections to show paths Add collections loc to installer settings Add vendored collections to show path again
209 lines
7.9 KiB
Django/Jinja
209 lines
7.9 KiB
Django/Jinja
apiVersion: v1
|
|
kind: ConfigMap
|
|
metadata:
|
|
name: {{ kubernetes_deployment_name }}-config
|
|
namespace: {{ kubernetes_namespace }}
|
|
data:
|
|
{{ kubernetes_deployment_name }}_nginx_conf: |
|
|
#user awx;
|
|
|
|
worker_processes 1;
|
|
|
|
pid /tmp/nginx.pid;
|
|
|
|
events {
|
|
worker_connections 1024;
|
|
}
|
|
|
|
http {
|
|
include /etc/nginx/mime.types;
|
|
default_type application/octet-stream;
|
|
server_tokens off;
|
|
|
|
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
|
|
'$status $body_bytes_sent "$http_referer" '
|
|
'"$http_user_agent" "$http_x_forwarded_for"';
|
|
|
|
access_log /dev/stdout main;
|
|
|
|
map $http_upgrade $connection_upgrade {
|
|
default upgrade;
|
|
'' close;
|
|
}
|
|
|
|
sendfile on;
|
|
#tcp_nopush on;
|
|
#gzip on;
|
|
|
|
upstream uwsgi {
|
|
server 127.0.0.1:8050;
|
|
}
|
|
|
|
upstream daphne {
|
|
server 127.0.0.1:8051;
|
|
}
|
|
|
|
{% if ssl_certificate is defined %}
|
|
server {
|
|
listen 8052 default_server;
|
|
server_name _;
|
|
|
|
# Redirect all HTTP links to the matching HTTPS page
|
|
return 301 https://$host$request_uri;
|
|
}
|
|
{%endif %}
|
|
|
|
server {
|
|
{% if ssl_certificate is defined %}
|
|
listen 8053 ssl;
|
|
|
|
ssl_certificate /etc/nginx/awxweb.pem;
|
|
ssl_certificate_key /etc/nginx/awxweb.pem;
|
|
{% else %}
|
|
listen 8052 default_server;
|
|
{% endif %}
|
|
|
|
# If you have a domain name, this is where to add it
|
|
server_name _;
|
|
keepalive_timeout 65;
|
|
|
|
# HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
|
|
add_header Strict-Transport-Security max-age=15768000;
|
|
add_header Content-Security-Policy "default-src 'self'; connect-src 'self' ws: wss:; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' *.pendo.io; img-src 'self' *.pendo.io data:; report-uri /csp-violation/";
|
|
add_header X-Content-Security-Policy "default-src 'self'; connect-src 'self' ws: wss:; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' *.pendo.io; img-src 'self' *.pendo.io data:; report-uri /csp-violation/";
|
|
|
|
# Protect against click-jacking https://www.owasp.org/index.php/Testing_for_Clickjacking_(OTG-CLIENT-009)
|
|
add_header X-Frame-Options "DENY";
|
|
|
|
location /nginx_status {
|
|
stub_status on;
|
|
access_log off;
|
|
allow 127.0.0.1;
|
|
deny all;
|
|
}
|
|
|
|
location /static/ {
|
|
alias /var/lib/awx/public/static/;
|
|
}
|
|
|
|
location /favicon.ico { alias /var/lib/awx/public/static/favicon.ico; }
|
|
|
|
location /websocket {
|
|
# Pass request to the upstream alias
|
|
proxy_pass http://daphne;
|
|
# Require http version 1.1 to allow for upgrade requests
|
|
proxy_http_version 1.1;
|
|
# We want proxy_buffering off for proxying to websockets.
|
|
proxy_buffering off;
|
|
# http://en.wikipedia.org/wiki/X-Forwarded-For
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
# enable this if you use HTTPS:
|
|
proxy_set_header X-Forwarded-Proto https;
|
|
# pass the Host: header from the client for the sake of redirects
|
|
proxy_set_header Host $http_host;
|
|
# We've set the Host header, so we don't need Nginx to muddle
|
|
# about with redirects
|
|
proxy_redirect off;
|
|
# Depending on the request value, set the Upgrade and
|
|
# connection headers
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection $connection_upgrade;
|
|
}
|
|
|
|
location / {
|
|
# Add trailing / if missing
|
|
rewrite ^(.*)$http_host(.*[^/])$ $1$http_host$2/ permanent;
|
|
uwsgi_read_timeout 120s;
|
|
uwsgi_pass uwsgi;
|
|
include /etc/nginx/uwsgi_params;
|
|
{%- if extra_nginx_include is defined %}
|
|
include {{ extra_nginx_include }};
|
|
{%- endif %}
|
|
proxy_set_header X-Forwarded-Port 443;
|
|
uwsgi_param HTTP_X_FORWARDED_PORT 443;
|
|
}
|
|
}
|
|
}
|
|
|
|
{{ kubernetes_deployment_name }}_settings: |
|
|
import os
|
|
import socket
|
|
ADMINS = ()
|
|
|
|
AWX_PROOT_ENABLED = True
|
|
|
|
# Automatically deprovision pods that go offline
|
|
AWX_AUTO_DEPROVISION_INSTANCES = True
|
|
|
|
SYSTEM_TASK_ABS_CPU = {{ ((task_cpu_request|int / 1000) * 4)|int }}
|
|
SYSTEM_TASK_ABS_MEM = {{ ((task_mem_request|int * 1024) / 100)|int }}
|
|
|
|
INSIGHTS_URL_BASE = "{{ insights_url_base }}"
|
|
INSIGHTS_AGENT_MIME = "{{ insights_agent_mime }}"
|
|
AUTOMATION_ANALYTICS_URL = "{{ automation_analytics_url }}"
|
|
|
|
#Autoprovisioning should replace this
|
|
CLUSTER_HOST_ID = socket.gethostname()
|
|
SYSTEM_UUID = os.environ.get('MY_POD_UID', '00000000-0000-0000-0000-000000000000')
|
|
|
|
SESSION_COOKIE_SECURE = False
|
|
CSRF_COOKIE_SECURE = False
|
|
|
|
REMOTE_HOST_HEADERS = ['HTTP_X_FORWARDED_FOR']
|
|
|
|
STATIC_ROOT = '/var/lib/awx/public/static'
|
|
PROJECTS_ROOT = '/var/lib/awx/projects'
|
|
INVENTORY_COLLECTIONS_ROOT = '/var/lib/awx/vendor/inventory_collections'
|
|
JOBOUTPUT_ROOT = '/var/lib/awx/job_status'
|
|
SECRET_KEY = open('/etc/tower/SECRET_KEY', 'rb').read().strip()
|
|
ALLOWED_HOSTS = ['*']
|
|
INTERNAL_API_URL = 'http://127.0.0.1:8052'
|
|
SERVER_EMAIL = 'root@localhost'
|
|
DEFAULT_FROM_EMAIL = 'webmaster@localhost'
|
|
EMAIL_SUBJECT_PREFIX = '[AWX] '
|
|
EMAIL_HOST = 'localhost'
|
|
EMAIL_PORT = 25
|
|
EMAIL_HOST_USER = ''
|
|
EMAIL_HOST_PASSWORD = ''
|
|
EMAIL_USE_TLS = False
|
|
|
|
LOGGING['handlers']['console'] = {
|
|
'()': 'logging.StreamHandler',
|
|
'level': 'DEBUG',
|
|
'formatter': 'simple',
|
|
}
|
|
|
|
LOGGING['loggers']['django.request']['handlers'] = ['console']
|
|
LOGGING['loggers']['rest_framework.request']['handlers'] = ['console']
|
|
LOGGING['loggers']['awx']['handlers'] = ['console', 'external_logger']
|
|
LOGGING['loggers']['awx.main.commands.run_callback_receiver']['handlers'] = ['console']
|
|
LOGGING['loggers']['awx.main.commands.inventory_import']['handlers'] = ['console']
|
|
LOGGING['loggers']['awx.main.tasks']['handlers'] = ['console', 'external_logger']
|
|
LOGGING['loggers']['awx.main.scheduler']['handlers'] = ['console', 'external_logger']
|
|
LOGGING['loggers']['django_auth_ldap']['handlers'] = ['console']
|
|
LOGGING['loggers']['social']['handlers'] = ['console']
|
|
LOGGING['loggers']['system_tracking_migrations']['handlers'] = ['console']
|
|
LOGGING['loggers']['rbac_migrations']['handlers'] = ['console']
|
|
LOGGING['loggers']['awx.isolated.manager.playbooks']['handlers'] = ['console']
|
|
LOGGING['handlers']['callback_receiver'] = {'class': 'logging.NullHandler'}
|
|
LOGGING['handlers']['fact_receiver'] = {'class': 'logging.NullHandler'}
|
|
LOGGING['handlers']['task_system'] = {'class': 'logging.NullHandler'}
|
|
LOGGING['handlers']['tower_warnings'] = {'class': 'logging.NullHandler'}
|
|
LOGGING['handlers']['rbac_migrations'] = {'class': 'logging.NullHandler'}
|
|
LOGGING['handlers']['system_tracking_migrations'] = {'class': 'logging.NullHandler'}
|
|
LOGGING['handlers']['management_playbooks'] = {'class': 'logging.NullHandler'}
|
|
|
|
USE_X_FORWARDED_PORT = True
|
|
|
|
AWX_CONTAINER_GROUP_DEFAULT_IMAGE = "{{ container_groups_image }}"
|
|
REDHAT_CANDLEPIN_HOST = "{{ candlepin_host | default(omit) }}"
|
|
REDHAT_CANDLEPIN_VERIFY = "{{ candlepin_verify | default(omit) }}"
|
|
BROADCAST_WEBSOCKET_PORT = 8052
|
|
BROADCAST_WEBSOCKET_PROTOCOL = 'http'
|
|
|
|
{{ kubernetes_deployment_name }}_redis_conf: |
|
|
unixsocket /var/run/redis/redis.sock
|
|
unixsocketperm 777
|
|
port 0
|
|
bind 127.0.0.1
|