You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airavata.apache.org by ma...@apache.org on 2020/01/31 21:20:34 UTC
[airavata] 01/02: Ansible: control setting django
KEYCLOAK_CA_CERTFILE setting
This is an automated email from the ASF dual-hosted git repository.
machristie pushed a commit to branch RPID+SEAGrid
in repository https://gitbox.apache.org/repos/asf/airavata.git
commit ca9671ddbe058d2bc7473985f2542561377c7d1a
Author: Marcus Christie <ma...@apache.org>
AuthorDate: Fri Jan 31 16:07:28 2020 -0500
Ansible: control setting django KEYCLOAK_CA_CERTFILE setting
---
.../ansible/inventories/scigap/develop/group_vars/django/vars.yml | 1 +
.../inventories/scigap/production/group_vars/django/vars.yml | 1 +
.../ansible/inventories/scigap/staging/group_vars/django/vars.yml | 1 +
dev-tools/ansible/roles/django/defaults/main.yml | 7 +++++++
dev-tools/ansible/roles/django/templates/settings_local.py.j2 | 4 +++-
5 files changed, 13 insertions(+), 1 deletion(-)
diff --git a/dev-tools/ansible/inventories/scigap/develop/group_vars/django/vars.yml b/dev-tools/ansible/inventories/scigap/develop/group_vars/django/vars.yml
index babad60..2a544e5 100644
--- a/dev-tools/ansible/inventories/scigap/develop/group_vars/django/vars.yml
+++ b/dev-tools/ansible/inventories/scigap/develop/group_vars/django/vars.yml
@@ -31,3 +31,4 @@ django_database_name: "django_{{ gateway_id }}"
django_hidden_airavata_apps: "['django_airavata_dataparsers']"
django_tus_endpoint: "https://tus.dev.scigap.org/files/"
airavata_django_git_branch: "develop"
+django_keycloak_ca_certfile_path: 'os.path.join(BASE_DIR, "django_airavata", "resources", "incommon_rsa_server_ca.pem")'
diff --git a/dev-tools/ansible/inventories/scigap/production/group_vars/django/vars.yml b/dev-tools/ansible/inventories/scigap/production/group_vars/django/vars.yml
index 8ae8991..cd72b12 100644
--- a/dev-tools/ansible/inventories/scigap/production/group_vars/django/vars.yml
+++ b/dev-tools/ansible/inventories/scigap/production/group_vars/django/vars.yml
@@ -28,6 +28,7 @@ doc_root_dir: "/var/www/portals/django-{{gateway_id}}"
django_database_name: "django_{{ inventory_hostname }}"
django_hidden_airavata_apps: "['django_airavata_dataparsers']"
django_tus_endpoint: "https://tus.airavata.org/files/"
+django_keycloak_ca_certfile_path: 'os.path.join(BASE_DIR, "django_airavata", "resources", "incommon_rsa_server_ca.pem")'
# Default email settings
portal_email_host: "smtp.gmail.com"
diff --git a/dev-tools/ansible/inventories/scigap/staging/group_vars/django/vars.yml b/dev-tools/ansible/inventories/scigap/staging/group_vars/django/vars.yml
index 76c4dc5..977fcce 100644
--- a/dev-tools/ansible/inventories/scigap/staging/group_vars/django/vars.yml
+++ b/dev-tools/ansible/inventories/scigap/staging/group_vars/django/vars.yml
@@ -28,6 +28,7 @@ doc_root_dir: "/var/www/portals/django-{{gateway_id}}"
django_database_name: "django_{{ inventory_hostname }}"
django_hidden_airavata_apps: "['django_airavata_dataparsers']"
django_tus_endpoint: "https://tus.staging.scigap.org/files/"
+django_keycloak_ca_certfile_path: 'os.path.join(BASE_DIR, "django_airavata", "resources", "incommon_rsa_server_ca.pem")'
# Default email settings
portal_email_host: "smtp.gmail.com"
diff --git a/dev-tools/ansible/roles/django/defaults/main.yml b/dev-tools/ansible/roles/django/defaults/main.yml
index d0276aa..a8011f7 100644
--- a/dev-tools/ansible/roles/django/defaults/main.yml
+++ b/dev-tools/ansible/roles/django/defaults/main.yml
@@ -47,6 +47,13 @@ django_hidden_airavata_apps: "[]"
django_tus_data_dir: "{{user_data_dir}}/tus-temp-dir"
django_file_upload_max_file_size_mb: 64
+# Should be a python expression that evaluates to a string representing a file path. For example:
+# django_keycloak_ca_certfile_path: "/etc/ca.pem"
+# or
+# django_keycloak_ca_certfile_path: 'os.path.join(BASE_DIR, "django_airavata", "resources", "incommon_rsa_server_ca.pem")'
+# By default it has no value meaning system default CA certs will be used for validation.
+django_keycloak_ca_certfile_path:
+
django_wsgi_processes: 2
django_debug: false
diff --git a/dev-tools/ansible/roles/django/templates/settings_local.py.j2 b/dev-tools/ansible/roles/django/templates/settings_local.py.j2
index 871c320..978863b 100644
--- a/dev-tools/ansible/roles/django/templates/settings_local.py.j2
+++ b/dev-tools/ansible/roles/django/templates/settings_local.py.j2
@@ -75,7 +75,9 @@ KEYCLOAK_AUTHORIZE_URL = '{{ oauth_service_url }}/realms/{{ tenant_domain }}/pro
KEYCLOAK_TOKEN_URL = '{{ oauth_service_url }}/realms/{{ tenant_domain }}/protocol/openid-connect/token'
KEYCLOAK_USERINFO_URL = '{{ oauth_service_url }}/realms/{{ tenant_domain }}/protocol/openid-connect/userinfo'
KEYCLOAK_LOGOUT_URL = '{{ oauth_service_url }}/realms/{{ tenant_domain }}/protocol/openid-connect/logout'
-KEYCLOAK_CA_CERTFILE = os.path.join(BASE_DIR, "django_airavata", "resources", "incommon_rsa_server_ca.pem")
+{% if django_keycloak_ca_certfile_path %}
+KEYCLOAK_CA_CERTFILE = {{ django_keycloak_ca_certfile_path }}
+{% endif %}
KEYCLOAK_VERIFY_SSL = True
AUTHENTICATION_OPTIONS = {