Infrastructure/ansible
3
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions

Add fedoauth-stg for FedOAuth 3.0

Browse source
This commit is contained in:
Patrick Uiterwijk 2014-06-15 19:15:14 +00:00
parent ffba0668c2
commit 21641b2e55
4 changed files with 180 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

3
playbooks/groups/fedoauth.yml
View file

@ -65,7 +65,8 @@
- "{{ vars_path }}/{{ ansible_distribution }}.yml"
roles:
- fedoauth
- { role: fedoauth, when: env != 'staging' }
- { role: fedoauth-stg, when: env == 'staging' }
handlers:
- include: "{{ handlers }}/restart_services.yml"

63
roles/fedoauth-stg/tasks/main.yml Normal file
View file

@ -0,0 +1,63 @@
---
# Configuration for the fedoauth webapp
- name: clean yum metadata
command: yum clean all
tags:
- packages
- name: install needed packages
yum: pkg={{ item }} state=installed
with_items:
- fedoauth
- fedoauth-template-fedora
- fedoauth-backend-fedora
- fedoauth-provider-openid
- fedoauth-provider-persona
- python-psycopg2
- libsemanage-python
tags:
- packages
- name: copy fedoauth configuration
template: src=fedoauth.cfg
dest=/etc/fedoauth/fedoauth.cfg
owner=fedoauth group=fedoauth mode=0600
tags:
- config
notify:
- restart apache
- name: copy fedoauth logging configuration
template: src=fedoauth.log.cfg
dest=/etc/fedoauth/fedoauth.log.cfg
owner=fedoauth group=fedoauth mode=0600
tags:
- config
notify:
- restart apache
- name: copy fedoauth private key
copy: src={{ private }}/files/fedoauth/persona.key dest=/etc/fedoauth/persona.key
owner=fedoauth group=fedoauth mode=0600
when: env != "staging"
- name: copy fedoauth STG private key
copy: src={{ private }}/files/fedoauth/persona.stg.key dest=/etc/fedoauth/persona.stg.key
owner=fedoauth group=fedoauth mode=0600
when: env == "staging"
- name: create the database scheme
command: /usr/bin/python2 /usr/share/fedoauth/createdb.py
environment:
FEDOAUTH_CONFIG: /etc/fedoauth/fedoauth.cfg
- name: set sebooleans so fedoauth can talk to the db
action: seboolean name=httpd_can_network_connect_db
state=true
persistent=true
- name: apply selinux type to the wsgi file
file: >
dest=/usr/share/fedoauth/fedoauth.wsgi
setype=httpd_sys_content_t

84
roles/fedoauth-stg/templates/fedoauth.cfg Normal file
View file

@ -0,0 +1,84 @@
# Beware that the quotes around the values are mandatory
# GENERAL CONFIGURATION
{% if env == 'staging' %}
SQLALCHEMY_DATABASE_URI="postgresql://{{ fedoauth_db_user }}:{{ fedoauth_db_pass }}@{{ fedoauth_db_host }}.stg/{{ fedoauth_db_name }}"
{% else %}
SQLALCHEMY_DATABASE_URI="postgresql://{{ fedoauth_db_user }}:{{ fedoauth_db_pass }}@{{ fedoauth_db_host }}/{{ fedoauth_db_name }}"
{% endif %}
GLOBAL = {'reverse_proxied': True,
'cookies_secure': True,
'transactions_timeout': 5,
'template_dir': '/usr/share/fedoauth/templates/fedora/',
'logging_config_location': 'fedoauth.log.cfg',
'secret_key': '{{ fedoauth_secret_key }}',
{% if env == 'staging' %}
'url_root': 'https://id.stg.fedoraproject.org',
'static_content_root': 'https://id.stg.fedoraproject.org/static',
'enable_test_endpoint': True,
{% else %}
'url_root': 'https://id.fedoraproject.org',
'static_content_root': 'https://id.fedoraproject.org/static',
'enable_test_endpoint': False,
{% endif %}
}
AUTH_MODULE_CONFIGURATION = {
# This module authenticates against the Fedora Account System
# (https://admin.fedoraproject.org/accounts/)
'fedoauth.auth.fas.Auth_FAS': {'enabled': True,
'listed': True,
'select_image': '/static/fedora/fedora-authn-logo-white.png',
'reauth_timeout': 5,
'user_agent': 'FedOAuth',
'check_cert': True,
{% if env == 'staging' %}
'email_auth_domains': ['stg.fedoraproject.org'],
'base_url': 'https://admin.stg.fedoraproject.org/accounts/',
{% else %}
'email_auth_domains': ['fedoraproject.org'],
'base_url': 'https://admin.fedoraproject.org/accounts/',
{% endif %}
}
}
AUTH_PROVIDER_CONFIGURATION = {
'fedoauth.provider.persona': {'enabled': True,
{% if env == 'staging' %}
'domains': ['stg.fedoraproject.org'],
'private_key': {'path': '/etc/fedoauth/persona.stg.key',
'passphrase': '{{ fedoauth_persona_key_passphrase }}'},
{% else %}
'domains': ['fedoraproject.org'],
'private_key': {'path': '/etc/fedoauth/persona.key',
'passphrase': '{{ fedoauth_persona_key_passphrase }}'},
{% endif %}
},
'fedoauth.provider.openid': {'enabled': True,
{% if env == 'staging' %}
'identity_url_pattern': 'http://%(username)s.id.stg.fedoraproject.org/',
'trusted_roots': [],
{% else %}
'identity_url_pattern': 'http://%(username)s.id.fedoraproject.org/',
'trusted_roots': ['http://jenkins.cloud.fedoraproject.org/securityRealm/finishLogin',
'https://ask.fedoraproject.org/',
'https://fedorahosted.org/',
'https://badges.fedoraproject.org',
'https://apps.fedoraproject.org/tagger/',
'https://apps.fedoraproject.org/nuancier/',
'https://apps.fedoraproject.org/datagrepper/',
'https://apps.fedoraproject.org/calendar/',
'http://apps.fedoraproject.org/notifications/',
'http://copr.fedoraproject.org/',
'http://copr-fe.cloud.fedoraproject.org/',
'https://admin.fedoraproject.org/pkgdb/'],
{% endif %}
'non_trusted_roots': [],
'handle_magic_groups_value': True
}
}

31
roles/fedoauth-stg/templates/fedoauth.log.cfg Normal file
View file

@ -0,0 +1,31 @@
[loggers]
keys=root
[handlers]
keys=syslog,email
[formatters]
keys=form01
[logger_root]
level=INFO
handlers=hand01
[handler_syslog]
class=handlers.SysLogHandler
level=NOTSET
formatter=form01
args=(('localhost', handlers.SYSLOG_UDP_PORT), handlers.SysLogHandler.LOG_LOCAL4)
[handler_email]
class=handlers.SMTPHandler
level=WARN
formatter=form07
args=('bastion.phx2.fedoraproject.org', 'fedoauth@fedoraproject.org', ['puiterwijk@fedoraproject.org'], 'FedOAuth error')
[formatter_form01]
format='%(asctime)-15s FedOAuth[%(process)d] %(levelname)s %(message)s
datefmt=