Consolidate prod and stg configs
This commit is contained in:
parent
3df290581e
commit
392ee5a552
3 changed files with 16 additions and 71 deletions
|
@ -21,17 +21,6 @@
|
||||||
template: src=fedoauth.cfg
|
template: src=fedoauth.cfg
|
||||||
dest=/etc/fedoauth/fedoauth.cfg
|
dest=/etc/fedoauth/fedoauth.cfg
|
||||||
owner=fedoauth group=fedoauth mode=0600
|
owner=fedoauth group=fedoauth mode=0600
|
||||||
when: env != "staging"
|
|
||||||
tags:
|
|
||||||
- config
|
|
||||||
notify:
|
|
||||||
- restart apache
|
|
||||||
|
|
||||||
- name: copy fedoauth STG configuration
|
|
||||||
template: src=fedoauth.stg.cfg
|
|
||||||
dest=/etc/fedoauth/fedoauth.cfg
|
|
||||||
owner=fedoauth group=fedoauth mode=0600
|
|
||||||
when: env == "staging"
|
|
||||||
tags:
|
tags:
|
||||||
- config
|
- config
|
||||||
notify:
|
notify:
|
||||||
|
|
|
@ -2,16 +2,27 @@
|
||||||
|
|
||||||
# GENERAL CONFIGURATION
|
# GENERAL CONFIGURATION
|
||||||
### url to the database server:
|
### url to the database server:
|
||||||
|
{% if env == 'staging' %}
|
||||||
|
SQLALCHEMY_DATABASE_URI="postgresql://{{ fedoauth_db_user }}:{{ fedoauth_db_pass }}@{{ fedoauth_db_host }}.stg/{{ fedoauth_db_name }}"
|
||||||
|
{% else %}
|
||||||
SQLALCHEMY_DATABASE_URI="postgresql://{{ fedoauth_db_user }}:{{ fedoauth_db_pass }}@{{ fedoauth_db_host }}/{{ fedoauth_db_name }}"
|
SQLALCHEMY_DATABASE_URI="postgresql://{{ fedoauth_db_user }}:{{ fedoauth_db_pass }}@{{ fedoauth_db_host }}/{{ fedoauth_db_name }}"
|
||||||
#SQLALCHEMY_DATABASE_URI='sqlite:///fedoauth.sqlite'
|
{% endif %}
|
||||||
#SQLALCHEMY_DATABASE_URI='mysql://user:pass@host/db_name'
|
|
||||||
#SQLALCHEMY_DATABASE_URI='postgresql://user:pass@host/db_name'
|
|
||||||
|
|
||||||
# This is the OpenID endpoint url, at which the server is available
|
# This is the OpenID endpoint url, at which the server is available
|
||||||
|
{% if env == 'staging' %}
|
||||||
|
WEBSITE_ROOT = 'https://id.stg/fedoraproject.org'
|
||||||
|
COOKIE_DOMAIN = 'id.stg.fedoraproject.org'
|
||||||
|
OPENID_IDENTITY_URL = 'http://%(username)s.id.stg.fedoraproject.org/'
|
||||||
|
PERSONA_DOMAIN = 'stg.fedoraproject.org'
|
||||||
|
PERSONA_ISSUER = 'id.stg.fedoraproject.org'
|
||||||
|
{% else %}
|
||||||
WEBSITE_ROOT = 'https://id.fedoraproject.org'
|
WEBSITE_ROOT = 'https://id.fedoraproject.org'
|
||||||
COOKIE_DOMAIN = 'id.fedoraproject.org'
|
COOKIE_DOMAIN = 'id.fedoraproject.org'
|
||||||
COOKIE_SECURE = True
|
|
||||||
OPENID_IDENTITY_URL = 'http://%(username)s.id.fedoraproject.org/'
|
OPENID_IDENTITY_URL = 'http://%(username)s.id.fedoraproject.org/'
|
||||||
|
PERSONA_DOMAIN = 'fedoraproject.org'
|
||||||
|
PERSONA_ISSUER = 'id.fedoraproject.org'
|
||||||
|
{% endif %}
|
||||||
|
COOKIE_SECURE = True
|
||||||
|
|
||||||
# Modules to use
|
# Modules to use
|
||||||
AUTH_MODULE='fedoauth.auth.fas.Auth_FAS'
|
AUTH_MODULE='fedoauth.auth.fas.Auth_FAS'
|
||||||
|
@ -29,8 +40,6 @@ FAS_AVAILABLE_TO = []
|
||||||
|
|
||||||
# PERSONA CONFIGURATION
|
# PERSONA CONFIGURATION
|
||||||
# This is the domain for which we are willing to sign
|
# This is the domain for which we are willing to sign
|
||||||
PERSONA_DOMAIN = 'fedoraproject.org'
|
|
||||||
PERSONA_ISSUER = 'id.fedoraproject.org'
|
|
||||||
PERSONA_PRIVATE_KEY_PATH = '/etc/fedoauth/persona.key'
|
PERSONA_PRIVATE_KEY_PATH = '/etc/fedoauth/persona.key'
|
||||||
PERSONA_PRIVATE_KEY_PASSPHRASE = '{{ fedoauth_persona_key_passphrase }}'
|
PERSONA_PRIVATE_KEY_PASSPHRASE = '{{ fedoauth_persona_key_passphrase }}'
|
||||||
|
|
||||||
|
@ -45,7 +54,7 @@ OPENID_TRUSTED_ROOTS = ['http://jenkins.cloud.fedoraproject.org/securityRealm/fi
|
||||||
'https://apps.fedoraproject.org/nuancier/',
|
'https://apps.fedoraproject.org/nuancier/',
|
||||||
'https://apps.fedoraproject.org/datagrepper/',
|
'https://apps.fedoraproject.org/datagrepper/',
|
||||||
'https://apps.fedoraproject.org/calendar/',
|
'https://apps.fedoraproject.org/calendar/',
|
||||||
'https://apps.fedoraproject.org/notifications/',
|
'http://apps.fedoraproject.org/notifications/',
|
||||||
'http://copr.fedoraproject.org/',
|
'http://copr.fedoraproject.org/',
|
||||||
'http://copr-fe.cloud.fedoraproject.org/']
|
'http://copr-fe.cloud.fedoraproject.org/']
|
||||||
OPENID_NON_TRUSTED_ROOTS = []
|
OPENID_NON_TRUSTED_ROOTS = []
|
||||||
|
|
|
@ -1,53 +0,0 @@
|
||||||
# Beware that the quotes around the values are mandatory
|
|
||||||
|
|
||||||
# GENERAL CONFIGURATION
|
|
||||||
### url to the database server:
|
|
||||||
SQLALCHEMY_DATABASE_URI="postgresql://{{ fedoauth_db_user }}:{{ fedoauth_db_pass }}@{{ fedoauth_db_host }}.stg/{{ fedoauth_db_name }}"
|
|
||||||
#SQLALCHEMY_DATABASE_URI='sqlite:///fedoauth.sqlite'
|
|
||||||
#SQLALCHEMY_DATABASE_URI='mysql://user:pass@host/db_name'
|
|
||||||
#SQLALCHEMY_DATABASE_URI='postgresql://user:pass@host/db_name'
|
|
||||||
|
|
||||||
# This is the OpenID endpoint url, at which the server is available
|
|
||||||
WEBSITE_ROOT = 'https://id.stg.fedoraproject.org'
|
|
||||||
COOKIE_DOMAIN = 'id.stg.fedoraproject.org'
|
|
||||||
COOKIE_SECURE = True
|
|
||||||
OPENID_IDENTITY_URL = 'http://%(username)s.id.stg.fedoraproject.org/'
|
|
||||||
|
|
||||||
# Modules to use
|
|
||||||
AUTH_MODULE='fedoauth.auth.fas.Auth_FAS'
|
|
||||||
|
|
||||||
# FAS PROVIDER CONFIGURATION
|
|
||||||
FAS_USER_AGENT = 'FAS-OpenID'
|
|
||||||
FAS_BASE_URL='https://admin.fedoraproject.org/accounts/'
|
|
||||||
FAS_CHECK_CERT=False
|
|
||||||
FAS_HTTPS_REQUIRED=False
|
|
||||||
FAS_HANDLE_GROUPS_MAGIC_VALUE=True
|
|
||||||
|
|
||||||
# Enable a filter to make this only available to a specific list of users
|
|
||||||
FAS_AVAILABLE_FILTER = False
|
|
||||||
FAS_AVAILABLE_TO = []
|
|
||||||
|
|
||||||
# PERSONA CONFIGURATION
|
|
||||||
# This is the domain for which we are willing to sign
|
|
||||||
PERSONA_DOMAIN = 'stg.fedoraproject.org'
|
|
||||||
PERSONA_ISSUER = 'id.stg.fedoraproject.org'
|
|
||||||
PERSONA_PRIVATE_KEY_PATH = '/etc/fedoauth/persona.stg.key'
|
|
||||||
PERSONA_PRIVATE_KEY_PASSPHRASE = '{{ fedoauth_persona_key_passphrase }}'
|
|
||||||
|
|
||||||
# OPENID CONFIGURATION
|
|
||||||
# This is the OpenID url provided to users. Add %(username)s where the username should be entered
|
|
||||||
# A list of trust roots for which the user will not need to confirm again
|
|
||||||
OPENID_TRUSTED_ROOTS = ['http://jenkins.cloud.fedoraproject.org/securityRealm/finishLogin',
|
|
||||||
'https://ask.fedoraproject.org/',
|
|
||||||
'https://fedorahosted.org/',
|
|
||||||
'https://badges.fedoraproject.org',
|
|
||||||
'https://apps.fedoraproject.org/tagger/',
|
|
||||||
'https://apps.fedoraproject.org/nuancier/',
|
|
||||||
'https://apps.fedoraproject.org/datagrepper/',
|
|
||||||
'https://apps.fedoraproject.org/calendar/',
|
|
||||||
'https://apps.fedoraproject.org/notifications/',
|
|
||||||
'http://copr.fedoraproject.org/',
|
|
||||||
'http://copr-fe.cloud.fedoraproject.org/']
|
|
||||||
OPENID_NON_TRUSTED_ROOTS = []
|
|
||||||
### The maximum time after which the user must re-authenticate for OpenID in minutes (use 0 for no limit)
|
|
||||||
OPENID_MAX_AUTH_TIME = 120
|
|
Loading…
Add table
Add a link
Reference in a new issue