This is an automated email from the ASF dual-hosted git repository. machristie pushed a commit to branch RPID+SEAGrid in repository https://gitbox.apache.org/repos/asf/airavata.git
commit ca9671ddbe058d2bc7473985f2542561377c7d1a Author: Marcus Christie <[email protected]> AuthorDate: Fri Jan 31 16:07:28 2020 -0500 Ansible: control setting django KEYCLOAK_CA_CERTFILE setting --- .../ansible/inventories/scigap/develop/group_vars/django/vars.yml | 1 + .../inventories/scigap/production/group_vars/django/vars.yml | 1 + .../ansible/inventories/scigap/staging/group_vars/django/vars.yml | 1 + dev-tools/ansible/roles/django/defaults/main.yml | 7 +++++++ dev-tools/ansible/roles/django/templates/settings_local.py.j2 | 4 +++- 5 files changed, 13 insertions(+), 1 deletion(-) diff --git a/dev-tools/ansible/inventories/scigap/develop/group_vars/django/vars.yml b/dev-tools/ansible/inventories/scigap/develop/group_vars/django/vars.yml index babad60..2a544e5 100644 --- a/dev-tools/ansible/inventories/scigap/develop/group_vars/django/vars.yml +++ b/dev-tools/ansible/inventories/scigap/develop/group_vars/django/vars.yml @@ -31,3 +31,4 @@ django_database_name: "django_{{ gateway_id }}" django_hidden_airavata_apps: "['django_airavata_dataparsers']" django_tus_endpoint: "https://tus.dev.scigap.org/files/"; airavata_django_git_branch: "develop" +django_keycloak_ca_certfile_path: 'os.path.join(BASE_DIR, "django_airavata", "resources", "incommon_rsa_server_ca.pem")' diff --git a/dev-tools/ansible/inventories/scigap/production/group_vars/django/vars.yml b/dev-tools/ansible/inventories/scigap/production/group_vars/django/vars.yml index 8ae8991..cd72b12 100644 --- a/dev-tools/ansible/inventories/scigap/production/group_vars/django/vars.yml +++ b/dev-tools/ansible/inventories/scigap/production/group_vars/django/vars.yml @@ -28,6 +28,7 @@ doc_root_dir: "/var/www/portals/django-{{gateway_id}}" django_database_name: "django_{{ inventory_hostname }}" django_hidden_airavata_apps: "['django_airavata_dataparsers']" django_tus_endpoint: "https://tus.airavata.org/files/"; +django_keycloak_ca_certfile_path: 'os.path.join(BASE_DIR, "django_airavata", "resources", "incommon_rsa_server_ca.pem")' # Default email settings portal_email_host: "smtp.gmail.com" diff --git a/dev-tools/ansible/inventories/scigap/staging/group_vars/django/vars.yml b/dev-tools/ansible/inventories/scigap/staging/group_vars/django/vars.yml index 76c4dc5..977fcce 100644 --- a/dev-tools/ansible/inventories/scigap/staging/group_vars/django/vars.yml +++ b/dev-tools/ansible/inventories/scigap/staging/group_vars/django/vars.yml @@ -28,6 +28,7 @@ doc_root_dir: "/var/www/portals/django-{{gateway_id}}" django_database_name: "django_{{ inventory_hostname }}" django_hidden_airavata_apps: "['django_airavata_dataparsers']" django_tus_endpoint: "https://tus.staging.scigap.org/files/"; +django_keycloak_ca_certfile_path: 'os.path.join(BASE_DIR, "django_airavata", "resources", "incommon_rsa_server_ca.pem")' # Default email settings portal_email_host: "smtp.gmail.com" diff --git a/dev-tools/ansible/roles/django/defaults/main.yml b/dev-tools/ansible/roles/django/defaults/main.yml index d0276aa..a8011f7 100644 --- a/dev-tools/ansible/roles/django/defaults/main.yml +++ b/dev-tools/ansible/roles/django/defaults/main.yml @@ -47,6 +47,13 @@ django_hidden_airavata_apps: "[]" django_tus_data_dir: "{{user_data_dir}}/tus-temp-dir" django_file_upload_max_file_size_mb: 64 +# Should be a python expression that evaluates to a string representing a file path. For example: +# django_keycloak_ca_certfile_path: "/etc/ca.pem" +# or +# django_keycloak_ca_certfile_path: 'os.path.join(BASE_DIR, "django_airavata", "resources", "incommon_rsa_server_ca.pem")' +# By default it has no value meaning system default CA certs will be used for validation. +django_keycloak_ca_certfile_path: + django_wsgi_processes: 2 django_debug: false diff --git a/dev-tools/ansible/roles/django/templates/settings_local.py.j2 b/dev-tools/ansible/roles/django/templates/settings_local.py.j2 index 871c320..978863b 100644 --- a/dev-tools/ansible/roles/django/templates/settings_local.py.j2 +++ b/dev-tools/ansible/roles/django/templates/settings_local.py.j2 @@ -75,7 +75,9 @@ KEYCLOAK_AUTHORIZE_URL = '{{ oauth_service_url }}/realms/{{ tenant_domain }}/pro KEYCLOAK_TOKEN_URL = '{{ oauth_service_url }}/realms/{{ tenant_domain }}/protocol/openid-connect/token' KEYCLOAK_USERINFO_URL = '{{ oauth_service_url }}/realms/{{ tenant_domain }}/protocol/openid-connect/userinfo' KEYCLOAK_LOGOUT_URL = '{{ oauth_service_url }}/realms/{{ tenant_domain }}/protocol/openid-connect/logout' -KEYCLOAK_CA_CERTFILE = os.path.join(BASE_DIR, "django_airavata", "resources", "incommon_rsa_server_ca.pem") +{% if django_keycloak_ca_certfile_path %} +KEYCLOAK_CA_CERTFILE = {{ django_keycloak_ca_certfile_path }} +{% endif %} KEYCLOAK_VERIFY_SSL = True AUTHENTICATION_OPTIONS = {
