Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Create an ansible vault for local development #32

Open
computate opened this issue Sep 8, 2020 · 0 comments
Open

Create an ansible vault for local development #32

computate opened this issue Sep 8, 2020 · 0 comments
Labels
create_local_dev_ansible_vault
Milestone
Development Insta...

Comments

@computate
Copy link
Member

computate commented Sep 8, 2020
edited
Loading

Create an ansible vault for your local development.

Help each member of the team interested in local development to create and edit an encrypted ansible vault with a password for the host secrets for your development inventory.

install -d /usr/local/src/southerncoalition-ansible/inventories/$USER-localhost/host_vars/localhost/
ansible-vault create /usr/local/src/southerncoalition-ansible/inventories/$USER-localhost/host_vars/localhost/vault
ansible-vault edit /usr/local/src/southerncoalition-ansible/inventories/$USER-localhost/host_vars/localhost/vault

The contents of the vault will contain the secrets needed to override any default values you want to change in the app defaults defined here.

https://github.com/computate/computate/blob/master/ansible/roles/southerncoalition/defaults/main.yml

There are descriptions for each of the fields.
There are several sections of fields, including:

  • app system defaults
  • Ansible defaults
  • Zookeeper defaults
  • Solr defaults
  • PostgreSQL defaults
  • computate-medical global defaults
  • app US English defaults
  • SMTP defaults
  • OpenID Connect auth server defaults
  • SSL/TLS defaults

Here is an example of the contents of the ansible vault for local development:

######################################
# southerncoalition system defaults #
######################################

# The name of this application. 
SOUTHERNCOALITION_NAME: southerncoalition
# The default source code directory for the computate application which helps generate and translate most the code. 
COMPUTATE_SRC: "/usr/local/src/computate"
# The default source code directory for the southerncoalition project. 
SOUTHERNCOALITION_SRC: "/usr/local/src/{{SOUTHERNCOALITION_NAME}}"
# The default language of the southerncoalition project code which is French in France. 
SOUTHERNCOALITION_LANG: "enUS"
# The default config file for the southerncoalition project. 
SOUTHERNCOALITION_CONFIG: "{{SOUTHERNCOALITION_SRC}}/config/{{SOUTHERNCOALITION_NAME}}.config"
# The US English config file for the southerncoalition project. 
SOUTHERNCOALITION_CONFIG_enUS: "{{SOUTHERNCOALITION_SRC}}/config/{{SOUTHERNCOALITION_NAME}}-enUS.config"
# The systemd service name for southerncoalition that generates and translates most of the code. 
SOUTHERNCOALITION_SERVICE: "watch-{{SOUTHERNCOALITION_NAME}}"
# The systemd service file for southerncoalition that generates and translates most of the code. 
SOUTHERNCOALITION_SYSTEMD: "/usr/lib/systemd/system/{{SOUTHERNCOALITION_SERVICE}}.service"
# The main git repository for the southerncoalition project. 
SOUTHERNCOALITION_REPO: "[email protected]:Southern-Coalition-Team-19/southerncoalition.git"
# The target ansible inventory group for the southerncoalition project to setup your own hosts under this name to deploy the application to. 
target: southerncoalition

####################
# Ansible defaults #
####################

# Add to an ansible-vault the username of your user on your computer (echo $HOSTNAME). 
USER_NAME: "..."
# Add to an ansible-vault the password of your user on your computer to become root for configuring the applications. 
USER_PASSWORD: "..."
# Setup the ansible user when running the playbook as your user. 
ansible_user: "{{USER_NAME}}"
# Setup the ansible sudo password as your password when running the playbook. 
ansible_sudo_pass: "{{USER_PASSWORD}}"
# Setup the ansible password for elevated privileges as your password when running the playbook. 
ansible_become_pass: "{{USER_PASSWORD}}"
# Setup the ansible password for ssh as your password when running the playbook. 
ansible_ssh_pass: "{{USER_PASSWORD}}"
# Setup the decryption password for decrypting other secrets in the playbook. 
VAULT_PASSWORD: "{{USER_PASSWORD}}"

######################
# Zookeeper defaults #
######################

# The default hostname for the Zookeeper cluster manager. 
ZOOKEEPER_HOST_NAME: "localhost"
# The default port that Zookeeper runs to manage the cluster. 
ZOOKEEPER_PORT: 2181

#################
# Solr defaults #
#################

# The installation directory of Solr. 
SOLR_OPT: /opt/solr
# The default hostname for the Solr search engine. 
SOLR_HOST_NAME: localhost
# The default port that Solr runs. 
SOLR_PORT: 8983

#######################
# PostgreSQL defaults #
#######################

# The default hostname for the PostreSQL database. 
POSTGRES_HOST_NAME: "localhost"
# The default username that the PostgreSQL server runs with. 
POSTGRES_BECOME_USER: "postgres"
# The default path to the PostgreSQL hba file to manage user permissions. 
POSTGRES_HBA_CONF: "/var/lib/pgsql/data/pg_hba.conf"
# The default PostgreSQL service name. 
POSTGRES_SERVICE: "postgresql"

#####################################
# southerncoalition global defaults #
#####################################

# The base URL where the static files will point to.  
SOUTHERNCOALITION_STATIC_BASE_URL: "https://example.neocities.org"
# The number of background worker executors that may run. 
SOUTHERNCOALITION_NUMBER_EXECUTORS: 5
# The properties file where the SSL/TLS encryption is configured. 
SOUTHERNCOALITION_SSL_PROPERTIES_FILENAME: southerncoalition-keystore.properties

#################################################
# southerncoalition English in the US defaults #
#################################################

# The domain name of the site. 
SOUTHERNCOALITION_DOMAIN_NAME_ENUS: "example.com"
# The host name of the site. 
SOUTHERNCOALITION_SITE_HOST_NAME_ENUS: "southerncoalition-dev.{{SOUTHERNCOALITION_DOMAIN_NAME_ENUS}}"
# The port of the site. 
SOUTHERNCOALITION_SITE_PORT_ENUS: "10681"
# The base URL of the site. 
SOUTHERNCOALITION_SITE_BASE_URL_ENUS: "https://{{SOUTHERNCOALITION_SITE_HOST_NAME_ENUS}}:{{SOUTHERNCOALITION_SITE_PORT_ENUS}}"
# The Solr collection of the site. 
SOUTHERNCOALITION_SOLR_COLLECTION_ENUS: "southerncoalition"
# The timezone of the site. 
SOUTHERNCOALITION_SITE_ZONE_ENUS: "America/Denver"
# The PostgreSQL database host name of the site. 
SOUTHERNCOALITION_DB_HOST_NAME_ENUS: "localhost"
# The PostgreSQL database user name of the site. 
SOUTHERNCOALITION_DB_USER_ENUS: computate
# The PostgreSQL database password of the site. 
SOUTHERNCOALITION_DB_PASSWORD_ENUS: "..."
# The PostgreSQL database name of the site. 
SOUTHERNCOALITION_DB_NAME_ENUS: southerncoalition
# The Java main class of the site. 
SOUTHERNCOALITION_JAVA_MAIN_CLASS_ENUS: org.southerncoalition.enUS.vertx.AppVertx
# The backup directory of the site. 
SOUTHERNCOALITION_BACKUP_DIR_ENUS: /usr/local/src/southerncoalition-static/data/enUS
# The restore directory of the site. 
SOUTHERNCOALITION_RESTORE_DIR_ENUS: /home/ctate/backup/southerncoalition-dev/enUS

#################
# SMTP defaults #
#################

# The email SMTP host name. 
EMAIL_HOST_NAME: smtp.example.com
# The email SMTP port. 
EMAIL_PORT: 465
# The email SMTP from email address. 
EMAIL_FROM: "..."
# Whether email SMTP SSL/TLS encryption is enabled. 
EMAIL_SSL: true
# Whether email SMTP username password authentication is enabled. 
EMAIL_AUTH: true
# The email SMTP username. 
EMAIL_USER: "..."
EMAIL_PASSWORD: "..."

#######################################
# OpenID Connect auth server defaults #
#######################################

# The Single Sign On host name. 
SSO_SITE_HOST_NAME: "sso.example.com"
# The Auth realm. 
AUTH_REALM: EXAMPLE.COM
# The Auth client or resource. 
AUTH_RESOURCE: example.com
# The Auth secret. 
AUTH_SECRET: "..."
# The Auth URL. 
AUTH_URL: https://sso.example.com/auth

####################
# SSL/TLS defaults #
####################

# The keystore alias. 
SSL_ALIAS: "{{SOUTHERNCOALITION_DOMAIN_NAME_ENUS}}"
# The keystore directory. 
SSL_KEYSTORE_PATH: /opt/keystore
# The keystore properties filename. 
SSL_PROPERTIES_FILENAME: "{{SOUTHERNCOALITION_SSL_PROPERTIES_FILENAME}}"
# The keystore filename. 
SSL_JKS_FILENAME: "{{SSL_ALIAS}}.jks"
# The keystore path. 
SSL_JKS_PATH: "{{SSL_KEYSTORE_PATH}}/{{SSL_JKS_FILENAME}}"
# The certificate filename. 
SSL_CRT_FILENAME: "{{SSL_ALIAS}}.crt"
# The certificate path. 
SSL_CRT_PATH: "{{SSL_KEYSTORE_PATH}}/{{SSL_CRT_FILENAME}}"
# The private key filename. 
SSL_KEY_FILENAME: "{{SSL_ALIAS}}.key"
# The private key path. 
SSL_KEY_PATH: "{{SSL_KEYSTORE_PATH}}/{{SSL_KEY_FILENAME}}"
# The p12 file password. 
SSL_P12_PASSWORD: "..."
# The keystore file password. 
SSL_JKS_PASSWORD: "{{SSL_P12_PASSWORD}}"
# The keystore file base64 encoded (base64 -w 0 /opt/keystore/computate.org.jks). 
SSL_JKS_BASE64: "..."
# The jceks file base64 encoded (base64 -w 0 /opt/keystore/computate.org.jceks). 
SSL_JCEKS_BASE64: "..."

Look for values to override, especially those like this: "...".
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
create_local_dev_ansible_vault
Projects
None yet
Milestone
Development Installation
Development

No branches or pull requests
1 participant
@computate