now I have code for adding SECRET_KEY to servers as well as encrypted SECRET_KEY for various servers

2016-05-06 16:06:50 -07:00 · 2016-05-06 16:06:50 -07:00 · d3b27af491
parent 8b04769ebd
commit d3b27af491
8 changed files with 67 additions and 17 deletions
--- a/settings/dev.py
+++ b/settings/dev.py
@ -1,5 +1,6 @@
 from regluit.settings.common import *

+ALLOWED_HOSTS = ['.unglue.it']
 DEBUG = True
 TEMPLATE_DEBUG = DEBUG

--- a/settings/just.py
+++ b/settings/just.py
@ -1,5 +1,6 @@
 from regluit.settings.common import *

+ALLOWED_HOSTS = ['.unglue.it']
 DEBUG = False
 TEMPLATE_DEBUG = DEBUG

--- a/settings/prod.py
+++ b/settings/prod.py
@ -1,5 +1,6 @@
 from regluit.settings.common import *

+ALLOWED_HOSTS = ['.unglue.it']
 DEBUG = False
 TEMPLATE_DEBUG = DEBUG
 # we are launched!
--- a/vagrant/ansible.cfg
+++ b/vagrant/ansible.cfg
@ -3,3 +3,4 @@ library = ./library
 inventory = .vagrant/provisioners/ansible/inventory/vagrant_ansible_inventory
 private-key = ~/.vagrant.d/insecure_private_key
 remote_user = vagrant
+timeout = 15
--- a/vagrant/dev.yml
+++ b/vagrant/dev.yml
@ -57,6 +57,7 @@
    # sudo add repo to get latest version of python 2.7
    - name: add-apt-repository ppa:fkrull/deadsnakes-python2.7
      apt_repository: repo='ppa:fkrull/deadsnakes-python2.7' state=present update_cache=true
+      when: class in ['please']

    - name: do apt-get update --fix-missing
      command: apt-get update --fix-missing
@ -118,7 +119,7 @@
      args:
        github_auth_key: "{{github_auth_key}}"
        repo_name: Gluejar/regluit
-        key_name: vagrant_ansible_test
+        key_name: "{{hostname}} {{ ansible_date_time.date }}"
        key_path: /home/{{user}}/.ssh/id_rsa.pub
 
    - name: postfix install
@ -188,18 +189,6 @@
        - pip
      sudo: no
    
-    # - name: pip install requests (to see whether in right place)
-    #   pip: >
-    #        executable=/opt/regluit/ENV/bin/pip
-    #        name={{item}}
-    #        virtualenv=/opt/regluit/ENV
-    #        virtualenv_command=virtualenv
-    #   with_items:
-    #     - requests
-    #     - census
-    #   sudo: no
-           
-    
    - name: pip requirements
      pip: >
           executable=/opt/regluit/ENV/bin/pip 
@ -230,7 +219,6 @@

    #Run syncdb on the application

-    # TO DO: Templating
    - name: django syncdb
      django_manage: >
          command=syncdb
@ -240,7 +228,6 @@
      notify:
        - restart apache2

-    # TO DO: Templating
    - name: django migrations
      django_manage: >
          command=migrate
@ -311,6 +298,14 @@
      notify:
        - restart apache2

+     #  - name: show django_secret_key
+     #   debug: msg="{{django_secret_key}}"
+
+    - name: insert SECRET_KEY into /opt/regluit/settings/local.py
+      lineinfile: create=yes dest=/opt/regluit/settings/local.py line="SECRET_KEY=u'{{django_secret_key}}'"
+      notify:
+        - restart apache2
+
    #
    #sudo ("/etc/init.d/apache2 restart")
    #
@ -350,7 +345,6 @@
    
    #    sudo ("cp deploy/celeryd.conf /etc/default/celeryd")
    
-    # TO DO: templating
    - name: copy deploy/celeryd.conf
      command: cp "/opt/regluit/deploy/celeryd_{{class}}.conf" /etc/default/celeryd
    
@ -384,7 +378,6 @@
    
    #    sudo ("cp deploy/celerybeat.conf /etc/default/celerybeat")
    
-    # TO DO: templating
    - name: copy deploy/celerybeat,conf
      command: cp "/opt/regluit/deploy/celerybeat_{{class}}.conf" /etc/default/celerybeat
    
@ -427,8 +420,37 @@
        user={{user}}
        key="ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDYSiXESHXEdugNLGxFABXpVSawDCU/BK05Ef2qUa7oxxhU7fXNqWaSTqowevVruF7kfzMQ7epIxN5XFFjbXf/tsSn1995H9BEhmHLXLuEB5VaPU2HTLqu0DscyPtRbk/WjqPj3jWXs2yHgKcJIXwd5EfSwJuCe1Ut6pMe9E/NUq9QztnydRTt0sGywXpkIpKeBkiQl4SWlPTHcoU6PDbEuMVii8GzRAQlpEQTJwzWJTToR1SZ7o1uusDSxIDfJSvAa5IiuII8CdKbqa/JSx1+4LqlT0yf+2yb67MR5q6+XFM4TeCf5z+4SW+IT/wd2tpbd0DjAdXJlAgBULwhd1L7r"
        state=present
+      when: class in ['jenkins']


  handlers:
    - name: restart apache2
      service: name=apache2 state=restarted
+
+
+- name: fix known_hosts on jenkins to match new just
+  hosts: jenkins
+  sudo: yes
+  sudo_user: jenkins
+
+# to run the part of the playbook for jenkins
+# PYTHONUNBUFFERED=1 ANSIBLE_FORCE_COLOR=true ANSIBLE_HOST_KEY_CHECKING=false ANSIBLE_SSH_ARGS='-o UserKnownHostsFile=/dev/null -o ForwardAgent=yes -o ControlMaster=auto -o ControlPersist=60s' ansible-playbook --private-key=/Users/raymondyee/.ssh/id_rsa  --user=ubuntu --connection=ssh --inventory-file=/Users/raymondyee/C/src/Gluejar/regluit/vagrant/.vagrant/provisioners/ansible/inventory --limit='jenkins'  just.yml
+
+  tasks:
+
+    #equivalent to
+    #
+    #ssh -tt jenkins << EOF
+    #  sudo -i -u jenkins
+    #  ssh-keyscan -t rsa just.unglue.it > /var/lib/jenkins/.ssh/known_hosts
+    # exit
+    #exit
+    #EOF
+
+    - name: make new known_hosts with key from just.unglue.it
+      raw: ssh-keyscan -t rsa just.unglue.it > /var/lib/jenkins/.ssh/known_hosts
+      when: class in ['jenkins']
+
+    - name: add key from github
+      raw: ssh-keyscan -t rsa github.com >> /var/lib/jenkins/.ssh/known_hosts
+      when: class in ['jenkins']
--- a/vagrant/host_vars/just/django_secret_key.yml
+++ b/vagrant/host_vars/just/django_secret_key.yml
@ -0,0 +1,9 @@
+$ANSIBLE_VAULT;1.1;AES256
+61653161643565623130623362623837643135393031616438356461383031366137373735343565
+6630333965373762633966303933366134303535656430320a363137636463656336616533373239
+62653630633035323431326362313164363162343464663438653830653030646466623961353966
+3462626265316636380a623865303732303563346263666166306132393339376164353531323731
+32643232373033363031303761343437633363656463616461663134336436646238646630613735
+63383033363438353132663465393637396338393837626230663063343831343232343234336566
+35663534323638376436666635643734313432633034306264356564323263353832393062363133
+33616561383866333931
--- a/vagrant/host_vars/please/django_secret_key.yml
+++ b/vagrant/host_vars/please/django_secret_key.yml
@ -0,0 +1,6 @@
+$ANSIBLE_VAULT;1.1;AES256
+64613033336164663433303535346536373163623165336634616534336664373233323831613830
+6331663835636433666363653932626535323331383564650a653737633233313763646333636131
+36633761656561616530666530353766376366306632373734623665646136353333303839343034
+3839326330376161650a356430623334643066633239366466646462333762653631333665616131
+64383464323932653266393536626565616630383262646263663465666265396465
--- a/vagrant/host_vars/prod/django_secret_key.yml
+++ b/vagrant/host_vars/prod/django_secret_key.yml
@ -0,0 +1,9 @@
+$ANSIBLE_VAULT;1.1;AES256
+38393338313562616165323038613332656239636462663936303562663739636232346439386265
+3336376535633438386138626133623066613565333265390a316664626336616631666266336438
+32656432343566663230663333656232636439356162643635663631353837393134626632353936
+6235373564663133330a623737313138323131383531323530326166303237363764383537383263
+63316662363765383539353336633236623563333062653132303263383562343064333833376266
+39376463363763636235353031373166393832393761353737353437366664333634373261313235
+30633633396235633266363236303263393732636636393132623832396331353232393663656566
+38653831616665306633