Gitiles
Code Review Sign In
gerrit.nordix.org / onap / oom / f37a1bd3481fbac86b18535a2ecdd3931420641a / . / kubernetes / contrib / components / awx / templates / configmap.yaml
blob: 59900f1c64307ca5e4764ff069aaece2eabc2cf8 [file] [log] [blame]
Alexis de Talhouëtf83449d2019-05-09 16:49:30 -0400[diff] [blame]1{{/*
2# Copyright © 2019 Bell Canada
3#
4# Licensed under the Apache License, Version 2.0 (the "License");
5# you may not use this file except in compliance with the License.
6# You may obtain a copy of the License at
7#
8# http://www.apache.org/licenses/LICENSE-2.0
9#
10# Unless required by applicable law or agreed to in writing, software
11# distributed under the License is distributed on an "AS IS" BASIS,
12# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13# See the License for the specific language governing permissions and
14# limitations under the License.
15*/}}
16
17apiVersion: v1
18kind: ConfigMap
19metadata:
20 name: {{ include "common.fullname" . }}-init-mgnt
21 namespace: {{ include "common.namespace" . }}
22data:
23 entrypoint: |
24 #/bin/sh
25
26 awx-manage migrate --noinput
27 if [[ `echo 'from django.contrib.auth.models import User; nsu = User.objects.filter(is_superuser=True).count(); exit(0 if nsu > 0 else 1)' | awx-manage shell` > 0 ]]
28 then
29 echo 'from django.contrib.auth.models import User; User.objects.create_superuser('{{ .Values.config.awxAdminUser }}', '{{ .Values.config.awxAdminEmail }}', '{{ .Values.config.awxAdminPassword }}')' | awx-manage shell
30 awx-manage update_password --username='{{ .Values.config.awxAdminUser }}' --password='{{ .Values.config.awxAdminPassword }}'
31 fi
32---
33apiVersion: v1
34kind: ConfigMap
35metadata:
36 name: {{ include "common.fullname" . }}-settings
37 namespace: {{ include "common.namespace" . }}
38data:
39 awx_settings: |
40 import os
41 import socket
42 ADMINS = ()
43
44 AWX_PROOT_ENABLED = True
45
46 # Automatically deprovision pods that go offline
47 AWX_AUTO_DEPROVISION_INSTANCES = True
48
49 SYSTEM_TASK_ABS_CPU = 6
50 SYSTEM_TASK_ABS_MEM = 20
51
52 INSIGHTS_URL_BASE = "https://example.org"
53
54 #Autoprovisioning should replace this
55 CLUSTER_HOST_ID = socket.gethostname()
56 SYSTEM_UUID = '00000000-0000-0000-0000-000000000000'
57
58 SESSION_COOKIE_SECURE = False
59 CSRF_COOKIE_SECURE = False
60
61 REMOTE_HOST_HEADERS = ['HTTP_X_FORWARDED_FOR']
62
63 STATIC_ROOT = '/var/lib/awx/public/static'
64 PROJECTS_ROOT = '/var/lib/awx/projects'
65 JOBOUTPUT_ROOT = '/var/lib/awx/job_status'
66 SECRET_KEY = open('/etc/tower/SECRET_KEY', 'rb').read().strip()
67 ALLOWED_HOSTS = ['*']
68 INTERNAL_API_URL = 'http://127.0.0.1:8052'
69 SERVER_EMAIL = 'root@localhost'
70 DEFAULT_FROM_EMAIL = 'webmaster@localhost'
71 EMAIL_SUBJECT_PREFIX = '[AWX] '
72 EMAIL_HOST = 'localhost'
73 EMAIL_PORT = 25
74 EMAIL_HOST_USER = ''
75 EMAIL_HOST_PASSWORD = ''
76 EMAIL_USE_TLS = False
77
78 LOGGING['handlers']['console'] = {
79 '()': 'logging.StreamHandler',
80 'level': 'DEBUG',
81 'formatter': 'simple',
82 }
83
84 LOGGING['loggers']['django.request']['handlers'] = ['console']
85 LOGGING['loggers']['rest_framework.request']['handlers'] = ['console']
86 LOGGING['loggers']['awx']['handlers'] = ['console']
87 LOGGING['loggers']['awx.main.commands.run_callback_receiver']['handlers'] = ['console']
88 LOGGING['loggers']['awx.main.commands.inventory_import']['handlers'] = ['console']
89 LOGGING['loggers']['awx.main.tasks']['handlers'] = ['console']
90 LOGGING['loggers']['awx.main.scheduler']['handlers'] = ['console']
91 LOGGING['loggers']['django_auth_ldap']['handlers'] = ['console']
92 LOGGING['loggers']['social']['handlers'] = ['console']
93 LOGGING['loggers']['system_tracking_migrations']['handlers'] = ['console']
94 LOGGING['loggers']['rbac_migrations']['handlers'] = ['console']
95 LOGGING['loggers']['awx.isolated.manager.playbooks']['handlers'] = ['console']
96 LOGGING['handlers']['callback_receiver'] = {'class': 'logging.NullHandler'}
97 LOGGING['handlers']['task_system'] = {'class': 'logging.NullHandler'}
98 LOGGING['handlers']['tower_warnings'] = {'class': 'logging.NullHandler'}
99 LOGGING['handlers']['rbac_migrations'] = {'class': 'logging.NullHandler'}
100 LOGGING['handlers']['system_tracking_migrations'] = {'class': 'logging.NullHandler'}
101 LOGGING['handlers']['management_playbooks'] = {'class': 'logging.NullHandler'}
102
103 CACHES = {
104 'default': {
105 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
106 'LOCATION': '{}:{}'.format("localhost", "11211")
107 },
108 'ephemeral': {
109 'BACKEND': 'django.core.cache.backends.locmem.LocMemCache',
110 },
111 }
112
113 USE_X_FORWARDED_PORT = True
114---
115apiVersion: v1
116kind: ConfigMap
117metadata:
118 name: {{ include "common.fullname" . }}-rabbitmq
119 namespace: {{ include "common.namespace" . }}
120data:
121 enabled_plugins: |
122 [rabbitmq_management,rabbitmq_peer_discovery_k8s].
123 rabbitmq.conf: |
124 ## Clustering
125 management.load_definitions = /etc/rabbitmq/rabbitmq_definitions.json
126 cluster_formation.peer_discovery_backend = rabbit_peer_discovery_k8s
127 cluster_formation.k8s.host = kubernetes.default.svc
128 cluster_formation.k8s.address_type = ip
129 cluster_formation.node_cleanup.interval = 10
130 cluster_formation.node_cleanup.only_log_warning = false
131 cluster_partition_handling = autoheal
132 ## queue master locator
133 queue_master_locator=min-masters
134 ## enable guest user
135 loopback_users.guest = false
136 rabbitmq_definitions.json: |
137 {
138 "users":[{"name": "{{ .Values.config.rabbitmqUser }}", "password": "{{ .Values.config.rabbitmqPassword }}", "tags": ""}],
139 "permissions":[
140 {"user":"{{ .Values.config.rabbitmqUser }}","vhost":"{{ .Values.config.rabbitmqVhost }}","configure":".*","write":".*","read":".*"}
141 ],
142 "vhosts":[{"name":"{{ .Values.config.rabbitmqVhost }}"}],
143 "policies":[
144 {"vhost":"{{ .Values.config.rabbitmqVhost }}","name":"ha-all","pattern":".*","definition":{"ha-mode":"all","ha-sync-mode":"automatic"}}
145 ]
146 }
Othman Touijer2f3cfb62021-03-05 08:26:51 +0100[diff] [blame]147---
148
149apiVersion: v1
150kind: ConfigMap
151metadata:
152 name: {{ include "common.fullname" . }}-nginx-conf
153 namespace: {{ include "common.namespace" . }}
154 labels:
155 app.kubernetes.io/name: {{ include "common.name" . }}
156 helm.sh/chart: {{ include "common.chart" . }}
157 app.kubernetes.io/instance: {{ .Release.Name }}
158 app.kubernetes.io/managed-by: {{ .Release.Service }}
159data:
160 nginx.conf: |
161 worker_processes 1;
162 pid /tmp/nginx.pid;
163 events {
164 worker_connections 1024;
165 }
166 http {
167 include /etc/nginx/mime.types;
168 default_type application/octet-stream;
169 server_tokens off;
170 log_format main '$remote_addr - $remote_user [$time_local] "$request" '
171 '$status $body_bytes_sent "$http_referer" '
172 '"$http_user_agent" "$http_x_forwarded_for"';
173 access_log /dev/stdout main;
174 map $http_upgrade $connection_upgrade {
175 default upgrade;
176 '' close;
177 }
178 sendfile on;
179 #tcp_nopush on;
180 #gzip on;
181 upstream uwsgi {
182 server 127.0.0.1:8050;
183 }
184 upstream daphne {
185 server 127.0.0.1:8051;
186 }
187 server {
188 listen 8052 default_server;
189 # If you have a domain name, this is where to add it
190 server_name _;
191 keepalive_timeout 65;
192 # HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
193 add_header Strict-Transport-Security max-age=15768000;
194 add_header Content-Security-Policy "default-src 'self'; connect-src 'self' ws: wss:; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' *.pendo.io; img-src 'self' *.pendo.io data:; report-uri /csp-violation/";
195 add_header X-Content-Security-Policy "default-src 'self'; connect-src 'self' ws: wss:; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' *.pendo.io; img-src 'self' *.pendo.io data:; report-uri /csp-violation/";
196 # Protect against click-jacking https://www.owasp.org/index.php/Testing_for_Clickjacking_(OTG-CLIENT-009)
197 add_header X-Frame-Options "DENY";
198 location /nginx_status {
199 stub_status on;
200 access_log off;
201 allow 127.0.0.1;
202 deny all;
203 }
204 location /static/ {
205 alias /var/lib/awx/public/static/;
206 }
207 location /favicon.ico { alias /var/lib/awx/public/static/favicon.ico; }
208 location /websocket {
209 # Pass request to the upstream alias
210 proxy_pass http://daphne;
211 # Require http version 1.1 to allow for upgrade requests
212 proxy_http_version 1.1;
213 # We want proxy_buffering off for proxying to websockets.
214 proxy_buffering off;
215 # http://en.wikipedia.org/wiki/X-Forwarded-For
216 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
217 # enable this if you use HTTPS:
218 proxy_set_header X-Forwarded-Proto https;
219 # pass the Host: header from the client for the sake of redirects
220 proxy_set_header Host $http_host;
221 # We've set the Host header, so we don't need Nginx to muddle
222 # about with redirects
223 proxy_redirect off;
224 # Depending on the request value, set the Upgrade and
225 # connection headers
226 proxy_set_header Upgrade $http_upgrade;
227 proxy_set_header Connection $connection_upgrade;
228 }
229 location / {
230 # Add trailing / if missing
231 rewrite ^(.*)$http_host(.*[^/])$ $1$http_host$2/ permanent;
232 uwsgi_read_timeout 120s;
233 uwsgi_pass uwsgi;
234 include /etc/nginx/uwsgi_params;
235 proxy_set_header X-Forwarded-Port 443;
236 }
237 }
238 }