OS4 productive setup changes
Now uses secrets and add the possibility to enable electronic voting
This commit is contained in:
Finn Stutzenstein
parent
4088913d7d
commit
79a14e15ad
4
.gitignore
vendored
4
.gitignore
vendored
@ -17,6 +17,8 @@ dev-commands/export.json
|
||||
# Deployment
|
||||
/docker/docker-compose.yml
|
||||
/docker/docker-stack.yml
|
||||
/docker/secrets/auth_*_key
|
||||
docker/secrets/*.env
|
||||
|
||||
# Old OS3 files and folders
|
||||
.coverage
|
||||
@ -36,7 +38,5 @@ tests
|
||||
.vscode/
|
||||
package-lock.json
|
||||
server/
|
||||
docker/keys
|
||||
docker/secrets/*.env
|
||||
# OS3+-Submodules
|
||||
/autoupdate/
|
||||
|
||||
@ -22,6 +22,10 @@ DOCKER_OPENSLIDES_BACKEND_TAG=
|
||||
DOCKER_OPENSLIDES_FRONTEND_NAME=
|
||||
DOCKER_OPENSLIDES_FRONTEND_TAG=
|
||||
|
||||
# Configuration
|
||||
# -------------
|
||||
ENABLE_ELECTRONIC_VOTING=
|
||||
|
||||
# Service Replication
|
||||
# -------------------
|
||||
# TODO!!
|
||||
|
||||
@ -91,12 +91,12 @@ services:
|
||||
- datastore-reader
|
||||
- datastore-writer
|
||||
env_file: services.env
|
||||
environment:
|
||||
- AUTH_TOKEN_KEY=test123
|
||||
- AUTH_COOKIE_KEY=test123
|
||||
networks:
|
||||
- frontend
|
||||
- backend
|
||||
secrets:
|
||||
- auth_token_key
|
||||
- auth_cookie_key
|
||||
|
||||
datastore-reader:
|
||||
image: DATASTORE_READER_IMAGE
|
||||
@ -141,13 +141,13 @@ services:
|
||||
- datastore-reader
|
||||
- message-bus
|
||||
env_file: services.env
|
||||
environment:
|
||||
- AUTH_KEY_TOKEN=test123
|
||||
- AUTH_KEY_COOKIE=test123
|
||||
networks:
|
||||
- frontend
|
||||
- backend
|
||||
- message-bus
|
||||
secrets:
|
||||
- auth_token_key
|
||||
- auth_cookie_key
|
||||
|
||||
auth:
|
||||
image: AUTH_IMAGE
|
||||
@ -156,14 +156,14 @@ services:
|
||||
- message-bus
|
||||
- cache
|
||||
env_file: services.env
|
||||
environment:
|
||||
- AUTH_TOKEN_KEY=test123
|
||||
- AUTH_COOKIE_KEY=test123
|
||||
networks:
|
||||
- datastore-reader
|
||||
- frontend
|
||||
- message-bus
|
||||
- auth
|
||||
secrets:
|
||||
- auth_token_key
|
||||
- auth_cookie_key
|
||||
|
||||
cache:
|
||||
image: redis:latest
|
||||
@ -196,14 +196,22 @@ services:
|
||||
- backend
|
||||
- auth
|
||||
|
||||
# TODO: Remove depenencies to auth and datastore in "depends_on" and "networks"
|
||||
# Should be doable when the manage service is fixed
|
||||
manage-setup:
|
||||
image: MANAGE_IMAGE
|
||||
entrypoint: /root/entrypoint-setup
|
||||
depends_on:
|
||||
- manage
|
||||
- auth
|
||||
- datastore-writer
|
||||
- datastore-reader
|
||||
env_file: services.env
|
||||
environment:
|
||||
ENABLE_ELECTRONIC_VOTING: "ifenvelse(`ENABLE_ELECTRONIC_VOTING',)"
|
||||
networks:
|
||||
- backend
|
||||
- auth
|
||||
ifelse(ADMIN_SECRET_AVAILABLE, 0,secrets:
|
||||
- admin)
|
||||
|
||||
@ -233,6 +241,10 @@ networks:
|
||||
auth:
|
||||
internal: true
|
||||
|
||||
ifelse(ADMIN_SECRET_AVAILABLE, 0,secrets:
|
||||
admin:
|
||||
secrets:
|
||||
auth_token_key:
|
||||
file: ./secrets/auth_token_key
|
||||
auth_cookie_key:
|
||||
file: ./secrets/auth_cookie_key
|
||||
ifelse(ADMIN_SECRET_AVAILABLE, 0,admin:
|
||||
file: ./secrets/admin.env)
|
||||
|
||||
@ -89,9 +89,6 @@ services:
|
||||
backend:
|
||||
image: BACKEND_IMAGE
|
||||
env_file: services.env
|
||||
environment:
|
||||
- AUTH_TOKEN_KEY=test123
|
||||
- AUTH_COOKIE_KEY=test123
|
||||
networks:
|
||||
- frontend
|
||||
- backend
|
||||
@ -100,6 +97,9 @@ services:
|
||||
condition: on-failure
|
||||
delay: 5s
|
||||
replicas: ifenvelse(`OPENSLIDES_BACKEND_REPLICAS', 1)
|
||||
secrets:
|
||||
- auth_token_key
|
||||
- auth_cookie_key
|
||||
|
||||
datastore-reader:
|
||||
image: DATASTORE_READER_IMAGE
|
||||
@ -149,9 +149,6 @@ services:
|
||||
autoupdate:
|
||||
image: AUTOUPDATE_IMAGE
|
||||
env_file: services.env
|
||||
environment:
|
||||
- AUTH_KEY_TOKEN=test123
|
||||
- AUTH_KEY_COOKIE=test123
|
||||
networks:
|
||||
- frontend
|
||||
- backend
|
||||
@ -161,13 +158,13 @@ services:
|
||||
condition: on-failure
|
||||
delay: 5s
|
||||
replicas: ifenvelse(`OPENSLIDES_AUTOUPDATE_REPLICAS', 1)
|
||||
secrets:
|
||||
- auth_token_key
|
||||
- auth_cookie_key
|
||||
|
||||
auth:
|
||||
image: AUTH_IMAGE
|
||||
env_file: services.env
|
||||
environment:
|
||||
- AUTH_TOKEN_KEY=test123
|
||||
- AUTH_COOKIE_KEY=test123
|
||||
networks:
|
||||
- datastore-reader
|
||||
- frontend
|
||||
@ -178,6 +175,9 @@ services:
|
||||
condition: on-failure
|
||||
delay: 5s
|
||||
replicas: ifenvelse(`OPENSLIDES_AUTH_REPLICAS', 1)
|
||||
secrets:
|
||||
- auth_token_key
|
||||
- auth_cookie_key
|
||||
|
||||
cache:
|
||||
image: redis:latest
|
||||
@ -221,12 +221,17 @@ services:
|
||||
condition: on-failure
|
||||
delay: 5s
|
||||
|
||||
# TODO: Remove depenency to auth in "networks"
|
||||
# Should be doable when the manage service is fixed
|
||||
manage-setup:
|
||||
image: MANAGE_IMAGE
|
||||
entrypoint: /root/entrypoint-setup
|
||||
env_file: services.env
|
||||
environment:
|
||||
ENABLE_ELECTRONIC_VOTING: "ifenvelse(`ENABLE_ELECTRONIC_VOTING',)"
|
||||
networks:
|
||||
- backend
|
||||
- auth
|
||||
ifelse(ADMIN_SECRET_AVAILABLE, 0,secrets:
|
||||
- admin)
|
||||
deploy:
|
||||
@ -273,6 +278,10 @@ networks:
|
||||
encrypted: ""
|
||||
internal: true
|
||||
|
||||
ifelse(ADMIN_SECRET_AVAILABLE, 0,secrets:
|
||||
admin:
|
||||
secrets:
|
||||
auth_token_key:
|
||||
file: ./secrets/auth_token_key
|
||||
auth_cookie_key:
|
||||
file: ./secrets/auth_cookie_key
|
||||
ifelse(ADMIN_SECRET_AVAILABLE, 0,admin:
|
||||
file: ./secrets/admin.env)
|
||||
|
||||
@ -1,11 +1,12 @@
|
||||
#!/bin/bash
|
||||
|
||||
# Create keys for auth, if they do not exist
|
||||
if [ ! -d keys ]; then
|
||||
mkdir keys
|
||||
|
||||
ssh-keygen -f keys/rsa-token.key -t rsa -b 2048 -P ""
|
||||
ssh-keygen -f keys/rsa-cookie.key -t rsa -b 2048 -P ""
|
||||
if [ ! -f secrets/auth_token_key ]; then
|
||||
tr -dc 'a-zA-Z0-9' < /dev/urandom | head -c 64 > secrets/auth_token_key
|
||||
fi
|
||||
if [ ! -f secrets/auth_cookie_key ]; then
|
||||
tr -dc 'a-zA-Z0-9' < /dev/urandom | head -c 64 > secrets/auth_cookie_key
|
||||
fi
|
||||
|
||||
( set -a; source .env; m4 docker-compose.yml.m4 ) > docker-compose.yml
|
||||
( set -a; source .env; m4 docker-stack.yml.m4 ) > docker-stack.yml
|
||||
|
||||
@ -1 +1 @@
|
||||
Subproject commit ed9875e56911d709a103bbb912646d245ff1ae44
|
||||
Subproject commit edfb247a2398ae69dd5c0ff44e7cdf692b7c1b80
|
||||
@ -1 +1 @@
|
||||
Subproject commit d284650811d2ae0bb512c4db268952862b5722b4
|
||||
Subproject commit 431bcf22c9a37c84c93f1aed292b77547854078b
|
||||
@ -1 +1 @@
|
||||
Subproject commit a24b735b482be4ff5f5425f2e92dd85f805f353d
|
||||
Subproject commit fffc152f79d3446591e07a6913d9fdf30b46f577
|
||||
@ -1 +1 @@
|
||||
Subproject commit 5b17e162c477e3d19b59b2dcfcf307538e5ce90b
|
||||
Subproject commit e8e2d287fb84192db0dbf78e7ebdfac6a33fcaa7
|
||||
@ -1 +1 @@
|
||||
Subproject commit df61ded339c1cb07e46876d4e463c5f9812d25cc
|
||||
Subproject commit 6ab94da8debbd0367a34f173ccc1ddee5a701863
|
||||
@ -1 +1 @@
|
||||
Subproject commit c33b68b0c701f7fc503096c1d89d6c82e5a50232
|
||||
Subproject commit e5e2313cadd4827a07af97259bfafd4e8ee7b066
|
||||
Loading…
Reference in New Issue
Block a user