ag-admin/OpenSlides
0
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

OS4 productive setup changes

Browse Source 
Now uses secrets and add the possibility to enable electronic voting
This commit is contained in:
Finn Stutzenstein 2021-04-08 08:54:10 +02:00
parent 4088913d7d
commit 79a14e15ad
No known key found for this signature in database
GPG Key ID: 9042F605C6324654
11 changed files with 61 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
.gitignore vendored
View File

@ -17,6 +17,8 @@ dev-commands/export.json
# Deployment # Deployment
/docker/docker-compose.yml /docker/docker-compose.yml
/docker/docker-stack.yml /docker/docker-stack.yml
/docker/secrets/auth_*_key
docker/secrets/*.env
# Old OS3 files and folders # Old OS3 files and folders
.coverage .coverage
@ -36,7 +38,5 @@ tests
.vscode/ .vscode/
package-lock.json package-lock.json
server/ server/
docker/keys
docker/secrets/*.env
# OS3+-Submodules # OS3+-Submodules
/autoupdate/ /autoupdate/

4
docker/.env
View File

@ -22,6 +22,10 @@ DOCKER_OPENSLIDES_BACKEND_TAG=
DOCKER_OPENSLIDES_FRONTEND_NAME= DOCKER_OPENSLIDES_FRONTEND_NAME=
DOCKER_OPENSLIDES_FRONTEND_TAG= DOCKER_OPENSLIDES_FRONTEND_TAG=
# Configuration
# -------------
ENABLE_ELECTRONIC_VOTING=
# Service Replication # Service Replication
# ------------------- # -------------------
# TODO!! # TODO!!

34
docker/docker-compose.yml.m4
View File

@ -91,12 +91,12 @@ services:
- datastore-reader - datastore-reader
- datastore-writer - datastore-writer
env_file: services.env env_file: services.env
environment:
- AUTH_TOKEN_KEY=test123
- AUTH_COOKIE_KEY=test123
networks: networks:
- frontend - frontend
- backend - backend
secrets:
- auth_token_key
- auth_cookie_key
datastore-reader: datastore-reader:
image: DATASTORE_READER_IMAGE image: DATASTORE_READER_IMAGE
@ -141,13 +141,13 @@ services:
- datastore-reader - datastore-reader
- message-bus - message-bus
env_file: services.env env_file: services.env
environment:
- AUTH_KEY_TOKEN=test123
- AUTH_KEY_COOKIE=test123
networks: networks:
- frontend - frontend
- backend - backend
- message-bus - message-bus
secrets:
- auth_token_key
- auth_cookie_key
auth: auth:
image: AUTH_IMAGE image: AUTH_IMAGE
@ -156,14 +156,14 @@ services:
- message-bus - message-bus
- cache - cache
env_file: services.env env_file: services.env
environment:
- AUTH_TOKEN_KEY=test123
- AUTH_COOKIE_KEY=test123
networks: networks:
- datastore-reader - datastore-reader
- frontend - frontend
- message-bus - message-bus
- auth - auth
secrets:
- auth_token_key
- auth_cookie_key
cache: cache:
image: redis:latest image: redis:latest
@ -196,14 +196,22 @@ services:
- backend - backend
- auth - auth
# TODO: Remove depenencies to auth and datastore in "depends_on" and "networks"
# Should be doable when the manage service is fixed
manage-setup: manage-setup:
image: MANAGE_IMAGE image: MANAGE_IMAGE
entrypoint: /root/entrypoint-setup entrypoint: /root/entrypoint-setup
depends_on: depends_on:
- manage - manage
- auth
- datastore-writer
- datastore-reader
env_file: services.env env_file: services.env
environment:
ENABLE_ELECTRONIC_VOTING: "ifenvelse(`ENABLE_ELECTRONIC_VOTING',)"
networks: networks:
- backend - backend
- auth
ifelse(ADMIN_SECRET_AVAILABLE, 0,secrets: ifelse(ADMIN_SECRET_AVAILABLE, 0,secrets:
- admin) - admin)
@ -233,6 +241,10 @@ networks:
auth: auth:
internal: true internal: true
ifelse(ADMIN_SECRET_AVAILABLE, 0,secrets: secrets:
admin: auth_token_key:
file: ./secrets/auth_token_key
auth_cookie_key:
file: ./secrets/auth_cookie_key
ifelse(ADMIN_SECRET_AVAILABLE, 0,admin:
file: ./secrets/admin.env) file: ./secrets/admin.env)

31
docker/docker-stack.yml.m4
View File

@ -89,9 +89,6 @@ services:
backend: backend:
image: BACKEND_IMAGE image: BACKEND_IMAGE
env_file: services.env env_file: services.env
environment:
- AUTH_TOKEN_KEY=test123
- AUTH_COOKIE_KEY=test123
networks: networks:
- frontend - frontend
- backend - backend
@ -100,6 +97,9 @@ services:
condition: on-failure condition: on-failure
delay: 5s delay: 5s
replicas: ifenvelse(`OPENSLIDES_BACKEND_REPLICAS', 1) replicas: ifenvelse(`OPENSLIDES_BACKEND_REPLICAS', 1)
secrets:
- auth_token_key
- auth_cookie_key
datastore-reader: datastore-reader:
image: DATASTORE_READER_IMAGE image: DATASTORE_READER_IMAGE
@ -149,9 +149,6 @@ services:
autoupdate: autoupdate:
image: AUTOUPDATE_IMAGE image: AUTOUPDATE_IMAGE
env_file: services.env env_file: services.env
environment:
- AUTH_KEY_TOKEN=test123
- AUTH_KEY_COOKIE=test123
networks: networks:
- frontend - frontend
- backend - backend
@ -161,13 +158,13 @@ services:
condition: on-failure condition: on-failure
delay: 5s delay: 5s
replicas: ifenvelse(`OPENSLIDES_AUTOUPDATE_REPLICAS', 1) replicas: ifenvelse(`OPENSLIDES_AUTOUPDATE_REPLICAS', 1)
secrets:
- auth_token_key
- auth_cookie_key
auth: auth:
image: AUTH_IMAGE image: AUTH_IMAGE
env_file: services.env env_file: services.env
environment:
- AUTH_TOKEN_KEY=test123
- AUTH_COOKIE_KEY=test123
networks: networks:
- datastore-reader - datastore-reader
- frontend - frontend
@ -178,6 +175,9 @@ services:
condition: on-failure condition: on-failure
delay: 5s delay: 5s
replicas: ifenvelse(`OPENSLIDES_AUTH_REPLICAS', 1) replicas: ifenvelse(`OPENSLIDES_AUTH_REPLICAS', 1)
secrets:
- auth_token_key
- auth_cookie_key
cache: cache:
image: redis:latest image: redis:latest
@ -221,12 +221,17 @@ services:
condition: on-failure condition: on-failure
delay: 5s delay: 5s
# TODO: Remove depenency to auth in "networks"
# Should be doable when the manage service is fixed
manage-setup: manage-setup:
image: MANAGE_IMAGE image: MANAGE_IMAGE
entrypoint: /root/entrypoint-setup entrypoint: /root/entrypoint-setup
env_file: services.env env_file: services.env
environment:
ENABLE_ELECTRONIC_VOTING: "ifenvelse(`ENABLE_ELECTRONIC_VOTING',)"
networks: networks:
- backend - backend
- auth
ifelse(ADMIN_SECRET_AVAILABLE, 0,secrets: ifelse(ADMIN_SECRET_AVAILABLE, 0,secrets:
- admin) - admin)
deploy: deploy:
@ -273,6 +278,10 @@ networks:
encrypted: "" encrypted: ""
internal: true internal: true
ifelse(ADMIN_SECRET_AVAILABLE, 0,secrets: secrets:
admin: auth_token_key:
file: ./secrets/auth_token_key
auth_cookie_key:
file: ./secrets/auth_cookie_key
ifelse(ADMIN_SECRET_AVAILABLE, 0,admin:
file: ./secrets/admin.env) file: ./secrets/admin.env)

11
docker/setup-prod.sh
View File

@ -1,11 +1,12 @@
#!/bin/bash #!/bin/bash
# Create keys for auth, if they do not exist # Create keys for auth, if they do not exist
if [ ! -d keys ]; then if [ ! -f secrets/auth_token_key ]; then
mkdir keys tr -dc 'a-zA-Z0-9' < /dev/urandom | head -c 64 > secrets/auth_token_key
fi
ssh-keygen -f keys/rsa-token.key -t rsa -b 2048 -P "" if [ ! -f secrets/auth_cookie_key ]; then
ssh-keygen -f keys/rsa-cookie.key -t rsa -b 2048 -P "" tr -dc 'a-zA-Z0-9' < /dev/urandom | head -c 64 > secrets/auth_cookie_key
fi fi
( set -a; source .env; m4 docker-compose.yml.m4 ) > docker-compose.yml ( set -a; source .env; m4 docker-compose.yml.m4 ) > docker-compose.yml
( set -a; source .env; m4 docker-stack.yml.m4 ) > docker-stack.yml

2
openslides-auth-service

@ -1 +1 @@
Subproject commit ed9875e56911d709a103bbb912646d245ff1ae44 Subproject commit edfb247a2398ae69dd5c0ff44e7cdf692b7c1b80

2
openslides-autoupdate-service

@ -1 +1 @@
Subproject commit d284650811d2ae0bb512c4db268952862b5722b4 Subproject commit 431bcf22c9a37c84c93f1aed292b77547854078b

2
openslides-backend

@ -1 +1 @@
Subproject commit a24b735b482be4ff5f5425f2e92dd85f805f353d Subproject commit fffc152f79d3446591e07a6913d9fdf30b46f577

2
openslides-datastore-service

@ -1 +1 @@
Subproject commit 5b17e162c477e3d19b59b2dcfcf307538e5ce90b Subproject commit e8e2d287fb84192db0dbf78e7ebdfac6a33fcaa7

2
openslides-manage-service

@ -1 +1 @@
Subproject commit df61ded339c1cb07e46876d4e463c5f9812d25cc Subproject commit 6ab94da8debbd0367a34f173ccc1ddee5a701863

2
openslides-permission-service

@ -1 +1 @@
Subproject commit c33b68b0c701f7fc503096c1d89d6c82e5a50232 Subproject commit e5e2313cadd4827a07af97259bfafd4e8ee7b066