OS4 productive setup changes

Now uses secrets and add the possibility to enable electronic voting
This commit is contained in:
Finn Stutzenstein 2021-04-08 08:54:10 +02:00
parent 4088913d7d
commit 79a14e15ad
No known key found for this signature in database
GPG Key ID: 9042F605C6324654
11 changed files with 61 additions and 35 deletions

4
.gitignore vendored
View File

@ -17,6 +17,8 @@ dev-commands/export.json
# Deployment
/docker/docker-compose.yml
/docker/docker-stack.yml
/docker/secrets/auth_*_key
docker/secrets/*.env
# Old OS3 files and folders
.coverage
@ -36,7 +38,5 @@ tests
.vscode/
package-lock.json
server/
docker/keys
docker/secrets/*.env
# OS3+-Submodules
/autoupdate/

View File

@ -22,6 +22,10 @@ DOCKER_OPENSLIDES_BACKEND_TAG=
DOCKER_OPENSLIDES_FRONTEND_NAME=
DOCKER_OPENSLIDES_FRONTEND_TAG=
# Configuration
# -------------
ENABLE_ELECTRONIC_VOTING=
# Service Replication
# -------------------
# TODO!!

View File

@ -91,12 +91,12 @@ services:
- datastore-reader
- datastore-writer
env_file: services.env
environment:
- AUTH_TOKEN_KEY=test123
- AUTH_COOKIE_KEY=test123
networks:
- frontend
- backend
secrets:
- auth_token_key
- auth_cookie_key
datastore-reader:
image: DATASTORE_READER_IMAGE
@ -141,13 +141,13 @@ services:
- datastore-reader
- message-bus
env_file: services.env
environment:
- AUTH_KEY_TOKEN=test123
- AUTH_KEY_COOKIE=test123
networks:
- frontend
- backend
- message-bus
secrets:
- auth_token_key
- auth_cookie_key
auth:
image: AUTH_IMAGE
@ -156,14 +156,14 @@ services:
- message-bus
- cache
env_file: services.env
environment:
- AUTH_TOKEN_KEY=test123
- AUTH_COOKIE_KEY=test123
networks:
- datastore-reader
- frontend
- message-bus
- auth
secrets:
- auth_token_key
- auth_cookie_key
cache:
image: redis:latest
@ -196,14 +196,22 @@ services:
- backend
- auth
# TODO: Remove depenencies to auth and datastore in "depends_on" and "networks"
# Should be doable when the manage service is fixed
manage-setup:
image: MANAGE_IMAGE
entrypoint: /root/entrypoint-setup
depends_on:
- manage
- auth
- datastore-writer
- datastore-reader
env_file: services.env
environment:
ENABLE_ELECTRONIC_VOTING: "ifenvelse(`ENABLE_ELECTRONIC_VOTING',)"
networks:
- backend
- auth
ifelse(ADMIN_SECRET_AVAILABLE, 0,secrets:
- admin)
@ -233,6 +241,10 @@ networks:
auth:
internal: true
ifelse(ADMIN_SECRET_AVAILABLE, 0,secrets:
admin:
secrets:
auth_token_key:
file: ./secrets/auth_token_key
auth_cookie_key:
file: ./secrets/auth_cookie_key
ifelse(ADMIN_SECRET_AVAILABLE, 0,admin:
file: ./secrets/admin.env)

View File

@ -89,9 +89,6 @@ services:
backend:
image: BACKEND_IMAGE
env_file: services.env
environment:
- AUTH_TOKEN_KEY=test123
- AUTH_COOKIE_KEY=test123
networks:
- frontend
- backend
@ -100,6 +97,9 @@ services:
condition: on-failure
delay: 5s
replicas: ifenvelse(`OPENSLIDES_BACKEND_REPLICAS', 1)
secrets:
- auth_token_key
- auth_cookie_key
datastore-reader:
image: DATASTORE_READER_IMAGE
@ -149,9 +149,6 @@ services:
autoupdate:
image: AUTOUPDATE_IMAGE
env_file: services.env
environment:
- AUTH_KEY_TOKEN=test123
- AUTH_KEY_COOKIE=test123
networks:
- frontend
- backend
@ -161,13 +158,13 @@ services:
condition: on-failure
delay: 5s
replicas: ifenvelse(`OPENSLIDES_AUTOUPDATE_REPLICAS', 1)
secrets:
- auth_token_key
- auth_cookie_key
auth:
image: AUTH_IMAGE
env_file: services.env
environment:
- AUTH_TOKEN_KEY=test123
- AUTH_COOKIE_KEY=test123
networks:
- datastore-reader
- frontend
@ -178,6 +175,9 @@ services:
condition: on-failure
delay: 5s
replicas: ifenvelse(`OPENSLIDES_AUTH_REPLICAS', 1)
secrets:
- auth_token_key
- auth_cookie_key
cache:
image: redis:latest
@ -221,12 +221,17 @@ services:
condition: on-failure
delay: 5s
# TODO: Remove depenency to auth in "networks"
# Should be doable when the manage service is fixed
manage-setup:
image: MANAGE_IMAGE
entrypoint: /root/entrypoint-setup
env_file: services.env
environment:
ENABLE_ELECTRONIC_VOTING: "ifenvelse(`ENABLE_ELECTRONIC_VOTING',)"
networks:
- backend
- auth
ifelse(ADMIN_SECRET_AVAILABLE, 0,secrets:
- admin)
deploy:
@ -273,6 +278,10 @@ networks:
encrypted: ""
internal: true
ifelse(ADMIN_SECRET_AVAILABLE, 0,secrets:
admin:
secrets:
auth_token_key:
file: ./secrets/auth_token_key
auth_cookie_key:
file: ./secrets/auth_cookie_key
ifelse(ADMIN_SECRET_AVAILABLE, 0,admin:
file: ./secrets/admin.env)

View File

@ -1,11 +1,12 @@
#!/bin/bash
# Create keys for auth, if they do not exist
if [ ! -d keys ]; then
mkdir keys
ssh-keygen -f keys/rsa-token.key -t rsa -b 2048 -P ""
ssh-keygen -f keys/rsa-cookie.key -t rsa -b 2048 -P ""
if [ ! -f secrets/auth_token_key ]; then
tr -dc 'a-zA-Z0-9' < /dev/urandom | head -c 64 > secrets/auth_token_key
fi
if [ ! -f secrets/auth_cookie_key ]; then
tr -dc 'a-zA-Z0-9' < /dev/urandom | head -c 64 > secrets/auth_cookie_key
fi
( set -a; source .env; m4 docker-compose.yml.m4 ) > docker-compose.yml
( set -a; source .env; m4 docker-stack.yml.m4 ) > docker-stack.yml

@ -1 +1 @@
Subproject commit ed9875e56911d709a103bbb912646d245ff1ae44
Subproject commit edfb247a2398ae69dd5c0ff44e7cdf692b7c1b80

@ -1 +1 @@
Subproject commit d284650811d2ae0bb512c4db268952862b5722b4
Subproject commit 431bcf22c9a37c84c93f1aed292b77547854078b

@ -1 +1 @@
Subproject commit a24b735b482be4ff5f5425f2e92dd85f805f353d
Subproject commit fffc152f79d3446591e07a6913d9fdf30b46f577

@ -1 +1 @@
Subproject commit 5b17e162c477e3d19b59b2dcfcf307538e5ce90b
Subproject commit e8e2d287fb84192db0dbf78e7ebdfac6a33fcaa7

@ -1 +1 @@
Subproject commit df61ded339c1cb07e46876d4e463c5f9812d25cc
Subproject commit 6ab94da8debbd0367a34f173ccc1ddee5a701863

@ -1 +1 @@
Subproject commit c33b68b0c701f7fc503096c1d89d6c82e5a50232
Subproject commit e5e2313cadd4827a07af97259bfafd4e8ee7b066