From 76d1e28453950650904aab453ea7cc7f02006970 Mon Sep 17 00:00:00 2001 From: Anders Pearson Date: Fri, 9 Nov 2018 15:49:39 +0000 Subject: [PATCH 1/2] add some settings to make docker devstack build This fixes a couple errors encountered while building the docker image for devstack --- docker/build/edxapp/ansible_overrides.yml | 1 + playbooks/roles/edxapp/defaults/main.yml | 3 +++ 2 files changed, 4 insertions(+) diff --git a/docker/build/edxapp/ansible_overrides.yml b/docker/build/edxapp/ansible_overrides.yml index 8876e3eeb90..c79dd1b2723 100644 --- a/docker/build/edxapp/ansible_overrides.yml +++ b/docker/build/edxapp/ansible_overrides.yml @@ -40,3 +40,4 @@ EDXAPP_XQUEUE_URL: 'http://edx.devstack.xqueue:18040' EDXAPP_ENABLE_EDXNOTES: true EDXAPP_EDXNOTES_INTERNAL_API: 'http://edx.devstack.edx_notes_api:18120/api/v1' +EDXAPP_EDXAPP_SECRET_KEY: "change me" diff --git a/playbooks/roles/edxapp/defaults/main.yml b/playbooks/roles/edxapp/defaults/main.yml index e12eb141ff5..3a62e699733 100644 --- a/playbooks/roles/edxapp/defaults/main.yml +++ b/playbooks/roles/edxapp/defaults/main.yml @@ -1650,3 +1650,6 @@ SERVICE_WORKER_USERS: is_superuser: false EDXAPP_ENABLE_DJANGO_ADMIN_RESTRICTION: false + +# for docker devstack +private_requirements_file: "{{ edxapp_app_dir }}/customer_private_requirements.txt" From 5d43e9fba78184913843f558206583f404324bcb Mon Sep 17 00:00:00 2001 From: Omar Al-Ithawi Date: Mon, 17 Sep 2018 16:57:30 +0300 Subject: [PATCH 2/2] Remove the default edxapp secret key to ensure secure defaults --- CHANGELOG.md | 3 +++ docker/build/edxapp/ansible_overrides.yml | 3 ++- playbooks/roles/edxapp/defaults/main.yml | 2 +- tests/test_playbooks.sh | 2 +- 4 files changed, 7 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 63520f99e15..59569842b44 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,8 @@ - Use Ansible 2.3.1.0 so that we can do shallow clones of tags. +- Role: edxapp + - `EDXAPP_EDXAPP_SECRET_KEY` no longer has a default value + - git_clone: - The working tree is explicitly checked for modified files, to prevent mysterious failures. diff --git a/docker/build/edxapp/ansible_overrides.yml b/docker/build/edxapp/ansible_overrides.yml index c79dd1b2723..f8afd81f6a4 100644 --- a/docker/build/edxapp/ansible_overrides.yml +++ b/docker/build/edxapp/ansible_overrides.yml @@ -27,6 +27,8 @@ EDXAPP_SEARCH_HOST: 'edx.devstack.elasticsearch' EDXAPP_PYTHON_SANDBOX: false +EDXAPP_EDXAPP_SECRET_KEY: 'DUMMY KEY ONLY FOR TO DEVSTACK' + edxapp_debian_pkgs_extra: - mongodb-clients - mysql-client @@ -40,4 +42,3 @@ EDXAPP_XQUEUE_URL: 'http://edx.devstack.xqueue:18040' EDXAPP_ENABLE_EDXNOTES: true EDXAPP_EDXNOTES_INTERNAL_API: 'http://edx.devstack.edx_notes_api:18120/api/v1' -EDXAPP_EDXAPP_SECRET_KEY: "change me" diff --git a/playbooks/roles/edxapp/defaults/main.yml b/playbooks/roles/edxapp/defaults/main.yml index 3a62e699733..adeb3267a2a 100644 --- a/playbooks/roles/edxapp/defaults/main.yml +++ b/playbooks/roles/edxapp/defaults/main.yml @@ -172,7 +172,7 @@ EDXAPP_COMMENTS_SERVICE_URL: 'http://localhost:18080' # EDXAPP_COMMENTS_SERVICE_KEY must match FORUM_API_KEY EDXAPP_COMMENTS_SERVICE_KEY: 'password' -# EDXAPP_EDXAPP_SECRET_KEY: "DUMMY KEY CHANGE BEFORE GOING TO PRODUCTION" # Keep it removed to ensure secure defaults +# EDXAPP_EDXAPP_SECRET_KEY: "DUMMY KEY CHANGE BEFORE GOING TO PRODUCTION" # Commented out to ensure secure defaults EDXAPP_FERNET_KEYS: - "DUMMY KEY CHANGE BEFORE GOING TO PRODUCTION" diff --git a/tests/test_playbooks.sh b/tests/test_playbooks.sh index 920fd798a0c..8c49dc01523 100755 --- a/tests/test_playbooks.sh +++ b/tests/test_playbooks.sh @@ -16,7 +16,7 @@ ansible-playbook -i localhost, --syntax-check travis-test.yml output_dir="$PWD/test_output/env-dep" mkdir -p $output_dir -ansible-playbook -i localhost, -c local --tags edxapp_cfg edxapp.yml -e edxapp_user=`whoami` -e edxapp_app_dir=$output_dir -e edxapp_code_dir=$output_dir +ansible-playbook -i localhost, -c local --tags edxapp_cfg edxapp.yml -e edxapp_user=`whoami` -e edxapp_app_dir=$output_dir -e edxapp_code_dir=$output_dir -e EDXAPP_EDXAPP_SECRET_KEY='DUMMY TRAVIS KEY' root_dir=$output_dir environment_deployments="."