Skip to content
Permalink
Branch: master
Find file Copy path
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
186 lines (144 sloc) 7.7 KB
---
#
# edX Configuration
#
# github: https://github.com/edx/configuration
# wiki: https://openedx.atlassian.net/wiki/display/OpenOPS
# code style: https://openedx.atlassian.net/wiki/display/OpenOPS/Ansible+Code+Conventions
# license: https://github.com/edx/configuration/blob/master/LICENSE.TXT
#
##
# Defaults for role credentials
#
#
# vars are namespace with the module name.
#
credentials_service_name: 'credentials'
credentials_environment:
CREDENTIALS_CFG: '{{ COMMON_CFG_DIR }}/{{ credentials_service_name }}.yml'
credentials_gunicorn_port: 8150
credentials_node_version: '8.9.3'
#
# OS packages
#
credentials_debian_pkgs:
# Needed to manipulate images.
- libjpeg8-dev
- libpng12-dev
credentials_redhat_pkgs: []
CREDENTIALS_NGINX_PORT: '1{{ credentials_gunicorn_port }}'
CREDENTIALS_SSL_NGINX_PORT: '4{{ credentials_gunicorn_port }}'
CREDENTIALS_DEFAULT_DB_NAME: 'credentials'
CREDENTIALS_MYSQL_HOST: 'localhost'
# MySQL usernames are limited to 16 characters
CREDENTIALS_MYSQL_USER: 'credentials001'
CREDENTIALS_MYSQL_PASSWORD: 'password'
CREDENTIALS_MEMCACHE: [ 'memcache' ]
CREDENTIALS_DJANGO_SETTINGS_MODULE: 'credentials.settings.production'
CREDENTIALS_DOMAIN: 'credentials'
CREDENTIALS_URL_ROOT: 'http://{{ CREDENTIALS_DOMAIN }}:{{ CREDENTIALS_NGINX_PORT }}'
CREDENTIALS_LOGOUT_URL: '{{ CREDENTIALS_URL_ROOT }}/logout/'
CREDENTIALS_SECRET_KEY: 'SET-ME-TO-A-UNIQUE-LONG-RANDOM-STRING'
CREDENTIALS_LANGUAGE_CODE: 'en'
CREDENTIALS_LANGUAGE_COOKIE_NAME: 'openedx-language-preference'
# Used to automatically configure OAuth2 Client
CREDENTIALS_SOCIAL_AUTH_EDX_OAUTH2_KEY: 'credentials-sso-key'
CREDENTIALS_SOCIAL_AUTH_EDX_OAUTH2_SECRET: 'credentials-sso-secret'
CREDENTIALS_BACKEND_SERVICE_EDX_OAUTH2_KEY: 'credentials-backend-service-key'
CREDENTIALS_BACKEND_SERVICE_EDX_OAUTH2_SECRET: 'credentials-backend-service-secret'
CREDENTIALS_SOCIAL_AUTH_REDIRECT_IS_HTTPS: false
# NOTE: Deprecate these OIDC settings post-DOP-removal for credentials.
CREDENTIALS_SOCIAL_AUTH_EDX_OIDC_KEY: 'credentials-key'
CREDENTIALS_SOCIAL_AUTH_EDX_OIDC_SECRET: 'credentials-secret'
CREDENTIALS_SERVICE_USER: 'credentials_service_user'
# NOTE: The Credentials Service reads the FILE_STORAGE_BACKEND setting, stored in the CREDENTIALS_FILE_STORAGE_BACKEND
# as a dict variable, and adds all of its keys to the root of the settings variable space. If the dict contains a key,
# foo, the application can reference it as `settings.foo`.
#
# In non-development environments, all static and uploaded files should be stored in long-term storage that is
# accessible to multiple machines running the service and not lost when an instance is destroyed. For edx.org, this
# means storing on S3, which is achieved using django-storages. This library also supports other providers.
#
# Below are example variables that show the variables one might use to store data on S3. An exhaustive list of settings
# is available at https://django-storages.readthedocs.io/en/latest/backends/amazon-S3.html.
#
# Note, AWS_S3_CUSTOM_DOMAIN is required, otherwise boto will generate non-working
# querystring URLs for assets (see https://github.com/boto/boto/issues/1477)
#
# CREDENTIALS_BUCKET: mybucket
# credentials_s3_domain: s3.amazonaws.com
# CREDENTIALS_MEDIA_ROOT: 'media'
# CREDENTIALS_STATIC_ROOT: 'static'
# ## This will be passed as FILE_STORAGE_BACKEND, and all keys will be added to Django's `settings` object, hence the
# ## nesting of STATIC_ROOT and other variables that aren't related to S3.
# CREDENTIALS_FILE_STORAGE_BACKEND:
# AWS_STORAGE_BUCKET_NAME: '{{ CREDENTIALS_BUCKET }}'
# AWS_S3_CUSTOM_DOMAIN: '{{ CREDENTIALS_BUCKET }}.{{ credentials_s3_domain }}'
# AWS_ACCESS_KEY_ID: 'XXXAWS_ACCESS_KEYXXX'
# AWS_SECRET_ACCESS_KEY: 'XXXAWS_SECRET_KEYXXX'
# AWS_QUERYSTRING_AUTH: False
# AWS_QUERYSTRING_EXPIRE: False
# AWS_DEFAULT_ACL: ''
# AWS_HEADERS:
# Access-Control-Allow-Origin: 'PUT-YOUR-HOSTNAME-HERE'
#
# MEDIA_ROOT: '{{ CREDENTIALS_MEDIA_ROOT }}'
# STATIC_ROOT: '{{ CREDENTIALS_STATIC_ROOT }}'
#
# MEDIA_URL: 'https://{{ CREDENTIALS_BUCKET }}.{{ credentials_s3_domain }}{{ CREDENTIALS_MEDIA_URL }}'
# STATIC_URL: 'https://{{ CREDENTIALS_BUCKET }}.{{ credentials_s3_domain }}{{ CREDENTIALS_STATIC_URL }}'
#
# STATICFILES_STORAGE: 'credentials.apps.core.s3utils.StaticS3BotoStorage'
# DEFAULT_FILE_STORAGE: 'credentials.apps.core.s3utils.MediaS3BotoStorage'
CREDENTIALS_DATA_DIR: '{{ COMMON_DATA_DIR }}/{{ credentials_service_name }}'
# TODO: Let edx_django_service manage CREDENTIALS_STATIC_ROOT in phase 2.
CREDENTIALS_STATIC_ROOT: '{{ CREDENTIALS_DATA_DIR }}/staticfiles'
CREDENTIALS_MEDIA_ROOT: '{{ CREDENTIALS_DATA_DIR }}/media'
CREDENTIALS_MEDIA_URL: '/media/'
CREDENTIALS_STATIC_URL: '/static/'
CREDENTIALS_MEDIA_STORAGE_BACKEND:
DEFAULT_FILE_STORAGE: 'django.core.files.storage.FileSystemStorage'
MEDIA_ROOT: '{{ CREDENTIALS_MEDIA_ROOT }}'
MEDIA_URL: '{{ CREDENTIALS_MEDIA_URL }}'
# NOTE: This service is one of the few that stores its static files on S3. We use a backend that adds a hash to the
# filename to avoid overwriting older files, which may be in use, with newer files during deployments. See
# https://docs.djangoproject.com/en/dev/ref/contrib/staticfiles/#manifeststaticfilesstorage for more information.
CREDENTIALS_STATICFILES_STORAGE: 'django.contrib.staticfiles.storage.ManifestStaticFilesStorage'
# NOTE: This only needs to be overridden when using non-local storage. Otherwise, the edx_django_service play will
# properly configure local storage of media and static files.
CREDENTIALS_FILE_STORAGE_BACKEND: {}
CREDENTIALS_CORS_ORIGIN_ALLOW_ALL: false
CREDENTIALS_CORS_ORIGIN_WHITELIST_DEFAULT:
- '{{ CREDENTIALS_DOMAIN }}'
CREDENTIALS_CORS_ORIGIN_WHITELIST_EXTRA: []
CREDENTIALS_CORS_ORIGIN_WHITELIST: '{{ CREDENTIALS_CORS_ORIGIN_WHITELIST_DEFAULT + CREDENTIALS_CORS_ORIGIN_WHITELIST_EXTRA }}'
CREDENTIALS_VERSION: 'master'
CREDENTIALS_GUNICORN_EXTRA: ''
CREDENTIALS_EXTRA_APPS: []
CREDENTIALS_SESSION_EXPIRE_AT_BROWSER_CLOSE: false
CREDENTIALS_CERTIFICATE_LANGUAGES:
'en': 'English'
'es_419': 'Spanish'
CREDENTIALS_USERNAME_REPLACEMENT_WORKER: "OVERRIDE THIS WITH A VALID USERNAME"
credentials_service_config_overrides:
CERTIFICATE_LANGUAGES: '{{ CREDENTIALS_CERTIFICATE_LANGUAGES }}'
CREDENTIALS_SERVICE_USER: '{{ CREDENTIALS_SERVICE_USER }}'
FILE_STORAGE_BACKEND: '{{ CREDENTIALS_FILE_STORAGE_BACKEND }}'
LANGUAGE_COOKIE_NAME: '{{ CREDENTIALS_LANGUAGE_COOKIE_NAME }}'
CSRF_COOKIE_SECURE: "{{ CREDENTIALS_CSRF_COOKIE_SECURE }}"
USERNAME_REPLACEMENT_WORKER: "{{ CREDENTIALS_USERNAME_REPLACEMENT_WORKER }}"
# See edx_django_service_automated_users for an example of what this should be
CREDENTIALS_AUTOMATED_USERS: {}
credentials_create_demo_data: false
# NOTE: These variables are only needed to create the demo site (e.g. for sandboxes)
CREDENTIALS_LMS_URL_ROOT: !!null
CREDENTIALS_DISCOVERY_API_URL: !!null
CREDENTIALS_CSRF_COOKIE_SECURE: false
CREDENTIALS_ENABLE_NEWRELIC_DISTRIBUTED_TRACING: false
credentials_post_migrate_commands:
- command: './manage.py create_or_update_site --site-id=1 --site-domain={{ CREDENTIALS_DOMAIN }} --site-name="Open edX" --platform-name="Open edX" --company-name="Open edX" --lms-url-root={{ CREDENTIALS_LMS_URL_ROOT }} --catalog-api-url={{ CREDENTIALS_DISCOVERY_API_URL }} --tos-url={{ CREDENTIALS_LMS_URL_ROOT }}/tos --privacy-policy-url={{ CREDENTIALS_LMS_URL_ROOT }}/privacy --homepage-url={{ CREDENTIALS_LMS_URL_ROOT }} --certificate-help-url={{ CREDENTIALS_LMS_URL_ROOT }}/faq --records-help-url={{ CREDENTIALS_LMS_URL_ROOT }}/faq --theme-name=openedx'
when: '{{ credentials_create_demo_data }}'
# Remote config
CREDENTIALS_HERMES_ENABLED: "{{ COMMON_HERMES_ENABLED }}"
CREDENTIALS_DECRYPT_CONFIG_ENABLED: "{{ COMMON_DECRYPT_CONFIG_ENABLED }}"
CREDENTIALS_COPY_CONFIG_ENABLED: "{{ COMMON_COPY_CONFIG_ENABLED }}"
You can’t perform that action at this time.