17d360c30e
Create cron tasks to clean up old stuff from ARA, disabled by default but can be enabled if desired Change-Id: I8d54a2649bb7b82298d73b5d9b89a857807f6d1e
128 lines
4.9 KiB
YAML
128 lines
4.9 KiB
YAML
---
|
|
# Copyright (c) 2019 Red Hat, Inc.
|
|
#
|
|
# This file is part of ARA Records Ansible.
|
|
#
|
|
# ARA Records Ansible is free software: you can redistribute it and/or modify
|
|
# it under the terms of the GNU General Public License as published by
|
|
# the Free Software Foundation, either version 3 of the License, or
|
|
# (at your option) any later version.
|
|
#
|
|
# ARA Records Ansible is distributed in the hope that it will be useful,
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
# GNU General Public License for more details.
|
|
#
|
|
# You should have received a copy of the GNU General Public License
|
|
# along with ARA Records Ansible. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
- name: Verify if a configuration file exists
|
|
stat:
|
|
path: "{{ ara_api_settings }}"
|
|
register: settings_stat
|
|
|
|
# If no secret key has been provided and this isn't the first time we are
|
|
# running, recover the secret key from the existing configuration file.
|
|
- when:
|
|
- ara_api_secret_key is none
|
|
- settings_stat.stat.exists
|
|
block:
|
|
- name: Read the existing configuration file
|
|
command: cat "{{ ara_api_settings }}"
|
|
changed_when: false
|
|
no_log: "{{ ara_api_secure_logging }}"
|
|
register: settings_contents
|
|
|
|
- name: Recover existing secret key
|
|
vars:
|
|
config: "{{ settings_contents.stdout | from_yaml }}"
|
|
set_fact:
|
|
ara_api_secret_key: "{{ config[ara_api_env]['SECRET_KEY'] }}"
|
|
no_log: "{{ ara_api_secure_logging }}"
|
|
|
|
# If no secret key has been provided and this is the first time we are
|
|
# running, generate a new random secret key that will be persisted in the
|
|
# configuration file.
|
|
- when:
|
|
- ara_api_secret_key is none
|
|
- not settings_stat.stat.exists
|
|
block:
|
|
- name: Generate a random secret key
|
|
environment:
|
|
PATH: "{{ path_with_virtualenv }}"
|
|
command: python3 -c "from django.utils.crypto import get_random_string; print(get_random_string(length=50))"
|
|
no_log: "{{ ara_api_secure_logging }}"
|
|
register: generated_key
|
|
|
|
- name: Set ara_api_secret_key
|
|
set_fact:
|
|
ara_api_secret_key: "{{ generated_key.stdout }}"
|
|
no_log: "{{ ara_api_secure_logging }}"
|
|
|
|
- name: Validate distributed sqlite configuration
|
|
assert:
|
|
that:
|
|
- "ara_api_database_engine == 'ara.server.db.backends.distributed_sqlite'"
|
|
msg: |
|
|
The database engine should be 'ara.server.db.backends.distributed_sqlite'
|
|
when 'ara_api_distributed_sqlite' is true.
|
|
when: ara_api_distributed_sqlite
|
|
|
|
# Put configuration in a format we can write to a file
|
|
- name: Reconcile configuration
|
|
vars:
|
|
reconciled_configuration:
|
|
ALLOWED_HOSTS: "{{ ara_api_allowed_hosts }}"
|
|
BASE_DIR: "{{ ara_api_base_dir }}"
|
|
CORS_ORIGIN_ALLOW_ALL: "{{ ara_api_cors_origin_allow_all }}"
|
|
CORS_ORIGIN_WHITELIST: "{{ ara_api_cors_origin_whitelist }}"
|
|
CORS_ORIGIN_REGEX_WHITELIST: "{{ ara_api_cors_origin_regex_whitelist }}"
|
|
DATABASE_ENGINE: "{{ ara_api_database_engine }}"
|
|
DATABASE_NAME: "{{ ara_api_database_name }}"
|
|
DATABASE_USER: "{{ ara_api_database_user }}"
|
|
DATABASE_PASSWORD: "{{ ara_api_database_password }}"
|
|
DATABASE_HOST: "{{ ara_api_database_host }}"
|
|
DATABASE_PORT: "{{ ara_api_database_port }}"
|
|
DATABASE_CONN_MAX_AGE: "{{ ara_api_database_conn_max_age }}"
|
|
DEBUG: "{{ ara_api_debug }}"
|
|
DISTRIBUTED_SQLITE: "{{ ara_api_distributed_sqlite }}"
|
|
DISTRIBUTED_SQLITE_PREFIX: "{{ ara_api_distributed_sqlite_prefix }}"
|
|
DISTRIBUTED_SQLITE_ROOT: "{{ ara_api_distributed_sqlite_root }}"
|
|
LOGGING: "{{ ara_api_logging }}"
|
|
LOG_LEVEL: "{{ ara_api_log_level }}"
|
|
SECRET_KEY: "{{ ara_api_secret_key }}"
|
|
READ_LOGIN_REQUIRED: "{{ ara_api_read_login_required }}"
|
|
WRITE_LOGIN_REQUIRED: "{{ ara_api_write_login_required }}"
|
|
PAGE_SIZE: "{{ ara_api_page_size }}"
|
|
TIME_ZONE: "{{ ara_api_time_zone }}"
|
|
set_fact:
|
|
ara_api_configuration: "{'{{ ara_api_env }}': {{ reconciled_configuration }} }"
|
|
no_log: "{{ ara_api_secure_logging }}"
|
|
|
|
- name: Set up the ARA API configuration file
|
|
copy:
|
|
content: |
|
|
---
|
|
# Managed by the ara Ansible role
|
|
{{ ara_api_configuration | to_nice_yaml(indent=2) }}
|
|
dest: "{{ ara_api_settings }}"
|
|
mode: 0640
|
|
notify:
|
|
- restart ara-api
|
|
no_log: "{{ ara_api_secure_logging }}"
|
|
|
|
- name: Set up ARA API cronjobs
|
|
cron:
|
|
name: "{{ job['name'] }}"
|
|
special_time: "{{ job['special_time'] | default(omit) }}"
|
|
minute: "{{ job['minute'] | default(omit) }}"
|
|
hour: "{{ job['hour'] | default(omit) }}"
|
|
day: "{{ job['day'] | default(omit) }}"
|
|
weekday: "{{ job['weekday'] | default(omit) }}"
|
|
month: "{{ job['month'] | default(omit) }}"
|
|
job: "{{ ara_api_venv_path }}/bin/ara {{ job['arguments'] }} >/dev/null 2>&1"
|
|
loop: "{{ ara_api_cleanup_crons }}"
|
|
loop_control:
|
|
loop_var: 'job'
|
|
when: ara_api_configure_cron
|