Commit b3eb9d4b by Joe Blaylock

Stanford config/xqueue updates and local mods

* Changed the way xqueue does basic auth configuration so that it would
  work with the old httplib on our prod ora instances.
* this breaks the .org release's method of doing basic auth, but that
  doesn't matter for Stanford because we do it differently
parent 1fad03a1
- hosts: ~tag_Name_app(10|20)_carn - hosts: ~tag_Name_app(10|20)_carn
#- hosts: ~tag_Name_app20_carn
sudo: True sudo: True
vars_prompt: vars_prompt:
- name: "migrate_db" - name: "migrate_db"
......
...@@ -14,6 +14,7 @@ ...@@ -14,6 +14,7 @@
#- hosts: tag_environment_prod:&tag_function_webserver #- hosts: tag_environment_prod:&tag_function_webserver
# or we can get subsets of them by name # or we can get subsets of them by name
- hosts: ~tag_Name_app(10|20)_cme - hosts: ~tag_Name_app(10|20)_cme
#- hosts: ~tag_Name_app10_cme
sudo: True sudo: True
vars_prompt: vars_prompt:
- name: "migrate_db" - name: "migrate_db"
...@@ -32,6 +33,7 @@ ...@@ -32,6 +33,7 @@
- "{{ secure_dir }}/vars/edxapp_prod_users.yml" - "{{ secure_dir }}/vars/edxapp_prod_users.yml"
- "{{ secure_dir }}/vars/datadog_stage.yml" - "{{ secure_dir }}/vars/datadog_stage.yml"
roles: roles:
#- ansible_debug
- common - common
- role: nginx - role: nginx
nginx_conf: true nginx_conf: true
......
# this gets all running prod webservers # this gets all running prod webservers
#- hosts: tag_environment_prod:&tag_function_webserver #- hosts: tag_environment_prod:&tag_function_webserver
# or we can get subsets of them by name # or we can get subsets of them by name
- hosts: ~tag_Name_app(10|20)_prod #- hosts: ~tag_Name_app(10|20)_prod
#- hosts: ~tag_Name_app(11|21)_prod #- hosts: ~tag_Name_app(11|21)_prod
## this is the test box ## this is the test box
#- hosts: ~tag_Name_app4_prod - hosts: ~tag_Name_app4_prod
## you can also do security group, but don't do that ## you can also do security group, but don't do that
#- hosts: security_group_edx-prod-EdxappServerSecurityGroup-NSKCQTMZIPQB #- hosts: security_group_edx-prod-EdxappServerSecurityGroup-NSKCQTMZIPQB
sudo: True sudo: True
......
...@@ -2,8 +2,10 @@ ...@@ -2,8 +2,10 @@
sudo: True sudo: True
vars_files: vars_files:
- "{{ secure_dir }}/vars/users_jumpbox.yml" - "{{ secure_dir }}/vars/users_jumpbox.yml"
- "{{ secure_dir }}/vars/datadog_stage.yml"
vars: vars:
secure_dir: '../../../configuration-secure/ansible' secure_dir: '../../../configuration-secure/ansible'
local_dir: '../../../configuration-secure/ansible/local' local_dir: '../../../configuration-secure/ansible/local'
roles: roles:
- common - common
- datadog
# For all util machines # For all util machines
- hosts: tag_environment_prod:&tag_function_util - hosts: tag_environment_prod:&tag_function_util
# or we can get subsets of them by name # or we can get subsets of them by name
#- hosts: ~tag_Name_util(1|2)_prod #- hosts: ~tag_Name_util20_prod
sudo: True sudo: True
vars: vars:
secure_dir: '../../../configuration-secure/ansible' secure_dir: '../../../configuration-secure/ansible'
......
...@@ -19,6 +19,7 @@ ...@@ -19,6 +19,7 @@
- role: nginx - role: nginx
nginx_sites: nginx_sites:
- xqueue - xqueue
- basic-auth
- xqueue - xqueue
- datadog - datadog
#- splunkforwarder #- splunkforwarder
...@@ -14,6 +14,7 @@ ...@@ -14,6 +14,7 @@
- role: nginx - role: nginx
nginx_sites: nginx_sites:
- xqueue - xqueue
- basic-auth
- xqueue - xqueue
- datadog - datadog
#- splunkforwarder #- splunkforwarder
......
server {
listen 80;
location / {
auth_basic "Restricted"; auth_basic "Restricted";
auth_basic_user_file /etc/nginx/nginx.htpasswd; auth_basic_user_file /etc/nginx/nginx.htpasswd;
root {{ app_base_dir }}/main_static; root {{app_base_dir}}/main_static;
index index.html index index.html
proxy_set_header X-Forwarded-Proto https; proxy_set_header X-Forwarded-Proto https;
}
}
...@@ -8,9 +8,6 @@ server { ...@@ -8,9 +8,6 @@ server {
listen {{ XQUEUE_NGINX_PORT }} default_server; listen {{ XQUEUE_NGINX_PORT }} default_server;
location / { location / {
{% if XQUEUE_BASIC_AUTH %}
{% include "basic-auth.j2" %}
{% endif %}
try_files $uri @proxy_to_app; try_files $uri @proxy_to_app;
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment