Merge pull request #1200 from edx/jarv/simplify-nginx-auth

Have roles reference the nginx role for basic auth

Merge pull request #1200 from edx/jarv/simplify-nginx-auth
Have roles reference the nginx role for basic auth
ec9356f0 · John Jarvis · 68e62fa6 · 6cbefc52 · ec9356f0 · ec9356f0
Commit ec9356f0 authored Jun 11, 2014 by John Jarvis
9 changed files
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
+- Role: xqwatcher, xqueue, nginx, edxapp, common
+  - Moving nginx basic authorization flag and credentials to the common role
+
 - Role: Edxapp
  - Turn on code sandboxing by default and allow the jailed code to be able to write
    files to the tmp directory created for it by codejail.

--- a/playbooks/roles/common/defaults/main.yml
+++ b/playbooks/roles/common/defaults/main.yml
@@ -3,6 +3,11 @@
 # to change the base directory
 # where edX is installed

+# Set global htpasswd credentials
+COMMON_ENABLE_BASIC_AUTH: True
+COMMON_HTPASSWD_USER: edx
+COMMON_HTPASSWD_PASS: edx
+
 COMMON_BASE_DIR: /edx
 COMMON_DATA_DIR: "{{ COMMON_BASE_DIR}}/var"
 COMMON_APP_DIR: "{{ COMMON_BASE_DIR}}/app"

--- a/playbooks/roles/edxapp/defaults/main.yml
+++ b/playbooks/roles/edxapp/defaults/main.yml
@@ -17,7 +17,7 @@ EDXAPP_PREVIEW_LMS_BASE: ''
 EDXAPP_CMS_BASE: ''
 EDXAPP_AWS_ACCESS_KEY_ID:  ''
 EDXAPP_AWS_SECRET_ACCESS_KEY:  ''
-EDXAPP_XQUEUE_BASIC_AUTH: [ 'edx', 'edx' ]
+EDXAPP_XQUEUE_BASIC_AUTH: [ "{{ COMMON_HTPASSWD_USER }}", "{{ COMMON_HTPASSWD_PASS }}" ]
 EDXAPP_XQUEUE_DJANGO_AUTH:
  username: 'lms'
  password: 'password'

--- a/playbooks/roles/nginx/defaults/main.yml
+++ b/playbooks/roles/nginx/defaults/main.yml
 # Variables for nginx role
 ---
-# Set global htaccess for nginx
-NGINX_HTPASSWD_USER: !!null
-NGINX_HTPASSWD_PASS: !!null
 NGINX_ENABLE_SSL: False
 # Set these to real paths on your
 # filesystem, otherwise nginx will

--- a/playbooks/roles/nginx/tasks/main.yml
+++ b/playbooks/roles/nginx/tasks/main.yml
@@ -74,10 +74,10 @@

 - name: Write out htpasswd file
  htpasswd: >
-    name={{ NGINX_HTPASSWD_USER }}
-    password={{ NGINX_HTPASSWD_PASS }}
+    name={{ COMMON_HTPASSWD_USER }}
+    password={{ COMMON_HTPASSWD_PASS }}
    path={{ nginx_htpasswd_file }}
-  when: NGINX_HTPASSWD_USER and NGINX_HTPASSWD_PASS
+  when: COMMON_ENABLE_BASIC_AUTH

 - name: Create nginx log file location (just in case)
  file: >

--- a/playbooks/roles/nginx/templates/edx/app/nginx/sites-available/basic-auth.j2
+++ b/playbooks/roles/nginx/templates/edx/app/nginx/sites-available/basic-auth.j2
-{% if  NGINX_HTPASSWD_USER and NGINX_HTPASSWD_PASS %}
+{% if COMMON_ENABLE_BASIC_AUTH %}
     satisfy any;

     allow 127.0.0.1;

--- a/playbooks/roles/xqueue/defaults/main.yml
+++ b/playbooks/roles/xqueue/defaults/main.yml
@@ -16,8 +16,8 @@ XQUEUE_S3_PATH_PREFIX: 'sandbox-xqueue'
 XQUEUE_LOCAL_LOGLEVEL: 'INFO'
 XQUEUE_AWS_ACCESS_KEY_ID : ''
 XQUEUE_AWS_SECRET_ACCESS_KEY : ''
-XQUEUE_BASIC_AUTH_USER: 'edx'
-XQUEUE_BASIC_AUTH_PASSWORD: 'edx'
+XQUEUE_BASIC_AUTH_USER: "{{ COMMON_HTPASSWD_USER }}"
+XQUEUE_BASIC_AUTH_PASSWORD: "{{ COMMON_HTPASSWD_PASS }}"
 XQUEUE_DJANGO_USERS:
  lms: 'password'
 XQUEUE_RABBITMQ_USER: 'edx'

--- a/playbooks/roles/xqwatcher/defaults/main.yml
+++ b/playbooks/roles/xqwatcher/defaults/main.yml
@@ -12,7 +12,7 @@
 #

 XQWATCHER_CONFIG:
-  HTTP_BASIC_AUTH: ['foo','bar']
+  HTTP_BASIC_AUTH: ["{{ COMMON_HTPASSWD_USER }}","{{ COMMON_HTPASSWD_PASS }}"]
  POLL_TIME: 10

 XQWATCHER_COURSES:

--- a/util/jenkins/ansible-provision.sh
+++ b/util/jenkins/ansible-provision.sh
@@ -129,8 +129,8 @@ EOF
 if [[ $basic_auth == "true" ]]; then
    # vars specific to provisioning added to $extra-vars
    cat << EOF_AUTH >> $extra_vars_file
-NGINX_HTPASSWD_USER: $auth_user
-NGINX_HTPASSWD_PASS: $auth_pass
+COMMON_HTPASSWD_USER: $auth_user
+COMMON_HTPASSWD_PASS: $auth_pass
 XQUEUE_BASIC_AUTH_USER: $auth_user
 XQUEUE_BASIC_AUTH_PASSWORD: $auth_pass
 EOF_AUTH