Allow for a list of users that have credentials.

Leaving the old vars here for compatibilty. They can be removed at some future time.

Allow for a list of users that have credentials.
Leaving the old vars here for compatibilty. They can be removed at some future time.
35014431 · Feanil Patel · c80bb060 · 35014431 · 35014431 · c80bb060
Commit 35014431 authored Mar 06, 2017 by Feanil Patel
Hide whitespace changes
Inline Side-by-side

Showing with 34 additions and 36 deletions

playbooks/roles/go-server/defaults/main.yml
+8 -0

playbooks/roles/go-server/tasks/main.yml
+26 -33

playbooks/roles/go-server/templates/edx/app/go-server/password.txt.j2
+0 -3

No files found.
--- a/playbooks/roles/go-server/defaults/main.yml
+++ b/playbooks/roles/go-server/defaults/main.yml
@@ -53,6 +53,14 @@ GO_SERVER_BACKUP_PASSWORD: ""
 GO_SERVER_GOMATIC_USERNAME: ""
 GO_SERVER_GOMATIC_PASSWORD: ""

+GO_SERVER_USERS:
+    - username: "{{ GO_SERVER_ADMIN_USERNAME }}"
+      password: "{{ GO_SERVER_ADMIN_PASSWORD }}"
+    - username: "{{ GO_SERVER_BACKUP_USERNAME }}"
+      password: "{{ GO_SERVER_BACKUP_PASSWORD }}"
+    - username: "{{ GO_SERVER_GOMATIC_USERNAME }}"
+      password: "{{ GO_SERVER_GOMATIC_PASSWORD }}"
+
 # go-server network settings
 GO_SERVER_PORT: 8153
 GO_SERVER_SECURE_PORT: 8154

--- a/playbooks/roles/go-server/tasks/main.yml
+++ b/playbooks/roles/go-server/tasks/main.yml
@@ -74,31 +74,6 @@
    - { url: "{{ GO_SERVER_OAUTH_LOGIN_JAR_URL }}", md5: "{{ GO_SERVER_OAUTH_LOGIN_MD5 }}" }
    - { url: "{{ GO_SERVER_GITHUB_PR_PLUGIN_JAR_URL }}", md5: "{{ GO_SERVER_GITHUB_PR_PLUGIN_MD5 }}" }

- name: generate line for go-server password file for admin user
-  command: "/usr/bin/htpasswd -nbs \"{{ GO_SERVER_ADMIN_USERNAME }}\" \"{{ GO_SERVER_ADMIN_PASSWORD }}\""
-  register: admin_user_password_line
-  when: GO_SERVER_ADMIN_USERNAME and GO_SERVER_ADMIN_PASSWORD
-
- name: generate line for go-server password file for backup user
-  command: "/usr/bin/htpasswd -nbs \"{{ GO_SERVER_BACKUP_USERNAME }}\" \"{{ GO_SERVER_BACKUP_PASSWORD }}\""
-  register: backup_user_password_line
-  when: GO_SERVER_BACKUP_USERNAME and GO_SERVER_BACKUP_PASSWORD
-
- name: generate line for go-server password file for gomatic user
-  command: "/usr/bin/htpasswd -nbs \"{{ GO_SERVER_GOMATIC_USERNAME }}\" \"{{ GO_SERVER_GOMATIC_PASSWORD }}\""
-  register: gomatic_user_password_line
-  when: GO_SERVER_GOMATIC_USERNAME and GO_SERVER_GOMATIC_PASSWORD
-
- name: setup password file
-  template:
-    src: edx/app/go-server/password.txt.j2
-    dest: "{{ GO_SERVER_CONF_HOME }}/{{ GO_SERVER_PASSWORD_FILE_NAME }}"
-    mode: 0600
-    owner: "{{ GO_SERVER_USER }}"
-    group: "{{ GO_SERVER_GROUP }}"
-    force: no
-  when: GO_SERVER_ADMIN_PASSWORD and GO_SERVER_BACKUP_PASSWORD and GO_SERVER_GOMATIC_PASSWORD
-
 - name: install go-server configuration
  template:
    src: edx/app/go-server/cruise-config.xml.j2
@@ -111,16 +86,34 @@
 - include: download_backup.yml
  when: GO_SERVER_BACKUP_S3_BUCKET and GO_SERVER_BACKUP_S3_OBJECT and GO_SERVER_RESTORE_BACKUP

- name: replace the password lines in the password file post-restore
+- name: generate lines for go-server password file for users
+  command: "/usr/bin/htpasswd -nbs '{{ item.username }}' '{{ item.password }}'"
+  with_items: "{{ GO_SERVER_USERS }}"
+  when: item.username and item.password
+  register: go_server_users_htpasswds
+  tags:
+    - install
+    - install:app-configuration
+
+- debug: var=go_server_users_htpasswds
+  tags:
+    - install
+    - install:app-configuration
+
+- name: replace the password lines in the password file
  lineinfile:
    dest: "{{ GO_SERVER_CONF_HOME }}/{{ GO_SERVER_PASSWORD_FILE_NAME }}"
-    regexp: "^{{ item.username }}"
-    line: "{{ item.password_hash.stdout }}"
-  with_items:
-    - { username: "{{ GO_SERVER_ADMIN_USERNAME }}", password: "{{ GO_SERVER_ADMIN_PASSWORD }}", password_hash: "{{ admin_user_password_line }}" }
-    - { username: "{{ GO_SERVER_BACKUP_USERNAME }}", password: "{{ GO_SERVER_BACKUP_PASSWORD }}", password_hash: "{{ backup_user_password_line }}" }
-    - { username: "{{ GO_SERVER_GOMATIC_USERNAME }}", password: "{{ GO_SERVER_GOMATIC_PASSWORD }}", password_hash: "{{ gomatic_user_password_line }}" }
-  when: item.username and item.password and item.password_hash
+    regexp: "^{{ item.item.username }}"
+    line: "{{ item.stdout }}"
+    create: yes
+    mode: "0600"
+    owner: "{{ GO_SERVER_USER }}"
+    group: "{{ GO_SERVER_GROUP }}"
+  with_items: "{{ go_server_users_htpasswds.results }}"
+  when: item.item.username and item.item.password and item.stdout
+  tags:
+    - install
+    - install:app-configuration

 - name: install ssh key for the secure repos
  copy:

--- a/playbooks/roles/go-server/templates/edx/app/go-server/password.txt.j2
+++ b/playbooks/roles/go-server/templates/edx/app/go-server/password.txt.j2
-{{ admin_user_password_line.stdout }}
-{{ backup_user_password_line.stdout }}
-{{ gomatic_user_password_line.stdout }}