update s3 configuration to use custom credentials s3 backends

ECOM-3778

update s3 configuration to use custom credentials s3 backends
ECOM-3778
79c45d33 · zubair-arbi · f4b47dcd · 79c45d33
Commit 79c45d33 authored Feb 16, 2016 by zubair-arbi
Hide whitespace changes
Inline Side-by-side

Showing with 63 additions and 64 deletions

playbooks/roles/credentials/defaults/main.yml
+63 -64

No files found.
--- a/playbooks/roles/credentials/defaults/main.yml
+++ b/playbooks/roles/credentials/defaults/main.yml
@@ -23,7 +23,7 @@ CREDENTIALS_DEFAULT_DB_NAME: 'credentials'
 CREDENTIALS_MYSQL_HOST: 'localhost'
 # MySQL usernames are limited to 16 characters
 CREDENTIALS_MYSQL_USER: 'credentials001'
-CREDENTIALS_MYSQL_PASSWORD: 'password'
+CREDENTIALS_MYSQL_PASSWORD: 'SET-ME-TO-A-UNIQUE-LONG-RANDOM-STRING'

 CREDENTIALS_DATABASES:
  # rw user
@@ -37,36 +37,25 @@ CREDENTIALS_DATABASES:
    ATOMIC_REQUESTS: true
    CONN_MAX_AGE: 60

-CREDENTIALS_DB_ADMIN_USER: 'root'
-CREDENTIALS_DB_ADMIN_PASSWORD: ''
-CREDENTIALS_MYSQL_MATCHER: '{{ CREDENTIALS_MYSQL_HOST }}'
-
 CREDENTIALS_MEMCACHE: [ 'memcache' ]

 CREDENTIALS_CACHES:
  default:
    BACKEND:  'django.core.cache.backends.memcached.MemcachedCache'
-    KEY_PREFIX: 'default'
+    KEY_PREFIX: '{{ credentials_service_name }}'
    LOCATION: '{{ CREDENTIALS_MEMCACHE }}'

-CREDENTIALS_VERSION: "master"
 CREDENTIALS_DJANGO_SETTINGS_MODULE: "credentials.settings.production"
 CREDENTIALS_URL_ROOT: 'http://credentials:18150'
 CREDENTIALS_OAUTH_URL_ROOT: 'http://127.0.0.1:8000'

-CREDENTIALS_DATA_DIR: '{{ COMMON_DATA_DIR }}/{{ credentials_service_name }}'
-CREDENTIALS_MEDIA_ROOT: '{{ CREDENTIALS_DATA_DIR }}/media'
-CREDENTIALS_MEDIA_URL: '/media/'
-CREDENTIALS_STATIC_ROOT: '{{ CREDENTIALS_DATA_DIR }}/staticfiles'
-CREDENTIALS_STATIC_URL: '/static/'
-
-CREDENTIALS_SECRET_KEY: 'Your secret key here'
+CREDENTIALS_SECRET_KEY: 'SET-ME-TO-A-UNIQUE-LONG-RANDOM-STRING'
 CREDENTIALS_TIME_ZONE: 'UTC'
 CREDENTIALS_LANGUAGE_CODE: 'en_US.UTF-8'

 # Used to automatically configure OAuth2 Client
-CREDENTIALS_SOCIAL_AUTH_EDX_OIDC_KEY : 'credentials-key'
-CREDENTIALS_SOCIAL_AUTH_EDX_OIDC_SECRET : 'credentials-secret'
+CREDENTIALS_SOCIAL_AUTH_EDX_OIDC_KEY: 'SET-ME-TO-A-UNIQUE-LONG-RANDOM-STRING'
+CREDENTIALS_SOCIAL_AUTH_EDX_OIDC_SECRET: 'SET-ME-TO-A-UNIQUE-LONG-RANDOM-STRING'
 CREDENTIALS_SOCIAL_AUTH_REDIRECT_IS_HTTPS: false

 CREDENTIALS_PLATFORM_NAME: 'Your Platform Name Here'
@@ -76,43 +65,80 @@ CREDENTIALS_SERVICE_USER: 'credentials_service_user'

 # Absolute URL used to get programs from the programs service.
 CREDENTIALS_PROGRAMS_API_URL: 'https://127.0.0.1:8004/api/v1/'
-CREDENTIALS_PROGRAMS_API_JWT_AUDIENCE: 'programs-key'
-CREDENTIALS_PROGRAMS_API_JWT_SECRET_KEY: 'programs-secret'
+CREDENTIALS_PROGRAMS_API_JWT_AUDIENCE: 'SET-ME-TO-THE-SAME-AS-PROGRAMS_SOCIAL_AUTH_EDX_OIDC_KEY'
+CREDENTIALS_PROGRAMS_API_JWT_SECRET_KEY: 'SET-ME-TO-THE-SAME-AS-PROGRAMS_SOCIAL_AUTH_EDX_OIDC_SECRET'

 # Absolute URL used to get organization data from the organizations api in LMS
 CREDENTIALS_ORGANIZATIONS_API_URL: 'https://127.0.0.1:8000/api/organizations/v0/'
-CREDENTIALS_ORGANIZATIONS_API_AUDIENCE: 'lms-key'
-CREDENTIALS_ORGANIZATIONS_API_SECRET_KEY: 'lms-secret'
+CREDENTIALS_ORGANIZATIONS_API_AUDIENCE: 'SET-ME-TO-THE-SAME-AS-EDXAPP_JWT_AUDIENCE'
+CREDENTIALS_ORGANIZATIONS_API_SECRET_KEY: 'SET-ME-TO-THE-SAME-AS-EDXAPP_JWT_SECRET_KEY'

 # Absolute URL used to get user data from the user api in LMS
 CREDENTIALS_USER_API_URL: 'https://127.0.0.1:8000/api/user/v1/'
-CREDENTIALS_USER_API_JWT_AUDIENCE: 'lms-key'
-CREDENTIALS_USER_API_JWT_SECRET_KEY: 'lms-secret'
+CREDENTIALS_USER_API_JWT_AUDIENCE: 'SET-ME-TO-THE-SAME-AS-EDXAPP_JWT_AUDIENCE'
+CREDENTIALS_USER_API_JWT_SECRET_KEY: 'SET-ME-TO-THE-SAME-AS-EDXAPP_JWT_SECRET_KEY'

-# Example settings to use Amazon S3 as files storage backend with django storages:
+CREDENTIALS_DATA_DIR: '{{ COMMON_DATA_DIR }}/{{ credentials_service_name }}'
+CREDENTIALS_MEDIA_ROOT: '{{ CREDENTIALS_DATA_DIR }}/media'
+CREDENTIALS_STATIC_ROOT: '{{ CREDENTIALS_DATA_DIR }}/staticfiles'
+CREDENTIALS_MEDIA_URL: '/media/'
+CREDENTIALS_STATIC_URL: '/static/'
+
+# Example settings to use Amazon S3 as a storage backend with django storages:
 # https://django-storages.readthedocs.org/en/latest/backends/amazon-S3.html#amazon-s3
 #
+# CREDENTIALS_BUCKET: mybucket
+# credentials_s3_domain: s3.amazonaws.com
+# CREDENTIALS_MEDIA_ROOT: 'media'
+# CREDENTIALS_STATIC_ROOT: 'static'
+#
 # CREDENTIALS_FILE_STORAGE_BACKEND:
-#  AWS_STORAGE_BUCKET_NAME: mybucket
-#  AWS_CUSTOM_DOMAIN: mybucket.s3.amazonaws.com
-#  AWS_ACCESS_KEY_ID: XXXAWS_ACCESS_KEYXXX
-#  AWS_SECRET_ACCESS_KEY: XXXAWS_SECRETY_KEYXXX
+#  AWS_STORAGE_BUCKET_NAME: '{{ CREDENTIALS_BUCKET }}'
+#  AWS_CUSTOM_DOMAIN: '{{ CREDENTIALS_BUCKET }}.{{ credentials_s3_domain }}'
+#  AWS_ACCESS_KEY_ID: 'XXXAWS_ACCESS_KEYXXX'
+#  AWS_SECRET_ACCESS_KEY: 'XXXAWS_SECRET_KEYXXX'
 #  AWS_QUERYSTRING_AUTH: False
 #  AWS_QUERYSTRING_EXPIRE: False
 #  AWS_DEFAULT_ACL: ''
 #  AWS_HEADERS:
-#    Cache-Control: max-age-31536000
-#    Access-Control-Allow-Origin: PUT YOUR HOSTNAME HERE
+#    Access-Control-Allow-Origin: 'PUT-YOUR-HOSTNAME-HERE'
 #
-#  COMPRESS_URL: 'https://mybucket.s3.amazonaws.com/'
-#  STATIC_URL: 'https://mybucket.s3.amazonaws.com/'
-#  COMPRESS_ROOT: {{ CREDENTIALS_STATIC_ROOT }}
-#  COMPRESS_STORAGE: storages.backends.s3boto.S3BotoStorage
-#  STATICFILES_STORAGE: storages.backends.s3boto.S3BotoStorage
-#  DEFAULT_FILE_STORAGE: storages.backends.s3boto.S3BotoStorage
+#  MEDIA_ROOT: '{{ CREDENTIALS_MEDIA_ROOT }}'
+#  STATIC_ROOT: '{{ CREDENTIALS_STATIC_ROOT }}'
+#  MEDIA_URL:    'https://{{ CREDENTIALS_BUCKET }}.{{ credentials_s3_domain }}{{ CREDENTIALS_MEDIA_URL }}'
+#  STATIC_URL:   'https://{{ CREDENTIALS_BUCKET }}.{{ credentials_s3_domain }}{{ CREDENTIALS_STATIC_URL }}'
+#
+#  COMPRESS_STORAGE: 'credentials.apps.core.s3utils.StaticS3BotoStorage'
+#  STATICFILES_STORAGE:  'credentials.apps.core.s3utils.StaticS3BotoStorage'
+#  DEFAULT_FILE_STORAGE: 'credentials.apps.core.s3utils.MediaS3BotoStorage'

 CREDENTIALS_FILE_STORAGE_BACKEND:
-  DEFAULT_FILE_STORAGE: 'django.core.files.storage.DefaultStorage'
+  MEDIA_ROOT: '{{ CREDENTIALS_MEDIA_ROOT }}'
+  STATIC_ROOT: '{{ CREDENTIALS_STATIC_ROOT }}'
+  MEDIA_URL: '{{ CREDENTIALS_MEDIA_URL }}'
+  STATIC_URL: '{{ CREDENTIALS_STATIC_URL }}'
+  DEFAULT_FILE_STORAGE: 'django.core.files.storage.FileSystemStorage'
+
+CREDENTIALS_VERSION: "master"
+CREDENTIALS_REPOS:
+  - PROTOCOL: "{{ COMMON_GIT_PROTOCOL }}"
+    DOMAIN: "{{ COMMON_GIT_MIRROR }}"
+    PATH: "{{ COMMON_GIT_PATH }}"
+    REPO: credentials.git
+    VERSION: "{{ CREDENTIALS_VERSION }}"
+    DESTINATION: "{{ credentials_code_dir }}"
+    SSH_KEY: "{{ CREDENTIALS_GIT_IDENTITY }}"
+
+
+CREDENTIALS_GUNICORN_WORKERS: "2"
+CREDENTIALS_GUNICORN_EXTRA: ""
+CREDENTIALS_GUNICORN_EXTRA_CONF: ""
+CREDENTIALS_GUNICORN_WORKER_CLASS: "gevent"
+
+CREDENTIALS_HOSTNAME: '~^((stage|prod)-)?credentials.*'
+
+NGINX_CREDENTIALS_GUNICORN_HOSTS:
+  - 127.0.0.1

 CREDENTIALS_SERVICE_CONFIG:
  SECRET_KEY: '{{ CREDENTIALS_SECRET_KEY }}'
@@ -126,11 +152,6 @@ CREDENTIALS_SERVICE_CONFIG:
  SOCIAL_AUTH_EDX_OIDC_URL_ROOT: '{{ CREDENTIALS_OAUTH_URL_ROOT }}/oauth2'
  SOCIAL_AUTH_REDIRECT_IS_HTTPS: '{{ CREDENTIALS_SOCIAL_AUTH_REDIRECT_IS_HTTPS }}'

-  MEDIA_ROOT: '{{ CREDENTIALS_MEDIA_ROOT }}'
-  MEDIA_URL: '{{ CREDENTIALS_MEDIA_URL }}'
-  STATIC_ROOT: '{{ CREDENTIALS_STATIC_ROOT }}'
-  STATIC_URL: '{{ CREDENTIALS_STATIC_URL }}'
-
  # db config
  DATABASE_OPTIONS:
    connect_timeout: 10
@@ -160,31 +181,10 @@ CREDENTIALS_SERVICE_CONFIG:
  USER_JWT_AUDIENCE: '{{ CREDENTIALS_USER_API_JWT_AUDIENCE }}'
  USER_JWT_SECRET_KEY: '{{ CREDENTIALS_USER_API_JWT_SECRET_KEY }}'

-
-CREDENTIALS_REPOS:
-  - PROTOCOL: "{{ COMMON_GIT_PROTOCOL }}"
-    DOMAIN: "{{ COMMON_GIT_MIRROR }}"
-    PATH: "{{ COMMON_GIT_PATH }}"
-    REPO: credentials.git
-    VERSION: "{{ CREDENTIALS_VERSION }}"
-    DESTINATION: "{{ credentials_code_dir }}"
-    SSH_KEY: "{{ CREDENTIALS_GIT_IDENTITY }}"
-
-
-CREDENTIALS_GUNICORN_WORKERS: "2"
-CREDENTIALS_GUNICORN_EXTRA: ""
-CREDENTIALS_GUNICORN_EXTRA_CONF: ""
-CREDENTIALS_GUNICORN_WORKER_CLASS: "gevent"
-
-CREDENTIALS_HOSTNAME: '~^((stage|prod)-)?credentials.*'
-
-NGINX_CREDENTIALS_GUNICORN_HOSTS:
-  - 127.0.0.1
-
 #
 # vars are namespace with the module name.
 #
-credentials_role_name: credentials
+credentials_service_name: "credentials"
 credentials_venv_dir: "{{ credentials_home }}/venvs/{{ credentials_service_name }}"

 credentials_migration_environment:
@@ -194,7 +194,6 @@ credentials_migration_environment:
  DB_MIGRATION_USER: "{{ COMMON_MYSQL_MIGRATE_USER }}"
  DB_MIGRATION_PASS: "{{ COMMON_MYSQL_MIGRATE_PASS }}"

-credentials_service_name: "{{ credentials_role_name }}"
 credentials_user: "{{ credentials_service_name }}"
 credentials_home: "{{ COMMON_APP_DIR }}/{{ credentials_service_name }}"
 credentials_code_dir: "{{ credentials_home }}/{{ credentials_service_name }}"