switch to dev.publik.love domain (#27824)

Download the certifcate chain and adapt nginx configuration. publik.love certificates beeing handled by letsencrypt, we can also get rid of the hacks around request.
2018-11-15 11:24:03 +01:00 · 2018-11-15 11:24:03 +01:00 · fd1148098c
parent f456b0107f
commit fd1148098c
8 changed files with 63 additions and 53 deletions
--- a/group_vars/all
+++ b/group_vars/all
@ -3,73 +3,73 @@ django_version: 1.11.15
 git_ssh: false
 clone_repo: true
 src_dir: "/home/{{user}}/src"
-ssl_certificate: "/etc/ssl/certs/*.local.publik.crt"
-ssl_certificate_key: "/etc/ssl/private/*.local.publik.key"
+ssl_certificate: "{{venv_certs}}/dev.publik.love-fullchain.pem"
+ssl_certificate_key: "{{venv_certs}}/dev.publik.love-privkey.pem"
 venv: "/home/{{user}}/envs/publik-env"
 user: publik
 apps:
  authentic:
    db_name: authentic_multitenant
-    host_pattern: "*-authentic.local.publik"
-    nginx_host_pattern: '~^(.*)\-authentic\.local\.publik$'
+    host_pattern: "*authentic.dev.publik.love"
+    nginx_host_pattern: '~^(.*)authentic\.dev\.publik\.love$'
    project_name: authentic-multitenant
    server_port: 8000
  combo:
    db_name: combo
-    host_pattern: "*-combo.local.publik"
-    nginx_host_pattern: '~^(.*)\-combo\.local\.publik$'
+    host_pattern: "*combo.dev.publik.love"
+    nginx_host_pattern: '~^(.*)combo\.dev\.publik\.love$'
    project_name: combo
    server_port: 8004
  hobo:
    db_name: hobo
-    host_pattern: "*-hobo.local.publik"
-    nginx_host_pattern: '~^(.*)\-hobo\.local\.publik$'
+    host_pattern: "*hobo.dev.publik.love"
+    nginx_host_pattern: '~^(.*)hobo\.dev\.publik\.love$'
    project_name: hobo
    server_port: 8016
  passerelle:
    db_name: passerelle
-    host_pattern: "*-passerelle.local.publik"
-    nginx_host_pattern: '~^(.*)\-passerelle\.local\.publik$'
+    host_pattern: "*passerelle.dev.publik.love"
+    nginx_host_pattern: '~^(.*)passerelle\.dev\.publik\.love$'
    project_name: passerelle
    server_port: 8024
  fargo:
    db_name: fargo
-    host_pattern: "*-fargo.local.publik"
-    nginx_host_pattern: '~^(.*)\-fargo\.local\.publik$'
+    host_pattern: "*fargo.dev.publik.love"
+    nginx_host_pattern: '~^(.*)fargo\.dev\.publik\.love$'
    project_name: fargo
    server_port: 8036
  chrono:
    db_name: chrono
-    host_pattern: "*-chrono.local.publik"
-    nginx_host_pattern: '~^(.*)\-chrono\.local\.publik$'
+    host_pattern: "*chrono.dev.publik.love"
+    nginx_host_pattern: '~^(.*)chrono\.dev\.publik\.love$'
    project_name: chrono
    server_port: 8040
  bijoe:
    db_name: bijoe
-    host_pattern: "*-bijoe.local.publik"
-    nginx_host_pattern: '~^(.*)\-bijoe\.local\.publik$'
+    host_pattern: "*bijoe.dev.publik.love"
+    nginx_host_pattern: '~^(.*)bijoe\.dev\.publik\.love$'
    project_name: bijoe
    server_port: 8048
  wcs:
    db_name: wcs
-    host_pattern: "*-wcs.local.publik"
-    nginx_host_pattern: '~^(.*)\-wcs\.local\.publik$'
+    host_pattern: "*wcs.dev.publik.love"
+    nginx_host_pattern: '~^(.*)wcs\.dev\.publik\.love$'
    project_name: wcs
    server_port: 8032
  welco:
    db_name: welco
-    host_pattern: "*-welco.local.publik"
-    nginx_host_pattern: '~^(.*)\-welco\.local\.publik$'
+    host_pattern: "*welco.dev.publik.love"
+    nginx_host_pattern: '~^(.*)welco\.dev\.publik\.love$'
    project_name: welco
    server_port: 8052
 tenants_conf:
-  connexion-authentic: "connexion-authentic.local.publik"
-  agent-combo: "agent-combo.local.publik"
-  user-combo: "user-combo.local.publik"
-  dev-hobo: "dev-hobo.local.publik"
-  demarches-wcs: "demarches-wcs.local.publik"
-  dev-passerelle: "dev-passerelle.local.publik"
-  dev-fargo: "dev-fargo.local.publik"
-  dev-chrono: "dev-chrono.local.publik"
-  dev-bijoe: "dev-bijoe.local.publik"
-  dev-welco: # disabled by default -- could be "dev-welco.local.publik"
+  connexion-authentic: "authentic.dev.publik.love"
+  agent-combo: "agent-combo.dev.publik.love"
+  user-combo: "combo.dev.publik.love"
+  dev-hobo: "hobo.dev.publik.love"
+  demarches-wcs: "wcs.dev.publik.love"
+  dev-passerelle: "passerelle.dev.publik.love"
+  dev-fargo: "fargo.dev.publik.love"
+  dev-chrono: "chrono.dev.publik.love"
+  dev-bijoe: "bijoe.dev.publik.love"
+  dev-welco: # disabled by default -- could be "welco.dev.publik.love"
--- a/install.yml
+++ b/install.yml
@ -17,6 +17,7 @@
  vars:
    themes_dir: "{{venv}}/themes"
    venv_bin: "{{venv}}/bin"
+    venv_certs: "{{venv}}/certs"
    venv_conf: "{{venv}}/conf"
    venv_pip: "{{venv_bin}}/pip"
    venv_python: "{{venv_bin}}/python"
--- a/roles/app-setup/templates/app-settings-base.j2
+++ b/roles/app-setup/templates/app-settings-base.j2
@ -10,8 +10,6 @@ execfile('{{src_dir}}/hobo/debian/debian_config_common.py')

 THEMES_DIRECTORY = '{{themes_dir}}'

-os.environ['REQUESTS_CA_BUNDLE'] = '/etc/ssl/certs/ca-certificates.crt'
-
 ALLOWED_HOSTS = ['*']

 LOGGING = {
--- a/roles/base/tasks/main.yml
+++ b/roles/base/tasks/main.yml
@ -98,3 +98,24 @@
    src: "{{ src_dir }}/publik-base-theme"
    path: "{{themes_dir}}/publik-base"
    state: link
+
+- name: create cert directory
+  file:
+    path: "{{venv_certs}}"
+    state: directory
+  tags:
+    - tls
+
+- name: Download fullchain.pem
+  get_url:
+    url: https://doc-publik.entrouvert.com/media/certificates/dev.publik.love/fullchain.pem
+    dest: "{{venv_certs}}/dev.publik.love-fullchain.pem"
+  tags:
+    - tls
+
+- name: Download privkey.pem
+  get_url:
+    url: https://doc-publik.entrouvert.com/media/certificates/dev.publik.love/privkey.pem
+    dest: "{{venv_certs}}/dev.publik.love-privkey.pem"
+  tags:
+    - tls
--- a/roles/bijoe/tasks/main.yml
+++ b/roles/bijoe/tasks/main.yml
@ -24,9 +24,3 @@
    src: "{{ src_dir }}/bijoe/debian/import-wcs-data.sh"
    dest:  "{{ venv_bin }}/import-wcs-data.sh"
    mode: u+x
-
- name: import-wcs-data wrapper script
-  template:
-    src: "bijoe-import-wcs-data.j2"
-    dest:  "{{ venv_bin }}/bijoe-import-wcs-data.sh"
-    mode: u+x
--- a/roles/bijoe/templates/bijoe-import-wcs-data.j2
+++ b/roles/bijoe/templates/bijoe-import-wcs-data.j2
@ -1,4 +0,0 @@
-#!/bin/sh
-
-export REQUESTS_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt
-{{ venv_bin}}/import-wcs-data.sh
--- a/roles/hobo-agent/templates/hobo-agent-settings.j2
+++ b/roles/hobo-agent/templates/hobo-agent-settings.j2
@ -12,7 +12,7 @@ AGENT_HOST_PATTERNS = {
 {% filter upper %}{{appkey}}{% endfilter %}_MANAGE_COMMAND = "{{venv_bin}}/{{app['project_name']}}-manage"
 {% filter upper %}{{appkey}}{% endfilter %}_MANAGE_TRY_COMMAND = {% filter upper %}{{appkey}}{% endfilter %}_MANAGE_COMMAND
 {% else %}
-WCS_MANAGE_COMMAND = "REQUESTS_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt {{venv_bin}}/wcsctl.py -f {{venv_conf}}/wcs.cfg"
+WCS_MANAGE_COMMAND = "{{venv_bin}}/wcsctl.py -f {{venv_conf}}/wcs.cfg"
 WCS_MANAGE_TRY_COMMAND = "{{venv_bin}}/wcsctl.py"
 {% endif %}
 {% endfor %}
--- a/tenants-inventory.yml.example
+++ b/tenants-inventory.yml.example
@ -4,14 +4,14 @@ local:
    localhost:
      ansible_connection: local
      tenants_conf:
-        connexion-authentic: "customname-authentic.local.publik"
-        agent-combo: "customname-combo.local.publik"
-        user-combo: "customname-combo.local.publik"
-        dev-hobo: "customname-hobo.local.publik"
-        demarches-wcs: "customname-wcs.local.publik"
-        dev-passerelle: "customname-passerelle.local.publik"
-        dev-fargo: "customname-fargo.local.publik"
-        dev-chrono: "customname-chrono.local.publik"
-        dev-bijoe: "customname-bijoe.local.publik"
-        dev-welco: "customname-welco.local.publik"
+        connexion-authentic: "customname-authentic.dev.publik.love"
+        agent-combo: "customname-agent-combo.dev.publik.love"
+        user-combo: "customname-combo.dev.publik.love"
+        dev-hobo: "customname-hobo.dev.publik.love"
+        demarches-wcs: "customname-wcs.dev.publik.love"
+        dev-passerelle: "customname-passerelle.dev.publik.love"
+        dev-fargo: "customname-fargo.dev.publik.love"
+        dev-chrono: "customname-chrono.dev.publik.love"
+        dev-bijoe: "customname-bijoe.dev.publik.love"
+        dev-welco: "customname-welco.dev.publik.love"