Per #4167 a reasonable CSP was put in place, but unfortunately this
broke WebSockets support in Safari.
This is a quick fix to return support immediately. A more secure
implemetation would be beneficial in the longer term, however.
ideally we'd improve this over time to remove the `unsafe-inline` lines,
but we can't due that today because Angular1 makes use of a lot of
inline <script> and <style> tag generation
see: https://github.com/ansible/awx/issues/2056
Prior to this change, password having shell interpretable character
would break the installer (e.g '&', '(', etc... )
This commits rely on the `quote` filter from ansible to ensure those
password are properly quoted where it applies
Fixes: https://github.com/ansible/awx/issues/3943
Signed-off-by: Yanis Guenane <yguenane@redhat.com>
If password contains ';' (and potentially any shell interpretable chars)
it won't be interpreted properly as the openshift password.
Signed-off-by: Yanis Guenane <yguenane@redhat.com>
This commit does a few things:
- Add the `--squash` option to the `awx-devel-build` make target. This reduces the resulting image size from 2.12 GB to 1.37 GB. I think we can get this down even more by inspecting the image contents.
- Reorganize commands so that the cache expires less often. Before this commit, any changes to the Makefile would essentially cause the entire image to rebuild.
- Break yum dependencies up into multiple lines. This makes it easier to see what changes in a diff.
- Use `n` to install our required version of node (rather `curl node | bash`). I’ve found this to be easier to maintain / more portable when working with other Dockerfiles.
- General organizational changes to make things easier to parse visually.
Installing the latest python36-setuptools automatically creates the symlink from python3 -> python3.6 and from python36 -> /usr/bin/python3.6. Building the images fails when the symlink is created explicitly in the AWX installer.
Signed-off-by: Uriel Mandujano <uriel.mandujano14@gmail.com>
HTTPS is, by default, expected to be on port 443.
Also, with HSTS set, we need to be sure that users attempting to arrive
via HTTP are properly redirected to HTTPS.
This does so by:
* Setting up a 301 redirect for any URL to its HTTPS version
* Adjusting the internal port for HTTPS traffic to 8053
* Setting docker-compose to share port 443 → 8053
- This is configurable via an inventory variable
In #3322, this mount was added, but only to the standalone
Docker install setup:
github.com/ansible/awx/pull/3322/files#diff-596e32ab54a52bfed763f8a639499fe0
This ensures that the SSL cert is loaded when using docker-compose,
which is the only Docker-based method available as of v4.0.0
When docker-compose become the sole method for using
Docker directly, some of this was shifted around in ways that
are inconsistent with other elements.
This adjusts it so that:
* The inventory variable default is set like the others, and
is less confusing
* We no longer mention the Standalone Docker in inventory
* We format our INSTALL docs w/r/t this var
Daphne has a default timeout of 86400 seconds, so after 1 day of starting
awx_web container, the stdout stops refreshing automatically on the web UI.
This fixes this issue by making the timeout infinite, so the connection
between nginx and daphne's websocket never closes.
Jose OrPa
Ryan Petrello
Gabriel Totusek
Gabriel Totusek
Jorge Machado
Scholl III, Michael G
Ashley Nelson
Jeff Byrnes
Ashley Nelson
aubrel
Marcelo Mello
softwarefactory-project-zuul[bot]
Anand kumar
Shane McDonald
Yanis Guenane
itdependsnetworks
Bill Nottingham
Uriel Mandujano
Felipe Alencastro
Bruno Thomsen
Markus Opahle
walkafwalka
Klaas Demter