move from svn to this git repo

roles/awx/files/HouseKeeping.sh

@@ -0,0 +1,74 @@
+#!/bin/sh
+#
+# This script will clean up a directory from old files.
+#
+# Options:
+# -d <directory>
+# -t <time in days to keep files>
+# -p <pattern to search>
+# -v ==> VERBOSE
+#
+usage()
+{
+	echo "Usage: `basename $0`: -d <dir> -t <time> -p <pattern> -v"
+	echo "Options:"
+	echo "-d <directory to search>"
+	echo "-t <files older than x days>"
+	echo "-p <search pattern>"
+	echo "-v ==> Verbose flag"
+	echo ""
+	echo "A script to cleanup a directory"
+	exit 0
+}
+
+WORKFILE=/tmp/`basename $0`.$$
+VERBOSE=0
+#
+while getopts d:t:p:v OPT
+do
+	case ${OPT} in
+		d) 
+			DIR=${OPTARG}
+		;;
+		p)
+			PATTERN=${OPTARG}
+		;;
+		t)
+			TIME_KEEP=${OPTARG}
+		;;
+		v)
+			VERBOSE=1
+		;;
+		\?)
+			usage
+		;;
+	esac
+done
+
+if [ -z "${DIR}" ] ; then
+	echo "Must specify a directory, aborting..."
+	usage
+fi
+
+if [ ! -d "${DIR}" ] ; then
+	echo "Directory ${DIR} does not exist, aborting ..."
+	exit 1
+fi
+
+if [ -z "${PATTERN}" ] ; then
+	echo "Must specify a pattern to search, aborting..."
+	usage
+fi
+
+if [ ! -z "${TIME_KEEP}" ] ; then
+	MTIME="-mtime +${TIME_KEEP}"
+fi
+
+if [ ${VERBOSE} -eq 0 ] ; then
+	PRINT=""
+else
+	PRINT="-print"
+fi
+
+find ${DIR} -name "${PATTERN}" -type f ${MTIME} ${PRINT} -exec rm -f {} \;
+

roles/awx/files/local_settings.py

@@ -0,0 +1,51 @@
+# Copyright (c) 2015 Ansible, Inc. (formerly AnsibleWorks, Inc.)
+# All Rights Reserved.
+
+# Local Django settings for AWX project.  Rename to "local_settings.py" and
+# edit as needed for your development environment.
+
+# All variables defined in awx/settings/development.py will already be loaded
+# into the global namespace before this file is loaded, to allow for reading
+# and updating the default settings as needed.
+
+###############################################################################
+# MISC PROJECT SETTINGS
+###############################################################################
+
+# Enable the following lines and install the browser extension to use Django debug toolbar
+# if your deployment method is not VMWare of Docker-for-Mac you may
+# need a different IP address from request.META['REMOTE_ADDR']
+# INTERNAL_IPS = ('172.19.0.1', '172.18.0.1', '192.168.100.1')
+# ALLOWED_HOSTS = ['*']
+
+# Location for cross-development of inventory plugins
+AWX_ANSIBLE_COLLECTIONS_PATHS = '/var/lib/awx/vendor/awx_ansible_collections'
+
+# The UUID of the system, for HA.
+SYSTEM_UUID = '00000000-0000-0000-0000-000000000000'
+
+# If set, use -vvv for project updates instead of -v for more output.
+# PROJECT_UPDATE_VVV=True
+
+###############################################################################
+# LOGGING SETTINGS
+###############################################################################
+
+# Enable logging to syslog. Setting level to ERROR captures 500 errors,
+# WARNING also logs 4xx responses.
+
+# Enable the following lines to turn on lots of permissions-related logging.
+#LOGGING['loggers']['awx.main.access']['level'] = 'DEBUG'
+#LOGGING['loggers']['awx.main.signals']['level'] = 'DEBUG'
+#LOGGING['loggers']['awx.main.permissions']['level'] = 'DEBUG'
+
+# Enable the following line to turn on database settings logging.
+#LOGGING['loggers']['awx.conf']['level'] = 'DEBUG'
+
+# Enable the following lines to turn on LDAP auth logging.
+#LOGGING['loggers']['django_auth_ldap']['handlers'] = ['console']
+#LOGGING['loggers']['django_auth_ldap']['level'] = 'DEBUG'
+
+BROADCAST_WEBSOCKET_PORT = 8013
+BROADCAST_WEBSOCKET_VERIFY_CERT = False
+BROADCAST_WEBSOCKET_PROTOCOL = 'http'

roles/awx/files/nginx.conf

@@ -0,0 +1,31 @@
+worker_processes  1;
+
+error_log  /var/log/nginx/error.log warn;
+pid        /var/run/nginx.pid;
+
+events {
+    worker_connections  1024;
+}
+
+http {
+    include       /etc/nginx/mime.types;
+    default_type  application/octet-stream;
+    server_tokens off;
+
+    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
+                      '$status $body_bytes_sent "$http_referer" '
+                      '"$http_user_agent" "$http_x_forwarded_for"';
+
+    access_log  /var/log/nginx/access.log  main;
+
+    map $http_upgrade $connection_upgrade {
+        default upgrade;
+        ''      close;
+    }
+
+    sendfile        on;
+    #tcp_nopush     on;
+    #gzip  on;
+
+    include /etc/nginx/conf.d/*.conf;
+}

roles/awx/files/nginx.vh.default.conf

@@ -0,0 +1,122 @@
+upstream uwsgi {
+    server localhost:8050;
+}
+
+upstream daphne {
+    server localhost:8051;
+}
+
+# server {
+#     listen 8013 default_server;
+#     listen [::]:8013 default_server;
+#     server_name _;
+#     return 301 https://$host:8043$request_uri;
+# }
+
+server {
+    listen 8013 default_server;
+
+    # If you have a domain name, this is where to add it
+    server_name _;
+    keepalive_timeout 65;
+
+    # HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
+    add_header Strict-Transport-Security max-age=15768000;
+
+    location /static/ {
+        root /awx_devel;
+        try_files /awx/ui/$uri /awx/$uri /awx/public/$uri =404;
+        access_log off;
+        sendfile off;
+    }
+
+    location ~ ^/websocket {
+        # Pass request to the upstream alias
+        proxy_pass http://daphne;
+        # Require http version 1.1 to allow for upgrade requests
+        proxy_http_version 1.1;
+        # We want proxy_buffering off for proxying to websockets.
+        proxy_buffering off;
+        # http://en.wikipedia.org/wiki/X-Forwarded-For
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        # enable this if you use HTTPS:
+        proxy_set_header X-Forwarded-Proto https;
+        # pass the Host: header from the client for the sake of redirects
+        proxy_set_header Host $http_host;
+        # We've set the Host header, so we don't need Nginx to muddle
+        # about with redirects
+        proxy_redirect off;
+        # Depending on the request value, set the Upgrade and
+        # connection headers
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection $connection_upgrade;
+    }
+
+    location / {
+        # Add trailing / if missing
+        rewrite ^(.*[^/])$ $1/ permanent;
+        uwsgi_read_timeout 120s;
+        uwsgi_pass uwsgi;
+        include /etc/nginx/uwsgi_params;
+    }
+}
+
+server {
+    listen 8043 default_server ssl;
+
+    # If you have a domain name, this is where to add it
+    server_name _;
+    keepalive_timeout 65;
+
+    ssl_certificate /etc/nginx/nginx.crt;
+    ssl_certificate_key /etc/nginx/nginx.key;
+
+    ssl_session_timeout 1d;
+    ssl_session_cache shared:SSL:50m;
+    ssl_session_tickets off;
+
+    # intermediate configuration. tweak to your needs.
+    ssl_protocols TLSv1.2;
+    ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
+    ssl_prefer_server_ciphers on;
+
+    # HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
+    add_header Strict-Transport-Security max-age=15768000;
+
+    location /static/ {
+        root /awx_devel;
+        try_files /awx/ui/$uri /awx/$uri /awx/public/$uri =404;
+        access_log off;
+        sendfile off;
+    }
+
+    location ~ ^/websocket {
+        # Pass request to the upstream alias
+        proxy_pass http://daphne;
+        # Require http version 1.1 to allow for upgrade requests
+        proxy_http_version 1.1;
+        # We want proxy_buffering off for proxying to websockets.
+        proxy_buffering off;
+        # http://en.wikipedia.org/wiki/X-Forwarded-For
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        # enable this if you use HTTPS:
+        proxy_set_header X-Forwarded-Proto https;
+        # pass the Host: header from the client for the sake of redirects
+        proxy_set_header Host $http_host;
+        # We've set the Host header, so we don't need Nginx to muddle
+        # about with redirects
+        proxy_redirect off;
+        # Depending on the request value, set the Upgrade and
+        # connection headers
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection $connection_upgrade;
+    }
+
+    location / {
+        # Add trailing / if missing
+        rewrite ^(.*[^/])$ $1/ permanent;
+        uwsgi_read_timeout 120s;
+        uwsgi_pass uwsgi;
+        include /etc/nginx/uwsgi_params;
+    }
+}

roles/awx/files/receptor.conf

@@ -0,0 +1,28 @@
+---
+- log-level: info
+
+- control-service:
+    service: control
+    filename: /var/run/receptor/receptor.sock
+
+- local-only:
+
+- work-command:
+    worktype: local
+    command: ansible-runner
+    params: worker
+    allowruntimeparams: true
+
+- work-kubernetes:
+    worktype: kubernetes-runtime-auth
+    authmethod: runtime
+    allowruntimeauth: true
+    allowruntimepod: true
+    allowruntimeparams: true
+
+- work-kubernetes:
+    worktype: kubernetes-incluster-auth
+    authmethod: incluster
+    allowruntimeauth: true
+    allowruntimepod: true
+    allowruntimeparams: true

roles/awx/files/redis.conf

@@ -0,0 +1,10 @@
+unixsocket /var/run/redis/redis.sock
+unixsocketperm 770
+port 0
+# Do not actually listen to any tcp port
+# but include the bind directive because without it redis will
+# listen on the public interface. Port 0 causes it to NOT listen on
+# the public interface. Adding the below line is an extra precaution.
+# If a developer comes by later and wants to listen on a tcp port and changes
+# the above port, it will ONLY listen on the local interface.
+bind 127.0.0.1

roles/awx/files/supervisor.conf

@@ -0,0 +1,115 @@
+[supervisord]
+umask = 022
+minfds = 4096
+nodaemon=true
+
+[program:awx-dispatcher]
+command = make dispatcher
+autostart = true
+autorestart = true
+stopwaitsecs = 1
+stopsignal=KILL
+stopasgroup=true
+killasgroup=true
+redirect_stderr=true
+stdout_events_enabled = true
+stderr_events_enabled = true
+
+
+[program:awx-receiver]
+command = make receiver
+autostart = true
+autorestart = true
+stopwaitsecs = 1
+stopsignal=KILL
+stopasgroup=true
+killasgroup=true
+redirect_stderr=true
+stdout_events_enabled = true
+stderr_events_enabled = true
+
+[program:awx-wsbroadcast]
+command = make wsbroadcast
+autostart = true
+autorestart = true
+stopwaitsecs = 1
+stopsignal=KILL
+stopasgroup=true
+killasgroup=true
+redirect_stderr=true
+stdout_events_enabled = true
+stderr_events_enabled = true
+
+[program:awx-uwsgi]
+command = make uwsgi
+autostart = true
+autorestart = true
+redirect_stderr=true
+stopwaitsecs = 1
+stopsignal=KILL
+stopasgroup=true
+killasgroup=true
+stdout_events_enabled = true
+stderr_events_enabled = true
+
+[program:awx-daphne]
+command = make daphne
+autostart = true
+autorestart = true
+redirect_stderr=true
+stopwaitsecs = 1
+stopsignal=KILL
+stopasgroup=true
+killasgroup=true
+stdout_events_enabled = true
+stderr_events_enabled = true
+
+[program:awx-nginx]
+command = make nginx
+autostart = true
+autorestart = true
+redirect_stderr=true
+stdout_events_enabled = true
+stderr_events_enabled = true
+
+[program:awx-rsyslogd]
+command = rsyslogd -n -i /var/run/awx-rsyslog/rsyslog.pid -f /var/lib/awx/rsyslog/rsyslog.conf
+autostart = true
+autorestart = true
+stopwaitsecs = 5
+stopsignal=TERM
+stopasgroup=true
+killasgroup=true
+redirect_stderr=true
+stdout_events_enabled = true
+stderr_events_enabled = true
+
+[program:awx-receptor]
+command = receptor --config /etc/receptor/receptor.conf
+autostart = true
+autorestart = true
+stopsignal = KILL
+stopasgroup = true
+killasgroup = true
+redirect_stderr=true
+stdout_events_enabled = true
+stderr_events_enabled = true
+
+[group:tower-processes]
+programs=awx-dispatcher,awx-receiver,awx-uwsgi,awx-daphne,awx-nginx,awx-wsbroadcast,awx-rsyslogd
+priority=5
+
+[unix_http_server]
+file=/var/run/supervisor/supervisor.sock
+
+[supervisorctl]
+serverurl=unix:///var/run/supervisor/supervisor.sock ; use a unix:// URL  for a unix socket
+
+[rpcinterface:supervisor]
+supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
+
+[eventlistener:stdout]
+command = supervisor_stdout
+buffer_size = 100
+events = PROCESS_LOG
+result_handler = supervisor_stdout:event_handler