repoapi/repoapi/settings/prod.py

149 lines
5.0 KiB

# Copyright (C) 2015-2022 The Sipwise Team - http://sipwise.com
#
# This program is free software: you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by the Free
# Software Foundation, either version 3 of the License, or (at your option)
# any later version.
#
# This program is distributed in the hope that it will be useful, but WITHOUT
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
# more details.
#
# You should have received a copy of the GNU General Public License along
# with this program. If not, see <http://www.gnu.org/licenses/>.
#
# Build paths inside the project like this: join(BASE_DIR, ...)
import os
from configparser import RawConfigParser
from functools import reduce
from pathlib import Path
from urllib.parse import urlparse
import ldap
from celery.schedules import crontab
from django_auth_ldap.config import LDAPGroupQuery
from django_auth_ldap.config import LDAPSearch
from django_auth_ldap.config import PosixGroupType
from .common import * # noqa
# pylint: disable=W0401,W0614
# Build paths inside the project like this: BASE_DIR / 'subdir'.
BASE_DIR = Path(__file__).resolve(strict=True).parent.parent.parent
VAR_DIR = Path("/var/lib/repoapi")
if not VAR_DIR.exists():
VAR_DIR = BASE_DIR
# Quick-start development settings - unsuitable for production
# See https://docs.djangoproject.com/en/1.8/howto/deployment/checklist/
# SECURITY WARNING: keep the secret key used in production secret!
# read it from external file
SECRET_KEY = (VAR_DIR / ".secret_key").read_text().strip()
# SECURITY WARNING: don't run with debug turned on in production!
DEBUG = False
ALLOWED_HOSTS = [".mgm.sipwise.com"]
LOGGING["loggers"]["repoapi"]["level"] = os.getenv( # noqa
"DJANGO_LOG_LEVEL", "INFO"
) # noqa
server_config = RawConfigParser()
server_config.read(VAR_DIR / "server.ini")
JENKINS_URL = server_config.get("jenkins", "URL")
JENKINS_HTTP_USER = server_config.get("jenkins", "HTTP_USER")
JENKINS_HTTP_PASSWD = server_config.get("jenkins", "HTTP_PASSWD")
GERRIT_URL = server_config.get("gerrit", "URL")
GERRIT_REST_HTTP_USER = server_config.get("gerrit", "HTTP_USER")
GERRIT_REST_HTTP_PASSWD = server_config.get("gerrit", "HTTP_PASSWD")
DOCKER_REGISTRY_URL = server_config.get("server", "DOCKER_REGISTRY_URL")
AUTH_LDAP_SERVER_URI = server_config.get("server", "AUTH_LDAP_SERVER_URI")
AUTH_LDAP_USER_BASE = server_config.get("server", "AUTH_LDAP_USER_BASE")
AUTH_LDAP_GROUP_BASE = server_config.get("server", "AUTH_LDAP_GROUP_BASE")
AUTH_LDAP_REQUIRE_GROUP_LIST = server_config.get(
"server", "AUTH_LDAP_REQUIRE_GROUP_LIST"
).split(",")
require_grp_list_size = len(AUTH_LDAP_REQUIRE_GROUP_LIST)
AUTH_LDAP_USER_DN_TEMPLATE = "uid=%(user)s," + AUTH_LDAP_USER_BASE
AUTH_LDAP_GROUP_SEARCH = LDAPSearch(
AUTH_LDAP_GROUP_BASE, ldap.SCOPE_SUBTREE, "(objectClass=posixGroup)"
)
AUTH_LDAP_GROUP_TYPE = PosixGroupType()
if require_grp_list_size > 1:
AUTH_LDAP_REQUIRE_GROUP = reduce(
lambda x, y: LDAPGroupQuery(f"cn={x},{AUTH_LDAP_GROUP_BASE}")
| LDAPGroupQuery(f"cn={y},{AUTH_LDAP_GROUP_BASE}"),
AUTH_LDAP_REQUIRE_GROUP_LIST,
)
elif require_grp_list_size == 1:
for x in AUTH_LDAP_REQUIRE_GROUP_LIST:
AUTH_LDAP_REQUIRE_GROUP = LDAPGroupQuery(
f"cn={x},{AUTH_LDAP_GROUP_BASE}"
)
BUILD_POOL = server_config.getint("server", "BUILD_POOL")
# Keep ModelBackend around for per-user permissions and maybe a local
# superuser.
AUTHENTICATION_BACKENDS = (
"django_auth_ldap.backend.LDAPBackend",
"django.contrib.auth.backends.ModelBackend",
)
# Database
# https://docs.djangoproject.com/en/1.8/ref/settings/#databases
DATABASES = {
"default": {
"ENGINE": "django.db.backends.postgresql_psycopg2",
"NAME": server_config.get("server", "DB_NAME"),
"USER": server_config.get("server", "DB_USER"),
"PASSWORD": server_config.get("server", "DB_PWD"),
"HOST": "localhost",
"PORT": "",
}
}
STATICFILES_STORAGE = (
"django.contrib.staticfiles.storage.ManifestStaticFilesStorage"
)
GITWEB_URL = "https://git.mgm.sipwise.com/gitweb/?p={}.git;a=commit;h={}"
WORKFRONT_CREDENTIALS = BASE_DIR / "/etc/jenkins_jobs/workfront.ini"
WORKFRONT_NOTE = True
# build app
BUILD_REPOS_SCRIPTS_CONFIG_DIR = Path(
"/usr/share/sipwise-repos-scripts/config"
)
# celery
CELERY_BROKER_URL = server_config.get("server", "BROKER_URL")
CELERY_BEAT_SCHEDULE = {
# Executes every Sunday morning at 7:30 A.M
"purge-trunk": {
"task": "repoapi.tasks.jbi_purge",
"schedule": crontab(hour=7, minute=30, day_of_week="sunday"),
"args": ("none", 4),
},
"purge-none": {
"task": "repoapi.tasks.jbi_purge",
"schedule": crontab(hour=7, minute=30, day_of_week="sunday"),
"args": (None, 1),
},
}
CELERY_TIMEZONE = "UTC"
JBI_BASEDIR = VAR_DIR / "jbi_files"
JBI_ARTIFACT_JOBS = [
"release-tools-runner",
]
JBI_ALLOWED_HOSTS = [urlparse(JENKINS_URL).netloc]