diff --git a/deploy/README.md b/deploy/README.md index 5dc24c00..c9a3ce7c 100644 --- a/deploy/README.md +++ b/deploy/README.md @@ -79,8 +79,8 @@ Note: If you used a different profile name you will need to set the `AWS_PROFILE ## Updating Django Settings The Django settings are configured using the `deploy/roles/connect/templates/docker.env.j2` file. The plain text -settings values are in the `deploy/roles/connect/vars/main.yml` file. Secrets are stored in the Ansible vault file -`deploy/vault.yml`. +settings values are in the `deploy/roles/connect/vars/main.yml` file. Secrets are stored in the 1Password under the +`Ansible Secrets` entry. To update the Django settings: diff --git a/deploy/play.yml b/deploy/play.yml index a232cd2d..e19c7e5d 100644 --- a/deploy/play.yml +++ b/deploy/play.yml @@ -1,5 +1,7 @@ - hosts: web0 become: true strategy: free + vars: + - secrets: "{{ lookup('community.general.onepassword', 'Ansible Secrets', subdomain='dimagi', vault='CommCare Connect', field='secrets_yaml') | from_yaml }}" roles: - role: connect diff --git a/deploy/registry_password.sh b/deploy/registry_password.sh index 213bf476..84457af6 100755 --- a/deploy/registry_password.sh +++ b/deploy/registry_password.sh @@ -10,4 +10,10 @@ if [ -z "$CI" ]; then # if not in github actions, specify the profile PROFILE_ARG=" --profile ${AWS_PROFILE:-commcare-connect}" fi + +aws sts get-caller-identity $PROFILE_ARG &> /dev/null +EXIT_CODE="$?" # $? is the exit code of the last statement +if [ $EXIT_CODE != 0 ]; then + aws sso login $PROFILE_ARG +fi aws ecr get-login-password --region=$REGION $PROFILE_ARG diff --git a/deploy/roles/connect/templates/docker.env.j2 b/deploy/roles/connect/templates/docker.env.j2 index f6a446d0..864b6df7 100644 --- a/deploy/roles/connect/templates/docker.env.j2 +++ b/deploy/roles/connect/templates/docker.env.j2 @@ -7,7 +7,7 @@ SENTRY_ENVIRONMENT={{ sentry_environment }} # Secrets CELERY_BROKER_URL={{ secrets.celery_broker_url }} -CSRF_TRUSTED_ORIGINS={{ secrets.csrf_trusted_origins }} +CSRF_TRUSTED_ORIGINS={{ secrets.csrf_trusted_origins|join(",") }} cid_client_secret={{ secrets.cid_client_secret }} cid_client_id={{ secrets.cid_client_id }} DJANGO_ALLOWED_HOSTS={{ secrets.django_allowed_hosts|join(",") }} diff --git a/deploy/utils.yml b/deploy/utils.yml deleted file mode 100644 index d6312865..00000000 --- a/deploy/utils.yml +++ /dev/null @@ -1,12 +0,0 @@ -- hosts: web0 - become: true - serial: 1 - gather_facts: False - vars_files: - - roles/connect/defaults/main.yml - - tasks: - - name: Restart Docker Containers - shell: 'docker restart $(docker ps --filter label=service={{ project_name }} --filter label=role=web -q)' - tags: - - restart diff --git a/deploy/vault.yml b/deploy/vault.yml deleted file mode 100644 index 1869e9ce..00000000 --- a/deploy/vault.yml +++ /dev/null @@ -1,67 +0,0 @@ -$ANSIBLE_VAULT;1.1;AES256 -32356639356330393434666537316338363435633839646634353737343438653236313866353834 -6234353238643462376566623063633761393933656463350a353239666366646133303731333137 -35616332316337333031303836353062383031343466393465613838316664346130353264363338 -3564313136616339660a353163316134363437626661633966333733333433396265373063353836 -31326232393231333064346362646364326462343362376464623436623134363035663461343565 -65333364366430393534356666333862613838663432323336633138373539363930306335336431 -63626362366566383762363061663765633430306430616536333238646131663262393930343134 -62393238396434653738323666316237383266343034626662643237346334343765376432366566 -66643739393961663262303031383735626532356563396466633936343638623733623361653566 -65336364623264633436316335653330636631366237333565363461323839323563646333636130 -39373632646531663733323036356135363036303136623135666639393861656138373666623430 -37623234396136393838306261636134393061353562323962353935383563346531303536626232 -61623632623031373732636564326337626565356536613131613733643134643363343436363530 -65333864336532316666383732643835363633336265633236636366313361386339356539616139 -62373436303338643234393834373061323937323135636664333761303739633137343535653664 -63626637386535383362363261386434343034666565653230633634396330653063623261356132 -33666230313734306538653838383436396633363933373733316338303734623832303136653466 -33353839393032616435633733653663383661396332623233656331663536643431353436616566 -36663564376563656665316530633837386263376536353362363563653862356661373034326531 -35306138633865643831363736653733363934623166333662396331363930336166343466623137 -63663939333932336535323961316636303133383231343436303036306661396136333138663135 -35613666336236366633666438366530386264353633326132313861376431393862393435373139 -61353266636436306331343936323135666561643061343865343939323038623633323433663162 -37353665623961643134336664393464613066323039306134656233333136373033636136303864 -37303130353563366163313930663036653961663961666237306138313434313434346135626430 -31663535636637663131623230663136656633386433653933313564356131333734323831643464 -33643937613064393134386361323836656534653765383537346536306436616361393862623535 -61653763363465303563353665653430306538636164646636306263666439353838386234386632 -66323636323066383064376438346432636337303834386666313036303361346535623866343463 -38346261623563623235366534356534616263376461356563383031353032386636623764633132 -63396461316135383138623538616435396461326637646130323539393536393031636537653835 -35356263636161613561316661653261303665396432643137303066623962653165306530366137 -63383733303364633334346339343339313437663366326165313731323434396239646533393164 -62623865333937336239383939373531616366393861323663306636646338336337303330333036 -61613666653931383762626235636364333239613235363662376562363032653039353637613230 -35613232333539613933613162396266323839633366646137396365646564313837316638653165 -38353333333165323537613935376663613734396665613030643233643331663039323539366461 -38653161353837643464623239343966356431613437373834376337623031313936336230383632 -65376136303731656661633831333962623936383234353966316138343665653133386331336230 -65303537373935333739643765303966376331326637656666373165643835373962363234383633 -65323835663065303665663136393238666437623637653863333465303439666132366534303432 -39303561306662623035396630623765653065323462316263636565353636666236646139356465 -32333537393064346531313366306633646365633130613938363730393930346363666461643935 -32336339613663666665336630356530363963363135316164336561363237303330326366306162 -35346533313064366662643631653636626239656265666663343565323536633463613233653131 -36363239383832613533373865663933376132653365333739346531643738346665306539376663 -39653361376236643231656162313339383331373330626639633535646135623031303931356231 -36393962386361353830313439646461623034366162376130323065396438666232386163376132 -34656432383730663662366335336636303363363432393532376466303166323762336263356138 -65623738393833303838396565363339333637316436396164653963353633353433646361613262 -64323138326231633664333565626431386138363634383635326138346330643961363835326465 -34656364333535333433363863363031383465363532393166306666653339663863316162323865 -36396263343130633131343838323466313130656662383632346138333239656133343963656162 -38323134316166396463323864353764313735316266326364333265353566663361383234383838 -31393239656461616564663861346532653931353839313434313934363634346134376333643732 -62646464386331386565366233373962623162633161386136306561336138373631326363653330 -39376430356439363262363666336236313437353331316664326636313364313364346336346433 -38623063333665346363393461383034616233623165333266303132663464333065323265343863 -31366532633363313062326365653235316631643931356664323231623963313436343636383462 -66613534356531396231636232336437613939653635346632633735323233643435306563626266 -39613663393366353830373163333136303834356437656236333238373434326362393830363430 -63303634336166643235323638633239613366646366366362623165383836306237653138353962 -66663763353432623332653663616466356262306435663832623636353764656137663265336133 -33373230316565363630316165623766623632353732306633343632333831383434643163636332 -64613435633231353361363739623939616265663534336533326636613161613631303662623366 -6535303936396464393966386236666464663865356637656465 diff --git a/deploy/vault_password.sh b/deploy/vault_password.sh deleted file mode 100755 index d23d3a4f..00000000 --- a/deploy/vault_password.sh +++ /dev/null @@ -1,7 +0,0 @@ -#!/bin/bash -# This script is used by Ansible to retrieve the Ansible Vault password from 1Password. -# Use it by passing `--vault-password-file=vault_password.sh` to Ansible. - -VAULT_ID="CommCare Connect" -VAULT_ANSIBLE_NAME="Ansible Vault" -op item get --vault="$VAULT_ID" "$VAULT_ANSIBLE_NAME" --fields password diff --git a/tasks.py b/tasks.py index ba53a213..fbd12ac4 100644 --- a/tasks.py +++ b/tasks.py @@ -78,10 +78,10 @@ def setup_ec2(c: Context, verbose=False, diff=False): def django_settings(c: Context, verbose=False, diff=False): """Update the Django settings file on prod servers""" run_ansible(c, tags="django_settings", verbose=verbose, diff=diff) - - val = input("Do you want to restart the Django services? [y/N] ") + print("\nSettings updated. A re-deploy is required to have the services use the new settings.") + val = input("Do you want to re-deploy the Django services? [y/N] ") if val.lower() == "y": - restart_django(c, verbose=verbose, diff=diff) + deploy(c) @task @@ -91,7 +91,7 @@ def restart_django(c: Context, verbose=False, diff=False): def run_ansible(c: Context, play="play.yml", tags=None, verbose=False, diff=False): - ansible_cmd = f"ansible-playbook {play} -i inventory.yml -e @vault.yml --vault-password-file=vault_password.sh" + ansible_cmd = f"ansible-playbook {play} -i inventory.yml" if tags: ansible_cmd += f" --tags {tags}" if verbose: