Skip to content

Commit

Permalink
Merge pull request #143 from rackerlabs/move-django-users-to-scantron…
Browse files Browse the repository at this point in the history
…_secrets.json

Update how creds are generated for django, database, and users
  • Loading branch information
derpadoo authored Jan 7, 2020
2 parents 6b9ad89 + f5f43ac commit 0f84a27
Show file tree
Hide file tree
Showing 5 changed files with 26 additions and 22 deletions.
4 changes: 2 additions & 2 deletions ansible-playbooks/roles/master/tasks/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -233,13 +233,13 @@
chdir: "{{ scantron_dir }}"

- name: Create initial "{{ django_super_user }}" superuser.
shell: echo "from django.contrib.auth.models import User; User.objects.create_superuser('{{ django_super_user }}', '{{ django_super_user_email }}', '{{ scantron_secrets["django_super_user_password"] }}')" | {{ venv_python }} {{ scantron_dir }}/manage.py shell
shell: echo "from django.contrib.auth.models import User; User.objects.create_superuser('{{ scantron_secrets["django_super_user"] }}', '{{ scantron_secrets["django_super_user_email"] }}', '{{ scantron_secrets["django_super_user_password"] }}')" | {{ venv_python }} {{ scantron_dir }}/manage.py shell
args:
chdir: "{{ scantron_dir }}"
ignore_errors: yes # Only applicable if playbook has already been run. Use 'python manage.py change changepassword admin'.

- name: Create "{{ django_user }}" user.
shell: echo "from django.contrib.auth.models import User; User.objects.create_user('{{ django_user }}', '{{ django_user_email }}', '{{ scantron_secrets['django_user_password'] }}')" | {{ venv_python }} {{ scantron_dir }}/manage.py shell
shell: echo "from django.contrib.auth.models import User; User.objects.create_user('{{ scantron_secrets["django_user"] }}', '{{ scantron_secrets["django_user_email"] }}', '{{ scantron_secrets['django_user_password'] }}')" | {{ venv_python }} {{ scantron_dir }}/manage.py shell
args:
chdir: "{{ scantron_dir }}"
ignore_errors: yes # Only applicable if playbook has already been run. Use 'python manage.py changepassword scantron'.
Expand Down
6 changes: 0 additions & 6 deletions ansible-playbooks/roles/master/vars/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -40,11 +40,5 @@ venv_python: "{{ venv_dir }}/bin/python3.6"
# Django
django_project_name: django_scantron

django_super_user: admin
django_super_user_email: changeme@localhost # Filler email address, does not matter.

django_user: agent1
django_user_email: changeme@localhost # Filler email address, does not matter.

# uwsgi
uwsgi_version: 2.0.18
28 changes: 17 additions & 11 deletions initial_setup.sh
Original file line number Diff line number Diff line change
Expand Up @@ -36,27 +36,33 @@ cp master/scantron_secrets.json.empty master/scantron_secrets.json

# Generate random Django key.
# https://www.howtogeek.com/howto/30184/10-ways-to-generate-a-random-password-from-the-command-line/
echo "[*] Generating random Django Key and database passwords."
# Locale needs to be set for OSX, else tr responds with "tr: Illegal byte sequence".
# https://unix.stackexchange.com/questions/45404/why-cant-tr-read-from-dev-urandom-on-osx
echo "[*] Generating a random Django Key, database, and user passwords."

if [[ `uname` == "Darwin" ]]
then
# Locale needs to be set for OSX, else tr responds with "tr: Illegal byte sequence".
# https://unix.stackexchange.com/questions/45404/why-cant-tr-read-from-dev-urandom-on-osx
DJANGO_KEY=`< /dev/urandom LC_ALL=C tr -dc _A-Z-a-z-0-9 | head -c${1:-64};echo;`
DATABASE_PASSWORD=`< /dev/urandom LC_ALL=C tr -dc _A-Z-a-z-0-9 | head -c${1:-32};echo;`
DJANGO_SUPER_USER_PASSWORD=`< /dev/urandom LC_ALL=C tr -dc _A-Z-a-z-0-9 | head -c${1:-32};echo;`
DJANGO_USER_PASSWORD=`< /dev/urandom LC_ALL=C tr -dc _A-Z-a-z-0-9 | head -c${1:-32};echo;`

# -i requires additional arguments on OSX, else it responds with "sed: 1: "<filename>": invalid command code".
# https://markhneedham.com/blog/2011/01/14/sed-sed-1-invalid-command-code-r-on-mac-os-x/
sed -i "" "s/REPLACE_THIS_DJANGO_KEY/$DJANGO_KEY/g" master/scantron_secrets.json
sed -i "" "s/REPLACE_THIS_DATABASE_PASSWORD/$DATABASE_PASSWORD/g" master/scantron_secrets.json
sed -i "" "s/REPLACE_THIS_DJANGO_SUPER_USER_PASSWORD/$DJANGO_SUPER_USER_PASSWORD/g" master/scantron_secrets.json
sed -i "" "s/REPLACE_THIS_DJANGO_USER_PASSWORD/$DJANGO_USER_PASSWORD/g" master/scantron_secrets.json
else
DJANGO_KEY=`< /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c${1:-64};echo;`
DATABASE_PASSWORD=`< /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c${1:-32};echo;`
fi
DJANGO_SUPER_USER_PASSWORD=`< /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c${1:-32};echo;`
DJANGO_USER_PASSWORD=`< /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c${1:-32};echo;`

# -i requires additional arguments on OSX, else it responds with "sed: 1: "<filename>": invalid command code".
# https://markhneedham.com/blog/2011/01/14/sed-sed-1-invalid-command-code-r-on-mac-os-x/
if [[ `uname` == "Darwin" ]]
then
sed -i "" "s/REPLACE_THIS_DJANGO_KEY/$DJANGO_KEY/g" master/scantron_secrets.json
sed -i "" "s/REPLACE_THIS_DATABASE_PASSWORD/$DATABASE_PASSWORD/g" master/scantron_secrets.json
else
sed -i "s/REPLACE_THIS_DJANGO_KEY/$DJANGO_KEY/g" master/scantron_secrets.json
sed -i "s/REPLACE_THIS_DATABASE_PASSWORD/$DATABASE_PASSWORD/g" master/scantron_secrets.json
sed -i "s/REPLACE_THIS_DJANGO_SUPER_USER_PASSWORD/$DJANGO_SUPER_USER_PASSWORD/g" master/scantron_secrets.json
sed -i "s/REPLACE_THIS_DJANGO_USER_PASSWORD/$DJANGO_USER_PASSWORD/g" master/scantron_secrets.json
fi

echo "[+] Done!"
2 changes: 1 addition & 1 deletion master/django_scantron/__init__.py
Original file line number Diff line number Diff line change
@@ -1 +1 @@
__version__ = "1.13"
__version__ = "1.14"
8 changes: 6 additions & 2 deletions master/scantron_secrets.json.empty
Original file line number Diff line number Diff line change
@@ -1,6 +1,10 @@
{
"django_super_user_password": "",
"django_user_password": "",
"django_super_user": "admin",
"django_super_user_password": "REPLACE_THIS_DJANGO_SUPER_USER_PASSWORD",
"django_super_user_email": "changeme@localhost",
"django_user": "agent1",
"django_user_password": "REPLACE_THIS_DJANGO_USER_PASSWORD",
"django_user_email": "changeme@localhost",
"production": {
"SECRET_KEY": "REPLACE_THIS_DJANGO_KEY",
"DATABASE_NAME": "scantron",
Expand Down

0 comments on commit 0f84a27

Please sign in to comment.