vbatts/quay
Archived
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Configure jwtproxy from stack/conf yaml

Browse source
This commit is contained in:
Evan Cordell 2016-04-21 11:40:16 -05:00 committed by Jimmy Zelinskie
parent adc86456b5
commit da0a988650
4 changed files with 29 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

23
boot.py
View file

@ -1,13 +1,36 @@
#!/usr/bin/env python
from urlparse import urlunparse
import release
from jinja2 import Template
from app import app
from data.model.release import set_region_release
from util.config.database import sync_database_with_config
def create_jwtproxy_conf():
audience = urlunparse((
app.config.get('PREFERRED_URL_SCHEME'),
app.config.get('SERVER_HOSTNAME'), '', '', '', ''))
registry = audience + '/keys'
with open("/conf/jwtproxy_conf.yaml.jnj") as f:
template = Template(f.read())
rendered = template.render(
audience=audience,
registry=registry
)
with open('/conf/jwtproxy_conf.yaml', 'w') as f:
f.write(rendered)
def main():
create_jwtproxy_conf()
if app.config.get('SETUP_COMPLETE', False):
sync_database_with_config(app.config)

4
conf/http-base.conf
View file

@ -37,8 +37,8 @@ map $http_x_forwarded_proto $proper_scheme {
upstream web_app_server {
server unix:/tmp/gunicorn_web.sock fail_timeout=0;
}
upstream jwtproxy {
server unix:/tmp/jwtproxy.sock fail_timeout=0;
upstream jwtproxy_secscan {
server unix:/tmp/jwtproxy_secscan.sock fail_timeout=0;
}
upstream verbs_app_server {
server unix:/tmp/gunicorn_verbs.sock fail_timeout=0;

6
conf/jwtproxy_conf.yaml → conf/jwtproxy_conf.yaml.jnj
View file

@ -3,11 +3,11 @@ jwtproxy:
enabled: false
verifier_proxy:
enabled: true
listen_addr: unix:/tmp/jwtproxy.sock
listen_addr: unix:/tmp/jwtproxy_secscan.sock
verifier:
upstream: unix:/tmp/gunicorn_web.sock
audience: quay
audience: {{ audience }}
key_server:
type: keyregistry
options:
registry: unix:/tmp/gunicorn_web.sock
registry: {{ registry }}

2
conf/server-base.conf
View file

@ -50,7 +50,7 @@ location ~ ^/(v1/repositories|v2/auth)/ {
}
location /secscan/ {
proxy_pass http://jwtproxy;
proxy_pass http://jwtproxy_secscan;
}
location ~ ^/v2 {