Merge branch 'master' into dist/risotto/risotto-2.8.0/master
This commit is contained in:
commit
b326844a43
|
@ -0,0 +1,27 @@
|
|||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<creole>
|
||||
<files>
|
||||
<!--service>lemur</service-->
|
||||
<file name='/etc/lemur/lemur.conf.py' mkdir='True'/>
|
||||
<file name='/etc/eole/eole-db.d/lemur.yml'/>
|
||||
<file name='/etc/nginx/web.d/lemur.conf' source='nginx-lemur.conf'/>
|
||||
</files>
|
||||
<variables>
|
||||
<family name='lemur'>
|
||||
<variable name='lemur_secret' type='password' description="Secret pour Lemur" auto_save="True"/>
|
||||
<variable name='lemur_token_secret' type='password' description="Token secret pour Lemur" auto_save="True"/>
|
||||
<variable name='lemur_encrypt_keys' type='password' description="Encrypt keys pour Lemur" auto_save="True"/>
|
||||
<variable name='lemur_db_name' type='string' description="Nom de la base de donnée de Lemur" mode="expert">
|
||||
<value>lemur</value>
|
||||
</variable>
|
||||
<variable name='lemur_db_user' type='string' description="Nom de l'utilisateur de la base de donnée de Lemur" mode="expert">
|
||||
<value>lemur</value>
|
||||
</variable>
|
||||
</family>
|
||||
</variables>
|
||||
<constraints>
|
||||
<fill name='gen_random_base64' target='lemur_secret'/>
|
||||
<fill name='gen_random_base64' target='lemur_token_secret'/>
|
||||
<fill name='gen_random_base64' target='lemur_encrypt_keys'/>
|
||||
</constraints>
|
||||
</creole>
|
|
@ -0,0 +1,6 @@
|
|||
from secrets import token_bytes as _token_bytes
|
||||
from base64 import urlsafe_b64encode as _urlsafe_b64encode
|
||||
|
||||
|
||||
def gen_random_base64():
|
||||
return _urlsafe_b64encode(_token_bytes(32)).decode()
|
|
@ -0,0 +1,90 @@
|
|||
|
||||
# This is just Python which means you can inherit and tweak settings
|
||||
|
||||
import os
|
||||
_basedir = os.path.abspath(os.path.dirname(__file__))
|
||||
|
||||
THREADS_PER_PAGE = 8
|
||||
|
||||
# General
|
||||
|
||||
# These will need to be set to `True` if you are developing locally
|
||||
CORS = False
|
||||
debug = False
|
||||
|
||||
# this is the secret key used by flask session management
|
||||
SECRET_KEY = '%%lemur_secret'
|
||||
|
||||
# You should consider storing these separately from your config
|
||||
LEMUR_TOKEN_SECRET = '%%lemur_token_secret'
|
||||
LEMUR_ENCRYPTION_KEYS = '%%lemur_encrypt_keys'
|
||||
|
||||
# List of domain regular expressions that non-admin users can issue
|
||||
LEMUR_ALLOWED_DOMAINS = []
|
||||
|
||||
# Mail Server
|
||||
|
||||
LEMUR_EMAIL = ''
|
||||
LEMUR_SECURITY_TEAM_EMAIL = []
|
||||
|
||||
# Certificate Defaults
|
||||
|
||||
LEMUR_DEFAULT_COUNTRY = ''
|
||||
LEMUR_DEFAULT_STATE = ''
|
||||
LEMUR_DEFAULT_LOCATION = ''
|
||||
LEMUR_DEFAULT_ORGANIZATION = ''
|
||||
LEMUR_DEFAULT_ORGANIZATIONAL_UNIT = ''
|
||||
|
||||
# Authentication Providers
|
||||
ACTIVE_PROVIDERS = []
|
||||
|
||||
# Metrics Providers
|
||||
METRIC_PROVIDERS = []
|
||||
|
||||
# Logging
|
||||
|
||||
LOG_LEVEL = "DEBUG"
|
||||
LOG_FILE = "lemur.log"
|
||||
|
||||
|
||||
# Database
|
||||
|
||||
# modify this if you are not using a local database
|
||||
SQLALCHEMY_DATABASE_PASSWORD = 'replaceme'
|
||||
SQLALCHEMY_DATABASE_URI = f'postgresql://%%lemur_db_user:{SQLALCHEMY_DATABASE_PASSWORD}@localhost:5432/%%lemur_db_name'
|
||||
|
||||
# AWS
|
||||
|
||||
#LEMUR_INSTANCE_PROFILE = 'Lemur'
|
||||
|
||||
# Issuers
|
||||
|
||||
# These will be dependent on which 3rd party that Lemur is
|
||||
# configured to use.
|
||||
|
||||
# VERISIGN_URL = ''
|
||||
# VERISIGN_PEM_PATH = ''
|
||||
# VERISIGN_FIRST_NAME = ''
|
||||
# VERISIGN_LAST_NAME = ''
|
||||
# VERSIGN_EMAIL = ''
|
||||
|
||||
#FIXME
|
||||
DIGICERT_CIS_API_KEY = ""
|
||||
DIGICERT_CIS_URL = ""
|
||||
DIGICERT_CIS_ROOTS = ''
|
||||
DIGICERT_API_KEY = ''
|
||||
DIGICERT_CIS_PROFILE_NAMES = ''
|
||||
DIGICERT_URL = ''
|
||||
DIGICERT_ORG_ID = ''
|
||||
DIGICERT_ORDER_TYPE = ''
|
||||
DIGICERT_ROOT = ''
|
||||
|
||||
ENTRUST_API_CERT = ''
|
||||
ENTRUST_API_KEY = ''
|
||||
ENTRUST_API_USER = ''
|
||||
ENTRUST_API_PASS = ''
|
||||
ENTRUST_URL = ''
|
||||
ENTRUST_ROOT = ''
|
||||
ENTRUST_NAME = ''
|
||||
ENTRUST_EMAIL = ''
|
||||
ENTRUST_PHONE = ''
|
|
@ -0,0 +1,16 @@
|
|||
%set %%dbname = %%lemur_db_name
|
||||
---
|
||||
dbuser: %%lemur_db_user
|
||||
dbuser_options:
|
||||
- LOGIN
|
||||
privileges:
|
||||
%%{dbname}.public.*: 'ALL'
|
||||
%%{dbname}.public: 'ALL'
|
||||
%%{dbname}: 'ALL'
|
||||
dbhost: %%risotto_db_address
|
||||
dbport: 5432
|
||||
dbtype: postgres
|
||||
dbname: %%dbname
|
||||
template: 'template0'
|
||||
pwd_files:
|
||||
- {'file': '/etc/lemur/lemur.conf.py', 'pattern': 'SQLALCHEMY_DATABASE_PASSWORD = "'}
|
|
@ -0,0 +1,15 @@
|
|||
location /lemur/api {
|
||||
proxy_pass http://127.0.0.1:8002/api;
|
||||
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
|
||||
proxy_redirect off;
|
||||
proxy_buffering off;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
}
|
||||
|
||||
location /lemur/ {
|
||||
alias /usr/share/lemur/static/;
|
||||
include mime.types;
|
||||
index index.html;
|
||||
}
|
Loading…
Reference in New Issue