From f69ec3f35cda1f02e2a43c5eccc6faff30bca516 Mon Sep 17 00:00:00 2001 From: Mark Heiges Date: Wed, 24 Aug 2016 18:17:39 -0400 Subject: [PATCH] enable secure cookie in additional_environment.rb instead of trying to change lineinfile of application.rb --- .../files/additional_environment.rb | 8 ++++++++ roles/easyredmine/tasks/redmine.yml | 18 ++++++++++-------- 2 files changed, 18 insertions(+), 8 deletions(-) create mode 100644 roles/easyredmine/files/additional_environment.rb diff --git a/roles/easyredmine/files/additional_environment.rb b/roles/easyredmine/files/additional_environment.rb new file mode 100644 index 0000000..a3f78b2 --- /dev/null +++ b/roles/easyredmine/files/additional_environment.rb @@ -0,0 +1,8 @@ +# EBRC custom settings. +# This file managed by Ansible. + +# override session_store in application.rb to set secure +config.session_store :cookie_store, + :key => '_redmine_session', + :secure => true, + :path => config.relative_url_root || '/' diff --git a/roles/easyredmine/tasks/redmine.yml b/roles/easyredmine/tasks/redmine.yml index 5f01f30..f32cda5 100644 --- a/roles/easyredmine/tasks/redmine.yml +++ b/roles/easyredmine/tasks/redmine.yml @@ -63,10 +63,19 @@ register: installer_run become: no -- copy: dest='/opt/easyredmine/lib/tasks/ebrc_settings.rake' +- name: install ebrc_settings.rake + copy: dest='/opt/easyredmine/lib/tasks/ebrc_settings.rake' src='ebrc_settings.rake' + owner='{{ redmine_owner }}' become: yes +- name: install additional_environment.rb + copy: dest='/opt/easyredmine/config/additional_environment.rb' + src='additional_environment.rb' + owner='{{ redmine_owner }}' + become: yes + notify: restart nginx + - name: restrict config permissions file: path='{{ redmine_root_dir }}/config' mode=0770 @@ -110,10 +119,3 @@ job="({{ redmine_root_dir }}/script/redmine_fetch_changesets 2>&1 | sed '/install RDoc/d') >> {{ redmine_root_dir }}/log/redmine_fetch_changesets" user='{{ redmine_owner }}' become: yes - -- name: set session cookie as secure - lineinfile: > - dest='{{ redmine_root_dir }}/config/application.rb' - regexp='^\s*config.session_store' - line=" config.session_store :cookie_store, :key => '_redmine_session', :secure => true" - notify: restart nginx