Merge pull request #7368 from freedomofpress/7328-redis-regen

Wipe and regenerate Redis password when restoring from backups
freedomofpress · Dec 9, 2024 · 8522ccc · 8522ccc
2 parents 543d9b4 + dd787c2
commit 8522ccc
Showing 1 changed file with 18 additions and 1 deletion.
diff --git a/install_files/ansible-base/roles/restore/tasks/perform_restore.yml b/install_files/ansible-base/roles/restore/tasks/perform_restore.yml
@@ -121,7 +121,24 @@
     exclude: "var/lib/tor,etc/tor/torrc"
   when: restore_skip_tor
 
-- name: Reconfigure securedrop-app-code
+- name: Remove Redis password line from restored config.py, if it exists
+  lineinfile:
+    state: absent
+    path: /var/www/securedrop/config.py
+    regexp: "^REDIS_PASSWORD = .*$"
+
+- name: Remove /var/www/securedrop/rq_config.py if it exists
+  file:
+    state: absent
+    path: /var/www/securedrop/rq_config.py
+
+- name: Remove Redis password line from /etc/redis/redis.conf, if it exists
+  lineinfile:
+    path: /etc/redis/redis.conf
+    state: absent
+    regexp: "^requirepass .*$"
+
+- name: Reconfigure securedrop-app-code, regenerating Redis config vi postint
   command: dpkg-reconfigure securedrop-app-code
 
 - name: Reconfigure securedrop-config