Cron jobs are configurable

2024-01-04 15:51:42 +01:00 · 2024-01-04 15:51:42 +01:00 · 0f5c3939f4
parent 4c5af66d40
commit 0f5c3939f4
4 changed files with 22 additions and 8 deletions
--- a/lemonldap-ng.nomad.hcl
+++ b/lemonldap-ng.nomad.hcl
@ -19,7 +19,7 @@ job "[[ .instance ]]" {

 [[- $p := merge .llng.portal . ]]
 [[- $m := merge .llng.manager . ]]
-[[- $a := merge .llng.api . ]]
+[[- $a := merge .llng.api .llng.portal . ]]
      tags = [

 [[- if $p.traefik.enabled ]]
@ -40,7 +40,7 @@ job "[[ .instance ]]" {
 [[- end ]]

 [[- if $a.traefik.enabled ]]
-  [[- if $a.traefik.instance ne $p.traefik.instance ]]
+  [[- if ne $a.traefik.instance $p.traefik.instance ]]
        "[[ $a.traefik.instance ]].enable=true",
  [[- end ]]
        "[[ $a.traefik.instance ]].http.routers.[[ .instance ]]-api[[ .consul.suffix ]].rule=Host(`[[ (urlParse $p.public_url).Hostname ]]`) && PathRegexp(`^/index\\.psgi/(config|sessions)`)",
--- a/templates/caretakerd.yaml.tpl
+++ b/templates/caretakerd.yaml.tpl
@ -4,7 +4,7 @@ services:
    command: ["lemonldap-ng"]
  local_cache:
    command: ["/usr/libexec/lemonldap-ng/bin/purgeLocalCache"]
-    cronExpression: '1 * * * *'
+    cronExpression: [[ .llng.portal.cron.clean_local_cache | toJSON ]]
    logger:
      level: debug
  nginx:
@ -12,12 +12,12 @@ services:
 {{- if eq (env "NOMAD_ALLOC_INDEX") "0" }}
  global_cache:
    command: ["/usr/libexec/lemonldap-ng/bin/purgeCentralCache"]
-    cronExpression: '10 * * * *'
+    cronExpression: [[ .llng.portal.cron.clean_global_cache | toJSON ]]
    logger:
      level: debug
  rotate_oidc_keys:
    command: ["/usr/libexec/lemonldap-ng/bin/rotateOidcKeys"]
-    cronExpression: '5 5 * * 6'
+    cronExpression: [[ .llng.portal.cron.rotate_oidc_keys | toJSON ]]
    logger:
      level: debug
 {{- end }}
--- a/templates/lmConf-1.json.tpl
+++ b/templates/lmConf-1.json.tpl
@ -91,10 +91,12 @@
      "directory_umask" : "007",
      "namespace" : "sessions"
   },
-   "globalStorage" : "Lemonldap::NG::Common::Apache::Session::REST",
+   "globalStorage" : "Apache::Session::Browseable::PgJSON",
   "globalStorageOptions" : {
-      "baseUrl" : "[[ .llng.portal.public_url ]]/index.psgi/sessions/global",
-      "generateModule" : "Lemonldap::NG::Common::Apache::Session::Generate::SHA256"
+      "DataSource" : "DBI:Pg:",
+      "TableName" : "sessions",
+      "generateModule" : "Lemonldap::NG::Common::Apache::Session::Generate::SHA256",
+      "Commit" : 1
   },
   "locationRules" : {
      "[[ (urlParse .llng.portal.public_url).Hostname ]]" : {
--- a/variables.yml
+++ b/variables.yml
@ -76,6 +76,18 @@ llng:
      # List of middlewares to apply
      middlewares: {}

+    # Cron jobs
+    cron:
+      # Rotate oidc keys (default is weekly)
+      rotate_oidc_keys: '15 5 0 * * 6'
+      # Cleanup global session store by removing obsolete ones
+      # Note that this task will only be scheduled on the first allocation (NOMAD_ALLOC_INDEX 0)
+      # as there's no need to do the cleanup on every instance
+      clean_global_cache: '@every 10m'
+      # Cleanup local session and config cache
+      # This task will also only be scheduled on the first allocation
+      clean_local_cache: '@every 1h'
+
  # Settings for the configuration manager
  manager:
    # protection can be "none" (no authentication) or "manager" (the manager is protected by Lemonldap::NG itself, and you must add appropriate