Switch to the lemonldap-ng image
This commit is contained in:
parent
5f3f01eb59
commit
d21fdeaca0
|
@ -2,3 +2,4 @@
|
|||
|
||||
dependencies:
|
||||
- url: ../common.git
|
||||
- url: ../lemonldap-ng.git
|
||||
|
|
|
@ -1,32 +0,0 @@
|
|||
FROM [[ .docker.repo ]][[ .docker.base_images.alma9.image ]]
|
||||
MAINTAINER [[ .docker.maintainer ]]
|
||||
|
||||
ARG LLNG_MAJOR_VERSION=2.0
|
||||
|
||||
ENV LLNG_HANDLER_PORT=8183 \
|
||||
LLNG_HANDLER_PROTOCOL=http \
|
||||
LLNG_HANDLER_WORKERS=2 \
|
||||
SOURCE_SERVER=traefik
|
||||
|
||||
COPY root/ /
|
||||
RUN sed -i -e "s/stable/${LLNG_MAJOR_VERSION}/g" /etc/yum.repos.d/lemonldap-ng.repo &&\
|
||||
microdnf upgrade -y --best --nodocs --noplugins --setopt=install_weak_deps=0 &&\
|
||||
microdnf -y --nodocs --setopt=install_weak_deps=0 install \
|
||||
tini \
|
||||
lemonldap-ng-handler \
|
||||
lemonldap-ng-uwsgi-app \
|
||||
uwsgi \
|
||||
uwsgi-plugin-psgi \
|
||||
perl-DBD-MySQL \
|
||||
perl-DBD-Pg \
|
||||
perl-Cache-Cache \
|
||||
perl-Apache-Session-Browseable \
|
||||
perl-Apache-Session-Redis \
|
||||
perl-Apache-Session-NoSQL \
|
||||
perl-Apache-Session-LDAP &&\
|
||||
microdnf -y clean all &&\
|
||||
rm -rf /var/cache/yum/* /var/log/yum/* /var/lib/dnf/history*
|
||||
|
||||
USER apache
|
||||
EXPOSE ${LLNG_HANDLER_PORT}
|
||||
ENTRYPOINT ["tini", "--", "/llng-handler.sh"]
|
|
@ -1,13 +0,0 @@
|
|||
[lemonldap-ng]
|
||||
async = 1
|
||||
baseurl = https://lemonldap-ng.org/redhat/stable/$releasever/noarch
|
||||
gpgcheck = 1
|
||||
gpgkey = https://lemonldap-ng.org/_media/rpm-gpg-key-ow2
|
||||
name = Lemonldap::NG
|
||||
|
||||
[lemonldap-ng-extras]
|
||||
async = 1
|
||||
baseurl = https://lemonldap-ng.org/redhat/extras/$releasever
|
||||
gpgcheck = 1
|
||||
gpgkey = https://lemonldap-ng.org/_media/rpm-gpg-key-ow2
|
||||
name = Lemonldap::NG Extras packages
|
|
@ -1,22 +0,0 @@
|
|||
#!/bin/sh
|
||||
|
||||
set -eo pipefail
|
||||
cd /usr/share/lemonldap-ng/llng-server/
|
||||
# Nomad environment ?
|
||||
if [ -d "/secrets" ]; then
|
||||
mkdir -p /secrets/cache
|
||||
chmod 700 /secrets/cache
|
||||
fi
|
||||
/usr/sbin/uwsgi \
|
||||
--plugin psgi \
|
||||
--psgi llng-server.psgi \
|
||||
--master \
|
||||
--workers ${LLNG_HANDLER_WORKERS:-2} \
|
||||
--max-worker-lifetime 86400 \
|
||||
--max-requests 10000 \
|
||||
--disable-logging \
|
||||
--harakiri 30 \
|
||||
--buffer-size 65535 \
|
||||
--limit-post 0 \
|
||||
--die-on-term \
|
||||
--${LLNG_HANDLER_PROTOCOL:-http}-socket 0.0.0.0:${LLNG_HANDLER_PORT:-8183}
|
|
@ -0,0 +1,9 @@
|
|||
services:
|
||||
lemonldap:
|
||||
type: master
|
||||
command: ["lemonldap-ng"]
|
||||
local_cache:
|
||||
command: ["/usr/libexec/lemonldap-ng/bin/purgeLocalCache"]
|
||||
cronExpression: '1 * * * *'
|
||||
logger:
|
||||
level: debug
|
|
@ -1,5 +1,5 @@
|
|||
[all]
|
||||
logLevel = info
|
||||
logLevel = notice
|
||||
logger = Lemonldap::NG::Common::Logger::Std
|
||||
userLogger = Lemonldap::NG::Common::Logger::Std
|
||||
localSessionStorage = Cache::FileCache
|
||||
|
|
|
@ -127,13 +127,14 @@ _EOF
|
|||
[[- $c = merge .lemonldap . ]]
|
||||
|
||||
# LL::NG handler for sso
|
||||
task "llng-handler" {
|
||||
task "lemonldap-ng-handler" {
|
||||
driver = [[ $c.nomad.driver | toJSON ]]
|
||||
|
||||
config {
|
||||
image = [[ .lemonldap.image | toJSON ]]
|
||||
volumes = [
|
||||
"secrets/lemonldap-ng.ini:/etc/lemonldap-ng/lemonldap-ng.ini:ro",
|
||||
# Workaround this bug: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/3047
|
||||
"local/Traefik.pm:/usr/share/perl5/vendor_perl/Lemonldap/NG/Handler/Server/Traefik.pm:ro"
|
||||
]
|
||||
# Add a tmpfs to store config and session cache
|
||||
|
@ -145,6 +146,13 @@ _EOF
|
|||
sidecar = true
|
||||
}
|
||||
|
||||
env {
|
||||
CTD_CONFIG = "/local/caretakerd.yaml"
|
||||
LLNG_SOCKET_PROTO = "http"
|
||||
LLNG_LISTEN = "127.0.0.1:8183"
|
||||
SOURCE_SERVER = "traefik"
|
||||
}
|
||||
|
||||
vault {
|
||||
policies = ["[[ .instance ]][[ .consul.suffix ]]"]
|
||||
env = false
|
||||
|
@ -168,6 +176,13 @@ _EOT
|
|||
destination = "local/Traefik.pm"
|
||||
}
|
||||
|
||||
template {
|
||||
data =<<_EOT
|
||||
[[ template "traefik/caretakerd.yaml.tpl" . ]]
|
||||
_EOT
|
||||
destination = "local/caretakerd.yaml"
|
||||
}
|
||||
|
||||
[[ template "common/resources" .lemonldap.resources ]]
|
||||
}
|
||||
[[- end ]]
|
||||
|
|
|
@ -86,7 +86,7 @@ lemonldap:
|
|||
enabled: False
|
||||
|
||||
# Docker image to use for Lemonldap::NG handler
|
||||
image: '[[ .docker.repo ]]lemonldap-ng-handler:2.18.1-1'
|
||||
image: '[[ .docker.repo ]]lemonldap-ng:latest'
|
||||
|
||||
# Resources for Lemonldap::NG handlers
|
||||
resources:
|
||||
|
|
Loading…
Reference in New Issue