Switch to the lemonldap-ng image

2024-01-04 11:27:27 +01:00 · 2024-01-04 11:27:27 +01:00 · d21fdeaca0
parent 5f3f01eb59
commit d21fdeaca0
8 changed files with 28 additions and 70 deletions
--- a/bundles.yml
+++ b/bundles.yml
@ -2,3 +2,4 @@

 dependencies:
  - url: ../common.git
+  - url: ../lemonldap-ng.git
--- a/images/lemonldap-ng-handler/Dockerfile
+++ b/images/lemonldap-ng-handler/Dockerfile
@ -1,32 +0,0 @@
-FROM [[ .docker.repo ]][[ .docker.base_images.alma9.image ]]
-MAINTAINER [[ .docker.maintainer ]]
-
-ARG LLNG_MAJOR_VERSION=2.0
-
-ENV LLNG_HANDLER_PORT=8183 \
-    LLNG_HANDLER_PROTOCOL=http \
-    LLNG_HANDLER_WORKERS=2 \
-    SOURCE_SERVER=traefik
-
-COPY root/ /
-RUN sed -i -e "s/stable/${LLNG_MAJOR_VERSION}/g" /etc/yum.repos.d/lemonldap-ng.repo &&\
-    microdnf upgrade -y --best --nodocs  --noplugins --setopt=install_weak_deps=0 &&\
-    microdnf -y --nodocs --setopt=install_weak_deps=0 install \
-      tini \
-      lemonldap-ng-handler \
-      lemonldap-ng-uwsgi-app \
-      uwsgi \
-      uwsgi-plugin-psgi \
-      perl-DBD-MySQL \
-      perl-DBD-Pg \
-      perl-Cache-Cache \
-      perl-Apache-Session-Browseable \
-      perl-Apache-Session-Redis \
-      perl-Apache-Session-NoSQL \
-      perl-Apache-Session-LDAP &&\
-    microdnf -y clean all &&\
-    rm -rf /var/cache/yum/* /var/log/yum/* /var/lib/dnf/history*
-
-USER apache
-EXPOSE ${LLNG_HANDLER_PORT}
-ENTRYPOINT ["tini", "--", "/llng-handler.sh"]
--- a/images/lemonldap-ng-handler/root/etc/yum.repos.d/lemonldap-ng.repo
+++ b/images/lemonldap-ng-handler/root/etc/yum.repos.d/lemonldap-ng.repo
@ -1,13 +0,0 @@
-[lemonldap-ng]
-async = 1
-baseurl = https://lemonldap-ng.org/redhat/stable/$releasever/noarch
-gpgcheck = 1
-gpgkey = https://lemonldap-ng.org/_media/rpm-gpg-key-ow2
-name = Lemonldap::NG
-
-[lemonldap-ng-extras]
-async = 1
-baseurl = https://lemonldap-ng.org/redhat/extras/$releasever
-gpgcheck = 1
-gpgkey = https://lemonldap-ng.org/_media/rpm-gpg-key-ow2
-name = Lemonldap::NG Extras packages
--- a/images/lemonldap-ng-handler/root/llng-handler.sh
+++ b/images/lemonldap-ng-handler/root/llng-handler.sh
@ -1,22 +0,0 @@
-#!/bin/sh
-
-set -eo pipefail
-cd /usr/share/lemonldap-ng/llng-server/
-# Nomad environment ?
-if [ -d "/secrets" ]; then
-  mkdir -p /secrets/cache
-  chmod 700 /secrets/cache
-fi
-/usr/sbin/uwsgi \
-  --plugin psgi \
-  --psgi llng-server.psgi \
-  --master \
-  --workers ${LLNG_HANDLER_WORKERS:-2} \
-  --max-worker-lifetime 86400 \
-  --max-requests 10000 \
-  --disable-logging \
-  --harakiri 30 \
-  --buffer-size 65535 \
-  --limit-post 0 \
-  --die-on-term \
-  --${LLNG_HANDLER_PROTOCOL:-http}-socket 0.0.0.0:${LLNG_HANDLER_PORT:-8183}
--- a/templates/caretakerd.yaml.tpl
+++ b/templates/caretakerd.yaml.tpl
@ -0,0 +1,9 @@
+services:
+  lemonldap:
+    type: master
+    command: ["lemonldap-ng"]
+  local_cache:
+    command: ["/usr/libexec/lemonldap-ng/bin/purgeLocalCache"]
+    cronExpression: '1 * * * *'
+    logger:
+      level: debug
--- a/templates/lemonldap-ng.ini.tpl
+++ b/templates/lemonldap-ng.ini.tpl
@ -1,5 +1,5 @@
 [all]
-logLevel = info
+logLevel = notice
 logger = Lemonldap::NG::Common::Logger::Std
 userLogger = Lemonldap::NG::Common::Logger::Std
 localSessionStorage = Cache::FileCache
--- a/traefik.nomad.hcl
+++ b/traefik.nomad.hcl
@ -127,13 +127,14 @@ _EOF
  [[- $c = merge .lemonldap . ]]

    # LL::NG handler for sso
-    task "llng-handler" {
+    task "lemonldap-ng-handler" {
      driver = [[ $c.nomad.driver | toJSON ]]

      config {
        image = [[ .lemonldap.image | toJSON ]]
        volumes = [
          "secrets/lemonldap-ng.ini:/etc/lemonldap-ng/lemonldap-ng.ini:ro",
+          # Workaround this bug: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/3047
          "local/Traefik.pm:/usr/share/perl5/vendor_perl/Lemonldap/NG/Handler/Server/Traefik.pm:ro"
        ]
        # Add a tmpfs to store config and session cache
@ -145,6 +146,13 @@ _EOF
        sidecar = true
      }

+      env {
+        CTD_CONFIG        = "/local/caretakerd.yaml"
+        LLNG_SOCKET_PROTO = "http"
+        LLNG_LISTEN       = "127.0.0.1:8183"
+        SOURCE_SERVER     = "traefik"
+      }
+
      vault {
        policies     = ["[[ .instance ]][[ .consul.suffix ]]"]
        env          = false
@ -168,6 +176,13 @@ _EOT
        destination = "local/Traefik.pm"
      }

+      template {
+        data =<<_EOT
+[[ template "traefik/caretakerd.yaml.tpl" . ]]
+_EOT
+        destination = "local/caretakerd.yaml"
+      }
+
      [[ template "common/resources" .lemonldap.resources ]]
    }
 [[- end ]]
--- a/variables.yml
+++ b/variables.yml
@ -86,7 +86,7 @@ lemonldap:
  enabled: False

  # Docker image to use for Lemonldap::NG handler
-  image: '[[ .docker.repo ]]lemonldap-ng-handler:2.18.1-1'
+  image: '[[ .docker.repo ]]lemonldap-ng:latest'

  # Resources for Lemonldap::NG handlers
  resources: