Add plume
This commit is contained in:
parent
09fc30214d
commit
9e4e2f7b99
7 changed files with 97 additions and 11 deletions
|
@ -81,6 +81,7 @@ alias bind_df="ssh \
|
||||||
-L 4646:127.0.0.1:4646 \
|
-L 4646:127.0.0.1:4646 \
|
||||||
-L 8500:127.0.0.1:8500 \
|
-L 8500:127.0.0.1:8500 \
|
||||||
-L 8082:traefik.service.2.cluster.deuxfleurs.fr:8082 \
|
-L 8082:traefik.service.2.cluster.deuxfleurs.fr:8082 \
|
||||||
|
-L 5432:psql-proxy.service.2.cluster.deuxfleurs.fr:5432 \
|
||||||
<a server from the cluster>"
|
<a server from the cluster>"
|
||||||
```
|
```
|
||||||
|
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
|
|
||||||
find {configuration,secrets}/$1 -type f \
|
find {configuration,secrets}/$1 -type f \
|
||||||
| grep --perl-regexp --invert-match "\.sample$|\.gen$|/.gitignore$" \
|
| grep --perl-regexp --invert-match "\.sample$|\.gen$|\.gitignore|\.sh$" \
|
||||||
| while read filename; do
|
| while read filename; do
|
||||||
consul kv put "${filename}" "@${filename}"
|
consul kv put "${filename}" "@${filename}"
|
||||||
done
|
done
|
||||||
|
|
1
app/config/secrets/.gitignore
vendored
1
app/config/secrets/.gitignore
vendored
|
@ -5,6 +5,7 @@
|
||||||
# Whitelist some patterns
|
# Whitelist some patterns
|
||||||
!*.sample
|
!*.sample
|
||||||
!*.gen
|
!*.gen
|
||||||
|
!*.sh
|
||||||
!.gitignore
|
!.gitignore
|
||||||
|
|
||||||
# Whitelist specific files
|
# Whitelist specific files
|
||||||
|
|
2
app/config/secrets/plume/pgsql_pw.sh
Executable file
2
app/config/secrets/plume/pgsql_pw.sh
Executable file
|
@ -0,0 +1,2 @@
|
||||||
|
#!/bin/bash
|
||||||
|
openssl rand -base64 32 > pgsql_pw
|
2
app/config/secrets/plume/secret_key.sh
Executable file
2
app/config/secrets/plume/secret_key.sh
Executable file
|
@ -0,0 +1,2 @@
|
||||||
|
#!/bin/bash
|
||||||
|
openssl rand -base64 32 > secret_key
|
71
app/deployment/plume.hcl
Normal file
71
app/deployment/plume.hcl
Normal file
|
@ -0,0 +1,71 @@
|
||||||
|
job "plume" {
|
||||||
|
datacenters = ["dc1"]
|
||||||
|
type = "service"
|
||||||
|
|
||||||
|
constraint {
|
||||||
|
attribute = "${attr.cpu.arch}"
|
||||||
|
value = "amd64"
|
||||||
|
}
|
||||||
|
|
||||||
|
group "plume" {
|
||||||
|
count = 1
|
||||||
|
task "plume" {
|
||||||
|
driver = "docker"
|
||||||
|
config {
|
||||||
|
image = "plumeorg/plume:v0.5.0"
|
||||||
|
port_map {
|
||||||
|
web_port = 7878
|
||||||
|
}
|
||||||
|
#command = "cat"
|
||||||
|
#args = [ "/dev/stdout" ]
|
||||||
|
volumes = [
|
||||||
|
"/mnt/glusterfs/plume/media:/app/static/media",
|
||||||
|
"/mnt/glusterfs/plume/search:/app/search_index"
|
||||||
|
]
|
||||||
|
}
|
||||||
|
|
||||||
|
artifact {
|
||||||
|
source = "http://127.0.0.1:8500/v1/kv/configuration/plume/app.env?raw"
|
||||||
|
destination = "secrets/app.env.tpl"
|
||||||
|
mode = "file"
|
||||||
|
}
|
||||||
|
template {
|
||||||
|
source = "secrets/app.env.tpl"
|
||||||
|
destination = "secrets/app.env"
|
||||||
|
env = true
|
||||||
|
}
|
||||||
|
|
||||||
|
resources {
|
||||||
|
memory = 100
|
||||||
|
cpu = 100
|
||||||
|
network {
|
||||||
|
port "web_port" {}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
service {
|
||||||
|
name = "plume"
|
||||||
|
tags = [
|
||||||
|
"plume",
|
||||||
|
"traefik.enable=true",
|
||||||
|
"traefik.frontend.entryPoints=https,http",
|
||||||
|
"traefik.frontend.rule=Host:plume.deuxfleurs.fr",
|
||||||
|
]
|
||||||
|
port = "web_port"
|
||||||
|
address_mode = "host"
|
||||||
|
check {
|
||||||
|
type = "tcp"
|
||||||
|
port = "web_port"
|
||||||
|
interval = "60s"
|
||||||
|
timeout = "5s"
|
||||||
|
check_restart {
|
||||||
|
limit = 3
|
||||||
|
grace = "600s"
|
||||||
|
ignore_warnings = false
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
|
@ -1,15 +1,24 @@
|
||||||
|
## 1. Create a LDAP user and assign a password for your service
|
||||||
|
|
||||||
|
Go to guichet.deuxfleurs.fr
|
||||||
|
|
||||||
|
1. Everything takes place in `ou=services,ou=users,dc=deuxfleurs,dc=fr`
|
||||||
|
2. Create a new user, like `johny`
|
||||||
|
3. Generate a random password with `openssl rand -base64 32`
|
||||||
|
4. Hash it with `slappasswd`
|
||||||
|
5. Add a `userpassword` entry with the hash
|
||||||
|
|
||||||
|
## 2. Connect to postgres with the admin users
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
ssh root@<one node of the cluster>
|
# 1. Launch ssh tunnel given in the README
|
||||||
docker run -t -i superboum/amd64_postgres:v1
|
# 2. Make sure you have postregsql client installed locally
|
||||||
psql -h psql-proxy.service.2.cluster.deuxfleurs.fr -p 25432 -U postgres -W postgres
|
psql -h localhost -U postgres -W postgres
|
||||||
```
|
```
|
||||||
|
|
||||||
|
## 3. Create the binded users with LDAP in postgres + the database
|
||||||
|
|
||||||
```sql
|
```sql
|
||||||
CREATE USER seafile;
|
CREATE USER johny;
|
||||||
CREATE DATABASE seafile ENCODING 'UTF8' LC_COLLATE='C' LC_CTYPE='C' template=template0 OWNER seafile;
|
CREATE DATABASE amazingapp OWNER johny;
|
||||||
-- GRANT ALL PRIVILEGES ON DATABASE seafile TO seafile;
|
|
||||||
```
|
|
||||||
|
|
||||||
```
|
|
||||||
consul kv import @ldapkv_seafile.json
|
|
||||||
```
|
```
|
||||||
|
|
Reference in a new issue