WIP: update mysql/seafile to use their own ldap user in ou=services

2020-02-11 21:52:57 +01:00 · 2020-02-11 21:52:57 +01:00 · acdb34027b
parent ca787155c9
commit acdb34027b
3 changed files with 15 additions and 8 deletions
--- a/consul/configuration/.gitignore
+++ b/consul/configuration/.gitignore
@ -10,6 +10,7 @@

 # Whitelist specific files
 !seafile/conf/seafdav.conf
+!seafile/conf/ccnet.conf
 !seafile/ccnet/seafile.ini

 !email/dkim/keytable
--- a/consul/configuration/seafile/conf/ccnet.conf.sample
+++ b/consul/configuration/seafile/conf/ccnet.conf.sample
@ -1,6 +1,6 @@
 [General]
 USER_NAME = deuxfleurs
-ID = <to be defined>
+ID = {{ key "secrets/seafile/ccnet/seafile_id" | trimSpace }}
 NAME = deuxfleurs
 SERVICE_URL = https://cloud.deuxfleurs.fr

@ -13,9 +13,9 @@ PORT = 13418
 [LDAP]
 HOST = ldap://bottin2.service.2.cluster.deuxfleurs.fr/
 BASE = ou=users,dc=deuxfleurs,dc=fr
-USER_DN = cn=<to be defined>,dc=deuxfleurs,dc=fr
+USER_DN = {{ key "secrets/seafile/ccnet/ldap_binddn" | trimSpace }}
 FILTER = memberOf=CN=seafile,OU=groups,DC=deuxfleurs,DC=fr
-PASSWORD = <to be defined>
+PASSWORD = {{ key "secrets/seafile/ccnet/ldap_bindpwd" | trimSpace }}
 LOGIN_ATTR = mail

 [Database]
@ -23,7 +23,7 @@ ENGINE = mysql
 HOST = mariadb.service.2.cluster.deuxfleurs.fr
 PORT = 3306
 USER = seafile
-PASSWD = <to be defined>
+PASSWD = {{ key "secrets/seafile/ccnet/mysql_pwd" | trimSpace }}
 DB = ccnet-db
 CONNECTION_CHARSET = utf8

--- a/nomad/seafile.hcl
+++ b/nomad/seafile.hcl
@ -111,6 +111,16 @@ job "seafile" {
        }
      }

+      artifact {
+        source = "http://127.0.0.1:8500/v1/kv/configuration/seafile/conf/ccnet.conf?raw"
+        destination = "secrets/conf/ccnet.conf.tpl"
+        mode = "file"
+      }
+	    template {
+        source = "secrets/conf/ccnet.conf.tpl"
+        destination = "secrets/conf/ccnet.conf"
+      }
+
      template {
        data = "{{ key \"configuration/seafile/ccnet/mykey.peer\" }}"
        destination = "secrets/ccnet/mykey.peer"
@ -119,10 +129,6 @@ job "seafile" {
        data = "{{ key \"configuration/seafile/ccnet/seafile.ini\" }}"
        destination = "secrets/ccnet/seafile.ini"
      }
-      template {
-        data = "{{ key \"configuration/seafile/conf/ccnet.conf\" }}"
-        destination = "secrets/conf/ccnet.conf"
-      }
      template {
        data = "{{ key \"configuration/seafile/conf/mykey.peer\" }}"
        destination = "secrets/conf/mykey.peer"