forked from Deuxfleurs/infrastructure
Add bagage deployment
This commit is contained in:
parent
09269e8497
commit
d40c41004d
33 changed files with 17 additions and 802 deletions
|
@ -1,45 +1,46 @@
|
||||||
job "science" {
|
job "bagage" {
|
||||||
datacenters = ["dc1"]
|
datacenters = ["dc1"]
|
||||||
type = "service"
|
type = "service"
|
||||||
priority = 10
|
priority = 90
|
||||||
|
|
||||||
constraint {
|
constraint {
|
||||||
attribute = "${attr.cpu.arch}"
|
attribute = "${attr.cpu.arch}"
|
||||||
value = "amd64"
|
value = "amd64"
|
||||||
}
|
}
|
||||||
|
|
||||||
group "diagnet" {
|
group "main" {
|
||||||
|
count = 1
|
||||||
|
|
||||||
network {
|
network {
|
||||||
port "web_port" { to = 8000 }
|
port "web_port" { to = 8080 }
|
||||||
}
|
}
|
||||||
|
|
||||||
task "main" {
|
task "server" {
|
||||||
driver = "docker"
|
driver = "docker"
|
||||||
config {
|
config {
|
||||||
image = "lesterpig/diagnet-landmark:latest"
|
image = "superboum/amd64_bagage:v5"
|
||||||
args = [
|
readonly_rootfs = true
|
||||||
"-name", "landmark-deuxfleurs",
|
|
||||||
"-chrome", "-chrome-interval", "60m",
|
|
||||||
"-http", ":8000"
|
|
||||||
]
|
|
||||||
ports = [ "web_port" ]
|
ports = [ "web_port" ]
|
||||||
}
|
}
|
||||||
|
|
||||||
|
env {
|
||||||
|
BAGAGE_LDAP_ENDPOINT = "bottin2.service.2.cluster.deuxfleurs.fr:389"
|
||||||
|
}
|
||||||
|
|
||||||
resources {
|
resources {
|
||||||
cpu = 100
|
memory = 100
|
||||||
memory = 250
|
|
||||||
}
|
}
|
||||||
|
|
||||||
service {
|
service {
|
||||||
|
name = "bagage"
|
||||||
tags = [
|
tags = [
|
||||||
"diagnet",
|
"bagage",
|
||||||
"traefik.enable=true",
|
"traefik.enable=true",
|
||||||
"traefik.frontend.entryPoints=https,http",
|
"traefik.frontend.entryPoints=https,http",
|
||||||
"traefik.frontend.rule=Host:diagnet.science.deuxfleurs.fr;PathPrefix:/"
|
"traefik.frontend.rule=Host:bagage.deuxfleurs.fr",
|
||||||
]
|
]
|
||||||
port = "web_port"
|
port = "web_port"
|
||||||
address_mode = "host"
|
address_mode = "host"
|
||||||
name = "diagnet"
|
|
||||||
check {
|
check {
|
||||||
type = "tcp"
|
type = "tcp"
|
||||||
port = "web_port"
|
port = "web_port"
|
|
@ -1,27 +0,0 @@
|
||||||
FROM debian:10
|
|
||||||
|
|
||||||
RUN apt-get update && \
|
|
||||||
apt-get -qq -y full-upgrade
|
|
||||||
|
|
||||||
RUN apt-get install -y apache2 php php-gd php-mbstring php-pgsql php-curl php-dom php-xml php-zip \
|
|
||||||
php-intl php-ldap php-fileinfo php-exif php-apcu php-redis php-imagick unzip curl wget && \
|
|
||||||
phpenmod gd && \
|
|
||||||
phpenmod curl && \
|
|
||||||
phpenmod mbstring && \
|
|
||||||
phpenmod pgsql && \
|
|
||||||
phpenmod dom && \
|
|
||||||
phpenmod zip && \
|
|
||||||
phpenmod intl && \
|
|
||||||
phpenmod ldap && \
|
|
||||||
phpenmod fileinfo && \
|
|
||||||
phpenmod exif && \
|
|
||||||
phpenmod apcu && \
|
|
||||||
phpenmod redis && \
|
|
||||||
phpenmod imagick && \
|
|
||||||
phpenmod xml
|
|
||||||
|
|
||||||
COPY container-setup.sh /tmp
|
|
||||||
RUN /tmp/container-setup.sh
|
|
||||||
|
|
||||||
COPY entrypoint.sh /
|
|
||||||
CMD /entrypoint.sh
|
|
|
@ -1,37 +0,0 @@
|
||||||
#!/bin/sh
|
|
||||||
|
|
||||||
set -ex
|
|
||||||
|
|
||||||
curl https://download.nextcloud.com/server/releases/nextcloud-19.0.0.zip > /tmp/nextcloud.zip
|
|
||||||
cd /var/www
|
|
||||||
unzip /tmp/nextcloud.zip
|
|
||||||
rm /tmp/nextcloud.zip
|
|
||||||
mv html html.old
|
|
||||||
mv nextcloud html
|
|
||||||
|
|
||||||
cd html
|
|
||||||
mkdir data
|
|
||||||
|
|
||||||
cd apps
|
|
||||||
wget https://github.com/nextcloud/tasks/releases/download/v0.13.1/tasks.tar.gz
|
|
||||||
tar xf tasks.tar.gz
|
|
||||||
wget https://github.com/nextcloud/maps/releases/download/v0.1.6/maps-0.1.6.tar.gz
|
|
||||||
tar xf maps-0.1.6.tar.gz
|
|
||||||
wget https://github.com/nextcloud/calendar/releases/download/v2.0.3/calendar.tar.gz
|
|
||||||
tar xf calendar.tar.gz
|
|
||||||
wget https://github.com/nextcloud/news/releases/download/14.1.11/news.tar.gz
|
|
||||||
tar xf news.tar.gz
|
|
||||||
wget https://github.com/nextcloud/notes/releases/download/v3.6.0/notes.tar.gz
|
|
||||||
tar xf notes.tar.gz
|
|
||||||
wget https://github.com/nextcloud/contacts/releases/download/v3.3.0/contacts.tar.gz
|
|
||||||
tar xf contacts.tar.gz
|
|
||||||
wget https://github.com/nextcloud/mail/releases/download/v1.4.0/mail.tar.gz
|
|
||||||
tar xf mail.tar.gz
|
|
||||||
wget https://github.com/nextcloud/groupfolders/releases/download/v6.0.6/groupfolders.tar.gz
|
|
||||||
tar xf groupfolders.tar.gz
|
|
||||||
rm *.tar.gz
|
|
||||||
|
|
||||||
chown -R www-data:www-data /var/www/html
|
|
||||||
|
|
||||||
cd /var/www/html
|
|
||||||
php occ
|
|
|
@ -1,8 +0,0 @@
|
||||||
#!/bin/sh
|
|
||||||
|
|
||||||
set -xe
|
|
||||||
|
|
||||||
chown www-data:www-data /var/www/html/config/config.php
|
|
||||||
touch /var/www/html/data/.ocdata
|
|
||||||
|
|
||||||
exec apachectl -DFOREGROUND
|
|
|
@ -1,49 +0,0 @@
|
||||||
<?php
|
|
||||||
$CONFIG = array (
|
|
||||||
'appstoreenabled' => false,
|
|
||||||
'instanceid' => '{{ key "secrets/nextcloud/instance_id" | trimSpace }}',
|
|
||||||
'passwordsalt' => '{{ key "secrets/nextcloud/password_salt" | trimSpace }}',
|
|
||||||
'secret' => '{{ key "secrets/nextcloud/secret" | trimSpace }}',
|
|
||||||
'trusted_domains' => array (
|
|
||||||
0 => 'nextcloud.deuxfleurs.fr',
|
|
||||||
),
|
|
||||||
'memcache.local' => '\\OC\\Memcache\\APCu',
|
|
||||||
|
|
||||||
'objectstore' => array(
|
|
||||||
'class' => '\\OC\\Files\\ObjectStore\\S3',
|
|
||||||
'arguments' => array(
|
|
||||||
'bucket' => 'nextcloud',
|
|
||||||
'autocreate' => false,
|
|
||||||
'key' => '{{ key "secrets/nextcloud/garage_access_key" | trimSpace }}',
|
|
||||||
'secret' => '{{ key "secrets/nextcloud/garage_secret_key" | trimSpace }}',
|
|
||||||
'hostname' => 'garage.deuxfleurs.fr',
|
|
||||||
'port' => 443,
|
|
||||||
'use_ssl' => true,
|
|
||||||
'region' => 'garage',
|
|
||||||
// required for some non Amazon S3 implementations
|
|
||||||
'use_path_style' => true
|
|
||||||
),
|
|
||||||
),
|
|
||||||
|
|
||||||
'dbtype' => 'pgsql',
|
|
||||||
'dbhost' => 'psql-proxy.service.2.cluster.deuxfleurs.fr',
|
|
||||||
'dbname' => 'nextcloud',
|
|
||||||
'dbtableprefix' => 'nc_',
|
|
||||||
'dbuser' => '{{ key "secrets/nextcloud/db_user" | trimSpace }}',
|
|
||||||
'dbpassword' => '{{ key "secrets/nextcloud/db_pass" | trimSpace }}',
|
|
||||||
|
|
||||||
'default_language' => 'fr',
|
|
||||||
'default_locale' => 'fr_FR',
|
|
||||||
|
|
||||||
'mail_domain' => 'deuxfleurs.fr',
|
|
||||||
'mail_from_address' => 'nextcloud@deuxfleurs.fr',
|
|
||||||
// TODO SMTP CONFIG
|
|
||||||
|
|
||||||
// TODO REDIS CACHE
|
|
||||||
|
|
||||||
'version' => '19.0.0.12',
|
|
||||||
'overwrite.cli.url' => 'https://nextcloud.deuxfleurs.fr',
|
|
||||||
|
|
||||||
'installed' => true,
|
|
||||||
);
|
|
||||||
|
|
|
@ -1,65 +0,0 @@
|
||||||
job "nextcloud" {
|
|
||||||
datacenters = ["dc1", "belair"]
|
|
||||||
type = "service"
|
|
||||||
priority = 40
|
|
||||||
|
|
||||||
constraint {
|
|
||||||
attribute = "${attr.cpu.arch}"
|
|
||||||
value = "amd64"
|
|
||||||
}
|
|
||||||
|
|
||||||
group "nextcloud" {
|
|
||||||
count = 1
|
|
||||||
|
|
||||||
network {
|
|
||||||
port "web_port" {
|
|
||||||
to = 80
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
task "nextcloud" {
|
|
||||||
driver = "docker"
|
|
||||||
config {
|
|
||||||
image = "lxpz/deuxfleurs_nextcloud_amd64:8"
|
|
||||||
ports = [ "web_port" ]
|
|
||||||
volumes = [
|
|
||||||
"secrets/config.php:/var/www/html/config/config.php"
|
|
||||||
]
|
|
||||||
}
|
|
||||||
|
|
||||||
template {
|
|
||||||
data = file("../config/config.php.tpl")
|
|
||||||
destination = "secrets/config.php"
|
|
||||||
}
|
|
||||||
|
|
||||||
resources {
|
|
||||||
memory = 1000
|
|
||||||
cpu = 2000
|
|
||||||
}
|
|
||||||
|
|
||||||
service {
|
|
||||||
name = "nextcloud"
|
|
||||||
tags = [
|
|
||||||
"nextcloud",
|
|
||||||
"traefik.enable=true",
|
|
||||||
"traefik.frontend.entryPoints=https,http",
|
|
||||||
"traefik.frontend.rule=Host:nextcloud.deuxfleurs.fr",
|
|
||||||
]
|
|
||||||
port = "web_port"
|
|
||||||
address_mode = "host"
|
|
||||||
check {
|
|
||||||
type = "tcp"
|
|
||||||
port = "web_port"
|
|
||||||
interval = "60s"
|
|
||||||
timeout = "5s"
|
|
||||||
check_restart {
|
|
||||||
limit = 3
|
|
||||||
grace = "90s"
|
|
||||||
ignore_warnings = false
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
|
@ -1,20 +0,0 @@
|
||||||
Install Owncloud CLI:
|
|
||||||
|
|
||||||
php ./occ \
|
|
||||||
--no-interaction \
|
|
||||||
--verbose \
|
|
||||||
maintenance:install \
|
|
||||||
--database pgsql \
|
|
||||||
--database-name nextcloud \
|
|
||||||
--database-host postgres \
|
|
||||||
--database-user nextcloud \
|
|
||||||
--database-pass nextcloud \
|
|
||||||
--admin-user nextcloud \
|
|
||||||
--admin-pass nextcloud \
|
|
||||||
--admin-email coucou@deuxfleurs.fr
|
|
||||||
|
|
||||||
Official image entrypoint:
|
|
||||||
|
|
||||||
https://github.com/nextcloud/docker/blob/master/20.0/fpm/entrypoint.sh
|
|
||||||
|
|
||||||
|
|
|
@ -1,31 +0,0 @@
|
||||||
{
|
|
||||||
"suffix": "dc=deuxfleurs,dc=fr",
|
|
||||||
"bind": "0.0.0.0:389",
|
|
||||||
"consul_host": "http://consul:8500",
|
|
||||||
"log_level": "debug",
|
|
||||||
"acl": [
|
|
||||||
"*,dc=deuxfleurs,dc=fr::read:*:* !userpassword",
|
|
||||||
"*::read modify:SELF:*",
|
|
||||||
"ANONYMOUS::bind:*,ou=users,dc=deuxfleurs,dc=fr:",
|
|
||||||
"ANONYMOUS::bind:cn=admin,dc=deuxfleurs,dc=fr:",
|
|
||||||
"*,ou=services,ou=users,dc=deuxfleurs,dc=fr::bind:*,ou=users,dc=deuxfleurs,dc=fr:*",
|
|
||||||
"*,ou=services,ou=users,dc=deuxfleurs,dc=fr::read:*:*",
|
|
||||||
|
|
||||||
"*:cn=asso_deuxfleurs,ou=groups,dc=deuxfleurs,dc=fr:add:*,ou=invitations,dc=deuxfleurs,dc=fr:*",
|
|
||||||
"ANONYMOUS::bind:*,ou=invitations,dc=deuxfleurs,dc=fr:",
|
|
||||||
"*,ou=invitations,dc=deuxfleurs,dc=fr::delete:SELF:*",
|
|
||||||
|
|
||||||
"*:cn=asso_deuxfleurs,ou=groups,dc=deuxfleurs,dc=fr:add:*,ou=users,dc=deuxfleurs,dc=fr:*",
|
|
||||||
"*,ou=invitations,dc=deuxfleurs,dc=fr::add:*,ou=users,dc=deuxfleurs,dc=fr:*",
|
|
||||||
|
|
||||||
"*:cn=asso_deuxfleurs,ou=groups,dc=deuxfleurs,dc=fr:modifyAdd:cn=email,ou=groups,dc=deuxfleurs,dc=fr:*",
|
|
||||||
"*,ou=invitations,dc=deuxfleurs,dc=fr::modifyAdd:cn=email,ou=groups,dc=deuxfleurs,dc=fr:*",
|
|
||||||
"*:cn=asso_deuxfleurs,ou=groups,dc=deuxfleurs,dc=fr:modifyAdd:cn=seafile,ou=groups,dc=deuxfleurs,dc=fr:*",
|
|
||||||
"*,ou=invitations,dc=deuxfleurs,dc=fr::modifyAdd:cn=seafile,ou=groups,dc=deuxfleurs,dc=fr:*",
|
|
||||||
"*:cn=asso_deuxfleurs,ou=groups,dc=deuxfleurs,dc=fr:modifyAdd:cn=nextcloud,ou=groups,dc=deuxfleurs,dc=fr:*",
|
|
||||||
"*,ou=invitations,dc=deuxfleurs,dc=fr::modifyAdd:cn=seafile,ou=nextcloud,dc=deuxfleurs,dc=fr:*",
|
|
||||||
|
|
||||||
"cn=admin,dc=deuxfleurs,dc=fr::read add modify delete:*:*",
|
|
||||||
"*:cn=admin,ou=groups,dc=deuxfleurs,dc=fr:read add modify delete:*:*"
|
|
||||||
]
|
|
||||||
}
|
|
|
@ -1,27 +0,0 @@
|
||||||
version: '3.4'
|
|
||||||
services:
|
|
||||||
php:
|
|
||||||
image: lxpz/deuxfleurs_nextcloud_amd64:8
|
|
||||||
depends_on:
|
|
||||||
- bottin
|
|
||||||
- postgres
|
|
||||||
ports:
|
|
||||||
- "80:80"
|
|
||||||
|
|
||||||
postgres:
|
|
||||||
image: postgres:9.6.19
|
|
||||||
environment:
|
|
||||||
- POSTGRES_DB=nextcloud
|
|
||||||
- POSTGRES_USER=nextcloud
|
|
||||||
- POSTGRES_PASSWORD=nextcloud
|
|
||||||
|
|
||||||
bottin:
|
|
||||||
image: lxpz/bottin_amd64:14
|
|
||||||
depends_on:
|
|
||||||
- consul
|
|
||||||
volumes:
|
|
||||||
- ./bottin.json:/config.json
|
|
||||||
|
|
||||||
consul:
|
|
||||||
image: consul:1.8.4
|
|
||||||
|
|
|
@ -1,3 +0,0 @@
|
||||||
[mariadb]
|
|
||||||
pam_use_cleartext_plugin
|
|
||||||
bind-address = 0.0.0.0
|
|
|
@ -1,3 +0,0 @@
|
||||||
[mariadb]
|
|
||||||
plugin-load=auth_pam.so
|
|
||||||
|
|
|
@ -1,2 +0,0 @@
|
||||||
[mysqld]
|
|
||||||
bind-address = *
|
|
|
@ -1,14 +0,0 @@
|
||||||
FROM debian:stretch
|
|
||||||
|
|
||||||
RUN apt-get update && \
|
|
||||||
apt-get dist-upgrade -y && \
|
|
||||||
DEBIAN_FRONTEND=noninteractive apt-get install -y mariadb-server mariadb-client libnss-ldapd
|
|
||||||
|
|
||||||
COPY 60-ldap.cnf /etc/mysql/mariadb.conf.d/60-ldap.cnf
|
|
||||||
COPY 60-remote.cnf /etc/mysql/mariadb.conf.d/60-remote.cnf
|
|
||||||
COPY 60-disable-dialog.cnf /etc/mysql/mariadb.conf.d/60-disable-dialog.cnf
|
|
||||||
COPY pam-mariadb /etc/pam.d/mariadb
|
|
||||||
COPY nsswitch.conf /etc/nsswitch.conf
|
|
||||||
COPY entrypoint.sh /usr/local/bin/entrypoint
|
|
||||||
|
|
||||||
ENTRYPOINT ["/usr/local/bin/entrypoint"]
|
|
|
@ -1,19 +0,0 @@
|
||||||
```
|
|
||||||
sudo docker build -t superboum/amd64_mariadb:v3 .
|
|
||||||
|
|
||||||
sudo docker run \
|
|
||||||
-t -i \
|
|
||||||
-p 3306:3306 \
|
|
||||||
-v /tmp/mysql:/var/lib/mysql \
|
|
||||||
-e LDAP_URI='ldap://bottin.service.2.cluster.deuxfleurs.fr' \
|
|
||||||
-e LDAP_BASE='ou=users,dc=deuxfleurs,dc=fr' \
|
|
||||||
-e LDAP_VERSION=3 \
|
|
||||||
-e LDAP_BIND_DN='cn=admin,dc=deuxfleurs,dc=fr' \
|
|
||||||
-e LDAP_BIND_PW='xxxx' \
|
|
||||||
-e MYSQL_PASSWORD='xxxx' \
|
|
||||||
superboum/amd64_mariadb:v1 \
|
|
||||||
tail -f /var/log/mysql/error.log
|
|
||||||
|
|
||||||
CREATE USER quentin@localhost IDENTIFIED VIA pam USING 'mariadb';
|
|
||||||
|
|
||||||
```
|
|
|
@ -1,50 +0,0 @@
|
||||||
#!/bin/bash
|
|
||||||
|
|
||||||
set -e
|
|
||||||
|
|
||||||
cat > /etc/nslcd.conf <<EOF
|
|
||||||
# /etc/nslcd.conf
|
|
||||||
# nslcd configuration file. See nslcd.conf(5)
|
|
||||||
# for details.
|
|
||||||
|
|
||||||
# The user and group nslcd should run as.
|
|
||||||
uid nslcd
|
|
||||||
gid nslcd
|
|
||||||
|
|
||||||
# The location at which the LDAP server(s) should be reachable.
|
|
||||||
uri ${LDAP_URI}
|
|
||||||
|
|
||||||
# The search base that will be used for all queries.
|
|
||||||
base ${LDAP_BASE}
|
|
||||||
|
|
||||||
# The LDAP protocol version to use.
|
|
||||||
ldap_version ${LDAP_VERSION}
|
|
||||||
|
|
||||||
# The DN to bind with for normal lookups.
|
|
||||||
binddn ${LDAP_BIND_DN}
|
|
||||||
bindpw ${LDAP_BIND_PW}
|
|
||||||
|
|
||||||
# The DN used for password modifications by root.
|
|
||||||
#rootpwmoddn cn=admin,dc=example,dc=com
|
|
||||||
|
|
||||||
# SSL options
|
|
||||||
#ssl off
|
|
||||||
#tls_reqcert never
|
|
||||||
tls_cacertfile /etc/ssl/certs/ca-certificates.crt
|
|
||||||
|
|
||||||
# The search scope.
|
|
||||||
#scope sub
|
|
||||||
EOF
|
|
||||||
|
|
||||||
/usr/sbin/nslcd
|
|
||||||
|
|
||||||
chown mysql:mysql /var/lib/mysql
|
|
||||||
[ -z "$(ls -A /var/lib/mysql)" ] && mysql_install_db --user=mysql --basedir=/usr --datadir=/var/lib/mysql
|
|
||||||
|
|
||||||
/usr/bin/mysqld_safe --skip-syslog &
|
|
||||||
|
|
||||||
until ls /var/run/mysqld/mysqld.sock; do sleep 1; done
|
|
||||||
/usr/bin/mysqladmin -u root password ${MYSQL_PASSWORD} || true
|
|
||||||
|
|
||||||
exec "$@"
|
|
||||||
|
|
|
@ -1,21 +0,0 @@
|
||||||
# /etc/nsswitch.conf
|
|
||||||
#
|
|
||||||
# Example configuration of GNU Name Service Switch functionality.
|
|
||||||
# If you have the `glibc-doc-reference' and `info' packages installed, try:
|
|
||||||
# `info libc "Name Service Switch"' for information about this file.
|
|
||||||
|
|
||||||
passwd: files ldap
|
|
||||||
group: files ldap
|
|
||||||
shadow: files ldap
|
|
||||||
gshadow: files
|
|
||||||
|
|
||||||
hosts: files dns
|
|
||||||
networks: files
|
|
||||||
|
|
||||||
protocols: db files
|
|
||||||
services: db files
|
|
||||||
ethers: db files
|
|
||||||
rpc: db files
|
|
||||||
|
|
||||||
netgroup: nis
|
|
||||||
|
|
|
@ -1,2 +0,0 @@
|
||||||
auth required pam_ldap.so
|
|
||||||
account required pam_ldap.so
|
|
|
@ -1,46 +0,0 @@
|
||||||
FROM amd64/debian:buster as builder
|
|
||||||
|
|
||||||
ENV VERSION 7.0.5
|
|
||||||
|
|
||||||
RUN apt-get update && \
|
|
||||||
apt-get dist-upgrade -y && \
|
|
||||||
DEBIAN_FRONTEND=noninteractive apt-get install -y wget tar && \
|
|
||||||
wget https://download.seadrive.org/seafile-server_${VERSION}_x86-64.tar.gz -O ./seafile.tar.gz && \
|
|
||||||
tar xf ./seafile.tar.gz && \
|
|
||||||
mv seafile-server-${VERSION} seafile-server
|
|
||||||
|
|
||||||
FROM amd64/debian:buster
|
|
||||||
|
|
||||||
COPY --from=builder ./seafile-server /srv/webstore/seafile-server
|
|
||||||
|
|
||||||
RUN apt-get update && \
|
|
||||||
apt-get dist-upgrade -y && \
|
|
||||||
DEBIAN_FRONTEND=noninteractive apt-get install -y \
|
|
||||||
python \
|
|
||||||
mariadb-client \
|
|
||||||
python2.7 \
|
|
||||||
libpython2.7 \
|
|
||||||
python-setuptools \
|
|
||||||
python-ldap \
|
|
||||||
python-urllib3 \
|
|
||||||
ffmpeg \
|
|
||||||
python-pip \
|
|
||||||
python-mysqldb \
|
|
||||||
python-memcache \
|
|
||||||
procps \
|
|
||||||
python-requests && \
|
|
||||||
pip install Pillow==4.3.0 && \
|
|
||||||
pip install moviepy && \
|
|
||||||
useradd -u 1000 -d /srv/webstore seauser && \
|
|
||||||
chown -R seauser:1000 /srv/webstore/
|
|
||||||
|
|
||||||
RUN mkdir -p /usr/local/lib/mariadb/plugin/ && \
|
|
||||||
ln -s /usr/lib/x86_64-linux-gnu/mariadb*/plugin/mysql_clear_password.so /usr/local/lib/mariadb/plugin/ && \
|
|
||||||
ln -s /usr/lib/x86_64-linux-gnu/mariadb*/plugin/dialog.so /usr/local/lib/mariadb/plugin/
|
|
||||||
|
|
||||||
WORKDIR /srv/webstore/seafile-server
|
|
||||||
COPY seadocker /usr/local/bin/seadocker
|
|
||||||
COPY seaenv /usr/local/bin/seaenv
|
|
||||||
|
|
||||||
ENTRYPOINT ["/usr/local/bin/seaenv"]
|
|
||||||
CMD ["/usr/local/bin/seadocker"]
|
|
|
@ -1,27 +0,0 @@
|
||||||
|
|
||||||
```bash
|
|
||||||
sudo docker build -t superboum/amd64_seafile:v5 .
|
|
||||||
```
|
|
||||||
|
|
||||||
When upgrading, connect on a production server and run:
|
|
||||||
|
|
||||||
```bash
|
|
||||||
nomad stop seafile
|
|
||||||
sudo docker build -t superboum/amd64_seafile:v6 .
|
|
||||||
|
|
||||||
sudo docker run -t -i \
|
|
||||||
-v /mnt/glusterfs/seafile:/mnt/seafile-data \
|
|
||||||
-v /mnt/glusterfs/seaconf/conf:/srv/webstore/conf \
|
|
||||||
-v /mnt/glusterfs/seaconf/ccnet:/srv/webstore/ccnet \
|
|
||||||
superboum/amd64_seafile:v5
|
|
||||||
|
|
||||||
# See:
|
|
||||||
# * https://download.seafile.com/published/seafile-manual/deploy/upgrade.md
|
|
||||||
# * https://download.seafile.com/published/seafile-manual/changelog/server-changelog.md
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
nomad start seafile.hcl
|
|
||||||
```
|
|
||||||
|
|
||||||
when upgrading, change the command on start
|
|
|
@ -1,4 +0,0 @@
|
||||||
#!/bin/bash
|
|
||||||
/srv/webstore/seafile-server/seafile.sh start
|
|
||||||
/srv/webstore/seafile-server/seahub.sh start
|
|
||||||
tail -f /srv/webstore/logs/*
|
|
|
@ -1,7 +0,0 @@
|
||||||
#!/bin/bash
|
|
||||||
|
|
||||||
chown seauser /srv/webstore
|
|
||||||
chown seauser -R /srv/webstore/ccnet
|
|
||||||
chown seauser -R /srv/webstore/conf
|
|
||||||
|
|
||||||
runuser -u seauser -- "$@"
|
|
|
@ -1 +0,0 @@
|
||||||
/mnt/seafile-data/
|
|
|
@ -1,29 +0,0 @@
|
||||||
[General]
|
|
||||||
USER_NAME = deuxfleurs
|
|
||||||
ID = {{ key "secrets/seafile/ccnet/seafile_id" | trimSpace }}
|
|
||||||
NAME = deuxfleurs
|
|
||||||
SERVICE_URL = https://cloud.deuxfleurs.fr
|
|
||||||
|
|
||||||
[Network]
|
|
||||||
PORT = 10001
|
|
||||||
|
|
||||||
[Client]
|
|
||||||
PORT = 13418
|
|
||||||
|
|
||||||
[LDAP]
|
|
||||||
HOST = ldap://bottin2.service.2.cluster.deuxfleurs.fr/
|
|
||||||
BASE = ou=users,dc=deuxfleurs,dc=fr
|
|
||||||
USER_DN = {{ key "secrets/seafile/ccnet/ldap_binddn" | trimSpace }}
|
|
||||||
FILTER = memberOf=CN=seafile,OU=groups,DC=deuxfleurs,DC=fr
|
|
||||||
PASSWORD = {{ key "secrets/seafile/ccnet/ldap_bindpwd" | trimSpace }}
|
|
||||||
LOGIN_ATTR = mail
|
|
||||||
|
|
||||||
[Database]
|
|
||||||
ENGINE = mysql
|
|
||||||
HOST = mariadb.service.2.cluster.deuxfleurs.fr
|
|
||||||
PORT = 3306
|
|
||||||
USER = seafile
|
|
||||||
PASSWD = {{ key "secrets/seafile/ccnet/mysql_pwd" | trimSpace }}
|
|
||||||
DB = ccnet-db
|
|
||||||
CONNECTION_CHARSET = utf8
|
|
||||||
|
|
|
@ -1,16 +0,0 @@
|
||||||
import os
|
|
||||||
|
|
||||||
daemon = True
|
|
||||||
workers = 5
|
|
||||||
|
|
||||||
# default localhost:8000
|
|
||||||
bind = "[::]:8000"
|
|
||||||
|
|
||||||
# Pid
|
|
||||||
pids_dir = '/srv/webstore/pids'
|
|
||||||
pidfile = os.path.join(pids_dir, 'seahub.pid')
|
|
||||||
|
|
||||||
# for file upload, we need a longer timeout value (default is only 30s, too short)
|
|
||||||
timeout = 1200
|
|
||||||
|
|
||||||
limit_request_line = 8190
|
|
|
@ -1,6 +0,0 @@
|
||||||
[WEBDAV]
|
|
||||||
host = ::
|
|
||||||
enabled = true
|
|
||||||
port = 8084
|
|
||||||
fastcgi = false
|
|
||||||
share_name = /seafdav
|
|
|
@ -1,19 +0,0 @@
|
||||||
[network]
|
|
||||||
port = 12001
|
|
||||||
|
|
||||||
[fileserver]
|
|
||||||
port = 8083
|
|
||||||
max_upload_size=8192
|
|
||||||
max_download_dir_size=8192
|
|
||||||
|
|
||||||
[database]
|
|
||||||
type = mysql
|
|
||||||
host = mariadb.service.2.cluster.deuxfleurs.fr
|
|
||||||
port = 3306
|
|
||||||
user = seafile
|
|
||||||
password = {{ key "secrets/seafile/ccnet/mysql_pwd" | trimSpace }}
|
|
||||||
db_name = seafile-db
|
|
||||||
connection_charset = utf8
|
|
||||||
|
|
||||||
[quota]
|
|
||||||
default = 50
|
|
|
@ -1,21 +0,0 @@
|
||||||
SECRET_KEY = "8ep+sgi&s1-f2cq2178!ekk!0h0nw2y4z1-olbaopxmodsd8vk"
|
|
||||||
FILE_SERVER_ROOT = 'https://cloud.deuxfleurs.fr/seafhttp'
|
|
||||||
DATABASES = {
|
|
||||||
'default': {
|
|
||||||
'ENGINE': 'django.db.backends.mysql',
|
|
||||||
'NAME': 'seahub-db',
|
|
||||||
'USER': 'seafile',
|
|
||||||
'PASSWORD': '{{ key "secrets/seafile/ccnet/mysql_pwd" | trimSpace }}',
|
|
||||||
'HOST': 'mariadb.service.2.cluster.deuxfleurs.fr',
|
|
||||||
'PORT': '3306',
|
|
||||||
'OPTIONS': {
|
|
||||||
'init_command': 'SET storage_engine=INNODB',
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
FILE_PREVIEW_MAX_SIZE = 100 * 1024 * 1024
|
|
||||||
ENABLE_THUMBNAIL = True
|
|
||||||
THUMBNAIL_ROOT = '/mnt/seafile-data/thumbnail/thumb/'
|
|
||||||
THUMBNAIL_EXTENSION = 'png'
|
|
||||||
THUMBNAIL_DEFAULT_SIZE = '24'
|
|
||||||
PREVIEW_DEFAULT_SIZE = '300'
|
|
|
@ -1,6 +0,0 @@
|
||||||
LDAP_URI = "ldap://bottin2.service.2.cluster.deuxfleurs.fr"
|
|
||||||
LDAP_BASE = "ou=users,dc=deuxfleurs,dc=fr"
|
|
||||||
LDAP_VERSION = 3
|
|
||||||
LDAP_BIND_DN = "{{ key "secrets/mariadb/main/ldap_binddn" | trimSpace }}"
|
|
||||||
LDAP_BIND_PW = "{{ key "secrets/mariadb/main/ldap_bindpwd" | trimSpace }}"
|
|
||||||
MYSQL_PASSWORD = "{{ key "secrets/mariadb/main/mysql_pwd" | trimSpace }}"
|
|
|
@ -1,222 +0,0 @@
|
||||||
job "seafile" {
|
|
||||||
datacenters = ["dc1"]
|
|
||||||
type = "service"
|
|
||||||
priority = 10
|
|
||||||
|
|
||||||
constraint {
|
|
||||||
attribute = "${attr.cpu.arch}"
|
|
||||||
value = "amd64"
|
|
||||||
}
|
|
||||||
|
|
||||||
group "main" {
|
|
||||||
count = 1
|
|
||||||
|
|
||||||
network {
|
|
||||||
port "seafile-frontend_port" { static = 8000 }
|
|
||||||
port "seafile-seafhttp_port" { static = 8083 }
|
|
||||||
port "seafile-dav_port" { static = 8084 }
|
|
||||||
port "seafile-hack_port" { static = 8085 }
|
|
||||||
port "mariadb_port" { static = 3306 }
|
|
||||||
}
|
|
||||||
|
|
||||||
task "mariadb" {
|
|
||||||
driver = "docker"
|
|
||||||
config {
|
|
||||||
image = "superboum/amd64_mariadb:v4"
|
|
||||||
network_mode = "host"
|
|
||||||
command = "tail"
|
|
||||||
ports = [ "mariadb_port" ]
|
|
||||||
args = [
|
|
||||||
"-f", "/var/log/mysql/error.log",
|
|
||||||
]
|
|
||||||
volumes = [
|
|
||||||
"/mnt/glusterfs/mariadb/main/server:/var/lib/mysql",
|
|
||||||
]
|
|
||||||
}
|
|
||||||
|
|
||||||
template {
|
|
||||||
data = file("../config/mariadb/main/env.tpl")
|
|
||||||
destination = "secrets/env"
|
|
||||||
env = true
|
|
||||||
}
|
|
||||||
|
|
||||||
resources {
|
|
||||||
memory = 800
|
|
||||||
}
|
|
||||||
|
|
||||||
service {
|
|
||||||
tags = ["mariadb"]
|
|
||||||
port = "mariadb_port"
|
|
||||||
address_mode = "host"
|
|
||||||
name = "mariadb"
|
|
||||||
check {
|
|
||||||
type = "tcp"
|
|
||||||
port = "mariadb_port"
|
|
||||||
interval = "60s"
|
|
||||||
timeout = "5s"
|
|
||||||
check_restart {
|
|
||||||
limit = 3
|
|
||||||
grace = "90s"
|
|
||||||
ignore_warnings = false
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
task "hack" {
|
|
||||||
driver = "docker"
|
|
||||||
config {
|
|
||||||
image = "alpine/socat:1.0.5"
|
|
||||||
network_mode = "host"
|
|
||||||
ports = [ "seafile-hack_port" ]
|
|
||||||
command = "tcp6-listen:8085,fork,reuseaddr"
|
|
||||||
args = [ "tcp-connect:127.0.0.1:8083" ]
|
|
||||||
}
|
|
||||||
resources {
|
|
||||||
memory = 10
|
|
||||||
}
|
|
||||||
service {
|
|
||||||
tags = [
|
|
||||||
"seafile",
|
|
||||||
"traefik.enable=true",
|
|
||||||
"traefik.frontend.entryPoints=https,http",
|
|
||||||
"traefik.frontend.rule=Host:cloud.deuxfleurs.fr;PathPrefixStrip:/seafhttp"
|
|
||||||
|
|
||||||
]
|
|
||||||
port = "seafile-hack_port"
|
|
||||||
address_mode = "host"
|
|
||||||
name = "seafhttp"
|
|
||||||
check {
|
|
||||||
type = "tcp"
|
|
||||||
port = "seafile-hack_port"
|
|
||||||
interval = "60s"
|
|
||||||
timeout = "5s"
|
|
||||||
check_restart {
|
|
||||||
limit = 3
|
|
||||||
grace = "90s"
|
|
||||||
ignore_warnings = false
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
task "server" {
|
|
||||||
driver = "docker"
|
|
||||||
config {
|
|
||||||
image = "superboum/amd64_seafile:v6"
|
|
||||||
network_mode = "host"
|
|
||||||
ports = [ "seafile-frontend_port", "seafile-dav_port", "seafile-seafhttp_port" ]
|
|
||||||
|
|
||||||
## cmd + args are used for running an instance attachable for update
|
|
||||||
# command = "/bin/sleep"
|
|
||||||
# args = ["999999"]
|
|
||||||
|
|
||||||
mounts = [
|
|
||||||
{
|
|
||||||
type = "bind"
|
|
||||||
source = "/mnt/glusterfs/seafile"
|
|
||||||
target = "/mnt/seafile-data"
|
|
||||||
}
|
|
||||||
]
|
|
||||||
|
|
||||||
volumes = [
|
|
||||||
"secrets/conf:/srv/webstore/conf",
|
|
||||||
"secrets/ccnet:/srv/webstore/ccnet"
|
|
||||||
]
|
|
||||||
}
|
|
||||||
|
|
||||||
resources {
|
|
||||||
memory = 600
|
|
||||||
}
|
|
||||||
|
|
||||||
service {
|
|
||||||
tags = [
|
|
||||||
"seafile",
|
|
||||||
"traefik.enable=true",
|
|
||||||
"traefik.frontend.entryPoints=https,http",
|
|
||||||
"traefik.frontend.rule=Host:cloud.deuxfleurs.fr;PathPrefix:/"
|
|
||||||
]
|
|
||||||
port = "seafile-frontend_port"
|
|
||||||
address_mode = "host"
|
|
||||||
name = "seahub"
|
|
||||||
check {
|
|
||||||
type = "tcp"
|
|
||||||
port = "seafile-frontend_port"
|
|
||||||
interval = "60s"
|
|
||||||
timeout = "5s"
|
|
||||||
check_restart {
|
|
||||||
limit = 3
|
|
||||||
grace = "90s"
|
|
||||||
ignore_warnings = false
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
service {
|
|
||||||
tags = [
|
|
||||||
"seafile",
|
|
||||||
"traefik.enable=true",
|
|
||||||
"traefik.frontend.entryPoints=https,http",
|
|
||||||
"traefik.frontend.rule=Host:cloud.deuxfleurs.fr;PathPrefix:/seafdav"
|
|
||||||
|
|
||||||
]
|
|
||||||
port = "seafile-dav_port"
|
|
||||||
address_mode = "host"
|
|
||||||
name = "seafdav"
|
|
||||||
check {
|
|
||||||
type = "tcp"
|
|
||||||
port = "seafile-dav_port"
|
|
||||||
interval = "60s"
|
|
||||||
timeout = "5s"
|
|
||||||
check_restart {
|
|
||||||
limit = 3
|
|
||||||
grace = "90s"
|
|
||||||
ignore_warnings = false
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
template {
|
|
||||||
data = file("../config/conf/ccnet.conf.tpl")
|
|
||||||
destination = "secrets/conf/ccnet.conf"
|
|
||||||
}
|
|
||||||
|
|
||||||
template {
|
|
||||||
data = file("../config/conf/seafile.conf.tpl")
|
|
||||||
destination = "secrets/conf/seafile.conf"
|
|
||||||
}
|
|
||||||
|
|
||||||
template {
|
|
||||||
data = file("../config/conf/seahub_settings.py.tpl")
|
|
||||||
destination = "secrets/conf/seahub_settings.py"
|
|
||||||
}
|
|
||||||
|
|
||||||
template {
|
|
||||||
data = file("../config/ccnet/seafile.ini")
|
|
||||||
destination = "secrets/ccnet/seafile.ini"
|
|
||||||
}
|
|
||||||
template {
|
|
||||||
data = file("../config/conf/seafdav.conf")
|
|
||||||
destination = "secrets/conf/seafdav.conf"
|
|
||||||
}
|
|
||||||
template {
|
|
||||||
data = file("../config/conf/gunicorn.conf")
|
|
||||||
destination = "secrets/conf/gunicorn.conf"
|
|
||||||
}
|
|
||||||
|
|
||||||
# ---- secrets ----
|
|
||||||
template {
|
|
||||||
data = "{{ key \"secrets/seafile/conf/mykey.peer\" }}"
|
|
||||||
destination = "secrets/ccnet/mykey.peer"
|
|
||||||
}
|
|
||||||
|
|
||||||
template {
|
|
||||||
data = "{{ key \"secrets/seafile/conf/mykey.peer\" }}"
|
|
||||||
destination = "secrets/conf/mykey.peer"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
|
@ -1 +0,0 @@
|
||||||
SERVICE_DN mysql MySQL/MariaDB database
|
|
|
@ -1 +0,0 @@
|
||||||
SERVICE_PASSWORD mysql
|
|
|
@ -1 +0,0 @@
|
||||||
USER mysql_pwd (what is this?)
|
|
|
@ -1 +0,0 @@
|
||||||
USER Seafile peer key
|
|
Loading…
Reference in a new issue