forked from Deuxfleurs/infrastructure
Add plume
This commit is contained in:
parent
09fc30214d
commit
9e4e2f7b99
7 changed files with 97 additions and 11 deletions
|
@ -81,6 +81,7 @@ alias bind_df="ssh \
|
|||
-L 4646:127.0.0.1:4646 \
|
||||
-L 8500:127.0.0.1:8500 \
|
||||
-L 8082:traefik.service.2.cluster.deuxfleurs.fr:8082 \
|
||||
-L 5432:psql-proxy.service.2.cluster.deuxfleurs.fr:5432 \
|
||||
<a server from the cluster>"
|
||||
```
|
||||
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
#!/bin/bash
|
||||
|
||||
find {configuration,secrets}/$1 -type f \
|
||||
| grep --perl-regexp --invert-match "\.sample$|\.gen$|/.gitignore$" \
|
||||
| grep --perl-regexp --invert-match "\.sample$|\.gen$|\.gitignore|\.sh$" \
|
||||
| while read filename; do
|
||||
consul kv put "${filename}" "@${filename}"
|
||||
done
|
||||
|
|
1
app/config/secrets/.gitignore
vendored
1
app/config/secrets/.gitignore
vendored
|
@ -5,6 +5,7 @@
|
|||
# Whitelist some patterns
|
||||
!*.sample
|
||||
!*.gen
|
||||
!*.sh
|
||||
!.gitignore
|
||||
|
||||
# Whitelist specific files
|
||||
|
|
2
app/config/secrets/plume/pgsql_pw.sh
Executable file
2
app/config/secrets/plume/pgsql_pw.sh
Executable file
|
@ -0,0 +1,2 @@
|
|||
#!/bin/bash
|
||||
openssl rand -base64 32 > pgsql_pw
|
2
app/config/secrets/plume/secret_key.sh
Executable file
2
app/config/secrets/plume/secret_key.sh
Executable file
|
@ -0,0 +1,2 @@
|
|||
#!/bin/bash
|
||||
openssl rand -base64 32 > secret_key
|
71
app/deployment/plume.hcl
Normal file
71
app/deployment/plume.hcl
Normal file
|
@ -0,0 +1,71 @@
|
|||
job "plume" {
|
||||
datacenters = ["dc1"]
|
||||
type = "service"
|
||||
|
||||
constraint {
|
||||
attribute = "${attr.cpu.arch}"
|
||||
value = "amd64"
|
||||
}
|
||||
|
||||
group "plume" {
|
||||
count = 1
|
||||
task "plume" {
|
||||
driver = "docker"
|
||||
config {
|
||||
image = "plumeorg/plume:v0.5.0"
|
||||
port_map {
|
||||
web_port = 7878
|
||||
}
|
||||
#command = "cat"
|
||||
#args = [ "/dev/stdout" ]
|
||||
volumes = [
|
||||
"/mnt/glusterfs/plume/media:/app/static/media",
|
||||
"/mnt/glusterfs/plume/search:/app/search_index"
|
||||
]
|
||||
}
|
||||
|
||||
artifact {
|
||||
source = "http://127.0.0.1:8500/v1/kv/configuration/plume/app.env?raw"
|
||||
destination = "secrets/app.env.tpl"
|
||||
mode = "file"
|
||||
}
|
||||
template {
|
||||
source = "secrets/app.env.tpl"
|
||||
destination = "secrets/app.env"
|
||||
env = true
|
||||
}
|
||||
|
||||
resources {
|
||||
memory = 100
|
||||
cpu = 100
|
||||
network {
|
||||
port "web_port" {}
|
||||
}
|
||||
}
|
||||
|
||||
service {
|
||||
name = "plume"
|
||||
tags = [
|
||||
"plume",
|
||||
"traefik.enable=true",
|
||||
"traefik.frontend.entryPoints=https,http",
|
||||
"traefik.frontend.rule=Host:plume.deuxfleurs.fr",
|
||||
]
|
||||
port = "web_port"
|
||||
address_mode = "host"
|
||||
check {
|
||||
type = "tcp"
|
||||
port = "web_port"
|
||||
interval = "60s"
|
||||
timeout = "5s"
|
||||
check_restart {
|
||||
limit = 3
|
||||
grace = "600s"
|
||||
ignore_warnings = false
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
@ -1,15 +1,24 @@
|
|||
## 1. Create a LDAP user and assign a password for your service
|
||||
|
||||
Go to guichet.deuxfleurs.fr
|
||||
|
||||
1. Everything takes place in `ou=services,ou=users,dc=deuxfleurs,dc=fr`
|
||||
2. Create a new user, like `johny`
|
||||
3. Generate a random password with `openssl rand -base64 32`
|
||||
4. Hash it with `slappasswd`
|
||||
5. Add a `userpassword` entry with the hash
|
||||
|
||||
## 2. Connect to postgres with the admin users
|
||||
|
||||
```bash
|
||||
ssh root@<one node of the cluster>
|
||||
docker run -t -i superboum/amd64_postgres:v1
|
||||
psql -h psql-proxy.service.2.cluster.deuxfleurs.fr -p 25432 -U postgres -W postgres
|
||||
# 1. Launch ssh tunnel given in the README
|
||||
# 2. Make sure you have postregsql client installed locally
|
||||
psql -h localhost -U postgres -W postgres
|
||||
```
|
||||
|
||||
## 3. Create the binded users with LDAP in postgres + the database
|
||||
|
||||
```sql
|
||||
CREATE USER seafile;
|
||||
CREATE DATABASE seafile ENCODING 'UTF8' LC_COLLATE='C' LC_CTYPE='C' template=template0 OWNER seafile;
|
||||
-- GRANT ALL PRIVILEGES ON DATABASE seafile TO seafile;
|
||||
```
|
||||
|
||||
```
|
||||
consul kv import @ldapkv_seafile.json
|
||||
CREATE USER johny;
|
||||
CREATE DATABASE amazingapp OWNER johny;
|
||||
```
|
||||
|
|
Loading…
Reference in a new issue