Add plume

This commit is contained in:
Quentin 2020-09-21 16:29:49 +02:00
parent 09fc30214d
commit 9e4e2f7b99
7 changed files with 97 additions and 11 deletions

View file

@ -81,6 +81,7 @@ alias bind_df="ssh \
-L 4646:127.0.0.1:4646 \
-L 8500:127.0.0.1:8500 \
-L 8082:traefik.service.2.cluster.deuxfleurs.fr:8082 \
-L 5432:psql-proxy.service.2.cluster.deuxfleurs.fr:5432 \
<a server from the cluster>"
```

View file

@ -1,7 +1,7 @@
#!/bin/bash
find {configuration,secrets}/$1 -type f \
| grep --perl-regexp --invert-match "\.sample$|\.gen$|/.gitignore$" \
| grep --perl-regexp --invert-match "\.sample$|\.gen$|\.gitignore|\.sh$" \
| while read filename; do
consul kv put "${filename}" "@${filename}"
done

View file

@ -5,6 +5,7 @@
# Whitelist some patterns
!*.sample
!*.gen
!*.sh
!.gitignore
# Whitelist specific files

View file

@ -0,0 +1,2 @@
#!/bin/bash
openssl rand -base64 32 > pgsql_pw

View file

@ -0,0 +1,2 @@
#!/bin/bash
openssl rand -base64 32 > secret_key

71
app/deployment/plume.hcl Normal file
View file

@ -0,0 +1,71 @@
job "plume" {
datacenters = ["dc1"]
type = "service"
constraint {
attribute = "${attr.cpu.arch}"
value = "amd64"
}
group "plume" {
count = 1
task "plume" {
driver = "docker"
config {
image = "plumeorg/plume:v0.5.0"
port_map {
web_port = 7878
}
#command = "cat"
#args = [ "/dev/stdout" ]
volumes = [
"/mnt/glusterfs/plume/media:/app/static/media",
"/mnt/glusterfs/plume/search:/app/search_index"
]
}
artifact {
source = "http://127.0.0.1:8500/v1/kv/configuration/plume/app.env?raw"
destination = "secrets/app.env.tpl"
mode = "file"
}
template {
source = "secrets/app.env.tpl"
destination = "secrets/app.env"
env = true
}
resources {
memory = 100
cpu = 100
network {
port "web_port" {}
}
}
service {
name = "plume"
tags = [
"plume",
"traefik.enable=true",
"traefik.frontend.entryPoints=https,http",
"traefik.frontend.rule=Host:plume.deuxfleurs.fr",
]
port = "web_port"
address_mode = "host"
check {
type = "tcp"
port = "web_port"
interval = "60s"
timeout = "5s"
check_restart {
limit = 3
grace = "600s"
ignore_warnings = false
}
}
}
}
}
}

View file

@ -1,15 +1,24 @@
## 1. Create a LDAP user and assign a password for your service
Go to guichet.deuxfleurs.fr
1. Everything takes place in `ou=services,ou=users,dc=deuxfleurs,dc=fr`
2. Create a new user, like `johny`
3. Generate a random password with `openssl rand -base64 32`
4. Hash it with `slappasswd`
5. Add a `userpassword` entry with the hash
## 2. Connect to postgres with the admin users
```bash
ssh root@<one node of the cluster>
docker run -t -i superboum/amd64_postgres:v1
psql -h psql-proxy.service.2.cluster.deuxfleurs.fr -p 25432 -U postgres -W postgres
# 1. Launch ssh tunnel given in the README
# 2. Make sure you have postregsql client installed locally
psql -h localhost -U postgres -W postgres
```
## 3. Create the binded users with LDAP in postgres + the database
```sql
CREATE USER seafile;
CREATE DATABASE seafile ENCODING 'UTF8' LC_COLLATE='C' LC_CTYPE='C' template=template0 OWNER seafile;
-- GRANT ALL PRIVILEGES ON DATABASE seafile TO seafile;
```
```
consul kv import @ldapkv_seafile.json
CREATE USER johny;
CREATE DATABASE amazingapp OWNER johny;
```