build/rockylinux9/lemonldap-ng/ansible/install.yaml

 ---
 - hosts: localhost
   vars:
-    lemonldap2_version: 2.19.1
+    lemonldap2_version: 2.20.2
 
   tasks:
   - name: Install locales for glibc

build/rockylinux9/lemonldap-ng/ansible/llng_config_sessions.yaml

@@ -6,42 +6,42 @@ oidcStorage: 'Apache::Session::Browseable::PgJSON'
 notificationStorage: 'DBI'
 
 globalStorageOptions:
-  DataSource: 'DBI:Pg:database={{ lemonldap2_pgdb }};host={{ lemonldap2_pghost }};port={{ lemonldap2_pgport }}'
+  DataSource: 'DBI:Pg:database={{ lemonldap2_pgdb }};host={{ lemonldap2_pghost }};port={{ lemonldap2_pgport }};tcp_user_timeout=1000;keepalives_idle=600;keepalives_interval=60;keepalives_count=5'
   TableName: 'sessions'
   UserName: '{{ lemonldap2_pguser }}'
   Password: '{{ lemonldap2_pgpassword }}'
   Commit: 1
 
 persistentStorageOptions:
-  DataSource: 'DBI:Pg:database={{ lemonldap2_pgdb }};host={{ lemonldap2_pghost }};port={{ lemonldap2_pgport }}'
+  DataSource: 'DBI:Pg:database={{ lemonldap2_pgdb }};host={{ lemonldap2_pghost }};port={{ lemonldap2_pgport }};tcp_user_timeout=1000;keepalives_idle=600;keepalives_interval=60;keepalives_count=5'
   TableName: 'psessions'
   UserName: '{{ lemonldap2_pguser }}'
   Password: '{{ lemonldap2_pgpassword }}'
   Commit: 1
 
 samlStorageOptions:
-  DataSource: 'DBI:Pg:database={{ lemonldap2_pgdb }};host={{ lemonldap2_pghost }};port={{ lemonldap2_pgport }}'
+  DataSource: 'DBI:Pg:database={{ lemonldap2_pgdb }};host={{ lemonldap2_pghost }};port={{ lemonldap2_pgport }};tcp_user_timeout=1000;keepalives_idle=600;keepalives_interval=60;keepalives_count=5'
   TableName: 'samlsessions'
   UserName: '{{ lemonldap2_pguser }}'
   Password: '{{ lemonldap2_pgpassword }}'
   Commit: 1
 
 oidcStorageOptions:
-  DataSource: 'DBI:Pg:database={{ lemonldap2_pgdb }};host={{ lemonldap2_pghost }};port={{ lemonldap2_pgport }}'
+  DataSource: 'DBI:Pg:database={{ lemonldap2_pgdb }};host={{ lemonldap2_pghost }};port={{ lemonldap2_pgport }};tcp_user_timeout=1000;keepalives_idle=600;keepalives_interval=60;keepalives_count=5'
   TableName: 'oidcsessions'
   UserName: '{{ lemonldap2_pguser }}'
   Password: '{{ lemonldap2_pgpassword }}'
   Commit: 1
 
 casStorageOptions:
-  DataSource: 'DBI:Pg:database={{ lemonldap2_pgdb }};host={{ lemonldap2_pghost }};port={{ lemonldap2_pgport }}'
+  DataSource: 'DBI:Pg:database={{ lemonldap2_pgdb }};host={{ lemonldap2_pghost }};port={{ lemonldap2_pgport }};tcp_user_timeout=1000;keepalives_idle=600;keepalives_interval=60;keepalives_count=5'
   TableName: 'cassessions'
   UserName: '{{ lemonldap2_pguser }}'
   Password: '{{ lemonldap2_pgpassword }}'
   Commit: 1
 
 notificationStorageOptions:
-  dbiChain: 'DBI:Pg:database={{ lemonldap2_pgdb }};host={{ lemonldap2_pghost }};port={{ lemonldap2_pgport }}'
+  dbiChain: 'DBI:Pg:database={{ lemonldap2_pgdb }};host={{ lemonldap2_pghost }};port={{ lemonldap2_pgport }};tcp_user_timeout=1000;keepalives_idle=600;keepalives_interval=60;keepalives_count=5'
   dbiTable: 'notifications'
   dbiUser: '{{ lemonldap2_pguser }}'
   dbiPassword: '{{ lemonldap2_pgpassword }}'

build/rockylinux9/lemonldap-ng/ansible/templates/lemonldap-ng.ini.j2

@@ -153,7 +153,7 @@ checkTime = 1
 ;           ldapAttributeContent = description
 
 type = CDBI
-dbiChain    = DBI:Pg:database={{ lemonldap2_pgdb }};host={{ lemonldap2_pghost }};port={{ lemonldap2_pgport }}
+dbiChain    = DBI:Pg:database={{ lemonldap2_pgdb }};host={{ lemonldap2_pghost }};port={{ lemonldap2_pgport }};tcp_user_timeout=1000;keepalives_idle=600;keepalives_interval=60;keepalives_count=5
 dbiUser     = {{ lemonldap2_pguser }}
 dbiPassword = {{ lemonldap2_pgpassword }}
 ; optional

build/rockylinux9/lemonldap-ng/ansible/templates/manager-nginx.conf.j2

@@ -5,6 +5,7 @@ server {
   root /usr/share/lemonldap-ng/manager/htdocs/;
   # Use "lm_app" format to get username in nginx.log (see nginx-lmlog.conf)
   access_log /var/log/nginx/manager.log lm_app;
+  client_max_body_size 10M;
 
   # Uncomment this if you are running behind a reverse proxy and want
   # LemonLDAP::NG to see the real IP address of the end user

build/rockylinux9/service-desk/Dockerfile

@@ -16,6 +16,6 @@ RUN bash ./run-playbook.sh install.yaml &&\
     sed -i 's@fastcgi_pass.*@fastcgi_pass unix:/var/run/php-fpm/www.sock;@g' /etc/nginx/default.d/php.conf ;\
     rm -f install.yaml 
 
-RUN cp /usr/share/service-desk/conf/config.inc.php /usr/share/service-desk/
+RUN cp /etc/service-desk/config.inc.php /usr/share/service-desk/
 
 USER fusioniam

build/rockylinux9/service-desk/ansible/deploy.yaml

@@ -30,7 +30,7 @@
   - name: Deploy config.inc.local.php file
     template:
       src: config.inc.local.php.j2
-      dest: /usr/share/service-desk/conf/config.inc.local.php
+      dest: /etc/service-desk/config.inc.local.php
       mode: u=rw,g=r,o=r
 
   - name: Deploy vhost

build/rockylinux9/service-desk/ansible/files/RPM-GPG-KEY-LTB-PROJECT-SECURITY

+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQGNBGXFTy8BDADWa5IY9RpHgigSulgZimPdvWqHRhP3tnnQuyxlXLugebvJaPEQ
+JPwLchNryBMEE320tG8nMJsLj1z3S6f3AjASufnvItyWhJD6IL5kcJ6QWfeFA6/s
+L2B+65G0LgyWAo/GXSLSIAC3mdPLuR4S2dPL7Ztyndqj3T8UAXi0YdDrdjdnFnD6
+NR4Uc2xNoLB6+BU/JCVFR97kmperqdKI1/RrDxTenYG4uVkDrq+HggSv6S9KNMnE
+iY/nMV19FyebGQciryb+K2BJzSNmHtfA95G0C5tBS5aWAvTXFqsXRm4WAiEj0TnA
+cvw/rL23xe66aNWbVfK7VqUEEoQ4yNYF7ln2I4VHpe5NshsZW5M61LidrGkQESYS
+JEc7Fw5LDD4Ejo6evROnkTZT/cQUv00HqDO/ZTHla/h8DvvWNzWKdwt/3sZXqlIb
+nNQ5IT2fZ8unCWcxDsNUb69mUOk08xFUlD+nwn7u7wEGrHUgw+cvcqnDOM/iDFsE
+5oaHh6YS9fFlMBcAEQEAAbQvTFRCIFByb2plY3QgU2VjdXJpdHkgPHNlY3VyaXR5
+QGx0Yi1wcm9qZWN0Lm9yZz6JAc4EEwEKADgWIQSzYYOGYYHr88mdowLpn2IWke8F
+5AUCZcVPLwIbAwULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRDpn2IWke8F5NiT
+C/9bedCD8LU9r55UUfRUphbupN9tlHCc58Ry64lPQKHY5wahtZw3ZBji8DiT7Jp8
+/ulOuk+Dzmc+84N3yHgv39uksTh4cLD1d7kVrWUilREA2l13CYUiR8K+scIfXkeL
+rqYKMjIJsgfCVJ7FavCxmo3o5+MvSu3bpm8KY8LCEnfbU/7I3LJd9zCQ5+9AqFaS
+XLWtrhj3yCVTEbjk9S8DuDf4GzUdNtXFP8KWINmIdae5LZbBYkJ3cHbY1xO4JmyQ
+qwDQNYDEaqeDa3WeEAt//SckD8FnsIiazuccOFdC3ve59afXz5v85Ype/411If4g
++mQYzwTU9qU/2juSJAsxx5SlQXmtsiNqdnrKR4hdp2ddS9JUTY2o280jQGHbHlmk
+LY6fIPwgfAbtt7lm8hFvPXjDeJl7eHv0tscmWYcZu63ki6yhOwDxr/MW4gyac3OA
+1Kk4EJmmrBDrzIFNQll0L26h47r01B3tZ6cDWR3+h+3hl0tcfUtF2cOcTBnvFjm0
+lCC5AY0EZcVPLwEMALzuxTJuX4JmSvPG8m3wOWLsQa0kiCapZHrFRF/woI9rLH2d
+CmmplYOOtXEwJ7XAb3b9eBp8e9yBKuIBGUoR9pRBmceASenF94ySClrtf6mPYDoB
+SnJiWIPSegvigG7v8D7AnTMSxfm81mtcvLKbta1UdHN4fYVLSBi4xjC3BbBUEi7o
+G/tMT11BI9OgpzCY2Bq10cqr+KZ9Qh4DqnZbTrSvTN28OQUZO9wixVNXHy0H3M8b
+eFSur+8xIuz4icpjXMS/ICuyx0jH4plaILn7vXW6oxjWDEtJbkzmpcEVmn/nSDv5
+yo1MXyoL6kwoxoDxiGTKTmK3N9tQhYuZb1aCxQZ0/k7zAGj8p90OmEMRqEre7VuM
+Z2cThOnh+OcmQ7N8NjrTiTNhgOQpPFrfSLf1hvsk5GwhEjuvknby365xitpK6GLX
+IOM8gF9P9+pywDjHed4DIwWKuo9ErlGVCK21qXRgHDtRN9YPyjHDNm6GdRCMGYTE
+3eHAay2R9ZGmumO52QARAQABiQG2BBgBCgAgFiEEs2GDhmGB6/PJnaMC6Z9iFpHv
+BeQFAmXFTy8CGwwACgkQ6Z9iFpHvBeQPbQwAoNSPYjUpWI8ozr0wazr0PSv3tXYE
+rOtqlKOHeQ7cOP1Ci5oJUvQEgiP1Zd1i8p0RrvMppx9OuowS0F9e6jllR+wh+FVL
+4q3LEXeOplwLBfzMWdShvkZK3HR14glb4vV7ugDFmM7Ikr0is8dvxs+SVdTITtEF
+qHzEZxy24fLpoCpN5yyoG2ei61lWhJymcJX9Jthqzh5J4Nu2AE0o2IYGWsO+DFPI
+MdbrNn6JPswFHP3+4evrNUuSgh25YinkrukE3T/7kj728KggCbdu5c/+g4QWGVEy
+NlSH1/A2cmzkRYUKerwOvoZ5hD1TNSc02+fPbAkjX1Lf5yyzJKRwGGlkQnrxyPkU
+vkEvyJBinLPX4/OrfIY/OnIzHh42EgE31O38sdflzGN5XmrmcFK99BvINs6bCNgM
+IBxRk0yt2QL4Ek6tCK6OB2UljuZMGBeqobIoLIVu8Wh6kIlVQ7Rq04LTkyXB/d/o
+WYqsO2dWtbiDbmkWWu5trcPw8FONLKwjPiUh
+=ULGm
+-----END PGP PUBLIC KEY BLOCK-----

build/rockylinux9/service-desk/ansible/files/RPM-GPG-KEY-LTB-project

------BEGIN PGP PUBLIC KEY BLOCK-----
-Version: GnuPG v1.4.5 (GNU/Linux)
-
-mQGiBEpM/vsRBACPS+MZ7o9qdx4NDquqA6oBy9ROlI/ls5k2vVkW9IZTr5z8jBEk
-zI3vNN2bl5uMKOYpgd416bGYa1RXo4VVS549i+BqECapb+/xp4BBdiGmrMGHFpBj
-EaAE5oQcvAZ/gkJ4gvuRtfVmWZVLPdUun3Y8RUwDkidn7v3ga396n+4O9wCgsuAM
-15R3NedYtq381be+PxbKnSsD/A6MDUOF9hayWxyMixP2iOZ20/P8lfZ5AZ7fzafw
-7sx+47J9CLu4jByIkBqWQbrsioqL03dklvxA5gvEaPB4ShEod5QPvqi0GZdQcq/5
-LnVUfcsEK1OetugYm7FKAj8PuGQGPa8p1F954b+4zHoETnd1lwpYkggp080sfTHs
-s1l3A/9sKDiOW19CLgTOYbm9P90NBlKVTu5Gk3S+2y9mACUBZgocdfbKMATG8JFh
-bGb0CJIAroAt3l08B9C7at+wcq/p83A+HrjBvpAv2hhagqQvQq/ShnLtlQCvVXx5
-d7iMQUGn2pCb3hcDYJ90zT0xh6IjksYFI4sbEASPivkpf9HIprQyQ2xlbWVudCBP
-VURPVCAoTFRCLXByb2plY3QpIDxjbGVtLm91ZG90QGdtYWlsLmNvbT6IYAQTEQIA
-IAUCSkz++wIbAwYLCQgHAwIEFQIIAwQWAgMBAh4BAheAAAoJEArFH5JtRb/Fya4A
-oKJgXsq3EMpYbQwTOe3pCfDyhSXJAJwJ2Y8Fe8Xd4txkOf92ZDVLB1SDb7kCDQRK
-TP7+EAgAzEYvVE/p21nw5dkgW2kjhpi0ZxBb8WbyBSgtWBuNDbPssrEb75O92CEG
-fXpSEk8hi4J1XEs/xUF+eUR0Z9mI2eHcxoBrxv8Stu3jiVTQhGcBzZ8GwPjZC7+Z
-GaaRL/GaByrbj8aBbH88wpDZLu5YfLD21ChLqrtsU/fzvFw6oMValA5LE4ZwjPVP
-jQhIikMXCqsMOdbvfut2Cp3f7mvQWDIh1GfucQvBz4AcTqdXvVXDDJBNQRZMdCzK
-fLpAfhXbqjSgylag7KyrPDMTxYRqgzsAFeqCktp14NAcKVXAotpcrVfyzFwRGOCD
-EopOAvJy0FmLQZdgdDVlYmsTarq0uwADBQf/QO/nA1fXsNZ28Feh3JVoWoGHij9i
-njMPcxRgBppHUntx7Nfyx616UTvfQpvlFl7vQk44Po5U7WYOwM7ymyx/a/etpvOk
-CQfGsiwBtsPNvRTFx/0UQmLI6AcWvzMS1LpU6oLofJ7PFU4z3VVkEMxeyPkOjmXm
-r3mAqoM38r2nSGFqefHL4Gjp5zt7ovSJPgviutKTFiBTZdIWNYnnlZMkk6Bk5aLm
-qezR2xEis6z4QTkzzjZ2N7iXGvkdU32BJdINFMSL74rHvbkpZbP4NuatZwea85YH
-4EoAVc9NQWsRGMBH1m7nFPZWi+8nYtHrGvD2PDDPvsO9ye6nyErmQrX5vYhJBBgR
-AgAJBQJKTP7+AhsMAAoJEArFH5JtRb/Fa3UAn1vjVKKSR61z6Y0bwtn1schgWr9m
-AKCBf9v5/CF14rlyNfl4xNTHA7og0w==
-=M5DF
------END PGP PUBLIC KEY BLOCK-----

build/rockylinux9/service-desk/ansible/install.yaml

 ---
 - hosts: localhost
   vars:
-    servicedesk_version: 0.5.1
+    servicedesk_version: 0.6.1
   tasks:
   - name: Install LTB repository
     yum_repository:
@@ -10,18 +10,19 @@
       file: ltb-project
       baseurl: https://ltb-project.org/rpm/$releasever/noarch
       gpgcheck: yes
+      gpgkey: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-LTB-PROJECT-SECURITY
 
   - name: Install LTB GPG key
     copy:
-      src: RPM-GPG-KEY-LTB-project
-      dest: /etc/pki/rpm-gpg/RPM-GPG-KEY-LTB-project
+      src: RPM-GPG-KEY-LTB-PROJECT-SECURITY
+      dest: /etc/pki/rpm-gpg/RPM-GPG-KEY-LTB-PROJECT-SECURITY
       owner: root
       group: root
       mode: 0644
 
   - name: Import LTB GPG key
     rpm_key:
-      key: /etc/pki/rpm-gpg/RPM-GPG-KEY-LTB-project
+      key: /etc/pki/rpm-gpg/RPM-GPG-KEY-LTB-PROJECT-SECURITY
       state: present
 
   - name: Install Remi GPG key
@@ -69,6 +70,7 @@
     loop:
       - /.ansible
       - /etc/nginx/conf.d
+      - /etc/service-desk
       - /usr/share/service-desk/conf
       - /var/cache/service-desk/templates_c
       - /var/cache/service-desk/cache
@@ -86,7 +88,7 @@
   # Adapt path of smarty
   - name: Replace path to smarty in conf file
     ansible.builtin.replace:
-      path: /usr/share/service-desk/conf/config.inc.php
+      path: /etc/service-desk/config.inc.php
       regexp: 'define\("SMARTY", "[^"]+"\);'
       replace: 'define("SMARTY", "/vendor/smarty/smarty/libs/Smarty.class.php");'
 

build/rockylinux9/service-desk/ansible/run-ct.sh

@@ -6,7 +6,7 @@ set -e
 sed -e "s#^fusioniam.*#fusioniam:x:$(id -u):$(id -g)::/home/fusioniam:/bin/bash#" /etc/passwd > /tmp/passwd.tmp ; cat /tmp/passwd.tmp 2>/dev/null > /etc/passwd || true ; rm /tmp/passwd.tmp
 sed -e "s#^fusioniam.*#fusioniam:x:$(id -G | cut -d' ' -f 2):#" /etc/group > /tmp/group.tmp; cat /tmp/group.tmp 2>/dev/null > /etc/group || true ; rm /tmp/group.tmp
 
-cp /usr/share/service-desk/config.inc.php /usr/share/service-desk/conf/config.inc.php
+cp /usr/share/service-desk/config.inc.php /etc/service-desk/config.inc.php
 
 /bin/bash /run-playbook.sh /deploy.yaml