Commit 5f892fd9 authored by Clément OUDOT's avatar Clément OUDOT
Browse files

Service Desk container (#11)

parent 24c4f1fe
......@@ -9,6 +9,7 @@ all:
make -B llng
make -B openldap
make -B whitepages
make -B servicedesk
base:
$(CTN) build --no-cache -t $(IMAGENAME):$(VVERSION) .
......@@ -22,5 +23,8 @@ llng:
openldap:
cd openldap-ltb ; make -B all
servicedesk:
cd service-desk ; make -B all
whitepages:
cd white-pages ; make -B all
ARG DEPEND
ARG VERSION
FROM $DEPEND:$VERSION
EXPOSE 8080
COPY ansible/ ./
RUN bash ./run-playbook.sh install.yaml &&\
sed -i 's/listen *80/listen 8080/g' /etc/nginx/nginx.conf ;\
sed -i 's/:80/:8080/g' /etc/nginx/nginx.conf ;\
sed -i 's/user *nginx/user fusioniam/g' /etc/nginx/nginx.conf ;\
sed -i 's@fastcgi_pass.*@fastcgi_pass unix:/var/run/php-fpm/www.sock;@g' /etc/nginx/default.d/php.conf ;\
chown -R fusioniam:fusioniam /var/cache/service-desk/templates_c ;\
chown -R fusioniam:fusioniam /var/cache/service-desk/cache ;\
rm -f install.yaml
RUN cp /usr/share/service-desk/conf/config.inc.php /usr/share/service-desk/
FVERSION=../../VERSION
FDEPEND=DEPENDENCY
CTN=`which podman >/dev/null 2>&1 && echo podman || echo docker`
IMAGENAME="fusioniam-centos8-service-desk"
VDEPEND=`cat $(FDEPEND)`
VVERSION=`cat $(FVERSION)`
all:
make -B servicedesk
clean:
$(CTN) rmi -f $(IMAGENAME):$(VVERSION)
servicedesk:
$(CTN) build --build-arg DEPEND="$(VDEPEND)" --build-arg VERSION="$(VVERSION)" -t $(IMAGENAME):$(VVERSION) .
---
- hosts: localhost
vars:
CUSTOMERID: "{{ lookup('env', 'CUSTOMERID') | default(omit) }}"
LDAP_HOST: "{{ lookup('env', 'LDAP_HOST') | default('localhost',true) }}"
LDAP_PORT: "{{ lookup('env', 'LDAP_PORT') | default('33389',true) }}"
LDAP_PROTO: "{{ lookup('env', 'LDAP_PROTO') | default('ldap',true) }}"
LDAP_STARTTLS: "{{ lookup('env', 'LDAP_STARTTLS') | default('false',true) }}"
SSO_DOMAIN: "{{ lookup('env', 'SSO_DOMAIN') | default(omit) }}"
VHOST_NAME: "{{ lookup('env', 'SERVICEDESK_NAME') | default(omit) }}"
SERVICEDESK_LDAP_PASSWORD: "{{ lookup('env', 'SERVICEDESK_LDAP_PASSWORD') | default(omit) }}"
SERVICEDESK_LDAP_USERNAME: "{{ lookup('env', 'SERVICEDESK_LDAP_USERNAME') | default(omit) }}"
tasks:
- name: Assert variables
assert:
that:
- '"{{ item.value }}" is defined'
- '{{ item.value | length }} > 0'
quiet: True
fail_msg: '{{ item.name }} is missing or empty'
loop:
- name: 'CUSTOMERID'
value: '{{ CUSTOMERID }}'
- name: 'LDAP_HOST'
value: '{{ LDAP_HOST }}'
- name: 'LDAP_PORT'
value: '{{ LDAP_PORT }}'
- name: 'LDAP_PROTO'
value: '{{ LDAP_PROTO }}'
- name: 'LDAP_STARTTLS'
value: '{{ LDAP_STARTTLS }}'
- name: 'SSO_DOMAIN'
value: '{{ SSO_DOMAIN }}'
- name: 'VHOST_NAME'
value: '{{ VHOST_NAME }}'
- name: 'SERVICEDESK_LDAP_PASSWORD'
value: '{{ SERVICEDESK_LDAP_PASSWORD }}'
- name: 'SERVICEDESK_LDAP_USERNAME'
value: '{{ SERVICEDESK_LDAP_USERNAME }}'
- name: Deploy config.inc.local.php file
template:
src: config.inc.local.php.j2
dest: /usr/share/service-desk/conf/config.inc.local.php
mode: u=rw,g=r,o=r
- name: Deploy vhost
template:
src: service-desk.conf.j2
dest: /etc/nginx/conf.d/service-desk.conf
mode: u=rw,g=r,o=r
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.5 (GNU/Linux)
mQGiBEpM/vsRBACPS+MZ7o9qdx4NDquqA6oBy9ROlI/ls5k2vVkW9IZTr5z8jBEk
zI3vNN2bl5uMKOYpgd416bGYa1RXo4VVS549i+BqECapb+/xp4BBdiGmrMGHFpBj
EaAE5oQcvAZ/gkJ4gvuRtfVmWZVLPdUun3Y8RUwDkidn7v3ga396n+4O9wCgsuAM
15R3NedYtq381be+PxbKnSsD/A6MDUOF9hayWxyMixP2iOZ20/P8lfZ5AZ7fzafw
7sx+47J9CLu4jByIkBqWQbrsioqL03dklvxA5gvEaPB4ShEod5QPvqi0GZdQcq/5
LnVUfcsEK1OetugYm7FKAj8PuGQGPa8p1F954b+4zHoETnd1lwpYkggp080sfTHs
s1l3A/9sKDiOW19CLgTOYbm9P90NBlKVTu5Gk3S+2y9mACUBZgocdfbKMATG8JFh
bGb0CJIAroAt3l08B9C7at+wcq/p83A+HrjBvpAv2hhagqQvQq/ShnLtlQCvVXx5
d7iMQUGn2pCb3hcDYJ90zT0xh6IjksYFI4sbEASPivkpf9HIprQyQ2xlbWVudCBP
VURPVCAoTFRCLXByb2plY3QpIDxjbGVtLm91ZG90QGdtYWlsLmNvbT6IYAQTEQIA
IAUCSkz++wIbAwYLCQgHAwIEFQIIAwQWAgMBAh4BAheAAAoJEArFH5JtRb/Fya4A
oKJgXsq3EMpYbQwTOe3pCfDyhSXJAJwJ2Y8Fe8Xd4txkOf92ZDVLB1SDb7kCDQRK
TP7+EAgAzEYvVE/p21nw5dkgW2kjhpi0ZxBb8WbyBSgtWBuNDbPssrEb75O92CEG
fXpSEk8hi4J1XEs/xUF+eUR0Z9mI2eHcxoBrxv8Stu3jiVTQhGcBzZ8GwPjZC7+Z
GaaRL/GaByrbj8aBbH88wpDZLu5YfLD21ChLqrtsU/fzvFw6oMValA5LE4ZwjPVP
jQhIikMXCqsMOdbvfut2Cp3f7mvQWDIh1GfucQvBz4AcTqdXvVXDDJBNQRZMdCzK
fLpAfhXbqjSgylag7KyrPDMTxYRqgzsAFeqCktp14NAcKVXAotpcrVfyzFwRGOCD
EopOAvJy0FmLQZdgdDVlYmsTarq0uwADBQf/QO/nA1fXsNZ28Feh3JVoWoGHij9i
njMPcxRgBppHUntx7Nfyx616UTvfQpvlFl7vQk44Po5U7WYOwM7ymyx/a/etpvOk
CQfGsiwBtsPNvRTFx/0UQmLI6AcWvzMS1LpU6oLofJ7PFU4z3VVkEMxeyPkOjmXm
r3mAqoM38r2nSGFqefHL4Gjp5zt7ovSJPgviutKTFiBTZdIWNYnnlZMkk6Bk5aLm
qezR2xEis6z4QTkzzjZ2N7iXGvkdU32BJdINFMSL74rHvbkpZbP4NuatZwea85YH
4EoAVc9NQWsRGMBH1m7nFPZWi+8nYtHrGvD2PDDPvsO9ye6nyErmQrX5vYhJBBgR
AgAJBQJKTP7+AhsMAAoJEArFH5JtRb/Fa3UAn1vjVKKSR61z6Y0bwtn1schgWr9m
AKCBf9v5/CF14rlyNfl4xNTHA7og0w==
=M5DF
-----END PGP PUBLIC KEY BLOCK-----
[www]
user = fusioniam
group = fusioniam
listen = /run/php-fpm/www.sock
listen.acl_users = apache,nginx,fusioniam
listen.allowed_clients = 127.0.0.1
pm = dynamic
pm.max_children = 120
pm.start_servers = 12
pm.min_spare_servers = 6
pm.max_spare_servers = 20
slowlog = /var/log/php-fpm/www-slow.log
php_admin_value[error_log] = /var/log/php-fpm/www-error.log
php_admin_flag[log_errors] = on
php_value[session.save_handler] = files
php_value[session.save_path] = /var/lib/php/session
php_value[soap.wsdl_cache_dir] = /var/lib/php/wsdlcache
---
- hosts: localhost
tasks:
- name: Install LTB repository
yum_repository:
name: LTB-project-packages-noarch
description: LTB project packages (noarch) YUM repo
file: ltb-project
baseurl: https://ltb-project.org/rpm/$releasever/noarch
gpgcheck: yes
- name: Install LTB GPG key
copy:
src: RPM-GPG-KEY-LTB-project
dest: /etc/pki/rpm-gpg/RPM-GPG-KEY-LTB-project
owner: root
group: root
mode: 0644
- name: Import LTB GPG key
rpm_key:
key: /etc/pki/rpm-gpg/RPM-GPG-KEY-LTB-project
state: present
- name: Install packages
yum:
name:
- nginx
- php-fpm
- service-desk
state: present
- name: Install php-fpm configuration
copy:
src: php-fpm.www.conf
dest: /etc/php-fpm.d/www.conf
#!/bin/sh
set -e
echo "fusioniam:x:$(id -u):$(id -g):,,,:${HOME}:/bin/bash" >> /etc/passwd
echo "fusioniam:x:$(id -G | cut -d' ' -f 2)" >> /etc/group
cp /usr/share/service-desk/config.inc.php /usr/share/service-desk/conf/config.inc.php
/bin/bash /run-playbook.sh /deploy.yaml
if [ "$1" = "nginx" ]
then
ln -sf /dev/stdout /var/log/nginx/access.log
ln -sf /dev/stdout /var/log/nginx/error.log
ln -sf /dev/stdout /var/log/nginx/wp.access.log
ln -sf /dev/stdout /var/log/nginx/wp.error.log
/usr/sbin/nginx -g 'daemon off;'
elif [ "$1" = "php-fpm" ]
then
ln -sf /dev/stdout /var/log/php-fpm/error.log
ln -sf /dev/stdout /var/log/php-fpm/www-error.log
/usr/sbin/php-fpm --nodaemonize
fi
exit 0
<?php
# LDAP
$ldap_url = "{{ LDAP_PROTO }}://{{ LDAP_HOST }}:{{ LDAP_PORT }}";
$ldap_starttls = {{ LDAP_STARTTLS }};
$ldap_binddn = "cn={{ SERVICEDESK_LDAP_USERNAME }},ou=dsa,o=admin,dc=fusioniam,dc=org";
$ldap_bindpw = "{{ SERVICEDESK_LDAP_PASSWORD }}";
$ldap_base = "o={{ CUSTOMERID }},dc=fusioniam,dc=org";
$ldap_user_base = "ou=users,".$ldap_base;
$ldap_user_filter = "(objectClass=inetOrgPerson)";
$ldap_size_limit = 100;
$ldap_default_ppolicy = "cn=default,ou=ppolicies,".$ldap_base;
# Graphics
$display_footer = false;
# Logout Link
$logout_link = "https://auth.{{ SSO_DOMAIN}}/";
server {
listen 8080;
root /usr/share/service-desk/htdocs/;
index index.php;
server_name {{ VHOST_NAME }}.{{ SSO_DOMAIN }};
access_log /var/log/nginx/sd.access.log;
error_log /var/log/nginx/sd.error.log;
location ~ \.php(?:$|/) {
fastcgi_pass unix:/var/run/php-fpm/www.sock;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
}
location / {
try_files $uri $uri/ =404;
}
}
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment