Service Desk container (#11)

build/centos8/Makefile

@@ -9,6 +9,7 @@ all:
 	make -B llng
 	make -B openldap
 	make -B whitepages
+	make -B servicedesk
 
 base:
 	$(CTN) build --no-cache -t $(IMAGENAME):$(VVERSION) .
@@ -22,5 +23,8 @@ llng:
 openldap:
 	cd openldap-ltb ; make -B all
 
+servicedesk:
+	cd service-desk ; make -B all
+
 whitepages:
 	cd white-pages ; make -B all

build/centos8/service-desk/DEPENDENCY

+fusioniam-centos8

build/centos8/service-desk/Dockerfile

+ARG DEPEND
+ARG VERSION
+
+FROM $DEPEND:$VERSION
+
+EXPOSE 8080
+
+COPY ansible/ ./
+
+RUN bash ./run-playbook.sh install.yaml &&\
+    sed -i 's/listen *80/listen 8080/g' /etc/nginx/nginx.conf ;\
+    sed -i 's/:80/:8080/g' /etc/nginx/nginx.conf ;\
+    sed -i 's/user *nginx/user fusioniam/g' /etc/nginx/nginx.conf ;\
+    sed -i 's@fastcgi_pass.*@fastcgi_pass unix:/var/run/php-fpm/www.sock;@g' /etc/nginx/default.d/php.conf ;\
+    chown -R fusioniam:fusioniam /var/cache/service-desk/templates_c ;\
+    chown -R fusioniam:fusioniam /var/cache/service-desk/cache ;\
+    rm -f install.yaml 
+
+RUN cp /usr/share/service-desk/conf/config.inc.php /usr/share/service-desk/

build/centos8/service-desk/Makefile

+FVERSION=../../VERSION
+FDEPEND=DEPENDENCY
+
+CTN=`which podman >/dev/null 2>&1 && echo podman || echo docker`
+IMAGENAME="fusioniam-centos8-service-desk"
+VDEPEND=`cat $(FDEPEND)`
+VVERSION=`cat $(FVERSION)`
+
+
+all: 
+	make -B servicedesk
+
+clean:
+	$(CTN) rmi -f $(IMAGENAME):$(VVERSION)
+
+servicedesk:
+	$(CTN) build --build-arg DEPEND="$(VDEPEND)" --build-arg VERSION="$(VVERSION)" -t $(IMAGENAME):$(VVERSION) .
+

build/centos8/service-desk/ansible/deploy.yaml

+---
+- hosts: localhost
+  vars:
+    CUSTOMERID: "{{ lookup('env', 'CUSTOMERID') | default(omit) }}"
+    LDAP_HOST: "{{ lookup('env', 'LDAP_HOST') | default('localhost',true) }}"
+    LDAP_PORT: "{{ lookup('env', 'LDAP_PORT') | default('33389',true) }}"
+    LDAP_PROTO: "{{ lookup('env', 'LDAP_PROTO') | default('ldap',true) }}"
+    LDAP_STARTTLS: "{{ lookup('env', 'LDAP_STARTTLS') | default('false',true) }}"
+    SSO_DOMAIN: "{{ lookup('env', 'SSO_DOMAIN') | default(omit) }}"
+    VHOST_NAME: "{{ lookup('env', 'SERVICEDESK_NAME') | default(omit) }}"
+    SERVICEDESK_LDAP_PASSWORD: "{{ lookup('env', 'SERVICEDESK_LDAP_PASSWORD') | default(omit) }}"
+    SERVICEDESK_LDAP_USERNAME: "{{ lookup('env', 'SERVICEDESK_LDAP_USERNAME') | default(omit) }}"
+  tasks:
+  - name: Assert variables
+    assert:
+      that:
+        - '"{{ item.value }}" is defined'
+        - '{{ item.value | length }} > 0'
+      quiet: True
+      fail_msg: '{{ item.name }} is missing or empty'
+    loop:
+      - name: 'CUSTOMERID'
+        value: '{{ CUSTOMERID }}'
+      - name: 'LDAP_HOST'
+        value: '{{ LDAP_HOST }}'
+      - name: 'LDAP_PORT'
+        value: '{{ LDAP_PORT }}'
+      - name: 'LDAP_PROTO'
+        value: '{{ LDAP_PROTO }}'
+      - name: 'LDAP_STARTTLS'
+        value: '{{ LDAP_STARTTLS }}'
+      - name: 'SSO_DOMAIN'
+        value: '{{ SSO_DOMAIN }}'
+      - name: 'VHOST_NAME'
+        value: '{{ VHOST_NAME }}'
+      - name: 'SERVICEDESK_LDAP_PASSWORD'
+        value: '{{ SERVICEDESK_LDAP_PASSWORD }}'
+      - name: 'SERVICEDESK_LDAP_USERNAME'
+        value: '{{ SERVICEDESK_LDAP_USERNAME }}'
+
+  - name: Deploy config.inc.local.php file
+    template:
+      src: config.inc.local.php.j2
+      dest: /usr/share/service-desk/conf/config.inc.local.php
+      mode: u=rw,g=r,o=r
+
+  - name: Deploy vhost
+    template:
+      src: service-desk.conf.j2
+      dest: /etc/nginx/conf.d/service-desk.conf
+      mode: u=rw,g=r,o=r

build/centos8/service-desk/ansible/files/RPM-GPG-KEY-LTB-project

+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: GnuPG v1.4.5 (GNU/Linux)
+
+mQGiBEpM/vsRBACPS+MZ7o9qdx4NDquqA6oBy9ROlI/ls5k2vVkW9IZTr5z8jBEk
+zI3vNN2bl5uMKOYpgd416bGYa1RXo4VVS549i+BqECapb+/xp4BBdiGmrMGHFpBj
+EaAE5oQcvAZ/gkJ4gvuRtfVmWZVLPdUun3Y8RUwDkidn7v3ga396n+4O9wCgsuAM
+15R3NedYtq381be+PxbKnSsD/A6MDUOF9hayWxyMixP2iOZ20/P8lfZ5AZ7fzafw
+7sx+47J9CLu4jByIkBqWQbrsioqL03dklvxA5gvEaPB4ShEod5QPvqi0GZdQcq/5
+LnVUfcsEK1OetugYm7FKAj8PuGQGPa8p1F954b+4zHoETnd1lwpYkggp080sfTHs
+s1l3A/9sKDiOW19CLgTOYbm9P90NBlKVTu5Gk3S+2y9mACUBZgocdfbKMATG8JFh
+bGb0CJIAroAt3l08B9C7at+wcq/p83A+HrjBvpAv2hhagqQvQq/ShnLtlQCvVXx5
+d7iMQUGn2pCb3hcDYJ90zT0xh6IjksYFI4sbEASPivkpf9HIprQyQ2xlbWVudCBP
+VURPVCAoTFRCLXByb2plY3QpIDxjbGVtLm91ZG90QGdtYWlsLmNvbT6IYAQTEQIA
+IAUCSkz++wIbAwYLCQgHAwIEFQIIAwQWAgMBAh4BAheAAAoJEArFH5JtRb/Fya4A
+oKJgXsq3EMpYbQwTOe3pCfDyhSXJAJwJ2Y8Fe8Xd4txkOf92ZDVLB1SDb7kCDQRK
+TP7+EAgAzEYvVE/p21nw5dkgW2kjhpi0ZxBb8WbyBSgtWBuNDbPssrEb75O92CEG
+fXpSEk8hi4J1XEs/xUF+eUR0Z9mI2eHcxoBrxv8Stu3jiVTQhGcBzZ8GwPjZC7+Z
+GaaRL/GaByrbj8aBbH88wpDZLu5YfLD21ChLqrtsU/fzvFw6oMValA5LE4ZwjPVP
+jQhIikMXCqsMOdbvfut2Cp3f7mvQWDIh1GfucQvBz4AcTqdXvVXDDJBNQRZMdCzK
+fLpAfhXbqjSgylag7KyrPDMTxYRqgzsAFeqCktp14NAcKVXAotpcrVfyzFwRGOCD
+EopOAvJy0FmLQZdgdDVlYmsTarq0uwADBQf/QO/nA1fXsNZ28Feh3JVoWoGHij9i
+njMPcxRgBppHUntx7Nfyx616UTvfQpvlFl7vQk44Po5U7WYOwM7ymyx/a/etpvOk
+CQfGsiwBtsPNvRTFx/0UQmLI6AcWvzMS1LpU6oLofJ7PFU4z3VVkEMxeyPkOjmXm
+r3mAqoM38r2nSGFqefHL4Gjp5zt7ovSJPgviutKTFiBTZdIWNYnnlZMkk6Bk5aLm
+qezR2xEis6z4QTkzzjZ2N7iXGvkdU32BJdINFMSL74rHvbkpZbP4NuatZwea85YH
+4EoAVc9NQWsRGMBH1m7nFPZWi+8nYtHrGvD2PDDPvsO9ye6nyErmQrX5vYhJBBgR
+AgAJBQJKTP7+AhsMAAoJEArFH5JtRb/Fa3UAn1vjVKKSR61z6Y0bwtn1schgWr9m
+AKCBf9v5/CF14rlyNfl4xNTHA7og0w==
+=M5DF
+-----END PGP PUBLIC KEY BLOCK-----

build/centos8/service-desk/ansible/files/php-fpm.www.conf

+[www]
+user = fusioniam
+group = fusioniam
+listen = /run/php-fpm/www.sock
+listen.acl_users = apache,nginx,fusioniam
+listen.allowed_clients = 127.0.0.1
+pm = dynamic
+pm.max_children = 120
+pm.start_servers = 12
+pm.min_spare_servers = 6
+pm.max_spare_servers = 20
+slowlog = /var/log/php-fpm/www-slow.log
+php_admin_value[error_log] = /var/log/php-fpm/www-error.log
+php_admin_flag[log_errors] = on
+php_value[session.save_handler] = files
+php_value[session.save_path]    = /var/lib/php/session
+php_value[soap.wsdl_cache_dir]  = /var/lib/php/wsdlcache

build/centos8/service-desk/ansible/install.yaml

+---
+- hosts: localhost
+  tasks:
+  - name: Install LTB repository
+    yum_repository:
+      name: LTB-project-packages-noarch
+      description: LTB project packages (noarch) YUM repo
+      file: ltb-project
+      baseurl: https://ltb-project.org/rpm/$releasever/noarch
+      gpgcheck: yes
+
+  - name: Install LTB GPG key
+    copy:
+      src: RPM-GPG-KEY-LTB-project
+      dest: /etc/pki/rpm-gpg/RPM-GPG-KEY-LTB-project
+      owner: root
+      group: root
+      mode: 0644
+
+  - name: Import LTB GPG key
+    rpm_key:
+      key: /etc/pki/rpm-gpg/RPM-GPG-KEY-LTB-project
+      state: present
+
+  - name: Install packages
+    yum:
+      name:
+       - nginx
+       - php-fpm
+       - service-desk
+      state: present
+
+  - name: Install php-fpm configuration
+    copy:
+     src: php-fpm.www.conf
+     dest: /etc/php-fpm.d/www.conf

build/centos8/service-desk/ansible/run-ct.sh

+#!/bin/sh
+set -e
+
+echo "fusioniam:x:$(id -u):$(id -g):,,,:${HOME}:/bin/bash" >> /etc/passwd
+echo "fusioniam:x:$(id -G | cut -d' ' -f 2)" >> /etc/group
+
+cp /usr/share/service-desk/config.inc.php /usr/share/service-desk/conf/config.inc.php
+
+/bin/bash /run-playbook.sh /deploy.yaml
+
+if [ "$1" = "nginx" ]
+then
+        ln -sf /dev/stdout /var/log/nginx/access.log
+        ln -sf /dev/stdout /var/log/nginx/error.log
+        ln -sf /dev/stdout /var/log/nginx/wp.access.log
+        ln -sf /dev/stdout /var/log/nginx/wp.error.log
+        /usr/sbin/nginx -g 'daemon off;'
+elif [ "$1" = "php-fpm" ]
+then
+        ln -sf /dev/stdout /var/log/php-fpm/error.log
+        ln -sf /dev/stdout /var/log/php-fpm/www-error.log
+        /usr/sbin/php-fpm --nodaemonize
+fi
+
+exit 0

build/centos8/service-desk/ansible/templates/config.inc.local.php.j2

+<?php
+
+# LDAP
+$ldap_url = "{{ LDAP_PROTO }}://{{ LDAP_HOST }}:{{ LDAP_PORT }}";
+$ldap_starttls = {{ LDAP_STARTTLS }};
+$ldap_binddn = "cn={{ SERVICEDESK_LDAP_USERNAME }},ou=dsa,o=admin,dc=fusioniam,dc=org";
+$ldap_bindpw = "{{ SERVICEDESK_LDAP_PASSWORD }}";
+$ldap_base = "o={{ CUSTOMERID }},dc=fusioniam,dc=org";
+$ldap_user_base = "ou=users,".$ldap_base;
+$ldap_user_filter = "(objectClass=inetOrgPerson)";
+$ldap_size_limit = 100;
+$ldap_default_ppolicy = "cn=default,ou=ppolicies,".$ldap_base;
+
+# Graphics
+$display_footer = false;
+
+# Logout Link
+$logout_link = "https://auth.{{ SSO_DOMAIN}}/";

build/centos8/service-desk/ansible/templates/service-desk.conf.j2

+server {
+       listen 8080;
+
+       root /usr/share/service-desk/htdocs/;
+       index index.php;
+
+       server_name {{ VHOST_NAME }}.{{ SSO_DOMAIN }};
+
+       access_log /var/log/nginx/sd.access.log;
+       error_log /var/log/nginx/sd.error.log;
+
+
+       location ~ \.php(?:$|/) {
+         fastcgi_pass unix:/var/run/php-fpm/www.sock;
+         fastcgi_index index.php;
+               include         fastcgi_params;
+         fastcgi_param   SCRIPT_FILENAME    $document_root$fastcgi_script_name;
+         fastcgi_param   SCRIPT_NAME        $fastcgi_script_name;
+         fastcgi_param   PATH_INFO        $fastcgi_path_info;
+         fastcgi_split_path_info ^(.+?\.php)(/.*)$;
+       }
+
+       location / {
+               try_files $uri $uri/ =404;
+       }
+}