Commit df6b399b authored by Clément OUDOT's avatar Clément OUDOT
Browse files

Work on FusionDirectory container (#5)

parent 3cde09ef
......@@ -300,6 +300,45 @@ podman run \
gitlab.ow2.org:4567/fusioniam/fusioniam/fusioniam-centos8-lemonldap-ng:v0.1
```
#### FIDM
Create the shared directory for socket:
```
mkdir -p run/volumes/fd-run
```
Start:
```
podman run \
--env-file=./run/ENVVAR.example \
-v ./run/volumes/fd-run:/run/php-fpm/ \
--rm=true \
--name=fusioniam-fusiondirectory-php-fpm \
--detach=true \
--no-hosts \
--network=slirp4netns:allow_host_loopback=true \
--entrypoint='["/bin/bash","/run-ct.sh","php-fpm"]' \
gitlab.ow2.org:4567/fusioniam/fusioniam/fusioniam-centos8-fusiondirectory:v0.1
```
```
podman run \
--env-file=./run/ENVVAR.example \
-v ./run/volumes/fd-run:/var/run/php-fpm/ \
--rm=true \
-p 127.0.0.1:8081:8080 \
--name=fusioniam-fusiondirectory-nginx \
--detach=true \
--no-hosts \
--entrypoint='["/bin/bash","/run-ct.sh","nginx"]' \
gitlab.ow2.org:4567/fusioniam/fusioniam/fusioniam-centos8-fusiondirectory:v0.1
```
Stop:
```
podman stop fusioniam-fusiondirectory-nginx fusioniam-fusiondirectory-php-fpm
```
### Start reverse proxy
On your host, start a reverse proxy that will connect to containers.
......
......@@ -10,6 +10,7 @@ all:
make -B openldap
make -B whitepages
make -B servicedesk
make -B fusiondirectory
base:
$(CTN) build --no-cache -t $(IMAGENAME):$(VVERSION) .
......@@ -17,6 +18,9 @@ base:
clean:
$(CTN) rmi -f $(IMAGENAME):$(VVERSION)
fusiondirectory:
cd fusiondirectory ; make -B all
llng:
cd lemonldap-ng ; make -B all
......
ARG DEPEND
ARG VERSION
FROM $DEPEND:$VERSION
EXPOSE 8080
COPY ansible/ ./
RUN bash ./run-playbook.sh install.yaml &&\
sed -i 's/listen *80/listen 8080/g' /etc/nginx/nginx.conf ;\
sed -i 's/:80/:8080/g' /etc/nginx/nginx.conf ;\
sed -i 's/user *nginx/user fusioniam/g' /etc/nginx/nginx.conf ;\
sed -i 's@fastcgi_pass.*@fastcgi_pass unix:/var/run/php-fpm/www.sock;@g' /etc/nginx/default.d/php.conf ;\
chown -R fusioniam:fusioniam /var/cache/fusiondirectory ;\
rm -f install.yaml
FVERSION=../../VERSION
FDEPEND=DEPENDENCY
CTN=`which podman >/dev/null 2>&1 && echo podman || echo docker`
IMAGENAME="fusioniam-centos8-fusiondirectory"
VDEPEND=`cat $(FDEPEND)`
VVERSION=`cat $(FVERSION)`
all:
make -B fusiondirectory
clean:
$(CTN) rmi -f $(IMAGENAME):$(VVERSION)
fusiondirectory:
$(CTN) build --build-arg DEPEND="$(VDEPEND)" --build-arg VERSION="$(VVERSION)" -t $(IMAGENAME):$(VVERSION) .
---
- hosts: localhost
vars:
CUSTOMERID: "{{ lookup('env', 'CUSTOMERID') | default(omit) }}"
LDAP_HOST: "{{ lookup('env', 'LDAP_HOST') | default('localhost',true) }}"
LDAP_PORT: "{{ lookup('env', 'LDAP_PORT') | default('33389',true) }}"
LDAP_PROTO: "{{ lookup('env', 'LDAP_PROTO') | default('ldap',true) }}"
LDAP_STARTTLS: "{{ lookup('env', 'LDAP_STARTTLS') | default('false',true) }}"
SSO_DOMAIN: "{{ lookup('env', 'SSO_DOMAIN') | default(omit) }}"
VHOST_NAME: "{{ lookup('env', 'FUSIONDIRECTORY_NAME') | default(omit) }}"
FUSIONDIRECTORY_LDAP_PASSWORD: "{{ lookup('env', 'FUSIONDIRECTORY_LDAP_PASSWORD') | default(omit) }}"
FUSIONDIRECTORY_LDAP_USERNAME: "{{ lookup('env', 'FUSIONDIRECTORY_LDAP_USERNAME') | default(omit) }}"
tasks:
- name: Assert variables
assert:
that:
- '"{{ item.value }}" is defined'
- '{{ item.value | length }} > 0'
quiet: True
fail_msg: '{{ item.name }} is missing or empty'
loop:
- name: 'CUSTOMERID'
value: '{{ CUSTOMERID }}'
- name: 'LDAP_HOST'
value: '{{ LDAP_HOST }}'
- name: 'LDAP_PORT'
value: '{{ LDAP_PORT }}'
- name: 'LDAP_PROTO'
value: '{{ LDAP_PROTO }}'
- name: 'LDAP_STARTTLS'
value: '{{ LDAP_STARTTLS }}'
- name: 'SSO_DOMAIN'
value: '{{ SSO_DOMAIN }}'
- name: 'VHOST_NAME'
value: '{{ VHOST_NAME }}'
- name: 'FUSIONDIRECTORY_LDAP_PASSWORD'
value: '{{ FUSIONDIRECTORY_LDAP_PASSWORD }}'
- name: 'FUSIONDIRECTORY_LDAP_USERNAME'
value: '{{ FUSIONDIRECTORY_LDAP_USERNAME }}'
- name: Deploy fusiondirectory.conf file
template:
src: fusiondirectory.conf.j2
dest: /etc/fusiondirectory/fusiondirectory.conf
mode: u=rw,g=r,o=r
- name: Deploy vhost
template:
src: fusiondirectory-nginx.conf.j2
dest: /etc/nginx/conf.d/fusiondirectory.conf
mode: u=rw,g=r,o=r
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.5 (GNU/Linux)
mQGiBEpM/vsRBACPS+MZ7o9qdx4NDquqA6oBy9ROlI/ls5k2vVkW9IZTr5z8jBEk
zI3vNN2bl5uMKOYpgd416bGYa1RXo4VVS549i+BqECapb+/xp4BBdiGmrMGHFpBj
EaAE5oQcvAZ/gkJ4gvuRtfVmWZVLPdUun3Y8RUwDkidn7v3ga396n+4O9wCgsuAM
15R3NedYtq381be+PxbKnSsD/A6MDUOF9hayWxyMixP2iOZ20/P8lfZ5AZ7fzafw
7sx+47J9CLu4jByIkBqWQbrsioqL03dklvxA5gvEaPB4ShEod5QPvqi0GZdQcq/5
LnVUfcsEK1OetugYm7FKAj8PuGQGPa8p1F954b+4zHoETnd1lwpYkggp080sfTHs
s1l3A/9sKDiOW19CLgTOYbm9P90NBlKVTu5Gk3S+2y9mACUBZgocdfbKMATG8JFh
bGb0CJIAroAt3l08B9C7at+wcq/p83A+HrjBvpAv2hhagqQvQq/ShnLtlQCvVXx5
d7iMQUGn2pCb3hcDYJ90zT0xh6IjksYFI4sbEASPivkpf9HIprQyQ2xlbWVudCBP
VURPVCAoTFRCLXByb2plY3QpIDxjbGVtLm91ZG90QGdtYWlsLmNvbT6IYAQTEQIA
IAUCSkz++wIbAwYLCQgHAwIEFQIIAwQWAgMBAh4BAheAAAoJEArFH5JtRb/Fya4A
oKJgXsq3EMpYbQwTOe3pCfDyhSXJAJwJ2Y8Fe8Xd4txkOf92ZDVLB1SDb7kCDQRK
TP7+EAgAzEYvVE/p21nw5dkgW2kjhpi0ZxBb8WbyBSgtWBuNDbPssrEb75O92CEG
fXpSEk8hi4J1XEs/xUF+eUR0Z9mI2eHcxoBrxv8Stu3jiVTQhGcBzZ8GwPjZC7+Z
GaaRL/GaByrbj8aBbH88wpDZLu5YfLD21ChLqrtsU/fzvFw6oMValA5LE4ZwjPVP
jQhIikMXCqsMOdbvfut2Cp3f7mvQWDIh1GfucQvBz4AcTqdXvVXDDJBNQRZMdCzK
fLpAfhXbqjSgylag7KyrPDMTxYRqgzsAFeqCktp14NAcKVXAotpcrVfyzFwRGOCD
EopOAvJy0FmLQZdgdDVlYmsTarq0uwADBQf/QO/nA1fXsNZ28Feh3JVoWoGHij9i
njMPcxRgBppHUntx7Nfyx616UTvfQpvlFl7vQk44Po5U7WYOwM7ymyx/a/etpvOk
CQfGsiwBtsPNvRTFx/0UQmLI6AcWvzMS1LpU6oLofJ7PFU4z3VVkEMxeyPkOjmXm
r3mAqoM38r2nSGFqefHL4Gjp5zt7ovSJPgviutKTFiBTZdIWNYnnlZMkk6Bk5aLm
qezR2xEis6z4QTkzzjZ2N7iXGvkdU32BJdINFMSL74rHvbkpZbP4NuatZwea85YH
4EoAVc9NQWsRGMBH1m7nFPZWi+8nYtHrGvD2PDDPvsO9ye6nyErmQrX5vYhJBBgR
AgAJBQJKTP7+AhsMAAoJEArFH5JtRb/Fa3UAn1vjVKKSR61z6Y0bwtn1schgWr9m
AKCBf9v5/CF14rlyNfl4xNTHA7og0w==
=M5DF
-----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBFpYvNcBEAC2zo9//ebrNepP/TKSCSwRb2V1VGRLL8SS1RrthG26xr/VTxDC
p7ZSxYdEcFl/f0ppjrjTp9LPrPqKL+Hjjw1eDJjRWNOXgSNW/uD5TO5vrbTiIzmb
QIWdMoZ7RUc1pJNHn5DtCjp/6Cm7ntijqxcNYOYd4TEAvv9DPHrj5mYCgLQJ++BT
oONap0cLCRTcEH8q+GqLfwgnLEJ2g7HJYtmlte6YsuKK23GjpvQaNoAzA72aCr47
JKVhH1k1Fzaw1M8tTURe5WWZvxGT/lD+pl0Cf39X7bbatR1r9RiijGROhMfndyO/
wqTKLk6gY6Lm5pj6RTKFg+6AUixcUOn0t2zWY7V4VFNnsxACLcQx04zp9T0lRofc
FCN0HQAMBzo52stezMvLJlncuMYgHuzbkCf7Avan15MwzOO8rrq5v2tokm6tB0Mf
SRK7HT04gBVxJT9Y9IiACr7iCcIJcgysbHsR7LbJay+15xWDA6ywdeXt50MKxUpl
MWeqMnCCdQSNMFRp9hdoKZuo/7PUI+4Wc6ShiFH+WqZ33E6EZbVowC/NHvhrftTP
yo+t6h/ok6l5j+gLYA+Y9VNtt9kfC7rhl1c+3oh01zkO/WVEFy7RDLOm8ah75oMF
2hKP4FSfX3cX7n9baPhKcFHx2namblICnoNBAIDvG9H6/6EYVhTMzDOI2QARAQAB
tClSZW1pJ3MgUlBNIHJlcG9zaXRvcnkgPHJlbWlAcmVtaXJlcG8ubmV0PokCTgQT
AQgAOBYhBGs4/qcjH4f1K5yp2FVQl1lfEXNaBQJaWLzXAhsDBQsJCAcCBhUICQoL
AgQWAgMBAh4BAheAAAoJEFVQl1lfEXNaM5gP/0k2snbeOKSS93DXz8gnItcU8isw
jfy+DA8Oum0vItugVtAnykLgB1h0KyVokuT9QII1KfourxVS4UZo+1QsEAxT/JS0
DT1kWC69kdZzx2j6N5fatBQ/xq8btIHpPl/guaaxgz4db3Hnzly+Gjako1zRUK28
F87i41fAjgky5qbjozqodBfmRCFRqUzX23MtP/b3+GYz4WL4KSPg/OmiPwosYH41
faVH34eFTrXFehOMyjTuAR5MZty+nQUO1gUJrmPYaKiRHnymz0aRPOF8YVpFxVV/
wQBRUGzNpK/UkQPja5w0Ec3EuOoDd3Vn0P1QCSOmicrCkGd6bEcPqL6tIlT0NQ1H
uKv6HJWAlorivFVhfIku+nyBmv5A9j28A80ut8tlRoHIm7RJiPc8INBd7hguNreh
M+iHzGWIrfg255AYt8T+h2LQkMcrIap93U/UYq8d9VKDkJ1uQ+sMtET8wk2RkHhu
GJwJmEFzLUNQ7e156yr3N1BS7caa5grguW1UxOeV2NoFX2e3Wm2VygZymNwa6mZO
7gQPyIY3iWw4WHj5oFKSAYqHcjWOgBQm2V1mGgDJB5j9noI0hJNH533QKK1C/D/g
n9TUOF0G7XthASeYxBHut3y8JalOXWKj+cmXf6+Nw37Q0X6bu+CcEiQN2L8sKwE0
AYmegXGCr9nQi4AkuQINBFpYvNcBEADHD25KtshnEgQLXgexLk5K3WBjCDR/d/vg
no5Tl/6lWRQqpwFAo6N1fCAKoUhlFhdsxR40dNAA8QPYT/EK9c7j/PbknGzp0+dY
vSa7HNQ71JeoEjv/y+UFnZA6ZvDspkNCkj35hc8tDXpJtf3Vbv3gaA7gZ6fpw9OT
/xA6P1leMB1JQm9QEgeiHeNH0rLLpHmfMjMippl3JxL5S4N7FzXmJtnYxpgEn9k/
MMGg4zLisCZeJoT/VU8usjFuV3PPXNnVir3iBv2TwJM9qjcZ48YWfy4ZkFXf+SH0
1fkVkBmmuRs316rIftjnjBWXNaA/StpM2OCCx7ktnj+rIX9Pxnvlz9izDKhqHcUB
cUS3gVkMH7NBTuoP/vIFbenpbOPqRdCVS7u1fpk180T5zyyEEcyzEgWaqCz5soR1
EG7zRTnPb6u9FTsOX9XU6zhOrYd4SZRWFlvkMtcPpW0o126RVAQ8uys0pH2fR3e1
rRWngKs2dAOrKbbITLtXqrXZjlZOWMJS5pDbu8RsMwJDc7yHAJ1O0pYE2SC8vgqg
ZjHZeJ8mrobVcvMXnLCzyri8ZcuIDKGscmiOznN666t2yaYYIf2EmkrzjKxh09M8
NdpNG/LxyIn3kAG4vObjmKZ0r2BHlsdyJ33wN1qSWtFKeZrc8JnQJbT3eHE0VMP7
/UjxADwqZQARAQABiQI2BBgBCAAgFiEEazj+pyMfh/UrnKnYVVCXWV8Rc1oFAlpY
vNcCGwwACgkQVVCXWV8Rc1qyQw//W4DqpkzQMjcnTrjwPq5daxJSQnPKhatVQj2o
bdb0yRo+Qd8YoTFlldQJY1+zzRiiQ7qO40DZWU/mejgMajmOX2tjFozCa3ENbb6r
w49BlSbrMyI2kAOtwSTehrzprgzblQhcQy0mM4oxRePQcRZynN4nYA8afb5ROjzN
Cb4+UAlnTKGukzakmRiPKUInepdTUnA/4UZFQEHj2nb8iP/RxeI1bCMOQoxQMhYh
dpsCoCOKcmvNYZPVjz3/tmdjet+5WLtzy4xcYqOJQ6aNF4ggjBfuMYRuiFjpMazm
FS1kDcYtcEAOV6tZ+dlsHYJdoJh52ghUs/kxPJlZM+VzFv/10ToWpCNVwqC+BDXC
gXUZYxo5XIwUzIbUlHuhVcGsCxEgndaf5qzu0UWGoLdmLgo56yg4ivUATGRnm92T
WXgjHzSuJhsVEmriswqxd1h4R9EF1TWNhwc4RhrvomzDTuXIy3kAaORqVxCZgbxj
sSY0+jqkX/AEU0cR4aiD4fEvMPeHJwoo0vnS1nETi2KZrhEnGa6JhJxe91V0vAxR
9tBx2KLkl4uYHJELoH9JOcv4WMFMgdoA2MjcIzhH5Cc4t+vQC2cK8lLT7IiGfI57
vhFCsz+GEqHusDfQgLAp0onI9wwCUwtiFZh4jMOJvk6HMGaGVSP30zh1bGqIPjFS
qk7agVI=
=sJgk
-----END PGP PUBLIC KEY BLOCK-----
[www]
user = fusioniam
group = fusioniam
listen = /run/php-fpm/www.sock
listen.acl_users = apache,nginx,fusioniam
listen.allowed_clients = 127.0.0.1
pm = dynamic
pm.max_children = 120
pm.start_servers = 12
pm.min_spare_servers = 6
pm.max_spare_servers = 20
slowlog = /var/log/php-fpm/www-slow.log
php_admin_value[error_log] = /var/log/php-fpm/www-error.log
php_admin_flag[log_errors] = on
php_value[session.save_handler] = files
php_value[session.save_path] = /var/lib/php/session
php_value[soap.wsdl_cache_dir] = /var/lib/php/wsdlcache
---
- hosts: localhost
tasks:
- name: Install LTB repository
yum_repository:
name: LTB-project-packages-noarch
description: LTB project packages (noarch) YUM repo
file: ltb-project
baseurl: https://ltb-project.org/rpm/$releasever/noarch
gpgcheck: yes
- name: Install LTB GPG key
copy:
src: RPM-GPG-KEY-LTB-project
dest: /etc/pki/rpm-gpg/RPM-GPG-KEY-LTB-project
owner: root
group: root
mode: 0644
- name: Import LTB GPG key
rpm_key:
key: /etc/pki/rpm-gpg/RPM-GPG-KEY-LTB-project
state: present
- name: Install EPEL
yum:
name: epel-release
state: installed
- name: Install DNF plugin core
package:
name: dnf-plugins-core
state: installed
- name: Enable PowerTools
shell: yum config-manager --set-enabled powertools
- name: Install Remi GPG key
copy:
src: RPM-GPG-KEY-remi2018
dest: /etc/pki/rpm-gpg/RPM-GPG-KEY-remi.el8
owner: root
group: root
mode: 0644
- name: Import Remi GPG key
rpm_key:
key: /etc/pki/rpm-gpg/RPM-GPG-KEY-remi.el8
state: present
- name: Install Remi repo
yum:
name: "https://rpms.remirepo.net/enterprise/remi-release-8.rpm"
state: 'present'
- name: Enable PHP 7.4 Remi repo
shell: dnf -y module install php:remi-7.4
- name: Install required packages
yum:
name:
- nginx
- git
- php
- php-Smarty
- php-fpm
- php-ldap
- perl-Path-Class
- perl-LDAP
- perl-MIME-Base64
- perl-Digest-SHA
- perl-Crypt-CBC
- perl-Bytes-Random-Secure
- perl-Archive-Extract
- perl-File-Copy-Recursive
- perl-XML-Twig
state: present
- name: Install php-fpm configuration
copy:
src: php-fpm.www.conf
dest: /etc/php-fpm.d/www.conf
- name: Create directories
file:
path: "{{ item }}"
state: directory
with_items:
- '/etc/fusiondirectory'
- '/etc/ldap/schema/fusiondirectory'
- '/usr/share/fusiondirectory'
- '/usr/local/share/fusiondirectory'
- '/var/cache/fusiondirectory'
- name: Clone FD git repository
git:
repo: 'https://gitlab.fusiondirectory.org/fusiondirectory/fd.git'
dest: '/usr/src/fd'
version: '1.4-dev'
- name: Install binaries
copy:
src: /usr/src/fd/contrib/bin/{{ item }}
dest: /usr/local/bin/
owner: root
group: root
mode: 0755
remote_src: yes
with_items:
- fusiondirectory-insert-schema
- fusiondirectory-setup
- name: Install Smarty plugins
copy:
src: /usr/src/fd/contrib/smarty/plugins/
dest: /usr/share/php/smarty3/plugins/
owner: root
group: root
mode: 0644
remote_src: yes
- name: Install source files
copy:
src: /usr/src/fd/{{ item }}
dest: /usr/local/share/fusiondirectory/
owner: root
group: root
mode: 0755
remote_src: yes
directory_mode: yes
with_items:
- html
- ihtml
- locale
- plugins
- setup
- include
- name: Check directories
command: /usr/local/bin/fusiondirectory-setup --set-fd_home=/usr/local/share/fusiondirectory --yes --check-directories
- name: Update cache and locales
command: /usr/local/bin/fusiondirectory-setup --set-fd_home=/usr/local/share/fusiondirectory --yes --update-cache --update-locales --write-vars
#!/bin/sh
set -e
echo "fusioniam:x:$(id -u):$(id -g):,,,:${HOME}:/bin/bash" >> /etc/passwd
echo "fusioniam:x:$(id -G | cut -d' ' -f 2)" >> /etc/group
/bin/bash /run-playbook.sh /deploy.yaml
if [ "$1" = "nginx" ]
then
ln -sf /dev/stdout /var/log/nginx/access.log
ln -sf /dev/stdout /var/log/nginx/error.log
ln -sf /dev/stdout /var/log/nginx/fd.access.log
ln -sf /dev/stdout /var/log/nginx/fd.error.log
/usr/sbin/nginx -g 'daemon off;'
elif [ "$1" = "php-fpm" ]
then
ln -sf /dev/stdout /var/log/php-fpm/error.log
ln -sf /dev/stdout /var/log/php-fpm/www-error.log
/usr/sbin/php-fpm --nodaemonize
fi
exit 0
server {
listen 8080;
root /usr/local/share/fusiondirectory/html;
index index.php;
server_name {{ VHOST_NAME }}.{{ SSO_DOMAIN }};
access_log /var/log/nginx/fd.access.log;
error_log /var/log/nginx/fd.error.log;
location ~ \.php(?:$|/) {
fastcgi_pass unix:/var/run/php-fpm/www.sock;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
}
location / {
try_files $uri $uri/ =404;
}
}
<?xml version="1.0"?>
<conf>
<!-- Main section **********************************************************
The main section defines global settings, which might be overridden by
each location definition inside.
For more information about the configuration parameters, take a look at
the FusionDirectory.conf(5) manual page.
-->
<main default="default"
logging="TRUE"
displayErrors="TRUE"
forceSSL="FALSE"
templateCompileDirectory="/var/spool/fusiondirectory/"
debugLevel="0"
>
<!-- Location definition -->
<location name="default"
>
<referral URI="{{ LDAP_PROTO }}://{{ LDAP_HOST }}:{{ LDAP_PORT }}" base="dc=fusioniam,dc=org"
adminDn="cn={{ FUSIONDIRECTORY_LDAP_USERNAME }},ou=dsa,o=admin,dc=fusioniam,dc=org"
adminPassword="{{ FUSIONDIRECTORY_LDAP_PASSWORD }}" />
</location>
</main>
</conf>
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment