diff options
author | Quentin <quentin@dufour.io> | 2021-01-18 08:18:21 +0100 |
---|---|---|
committer | Quentin <quentin@dufour.io> | 2021-01-18 08:18:21 +0100 |
commit | ad6017eea058f7cb6fdf078783f992a4f45a3e15 (patch) | |
tree | 6620bcc9e1ea61a5689b763b9ad8280275e35e76 /app/seafile/build/mariadb | |
parent | 79b7273ff2a487d6721d393682c8ad3927467a75 (diff) | |
parent | c642370def01f09d966b3b9c643cfe416ea115cf (diff) | |
download | infrastructure-ad6017eea058f7cb6fdf078783f992a4f45a3e15.tar.gz infrastructure-ad6017eea058f7cb6fdf078783f992a4f45a3e15.zip |
Merge pull request 'Reorganize app/ and add script for secret management' (#29) from test_reorganize into master
Reviewed-on: https://git.deuxfleurs.fr/Deuxfleurs/infrastructure/pulls/29
Diffstat (limited to 'app/seafile/build/mariadb')
-rw-r--r-- | app/seafile/build/mariadb/60-disable-dialog.cnf | 3 | ||||
-rw-r--r-- | app/seafile/build/mariadb/60-ldap.cnf | 3 | ||||
-rw-r--r-- | app/seafile/build/mariadb/60-remote.cnf | 2 | ||||
-rw-r--r-- | app/seafile/build/mariadb/Dockerfile | 14 | ||||
-rw-r--r-- | app/seafile/build/mariadb/README.md | 19 | ||||
-rwxr-xr-x | app/seafile/build/mariadb/entrypoint.sh | 50 | ||||
-rw-r--r-- | app/seafile/build/mariadb/nsswitch.conf | 21 | ||||
-rw-r--r-- | app/seafile/build/mariadb/pam-mariadb | 2 |
8 files changed, 114 insertions, 0 deletions
diff --git a/app/seafile/build/mariadb/60-disable-dialog.cnf b/app/seafile/build/mariadb/60-disable-dialog.cnf new file mode 100644 index 0000000..d41731a --- /dev/null +++ b/app/seafile/build/mariadb/60-disable-dialog.cnf @@ -0,0 +1,3 @@ +[mariadb] +pam_use_cleartext_plugin +bind-address = 0.0.0.0 diff --git a/app/seafile/build/mariadb/60-ldap.cnf b/app/seafile/build/mariadb/60-ldap.cnf new file mode 100644 index 0000000..72ffb9f --- /dev/null +++ b/app/seafile/build/mariadb/60-ldap.cnf @@ -0,0 +1,3 @@ +[mariadb] +plugin-load=auth_pam.so + diff --git a/app/seafile/build/mariadb/60-remote.cnf b/app/seafile/build/mariadb/60-remote.cnf new file mode 100644 index 0000000..acf8f9b --- /dev/null +++ b/app/seafile/build/mariadb/60-remote.cnf @@ -0,0 +1,2 @@ +[mysqld] +bind-address = * diff --git a/app/seafile/build/mariadb/Dockerfile b/app/seafile/build/mariadb/Dockerfile new file mode 100644 index 0000000..15ef954 --- /dev/null +++ b/app/seafile/build/mariadb/Dockerfile @@ -0,0 +1,14 @@ +FROM debian:stretch + +RUN apt-get update && \ + apt-get dist-upgrade -y && \ + DEBIAN_FRONTEND=noninteractive apt-get install -y mariadb-server mariadb-client libnss-ldapd + +COPY 60-ldap.cnf /etc/mysql/mariadb.conf.d/60-ldap.cnf +COPY 60-remote.cnf /etc/mysql/mariadb.conf.d/60-remote.cnf +COPY 60-disable-dialog.cnf /etc/mysql/mariadb.conf.d/60-disable-dialog.cnf +COPY pam-mariadb /etc/pam.d/mariadb +COPY nsswitch.conf /etc/nsswitch.conf +COPY entrypoint.sh /usr/local/bin/entrypoint + +ENTRYPOINT ["/usr/local/bin/entrypoint"] diff --git a/app/seafile/build/mariadb/README.md b/app/seafile/build/mariadb/README.md new file mode 100644 index 0000000..1a3b8aa --- /dev/null +++ b/app/seafile/build/mariadb/README.md @@ -0,0 +1,19 @@ +``` +sudo docker build -t superboum/amd64_mariadb:v3 . + +sudo docker run \ + -t -i \ + -p 3306:3306 \ + -v /tmp/mysql:/var/lib/mysql \ + -e LDAP_URI='ldap://bottin.service.2.cluster.deuxfleurs.fr' \ + -e LDAP_BASE='ou=users,dc=deuxfleurs,dc=fr' \ + -e LDAP_VERSION=3 \ + -e LDAP_BIND_DN='cn=admin,dc=deuxfleurs,dc=fr' \ + -e LDAP_BIND_PW='xxxx' \ + -e MYSQL_PASSWORD='xxxx' \ + superboum/amd64_mariadb:v1 \ + tail -f /var/log/mysql/error.log + +CREATE USER quentin@localhost IDENTIFIED VIA pam USING 'mariadb'; + +``` diff --git a/app/seafile/build/mariadb/entrypoint.sh b/app/seafile/build/mariadb/entrypoint.sh new file mode 100755 index 0000000..7ebf049 --- /dev/null +++ b/app/seafile/build/mariadb/entrypoint.sh @@ -0,0 +1,50 @@ +#!/bin/bash + +set -e + +cat > /etc/nslcd.conf <<EOF +# /etc/nslcd.conf +# nslcd configuration file. See nslcd.conf(5) +# for details. + +# The user and group nslcd should run as. +uid nslcd +gid nslcd + +# The location at which the LDAP server(s) should be reachable. +uri ${LDAP_URI} + +# The search base that will be used for all queries. +base ${LDAP_BASE} + +# The LDAP protocol version to use. +ldap_version ${LDAP_VERSION} + +# The DN to bind with for normal lookups. +binddn ${LDAP_BIND_DN} +bindpw ${LDAP_BIND_PW} + +# The DN used for password modifications by root. +#rootpwmoddn cn=admin,dc=example,dc=com + +# SSL options +#ssl off +#tls_reqcert never +tls_cacertfile /etc/ssl/certs/ca-certificates.crt + +# The search scope. +#scope sub +EOF + +/usr/sbin/nslcd + +chown mysql:mysql /var/lib/mysql +[ -z "$(ls -A /var/lib/mysql)" ] && mysql_install_db --user=mysql --basedir=/usr --datadir=/var/lib/mysql + +/usr/bin/mysqld_safe & + +until ls /var/run/mysqld/mysqld.sock; do sleep 1; done +/usr/bin/mysqladmin -u root password ${MYSQL_PASSWORD} || true + +exec "$@" + diff --git a/app/seafile/build/mariadb/nsswitch.conf b/app/seafile/build/mariadb/nsswitch.conf new file mode 100644 index 0000000..853348e --- /dev/null +++ b/app/seafile/build/mariadb/nsswitch.conf @@ -0,0 +1,21 @@ +# /etc/nsswitch.conf +# +# Example configuration of GNU Name Service Switch functionality. +# If you have the `glibc-doc-reference' and `info' packages installed, try: +# `info libc "Name Service Switch"' for information about this file. + +passwd: files ldap +group: files ldap +shadow: files ldap +gshadow: files + +hosts: files dns +networks: files + +protocols: db files +services: db files +ethers: db files +rpc: db files + +netgroup: nis + diff --git a/app/seafile/build/mariadb/pam-mariadb b/app/seafile/build/mariadb/pam-mariadb new file mode 100644 index 0000000..e1bb814 --- /dev/null +++ b/app/seafile/build/mariadb/pam-mariadb @@ -0,0 +1,2 @@ +auth required pam_ldap.so +account required pam_ldap.so |