From 9e4e2f7b99ab8816afcf51e9575d75ccf73fb23f Mon Sep 17 00:00:00 2001 From: Quentin Dufour Date: Mon, 21 Sep 2020 16:29:49 +0200 Subject: Add plume --- README.md | 1 + app/config/restore_configuration.sh | 2 +- app/config/secrets/.gitignore | 1 + app/config/secrets/plume/pgsql_pw.sh | 2 + app/config/secrets/plume/secret_key.sh | 2 + app/deployment/plume.hcl | 71 ++++++++++++++++++++++++++++++++++ op_guide/create_database/README.md | 29 +++++++++----- 7 files changed, 97 insertions(+), 11 deletions(-) create mode 100755 app/config/secrets/plume/pgsql_pw.sh create mode 100755 app/config/secrets/plume/secret_key.sh create mode 100644 app/deployment/plume.hcl diff --git a/README.md b/README.md index 7c7a3a6..469a4d1 100644 --- a/README.md +++ b/README.md @@ -81,6 +81,7 @@ alias bind_df="ssh \ -L 4646:127.0.0.1:4646 \ -L 8500:127.0.0.1:8500 \ -L 8082:traefik.service.2.cluster.deuxfleurs.fr:8082 \ + -L 5432:psql-proxy.service.2.cluster.deuxfleurs.fr:5432 \ " ``` diff --git a/app/config/restore_configuration.sh b/app/config/restore_configuration.sh index 33742e5..63d71a1 100755 --- a/app/config/restore_configuration.sh +++ b/app/config/restore_configuration.sh @@ -1,7 +1,7 @@ #!/bin/bash find {configuration,secrets}/$1 -type f \ - | grep --perl-regexp --invert-match "\.sample$|\.gen$|/.gitignore$" \ + | grep --perl-regexp --invert-match "\.sample$|\.gen$|\.gitignore|\.sh$" \ | while read filename; do consul kv put "${filename}" "@${filename}" done diff --git a/app/config/secrets/.gitignore b/app/config/secrets/.gitignore index 1d7b40b..2ff3cd5 100644 --- a/app/config/secrets/.gitignore +++ b/app/config/secrets/.gitignore @@ -5,6 +5,7 @@ # Whitelist some patterns !*.sample !*.gen +!*.sh !.gitignore # Whitelist specific files diff --git a/app/config/secrets/plume/pgsql_pw.sh b/app/config/secrets/plume/pgsql_pw.sh new file mode 100755 index 0000000..519a30a --- /dev/null +++ b/app/config/secrets/plume/pgsql_pw.sh @@ -0,0 +1,2 @@ +#!/bin/bash +openssl rand -base64 32 > pgsql_pw diff --git a/app/config/secrets/plume/secret_key.sh b/app/config/secrets/plume/secret_key.sh new file mode 100755 index 0000000..f4bbee5 --- /dev/null +++ b/app/config/secrets/plume/secret_key.sh @@ -0,0 +1,2 @@ +#!/bin/bash +openssl rand -base64 32 > secret_key diff --git a/app/deployment/plume.hcl b/app/deployment/plume.hcl new file mode 100644 index 0000000..89afcf5 --- /dev/null +++ b/app/deployment/plume.hcl @@ -0,0 +1,71 @@ +job "plume" { + datacenters = ["dc1"] + type = "service" + + constraint { + attribute = "${attr.cpu.arch}" + value = "amd64" + } + + group "plume" { + count = 1 + task "plume" { + driver = "docker" + config { + image = "plumeorg/plume:v0.5.0" + port_map { + web_port = 7878 + } + #command = "cat" + #args = [ "/dev/stdout" ] + volumes = [ + "/mnt/glusterfs/plume/media:/app/static/media", + "/mnt/glusterfs/plume/search:/app/search_index" + ] + } + + artifact { + source = "http://127.0.0.1:8500/v1/kv/configuration/plume/app.env?raw" + destination = "secrets/app.env.tpl" + mode = "file" + } + template { + source = "secrets/app.env.tpl" + destination = "secrets/app.env" + env = true + } + + resources { + memory = 100 + cpu = 100 + network { + port "web_port" {} + } + } + + service { + name = "plume" + tags = [ + "plume", + "traefik.enable=true", + "traefik.frontend.entryPoints=https,http", + "traefik.frontend.rule=Host:plume.deuxfleurs.fr", + ] + port = "web_port" + address_mode = "host" + check { + type = "tcp" + port = "web_port" + interval = "60s" + timeout = "5s" + check_restart { + limit = 3 + grace = "600s" + ignore_warnings = false + } + } + } + } + } +} + diff --git a/op_guide/create_database/README.md b/op_guide/create_database/README.md index 7084a10..7d49c97 100644 --- a/op_guide/create_database/README.md +++ b/op_guide/create_database/README.md @@ -1,15 +1,24 @@ +## 1. Create a LDAP user and assign a password for your service + +Go to guichet.deuxfleurs.fr + + 1. Everything takes place in `ou=services,ou=users,dc=deuxfleurs,dc=fr` + 2. Create a new user, like `johny` + 3. Generate a random password with `openssl rand -base64 32` + 4. Hash it with `slappasswd` + 5. Add a `userpassword` entry with the hash + +## 2. Connect to postgres with the admin users + ```bash -ssh root@ -docker run -t -i superboum/amd64_postgres:v1 -psql -h psql-proxy.service.2.cluster.deuxfleurs.fr -p 25432 -U postgres -W postgres +# 1. Launch ssh tunnel given in the README +# 2. Make sure you have postregsql client installed locally +psql -h localhost -U postgres -W postgres ``` -```sql -CREATE USER seafile; -CREATE DATABASE seafile ENCODING 'UTF8' LC_COLLATE='C' LC_CTYPE='C' template=template0 OWNER seafile; --- GRANT ALL PRIVILEGES ON DATABASE seafile TO seafile; -``` +## 3. Create the binded users with LDAP in postgres + the database -``` -consul kv import @ldapkv_seafile.json +```sql +CREATE USER johny; +CREATE DATABASE amazingapp OWNER johny; ``` -- cgit v1.2.3