From acdb34027b361cccfe6200ed8f087aa146d0ab55 Mon Sep 17 00:00:00 2001 From: Alex Auvolat Date: Tue, 11 Feb 2020 21:52:57 +0100 Subject: WIP: update mysql/seafile to use their own ldap user in ou=services --- consul/configuration/.gitignore | 1 + consul/configuration/seafile/conf/ccnet.conf | 29 ++++++++++++++++++++++ .../configuration/seafile/conf/ccnet.conf.sample | 29 ---------------------- nomad/seafile.hcl | 14 ++++++++--- 4 files changed, 40 insertions(+), 33 deletions(-) create mode 100644 consul/configuration/seafile/conf/ccnet.conf delete mode 100644 consul/configuration/seafile/conf/ccnet.conf.sample diff --git a/consul/configuration/.gitignore b/consul/configuration/.gitignore index 8c55cc6..d54ae44 100644 --- a/consul/configuration/.gitignore +++ b/consul/configuration/.gitignore @@ -10,6 +10,7 @@ # Whitelist specific files !seafile/conf/seafdav.conf +!seafile/conf/ccnet.conf !seafile/ccnet/seafile.ini !email/dkim/keytable diff --git a/consul/configuration/seafile/conf/ccnet.conf b/consul/configuration/seafile/conf/ccnet.conf new file mode 100644 index 0000000..2395a9b --- /dev/null +++ b/consul/configuration/seafile/conf/ccnet.conf @@ -0,0 +1,29 @@ +[General] +USER_NAME = deuxfleurs +ID = {{ key "secrets/seafile/ccnet/seafile_id" | trimSpace }} +NAME = deuxfleurs +SERVICE_URL = https://cloud.deuxfleurs.fr + +[Network] +PORT = 10001 + +[Client] +PORT = 13418 + +[LDAP] +HOST = ldap://bottin2.service.2.cluster.deuxfleurs.fr/ +BASE = ou=users,dc=deuxfleurs,dc=fr +USER_DN = {{ key "secrets/seafile/ccnet/ldap_binddn" | trimSpace }} +FILTER = memberOf=CN=seafile,OU=groups,DC=deuxfleurs,DC=fr +PASSWORD = {{ key "secrets/seafile/ccnet/ldap_bindpwd" | trimSpace }} +LOGIN_ATTR = mail + +[Database] +ENGINE = mysql +HOST = mariadb.service.2.cluster.deuxfleurs.fr +PORT = 3306 +USER = seafile +PASSWD = {{ key "secrets/seafile/ccnet/mysql_pwd" | trimSpace }} +DB = ccnet-db +CONNECTION_CHARSET = utf8 + diff --git a/consul/configuration/seafile/conf/ccnet.conf.sample b/consul/configuration/seafile/conf/ccnet.conf.sample deleted file mode 100644 index 76f4da9..0000000 --- a/consul/configuration/seafile/conf/ccnet.conf.sample +++ /dev/null @@ -1,29 +0,0 @@ -[General] -USER_NAME = deuxfleurs -ID = -NAME = deuxfleurs -SERVICE_URL = https://cloud.deuxfleurs.fr - -[Network] -PORT = 10001 - -[Client] -PORT = 13418 - -[LDAP] -HOST = ldap://bottin2.service.2.cluster.deuxfleurs.fr/ -BASE = ou=users,dc=deuxfleurs,dc=fr -USER_DN = cn=,dc=deuxfleurs,dc=fr -FILTER = memberOf=CN=seafile,OU=groups,DC=deuxfleurs,DC=fr -PASSWORD = -LOGIN_ATTR = mail - -[Database] -ENGINE = mysql -HOST = mariadb.service.2.cluster.deuxfleurs.fr -PORT = 3306 -USER = seafile -PASSWD = -DB = ccnet-db -CONNECTION_CHARSET = utf8 - diff --git a/nomad/seafile.hcl b/nomad/seafile.hcl index c930396..1ffd1a1 100644 --- a/nomad/seafile.hcl +++ b/nomad/seafile.hcl @@ -111,6 +111,16 @@ job "seafile" { } } + artifact { + source = "http://127.0.0.1:8500/v1/kv/configuration/seafile/conf/ccnet.conf?raw" + destination = "secrets/conf/ccnet.conf.tpl" + mode = "file" + } + template { + source = "secrets/conf/ccnet.conf.tpl" + destination = "secrets/conf/ccnet.conf" + } + template { data = "{{ key \"configuration/seafile/ccnet/mykey.peer\" }}" destination = "secrets/ccnet/mykey.peer" @@ -119,10 +129,6 @@ job "seafile" { data = "{{ key \"configuration/seafile/ccnet/seafile.ini\" }}" destination = "secrets/ccnet/seafile.ini" } - template { - data = "{{ key \"configuration/seafile/conf/ccnet.conf\" }}" - destination = "secrets/conf/ccnet.conf" - } template { data = "{{ key \"configuration/seafile/conf/mykey.peer\" }}" destination = "secrets/conf/mykey.peer" -- cgit v1.2.3 From 6da7ecfa9f001f3a51a1bb183c782821934dec0c Mon Sep 17 00:00:00 2001 From: Alex Auvolat Date: Tue, 11 Feb 2020 22:36:45 +0100 Subject: Move ccnet.conf to ccnet.conf.tpl --- consul/configuration/.gitignore | 1 - consul/configuration/seafile/conf/ccnet.conf | 29 ------------------------ consul/configuration/seafile/conf/ccnet.conf.tpl | 29 ++++++++++++++++++++++++ nomad/seafile.hcl | 2 +- 4 files changed, 30 insertions(+), 31 deletions(-) delete mode 100644 consul/configuration/seafile/conf/ccnet.conf create mode 100644 consul/configuration/seafile/conf/ccnet.conf.tpl diff --git a/consul/configuration/.gitignore b/consul/configuration/.gitignore index d54ae44..8c55cc6 100644 --- a/consul/configuration/.gitignore +++ b/consul/configuration/.gitignore @@ -10,7 +10,6 @@ # Whitelist specific files !seafile/conf/seafdav.conf -!seafile/conf/ccnet.conf !seafile/ccnet/seafile.ini !email/dkim/keytable diff --git a/consul/configuration/seafile/conf/ccnet.conf b/consul/configuration/seafile/conf/ccnet.conf deleted file mode 100644 index 2395a9b..0000000 --- a/consul/configuration/seafile/conf/ccnet.conf +++ /dev/null @@ -1,29 +0,0 @@ -[General] -USER_NAME = deuxfleurs -ID = {{ key "secrets/seafile/ccnet/seafile_id" | trimSpace }} -NAME = deuxfleurs -SERVICE_URL = https://cloud.deuxfleurs.fr - -[Network] -PORT = 10001 - -[Client] -PORT = 13418 - -[LDAP] -HOST = ldap://bottin2.service.2.cluster.deuxfleurs.fr/ -BASE = ou=users,dc=deuxfleurs,dc=fr -USER_DN = {{ key "secrets/seafile/ccnet/ldap_binddn" | trimSpace }} -FILTER = memberOf=CN=seafile,OU=groups,DC=deuxfleurs,DC=fr -PASSWORD = {{ key "secrets/seafile/ccnet/ldap_bindpwd" | trimSpace }} -LOGIN_ATTR = mail - -[Database] -ENGINE = mysql -HOST = mariadb.service.2.cluster.deuxfleurs.fr -PORT = 3306 -USER = seafile -PASSWD = {{ key "secrets/seafile/ccnet/mysql_pwd" | trimSpace }} -DB = ccnet-db -CONNECTION_CHARSET = utf8 - diff --git a/consul/configuration/seafile/conf/ccnet.conf.tpl b/consul/configuration/seafile/conf/ccnet.conf.tpl new file mode 100644 index 0000000..2395a9b --- /dev/null +++ b/consul/configuration/seafile/conf/ccnet.conf.tpl @@ -0,0 +1,29 @@ +[General] +USER_NAME = deuxfleurs +ID = {{ key "secrets/seafile/ccnet/seafile_id" | trimSpace }} +NAME = deuxfleurs +SERVICE_URL = https://cloud.deuxfleurs.fr + +[Network] +PORT = 10001 + +[Client] +PORT = 13418 + +[LDAP] +HOST = ldap://bottin2.service.2.cluster.deuxfleurs.fr/ +BASE = ou=users,dc=deuxfleurs,dc=fr +USER_DN = {{ key "secrets/seafile/ccnet/ldap_binddn" | trimSpace }} +FILTER = memberOf=CN=seafile,OU=groups,DC=deuxfleurs,DC=fr +PASSWORD = {{ key "secrets/seafile/ccnet/ldap_bindpwd" | trimSpace }} +LOGIN_ATTR = mail + +[Database] +ENGINE = mysql +HOST = mariadb.service.2.cluster.deuxfleurs.fr +PORT = 3306 +USER = seafile +PASSWD = {{ key "secrets/seafile/ccnet/mysql_pwd" | trimSpace }} +DB = ccnet-db +CONNECTION_CHARSET = utf8 + diff --git a/nomad/seafile.hcl b/nomad/seafile.hcl index 1ffd1a1..dc076c6 100644 --- a/nomad/seafile.hcl +++ b/nomad/seafile.hcl @@ -112,7 +112,7 @@ job "seafile" { } artifact { - source = "http://127.0.0.1:8500/v1/kv/configuration/seafile/conf/ccnet.conf?raw" + source = "http://127.0.0.1:8500/v1/kv/configuration/seafile/conf/ccnet.conf.tpl?raw" destination = "secrets/conf/ccnet.conf.tpl" mode = "file" } -- cgit v1.2.3 From afaf89f7512036318bd7a187c91e19601b7470d6 Mon Sep 17 00:00:00 2001 From: Alex Auvolat Date: Sat, 15 Feb 2020 16:02:16 +0100 Subject: Add missing templated passwords --- .../configuration/seafile/conf/seafile.conf.sample | 19 -------------- consul/configuration/seafile/conf/seafile.conf.tpl | 19 ++++++++++++++ .../seafile/conf/seahub_settings.py.sample | 21 --------------- .../seafile/conf/seahub_settings.py.tpl | 21 +++++++++++++++ nomad/seafile.hcl | 30 +++++++++++++++------- 5 files changed, 61 insertions(+), 49 deletions(-) delete mode 100644 consul/configuration/seafile/conf/seafile.conf.sample create mode 100644 consul/configuration/seafile/conf/seafile.conf.tpl delete mode 100644 consul/configuration/seafile/conf/seahub_settings.py.sample create mode 100644 consul/configuration/seafile/conf/seahub_settings.py.tpl diff --git a/consul/configuration/seafile/conf/seafile.conf.sample b/consul/configuration/seafile/conf/seafile.conf.sample deleted file mode 100644 index cfe3592..0000000 --- a/consul/configuration/seafile/conf/seafile.conf.sample +++ /dev/null @@ -1,19 +0,0 @@ -[network] -port = 12001 - -[fileserver] -port = 8082 -max_upload_size=8192 -max_download_dir_size=8192 - -[database] -type = mysql -host = mariadb.service.2.cluster.deuxfleurs.fr -port = 3306 -user = seafile -password = -db_name = seafile-db -connection_charset = utf8 - -[quota] -default = 50 diff --git a/consul/configuration/seafile/conf/seafile.conf.tpl b/consul/configuration/seafile/conf/seafile.conf.tpl new file mode 100644 index 0000000..f224234 --- /dev/null +++ b/consul/configuration/seafile/conf/seafile.conf.tpl @@ -0,0 +1,19 @@ +[network] +port = 12001 + +[fileserver] +port = 8082 +max_upload_size=8192 +max_download_dir_size=8192 + +[database] +type = mysql +host = mariadb.service.2.cluster.deuxfleurs.fr +port = 3306 +user = seafile +password = {{ key "secrets/seafile/ccnet/mysql_pwd" | trimSpace }} +db_name = seafile-db +connection_charset = utf8 + +[quota] +default = 50 diff --git a/consul/configuration/seafile/conf/seahub_settings.py.sample b/consul/configuration/seafile/conf/seahub_settings.py.sample deleted file mode 100644 index 06aa7d3..0000000 --- a/consul/configuration/seafile/conf/seahub_settings.py.sample +++ /dev/null @@ -1,21 +0,0 @@ -SECRET_KEY = "8ep+sgi&s1-f2cq2178!ekk!0h0nw2y4z1-olbaopxmodsd8vk" -FILE_SERVER_ROOT = 'https://cloud.deuxfleurs.fr/seafhttp' -DATABASES = { - 'default': { - 'ENGINE': 'django.db.backends.mysql', - 'NAME': 'seahub-db', - 'USER': 'seafile', - 'PASSWORD': '', - 'HOST': 'mariadb.service.2.cluster.deuxfleurs.fr', - 'PORT': '3306', - 'OPTIONS': { - 'init_command': 'SET storage_engine=INNODB', - } - } -} -FILE_PREVIEW_MAX_SIZE = 100 * 1024 * 1024 -ENABLE_THUMBNAIL = True -THUMBNAIL_ROOT = '/mnt/seafile-data/thumbnail/thumb/' -THUMBNAIL_EXTENSION = 'png' -THUMBNAIL_DEFAULT_SIZE = '24' -PREVIEW_DEFAULT_SIZE = '300' diff --git a/consul/configuration/seafile/conf/seahub_settings.py.tpl b/consul/configuration/seafile/conf/seahub_settings.py.tpl new file mode 100644 index 0000000..6c63ee4 --- /dev/null +++ b/consul/configuration/seafile/conf/seahub_settings.py.tpl @@ -0,0 +1,21 @@ +SECRET_KEY = "8ep+sgi&s1-f2cq2178!ekk!0h0nw2y4z1-olbaopxmodsd8vk" +FILE_SERVER_ROOT = 'https://cloud.deuxfleurs.fr/seafhttp' +DATABASES = { + 'default': { + 'ENGINE': 'django.db.backends.mysql', + 'NAME': 'seahub-db', + 'USER': 'seafile', + 'PASSWORD': '{{ key "secrets/seafile/ccnet/mysql_pwd" | trimSpace }}', + 'HOST': 'mariadb.service.2.cluster.deuxfleurs.fr', + 'PORT': '3306', + 'OPTIONS': { + 'init_command': 'SET storage_engine=INNODB', + } + } +} +FILE_PREVIEW_MAX_SIZE = 100 * 1024 * 1024 +ENABLE_THUMBNAIL = True +THUMBNAIL_ROOT = '/mnt/seafile-data/thumbnail/thumb/' +THUMBNAIL_EXTENSION = 'png' +THUMBNAIL_DEFAULT_SIZE = '24' +PREVIEW_DEFAULT_SIZE = '300' diff --git a/nomad/seafile.hcl b/nomad/seafile.hcl index dc076c6..f118999 100644 --- a/nomad/seafile.hcl +++ b/nomad/seafile.hcl @@ -116,11 +116,31 @@ job "seafile" { destination = "secrets/conf/ccnet.conf.tpl" mode = "file" } - template { + template { source = "secrets/conf/ccnet.conf.tpl" destination = "secrets/conf/ccnet.conf" } + artifact { + source = "http://127.0.0.1:8500/v1/kv/configuration/seafile/conf/seafile.conf.tpl?raw" + destination = "secrets/conf/seafile.conf.tpl" + mode = "file" + } + template { + source = "secrets/conf/seafile.conf.tpl" + destination = "secrets/conf/seafile.conf" + } + + artifact { + source = "http://127.0.0.1:8500/v1/kv/configuration/seafile/conf/seahub_settings.py.tpl?raw" + destination = "secrets/conf/seahub_settings.py.tpl" + mode = "file" + } + template { + source = "secrets/conf/seahub_settings.py.tpl" + destination = "secrets/conf/seahub_settings.py" + } + template { data = "{{ key \"configuration/seafile/ccnet/mykey.peer\" }}" destination = "secrets/ccnet/mykey.peer" @@ -137,14 +157,6 @@ job "seafile" { data = "{{ key \"configuration/seafile/conf/seafdav.conf\" }}" destination = "secrets/conf/seafdav.conf" } - template { - data = "{{ key \"configuration/seafile/conf/seafile.conf\" }}" - destination = "secrets/conf/seafile.conf" - } - template { - data = "{{ key \"configuration/seafile/conf/seahub_settings.py\" }}" - destination = "secrets/conf/seahub_settings.py" - } template { data = "{{ key \"configuration/seafile/conf/gunicorn.conf\" }}" destination = "secrets/conf/gunicorn.conf" -- cgit v1.2.3