Merge remote-tracking branch 'target/master'
diff --git a/docker/swarm/manager.yml b/docker/swarm/manager.yml
index 36f5bcb..25a7fbe 100644
--- a/docker/swarm/manager.yml
+++ b/docker/swarm/manager.yml
@@ -1,4 +1,8 @@
+classes:
+ - system.docker.swarm.network.gwbridge
parameters:
+ _param:
+ docker_gwbridge_subnet: 10.20.0.0/16
docker:
swarm:
role: manager
diff --git a/docker/swarm/master.yml b/docker/swarm/master.yml
index bb2d83b..fba9af3 100644
--- a/docker/swarm/master.yml
+++ b/docker/swarm/master.yml
@@ -1,4 +1,8 @@
+classes:
+ - system.docker.swarm.network.gwbridge
parameters:
+ _param:
+ docker_gwbridge_subnet: 10.20.0.0/16
docker:
swarm:
role: master
diff --git a/docker/swarm/network/gwbridge.yml b/docker/swarm/network/gwbridge.yml
new file mode 100644
index 0000000..8208d3d
--- /dev/null
+++ b/docker/swarm/network/gwbridge.yml
@@ -0,0 +1,10 @@
+parameters:
+ docker:
+ swarm:
+ network:
+ docker_gwbridge:
+ subnet: ${_param:docker_gwbridge_subnet}
+ opt:
+ com.docker.network.bridge.name: docker_gwbridge
+ com.docker.network.bridge.enable_icc: false
+ com.docker.network.bridge.enable_ip_masquerade: true
diff --git a/docker/swarm/service/openldap.yml b/docker/swarm/service/openldap.yml
index e390772..9745017 100644
--- a/docker/swarm/service/openldap.yml
+++ b/docker/swarm/service/openldap.yml
@@ -1,6 +1,6 @@
parameters:
_param:
- docker_image_openldap: osixia/openldap:1.1.7
+ docker_image_openldap: osixia/openldap:1.1.8
docker:
client:
service:
@@ -11,18 +11,18 @@
condition: any
image: ${_param:docker_image_openldap}
environment:
- HOSTNAME: ldap01.${_param:cluster_public_host}
+ HOSTNAME: ldap01.${_param:openldap_domain}
LDAP_ORGANISATION: "${_param:openldap_organisation}"
LDAP_DOMAIN: "${_param:openldap_domain}"
LDAP_ADMIN_PASSWORD: ${_param:openldap_admin_password}
LDAP_CONFIG_PASSWORD: ${_param:openldap_config_password}
- LDAP_READONLY_USER: true
+ LDAP_READONLY_USER: "true"
LDAP_READONLY_USER_USERNAME: readonly
LDAP_READONLY_USER_PASSWORD: ${_param:openldap_readonly_password}
- LDAP_TLS: false
+ LDAP_TLS: "false"
ports:
- - 389:389
- - 636:636
+ - 1389:389
+ - 1636:636
volume:
database:
type: bind
diff --git a/docker/swarm/service/phpldapadmin.yml b/docker/swarm/service/phpldapadmin.yml
new file mode 100644
index 0000000..3a6d2e4
--- /dev/null
+++ b/docker/swarm/service/phpldapadmin.yml
@@ -0,0 +1,17 @@
+parameters:
+ _param:
+ docker_image_phpldapadmin: osixia/phpldapadmin:0.6.12
+ docker:
+ client:
+ service:
+ phpldapadmin:
+ restart:
+ condition: any
+ image: ${_param:docker_image_phpldapadmin}
+ environment:
+ PHPLDAPADMIN_LDAP_HOSTS: "#PYTHON2BASH: [{'ldap.${_param:cluster_public_host}': [{'server': [{'tls': False}, {'host': '${_param:cluster_vip_address}'}, {'port': 389}]}, {'login': [{'bind_id': 'cn=admin'}, {'bind_pass': '${_param:openldap_admin_password}'}]}]}]"
+ PHPLDAPADMIN_HTTPS: false
+ PHPLDAPADMIN_TRUST_PROXY_SSL: true
+ PHPLDAPADMIN_SERVER_ADMIN: ${_param:admin_email}
+ ports:
+ - 18089:80
diff --git a/docker/swarm/worker.yml b/docker/swarm/worker.yml
index acdb0cf..643b207 100644
--- a/docker/swarm/worker.yml
+++ b/docker/swarm/worker.yml
@@ -1,4 +1,8 @@
+classes:
+ - system.docker.swarm.network.gwbridge
parameters:
+ _param:
+ docker_gwbridge_subnet: 10.20.0.0/16
docker:
swarm:
role: worker
diff --git a/haproxy/proxy/listen/openldap.yml b/haproxy/proxy/listen/openldap.yml
new file mode 100644
index 0000000..b6f79a0
--- /dev/null
+++ b/haproxy/proxy/listen/openldap.yml
@@ -0,0 +1,46 @@
+parameters:
+ _param:
+ haproxy_openldap_bind_host: ${_param:haproxy_bind_address}
+ haproxy_openldap_bind_port: 389
+ haproxy_openldap_ssl_bind_port: 636
+ haproxy:
+ proxy:
+ listen:
+ openldap:
+ mode: tcp
+ balance: source
+ binds:
+ - address: ${_param:haproxy_openldap_bind_host}
+ port: ${_param:haproxy_openldap_bind_port}
+ servers:
+ - name: ${_param:cluster_node01_name}
+ host: ${_param:cluster_node01_address}
+ port: 1389
+ params: check
+ - name: ${_param:cluster_node02_name}
+ host: ${_param:cluster_node02_address}
+ port: 1389
+ params: backup check
+ - name: ${_param:cluster_node03_name}
+ host: ${_param:cluster_node03_address}
+ port: 1389
+ params: backup check
+ openldap_ssl:
+ mode: tcp
+ balance: source
+ binds:
+ - address: ${_param:haproxy_openldap_bind_host}
+ port: ${_param:haproxy_openldap_ssl_bind_port}
+ servers:
+ - name: ${_param:cluster_node01_name}
+ host: ${_param:cluster_node01_address}
+ port: 1636
+ params: check
+ - name: ${_param:cluster_node02_name}
+ host: ${_param:cluster_node02_address}
+ port: 1636
+ params: backup check
+ - name: ${_param:cluster_node03_name}
+ host: ${_param:cluster_node03_address}
+ port: 1636
+ params: backup check
diff --git a/haproxy/proxy/listen/phpldapadmin.yml b/haproxy/proxy/listen/phpldapadmin.yml
new file mode 100644
index 0000000..b2b7f93
--- /dev/null
+++ b/haproxy/proxy/listen/phpldapadmin.yml
@@ -0,0 +1,30 @@
+parameters:
+ _param:
+ haproxy_phpldapadmin_bind_host: ${_param:haproxy_bind_address}
+ haproxy_phpldapadmin_bind_port: 8089
+ haproxy:
+ proxy:
+ listen:
+ phpldapadmin:
+ mode: http
+ options:
+ - forwardfor
+ - httpclose
+ - httplog
+ balance: source
+ binds:
+ - address: ${_param:haproxy_phpldapadmin_bind_host}
+ port: ${_param:haproxy_phpldapadmin_bind_port}
+ servers:
+ - name: ${_param:cluster_node01_name}
+ host: ${_param:cluster_node01_address}
+ port: 18089
+ params: check
+ - name: ${_param:cluster_node02_name}
+ host: ${_param:cluster_node02_address}
+ port: 18089
+ params: backup check
+ - name: ${_param:cluster_node03_name}
+ host: ${_param:cluster_node03_address}
+ port: 18089
+ params: backup check