blob: 1e12a4a38fc53def415f3992f042fea90a5c7ae1 [file] [log] [blame]
Ivan Berezovskiy2f8aa822019-01-09 14:01:21 +04001classes:
2- system.docker.client.images.ldap
Filip Pytloun7d6144a2017-04-13 13:36:45 +02003parameters:
Filip Pytloun7d6144a2017-04-13 13:36:45 +02004 docker:
5 client:
6 stack:
7 ldap:
8 service:
9 server:
Filip Pytloun78bf90c2017-05-02 12:14:06 +020010 networks:
11 - ldap
Filip Pytloun7d6144a2017-04-13 13:36:45 +020012 deploy:
13 restart_policy:
14 condition: any
15 image: ${_param:docker_image_openldap}
16 hostname: ldap01
17 domainname: ${_param:openldap_domain}
18 ports:
19 - 1389:389
20 - 1636:636
21 volumes:
22 - /srv/volumes/openldap/database:/var/lib/ldap
23 - /srv/volumes/openldap/config:/etc/ldap/slapd.d
Denis Egorenko0e219a12019-07-03 12:25:27 +040024 - ${_param:openldap_tls:keyfile}:/container/service/slapd/assets/certs/drivetrain_ldap.key:ro
25 - ${_param:openldap_tls:certfile}:/container/service/slapd/assets/certs/drivetrain_ldap.crt:ro
26 - /etc/ssl/certs/ca-${_param:salt_minion_ca_authority}.pem:/container/service/slapd/assets/certs/ca.crt:ro
27 # copy to /container/run/service to avoid issues with owning certs as openldap user
28 # https://github.com/osixia/docker-openldap/issues/59
29 command: --copy-service
Filip Pytloun7d6144a2017-04-13 13:36:45 +020030 environment:
31 HOSTNAME: ldap01.${_param:openldap_domain}
32 LDAP_ORGANISATION: "${_param:openldap_organisation}"
33 LDAP_DOMAIN: "${_param:openldap_domain}"
34 LDAP_ADMIN_PASSWORD: ${_param:openldap_admin_password}
35 LDAP_CONFIG_PASSWORD: ${_param:openldap_config_password}
Denis Egorenko0e219a12019-07-03 12:25:27 +040036 LDAP_TLS: "true"
37 LDAP_TLS_VERIFY_CLIENT: try
38 LDAP_TLS_CIPHER_SUITE: NORMAL:-VERS-SSL3.0:+VERS-TLS1.2:+VERS-TLS1.1:+VERS-TLS1.0
39 LDAP_TLS_CRT_FILENAME: drivetrain_ldap.crt
40 LDAP_TLS_KEY_FILENAME: drivetrain_ldap.key
41 LDAP_TLS_CA_CRT_FILENAME: ca.crt
Filip Pytloun7d6144a2017-04-13 13:36:45 +020042 admin:
Filip Pytloun78bf90c2017-05-02 12:14:06 +020043 networks:
44 - ldap
Filip Pytloun7d6144a2017-04-13 13:36:45 +020045 deploy:
46 restart_policy:
47 condition: any
48 image: ${_param:docker_image_phpldapadmin}
49 depends_on:
50 - server
51 hostname: ldap
Denis Egorenkob3781472019-07-11 19:08:59 +040052 command: --copy-service
53 volumes:
54 - ${_param:openldap_tls:keyfile}:/container/service/ldap-client/assets/certs/drivetrain_ldap.key:ro
55 - ${_param:openldap_tls:certfile}:/container/service/ldap-client/assets/certs/drivetrain_ldap.crt:ro
56 - /etc/ssl/certs/ca-${_param:salt_minion_ca_authority}.pem:/container/service/ldap-client/assets/certs/ca.crt:ro
Filip Pytloun7d6144a2017-04-13 13:36:45 +020057 environment:
Ivan Berezovskiya5e8d5c2019-02-28 19:59:47 +040058 PHPLDAPADMIN_LDAP_ADMIN_PASSWORD: ${_param:openldap_admin_password}
Denis Egorenkob3781472019-07-11 19:08:59 +040059 PHPLDAPADMIN_LDAP_HOSTS: "#PYTHON2BASH:[{'server': [{'server': [{'host': 'ldaps://${_param:cicd_control_address}', 'tls': False}]},{'login': [{'bind_id': 'cn=admin,${_param:openldap_dn}'},{'bind_pass': '$PHPLDAPADMIN_LDAP_ADMIN_PASSWORD'}]}]}]"
60 PHPLDAPADMIN_LDAP_CLIENT_TLS: "true"
61 PHPLDAPADMIN_LDAP_CLIENT_TLS_CA_CRT_FILENAME: drivetrain_ldap.crt
62 PHPLDAPADMIN_LDAP_CLIENT_TLS_CRT_FILENAME: drivetrain_ldap.key
63 PHPLDAPADMIN_LDAP_CLIENT_TLS_KEY_FILENAME: ca.crt
64 PHPLDAPADMIN_LDAP_CLIENT_TLS_REQCERT: 'try'
Filip Pytloun7d6144a2017-04-13 13:36:45 +020065 PHPLDAPADMIN_HTTPS: "false"
66 PHPLDAPADMIN_TRUST_PROXY_SSL: "true"
67 PHPLDAPADMIN_SERVER_ADMIN: ${_param:admin_email}
68 PHPLDAPADMIN_THEME: mirantis
69 ports:
70 - 18089:80
Filip Pytloun78bf90c2017-05-02 12:14:06 +020071 network:
72 ldap:
73 driver: overlay
74 driver_opts:
75 encrypted: 1