Blame - docker/swarm/stack/ldap.yml - salt-models/reclass-system - Gitiles

blob: 059db1a3a0d943f07f1a4f5de4893244434536a2 [file] [log] [blame]

Ivan Berezovskiy	2f8aa82	2019-01-09 14:01:21 +0400	[diff] [blame]	1	classes:
				2	- system.docker.client.images.ldap
Filip Pytloun	7d6144a	2017-04-13 13:36:45 +0200	[diff] [blame]	3	parameters:
Filip Pytloun	7d6144a	2017-04-13 13:36:45 +0200	[diff] [blame]	4	docker:
				5	client:
				6	stack:
				7	ldap:
Oleksii Molchanov	2dded63	2020-07-28 23:34:03 +0300	[diff] [blame]	8	version: '3.7'
Filip Pytloun	7d6144a	2017-04-13 13:36:45 +0200	[diff] [blame]	9	service:
				10	server:
Filip Pytloun	78bf90c	2017-05-02 12:14:06 +0200	[diff] [blame]	11	networks:
				12	- ldap
Filip Pytloun	7d6144a	2017-04-13 13:36:45 +0200	[diff] [blame]	13	deploy:
				14	restart_policy:
				15	condition: any
				16	image: ${_param:docker_image_openldap}
				17	hostname: ldap01
				18	domainname: ${_param:openldap_domain}
				19	ports:
				20	- 1389:389
				21	- 1636:636
Oleksii Molchanov	2dded63	2020-07-28 23:34:03 +0300	[diff] [blame]	22	secrets:
				23	- openldap-admin
				24	- openldap-config
Filip Pytloun	7d6144a	2017-04-13 13:36:45 +0200	[diff] [blame]	25	volumes:
				26	- /srv/volumes/openldap/database:/var/lib/ldap
				27	- /srv/volumes/openldap/config:/etc/ldap/slapd.d
Denis Egorenko	0e219a1	2019-07-03 12:25:27 +0400	[diff] [blame]	28	- ${_param:openldap_tls:keyfile}:/container/service/slapd/assets/certs/drivetrain_ldap.key:ro
				29	- ${_param:openldap_tls:certfile}:/container/service/slapd/assets/certs/drivetrain_ldap.crt:ro
				30	- /etc/ssl/certs/ca-${_param:salt_minion_ca_authority}.pem:/container/service/slapd/assets/certs/ca.crt:ro
				31	# copy to /container/run/service to avoid issues with owning certs as openldap user
				32	# https://github.com/osixia/docker-openldap/issues/59
				33	command: --copy-service
Filip Pytloun	7d6144a	2017-04-13 13:36:45 +0200	[diff] [blame]	34	environment:
Oleksii Molchanov	b7392b3	2021-05-21 11:48:36 +0300	[diff] [blame^]	35	HOSTNAME: ldap01
Filip Pytloun	7d6144a	2017-04-13 13:36:45 +0200	[diff] [blame]	36	LDAP_ORGANISATION: "${_param:openldap_organisation}"
				37	LDAP_DOMAIN: "${_param:openldap_domain}"
Oleksii Molchanov	2dded63	2020-07-28 23:34:03 +0300	[diff] [blame]	38	LDAP_ADMIN_PASSWORD_FILE: /run/secrets/openldap-admin
				39	LDAP_CONFIG_PASSWORD_FILE: /run/secrets/openldap-config
Denis Egorenko	0e219a1	2019-07-03 12:25:27 +0400	[diff] [blame]	40	LDAP_TLS: "true"
				41	LDAP_TLS_VERIFY_CLIENT: try
				42	LDAP_TLS_CIPHER_SUITE: NORMAL:-VERS-SSL3.0:+VERS-TLS1.2:+VERS-TLS1.1:+VERS-TLS1.0
				43	LDAP_TLS_CRT_FILENAME: drivetrain_ldap.crt
				44	LDAP_TLS_KEY_FILENAME: drivetrain_ldap.key
				45	LDAP_TLS_CA_CRT_FILENAME: ca.crt
Filip Pytloun	7d6144a	2017-04-13 13:36:45 +0200	[diff] [blame]	46	admin:
Filip Pytloun	78bf90c	2017-05-02 12:14:06 +0200	[diff] [blame]	47	networks:
				48	- ldap
Filip Pytloun	7d6144a	2017-04-13 13:36:45 +0200	[diff] [blame]	49	deploy:
				50	restart_policy:
				51	condition: any
				52	image: ${_param:docker_image_phpldapadmin}
				53	depends_on:
				54	- server
				55	hostname: ldap
Denis Egorenko	b378147	2019-07-11 19:08:59 +0400	[diff] [blame]	56	command: --copy-service
				57	volumes:
				58	- ${_param:openldap_tls:keyfile}:/container/service/ldap-client/assets/certs/drivetrain_ldap.key:ro
				59	- ${_param:openldap_tls:certfile}:/container/service/ldap-client/assets/certs/drivetrain_ldap.crt:ro
				60	- /etc/ssl/certs/ca-${_param:salt_minion_ca_authority}.pem:/container/service/ldap-client/assets/certs/ca.crt:ro
Filip Pytloun	7d6144a	2017-04-13 13:36:45 +0200	[diff] [blame]	61	environment:
Denis Egorenko	b378147	2019-07-11 19:08:59 +0400	[diff] [blame]	62	PHPLDAPADMIN_LDAP_HOSTS: "#PYTHON2BASH:[{'server': [{'server': [{'host': 'ldaps://${_param:cicd_control_address}', 'tls': False}]},{'login': [{'bind_id': 'cn=admin,${_param:openldap_dn}'},{'bind_pass': '$PHPLDAPADMIN_LDAP_ADMIN_PASSWORD'}]}]}]"
				63	PHPLDAPADMIN_LDAP_CLIENT_TLS: "true"
Denis Egorenko	ba3db19	2019-10-28 16:15:48 +0400	[diff] [blame]	64	PHPLDAPADMIN_LDAP_CLIENT_TLS_CA_CRT_FILENAME: ca.crt
				65	PHPLDAPADMIN_LDAP_CLIENT_TLS_CRT_FILENAME: drivetrain_ldap.crt
				66	PHPLDAPADMIN_LDAP_CLIENT_TLS_KEY_FILENAME: drivetrain_ldap.key
Denis Egorenko	b378147	2019-07-11 19:08:59 +0400	[diff] [blame]	67	PHPLDAPADMIN_LDAP_CLIENT_TLS_REQCERT: 'try'
Filip Pytloun	7d6144a	2017-04-13 13:36:45 +0200	[diff] [blame]	68	PHPLDAPADMIN_HTTPS: "false"
				69	PHPLDAPADMIN_TRUST_PROXY_SSL: "true"
				70	PHPLDAPADMIN_SERVER_ADMIN: ${_param:admin_email}
				71	PHPLDAPADMIN_THEME: mirantis
				72	ports:
				73	- 18089:80
Filip Pytloun	78bf90c	2017-05-02 12:14:06 +0200	[diff] [blame]	74	network:
				75	ldap:
				76	driver: overlay
				77	driver_opts:
				78	encrypted: 1
Oleksii Molchanov	2dded63	2020-07-28 23:34:03 +0300	[diff] [blame]	79	secrets:
				80	openldap-admin:
				81	external: true
				82	value: ${_param:openldap_admin_password}
				83	openldap-config:
				84	external: true
				85	value: ${_param:openldap_config_password}
				86