Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / salt-models / reclass-system / ac8d8934aca9ffd223d045ccf2de602755004cdb / . / docker / swarm / stack / ldap.yml
blob: 5130caf87bd56e756f1abf601b8a1ca7965c655e [file] [log] [blame]
Ivan Berezovskiy555d42f2019-01-09 14:01:21 +0400[diff] [blame]1classes:
2- system.docker.client.images.ldap
Filip Pytloun7d6144a2017-04-13 13:36:45 +0200[diff] [blame]3parameters:
Filip Pytloun7d6144a2017-04-13 13:36:45 +0200[diff] [blame]4 docker:
5 client:
6 stack:
7 ldap:
8 service:
9 server:
Filip Pytloun78bf90c2017-05-02 12:14:06 +0200[diff] [blame]10 networks:
11 - ldap
Filip Pytloun7d6144a2017-04-13 13:36:45 +0200[diff] [blame]12 deploy:
13 restart_policy:
14 condition: any
15 image: ${_param:docker_image_openldap}
16 hostname: ldap01
17 domainname: ${_param:openldap_domain}
18 ports:
19 - 1389:389
20 - 1636:636
21 volumes:
22 - /srv/volumes/openldap/database:/var/lib/ldap
23 - /srv/volumes/openldap/config:/etc/ldap/slapd.d
Denis Egorenko020ce662019-07-03 12:25:27 +0400[diff] [blame]24 - ${_param:openldap_tls:keyfile}:/container/service/slapd/assets/certs/drivetrain_ldap.key:ro
25 - ${_param:openldap_tls:certfile}:/container/service/slapd/assets/certs/drivetrain_ldap.crt:ro
26 - /etc/ssl/certs/ca-${_param:salt_minion_ca_authority}.pem:/container/service/slapd/assets/certs/ca.crt:ro
27 # copy to /container/run/service to avoid issues with owning certs as openldap user
28 # https://github.com/osixia/docker-openldap/issues/59
29 command: --copy-service
Filip Pytloun7d6144a2017-04-13 13:36:45 +0200[diff] [blame]30 environment:
31 HOSTNAME: ldap01.${_param:openldap_domain}
32 LDAP_ORGANISATION: "${_param:openldap_organisation}"
33 LDAP_DOMAIN: "${_param:openldap_domain}"
34 LDAP_ADMIN_PASSWORD: ${_param:openldap_admin_password}
35 LDAP_CONFIG_PASSWORD: ${_param:openldap_config_password}
Denis Egorenko020ce662019-07-03 12:25:27 +0400[diff] [blame]36 LDAP_TLS: "true"
37 LDAP_TLS_VERIFY_CLIENT: try
38 LDAP_TLS_CIPHER_SUITE: NORMAL:-VERS-SSL3.0:+VERS-TLS1.2:+VERS-TLS1.1:+VERS-TLS1.0
39 LDAP_TLS_CRT_FILENAME: drivetrain_ldap.crt
40 LDAP_TLS_KEY_FILENAME: drivetrain_ldap.key
41 LDAP_TLS_CA_CRT_FILENAME: ca.crt
Filip Pytloun7d6144a2017-04-13 13:36:45 +0200[diff] [blame]42 admin:
Filip Pytloun78bf90c2017-05-02 12:14:06 +0200[diff] [blame]43 networks:
44 - ldap
Filip Pytloun7d6144a2017-04-13 13:36:45 +0200[diff] [blame]45 deploy:
46 restart_policy:
47 condition: any
48 image: ${_param:docker_image_phpldapadmin}
49 depends_on:
50 - server
51 hostname: ldap
Filip Pytloun7d6144a2017-04-13 13:36:45 +0200[diff] [blame]52 environment:
Ivan Berezovskiy64a63be2019-02-28 19:59:47 +0400[diff] [blame]53 PHPLDAPADMIN_LDAP_ADMIN_PASSWORD: ${_param:openldap_admin_password}
54 PHPLDAPADMIN_LDAP_HOSTS: "#PYTHON2BASH:[{'server': [{'server': [{'tls': False}]},{'login': [{'bind_id': 'cn=admin,${_param:openldap_dn}'},{'bind_pass': '$PHPLDAPADMIN_LDAP_ADMIN_PASSWORD'}]}]}]"
Filip Pytloun7d6144a2017-04-13 13:36:45 +0200[diff] [blame]55 PHPLDAPADMIN_HTTPS: "false"
56 PHPLDAPADMIN_TRUST_PROXY_SSL: "true"
57 PHPLDAPADMIN_SERVER_ADMIN: ${_param:admin_email}
58 PHPLDAPADMIN_THEME: mirantis
59 ports:
60 - 18089:80
Filip Pytloun78bf90c2017-05-02 12:14:06 +0200[diff] [blame]61 network:
62 ldap:
63 driver: overlay
64 driver_opts:
65 encrypted: 1