Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / salt-models / reclass-system / e80567f63f16e7f37b238d055ae3201d55c210b8 / . / docker / swarm / stack / ldap.yml
blob: 30919839a0e87d391f3de7a5cca5aa727979b6c8 [file] [log] [blame]
Ivan Berezovskiy555d42f2019-01-09 14:01:21 +0400[diff] [blame]1classes:
2- system.docker.client.images.ldap
Filip Pytloun7d6144a2017-04-13 13:36:45 +0200[diff] [blame]3parameters:
Filip Pytloun7d6144a2017-04-13 13:36:45 +0200[diff] [blame]4 docker:
5 client:
6 stack:
7 ldap:
8 service:
9 server:
Filip Pytloun78bf90c2017-05-02 12:14:06 +0200[diff] [blame]10 networks:
11 - ldap
Filip Pytloun7d6144a2017-04-13 13:36:45 +0200[diff] [blame]12 deploy:
13 restart_policy:
14 condition: any
15 image: ${_param:docker_image_openldap}
16 hostname: ldap01
17 domainname: ${_param:openldap_domain}
18 ports:
19 - 1389:389
20 - 1636:636
21 volumes:
22 - /srv/volumes/openldap/database:/var/lib/ldap
23 - /srv/volumes/openldap/config:/etc/ldap/slapd.d
Denis Egorenko020ce662019-07-03 12:25:27 +0400[diff] [blame]24 - ${_param:openldap_tls:keyfile}:/container/service/slapd/assets/certs/drivetrain_ldap.key:ro
25 - ${_param:openldap_tls:certfile}:/container/service/slapd/assets/certs/drivetrain_ldap.crt:ro
26 - /etc/ssl/certs/ca-${_param:salt_minion_ca_authority}.pem:/container/service/slapd/assets/certs/ca.crt:ro
27 # copy to /container/run/service to avoid issues with owning certs as openldap user
28 # https://github.com/osixia/docker-openldap/issues/59
29 command: --copy-service
Filip Pytloun7d6144a2017-04-13 13:36:45 +0200[diff] [blame]30 environment:
31 HOSTNAME: ldap01.${_param:openldap_domain}
32 LDAP_ORGANISATION: "${_param:openldap_organisation}"
33 LDAP_DOMAIN: "${_param:openldap_domain}"
34 LDAP_ADMIN_PASSWORD: ${_param:openldap_admin_password}
35 LDAP_CONFIG_PASSWORD: ${_param:openldap_config_password}
Denis Egorenko020ce662019-07-03 12:25:27 +0400[diff] [blame]36 LDAP_TLS: "true"
37 LDAP_TLS_VERIFY_CLIENT: try
38 LDAP_TLS_CIPHER_SUITE: NORMAL:-VERS-SSL3.0:+VERS-TLS1.2:+VERS-TLS1.1:+VERS-TLS1.0
39 LDAP_TLS_CRT_FILENAME: drivetrain_ldap.crt
40 LDAP_TLS_KEY_FILENAME: drivetrain_ldap.key
41 LDAP_TLS_CA_CRT_FILENAME: ca.crt
Filip Pytloun7d6144a2017-04-13 13:36:45 +0200[diff] [blame]42 admin:
Filip Pytloun78bf90c2017-05-02 12:14:06 +0200[diff] [blame]43 networks:
44 - ldap
Filip Pytloun7d6144a2017-04-13 13:36:45 +0200[diff] [blame]45 deploy:
46 restart_policy:
47 condition: any
48 image: ${_param:docker_image_phpldapadmin}
49 depends_on:
50 - server
51 hostname: ldap
Denis Egorenkoc95a6762019-07-11 19:08:59 +0400[diff] [blame]52 command: --copy-service
53 volumes:
54 - ${_param:openldap_tls:keyfile}:/container/service/ldap-client/assets/certs/drivetrain_ldap.key:ro
55 - ${_param:openldap_tls:certfile}:/container/service/ldap-client/assets/certs/drivetrain_ldap.crt:ro
56 - /etc/ssl/certs/ca-${_param:salt_minion_ca_authority}.pem:/container/service/ldap-client/assets/certs/ca.crt:ro
Filip Pytloun7d6144a2017-04-13 13:36:45 +0200[diff] [blame]57 environment:
Ivan Berezovskiy64a63be2019-02-28 19:59:47 +0400[diff] [blame]58 PHPLDAPADMIN_LDAP_ADMIN_PASSWORD: ${_param:openldap_admin_password}
Denis Egorenkoc95a6762019-07-11 19:08:59 +0400[diff] [blame]59 PHPLDAPADMIN_LDAP_HOSTS: "#PYTHON2BASH:[{'server': [{'server': [{'host': 'ldaps://${_param:cicd_control_address}', 'tls': False}]},{'login': [{'bind_id': 'cn=admin,${_param:openldap_dn}'},{'bind_pass': '$PHPLDAPADMIN_LDAP_ADMIN_PASSWORD'}]}]}]"
60 PHPLDAPADMIN_LDAP_CLIENT_TLS: "true"
Denis Egorenko416c9a32019-10-28 16:15:48 +0400[diff] [blame]61 PHPLDAPADMIN_LDAP_CLIENT_TLS_CA_CRT_FILENAME: ca.crt
62 PHPLDAPADMIN_LDAP_CLIENT_TLS_CRT_FILENAME: drivetrain_ldap.crt
63 PHPLDAPADMIN_LDAP_CLIENT_TLS_KEY_FILENAME: drivetrain_ldap.key
Denis Egorenkoc95a6762019-07-11 19:08:59 +0400[diff] [blame]64 PHPLDAPADMIN_LDAP_CLIENT_TLS_REQCERT: 'try'
Filip Pytloun7d6144a2017-04-13 13:36:45 +0200[diff] [blame]65 PHPLDAPADMIN_HTTPS: "false"
66 PHPLDAPADMIN_TRUST_PROXY_SSL: "true"
67 PHPLDAPADMIN_SERVER_ADMIN: ${_param:admin_email}
68 PHPLDAPADMIN_THEME: mirantis
69 ports:
70 - 18089:80
Filip Pytloun78bf90c2017-05-02 12:14:06 +0200[diff] [blame]71 network:
72 ldap:
73 driver: overlay
74 driver_opts:
75 encrypted: 1