WIP: Add initial version of Gluu configuration #26
|
@ -69,3 +69,7 @@ portainer:
|
|||
domain: "portainer.{{ base_domain }}"
|
||||
volume_folder: "{{ volume_root_folder }}/portainer"
|
||||
|
||||
gluu:
|
||||
domain: "gluu.{{ base_domain }}"
|
||||
volume_folder: "{{ volume_root_folder }}/gluu"
|
||||
|
||||
|
|
204
roles/docker/tasks/services/gluu.yml
Normal file
204
roles/docker/tasks/services/gluu.yml
Normal file
|
@ -0,0 +1,204 @@
|
|||
- name: create gluu volume folders
|
||||
file:
|
||||
name: "{{ volume_root_folder }}/{{ volume }}"
|
||||
state: directory
|
||||
loop:
|
||||
- "consul"
|
||||
- "consul/data"
|
||||
- "opendj"
|
||||
- "opendj/config"
|
||||
- "opendj/ldif"
|
||||
- "opendj/logs"
|
||||
- "opendj/db"
|
||||
- "opendj/flag"
|
||||
- "opendj/backup"
|
||||
- "oxauth"
|
||||
- "oxauth/custom"
|
||||
- "oxauth/custom/pages"
|
||||
- "oxauth/custom/static"
|
||||
- "oxauth/lib"
|
||||
- "oxauth/lib/ext"
|
||||
- "oxauth/logs"
|
||||
- "oxtrust"
|
||||
- "oxtrust/custom"
|
||||
- "oxtrust/custom/pages"
|
||||
- "oxtrust/lib"
|
||||
- "oxtrust/lib/ext"
|
||||
- "oxtrust/logs"
|
||||
- "shared-shibboleth-idp"
|
||||
|
||||
- name: set up gluu
|
||||
docker_service:
|
||||
project_name: gluu
|
||||
pull: yes
|
||||
definition:
|
||||
version: "2.3"
|
||||
services:
|
||||
consul:
|
||||
image: consul
|
||||
command: agent -server -bootstrap -ui
|
||||
hostname: consul-1
|
||||
environment:
|
||||
- CONSUL_BIND_INTERFACE=eth0
|
||||
- CONSUL_CLIENT_INTERFACE=eth0
|
||||
container_name: consul
|
||||
restart: unless-stopped
|
||||
volumes:
|
||||
- "{{ volume_root_folder }}/consul:/consul/data"
|
||||
labels:
|
||||
- "SERVICE_IGNORE=yes"
|
||||
restart: unless-stopped
|
||||
|
||||
registrator:
|
||||
image: gluufederation/registrator:dev
|
||||
command: registrator -internal -cleanup -resync 30 -retry-attempts 5 -retry-interval 10 consul://consul:8500
|
||||
container_name: registrator
|
||||
volumes:
|
||||
- /var/run/docker.sock:/tmp/docker.sock
|
||||
restart: unless-stopped
|
||||
depends_on:
|
||||
- consul
|
||||
|
||||
# redis:
|
||||
# image: redis:alpine
|
||||
# # run cluster-enabled redis-server
|
||||
# # command: redis-server --port 6379 --cluster-enabled yes --cluster-config-file nodes.conf --appendonly yes --cluster-node-timeout 5000
|
||||
# container_name: redis
|
||||
# labels:
|
||||
# - "SERVICE_IGNORE=yes"
|
||||
# restart: unless-stopped
|
||||
|
||||
nginx:
|
||||
image: gluufederation/nginx:3.1.4_01
|
||||
environment:
|
||||
- GLUU_CONFIG_ADAPTER=consul
|
||||
- GLUU_CONSUL_HOST=consul
|
||||
- GLUU_CONSUL_PORT=8500
|
||||
- VIRTUAL_HOST="{{ gluu.domain }}"
|
||||
- LETSENCRYPT_HOST="{{ gluu.domain }}"
|
||||
- LETSENCRYPT_EMAIL="{{ letsencrypt_email }}"
|
||||
ports:
|
||||
- "80"
|
||||
- "443"
|
||||
container_name: nginx
|
||||
restart: unless-stopped
|
||||
labels:
|
||||
- "SERVICE_IGNORE=yes"
|
||||
|
||||
ldap:
|
||||
image: gluufederation/opendj:3.1.4_04
|
||||
environment:
|
||||
- GLUU_CONFIG_ADAPTER=consul
|
||||
- GLUU_CONSUL_HOST=consul
|
||||
- GLUU_CONSUL_PORT=8500
|
||||
- GLUU_LDAP_INIT=true
|
||||
- GLUU_LDAP_INIT_HOST=ldap
|
||||
- GLUU_LDAP_INIT_PORT=1636
|
||||
- GLUU_LDAP_ADDR_INTERFACE=eth0
|
||||
- GLUU_OXTRUST_CONFIG_GENERATION=true
|
||||
- GLUU_CACHE_TYPE=NATIVE_PERSISTENCE
|
||||
# - GLUU_CACHE_TYPE=REDIS # don't forget to enable redis service
|
||||
# - GLUU_REDIS_URL=redis:6379
|
||||
# - GLUU_REDIS_TYPE=STANDALONE
|
||||
# the value must match service name `ldap` because other containers
|
||||
# use this value as LDAP hostname
|
||||
- GLUU_CERT_ALT_NAME=ldap
|
||||
container_name: ldap
|
||||
volumes:
|
||||
- "{{ volume_root_folder }}/opendj/config:/opt/opendj/config"
|
||||
- "{{ volume_root_folder }}/opendj/ldif:/opt/opendj/ldif"
|
||||
- "{{ volume_root_folder }}/opendj/logs:/opt/opendj/logs"
|
||||
- "{{ volume_root_folder }}/opendj/db:/opt/opendj/db"
|
||||
- "{{ volume_root_folder }}/opendj/flag:/flag"
|
||||
- "{{ volume_root_folder }}/opendj/backup:/opt/opendj/bak"
|
||||
restart: unless-stopped
|
||||
labels:
|
||||
- "SERVICE_IGNORE=yes"
|
||||
|
||||
oxauth:
|
||||
image: gluufederation/oxauth:3.1.4_03
|
||||
environment:
|
||||
- GLUU_CONFIG_ADAPTER=consul
|
||||
- GLUU_CONSUL_HOST=consul
|
||||
- GLUU_CONSUL_PORT=8500
|
||||
- GLUU_LDAP_URL=ldap:1636
|
||||
extra_hosts:
|
||||
- "${DOMAIN}:${HOST_IP}"
|
||||
container_name: oxauth
|
||||
volumes:
|
||||
- "{{ volume_root_folder }}/oxauth/custom/pages:/opt/gluu/jetty/oxauth/custom/pages"
|
||||
- "{{ volume_root_folder }}/oxauth/custom/static:/opt/gluu/jetty/oxauth/custom/static"
|
||||
- "{{ volume_root_folder }}/oxauth/lib/ext:/opt/gluu/jetty/oxauth/lib/ext"
|
||||
- "{{ volume_root_folder }}/oxauth/logs:/opt/gluu/jetty/oxauth/logs"
|
||||
mem_limit: 1536M
|
||||
restart: unless-stopped
|
||||
labels:
|
||||
- "SERVICE_NAME=oxauth"
|
||||
- "SERVICE_8080_CHECK_HTTP=/oxauth/.well-known/openid-configuration"
|
||||
- "SERVICE_8080_CHECK_INTERVAL=15s"
|
||||
- "SERVICE_8080_CHECK_TIMEOUT=5s"
|
||||
|
||||
oxtrust:
|
||||
image: gluufederation/oxtrust:3.1.4_02
|
||||
environment:
|
||||
- GLUU_CONFIG_ADAPTER=consul
|
||||
- GLUU_CONSUL_HOST=consul
|
||||
- GLUU_CONSUL_PORT=8500
|
||||
- GLUU_LDAP_URL=ldap:1636
|
||||
- GLUU_OXAUTH_BACKEND=oxauth:8080
|
||||
extra_hosts:
|
||||
- "${DOMAIN}:${HOST_IP}"
|
||||
container_name: oxtrust
|
||||
volumes:
|
||||
- "{{ volume_root_folder }}/oxtrust/custom/pages:/opt/gluu/jetty/identity/custom/pages"
|
||||
- "{{ volume_root_folder }}/oxtrust/custom/static:/opt/gluu/jetty/identity/custom/static"
|
||||
- "{{ volume_root_folder }}/oxtrust/lib/ext:/opt/gluu/jetty/identity/lib/ext"
|
||||
- "{{ volume_root_folder }}/oxtrust/logs:/opt/gluu/jetty/identity/logs"
|
||||
- "{{ volume_root_folder }}/shared-shibboleth-idp:/opt/shared-shibboleth-idp"
|
||||
mem_limit: 1536M
|
||||
restart: unless-stopped
|
||||
labels:
|
||||
- "SERVICE_NAME=oxtrust"
|
||||
- "SERVICE_8080_CHECK_HTTP=/identity/restv1/scim-configuration"
|
||||
- "SERVICE_8080_CHECK_INTERVAL=15s"
|
||||
- "SERVICE_8080_CHECK_TIMEOUT=5s"
|
||||
|
||||
oxshibboleth:
|
||||
image: gluufederation/oxshibboleth:3.1.4_01
|
||||
environment:
|
||||
- GLUU_CONFIG_ADAPTER=consul
|
||||
- GLUU_CONSUL_HOST=consul
|
||||
- GLUU_CONSUL_PORT=8500
|
||||
- GLUU_LDAP_URL=ldap:1636
|
||||
extra_hosts:
|
||||
- "${DOMAIN}:${HOST_IP}"
|
||||
container_name: oxshibboleth
|
||||
volumes:
|
||||
- "{{ volume_root_folder }}/volumes/shared-shibboleth-idp:/opt/shared-shibboleth-idp"
|
||||
mem_limit: 1024M
|
||||
restart: unless-stopped
|
||||
labels:
|
||||
- "SERVICE_NAME=oxshibboleth"
|
||||
- "SERVICE_8086_CHECK_HTTP=/idp"
|
||||
- "SERVICE_8086_CHECK_INTERVAL=15s"
|
||||
- "SERVICE_8086_CHECK_TIMEOUT=5s"
|
||||
|
||||
oxpassport:
|
||||
image: gluufederation/oxpassport:3.1.4_02
|
||||
environment:
|
||||
- GLUU_CONFIG_ADAPTER=consul
|
||||
- GLUU_CONSUL_HOST=consul
|
||||
- GLUU_CONSUL_PORT=8500
|
||||
- GLUU_LDAP_URL=ldap:1636
|
||||
# required by wait-for-it script
|
||||
- GLUU_OXAUTH_BACKEND=oxauth:8080
|
||||
- GLUU_OXTRUST_BACKEND=oxtrust:8080
|
||||
extra_hosts:
|
||||
- "{{gluu.domain}}:85.235.225.231"
|
||||
container_name: oxpassport
|
||||
restart: unless-stopped
|
||||
labels:
|
||||
- "SERVICE_NAME=oxpassport"
|
||||
- "SERVICE_8090_CHECK_HTTP=/passport"
|
||||
- "SERVICE_8090_CHECK_INTERVAL=15s"
|
||||
- "SERVICE_8090_CHECK_TIMEOUT=5s"
|
Loading…
Reference in a new issue