[ipsilon-web/oscp] Store configuration in git
- From: Bartłomiej Piotrowski <bpiotrowski src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [ipsilon-web/oscp] Store configuration in git
- Date: Mon, 15 Jun 2020 11:44:05 +0000 (UTC)
commit d599641aaaa8b11a046421f49aa73665ed856fdc
Author: Bartłomiej Piotrowski <bpiotrowski gnome org>
Date: Mon Jun 15 13:43:43 2020 +0200
Store configuration in git
Dockerfile | 20 ++++++++++++++++----
configuration.conf | 18 ++++++++++++++++++
entrypoint.sh | 8 ++++++++
httpd.conf | 35 +++++++++++++++++++++++++++++++++++
ipsilon.conf | 19 +++++++++++++++++++
5 files changed, 96 insertions(+), 4 deletions(-)
---
diff --git a/Dockerfile b/Dockerfile
index bf89d18..50b1fd0 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,4 +1,5 @@
FROM fedora:32
+
RUN yum install -y \
ipsilon \
ipsilon-base \
@@ -18,12 +19,23 @@ RUN yum install -y \
python3-cherrypy \
mod_wsgi
-RUN rm -f /etc/krb5.conf && ln -sf /etc/ipsilon/krb5.conf /etc/krb5.conf
+RUN wget https://gitlab.gnome.org/Infrastructure/puppet/raw/master/modules/freeipa/files/ipa-ca.crt -O
/etc/pki/ca-trust/source/anchors/ipa-ca.crt
+RUN update-ca-trust
+
+RUN git clone --depth 1 --single-branch --branch master \
+ https://gitlab.gnome.org/Infrastructure/ipsilon-web.git /var/www/ipsilon-web
+RUN sed -ri ' s!^(\s*CustomLog)\s+\S+!\1 /proc/self/fd/1!g; s!^(\s*ErrorLog)\s+\S+!\1 /proc/self/fd/2!g;'
/etc/httpd/conf/httpd.conf && \
+ sed -i 's/Listen\ 80/Listen\ 8080/' /etc/httpd/conf/httpd.conf && \
+ rm -f /etc/httpd/conf.d/ssl.conf
+
+RUN rm -f /etc/krb5.conf && ln -sf /etc/ipsilon/krb5.conf /etc/krb5.conf
RUN ln -s /etc/ipsilon/ipsilon.conf /var/lib/ipsilon/ipsilon.conf
-RUN wget https://gitlab.gnome.org/Infrastructure/puppet/raw/master/modules/freeipa/files/ipa-ca.crt -O
/etc/pki/ca-trust/source/anchors/ipa-ca.crt
-RUN update-ca-trust
+ADD httpd.conf /etc/httpd/conf.d/ipsilon.conf
+ADD ipsilon.conf /etc/ipsilon/ipsilon.conf
+ADD configuration.conf /etc/ipsilon/configuration.conf
+ADD entrypoint.sh /entrypoint.sh
EXPOSE 8080
-ENTRYPOINT bash /etc/ipsilon_source/start.sh
+ENTRYPOINT ["/entrypoint.sh"]
diff --git a/configuration.conf b/configuration.conf
new file mode 100644
index 0000000..5b9cfcc
--- /dev/null
+++ b/configuration.conf
@@ -0,0 +1,18 @@
+[login_config]
+global enabled=ldap
+ldap server url=ldaps://view.gnome.org
+ldap bind dn template=uid=%(username)s,cn=users,cn=accounts,dc=gnome,dc=org
+ldap base dn=dc=gnome,dc=org
+ldap tls=Demand
+[info_config]
+[authz_config]
+global enabled=allow
+[provider_config]
+global enabled=openid
+openid endpoint url=https://id.gnome.org/openid/
+openid identity url template=https://%(username)s.id.gnome.org/
+openid trusted roots=https://l10n.gnome.org/
+openid untrusted roots=
+openid database url=mysql://DBUSER:DBPASS@DBHOST/DBNAME
+openid enabled extensions=Teams,Attribute Exchange,Simple Registration
+openid default attribute mapping=[["*", "*"], ["cn", "fullname"], ["ipaSshPubKey", "ssh_key"], ["mail",
"email"]]
diff --git a/entrypoint.sh b/entrypoint.sh
new file mode 100755
index 0000000..7579ba3
--- /dev/null
+++ b/entrypoint.sh
@@ -0,0 +1,8 @@
+#!/bin/bash
+
+for file in ipsilon configuration; do
+ sed -i "s/DBUSER/$DBUSER/g" -e "s/DBPASS/$DBPASS/g" -e "s/DBHOST/$DBHOST/g" \
+ -e "s/DBNAME/$DBNAME/g" /etc/ipsilon/${file}.conf
+done
+
+exec httpd -DFOREGROUND
diff --git a/httpd.conf b/httpd.conf
new file mode 100644
index 0000000..1c3d75a
--- /dev/null
+++ b/httpd.conf
@@ -0,0 +1,35 @@
+StartServers 20
+ServerLimit 100
+MaxRequestsPerChild 2000
+MaxRequestWorkers 100
+
+<VirtualHost *:8080>
+ Alias /static /var/www/ipsilon-web
+ TypesConfig /etc/mime.types
+ AddDefaultCharset UTF-8
+
+ # This is for mapping $username.id.g.o -> id.g.o/id/$username
+ RewriteEngine on
+ RewriteMap lowercase int:tolower
+ RewriteCond ${lowercase:%{SERVER_NAME}} ^[a-z0-9-]+\.id\.gnome\.org$
+ RewriteRule ^(.+) ${lowercase:%{SERVER_NAME}}$1 [C]
+ RewriteRule ^([a-z0-9-]+)\.id\.gnome\.org/.* /openid/id/$1/ [PT]
+
+ Alias /ui /usr/share/ipsilon/ui
+ WSGIDaemonProcess ipsilon home=/var/lib/ipsilon processes=2 threads=2 maximum-requests=1000
+ WSGIScriptAlias / /usr/libexec/ipsilon process-group=ipsilon
+ WSGIPassAuthorization On
+ WSGIApplicationGroup %{GLOBAL}
+
+ <Directory /usr/libexec>
+ Require all granted
+ </Directory>
+
+ <Directory /usr/share/ipsilon>
+ Require all granted
+ </Directory>
+
+ <Directory /var/www/ipsilon-web>
+ Require all granted
+ </Directory>
+</VirtualHost>
diff --git a/ipsilon.conf b/ipsilon.conf
new file mode 100644
index 0000000..bb7f3b6
--- /dev/null
+++ b/ipsilon.conf
@@ -0,0 +1,19 @@
+[global]
+debug = False
+tools.log_request_response.on = False
+template_dir = "/httpdir/static"
+log.screen = True
+base.dir = "/usr/share/ipsilon"
+admin.config.db = "configfile:///etc/ipsilon/configuration.conf"
+user.prefs.db = "mysql://DBUSER:DBPASS@DBHOST/DBNAME"
+transactions.db = "mysql://DBUSER:DBPASS@DBHOST/DBNAME"
+tools.sessions.on = True
+tools.sessions.name = "gnome_ipsilon_session_id"
+tools.sessions.storage_type = "sql"
+tools.sessions.storage_dburi = "mysql://DBUSER:DBPASS@DBHOST/DBNAME"
+tools.sessions.timeout = 15
+tools.sessions.httponly = True
+tools.sessions.secure = True
+tools.sessions.locking = 'explicit'
+tools.proxy.on = True
+tools.proxy.base = "https://id.gnome.org";
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
