robin/haze
1
0
Fork 0
mirror of https://codeberg.org/icewind/haze.git synced 2026-06-03 09:04:12 +02:00
Code Issues Projects Releases Wiki Activity

basic ldap

Browse source
This commit is contained in:
Robin Appelman 2021-06-25 16:29:56 +02:00
commit 8f3405fabe
7 changed files with 286 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

4
images/build.sh
View file

@ -12,4 +12,6 @@ for version in "${versions[@]}"; do
cp haze/Dockerfile.tmpl haze/Dockerfile cp haze/Dockerfile.tmpl haze/Dockerfile
sed -i "s/<version>/$version/" haze/Dockerfile sed -i "s/<version>/$version/" haze/Dockerfile
docker build -t "icewind1991/haze:$version" -f "haze/Dockerfile" haze docker build -t "icewind1991/haze:$version" -f "haze/Dockerfile" haze
done done
docker build -t "icewind1991/haze-ldap" -f "ldap/Dockerfile" ldap

22
images/ldap/bootstrap/seed.ldif Normal file
View file

@ -0,0 +1,22 @@
# Entry 3: cn=ldaptest,dc=example,dc=org
dn: cn=ldaptest,dc=example,dc=org
cn: ldaptest
gidnumber: 500
givenname: ldap
homedirectory: /home/users/ldaptest
objectclass: inetOrgPerson
objectclass: posixAccount
objectclass: top
objectclass: organizationalPerson
sn: test
uid: ldaptest
uidnumber: 1000
# userpassword = test
userpassword: {MD5}CY9rzUYh03PK3k6DJie09g==
# Entry 4: cn=test,dc=example,dc=org
dn: cn=test,dc=example,dc=org
cn: test
gidnumber: 500
objectclass: posixGroup
objectclass: top

4
images/push.sh
View file

@ -8,4 +8,6 @@ done
for version in "${versions[@]}"; do for version in "${versions[@]}"; do
docker push "icewind1991/haze:$version" docker push "icewind1991/haze:$version"
done done
docker push "icewind1991/haze-ldap"

4
src/args.rs
View file

@ -135,8 +135,8 @@ impl HazeArgs {
let service = args let service = args
.peek() .peek()
.map(|s| s.as_ref()) .map(|s| s.as_ref())
.map(Service::from_type) .and_then(Service::from_type)
.flatten(); .and_then(|list| list.first().cloned());
if service.is_some() { if service.is_some() {
let _ = args.next(); let _ = args.next();
} }

32
src/cloud.rs
View file

@ -22,6 +22,7 @@ use std::os::unix::fs::MetadataExt;
use std::str::FromStr; use std::str::FromStr;
use std::time::Duration; use std::time::Duration;
use tokio::fs::remove_dir_all; use tokio::fs::remove_dir_all;
use tokio::task::spawn;
use tokio::time::sleep; use tokio::time::sleep;
#[derive(Clone, Default, Debug, Eq, PartialEq)] #[derive(Clone, Default, Debug, Eq, PartialEq)]
@ -49,7 +50,7 @@ impl CloudOptions {
php = Some(php_option); php = Some(php_option);
let _ = args.next(); let _ = args.next();
} else if let Some(service) = Service::from_type(option.as_ref()) { } else if let Some(service) = Service::from_type(option.as_ref()) {
services.push(service); services.extend_from_slice(service);
let _ = args.next(); let _ = args.next();
} else { } else {
break; break;
@ -258,6 +259,33 @@ impl Cloud {
containers.push(container); containers.push(container);
let services_clone = options.services.clone();
let cloud_id = id.clone();
let docker_clone = docker.clone();
spawn(async move {
if let Err(e) = try_join_all(
services_clone
.iter()
.map(|service| service.wait_for_start(&docker_clone, &cloud_id)),
)
.await
{
println!("{:#}", e);
return;
}
for service in services_clone {
match service.start_message(&docker_clone, &cloud_id).await {
Ok(Some(msg)) => {
println!("{}", msg);
}
Err(e) => {
println!("{:#}", e);
}
_ => {}
}
}
});
Ok(Cloud { Ok(Cloud {
id, id,
network, network,
@ -365,6 +393,8 @@ impl Cloud {
.flat_map(|labels| labels.get("haze-type")) .flat_map(|labels| labels.get("haze-type"))
.map(String::as_str) .map(String::as_str)
.flat_map(Service::from_type) .flat_map(Service::from_type)
.flatten()
.cloned()
.collect(); .collect();
let mut service_ids: Vec<String> = services let mut service_ids: Vec<String> = services
.iter() .iter()

11
src/main.rs
View file

@ -89,6 +89,17 @@ async fn main() -> Result<()> {
false, false,
) )
.await?; .await?;
for service in &cloud.services {
for app in service.apps() {
cloud
.exec(
&mut docker,
vec!["occ", "app:enable", *app, "--force"],
false,
)
.await?;
}
}
} }
} }
HazeArgs::Stop { filter } => { HazeArgs::Stop { filter } => {

218
src/service.rs
View file

@ -1,9 +1,9 @@
use crate::exec::exec; use crate::exec::exec;
use crate::image::pull_image; use crate::image::pull_image;
use bollard::container::{Config, CreateContainerOptions, NetworkingConfig}; use bollard::container::{Config, CreateContainerOptions, NetworkingConfig};
use bollard::models::{EndpointSettings, HostConfig}; use bollard::models::{ContainerState, EndpointSettings, HostConfig};
use bollard::Docker; use bollard::Docker;
use color_eyre::{eyre::WrapErr, Result}; use color_eyre::{eyre::WrapErr, Report, Result};
use maplit::hashmap; use maplit::hashmap;
use std::time::Duration; use std::time::Duration;
use tokio::time::{sleep, timeout}; use tokio::time::{sleep, timeout};
@ -11,36 +11,47 @@ use tokio::time::{sleep, timeout};
#[derive(Debug, Clone, Eq, PartialEq)] #[derive(Debug, Clone, Eq, PartialEq)]
pub enum Service { pub enum Service {
ObjectStore(ObjectStore), ObjectStore(ObjectStore),
Ldap(LDAP),
LdapAdmin(LDAPAdmin),
} }
impl Service { impl Service {
pub fn name(&self) -> &str { pub fn name(&self) -> &str {
match self { match self {
Service::ObjectStore(store) => store.name(), Service::ObjectStore(store) => store.name(),
Service::Ldap(ldap) => ldap.name(),
Service::LdapAdmin(ldap_admin) => ldap_admin.name(),
} }
} }
pub fn env(&self) -> &[&str] { pub fn env(&self) -> &[&str] {
match self { match self {
Service::ObjectStore(store) => store.env(), Service::ObjectStore(store) => store.env(),
Service::Ldap(ldap) => ldap.env(),
Service::LdapAdmin(ldap_admin) => ldap_admin.env(),
} }
} }
pub async fn spawn(&self, docker: &Docker, cloud_id: &str, network: &str) -> Result<String> { pub async fn spawn(&self, docker: &Docker, cloud_id: &str, network: &str) -> Result<String> {
match self { match self {
Service::ObjectStore(store) => store.spawn(docker, cloud_id, network).await, Service::ObjectStore(store) => store.spawn(docker, cloud_id, network).await,
Service::Ldap(ldap) => ldap.spawn(docker, cloud_id, network).await,
Service::LdapAdmin(ldap_admin) => ldap_admin.spawn(docker, cloud_id, network).await,
} }
} }
async fn is_healthy(&self, docker: &Docker, cloud_id: &str) -> Result<bool> { async fn is_healthy(&self, docker: &Docker, cloud_id: &str) -> Result<bool> {
match self { match self {
Service::ObjectStore(store) => store.is_healthy(docker, cloud_id).await, Service::ObjectStore(store) => store.is_healthy(docker, cloud_id).await,
Service::Ldap(ldap) => ldap.is_healthy(docker, cloud_id).await,
Service::LdapAdmin(ldap_admin) => ldap_admin.is_healthy(docker, cloud_id).await,
} }
} }
pub fn from_type(ty: &str) -> Option<Self> { pub fn from_type(ty: &str) -> Option<&'static [Self]> {
match ty { match ty {
"s3" => Some(Service::ObjectStore(ObjectStore::S3)), "s3" => Some(&[Service::ObjectStore(ObjectStore::S3)]),
"ldap" => Some(&[Service::Ldap(LDAP), Service::LdapAdmin(LDAPAdmin)]),
_ => None, _ => None,
} }
} }
@ -59,6 +70,24 @@ impl Service {
pub fn container_name(&self, cloud_id: &str) -> String { pub fn container_name(&self, cloud_id: &str) -> String {
match self { match self {
Service::ObjectStore(store) => store.container_name(cloud_id), Service::ObjectStore(store) => store.container_name(cloud_id),
Service::Ldap(ldap) => ldap.container_name(cloud_id),
Service::LdapAdmin(ldap_admin) => ldap_admin.container_name(cloud_id),
}
}
pub async fn start_message(&self, docker: &Docker, cloud_id: &str) -> Result<Option<String>> {
match self {
Service::ObjectStore(store) => store.start_message(docker, cloud_id).await,
Service::Ldap(ldap) => ldap.start_message(docker, cloud_id).await,
Service::LdapAdmin(ldap_admin) => ldap_admin.start_message(docker, cloud_id).await,
}
}
pub fn apps(&self) -> &'static [&'static str] {
match self {
Service::ObjectStore(store) => store.apps(),
Service::Ldap(ldap) => ldap.apps(),
Service::LdapAdmin(ldap_admin) => ldap_admin.apps(),
} }
} }
} }
@ -142,4 +171,185 @@ impl ObjectStore {
fn container_name(&self, cloud_id: &str) -> String { fn container_name(&self, cloud_id: &str) -> String {
format!("{}-object", cloud_id) format!("{}-object", cloud_id)
} }
async fn start_message(&self, _docker: &Docker, _cloud_id: &str) -> Result<Option<String>> {
Ok(None)
}
fn apps(&self) -> &'static [&'static str] {
&["files_external"]
}
}
#[derive(Debug, Clone, Eq, PartialEq)]
pub struct LDAP;
impl LDAP {
fn image(&self) -> &str {
"icewind1991/haze-ldap"
}
fn name(&self) -> &str {
"ldap"
}
fn self_env(&self) -> Vec<&str> {
vec!["LDAP_ADMIN_PASSWORD=haze"]
}
fn env(&self) -> &[&str] {
&["LDAP=1"]
}
async fn spawn(&self, docker: &Docker, cloud_id: &str, network: &str) -> Result<String> {
pull_image(docker, self.image()).await?;
let options = Some(CreateContainerOptions {
name: self.container_name(cloud_id),
});
let config = Config {
image: Some(self.image()),
env: Some(self.self_env()),
host_config: Some(HostConfig {
network_mode: Some(network.to_string()),
..Default::default()
}),
labels: Some(hashmap! {
"haze-type" => self.name(),
"haze-cloud-id" => cloud_id
}),
networking_config: Some(NetworkingConfig {
endpoints_config: hashmap! {
network => EndpointSettings {
aliases: Some(vec![self.name().to_string()]),
..Default::default()
}
},
}),
cmd: Some(vec!["--copy-service"]),
..Default::default()
};
let id = docker.create_container(options, config).await?.id;
docker.start_container::<String>(&id, None).await?;
Ok(id)
}
async fn is_healthy(&self, _docker: &Docker, _cloud_id: &str) -> Result<bool> {
Ok(true)
}
fn container_name(&self, cloud_id: &str) -> String {
format!("{}-ldap", cloud_id)
}
async fn start_message(&self, _docker: &Docker, _cloud_id: &str) -> Result<Option<String>> {
Ok(None)
}
fn apps(&self) -> &'static [&'static str] {
&["user_ldap"]
}
}
#[derive(Debug, Clone, Eq, PartialEq)]
pub struct LDAPAdmin;
impl LDAPAdmin {
fn image(&self) -> &str {
"osixia/phpldapadmin"
}
fn name(&self) -> &str {
"ldap-admin"
}
fn self_env(&self) -> Vec<&str> {
vec!["PHPLDAPADMIN_LDAP_HOSTS=ldap"]
}
fn env(&self) -> &[&str] {
&[]
}
async fn spawn(&self, docker: &Docker, cloud_id: &str, network: &str) -> Result<String> {
pull_image(docker, self.image()).await?;
let options = Some(CreateContainerOptions {
name: self.container_name(cloud_id),
});
let config = Config {
image: Some(self.image()),
env: Some(self.self_env()),
host_config: Some(HostConfig {
network_mode: Some(network.to_string()),
..Default::default()
}),
labels: Some(hashmap! {
"haze-type" => self.name(),
"haze-cloud-id" => cloud_id
}),
networking_config: Some(NetworkingConfig {
endpoints_config: hashmap! {
network => EndpointSettings {
aliases: Some(vec![self.name().to_string()]),
..Default::default()
}
},
}),
cmd: Some(vec!["--copy-service"]),
..Default::default()
};
let id = docker.create_container(options, config).await?.id;
docker.start_container::<String>(&id, None).await?;
Ok(id)
}
async fn is_healthy(&self, docker: &Docker, cloud_id: &str) -> Result<bool> {
let info = docker
.inspect_container(&self.container_name(cloud_id), None)
.await?;
Ok(matches!(
info.state,
Some(ContainerState {
running: Some(true),
..
})
))
}
fn container_name(&self, cloud_id: &str) -> String {
format!("{}-ldap-admin", cloud_id)
}
async fn start_message(&self, docker: &Docker, cloud_id: &str) -> Result<Option<String>> {
let info = docker
.inspect_container(&self.container_name(cloud_id), None)
.await?;
let ip = if matches!(
info.state,
Some(ContainerState {
running: Some(true),
..
})
) {
info.network_settings
.unwrap()
.networks
.unwrap()
.values()
.next()
.unwrap()
.ip_address
.clone()
.unwrap()
} else {
return Err(Report::msg("ldap admin not started"));
};
Ok(Some(format!(
"Ldap admin running at: https://{} with 'cn=admin,dc=example,dc=org' and password 'haze'",
ip
)))
}
fn apps(&self) -> &'static [&'static str] {
&[]
}
} }