Configuration
This commit is contained in:
parent
f595fbeccd
commit
0087cbe846
GPG key ID:
BE4EC2EEADF2C31B
3 changed files with 51 additions and 0 deletions
|
|
@ -1,6 +1,12 @@
|
||||||
# idm_app
|
# idm_app
|
||||||
class eid::idm_app (
|
class eid::idm_app (
|
||||||
) {
|
) {
|
||||||
|
|
||||||
|
ensure_resource('sunet::misc::create_dir', '/opt/idm_app/config/', { owner => 'root', group => 'root', mode => '0750'})
|
||||||
|
file { '/opt/idm_app/config/idm.yml':
|
||||||
|
content => template('eid/idm/idm.yml.erb'),
|
||||||
|
mode => '0755',
|
||||||
|
}3
|
||||||
sunet::docker_compose { 'idm_app':
|
sunet::docker_compose { 'idm_app':
|
||||||
content => template('eid/idm/docker-compose.yml.erb'),
|
content => template('eid/idm/docker-compose.yml.erb'),
|
||||||
service_name => 'idm_app',
|
service_name => 'idm_app',
|
||||||
|
|
|
||||||
|
|
@ -3,5 +3,12 @@ version: '3.2'
|
||||||
services:
|
services:
|
||||||
idm_app:
|
idm_app:
|
||||||
image: docker.sunet.se/eidas-idm
|
image: docker.sunet.se/eidas-idm
|
||||||
|
environment:
|
||||||
|
- TZ='Europe/Stockholm'
|
||||||
|
- SPRING_CONFIG_IMPORT='/opt/idm_app/config/idm.yml'
|
||||||
ports:
|
ports:
|
||||||
- '443:443'
|
- '443:443'
|
||||||
|
volumes:
|
||||||
|
- "/etc/localtime:/etc/localtime:ro"
|
||||||
|
- "/opt/idm_app:/opt/idm_app"
|
||||||
|
- "/etc/ssl:/etc/ssl:ro"
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,38 @@
|
||||||
|
server:
|
||||||
|
port: 8082
|
||||||
|
ssl:
|
||||||
|
bundle: infra
|
||||||
|
|
||||||
|
spring:
|
||||||
|
ssl:
|
||||||
|
bundle:
|
||||||
|
pem:
|
||||||
|
infra:
|
||||||
|
keystore:
|
||||||
|
private-key: file:/etc/ssl/private/<%= @fqdn %>_infra.key
|
||||||
|
certificate: file:/etc/ssl/certs/<%= @fqdn %>_infra.crt
|
||||||
|
truststore:
|
||||||
|
certificate: file:/etc/ssl/certs/infra.crt
|
||||||
|
data:
|
||||||
|
redis:
|
||||||
|
password: '<%= scope.call_function('safe_hiera', ['idm_redis_password']) %>'
|
||||||
|
cluster:
|
||||||
|
nodes:
|
||||||
|
<%- @redises.each do |host| -%>
|
||||||
|
- <%= host %>:6379
|
||||||
|
- <%= host %>:6380
|
||||||
|
<%- end -%>
|
||||||
|
ssl:
|
||||||
|
enabled: true
|
||||||
|
ssl-ext:
|
||||||
|
# redis or java require IP addresses in cert if verifcation is turned on
|
||||||
|
# Caused by: java.util.concurrent.CompletionException:
|
||||||
|
# javax.net.ssl.SSLHandshakeException: No subject alternative names
|
||||||
|
# matching IP address 89.46.20.236 found
|
||||||
|
enable-hostname-verification: false
|
||||||
|
credential:
|
||||||
|
resource: file:/etc/ssl/private/<%= @fqdn %>_infra.p12
|
||||||
|
password: qwerty123
|
||||||
|
trust:
|
||||||
|
resource: file:/etc/ssl/certs/infra.p12
|
||||||
|
password: qwerty123
|
||||||
Loading…
Add table
Reference in a new issue