Add application configuration through env variables
* .gitignore: Add .env file used by docker-compose for env variables * Add docker-compose for testing environment * Update documentation * Add an entrypoint script * Template config.properties if the file doesn't exist
This commit is contained in:
parent
5a2c1ed838
commit
b475312728
1
.gitignore
vendored
1
.gitignore
vendored
@ -8,3 +8,4 @@ bin/jetty-runner*.jar
|
||||
.gradle/
|
||||
*.sw*
|
||||
build/
|
||||
.env
|
||||
|
33
Dockerfile
33
Dockerfile
@ -1,14 +1,29 @@
|
||||
FROM jetty:jre8-alpine
|
||||
|
||||
ADD build/libs/accountapp*.war /var/lib/jetty/webapps/ROOT.war
|
||||
|
||||
# This is apparently needed by Stapler for some weird reason. O_O
|
||||
RUN mkdir -p /home/jetty/.app
|
||||
|
||||
RUN mkdir -p /etc/accountapp
|
||||
LABEL \
|
||||
Description="Deploy Jenkins infra account app" \
|
||||
Project="https://github.com/jenkins-infra/account-app" \
|
||||
Maintainer="infra@lists.jenkins-ci.org"
|
||||
|
||||
EXPOSE 8080
|
||||
|
||||
# Overriding the ENTRYPOINT from our parent to make it easier to tell it about
|
||||
# our config.properties which the app needs
|
||||
ENTRYPOINT java -DCONFIG=/etc/accountapp/config.properties -Durl="$LDAP_URL" -Dpassword="$LDAP_PASSWORD" -Djira.username="$JIRA_USERNAME" -Djira.password="$JIRA_PASSWORD" -Djira.url="$JIRA_URL" -jar "$JETTY_HOME/start.jar"
|
||||
ENV CIRCUIT_BREAKER_FILE /etc/accountapp/circuitBreaker.txt
|
||||
|
||||
# /home/jetty/.app is apparently needed by Stapler for some weird reason. O_O
|
||||
RUN \
|
||||
mkdir -p /home/jetty/.app &&\
|
||||
mkdir -p /etc/accountapp
|
||||
|
||||
COPY config.properties.example /etc/accountapp/config.properties.example
|
||||
COPY circuitBreaker.txt /etc/accountapp/circuitBreaker.txt
|
||||
COPY entrypoint.sh /entrypoint.sh
|
||||
|
||||
RUN \
|
||||
chmod 0755 /entrypoint.sh &&\
|
||||
chown -R jetty:root /etc/accountapp
|
||||
|
||||
COPY build/libs/accountapp*.war /var/lib/jetty/webapps/ROOT.war
|
||||
|
||||
USER jetty
|
||||
|
||||
ENTRYPOINT /entrypoint.sh
|
||||
|
45
README.md
45
README.md
@ -29,14 +29,57 @@ server, so the data you'll be seeing is real.
|
||||
The command line system properties are for JIRA LDAP sync tool. JIRA user account you are providing has to have the system admin access to JIRA.
|
||||
TODO: feed this data from config.properties
|
||||
|
||||
### Docker Compose
|
||||
A docker compose file can be used for testing purpose.
|
||||
|
||||
_Require ssh tunnel to an ldap server and an WAR archive_
|
||||
|
||||
* Create the file ```.env``` used by docker-compose to load configuration
|
||||
.env example
|
||||
```
|
||||
LDAP_URL=server=ldap://localhost:9389/
|
||||
LDAP_PASSWORD=<insert your ldap password>
|
||||
JIRA_USERNAME=<insert your jira username>
|
||||
JIRA_PASSWORD=<insert your jira password>
|
||||
JIRA_URL=https://issues.jenkins-ci.org
|
||||
SMTP_SERVER=localhost
|
||||
RECAPTCHA_PRIVATE_KEY=recaptcha_private_key
|
||||
RECAPTCHA_PUBLIC_KEY=recaptcha_public_key
|
||||
APP_URL=http://localhost:8080/
|
||||
LDAP_MANAGER_DN=cn=admin,dc=jenkins-ci,dc=org
|
||||
LDAP_NEW_USER_BASE_DN=ou=people,dc=jenkins-ci,dc=org
|
||||
```
|
||||
* Run docker-compose
|
||||
```docker-compose up --build accountapp```
|
||||
|
||||
## Packaging
|
||||
|
||||
For deploying to production, this app gets containerized. The container expects
|
||||
to see `/etc/accountapp` mounted from outside that contains the abovementioned
|
||||
to see `/etc/accountapp` mounted from outside that contains the above mentioned
|
||||
`config.properties`
|
||||
|
||||
|
||||
To run the container locally, build it then:
|
||||
|
||||
docker run -ti --net=host -v `pwd`:/etc/accountapp jenkinsciinfra/account-app:latest
|
||||
|
||||
## Configuration
|
||||
Instead of mounting the configuration file from an external volume,
|
||||
we may want to use environment variable.
|
||||
|
||||
**Those two options are mutually exclusive.**
|
||||
|
||||
```
|
||||
* APP_URL
|
||||
* CIRCUIT_BREAKER_FILE
|
||||
* JIRA_PASSWORD
|
||||
* JIRA_URL
|
||||
* JIRA_USERNAME
|
||||
* LDAP_MANAGER_DN
|
||||
* LDAP_NEW_USER_BASE_DN
|
||||
* LDAP_PASSWORD
|
||||
* LDAP_URL
|
||||
* RECAPTCHA_PUBLIC_KEY
|
||||
* RECAPTCHA_PRIVATE_KEY
|
||||
* SMTP_SERVER
|
||||
```
|
||||
|
22
config.properties.example
Normal file
22
config.properties.example
Normal file
@ -0,0 +1,22 @@
|
||||
# This file configures the Jenkins project's accounts management application.
|
||||
#
|
||||
# See: <https://github.com/jenkins-infra/account-app>
|
||||
server=LDAP_URL
|
||||
managerDN=LDAP_MANAGER_DN
|
||||
managerPassword=LDAP_PASSWORD
|
||||
|
||||
newUserBaseDN=LDAP_NEW_USER_BASE_DN
|
||||
|
||||
# Host which accountapp can use for sending out password reset and other emails
|
||||
smtpServer=SMTP_SERVER
|
||||
|
||||
recaptchaPublicKey=RECAPTCHA_PUBLIC_KEY
|
||||
recaptchaPrivateKey=RECAPTCHA_PRIVATE_KEY
|
||||
|
||||
url=APP_URL
|
||||
|
||||
# Create this file on the host machine in order to temporarily disable account
|
||||
# creation
|
||||
circuitBreakerFile=CIRCUIT_BREAKER_FILE
|
||||
|
||||
# vim: ft=conf
|
15
docker-compose.yaml
Normal file
15
docker-compose.yaml
Normal file
@ -0,0 +1,15 @@
|
||||
version: '3'
|
||||
services:
|
||||
accountapp:
|
||||
build: .
|
||||
image: accountapp:latest
|
||||
env_file: .env
|
||||
network_mode: host
|
||||
ports:
|
||||
- '8080:8080'
|
||||
shell:
|
||||
build: .
|
||||
image: accountapp:latest
|
||||
env_file: .env
|
||||
entrypoint: /bin/sh
|
||||
network_mode: host
|
40
entrypoint.sh
Normal file
40
entrypoint.sh
Normal file
@ -0,0 +1,40 @@
|
||||
#!/bin/sh
|
||||
|
||||
set -e
|
||||
|
||||
init_config_properties() {
|
||||
: "${LDAP_URL:?Ldap url required}"
|
||||
: "${LDAP_PASSWORD:?Ldap password required}"
|
||||
: "${JIRA_USERNAME:?Jira user required}"
|
||||
: "${JIRA_PASSWORD:?Jira password required}"
|
||||
: "${JIRA_URL:? Jira url required}"
|
||||
|
||||
# /etc/accountapp/config.properties
|
||||
: "${SMTP_SERVER:? SMTP Server required}"
|
||||
: "${RECAPTCHA_PUBLIC_KEY:? Recaptcha private key}"
|
||||
: "${RECAPTCHA_PRIVATE_KEY:? Recaptcha private key}"
|
||||
: "${APP_URL:? Application url required}"
|
||||
: "${LDAP_MANAGER_DN:? Require ldap manager_DN}"
|
||||
: "${LDAP_NEW_USER_BASE_DN:? Require ldap new user base DN}"
|
||||
: "${CIRCUIT_BREAKER_FILE:? Require circuitBreaker file}"
|
||||
|
||||
|
||||
cp /etc/accountapp/config.properties.example /etc/accountapp/config.properties
|
||||
|
||||
# Using # as variables may contain /
|
||||
sed -i "s#SMTP_SERVER#$SMTP_SERVER#" /etc/accountapp/config.properties
|
||||
sed -i "s#LDAP_URL#$LDAP_URL#" /etc/accountapp/config.properties
|
||||
sed -i "s#LDAP_PASSWORD#$LDAP_PASSWORD#" /etc/accountapp/config.properties
|
||||
sed -i "s#RECAPTCHA_PUBLIC_KEY#$RECAPTCHA_PUBLIC_KEY#" /etc/accountapp/config.properties
|
||||
sed -i "s#RECAPTCHA_PRIVATE_KEY#$RECAPTCHA_PRIVATE_KEY#" /etc/accountapp/config.properties
|
||||
sed -i "s#APP_URL#$APP_URL#" /etc/accountapp/config.properties
|
||||
sed -i "s#LDAP_MANAGER_DN#$LDAP_MANAGER_DN#" /etc/accountapp/config.properties
|
||||
sed -i "s#LDAP_NEW_USER_BASE_DN#$LDAP_NEW_USER_BASE_DN#" /etc/accountapp/config.properties
|
||||
sed -i "s#CIRCUIT_BREAKER_FILE#$CIRCUIT_BREAKER_FILE#" /etc/accountapp/config.properties
|
||||
}
|
||||
|
||||
if [ ! -f /etc/accountapp/config.properties ]; then
|
||||
init_config_properties
|
||||
fi
|
||||
|
||||
exec java -DCONFIG=/etc/accountapp/config.properties -Durl="$LDAP_URL" -Dpassword="$LDAP_PASSWORD" -Djira.username="$JIRA_USERNAME" -Djira.password="$JIRA_PASSWORD" -Djira.url="$JIRA_URL" -jar "$JETTY_HOME/start.jar"
|
Loading…
Reference in New Issue
Block a user