From ecaee6f8bea677ff2ed1bcb665df12e21bdcc628 Mon Sep 17 00:00:00 2001 From: Ian Fijolek Date: Wed, 27 Jul 2022 15:57:28 -0700 Subject: [PATCH] Add lldap --- nomad/ansible_hosts.yml | 6 ++ nomad/core.tf | 12 ++-- nomad/lldap.nomad | 140 ++++++++++++++++++++++++++++++++++++++++ 3 files changed, 150 insertions(+), 8 deletions(-) create mode 100644 nomad/lldap.nomad diff --git a/nomad/ansible_hosts.yml b/nomad/ansible_hosts.yml index 6abad92..a3aba9d 100644 --- a/nomad/ansible_hosts.yml +++ b/nomad/ansible_hosts.yml @@ -13,6 +13,12 @@ all: group: "bin" mode: "0755" read_only: false + - name: lldap-data + path: /srv/volumes/lldap + owner: "root" + group: "bin" + mode: "0755" + read_only: false n2.thefij: nomad_node_role: both nomad_unique_host_volumes: diff --git a/nomad/core.tf b/nomad/core.tf index 77b19d0..92a5cd4 100644 --- a/nomad/core.tf +++ b/nomad/core.tf @@ -71,21 +71,17 @@ resource "consul_config_entry" "loki_intent" { } resource "nomad_job" "syslog-ng" { - hcl2 { - enabled = true - } - jobspec = file("${path.module}/syslogng.nomad") } resource "nomad_job" "ddclient" { - hcl2 { - enabled = true - } - jobspec = file("${path.module}/ddclient.nomad") } +resource "nomad_job" "lldap" { + jobspec = file("${path.module}/lldap.nomad") +} + resource "consul_config_entry" "syslogng_promtail_intent" { name = "syslogng-promtail" kind = "service-intentions" diff --git a/nomad/lldap.nomad b/nomad/lldap.nomad new file mode 100644 index 0000000..fc27c52 --- /dev/null +++ b/nomad/lldap.nomad @@ -0,0 +1,140 @@ +job "lldap" { + datacenters = ["dc1"] + type = "service" + + group "lldap" { + + network { + mode = "bridge" + + port "web" { + host_network = "loopback" + to = 17170 + } + + port "ldap" { + host_network = "loopback" + to = 3890 + } + } + + volume "lldap-data" { + type = "host" + read_only = false + source = "lldap-data" + } + + service { + name = "lldap" + port = "ldap" + + connect { + sidecar_service { + proxy { + local_service_port = 3890 + + config { + protocol = "tcp" + } + } + } + + sidecar_task { + resources { + cpu = 50 + memory = 20 + } + } + } + } + + service { + name = "ldap-admin" + port = "web" + + connect { + sidecar_service { + proxy { + local_service_port = 17170 + } + } + + sidecar_task { + resources { + cpu = 20 + memory = 20 + } + } + } + + tags = [ + "traefik.enable=true", + "traefik.http.routers.ldap-admin.entryPoints=websecure", + ] + } + + task "lldap" { + driver = "docker" + + volume_mount { + volume = "lldap-data" + destination = "/data" + read_only = false + } + + config { + image = "nitnelave/lldap" + ports = ["ldap", "web"] + args = ["run", "--config-file", "/lldap_config.toml"] + + mount { + type = "bind" + source = "secrets/lldap_config.toml" + target = "/lldap_config.toml" + } + } + + vault { + policies = [ + "access-tables", + "nomad-task", + ] + } + + template { + data = <