vault-wrap: Рабочий вариант. INF-1541

This commit is contained in:
svkalinin 2024-07-11 09:54:16 +03:00
parent 33f90e5e02
commit 62678531f4
4 changed files with 28 additions and 31 deletions

View File

@ -75,21 +75,21 @@ vault_wrap_deploy:
refs: refs:
- main - main
# traefik_deploy: traefik_deploy:
# <<: *dedicated-runner <<: *dedicated-runner
# stage: deploy stage: deploy
# script: script:
# - mkdir -p /home/gitlab-runner/traefik - mkdir -p /home/gitlab-runner/traefik
# - docker volume create vault-wrap_traefik-ssl - docker volume create vault-wrap_traefik-ssl
# - docker volume create vault-wrap_traefik-dynamic-conf - docker volume create vault-wrap_traefik-dynamic-conf
# - docker run --rm -v vault-wrap_traefik-ssl:/temporary -v /etc/ssl/certs/:/files alpine cp files/runner1-prod.corp.samsonopt.ru.crt /temporary - docker run --rm -v vault-wrap_traefik-ssl:/temporary -v /etc/ssl/certs/:/files alpine cp files/runner1-prod.corp.samsonopt.ru.crt /temporary
# - docker run --rm -v vault-wrap_traefik-ssl:/temporary -v /etc/ssl/private/:/files alpine cp files/runner1-prod.corp.samsonopt.ru.key /temporary - docker run --rm -v vault-wrap_traefik-ssl:/temporary -v /etc/ssl/private/:/files alpine cp files/runner1-prod.corp.samsonopt.ru.key /temporary
# - docker run --rm -v vault-wrap_traefik-dynamic-conf:/temporary -v ./traefik-files:/files alpine cp files/certificates.yml /temporary - docker run --rm -v vault-wrap_traefik-dynamic-conf:/temporary -v ./traefik-files:/files alpine cp files/certificates.yml /temporary
# - cp traefik-files/traefik.yml /home/gitlab-runner/traefik/traefik.yml - cp traefik-files/traefik.yml /home/gitlab-runner/traefik/traefik.yml
# - export TLS_CERT_FILE=runner1-prod.corp.samsonopt.ru.crt - export TLS_CERT_FILE=runner1-prod.corp.samsonopt.ru.crt
# - export TLS_KEY_FILE=runner1-prod.corp.samsonopt.ru.key - export TLS_KEY_FILE=runner1-prod.corp.samsonopt.ru.key
# - if [ -e .ci_status/vault_wrap_release ]; then docker-compose -f docker-compose.yml up -d traefik; fi - if [ -e .ci_status/vault_wrap_release ]; then docker-compose -f docker-compose.yml up -d traefik; fi
# only: only:
# refs: refs:
# - main - main

View File

@ -6,15 +6,15 @@ services:
image: $IMAGE_PATH/vault-wrap:$RELEASE_VERSION image: $IMAGE_PATH/vault-wrap:$RELEASE_VERSION
container_name: vault-wrap container_name: vault-wrap
environment: environment:
- ACTION_ADDRESS=${ACTION_ADDRESS:-secret.corp.samsonopt.ru} - ACTION_ADDRESS=${ACTION_ADDRESS:-https://secret.corp.samsonopt.ru}
- VAULT_ADDRESS=${VAULT_ADDRESS} - VAULT_ADDRESS=${VAULT_ADDRESS}
- LISTEN_PORT=1234 - LISTEN_PORT=8080
- TLS_KEY_FILE=${TLS_KEY_FILE} - TLS_KEY_FILE=${TLS_KEY_FILE}
- TLS_CERT_FILE=${TLS_CERT_FILE} - TLS_CERT_FILE=${TLS_CERT_FILE}
- TZ=Europe/Moscow - TZ=Europe/Moscow
restart: always restart: always
ports: ports:
- 1234:1234 - 1234:8080
build: build:
context: . context: .
volumes: volumes:

View File

@ -27,4 +27,4 @@ providers:
endpoint: "unix:///var/run/docker.sock" endpoint: "unix:///var/run/docker.sock"
exposedByDefault: false exposedByDefault: false
file: file:
filename: /configuration/certificates.yaml filename: /configuration/certificates.yml

View File

@ -251,7 +251,7 @@ func main() {
flag.StringVar(&TemplateDir, "template-dir", "html-template", "Каталог с шаблонами") flag.StringVar(&TemplateDir, "template-dir", "html-template", "Каталог с шаблонами")
flag.StringVar(&TemplateFile, "template-file", "index.html", "Файл-шаблон для ВЭБ-странцы") flag.StringVar(&TemplateFile, "template-file", "index.html", "Файл-шаблон для ВЭБ-странцы")
flag.StringVar(&VaultAddress, "vault-url", "", "Адрес сервера Hashicorp Vault (https://host.name:8200)") flag.StringVar(&VaultAddress, "vault-url", "", "Адрес сервера Hashicorp Vault (https://host.name:8200)")
flag.StringVar(&ActionAddress, "action-address", "", "Адрес данного сервиса (host.name)") flag.StringVar(&ActionAddress, "action-address", "", "Адрес данного сервиса (https://host.name)")
flag.StringVar(&ListenPort, "listen-port", "8080", "Номер порта сервиса") flag.StringVar(&ListenPort, "listen-port", "8080", "Номер порта сервиса")
flag.StringVar(&TlsCertFile, "tls-cert", "", "TLS сертификат (файл)") flag.StringVar(&TlsCertFile, "tls-cert", "", "TLS сертификат (файл)")
flag.StringVar(&TlsKeyFile, "tls-key", "", "TLS ключ (файл)") flag.StringVar(&TlsKeyFile, "tls-key", "", "TLS ключ (файл)")
@ -303,19 +303,16 @@ func main() {
} }
} }
listenAddr := ":" + ListenPort listenAddr := ":" + ListenPort
// ActionAddress = "https://" + ActionAddress
if Debug {
log.Printf("Адрес сервиса: %s%s ", ActionAddress, listenAddr)
}
log.Println("Listening...") log.Println("Listening...")
if TlsEnable { if TlsEnable {
ActionAddress = "https://" + ActionAddress
if Debug {
log.Printf("Адрес сервиса: %s%s ", ActionAddress, listenAddr)
}
log.Fatal(http.ListenAndServeTLS(listenAddr, TlsCertFile, TlsKeyFile, nil)) log.Fatal(http.ListenAndServeTLS(listenAddr, TlsCertFile, TlsKeyFile, nil))
} else { } else {
ActionAddress = "http://" + ActionAddress
if Debug {
log.Printf("Адрес сервиса: %s%s ", ActionAddress, listenAddr)
}
http.ListenAndServe(listenAddr, nil) http.ListenAndServe(listenAddr, nil)
} }
} }