vault-wrap: Рабочий вариант. INF-1541

2024-07-11 09:54:16 +03:00 · 2024-07-11 09:54:16 +03:00 · 62678531f4
commit 62678531f4
parent 33f90e5e02
4 changed files with 28 additions and 31 deletions
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@ -75,21 +75,21 @@ vault_wrap_deploy:
    refs:
      - main

-# traefik_deploy:
-  # <<: *dedicated-runner
-  # stage: deploy
-  # script:
-    # - mkdir -p /home/gitlab-runner/traefik
-    # - docker volume create vault-wrap_traefik-ssl
-    # - docker volume create  vault-wrap_traefik-dynamic-conf
-    # - docker run --rm -v vault-wrap_traefik-ssl:/temporary -v /etc/ssl/certs/:/files alpine cp files/runner1-prod.corp.samsonopt.ru.crt /temporary
-    # - docker run --rm -v vault-wrap_traefik-ssl:/temporary -v /etc/ssl/private/:/files alpine cp files/runner1-prod.corp.samsonopt.ru.key /temporary
-    # - docker run --rm -v vault-wrap_traefik-dynamic-conf:/temporary -v ./traefik-files:/files alpine cp files/certificates.yml /temporary
-    # - cp traefik-files/traefik.yml /home/gitlab-runner/traefik/traefik.yml
-    # - export TLS_CERT_FILE=runner1-prod.corp.samsonopt.ru.crt
-    # - export TLS_KEY_FILE=runner1-prod.corp.samsonopt.ru.key
-    # - if [ -e .ci_status/vault_wrap_release ]; then docker-compose -f docker-compose.yml up -d traefik; fi
-  # only:
-    # refs:
-      # - main
+traefik_deploy:
+  <<: *dedicated-runner
+  stage: deploy
+  script:
+    - mkdir -p /home/gitlab-runner/traefik
+    - docker volume create vault-wrap_traefik-ssl
+    - docker volume create  vault-wrap_traefik-dynamic-conf
+    - docker run --rm -v vault-wrap_traefik-ssl:/temporary -v /etc/ssl/certs/:/files alpine cp files/runner1-prod.corp.samsonopt.ru.crt /temporary
+    - docker run --rm -v vault-wrap_traefik-ssl:/temporary -v /etc/ssl/private/:/files alpine cp files/runner1-prod.corp.samsonopt.ru.key /temporary
+    - docker run --rm -v vault-wrap_traefik-dynamic-conf:/temporary -v ./traefik-files:/files alpine cp files/certificates.yml /temporary
+    - cp traefik-files/traefik.yml /home/gitlab-runner/traefik/traefik.yml
+    - export TLS_CERT_FILE=runner1-prod.corp.samsonopt.ru.crt
+    - export TLS_KEY_FILE=runner1-prod.corp.samsonopt.ru.key
+    - if [ -e .ci_status/vault_wrap_release ]; then docker-compose -f docker-compose.yml up -d traefik; fi
+  only:
+    refs:
+      - main

--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -6,15 +6,15 @@ services:
    image: $IMAGE_PATH/vault-wrap:$RELEASE_VERSION
    container_name: vault-wrap
    environment:
-      - ACTION_ADDRESS=${ACTION_ADDRESS:-secret.corp.samsonopt.ru}
+      - ACTION_ADDRESS=${ACTION_ADDRESS:-https://secret.corp.samsonopt.ru}
      - VAULT_ADDRESS=${VAULT_ADDRESS}
-      - LISTEN_PORT=1234
+      - LISTEN_PORT=8080
      - TLS_KEY_FILE=${TLS_KEY_FILE}
      - TLS_CERT_FILE=${TLS_CERT_FILE}
      - TZ=Europe/Moscow
    restart: always
    ports:
-      - 1234:1234
+      - 1234:8080
    build:
        context: .
    volumes:
--- a/traefik-files/traefik.yml
+++ b/traefik-files/traefik.yml
@ -27,4 +27,4 @@ providers:
    endpoint: "unix:///var/run/docker.sock"
    exposedByDefault: false
  file:
-    filename: /configuration/certificates.yaml
+    filename: /configuration/certificates.yml
--- a/vault.go
+++ b/vault.go
@ -251,7 +251,7 @@ func main() {
    flag.StringVar(&TemplateDir, "template-dir", "html-template", "Каталог с шаблонами")
    flag.StringVar(&TemplateFile, "template-file", "index.html", "Файл-шаблон для ВЭБ-странцы")
    flag.StringVar(&VaultAddress, "vault-url", "", "Адрес сервера Hashicorp Vault (https://host.name:8200)")
-    flag.StringVar(&ActionAddress, "action-address", "", "Адрес данного сервиса (host.name)")
+    flag.StringVar(&ActionAddress, "action-address", "", "Адрес данного сервиса (https://host.name)")
    flag.StringVar(&ListenPort, "listen-port", "8080", "Номер порта сервиса")
    flag.StringVar(&TlsCertFile, "tls-cert", "", "TLS сертификат (файл)")
    flag.StringVar(&TlsKeyFile, "tls-key", "", "TLS ключ (файл)")
@ -303,19 +303,16 @@ func main() {
        }
    }
    listenAddr := ":" + ListenPort
-    
+
+    // ActionAddress = "https://" + ActionAddress
+    if Debug {
+        log.Printf("Адрес сервиса: %s%s ", ActionAddress, listenAddr)
+    }
+
    log.Println("Listening...")
    if TlsEnable {
-        ActionAddress = "https://" + ActionAddress
-        if Debug {
-            log.Printf("Адрес сервиса: %s%s ", ActionAddress, listenAddr)
-        }
        log.Fatal(http.ListenAndServeTLS(listenAddr, TlsCertFile, TlsKeyFile, nil))
    } else {
-        ActionAddress = "http://" + ActionAddress
-        if Debug {
-            log.Printf("Адрес сервиса: %s%s ", ActionAddress, listenAddr)
-        }
        http.ListenAndServe(listenAddr, nil)
    }
 }