vault-wrap: Рабочий вариант. INF-1541
This commit is contained in:
svkalinin
@@ -75,21 +75,21 @@ vault_wrap_deploy:
|
||||
refs:
|
||||
- main
|
||||
|
||||
# traefik_deploy:
|
||||
# <<: *dedicated-runner
|
||||
# stage: deploy
|
||||
# script:
|
||||
# - mkdir -p /home/gitlab-runner/traefik
|
||||
# - docker volume create vault-wrap_traefik-ssl
|
||||
# - docker volume create vault-wrap_traefik-dynamic-conf
|
||||
# - docker run --rm -v vault-wrap_traefik-ssl:/temporary -v /etc/ssl/certs/:/files alpine cp files/runner1-prod.corp.samsonopt.ru.crt /temporary
|
||||
# - docker run --rm -v vault-wrap_traefik-ssl:/temporary -v /etc/ssl/private/:/files alpine cp files/runner1-prod.corp.samsonopt.ru.key /temporary
|
||||
# - docker run --rm -v vault-wrap_traefik-dynamic-conf:/temporary -v ./traefik-files:/files alpine cp files/certificates.yml /temporary
|
||||
# - cp traefik-files/traefik.yml /home/gitlab-runner/traefik/traefik.yml
|
||||
# - export TLS_CERT_FILE=runner1-prod.corp.samsonopt.ru.crt
|
||||
# - export TLS_KEY_FILE=runner1-prod.corp.samsonopt.ru.key
|
||||
# - if [ -e .ci_status/vault_wrap_release ]; then docker-compose -f docker-compose.yml up -d traefik; fi
|
||||
# only:
|
||||
# refs:
|
||||
# - main
|
||||
traefik_deploy:
|
||||
<<: *dedicated-runner
|
||||
stage: deploy
|
||||
script:
|
||||
- mkdir -p /home/gitlab-runner/traefik
|
||||
- docker volume create vault-wrap_traefik-ssl
|
||||
- docker volume create vault-wrap_traefik-dynamic-conf
|
||||
- docker run --rm -v vault-wrap_traefik-ssl:/temporary -v /etc/ssl/certs/:/files alpine cp files/runner1-prod.corp.samsonopt.ru.crt /temporary
|
||||
- docker run --rm -v vault-wrap_traefik-ssl:/temporary -v /etc/ssl/private/:/files alpine cp files/runner1-prod.corp.samsonopt.ru.key /temporary
|
||||
- docker run --rm -v vault-wrap_traefik-dynamic-conf:/temporary -v ./traefik-files:/files alpine cp files/certificates.yml /temporary
|
||||
- cp traefik-files/traefik.yml /home/gitlab-runner/traefik/traefik.yml
|
||||
- export TLS_CERT_FILE=runner1-prod.corp.samsonopt.ru.crt
|
||||
- export TLS_KEY_FILE=runner1-prod.corp.samsonopt.ru.key
|
||||
- if [ -e .ci_status/vault_wrap_release ]; then docker-compose -f docker-compose.yml up -d traefik; fi
|
||||
only:
|
||||
refs:
|
||||
- main
|
||||
|
||||
|
||||
@@ -6,15 +6,15 @@ services:
|
||||
image: $IMAGE_PATH/vault-wrap:$RELEASE_VERSION
|
||||
container_name: vault-wrap
|
||||
environment:
|
||||
- ACTION_ADDRESS=${ACTION_ADDRESS:-secret.corp.samsonopt.ru}
|
||||
- ACTION_ADDRESS=${ACTION_ADDRESS:-https://secret.corp.samsonopt.ru}
|
||||
- VAULT_ADDRESS=${VAULT_ADDRESS}
|
||||
- LISTEN_PORT=1234
|
||||
- LISTEN_PORT=8080
|
||||
- TLS_KEY_FILE=${TLS_KEY_FILE}
|
||||
- TLS_CERT_FILE=${TLS_CERT_FILE}
|
||||
- TZ=Europe/Moscow
|
||||
restart: always
|
||||
ports:
|
||||
- 1234:1234
|
||||
- 1234:8080
|
||||
build:
|
||||
context: .
|
||||
volumes:
|
||||
|
||||
@@ -27,4 +27,4 @@ providers:
|
||||
endpoint: "unix:///var/run/docker.sock"
|
||||
exposedByDefault: false
|
||||
file:
|
||||
filename: /configuration/certificates.yaml
|
||||
filename: /configuration/certificates.yml
|
||||
|
||||
17
vault.go
17
vault.go
@@ -251,7 +251,7 @@ func main() {
|
||||
flag.StringVar(&TemplateDir, "template-dir", "html-template", "Каталог с шаблонами")
|
||||
flag.StringVar(&TemplateFile, "template-file", "index.html", "Файл-шаблон для ВЭБ-странцы")
|
||||
flag.StringVar(&VaultAddress, "vault-url", "", "Адрес сервера Hashicorp Vault (https://host.name:8200)")
|
||||
flag.StringVar(&ActionAddress, "action-address", "", "Адрес данного сервиса (host.name)")
|
||||
flag.StringVar(&ActionAddress, "action-address", "", "Адрес данного сервиса (https://host.name)")
|
||||
flag.StringVar(&ListenPort, "listen-port", "8080", "Номер порта сервиса")
|
||||
flag.StringVar(&TlsCertFile, "tls-cert", "", "TLS сертификат (файл)")
|
||||
flag.StringVar(&TlsKeyFile, "tls-key", "", "TLS ключ (файл)")
|
||||
@@ -303,19 +303,16 @@ func main() {
|
||||
}
|
||||
}
|
||||
listenAddr := ":" + ListenPort
|
||||
|
||||
|
||||
// ActionAddress = "https://" + ActionAddress
|
||||
if Debug {
|
||||
log.Printf("Адрес сервиса: %s%s ", ActionAddress, listenAddr)
|
||||
}
|
||||
|
||||
log.Println("Listening...")
|
||||
if TlsEnable {
|
||||
ActionAddress = "https://" + ActionAddress
|
||||
if Debug {
|
||||
log.Printf("Адрес сервиса: %s%s ", ActionAddress, listenAddr)
|
||||
}
|
||||
log.Fatal(http.ListenAndServeTLS(listenAddr, TlsCertFile, TlsKeyFile, nil))
|
||||
} else {
|
||||
ActionAddress = "http://" + ActionAddress
|
||||
if Debug {
|
||||
log.Printf("Адрес сервиса: %s%s ", ActionAddress, listenAddr)
|
||||
}
|
||||
http.ListenAndServe(listenAddr, nil)
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user