Compare commits
8 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| fe5f0f3f7f | |||
| 916ab286a5 | |||
| ca34a493ba | |||
| 2d10d73582 | |||
| b8ea370933 | |||
| 726e3ab5c3 | |||
| 54d8ac8954 | |||
| 8629fd77e9 |
@ -87,8 +87,5 @@ This is how to configure your Mattermost server to accept logins from your Authe
|
||||
- `abra app deploy YOURAPPNAME`
|
||||
|
||||
|
||||
# Technical Notes
|
||||
This recipe inserts a statically-compiled busybox binary from `busybox:1.25-uclibc` into the distroless container, to allow running the custom entrypoint shell script which configures Mattermost.
|
||||
|
||||
[`abra`]: https://git.coopcloud.tech/coop-cloud/abra
|
||||
[`coop-cloud/traefik`]: https://git.coopcloud.tech/coop-cloud/traefik
|
||||
|
||||
5
abra.sh
5
abra.sh
@ -1,6 +1,7 @@
|
||||
export ENTRYPOINT_VERSION=v3
|
||||
export ENTRYPOINT_VERSION=v1
|
||||
export MATTERMOST_CONFIG_VERSION=v1
|
||||
export SHELL_VERSION=v1
|
||||
export BACKUP_MATTERMOST_VERSION=v1
|
||||
export BACKUP_POSTGRES_VERSION=v1
|
||||
|
||||
reset_config() {
|
||||
cp /config-to-copy.json /mattermost/config/config.json && touch /mattermost/config/CoopCloudManaged
|
||||
|
||||
21
backup-mattermost.sh
Normal file
21
backup-mattermost.sh
Normal file
@ -0,0 +1,21 @@
|
||||
if [ "$1" == "pre-backup" ]; then
|
||||
exit
|
||||
fi
|
||||
|
||||
if [ "$1" == "pre-backup" ]; then
|
||||
exit
|
||||
fi
|
||||
|
||||
if [ "$1" == "pre-restore" ]; then
|
||||
# kill the running plugins that need to be overwritten
|
||||
pkill -f '.*plugins'
|
||||
sleep 40
|
||||
pkill -f '.*plugins'
|
||||
sleep 40
|
||||
pkill -f '.*plugins'
|
||||
fi
|
||||
|
||||
if [ "$1" == "post-restore" ]; then
|
||||
# kill mattermost so that the container restarts
|
||||
pkill -f mattermost
|
||||
fi
|
||||
19
backup-postgres.sh
Normal file
19
backup-postgres.sh
Normal file
@ -0,0 +1,19 @@
|
||||
if [ "$1" == "pre-backup" ]; then
|
||||
# Remove any existing db dump and then create a new one
|
||||
rm -rf /var/lib/postgresql/data/postgres-backup
|
||||
PGPASSWORD=$(cat ${POSTGRES_PASSWORD_FILE}) pg_dump -U ${POSTGRES_USER} ${POSTGRES_DB} --format=directory -f /var/lib/postgresql/data/postgres-backup
|
||||
exit
|
||||
fi
|
||||
|
||||
if [ "$1" == "post-backup" ]; then
|
||||
rm -rf /var/lib/postgresql/data/postgres-backup
|
||||
exit
|
||||
fi
|
||||
|
||||
if [ "$1" == "pre-restore" ]; then
|
||||
exit
|
||||
fi
|
||||
|
||||
if [ "$1" == "post-restore" ]; then
|
||||
pg_restore -U $POSTGRES_USER -d $POSTGRES_DB -c /var/lib/postgresql/data/postgres-backup
|
||||
fi
|
||||
BIN
bin/busybox
BIN
bin/busybox
Binary file not shown.
@ -2,4 +2,4 @@ version: "3.8"
|
||||
|
||||
services:
|
||||
app:
|
||||
image: mattermost/mattermost-enterprise-edition:10.11
|
||||
image: mattermost/mattermost-enterprise-edition:10.5.0
|
||||
38
compose.yml
38
compose.yml
@ -2,7 +2,7 @@ version: "3.8"
|
||||
|
||||
services:
|
||||
app:
|
||||
image: mattermost/mattermost-team-edition:10.11
|
||||
image: mattermost/mattermost-team-edition:10.5.0
|
||||
environment:
|
||||
- TZ
|
||||
- MM_SQLSETTINGS_DRIVERNAME=postgres
|
||||
@ -28,17 +28,22 @@ services:
|
||||
- "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect"
|
||||
- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true"
|
||||
- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"
|
||||
- "coop-cloud.${STACK_NAME}.version=2.2.0+10.11"
|
||||
- "coop-cloud.${STACK_NAME}.version=2.1.0+10.5.0"
|
||||
- "coop-cloud.${STACK_NAME}.timeout=${TIMEOUT:-120}"
|
||||
- "backupbot.backup=true"
|
||||
- "backupbot.backup.path=/mattermost,/etc/ssl"
|
||||
- "backupbot.restore.pre-hook=/backup.sh pre-restore"
|
||||
- "backupbot.restore.post-hook=/backup.sh post-restore"
|
||||
configs:
|
||||
- source: busybox
|
||||
target: /bin/busybox
|
||||
mode: 0555
|
||||
- source: abra_mattermost_entrypoint
|
||||
target: /abra-mattermost-entrypoint.sh
|
||||
mode: 0555
|
||||
- source: backup-mattermost
|
||||
target: /backup.sh
|
||||
mode: 0777
|
||||
- source: mattermost-config
|
||||
target: /config-to-copy.json
|
||||
mode: 0555
|
||||
secrets:
|
||||
- postgres_password
|
||||
entrypoint: /abra-mattermost-entrypoint.sh
|
||||
@ -52,6 +57,10 @@ services:
|
||||
- POSTGRES_USER=mattermost
|
||||
- POSTGRES_PASSWORD_FILE=/run/secrets/postgres_password
|
||||
- POSTGRES_DB=mattermost
|
||||
configs:
|
||||
- source: backup-postgres
|
||||
target: /backup.sh
|
||||
mode: 0777
|
||||
secrets:
|
||||
- postgres_password
|
||||
networks:
|
||||
@ -59,9 +68,10 @@ services:
|
||||
deploy:
|
||||
labels:
|
||||
backupbot.backup: "true"
|
||||
backupbot.backup.pre-hook: "PGPASSWORD=$$(cat $${POSTGRES_PASSWORD_FILE}) pg_dump -U $${POSTGRES_USER} $${POSTGRES_DB} > /var/lib/postgresql/data/postgres-backup.sql"
|
||||
backupbot.backup.post-hook: "rm -rf /var/lib/postgresql/data/postgres-backup.sql"
|
||||
backupbot.backup.path: "/var/lib/postgresql/data/"
|
||||
backupbot.backup.pre-hook: "/backup.sh pre-backup"
|
||||
backupbot.backup.post-hook: "/backup.sh post-backup"
|
||||
backupbot.restore.post-hook: "/backup.sh post-restore"
|
||||
|
||||
secrets:
|
||||
postgres_password:
|
||||
@ -72,10 +82,16 @@ configs:
|
||||
abra_mattermost_entrypoint:
|
||||
name: ${STACK_NAME}_entrypoint_${ENTRYPOINT_VERSION}
|
||||
file: ./entrypoint.sh
|
||||
busybox:
|
||||
name: ${STACK_NAME}_busybox_${SHELL_VERSION}
|
||||
file: ./bin/busybox
|
||||
|
||||
backup-mattermost:
|
||||
name: ${STACK_NAME}_backup-mattermost_${BACKUP_MATTERMOST_VERSION}
|
||||
file: ./backup-mattermost.sh
|
||||
backup-postgres:
|
||||
name: ${STACK_NAME}_backup-postgres_${BACKUP_POSTGRES_VERSION}
|
||||
file: ./backup-postgres.sh
|
||||
mattermost-config:
|
||||
name: ${STACK_NAME}_mattermost_config_${MATTERMOST_CONFIG_VERSION}
|
||||
file: ./config.json.tmpl
|
||||
template_driver: golang
|
||||
|
||||
networks:
|
||||
proxy:
|
||||
|
||||
@ -1,13 +1,4 @@
|
||||
#!/bin/busybox sh
|
||||
/bin/busybox mkdir /tmp/bin
|
||||
export PATH=$PATH:/tmp/bin
|
||||
/bin/busybox ln -s /bin/busybox /tmp/bin/ln
|
||||
ln -s /bin/busybox /tmp/bin/cat
|
||||
ln -s /bin/busybox /tmp/bin/echo
|
||||
ln -s /bin/busybox /tmp/bin/cp
|
||||
ln -s /bin/busybox /tmp/bin/touch
|
||||
ln -s /bin/busybox /tmp/bin/rm
|
||||
|
||||
#!/bin/sh
|
||||
set -e
|
||||
if test -f "/run/secrets/postgres_password"; then
|
||||
pwd=`cat /run/secrets/postgres_password`
|
||||
@ -30,7 +21,5 @@ if ! test -f "/mattermost/config/CoopCloudManaged"; then
|
||||
cp /config-to-copy.json /mattermost/config/config.json && touch /mattermost/config/CoopCloudManaged
|
||||
fi
|
||||
|
||||
rm -rf /tmp/bin
|
||||
|
||||
# https://github.com/mattermost/mattermost/blob/master/server/build/Dockerfile
|
||||
/mattermost/bin/mattermost
|
||||
# https://github.com/mattermost/mattermost-server/blob/master/build/Dockerfile
|
||||
/entrypoint.sh "mattermost"
|
||||
@ -1,12 +0,0 @@
|
||||
{
|
||||
"Enable": true,
|
||||
"Secret": "${MATTERMOST_SSO_SECRET}",
|
||||
"Id": "${SSO_ID}",
|
||||
"Scope": "",
|
||||
"AuthEndpoint": "https://${SSO_DOMAIN}/application/o/authorize/",
|
||||
"TokenEndpoint": "https://${SSO_DOMAIN}/application/o/token/",
|
||||
"UserAPIEndpoint": "https://${SSO_DOMAIN}/application/o/userinfo/",
|
||||
"DiscoveryEndpoint": "https://${SSO_DOMAIN}/application/o/${SSO_APP}/.well-known/openid-configuration",
|
||||
"ButtonText": "${ORG_NAME}",
|
||||
"ButtonColor": "#ff0000"
|
||||
}
|
||||
Reference in New Issue
Block a user