Compare commits
1 Commits
main
...
replicaset
| Author | SHA1 | Date |
|---|---|---|
 Philipp Rothmann
|
12b2248b74 |
41
.drone.yml
41
.drone.yml
|
|
@ -1,41 +0,0 @@
|
|||
---
|
||||
kind: pipeline
|
||||
name: deploy to swarm-test.autonomic.zone
|
||||
steps:
|
||||
- name: deployment
|
||||
image: git.coopcloud.tech/coop-cloud/stack-ssh-deploy:latest
|
||||
settings:
|
||||
host: swarm-test.autonomic.zone
|
||||
stack: wekan
|
||||
generate_secrets: true
|
||||
purge: true
|
||||
deploy_key:
|
||||
from_secret: drone_ssh_swarm_test
|
||||
networks:
|
||||
- proxy
|
||||
environment:
|
||||
DOMAIN: wekan.swarm-test.autonomic.zone
|
||||
STACK_NAME: wekan
|
||||
LETS_ENCRYPT_ENV: production
|
||||
SECRET_OAUTH2_SECRET_VERSION: v1
|
||||
ENTRYPOINT_VERSION: v1
|
||||
SECRET_OAUTH2_SECRET_VERSION: v1
|
||||
trigger:
|
||||
branch:
|
||||
- main
|
||||
---
|
||||
kind: pipeline
|
||||
name: generate recipe catalogue
|
||||
steps:
|
||||
- name: release a new version
|
||||
image: plugins/downstream
|
||||
settings:
|
||||
server: https://build.coopcloud.tech
|
||||
token:
|
||||
from_secret: drone_abra-bot_token
|
||||
fork: true
|
||||
repositories:
|
||||
- coop-cloud/auto-recipes-catalogue-json
|
||||
|
||||
trigger:
|
||||
event: tag
|
||||
12
.env.sample
12
.env.sample
|
|
@ -1,16 +1,11 @@
|
|||
TYPE=wekan
|
||||
TIMEOUT=300
|
||||
ENABLE_AUTO_UPDATE=true
|
||||
LETS_ENCRYPT_ENV=production
|
||||
SECRET_OAUTH2_SECRET_VERSION=v1
|
||||
|
||||
COMPOSE_FILE="compose.yml"
|
||||
|
||||
# Set this to run mongodb in replicaset mode (needs initialisation!)
|
||||
# COMPOSE_FILE="${COMPOSE_FILE}:compose.rs.yml"
|
||||
|
||||
DOMAIN=wekan.example.com
|
||||
ROOT_URL=https://wekan.example.com
|
||||
DOMAIN=board.example.org
|
||||
ROOT_URL=https://board.example.org
|
||||
|
||||
DEBUG=false
|
||||
|
||||
|
|
@ -31,7 +26,7 @@ RICHER_CARD_COMMENT_EDITOR=false
|
|||
OAUTH2_ENABLED=false
|
||||
# OAUTH2_LOGIN_STYLE=redirect
|
||||
# OAUTH2_CLIENT_ID=wekan
|
||||
# OAUTH2_SERVER_URL=https://authentik.example.com
|
||||
# OAUTH2_SERVER_URL=https://sso.${DOMAIN}
|
||||
# OAUTH2_AUTH_ENDPOINT=/application/o/authorize/
|
||||
# OAUTH2_USERINFO_ENDPOINT=/application/o/userinfo/
|
||||
# OAUTH2_TOKEN_ENDPOINT=/application/o/token/
|
||||
|
|
@ -41,7 +36,6 @@ OAUTH2_ENABLED=false
|
|||
# OAUTH2_FULLNAME_MAP=given_name
|
||||
# OAUTH2_EMAIL_MAP=email
|
||||
# PROPAGATE_OIDC_DATA=true
|
||||
# OIDC_REDIRECTION_ENABLED=true
|
||||
|
||||
|
||||
### LDAP ###
|
||||
|
|
|
|||
17
README.md
17
README.md
|
|
@ -35,19 +35,4 @@ needed to enable oplog setting in wekan, which isneeded to run bigger instances?
|
|||
|
||||
after mongo conaintainer came up the first time run:
|
||||
|
||||
```
|
||||
abra app run wekan.example.org db mongo
|
||||
> rs.initiate()
|
||||
```
|
||||
|
||||
## Promote user to admin
|
||||
|
||||
If using SSO, it might happen that there is no admin user. If so, you can fix it manually in the database:
|
||||
|
||||
```
|
||||
$ abra app run <app-name> db bash
|
||||
# mongo
|
||||
> use wekan
|
||||
> db.users.find({'username': '<your username>'})
|
||||
> db.users.updateOne({'_id': '<_id from result above>'}, {$set: {'isAdmin': true}})
|
||||
```
|
||||
abra app command wekan.example.org db init_db
|
||||
|
|
|
|||
2
abra.sh
2
abra.sh
|
|
@ -1 +1,3 @@
|
|||
export SECRET_OAUTH2_SECRET_VERSION=v1
|
||||
export ENTRYPOINT_VERSION=v2
|
||||
export INIT_REPLICA_VERSION=v2
|
||||
|
|
|
|||
|
|
@ -1,20 +0,0 @@
|
|||
authentik:
|
||||
env:
|
||||
OAUTH2_ENABLED: "true"
|
||||
OAUTH2_SERVER_URL: https://authentik.example.com
|
||||
# TODO: set CLIENT_ID as secret
|
||||
OAUTH2_CLIENT_ID: wekan
|
||||
uncomment:
|
||||
- OAUTH2_LOGIN_STYLE
|
||||
- OAUTH2_AUTH_ENDPOINT
|
||||
- OAUTH2_USERINFO_ENDPOINT
|
||||
- OAUTH2_TOKEN_ENDPOINT
|
||||
- OAUTH2_REQUEST_PERMISSIONS
|
||||
- OAUTH2_ID_MAP
|
||||
- OAUTH2_USERNAME_MAP
|
||||
- OAUTH2_FULLNAME_MAP
|
||||
- OAUTH2_EMAIL_MAP
|
||||
- PROPAGATE_OIDC_DATA
|
||||
- OIDC_REDIRECTION_ENABLED
|
||||
shared_secrets:
|
||||
wekan_secret: oauth2_secret
|
||||
|
|
@ -1,10 +0,0 @@
|
|||
version: "3.8"
|
||||
|
||||
services:
|
||||
db:
|
||||
command: mongod --oplogSize 128 --replSet rs0
|
||||
|
||||
app:
|
||||
environment:
|
||||
- MONGO_URL=mongodb://db:27017/wekan?replicaSet=rs01
|
||||
- MONGO_OPLOG_URL=mongodb://db:27017/local?replicaSet=rsWekan=value
|
||||
35
compose.yml
35
compose.yml
|
|
@ -1,12 +1,16 @@
|
|||
version: '3.8'
|
||||
services:
|
||||
db:
|
||||
image: mongo:5.0
|
||||
command: mongod --oplogSize 128 --quiet
|
||||
image: mongo:4.4
|
||||
command: mongod --bind_ip_all --oplogSize 128 --replSet rs0
|
||||
volumes:
|
||||
- wekan-db:/data/db
|
||||
networks:
|
||||
- internal
|
||||
configs:
|
||||
- source: init-replica
|
||||
target: /docker-entrypoint-initdb.d/init-replica.sh
|
||||
mode: 0555
|
||||
healthcheck:
|
||||
test: echo 'db.runCommand("ping").ok' | mongo localhost:27017/test --quiet
|
||||
interval: 30s
|
||||
|
|
@ -16,14 +20,15 @@ services:
|
|||
deploy:
|
||||
labels:
|
||||
backupbot.backup: "true"
|
||||
backupbot.backup.pre-hook: "mongodump --archive=/data/db/wekan.db"
|
||||
backupbot.backup.post-hook: "rm -rf /data/db/wekan.db"
|
||||
backupbot.backup.path: "/data/db/wekan.db"
|
||||
backupbot.backup.pre-hook: "mkdir /tmp/backup/ && mongodump --archive=/tmp/backup/wekan.db"
|
||||
backupbot.backup.post-hook: "rm -rf /tmp/backup"
|
||||
backupbot.backup.path: "/tmp/backup/"
|
||||
|
||||
app:
|
||||
image: quay.io/wekan/wekan:v7.30
|
||||
image: quay.io/wekan/wekan:v6.28
|
||||
environment:
|
||||
- MONGO_URL=mongodb://db:27017/wekan
|
||||
- MONGO_URL=mongodb://db:27017/wekan?replicaSet=rs0
|
||||
- MONGO_OPLOG_URL=mongodb://db:27017/local?replicaSet=rs0
|
||||
- DOMAIN
|
||||
- ROOT_URL
|
||||
- DEBUG
|
||||
|
|
@ -32,7 +37,7 @@ services:
|
|||
- WITH_API
|
||||
- RICHER_CARD_COMMENT_EDITOR
|
||||
- CORS
|
||||
- CORS_ALLOW_HEADERS
|
||||
- CORS_ALLOW_HEADERS
|
||||
- CORS_EXPOSE_HEADERS
|
||||
- PASSWORD_LOGIN_ENABLED
|
||||
- OAUTH2_ENABLED
|
||||
|
|
@ -50,10 +55,9 @@ services:
|
|||
- OAUTH2_EMAIL_MAP
|
||||
- DEFAULT_AUTHENTICATION_METHOD
|
||||
- PROPAGATE_OIDC_DATA
|
||||
- OIDC_REDIRECTION_ENABLED
|
||||
networks:
|
||||
- internal
|
||||
- proxy
|
||||
- internal
|
||||
- proxy
|
||||
depends_on:
|
||||
- db
|
||||
healthcheck:
|
||||
|
|
@ -83,12 +87,11 @@ services:
|
|||
- "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`)"
|
||||
- "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
|
||||
- "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
|
||||
- "coop-cloud.${STACK_NAME}.version=2.1.0+v7.30"
|
||||
- "coop-cloud.${STACK_NAME}.timeout=${TIMEOUT:-120}"
|
||||
- "coop-cloud.${STACK_NAME}.version=0.6.0+v6.28"
|
||||
|
||||
volumes:
|
||||
wekan-db:
|
||||
|
||||
|
||||
networks:
|
||||
proxy:
|
||||
external: true
|
||||
|
|
@ -101,7 +104,9 @@ configs:
|
|||
entrypoint:
|
||||
name: ${STACK_NAME}_entrypoint_${ENTRYPOINT_VERSION}
|
||||
file: entrypoint.sh.tmpl
|
||||
template_driver: golang
|
||||
init-replica:
|
||||
name: ${STACK_NAME}_init-replica_${INIT_REPLICA_VERSION}
|
||||
file: init-replica.sh
|
||||
|
||||
secrets:
|
||||
oauth2_secret:
|
||||
|
|
|
|||
|
|
@ -0,0 +1,21 @@
|
|||
#!/bin/sh
|
||||
set -e
|
||||
|
||||
#host=${HOSTNAME:-$(hostname -f)}
|
||||
# shut down again
|
||||
#mongod --pidfilepath /tmp/docker-entrypoint-temp-mongod.pid --shutdown
|
||||
|
||||
# # restart again binding to 0.0.0.0 to allow a replset with 10.7.7.6
|
||||
# mongod --oplogSize 8 --replSet rs0 --noauth \
|
||||
# --config /tmp/docker-entrypoint-temp-config.json \
|
||||
# --bind_ip 0.0.0.0 --port 27017 \
|
||||
# --tlsMode disabled \
|
||||
# --logpath /proc/1/fd/1 --logappend \
|
||||
# --pidfilepath /tmp/docker-entrypoint-temp-mongod.pid --fork
|
||||
|
||||
# init replset with defaults
|
||||
mongo 0.0.0.0 --eval "rs.initiate()"
|
||||
|
||||
echo "Waiting to become a master"
|
||||
echo 'while (!db.isMaster().ismaster) { sleep(100); }' | mongo
|
||||
echo "I'm the master!"
|
||||
Loading…
Reference in New Issue