Commit Graph

6 Commits

Author SHA1 Message Date
Gernot Schulz
9a2d3a3760
Docker: Add SAML configuration
To configure SAML, ENABLE_SAML must be set to True in .env.
Additionally, the following files must be provided in ./secrets/saml/:

  - sp.crt
  - sp.key
  - saml_settings.json

The files will be added as Docker secrets.

Even though saml_settings.json does not contain secret information
per se it is nonetheless added as a secret for simplicity.  Technically,
the file is equally suited to be configured as a "Docker config".

Please note:

  - This patch has not been tested yet.
  - python3-saml's version should probably be pinned.
2020-08-21 08:11:16 +02:00
Gernot Schulz
2b7e4d3d19
Docker: Add backend variables to .env and templates
This setup chooses to avoid the env_file option available for Docker
Compose files.  Docker has a peculiar way of parsing variables which
makes it, for example, include quotes verbatim.

This is both confusing and incompatible with shells parsing the same
file which is a requirement.  For this reason, the configuration does
not import the complete environment using env_file but assigns variables
explicitly on a need-to-know basis in the YAML file, much like Docker
secrets.

Since the configuration is generated automatically, the burden on users
is the same as with env_file: they only need to edit .env for
customizations.
2020-08-21 08:11:15 +02:00
Gernot Schulz
418480bff5
build.sh: Make build script more useful
build.sh replaces docker-compose as an image build tool.  Instead, all
OpenSlides services can be built using this script which offers various
important options such as tagging and configurable defaults.

The now-redundant build instructions have been removed from the YAML
templates.

The almost identical server and client build scripts have been made
fully identical.
2020-08-21 08:11:15 +02:00
Gernot Schulz
9c9f268fbf
Docker: Shorten server-db-setup service name 2020-08-21 08:11:15 +02:00
Gernot Schulz
4f194a8794
Docker: Add a Docker secret for the Django key
We have decided against including an insecure default key with a mere
warning.  Therefore, unlike the admin and user secrets, the availability
of this secret is a hard requirement.  The instance will not be able to
start before a secret has been generated manually or by a management
tool.
2020-08-21 08:11:14 +02:00
Gernot Schulz
d48794ae8a
Docker: Add YAML templates
These templates were copied from
https://github.com/OpenSlides/openslides-docker-compose and adapted for
the new server-db-setup service.
2020-08-21 08:11:14 +02:00