Merge branch 'master' into dist/risotto/risotto-2.8.0/master

This commit is contained in:
Emmanuel Garette 2020-10-19 15:35:58 +02:00
commit b326844a43
6 changed files with 154 additions and 0 deletions

27
dicos/50_lemur.xml Normal file
View File

@ -0,0 +1,27 @@
<?xml version="1.0" encoding="utf-8"?>
<creole>
<files>
<!--service>lemur</service-->
<file name='/etc/lemur/lemur.conf.py' mkdir='True'/>
<file name='/etc/eole/eole-db.d/lemur.yml'/>
<file name='/etc/nginx/web.d/lemur.conf' source='nginx-lemur.conf'/>
</files>
<variables>
<family name='lemur'>
<variable name='lemur_secret' type='password' description="Secret pour Lemur" auto_save="True"/>
<variable name='lemur_token_secret' type='password' description="Token secret pour Lemur" auto_save="True"/>
<variable name='lemur_encrypt_keys' type='password' description="Encrypt keys pour Lemur" auto_save="True"/>
<variable name='lemur_db_name' type='string' description="Nom de la base de donnée de Lemur" mode="expert">
<value>lemur</value>
</variable>
<variable name='lemur_db_user' type='string' description="Nom de l'utilisateur de la base de donnée de Lemur" mode="expert">
<value>lemur</value>
</variable>
</family>
</variables>
<constraints>
<fill name='gen_random_base64' target='lemur_secret'/>
<fill name='gen_random_base64' target='lemur_token_secret'/>
<fill name='gen_random_base64' target='lemur_encrypt_keys'/>
</constraints>
</creole>

6
funcs/lemur.py Normal file
View File

@ -0,0 +1,6 @@
from secrets import token_bytes as _token_bytes
from base64 import urlsafe_b64encode as _urlsafe_b64encode
def gen_random_base64():
return _urlsafe_b64encode(_token_bytes(32)).decode()

0
posttemplate/00-lemur Normal file → Executable file
View File

90
tmpl/lemur.conf.py Normal file
View File

@ -0,0 +1,90 @@
# This is just Python which means you can inherit and tweak settings
import os
_basedir = os.path.abspath(os.path.dirname(__file__))
THREADS_PER_PAGE = 8
# General
# These will need to be set to `True` if you are developing locally
CORS = False
debug = False
# this is the secret key used by flask session management
SECRET_KEY = '%%lemur_secret'
# You should consider storing these separately from your config
LEMUR_TOKEN_SECRET = '%%lemur_token_secret'
LEMUR_ENCRYPTION_KEYS = '%%lemur_encrypt_keys'
# List of domain regular expressions that non-admin users can issue
LEMUR_ALLOWED_DOMAINS = []
# Mail Server
LEMUR_EMAIL = ''
LEMUR_SECURITY_TEAM_EMAIL = []
# Certificate Defaults
LEMUR_DEFAULT_COUNTRY = ''
LEMUR_DEFAULT_STATE = ''
LEMUR_DEFAULT_LOCATION = ''
LEMUR_DEFAULT_ORGANIZATION = ''
LEMUR_DEFAULT_ORGANIZATIONAL_UNIT = ''
# Authentication Providers
ACTIVE_PROVIDERS = []
# Metrics Providers
METRIC_PROVIDERS = []
# Logging
LOG_LEVEL = "DEBUG"
LOG_FILE = "lemur.log"
# Database
# modify this if you are not using a local database
SQLALCHEMY_DATABASE_PASSWORD = 'replaceme'
SQLALCHEMY_DATABASE_URI = f'postgresql://%%lemur_db_user:{SQLALCHEMY_DATABASE_PASSWORD}@localhost:5432/%%lemur_db_name'
# AWS
#LEMUR_INSTANCE_PROFILE = 'Lemur'
# Issuers
# These will be dependent on which 3rd party that Lemur is
# configured to use.
# VERISIGN_URL = ''
# VERISIGN_PEM_PATH = ''
# VERISIGN_FIRST_NAME = ''
# VERISIGN_LAST_NAME = ''
# VERSIGN_EMAIL = ''
#FIXME
DIGICERT_CIS_API_KEY = ""
DIGICERT_CIS_URL = ""
DIGICERT_CIS_ROOTS = ''
DIGICERT_API_KEY = ''
DIGICERT_CIS_PROFILE_NAMES = ''
DIGICERT_URL = ''
DIGICERT_ORG_ID = ''
DIGICERT_ORDER_TYPE = ''
DIGICERT_ROOT = ''
ENTRUST_API_CERT = ''
ENTRUST_API_KEY = ''
ENTRUST_API_USER = ''
ENTRUST_API_PASS = ''
ENTRUST_URL = ''
ENTRUST_ROOT = ''
ENTRUST_NAME = ''
ENTRUST_EMAIL = ''
ENTRUST_PHONE = ''

16
tmpl/lemur.yml Normal file
View File

@ -0,0 +1,16 @@
%set %%dbname = %%lemur_db_name
---
dbuser: %%lemur_db_user
dbuser_options:
- LOGIN
privileges:
%%{dbname}.public.*: 'ALL'
%%{dbname}.public: 'ALL'
%%{dbname}: 'ALL'
dbhost: %%risotto_db_address
dbport: 5432
dbtype: postgres
dbname: %%dbname
template: 'template0'
pwd_files:
- {'file': '/etc/lemur/lemur.conf.py', 'pattern': 'SQLALCHEMY_DATABASE_PASSWORD = "'}

15
tmpl/nginx-lemur.conf Normal file
View File

@ -0,0 +1,15 @@
location /lemur/api {
proxy_pass http://127.0.0.1:8002/api;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
proxy_redirect off;
proxy_buffering off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /lemur/ {
alias /usr/share/lemur/static/;
include mime.types;
index index.html;
}