Page Menu
Home
DevCentral
Search
Configure Global Search
Log In
Files
F3779898
D3123.id7996.diff
No One
Temporary
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Award Token
Flag For Later
Size
33 KB
Referenced Files
None
Subscribers
None
D3123.id7996.diff
View Options
diff --git a/PORTS b/PORTS
--- a/PORTS
+++ b/PORTS
@@ -17,6 +17,7 @@
paas-docker
5000 Docker registry HTTP
9090 Openfire HTTP
+ 16080 Orbeon HTTP
17080 Penpot - back-end
17300 Penpot - exporter
19080 Nasqueron API - Datasources
diff --git a/_modules/tomcat.py b/_modules/tomcat.py
new file mode 100644
--- /dev/null
+++ b/_modules/tomcat.py
@@ -0,0 +1,16 @@
+# -------------------------------------------------------------
+# Salt — Tomcat execution module
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# License: BSD-2-Clause
+# -------------------------------------------------------------
+
+# -------------------------------------------------------------
+# Tomcat users and roles
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+
+def extract_roles_from_users(users):
+ return set(
+ role for _, args in users.items() if "roles" in args for role in args["roles"]
+ )
diff --git a/pillar/credentials/vault.sls b/pillar/credentials/vault.sls
--- a/pillar/credentials/vault.sls
+++ b/pillar/credentials/vault.sls
@@ -196,6 +196,10 @@
- ops/secrets/nasqueron/airflow/sentry
- ops/secrets/dbserver/cluster-A/users/airflow
+ - ops/secrets/nasqueron/orbeon/oxf.crypto.password
+ - ops/secrets/nasqueron/orbeon/users/dereckson
+ - ops/secrets/dbserver/cluster-A/users/orbeon
+
- ops/secrets/nasqueron/rabbitmq/orange-rabbit/erlang-cookie
- ops/secrets/nasqueron/rabbitmq/orange-rabbit/root
diff --git a/pillar/paas/docker/dwellers/orbeon.sls b/pillar/paas/docker/dwellers/orbeon.sls
new file mode 100644
--- /dev/null
+++ b/pillar/paas/docker/dwellers/orbeon.sls
@@ -0,0 +1,41 @@
+# -------------------------------------------------------------
+# Salt — Provision Docker engine
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# License: Trivial work, not eligible to copyright
+# Service: Orbeon
+# -------------------------------------------------------------
+
+docker_networks:
+ orbeon:
+ subnet: 172.18.5.0/24
+
+docker_images:
+ - nasqueron/orbeon
+ - tianon/exim4
+
+docker_containers:
+ exim:
+ orbeon_smtp:
+ mailname: forms.nasqueron.org
+ network: orbeon
+
+ orbeon:
+ nasqueron_forms:
+ host: forms.nasqueron.org
+ app_port: 16080
+ network: orbeon
+ db:
+ service: db-A
+ database: forms
+ credential: dbserver/cluster-A/users/orbeon
+ secret_key: nasqueron/orbeon/oxf.crypto.password
+ tomcat:
+ users:
+ dereckson: nasqueron/orbeon/users/dereckson
+ smtp: orbeon_smtp
+
+ # Published forms are categorized by apps.
+ # List of forapps so nginx can proxy /<app>/
+ apps:
+ - nasqueron-join
diff --git a/roles/paas-docker/containers/files/_tomcat/tomcat-users.xml b/roles/paas-docker/containers/files/_tomcat/tomcat-users.xml
new file mode 100644
--- /dev/null
+++ b/roles/paas-docker/containers/files/_tomcat/tomcat-users.xml
@@ -0,0 +1,40 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+ Tomcat :: Users configuration
+ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+ Project: Nasqueron
+ License: Trivial enough, not eligible to copyright
+ Source file: roles/paas-docker/containers/files/_tomcat/tomcat-users.xml
+ _____________________________________________________________
+
+ <auto-generated>
+ This file is managed by our rOPS SaltStack repository.
+
+ Changes to this file may cause incorrect behavior
+ and will be lost if the state is redeployed.
+ </auto-generated>
+-->
+<tomcat-users xmlns="http://tomcat.apache.org/xml"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://tomcat.apache.org/xml tomcat-users.xsd"
+ version="1.0">
+
+ {% if roles is defined %}
+ {% for role, role_args in roles.items() %}
+ <role rolename="{{ role }}" description="{{ role_args.description }}" />
+ {% endfor %}
+ {% else %}
+ {% for role in salt["tomcat.extract_roles_from_users"](users) %}
+ <role rolename="{{ role }}" />
+ {% endfor %}
+ {% endif %}
+
+ {% for username, user_args in users.items() %}
+ <user
+ username="{{ username }}"
+ password="{{ user_args.password }}"
+ roles="{{ user_args.roles | join(' ') }}"
+ />
+ {% endfor %}
+</tomcat-users>
diff --git a/roles/paas-docker/containers/files/orbeon/nasqueron_forms/form-builder-permissions.xml b/roles/paas-docker/containers/files/orbeon/nasqueron_forms/form-builder-permissions.xml
new file mode 100644
--- /dev/null
+++ b/roles/paas-docker/containers/files/orbeon/nasqueron_forms/form-builder-permissions.xml
@@ -0,0 +1,21 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+ Orbeon :: Configuration
+ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+ Project: Nasqueron
+ License: Trivial work, not eligible to copyright
+ Source file: roles/paas-docker/containers/files/orbeon/nasqueron_forms/form-builder-permissions.xml
+ _____________________________________________________________
+
+ <auto-generated>
+ This file is managed by our rOPS SaltStack repository.
+
+ Changes to this file may cause incorrect behavior
+ and will be lost if the state is redeployed.
+ </auto-generated>
+-->
+
+<roles>
+ <role name="orbeon-admin" app="*" form="*"/>
+</roles>
diff --git a/roles/paas-docker/containers/files/orbeon/nasqueron_forms/properties-local.xml b/roles/paas-docker/containers/files/orbeon/nasqueron_forms/properties-local.xml
new file mode 100644
--- /dev/null
+++ b/roles/paas-docker/containers/files/orbeon/nasqueron_forms/properties-local.xml
@@ -0,0 +1,105 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+ Orbeon :: Configuration
+ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+ Project: Nasqueron
+ License: Trivial work, not eligible to copyright
+ Source file: roles/paas-docker/containers/files/orbeon/nasqueron_forms/properties-local.xml
+ _____________________________________________________________
+
+ <auto-generated>
+ This file is managed by our rOPS SaltStack repository.
+
+ Changes to this file may cause incorrect behavior
+ and will be lost if the state is redeployed.
+ </auto-generated>
+-->
+
+<properties xmlns:xs="http://www.w3.org/2001/XMLSchema"
+ xmlns:oxf="http://www.orbeon.com/oxf/processors"
+ xmlns:fr="http://orbeon.org/oxf/xml/form-runner">
+
+ <!-- URL -->
+
+ <property as="xs:anyURI" name="oxf.url-rewriting.service.base-uri"
+ value="http://localhost:8080/orbeon"/>
+
+
+ <!-- Crypto -->
+
+ <property as="xs:string" name="oxf.crypto.password">
+ <![CDATA[{{ secret_key }}]]>
+ </property>
+
+ <property as="xs:integer" name="oxf.crypto.key-length"
+ value="256"/>
+
+ <property as="xs:string" name="oxf.crypto.hash-algorithm"
+ value="SHA-256"/>
+
+
+ <!-- Authentication -->
+
+ <property as="xs:string" name="oxf.fr.authentication.method"
+ value="container"/>
+
+ <property as="xs:string" name="oxf.fr.authentication.container.roles"
+ value="orbeon-admin"/>
+
+ <property as="xs:boolean" name="oxf.fr.authentication.user-menu.enable"
+ value="true"/>
+
+
+ <!-- Database configuration -->
+
+ <property as="xs:string" name="oxf.fr.persistence.provider.*.*.*"
+ value="postgresql"/>
+
+ <property as="xs:string" name="oxf.fr.persistence.postgresql.datasource"
+ value="postgresql" />
+
+ <property as="xs:boolean" name="oxf.fr.persistence.postgresql.create-flat-view"
+ value="true"/>
+
+ <property as="xs:boolean" name="oxf.fr.persistence.exist.active"
+ value="false"/>
+
+
+ <!-- SMTP -->
+
+ <property as="xs:string" name="oxf.fr.email.smtp.host.*.*"
+ value="{{ smtp }}" />
+
+ <property as="xs:string" name="oxf.fr.email.from.*.*"
+ value="no-reply@{{ host }}"/>
+
+
+ <!-- Static resources -->
+
+ <property as="xs:string" name="oxf.fr.css.custom.uri.*.*">
+ https://assets.nasqueron.org/css/forms/nasqueron-forms.css
+ </property>
+
+ <property as="xs:anyURI" name="oxf.fr.default-logo.uri.*.*">
+ https://assets.nasqueron.org/logos/logo-white-32px.png
+ </property>
+
+
+ <!-- Form properties :: nasqueron-join :: contact -->
+
+ <property as="xs:string" name="oxf.fr.detail.buttons.nasqueron-join.contact">
+ save-progress send
+ </property>
+
+ <property as="xs:string" name="oxf.fr.detail.process.send.nasqueron-join.contact"
+ value='require-valid
+ then email
+ then navigate("https://join.nasqueron.org/contact-success.html")
+ recover navigate("https://join.nasqueron.org/contact-failure.html")' />
+
+ <property as="xs:string" name="oxf.fr.email.to.nasqueron-join.*"
+ value="dereckson+nasqueron+join@espace-win.org" />
+
+
+</properties>
diff --git a/roles/paas-docker/containers/files/orbeon/nasqueron_forms/web.xml b/roles/paas-docker/containers/files/orbeon/nasqueron_forms/web.xml
new file mode 100644
--- /dev/null
+++ b/roles/paas-docker/containers/files/orbeon/nasqueron_forms/web.xml
@@ -0,0 +1,409 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+ Orbeon :: Configuration
+ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+ Project: Nasqueron
+ License: Trivial work, not eligible to copyright
+ Source file: roles/paas-docker/containers/files/orbeon/nasqueron_forms/properties-local.xml
+ _____________________________________________________________
+
+ <auto-generated>
+ This file is managed by our rOPS SaltStack repository.
+
+ Changes to this file may cause incorrect behavior
+ and will be lost if the state is redeployed.
+ </auto-generated>
+-->
+
+<web-app
+ xmlns="http://xmlns.jcp.org/xml/ns/javaee"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd"
+ version="3.1">
+
+ <display-name>Nasqueron Forms</display-name>
+ <description>
+ Nasqueron Forms is an Orbeon Forms, a XForms web forms solutions
+ to create and fill complex forms.
+ </description>
+ <distributable/>
+ <!--Initialize main resource manager-->
+ <context-param>
+ <param-name>oxf.resources.factory</param-name>
+ <param-value>org.orbeon.oxf.resources.PriorityResourceManagerFactory</param-value>
+ </context-param>
+ <!--Web application resource manager for resources-->
+ <context-param>
+ <param-name>oxf.resources.priority.2</param-name>
+ <param-value>org.orbeon.oxf.resources.WebAppResourceManagerFactory</param-value>
+ </context-param>
+ <context-param>
+ <param-name>oxf.resources.priority.2.oxf.resources.webapp.rootdir</param-name>
+ <param-value>/WEB-INF/resources</param-value>
+ </context-param>
+ <!--Classloader resource manager-->
+ <context-param>
+ <param-name>oxf.resources.priority.6</param-name>
+ <param-value>org.orbeon.oxf.resources.ClassLoaderResourceManagerFactory</param-value>
+ </context-param>
+ <!--Set run mode ("dev" or "prod")-->
+ <context-param>
+ <param-name>oxf.run-mode</param-name>
+ <param-value>prod</param-value>
+ </context-param>
+ <!--Set location of properties.xml-->
+ <context-param>
+ <param-name>oxf.properties</param-name>
+ <param-value>oxf:/config/properties-${oxf.run-mode}.xml</param-value>
+ </context-param>
+ <!--Determine whether logging initialization must take place-->
+ <context-param>
+ <param-name>oxf.initialize-logging</param-name>
+ <param-value>true</param-value>
+ </context-param>
+ <!--Set context listener processors-->
+ <!-- Uncomment this for the context listener processors -->
+ <!--
+ <context-param>
+ <param-name>oxf.context-initialized-processor.name</param-name>
+ <param-value>{http://www.orbeon.com/oxf/processors}pipeline</param-value>
+ </context-param>
+ <context-param>
+ <param-name>oxf.context-initialized-processor.input.config</param-name>
+ <param-value>oxf:/apps/context/context-initialized.xpl</param-value>
+ </context-param>
+ <context-param>
+ <param-name>oxf.context-destroyed-processor.name</param-name>
+ <param-value>{http://www.orbeon.com/oxf/processors}pipeline</param-value>
+ </context-param>
+ <context-param>
+ <param-name>oxf.context-destroyed-processor.input.config</param-name>
+ <param-value>oxf:/apps/context/context-destroyed.xpl</param-value>
+ </context-param>-->
+ <!-- End context listener processors -->
+ <!--Set session listener processors-->
+ <!-- Uncomment this for the session listener processors -->
+ <!--
+ <context-param>
+ <param-name>oxf.session-created-processor.name</param-name>
+ <param-value>{http://www.orbeon.com/oxf/processors}pipeline</param-value>
+ </context-param>
+ <context-param>
+ <param-name>oxf.session-created-processor.input.config</param-name>
+ <param-value>oxf:/apps/context/session-created.xpl</param-value>
+ </context-param>
+ <context-param>
+ <param-name>oxf.session-destroyed-processor.name</param-name>
+ <param-value>{http://www.orbeon.com/oxf/processors}pipeline</param-value>
+ </context-param>
+ <context-param>
+ <param-name>oxf.session-destroyed-processor.input.config</param-name>
+ <param-value>oxf:/apps/context/session-destroyed.xpl</param-value>
+ </context-param>-->
+ <!-- End session listener processors -->
+ <!--Security filter for eXist-->
+ <filter>
+ <filter-name>orbeon-exist-filter</filter-name>
+ <filter-class>org.orbeon.oxf.servlet.TokenSecurityFilter</filter-class>
+ </filter>
+ <filter-mapping>
+ <filter-name>orbeon-exist-filter</filter-name>
+ <url-pattern>/exist/*</url-pattern>
+ <dispatcher>REQUEST</dispatcher>
+ <dispatcher>FORWARD</dispatcher>
+ </filter-mapping>
+ <!--Limit concurrent access to Form Runner-->
+ <filter>
+ <filter-name>orbeon-limiter-filter</filter-name>
+ <filter-class>org.orbeon.oxf.servlet.LimiterFilter</filter-class>
+ <!--Include Form Runner pages and XForms Ajax requests-->
+ <init-param>
+ <param-name>include</param-name>
+ <param-value>(/fr/.*)|(/xforms-server)</param-value>
+ </init-param>
+ <!--Exclude resources not produced by services-->
+ <init-param>
+ <param-name>exclude</param-name>
+ <param-value>(?!/([^/]+)/service/).+\.(gif|css|pdf|json|js|coffee|map|png|jpg|xsd|htc|ico|swf|html|htm|txt)</param-value>
+ </init-param>
+ <!--Minimum, requested, and maximum number of concurrent threads allowed-->
+ <!--The `x` prefix specifies a multiple of the number of CPU cores reported by the JVM-->
+ <init-param>
+ <param-name>min-threads</param-name>
+ <param-value>1</param-value>
+ </init-param>
+ <init-param>
+ <param-name>num-threads</param-name>
+ <param-value>x1</param-value>
+ </init-param>
+ <init-param>
+ <param-name>max-threads</param-name>
+ <param-value>x1</param-value>
+ </init-param>
+ </filter>
+ <filter-mapping>
+ <filter-name>orbeon-limiter-filter</filter-name>
+ <url-pattern>/*</url-pattern>
+ <dispatcher>REQUEST</dispatcher>
+ </filter-mapping>
+ <!--Add internal Orbeon-* headers for auth-->
+ <filter>
+ <filter-name>orbeon-form-runner-auth-servlet-filter</filter-name>
+ <filter-class>org.orbeon.oxf.servlet.FormRunnerAuthFilter</filter-class>
+ <!--
+ <init-param>
+ <param-name>content-security-policy</param-name>
+ <param-value>default-src 'self'; img-src 'self' data:</param-value>
+ </init-param>
+ -->
+ </filter>
+ <filter-mapping>
+ <filter-name>orbeon-form-runner-auth-servlet-filter</filter-name>
+ <url-pattern>/*</url-pattern>
+ <dispatcher>REQUEST</dispatcher>
+ <dispatcher>FORWARD</dispatcher>
+ </filter-mapping>
+ <!--All JSP files under /xforms-jsp go through the XForms filter-->
+ <filter>
+ <filter-name>orbeon-xforms-filter</filter-name>
+ <filter-class>org.orbeon.oxf.servlet.OrbeonXFormsFilter</filter-class>
+ <!-- Uncomment this for the separate WAR deployment -->
+ <!--
+ <init-param>
+ <param-name>oxf.xforms.renderer.context</param-name>
+ <param-value>/orbeon</param-value>
+ </init-param>
+ <init-param>
+ <param-name>oxf.xforms.renderer.default-encoding</param-name>
+ <param-value>UTF-8</param-value>
+ </init-param>-->
+ <!-- End separate WAR deployment -->
+ </filter>
+ <filter-mapping>
+ <filter-name>orbeon-xforms-filter</filter-name>
+ <url-pattern>/xforms-jsp/*</url-pattern>
+ <!--Servlet 2.4 configuration allowing the filter to run upon forward in addition to request-->
+ <dispatcher>REQUEST</dispatcher>
+ <dispatcher>FORWARD</dispatcher>
+ </filter-mapping>
+ <!--Orbeon context listener-->
+ <listener>
+ <listener-class>org.orbeon.oxf.webapp.OrbeonServletContextListener</listener-class>
+ </listener>
+ <!--Context listener for deployment with replication-->
+ <listener>
+ <listener-class>org.orbeon.oxf.xforms.ReplicationServletContextListener</listener-class>
+ </listener>
+ <!--XForms session listener-->
+ <listener>
+ <listener-class>org.orbeon.oxf.xforms.XFormsServletContextListener</listener-class>
+ </listener>
+ <!--General-purpose session listener-->
+ <listener>
+ <listener-class>org.orbeon.oxf.webapp.OrbeonSessionListener</listener-class>
+ </listener>
+ <!--Ehcache shutdown listener-->
+ <listener>
+ <listener-class>net.sf.ehcache.constructs.web.ShutdownListener</listener-class>
+ </listener>
+ <!--This is the main Orbeon Forms servlet-->
+ <servlet>
+ <servlet-name>orbeon-main-servlet</servlet-name>
+ <servlet-class>org.orbeon.oxf.servlet.OrbeonServlet</servlet-class>
+ <!--Set main processor-->
+ <init-param>
+ <param-name>oxf.main-processor.name</param-name>
+ <param-value>{http://www.orbeon.com/oxf/processors}pipeline</param-value>
+ </init-param>
+ <init-param>
+ <param-name>oxf.main-processor.input.config</param-name>
+ <param-value>oxf:/config/prologue-servlet.xpl</param-value>
+ </init-param>
+ <!--Set error processor-->
+ <init-param>
+ <param-name>oxf.error-processor.name</param-name>
+ <param-value>{http://www.orbeon.com/oxf/processors}page-flow</param-value>
+ </init-param>
+ <init-param>
+ <param-name>oxf.error-processor.input.controller</param-name>
+ <param-value>oxf:/config/error-page-flow.xml</param-value>
+ </init-param>
+ <!--Set supported methods-->
+ <init-param>
+ <param-name>oxf.http.accept-methods</param-name>
+ <param-value>get,post,head,put,delete,lock,unlock</param-value>
+ </init-param>
+ <!--Set servlet initialization and destruction listeners-->
+ <!-- Uncomment this for the servlet listener processors -->
+ <!--
+ <init-param>
+ <param-name>oxf.servlet-initialized-processor.name</param-name>
+ <param-value>{http://www.orbeon.com/oxf/processors}pipeline</param-value>
+ </init-param>
+ <init-param>
+ <param-name>oxf.servlet-initialized-processor.input.config</param-name>
+ <param-value>oxf:/apps/context/servlet-initialized.xpl</param-value>
+ </init-param>
+ <init-param>
+ <param-name>oxf.servlet-destroyed-processor.name</param-name>
+ <param-value>{http://www.orbeon.com/oxf/processors}pipeline</param-value>
+ </init-param>
+ <init-param>
+ <param-name>oxf.servlet-destroyed-processor.input.config</param-name>
+ <param-value>oxf:/apps/context/servlet-destroyed.xpl</param-value>
+ </init-param>-->
+ <!-- End servlet listener processors -->
+ </servlet>
+ <!--This is the XForms Renderer servlet, used to deploy Orbeon Forms as a separate WAR-->
+ <servlet>
+ <servlet-name>orbeon-renderer-servlet</servlet-name>
+ <servlet-class>org.orbeon.oxf.servlet.OrbeonServlet</servlet-class>
+ <!--Set main processor-->
+ <init-param>
+ <param-name>oxf.main-processor.name</param-name>
+ <param-value>{http://www.orbeon.com/oxf/processors}page-flow</param-value>
+ </init-param>
+ <init-param>
+ <param-name>oxf.main-processor.input.controller</param-name>
+ <param-value>oxf:/ops/xforms/xforms-renderer-page-flow.xml</param-value>
+ </init-param>
+ <!--Set error processor-->
+ <init-param>
+ <param-name>oxf.error-processor.name</param-name>
+ <param-value>{http://www.orbeon.com/oxf/processors}pipeline</param-value>
+ </init-param>
+ <init-param>
+ <param-name>oxf.error-processor.input.config</param-name>
+ <param-value>oxf:/config/error.xpl</param-value>
+ </init-param>
+ </servlet>
+ <!-- Uncomment this for the eXist XMLRPC support -->
+ <!--
+ <servlet>
+ <servlet-name>exist-xmlrpc-servlet</servlet-name>
+ <servlet-class>org.exist.xmlrpc.RpcServlet</servlet-class>
+ </servlet>-->
+ <!-- End eXist XMLRPC support -->
+ <servlet>
+ <servlet-name>exist-rest-servlet</servlet-name>
+ <servlet-class>org.exist.http.servlets.EXistServlet</servlet-class>
+ <init-param>
+ <param-name>basedir</param-name>
+ <param-value>WEB-INF/</param-value>
+ </init-param>
+ <init-param>
+ <param-name>configuration</param-name>
+ <param-value>exist-conf.xml</param-value>
+ </init-param>
+ <init-param>
+ <param-name>start</param-name>
+ <param-value>true</param-value>
+ </init-param>
+ </servlet>
+ <servlet-mapping>
+ <servlet-name>orbeon-main-servlet</servlet-name>
+ <url-pattern>/</url-pattern>
+ </servlet-mapping>
+ <servlet-mapping>
+ <servlet-name>orbeon-renderer-servlet</servlet-name>
+ <url-pattern>/xforms-renderer</url-pattern>
+ </servlet-mapping>
+ <servlet-mapping>
+ <servlet-name>exist-rest-servlet</servlet-name>
+ <url-pattern>/exist/rest/*</url-pattern>
+ </servlet-mapping>
+ <!-- Uncomment this for the eXist XMLRPC support -->
+ <!--
+ <servlet-mapping>
+ <servlet-name>exist-xmlrpc-servlet</servlet-name>
+ <url-pattern>/exist/xmlrpc/*</url-pattern>
+ </servlet-mapping>-->
+ <!-- End eXist XMLRPC support -->
+ <!-- Uncomment this for the relational persistence, and change oracle if necessary -->
+ <!--
+ <resource-ref>
+ <description>DataSource</description>
+ <res-ref-name>jdbc/oracle</res-ref-name>
+ <res-type>javax.sql.DataSource</res-type>
+ <res-auth>Container</res-auth>
+ </resource-ref>-->
+ <!-- End relational persistence, and change oracle if necessary -->
+
+ <!-- Form Runner authentication -->
+ <!-- Require the security role on /fr/auth by default. To protect everything this must be changed. -->
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>Form Runner</web-resource-name>
+ <url-pattern>/fr/auth</url-pattern>
+ </web-resource-collection>
+ <auth-constraint>
+ <role-name>orbeon-user</role-name>
+ </auth-constraint>
+ </security-constraint>
+
+ <!-- The following pages and services are allowed without constraints by default -->
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>Form Runner services and public pages and resources</web-resource-name>
+ <url-pattern>/fr/service/*</url-pattern>
+ <url-pattern>/fr/style/*</url-pattern>
+ <url-pattern>/fr/not-found</url-pattern>
+ <url-pattern>/fr/error</url-pattern>
+ <url-pattern>/fr/login</url-pattern>
+ <url-pattern>/fr/login-error</url-pattern>
+ </web-resource-collection>
+ </security-constraint>
+
+ <!-- Form builder requires authentication -->
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>Form Builder</web-resource-name>
+ <url-pattern>/fr/orbeon/builder/*</url-pattern>
+ </web-resource-collection>
+ <auth-constraint>
+ <role-name>orbeon-admin</role-name>
+ </auth-constraint>
+ </security-constraint>
+
+ <!-- Form admin requires authentication -->
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>Form Administration</web-resource-name>
+ <url-pattern>/fr/admin</url-pattern>
+ </web-resource-collection>
+ <auth-constraint>
+ <role-name>orbeon-admin</role-name>
+ </auth-constraint>
+ </security-constraint>
+
+ <!-- Landing pages requires authentication -->
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>Form landing pages</web-resource-name>
+ <url-pattern>/fr/</url-pattern>
+ <url-pattern>/fr/forms</url-pattern>
+ </web-resource-collection>
+ <auth-constraint>
+ <role-name>orbeon-admin</role-name>
+ </auth-constraint>
+ </security-constraint>
+
+ <!-- Default security role -->
+ <security-role>
+ <role-name>orbeon-user</role-name>
+ </security-role>
+
+ <!-- Use the form-based method by default -->
+ <login-config>
+ <auth-method>FORM</auth-method>
+ <form-login-config>
+ <form-login-page>/fr/login</form-login-page>
+ <form-error-page>/fr/login-error</form-error-page>
+ </form-login-config>
+ </login-config>
+
+ <session-config>
+ <session-timeout>60</session-timeout>
+ </session-config>
+</web-app>
diff --git a/roles/paas-docker/containers/files/orbeon/server.xml b/roles/paas-docker/containers/files/orbeon/server.xml
new file mode 100644
--- /dev/null
+++ b/roles/paas-docker/containers/files/orbeon/server.xml
@@ -0,0 +1,40 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+ Tomcat :: Orbeon configuration
+ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+ Project: Nasqueron
+ License: Trivial enough, not eligible to copyright
+ Source file: roles/paas-docker/containers/files/orbeon/server.xml
+ _____________________________________________________________
+
+ <auto-generated>
+ This file is managed by our rOPS SaltStack repository.
+
+ Changes to this file may cause incorrect behavior
+ and will be lost if the state is redeployed.
+ </auto-generated>
+-->
+
+<Context path="/orbeon">
+ <Resource
+ name="jdbc/postgresql"
+ driverClassName="org.postgresql.Driver"
+
+ auth="Container"
+ type="javax.sql.DataSource"
+
+ initialSize="3"
+ maxActive="10"
+ maxIdle="10"
+ maxWait="30000"
+
+ poolPreparedStatements="true"
+
+ validationQuery="select 1"
+ testOnBorrow="true"
+
+ username="{{ db.user }}"
+ password="{{ db.pass }}"
+ url="jdbc:postgresql://{{ db.host }}:5432/{{ db.database }}?useUnicode=true&characterEncoding=UTF8&socketTimeout=30&tcpKeepAlive=true"/>
+</Context>
diff --git a/roles/paas-docker/containers/orbeon.sls b/roles/paas-docker/containers/orbeon.sls
new file mode 100644
--- /dev/null
+++ b/roles/paas-docker/containers/orbeon.sls
@@ -0,0 +1,103 @@
+# -------------------------------------------------------------
+# Salt — Provision Docker engine
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# License: Trivial work, not eligible to copyright
+# -------------------------------------------------------------
+
+{% set has_selinux = salt['grains.get']('selinux:enabled', False) %}
+
+{% for instance, container in pillar['docker_containers']['orbeon'].items() %}
+
+# -------------------------------------------------------------
+# Storage directory
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+/srv/orbeon/{{ instance }}:
+ file.directory:
+ - makedirs: True
+
+{% if has_selinux %}
+selinux_context_{{ instance }}_data:
+ selinux.fcontext_policy_present:
+ - name: /srv/orbeon/{{ instance }}
+ - sel_type: container_file_t
+
+selinux_context_{{ instance }}_data_applied:
+ selinux.fcontext_policy_applied:
+ - name: /srv/orbeon/{{ instance }}
+{% endif %}
+
+# -------------------------------------------------------------
+# Configuration files
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+/srv/orbeon/{{ instance }}/conf/tomcat-users.xml:
+ file.managed:
+ - source: salt://roles/paas-docker/containers/files/_tomcat/tomcat-users.xml
+ - mode: 400
+ - makedirs: True
+ - template: jinja
+ - show_changes: False
+ - context:
+ users:
+ {% for user, credential in container["tomcat"]["users"].items() %}
+ {{ user }}:
+ password: {{ salt["credentials.get_password"](credential) | yaml_dquote }}
+ roles:
+ - orbeon-admin
+ {% endfor %}
+
+/srv/orbeon/{{ instance }}/conf/properties-local.xml:
+ file.managed:
+ - source: salt://roles/paas-docker/containers/files/orbeon/{{ instance }}/properties-local.xml
+ - mode: 400
+ - template: jinja
+ - show_changes: False
+ - context:
+ secret_key: {{ salt["credentials.get_password"](container["secret_key"]) | yaml_dquote }}
+ host: {{ container["host"] }}
+ smtp: {{ container["smtp"] }}
+
+/srv/orbeon/{{ instance }}/conf/orbeon.xml:
+ file.managed:
+ - source: salt://roles/paas-docker/containers/files/orbeon/server.xml
+ - mode: 400
+ - template: jinja
+ - show_changes: False
+ - context:
+ db:
+ host: {{ pillar["nasqueron_services"][container["db"]["service"]] }}
+ database: {{ container["db"]["database"] }}
+ user: {{ salt["credentials.get_username"](container["db"]["credential"]) }}
+ pass: {{ salt["credentials.get_password"](container["db"]["credential"]) | yaml_dquote }}
+
+{% for config_file in ["web.xml", "form-builder-permissions.xml"] %}
+/srv/orbeon/{{ instance }}/conf/{{ config_file }}:
+ file.managed:
+ - source: salt://roles/paas-docker/containers/files/orbeon/{{ instance }}/{{ config_file }}
+{% endfor %}
+
+# -------------------------------------------------------------
+# Container
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+{{ instance }}:
+ docker_container.running:
+ - detach: True
+ - interactive: True
+ - image: nasqueron/orbeon
+ - binds:
+ - /srv/orbeon/{{ instance }}/conf/tomcat-users.xml:/usr/local/tomcat/conf/tomcat-users.xml
+ - /srv/orbeon/{{ instance }}/conf/orbeon.xml:/usr/local/tomcat/conf/Catalina/localhost/orbeon.xml
+ - /srv/orbeon/{{ instance }}/conf/web.xml:/usr/local/tomcat/webapps/orbeon/WEB-INF/web.xml
+ - /srv/orbeon/{{ instance }}/conf/form-builder-permissions.xml:/usr/local/tomcat/webapps/orbeon/WEB-INF/resources/config/form-builder-permissions.xml
+ - /srv/orbeon/{{ instance }}/conf/properties-local.xml:/usr/local/tomcat/webapps/orbeon/WEB-INF/resources/config/properties-local.xml
+ - ports:
+ - 8080
+ - port_bindings:
+ - {{ container['app_port'] }}:8080
+ - networks:
+ - {{ container['network'] }}
+
+{% endfor %}
diff --git a/roles/paas-docker/nginx/files/vhosts/orbeon.conf b/roles/paas-docker/nginx/files/vhosts/orbeon.conf
new file mode 100644
--- /dev/null
+++ b/roles/paas-docker/nginx/files/vhosts/orbeon.conf
@@ -0,0 +1,53 @@
+# -------------------------------------------------------------
+# Configuration for Docker PaaS front-end nginx
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Source file: roles/paas-docker/nginx/files/vhosts/orbeon.conf
+# -------------------------------------------------------------
+#
+# <auto-generated>
+# This file is managed by our rOPS SaltStack repository.
+#
+# Changes to this file may cause incorrect behavior
+# and will be lost if the state is redeployed.
+# </auto-generated>
+
+server {
+ listen 80;
+ listen [::]:80;
+ server_name {{ fqdn }};
+
+ include includes/letsencrypt;
+
+ return 301 https://$host$request_uri;
+}
+
+server {
+ server_name {{ fqdn }};
+
+ include includes/tls;
+ ssl_certificate /srv/letsencrypt/etc/live/{{ fqdn }}/fullchain.pem;
+ ssl_certificate_key /srv/letsencrypt/etc/live/{{ fqdn }}/privkey.pem;
+
+ include includes/letsencrypt;
+
+ {% for app in args["apps"] %}
+ location /{{ app }}/ {
+ proxy_pass http://localhost:16080/orbeon/fr/{{ app }}/;
+ proxy_redirect http://localhost:16080/orbeon/fr/{{ app }}/ /{{ app }}/;
+
+ include includes/proxy_params;
+ }
+ {% endfor %}
+
+ location /orbeon {
+ proxy_pass http://localhost:{{ app_port }};
+ proxy_redirect off;
+
+ include includes/proxy_params;
+ }
+
+ root /var/wwwroot-502/$server_name;
+
+ error_page 502 /502.html;
+ location /502.html {}
+}
File Metadata
Details
Attached
Mime Type
text/plain
Expires
Tue, Nov 26, 10:30 (21 h, 58 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
2264369
Default Alt Text
D3123.id7996.diff (33 KB)
Attached To
Mode
D3123: Deploy Orbeon Forms
Attached
Detach File
Event Timeline
Log In to Comment