untill i get a working module I’ve created a script that creates the following folders under /opt/lemonldap:
backups, apps, logos, logs, conf, etc and cache.
It then mounts them for use in the podmain container, next it asks you what port is free along with your country and city to set timezone variables.
Then it creates the systemd files and moves it to /etc/systemd/system/ns8-lemonldap.service and reloads systemd and enables ns8-lemonldap.service.
It also creats a script called ~/lemon_setup.sh and makes it executable, this script purges the conf, cache, etc and logs folders along with the systemd service file leaving the apps, logos and backgrounds folders, recreates the conf, cache, logs and etc folders and remounts them.
Then it reruns the podman run script with the answers you gave during setup and recreates the systemd service file and reenables it so it the installation starts fresh but the apps logos and backgrounds remain.
you can then load a config file from a backup in the manager.
Default login is
User: dwho
Password: dwho
ns8-lemonldap.sh
#!/bin/bash
read -p "What is the unbound port to run LemonLDAP-NG on?" 'port'
read -p "What is your Country?" 'country'
read -p "What is your City?" 'city'
mkdir -p /opt/lemonldap /opt/lemonldap/backrounds /opt/lemonldap/apps /opt/lemonldap/logos /opt/lemonldap/logs /opt/lemonldap/cache /opt/lemonldap/conf /opt/lemonldap/etc
# chown root:root -R /opt/lemonldap /opt/lemonldap/backrounds /opt/lemonldap/apps /opt/lemonldap/logos /opt/lemonldap/logs /opt/lemonldap/cache /opt/lemonldap/conf /opt/lemonldap/etc
podman volume create \
-o device=/opt/lemonldap/backrounds \
-o=o=bind \
backgrounds
podman volume create \
-o device=/opt/lemonldap/conf \
-o=o=bind \
conf
podman volume create \
-o device=/opt/lemonldap/logos \
-o=o=bind \
logos
podman volume create \
-o device=/opt/lemonldap/apps \
-o=o=bind \
apps
podman volume create \
-o device=/opt/lemonldap/logs \
-o=o=bind \
logs
podman volume create \
-o device=/opt/lemonldap/cache \
-o=o=bind \
cache
podman volume create \
-o device=/opt/lemonldap/etc \
-o=o=bind \
etc
podman run --detach --replace --name ns8-lemonldap \
--volume=apps:/usr/share/lemonldap-ng/portal/htdocs/static/common/apps:z \
--volume=backgrounds:/usr/share/lemonldap-ng/portal/htdocs/static/common/backgrounds:z \
--volume=logos:/usr/share/lemonldap-ng/portal/htdocs/static/common/logos:z \
--volume=conf:/var/lib/lemonldap-ng/conf:z \
--volume=logs:/www/logs:z \
--volume=etc:/etc/lemonldap-ng:z \
--volume=cache:/var/cache/lemonldap-ng:z \
-e SSODOMAIN=$domain \
-e PORTAL_HOSTNAME=auth.$(hostname -d) \
-e MANAGER_HOSTNAME=mymanager.$(hostname -d) \
-e HANDLER_HOSTNAME=handler.$(hostname -d) \
-e TEST1_HOSTNAME=test1.$(hostname -d) \
-e TEST2_HOSTNAME=test2.$(hostname -d) \
-e LOGLEVEL=debug \
-e TZ="$country/$city" \
-e FASTCGI_LISTEN_PORT=9000 \
-p $port:80 \
docker.io/coudot/lemonldap-ng:latest
wait
cat <<EOF >>~/lemon_setup.sh
#!/bin/sh
# Created on $(date )
rm -Rf /etc/systemd/system/lemonldap.service /opt/container-ns8-lemonldap.service
podman volume rm -f etc conf cache logs
rm -Rf /opt/lemonldap/cache /opt/lemonldap/conf /opt/lemonldap/etc /opt/lemonldap/logs
mkdir -p /opt/lemonldap/cache /opt/lemonldap/conf /opt/lemonldap/etc /opt/lemonldap/logs
# chown root:root -R /opt/lemonldap/logs /opt/lemonldap/cache /opt/lemonldap/conf /opt/lemonldap/etc
podman volume create \
-o device=/opt/lemonldap/conf \
-o=o=bind \
conf
podman volume create \
-o device=/opt/lemonldap/cache \
-o=o=bind \
cache
podman volume create \
-o device=/opt/lemonldap/etc \
-o=o=bind \
etc
podman volume create \
-o device=/opt/lemonldap/logs \
-o=o=bind \
logs
podman run --detach --replace --name ns8-lemonldap \
--volume=apps:/usr/share/lemonldap-ng/portal/htdocs/static/common/apps:z \
--volume=backgrounds:/usr/share/lemonldap-ng/portal/htdocs/static/common/backgrounds:z \
--volume=logos:/usr/share/lemonldap-ng/portal/htdocs/static/common/logos:z \
--volume=conf:/var/lib/lemonldap-ng/conf:z \
--volume=logs:/www/logs:z \
--volume=etc:/etc/lemonldap-ng:z \
--volume=cache:/var/cache/lemonldap-ng:z \
-e SSODOMAIN=$domain \
-e PORTAL_HOSTNAME=auth.$(hostname -d) \
-e MANAGER_HOSTNAME=mymanager.$(hostname -d) \
-e HANDLER_HOSTNAME=handler.$(hostname -d) \
-e TEST1_HOSTNAME=test1.$(hostname -d) \
-e TEST2_HOSTNAME=test2.$(hostname -d) \
-e LOGLEVEL=debug \
-e TZ="$country/$city" \
-e FASTCGI_LISTEN_PORT=9000 \
-p $port:80 \
docker.io/coudot/lemonldap-ng:latest
podman generate systemd --name ns8-lemonldap -f > /etc/systemd/system/lemonldap.service
mv -vf \
/opt/container-ns8-lemonldap.service \
/etc/systemd/system/ns8-lemonldap.service
wait
podman stop ns8-lemonldap
systemctl daemon-reload
systemctl enable ns8-lemonldap.service
wait
systemctl start ns8-lemonldap
EOF
chmod +x ~/lemon_setup.sh
rm -Rf /opt/container-ns8-lemonldap.service /etc/systemd/system/lemonldap.service
podman generate systemd --name ns8-lemonldap -f > /etc/systemd/system/lemonldap.service
mv -vf \
/opt/container-ns8-lemonldap.service \
/etc/systemd/system/ns8-lemonldap.service
wait
podman stop ns8-lemonldap
systemctl daemon-reload
systemctl enable ns8-lemonldap.service
wait
api-cli run set-route --agent module/traefik1 --data - <<EOF
{
"instance": "ns8auth",
"url": "http://127.0.0.1:$port",
"host": "auth.$(hostname -d)",
"lets_encrypt": true,
"http2https": true,
"skip_cert_verify": false
}
EOF
wait
api-cli run set-route --agent module/traefik1 --data - <<EOF
{
"instance": "ns8manager",
"url": "http://127.0.0.1:$port",
"host": "manager.$(hostname -d)",
"lets_encrypt": true,
"http2https": true,
"skip_cert_verify": false
}
EOF
wait
systemctl start ns8-lemonldap
echo "LemonLDAP-NG has been installed please dont forget to setup the folowing http routes in NS8 1. add auth.$(hostname -d) as http://127.0.0.1:$port and manager.$(hostname -d) http://127.0.0.1:$port also select the options for lets encrypt and http to https"
echo " Once you have setup the http routes you should be able to access the portal at https://auth.$(hostname -d) and the manager at https://manager.$(hostname -d) "
Next steps for this script is:
- auto propagating the ad/ldap details
Automating the http routes and let’s encrypt certificate
- Backup