diff --git a/rpmbuild/SOURCES/traefik-forward-auth.conf b/rpmbuild/SOURCES/traefik-forward-auth.conf new file mode 100644 index 0000000..0c5e6f9 --- /dev/null +++ b/rpmbuild/SOURCES/traefik-forward-auth.conf @@ -0,0 +1 @@ +log-level = info \ No newline at end of file diff --git a/rpmbuild/SOURCES/traefik-forward-auth.service b/rpmbuild/SOURCES/traefik-forward-auth.service index 2257f17..7079cea 100644 --- a/rpmbuild/SOURCES/traefik-forward-auth.service +++ b/rpmbuild/SOURCES/traefik-forward-auth.service @@ -3,13 +3,20 @@ Description=Minimal forward authentication service for the traefik reverse proxy Wants=network.target After=network-online.target traefik.service keycloak.service +StartLimitBurst=5 +StartLimitIntervalSec=33 + [Service] Restart=always Type=simple -ExecStart=/opt/traefik/bin/traefik-forward-auth +EnvironmentFile=/opt/traefik/etc/traefik-forward-auth.env +ExecStart=/opt/traefik/bin/traefik-forward-auth --config /opt/traefik/etc/traefik-forward-auth.conf WorkingDirectory=/srv/traefik User=traefik Group=itix-svc +# If some dependencies of this service are not ready, leave them some time to start +RestartSec=10 + [Install] WantedBy=multi-user.target default.target diff --git a/rpmbuild/SOURCES/traefik.service b/rpmbuild/SOURCES/traefik.service index 5b7e1f6..9b9ad2c 100644 --- a/rpmbuild/SOURCES/traefik.service +++ b/rpmbuild/SOURCES/traefik.service @@ -3,13 +3,21 @@ Description=The Cloud Native Application Proxy Wants=network.target After=network-online.target +# Since it is a critical service, restart it indefinitely until success +StartLimitIntervalSec=0 + [Service] Restart=always Type=simple +EnvironmentFile=/opt/traefik/etc/traefik.env ExecStart=/opt/traefik/bin/traefik -WorkingDirectory=/srv/traefik +WorkingDirectory=/opt/traefik/etc User=traefik Group=itix-svc +RestartSec=5 + +# Allow traefik to bind to <1024 ports +AmbientCapabilities=CAP_NET_BIND_SERVICE [Install] WantedBy=multi-user.target default.target diff --git a/rpmbuild/SOURCES/traefik.yaml b/rpmbuild/SOURCES/traefik.yaml new file mode 100644 index 0000000..a431b8d --- /dev/null +++ b/rpmbuild/SOURCES/traefik.yaml @@ -0,0 +1,18 @@ +log: + level: "INFO" + +accesslog: true + +providers: + file: + directory: /etc/traefik/conf.d/ + watch: true + +global: + sendanonymoususage: false + checknewversion: false + +entryPoints: + http: + address: ":80" + diff --git a/rpmbuild/SPECS/traefik-forward-auth.spec b/rpmbuild/SPECS/traefik-forward-auth.spec index d3a9de1..d327f91 100644 --- a/rpmbuild/SPECS/traefik-forward-auth.spec +++ b/rpmbuild/SPECS/traefik-forward-auth.spec @@ -17,6 +17,7 @@ ExclusiveArch: x86_64 URL: %{gourl} Source0: %{gosource} Source1: traefik-forward-auth.service +Source2: traefik-forward-auth.conf Requires: traefik BuildRequires: systemd BuildRequires: go-rpm-macros @@ -31,6 +32,7 @@ BuildRequires: go-rpm-macros %prep %goprep cp %{S:1} %{name}.service +cp %{S:2} %{name}.conf %build CGO_ENABLED=0 GO111MODULE=on go build -o %{gobuilddir}/traefik-forward-auth %{goipath}/cmd @@ -39,12 +41,25 @@ CGO_ENABLED=0 GO111MODULE=on go build -o %{gobuilddir}/traefik-forward-auth %{go install -D %{gobuilddir}/traefik-forward-auth %{buildroot}/opt/traefik/bin/traefik-forward-auth install -D -m 0644 %{name}.service %{buildroot}%{_unitdir}/%{name}.service +install -D -m 0644 %{name}.conf %{buildroot}/opt/traefik/etc/%{name}.conf +touch %{buildroot}/opt/traefik/etc/%{name}.env %files %license LICENSE.md -%defattr(0644, root, root, 0755) %attr(0755, root, root) /opt/traefik/bin/traefik-forward-auth -%{_unitdir}/%{name}.service +%attr(0644, root, root) %{_unitdir}/%{name}.service +%defattr(0600, traefik, itix-svc, 0700) +%config(noreplace) /opt/traefik/etc/%{name}.conf +%config(noreplace) /opt/traefik/etc/%{name}.env + +%post +%systemd_post %{name}.service + +%preun +%systemd_preun %{name}.service + +%postun +%systemd_postun_with_restart %{name}.service %changelog * Mon Feb 22 2021 Nicolas MASSE - 2.2.0-itix1 diff --git a/rpmbuild/SPECS/traefik.spec b/rpmbuild/SPECS/traefik.spec index 40ba9c5..c7173c0 100644 --- a/rpmbuild/SPECS/traefik.spec +++ b/rpmbuild/SPECS/traefik.spec @@ -1,11 +1,12 @@ Name: traefik Version: 2.3.4 -Release: itix1 +Release: itix2 Summary: The Cloud Native Application Proxy License: MIT Source0: https://github.com/traefik/%{name}/releases/download/v%{version}/%{name}_v%{version}_linux_amd64.tar.gz ExclusiveArch: x86_64 Source1: traefik.service +Source2: traefik.yaml Requires(pre): shadow-utils BuildRequires: systemd @@ -26,22 +27,34 @@ onfiguration step you need. %prep %setup -q -c cp %{S:1} %{name}.service +cp %{S:2} %{name}.yaml %build %install install -d %{buildroot}/opt/%{name}/etc/ +install -d %{buildroot}/opt/%{name}/etc/conf.d install -d %{buildroot}/srv/%{name}/ install -D traefik %{buildroot}/opt/%{name}/bin/traefik -install -D -m 0644 %{name}.service %{buildroot}/%{_unitdir}/%{name}.service +install -D -m 0644 %{name}.service %{buildroot}%{_unitdir}/%{name}.service +install -D -m 0644 %{name}.yaml %{buildroot}/opt/%{name}/etc/%{name}.yaml +touch %{buildroot}/opt/%{name}/etc/%{name}.env %files + +%defattr(0755, root, root, 0755) +/opt/%{name}/bin/traefik + %defattr(0644, root, root, 0755) %dir /opt/%{name}/bin +%{_unitdir}/%{name}.service %dir /opt/%{name}/etc +%dir /opt/%{name}/etc/conf.d +%config(noreplace) /opt/%{name}/etc/%{name}.yaml +%config(noreplace) /opt/%{name}/etc/%{name}.env + +%defattr(0600, traefik, itix-svc, 0700) %dir /srv/%{name} -%attr(0755, root, root) /opt/%{name}/bin/traefik -%{_unitdir}/%{name}.service %pre getent group itix-svc >/dev/null || groupadd -r itix-svc @@ -51,6 +64,14 @@ getent passwd %{name} >/dev/null || useradd -r -g itix-svc \ exit 0 +%post +%systemd_post %{name}.service + +%preun +%systemd_preun %{name}.service + +%postun +%systemd_postun_with_restart %{name}.service + + %changelog -* Mon Feb 22 2021 Nicolas MASSE - 2.3.4-itix1 -- First release