LILiK
/
lilik_playbook
5
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Browse Source

roles/icinga2: read ldap secret from config file

python3
Zolfa 4 years ago
parent
2b068f1a95
commit
14dbd2059e
Signed by: zolfa GPG Key ID: E1A43B038C4D6616
3 changed files with 36 additions and 13 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +1
    -0
      roles/icinga2/defaults/main.yaml
  2. +34
    -12
      roles/icinga2/tasks/main.yaml
  3. +1
    -1
      roles/icinga2/templates/icingaweb2/resources.ini.j2

+ 1
- 0
roles/icinga2/defaults/main.yaml View File

@ -6,4 +6,5 @@ ldap_backup_servers: []
ldap_basedn: 'dc={{ domain.replace(".", ",dc=") }}'
ldap_tls_enabled: true
ldap_tls_server_ca: '{{ tls_root_ca }}'
ldap_renew_secret: false
...

+ 34
- 12
roles/icinga2/tasks/main.yaml View File

@ -206,26 +206,46 @@
dest: '/etc/ldap/ldap.conf'
when: ldap_tls_enabled
- name: 'LDAP | generate client service password'
gen_passwd: 'length=32'
register: 'icingaweb2_ldap_passwd'
- name: 'try to read LDAP service password'
command: 'sed -n "s/^bind_pw\s\?=\s\?\"\(.\+\)\"$/\1/p" /etc/icingaweb2/resources.ini'
register: icingaweb2_read_ldap_passwd
failed_when: icingaweb2_read_ldap_passwd.rc > 2
no_log: true
tags:
- 'service_password'
- name: 'LDAP | set client service password on server'
delegate_to: 'localhost'
ldap_passwd:
dn: 'cn={{ host_fqdn }},ou=Server,{{ ldap_basedn }}'
passwd: '{{ icingaweb2_ldap_passwd.passwd }}'
server_uri: 'ldap://{{ ldap_server }}'
start_tls: '{{ ldap_tls_enabled }}'
bind_dn: '{{ ldap_admin_dn }}'
bind_pw: '{{ ldap_admin_pw }}'
- name: 'set LDAP service password'
set_fact:
icingaweb2_ldap_passwd: '{{ icingaweb2_read_ldap_passwd.stdout | d("") }}'
no_log: true
tags:
- 'service_password'
- block:
- name: 'LDAP | generate client service password'
gen_passwd: 'length=32'
register: 'icingaweb2_ldap_gen_passwd'
no_log: true
tags:
- 'service_password'
- name: 'LDAP | set client service password on server'
delegate_to: 'localhost'
ldap_passwd:
dn: 'cn={{ host_fqdn }},ou=Server,{{ ldap_basedn }}'
passwd: '{{ icingaweb2_ldap_gen_passwd.passwd }}'
server_uri: 'ldap://{{ ldap_server }}'
start_tls: '{{ ldap_tls_enabled }}'
bind_dn: '{{ ldap_admin_dn }}'
bind_pw: '{{ ldap_admin_pw }}'
no_log: true
- name: 'LDAP | set client service password on client'
set_fact:
icingaweb2_ldap_passwd: '{{ icingaweb2_ldap_gen_passwd.passwd }}'
no_log: true
when: icingaweb2_ldap_passwd == '' or ldap_renew_secret
tags:
- 'service_password'
- name: 'configure IcingaWeb2 (static files)'
synchronize:
src: 'icingaweb2'
@ -259,6 +279,8 @@
- 'resources.ini'
- 'authentication.ini'
- 'groups.ini'
tags:
- 'service_password'
- name: 'NGINX | configure IcingaWeb2 locations'
template:


+ 1
- 1
roles/icinga2/templates/icingaweb2/resources.ini.j2 View File

@ -5,7 +5,7 @@ port = "389"
encryption = "starttls"
root_dn = "{{ ldap_basedn }}"
bind_dn = "cn={{ host_fqdn }},ou=Server,{{ ldap_basedn }}"
bind_pw = "{{ icingaweb2_ldap_passwd.passwd }}"
bind_pw = "{{ icingaweb2_ldap_passwd }}"
[icingaweb2-ido-pgsql]
type = "db"


Write Preview
Loading…
Cancel
Save