LILiK
/
lilik_playbook
5
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Playbooks to a new Lilik
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
285 Commits
12 Branches
967 KiB
Tree: bd1aa8edd6
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'bd1aa8edd6'
${ noResults }
lilik_playbook/roles/ldap/tasks/main.yaml

115 lines
2.7 KiB
Raw Normal View History

move service task and handler to a separate role (see ansible issue 23389, 20603, 15902)
8 years ago
add nscd package to ldap task
8 years ago
move service task and handler to a separate role (see ansible issue 23389, 20603, 15902)
8 years ago
Some playbooks full of joy.
9 years ago
fix destroy container and ldap role
9 years ago
Some playbooks full of joy.
9 years ago
store ldap secret
7 years ago
fix destroy container and ldap role
9 years ago
update ldap playbook
9 years ago
store ldap secret
7 years ago
fix destroy container and ldap role
9 years ago
store ldap secret
7 years ago
update ldap playbook
9 years ago
move service task and handler to a separate role (see ansible issue 23389, 20603, 15902) Resolves #13
8 years ago
huge refactoring on services
9 years ago
add hostObject from libpam-ldap
7 years ago
huge refactoring on services
9 years ago
update ldap playbook
9 years ago
fix service handler name in ldap role
8 years ago
add memberof to ldap
8 years ago
add slpad pw-sha2 module
7 years ago
add memberof to ldap
8 years ago
add slpad pw-sha2 module
7 years ago
add memberof to ldap
8 years ago
LDAP playbook updates, default tree.
9 years ago
fix service handler name in ldap role
8 years ago
update ldap playbook
9 years ago
 
  1. - include_role:

  2.     name: service

  3.   vars:

  4.     service_name: nscd

  5.     service_packages: nscd

  6. 

  7. - name: configure OpenLDAP (domain)

  8.   debconf:

  9.       name: 'slapd'

  10.       question: 'slapd/domain'

  11.       vtype: 'string'

  12.       value: '{{ ldap_domain }}'

  13. - name: configure OpenLDAP (configure)

  14.   debconf:

  15.       name: 'slapd'

  16.       question: 'slapd/dump_database'

  17.       vtype: 'string'

  18.       value: 'when needed'

  19. - name: configure OpenLDAP (organization)

  20.   debconf:

  21.       name: 'slapd'

  22.       question: 'shared/organization'

  23.       vtype: 'string'

  24.       value: '{{ ldap_organization }}'

  25. 

  26. - name: slurp slap secret file

  27.   slurp:

  28.     src: /etc/slapd.secret

  29.   register: slapdsecret

  30.   failed_when: false

  31.   changed_when: false

  32. 

  33. - set_fact:

  34.     slapd_passwd: "{{ slapdsecret['content'] | b64decode }}"

  35.   when: '"content" in slapdsecret'

  36. 

  37. - block:

  38.   - name: generate admin password

  39.     gen_passwd: length=20

  40.     register: new_passwd

  41. 

  42.   - name: store slapd secret

  43.     copy:

  44.       content : "{{ new_passwd.passwd }}"

  45.       dest: /etc/slapd.secret

  46. 

  47.   - set_fact:

  48.       slapd_passwd: "{{ new_passwd.passwd }}"

  49.   when: 'not "content" in slapdsecret'

  50. 

  51. - name: configure OpenLDAP (password1)

  52.   debconf:

  53.       name: 'slapd'

  54.       question: 'slapd/password1'

  55.       vtype: 'string'

  56.       value: '{{ slapd_passwd }}'

  57. - name: configure OpenLDAP (password2)

  58.   debconf:

  59.       name: 'slapd'

  60.       question: 'slapd/password2'

  61.       vtype: 'string'

  62.       value: '{{ slapd_passwd }}'

  63. - name: configure phamm-ldap

  64.   debconf:

  65.       name: 'phamm-ldap'

  66.       question: 'phamm-ldap/init_base_ldap'

  67.       vtype: 'boolean'

  68.       value: false

  69. - include_role:

  70.     name: service

  71.   vars:

  72.     service_name: slapd

  73.     service_packages:

  74.         - slapd

  75.         - ldap-utils

  76.         - phamm-ldap

  77.         - libpam-ldap

  78.         - sudo

  79. - name: upload slapd config

  80.   template:

  81.       src: slapd.conf.j2

  82.       dest: "/etc/ldap/slapd.conf"

  83. - name: update slapd config

  84.   shell: slaptest -f /etc/ldap/slapd.conf -F /etc/ldap/slapd.d

  85.   args:

  86.       creates: "/etc/ldap/slapd.d/cn=config/cn=schema/cn={4}phamm.ldif"

  87.   become: true

  88.   become_method: sudo

  89.   become_user: openldap

  90.   notify: restart slapd

  91. 

  92. - name: fix missing memberOf and pw-sha2 module load

  93.   blockinfile:

  94.     dest: /etc/ldap/slapd.d/cn=config/cn=module{0}.ldif

  95.     content: |

  96.       olcModuleLoad: {1}memberof

  97.       olcModuleLoad: {2}pw-sha2

  98.   notify: restart slapd

  99. - name: upload default tree

  100.   template:

  101.     dest=/etc/ldap/default_tree.ldif

  102.     src=default_tree.ldif.j2

  103.     owner=root

  104.     group=root

  105.     mode=0400

  106.   register: upload_default_tree

  107. - name: create default tree

  108.   shell: slapadd -l /etc/ldap/default_tree.ldif

  109.   when: upload_default_tree.changed

  110.   notify: restart slapd

  111. - name: enable OpenLDAP server

  112.   service:

  113.       name: 'slapd'

  114.       enabled: true

  115.       state: started