LDAP: globale ansible variable angelegt und alle conf angepasst

group_vars/all

-# Globale Variablen für alle Server 
+# Globale Variablen für alle Server
+
+# IP Adresse des LDAP Servers
+# Extern läuft auf dem webserver
+ldap_ip_ext: 10.0.20.2
+# int ist noch ungenutzt / später replikation in der Zone
+ldap_ip_int: 10.0.20.2

warpsrvint/docker_grafana/templates/ldap.toml

@@ -3,7 +3,7 @@ verbose_logging = false
 
 [[servers]]
 # Ldap server host (specify multiple hosts space separated)
-host = "10.0.20.2"
+host = "{{ ldap_ip_ext }}"
 # Default port is 389 or 636 if use_ssl = true
 port = 389
 # Set to true if ldap server supports TLS

warpsrvint/docker_warpinfra/templates/config.ini

 
-[common] 
-# Possible Apps: warpmain, warpauth, warpfood, warpapi, warppay 
+[common]
+# Possible Apps: warpmain, warpauth, warpfood, warpapi, warppay
 APPS = warpmain, warpauth, warppay
 
 INSTANCE_NAME = 'INTERN-PRODUKTIV'
@@ -19,14 +19,14 @@ ALLOWED_HOSTS = infra.warpzone
 API_KEY = ''
 
 [mysql]
-MYSQL_HOST = mysql 
-MYSQL_PORT = 3306 
+MYSQL_HOST = mysql
+MYSQL_PORT = 3306
 MYSQL_USER = warpinfra
 MYSQL_PASS = {{ mysql_user_pw }}
 MYSQL_NAME = warpinfra
 
 [ldap]
-LDAP_HOST = 10.0.20.2
+LDAP_HOST = {{ ldap_ip_ext }}
 LDAP_BIND_DN = cn=admin,dc=warpzone,dc=ms
 LDAP_PASSWORD = {{ ldap_admin_pass }}
 

warpsrvint/docker_warpinfratest/templates/config.ini

 
-[common] 
-# Possible Apps: warpmain, warpauth, warpfood, warpapi, warppay 
+[common]
+# Possible Apps: warpmain, warpauth, warpfood, warpapi, warppay
 APPS = warpmain, warpauth, warppay
 
 INSTANCE_NAME = 'INTERN-TEST'
@@ -19,14 +19,14 @@ ALLOWED_HOSTS = infra-test.warpzone
 API_KEY = ''
 
 [mysql]
-MYSQL_HOST = db 
-MYSQL_PORT = 3306 
+MYSQL_HOST = db
+MYSQL_PORT = 3306
 MYSQL_USER = warpinfra
 MYSQL_PASS = {{ mysql_user_pw }}
 MYSQL_NAME = warpinfra
 
 [ldap]
-LDAP_HOST = 10.0.20.2
+LDAP_HOST = {{ ldap_ip_ext }}
 LDAP_BIND_DN = cn=admin,dc=warpzone,dc=ms
 LDAP_PASSWORD = {{ ldap_admin_pass }}
 

webserver/docker_gitlab/templates/gitlab.rb

@@ -92,7 +92,7 @@ gitlab_rails['gitlab_default_projects_features_issues'] = false
 ldap_servers_template = <<-'EOS'
   main:
     label: 'LDAP'
-    host: '10.0.20.2'
+    host: '{{ ldap_ip_ext }}'
     port: 389
     uid: 'uid'
     method: 'plain'
@@ -108,7 +108,7 @@ ldap_servers_template = <<-'EOS'
       last_name: 'sn'
 EOS
 
-# Replace LDAP Server IP fron Environment variable 
+# Replace LDAP Server IP fron Environment variable
 # which is set by the Docker Link
 ldap_servers = ldap_servers_template % ENV['LDAP_PORT_389_TCP_ADDR']
 

webserver/docker_ldap/tasks/main.yml

 ---
-# Einige Secrets sind auf dem Server lokal gespeichert und werden von dort gelesen 
-# Auslesen der Dateien vom Server, zwischengespeicert wird in der Variable gitlab_secrets 
-# Anschließend müssen die entsprechenden Einträge aus gitlab_secrets extrahiert werden  
-# Die Daten, die von Slurp gelesen werden sind Base64 codiert 
-# Zur Sicherheit werden Whitespace-Zeichen entfert, damit z.B. Zeilenumbrüche nicht übernommen werden 
+# Einige Secrets sind auf dem Server lokal gespeichert und werden von dort gelesen
+# Auslesen der Dateien vom Server, zwischengespeicert wird in der Variable gitlab_secrets
+# Anschließend müssen die entsprechenden Einträge aus gitlab_secrets extrahiert werden
+# Die Daten, die von Slurp gelesen werden sind Base64 codiert
+# Zur Sicherheit werden Whitespace-Zeichen entfert, damit z.B. Zeilenumbrüche nicht übernommen werden
 
 - name: get secrets from server 1
   slurp: src={{ item }}
@@ -13,27 +13,27 @@
   register: ldap_secrets
 
 - name: get secrets from server 2
-  set_fact: 
-    ldap_admin_pass: "{{ ldap_secrets.results | selectattr('item', 'equalto', '/srv/ldap/secret/ldap_admin_pass') | map(attribute='content') | list | first | b64decode | regex_replace('\\s', '') }}" 
-    ldap_readonly_pass: "{{ ldap_secrets.results | selectattr('item', 'equalto', '/srv/ldap/secret/ldap_readonly_pass') | map(attribute='content') | list | first | b64decode | regex_replace('\\s', '') }}" 
+  set_fact:
+    ldap_admin_pass: "{{ ldap_secrets.results | selectattr('item', 'equalto', '/srv/ldap/secret/ldap_admin_pass') | map(attribute='content') | list | first | b64decode | regex_replace('\\s', '') }}"
+    ldap_readonly_pass: "{{ ldap_secrets.results | selectattr('item', 'equalto', '/srv/ldap/secret/ldap_readonly_pass') | map(attribute='content') | list | first | b64decode | regex_replace('\\s', '') }}"
 
 - name: create folder struct for ldap
-  file: 
-    path: "/srv/ldap" 
+  file:
+    path: "/srv/ldap"
     state: "directory"
 
 - name: create folder struct for ldap
-  file: 
-    path: "/srv/ldap/database" 
+  file:
+    path: "/srv/ldap/database"
     state: "directory"
 
 - name: create folder struct for ldap
-  file: 
-    path: "/srv/ldap/config" 
+  file:
+    path: "/srv/ldap/config"
     state: "directory"
-  
+
 - name: start ldap docker
-  docker_container: 
+  docker_container:
     name: ldap-service
     image: osixia/openldap:1.1.6
     hostname: ldap-service
@@ -45,21 +45,21 @@
     env:
       LDAP_ORGANISATION: Warpzone
       LDAP_DOMAIN: warpzone.ms
-      LDAP_ADMIN_PASSWORD: "{{ ldap_admin_pass }}" 
+      LDAP_ADMIN_PASSWORD: "{{ ldap_admin_pass }}"
       LDAP_READONLY_USER: true
       LDAP_READONLY_USER_USERNAME: readonly
       LDAP_READONLY_USER_PASSWORD: "{{ ldap_readonly_pass }}"
     ports:
-      - 10.0.20.2:389:389
-      - 10.0.20.2:636:636
-      
+      - {{ ldap_ip_ext }}:389:389
+      - {{ ldap_ip_ext }}:636:636
+
 - name: start phpldapadmin docker
-  docker_container: 
+  docker_container:
     name: phpldapadmin-app
     image: osixia/phpldapadmin:0.6.11
     state: started
     restart_policy: always
-    env: 
+    env:
       PHPLDAPADMIN_LDAP_HOSTS: ldap-host
       PHPLDAPADMIN_HTTPS: false
       PHPLDAPADMIN_TRUST_PROXY_SSL: true
@@ -67,4 +67,3 @@
       - ldap-service:ldap-host
     ports:
       - 127.0.0.1:42004:80
-

webserver/docker_warpinfra/templates/config.ini

 
-[common] 
-# Possible Apps: warpmain, warpauth, warpfood, warpapi, warppay 
+[common]
+# Possible Apps: warpmain, warpauth, warpfood, warpapi, warppay
 APPS = warpmain, warpauth, warpfood
 
 INSTANCE_NAME = 'EXTERN-PRODUKTIV'
@@ -19,14 +19,14 @@ ALLOWED_HOSTS = infra.warpzone.ms
 API_KEY = {{mattermost_api_key}}
 
 [mysql]
-MYSQL_HOST = db 
-MYSQL_PORT = 3306 
+MYSQL_HOST = db
+MYSQL_PORT = 3306
 MYSQL_USER = warpinfra
 MYSQL_PASS = {{ mysql_user_pw }}
 MYSQL_NAME = warpinfra
 
 [ldap]
-LDAP_HOST = 10.0.20.2
+LDAP_HOST = {{ ldap_ip_ext }}
 LDAP_BIND_DN = cn=admin,dc=warpzone,dc=ms
 LDAP_PASSWORD = {{ ldap_admin_pass }}
 

webserver/docker_warpinfratest/templates/config.ini

 
-[common] 
-# Possible Apps: warpmain, warpauth, warpfood, warpapi, warppay 
+[common]
+# Possible Apps: warpmain, warpauth, warpfood, warpapi, warppay
 APPS = warpmain, warpauth, warpfood, warpapi
 
 INSTANCE_NAME = 'EXTERN-TEST'
@@ -19,14 +19,14 @@ ALLOWED_HOSTS = infra.warpzone.ms
 API_KEY = {{mattermost_api_key}}
 
 [mysql]
-MYSQL_HOST = db 
-MYSQL_PORT = 3306 
+MYSQL_HOST = db
+MYSQL_PORT = 3306
 MYSQL_USER = warpinfra
 MYSQL_PASS = {{ mysql_user_pw }}
 MYSQL_NAME = warpinfra
 
 [ldap]
-LDAP_HOST = 10.0.20.2
+LDAP_HOST = {{ ldap_ip_ext }}
 LDAP_BIND_DN = cn=admin,dc=warpzone,dc=ms
 LDAP_PASSWORD = {{ ldap_admin_pass }}
 

webserver/openvpn/templates/warpzone-up.sh

@@ -2,6 +2,5 @@
 # the interface name is passed as first argument ($1)
 
 #modprobe ip_tables
-#iptables -t nat -I PREROUTING -p tcp -d 10.0.20.2/32 --dport 389 -j DNAT --to-destination 127.0.0.1:389
-#iptables -t nat -I PREROUTING -p tcp -d 10.0.20.2/32 --dport 636 -j DNAT --to-destination 127.0.0.1:636
-
+#iptables -t nat -I PREROUTING -p tcp -d {{ ldap_ip_ext }}/32 --dport 389 -j DNAT --to-destination 127.0.0.1:389
+#iptables -t nat -I PREROUTING -p tcp -d {{ ldap_ip_ext }}/32 --dport 636 -j DNAT --to-destination 127.0.0.1:636