From 272f634afa0dbd890af25e4c0e8d9c34716f9d71 Mon Sep 17 00:00:00 2001
From: Jens Sandmann <jens@sandzwerg.de>
Date: Sun, 15 Oct 2017 03:02:57 +0200
Subject: [PATCH] LDAP: globale ansible variable angelegt und alle conf
angepasst
---
group_vars/all | 8 +++-
warpsrvint/docker_grafana/templates/ldap.toml | 2 +-
.../docker_warpinfra/templates/config.ini | 10 ++---
.../docker_warpinfratest/templates/config.ini | 10 ++---
webserver/docker_gitlab/templates/gitlab.rb | 4 +-
webserver/docker_ldap/tasks/main.yml | 45 +++++++++----------
.../docker_warpinfra/templates/config.ini | 10 ++---
.../docker_warpinfratest/templates/config.ini | 10 ++---
webserver/openvpn/templates/warpzone-up.sh | 5 +--
9 files changed, 54 insertions(+), 50 deletions(-)
diff --git a/group_vars/all b/group_vars/all
index 4b3526b3..597cc00a 100644
--- a/group_vars/all
+++ b/group_vars/all
@@ -1 +1,7 @@
-# Globale Variablen für alle Server
+# Globale Variablen für alle Server
+
+# IP Adresse des LDAP Servers
+# Extern läuft auf dem webserver
+ldap_ip_ext: 10.0.20.2
+# int ist noch ungenutzt / später replikation in der Zone
+ldap_ip_int: 10.0.20.2
diff --git a/warpsrvint/docker_grafana/templates/ldap.toml b/warpsrvint/docker_grafana/templates/ldap.toml
index dad2a618..57087195 100644
--- a/warpsrvint/docker_grafana/templates/ldap.toml
+++ b/warpsrvint/docker_grafana/templates/ldap.toml
@@ -3,7 +3,7 @@ verbose_logging = false
[[servers]]
# Ldap server host (specify multiple hosts space separated)
-host = "10.0.20.2"
+host = "{{ ldap_ip_ext }}"
# Default port is 389 or 636 if use_ssl = true
port = 389
# Set to true if ldap server supports TLS
diff --git a/warpsrvint/docker_warpinfra/templates/config.ini b/warpsrvint/docker_warpinfra/templates/config.ini
index 8eaf5ff7..67e6e525 100644
--- a/warpsrvint/docker_warpinfra/templates/config.ini
+++ b/warpsrvint/docker_warpinfra/templates/config.ini
@@ -1,6 +1,6 @@
-[common]
-# Possible Apps: warpmain, warpauth, warpfood, warpapi, warppay
+[common]
+# Possible Apps: warpmain, warpauth, warpfood, warpapi, warppay
APPS = warpmain, warpauth, warppay
INSTANCE_NAME = 'INTERN-PRODUKTIV'
@@ -19,14 +19,14 @@ ALLOWED_HOSTS = infra.warpzone
API_KEY = ''
[mysql]
-MYSQL_HOST = mysql
-MYSQL_PORT = 3306
+MYSQL_HOST = mysql
+MYSQL_PORT = 3306
MYSQL_USER = warpinfra
MYSQL_PASS = {{ mysql_user_pw }}
MYSQL_NAME = warpinfra
[ldap]
-LDAP_HOST = 10.0.20.2
+LDAP_HOST = {{ ldap_ip_ext }}
LDAP_BIND_DN = cn=admin,dc=warpzone,dc=ms
LDAP_PASSWORD = {{ ldap_admin_pass }}
diff --git a/warpsrvint/docker_warpinfratest/templates/config.ini b/warpsrvint/docker_warpinfratest/templates/config.ini
index e18f6b8b..c56d5140 100644
--- a/warpsrvint/docker_warpinfratest/templates/config.ini
+++ b/warpsrvint/docker_warpinfratest/templates/config.ini
@@ -1,6 +1,6 @@
-[common]
-# Possible Apps: warpmain, warpauth, warpfood, warpapi, warppay
+[common]
+# Possible Apps: warpmain, warpauth, warpfood, warpapi, warppay
APPS = warpmain, warpauth, warppay
INSTANCE_NAME = 'INTERN-TEST'
@@ -19,14 +19,14 @@ ALLOWED_HOSTS = infra-test.warpzone
API_KEY = ''
[mysql]
-MYSQL_HOST = db
-MYSQL_PORT = 3306
+MYSQL_HOST = db
+MYSQL_PORT = 3306
MYSQL_USER = warpinfra
MYSQL_PASS = {{ mysql_user_pw }}
MYSQL_NAME = warpinfra
[ldap]
-LDAP_HOST = 10.0.20.2
+LDAP_HOST = {{ ldap_ip_ext }}
LDAP_BIND_DN = cn=admin,dc=warpzone,dc=ms
LDAP_PASSWORD = {{ ldap_admin_pass }}
diff --git a/webserver/docker_gitlab/templates/gitlab.rb b/webserver/docker_gitlab/templates/gitlab.rb
index 1131f327..9116ec14 100644
--- a/webserver/docker_gitlab/templates/gitlab.rb
+++ b/webserver/docker_gitlab/templates/gitlab.rb
@@ -92,7 +92,7 @@ gitlab_rails['gitlab_default_projects_features_issues'] = false
ldap_servers_template = <<-'EOS'
main:
label: 'LDAP'
- host: '10.0.20.2'
+ host: '{{ ldap_ip_ext }}'
port: 389
uid: 'uid'
method: 'plain'
@@ -108,7 +108,7 @@ ldap_servers_template = <<-'EOS'
last_name: 'sn'
EOS
-# Replace LDAP Server IP fron Environment variable
+# Replace LDAP Server IP fron Environment variable
# which is set by the Docker Link
ldap_servers = ldap_servers_template % ENV['LDAP_PORT_389_TCP_ADDR']
diff --git a/webserver/docker_ldap/tasks/main.yml b/webserver/docker_ldap/tasks/main.yml
index d5ad3669..6c250ac0 100644
--- a/webserver/docker_ldap/tasks/main.yml
+++ b/webserver/docker_ldap/tasks/main.yml
@@ -1,9 +1,9 @@
---
-# Einige Secrets sind auf dem Server lokal gespeichert und werden von dort gelesen
-# Auslesen der Dateien vom Server, zwischengespeicert wird in der Variable gitlab_secrets
-# Anschließend müssen die entsprechenden Einträge aus gitlab_secrets extrahiert werden
-# Die Daten, die von Slurp gelesen werden sind Base64 codiert
-# Zur Sicherheit werden Whitespace-Zeichen entfert, damit z.B. Zeilenumbrüche nicht übernommen werden
+# Einige Secrets sind auf dem Server lokal gespeichert und werden von dort gelesen
+# Auslesen der Dateien vom Server, zwischengespeicert wird in der Variable gitlab_secrets
+# Anschließend müssen die entsprechenden Einträge aus gitlab_secrets extrahiert werden
+# Die Daten, die von Slurp gelesen werden sind Base64 codiert
+# Zur Sicherheit werden Whitespace-Zeichen entfert, damit z.B. Zeilenumbrüche nicht übernommen werden
- name: get secrets from server 1
slurp: src={{ item }}
@@ -13,27 +13,27 @@
register: ldap_secrets
- name: get secrets from server 2
- set_fact:
- ldap_admin_pass: "{{ ldap_secrets.results | selectattr('item', 'equalto', '/srv/ldap/secret/ldap_admin_pass') | map(attribute='content') | list | first | b64decode | regex_replace('\\s', '') }}"
- ldap_readonly_pass: "{{ ldap_secrets.results | selectattr('item', 'equalto', '/srv/ldap/secret/ldap_readonly_pass') | map(attribute='content') | list | first | b64decode | regex_replace('\\s', '') }}"
+ set_fact:
+ ldap_admin_pass: "{{ ldap_secrets.results | selectattr('item', 'equalto', '/srv/ldap/secret/ldap_admin_pass') | map(attribute='content') | list | first | b64decode | regex_replace('\\s', '') }}"
+ ldap_readonly_pass: "{{ ldap_secrets.results | selectattr('item', 'equalto', '/srv/ldap/secret/ldap_readonly_pass') | map(attribute='content') | list | first | b64decode | regex_replace('\\s', '') }}"
- name: create folder struct for ldap
- file:
- path: "/srv/ldap"
+ file:
+ path: "/srv/ldap"
state: "directory"
- name: create folder struct for ldap
- file:
- path: "/srv/ldap/database"
+ file:
+ path: "/srv/ldap/database"
state: "directory"
- name: create folder struct for ldap
- file:
- path: "/srv/ldap/config"
+ file:
+ path: "/srv/ldap/config"
state: "directory"
-
+
- name: start ldap docker
- docker_container:
+ docker_container:
name: ldap-service
image: osixia/openldap:1.1.6
hostname: ldap-service
@@ -45,21 +45,21 @@
env:
LDAP_ORGANISATION: Warpzone
LDAP_DOMAIN: warpzone.ms
- LDAP_ADMIN_PASSWORD: "{{ ldap_admin_pass }}"
+ LDAP_ADMIN_PASSWORD: "{{ ldap_admin_pass }}"
LDAP_READONLY_USER: true
LDAP_READONLY_USER_USERNAME: readonly
LDAP_READONLY_USER_PASSWORD: "{{ ldap_readonly_pass }}"
ports:
- - 10.0.20.2:389:389
- - 10.0.20.2:636:636
-
+ - {{ ldap_ip_ext }}:389:389
+ - {{ ldap_ip_ext }}:636:636
+
- name: start phpldapadmin docker
- docker_container:
+ docker_container:
name: phpldapadmin-app
image: osixia/phpldapadmin:0.6.11
state: started
restart_policy: always
- env:
+ env:
PHPLDAPADMIN_LDAP_HOSTS: ldap-host
PHPLDAPADMIN_HTTPS: false
PHPLDAPADMIN_TRUST_PROXY_SSL: true
@@ -67,4 +67,3 @@
- ldap-service:ldap-host
ports:
- 127.0.0.1:42004:80
-
diff --git a/webserver/docker_warpinfra/templates/config.ini b/webserver/docker_warpinfra/templates/config.ini
index 90a48621..a68e2a3c 100644
--- a/webserver/docker_warpinfra/templates/config.ini
+++ b/webserver/docker_warpinfra/templates/config.ini
@@ -1,6 +1,6 @@
-[common]
-# Possible Apps: warpmain, warpauth, warpfood, warpapi, warppay
+[common]
+# Possible Apps: warpmain, warpauth, warpfood, warpapi, warppay
APPS = warpmain, warpauth, warpfood
INSTANCE_NAME = 'EXTERN-PRODUKTIV'
@@ -19,14 +19,14 @@ ALLOWED_HOSTS = infra.warpzone.ms
API_KEY = {{mattermost_api_key}}
[mysql]
-MYSQL_HOST = db
-MYSQL_PORT = 3306
+MYSQL_HOST = db
+MYSQL_PORT = 3306
MYSQL_USER = warpinfra
MYSQL_PASS = {{ mysql_user_pw }}
MYSQL_NAME = warpinfra
[ldap]
-LDAP_HOST = 10.0.20.2
+LDAP_HOST = {{ ldap_ip_ext }}
LDAP_BIND_DN = cn=admin,dc=warpzone,dc=ms
LDAP_PASSWORD = {{ ldap_admin_pass }}
diff --git a/webserver/docker_warpinfratest/templates/config.ini b/webserver/docker_warpinfratest/templates/config.ini
index dc846db6..9b83d651 100644
--- a/webserver/docker_warpinfratest/templates/config.ini
+++ b/webserver/docker_warpinfratest/templates/config.ini
@@ -1,6 +1,6 @@
-[common]
-# Possible Apps: warpmain, warpauth, warpfood, warpapi, warppay
+[common]
+# Possible Apps: warpmain, warpauth, warpfood, warpapi, warppay
APPS = warpmain, warpauth, warpfood, warpapi
INSTANCE_NAME = 'EXTERN-TEST'
@@ -19,14 +19,14 @@ ALLOWED_HOSTS = infra.warpzone.ms
API_KEY = {{mattermost_api_key}}
[mysql]
-MYSQL_HOST = db
-MYSQL_PORT = 3306
+MYSQL_HOST = db
+MYSQL_PORT = 3306
MYSQL_USER = warpinfra
MYSQL_PASS = {{ mysql_user_pw }}
MYSQL_NAME = warpinfra
[ldap]
-LDAP_HOST = 10.0.20.2
+LDAP_HOST = {{ ldap_ip_ext }}
LDAP_BIND_DN = cn=admin,dc=warpzone,dc=ms
LDAP_PASSWORD = {{ ldap_admin_pass }}
diff --git a/webserver/openvpn/templates/warpzone-up.sh b/webserver/openvpn/templates/warpzone-up.sh
index bb922e2b..2a0ca208 100644
--- a/webserver/openvpn/templates/warpzone-up.sh
+++ b/webserver/openvpn/templates/warpzone-up.sh
@@ -2,6 +2,5 @@
# the interface name is passed as first argument ($1)
#modprobe ip_tables
-#iptables -t nat -I PREROUTING -p tcp -d 10.0.20.2/32 --dport 389 -j DNAT --to-destination 127.0.0.1:389
-#iptables -t nat -I PREROUTING -p tcp -d 10.0.20.2/32 --dport 636 -j DNAT --to-destination 127.0.0.1:636
-
+#iptables -t nat -I PREROUTING -p tcp -d {{ ldap_ip_ext }}/32 --dport 389 -j DNAT --to-destination 127.0.0.1:389
+#iptables -t nat -I PREROUTING -p tcp -d {{ ldap_ip_ext }}/32 --dport 636 -j DNAT --to-destination 127.0.0.1:636
--
GitLab