diff --git a/webserver/docker_ldap/tasks/main.yml b/common/docker_ldap/tasks/main.yml similarity index 74% rename from webserver/docker_ldap/tasks/main.yml rename to common/docker_ldap/tasks/main.yml index 9e266a160142a13750d4721672428c7f1bad3ee2..c2da41499fb22516bc5e612b98899730fe5fda0f 100644 --- a/webserver/docker_ldap/tasks/main.yml +++ b/common/docker_ldap/tasks/main.yml @@ -2,9 +2,8 @@ - include_tasks: ../functions/get_secret.yml with_items: - - { path: /srv/ldap/ldap_admin_pass, length: 24 } - - { path: /srv/ldap/ldap_config_pass, length: 24 } - - { path: /srv/ldap/ldap_readonly_pass, length: 24 } + - { path: /srv/ldap/secret/ldap_admin_pass, length: 24 } + - { path: /srv/ldap/secret/ldap_readonly_pass, length: 24 } - name: create folder struct for ldap file: diff --git a/common/docker_ldap/templates/docker-compose.yml b/common/docker_ldap/templates/docker-compose.yml new file mode 100644 index 0000000000000000000000000000000000000000..41e4326da1031732baff071af179041f24ba3467 --- /dev/null +++ b/common/docker_ldap/templates/docker-compose.yml @@ -0,0 +1,38 @@ + +version: "3" + +services: + + openldap: + image: osixia/openldap:1.2.2 + restart: always + command: --loglevel debug + network_mode: host + volumes: + - /srv/ldap/database:/var/lib/ldap + - /srv/ldap/config:/etc/ldap/slapd.d + environment: + - HOSTNAME={{ int_ip4 }} + - LDAP_BACKEND=hdb + - LDAP_ORGANISATION={{ ldap_org }} + - LDAP_DOMAIN={{ ldap_domain }} + - LDAP_ADMIN_PASSWORD={{ ldap_admin_pass }} + - LDAP_CONFIG_PASSWORD={{ ldap_admin_pass }} + - LDAP_READONLY_USER=true + - LDAP_READONLY_USER_USERNAME=readonly + - LDAP_READONLY_USER_PASSWORD={{ ldap_readonly_pass }} + - LDAP_TLS_VERIFY_CLIENT=never + - LDAP_REPLICATION=true + - LDAP_REPLICATION_HOSTS=#PYTHON2BASH:['ldap://{{ hostvars['webserver'].int_ip4 }}','ldap://{{ hostvars['warpsrvint'].int_ip4 }}'] + + phpldapadmin: + image: osixia/phpldapadmin:0.7.2 + restart: always + depends_on: + - openldap + ports: + - 127.0.0.1:42004:80 + environment: + - PHPLDAPADMIN_LDAP_HOSTS={{ int_ip4 }} + - PHPLDAPADMIN_HTTPS=false + - PHPLDAPADMIN_TRUST_PROXY_SSL=true diff --git a/common/nginx/includes/verwaltung-ldap.warpzone.ms b/common/nginx/includes/verwaltung-ldap.warpzone.ms new file mode 100644 index 0000000000000000000000000000000000000000..d4ef0db9e083ae07697fb87e9e4ead4874f59959 --- /dev/null +++ b/common/nginx/includes/verwaltung-ldap.warpzone.ms @@ -0,0 +1,4 @@ + + location / { + rewrite ^(.*) https://ldap.warpzone.ms$1; + } diff --git a/group_vars/prod b/group_vars/prod index ce6d6ce39b6e22c0dddd6a3f78eabca5d3857128..156d26d48d1df92c3725afee7f9742686971d719 100644 --- a/group_vars/prod +++ b/group_vars/prod @@ -6,9 +6,9 @@ ldap_port_secure: 636 # IP Adresse des LDAP Servers # Extern läuft auf dem webserver -ldap_ip_ext: 10.0.20.2 +ldap_ip_ext: 10.42.1.1 # int ist noch ungenutzt / später replikation in der Zone -ldap_ip_int: 10.0.20.2 +ldap_ip_int: 10.42.1.1 # Basis-Informationen der LDAP Konfiguration @@ -19,6 +19,12 @@ ldap_admin_bind_dn: cn=admin,dc=warpzone,dc=ms ldap_readonly_bind_dn: cn=readonly,dc=warpzone,dc=ms +# SMTP Settings +smtp_host: smtp.warpzone.ms +smtp_port: 25 +noreply_email_user: noreply@warpzone.ms + + # Zentrale InfluxDb für Systemmonitoring influxdb_sysmon: url: "http://192.168.0.201:18086" diff --git a/group_vars/test b/group_vars/test index abde386c847b5596609cfc4970aa813028a3f0c4..acff2065433164a2e6afb28ffc5758c6290374e3 100644 --- a/group_vars/test +++ b/group_vars/test @@ -21,4 +21,5 @@ ldap_readonly_bind_dn: cn=readonly,dc=warpzone-test,dc=ms # SMTP Settings smtp_host: smtp.warpzone.ms smtp_port: 25 -noreply_email_user: noreply@warpzone.ms +noreply_email_user: test-noreply-test@warpzone.ms + diff --git a/host_vars/verwaltung b/host_vars/verwaltung index 6b6fedb422e00187e377fd0ff46b15aec0402329..1fef3bf47517e1a784952e3e20b052cc71221c9e 100644 --- a/host_vars/verwaltung +++ b/host_vars/verwaltung @@ -33,6 +33,7 @@ host_type: "vm" webserver_domains: - "verwaltung.warpzone.ms" - "verwaltung-git.warpzone.ms" + - "verwaltung-ldap.warpzone.ms" #OpenVPN Konfigurationen diff --git a/host_vars/warpsrvint b/host_vars/warpsrvint index 9275624948e075f716762d54dc8572df1e92d2fd..aba465f7ebc1f9e6eb63fd71eba392058916d4bf 100644 --- a/host_vars/warpsrvint +++ b/host_vars/warpsrvint @@ -24,7 +24,7 @@ debian_keys_url: # Primäre IP Adressen des Hosts #ext_ip4: <keine> #ext_ip6: <keine> -int_ip4: 10.42.3.1 +int_ip4: 192.168.0.201 # Art des Hosts: physical, vm, docker @@ -34,6 +34,7 @@ host_type: "physical" webserver_domains: - "infra" - "infra-test" + - "ldap" administratorenteam: - "void" diff --git a/warpsrvint/main.yml b/warpsrvint/main.yml index 796cbd87d63755b4a51789810a9b829333742e4e..27b789fd0d4c48140d131899025e855f5ab3c9ef 100644 --- a/warpsrvint/main.yml +++ b/warpsrvint/main.yml @@ -7,6 +7,7 @@ - { role: ../common/borgserver, tags: borgserver } - { role: ../common/docker, tags: docker } - { role: ../common/telegraf, tags: telegraf } + - { role: ../common/docker_ldap, tags: ldap } - { role: nginx, tags: nginx } - { role: docker_grafana, tags: grafana } - { role: docker_influx, tags: influx } @@ -14,7 +15,6 @@ - { role: docker_kapacitor, tags: kapacitor } - { role: docker_librenms, tags: librenms } - { role: docker_l4z0r, tags: l4z0r } -# - { role: docker_ldap, tags: ldap } - { role: docker_matestatdb, tags: matestatdb } - { role: docker_mqtt, tags: mqtt } - { role: docker_nodered, tags: nodered } diff --git a/warpsrvint/nginx/includes/ldap b/warpsrvint/nginx/includes/ldap new file mode 100644 index 0000000000000000000000000000000000000000..d37146d7e4dc17ca42230409117341e7cb245dda --- /dev/null +++ b/warpsrvint/nginx/includes/ldap @@ -0,0 +1,13 @@ + + + + location / { + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + + proxy_pass http://127.0.0.1:42004/; + proxy_redirect off; + + } + + diff --git a/webserver-test/main.yml b/webserver-test/main.yml index 74f0f15e92e0aba9bedb5f625bf6dfa25da4a3ce..12dcc535d37c309c12bf73f88ddd49248e427977 100644 --- a/webserver-test/main.yml +++ b/webserver-test/main.yml @@ -5,7 +5,7 @@ roles: - { role: ../common/docker, tags: docker } - { role: ../common/nginx, tags: nginx } - - { role: ../webserver/docker_ldap, tags: ldap } +# - { role: ../webserver/docker_ldap, tags: ldap } - { role: ../webserver/docker_wordpress, tags: wordpress } # - { role: docker_mail, tags: mail } diff --git a/webserver/docker_gitlab/tasks/main.yml b/webserver/docker_gitlab/tasks/main.yml index b321d09bf8e62092e15ed00daccbb83f9342a6df..c9b45df108a1a1f7a6713ce9d5b1995fbad7892d 100644 --- a/webserver/docker_gitlab/tasks/main.yml +++ b/webserver/docker_gitlab/tasks/main.yml @@ -10,7 +10,6 @@ slurp: src={{ item }} with_items: - /srv/shared/noreply_email_pass - - /srv/ldap/secret/ldap_readonly_pass register: gitlab_secrets - name: get secrets from server 2 diff --git a/webserver/docker_ldap/templates/docker-compose.yml b/webserver/docker_ldap/templates/docker-compose.yml deleted file mode 100644 index e72b235041d70a8553b6eb5cbb98f7e4d94030cf..0000000000000000000000000000000000000000 --- a/webserver/docker_ldap/templates/docker-compose.yml +++ /dev/null @@ -1,39 +0,0 @@ - -version: "3" - -services: - - openldap: - image: osixia/openldap:1.1.10 - restart: always - hostname: "{{ ldap_ip_ext }}" - ports: - - "{{ ldap_ip_ext }}:{{ ldap_port_default }}:389" - - "{{ ldap_ip_ext }}:{{ ldap_port_secure }}:636" - volumes: - - /srv/ldap/database:/var/lib/ldap - - /srv/ldap/config:/etc/ldap/slapd.d - environment: - - LDAP_ORGANISATION="{{ ldap_org }}" - - LDAP_DOMAIN="{{ ldap_domain }}" - - LDAP_ADMIN_PASSWORD="{{ ldap_admin_pass }}" - - LDAP_CONFIG_PASSWORD="{{ ldap_config_pass }}" - - LDAP_READONLY_USER=true - - LDAP_READONLY_USER_USERNAME=readonly - - LDAP_READONLY_USER_PASSWORD="{{ ldap_readonly_pass }}" - - LDAP_REPLICATION=true - - LDAP_REPLICATION_HOSTS="#PYTHON2BASH:['ldap://{{ ldap_ip_ext }}:{{ ldap_port_default }}']" - -# - LDAP_REPLICATION_HOSTS="#PYTHON2BASH:['ldap://{{ ldap_ip_ext }}:{{ ldap_port_default }}','ldap://{{ ldap_ip_int }}:{{ ldap_port_default }}']" - - phpldapadmin: - image: osixia/phpldapadmin:0.7.1 - restart: always - depends_on: - - openldap - ports: - - 127.0.0.1:42004:80 - environment: - - PHPLDAPADMIN_LDAP_HOSTS=openldap - - PHPLDAPADMIN_HTTPS=false - - PHPLDAPADMIN_TRUST_PROXY_SSL=true diff --git a/webserver/main.yml b/webserver/main.yml index e640968d1352d2c84e1b5dc62c8d4f1dc0734ce6..fc65aac318d7cc0a41159c49ca4de35c885b03cd 100644 --- a/webserver/main.yml +++ b/webserver/main.yml @@ -8,13 +8,13 @@ - { role: ../common/telegraf, tags: telegraf } - { role: ../common/nginx, tags: nginx } - { role: ../common/openvpn, tags: openvpn } + - { role: ../common/docker_ldap, tags: ldap } - { role: docker_alerta, tags: alerta } - { role: docker_dokuwiki, tags: dokuwiki } - { role: docker_etherpad, tags: etherpad } - { role: docker_gitlab, tags: gitlab } - { role: docker_hackmd, tags: hackmd } - { role: docker_jabber, tags: jabber } - - { role: docker_ldap, tags: ldap } - { role: docker_keycloak, tags: keycloak } - { role: docker_matterbridge, tags: matterbridge } - { role: docker_warpinfra, tags: warpinfra }