Skip to content
Snippets Groups Projects
Commit 4de63dfd authored by void's avatar void
Browse files
parents f7a010c6 e1d2b668
No related branches found
No related tags found
No related merge requests found
# Globale Variablen für alle Server
# Globale Variablen für alle Server
# IP Adresse des LDAP Servers
# Extern läuft auf dem webserver
ldap_ip_ext: 10.0.20.2
# int ist noch ungenutzt / später replikation in der Zone
ldap_ip_int: 10.0.20.2
......@@ -3,7 +3,7 @@ verbose_logging = false
[[servers]]
# Ldap server host (specify multiple hosts space separated)
host = "10.0.20.2"
host = "{{ ldap_ip_ext }}"
# Default port is 389 or 636 if use_ssl = true
port = 389
# Set to true if ldap server supports TLS
......
[common]
# Possible Apps: warpmain, warpauth, warpfood, warpapi, warppay
[common]
# Possible Apps: warpmain, warpauth, warpfood, warpapi, warppay
APPS = warpmain, warpauth, warppay
INSTANCE_NAME = 'INTERN-PRODUKTIV'
......@@ -19,14 +19,14 @@ ALLOWED_HOSTS = infra.warpzone
API_KEY = ''
[mysql]
MYSQL_HOST = mysql
MYSQL_PORT = 3306
MYSQL_HOST = mysql
MYSQL_PORT = 3306
MYSQL_USER = warpinfra
MYSQL_PASS = {{ mysql_user_pw }}
MYSQL_NAME = warpinfra
[ldap]
LDAP_HOST = 10.0.20.2
LDAP_HOST = {{ ldap_ip_ext }}
LDAP_BIND_DN = cn=admin,dc=warpzone,dc=ms
LDAP_PASSWORD = {{ ldap_admin_pass }}
......
[common]
# Possible Apps: warpmain, warpauth, warpfood, warpapi, warppay
[common]
# Possible Apps: warpmain, warpauth, warpfood, warpapi, warppay
APPS = warpmain, warpauth, warppay
INSTANCE_NAME = 'INTERN-TEST'
......@@ -19,14 +19,14 @@ ALLOWED_HOSTS = infra-test.warpzone
API_KEY = ''
[mysql]
MYSQL_HOST = db
MYSQL_PORT = 3306
MYSQL_HOST = db
MYSQL_PORT = 3306
MYSQL_USER = warpinfra
MYSQL_PASS = {{ mysql_user_pw }}
MYSQL_NAME = warpinfra
[ldap]
LDAP_HOST = 10.0.20.2
LDAP_HOST = {{ ldap_ip_ext }}
LDAP_BIND_DN = cn=admin,dc=warpzone,dc=ms
LDAP_PASSWORD = {{ ldap_admin_pass }}
......
......@@ -5,7 +5,7 @@ services:
app:
image: gitlab/gitlab-ce:9.5.8-ce.0
image: gitlab/gitlab-ce:10.0.3-ce.0
restart: always
ports:
- 0.0.0.0:444:22
......
......@@ -92,7 +92,7 @@ gitlab_rails['gitlab_default_projects_features_issues'] = false
ldap_servers_template = <<-'EOS'
main:
label: 'LDAP'
host: '10.0.20.2'
host: '{{ ldap_ip_ext }}'
port: 389
uid: 'uid'
method: 'plain'
......@@ -108,7 +108,7 @@ ldap_servers_template = <<-'EOS'
last_name: 'sn'
EOS
# Replace LDAP Server IP fron Environment variable
# Replace LDAP Server IP fron Environment variable
# which is set by the Docker Link
ldap_servers = ldap_servers_template % ENV['LDAP_PORT_389_TCP_ADDR']
......
---
# Einige Secrets sind auf dem Server lokal gespeichert und werden von dort gelesen
# Auslesen der Dateien vom Server, zwischengespeicert wird in der Variable gitlab_secrets
# Anschließend müssen die entsprechenden Einträge aus gitlab_secrets extrahiert werden
# Die Daten, die von Slurp gelesen werden sind Base64 codiert
# Zur Sicherheit werden Whitespace-Zeichen entfert, damit z.B. Zeilenumbrüche nicht übernommen werden
# Einige Secrets sind auf dem Server lokal gespeichert und werden von dort gelesen
# Auslesen der Dateien vom Server, zwischengespeicert wird in der Variable gitlab_secrets
# Anschließend müssen die entsprechenden Einträge aus gitlab_secrets extrahiert werden
# Die Daten, die von Slurp gelesen werden sind Base64 codiert
# Zur Sicherheit werden Whitespace-Zeichen entfert, damit z.B. Zeilenumbrüche nicht übernommen werden
- name: get secrets from server 1
slurp: src={{ item }}
......@@ -13,27 +13,27 @@
register: ldap_secrets
- name: get secrets from server 2
set_fact:
ldap_admin_pass: "{{ ldap_secrets.results | selectattr('item', 'equalto', '/srv/ldap/secret/ldap_admin_pass') | map(attribute='content') | list | first | b64decode | regex_replace('\\s', '') }}"
ldap_readonly_pass: "{{ ldap_secrets.results | selectattr('item', 'equalto', '/srv/ldap/secret/ldap_readonly_pass') | map(attribute='content') | list | first | b64decode | regex_replace('\\s', '') }}"
set_fact:
ldap_admin_pass: "{{ ldap_secrets.results | selectattr('item', 'equalto', '/srv/ldap/secret/ldap_admin_pass') | map(attribute='content') | list | first | b64decode | regex_replace('\\s', '') }}"
ldap_readonly_pass: "{{ ldap_secrets.results | selectattr('item', 'equalto', '/srv/ldap/secret/ldap_readonly_pass') | map(attribute='content') | list | first | b64decode | regex_replace('\\s', '') }}"
- name: create folder struct for ldap
file:
path: "/srv/ldap"
file:
path: "/srv/ldap"
state: "directory"
- name: create folder struct for ldap
file:
path: "/srv/ldap/database"
file:
path: "/srv/ldap/database"
state: "directory"
- name: create folder struct for ldap
file:
path: "/srv/ldap/config"
file:
path: "/srv/ldap/config"
state: "directory"
- name: start ldap docker
docker_container:
docker_container:
name: ldap-service
image: osixia/openldap:1.1.6
hostname: ldap-service
......@@ -45,21 +45,21 @@
env:
LDAP_ORGANISATION: Warpzone
LDAP_DOMAIN: warpzone.ms
LDAP_ADMIN_PASSWORD: "{{ ldap_admin_pass }}"
LDAP_ADMIN_PASSWORD: "{{ ldap_admin_pass }}"
LDAP_READONLY_USER: true
LDAP_READONLY_USER_USERNAME: readonly
LDAP_READONLY_USER_PASSWORD: "{{ ldap_readonly_pass }}"
ports:
- 10.0.20.2:389:389
- 10.0.20.2:636:636
- {{ ldap_ip_ext }}:389:389
- {{ ldap_ip_ext }}:636:636
- name: start phpldapadmin docker
docker_container:
docker_container:
name: phpldapadmin-app
image: osixia/phpldapadmin:0.6.11
state: started
restart_policy: always
env:
env:
PHPLDAPADMIN_LDAP_HOSTS: ldap-host
PHPLDAPADMIN_HTTPS: false
PHPLDAPADMIN_TRUST_PROXY_SSL: true
......@@ -67,4 +67,3 @@
- ldap-service:ldap-host
ports:
- 127.0.0.1:42004:80
[common]
# Possible Apps: warpmain, warpauth, warpfood, warpapi, warppay
[common]
# Possible Apps: warpmain, warpauth, warpfood, warpapi, warppay
APPS = warpmain, warpauth, warpfood
INSTANCE_NAME = 'EXTERN-PRODUKTIV'
......@@ -19,14 +19,14 @@ ALLOWED_HOSTS = infra.warpzone.ms
API_KEY = {{mattermost_api_key}}
[mysql]
MYSQL_HOST = db
MYSQL_PORT = 3306
MYSQL_HOST = db
MYSQL_PORT = 3306
MYSQL_USER = warpinfra
MYSQL_PASS = {{ mysql_user_pw }}
MYSQL_NAME = warpinfra
[ldap]
LDAP_HOST = 10.0.20.2
LDAP_HOST = {{ ldap_ip_ext }}
LDAP_BIND_DN = cn=admin,dc=warpzone,dc=ms
LDAP_PASSWORD = {{ ldap_admin_pass }}
......
[common]
# Possible Apps: warpmain, warpauth, warpfood, warpapi, warppay
[common]
# Possible Apps: warpmain, warpauth, warpfood, warpapi, warppay
APPS = warpmain, warpauth, warpfood, warpapi
INSTANCE_NAME = 'EXTERN-TEST'
......@@ -19,14 +19,14 @@ ALLOWED_HOSTS = infra.warpzone.ms
API_KEY = {{mattermost_api_key}}
[mysql]
MYSQL_HOST = db
MYSQL_PORT = 3306
MYSQL_HOST = db
MYSQL_PORT = 3306
MYSQL_USER = warpinfra
MYSQL_PASS = {{ mysql_user_pw }}
MYSQL_NAME = warpinfra
[ldap]
LDAP_HOST = 10.0.20.2
LDAP_HOST = {{ ldap_ip_ext }}
LDAP_BIND_DN = cn=admin,dc=warpzone,dc=ms
LDAP_PASSWORD = {{ ldap_admin_pass }}
......
......@@ -2,6 +2,5 @@
# the interface name is passed as first argument ($1)
#modprobe ip_tables
#iptables -t nat -I PREROUTING -p tcp -d 10.0.20.2/32 --dport 389 -j DNAT --to-destination 127.0.0.1:389
#iptables -t nat -I PREROUTING -p tcp -d 10.0.20.2/32 --dport 636 -j DNAT --to-destination 127.0.0.1:636
#iptables -t nat -I PREROUTING -p tcp -d {{ ldap_ip_ext }}/32 --dport 389 -j DNAT --to-destination 127.0.0.1:389
#iptables -t nat -I PREROUTING -p tcp -d {{ ldap_ip_ext }}/32 --dport 636 -j DNAT --to-destination 127.0.0.1:636
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment