From a3d9b6c762172e0edca5f24100262c919f6d0f4c Mon Sep 17 00:00:00 2001
From: Christian Elberfeld <christian.elberfeld@adesso.de>
Date: Thu, 30 Jan 2020 02:17:51 +0100
Subject: [PATCH] upgrade ldap docker, vorbereitung replikation
---
common/docker_ldap/tasks/main.yml | 10 +++++--
common/docker_ldap/templates/Dockerfile | 6 ++++
.../docker_ldap/templates/docker-compose.yml | 30 ++++++++++++++++---
.../templates/syncrepl_exporter.yml | 10 +++++++
.../includes/verwaltung-ldap.warpzone.ms | 9 ++++--
site.yml | 3 +-
6 files changed, 58 insertions(+), 10 deletions(-)
create mode 100644 common/docker_ldap/templates/Dockerfile
create mode 100644 common/docker_ldap/templates/syncrepl_exporter.yml
diff --git a/common/docker_ldap/tasks/main.yml b/common/docker_ldap/tasks/main.yml
index c2da4149..5f38edd0 100644
--- a/common/docker_ldap/tasks/main.yml
+++ b/common/docker_ldap/tasks/main.yml
@@ -16,10 +16,14 @@
- name: Docker Compose Konfig-Datei erstellen
template:
- src: "docker-compose.yml"
- dest: "/srv/ldap/docker-compose.yml"
+ src: "{{ item }}"
+ dest: "/srv/ldap/{{ item }}"
+ with_items:
+ - docker-compose.yml
+ - Dockerfile
+ - syncrepl_exporter.yml
- name: start openldap docker
- docker_service:
+ docker_compose:
project_src: /srv/ldap/
state: present
diff --git a/common/docker_ldap/templates/Dockerfile b/common/docker_ldap/templates/Dockerfile
new file mode 100644
index 00000000..6c03ac22
--- /dev/null
+++ b/common/docker_ldap/templates/Dockerfile
@@ -0,0 +1,6 @@
+FROM golang:1.13.5
+
+RUN go get github.com/ThoreKr/syncrepl_exporter
+
+EXPOSE 9328
+CMD ["/go/bin/syncrepl_exporter","--path.config=/syncrepl_exporter.yml"]
diff --git a/common/docker_ldap/templates/docker-compose.yml b/common/docker_ldap/templates/docker-compose.yml
index 41e4326d..59a50da1 100644
--- a/common/docker_ldap/templates/docker-compose.yml
+++ b/common/docker_ldap/templates/docker-compose.yml
@@ -4,15 +4,24 @@ version: "3"
services:
openldap:
- image: osixia/openldap:1.2.2
+ image: osixia/openldap:1.3.0
restart: always
command: --loglevel debug
+# hostname: {{ inventory_hostname }}-sync
network_mode: host
+ extra_hosts:
+ - "webserver-sync{% if inventory_hostname == "webserver" %}-dummy{% endif %}:{{ hostvars['webserver'].int_ip4 }}"
+ - "warpsrvint-sync{% if inventory_hostname == "warpsrvint" %}-dummy{% endif %}:{{ hostvars['warpsrvint'].int_ip4 }}"
+ - "verwaltung-sync{% if inventory_hostname == "verwaltung" %}-dummy{% endif %}:{{ hostvars['verwaltung'].int_ip4 }}"
volumes:
- /srv/ldap/database:/var/lib/ldap
- /srv/ldap/config:/etc/ldap/slapd.d
+# ports:
+# - {{ int_ip4 }}:389:389
+# - {{ int_ip4 }}:636:636
environment:
- HOSTNAME={{ int_ip4 }}
+# - HOSTNAME={{ inventory_hostname }}-sync
- LDAP_BACKEND=hdb
- LDAP_ORGANISATION={{ ldap_org }}
- LDAP_DOMAIN={{ ldap_domain }}
@@ -22,11 +31,12 @@ services:
- LDAP_READONLY_USER_USERNAME=readonly
- LDAP_READONLY_USER_PASSWORD={{ ldap_readonly_pass }}
- LDAP_TLS_VERIFY_CLIENT=never
- - LDAP_REPLICATION=true
- - LDAP_REPLICATION_HOSTS=#PYTHON2BASH:['ldap://{{ hostvars['webserver'].int_ip4 }}','ldap://{{ hostvars['warpsrvint'].int_ip4 }}']
+ - LDAP_REPLICATION=false
+# - LDAP_REPLICATION=true
+# - LDAP_REPLICATION_HOSTS=#PYTHON2BASH:['ldap://webserver-sync','ldap://warpsrvint-sync','ldap://verwaltung-sync']
phpldapadmin:
- image: osixia/phpldapadmin:0.7.2
+ image: osixia/phpldapadmin:0.9.0
restart: always
depends_on:
- openldap
@@ -34,5 +44,17 @@ services:
- 127.0.0.1:42004:80
environment:
- PHPLDAPADMIN_LDAP_HOSTS={{ int_ip4 }}
+# - PHPLDAPADMIN_LDAP_HOSTS=openldap
- PHPLDAPADMIN_HTTPS=false
- PHPLDAPADMIN_TRUST_PROXY_SSL=true
+
+# syncreplexporter:
+# build: .
+# image: "syncreplexporter--{{ ansible_date_time.date }}--{{ ansible_date_time.hour }}-{{ ansible_date_time.minute }}-{{ ansible_date_time.second }}"
+# restart: always
+# depends_on:
+# - openldap
+# volumes:
+# - /srv/ldap/syncrepl_exporter.yml:/syncrepl_exporter.yml
+# ports:
+# - {{ int_ip4 }}:9328:9328
diff --git a/common/docker_ldap/templates/syncrepl_exporter.yml b/common/docker_ldap/templates/syncrepl_exporter.yml
new file mode 100644
index 00000000..d0419a1a
--- /dev/null
+++ b/common/docker_ldap/templates/syncrepl_exporter.yml
@@ -0,0 +1,10 @@
+---
+
+ ldap:
+ host: 'openldap'
+ port: '636'
+ basedn: '{{ ldap_base_dn }}'
+ starttls: false
+ bind: true
+ bindcn: '{{ ldap_readonly_bind_dn }}'
+ bindpass: '{{ ldap_readonly_pass }}'
diff --git a/common/nginx/includes/verwaltung-ldap.warpzone.ms b/common/nginx/includes/verwaltung-ldap.warpzone.ms
index d4ef0db9..706f6591 100644
--- a/common/nginx/includes/verwaltung-ldap.warpzone.ms
+++ b/common/nginx/includes/verwaltung-ldap.warpzone.ms
@@ -1,4 +1,9 @@
- location / {
- rewrite ^(.*) https://ldap.warpzone.ms$1;
+ location / {
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+
+ proxy_pass http://127.0.0.1:42004/;
+ proxy_redirect off;
+
}
diff --git a/site.yml b/site.yml
index e3c7a073..8165d989 100644
--- a/site.yml
+++ b/site.yml
@@ -26,7 +26,7 @@
- { role: common/borgserver, tags: borgserver }
- { role: common/docker, tags: docker }
- { role: common/telegraf, tags: telegraf }
- - { role: common/docker_ldap, tags: ldap }
+# - { role: common/docker_ldap, tags: ldap }
- { role: common/nginx, tags: nginx }
- { role: warpsrvint/docker_grafana, tags: grafana }
- { role: warpsrvint/docker_influx, tags: influx }
@@ -80,6 +80,7 @@
- { role: common/docker, tags: docker }
- { role: common/nginx, tags: nginx }
- { role: common/openvpn, tags: openvpn }
+# - { role: common/docker_ldap, tags: ldap }
- { role: verwaltung/docker_gitea, tags: gitea }
- { role: verwaltung/docker_nextcloud, tags: nextcloud }
- { role: verwaltung/docker_mysql, tags: mysql }
--
GitLab