Skip to content
Snippets Groups Projects
Commit ef9833a6 authored by void's avatar void
Browse files

anpassung an neue variablen

parent dcb01d67
No related branches found
No related tags found
No related merge requests found
---
# Einige Secrets sind auf dem Server lokal gespeichert und werden von dort gelesen
# Auslesen der Dateien vom Server, zwischengespeicert wird in der Variable gitlab_secrets
# Anschließend müssen die entsprechenden Einträge aus gitlab_secrets extrahiert werden
# Die Daten, die von Slurp gelesen werden sind Base64 codiert
# Zur Sicherheit werden Whitespace-Zeichen entfert, damit z.B. Zeilenumbrüche nicht übernommen werden
- name: get secrets from server 1
slurp: src={{ item }}
- include_tasks: ../functions/get_secret.yml
with_items:
- /srv/ldap/secret/ldap_admin_pass
- /srv/ldap/secret/ldap_readonly_pass
register: ldap_secrets
- name: get secrets from server 2
set_fact:
ldap_admin_pass: "{{ ldap_secrets.results | selectattr('item', 'equalto', '/srv/ldap/secret/ldap_admin_pass') | map(attribute='content') | list | first | b64decode | regex_replace('\\s', '') }}"
ldap_readonly_pass: "{{ ldap_secrets.results | selectattr('item', 'equalto', '/srv/ldap/secret/ldap_readonly_pass') | map(attribute='content') | list | first | b64decode | regex_replace('\\s', '') }}"
- { path: /srv/ldap/ldap_admin_pass, length: 24 }
- { path: /srv/ldap/ldap_config_pass, length: 24 }
- { path: /srv/ldap/ldap_readonly_pass, length: 24 }
- name: create folder struct for ldap
file:
......
......@@ -6,28 +6,34 @@ services:
openldap:
image: osixia/openldap:1.1.10
restart: always
hostname: "{{ ldap_ip_ext }}"
ports:
- "{{ ldap_ip_ext }}:389:389"
- "{{ ldap_ip_ext }}:636:636"
- "{{ ldap_ip_ext }}:{{ ldap_port_default }}:389"
- "{{ ldap_ip_ext }}:{{ ldap_port_secure }}:636"
volumes:
- /srv/ldap/database:/var/lib/ldap
- /srv/ldap/config:/etc/ldap/slapd.d
environment:
- LDAP_ORGANISATION=Warpzone
- LDAP_DOMAIN=warpzone.ms
- LDAP_ORGANISATION="{{ ldap_org }}"
- LDAP_DOMAIN="{{ ldap_domain }}"
- LDAP_ADMIN_PASSWORD="{{ ldap_admin_pass }}"
- LDAP_CONFIG_PASSWORD="{{ ldap_config_pass }}"
- LDAP_READONLY_USER=true
- LDAP_READONLY_USER_USERNAME=readonly
- LDAP_READONLY_USER_PASSWORD="{{ ldap_readonly_pass }}"
- LDAP_REPLICATION=true
- LDAP_REPLICATION_HOSTS="#PYTHON2BASH:['ldap://{{ ldap_ip_ext }}:{{ ldap_port_default }}']"
phpldapadmin:
image: osixia/phpldapadmin:0.7.1
restart: always
depends_on:
- openldap
ports:
- 127.0.0.1:42004:80
environment:
- PHPLDAPADMIN_LDAP_HOSTS=openldap
- PHPLDAPADMIN_HTTPS=false
- PHPLDAPADMIN_TRUST_PROXY_SSL=true
# - LDAP_REPLICATION_HOSTS="#PYTHON2BASH:['ldap://{{ ldap_ip_ext }}:{{ ldap_port_default }}','ldap://{{ ldap_ip_int }}:{{ ldap_port_default }}']"
phpldapadmin:
image: osixia/phpldapadmin:0.7.1
restart: always
depends_on:
- openldap
ports:
- 127.0.0.1:42004:80
environment:
- PHPLDAPADMIN_LDAP_HOSTS=openldap
- PHPLDAPADMIN_HTTPS=false
- PHPLDAPADMIN_TRUST_PROXY_SSL=true
......@@ -27,23 +27,23 @@ MYSQL_NAME = warpinfra
[ldap]
LDAP_HOST = {{ ldap_ip_ext }}
LDAP_BIND_DN = cn=admin,dc=warpzone,dc=ms
LDAP_BIND_DN = {{ ldap_admin_bind_dn }}
LDAP_PASSWORD = {{ ldap_admin_pass }}
LDAP_USER_SEARCH_PATH = ou=users,dc=warpzone,dc=ms
LDAP_GROUP_SEARCH_PATH = dc=warpzone,dc=ms
LDAP_USER_SEARCH_PATH = ou=users,{{ ldap_base_dn }}
LDAP_GROUP_SEARCH_PATH = {{ ldap_base_dn }}
LDAP_USER_SEARCH_FILTER = (uid=%(user)s)
LDAP_GROUP_IS_ACTIVE = cn=active,ou=groups,dc=warpzone,dc=ms
LDAP_GROUP_IS_STAFF = cn=warpauth-admin,ou=infrastructure,dc=warpzone,dc=ms
LDAP_GROUP_SUPERUSER = cn=warpauth-admin,ou=infrastructure,dc=warpzone,dc=ms
LDAP_GROUP_IS_ACTIVE = cn=active,ou=groups,{{ ldap_base_dn }}
LDAP_GROUP_IS_STAFF = cn=warpauth-admin,ou=infrastructure,{{ ldap_base_dn }}
LDAP_GROUP_SUPERUSER = cn=warpauth-admin,ou=infrastructure,{{ ldap_base_dn }}
[email]
SMTP_HOST = smtp.warpzone.ms
SMTP_PORT = 25
SMTP_USERNAME = noreply@warpzone.ms
SMTP_HOST = {{ smtp_host }}
SMTP_PORT = {{ smtp_port }}
SMTP_USERNAME = {{ noreply_email_user }}
SMTP_PASSWORD = {{ noreply_email_pass }}
SMTP_EMAIL_FROM = infra@warpzone.ms
SMTP_EMAIL_FROM = {{ noreply_email_user }}
SMTP_USE_TLS = True
SUBJECT_PREFIX = ''
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment