From fc9d71f1bc4e93c1c6c54eb5495cc68cf493f810 Mon Sep 17 00:00:00 2001 From: Christian Elberfeld <elberfeld@web.de> Date: Wed, 4 Apr 2018 22:23:38 +0200 Subject: [PATCH] experimentelle jabber anbindung des test-jabbers --- group_vars/all | 3 +++ webserver/docker_jabber_test/tasks/main.yaml | 17 +++++++++++++++++ .../templates/docker-compose.yml | 11 +++++++++++ .../templates/prosody.cfg.lua | 9 ++++++--- .../docker_jabber_test/templates/prosody.conf | 2 ++ .../docker_jabber_test/templates/saslauthd.conf | 6 ++++++ 6 files changed, 45 insertions(+), 3 deletions(-) create mode 100644 webserver/docker_jabber_test/templates/prosody.conf create mode 100644 webserver/docker_jabber_test/templates/saslauthd.conf diff --git a/group_vars/all b/group_vars/all index 597cc00a..6321239b 100644 --- a/group_vars/all +++ b/group_vars/all @@ -5,3 +5,6 @@ ldap_ip_ext: 10.0.20.2 # int ist noch ungenutzt / später replikation in der Zone ldap_ip_int: 10.0.20.2 + +ldap_base_dn: DC=warpzone,DC=ms +ldap_readonly_bind_dn: CN=readonly,DC=warpzone,DC=ms \ No newline at end of file diff --git a/webserver/docker_jabber_test/tasks/main.yaml b/webserver/docker_jabber_test/tasks/main.yaml index 3df9d398..9955ea4f 100644 --- a/webserver/docker_jabber_test/tasks/main.yaml +++ b/webserver/docker_jabber_test/tasks/main.yaml @@ -1,4 +1,5 @@ --- +# Create folders - name: create folder struct for jabber_test file: path: "{{ item }}" @@ -16,17 +17,33 @@ with_items: - "/srv/jabber_test/logs" - "/srv/jabber_test/data" + - "/srv/jabber_test/saslauthd" +# Get secrets +- include: ../functions/get_secret.yml + with_items: + - { path: /srv/ldap/secret/ldap_readonly_pass, length: 24 } + +# create files - name: Docker Konfig-Datei erstellen template: src: "docker-compose.yml" dest: "/srv/jabber_test/docker-compose.yml" +- name: SASL Configs anlegen + template: + src: "{{item}}" + dest: "/srv/jabber_test/{{item}}" + with_items: + - "saslauthd.conf" + - "prosody.conf" + - name: Prosody Config anlegen template: src: "prosody.cfg.lua" dest: "/srv/jabber_test/etc/prosody.cfg.lua" +# start docker - name: start jabber-test docker docker_service: project_src: /srv/jabber_test/ diff --git a/webserver/docker_jabber_test/templates/docker-compose.yml b/webserver/docker_jabber_test/templates/docker-compose.yml index df37182c..e31c1ed6 100644 --- a/webserver/docker_jabber_test/templates/docker-compose.yml +++ b/webserver/docker_jabber_test/templates/docker-compose.yml @@ -3,6 +3,14 @@ version: "3" services: + auth: + + image: dweomer/saslauthd + restart: always + volumes: + - /srv/jabber_test/saslauthd.conf:/etc/saslauthd.conf:ro + - /srv/jabber_test/saslauthd:/var/run/saslauthd + app: image: prosody/prosody:0.10 @@ -21,3 +29,6 @@ services: - /etc/ssl/fullchain.pem:/etc/prosody/certs/muc.jabber-test.warpzone.ms.crt - /etc/ssl/key.pem:/etc/prosody/certs/proxy.jabber-test.warpzone.ms.key - /etc/ssl/fullchain.pem:/etc/prosody/certs/proxy.jabber-test.warpzone.ms.crt + # sasl2 auth mounts + - /srv/jabber_test/prosody.conf:/usr/lib/sasl/prosody.conf + - /srv/jabber_test/saslauthd:/var/run/saslauthd diff --git a/webserver/docker_jabber_test/templates/prosody.cfg.lua b/webserver/docker_jabber_test/templates/prosody.cfg.lua index 3f0d11a2..e53d8a92 100644 --- a/webserver/docker_jabber_test/templates/prosody.cfg.lua +++ b/webserver/docker_jabber_test/templates/prosody.cfg.lua @@ -117,7 +117,10 @@ s2s_secure_auth = false -- server please see https://prosody.im/doc/modules/mod_auth_internal_hashed -- for information about using the hashed backend. -authentication = "internal_hashed" +-- authentication = "internal_hashed" + +authentication = "cyrus" +cyrus_service_name = "xmpp" -- Optional, defaults to "xmpp" -- Select the storage backend to use. By default Prosody uses flat files -- in its configured data directory, but it also supports more backends @@ -148,8 +151,8 @@ archive_expires_after = "1w" -- Remove archived messages after 1 week log = { info = "/var/log/prosody/prosody.log"; -- Change 'info' to 'debug' for verbose logging error = "/var/log/prosody/prosody.err"; - info = "*console"; -- Log to the console - -- "*console"; -- Log to the console, useful for debugging with daemonize=false + -- info = "*console"; -- Log to the console + "*console"; -- Log to the console, useful for debugging with daemonize=false -- "*syslog"; -- Uncomment this for logging to syslog } diff --git a/webserver/docker_jabber_test/templates/prosody.conf b/webserver/docker_jabber_test/templates/prosody.conf new file mode 100644 index 00000000..f2e18cef --- /dev/null +++ b/webserver/docker_jabber_test/templates/prosody.conf @@ -0,0 +1,2 @@ +pwcheck_method: saslauthd +mech_list: PLAIN \ No newline at end of file diff --git a/webserver/docker_jabber_test/templates/saslauthd.conf b/webserver/docker_jabber_test/templates/saslauthd.conf new file mode 100644 index 00000000..875362ab --- /dev/null +++ b/webserver/docker_jabber_test/templates/saslauthd.conf @@ -0,0 +1,6 @@ + +ldap_servers: ldap://{{ ldap_ip_ext }} +ldap_search_base: {{ ldap_base_dn }} +ldap_filter: (&(objectClass=inetOrgPerson)(memberof=CN=active,OU=groups,{{ ldap_base_dn }})(uid=%u)) +ldap_bind_dn: {{ ldap_readonly_bind_dn }} +ldap_password: {{ ldap_readonly_pass }} -- GitLab