Skip to content
Snippets Groups Projects
Commit 0bf0fde3 authored by void's avatar void
Browse files

rückbau ldap synchronisation

parent 3d019a51
No related branches found
No related tags found
No related merge requests found
...@@ -7,11 +7,6 @@ services: ...@@ -7,11 +7,6 @@ services:
image: osixia/openldap:1.3.0 image: osixia/openldap:1.3.0
restart: always restart: always
command: --loglevel debug command: --loglevel debug
hostname: {{ inventory_hostname }}-sync
extra_hosts:
- "webserver-sync{% if inventory_hostname == "webserver" %}-dummy{% endif %}:{{ hostvars['webserver'].int_ip4 }}"
- "warpsrvint-sync{% if inventory_hostname == "warpsrvint" %}-dummy{% endif %}:{{ hostvars['warpsrvint'].int_ip4 }}"
- "verwaltung-sync{% if inventory_hostname == "verwaltung" %}-dummy{% endif %}:{{ hostvars['verwaltung'].int_ip4 }}"
volumes: volumes:
- /srv/ldap/database:/var/lib/ldap - /srv/ldap/database:/var/lib/ldap
- /srv/ldap/config:/etc/ldap/slapd.d - /srv/ldap/config:/etc/ldap/slapd.d
...@@ -29,8 +24,6 @@ services: ...@@ -29,8 +24,6 @@ services:
- LDAP_READONLY_USER_USERNAME=readonly - LDAP_READONLY_USER_USERNAME=readonly
- LDAP_READONLY_USER_PASSWORD={{ ldap_readonly_pass }} - LDAP_READONLY_USER_PASSWORD={{ ldap_readonly_pass }}
- LDAP_TLS_VERIFY_CLIENT=never - LDAP_TLS_VERIFY_CLIENT=never
- LDAP_REPLICATION=true
- LDAP_REPLICATION_HOSTS=#PYTHON2BASH:['ldap://webserver-sync','ldap://warpsrvint-sync','ldap://verwaltung-sync']
networks: networks:
- default - default
...@@ -53,21 +46,7 @@ services: ...@@ -53,21 +46,7 @@ services:
- default - default
- web - web
syncreplexporter:
build: .
image: "syncreplexporter--{{ ansible_date_time.date }}--{{ ansible_date_time.hour }}-{{ ansible_date_time.minute }}-{{ ansible_date_time.second }}"
restart: always
depends_on:
- openldap
volumes:
- /srv/ldap/syncrepl_exporter.yml:/syncrepl_exporter.yml
ports:
- {{ int_ip4 }}:9328:9328
networks:
- default
networks: networks:
web: web:
external: true external: true
...@@ -7,8 +7,6 @@ ldap_port_secure: 636 ...@@ -7,8 +7,6 @@ ldap_port_secure: 636
# IP Adresse des LDAP Servers # IP Adresse des LDAP Servers
# Extern läuft auf dem webserver # Extern läuft auf dem webserver
ldap_ip_ext: 10.42.1.1 ldap_ip_ext: 10.42.1.1
# int ist noch ungenutzt / später replikation in der Zone
ldap_ip_int: 10.42.1.1
# Basis-Informationen der LDAP Konfiguration # Basis-Informationen der LDAP Konfiguration
...@@ -95,8 +93,6 @@ matrix: ...@@ -95,8 +93,6 @@ matrix:
monitoring: monitoring:
internal_ldap_servers: internal_ldap_servers:
- webserver - webserver
- verwaltung
- warpsrvint
external_dns_servers: external_dns_servers:
- { ip: "1.1.1.1", name: "Cloudflare" } - { ip: "1.1.1.1", name: "Cloudflare" }
- { ip: "8.8.8.8", name: "Google" } - { ip: "8.8.8.8", name: "Google" }
......
...@@ -33,7 +33,6 @@ webserver_domains: ...@@ -33,7 +33,6 @@ webserver_domains:
- "verwaltung.warpzone.ms" - "verwaltung.warpzone.ms"
- "verwaltung-git.warpzone.ms" - "verwaltung-git.warpzone.ms"
- "verwaltung-jameica.warpzone.ms" - "verwaltung-jameica.warpzone.ms"
- "verwaltung-ldap.warpzone.ms"
#OpenVPN Konfigurationen #OpenVPN Konfigurationen
...@@ -73,9 +72,6 @@ alert: ...@@ -73,9 +72,6 @@ alert:
- { name: "jameica-vnc_ldap_auth_1" } - { name: "jameica-vnc_ldap_auth_1" }
- { name: "jameica-vnc_nginx_1" } - { name: "jameica-vnc_nginx_1" }
- { name: "jameica-vnc_vnc_1" } - { name: "jameica-vnc_vnc_1" }
- { name: "ldap_openldap_1" }
- { name: "ldap_phpldapadmin_1" }
- { name: "ldap_syncreplexporter_1" }
- { name: "mysql_app_1" } - { name: "mysql_app_1" }
- { name: "nextcloud_app_1" } - { name: "nextcloud_app_1" }
- { name: "nextcloud_mysql_1" } - { name: "nextcloud_mysql_1" }
......
...@@ -91,7 +91,6 @@ alert: ...@@ -91,7 +91,6 @@ alert:
- { name: "keycloak_sync-group-active_1" } - { name: "keycloak_sync-group-active_1" }
- { name: "ldap_openldap_1" } - { name: "ldap_openldap_1" }
- { name: "ldap_phpldapadmin_1" } - { name: "ldap_phpldapadmin_1" }
- { name: "ldap_syncreplexporter_1" }
- { name: "mail_dovecot-mailcow_1" } - { name: "mail_dovecot-mailcow_1" }
- { name: "mail_dockerapi-mailcow_1" } - { name: "mail_dockerapi-mailcow_1" }
- { name: "mail_ipv6nat-mailcow_1" } - { name: "mail_ipv6nat-mailcow_1" }
......
...@@ -199,14 +199,10 @@ ...@@ -199,14 +199,10 @@
servicename: dockerstats, servicename: dockerstats,
basedir: /srv/dockerstats basedir: /srv/dockerstats
} }
- {
role: common/docker_ldap, tags: ldap,
servicename: "ldap",
domain: "verwaltung-ldap.warpzone.ms"
}
- { - {
role: common/docker_traefik, tags: traefik, role: common/docker_traefik, tags: traefik,
servicename: traefik, servicename: traefik,
basedir: /srv/traefik,
domain: "warpzone.ms", domain: "warpzone.ms",
domain_default: "www.warpzone.ms" domain_default: "www.warpzone.ms"
} }
......
...@@ -23,7 +23,7 @@ services: ...@@ -23,7 +23,7 @@ services:
environment: environment:
LOG_LEVEL: "info" LOG_LEVEL: "info"
LISTEN: ":8888" LISTEN: ":8888"
LDAP_SERVER: "ldap://{{ int_ip4 }}" LDAP_SERVER: "ldap://{{ ldap_ip_ext }}"
LDAP_BASE: "{{ ldap_base_dn }}" LDAP_BASE: "{{ ldap_base_dn }}"
LDAP_BIND_DN: "{{ ldap_readonly_bind_dn }}" LDAP_BIND_DN: "{{ ldap_readonly_bind_dn }}"
LDAP_BIND_PASSWORD: "{{ ldap_readonly_pass }}" LDAP_BIND_PASSWORD: "{{ ldap_readonly_pass }}"
......
...@@ -18,150 +18,8 @@ apply Service "ldap_ok" { ...@@ -18,150 +18,8 @@ apply Service "ldap_ok" {
assign where host.name == "{{host}}" && host.vars.is_ldapserver == "True" assign where host.name == "{{host}}" && host.vars.is_ldapserver == "True"
} }
apply Service "ldap_metrics_up" {
import "generic-service"
check_command = "check_prometheus"
enable_perfdata = false
vars.QUERY = "openldap_up{job=\"{{host}}_ldap\"}"
vars.NAME = "LDAP metrics up"
vars.TYPE = "vector"
vars.METHOD = "ne"
vars.WARNING = "1"
vars.CRITICAL = "1"
groups = [ "ldap","prometheus" ]
assign where host.name == "{{host}}" && host.vars.is_ldapserver == "True"
}
apply Service "ldap_syncrepl_lag" {
import "generic-service"
check_command = "check_prometheus"
enable_perfdata = true
vars.QUERY = "openldap_syncrepl_lag{job=\"{{host}}_ldap\"}"
vars.NAME = "SyncRepl Lag (seconds)"
vars.TYPE = "vector"
vars.METHOD = "gt"
vars.WARNING = "5"
vars.CRITICAL = "120"
groups = [ "ldap","prometheus" ]
assign where host.name == "{{host}}" && host.vars.is_ldapserver == "True"
}
{% endfor %} {% endfor %}
apply Service "ldap_syncrepl_webserver1_webserver2" {
import "generic-service"
check_command = "check_prometheus"
enable_perfdata = true
vars.QUERY = "scalar(sum(openldap_contextCSN{job=\"webserver1_ldap\"})) - scalar(sum(openldap_contextCSN{job=\"webserver2_ldap\"}))"
vars.NAME = "ContextCSN diff"
vars.TYPE = "scalar"
vars.METHOD = "gt"
vars.WARNING = "5"
vars.CRITICAL = "110"
groups = [ "ldap","prometheus" ]
assign where host.name == "webserver1"
}
apply Service "ldap_syncrepl_webserver1_intserver" {
import "generic-service"
check_command = "check_prometheus"
enable_perfdata = true
vars.QUERY = "scalar(sum(openldap_contextCSN{job=\"webserver1_ldap\"})) - scalar(sum(openldap_contextCSN{job=\"intserver_ldap\"}))"
vars.NAME = "ContextCSN diff"
vars.TYPE = "scalar"
vars.METHOD = "gt"
vars.WARNING = "5"
vars.CRITICAL = "110"
groups = [ "ldap","prometheus" ]
assign where host.name == "webserver1"
}
apply Service "ldap_syncrepl_webserver2_webserver1" {
import "generic-service"
check_command = "check_prometheus"
enable_perfdata = true
vars.QUERY = "scalar(sum(openldap_contextCSN{job=\"webserver2_ldap\"})) - scalar(sum(openldap_contextCSN{job=\"webserver1_ldap\"}))"
vars.NAME = "ContextCSN diff"
vars.TYPE = "scalar"
vars.METHOD = "gt"
vars.WARNING = "5"
vars.CRITICAL = "110"
groups = [ "ldap","prometheus" ]
assign where host.name == "webserver2"
}
apply Service "ldap_syncrepl_webserver2_intserver" {
import "generic-service"
check_command = "check_prometheus"
enable_perfdata = true
vars.QUERY = "scalar(sum(openldap_contextCSN{job=\"webserver2_ldap\"})) - scalar(sum(openldap_contextCSN{job=\"intserver_ldap\"}))"
vars.NAME = "ContextCSN diff"
vars.TYPE = "scalar"
vars.METHOD = "gt"
vars.WARNING = "5"
vars.CRITICAL = "110"
groups = [ "ldap","prometheus" ]
assign where host.name == "webserver2"
}
apply Service "ldap_syncrepl_intserver_webserver1" {
import "generic-service"
check_command = "check_prometheus"
enable_perfdata = true
vars.QUERY = "scalar(sum(openldap_contextCSN{job=\"intserver_ldap\"})) - scalar(sum(openldap_contextCSN{job=\"webserver1_ldap\"}))"
vars.NAME = "ContextCSN diff"
vars.TYPE = "scalar"
vars.METHOD = "gt"
vars.WARNING = "5"
vars.CRITICAL = "110"
groups = [ "ldap","prometheus" ]
assign where host.name == "intsserver"
}
apply Service "ldap_syncrepl_intserver_webserver2" {
import "generic-service"
check_command = "check_prometheus"
enable_perfdata = true
vars.QUERY = "scalar(sum(openldap_contextCSN{job=\"intserver_ldap\"})) - scalar(sum(openldap_contextCSN{job=\"webserver2_ldap\"}))"
vars.NAME = "ContextCSN diff"
vars.TYPE = "scalar"
vars.METHOD = "gt"
vars.WARNING = "5"
vars.CRITICAL = "110"
groups = [ "ldap","prometheus" ]
assign where host.name == "intserver"
}
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment