From 0bf0fde356f880d2e8e93d5c89fa3ad0cb99b50c Mon Sep 17 00:00:00 2001
From: Christian Elberfeld <elberfeld@web.de>
Date: Sat, 26 Nov 2022 22:56:07 +0100
Subject: [PATCH] =?UTF-8?q?r=C3=BCckbau=20ldap=20synchronisation?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
.../docker_ldap/templates/docker-compose.yml | 21 ---
group_vars/prod | 4 -
host_vars/verwaltung | 4 -
host_vars/webserver | 1 -
site.yml | 6 +-
.../templates/docker-compose.yml | 2 +-
.../etc/icinga/conf.d/services_ldap.conf | 142 ------------------
7 files changed, 2 insertions(+), 178 deletions(-)
diff --git a/common/docker_ldap/templates/docker-compose.yml b/common/docker_ldap/templates/docker-compose.yml
index c5f290a1..0a0de584 100644
--- a/common/docker_ldap/templates/docker-compose.yml
+++ b/common/docker_ldap/templates/docker-compose.yml
@@ -7,11 +7,6 @@ services:
image: osixia/openldap:1.3.0
restart: always
command: --loglevel debug
- hostname: {{ inventory_hostname }}-sync
- extra_hosts:
- - "webserver-sync{% if inventory_hostname == "webserver" %}-dummy{% endif %}:{{ hostvars['webserver'].int_ip4 }}"
- - "warpsrvint-sync{% if inventory_hostname == "warpsrvint" %}-dummy{% endif %}:{{ hostvars['warpsrvint'].int_ip4 }}"
- - "verwaltung-sync{% if inventory_hostname == "verwaltung" %}-dummy{% endif %}:{{ hostvars['verwaltung'].int_ip4 }}"
volumes:
- /srv/ldap/database:/var/lib/ldap
- /srv/ldap/config:/etc/ldap/slapd.d
@@ -29,8 +24,6 @@ services:
- LDAP_READONLY_USER_USERNAME=readonly
- LDAP_READONLY_USER_PASSWORD={{ ldap_readonly_pass }}
- LDAP_TLS_VERIFY_CLIENT=never
- - LDAP_REPLICATION=true
- - LDAP_REPLICATION_HOSTS=#PYTHON2BASH:['ldap://webserver-sync','ldap://warpsrvint-sync','ldap://verwaltung-sync']
networks:
- default
@@ -53,21 +46,7 @@ services:
- default
- web
-
- syncreplexporter:
- build: .
- image: "syncreplexporter--{{ ansible_date_time.date }}--{{ ansible_date_time.hour }}-{{ ansible_date_time.minute }}-{{ ansible_date_time.second }}"
- restart: always
- depends_on:
- - openldap
- volumes:
- - /srv/ldap/syncrepl_exporter.yml:/syncrepl_exporter.yml
- ports:
- - {{ int_ip4 }}:9328:9328
- networks:
- - default
-
networks:
web:
external: true
diff --git a/group_vars/prod b/group_vars/prod
index b1244967..9ad0b4c4 100644
--- a/group_vars/prod
+++ b/group_vars/prod
@@ -7,8 +7,6 @@ ldap_port_secure: 636
# IP Adresse des LDAP Servers
# Extern läuft auf dem webserver
ldap_ip_ext: 10.42.1.1
-# int ist noch ungenutzt / später replikation in der Zone
-ldap_ip_int: 10.42.1.1
# Basis-Informationen der LDAP Konfiguration
@@ -95,8 +93,6 @@ matrix:
monitoring:
internal_ldap_servers:
- webserver
- - verwaltung
- - warpsrvint
external_dns_servers:
- { ip: "1.1.1.1", name: "Cloudflare" }
- { ip: "8.8.8.8", name: "Google" }
diff --git a/host_vars/verwaltung b/host_vars/verwaltung
index ff362926..621bd2aa 100644
--- a/host_vars/verwaltung
+++ b/host_vars/verwaltung
@@ -33,7 +33,6 @@ webserver_domains:
- "verwaltung.warpzone.ms"
- "verwaltung-git.warpzone.ms"
- "verwaltung-jameica.warpzone.ms"
- - "verwaltung-ldap.warpzone.ms"
#OpenVPN Konfigurationen
@@ -73,9 +72,6 @@ alert:
- { name: "jameica-vnc_ldap_auth_1" }
- { name: "jameica-vnc_nginx_1" }
- { name: "jameica-vnc_vnc_1" }
- - { name: "ldap_openldap_1" }
- - { name: "ldap_phpldapadmin_1" }
- - { name: "ldap_syncreplexporter_1" }
- { name: "mysql_app_1" }
- { name: "nextcloud_app_1" }
- { name: "nextcloud_mysql_1" }
diff --git a/host_vars/webserver b/host_vars/webserver
index 0e1265fc..c16bda72 100644
--- a/host_vars/webserver
+++ b/host_vars/webserver
@@ -91,7 +91,6 @@ alert:
- { name: "keycloak_sync-group-active_1" }
- { name: "ldap_openldap_1" }
- { name: "ldap_phpldapadmin_1" }
- - { name: "ldap_syncreplexporter_1" }
- { name: "mail_dovecot-mailcow_1" }
- { name: "mail_dockerapi-mailcow_1" }
- { name: "mail_ipv6nat-mailcow_1" }
diff --git a/site.yml b/site.yml
index 2c33d3ce..a6364211 100644
--- a/site.yml
+++ b/site.yml
@@ -199,14 +199,10 @@
servicename: dockerstats,
basedir: /srv/dockerstats
}
- - {
- role: common/docker_ldap, tags: ldap,
- servicename: "ldap",
- domain: "verwaltung-ldap.warpzone.ms"
- }
- {
role: common/docker_traefik, tags: traefik,
servicename: traefik,
+ basedir: /srv/traefik,
domain: "warpzone.ms",
domain_default: "www.warpzone.ms"
}
diff --git a/verwaltung/docker_jameica/templates/docker-compose.yml b/verwaltung/docker_jameica/templates/docker-compose.yml
index 816b356c..4deda5f4 100644
--- a/verwaltung/docker_jameica/templates/docker-compose.yml
+++ b/verwaltung/docker_jameica/templates/docker-compose.yml
@@ -23,7 +23,7 @@ services:
environment:
LOG_LEVEL: "info"
LISTEN: ":8888"
- LDAP_SERVER: "ldap://{{ int_ip4 }}"
+ LDAP_SERVER: "ldap://{{ ldap_ip_ext }}"
LDAP_BASE: "{{ ldap_base_dn }}"
LDAP_BIND_DN: "{{ ldap_readonly_bind_dn }}"
LDAP_BIND_PASSWORD: "{{ ldap_readonly_pass }}"
diff --git a/webserver/docker_icinga/templates/etc/icinga/conf.d/services_ldap.conf b/webserver/docker_icinga/templates/etc/icinga/conf.d/services_ldap.conf
index 6464630e..9e36e7a0 100644
--- a/webserver/docker_icinga/templates/etc/icinga/conf.d/services_ldap.conf
+++ b/webserver/docker_icinga/templates/etc/icinga/conf.d/services_ldap.conf
@@ -18,150 +18,8 @@ apply Service "ldap_ok" {
assign where host.name == "{{host}}" && host.vars.is_ldapserver == "True"
}
-apply Service "ldap_metrics_up" {
- import "generic-service"
-
- check_command = "check_prometheus"
- enable_perfdata = false
-
- vars.QUERY = "openldap_up{job=\"{{host}}_ldap\"}"
- vars.NAME = "LDAP metrics up"
- vars.TYPE = "vector"
- vars.METHOD = "ne"
- vars.WARNING = "1"
- vars.CRITICAL = "1"
-
- groups = [ "ldap","prometheus" ]
-
- assign where host.name == "{{host}}" && host.vars.is_ldapserver == "True"
-}
-
-apply Service "ldap_syncrepl_lag" {
- import "generic-service"
-
- check_command = "check_prometheus"
- enable_perfdata = true
-
- vars.QUERY = "openldap_syncrepl_lag{job=\"{{host}}_ldap\"}"
- vars.NAME = "SyncRepl Lag (seconds)"
- vars.TYPE = "vector"
- vars.METHOD = "gt"
- vars.WARNING = "5"
- vars.CRITICAL = "120"
-
- groups = [ "ldap","prometheus" ]
-
- assign where host.name == "{{host}}" && host.vars.is_ldapserver == "True"
-}
{% endfor %}
-apply Service "ldap_syncrepl_webserver1_webserver2" {
- import "generic-service"
-
- check_command = "check_prometheus"
- enable_perfdata = true
-
- vars.QUERY = "scalar(sum(openldap_contextCSN{job=\"webserver1_ldap\"})) - scalar(sum(openldap_contextCSN{job=\"webserver2_ldap\"}))"
- vars.NAME = "ContextCSN diff"
- vars.TYPE = "scalar"
- vars.METHOD = "gt"
- vars.WARNING = "5"
- vars.CRITICAL = "110"
-
- groups = [ "ldap","prometheus" ]
-
- assign where host.name == "webserver1"
-}
-
-apply Service "ldap_syncrepl_webserver1_intserver" {
- import "generic-service"
-
- check_command = "check_prometheus"
- enable_perfdata = true
-
- vars.QUERY = "scalar(sum(openldap_contextCSN{job=\"webserver1_ldap\"})) - scalar(sum(openldap_contextCSN{job=\"intserver_ldap\"}))"
- vars.NAME = "ContextCSN diff"
- vars.TYPE = "scalar"
- vars.METHOD = "gt"
- vars.WARNING = "5"
- vars.CRITICAL = "110"
-
- groups = [ "ldap","prometheus" ]
-
- assign where host.name == "webserver1"
-}
-
-apply Service "ldap_syncrepl_webserver2_webserver1" {
- import "generic-service"
-
- check_command = "check_prometheus"
- enable_perfdata = true
-
- vars.QUERY = "scalar(sum(openldap_contextCSN{job=\"webserver2_ldap\"})) - scalar(sum(openldap_contextCSN{job=\"webserver1_ldap\"}))"
- vars.NAME = "ContextCSN diff"
- vars.TYPE = "scalar"
- vars.METHOD = "gt"
- vars.WARNING = "5"
- vars.CRITICAL = "110"
-
- groups = [ "ldap","prometheus" ]
-
- assign where host.name == "webserver2"
-}
-
-apply Service "ldap_syncrepl_webserver2_intserver" {
- import "generic-service"
-
- check_command = "check_prometheus"
- enable_perfdata = true
-
- vars.QUERY = "scalar(sum(openldap_contextCSN{job=\"webserver2_ldap\"})) - scalar(sum(openldap_contextCSN{job=\"intserver_ldap\"}))"
- vars.NAME = "ContextCSN diff"
- vars.TYPE = "scalar"
- vars.METHOD = "gt"
- vars.WARNING = "5"
- vars.CRITICAL = "110"
-
- groups = [ "ldap","prometheus" ]
-
- assign where host.name == "webserver2"
-}
-
-apply Service "ldap_syncrepl_intserver_webserver1" {
- import "generic-service"
-
- check_command = "check_prometheus"
- enable_perfdata = true
-
- vars.QUERY = "scalar(sum(openldap_contextCSN{job=\"intserver_ldap\"})) - scalar(sum(openldap_contextCSN{job=\"webserver1_ldap\"}))"
- vars.NAME = "ContextCSN diff"
- vars.TYPE = "scalar"
- vars.METHOD = "gt"
- vars.WARNING = "5"
- vars.CRITICAL = "110"
-
- groups = [ "ldap","prometheus" ]
-
- assign where host.name == "intsserver"
-}
-
-apply Service "ldap_syncrepl_intserver_webserver2" {
- import "generic-service"
-
- check_command = "check_prometheus"
- enable_perfdata = true
-
- vars.QUERY = "scalar(sum(openldap_contextCSN{job=\"intserver_ldap\"})) - scalar(sum(openldap_contextCSN{job=\"webserver2_ldap\"}))"
- vars.NAME = "ContextCSN diff"
- vars.TYPE = "scalar"
- vars.METHOD = "gt"
- vars.WARNING = "5"
- vars.CRITICAL = "110"
-
- groups = [ "ldap","prometheus" ]
-
- assign where host.name == "intserver"
-}
--
GitLab