mauro/ansible-role-openldap-docker
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

solo configurar container

Browse Source
This commit is contained in:
Mauro Torrez 2019-09-26 00:07:09 -03:00
parent 5dec42e98a
commit 7e85c30cc2
2 changed files with 41 additions and 105 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

72
defaults/main.yml
View File

@ -1,83 +1,71 @@
--- ---
# Indica si el host es provider en un esquema de replicación # # Indica si el host es provider en un esquema de replicación
openldap_provider: no # openldap_provider: no
# Nombre del provider para un host consumer # # Nombre del provider para un host consumer
openldap_provider_host: null # openldap_provider_host: null
# Indica si el host es esclavo en un esquema de replicación # # Indica si el host es esclavo en un esquema de replicación
openldap_consumer: no # openldap_consumer: no
# Clave del usuario cn=admin,cn=config # Clave del usuario cn=admin,cn=config
openldap_config_password: password
# CN y clave del usuario administrador del dominio
openldap_admin_cn: admin
openldap_admin_password: password openldap_admin_password: password
# DN del administrador de la base cn=accesslog (provider) # # DN del administrador de la base cn=accesslog (provider)
openldap_backup_dir: "/srv/backups/ldap" # openldap_backup_dir: "/srv/backups/ldap"
openldap_backup_keep: 200 # openldap_backup_keep: 200
# DN del administrador de la base cn=accesslog (provider) # # DN del administrador de la base cn=accesslog (provider)
openldap_accesslog_admin_dn: cn=admin,dc=example,dc=com # openldap_accesslog_admin_dn: cn=admin,dc=example,dc=com
# DN, clave y search base del replicador # # DN, clave y search base del replicador
openldap_replicator_dn: cn=replicator,dc=example,dc=com # openldap_replicator_dn: cn=replicator,dc=example,dc=com
openldap_replicator_password: password # openldap_replicator_password: password
openldap_replicator_base: dc=example,dc=com # openldap_replicator_base: dc=example,dc=com
# port in docker HOST to bind ldap service # port in docker HOST to bind ldap service
openldap_bind_port: 389 openldap_bind_port: 389
openldap_bind_host: 127.0.0.1 openldap_bind_host: 127.0.0.1
# docker image name # docker image name
openldap_image_name: "i-openldap" openldap_image_name: eumau/openldap
# docker container name # docker container name
openldap_container_name: "c-openldap" openldap_container_name: openldap
# docker volume names # docker volume names
openldap_volume_config: "ldap_config" openldap_volume_config: "ldap_config"
openldap_volume_data: "ldap_data" openldap_volume_data: "ldap_data"
openldap_volume_backup: "ldap_backup" openldap_volume_backup: "ldap_backup"
# permisos de acceso por defecto # permisos de acceso
openldap_default_db_access: openldap_domain_access:
- "{0}to attrs=userPassword by self write by anonymous auth by * none" - "{0}to attrs=userPassword by self write by anonymous auth by * none"
- "{1}to attrs=shadowLastChange by self write by * read" - "{1}to attrs=shadowLastChange by self write by * read"
- "{2}to * by * read" - "{2}to * by * read"
# indices por defecto # indices del dominio
openldap_default_db_index: openldap_domain_index:
- "cn,uid eq" - "cn,uid eq"
- "member,memberUid eq" - "member,memberUid eq"
- "objectClass eq" - "objectClass eq"
- "uidNumber,gidNumber eq" - "uidNumber,gidNumber eq"
# limites por defecto: ninguno # limites del dominio
openldap_default_db_limits: [] openldap_domain_limits: []
# OUs creadas por defecto dentro de cada dominio # OUs creadas por defecto dentro de cada dominio
openldap_default_domain_ous: openldap_domain_ous:
- Alias - Alias
- Group - Group
- People - People
# Dominios a configurar: # Dominio
# Cada dominio se especifica en un diccionario con las siguientes claves: openldap_domain: example.com
# - name: nombre del dominio (ejemplo.com) (obligatorio)
# a partir de este nombre se crea la organizacion dc=ejemplo,dc=com
# - admincn: nombre cn del administrador (defecto=admin)
# este cn deriva en un DN cn=admin,dc=ejemplo,dc=com
# - adminpw: clave del administrador de este dominio (defecto=password)
# SE RECOMIENDA CAMBIAR ESTE VALOR, O SETEAR ID RATTIC
# - access: lista con permisos de acceso. por defecto es la lista definida
# en la variable openldap_default_db_access
# - ou: unidades organizacionales del dominio, defecto openldap_default_domain_ous
openldap_domains: []
# - name: unl.edu.ar
# - name: rectorado.unl.edu.ar
# - name: servicios.unl.edu.ar
# Directorio donde crear la base cn=accesslog
openldap_accesslog_dir: "/var/lib/ldap/accesslog"
# esquemas a cargar # esquemas a cargar
openldap_schemas: openldap_schemas:

74
tasks/main.yml
View File

@ -1,43 +1,5 @@
--- ---
# Playbook for setting up a Docker container with openLDAP. - name: Start openldap container
# A port binding to the Docker host is required for setting
# up domains and replication.
- name: instalar dependencias
apt:
name:
- ldap-utils
- build-essential
- libldap2-dev
- libsasl2-dev
state: present
- name: instalar dependencias
pip: name=python-ldap state=present
- name: "Create directory for building image"
file:
path: "/tmp/build.openldap-image"
state: "directory"
- name: "Copy required files"
copy:
src: "{{ item }}"
dest: "/tmp/build.openldap-image/"
loop:
- "Dockerfile"
- "entrypoint.sh"
register: cpfiles
- name: "Build openldap image"
docker_image:
path: "/tmp/build.openldap-image"
name: "{{ openldap_image_name }}"
# force_source on Ansible 2.8
force: "{{ cpfiles is changed }}"
register: imgbuild
- name: "Start openldap container"
docker_container: docker_container:
image: "{{ openldap_image_name }}" image: "{{ openldap_image_name }}"
name: "{{ openldap_container_name }}" name: "{{ openldap_container_name }}"
@ -46,9 +8,16 @@
- "{{ openldap_volume_data }}:/var/lib/ldap" - "{{ openldap_volume_data }}:/var/lib/ldap"
- "{{ openldap_volume_backup }}:/var/backups/ldap" - "{{ openldap_volume_backup }}:/var/backups/ldap"
env: env:
OPENLDAP_ADMIN_PASSWORD: "{{ openldap_admin_password }}" LDAP_CONFIG_PASSWORD: "{{ openldap_config_password }}"
OPENLDAP_SCHEMAS: "{{ openldap_schemas | join (' ') }}" LDAP_ADMIN_CN: "{{ openldap_admin_cn }}"
OPENLDAP_ENABLE_MEMBEROF: "{{ 'true' if openldap_enable_memberof else 'false' }}" LDAP_ADMIN_PASSWORD: "{{ openldap_admin_password }}"
LDAP_MEMBEROF: "{{ 'true' if openldap_enable_memberof else 'false' }}"
LDAP_DOMAIN: "{{ openldap_domain }}"
LDAP_DOMAIN_ACCESS: "{{ openldap_domain_access | join('\\n') }}"
LDAP_DOMAIN_INDEX: "{{ openldap_domain_index | join('\\n') }}"
LDAP_DOMAIN_LIMITS: "{{ openldap_domain_limits | join('\\n') }}"
LDAP_DOMAIN_OUS: "{{ openldap_domain_ous | join(' ') }}"
LDAP_SCHEMAS: "{{ openldap_schemas | join (' ') }}"
networks: networks:
- name: "{{ docker_network_name }}" - name: "{{ docker_network_name }}"
@ -56,27 +25,6 @@
- "{{ openldap_bind_host }}:{{ openldap_bind_port }}:389" - "{{ openldap_bind_host }}:{{ openldap_bind_port }}:389"
recreate: "{{ imgbuild is changed }}" recreate: "{{ imgbuild is changed }}"
- name: Wait for server
ldap:
state: search
dn: cn=config
objectClass: olcDatabaseConfig
filter: "(olcSuffix=*)"
bind_dn: cn=admin,cn=config
bind_pw: "{{ openldap_admin_password }}"
server_uri: ldap://localhost:{{ openldap_bind_port }}
register: res
until: res is not failed
retries: 20
- include_tasks: provider.yml
when: openldap_provider == True
- include_tasks: domain.yml
loop: "{{ openldap_domains }}"
loop_control:
loop_var: domain
- set_fact: - set_fact:
ldap_container: "{{ lookup( 'vars', 'openldap_container_name') }}" ldap_container: "{{ lookup( 'vars', 'openldap_container_name') }}"
ldap_port: "389" ldap_port: "389"