Commit ca4c8c89 authored by Birin Sanchez's avatar Birin Sanchez
Browse files

Add Ansible role for a basic LDAP used by Keel/LDH.


Signed-off-by: Birin Sanchez's avatarBirin Sanchez <birin.sanchez@puri.sm>
parent e6ce6ce8
---
- name: Basic LDAP for Keel/LDH
hosts: all
become: yes
roles:
- role: ldh_ldap
vars:
# In a production environment this should be in the vault
ldh_ldap_admin_password: verystrongpassword
# If dont declare this variable ansible_domain will be used if
# available. If not example.com will be used instead.
ldh_ldap_domain: freedom.test
---
language: python
python: "2.7"
# Use the new container infrastructure
sudo: false
# Install ansible
addons:
apt:
packages:
- python-pip
install:
# Install ansible
- pip install ansible
# Check ansible version
- ansible --version
# Create ansible.cfg with correct roles_path
- printf '[defaults]\nroles_path=../' >ansible.cfg
script:
# Basic role syntax check
- ansible-playbook tests/test.yml -i tests/inventory --syntax-check
notifications:
webhooks: https://galaxy.ansible.com/api/v1/notifications/
\ No newline at end of file
Role Name
=========
This role configures OpenLDAP server with basic functionality neede for Keel/LDH.
Requirements
------------
This role has only been tested with Ansible 2.7.1
Role Variables
--------------
* `ldh_ldap_admin_password`
The password that will be used by Debian package manager for the
LDAP adminstrator Default value: `verylongpassword`
* `ldh_ldap_domain`
A line that appears below the title line on the main page.
Default value: The value of `ansible_domain` or `example.com` if
`ansible_domain` is empty.
Dependencies
------------
This role does not depend on other roles.
License
-------
AGPL-3.0-or-later
Author Information
------------------
Purism SPC <liberty@puri.sm>
Homepage: https://source.puri.sm/liberty/ldh_developer
---
# defaults file for ldh_ldap
ldh_ldap_required_packages:
- slapd
- python-ldap
ldh_ldap_admin_password: verylongpassword
ldh_ldap_domain: "{{ ansible_domain | default('example.com', true) }}"
# base_dn is created spliting domain name by the dot and appending ',dc='
ldh_ldap_base_dn: "dc={{ ldh_ldap_domain.split('.') | join(',dc=') }}"
---
# handlers file for ldh_ldap
\ No newline at end of file
galaxy_info:
author: your name
description: your description
company: your company (optional)
# If the issue tracker for your role is not on github, uncomment the
# next line and provide a value
# issue_tracker_url: http://example.com/issue/tracker
# Some suggested licenses:
# - BSD (default)
# - MIT
# - GPLv2
# - GPLv3
# - Apache
# - CC-BY
license: license (GPLv2, CC-BY, etc)
min_ansible_version: 2.4
# If this a Container Enabled role, provide the minimum Ansible Container version.
# min_ansible_container_version:
# Optionally specify the branch Galaxy will use when accessing the GitHub
# repo for this role. During role install, if no tags are available,
# Galaxy will use this branch. During import Galaxy will access files on
# this branch. If Travis integration is configured, only notifications for this
# branch will be accepted. Otherwise, in all cases, the repo's default branch
# (usually master) will be used.
#github_branch:
#
# Provide a list of supported platforms, and for each platform a list of versions.
# If you don't wish to enumerate all versions for a particular platform, use 'all'.
# To view available platforms and versions (or releases), visit:
# https://galaxy.ansible.com/api/v1/platforms/
#
# platforms:
# - name: Fedora
# versions:
# - all
# - 25
# - name: SomePlatform
# versions:
# - all
# - 1.0
# - 7
# - 99.99
galaxy_tags: []
# List tags for your role here, one per line. A tag is a keyword that describes
# and categorizes the role. Users find roles by searching for tags. Be sure to
# remove the '[]' above, if you add tags to this list.
#
# NOTE: A tag is limited to a single word comprised of alphanumeric characters.
# Maximum 20 tags per role.
dependencies: []
# List your role dependencies here, one per line. Be sure to remove the '[]' above,
# if you add dependencies to this list.
\ No newline at end of file
---
# tasks file for ldh_ldap
- name: Use debconf to configure slapd
debconf:
name: slapd
question: "{{ item.question }}"
value: "{{ item.value }}"
vtype: "{{ item.vtype }}"
loop:
- { question: 'slapd/password1', value: "{{ ldh_ldap_admin_password }}", vtype: 'password' }
- { question: 'slapd/password2', value: "{{ ldh_ldap_admin_password }}", vtype: 'password' }
- { question: 'slapd/domain', value: "{{ ldh_ldap_domain }}", vtype: 'string' }
- { question: 'shared/organization', value: "{{ ldh_ldap_domain }}", vtype: 'string' }
loop_control:
label: "{{ item.question }}"
- name: Install required packages
apt:
name: "{{ ldh_ldap_required_packages }}"
update_cache: yes
cache_valid_time: 600
- name: Create organizational units to store groups and people
ldap_entry:
state: present
objectClass: organizationalunit
dn: "ou={{ item }},{{ ldh_ldap_base_dn }}"
server_uri: ldap://localhost/
bind_dn: "cn=admin,{{ ldh_ldap_base_dn }}"
bind_pw: "{{ ldh_ldap_admin_password }}"
loop:
- groups
- people
---
- hosts: localhost
remote_user: root
roles:
- ldh_ldap
\ No newline at end of file
---
# vars file for ldh_ldap
\ No newline at end of file
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment