majic-ansible-roles Changeset

Changeset - 0c81b8598748

Parent rev.

Child rev.

[Not reviewed]

0 1 3

Branko Majic (branko) - 10 years ago 2015-03-08 11:21:07
branko@majic.rs

MAR-7: Added server ldap.example.com. Updated site and group variables accordingly.

4 files changed with 92 insertions and 0 deletions:

testsite/group_vars/all.yml

testsite/group_vars/ldap.yml

testsite/playbooks/ldap.yml

testsite/playbooks/site.yml

0 comments (0 inline, 0 general)

testsite/group_vars/all.yml

➞

Show inline comments

@@ new file 100644 @@
 ---
 # Configuration for role 'common', shared across all servers.
 os_users:
   - name: admin
     uid: 1000
     additional_groups: sudo
     authorized_keys:
       - "{{ lookup('file', '~/.ssh/id_rsa.pub') }}"
     password: '$6$/aerscJY6aevRG$ABBCymEDtk2mHW/dklre9dMEdgZNJvVHsGLCzgjGmy61FssZ.KW7ePcO2wsMGIkHcg3mZlrA4dhYh.APq9OQu0'
   - name: johndoe
     uid: 1001
     additional_groups: "office,developer"
     authorized_keys: []
     password: '$6$cJnUatae7cMz23fl$O3HE2TslnEaKaTDSZnvuDDrfqILAiuMV1wOPGVnkUQFxUu3gIWZOyO7AI1OWYkqeQMVBiezpSqYNiQy6NF6bi0'
 os_groups:
   - name: office
     gid: 2000
   - name: developer
     gid: 2001
 common_packages:
   - emacs23-nox
   - screen
   - debconf-utils

testsite/group_vars/ldap.yml

➞

Show inline comments

@@ new file 100644 @@
 ---
 ldap_client_config:
   - comment: Set the base DN
     option: BASE
     value: dc=example,dc=com
   - comment: Set the default URI
     option: URI
     value: ldap://ldap.example.com/
   - comment: Set the default bind DN
     option: BINDDN
     value: cn=admin,dc=example,dc=com
 ldap_server_config:
   domain: "example.com"
   organization: "Example Inc."
   log_level: 256
   tls_certificate: /etc/ssl/certs/ldap.example.com.pem
   tls_key: /etc/ssl/private/ldap.example.com.pem
   ssf: 128
 ldap_permissions:
   - filter: '(olcSuffix=dc=example,dc=com)'
     rules:
       - >
         to *
         by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage
         by * break
       - >
         to attrs=userPassword,shadowLastChange
         by self write
         by anonymous auth
         by dn="cn=admin,dc=example,dc=com" write
         by * none
       - >
         to dn.base=""
         by * read
       - >
         to *
         by self write
         by dn="cn=admin,dc=example,dc=com" write
         by users read
         by * none
 ldap_entries:
   - dn: ou=people,dc=example,dc=com
     objectClass: organizationalUnit
     ou: people
   - dn: ou=groups,dc=example,dc=com
     objectClass: organizationalUnit
     ou: groups
   - dn: uid=johndoe,ou=people,dc=example,dc=com
     objectClass:
       - inetOrgPerson
     uid: johndoe
     cn: John Doe
     sn: Doe
@@ \ No newline at end of file @@

testsite/playbooks/ldap.yml

➞

Show inline comments

@@ new file 100644 @@
 ---
 - hosts: ldap
   remote_user: ansible
   sudo: yes
   roles:
     - common
     - ldap_client
     - ldap_server

testsite/playbooks/site.yml

➞

Show inline comments

 ---
 - include: preseed.yml
 - include: ldap.yml
@@ \ No newline at end of file @@

0 comments (0 inline, 0 general)