majic-ansible-roles Changeset

Changeset - 0f17841d0aad

Parent rev.

Child rev.

[Not reviewed]

0 11 1

Branko Majic (branko) - 10 years ago 2015-08-16 23:45:15
branko@majic.rs

MAR-9: Updated the testsite to use domain parameter defined within all.yml. Some regex replacements are done in same file to calculate the remaining necessary values. Fixed a small code error in ldap_permissions module.

12 files changed with 110 insertions and 92 deletions:

roles/ldap_server/library/ldap_permissions.py

testsite/group_vars/all.yml

testsite/group_vars/ldap.yml

testsite/group_vars/mail.yml

testsite/group_vars/preseed.yml

testsite/group_vars/web.yml

testsite/group_vars/xmpp.yml

testsite/playbooks/roles/phpinfo/meta/main.yml

testsite/playbooks/roles/phpinfo/tasks/main.yml

testsite/playbooks/roles/wsgihello/meta/main.yml

testsite/playbooks/roles/wsgihello/tasks/main.yml

testsite/playbooks/testing.yml

0 comments (0 inline, 0 general)

roles/ldap_server/library/ldap_permissions.py

➞

Show inline comments

@@ @@ -236,9 +236,9 @@ class LDAPPermissions(object): @@
         databases = self._get_database()
         if databases == []:
-            raise DatabaseFilteringError("No database matched filter: %s" % self.filter)
+            raise DatabaseFilteringError("No database matched filter: %s" % self.ldap_filter)
         elif len(databases) > 1:
-            raise DatabaseFilteringError("More than one databases matched filter: %s" % self.filter)
+            raise DatabaseFilteringError("More than one databases matched filter: %s" % self.ldap_filter)
         database = databases[0]

testsite/group_vars/all.yml

➞

Show inline comments

 ---
 # Define domain for the test site that should be used.
 testsite_domain: example.com
 # Derive some additional values that will be used - basing them on domain.
 testsite_domain_underscores: "{{ testsite_domain | regex_replace('\\.', '_') }}"
 testsite_domain_alternative: "{{ testsite_domain | regex_replace('\\.[^.]+$', '.something') }}"
 testsite_ldap_base: "{{ testsite_domain | regex_replace('\\.', ',dc=') | regex_replace('^', 'dc=') }}"
 # Configuration for roles bootstrap and preseed.
 ansible_key: "{{ lookup('file', '~/.ssh/id_rsa.pub') }}"

testsite/group_vars/ldap.yml

➞

Show inline comments

 ---
 local_mail_aliases:
-  root: "root john.doe@example.com"
+  root: "root john.doe@{{ testsite_domain }}"
-smtp_relay_host: mail.example.com
+smtp_relay_host: mail.{{ testsite_domain }}
 smtp_relay_truststore: /etc/ssl/certs/example_ca_chain.pem
 ldap_client_config:
   - comment: Set the base DN
     option: BASE
-    value: dc=example,dc=com
+    value: "{{ testsite_ldap_base }}"
   - comment: Set the default URI
     option: URI
     value: ldapi:///
   - comment: Set the default bind DN
     option: BINDDN
-    value: cn=admin,dc=example,dc=com
+    value: cn=admin,{{ testsite_ldap_base }}
   - comment: Set the LDAP TLS truststore
     option: TLS_CACERT
     value: /etc/ssl/certs/example_ca_chain.pem
 ldap_server_config:
-  domain: "example.com"
+  domain: "{{ testsite_domain }}"
   organization: "Example Inc."
   log_level: 256
   tls_certificate: "{{ inventory_dir }}/tls/ldap.example.com_ldap.pem"
   tls_key: "{{ inventory_dir }}/tls/ldap.example.com_ldap.key"
   tls_certificate: "{{ inventory_dir }}/tls/ldap.{{ testsite_domain }}_ldap.pem"
   tls_key: "{{ inventory_dir }}/tls/ldap.{{ testsite_domain }}_ldap.key"
   ssf: 128
 ldap_permissions:
-  - filter: '(olcSuffix=dc=example,dc=com)'
+  - filter: '(olcSuffix={{ testsite_ldap_base }})'
     rules:
       - >
         to *
         by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage
-        by dn="cn=admin,dc=example,dc=com" manage
+        by dn="cn=admin,{{ testsite_ldap_base }}" manage
         by * break
       - >
         to attrs=userPassword,shadowLastChange
@@ @@ -47,7 +47,7 @@ ldap_permissions: @@
       - >
         to *
         by self write
-        by dn="cn=admin,dc=example,dc=com" write
+        by dn="cn=admin,{{ testsite_ldap_base }}" write
         by users read
         by * none
@@ @@ -63,80 +63,80 @@ ldap_entries: @@
     olcObjectClasses:
     - "{0}( 2.16.840.1.113730.3.2.147 NAME 'inetLocalMailRecipient' DESC 'Internet local mail recipient' SUP top AUXILIARY MAY ( mailLocalAddress $ mailHost $ mailRoutingAddress ) )"
     - "{1}( 1.3.6.1.4.1.42.2.27.1.2.5 NAME 'nisMailAlias' DESC 'NIS mail alias' SUP top STRUCTURAL MUST cn MAY rfc822MailMember )"
-  - dn: ou=people,dc=example,dc=com
+  - dn: ou=people,{{ testsite_ldap_base }}
     objectClass: organizationalUnit
     ou: people
-  - dn: ou=groups,dc=example,dc=com
+  - dn: ou=groups,{{ testsite_ldap_base }}
     objectClass: organizationalUnit
     ou: groups
-  - dn: ou=services,dc=example,dc=com
+  - dn: ou=services,{{ testsite_ldap_base }}
     objectClass: organizationalUnit
     ou: services
-  - dn: uid=johndoe,ou=people,dc=example,dc=com
+  - dn: uid=johndoe,ou=people,{{ testsite_ldap_base }}
     objectClass:
       - inetOrgPerson
     uid: johndoe
     cn: John Doe
     sn: Doe
     userPassword: johndoe
     mail: john.doe@example.com
   - dn: uid=janedoe,ou=people,dc=example,dc=com
     mail: john.doe@{{ testsite_domain }}
   - dn: uid=janedoe,ou=people,{{ testsite_ldap_base }}
     objectClass:
       - inetOrgPerson
     uid: janedoe
     cn: Jane Doe
     sn: Doe
     userPassword: janedoe
     mail: jane.doe@example.com
   - dn: cn=xmpp,ou=services,dc=example,dc=com
     mail: jane.doe@{{ testsite_domain }}
   - dn: cn=xmpp,ou=services,{{ testsite_ldap_base }}
     objectClass:
       - applicationProcess
       - simpleSecurityObject
     cn: xmpp
     userPassword: xmpp
-  - dn: cn=xmpp,ou=groups,dc=example,dc=com
+  - dn: cn=xmpp,ou=groups,{{ testsite_ldap_base }}
     objectClass: groupOfUniqueNames
     cn: xmpp
     uniqueMember:
       - uid=johndoe,ou=people,dc=example,dc=com
       - uid=janedoe,ou=people,dc=example,dc=com
   - dn: cn=postfix,ou=services,dc=example,dc=com
       - uid=johndoe,ou=people,{{ testsite_ldap_base }}
       - uid=janedoe,ou=people,{{ testsite_ldap_base }}
   - dn: cn=postfix,ou=services,{{ testsite_ldap_base }}
     objectClass:
       - applicationProcess
       - simpleSecurityObject
     cn: postfix
     userPassword: postfix
-  - dn: cn=dovecot,ou=services,dc=example,dc=com
+  - dn: cn=dovecot,ou=services,{{ testsite_ldap_base }}
     objectClass:
       - applicationProcess
       - simpleSecurityObject
     cn: dovecot
     userPassword: dovecot
-  - dn: cn=mail,ou=groups,dc=example,dc=com
+  - dn: cn=mail,ou=groups,{{ testsite_ldap_base }}
     objectClass: groupOfUniqueNames
     cn: mail
     uniqueMember:
       - uid=johndoe,ou=people,dc=example,dc=com
       - uid=janedoe,ou=people,dc=example,dc=com
   - dn: ou=mail,ou=services,dc=example,dc=com
       - uid=johndoe,ou=people,{{ testsite_ldap_base }}
       - uid=janedoe,ou=people,{{ testsite_ldap_base }}
   - dn: ou=mail,ou=services,{{ testsite_ldap_base }}
     objectClass: organizationalUnit
     ou: mail
-  - dn: ou=domains,ou=mail,ou=services,dc=example,dc=com
+  - dn: ou=domains,ou=mail,ou=services,{{ testsite_ldap_base }}
     objectClass: organizationalUnit
     ou: domains
-  - dn: ou=aliases,ou=mail,ou=services,dc=example,dc=com
+  - dn: ou=aliases,ou=mail,ou=services,{{ testsite_ldap_base }}
     objectClass: organizationalUnit
     ou: aliases
-  - dn: ou=domains,ou=mail,ou=services,dc=example,dc=com
+  - dn: ou=domains,ou=mail,ou=services,{{ testsite_ldap_base }}
     objectClass: organizationalUnit
     ou: domains
-  - dn: dc=example.com,ou=domains,ou=mail,ou=services,dc=example,dc=com
+  - dn: dc={{ testsite_domain }},ou=domains,ou=mail,ou=services,{{ testsite_ldap_base }}
     objectClass: dNSDomain
     dc: example.com
   - dn: dc=example.org,ou=domains,ou=mail,ou=services,dc=example,dc=com
     dc: "{{ testsite_domain }}"
   - dn: dc={{ testsite_domain_alternative }},ou=domains,ou=mail,ou=services,{{ testsite_ldap_base }}
     objectClass: dNSDomain
     dc: example.org
   - dn: cn=postmaster@example.com,ou=aliases,ou=mail,ou=services,dc=example,dc=com
     dc: "{{ testsite_domain_alternative }}"
   - dn: cn=postmaster@{{ testsite_domain }},ou=aliases,ou=mail,ou=services,{{ testsite_ldap_base }}
     objectClass: nisMailAlias
     cn: postmaster@example.com
     rfc822MailMember: john.doe@example.com
     cn: postmaster@{{ testsite_domain }}
     rfc822MailMember: john.doe@{{ testsite_domain }}

testsite/group_vars/mail.yml

➞

Show inline comments

@@ @@ -3,17 +3,17 @@ @@
 ldap_client_config:
   - comment: Set the base DN
     option: BASE
-    value: dc=example,dc=com
+    value: "{{ testsite_ldap_base }}"
   - comment: Set the default URI
     option: URI
-    value: ldap://ldap.example.com/
+    value: ldap://ldap.{{ testsite_domain }}/
   - comment: Set the LDAP TLS truststore
     option: TLS_CACERT
     value: /etc/ssl/certs/example_ca_chain.pem
-mail_ldap_url: ldap://ldap.example.com/
+mail_ldap_url: ldap://ldap.{{ testsite_domain }}/
 mail_ldap_tls_truststore: /etc/ssl/certs/example_ca_chain.pem
-mail_ldap_root_dn: dc=example,dc=com
+mail_ldap_root_dn: "{{ testsite_ldap_base }}"
 mail_ldap_postfix_password: postfix
 mail_ldap_dovecot_password: dovecot
@@ @@ -21,18 +21,18 @@ mail_user: vmail @@
 mail_user_uid: 5000
 mail_user_gid: 5000
 imap_tls_certificate: "{{ inventory_dir }}/tls/mail.example.com_imap.pem"
 imap_tls_key: "{{ inventory_dir }}/tls/mail.example.com_imap.key"
 smtp_tls_certificate: "{{ inventory_dir }}/tls/mail.example.com_smtp.pem"
 smtp_tls_key: "{{ inventory_dir }}/tls/mail.example.com_smtp.key"
 imap_tls_certificate: "{{ inventory_dir }}/tls/mail.{{ testsite_domain }}_imap.pem"
 imap_tls_key: "{{ inventory_dir }}/tls/mail.{{ testsite_domain }}_imap.key"
 smtp_tls_certificate: "{{ inventory_dir }}/tls/mail.{{ testsite_domain }}_smtp.pem"
 smtp_tls_key: "{{ inventory_dir }}/tls/mail.{{ testsite_domain }}_smtp.key"
 imap_folder_separator: /
 smtp_rbl:
   - bl.spamcop.net
   - zen.spamhaus.org
-mail_postmaster: postmaster@example.com
+mail_postmaster: postmaster@{{ testsite_domain }}
 smtp_allow_relay_from:
   - ldap.example.com
   - xmpp.example.com
   - web.example.com
@@ \ No newline at end of file @@
   - ldap.{{ testsite_domain }}
   - xmpp.{{ testsite_domain }}
   - web.{{ testsite_domain }}
@@ \ No newline at end of file @@

testsite/group_vars/preseed.yml

➞

Show inline comments

@@ @@ -3,7 +3,7 @@ @@
 preseed_directory: ../preseed_files
 preseed_servers:
-  - name: ldap.example.com
+  - name: ldap.{{ testsite_domain }}
     language: en
     country: SE
     locale: en_US.UTF-8
@@ @@ -15,7 +15,7 @@ preseed_servers: @@
     mirror_proxy: ""
     root_password: root
     timezone: Europe/Stockholm
-  - name: xmpp.example.com
+  - name: xmpp.{{ testsite_domain }}
     language: en
     country: SE
     locale: en_US.UTF-8
@@ @@ -27,7 +27,7 @@ preseed_servers: @@
     mirror_proxy: ""
     root_password: root
     timezone: Europe/Stockholm
-  - name: mail.example.com
+  - name: mail.{{ testsite_domain }}
     language: en
     country: SE
     locale: en_US.UTF-8
@@ @@ -39,7 +39,7 @@ preseed_servers: @@
     mirror_proxy: ""
     root_password: root
     timezone: Europe/Stockholm
-  - name: web.example.com
+  - name: web.{{ testsite_domain }}
     language: en
     country: SE
     locale: en_US.UTF-8

testsite/group_vars/web.yml

➞

Show inline comments

@@ @@ -3,23 +3,23 @@ @@
 ldap_client_config:
   - comment: Set the base DN
     option: BASE
-    value: dc=example,dc=com
+    value: "{{ testsite_ldap_base }}"
   - comment: Set the default URI
     option: URI
-    value: ldap://ldap.example.com/
+    value: ldap://ldap.{{ testsite_domain }}/
   - comment: Set the LDAP TLS truststore
     option: TLS_CACERT
     value: /etc/ssl/certs/example_ca_chain.pem
 local_mail_aliases:
-  root: "root john.doe@example.com"
+  root: "root john.doe@{{ testsite_domain }}"
-smtp_relay_host: mail.example.com
+smtp_relay_host: mail.{{ testsite_domain }}
 smtp_relay_truststore: /etc/ssl/certs/example_ca_chain.pem
 https_tls_key: "{{ inventory_dir }}/tls/web.example.com_https.key"
 https_tls_certificate: "{{ inventory_dir }}/tls/web.example.com_https.pem"
 https_tls_key: "{{ inventory_dir }}/tls/web.{{ testsite_domain }}_https.key"
 https_tls_certificate: "{{ inventory_dir }}/tls/web.{{ testsite_domain }}_https.pem"
 web_default_title: "Welcome to Example Inc."
 web_default_message: "You are attempting to access the web server using a wrong name or an IP address. Please check your URL."

testsite/group_vars/xmpp.yml

➞

Show inline comments

@@ @@ -3,44 +3,44 @@ @@
 ldap_client_config:
   - comment: Set the base DN
     option: BASE
-    value: dc=example,dc=com
+    value: "{{ testsite_ldap_base }}"
   - comment: Set the default URI
     option: URI
     value: ldapi:///
   - comment: Set the default bind DN
     option: BINDDN
-    value: cn=admin,dc=example,dc=com
+    value: cn=admin,{{ testsite_ldap_base }}
   - comment: Set the LDAP TLS truststore
     option: TLS_CACERT
     value: /etc/ssl/certs/example_ca_chain.pem
 local_mail_aliases:
-  root: "root john.doe@example.com"
+  root: "root john.doe@{{ testsite_domain }}"
-smtp_relay_host: mail.example.com
+smtp_relay_host: mail.{{ testsite_domain }}
 smtp_relay_truststore: /etc/ssl/certs/example_ca_chain.pem
 prosody_administrators:
-  - john.doe@example.com
+  - john.doe@{{ testsite_domain }}
-prosody_tls_key: "{{ inventory_dir }}/tls/xmpp.example.com_xmpp.key"
+prosody_tls_key: "{{ inventory_dir }}/tls/xmpp.{{ testsite_domain }}_xmpp.key"
-prosody_tls_certificate: "{{ inventory_dir }}/tls/xmpp.example.com_xmpp.pem"
+prosody_tls_certificate: "{{ inventory_dir }}/tls/xmpp.{{ testsite_domain }}_xmpp.pem"
 prosody_domains:
-  - example.com
+  - "{{ testsite_domain }}"
-prosody_ldap_server: ldap.example.com
+prosody_ldap_server: ldap.{{ testsite_domain }}
-prosody_ldap_bind_dn: cn=xmpp,ou=services,dc=example,dc=com
+prosody_ldap_bind_dn: cn=xmpp,ou=services,{{ testsite_ldap_base }}
 prosody_ldap_password: xmpp
-prosody_ldap_filter: '(&(memberOf=cn=xmpp,ou=groups,dc=example,dc=com)(mail=$user@$host))'
+prosody_ldap_filter: '(&(memberOf=cn=xmpp,ou=groups,{{ testsite_ldap_base }})(mail=$user@$host))'
 prosody_ldap_scope: "onelevel"
 prosody_ldap_tls: "true"
-prosody_ldap_base: "ou=people,dc=example,dc=com"
+prosody_ldap_base: "ou=people,{{ testsite_ldap_base }}"

testsite/playbooks/roles/phpinfo/meta/main.yml

➞

Show inline comments

@@ @@ -3,12 +3,12 @@ @@
 dependencies:
   - role: php_website
     admin: admin
-    fqdn: phpinfo.example.com
+    fqdn: phpinfo.{{ testsite_domain }}
     php_rewrite_urls:
       - ^(.*) /index.php
     uid: 2000
     https_tls_key: "{{ inventory_dir }}/tls/phpinfo.example.com_https.key"
     https_tls_certificate: "{{ inventory_dir }}/tls/phpinfo.example.com_https.pem"
     https_tls_key: "{{ inventory_dir }}/tls/phpinfo.{{ testsite_domain }}_https.key"
     https_tls_certificate: "{{ inventory_dir }}/tls/phpinfo.{{ testsite_domain }}_https.pem"
   - role: database
     db_name: phpinfo_example_com
     db_password: phpinfo_example_com
@@ \ No newline at end of file @@
     db_name: phpinfo_{{ testsite_domain_underscores }}
     db_password: phpinfo_{{ testsite_domain_underscores }}
@@ \ No newline at end of file @@

testsite/playbooks/roles/phpinfo/tasks/main.yml

➞

Show inline comments

 ---
 - name: Create directory for hosting the application
   file: dest="/var/www/phpinfo.example.com/htdocs/" state=directory
         owner="admin" group="web-phpinfo_example_com" mode=2750
   file: dest="/var/www/phpinfo.{{ testsite_domain }}/htdocs/" state=directory
         owner="admin" group="web-phpinfo_{{ testsite_domain_underscores }}" mode=2750
 - name: Deploy the index.php
   copy: src="index.php" dest="/var/www/phpinfo.example.com/htdocs/index.php"
         owner="admin" group="web-phpinfo_example_com" mode=640
   copy: src="index.php" dest="/var/www/phpinfo.{{ testsite_domain }}/htdocs/index.php"
         owner="admin" group="web-phpinfo_{{ testsite_domain_underscores }}" mode=640

testsite/playbooks/roles/wsgihello/meta/main.yml

➞

Show inline comments

@@ @@ -3,13 +3,13 @@ @@
 dependencies:
   - role: wsgi_website
     admin: admin
-    fqdn: wsgi.example.com
+    fqdn: wsgi.{{ testsite_domain }}
     uid: 2001
     wsgi_application: wsgi:application
     static_locations:
       - /static/
     https_tls_key: "{{ inventory_dir }}/tls/wsgi.example.com_https.key"
     https_tls_certificate: "{{ inventory_dir }}/tls/wsgi.example.com_https.pem"
     https_tls_key: "{{ inventory_dir }}/tls/wsgi.{{ testsite_domain }}_https.key"
     https_tls_certificate: "{{ inventory_dir }}/tls/wsgi.{{ testsite_domain }}_https.pem"
   - role: database
     db_name: wsgi_example_com
     db_password: wsgi_example_com
@@ \ No newline at end of file @@
     db_name: wsgi_{{ testsite_domain_underscores }}
     db_password: wsgi_{{ testsite_domain_underscores }}
@@ \ No newline at end of file @@

testsite/playbooks/roles/wsgihello/tasks/main.yml

➞

Show inline comments

 ---
 - name: Create directroy for storing code
   file: dest="/var/www/wsgi.example.com/code/" state=directory
         owner="admin" group="web-wsgi_example_com" mode=2750
   file: dest="/var/www/wsgi.{{ testsite_domain }}/code/" state=directory
         owner="admin" group="web-wsgi_{{ testsite_domain_underscores }}" mode=2750
 - name: Deploy WSGI application
   copy: src="hello.wsgi" dest="/var/www/wsgi.example.com/code/wsgi.py"
         owner="admin" group="web-wsgi_example_com" mode=640
   copy: src="hello.wsgi" dest="/var/www/wsgi.{{ testsite_domain }}/code/wsgi.py"
         owner="admin" group="web-wsgi_{{ testsite_domain_underscores }}" mode=640
   notify:
     - Restart website wsgi.example.com
@@ \ No newline at end of file @@
     - Restart website wsgi.{{ testsite_domain }}
@@ \ No newline at end of file @@

testsite/playbooks/testing.yml

➞

Show inline comments

@@ new file 100644 @@
 ---
 - hosts: web
   remote_user: ansible
   sudo: yes
   tasks:
     - debug: msg="{{ testsite_domain_underscores }}"
     - debug: msg="{{ testsite_domain_alternative }}"
     - debug: msg="{{ testsite_ldap_base }}"
@@ \ No newline at end of file @@

0 comments (0 inline, 0 general)