majic-ansible-roles Changeset

Changeset - e61d502b9d00

Parent rev.

Child rev.

[Not reviewed]

0 3 1

Branko Majic (branko) - 10 years ago 2015-08-31 22:50:54
branko@majic.rs

MAR-19: Simplified a couple of parameters in the xmpp_server role.

4 files changed with 15 insertions and 12 deletions:

docs/rolereference.rst

roles/xmpp_server/defaults/main.yml

roles/xmpp_server/templates/prosody.cfg.lua.j2

testsite/group_vars/xmpp.yml

0 comments (0 inline, 0 general)

docs/rolereference.rst

➞

Show inline comments

@@ @@ -574,13 +574,13 @@ Parameters @@
   XMPP service. The file will be copied to directory ``/etc/ssl/private/``.
 **xmpp_tls_certificate** (string, mandatory)
   Path to file on Ansible host that contains the X.509 certificate used for TLS
   for SMTP service. The file will be copied to directory ``/etc/ssl/certs/``.
-**xmpp_domains** (list, mandatory)
+**xmpp_domains** (list, optional, ``ansible_facts[host]['domain']``)
   List of domains that are served by this Prosody instance. Each item is a
   string specifying a domain.
 **xmpp_ldap_server** (string, mandatory)
   Fully qualified domain name, hostname, or IP address of the LDAP server used
   for user authentication and listing.
@@ @@ -590,30 +590,31 @@ Parameters @@
   server. This user is used for looking-up the users available on the
   server. Users themselves authenticate via their own account.
 **xmpp_ldap_password** (string, mandatory)
   Password used for authenticating to the LDAP server.
-**xmpp_ldap_filter** (string, mandatory)
+**xmpp_ldap_filter** (string, optional, ``(mail=$user@$host)``)
   LDAP filter used for obtaining a list of users available on the Prosody
   server. Two special strings can be used for specifying the user and domain,
   ``$user``, and ``$host`` within. These will be replaced with real values in
   the filter every time a user is looked-up.
-**xmpp_ldap_scope** (string, mandatory)
+**xmpp_ldap_scope** (string, optional, ``subtree``)
   Scope for performing the LDAP search for obtaining a list of users available
   on the Prosody server.
 **xmpp_ldap_tls** (boolean, mandatory)
   Specifies whether to use STARTTLS extension when connecting to the LDAP server
   or not.
 **xmpp_ldap_base** (string, mandatory)
 **xmpp_ldap_base** (string, optional, see below)
   Base DN under which the lists of users available on the Prosody should be
   looked-up.
   If not specified, the value will default to base DN constructed by putting all
   elements of the server's domain as ``dc`` entries (as per standard Debian
   convention). I.e. if XMPP server domain is ``example.com``, the resulting base
   DN would be ``dc=example,dc=com``.
 Examples
 ~~~~~~~~
 Here is an example configuration for setting-up XMPP server using Prosody:
   xmpp_ldap_bind_dn: cn=xmpp,ou=services,dc=example,dc=com
   xmpp_ldap_password: xmpp
   # This would require that the memberof overlay is available on LDAP server
   # side.
   xmpp_ldap_filter: '(&(memberOf=cn=xmpp,ou=groups,dc=example,dc=com)(mail=$user@$host))'
   xmpp_ldap_scope: "onelevel"
   xmpp_ldap_tls: "true"
   xmpp_ldap_base: "ou=people,dc=example,dc=com"
 Mail Server
 -----------

roles/xmpp_server/defaults/main.yml

➞

Show inline comments

@@ new file 100644 @@
 ---
 xmpp_domains: "{{ ansible_facts[host]['domain'] }}"
 xmpp_ldap_filter: '(mail=$user@$host)'
 xmpp_ldap_scope: subtree
 xmpp_ldap_base: "{{ ansible_facts[host]['domain'] | regex_replace('\\.', ',dc=') | regex_replace('^', 'dc=') }}"

roles/xmpp_server/templates/prosody.cfg.lua.j2

➞

Show inline comments

@@ @@ -62,13 +62,12 @@ pidfile = "/var/run/prosody/prosody.pid" @@
 authentication = "ldap"
 ldap_server = "{{ xmpp_ldap_server }}"
 ldap_rootdn = "{{ xmpp_ldap_bind_dn }}"
 ldap_password = "{{ xmpp_ldap_password }}"
 ldap_filter = "{{ xmpp_ldap_filter }}"
 ldap_scope = "{{ xmpp_ldap_scope }}"
 ldap_tls = {{ xmpp_ldap_tls }}
 ldap_base = "{{ xmpp_ldap_base }}"
 -- Storage backend.
 storage = "internal"
 -- Logging configuration.

testsite/group_vars/xmpp.yml

➞

Show inline comments

 xmpp_ldap_password: xmpp
 xmpp_ldap_filter: '(&(memberOf=cn=xmpp,ou=groups,{{ testsite_ldap_base }})(mail=$user@$host))'
 xmpp_ldap_scope: "onelevel"
 xmpp_ldap_tls: "true"
 xmpp_ldap_base: "ou=people,{{ testsite_ldap_base }}"

0 comments (0 inline, 0 general)