|
@@ -297,97 +297,97 @@ packages on all servers:
|
|
|
|
|
|
---
|
|
|
|
|
|
os_users:
|
|
|
- name: admin
|
|
|
uid: 1000
|
|
|
additional_groups:
|
|
|
- sudo
|
|
|
authorized_keys:
|
|
|
- "{{ lookup('file', '/home/admin/.ssh/id_rsa.pub') }}"
|
|
|
password: '$6$AaJRWtqyX5pk$IP8DUjgY0y2zqMom9BAc.O9qHoQWLFCmEsPRCika6l/Xh87cp2SnlMywH0.r4uEcbHnoicQG46V9VrJ8fxp2d.'
|
|
|
- name: john
|
|
|
uid: 1001
|
|
|
password: '$6$AaJRWtqyX5pk$IP8DUjgY0y2zqMom9BAc.O9qHoQWLFCmEsPRCika6l/Xh87cp2SnlMywH0.r4uEcbHnoicQG46V9VrJ8fxp2d.'
|
|
|
|
|
|
os_groups:
|
|
|
- name: localusers
|
|
|
gid: 2500
|
|
|
|
|
|
common_packages:
|
|
|
- emacs23-nox
|
|
|
- screen
|
|
|
- debconf-utils
|
|
|
|
|
|
ca_certificates:
|
|
|
- ../certs/truststore.pem
|
|
|
|
|
|
incoming_connection_limit: 2/second
|
|
|
|
|
|
incoming_connection_limit_burst: 6
|
|
|
|
|
|
.. _ldap_client:
|
|
|
|
|
|
LDAP Client
|
|
|
-----------
|
|
|
|
|
|
The ``ldap_client`` role can be used for setting-up an OpenLDAP client on
|
|
|
destination machine.
|
|
|
|
|
|
The role implements the following:
|
|
|
|
|
|
* Installs OpenLDAP client tools.
|
|
|
* Sets-up global configuration file for OpenLDAP clients at /etc/ldap/ldap.conf.
|
|
|
|
|
|
|
|
|
Parameters
|
|
|
~~~~~~~~~~
|
|
|
|
|
|
**ldap_client_config** (list, mandatory)
|
|
|
**ldap_client_config** (list, optional, ``[]``)
|
|
|
A list of configuration options that should be put into the LDAP configuration
|
|
|
file. Each item is a dictionary with the following options defining the
|
|
|
configuration parameter:
|
|
|
|
|
|
**comment** (string, mandatory)
|
|
|
Comment that will be shown in the file just above the configuration option.
|
|
|
|
|
|
**option** (string, mandatory)
|
|
|
Name of configuration option.
|
|
|
|
|
|
**value** (string, mandatory)
|
|
|
Value for configuration option.
|
|
|
|
|
|
|
|
|
Examples
|
|
|
~~~~~~~~
|
|
|
|
|
|
Here is an example configuration for setting some common LDAP client options:
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
---
|
|
|
|
|
|
ldap_client_config:
|
|
|
- comment: Set the base DN
|
|
|
option: BASE
|
|
|
value: dc=example,dc=com
|
|
|
- comment: Set the default URI
|
|
|
option: URI
|
|
|
value: ldap://ldap.example.com/
|
|
|
- comment: Set the truststore for TLS/SSL
|
|
|
option: TLS_CACERT
|
|
|
value: /etc/ssl/certs/example_ca.pem
|
|
|
- commment: Force basic server certificate verification
|
|
|
option: TLS_REQCERT
|
|
|
value: demand
|
|
|
- comment: Disable CRL checks for server certificate
|
|
|
option: TLS_CRLCHECK
|
|
|
value: none
|
|
|
|
|
|
|
|
|
LDAP Server
|
|
|
-----------
|
|
|
|
|
|
The ``ldap_server`` role can be used for setting-up an OpenLDAP server on
|
|
|
destination machine.
|
|
|
|
|
|
The role implements the following:
|