JensWH/netz39-infra-ansible
1
0
Fork 0
forked from Netz39_Admin/netz39-infra-ansible
Code Pull requests Activity

Fix container setup

Browse source 
Leave the sync handling for now.
This commit is contained in:
Stefan Haun 2022-07-05 20:52:03 +02:00
parent ab0356798e
commit d0274d7417
1 changed files with 15 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

27
krypton.yml
View file

@ -7,10 +7,16 @@
data_dir: "/srv/data" data_dir: "/srv/data"
dehydrated_certs_dir: "/usr/local/etc/dehydrated"
docker_ip_ranges: ["172.16.0.0/12", "192.168.0.0/16"]
openldap_image_version: 1.5.0 openldap_image_version: 1.5.0
openldap_data: "{{ data_dir }}/openldap" openldap_data: "{{ data_dir }}/openldap"
openldap_domain: "ldap.n39.eu" openldap_domain: "ldap.n39.eu"
ldap_domain: "netz39.de"
ldap_org: "Netz39 e.V." ldap_org: "Netz39 e.V."
ldap_base_dn: "dc=netz39,dc=de"
roles: roles:
- role: docker_setup - role: docker_setup
@ -52,35 +58,32 @@
LDAP_READONLY_USER: "false" LDAP_READONLY_USER: "false"
LDAP_ADMIN_PASSWORD: "{{ldap_admin_password}}" LDAP_ADMIN_PASSWORD: "{{ldap_admin_password}}"
LDAP_CONFIG_PASSWORD: "{{ldap_config_password}}" # LDAP_CONFIG_PASSWORD: "{{ldap_config_password}}"
LDAP_RFC2307BIS_SCHEMA: "true" LDAP_RFC2307BIS_SCHEMA: "true"
LDAP_TLS_CIPHER_SUITE: "SECURE256:-VERS-SSL3.0" LDAP_TLS_CIPHER_SUITE: "SECURE256:-VERS-SSL3.0"
LDAP_REPLICATION: "{{ldap_replication_enable}}" LDAP_REPLICATION: "no"
LDAP_REPLICATION_CONFIG_SYNCPROV: "{{ldap_replication_config_syncprov}}"
LDAP_REPLICATION_DB_SYNCPROV: "{{ldap_replication_db_syncprov}}"
LDAP_REPLICATION_HOSTS: "{{ldap_replication_hosts}}"
KEEP_EXISTING_CONFIG: "false" KEEP_EXISTING_CONFIG: "false"
LDAP_REMOVE_CONFIG_AFTER_SETUP: "true" LDAP_REMOVE_CONFIG_AFTER_SETUP: "true"
published_ports: published_ports:
- "{{ldap_ip}}:389:389" # unencrypted/STARTTLS - "389:389" # unencrypted/STARTTLS
- "{{ldap_ip}}:636:636" # SSL - "636:636" # SSL
volumes: volumes:
- "{{ openldap_data }}/ldap:/var/lib/ldap" - "{{ openldap_data }}/ldap:/var/lib/ldap"
- "{{ openldap_data }}/slapd:/etc/ldap/slapd.d" - "{{ openldap_data }}/slapd:/etc/ldap/slapd.d"
- "{{ dehydrated_certs_dir }}/certs/{{ openldap_domain }}:/container/service/slapd/assets/certs" - "{{ dehydrated_certs_dir }}/certs/{{ openldap_domain }}:/container/service/slapd/assets/certs"
- "{{ openldap_data }}/ldif/custom-element.ldif:/container/service/slapd/assets/config/bootstrap/ldif/custom/01_netz39.ldif" - "{{ openldap_data }}/ldif/custom-element.ldif:/container/service/slapd/assets/config/bootstrap/ldif/custom/01_netz39.ldif"
timeout: 500 timeout: 500
# For replication to work correctly, domainname and hostname must be
# set correctly so that "hostname"."domainname" equates to the
# fully-qualified domain name for the host.
domainname: "{{ldap_domainname}}"
hostname: "{{ldap_hostname}}"
command: "--copy-service --loglevel debug" command: "--copy-service --loglevel debug"
- name: Ensure UFW is installed
ansible.builtin.package:
name: ufw
state: present
- name: Allow access to openLDAP from local docker container [1/2] - name: Allow access to openLDAP from local docker container [1/2]
become: true become: true
community.general.ufw: community.general.ufw: