neuro_ansible/install_scripts/install_ldap_389ds.yaml

142 lines
3.9 KiB
YAML
Raw Normal View History

2024-03-29 02:08:17 +01:00
---
- name: install ldap
hosts: all
become: true
2024-04-12 02:32:26 +02:00
vars:
lam_pwd: "{{ env_lam_pw }}"
ldap_pwd: "{{ env_ldap_pw }}"
ldap_ro_pwd: "{{ env_ldap_ro_pw}}"
sqlpwd: "{{ env_sql_pw}}"
sqlrootpwd: "{{ env_root_sql_pw}}"
2024-03-29 02:08:17 +01:00
tasks:
2024-04-12 02:32:26 +02:00
- name: Create network AuthentikNet
community.docker.docker_network:
name: LDAPNet
2024-04-04 13:53:58 +02:00
- name: remove other files
include_tasks: yaml_sub/install_docker.yaml
2024-03-29 02:08:17 +01:00
- name: remove other files
include_tasks: yaml_sub/myrepo_clean.yaml
2024-04-04 13:53:58 +02:00
2024-03-29 02:08:17 +01:00
- name: update file myrepo.repo
import_tasks: yaml_sub/myrepo_data.yaml
- name: install sssd
dnf:
name: "sssd,sssd-client"
state: latest
update_cache: true
skip_broken: true
nobest: false
allowerasing: true
- name: install 389
dnf:
2024-04-04 13:53:58 +02:00
name: "389-ds-base"
2024-03-29 02:08:17 +01:00
state: latest
update_cache: true
skip_broken: true
nobest: false
allowerasing: true
2024-04-12 02:32:26 +02:00
- name: Create volume ldap_maria_db
community.docker.docker_volume:
name: ldap_maria_db
state: present
- name: Create mariab container
community.docker.docker_container:
name: ldapmariadb
image: mariadb
state: started
recreate: no
restart_policy: always
env:
MARIADB_DATABASE: "ldap"
MARIADB_USER: "ldap"
MARIADB_PASSWORD: "{{ sqlpwd }}"
MARIADB_ROOT_PASSWORD : "{{ sqlrootpwd }}"
MYSQL_ROOT_HOST: '%'
networks:
- name: LDAPNet
comparisons:
networks: strict
volumes:
- "ldap_maria_db:/var/lib/mysql"
2024-04-04 13:53:58 +02:00
- name: Create volume lam_etc
community.docker.docker_volume:
name: lam_etc
state: present
- name: Create lam container
community.docker.docker_container:
2024-04-12 02:32:26 +02:00
name: ldaplam
2024-04-04 13:53:58 +02:00
image: ldapaccountmanager/lam
state: started
2024-04-12 02:32:26 +02:00
recreate: no
2024-04-04 13:53:58 +02:00
restart_policy: always
published_ports:
- "80:80/tcp"
volumes:
2024-04-12 02:32:26 +02:00
- "lam_etc:/var/lib/ldap-account-manager/config"
2024-04-04 13:53:58 +02:00
env:
2024-04-12 02:32:26 +02:00
LAM_SKIP_PRECONFIGURE: "false"
LDAP_DOMAIN: "ldap.neuro.uni-bremen.de"
LDAP_BASE_DN: "dc=ldap,dc=neuro,dc=uni-bremen,dc=de"
LDAP_USERS_DN: "ou=people,dc=ldap,dc=neuro,dc=uni-bremen,dc=de"
LDAP_GROUPS_DN: "ou=groups,dc=ldap,dc=neuro,dc=uni-bremen,dc=de"
LDAP_SERVER: "ldap://ldap.neuro.uni-bremen.de:389"
LDAP_USER: "cn=admin,dc=ldap,dc=neuro,dc=uni-bremen,dc=de"
LAM_LANG: "en_US"
LAM_PASSWORD: "{{ lam_pwd }}"
LAM_CONFIGURATION_DATABASE: "mysql"
LAM_CONFIGURATION_HOST: "ldapmariadb"
LAM_CONFIGURATION_PORT: "3306"
LAM_CONFIGURATION_USER: "ldap"
LAM_CONFIGURATION_PASSWORD: "{{ sqlpwd }}"
LAM_CONFIGURATION_DATABASE_NAME: "ldap"
LAM_DISABLE_TLS_CHECK: "false"
LDAP_ORGANISATION: "Neuro-Physik ITP"
LDAP_ADMIN_PASSWORD: "{{ ldap_pwd }}"
LDAP_READONLY_USER_PASSWORD: "{{ ldap_ro_pwd }}"
networks:
- name: LDAPNet
- name: bridge
comparisons:
networks: strict
2024-04-04 13:53:58 +02:00
2024-03-29 02:08:17 +01:00
- name: set instance.inf
blockinfile:
path: /root/instance.inf
state: present
create: true
owner: "root"
group: "root"
mode: "0666"
block: |
[general]
full_machine_name = ldap.neuro.uni-bremen.de
start = True
2024-04-12 02:32:26 +02:00
strict_host_checking = False
2024-03-29 02:08:17 +01:00
[slapd]
instance_name = localhost
2024-04-12 02:32:26 +02:00
root_dn = cn=admin
root_password = {{ ldap_pwd }}
2024-03-29 02:08:17 +01:00
port = 389
secure_port = 636
self_sign_cert = True
[backend-userroot]
sample_entries = yes
suffix = dc=ldap,dc=neuro,dc=uni-bremen,dc=de
2024-04-12 17:38:32 +02:00
# cd /root ; dscreate from-file instance.inf
2024-03-29 02:08:17 +01:00
2024-04-16 10:10:11 +02:00
# ldapsearch -x -H ldap://ldap.neuro.uni-bremen.de -s base -b "" "objectclass=*"