142 lines
No EOL
3.9 KiB
YAML
142 lines
No EOL
3.9 KiB
YAML
---
|
|
- name: install ldap
|
|
hosts: all
|
|
become: true
|
|
|
|
vars:
|
|
lam_pwd: "{{ env_lam_pw }}"
|
|
ldap_pwd: "{{ env_ldap_pw }}"
|
|
ldap_ro_pwd: "{{ env_ldap_ro_pw}}"
|
|
sqlpwd: "{{ env_sql_pw}}"
|
|
sqlrootpwd: "{{ env_root_sql_pw}}"
|
|
|
|
tasks:
|
|
- name: Create network AuthentikNet
|
|
community.docker.docker_network:
|
|
name: LDAPNet
|
|
|
|
- name: remove other files
|
|
include_tasks: yaml_sub/install_docker.yaml
|
|
|
|
- name: remove other files
|
|
include_tasks: yaml_sub/myrepo_clean.yaml
|
|
|
|
- name: update file myrepo.repo
|
|
import_tasks: yaml_sub/myrepo_data.yaml
|
|
|
|
- name: install sssd
|
|
dnf:
|
|
name: "sssd,sssd-client"
|
|
state: latest
|
|
update_cache: true
|
|
skip_broken: true
|
|
nobest: false
|
|
allowerasing: true
|
|
|
|
- name: install 389
|
|
dnf:
|
|
name: "389-ds-base"
|
|
state: latest
|
|
update_cache: true
|
|
skip_broken: true
|
|
nobest: false
|
|
allowerasing: true
|
|
|
|
- name: Create volume ldap_maria_db
|
|
community.docker.docker_volume:
|
|
name: ldap_maria_db
|
|
state: present
|
|
|
|
- name: Create mariab container
|
|
community.docker.docker_container:
|
|
name: ldapmariadb
|
|
image: mariadb
|
|
state: started
|
|
recreate: no
|
|
restart_policy: always
|
|
env:
|
|
MARIADB_DATABASE: "ldap"
|
|
MARIADB_USER: "ldap"
|
|
MARIADB_PASSWORD: "{{ sqlpwd }}"
|
|
MARIADB_ROOT_PASSWORD : "{{ sqlrootpwd }}"
|
|
MYSQL_ROOT_HOST: '%'
|
|
networks:
|
|
- name: LDAPNet
|
|
comparisons:
|
|
networks: strict
|
|
volumes:
|
|
- "ldap_maria_db:/var/lib/mysql"
|
|
|
|
- name: Create volume lam_etc
|
|
community.docker.docker_volume:
|
|
name: lam_etc
|
|
state: present
|
|
|
|
- name: Create lam container
|
|
community.docker.docker_container:
|
|
name: ldaplam
|
|
image: ldapaccountmanager/lam
|
|
state: started
|
|
recreate: no
|
|
restart_policy: always
|
|
published_ports:
|
|
- "80:80/tcp"
|
|
volumes:
|
|
- "lam_etc:/var/lib/ldap-account-manager/config"
|
|
env:
|
|
LAM_SKIP_PRECONFIGURE: "false"
|
|
LDAP_DOMAIN: "ldap.neuro.uni-bremen.de"
|
|
LDAP_BASE_DN: "dc=ldap,dc=neuro,dc=uni-bremen,dc=de"
|
|
LDAP_USERS_DN: "ou=people,dc=ldap,dc=neuro,dc=uni-bremen,dc=de"
|
|
LDAP_GROUPS_DN: "ou=groups,dc=ldap,dc=neuro,dc=uni-bremen,dc=de"
|
|
LDAP_SERVER: "ldap://ldap.neuro.uni-bremen.de:389"
|
|
LDAP_USER: "cn=admin,dc=ldap,dc=neuro,dc=uni-bremen,dc=de"
|
|
LAM_LANG: "en_US"
|
|
LAM_PASSWORD: "{{ lam_pwd }}"
|
|
LAM_CONFIGURATION_DATABASE: "mysql"
|
|
LAM_CONFIGURATION_HOST: "ldapmariadb"
|
|
LAM_CONFIGURATION_PORT: "3306"
|
|
LAM_CONFIGURATION_USER: "ldap"
|
|
LAM_CONFIGURATION_PASSWORD: "{{ sqlpwd }}"
|
|
LAM_CONFIGURATION_DATABASE_NAME: "ldap"
|
|
LAM_DISABLE_TLS_CHECK: "false"
|
|
LDAP_ORGANISATION: "Neuro-Physik ITP"
|
|
LDAP_ADMIN_PASSWORD: "{{ ldap_pwd }}"
|
|
LDAP_READONLY_USER_PASSWORD: "{{ ldap_ro_pwd }}"
|
|
|
|
networks:
|
|
- name: LDAPNet
|
|
- name: bridge
|
|
comparisons:
|
|
networks: strict
|
|
|
|
|
|
- name: set instance.inf
|
|
blockinfile:
|
|
path: /root/instance.inf
|
|
state: present
|
|
create: true
|
|
owner: "root"
|
|
group: "root"
|
|
mode: "0666"
|
|
block: |
|
|
[general]
|
|
full_machine_name = ldap.neuro.uni-bremen.de
|
|
start = True
|
|
strict_host_checking = False
|
|
|
|
[slapd]
|
|
instance_name = localhost
|
|
root_dn = cn=admin
|
|
root_password = {{ ldap_pwd }}
|
|
port = 389
|
|
secure_port = 636
|
|
self_sign_cert = True
|
|
|
|
[backend-userroot]
|
|
sample_entries = yes
|
|
suffix = dc=ldap,dc=neuro,dc=uni-bremen,dc=de
|
|
|
|
# cd /root ; dscreate from-file instance.inf
|
|
|
|
# ldapsearch -x -H ldap://ldap.neuro.uni-bremen.de -s base -b "" "objectclass=*" |