From 85ac1dcd6891d2d222c2f7b83f84d3f197c4023d Mon Sep 17 00:00:00 2001 From: Timo Makinen Date: Wed, 1 Sep 2021 14:11:47 +0000 Subject: [PATCH] ldap: Refactor ldap roles * Move ldap/client to software submodule as ldap * Rename ldap/server to ldap-server --- playbooks/collab.yml | 2 +- playbooks/ldap.yml | 2 +- .../server => ldap-server}/defaults/main.yml | 0 .../files/check_password.conf | 0 .../files/kerberos.schema | 0 .../files/ldap-backup.sh | 0 .../server => ldap-server}/files/ldapspn.py | 0 .../files/openssh-lpk.schema | 0 .../files/rfc2307bis.schema | 0 .../server => ldap-server}/files/samba.schema | 0 .../files/slapd.sysconfig | 0 .../server => ldap-server}/handlers/main.yml | 0 .../server => ldap-server}/meta/main.yml | 2 +- .../server => ldap-server}/tasks/main.yml | 0 .../templates/slapd.conf.j2 | 0 roles/ldap/client/tasks/main.yml | 22 ------------------- roles/ldap/client/templates/ldap.conf.j2 | 6 ----- roles/ldap/client/templates/ldaprc.j2 | 3 --- roles/sssd/meta/main.yml | 2 +- 19 files changed, 4 insertions(+), 35 deletions(-) rename roles/{ldap/server => ldap-server}/defaults/main.yml (100%) rename roles/{ldap/server => ldap-server}/files/check_password.conf (100%) rename roles/{ldap/server => ldap-server}/files/kerberos.schema (100%) rename roles/{ldap/server => ldap-server}/files/ldap-backup.sh (100%) rename roles/{ldap/server => ldap-server}/files/ldapspn.py (100%) rename roles/{ldap/server => ldap-server}/files/openssh-lpk.schema (100%) rename roles/{ldap/server => ldap-server}/files/rfc2307bis.schema (100%) rename roles/{ldap/server => ldap-server}/files/samba.schema (100%) rename roles/{ldap/server => ldap-server}/files/slapd.sysconfig (100%) rename roles/{ldap/server => ldap-server}/handlers/main.yml (100%) rename roles/{ldap/server => ldap-server}/meta/main.yml (78%) rename roles/{ldap/server => ldap-server}/tasks/main.yml (100%) rename roles/{ldap/server => ldap-server}/templates/slapd.conf.j2 (100%) delete mode 100644 roles/ldap/client/tasks/main.yml delete mode 100644 roles/ldap/client/templates/ldap.conf.j2 delete mode 100644 roles/ldap/client/templates/ldaprc.j2 diff --git a/playbooks/collab.yml b/playbooks/collab.yml index a7f2b8d..00f5e6f 100644 --- a/playbooks/collab.yml +++ b/playbooks/collab.yml @@ -28,7 +28,7 @@ keytab: /etc/httpd/httpd.keytab principals: HTTP/collab.foo.sh@FOO.SH group: apache - - ldap/client + - ldap tasks: - name: redirect root web directory to collab diff --git a/playbooks/ldap.yml b/playbooks/ldap.yml index 8b02a66..3e5e894 100644 --- a/playbooks/ldap.yml +++ b/playbooks/ldap.yml @@ -23,7 +23,7 @@ roles: - base - - ldap/server + - ldap-server - kerberos/kdc - role: ldap_netdb when: ldap_master is defined diff --git a/roles/ldap/server/defaults/main.yml b/roles/ldap-server/defaults/main.yml similarity index 100% rename from roles/ldap/server/defaults/main.yml rename to roles/ldap-server/defaults/main.yml diff --git a/roles/ldap/server/files/check_password.conf b/roles/ldap-server/files/check_password.conf similarity index 100% rename from roles/ldap/server/files/check_password.conf rename to roles/ldap-server/files/check_password.conf diff --git a/roles/ldap/server/files/kerberos.schema b/roles/ldap-server/files/kerberos.schema similarity index 100% rename from roles/ldap/server/files/kerberos.schema rename to roles/ldap-server/files/kerberos.schema diff --git a/roles/ldap/server/files/ldap-backup.sh b/roles/ldap-server/files/ldap-backup.sh similarity index 100% rename from roles/ldap/server/files/ldap-backup.sh rename to roles/ldap-server/files/ldap-backup.sh diff --git a/roles/ldap/server/files/ldapspn.py b/roles/ldap-server/files/ldapspn.py similarity index 100% rename from roles/ldap/server/files/ldapspn.py rename to roles/ldap-server/files/ldapspn.py diff --git a/roles/ldap/server/files/openssh-lpk.schema b/roles/ldap-server/files/openssh-lpk.schema similarity index 100% rename from roles/ldap/server/files/openssh-lpk.schema rename to roles/ldap-server/files/openssh-lpk.schema diff --git a/roles/ldap/server/files/rfc2307bis.schema b/roles/ldap-server/files/rfc2307bis.schema similarity index 100% rename from roles/ldap/server/files/rfc2307bis.schema rename to roles/ldap-server/files/rfc2307bis.schema diff --git a/roles/ldap/server/files/samba.schema b/roles/ldap-server/files/samba.schema similarity index 100% rename from roles/ldap/server/files/samba.schema rename to roles/ldap-server/files/samba.schema diff --git a/roles/ldap/server/files/slapd.sysconfig b/roles/ldap-server/files/slapd.sysconfig similarity index 100% rename from roles/ldap/server/files/slapd.sysconfig rename to roles/ldap-server/files/slapd.sysconfig diff --git a/roles/ldap/server/handlers/main.yml b/roles/ldap-server/handlers/main.yml similarity index 100% rename from roles/ldap/server/handlers/main.yml rename to roles/ldap-server/handlers/main.yml diff --git a/roles/ldap/server/meta/main.yml b/roles/ldap-server/meta/main.yml similarity index 78% rename from roles/ldap/server/meta/main.yml rename to roles/ldap-server/meta/main.yml index 9575393..82ede77 100644 --- a/roles/ldap/server/meta/main.yml +++ b/roles/ldap-server/meta/main.yml @@ -3,5 +3,5 @@ dependencies: - {role: dhparams} - {role: kerberos/client} - - {role: ldap/client} + - {role: ldap} - {role: saslauthd} diff --git a/roles/ldap/server/tasks/main.yml b/roles/ldap-server/tasks/main.yml similarity index 100% rename from roles/ldap/server/tasks/main.yml rename to roles/ldap-server/tasks/main.yml diff --git a/roles/ldap/server/templates/slapd.conf.j2 b/roles/ldap-server/templates/slapd.conf.j2 similarity index 100% rename from roles/ldap/server/templates/slapd.conf.j2 rename to roles/ldap-server/templates/slapd.conf.j2 diff --git a/roles/ldap/client/tasks/main.yml b/roles/ldap/client/tasks/main.yml deleted file mode 100644 index b45dcdb..0000000 --- a/roles/ldap/client/tasks/main.yml +++ /dev/null @@ -1,22 +0,0 @@ ---- - -- name: install packages - package: - name: openldap-clients - state: installed - -- name: configure ldap client - template: - dest: /etc/openldap/ldap.conf - src: ldap.conf.j2 - mode: 0644 - owner: root - group: "{{ ansible_wheel }}" - -- name: authenticate to ldap with host certs when running as root - template: - dest: /root/.ldaprc - src: ldaprc.j2 - mode: 0600 - owner: root - group: "{{ ansible_wheel }}" diff --git a/roles/ldap/client/templates/ldap.conf.j2 b/roles/ldap/client/templates/ldap.conf.j2 deleted file mode 100644 index a1ef17c..0000000 --- a/roles/ldap/client/templates/ldap.conf.j2 +++ /dev/null @@ -1,6 +0,0 @@ - -BASE {{ ldap_basedn }} -URI {% for item in ldap_server %}ldaps://{{ item }} {% endfor %} - -TLS_CACERT {{ tls_bundle }} -TLS_REQCERT demand diff --git a/roles/ldap/client/templates/ldaprc.j2 b/roles/ldap/client/templates/ldaprc.j2 deleted file mode 100644 index 51c1b56..0000000 --- a/roles/ldap/client/templates/ldaprc.j2 +++ /dev/null @@ -1,3 +0,0 @@ -TLS_KEY {{ tls_private }}/{{ inventory_hostname }}.key -TLS_CERT {{ tls_certs }}/{{ inventory_hostname }}.crt -SASL_MECH external diff --git a/roles/sssd/meta/main.yml b/roles/sssd/meta/main.yml index 6cab9fe..2d00a9c 100644 --- a/roles/sssd/meta/main.yml +++ b/roles/sssd/meta/main.yml @@ -1,4 +1,4 @@ --- dependencies: - {role: kerberos/client} - - {role: ldap/client} + - {role: ldap}