Rename roots to states
This commit renames the roots directory to states because it contains salt states.
This commit is contained in:
parent
cade234963
commit
3fd146215f
34 changed files with 0 additions and 0 deletions
91
states/gnuviechadmin/gvaldap/create_base_ldap_objects.sh
Normal file
91
states/gnuviechadmin/gvaldap/create_base_ldap_objects.sh
Normal file
|
|
@ -0,0 +1,91 @@
|
|||
#!/bin/sh
|
||||
|
||||
set -e
|
||||
|
||||
{% set base_dn = salt['pillar.get']('gnuviechadmin:ldap_base_dn') %}
|
||||
{% set ldap_admin_user = salt['pillar.get']('gnuviechadmin:ldap_admin_user') %}
|
||||
{% set ldap_groups_ou = salt['pillar.get']('gnuviechadmin:ldap_groups_ou') %}
|
||||
{% set ldap_users_ou = salt['pillar.get']('gnuviechadmin:ldap_users_ou') %}
|
||||
|
||||
# setup password hashing for cleartext input
|
||||
ldapadd -v -H ldapi:// -Y EXTERNAL -f /etc/ldap/schema/ppolicy.ldif
|
||||
|
||||
ldapmodify -v -H ldapi:// -Y EXTERNAL <<EOD
|
||||
dn: cn=module{0},cn=config
|
||||
changetype: modify
|
||||
add: olcModuleLoad
|
||||
olcModuleLoad: ppolicy
|
||||
|
||||
dn: olcOverlay=ppolicy,olcDatabase={1}mdb,cn=config
|
||||
changetype: add
|
||||
objectClass: olcOverlayConfig
|
||||
objectClass: olcPPolicyConfig
|
||||
olcOverlay: ppolicy
|
||||
olcPPolicyHashClearText: TRUE
|
||||
EOD
|
||||
|
||||
# define ACLs on LDAP tree
|
||||
ldapmodify -v -H ldapi:// -Y EXTERNAL <<EOD
|
||||
dn: olcDatabase={1}mdb,cn=config
|
||||
changetype: modify
|
||||
replace: olcAccess
|
||||
olcAccess: {0}to attrs=userPassword,shadowLastChange
|
||||
by self write
|
||||
by anonymous auth
|
||||
by dn="cn={{ ldap_admin_user }},{{ base_dn }}" write
|
||||
by * none
|
||||
olcAccess: {1}to dn.base=""
|
||||
by * read
|
||||
olcAccess: {2}to dn.subtree="ou={{ ldap_users_ou }},{{ base_dn }}"
|
||||
by dn="cn={{ ldap_admin_user }},{{ base_dn }}" write
|
||||
by * read
|
||||
olcAccess: {3}to dn.subtree="ou={{ ldap_groups_ou }},{{ base_dn }}"
|
||||
by dn="cn={{ ldap_admin_user }},{{ base_dn }}" write
|
||||
by * read
|
||||
olcAccess: {4}to *
|
||||
by self write
|
||||
by * read
|
||||
EOD
|
||||
|
||||
# add OUs, groups and ldapadmin user
|
||||
ldapmodify -v -H {{ salt['pillar.get']('gnuviechadmin:ldap_url') }} -x -D "cn=admin,{{ base_dn }}" -w '{{ salt["grains.get_or_set_hash"]("slapd.password") }}' <<EOD
|
||||
dn: ou={{ ldap_users_ou }},{{ base_dn }}
|
||||
changetype: add
|
||||
objectClass: top
|
||||
objectClass: organizationalUnit
|
||||
ou: {{ ldap_users_ou }}
|
||||
|
||||
dn: ou={{ ldap_groups_ou }},{{ base_dn }}
|
||||
changetype: add
|
||||
objectClass: top
|
||||
objectClass: organizationalUnit
|
||||
ou: {{ ldap_groups_ou }}
|
||||
|
||||
dn: cn=sftponly,ou={{ ldap_groups_ou }},{{ base_dn }}
|
||||
changetype: add
|
||||
objectClass: posixGroup
|
||||
cn: sftponly
|
||||
gidNumber: 2000
|
||||
description: SFTP users
|
||||
|
||||
dn: cn=wwwusers,ou={{ ldap_groups_ou }},{{ base_dn }}
|
||||
changetype: add
|
||||
objectClass: posixGroup
|
||||
cn: wwwusers
|
||||
gidNumber: 2001
|
||||
|
||||
dn: cn=webserver,ou={{ ldap_groups_ou }},{{ base_dn }}
|
||||
changetype: add
|
||||
objectClass: posixGroup
|
||||
cn: webserver
|
||||
gidNumber: 2002
|
||||
memberUid: www-data
|
||||
|
||||
dn: cn={{ ldap_admin_user }},{{ base_dn }}
|
||||
changetype: add
|
||||
objectClass: simpleSecurityObject
|
||||
objectClass: organizationalRole
|
||||
cn: {{ ldap_admin_user }}
|
||||
description: LDAP manager for celery worker
|
||||
userPassword:: {{ salt['grains.get_or_set_hash']('gnuviechadmin.ldap_admin_password', 16).encode("base64") }}
|
||||
EOD
|
||||
7
states/gnuviechadmin/gvaldap/run_celery.sh
Normal file
7
states/gnuviechadmin/gvaldap/run_celery.sh
Normal file
|
|
@ -0,0 +1,7 @@
|
|||
#!/bin/sh
|
||||
|
||||
set -ex
|
||||
|
||||
. {{ home }}/gvasettings.sh
|
||||
cd {{ appdir }}
|
||||
{{ virtualenv }}/bin/celery worker -A gvaldap -Q ldap --loglevel=INFO
|
||||
15
states/gnuviechadmin/gvaldap/settings.sh
Normal file
15
states/gnuviechadmin/gvaldap/settings.sh
Normal file
|
|
@ -0,0 +1,15 @@
|
|||
#!/bin/sh
|
||||
|
||||
export DJANGO_SETTINGS_MODULE='gvaldap.settings.{{ salt['pillar.get']('gnuviechadmin:deploymenttype', 'production') }}'
|
||||
export GVALDAP_ADMIN_NAME='Jan Dittberner'
|
||||
export GVALDAP_ADMIN_EMAIL='{{ salt['pillar.get']('gnuviechadmin:adminemail') }}'
|
||||
export GVALDAP_LDAP_URL='{{ salt['pillar.get']('gnuviechadmin:ldap_url') }}'
|
||||
export GVALDAP_LDAP_USER='{{ 'cn=%s,%s' % (salt['pillar.get']('gnuviechadmin:ldap_admin_user'), salt['pillar.get']('gnuviechadmin:ldap_base_dn')) }}'
|
||||
export GVALDAP_LDAP_PASSWORD='{{ salt['grains.get_or_set_hash']('gnuviechadmin.ldap_admin_password', 16) }}'
|
||||
export GVALDAP_BASEDN_GROUP='{{ 'ou=%s,%s' % (salt['pillar.get']('gnuviechadmin:ldap_groups_ou'), salt['pillar.get']('gnuviechadmin:ldap_base_dn')) }}'
|
||||
export GVALDAP_BASEDN_USER='{{ 'ou=%s,%s' % (salt['pillar.get']('gnuviechadmin:ldap_users_ou'), salt['pillar.get']('gnuviechadmin:ldap_base_dn')) }}'
|
||||
export GVALDAP_SECRETKEY='{{ salt['grains.get_or_set_hash']('gnuviechadmin.secret_key', 50) }}'
|
||||
export GVALDAP_BROKER_URL='{{ broker_url }}'
|
||||
export GVALDAP_ALLOWED_HOSTS='{{ salt['pillar.get']('gnuviechadmin:allowed_hosts') }}'
|
||||
export GVALDAP_SERVER_EMAIL='{{ salt['pillar.get']('gnuviechadmin:mailfrom') }}'
|
||||
export GVALDAP_RESULTS_REDIS_URL="redis://:{{ salt['pillar.get']('gnuviechadmin:redis_password') }}@{{ salt['pillar.get']('gnuviechadmin:redis_host') }}/0"
|
||||
Loading…
Add table
Add a link
Reference in a new issue