Merge pull request 'Move LDAP server to new VM' (#426) from chore/new_ldap_vm into master
Reviewed-on: #426
This commit is contained in:
commit
2360ad2ac0
|
@ -0,0 +1,4 @@
|
|||
{
|
||||
"name": "ldap-3",
|
||||
"public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzLndVZtKubbJf2izx6vN\ntU0gwZUhcCz4Dq+Ilu9D8tPVEWUqKp9RyPkSO8iIxdLXJ8ZjtG3oBVPFGka/fW1a\n/SSf4Yn6ArkNhP9dmDKzrOYOuoPF+h+Fa9Jecy2PtNzhGdBdynIK4ezJIdq5vPEG\nAsJf/Ad9EIU8D4Aj/nhNUwfUwsFTTE++LL9yCzRiDHg6pjNToM75V/+fFPk0UL1/\neLcaJzqi5WeXhfq7DbjMtqnt/+vUxO2YAk9MDb3U15hnH4xkxtDfRth1UGkpR/PK\naLn/RTS9sqk3oMZVzDSioXO0TGp00sWDmvpBvEBwlYgWnx1o8JQnkClvn2OSo6va\nzQIDAQAB\n-----END PUBLIC KEY-----\n"
|
||||
}
|
|
@ -0,0 +1,64 @@
|
|||
{
|
||||
"name": "ldap-3.kosmos.org",
|
||||
"normal": {
|
||||
"knife_zero": {
|
||||
"host": "10.1.1.6"
|
||||
}
|
||||
},
|
||||
"automatic": {
|
||||
"fqdn": "ldap-3.kosmos.org",
|
||||
"os": "linux",
|
||||
"os_version": "5.4.0-1073-kvm",
|
||||
"hostname": "ldap-3",
|
||||
"ipaddress": "192.168.122.34",
|
||||
"roles": [
|
||||
"kvm_guest",
|
||||
"dirsrv_primary"
|
||||
],
|
||||
"recipes": [
|
||||
"kosmos-base",
|
||||
"kosmos-base::default",
|
||||
"kosmos_kvm::guest",
|
||||
"kosmos-dirsrv",
|
||||
"kosmos-dirsrv::default",
|
||||
"apt::default",
|
||||
"timezone_iii::default",
|
||||
"timezone_iii::debian",
|
||||
"ntp::default",
|
||||
"ntp::apparmor",
|
||||
"kosmos-base::systemd_emails",
|
||||
"apt::unattended-upgrades",
|
||||
"kosmos-base::firewall",
|
||||
"kosmos-postfix::default",
|
||||
"postfix::default",
|
||||
"postfix::_common",
|
||||
"postfix::_attributes",
|
||||
"postfix::sasl_auth",
|
||||
"hostname::default",
|
||||
"kosmos-dirsrv::hostsfile",
|
||||
"kosmos-dirsrv::firewall",
|
||||
"backup::default",
|
||||
"logrotate::default",
|
||||
"ulimit::default"
|
||||
],
|
||||
"platform": "ubuntu",
|
||||
"platform_version": "20.04",
|
||||
"cloud": null,
|
||||
"chef_packages": {
|
||||
"chef": {
|
||||
"version": "17.10.3",
|
||||
"chef_root": "/opt/chef/embedded/lib/ruby/gems/3.0.0/gems/chef-17.10.3/lib",
|
||||
"chef_effortless": null
|
||||
},
|
||||
"ohai": {
|
||||
"version": "17.9.0",
|
||||
"ohai_root": "/opt/chef/embedded/lib/ruby/gems/3.0.0/gems/ohai-17.9.0/lib/ohai"
|
||||
}
|
||||
}
|
||||
},
|
||||
"run_list": [
|
||||
"recipe[kosmos-base]",
|
||||
"role[kvm_guest]",
|
||||
"role[dirsrv_primary]"
|
||||
]
|
||||
}
|
|
@ -1,5 +1,6 @@
|
|||
# LDAPv3 [0/223]
|
||||
# kosmos.org
|
||||
dn: dc=kosmos,dc=org
|
||||
changetype: modify
|
||||
replace: aci
|
||||
aci: (target="ldap:///dc=kosmos,dc=org") (version 3.0; acl "user-deny-all"; deny (all) userdn="ldap:///dc=kosmos,dc=org";)
|
||||
aci: (target="ldap:///dc=kosmos,dc=org")(targetattr="userPassword") (version 3.0; acl "user-write-own-password"; allow (write) userdn="ldap:///self";)
|
||||
aci: (target="ldap:///dc=kosmos,dc=org")(targetattr="*") (version 3.0; acl "user-read-search-own-attributes"; allow (read,search) userdn="ldap:///self";)
|
||||
|
|
|
@ -1,4 +1,32 @@
|
|||
dn: ou=users,dc=kosmos,dc=org
|
||||
# users, kosmos.org
|
||||
dn: cn=users,dc=kosmos,dc=org
|
||||
objectClass: top
|
||||
objectClass: organizationalRole
|
||||
cn: users
|
||||
|
||||
# kosmos.org, users, kosmos.org
|
||||
dn: ou=kosmos.org,cn=users,dc=kosmos,dc=org
|
||||
objectClass: top
|
||||
objectClass: organizationalUnit
|
||||
ou: users
|
||||
description: Kosmos
|
||||
ou: kosmos.org
|
||||
aci: (target="ldap:///cn=*,ou=kosmos.org,cn=users,dc=kosmos,dc=org")(targetattr="cn || sn || uid || mail || userPassword || nsRole || objectClass") (version 3.0; acl "service-kosmos-read-search"; allow (read,search) userdn="ldap:///uid=service,ou=kosmos.org,cn=applications,dc=kosmos,dc=org";)
|
||||
|
||||
# 5apps.com, users, kosmos.org
|
||||
dn: ou=5apps.com,cn=users,dc=kosmos,dc=org
|
||||
objectClass: top
|
||||
objectClass: organizationalUnit
|
||||
description: 5apps
|
||||
ou: 5apps.com
|
||||
aci: (target="ldap:///cn=*,ou=5apps.com,cn=users,dc=kosmos,dc=org")(targetattr="cn || sn || uid || mail || userPassword || nsRole || objectClass") (version 3.0; acl "service-5apps-read-search"; allow (read,search) userdn="ldap:///uid=service,ou=5apps.com,cn=applications,dc=kosmos,dc=org";)
|
||||
|
||||
# admin role
|
||||
dn: cn=admin_role,ou=kosmos.org,cn=users,dc=kosmos,dc=org
|
||||
objectClass: top
|
||||
objectClass: LDAPsubentry
|
||||
objectClass: nsRoleDefinition
|
||||
objectClass: nsComplexRoleDefinition
|
||||
objectClass: nsFilteredRoleDefinition
|
||||
cn: admin_role
|
||||
nsRoleFilter: (&(objectclass=person)(admin=true))
|
||||
description: filtered role for admins
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
ubuntu_server_cloud_image_release = "20220530"
|
||||
ubuntu_server_cloud_image_release = "20220810"
|
||||
|
||||
node.default["kosmos_kvm"]["host"]["qemu_base_image"] = {
|
||||
"url" => "https://cloud-images.ubuntu.com/releases/focal/release-#{ubuntu_server_cloud_image_release}/ubuntu-20.04-server-cloudimg-amd64-disk-kvm.img",
|
||||
"checksum" => "0295bee0539924774327d5267aa8e2eeac315b9efea7136c83643fce454529b8",
|
||||
"checksum" => "6db74917f85146569cb6ae89e1d163ac6d1e488a7f32bc74761ec6d1869c714f",
|
||||
"path" => "/var/lib/libvirt/images/base/ubuntu-20.04-server-cloudimg-amd64-disk-kvm-#{ubuntu_server_cloud_image_release}.qcow2"
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue