dani
/
ansible-roles
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Update to 2022-03-17 19:00

This commit is contained in:
Daniel Berteaud 2022-03-17 19:00:06 +01:00
parent 61d1212b84
commit 86f6bd4781
8 changed files with 32 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
roles/ldap2pg/defaults/main.yml
View File

@ -1,13 +1,15 @@
---
# How often ldap2pg will sync (eg hourly, '*:0:15', systemd timer syntaxe)
# A value of never will disable automatic sync (you can still fire the ldap2pg service manually)
ldap2pg_sync_freq: never
ldap2pg_sync_freq: hourly
# Under which account will ldap2pg run
# Default is under the local postgres account which is fine for managing a local postgres instance
ldap2pg_user: postgres
# Set dry mode to False to actually do the sync
ldap2pg_dry_mode: True
ldap2pg_base_conf:
version: 5
ldap:

10
roles/ldap2pg/files/ldap2pg_cacert.diff Normal file
View File

@ -0,0 +1,10 @@
--- /usr/lib/python2.7/site-packages/ldap2pg/ldap.py.orig 2022-03-17 14:52:58.974806660 +0100
+++ /usr/lib/python2.7/site-packages/ldap2pg/ldap.py 2022-03-17 15:03:47.449618132 +0100
@@ -293,6 +293,7 @@
if options.get('STARTTLS'):
logger.debug("Sending STARTTLS.")
+ conn.set_option(ldap.OPT_X_TLS_CACERTFILE, '/etc/pki/tls/cert.pem')
conn.set_option(ldap.OPT_X_TLS_NEWCTX, 0)
conn.start_tls_s()

9
roles/ldap2pg/tasks/install.yml
View File

@ -4,6 +4,13 @@
package: name={{ ldap2pg_packages }}
tags: pg
- name: Patch ldap2pg to specify global cacert
patch: src=ldap2pg_cacert.diff dest=/usr/lib/python2.7/site-packages/ldap2pg/ldap.py
when:
- ansible_os_family == 'RedHat'
- ansible_distribution_major_version is version('8', '<')
tags: pg
- name: Install systemd unit
template: src=ldap2pg.{{ item }}.j2 dest=/etc/systemd/system/ldap2pg.{{ item }}
loop:
@ -17,5 +24,5 @@
- name: Reload systemd
systemd: daemon_reload=True
when: ldap2Pg_units.results | selectattr('changed','equalto',True) | list | length > 0
when: ldap2pg_units.results | selectattr('changed','equalto',True) | list | length > 0
tags: pg

2
roles/ldap2pg/tasks/services.yml
View File

@ -1,5 +1,5 @@
---
- name: Handle ldap2pg timer
systemd: name=ldap2pg.timer state={{ (ldap2pg_sync_freq == 'never') | ternary('stopped', 'started') }} enabled={{ (ldap2pg_sync_freq == 'never') | ternary(False, True) }}
systemd: name=ldap2pg.timer state={{ ldap2pg_dry_mode | ternary('stopped', 'started') }} enabled={{ ldap2pg_dry_mode | ternary(False, True) }}
tags: pg

2
roles/ldap2pg/templates/ldap2pg.service.j2
View File

@ -6,5 +6,5 @@ Type=oneshot
PrivateTmp=yes
User={{ ldap2pg_user }}
Group={{ ldap2pg_user }}
ExecStart=/bin/ldap2pg -c /etc/ldap2pg.yml --real
ExecStart=/bin/ldap2pg -c /etc/ldap2pg.yml --{{ ldap2pg_dry_mode | ternary('dry', 'real') }}
TimeoutSec=30m

3
roles/ldap2pg/templates/ldap2pg.timer.j2
View File

@ -2,7 +2,8 @@
Description=Sync postgres role from LDAP
[Timer]
OnCalendar={{ (ldap2pg_sync_freq == 'never') | ternary('daily', ldap2pg_sync_freq) }}
OnCalendar={{ ldap2pg_sync_freq }}
RandomizedDelaySec=5m
[Install]
WantedBy=timers.target

6
roles/ldap2pg/vars/RedHat-7.yml Normal file
View File

@ -0,0 +1,6 @@
---
ldap2pg_packages:
- ldap2pg
- python-setuptools
- patch

0
roles/ldap2pg/vars/RedHat.yml → roles/ldap2pg/vars/RedHat-8.yml
View File