ldap and karaage roles

96fa1f40 · Chris Hines · 062b6f55 · 96fa1f40 · 96fa1f40 · 96fa1f40
Commit 96fa1f40 authored 10 years ago by Chris Hines
--- a/roles/ldapserver/templates/ppolicy_moduleload_ldif.j2
+++ b/roles/ldapserver/templates/ppolicy_moduleload_ldif.j2
+dn: cn=module,cn=config
+objectClass: olcModuleList
+cn: module
+olcModulePath: /usr/lib64/openldap/
+olcModuleLoad: ppolicy.la
--- a/roles/ldapserver/templates/ppolicy_overlay_ldif.j2
+++ b/roles/ldapserver/templates/ppolicy_overlay_ldif.j2
+dn: olcOverlay=ppolicy,olcDatabase={2}bdb,cn=config
+olcOverlay: ppolicy
+objectClass: olcOverlayConfig
+objectClass: olcPPolicyConfig
+olcPPolicyHashCleartext: TRUE
+olcPPolicyUseLockout: FALSE
+olcPPolicyDefault: cn=default,ou=pwpolicies,{{ ldapDomain }}
--- a/roles/ldapserver/templates/pwpolicies_ldif.j2
+++ b/roles/ldapserver/templates/pwpolicies_ldif.j2
+dn: ou=pwpolicies,{{ ldapDomain }}
+objectClass: organizationalUnit
+objectClass: top
+ou: pwpolicies
--- a/roles/ldapserver/templates/root_ldif.j2
+++ b/roles/ldapserver/templates/root_ldif.j2
+dn: {{ ldapDomain }}
+objectClass: dcObject
+objectClass: organization
+o: {{ ansible_domain }}
+description: root
--- a/roles/ldapserver/templates/ssl_ldif.j2
+++ b/roles/ldapserver/templates/ssl_ldif.j2
+dn: cn=config
+replace: olcTLSCACertificateFile
+olcTLSCACertificateFile: /etc/openldap/certs/cacert.pem
+-
+replace: olcTLSCertificateFile
+olcTLSCertificateFile: /etc/openldap/certs/ldapcert.pem
+-
+replace: olcTLSCertificateKeyFile
+olcTLSCertificateKeyFile: /etc/openldap/certs/ldapkey.pem
--- a/roles/ldapserver/vars/CentOS_6.5_x86_64.yml
+++ b/roles/ldapserver/vars/CentOS_6.5_x86_64.yml
+---
+ system_packages:
+  - openldap-servers
+  - openldap-clients
+  - openssl
--- a/roles/ldapserver/vars/main.yml
+++ b/roles/ldapserver/vars/main.yml
+---
+ ldapDomain: dc=imbl,dc=massive,dc=org,dc=au
+ ldapuser:  ldap
+ ldapgroup: ldap
--- a/scripts/make_passwords.py
+++ b/scripts/make_passwords.py
+# This program writes a yaml varaible file where each varible is suitable as a password
+# If a variable is not defined it will pick a new random varaible for you
+# If a variable is already defined it will not change
+import random
+import sys
+import string
+import yaml
+
+def new_pass(length):
+    return ''.join(random.choice(string.ascii_uppercase + string.digits+string.ascii_lowercase) for _ in range(length))
+
+# required_passwords is a dictionay consisting of variable names and the length of random password you would like to associate with that variable
+required_passwords={}
+# Passwords for munge and slurm
+required_passwords['mungekey']=32
+# Passwords for karaage and ldap
+required_passwords['ldapManagerPassword']=8
+required_passwords['ldapBindDNPassword']=8
+required_passwords['karaageSqlPassword']=8
+required_passwords['sqlrootPasswd']=8
+
+changed=False
+pwpath='./passwords.yml'
+try:
+    f=open(pwpath,'r')
+    data=yaml.load(f.read())
+    f.close()
+except Exception as e:
+    pass
+if data==None:
+    data={}
+
+print data
+
+for pw in required_passwords.keys():
+    if data.has_key(pw):
+        pass
+    else:
+        data[pw]=new_pass(required_passwords[pw])
+        changed=True
+if changed:
+    f=open(pwpath,'w+')
+    f.write(yaml.dump(data,default_flow_style=False,explicit_start=True))
+    f.close()
+