2018-06-07 17:19:58 +03:00
|
|
|
# Deploy OpenLDAP/FusionDirectory using Ansible
|
|
|
|
|
2018-08-19 03:21:00 +03:00
|
|
|
These Role will deploy an OpenLDAP/FusionDirectory server.
|
2018-06-07 17:19:58 +03:00
|
|
|
|
|
|
|
Components:
|
|
|
|
* OpenLDAP (slapd)
|
|
|
|
* FusionDirectory
|
|
|
|
* Apache
|
|
|
|
* GnuTLS (Internal CA)
|
|
|
|
|
|
|
|
## Prerequisites
|
|
|
|
|
|
|
|
* An Ubuntu 18.04 LXD machine.
|
|
|
|
* The *python-minimal* package needs to be present.
|
|
|
|
* SSH Public key authentication from the Ansible host, to the mailserver.
|
|
|
|
|
|
|
|
## Clone the repository
|
|
|
|
|
2018-08-19 03:21:00 +03:00
|
|
|
Clone the repository:
|
2018-06-07 17:19:58 +03:00
|
|
|
|
|
|
|
```
|
|
|
|
$ git clone https://git.theo-andreou.org/Personal/ansible-deploy-ldap-fusiondirectory.git
|
|
|
|
$ cd ansible-deploy-ldap-fusiondirectory
|
|
|
|
```
|
|
|
|
|
|
|
|
## Create the vars files
|
|
|
|
|
|
|
|
### Create the vars/all.yml file
|
|
|
|
|
|
|
|
* Create a *vars/all.yml* file with similar content (you can use *vars/all.yml.example* as reference):
|
|
|
|
|
|
|
|
```
|
|
|
|
domain: example.org
|
|
|
|
organization: Example LTD
|
|
|
|
description: example
|
|
|
|
base_dn: dc=example,dc=org
|
|
|
|
locality: Limassol
|
|
|
|
state: Limassol
|
|
|
|
country: CY
|
|
|
|
allowed_ips:
|
|
|
|
- 192.168.0.0/24
|
|
|
|
- 10.0.0.0/24
|
|
|
|
language: en_US
|
|
|
|
timezone: Asia/Nicosia
|
|
|
|
```
|
|
|
|
|
|
|
|
### Create the vars/secrets.yml filr
|
|
|
|
|
|
|
|
* Create an encrypted *vars/secrets.yml* file:
|
|
|
|
|
|
|
|
```
|
2018-08-19 03:21:00 +03:00
|
|
|
$ ansible-vault create vars/secrets.yml
|
2018-06-07 17:19:58 +03:00
|
|
|
```
|
|
|
|
|
|
|
|
Use a master password for the file above.
|
|
|
|
|
|
|
|
* Create this content:
|
|
|
|
|
|
|
|
```
|
|
|
|
ldap_admin_dn: cn=admin,dc=example,dc=org
|
|
|
|
ldap_admin_pass: MySecretLDAPCombination
|
|
|
|
fd_admin: fdadmin
|
|
|
|
fd_admin_pass: MySecretFDCombination
|
|
|
|
```
|
|
|
|
|
2018-08-19 03:21:00 +03:00
|
|
|
* Create a playbook to call this role (fusiondirectory.yml):
|
|
|
|
```
|
|
|
|
- hosts: all
|
|
|
|
become: yes
|
|
|
|
gather_facts: false
|
|
|
|
vars:
|
|
|
|
- ansible_user: "ubuntu"
|
|
|
|
pre_tasks:
|
|
|
|
- name: install python 2
|
|
|
|
raw: test -e /usr/bin/python || (apt -y update && apt install -y python-minimal)
|
|
|
|
changed_when: False
|
|
|
|
roles:
|
|
|
|
- ansible-deploy-ldap-fusiondirectory
|
|
|
|
```
|
|
|
|
|
|
|
|
|
2018-06-07 17:19:58 +03:00
|
|
|
## Deploy LDAP and FusionDirectory
|
|
|
|
|
|
|
|
When done with the configuration run this command (provide your master password):
|
|
|
|
|
|
|
|
```
|
2018-08-19 03:21:00 +03:00
|
|
|
$ ansible-playbook --vault-id @prompt fusiondirectory.yml
|
2018-06-07 17:19:58 +03:00
|
|
|
```
|
|
|
|
|
|
|
|
When done visit http://auth.example.org to login for the first time. I suggest you enable HTTPS before doing that.
|
|
|
|
|
|
|
|
References
|
|
|
|
----------
|
|
|
|
* https://docs.ansible.com/ansible/latest/modules/debconf_module.html
|
|
|
|
* https://unix.stackexchange.com/questions/126136/how-to-check-debconf-selections-of-a-non-installed-package
|
|
|
|
* https://serverfault.com/questions/679693/how-do-i-make-ansible-actually-compile-a-config-file-having-changed-my-debconf-s
|
|
|
|
* https://docs.ansible.com/ansible/latest/modules/template_module.html
|