ansible-deploy-ldap-fusiond.../README.md

98 lines
2.3 KiB
Markdown
Raw Normal View History

2018-06-07 17:19:58 +03:00
# Deploy OpenLDAP/FusionDirectory using Ansible
2018-08-19 03:21:00 +03:00
These Role will deploy an OpenLDAP/FusionDirectory server.
2018-06-07 17:19:58 +03:00
Components:
* OpenLDAP (slapd)
* FusionDirectory
* Apache
* GnuTLS (Internal CA)
## Prerequisites
* An Ubuntu 18.04 LXD machine.
* The *python-minimal* package needs to be present.
* SSH Public key authentication from the Ansible host, to the mailserver.
## Clone the repository
2018-08-19 03:21:00 +03:00
Clone the repository:
2018-06-07 17:19:58 +03:00
```
$ git clone https://git.theo-andreou.org/Personal/ansible-deploy-ldap-fusiondirectory.git
$ cd ansible-deploy-ldap-fusiondirectory
```
## Create the vars files
### Create the vars/all.yml file
* Create a *vars/all.yml* file with similar content (you can use *vars/all.yml.example* as reference):
```
domain: example.org
organization: Example LTD
description: example
base_dn: dc=example,dc=org
locality: Limassol
state: Limassol
country: CY
allowed_ips:
- 192.168.0.0/24
- 10.0.0.0/24
language: en_US
timezone: Asia/Nicosia
```
### Create the vars/secrets.yml filr
* Create an encrypted *vars/secrets.yml* file:
```
2018-08-19 03:21:00 +03:00
$ ansible-vault create vars/secrets.yml
2018-06-07 17:19:58 +03:00
```
Use a master password for the file above.
* Create this content:
```
ldap_admin_dn: cn=admin,dc=example,dc=org
ldap_admin_pass: MySecretLDAPCombination
fd_admin: fdadmin
fd_admin_pass: MySecretFDCombination
```
2018-08-19 03:21:00 +03:00
* Create a playbook to call this role (fusiondirectory.yml):
```
- hosts: all
become: yes
gather_facts: false
vars:
- ansible_user: "ubuntu"
pre_tasks:
- name: install python 2
raw: test -e /usr/bin/python || (apt -y update && apt install -y python-minimal)
changed_when: False
roles:
- ansible-deploy-ldap-fusiondirectory
```
2018-06-07 17:19:58 +03:00
## Deploy LDAP and FusionDirectory
When done with the configuration run this command (provide your master password):
```
2018-08-19 03:21:00 +03:00
$ ansible-playbook --vault-id @prompt fusiondirectory.yml
2018-06-07 17:19:58 +03:00
```
When done visit http://auth.example.org to login for the first time. I suggest you enable HTTPS before doing that.
References
----------
* https://docs.ansible.com/ansible/latest/modules/debconf_module.html
* https://unix.stackexchange.com/questions/126136/how-to-check-debconf-selections-of-a-non-installed-package
* https://serverfault.com/questions/679693/how-do-i-make-ansible-actually-compile-a-config-file-having-changed-my-debconf-s
* https://docs.ansible.com/ansible/latest/modules/template_module.html