bundlewrap/bundles/openldap/metadata.py

from bundlewrap.metadata import atomic


defaults = {
    'apt': {
        'packages': {
            'db-util': {},
            'ldap-utils': {},
            'slapd': {},
            'slapd-contrib': {},
        },
    },
    'backups': {
        'paths': {
            # Create backups both from ZFS and from dumps. Because
            # they're cheap.
            '/var/lib/ldap',
            '/var/tmp/ldapdumps',
        },
    },
    'cron': {
    },
    'icinga2_api': {
        'openldap': {
            'services': {
                'OPENLDAP PROCESS': {
                    'command_on_monitored_host': '/usr/lib/nagios/plugins/check_procs -C slapd -c 1:1',
                },
            },
        },
    },
    'monit': {
        'services': {
            'openldap': {
                'bin': '/usr/sbin/slapd',
                'systemd_unit': 'slapd',
                'ports': {
                    '389': {},
                    '636': {},
                },
            },
        },
    },
    'openldap': {
        'rootpw': repo.vault.password_for(f'{node.name} openldap rootpw'),
    },
}


@metadata_reactor.provides(
    'icinga2_api/openldap/services/OPENLDAP CERTIFICATE',
)
def cert_check(metadata):
    return {
        'icinga2_api': {
            'openldap': {
                'services': {
                    'OPENLDAP CERTIFICATE': {
                        'check_command': 'check_certificate_at',
                        'vars.domain': metadata.get('openldap/my_hostname'),
                        'vars.port': '636',
                    },
                },
            },
        },
    }


@metadata_reactor.provides(
    'firewall/port_rules/389',
    'firewall/port_rules/636',
)
def sperrfix(metadata):
    sources = metadata.get('openldap/restrict-to', set())

    return {
        'firewall': {
            'port_rules': {
                '389': atomic(sources),
                '636': atomic(sources),
            },
        },
    }
qzwi: add LDAP 2021-12-17 10:51:33 +00:00			`from bundlewrap.metadata import atomic`


			`defaults = {`
			`'apt': {`
			`'packages': {`
			`'db-util': {},`
			`'ldap-utils': {},`
			`'slapd': {},`
			`'slapd-contrib': {},`
			`},`
			`},`
			`'backups': {`
			`'paths': {`
			`# Create backups both from ZFS and from dumps. Because`
			`# they're cheap.`
			`'/var/lib/ldap',`
			`'/var/tmp/ldapdumps',`
			`},`
			`},`
			`'cron': {`
			`},`
			`'icinga2_api': {`
			`'openldap': {`
			`'services': {`
			`'OPENLDAP PROCESS': {`
			`'command_on_monitored_host': '/usr/lib/nagios/plugins/check_procs -C slapd -c 1:1',`
openldap: add monit integration 2022-01-04 12:34:04 +00:00			`},`
			`},`
			`},`
			`},`
			`'monit': {`
			`'services': {`
			`'openldap': {`
			`'bin': '/usr/sbin/slapd',`
			`'systemd_unit': 'slapd',`
			`'ports': {`
			`'389': {},`
			`'636': {},`
qzwi: add LDAP 2021-12-17 10:51:33 +00:00			`},`
			`},`
			`},`
			`},`
			`'openldap': {`
			`'rootpw': repo.vault.password_for(f'{node.name} openldap rootpw'),`
			`},`
			`}`


			`@metadata_reactor.provides(`
			`'icinga2_api/openldap/services/OPENLDAP CERTIFICATE',`
			`)`
			`def cert_check(metadata):`
			`return {`
			`'icinga2_api': {`
			`'openldap': {`
			`'services': {`
			`'OPENLDAP CERTIFICATE': {`
			`'check_command': 'check_certificate_at',`
			`'vars.domain': metadata.get('openldap/my_hostname'),`
			`'vars.port': '636',`
			`},`
			`},`
			`},`
			`},`
			`}`


			`@metadata_reactor.provides(`
			`'firewall/port_rules/389',`
			`'firewall/port_rules/636',`
			`)`
			`def sperrfix(metadata):`
			`sources = metadata.get('openldap/restrict-to', set())`

			`return {`
			`'firewall': {`
			`'port_rules': {`
			`'389': atomic(sources),`
			`'636': atomic(sources),`
			`},`
			`},`
			`}`