bundlewrap/bundles/openldap/metadata.py

72 lines
1.6 KiB
Python
Raw Normal View History

2021-12-17 10:51:33 +00:00
from bundlewrap.metadata import atomic
defaults = {
'apt': {
'packages': {
'db-util': {},
'ldap-utils': {},
'slapd': {},
'slapd-contrib': {},
},
},
'backups': {
'paths': {
# Create backups both from ZFS and from dumps. Because
# they're cheap.
'/var/lib/ldap',
'/var/tmp/ldapdumps',
},
},
'cron': {
},
'icinga2_api': {
'openldap': {
'services': {
'OPENLDAP PROCESS': {
'command_on_monitored_host': '/usr/lib/nagios/plugins/check_procs -C slapd -c 1:1',
},
},
},
},
'openldap': {
'rootpw': repo.vault.password_for(f'{node.name} openldap rootpw'),
},
}
@metadata_reactor.provides(
'icinga2_api/openldap/services/OPENLDAP CERTIFICATE',
)
def cert_check(metadata):
return {
'icinga2_api': {
'openldap': {
'services': {
'OPENLDAP CERTIFICATE': {
'check_command': 'check_certificate_at',
'vars.domain': metadata.get('openldap/my_hostname'),
'vars.port': '636',
},
},
},
},
}
@metadata_reactor.provides(
'firewall/port_rules/389',
'firewall/port_rules/636',
)
def sperrfix(metadata):
sources = metadata.get('openldap/restrict-to', set())
return {
'firewall': {
'port_rules': {
'389': atomic(sources),
'636': atomic(sources),
},
},
}