84 lines
1.9 KiB
Python
84 lines
1.9 KiB
Python
from bundlewrap.metadata import atomic
|
|
|
|
|
|
defaults = {
|
|
'apt': {
|
|
'packages': {
|
|
'db-util': {},
|
|
'ldap-utils': {},
|
|
'slapd': {},
|
|
'slapd-contrib': {},
|
|
},
|
|
},
|
|
'backups': {
|
|
'paths': {
|
|
# Create backups both from ZFS and from dumps. Because
|
|
# they're cheap.
|
|
'/var/lib/ldap',
|
|
'/var/tmp/ldapdumps',
|
|
},
|
|
},
|
|
'cron': {
|
|
},
|
|
'icinga2_api': {
|
|
'openldap': {
|
|
'services': {
|
|
'OPENLDAP PROCESS': {
|
|
'command_on_monitored_host': '/usr/lib/nagios/plugins/check_procs -C slapd -c 1:1',
|
|
},
|
|
},
|
|
},
|
|
},
|
|
'monit': {
|
|
'services': {
|
|
'openldap': {
|
|
'bin': '/usr/sbin/slapd',
|
|
'systemd_unit': 'slapd',
|
|
'ports': {
|
|
'389': {},
|
|
'636': {},
|
|
},
|
|
},
|
|
},
|
|
},
|
|
'openldap': {
|
|
'rootpw': repo.vault.password_for(f'{node.name} openldap rootpw'),
|
|
},
|
|
}
|
|
|
|
|
|
@metadata_reactor.provides(
|
|
'icinga2_api/openldap/services/OPENLDAP CERTIFICATE',
|
|
)
|
|
def cert_check(metadata):
|
|
return {
|
|
'icinga2_api': {
|
|
'openldap': {
|
|
'services': {
|
|
'OPENLDAP CERTIFICATE': {
|
|
'check_command': 'check_certificate_at',
|
|
'vars.domain': metadata.get('openldap/my_hostname'),
|
|
'vars.port': '636',
|
|
},
|
|
},
|
|
},
|
|
},
|
|
}
|
|
|
|
|
|
@metadata_reactor.provides(
|
|
'firewall/port_rules/389',
|
|
'firewall/port_rules/636',
|
|
)
|
|
def sperrfix(metadata):
|
|
sources = metadata.get('openldap/restrict-to', set())
|
|
|
|
return {
|
|
'firewall': {
|
|
'port_rules': {
|
|
'389': atomic(sources),
|
|
'636': atomic(sources),
|
|
},
|
|
},
|
|
}
|