115 lines
3.4 KiB
Python
115 lines
3.4 KiB
Python
from re import sub
|
|
|
|
svc_systemd = {
|
|
'slapd': {
|
|
'needs': {
|
|
'file:/etc/ldap/slapd.conf',
|
|
'file:/etc/ldap/ssl/{}.crt.pem'.format(node.metadata.get('openldap/ssl')),
|
|
'file:/etc/ldap/ssl/{}.crt_intermediate.pem'.format(node.metadata.get('openldap/ssl')),
|
|
'file:/etc/ldap/ssl/{}.key.pem'.format(node.metadata.get('openldap/ssl')),
|
|
'pkg_apt:slapd',
|
|
},
|
|
},
|
|
}
|
|
|
|
directories = {
|
|
'/etc/ldap/ssl': {
|
|
'purge': True,
|
|
},
|
|
}
|
|
|
|
files = {
|
|
'/etc/default/slapd': {
|
|
'source': 'etc-default-slapd',
|
|
'triggers': {
|
|
'svc_systemd:slapd:restart',
|
|
},
|
|
},
|
|
'/etc/ldap/slapd.d': {
|
|
'delete': True,
|
|
'needs': {
|
|
'pkg_apt:slapd',
|
|
},
|
|
},
|
|
'/etc/ldap/slapd.conf': {
|
|
'content_type': 'mako',
|
|
'context': {
|
|
'conf': node.metadata.get('openldap'),
|
|
},
|
|
'needs': {
|
|
'pkg_apt:slapd',
|
|
},
|
|
'triggers': {
|
|
'svc_systemd:slapd:restart',
|
|
},
|
|
},
|
|
'/etc/ldap/ssl/{}.crt.pem'.format(node.metadata.get('openldap/ssl')): {
|
|
'owner': 'openldap',
|
|
'mode': '0440',
|
|
# Those files can exist independently, but the private
|
|
# key might come from a Fault and we must make sure to
|
|
# put matching private and public keys on the system.
|
|
'needs': {
|
|
'file:/etc/ldap/ssl/{}.crt_intermediate.pem'.format(node.metadata.get('openldap/ssl')),
|
|
'file:/etc/ldap/ssl/{}.key.pem'.format(node.metadata.get('openldap/ssl')),
|
|
},
|
|
'triggers': {
|
|
'svc_systemd:slapd:restart',
|
|
},
|
|
'source': 'ssl/{}.crt.pem'.format(node.metadata.get('openldap/ssl')),
|
|
},
|
|
'/etc/ldap/ssl/{}.key.pem'.format(node.metadata.get('openldap/ssl')): {
|
|
'owner': 'openldap',
|
|
'mode': '0440',
|
|
'content': repo.vault.decrypt_file('ssl/{}.key.pem.vault'.format(node.metadata.get('openldap/ssl'))),
|
|
'needs': {
|
|
'pkg_apt:slapd',
|
|
},
|
|
},
|
|
'/etc/ldap/ssl/{}.crt_intermediate.pem'.format(node.metadata.get('openldap/ssl')): {
|
|
'owner': 'openldap',
|
|
'mode': '0440',
|
|
# Those files can exist independently, but the private
|
|
# key might come from a Fault and we must make sure to
|
|
# put matching private and public keys on the system.
|
|
'needs': {
|
|
'file:/etc/ldap/ssl/{}.key.pem'.format(node.metadata.get('openldap/ssl')),
|
|
},
|
|
'source': 'ssl/{}.crt_intermediate.pem'.format(node.metadata.get('openldap/ssl')),
|
|
},
|
|
'/usr/local/sbin/slapdump': {
|
|
'mode': '0755',
|
|
},
|
|
}
|
|
|
|
for schema in node.metadata.get('openldap/schemas', {}):
|
|
files['/etc/ldap/schema/{}.schema'.format(schema)] = {
|
|
'source': '{}.schema'.format(schema),
|
|
'triggers': {
|
|
'svc_systemd:slapd:restart',
|
|
},
|
|
}
|
|
|
|
directories = {
|
|
'/var/tmp/ldapdumps': {
|
|
'mode': '0700',
|
|
},
|
|
}
|
|
|
|
users = {
|
|
'openldap': {
|
|
'needs': {
|
|
'pkg_apt:slapd',
|
|
},
|
|
'triggers': {
|
|
'svc_systemd:slapd:restart',
|
|
},
|
|
},
|
|
}
|
|
|
|
for database in node.metadata.get('openldap/backup', set()):
|
|
cleaned = sub('[^a-zA-Z0-9]', '_', database)
|
|
files[f'/etc/backup-pre-hooks.d/50-ldapdump-{cleaned}'] = {
|
|
'content': f'#!/bin/sh\n/usr/local/sbin/slapdump {database}\n',
|
|
'mode': '0755',
|
|
}
|