bundlewrap/bundles/openldap/items.py

115 lines
3.4 KiB
Python

from re import sub
svc_systemd = {
'slapd': {
'needs': {
'file:/etc/ldap/slapd.conf',
'file:/etc/ldap/ssl/{}.crt.pem'.format(node.metadata.get('openldap/ssl')),
'file:/etc/ldap/ssl/{}.crt_intermediate.pem'.format(node.metadata.get('openldap/ssl')),
'file:/etc/ldap/ssl/{}.key.pem'.format(node.metadata.get('openldap/ssl')),
'pkg_apt:slapd',
},
},
}
directories = {
'/etc/ldap/ssl': {
'purge': True,
},
}
files = {
'/etc/default/slapd': {
'source': 'etc-default-slapd',
'triggers': {
'svc_systemd:slapd:restart',
},
},
'/etc/ldap/slapd.d': {
'delete': True,
'needs': {
'pkg_apt:slapd',
},
},
'/etc/ldap/slapd.conf': {
'content_type': 'mako',
'context': {
'conf': node.metadata.get('openldap'),
},
'needs': {
'pkg_apt:slapd',
},
'triggers': {
'svc_systemd:slapd:restart',
},
},
'/etc/ldap/ssl/{}.crt.pem'.format(node.metadata.get('openldap/ssl')): {
'owner': 'openldap',
'mode': '0440',
# Those files can exist independently, but the private
# key might come from a Fault and we must make sure to
# put matching private and public keys on the system.
'needs': {
'file:/etc/ldap/ssl/{}.crt_intermediate.pem'.format(node.metadata.get('openldap/ssl')),
'file:/etc/ldap/ssl/{}.key.pem'.format(node.metadata.get('openldap/ssl')),
},
'triggers': {
'svc_systemd:slapd:restart',
},
'source': 'ssl/{}.crt.pem'.format(node.metadata.get('openldap/ssl')),
},
'/etc/ldap/ssl/{}.key.pem'.format(node.metadata.get('openldap/ssl')): {
'owner': 'openldap',
'mode': '0440',
'content': repo.vault.decrypt_file('ssl/{}.key.pem.vault'.format(node.metadata.get('openldap/ssl'))),
'needs': {
'pkg_apt:slapd',
},
},
'/etc/ldap/ssl/{}.crt_intermediate.pem'.format(node.metadata.get('openldap/ssl')): {
'owner': 'openldap',
'mode': '0440',
# Those files can exist independently, but the private
# key might come from a Fault and we must make sure to
# put matching private and public keys on the system.
'needs': {
'file:/etc/ldap/ssl/{}.key.pem'.format(node.metadata.get('openldap/ssl')),
},
'source': 'ssl/{}.crt_intermediate.pem'.format(node.metadata.get('openldap/ssl')),
},
'/usr/local/sbin/slapdump': {
'mode': '0755',
},
}
for schema in node.metadata.get('openldap/schemas', {}):
files['/etc/ldap/schema/{}.schema'.format(schema)] = {
'source': '{}.schema'.format(schema),
'triggers': {
'svc_systemd:slapd:restart',
},
}
directories = {
'/var/tmp/ldapdumps': {
'mode': '0700',
},
}
users = {
'openldap': {
'needs': {
'pkg_apt:slapd',
},
'triggers': {
'svc_systemd:slapd:restart',
},
},
}
for database in node.metadata.get('openldap/backup', set()):
cleaned = sub('[^a-zA-Z0-9]', '_', database)
files[f'/etc/backup-pre-hooks.d/50-ldapdump-{cleaned}'] = {
'content': f'#!/bin/sh\n/usr/local/sbin/slapdump {database}\n',
'mode': '0755',
}