Giter Club home page Giter Club logo

paas-ldap-server-ansible's Introduction

LDAP-Server-Ansible

Deploy a server using ansible to host an LDAP directory (with self-signed SSL cert) to handle authentication requests from external suppliers.

Requirements

  • ansible (1.9.0.1 or later)

  • Python things (you may wish to use virtualenv):

pip install -Ur requirements.txt
  • AWS EIP for the server. You need to allocate this by hand and update the vault with the EIP you get.

  • For provisioning on AWS you will need to have your AWS access credentials exported as environment variables for ansible to pick up.

export AWS_SECRET_ACCESS_KEY=<your secret access key>
export AWS_ACCESS_KEY_ID=<your access key id>

Setting up GPG-encrypted vault-password support

You will need to have setup gpg-agent on your computer before you start.

Apple specific

Install the latest GPG Tools Suite for MacOX

brew install pwgen
brew install gpg
brew install gpg-agent
Ubuntu specific

Install the GNU Privacy Guard encryption suite:

sudo apt-get update
sudo apt-get install pwgen
sudo apt-get install gnupg2
sudo apt-get install gnupg-agent
sudo apt-get install pinentry-curses
Common

If you haven't already generated your pgp key (it's ok to accept the default options if you never done this before):

gpg --gen-key

Get your KEYID from your keyring:

gpg --list-secret-keys | grep sec

This will probably be pre-fixed with 2048R/ and look something like 93B1CD02

Send your public key to pgp key server :

gpg --keyserver pgp.mit.edu --send-keys KEYID

Create ~/.bash_gpg:

envfile="${HOME}/.gnupg/gpg-agent.env"

if test -f "$envfile" && kill -0 $(grep GPG_AGENT_INFO "$envfile" | cut -d: -f 2) 2>/dev/null; then
    eval "$(cat "$envfile")"
else
    eval "$(gpg-agent --daemon --log-file=~/.gpg/gpg.log --write-env-file "$envfile")"
fi
export GPG_AGENT_INFO  # the env file does not contain the export statement

Add to ~/.bashrc

GPG_AGENT=$(which gpg-agent)
GPG_TTY=`tty`
export GPG_TTY

if [ -f ${GPG_AGENT} ]; then
    . ~/.bash_gpg
fi
Ubuntu specific

Create ~/.gnupg/gpg-agent.conf

default-cache-ttl 600
pinentry-program /usr/bin/pinentry
max-cache-ttl 172800
Final step

Start a new shell or source your bashrc i.e. . ~/.bashrc

Fetching Ansible Galaxy playbook dependencies

Use the ansible-galaxy command to install third-party playbooks:

ansible-galaxy install -r requirements.yml

Preparation

For deployment on aws, you must have the following environment variables set:

Deployment

make aws make site in case your server exists already.

Variables

Globals defaults

ami_id: "ami-47a23a30"               # Ubuntu 14.04
ssh_key_name: <your_key_name>        # AWS SSH key name to be used for the server

Vault contents

---
r53_zone: "<your_r53_dns_zone_name>"   # Use zone dns name here, not the ID
dns_name: "<your_dns_server_name>"     # This is the server name in the domain
				       # The above combine to create {{ dns_name }}.{{ r53_zone }}. DNS record for your server
public_eip: "<your_EIP>"
ldap_root_password: "changeme"
users:
  - login: "john_doe"
    name: "John Doe"
    password: "johnspassowrd"
    uid: "10001"
    gid: "5001"
  - login: "jane_doe"
    name: "Jane Doe"
    password: "janespassword"
    uid: "10002"
    gid: "5002"

paas-ldap-server-ansible's People

Contributors

actionjack avatar keymon avatar mtekel avatar saliceti avatar

Watchers

 avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.