diff --git a/build/rockylinux8/fusiondirectory/ansible/run-ct.sh b/build/rockylinux8/fusiondirectory/ansible/run-ct.sh index f1d5e871cb73320c9dabb2beadd1ac7e0e3e3f34..2f865a1b343c28a36371731b41d51eec8f99e983 100644 --- a/build/rockylinux8/fusiondirectory/ansible/run-ct.sh +++ b/build/rockylinux8/fusiondirectory/ansible/run-ct.sh @@ -1,6 +1,9 @@ #!/bin/sh set -e +echo "fusioniam:x:$(id -u):$(id -g):,,,:${HOME}:/bin/bash" >> /etc/passwd +echo "fusioniam:x:$(id -G | cut -d' ' -f 2)" >> /etc/group + /bin/bash /run-playbook.sh /deploy.yaml if [ "$1" = "nginx" ] @@ -15,7 +18,7 @@ then /usr/sbin/rsyslogd -iNONE ln -sf /dev/stdout /var/log/php-fpm/error.log ln -sf /dev/stdout /var/log/php-fpm/www-error.log - ln -sf /proc/$$/fd/1 /var/log/user.log +# ln -sf /proc/$$/fd/1 /var/log/user.log /usr/sbin/php-fpm --nodaemonize fi diff --git a/build/rockylinux8/lemonldap-ng/ansible/deploy.yaml b/build/rockylinux8/lemonldap-ng/ansible/deploy.yaml index fb941b5bf213a22ce9eab099dfcd8d5d443d87d8..71b71d1bae66f797796c85997c2d832988c746c1 100644 --- a/build/rockylinux8/lemonldap-ng/ansible/deploy.yaml +++ b/build/rockylinux8/lemonldap-ng/ansible/deploy.yaml @@ -81,20 +81,19 @@ - sd - fd - - name: Remove previous htpasswd file - ansible.builtin.file: - path: /etc/nginx/.htpasswd - state: absent + - name: Check if htpasswd exists + stat: + path: "/etc/lemonldap-ng/fusion.htpasswd" + register: result - name: Generate htpasswd file for accessing the FD WS API ansible.builtin.shell: - cmd: htpasswd -bc /etc/nginx/.htpasswd {{ fusiondirectory_ws_username }} {{ fusiondirectory_ws_password }} + cmd: htpasswd -bc /etc/lemonldap-ng/fusion.htpasswd {{ fusiondirectory_ws_username }} {{ fusiondirectory_ws_password }} + when: not result.stat.exists - name: Fix htpasswd permissions ansible.builtin.file: - path: /etc/nginx/.htpasswd - owner: nginx - group: nginx + path: /etc/lemonldap-ng/fusion.htpasswd mode: 0400 - name: Enable nginx log formats diff --git a/build/rockylinux8/lemonldap-ng/ansible/install.yaml b/build/rockylinux8/lemonldap-ng/ansible/install.yaml index 3132d3941bacfc8af2f12bda95520d7f734f6aa6..2c40cd799eee816adf0a2cabd17ccfaa6ab6658c 100644 --- a/build/rockylinux8/lemonldap-ng/ansible/install.yaml +++ b/build/rockylinux8/lemonldap-ng/ansible/install.yaml @@ -54,6 +54,18 @@ - perl-Glib state: present + - name: Fix /var/lib/lemonldap-ng/conf access + ansible.builtin.file: + path: /var/lib/lemonldap-ng/ + recurse: yes + mode: "0755" + + - name: + lineinfile: + path: /etc/nginx/nginx.conf + insertafter: 'http {' + line: ' server_names_hash_bucket_size 128;' + - name: Create Log4Perl copy: src: log4perl.conf diff --git a/build/rockylinux8/lemonldap-ng/ansible/run-ct.sh b/build/rockylinux8/lemonldap-ng/ansible/run-ct.sh index 49f58cd7dd8f8ea2262b703f3ebf043a1456e007..2dbb06349b550b02556df5edc9a9a21164774990 100644 --- a/build/rockylinux8/lemonldap-ng/ansible/run-ct.sh +++ b/build/rockylinux8/lemonldap-ng/ansible/run-ct.sh @@ -1,6 +1,9 @@ #!/bin/sh set -e +echo "fusioniam:x:$(id -u):$(id -g):,,,:${HOME}:/bin/bash" >> /etc/passwd +echo "fusioniam:x:$(id -G | cut -d' ' -f 2)" >> /etc/group + /bin/bash /run-playbook.sh /deploy.yaml if [ "$1" = "nginx" ] diff --git a/build/rockylinux8/lemonldap-ng/ansible/templates/fd-nginx.conf.j2 b/build/rockylinux8/lemonldap-ng/ansible/templates/fd-nginx.conf.j2 index 26edac39462ed63b8a37b02ef9390e4b5215beea..33cbebc12e964e54c8c5e5d7b6d4ddce274d7607 100644 --- a/build/rockylinux8/lemonldap-ng/ansible/templates/fd-nginx.conf.j2 +++ b/build/rockylinux8/lemonldap-ng/ansible/templates/fd-nginx.conf.j2 @@ -4,7 +4,7 @@ server { location /rest.php { auth_basic "Fusion Directory WS protected area"; - auth_basic_user_file /etc/nginx/.htpasswd; + auth_basic_user_file /etc/lemonldap-ng/fusion.htpasswd; proxy_pass http://{{ lemonldap2_fusiondirectory_host }}:{{ lemonldap2_fusiondirectory_port }}/rest.php; include /etc/nginx/proxy_params; } diff --git a/build/rockylinux8/openldap-ltb/ansible/deploy.yaml b/build/rockylinux8/openldap-ltb/ansible/deploy.yaml index a13b9cecca6d63334bc37a31d96452d0c2957c00..636984bda1d59aa9c74da5eacd3bc099812a9d9e 100644 --- a/build/rockylinux8/openldap-ltb/ansible/deploy.yaml +++ b/build/rockylinux8/openldap-ltb/ansible/deploy.yaml @@ -21,19 +21,40 @@ file: path: /fusioniam/install/ state: directory - mode: 0600 + mode: "0700" - name: Copy initial config template: src: config.ldif.j2 dest: /fusioniam/install/config.ldif - mode: 0600 + mode: "0600" - name: Copy initial data template: src: data.ldif.j2 dest: /fusioniam/install/data.ldif - mode: 0600 + mode: "0600" + + - name: check LDPAPI folder exists. + stat: + path: /var/run/slapd + register: slapd_folder + + - name: Create LDAPI socket dir + file: + path: /var/run/slapd + state: directory + mode: "750" + when: slapd_folder.stat.exists == false or slapd_folder.stat.isdir == false + + - name: Create a directory if it does not exist + file: + path: "{{ item }}" + state: directory + mode: '0755' + with_items: + - '/usr/local/openldap/var/openldap-data/' + - '/usr/local/openldap/var/run/' - name: Check if OpenLDAP configuration folder is empty before proceeding find: diff --git a/build/rockylinux8/openldap-ltb/ansible/install.yaml b/build/rockylinux8/openldap-ltb/ansible/install.yaml index 2cc93667bd4e576b46362b43c9db8ea2fefe481f..7d27f35eb9e807d80f314b98b092ab15533dcc6a 100644 --- a/build/rockylinux8/openldap-ltb/ansible/install.yaml +++ b/build/rockylinux8/openldap-ltb/ansible/install.yaml @@ -64,11 +64,6 @@ regexp: 'SLAPD_CONF_DIR=\"\"' replace: 'SLAPD_CONF_DIR="$SLAPD_PATH/etc/openldap/slapd.d"' - - name: Create LDAPI socket dir - file: - path: /var/run/slapd - state: directory - mode: "750" - name: Install FD schemas copy: src: "{{ item }}" diff --git a/build/rockylinux8/service-desk/ansible/run-ct.sh b/build/rockylinux8/service-desk/ansible/run-ct.sh index 5f5b23c791f9dc92e2470539c36aa1156b254c4a..f4dafd95b0c16ac269ef954cbdd240926d47fa02 100644 --- a/build/rockylinux8/service-desk/ansible/run-ct.sh +++ b/build/rockylinux8/service-desk/ansible/run-ct.sh @@ -12,8 +12,8 @@ if [ "$1" = "nginx" ] then ln -sf /dev/stdout /var/log/nginx/access.log ln -sf /dev/stdout /var/log/nginx/error.log - ln -sf /dev/stdout /var/log/nginx/wp.access.log - ln -sf /dev/stdout /var/log/nginx/wp.error.log + ln -sf /dev/stdout /var/log/nginx/sd.access.log + ln -sf /dev/stdout /var/log/nginx/sd.error.log /usr/sbin/nginx -g 'daemon off;' elif [ "$1" = "php-fpm" ] then