From f4e66f668cfe5ca76b1f9832995e2e9400a5a00a Mon Sep 17 00:00:00 2001 From: alexandre souppart Date: Sat, 5 Nov 2022 21:15:57 +0100 Subject: [PATCH] add compatibility with kubernetes --- .../fusiondirectory/ansible/run-ct.sh | 5 +++- .../lemonldap-ng/ansible/deploy.yaml | 15 +++++------ .../lemonldap-ng/ansible/install.yaml | 12 +++++++++ .../lemonldap-ng/ansible/run-ct.sh | 3 +++ .../ansible/templates/fd-nginx.conf.j2 | 2 +- .../openldap-ltb/ansible/deploy.yaml | 27 ++++++++++++++++--- .../openldap-ltb/ansible/install.yaml | 5 ---- .../service-desk/ansible/run-ct.sh | 4 +-- 8 files changed, 53 insertions(+), 20 deletions(-) diff --git a/build/rockylinux8/fusiondirectory/ansible/run-ct.sh b/build/rockylinux8/fusiondirectory/ansible/run-ct.sh index f1d5e87..2f865a1 100644 --- a/build/rockylinux8/fusiondirectory/ansible/run-ct.sh +++ b/build/rockylinux8/fusiondirectory/ansible/run-ct.sh @@ -1,6 +1,9 @@ #!/bin/sh set -e +echo "fusioniam:x:$(id -u):$(id -g):,,,:${HOME}:/bin/bash" >> /etc/passwd +echo "fusioniam:x:$(id -G | cut -d' ' -f 2)" >> /etc/group + /bin/bash /run-playbook.sh /deploy.yaml if [ "$1" = "nginx" ] @@ -15,7 +18,7 @@ then /usr/sbin/rsyslogd -iNONE ln -sf /dev/stdout /var/log/php-fpm/error.log ln -sf /dev/stdout /var/log/php-fpm/www-error.log - ln -sf /proc/$$/fd/1 /var/log/user.log +# ln -sf /proc/$$/fd/1 /var/log/user.log /usr/sbin/php-fpm --nodaemonize fi diff --git a/build/rockylinux8/lemonldap-ng/ansible/deploy.yaml b/build/rockylinux8/lemonldap-ng/ansible/deploy.yaml index fb941b5..71b71d1 100644 --- a/build/rockylinux8/lemonldap-ng/ansible/deploy.yaml +++ b/build/rockylinux8/lemonldap-ng/ansible/deploy.yaml @@ -81,20 +81,19 @@ - sd - fd - - name: Remove previous htpasswd file - ansible.builtin.file: - path: /etc/nginx/.htpasswd - state: absent + - name: Check if htpasswd exists + stat: + path: "/etc/lemonldap-ng/fusion.htpasswd" + register: result - name: Generate htpasswd file for accessing the FD WS API ansible.builtin.shell: - cmd: htpasswd -bc /etc/nginx/.htpasswd {{ fusiondirectory_ws_username }} {{ fusiondirectory_ws_password }} + cmd: htpasswd -bc /etc/lemonldap-ng/fusion.htpasswd {{ fusiondirectory_ws_username }} {{ fusiondirectory_ws_password }} + when: not result.stat.exists - name: Fix htpasswd permissions ansible.builtin.file: - path: /etc/nginx/.htpasswd - owner: nginx - group: nginx + path: /etc/lemonldap-ng/fusion.htpasswd mode: 0400 - name: Enable nginx log formats diff --git a/build/rockylinux8/lemonldap-ng/ansible/install.yaml b/build/rockylinux8/lemonldap-ng/ansible/install.yaml index 3132d39..2c40cd7 100644 --- a/build/rockylinux8/lemonldap-ng/ansible/install.yaml +++ b/build/rockylinux8/lemonldap-ng/ansible/install.yaml @@ -54,6 +54,18 @@ - perl-Glib state: present + - name: Fix /var/lib/lemonldap-ng/conf access + ansible.builtin.file: + path: /var/lib/lemonldap-ng/ + recurse: yes + mode: "0755" + + - name: + lineinfile: + path: /etc/nginx/nginx.conf + insertafter: 'http {' + line: ' server_names_hash_bucket_size 128;' + - name: Create Log4Perl copy: src: log4perl.conf diff --git a/build/rockylinux8/lemonldap-ng/ansible/run-ct.sh b/build/rockylinux8/lemonldap-ng/ansible/run-ct.sh index 49f58cd..2dbb063 100644 --- a/build/rockylinux8/lemonldap-ng/ansible/run-ct.sh +++ b/build/rockylinux8/lemonldap-ng/ansible/run-ct.sh @@ -1,6 +1,9 @@ #!/bin/sh set -e +echo "fusioniam:x:$(id -u):$(id -g):,,,:${HOME}:/bin/bash" >> /etc/passwd +echo "fusioniam:x:$(id -G | cut -d' ' -f 2)" >> /etc/group + /bin/bash /run-playbook.sh /deploy.yaml if [ "$1" = "nginx" ] diff --git a/build/rockylinux8/lemonldap-ng/ansible/templates/fd-nginx.conf.j2 b/build/rockylinux8/lemonldap-ng/ansible/templates/fd-nginx.conf.j2 index 26edac3..33cbebc 100644 --- a/build/rockylinux8/lemonldap-ng/ansible/templates/fd-nginx.conf.j2 +++ b/build/rockylinux8/lemonldap-ng/ansible/templates/fd-nginx.conf.j2 @@ -4,7 +4,7 @@ server { location /rest.php { auth_basic "Fusion Directory WS protected area"; - auth_basic_user_file /etc/nginx/.htpasswd; + auth_basic_user_file /etc/lemonldap-ng/fusion.htpasswd; proxy_pass http://{{ lemonldap2_fusiondirectory_host }}:{{ lemonldap2_fusiondirectory_port }}/rest.php; include /etc/nginx/proxy_params; } diff --git a/build/rockylinux8/openldap-ltb/ansible/deploy.yaml b/build/rockylinux8/openldap-ltb/ansible/deploy.yaml index a13b9ce..636984b 100644 --- a/build/rockylinux8/openldap-ltb/ansible/deploy.yaml +++ b/build/rockylinux8/openldap-ltb/ansible/deploy.yaml @@ -21,19 +21,40 @@ file: path: /fusioniam/install/ state: directory - mode: 0600 + mode: "0700" - name: Copy initial config template: src: config.ldif.j2 dest: /fusioniam/install/config.ldif - mode: 0600 + mode: "0600" - name: Copy initial data template: src: data.ldif.j2 dest: /fusioniam/install/data.ldif - mode: 0600 + mode: "0600" + + - name: check LDPAPI folder exists. + stat: + path: /var/run/slapd + register: slapd_folder + + - name: Create LDAPI socket dir + file: + path: /var/run/slapd + state: directory + mode: "750" + when: slapd_folder.stat.exists == false or slapd_folder.stat.isdir == false + + - name: Create a directory if it does not exist + file: + path: "{{ item }}" + state: directory + mode: '0755' + with_items: + - '/usr/local/openldap/var/openldap-data/' + - '/usr/local/openldap/var/run/' - name: Check if OpenLDAP configuration folder is empty before proceeding find: diff --git a/build/rockylinux8/openldap-ltb/ansible/install.yaml b/build/rockylinux8/openldap-ltb/ansible/install.yaml index 2cc9366..7d27f35 100644 --- a/build/rockylinux8/openldap-ltb/ansible/install.yaml +++ b/build/rockylinux8/openldap-ltb/ansible/install.yaml @@ -64,11 +64,6 @@ regexp: 'SLAPD_CONF_DIR=\"\"' replace: 'SLAPD_CONF_DIR="$SLAPD_PATH/etc/openldap/slapd.d"' - - name: Create LDAPI socket dir - file: - path: /var/run/slapd - state: directory - mode: "750" - name: Install FD schemas copy: src: "{{ item }}" diff --git a/build/rockylinux8/service-desk/ansible/run-ct.sh b/build/rockylinux8/service-desk/ansible/run-ct.sh index 5f5b23c..f4dafd9 100644 --- a/build/rockylinux8/service-desk/ansible/run-ct.sh +++ b/build/rockylinux8/service-desk/ansible/run-ct.sh @@ -12,8 +12,8 @@ if [ "$1" = "nginx" ] then ln -sf /dev/stdout /var/log/nginx/access.log ln -sf /dev/stdout /var/log/nginx/error.log - ln -sf /dev/stdout /var/log/nginx/wp.access.log - ln -sf /dev/stdout /var/log/nginx/wp.error.log + ln -sf /dev/stdout /var/log/nginx/sd.access.log + ln -sf /dev/stdout /var/log/nginx/sd.error.log /usr/sbin/nginx -g 'daemon off;' elif [ "$1" = "php-fpm" ] then -- GitLab