From 9a599a4c514990686f0dafef13090252ac4e0726 Mon Sep 17 00:00:00 2001
From: Julian <julian@cccv.de>
Date: Mon, 15 Aug 2022 21:06:17 +0000
Subject: [PATCH] Cleanup LDAP remnants
---
Dockerfile.bullseye | 17 ----------
Dockerfile.buster | 17 ----------
ansible-inventory.yml | 75 -------------------------------------------
ansible-playbook.yml | 5 ---
ansible.cfg | 47 ---------------------------
5 files changed, 161 deletions(-)
delete mode 100644 ansible-inventory.yml
delete mode 100644 ansible-playbook.yml
delete mode 100644 ansible.cfg
diff --git a/Dockerfile.bullseye b/Dockerfile.bullseye
index 5668ee1..f7cd049 100644
--- a/Dockerfile.bullseye
+++ b/Dockerfile.bullseye
@@ -13,20 +13,3 @@ RUN apt-get -qq update && \
COPY cccv-archive-key.gpg /etc/apt/trusted.gpg.d/
COPY cccv-archive-bullseye.list /etc/apt/sources.list.d/
-
-FROM uffd-base AS openldap-base
-
-RUN apt-get -qq update && \
- pip3 install ansible --upgrade && \
- ansible --version && \
- mkdir -p /var/run/ && \
- git clone --depth 1 "https://git.cccv.de/infra/ansible/roles/openldap.git" && \
- git clone --depth 1 "https://git.cccv.de/infra/ansible/roles/certificates.git" && \
- apt-get -qq clean
-
-COPY ansible-inventory.yml inventory.yml
-COPY ansible-playbook.yml playbook.yml
-COPY ansible.cfg ansible.cfg
-
-RUN ansible-playbook playbook.yml && \
- rm -fr openldap certificates inventory.yml playbook.yml ansible.cfg
diff --git a/Dockerfile.buster b/Dockerfile.buster
index ec1cbd2..bed7fb6 100644
--- a/Dockerfile.buster
+++ b/Dockerfile.buster
@@ -13,20 +13,3 @@ RUN apt-get -qq update && \
COPY cccv-archive-key.gpg /etc/apt/trusted.gpg.d/
COPY cccv-archive-buster.list /etc/apt/sources.list.d/
-
-FROM uffd-base AS openldap-base
-
-RUN apt-get -qq update && \
- pip3 install ansible --upgrade && \
- ansible --version && \
- mkdir -p /var/run/ && \
- git clone --depth 1 "https://git.cccv.de/infra/ansible/roles/openldap.git" && \
- git clone --depth 1 "https://git.cccv.de/infra/ansible/roles/certificates.git" && \
- apt-get -qq clean
-
-COPY ansible-inventory.yml inventory.yml
-COPY ansible-playbook.yml playbook.yml
-COPY ansible.cfg ansible.cfg
-
-RUN ansible-playbook playbook.yml && \
- rm -fr openldap certificates inventory.yml playbook.yml ansible.cfg
diff --git a/ansible-inventory.yml b/ansible-inventory.yml
deleted file mode 100644
index 07b2fa2..0000000
--- a/ansible-inventory.yml
+++ /dev/null
@@ -1,75 +0,0 @@
-all:
- hosts:
- localhost:
- vars:
- openldap:
- backup:
- enable: False
- root:
- password: "root-ldap-password"
- dn: "cn=admin,dc=example,dc=com"
- tls:
- ca: /etc/ssl/ldap-server.ca
- cert: /etc/ssl/ldap-server.crt
- key: /etc/ssl/private/ldap-server.key
- domain: example.com
- organisation: Example
- base_dn: "dc=example,dc=com"
- users: []
- service_accounts:
- - name: uffd
- password: "uffd-ldap-password"
- groups:
- - name: admins
- gid: 20000
- description: "Admingruppe"
- - name: users
- gid: 20001
- description: "Usergruppe"
- - name: uffd_access
- gid: 20002
- description: "Zugriff auf den uffd Selfservice"
- - name: uffd_admin
- gid: 20003
- description: "Adminrechte im uffd Selfservice"
- acls:
- - >-
- {0}to attrs=userPassword
- by dn="cn=uffd,ou=system,dc=example,dc=com" =xw
- by group/groupOfUniqueNames/uniqueMember.exact="cn=uffd_admin,ou=groups,dc=example,dc=com" =xw
- by self =xw
- by anonymous auth
- - >-
- {1}to attrs=shadowLastChange
- by dn="cn=uffd,ou=system,dc=example,dc=com" write
- by group/groupOfUniqueNames/uniqueMember.exact="cn=uffd_admin,ou=groups,dc=example,dc=com" write
- by self write
- - >-
- {2}to dn.subtree="ou=users,dc=example,dc=com"
- by dn="cn=uffd,ou=system,dc=example,dc=com" write
- by group/groupOfUniqueNames/uniqueMember.exact="cn=uffd_admin,ou=groups,dc=example,dc=com" write
- by self write
- by * read
- - >-
- {3}to dn.subtree="ou=groups,dc=example,dc=com"
- by dn="cn=uffd,ou=system,dc=example,dc=com" write
- by group/groupOfUniqueNames/uniqueMember.exact="cn=uffd_admin,ou=groups,dc=example,dc=com" write
- by * read
- - >-
- {4}to dn.subtree="ou=postfix,dc=example,dc=com"
- by dn="cn=uffd,ou=system,dc=example,dc=com" write
- by group/groupOfUniqueNames/uniqueMember.exact="cn=uffd_admin,ou=groups,dc=example,dc=com" write
- by * read
-# - >-
-# {5}to *
-# by dn="cn=uffd,ou=system,dc=example,dc=com" write
-# by dn="uid=testadmin,ou=users,dc=example,dc=com" write
-# by * read
- certificates:
- disable_letsencrypt_account_registration: True
- certs:
- "ldap-server":
- backend: ownca
- cn: "{{ inventory_hostname }}"
- backend_override:
- name: ldap-auth
diff --git a/ansible-playbook.yml b/ansible-playbook.yml
deleted file mode 100644
index b44af2a..0000000
--- a/ansible-playbook.yml
+++ /dev/null
@@ -1,5 +0,0 @@
-- hosts: localhost
- become: true
- roles:
- - certificates
- - openldap
diff --git a/ansible.cfg b/ansible.cfg
deleted file mode 100644
index 53defda..0000000
--- a/ansible.cfg
+++ /dev/null
@@ -1,47 +0,0 @@
-[defaults]
-inventory = inventory.yml
-remote_user = root
-hash_behaviour = merge
-nocows = 1
-retry_files_enabled = False
-max_diff_size = 1048576
-transport = local
-
-[inventory]
-
-[privilege_escalation]
-become=True
-become_method=sudo
-become_user=root
-
-[paramiko_connection]
-
-[ssh_connection]
-
-pipelining = True
-
-[persistent_connection]
-
-[accelerate]
-
-[selinux]
-
-[colors]
-#highlight = white
-#verbose = blue
-#warn = bright purple
-#error = red
-#debug = dark gray
-#deprecate = purple
-#skip = cyan
-#unreachable = red
-#ok = green
-#changed = yellow
-#diff_add = green
-#diff_remove = red
-#diff_lines = cyan
-
-
-[diff]
-always = yes
-context = 5
--
GitLab