chore: drop ldap realm and tls settings

2024-09-29 21:51:32 +02:00 · 2024-09-29 21:51:32 +02:00 · b886c4bf3f
commit b886c4bf3f
parent 2014726273
6 changed files with 0 additions and 103 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -2,10 +2,6 @@
 pve_nodes:
  - node1

-pve_tls_enabled: False
-pve_tls_cert_source: mycert.pem
-pve_tls_key_source: mykey.pem
-
 pve_pamd_motd_enabled: True

 pve_disk_mount: []
@ -23,17 +19,3 @@ pve_auth_pam_description: Linux PAM standard authentication

 pve_auth_pve_is_default: False
 pve_auth_pve_description: Linux pve standard authentication
-
-# Enable ldap auth against an external server
-pve_auth_ldap_enabled: False
-# pve_auth_ldap_is_default: False
-# pve_auth_ldap_realm: ldap
-# pve_auth_ldap_description: MyLDAP authentication server
-# pve_auth_ldap_base_dn: dc=example,dc=com
-# pve_auth_ldap_user_attr: uid
-# pve_auth_ldap_primary_server: server1.example.com
-# pve_auth_ldap_secondary_server: server2.example.com (defaults to not set)
-# pve_auth_ldap_bind_dn: uid=proxy-user,cn=users,dc=example,dc=com (defaults to not set)
-# pve_auth_ldap_bind_password: my_secret (defaults to not set)
-# pve_auth_ldap_port: 389
-# pve_auth_ldap_tls_enabled: False
--- a/tasks/ldap.yml
+++ b/tasks/ldap.yml
@ -1,19 +0,0 @@
---
- name: Ensure path for auth file exists
-  ansible.builtin.file:
-    path: "{{ __pve_base_dir }}/priv/ldap"
-    recurse: True
-    state: directory
-
- name: Add passwd file for ldap bind
-  ansible.builtin.template:
-    src: etc/pve/priv/ldap.pw.j2
-    dest: "{{ __pve_tmp_dir }}/{{ pve_auth_ldap_realm }}.pw"
-    owner: root
-    group: www-data
-    mode: "0640"
-  register: __pve_auth_copy
-
- name: Copy passwd file to pve filesystem
-  ansible.builtin.command: "/bin/cp -rf {{ __pve_tmp_dir }}/{{ pve_auth_ldap_realm }}.pw {{ __pve_base_dir }}/priv/ldap/{{ pve_auth_ldap_realm }}.pw"
-  changed_when: __pve_auth_copy.changed
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -55,14 +55,3 @@
 - name: Copy auth provider to pve filesystem
  ansible.builtin.command: "/bin/cp -rf {{ __pve_tmp_dir }}/domains.cfg {{ __pve_base_dir }}/domains.cfg"
  changed_when: __pve_domains_copy.changed
-
- name: Configure LDAP auth
-  ansible.builtin.include_tasks: ldap.yml
-  when:
-    - pve_auth_ldap_enabled | bool
-    - pve_auth_ldap_bind_password is defined
-
- name: Configure pveproxy
-  ansible.builtin.import_tasks: tls.yml
-  when: pve_tls_enabled | bool
-  tags: tls_renewal
--- a/tasks/tls.yml
+++ b/tasks/tls.yml
@ -1,37 +0,0 @@
---
- name: Deploy TLS certs
-  become: True
-  become_user: root
-  block:
-    - name: Create pki folder structure
-      ansible.builtin.file:
-        path: "{{ item }}"
-        state: directory
-        recurse: True
-      loop:
-        - /etc/pki/tls/certs
-        - /etc/pki/tls/private
-
-    - name: Copy certs and private key
-      ansible.builtin.copy:
-        src: "{{ item.src }}"
-        dest: "{{ item.dest }}"
-        mode: "{{ item.mode }}"
-      loop:
-        - src: "{{ pve_tls_cert_source }}"
-          dest: "/etc/pki/tls/certs/pveproxy-ssl.pem"
-          mode: "0750"
-        - src: "{{ pve_tls_key_source }}"
-          dest: "/etc/pki/tls/private/pveproxy-ssl.key"
-          mode: "0600"
-      loop_control:
-        label: "{{ item.dest }}"
-      register: __pve_tls_copy
-
-    - name: Copy cert/key to pve filesystem
-      ansible.builtin.command: "/bin/cp -rf {{ item[0].dest }} /etc/pve/nodes/{{ item[1] }}/{{ item[0].dest | basename }}"
-      changed_when: item[0].changed
-      loop: "{{ __pve_tls_copy.results | product(pve_nodes) | list }}"
-      loop_control:
-        label: "/etc/pve/nodes/{{ item[1] }}/{{ item[0].dest | basename }}"
-      notify: __pveproxy_restart
--- a/templates/etc/pve/domains.cfg.j2
+++ b/templates/etc/pve/domains.cfg.j2
@ -6,20 +6,3 @@ pam: pam
 pve: pve
    comment {{ pve_auth_pve_description }}
    default {{ 1 if pve_auth_pve_is_default else 0 }}
-{% if pve_auth_ldap_enabled %}
-
-ldap: {{ pve_auth_ldap_realm }}
-    comment {{ pve_auth_ldap_description }}
-    base_dn {{ pve_auth_ldap_base_dn }}
-    server1 {{ pve_auth_ldap_primary_server }}
-    {% if pve_auth_ldap_secondary_server is defined %}
-    server2 {{ pve_auth_ldap_secondary_server }}
-    {% endif %}
-    user_attr {{ pve_auth_ldap_user_attr }}
-    {% if pve_auth_ldap_bind_dn is defined %}
-    bind_dn {{ pve_auth_ldap_bind_dn }}
-    {% endif %}
-    default {{ 1 if pve_auth_ldap_is_default else 0 }}
-    port {{ pve_auth_ldap_port }}
-    secure {{ 1 if pve_auth_ldap_tls_enabled else 0 }}
-{% endif %}
--- a/templates/etc/pve/priv/ldap.pw.j2
+++ b/templates/etc/pve/priv/ldap.pw.j2
@ -1 +0,0 @@
-{{ pve_auth_ldap_bind_password }}