chore: drop ldap realm and tls settings
All checks were successful
ci/woodpecker/push/lint Pipeline was successful
ci/woodpecker/push/docs Pipeline was successful
ci/woodpecker/push/notify Pipeline was successful

This commit is contained in:
Robert Kaussow 2024-09-29 21:51:32 +02:00
parent 2014726273
commit b886c4bf3f
Signed by: xoxys
GPG Key ID: 4E692A2EAECC03C0
6 changed files with 0 additions and 103 deletions

View File

@ -2,10 +2,6 @@
pve_nodes:
- node1
pve_tls_enabled: False
pve_tls_cert_source: mycert.pem
pve_tls_key_source: mykey.pem
pve_pamd_motd_enabled: True
pve_disk_mount: []
@ -23,17 +19,3 @@ pve_auth_pam_description: Linux PAM standard authentication
pve_auth_pve_is_default: False
pve_auth_pve_description: Linux pve standard authentication
# Enable ldap auth against an external server
pve_auth_ldap_enabled: False
# pve_auth_ldap_is_default: False
# pve_auth_ldap_realm: ldap
# pve_auth_ldap_description: MyLDAP authentication server
# pve_auth_ldap_base_dn: dc=example,dc=com
# pve_auth_ldap_user_attr: uid
# pve_auth_ldap_primary_server: server1.example.com
# pve_auth_ldap_secondary_server: server2.example.com (defaults to not set)
# pve_auth_ldap_bind_dn: uid=proxy-user,cn=users,dc=example,dc=com (defaults to not set)
# pve_auth_ldap_bind_password: my_secret (defaults to not set)
# pve_auth_ldap_port: 389
# pve_auth_ldap_tls_enabled: False

View File

@ -1,19 +0,0 @@
---
- name: Ensure path for auth file exists
ansible.builtin.file:
path: "{{ __pve_base_dir }}/priv/ldap"
recurse: True
state: directory
- name: Add passwd file for ldap bind
ansible.builtin.template:
src: etc/pve/priv/ldap.pw.j2
dest: "{{ __pve_tmp_dir }}/{{ pve_auth_ldap_realm }}.pw"
owner: root
group: www-data
mode: "0640"
register: __pve_auth_copy
- name: Copy passwd file to pve filesystem
ansible.builtin.command: "/bin/cp -rf {{ __pve_tmp_dir }}/{{ pve_auth_ldap_realm }}.pw {{ __pve_base_dir }}/priv/ldap/{{ pve_auth_ldap_realm }}.pw"
changed_when: __pve_auth_copy.changed

View File

@ -55,14 +55,3 @@
- name: Copy auth provider to pve filesystem
ansible.builtin.command: "/bin/cp -rf {{ __pve_tmp_dir }}/domains.cfg {{ __pve_base_dir }}/domains.cfg"
changed_when: __pve_domains_copy.changed
- name: Configure LDAP auth
ansible.builtin.include_tasks: ldap.yml
when:
- pve_auth_ldap_enabled | bool
- pve_auth_ldap_bind_password is defined
- name: Configure pveproxy
ansible.builtin.import_tasks: tls.yml
when: pve_tls_enabled | bool
tags: tls_renewal

View File

@ -1,37 +0,0 @@
---
- name: Deploy TLS certs
become: True
become_user: root
block:
- name: Create pki folder structure
ansible.builtin.file:
path: "{{ item }}"
state: directory
recurse: True
loop:
- /etc/pki/tls/certs
- /etc/pki/tls/private
- name: Copy certs and private key
ansible.builtin.copy:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
mode: "{{ item.mode }}"
loop:
- src: "{{ pve_tls_cert_source }}"
dest: "/etc/pki/tls/certs/pveproxy-ssl.pem"
mode: "0750"
- src: "{{ pve_tls_key_source }}"
dest: "/etc/pki/tls/private/pveproxy-ssl.key"
mode: "0600"
loop_control:
label: "{{ item.dest }}"
register: __pve_tls_copy
- name: Copy cert/key to pve filesystem
ansible.builtin.command: "/bin/cp -rf {{ item[0].dest }} /etc/pve/nodes/{{ item[1] }}/{{ item[0].dest | basename }}"
changed_when: item[0].changed
loop: "{{ __pve_tls_copy.results | product(pve_nodes) | list }}"
loop_control:
label: "/etc/pve/nodes/{{ item[1] }}/{{ item[0].dest | basename }}"
notify: __pveproxy_restart

View File

@ -6,20 +6,3 @@ pam: pam
pve: pve
comment {{ pve_auth_pve_description }}
default {{ 1 if pve_auth_pve_is_default else 0 }}
{% if pve_auth_ldap_enabled %}
ldap: {{ pve_auth_ldap_realm }}
comment {{ pve_auth_ldap_description }}
base_dn {{ pve_auth_ldap_base_dn }}
server1 {{ pve_auth_ldap_primary_server }}
{% if pve_auth_ldap_secondary_server is defined %}
server2 {{ pve_auth_ldap_secondary_server }}
{% endif %}
user_attr {{ pve_auth_ldap_user_attr }}
{% if pve_auth_ldap_bind_dn is defined %}
bind_dn {{ pve_auth_ldap_bind_dn }}
{% endif %}
default {{ 1 if pve_auth_ldap_is_default else 0 }}
port {{ pve_auth_ldap_port }}
secure {{ 1 if pve_auth_ldap_tls_enabled else 0 }}
{% endif %}

View File

@ -1 +0,0 @@
{{ pve_auth_ldap_bind_password }}