[MediaWiki-commits] [Gerrit] ldap: qualify vars - change (operations/puppet)

Matanya (Code Review) Mon, 21 Jul 2014 02:53:27 -0700

Matanya has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/148035


Change subject: ldap: qualify vars
......................................................................

ldap: qualify vars

Change-Id: Ic90146c2cd86a1fb25750f19199dbb73019b4f7b
---
M modules/ldap/templates/base.ldif.erb
M modules/ldap/templates/ldapscriptrc.erb
M modules/ldap/templates/nslcd.conf.erb
M modules/ldap/templates/nss_ldap.erb
M modules/ldap/templates/open_ldap.erb
M modules/ldap/templates/opendj.default.erb
M modules/ldap/templates/scriptconfig.py.erb
7 files changed, 50 insertions(+), 50 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/35/148035/1

diff --git a/modules/ldap/templates/base.ldif.erb 
b/modules/ldap/templates/base.ldif.erb
index c330b11..8d20b33 100644
--- a/modules/ldap/templates/base.ldif.erb
+++ b/modules/ldap/templates/base.ldif.erb
@@ -1,51 +1,51 @@
 # This is the root of the directory tree
-#dn: <%= base_dn %>
+#dn: <%= @base_dn %>
 #dc: <%= @domain %>
 #objectClass: top
 #objectClass: domain
 
 # Subtree for users
-dn: ou=people,<%= base_dn %>
+dn: ou=people,<%= @base_dn %>
 ou: people
 description: people
 objectClass: organizationalUnit
 
 # Subtree for groups
-dn: ou=groups,<%= base_dn %>
+dn: ou=groups,<%= @base_dn %>
 ou: groups
 description: groups
 objectClass: organizationalUnit
 
 # Subtree for hosts
-dn: ou=hosts,<%= base_dn %>
+dn: ou=hosts,<%= @base_dn %>
 ou: hosts
 description: hosts
 objectClass: organizationalUnit
 
 # Subtree for system accounts
-dn: ou=profile,<%= base_dn %>
+dn: ou=profile,<%= @base_dn %>
 ou: profile
 description: Special accounts used by software applications.
 objectClass: organizationalUnit
 
-dn: <%= proxyagent %>
+dn: <%= @proxyagent %>
 ou: profile
 description: Special account for nova
-userPassword: <%= proxyagent_pass %>
+userPassword: <%= @proxyagent_pass %>
 objectClass: simpleSecurityObject
 objectClass: organizationalRole
 
-dn: cn=sysadmins,ou=groups,<%= base_dn %>
+dn: cn=sysadmins,ou=groups,<%= @base_dn %>
 objectclass: groupOfNames
 cn: sysadmins
 description: IT admin group
 
-dn: cn=netadmins,ou=groups,<%= base_dn %>
+dn: cn=netadmins,ou=groups,<%= @base_dn %>
 objectclass: groupOfNames
 cn: netadmins
 description: Network admin group
 
-dn: cn=cloudadmins,ou=groups,<%= base_dn %>
+dn: cn=cloudadmins,ou=groups,<%= @base_dn %>
 objectclass: groupOfNames
 cn: cloudadmins
 description: Cloud admin group
diff --git a/modules/ldap/templates/ldapscriptrc.erb 
b/modules/ldap/templates/ldapscriptrc.erb
index 9d231ed..2ad3939 100644
--- a/modules/ldap/templates/ldapscriptrc.erb
+++ b/modules/ldap/templates/ldapscriptrc.erb
@@ -1,2 +1,2 @@
-USER    <%= ldapconfig["script_user_dn"] %>
-PASS    <%= ldapconfig["script_user_pass"] %>
+USER    <%= @ldpaconfig["script_user_dn"] %>
+PASS    <%= @ldpaconfig["script_user_pass"] %>
diff --git a/modules/ldap/templates/nslcd.conf.erb 
b/modules/ldap/templates/nslcd.conf.erb
index ee78973..c40eb23 100644
--- a/modules/ldap/templates/nslcd.conf.erb
+++ b/modules/ldap/templates/nslcd.conf.erb
@@ -7,35 +7,35 @@
 gid nslcd
 
 # The location at which the LDAP server(s) should be reachable.
-uri <% ldapconfig["servernames"].each do |servername| -%>ldap://<%= servername 
%>:389 <% end -%>
+uri <% @ldpaconfig["servernames"].each do |servername| -%>ldap://<%= 
servername %>:389 <% end -%>
 
 # The search base that will be used for all queries.
-base <%= ldapconfig["basedn"] %>
+base <%= @ldpaconfig["basedn"] %>
 
-base passwd <%= ldapconfig["users_rdn"] %>,<%= ldapconfig["basedn"] %>
-base shadow <%= ldapconfig["users_rdn"] %>,<%= ldapconfig["basedn"] %>
-base group <%= ldapconfig["groups_rdn"] %>,<%= ldapconfig["basedn"] %>
+base passwd <%= @ldpaconfig["users_rdn"] %>,<%= @ldpaconfig["basedn"] %>
+base shadow <%= @ldpaconfig["users_rdn"] %>,<%= @ldpaconfig["basedn"] %>
+base group <%= @ldpaconfig["groups_rdn"] %>,<%= @ldpaconfig["basedn"] %>
 
 <% if @site == "eqiad" -%>
-base passwd <%= ldapconfig["users_rdn"] %>,ou=servicegroups,<%= 
ldapconfig["basedn"] %>
-base shadow <%= ldapconfig["users_rdn"] %>,ou=servicegroups,<%= 
ldapconfig["basedn"] %>
-base group ou=servicegroups,<%= ldapconfig["basedn"] %>
+base passwd <%= @ldpaconfig["users_rdn"] %>,ou=servicegroups,<%= 
@ldpaconfig["basedn"] %>
+base shadow <%= @ldpaconfig["users_rdn"] %>,ou=servicegroups,<%= 
@ldpaconfig["basedn"] %>
+base group ou=servicegroups,<%= @ldpaconfig["basedn"] %>
 <% elsif @realm == "labs" -%>
 <% if has_variable?("instanceproject") then -%>
-base passwd <%= ldapconfig["users_rdn"] %>,cn=<%= instanceproject 
%>,ou=projects,<%= ldapconfig["basedn"] %>
-base shadow <%= ldapconfig["users_rdn"] %>,cn=<%= instanceproject 
%>,ou=projects,<%= ldapconfig["basedn"] %>
-base group <%= ldapconfig["groups_rdn"] %>,cn=<%= instanceproject 
%>,ou=projects,<%= ldapconfig["basedn"] %>
+base passwd <%= @ldpaconfig["users_rdn"] %>,cn=<%= instanceproject 
%>,ou=projects,<%= @ldpaconfig["basedn"] %>
+base shadow <%= @ldpaconfig["users_rdn"] %>,cn=<%= instanceproject 
%>,ou=projects,<%= @ldpaconfig["basedn"] %>
+base group <%= @ldpaconfig["groups_rdn"] %>,cn=<%= instanceproject 
%>,ou=projects,<%= @ldpaconfig["basedn"] %>
 <% end %><% end -%>
 
 # The DN to bind with for normal lookups.
-binddn cn=proxyagent,ou=profile,<%= ldapconfig["basedn"] %>
-bindpw <%= ldapconfig["proxypass"] %>
+binddn cn=proxyagent,ou=profile,<%= @ldpaconfig["basedn"] %>
+bindpw <%= @ldpaconfig["proxypass"] %>
 
 # SSL options.
 ssl start_tls
 tls_reqcert demand
 tls_cacertdir /etc/ssl/certs
-tls_cacertfile /etc/ssl/certs/<%= ldapconfig["ca"] %>
+tls_cacertfile /etc/ssl/certs/<%= @ldpaconfig["ca"] %>
 
 
 <% if scope.function_versioncmp([@lsbdistrelease, "12.04"]) >= 0 %># Limit 
user names to this regex. This needs to be kept in sync with OpenStackManager's 
regex.
@@ -43,7 +43,7 @@
 
 # Group mapping for sudo-ldap.
 <% if scope.function_versioncmp([@lsbdistrelease, "12.04"]) < 0 %>map group 
uniquemember member<% end %>
-<% if realm == "labs" %>map passwd loginshell "/bin/bash"<% end %>
+<% if @realm == "labs" %>map passwd loginshell "/bin/bash"<% end %>
 
-pagesize <%= ldapconfig["pagesize"] %>
-<% if scope.function_versioncmp([@lsbdistrelease, "12.04"]) >= 0 %>nss_min_uid 
<%= ldapconfig["nss_min_uid"] %><% end %>
+pagesize <%= @ldpaconfig["pagesize"] %>
+<% if scope.function_versioncmp([@lsbdistrelease, "12.04"]) >= 0 %>nss_min_uid 
<%= @ldpaconfig["nss_min_uid"] %><% end %>
diff --git a/modules/ldap/templates/nss_ldap.erb 
b/modules/ldap/templates/nss_ldap.erb
index 23ff4c3..b9377a5 100644
--- a/modules/ldap/templates/nss_ldap.erb
+++ b/modules/ldap/templates/nss_ldap.erb
@@ -1,20 +1,20 @@
-uri             <% ldapconfig["servernames"].each do |servername| 
-%>ldap://<%= servername %>:389 <% end -%>
+uri             <% @ldpaconfig["servernames"].each do |servername| 
-%>ldap://<%= servername %>:389 <% end -%>
 
-base            <%= ldapconfig["basedn"] %>
-binddn          cn=proxyagent,ou=profile,<%= ldapconfig["basedn"] %>
-bindpw          <%= ldapconfig["proxypass"] %>
+base            <%= @ldpaconfig["basedn"] %>
+binddn          cn=proxyagent,ou=profile,<%= @ldpaconfig["basedn"] %>
+bindpw          <%= @ldpaconfig["proxypass"] %>
 pam_filter      objectclass=posixAccount
-nss_base_passwd ou=people,<%= ldapconfig["basedn"] %>
-nss_base_shadow ou=people,<%= ldapconfig["basedn"] %>
-nss_base_group  ou=groups,<%= ldapconfig["basedn"] %>
-nss_base_hosts  ou=hosts,<%= ldapconfig["basedn"] %>
-nss_base_netgroup     ou=netgroup,<%= ldapconfig["basedn"] %>
+nss_base_passwd ou=people,<%= @ldpaconfig["basedn"] %>
+nss_base_shadow ou=people,<%= @ldpaconfig["basedn"] %>
+nss_base_group  ou=groups,<%= @ldpaconfig["basedn"] %>
+nss_base_hosts  ou=hosts,<%= @ldpaconfig["basedn"] %>
+nss_base_netgroup     ou=netgroup,<%= @ldpaconfig["basedn"] %>
 nss_schema      rfc2307bis
 nss_map_attribute   uniquemember member
 nss_map_objectclass groupofuniquenames groupofnames
-<% if realm == "labs" %>nss_override_attribute_value loginshell /bin/bash<% 
end %>
+<% if @realm == "labs" %>nss_override_attribute_value loginshell /bin/bash<% 
end %>
 tls_checkpeer   yes
-tls_cacertfile  /etc/ssl/certs/<%= ldapconfig["ca"] %>
+tls_cacertfile  /etc/ssl/certs/<%= @ldpaconfig["ca"] %>
 tls_cacertdir   /etc/ssl/certs
 ssl             start_tls
 pam_password    clear
diff --git a/modules/ldap/templates/open_ldap.erb 
b/modules/ldap/templates/open_ldap.erb
index b0d8a42..7768fe7 100644
--- a/modules/ldap/templates/open_ldap.erb
+++ b/modules/ldap/templates/open_ldap.erb
@@ -1,12 +1,12 @@
-BASE            <%= ldapconfig["basedn"] %>
-URI             <% ldapconfig["servernames"].each do |servername| 
-%>ldap://<%= servername %>:389 <% end -%>
+BASE            <%= @ldpaconfig["basedn"] %>
+URI             <% @ldpaconfig["servernames"].each do |servername| 
-%>ldap://<%= servername %>:389 <% end -%>
 
-BINDDN          cn=proxyagent,ou=profile,<%= ldapconfig["basedn"] %>
-BINDPW          <%= ldapconfig["proxypass"] %>
+BINDDN          cn=proxyagent,ou=profile,<%= @ldpaconfig["basedn"] %>
+BINDPW          <%= @ldpaconfig["proxypass"] %>
 SSL             start_tls
 TLS_CHECKPEER   yes
 TLS_REQCERT     demand
 TLS_CACERTDIR   /etc/ssl/certs
-TLS_CACERTFILE  /etc/ssl/certs/<%= ldapconfig["ca"] %>
-TLS_CACERT      /etc/ssl/certs/<%= ldapconfig["ca"] %>
-<% if ldapincludes.include?('sudo') then %>SUDOERS_BASE    <%= 
ldapconfig["sudobasedn"] %><% end %>
+TLS_CACERTFILE  /etc/ssl/certs/<%= @ldpaconfig["ca"] %>
+TLS_CACERT      /etc/ssl/certs/<%= @ldpaconfig["ca"] %>
+<% if @ldapincludes.include?('sudo') then %>SUDOERS_BASE    <%= 
@ldpaconfig["sudobasedn"] %><% end %>
diff --git a/modules/ldap/templates/opendj.default.erb 
b/modules/ldap/templates/opendj.default.erb
index 0a5c07a..8a4bbb6 100644
--- a/modules/ldap/templates/opendj.default.erb
+++ b/modules/ldap/templates/opendj.default.erb
@@ -8,7 +8,7 @@
 
 # Space separated list of addresses 389 and 636 should forward to, defaults
 # to all configured IPs. Used to configure iptables
-BINDADDRS="<%= server_bind_ips %>"
+BINDADDRS="<%= @server_bind_ips %>"
 
 # increase the number of open file descriptors
 # note: the init script uses start-stop-daemon which doesn't do PAM, hence
diff --git a/modules/ldap/templates/scriptconfig.py.erb 
b/modules/ldap/templates/scriptconfig.py.erb
index 61ccd37..0e41cee 100644
--- a/modules/ldap/templates/scriptconfig.py.erb
+++ b/modules/ldap/templates/scriptconfig.py.erb
@@ -5,5 +5,5 @@
 ### system, it should not contain any private or sensitive information.
 #######################################################################
 
-domain="<%= ldapconfig["wikildapdomain"] %>"
-controllerapiurl="<%= ldapconfig["wikicontrollerapiurl"] %>"
+domain="<%= @ldapconfig["wikildapdomain"] %>"
+controllerapiurl="<%= @ldapconfig["wikicontrollerapiurl"] %>"

-- 
To view, visit https://gerrit.wikimedia.org/r/148035
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Ic90146c2cd86a1fb25750f19199dbb73019b4f7b
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Matanya <mata...@foss.co.il>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] ldap: qualify vars - change (operations/puppet)

Reply via email to