Matanya has uploaded a new change for review. https://gerrit.wikimedia.org/r/148035
Change subject: ldap: qualify vars ...................................................................... ldap: qualify vars Change-Id: Ic90146c2cd86a1fb25750f19199dbb73019b4f7b --- M modules/ldap/templates/base.ldif.erb M modules/ldap/templates/ldapscriptrc.erb M modules/ldap/templates/nslcd.conf.erb M modules/ldap/templates/nss_ldap.erb M modules/ldap/templates/open_ldap.erb M modules/ldap/templates/opendj.default.erb M modules/ldap/templates/scriptconfig.py.erb 7 files changed, 50 insertions(+), 50 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/35/148035/1 diff --git a/modules/ldap/templates/base.ldif.erb b/modules/ldap/templates/base.ldif.erb index c330b11..8d20b33 100644 --- a/modules/ldap/templates/base.ldif.erb +++ b/modules/ldap/templates/base.ldif.erb @@ -1,51 +1,51 @@ # This is the root of the directory tree -#dn: <%= base_dn %> +#dn: <%= @base_dn %> #dc: <%= @domain %> #objectClass: top #objectClass: domain # Subtree for users -dn: ou=people,<%= base_dn %> +dn: ou=people,<%= @base_dn %> ou: people description: people objectClass: organizationalUnit # Subtree for groups -dn: ou=groups,<%= base_dn %> +dn: ou=groups,<%= @base_dn %> ou: groups description: groups objectClass: organizationalUnit # Subtree for hosts -dn: ou=hosts,<%= base_dn %> +dn: ou=hosts,<%= @base_dn %> ou: hosts description: hosts objectClass: organizationalUnit # Subtree for system accounts -dn: ou=profile,<%= base_dn %> +dn: ou=profile,<%= @base_dn %> ou: profile description: Special accounts used by software applications. objectClass: organizationalUnit -dn: <%= proxyagent %> +dn: <%= @proxyagent %> ou: profile description: Special account for nova -userPassword: <%= proxyagent_pass %> +userPassword: <%= @proxyagent_pass %> objectClass: simpleSecurityObject objectClass: organizationalRole -dn: cn=sysadmins,ou=groups,<%= base_dn %> +dn: cn=sysadmins,ou=groups,<%= @base_dn %> objectclass: groupOfNames cn: sysadmins description: IT admin group -dn: cn=netadmins,ou=groups,<%= base_dn %> +dn: cn=netadmins,ou=groups,<%= @base_dn %> objectclass: groupOfNames cn: netadmins description: Network admin group -dn: cn=cloudadmins,ou=groups,<%= base_dn %> +dn: cn=cloudadmins,ou=groups,<%= @base_dn %> objectclass: groupOfNames cn: cloudadmins description: Cloud admin group diff --git a/modules/ldap/templates/ldapscriptrc.erb b/modules/ldap/templates/ldapscriptrc.erb index 9d231ed..2ad3939 100644 --- a/modules/ldap/templates/ldapscriptrc.erb +++ b/modules/ldap/templates/ldapscriptrc.erb @@ -1,2 +1,2 @@ -USER <%= ldapconfig["script_user_dn"] %> -PASS <%= ldapconfig["script_user_pass"] %> +USER <%= @ldpaconfig["script_user_dn"] %> +PASS <%= @ldpaconfig["script_user_pass"] %> diff --git a/modules/ldap/templates/nslcd.conf.erb b/modules/ldap/templates/nslcd.conf.erb index ee78973..c40eb23 100644 --- a/modules/ldap/templates/nslcd.conf.erb +++ b/modules/ldap/templates/nslcd.conf.erb @@ -7,35 +7,35 @@ gid nslcd # The location at which the LDAP server(s) should be reachable. -uri <% ldapconfig["servernames"].each do |servername| -%>ldap://<%= servername %>:389 <% end -%> +uri <% @ldpaconfig["servernames"].each do |servername| -%>ldap://<%= servername %>:389 <% end -%> # The search base that will be used for all queries. -base <%= ldapconfig["basedn"] %> +base <%= @ldpaconfig["basedn"] %> -base passwd <%= ldapconfig["users_rdn"] %>,<%= ldapconfig["basedn"] %> -base shadow <%= ldapconfig["users_rdn"] %>,<%= ldapconfig["basedn"] %> -base group <%= ldapconfig["groups_rdn"] %>,<%= ldapconfig["basedn"] %> +base passwd <%= @ldpaconfig["users_rdn"] %>,<%= @ldpaconfig["basedn"] %> +base shadow <%= @ldpaconfig["users_rdn"] %>,<%= @ldpaconfig["basedn"] %> +base group <%= @ldpaconfig["groups_rdn"] %>,<%= @ldpaconfig["basedn"] %> <% if @site == "eqiad" -%> -base passwd <%= ldapconfig["users_rdn"] %>,ou=servicegroups,<%= ldapconfig["basedn"] %> -base shadow <%= ldapconfig["users_rdn"] %>,ou=servicegroups,<%= ldapconfig["basedn"] %> -base group ou=servicegroups,<%= ldapconfig["basedn"] %> +base passwd <%= @ldpaconfig["users_rdn"] %>,ou=servicegroups,<%= @ldpaconfig["basedn"] %> +base shadow <%= @ldpaconfig["users_rdn"] %>,ou=servicegroups,<%= @ldpaconfig["basedn"] %> +base group ou=servicegroups,<%= @ldpaconfig["basedn"] %> <% elsif @realm == "labs" -%> <% if has_variable?("instanceproject") then -%> -base passwd <%= ldapconfig["users_rdn"] %>,cn=<%= instanceproject %>,ou=projects,<%= ldapconfig["basedn"] %> -base shadow <%= ldapconfig["users_rdn"] %>,cn=<%= instanceproject %>,ou=projects,<%= ldapconfig["basedn"] %> -base group <%= ldapconfig["groups_rdn"] %>,cn=<%= instanceproject %>,ou=projects,<%= ldapconfig["basedn"] %> +base passwd <%= @ldpaconfig["users_rdn"] %>,cn=<%= instanceproject %>,ou=projects,<%= @ldpaconfig["basedn"] %> +base shadow <%= @ldpaconfig["users_rdn"] %>,cn=<%= instanceproject %>,ou=projects,<%= @ldpaconfig["basedn"] %> +base group <%= @ldpaconfig["groups_rdn"] %>,cn=<%= instanceproject %>,ou=projects,<%= @ldpaconfig["basedn"] %> <% end %><% end -%> # The DN to bind with for normal lookups. -binddn cn=proxyagent,ou=profile,<%= ldapconfig["basedn"] %> -bindpw <%= ldapconfig["proxypass"] %> +binddn cn=proxyagent,ou=profile,<%= @ldpaconfig["basedn"] %> +bindpw <%= @ldpaconfig["proxypass"] %> # SSL options. ssl start_tls tls_reqcert demand tls_cacertdir /etc/ssl/certs -tls_cacertfile /etc/ssl/certs/<%= ldapconfig["ca"] %> +tls_cacertfile /etc/ssl/certs/<%= @ldpaconfig["ca"] %> <% if scope.function_versioncmp([@lsbdistrelease, "12.04"]) >= 0 %># Limit user names to this regex. This needs to be kept in sync with OpenStackManager's regex. @@ -43,7 +43,7 @@ # Group mapping for sudo-ldap. <% if scope.function_versioncmp([@lsbdistrelease, "12.04"]) < 0 %>map group uniquemember member<% end %> -<% if realm == "labs" %>map passwd loginshell "/bin/bash"<% end %> +<% if @realm == "labs" %>map passwd loginshell "/bin/bash"<% end %> -pagesize <%= ldapconfig["pagesize"] %> -<% if scope.function_versioncmp([@lsbdistrelease, "12.04"]) >= 0 %>nss_min_uid <%= ldapconfig["nss_min_uid"] %><% end %> +pagesize <%= @ldpaconfig["pagesize"] %> +<% if scope.function_versioncmp([@lsbdistrelease, "12.04"]) >= 0 %>nss_min_uid <%= @ldpaconfig["nss_min_uid"] %><% end %> diff --git a/modules/ldap/templates/nss_ldap.erb b/modules/ldap/templates/nss_ldap.erb index 23ff4c3..b9377a5 100644 --- a/modules/ldap/templates/nss_ldap.erb +++ b/modules/ldap/templates/nss_ldap.erb @@ -1,20 +1,20 @@ -uri <% ldapconfig["servernames"].each do |servername| -%>ldap://<%= servername %>:389 <% end -%> +uri <% @ldpaconfig["servernames"].each do |servername| -%>ldap://<%= servername %>:389 <% end -%> -base <%= ldapconfig["basedn"] %> -binddn cn=proxyagent,ou=profile,<%= ldapconfig["basedn"] %> -bindpw <%= ldapconfig["proxypass"] %> +base <%= @ldpaconfig["basedn"] %> +binddn cn=proxyagent,ou=profile,<%= @ldpaconfig["basedn"] %> +bindpw <%= @ldpaconfig["proxypass"] %> pam_filter objectclass=posixAccount -nss_base_passwd ou=people,<%= ldapconfig["basedn"] %> -nss_base_shadow ou=people,<%= ldapconfig["basedn"] %> -nss_base_group ou=groups,<%= ldapconfig["basedn"] %> -nss_base_hosts ou=hosts,<%= ldapconfig["basedn"] %> -nss_base_netgroup ou=netgroup,<%= ldapconfig["basedn"] %> +nss_base_passwd ou=people,<%= @ldpaconfig["basedn"] %> +nss_base_shadow ou=people,<%= @ldpaconfig["basedn"] %> +nss_base_group ou=groups,<%= @ldpaconfig["basedn"] %> +nss_base_hosts ou=hosts,<%= @ldpaconfig["basedn"] %> +nss_base_netgroup ou=netgroup,<%= @ldpaconfig["basedn"] %> nss_schema rfc2307bis nss_map_attribute uniquemember member nss_map_objectclass groupofuniquenames groupofnames -<% if realm == "labs" %>nss_override_attribute_value loginshell /bin/bash<% end %> +<% if @realm == "labs" %>nss_override_attribute_value loginshell /bin/bash<% end %> tls_checkpeer yes -tls_cacertfile /etc/ssl/certs/<%= ldapconfig["ca"] %> +tls_cacertfile /etc/ssl/certs/<%= @ldpaconfig["ca"] %> tls_cacertdir /etc/ssl/certs ssl start_tls pam_password clear diff --git a/modules/ldap/templates/open_ldap.erb b/modules/ldap/templates/open_ldap.erb index b0d8a42..7768fe7 100644 --- a/modules/ldap/templates/open_ldap.erb +++ b/modules/ldap/templates/open_ldap.erb @@ -1,12 +1,12 @@ -BASE <%= ldapconfig["basedn"] %> -URI <% ldapconfig["servernames"].each do |servername| -%>ldap://<%= servername %>:389 <% end -%> +BASE <%= @ldpaconfig["basedn"] %> +URI <% @ldpaconfig["servernames"].each do |servername| -%>ldap://<%= servername %>:389 <% end -%> -BINDDN cn=proxyagent,ou=profile,<%= ldapconfig["basedn"] %> -BINDPW <%= ldapconfig["proxypass"] %> +BINDDN cn=proxyagent,ou=profile,<%= @ldpaconfig["basedn"] %> +BINDPW <%= @ldpaconfig["proxypass"] %> SSL start_tls TLS_CHECKPEER yes TLS_REQCERT demand TLS_CACERTDIR /etc/ssl/certs -TLS_CACERTFILE /etc/ssl/certs/<%= ldapconfig["ca"] %> -TLS_CACERT /etc/ssl/certs/<%= ldapconfig["ca"] %> -<% if ldapincludes.include?('sudo') then %>SUDOERS_BASE <%= ldapconfig["sudobasedn"] %><% end %> +TLS_CACERTFILE /etc/ssl/certs/<%= @ldpaconfig["ca"] %> +TLS_CACERT /etc/ssl/certs/<%= @ldpaconfig["ca"] %> +<% if @ldapincludes.include?('sudo') then %>SUDOERS_BASE <%= @ldpaconfig["sudobasedn"] %><% end %> diff --git a/modules/ldap/templates/opendj.default.erb b/modules/ldap/templates/opendj.default.erb index 0a5c07a..8a4bbb6 100644 --- a/modules/ldap/templates/opendj.default.erb +++ b/modules/ldap/templates/opendj.default.erb @@ -8,7 +8,7 @@ # Space separated list of addresses 389 and 636 should forward to, defaults # to all configured IPs. Used to configure iptables -BINDADDRS="<%= server_bind_ips %>" +BINDADDRS="<%= @server_bind_ips %>" # increase the number of open file descriptors # note: the init script uses start-stop-daemon which doesn't do PAM, hence diff --git a/modules/ldap/templates/scriptconfig.py.erb b/modules/ldap/templates/scriptconfig.py.erb index 61ccd37..0e41cee 100644 --- a/modules/ldap/templates/scriptconfig.py.erb +++ b/modules/ldap/templates/scriptconfig.py.erb @@ -5,5 +5,5 @@ ### system, it should not contain any private or sensitive information. ####################################################################### -domain="<%= ldapconfig["wikildapdomain"] %>" -controllerapiurl="<%= ldapconfig["wikicontrollerapiurl"] %>" +domain="<%= @ldapconfig["wikildapdomain"] %>" +controllerapiurl="<%= @ldapconfig["wikicontrollerapiurl"] %>" -- To view, visit https://gerrit.wikimedia.org/r/148035 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: Ic90146c2cd86a1fb25750f19199dbb73019b4f7b Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Matanya <mata...@foss.co.il> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits