[MediaWiki-commits] [Gerrit] mediawiki/vagrant[master]: striker: sudo schema support
jenkins-bot has submitted this change and it was merged. (
https://gerrit.wikimedia.org/r/361272 )
Change subject: striker: sudo schema support
..
striker: sudo schema support
Add LDAP configuration needed to support storing sudoer rules. Initial
LDAP tree contents are updated as well. Existing deployments can be
updated manually using:
ldapadd -x -D cn=admin,dc=wmftest,dc=net -w vagrant_admin < Service['slapd'],
}
+file { '/etc/ldap/schema/sudo.schema':
+ensure => present,
+owner => 'root',
+group => 'root',
+mode=> '0444',
+source => 'puppet:///modules/openldap/sudo.schema',
+require => Package['slapd'],
+notify => Service['slapd'],
+}
+
file { '/etc/ldap/slapd.conf' :
ensure => present,
owner => 'openldap',
diff --git a/puppet/modules/openldap/templates/slapd.erb
b/puppet/modules/openldap/templates/slapd.erb
index f93874d..0221c27 100644
--- a/puppet/modules/openldap/templates/slapd.erb
+++ b/puppet/modules/openldap/templates/slapd.erb
@@ -11,6 +11,7 @@
include /etc/ldap/schema/ppolicy.schema
include /etc/ldap/schema/rfc2307bis.schema
include /etc/ldap/schema/openssh-ldap.schema
+include /etc/ldap/schema/sudo.schema
pidfile /var/run/slapd/slapd.pid
argsfile /var/run/slapd/slapd.args
diff --git a/puppet/modules/role/templates/striker/VagrantRoleStriker.wiki.erb
b/puppet/modules/role/templates/striker/VagrantRoleStriker.wiki.erb
index 1fc1730..4f1bad3 100644
--- a/puppet/modules/role/templates/striker/VagrantRoleStriker.wiki.erb
+++ b/puppet/modules/role/templates/striker/VagrantRoleStriker.wiki.erb
@@ -103,7 +103,7 @@
===Setup Striker===
* [<%= scope['::mediawiki::server_url']
%>/wiki/Special:OAuthConsumerRegistration/propose Register an OAuth consumer
for Striker]
** Application Name: Tool Labs console
-** OAuth callback URL: http://<%= @vhost_name %>
+** OAuth callback URL: http://<%= @vhost_name %><%=
scope['::port_fragment'] %>
** Check the ''Allow consumer to specify a callback in requests and use
"callback" URL above as a required prefix.'' checkbox.
** Contact email address: <%= @admin_email %>
** Types of grants being requested: Authentication only with access to
real name and email address via Special:OAuth/identify, no API access.
@@ -113,7 +113,7 @@
Q = function(s){return document.querySelector('[name="' + s + '"]')};
Q("wpname").value = "Striker";
Q("wpdescription").value = "Striker login";
-Q("wpcallbackUrl").value = "http://<%= @vhost_name %>";
+Q("wpcallbackUrl").value = "http://<%= @vhost_name %><%=
scope['::port_fragment'] %>";
Q("wpcallbackIsPrefix").checked = true;
Q("wpemail").value = "<%= @admin_email %>";
Q("wpgranttype").value = "authonlyprivate";
diff --git a/puppet/modules/role/templates/striker/ldap_data.erb
b/puppet/modules/role/templates/striker/ldap_data.erb
index 6f39fa4..7b03a2d 100755
--- a/puppet/modules/role/templates/striker/ldap_data.erb
+++ b/puppet/modules/role/templates/striker/ldap_data.erb
@@ -5,6 +5,17 @@
objectClass: top
description: Tools
+dn: ou=people,ou=servicegroups,<%= scope['::role::ldapauth::base_dn'] %>
+objectClass: organizationalUnit
+objectClass: top
+ou: people
+
+dn: ou=projects,<%= scope['::role::ldapauth::base_dn'] %>
+objectClass: organizationalUnit
+objectClass: top
+description: OU for openstack projects and global groups
+ou: projects
+
dn: uid=admin,<%= scope['::role::ldapauth::user_base_dn'] %>
objectClass: person
objectClass: inetOrgPerson
@@ -39,6 +50,18 @@
gidNumber: 5001
member: uid=admin,<%= scope['::role::ldapauth::user_base_dn'] %>
+dn: cn=tools,ou=projects,<%= scope['::role::ldapauth::base_dn'] %>
+objectClass: extensibleObject
+objectClass: groupOfNames
+objectClass: top
+cn: tools
+member: uid=admin,<%= scope['::role::ldapauth::user_base_dn'] %>
+
+dn: ou=sudoers,cn=tools,ou=projects,<%=
scope['::role::ldapauth::user_base_dn'] %>
+objectClass: organizationalUnit
+objectClass: top
+ou: sudoers
+
dn: cn=tools.admin,ou=servicegroups,<%= scope['::role::ldapauth::base_dn'] %>
objectClass: groupOfNames
objectClass: posixGroup
--
To view, visit https://gerrit.wikimedia.org/r/361272
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I97503da4621de5d60207746fd564fa3196274886
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/vagrant
Gerrit-Branch: master
Gerrit-Owner: BryanDavis
Gerrit-Reviewer: BryanDavis
Gerrit-Reviewer: Dduvall
Gerrit-Reviewer: jenkins-bot <>
___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] mediawiki/vagrant[master]: striker: sudo schema support
BryanDavis has uploaded a new change for review. (
https://gerrit.wikimedia.org/r/361272 )
Change subject: striker: sudo schema support
..
striker: sudo schema support
Add LDAP configuration needed to support storing sudoer rules. Initial
LDAP tree contents are updated as well. Existing deployments can be
updated manually using:
ldapadd -x -D cn=admin,dc=wmftest,dc=net -w vagrant_admin < Service['slapd'],
}
+file { '/etc/ldap/schema/sudo.schema':
+ensure => present,
+owner => 'root',
+group => 'root',
+mode=> '0444',
+source => 'puppet:///modules/openldap/sudo.schema',
+require => Package['slapd'],
+notify => Service['slapd'],
+}
+
file { '/etc/ldap/slapd.conf' :
ensure => present,
owner => 'openldap',
diff --git a/puppet/modules/openldap/templates/slapd.erb
b/puppet/modules/openldap/templates/slapd.erb
index f93874d..0221c27 100644
--- a/puppet/modules/openldap/templates/slapd.erb
+++ b/puppet/modules/openldap/templates/slapd.erb
@@ -11,6 +11,7 @@
include /etc/ldap/schema/ppolicy.schema
include /etc/ldap/schema/rfc2307bis.schema
include /etc/ldap/schema/openssh-ldap.schema
+include /etc/ldap/schema/sudo.schema
pidfile /var/run/slapd/slapd.pid
argsfile /var/run/slapd/slapd.args
diff --git a/puppet/modules/role/templates/striker/VagrantRoleStriker.wiki.erb
b/puppet/modules/role/templates/striker/VagrantRoleStriker.wiki.erb
index 1fc1730..4f1bad3 100644
--- a/puppet/modules/role/templates/striker/VagrantRoleStriker.wiki.erb
+++ b/puppet/modules/role/templates/striker/VagrantRoleStriker.wiki.erb
@@ -103,7 +103,7 @@
===Setup Striker===
* [<%= scope['::mediawiki::server_url']
%>/wiki/Special:OAuthConsumerRegistration/propose Register an OAuth consumer
for Striker]
** Application Name: Tool Labs console
-** OAuth callback URL: http://<%= @vhost_name %>
+** OAuth callback URL: http://<%= @vhost_name %><%=
scope['::port_fragment'] %>
** Check the ''Allow consumer to specify a callback in requests and use
"callback" URL above as a required prefix.'' checkbox.
** Contact email address: <%= @admin_email %>
** Types of grants being requested: Authentication only with access to
real name and email address via Special:OAuth/identify, no API access.
@@ -113,7 +113,7 @@
Q = function(s){return document.querySelector('[name="' + s + '"]')};
Q("wpname").value = "Striker";
Q("wpdescription").value = "Striker login";
-Q("wpcallbackUrl").value = "http://<%= @vhost_name %>";
+Q("wpcallbackUrl").value = "http://<%= @vhost_name %><%=
scope['::port_fragment'] %>";
Q("wpcallbackIsPrefix").checked = true;
Q("wpemail").value = "<%= @admin_email %>";
Q("wpgranttype").value = "authonlyprivate";
diff --git a/puppet/modules/role/templates/striker/ldap_data.erb
b/puppet/modules/role/templates/striker/ldap_data.erb
index 6f39fa4..7b03a2d 100755
--- a/puppet/modules/role/templates/striker/ldap_data.erb
+++ b/puppet/modules/role/templates/striker/ldap_data.erb
@@ -5,6 +5,17 @@
objectClass: top
description: Tools
+dn: ou=people,ou=servicegroups,<%= scope['::role::ldapauth::base_dn'] %>
+objectClass: organizationalUnit
+objectClass: top
+ou: people
+
+dn: ou=projects,<%= scope['::role::ldapauth::base_dn'] %>
+objectClass: organizationalUnit
+objectClass: top
+description: OU for openstack projects and global groups
+ou: projects
+
dn: uid=admin,<%= scope['::role::ldapauth::user_base_dn'] %>
objectClass: person
objectClass: inetOrgPerson
@@ -39,6 +50,18 @@
gidNumber: 5001
member: uid=admin,<%= scope['::role::ldapauth::user_base_dn'] %>
+dn: cn=tools,ou=projects,<%= scope['::role::ldapauth::base_dn'] %>
+objectClass: extensibleObject
+objectClass: groupOfNames
+objectClass: top
+cn: tools
+member: uid=admin,<%= scope['::role::ldapauth::user_base_dn'] %>
+
+dn: ou=sudoers,cn=tools,ou=projects,<%=
scope['::role::ldapauth::user_base_dn'] %>
+objectClass: organizationalUnit
+objectClass: top
+ou: sudoers
+
dn: cn=tools.admin,ou=servicegroups,<%= scope['::role::ldapauth::base_dn'] %>
objectClass: groupOfNames
objectClass: posixGroup
--
To view, visit https://gerrit.wikimedia.org/r/361272
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I97503da4621de5d60207746fd564fa3196274886
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/vagrant
Gerrit-Branch: master
Gerrit-Owner: BryanDavis
___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
