machacekondra.ovirt-aaa-ldap

Panoramica Versioni Approfondimenti

oVirt AAA LDAP

==============

This role sets up the oVirt AAA LDAP configuration.

Requirements

Just Ansible.

Role Variables

  • aaa_profile_type: Choose the type of profile. Options include:

    • 389ds
    • iplanet
    • rfc2307-389ds
    • rfc2307-generic
    • rfc2307-openldap
    • rfc2307-rhds
    • ad
    • ipa
    • openldap
    • rfc2307-edir
    • rhds

  • aaa_user: The user account used for searching users for authorization.

  • aaa_password: The password for the search user.

  • aaa_profile_name: The name of the profile (shown on the login page).

  • aaa_ldap: A list of LDAP servers or LDAP domains. If multiple servers are provided, a failover policy will be applied.

  • aaa_ldap_is_domain: Indicates if aaa_ldap is a domain with servers found via SRV records. Defaults to false (but true if aaa_profile_type is set to ad).

  • aaa_base_dn: A custom base DN if a special setting is needed.

  • aaa_legacy_api_authn: Whether to include /ovirt-engine/api in paths needing HTTP authentication (required before oVirt 4.0). It is disabled by default.

  • aaa_sso_keytab: The path to the keytab file on the Ansible control machine, which stores the principal needed for SSO. This or aaa_sso_remote_keytab is necessary if deploying SSO. The keytab will be copied to /etc/httpd/http.keytab.

  • aaa_sso_remote_keytab: The path to a keytab that is already on the target machine. It must be readable by Apache.

To get an HTTP keytab for the oVirt engine in IPA, use this command:

$ ipa-getkeytab --server=ipa.example.com --principal=HTTP/ovirt.example.com --keytab=ovirt.keytab

Dependencies

None.

Example Playbook

Example 1: Deploy IPA with a single server:

    - name: Deploy oVirt AAA IPA
      hosts: localhost
      gather_facts: no
      vars:
        aaa_profile_type: ipa
        aaa_user: uid=search,cn=users,cn=accounts,dc=example,dc=com
        aaa_password: password
        aaa_profile_name: ipa
        aaa_ldap:
          - ldap.example.com
    
      roles:
        - machacekondra.ovirt-aaa-ldap

Example 2: Deploy IPA with failover servers:

    - name: Deploy oVirt AAA IPA failover
      hosts: localhost
      gather_facts: no
      vars:
        aaa_profile_type: ipa
        aaa_user: uid=search,cn=users,cn=accounts,dc=example,dc=com
        aaa_password: password
        aaa_profile_name: ipa
        aaa_ldap:
          - ldap1.example.com
          - ldap2.example.com
    
      roles:
        - machacekondra.ovirt-aaa-ldap

Example 3: Deploy IPA with SSO:

    - name: Deploy oVirt AAA IPA SSO
      hosts: localhost
      gather_facts: no
      vars:
        aaa_profile_type: ipa
        aaa_user: uid=search,cn=users,cn=accounts,dc=example,dc=com
        aaa_password: password
        aaa_profile_name: ipa
        aaa_ldap:
          - ldap1.example.com
          - ldap2.example.com
        aaa_sso_keytab: /path/to/ovirt.keytab
    
      roles:
        - machacekondra.ovirt-aaa-ldap

License

BSD

Author Information

Ondra Machacek (@machacekondra)

Informazioni sul progetto

Role to deploy oVirt AAA LDAP configuration.

role aaa ldap ovirt rhev rhv virt virtualization
Installa
ansible-galaxy install machacekondra.ovirt-aaa-ldap
GitHub repository
2 stelle
1 fork
4 problemi aperti
Licenza
Unknown
Download
97
Proprietario