45 lines
1.3 KiB
YAML
45 lines
1.3 KiB
YAML
---
|
|
hiera_include:
|
|
- glauth
|
|
|
|
# additional altnames
|
|
profiles::pki::vault::alt_names:
|
|
- ldap.main.unkin.net
|
|
- ldap.service.consul
|
|
- ldap.query.consul
|
|
- "ldap.service.%{facts.country}-%{facts.region}.consul"
|
|
|
|
glauth::params::download_version: 2.3.2
|
|
glauth::params::ldap_enabled: true
|
|
glauth::params::ldaps_enabled: true
|
|
glauth::params::basedn: 'dc=main,dc=unkin,dc=net'
|
|
glauth::params::behaviors_ignorecapabilities: true
|
|
glauth::params::ldap_tlscertpath: /etc/pki/tls/vault/certificate.crt
|
|
glauth::params::ldap_tlskeypath: /etc/pki/tls/vault/private.key
|
|
glauth::params::ldaps_cert: /etc/pki/tls/vault/certificate.crt
|
|
glauth::params::ldaps_key: /etc/pki/tls/vault/private.key
|
|
glauth::params::api_cert: /etc/pki/tls/vault/certificate.crt
|
|
glauth::params::api_key: /etc/pki/tls/vault/private.key
|
|
|
|
# configure consul service
|
|
consul::services:
|
|
ldap:
|
|
service_name: 'ldap'
|
|
tags:
|
|
- 'media'
|
|
- 'ldap'
|
|
address: "%{facts.networking.ip}"
|
|
port: 636
|
|
checks:
|
|
- id: 'glauth_http_check'
|
|
name: 'glauth HTTP Check'
|
|
http: "https://%{facts.networking.fqdn}:5555"
|
|
method: 'GET'
|
|
tls_skip_verify: true
|
|
interval: '10s'
|
|
timeout: '1s'
|
|
profiles::consul::client::node_rules:
|
|
- resource: service
|
|
segment: ldap
|
|
disposition: write
|