[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: LDAP bindPassword in Ansible inventory



Good idea Joel.

In the inventory file I can use 

'bindPassword': '{{ ldap_bind_password }}' 

and pass -e ldap_bind_password=xxxxx when running the playbook. 

Ansible vault is probably the way to go but this will do for now.

Thanks! 


On 24 October 2017 at 17:19, Joel Pearson <japearson agiledigital com au> wrote:
Maybe if you use a vars yaml file, it might work? I was going to try it today, but I didn't get around to it, was hoping you'd get it working first?

By a vars file I mean

ansible-playbook -e "@varsfile.yml"

With something like this in there, but obviously the encrypted bit

openshift_master_identity_providers:
- name: active_directory
  challenge: 'true'
  login: 'true'
  kind: LDAPPasswordIdentityProvider
  attributes:
    email:
    - mail
    id:
    - sAMAccountName
    name:
    - displayName
    preferredUsername:
    - sAMAccountName
  insecure: 'true'
  bindDN: 'CN=xxxx,OU=Azure Users,OU=DEH-Staff,DC=internal,DC=govt'
  bindPassword: 'xxxx'


On Tue, Oct 24, 2017 at 4:59 PM Lionel Orellana <lionelve gmail com> wrote:
Well adding this to the inventory file doesn't work (even if the files are copied to masters before hand).

'bindPassword': {'file': '/root/bindPassword.encrypted', 'keyFile': '/root/bindPassword.key'},

Is there any way to encrypt the bindPassword in the inventory file?

On 21 October 2017 at 11:43, Lionel Orellana <lionelve gmail com> wrote:
Looking at the master role it just copies the configuration from the inventory to the config file so I do have to copy the encryption files beforehand. Will have to try if the format in the inventory file is right.
On Sat, 21 Oct 2017 at 9:15 am, Lionel Orellana <lionelve gmail com> wrote:
Hi,

I see there's a way to encrypt an ldap bind password for use in the master configs.

But I'm not sure how this would work in the Ansible inventory configuration for the identity provider. 

If I use an Encrypted External File do I need to copy the file to all the masters first? Or is the playbook going to copy it from the ansible host? 

What should the openshift_master_identity_providers look like?

openshift_master_identity_providers=[{'name': 'my_ldap_provider', ..., 'kind': 'LDAPPasswordIdentityProvider', ..., 'bindPassword': { 'file': 'bindPassword.encrypted'
    'keyFile': 'bindPassword.key'}, ...}]

Thanks

_______________________________________________
users mailing list
users lists openshift redhat com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users
--
Kind Regards,

Joel Pearson
Agile Digital | Senior Software Consultant

Love Your Software™ | ABN 98 106 361 273
p: 1300 858 277 | m: 0405 417 843 | w: agiledigital.com.au


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]