Alexandros Kosiaris has submitted this change and it was merged.
Change subject: ldap: qualify vars
......................................................................
ldap: qualify vars
Change-Id: Ic90146c2cd86a1fb25750f19199dbb73019b4f7b
---
M modules/ldap/templates/base.ldif.erb
M modules/ldap/templates/ldapscriptrc.erb
M modules/ldap/templates/nslcd.conf.erb
M modules/ldap/templates/nss_ldap.erb
M modules/ldap/templates/open_ldap.erb
M modules/ldap/templates/opendj.default.erb
M modules/ldap/templates/scriptconfig.py.erb
7 files changed, 50 insertions(+), 50 deletions(-)
Approvals:
Alexandros Kosiaris: Looks good to me, approved
jenkins-bot: Verified
diff --git a/modules/ldap/templates/base.ldif.erb
b/modules/ldap/templates/base.ldif.erb
index c330b11..8d20b33 100644
--- a/modules/ldap/templates/base.ldif.erb
+++ b/modules/ldap/templates/base.ldif.erb
@@ -1,51 +1,51 @@
# This is the root of the directory tree
-#dn: <%= base_dn %>
+#dn: <%= @base_dn %>
#dc: <%= @domain %>
#objectClass: top
#objectClass: domain
# Subtree for users
-dn: ou=people,<%= base_dn %>
+dn: ou=people,<%= @base_dn %>
ou: people
description: people
objectClass: organizationalUnit
# Subtree for groups
-dn: ou=groups,<%= base_dn %>
+dn: ou=groups,<%= @base_dn %>
ou: groups
description: groups
objectClass: organizationalUnit
# Subtree for hosts
-dn: ou=hosts,<%= base_dn %>
+dn: ou=hosts,<%= @base_dn %>
ou: hosts
description: hosts
objectClass: organizationalUnit
# Subtree for system accounts
-dn: ou=profile,<%= base_dn %>
+dn: ou=profile,<%= @base_dn %>
ou: profile
description: Special accounts used by software applications.
objectClass: organizationalUnit
-dn: <%= proxyagent %>
+dn: <%= @proxyagent %>
ou: profile
description: Special account for nova
-userPassword: <%= proxyagent_pass %>
+userPassword: <%= @proxyagent_pass %>
objectClass: simpleSecurityObject
objectClass: organizationalRole
-dn: cn=sysadmins,ou=groups,<%= base_dn %>
+dn: cn=sysadmins,ou=groups,<%= @base_dn %>
objectclass: groupOfNames
cn: sysadmins
description: IT admin group
-dn: cn=netadmins,ou=groups,<%= base_dn %>
+dn: cn=netadmins,ou=groups,<%= @base_dn %>
objectclass: groupOfNames
cn: netadmins
description: Network admin group
-dn: cn=cloudadmins,ou=groups,<%= base_dn %>
+dn: cn=cloudadmins,ou=groups,<%= @base_dn %>
objectclass: groupOfNames
cn: cloudadmins
description: Cloud admin group
diff --git a/modules/ldap/templates/ldapscriptrc.erb
b/modules/ldap/templates/ldapscriptrc.erb
index 9d231ed..fb76110 100644
--- a/modules/ldap/templates/ldapscriptrc.erb
+++ b/modules/ldap/templates/ldapscriptrc.erb
@@ -1,2 +1,2 @@
-USER <%= ldapconfig["script_user_dn"] %>
-PASS <%= ldapconfig["script_user_pass"] %>
+USER <%= @ldapconfig["script_user_dn"] %>
+PASS <%= @ldapconfig["script_user_pass"] %>
diff --git a/modules/ldap/templates/nslcd.conf.erb
b/modules/ldap/templates/nslcd.conf.erb
index ee78973..d5619a6 100644
--- a/modules/ldap/templates/nslcd.conf.erb
+++ b/modules/ldap/templates/nslcd.conf.erb
@@ -7,35 +7,35 @@
gid nslcd
# The location at which the LDAP server(s) should be reachable.
-uri <% ldapconfig["servernames"].each do |servername| -%>ldap://<%= servername
%>:389 <% end -%>
+uri <% @ldapconfig["servernames"].each do |servername| -%>ldap://<%=
servername %>:389 <% end -%>
# The search base that will be used for all queries.
-base <%= ldapconfig["basedn"] %>
+base <%= @ldapconfig["basedn"] %>
-base passwd <%= ldapconfig["users_rdn"] %>,<%= ldapconfig["basedn"] %>
-base shadow <%= ldapconfig["users_rdn"] %>,<%= ldapconfig["basedn"] %>
-base group <%= ldapconfig["groups_rdn"] %>,<%= ldapconfig["basedn"] %>
+base passwd <%= @ldapconfig["users_rdn"] %>,<%= @ldapconfig["basedn"] %>
+base shadow <%= @ldapconfig["users_rdn"] %>,<%= @ldapconfig["basedn"] %>
+base group <%= @ldapconfig["groups_rdn"] %>,<%= @ldapconfig["basedn"] %>
<% if @site == "eqiad" -%>
-base passwd <%= ldapconfig["users_rdn"] %>,ou=servicegroups,<%=
ldapconfig["basedn"] %>
-base shadow <%= ldapconfig["users_rdn"] %>,ou=servicegroups,<%=
ldapconfig["basedn"] %>
-base group ou=servicegroups,<%= ldapconfig["basedn"] %>
+base passwd <%= @ldapconfig["users_rdn"] %>,ou=servicegroups,<%=
@ldapconfig["basedn"] %>
+base shadow <%= @ldapconfig["users_rdn"] %>,ou=servicegroups,<%=
@ldapconfig["basedn"] %>
+base group ou=servicegroups,<%= @ldapconfig["basedn"] %>
<% elsif @realm == "labs" -%>
<% if has_variable?("instanceproject") then -%>
-base passwd <%= ldapconfig["users_rdn"] %>,cn=<%= instanceproject
%>,ou=projects,<%= ldapconfig["basedn"] %>
-base shadow <%= ldapconfig["users_rdn"] %>,cn=<%= instanceproject
%>,ou=projects,<%= ldapconfig["basedn"] %>
-base group <%= ldapconfig["groups_rdn"] %>,cn=<%= instanceproject
%>,ou=projects,<%= ldapconfig["basedn"] %>
+base passwd <%= @ldapconfig["users_rdn"] %>,cn=<%= instanceproject
%>,ou=projects,<%= @ldapconfig["basedn"] %>
+base shadow <%= @ldapconfig["users_rdn"] %>,cn=<%= instanceproject
%>,ou=projects,<%= @ldapconfig["basedn"] %>
+base group <%= @ldapconfig["groups_rdn"] %>,cn=<%= instanceproject
%>,ou=projects,<%= @ldapconfig["basedn"] %>
<% end %><% end -%>
# The DN to bind with for normal lookups.
-binddn cn=proxyagent,ou=profile,<%= ldapconfig["basedn"] %>
-bindpw <%= ldapconfig["proxypass"] %>
+binddn cn=proxyagent,ou=profile,<%= @ldapconfig["basedn"] %>
+bindpw <%= @ldapconfig["proxypass"] %>
# SSL options.
ssl start_tls
tls_reqcert demand
tls_cacertdir /etc/ssl/certs
-tls_cacertfile /etc/ssl/certs/<%= ldapconfig["ca"] %>
+tls_cacertfile /etc/ssl/certs/<%= @ldapconfig["ca"] %>
<% if scope.function_versioncmp([@lsbdistrelease, "12.04"]) >= 0 %># Limit
user names to this regex. This needs to be kept in sync with OpenStackManager's
regex.
@@ -43,7 +43,7 @@
# Group mapping for sudo-ldap.
<% if scope.function_versioncmp([@lsbdistrelease, "12.04"]) < 0 %>map group
uniquemember member<% end %>
-<% if realm == "labs" %>map passwd loginshell "/bin/bash"<% end %>
+<% if @realm == "labs" %>map passwd loginshell "/bin/bash"<% end %>
-pagesize <%= ldapconfig["pagesize"] %>
-<% if scope.function_versioncmp([@lsbdistrelease, "12.04"]) >= 0 %>nss_min_uid
<%= ldapconfig["nss_min_uid"] %><% end %>
+pagesize <%= @ldapconfig["pagesize"] %>
+<% if scope.function_versioncmp([@lsbdistrelease, "12.04"]) >= 0 %>nss_min_uid
<%= @ldapconfig["nss_min_uid"] %><% end %>
diff --git a/modules/ldap/templates/nss_ldap.erb
b/modules/ldap/templates/nss_ldap.erb
index 23ff4c3..5338787 100644
--- a/modules/ldap/templates/nss_ldap.erb
+++ b/modules/ldap/templates/nss_ldap.erb
@@ -1,20 +1,20 @@
-uri <% ldapconfig["servernames"].each do |servername|
-%>ldap://<%= servername %>:389 <% end -%>
+uri <% @ldapconfig["servernames"].each do |servername|
-%>ldap://<%= servername %>:389 <% end -%>
-base <%= ldapconfig["basedn"] %>
-binddn cn=proxyagent,ou=profile,<%= ldapconfig["basedn"] %>
-bindpw <%= ldapconfig["proxypass"] %>
+base <%= @ldapconfig["basedn"] %>
+binddn cn=proxyagent,ou=profile,<%= @ldapconfig["basedn"] %>
+bindpw <%= @ldapconfig["proxypass"] %>
pam_filter objectclass=posixAccount
-nss_base_passwd ou=people,<%= ldapconfig["basedn"] %>
-nss_base_shadow ou=people,<%= ldapconfig["basedn"] %>
-nss_base_group ou=groups,<%= ldapconfig["basedn"] %>
-nss_base_hosts ou=hosts,<%= ldapconfig["basedn"] %>
-nss_base_netgroup ou=netgroup,<%= ldapconfig["basedn"] %>
+nss_base_passwd ou=people,<%= @ldapconfig["basedn"] %>
+nss_base_shadow ou=people,<%= @ldapconfig["basedn"] %>
+nss_base_group ou=groups,<%= @ldapconfig["basedn"] %>
+nss_base_hosts ou=hosts,<%= @ldapconfig["basedn"] %>
+nss_base_netgroup ou=netgroup,<%= @ldapconfig["basedn"] %>
nss_schema rfc2307bis
nss_map_attribute uniquemember member
nss_map_objectclass groupofuniquenames groupofnames
-<% if realm == "labs" %>nss_override_attribute_value loginshell /bin/bash<%
end %>
+<% if @realm == "labs" %>nss_override_attribute_value loginshell /bin/bash<%
end %>
tls_checkpeer yes
-tls_cacertfile /etc/ssl/certs/<%= ldapconfig["ca"] %>
+tls_cacertfile /etc/ssl/certs/<%= @ldapconfig["ca"] %>
tls_cacertdir /etc/ssl/certs
ssl start_tls
pam_password clear
diff --git a/modules/ldap/templates/open_ldap.erb
b/modules/ldap/templates/open_ldap.erb
index b0d8a42..3f21155 100644
--- a/modules/ldap/templates/open_ldap.erb
+++ b/modules/ldap/templates/open_ldap.erb
@@ -1,12 +1,12 @@
-BASE <%= ldapconfig["basedn"] %>
-URI <% ldapconfig["servernames"].each do |servername|
-%>ldap://<%= servername %>:389 <% end -%>
+BASE <%= @ldapconfig["basedn"] %>
+URI <% @ldapconfig["servernames"].each do |servername|
-%>ldap://<%= servername %>:389 <% end -%>
-BINDDN cn=proxyagent,ou=profile,<%= ldapconfig["basedn"] %>
-BINDPW <%= ldapconfig["proxypass"] %>
+BINDDN cn=proxyagent,ou=profile,<%= @ldapconfig["basedn"] %>
+BINDPW <%= @ldapconfig["proxypass"] %>
SSL start_tls
TLS_CHECKPEER yes
TLS_REQCERT demand
TLS_CACERTDIR /etc/ssl/certs
-TLS_CACERTFILE /etc/ssl/certs/<%= ldapconfig["ca"] %>
-TLS_CACERT /etc/ssl/certs/<%= ldapconfig["ca"] %>
-<% if ldapincludes.include?('sudo') then %>SUDOERS_BASE <%=
ldapconfig["sudobasedn"] %><% end %>
+TLS_CACERTFILE /etc/ssl/certs/<%= @ldapconfig["ca"] %>
+TLS_CACERT /etc/ssl/certs/<%= @ldapconfig["ca"] %>
+<% if @ldapincludes.include?('sudo') then %>SUDOERS_BASE <%=
@ldapconfig["sudobasedn"] %><% end %>
diff --git a/modules/ldap/templates/opendj.default.erb
b/modules/ldap/templates/opendj.default.erb
index 0a5c07a..8a4bbb6 100644
--- a/modules/ldap/templates/opendj.default.erb
+++ b/modules/ldap/templates/opendj.default.erb
@@ -8,7 +8,7 @@
# Space separated list of addresses 389 and 636 should forward to, defaults
# to all configured IPs. Used to configure iptables
-BINDADDRS="<%= server_bind_ips %>"
+BINDADDRS="<%= @server_bind_ips %>"
# increase the number of open file descriptors
# note: the init script uses start-stop-daemon which doesn't do PAM, hence
diff --git a/modules/ldap/templates/scriptconfig.py.erb
b/modules/ldap/templates/scriptconfig.py.erb
index 61ccd37..0e41cee 100644
--- a/modules/ldap/templates/scriptconfig.py.erb
+++ b/modules/ldap/templates/scriptconfig.py.erb
@@ -5,5 +5,5 @@
### system, it should not contain any private or sensitive information.
#######################################################################
-domain="<%= ldapconfig["wikildapdomain"] %>"
-controllerapiurl="<%= ldapconfig["wikicontrollerapiurl"] %>"
+domain="<%= @ldapconfig["wikildapdomain"] %>"
+controllerapiurl="<%= @ldapconfig["wikicontrollerapiurl"] %>"
--
To view, visit https://gerrit.wikimedia.org/r/148035
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: Ic90146c2cd86a1fb25750f19199dbb73019b4f7b
Gerrit-PatchSet: 2
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Matanya <[email protected]>
Gerrit-Reviewer: Alexandros Kosiaris <[email protected]>
Gerrit-Reviewer: Dzahn <[email protected]>
Gerrit-Reviewer: Giuseppe Lavagetto <[email protected]>
Gerrit-Reviewer: jenkins-bot <>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
