Re: LDAP bindPassword in Ansible inventory

Mon, 23 Oct 2017 23:20:07 -0700 

Maybe if you use a vars yaml file, it might work? I was going to try it
today, but I didn't get around to it, was hoping you'd get it working first?

By a vars file I mean

ansible-playbook -e "@varsfile.yml"

With something like this in there, but obviously the encrypted bit

openshift_master_identity_providers:
- name: active_directory
  challenge: 'true'
  login: 'true'
  kind: LDAPPasswordIdentityProvider
  attributes:
    email:
    - mail
    id:
    - sAMAccountName
    name:
    - displayName
    preferredUsername:
    - sAMAccountName
  insecure: 'true'
  bindDN: 'CN=xxxx,OU=Azure Users,OU=DEH-Staff,DC=internal,DC=govt'
  bindPassword: 'xxxx'
  url: ldap://
ad-lb.envris-os-dev.agiledigital.com.au:389/ou=deh-staff,dc=internal,dc=govt?samAccountName


On Tue, Oct 24, 2017 at 4:59 PM Lionel Orellana <[email protected]> wrote:

> Well adding this to the inventory file doesn't work (even if the files are
> copied to masters before hand).
>
> 'bindPassword': {'file': '/root/bindPassword.encrypted', 'keyFile':
> '/root/bindPassword.key'},
>
> Is there any way to encrypt the bindPassword in the inventory file?
>
> On 21 October 2017 at 11:43, Lionel Orellana <[email protected]> wrote:
>
>> Looking at the master role it just copies the configuration from the
>> inventory to the config file so I do have to copy the encryption files
>> beforehand. Will have to try if the format in the inventory file is right.
>> On Sat, 21 Oct 2017 at 9:15 am, Lionel Orellana <[email protected]>
>> wrote:
>>
>>> Hi,
>>>
>>> I see there's a way to encrypt
>>> <https://docs.openshift.org/latest/install_config/master_node_configuration.html#master-node-configuration-passwords-and-other-data>an
>>> ldap bind password for use in the master configs.
>>>
>>> But I'm not sure how this would work in the Ansible inventory
>>> configuration for the identity provider.
>>>
>>> If I use an Encrypted External File do I need to copy the file to all
>>> the masters first? Or is the playbook going to copy it from the ansible
>>> host?
>>>
>>> What should the openshift_master_identity_providers look like?
>>>
>>> openshift_master_identity_providers=[{'name': 'my_ldap_provider', ...,
>>> 'kind': 'LDAPPasswordIdentityProvider', ..., *'bindPassword': { 'file':
>>> 'bindPassword.encrypted'*
>>> *    'keyFile': 'bindPassword.key'}*, ...}]
>>>
>>> Thanks
>>>
>>
> _______________________________________________
> users mailing list
> [email protected]
> http://lists.openshift.redhat.com/openshiftmm/listinfo/users
>
-- 
Kind Regards,

Joel Pearson
Agile Digital | Senior Software Consultant

Love Your Softwareâ„¢ | ABN 98 106 361 273
p: 1300 858 277 | m: 0405 417 843 <0405417843> | w: agiledigital.com.au

_______________________________________________
users mailing list
[email protected]
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

Reply via email to