From 4079f83f378bf160d1576815d8afd65bc06e2f61 Mon Sep 17 00:00:00 2001 From: michael-conway Date: Fri, 4 Mar 2016 09:23:28 -0500 Subject: [PATCH 1/2] #2 ignore grouper db already defined --- ansible/roles/grouper/tasks/main.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/ansible/roles/grouper/tasks/main.yaml b/ansible/roles/grouper/tasks/main.yaml index a55cdb228..0a668c2d5 100644 --- a/ansible/roles/grouper/tasks/main.yaml +++ b/ansible/roles/grouper/tasks/main.yaml @@ -8,6 +8,7 @@ postgresql_user: login_host={{db_host}} login_user={{db_admin}} login_password={{db_admin_password}} state=present name={{grouper.db.user}} password={{grouper.db.pass}} role_attr_flags=CREATEDB,NOCREATEROLE,NOCREATEUSER sudo: yes + ignore_errors: yes - name: ensure that postgresql db exists postgresql_db: login_host={{db_host}} login_user={{db_admin}} login_password={{db_admin_password}} From 212b1a39ce8608ebd43cfc980c408e8a0d66e99a Mon Sep 17 00:00:00 2001 From: michael-conway Date: Fri, 4 Mar 2016 10:07:59 -0500 Subject: [PATCH 2/2] #2 ldap in iptables --- ansible/roles/iptables/templates/iptables.j2 | 5 +++++ tools/sharkbait/resources/grouper.client.properties | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/ansible/roles/iptables/templates/iptables.j2 b/ansible/roles/iptables/templates/iptables.j2 index 4a657ab80..f203dd15c 100644 --- a/ansible/roles/iptables/templates/iptables.j2 +++ b/ansible/roles/iptables/templates/iptables.j2 @@ -176,6 +176,11 @@ -A INPUT -m state --state NEW -m tcp -p tcp -s {{ net.wifi }} --dport 443 -j ACCEPT {% endif %} +{% if inventory_hostname in groups['ldap'] %} +-A INPUT -m state --state NEW -m tcp -p tcp -s 172.0.0.0/8 --dport 389 -j ACCEPT +-A INPUT -m state --state NEW -m tcp -p tcp -s 152.54.0.0/16 --dport 389 -j ACCEPT +{% endif %} + -A INPUT -j REJECT --reject-with icmp-host-prohibited -A FORWARD -j REJECT --reject-with icmp-host-prohibited COMMIT diff --git a/tools/sharkbait/resources/grouper.client.properties b/tools/sharkbait/resources/grouper.client.properties index fd795e135..6b597f45c 100644 --- a/tools/sharkbait/resources/grouper.client.properties +++ b/tools/sharkbait/resources/grouper.client.properties @@ -13,4 +13,4 @@ ## LDAP connection settings ######################################## -grouperClient.config.hierarchy = classpath:grouper.client.base.properties, classpath:grouper.client.properties, file:/etc/grouper/client.properties +grouperClient.config.hierarchy = classpath:grouper.client.base.properties, classpath:grouper.client.properties