summaryrefslogtreecommitdiffstats
path: root/roles/common-LDAP
diff options
context:
space:
mode:
Diffstat (limited to 'roles/common-LDAP')
-rwxr-xr-xroles/common-LDAP/files/usr/local/sbin/slapcat-all.sh5
-rw-r--r--roles/common-LDAP/handlers/main.yml3
-rw-r--r--roles/common-LDAP/tasks/main.yml33
-rw-r--r--roles/common-LDAP/templates/etc/ldap/database.ldif.j28
4 files changed, 43 insertions, 6 deletions
diff --git a/roles/common-LDAP/files/usr/local/sbin/slapcat-all.sh b/roles/common-LDAP/files/usr/local/sbin/slapcat-all.sh
index 8aa8f78..cd5abd9 100755
--- a/roles/common-LDAP/files/usr/local/sbin/slapcat-all.sh
+++ b/roles/common-LDAP/files/usr/local/sbin/slapcat-all.sh
@@ -9,11 +9,12 @@ PATH=/usr/sbin:/sbin:/usr/bin:/bin
target="$1"
umask 0077
-prefix=slapd-
+prefix=slapcat-
slapcat -n0 -l"$target/${prefix}0.ldif"
n=$(grep -Ec '^dn:\s+olcDatabase={[1-9][0-9]*}' "$target/${prefix}0.ldif")
while [ $n -gt 0 ]; do
- slapcat -n$n -l"$target/${prefix}$n.ldif"
+ # the Monitor backend can't be slapcat(8)'ed
+ grep -qE "^dn:\s+olcDatabase=\{$n\}monitor,cn=config$" "$target/${prefix}0.ldif" || slapcat -n$n -l"$target/${prefix}$n.ldif"
n=$(( $n - 1 ))
done
diff --git a/roles/common-LDAP/handlers/main.yml b/roles/common-LDAP/handlers/main.yml
index 6972af2..8837729 100644
--- a/roles/common-LDAP/handlers/main.yml
+++ b/roles/common-LDAP/handlers/main.yml
@@ -1,2 +1,5 @@
- name: Restart slapd
service: name=slapd state=restarted
+
+- name: Restart munin-node
+ service: name=munin-node state=restarted
diff --git a/roles/common-LDAP/tasks/main.yml b/roles/common-LDAP/tasks/main.yml
index 2eb0dfb..a8c784d 100644
--- a/roles/common-LDAP/tasks/main.yml
+++ b/roles/common-LDAP/tasks/main.yml
@@ -8,6 +8,9 @@
- ldapvi
- db-util
- python-ldap
+ # for the 'slapd2_' munin plugin
+ - libnet-ldap-perl
+ - libauthen-sasl-perl
- name: Configure slapd
template: src=etc/default/slapd.j2
@@ -107,13 +110,12 @@
- name: Load amavis' schema
openldap: target=/etc/ldap/schema/amavis.schema
format=slapd.conf name=amavis
- tags:
- - ldap
- name: Load Fripost' schema
openldap: target=/etc/ldap/schema/fripost.ldif
- tags:
- - ldap
+
+- name: Load the back_monitor overlay
+ openldap: module=back_monitor
# We assume a clean (=stock) cn=config
- name: Configure the LDAP database
@@ -133,3 +135,26 @@
dest=/usr/local/sbin/slapcat-all.sh
owner=root group=root
mode=0755
+
+
+- name: Install 'slapd2_' Munin wildcard plugin
+ # we don't install 'slapd_' because it doesn't support SASL binds
+ file: src=/usr/local/share/munin/plugins/slapd2_
+ dest=/etc/munin/plugins/slapd2_{{ item }}
+ owner=root group=root
+ state=link force=yes
+ with_items:
+ # sudo /usr/share/munin/plugins/slapd2_ suggest
+ - connections
+ - statistics_entries
+ - operations_diff
+ - statistics_referrals
+ - statistics_pdu
+ - waiters
+ - statistics_bytes
+ - operations
+ tags:
+ - munin
+ - munin-node
+ notify:
+ - Restart munin-node
diff --git a/roles/common-LDAP/templates/etc/ldap/database.ldif.j2 b/roles/common-LDAP/templates/etc/ldap/database.ldif.j2
index b2981b3..5f9d8b1 100644
--- a/roles/common-LDAP/templates/etc/ldap/database.ldif.j2
+++ b/roles/common-LDAP/templates/etc/ldap/database.ldif.j2
@@ -47,6 +47,14 @@ olcPasswordHash: {CRYPT}
olcPasswordCryptSaltFormat: $6$%s
+dn: olcDatabase=monitor,cn=config
+objectClass: olcDatabaseConfig
+objectClass: olcMonitorConfig
+olcAccess: to dn.subtree="cn=monitor"
+ by dn.exact="username=munin,cn=peercred,cn=external,cn=auth" sockurl.regex="^ldapi://" read
+ by * =0
+
+
dn: olcDatabase=mdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcMdbConfig