feat(openldap): add ansible role for deployment

roles/openldap/defaults/main/container.yml

@@ -0,0 +1,61 @@
+---
+openldap_container_name: "openldap"
+openldap_container_image_registry: docker.finally.coffee
+openldap_container_image_namespace: containers
+openldap_container_image_name: "openldap"
+openldap_container_image_tag: ~
+openldap_container_image_source: "pull"
+openldap_container_image_force_source: >-2
+  {{ openldap_container_image_tag | default(false, true) }}
+openldap_container_image_repository: >-2
+  {{
+    [
+      openldap_container_image_registry | default([], true),
+      openldap_container_image_namespace | default([], true),
+      openldap_container_image_name
+    ] | flatten | join('/')
+  }}
+openldap_container_image: >-2
+  {{
+    [
+      openldap_container_image_repository,
+      openldap_container_image_tag
+        | default(openldap_alpine_package_version, true),
+    ] | join(':')
+  }}
+openldap_container_env: ~
+openldap_container_user: ~
+openldap_container_ports: ~
+openldap_container_labels: ~
+openldap_container_volumes: ~
+openldap_container_networks: ~
+openldap_container_network_mode: ~
+openldap_container_dns_servers: ~
+openldap_container_etc_hosts: ~
+openldap_container_ulimits:
+  - "nofile:{{ openldap_fd_soft_limit }}:{{ openldap_fd_hard_limit }}"
+openldap_container_memory: "256M"
+openldap_container_memory_swap: ~
+openldap_container_memory_reservation: "128M"
+openldap_container_restart_policy: "on-failure"
+openldap_container_state: >-2
+  {{ (openldap_state == 'present') | ternary('started', 'absent') }}
+
+openldap_container_data_path: "{{ openldap_data_path }}"
+openldap_container_config_path: "{{ openldap_config_path }}"
+openldap_container_socket_path: "{{ openldap_socket_path }}"
+openldap_container_base_volumes:
+  - "{{ openldap_config_path }}:{{ openldap_container_config_path }}:Z"
+  - "{{ openldap_data_path }}:{{ openldap_container_data_path }}:rw"
+  - "{{ openldap_socket_path }}:{{ openldap_container_socket_path }}:rw"
+openldap_container_all_volumes: >-2
+  {{ openldap_container_base_volumes | default([], true)
+    + openldap_container_volumes | default([], true) }}
+openldap_init_container_volumes:
+  - "{{ [openldap_slapd_path, openldap_slapd_path, 'ro'] | join(':') }}"
+
+openldap_container_healthcheck:
+  test: >-2
+    [[ $(netstat -plnte | grep slapd | wc -l) -ge 1 ]]
+    && [[ $(ps aux | grep slapd | wc -l) -ge 1 ]]
+    || exit 1

roles/openldap/defaults/main/main.yml

@@ -0,0 +1,24 @@
+---
+openldap_version: "2.6.8"
+openldap_alpine_revision: "0"
+openldap_alpine_package_version: >-2
+  v{{ openldap_version }}-r{{ openldap_alpine_revision | string }}
+
+openldap_domain: ~
+openldap_organization: ~
+
+openldap_config_path: "/etc/openldap/"
+openldap_olc_path: "{{ openldap_config_path }}/{0}config"
+openldap_slapd_path: "{{ openldap_config_path }}/slapd.ldif"
+openldap_schema_path: "{{ openldap_config_path }}/schema"
+openldap_data_path: "/var/lib/openldap"
+openldap_socket_path: "/run/openldap"
+openldap_socket: "{{ openldap_socket_path }}/slapd.sock"
+openldap_socket_url: >-2
+  ldapi://{{ openldap_socket | urlencode | replace('/', '%2F') }}
+
+openldap_state: "present"
+openldap_deployment_method: "docker"
+
+openldap_slapadd_init_command: >-2
+  slapadd -v -F {{ openldap_olc_path }} -n 0 -l {{ openldap_slapd_path }}

roles/openldap/defaults/main/openldap.yml

@@ -0,0 +1,62 @@
+---
+openldap_dn: >-2
+  dc={{ openldap_domain | regex_replace('\.', ',dc=') }}
+openldap_root_username: "admin"
+openldap_root_pw: ~
+openldap_root_node_object_classes:
+  - "top"
+  - "dcObject"
+  - "organization"
+openldap_root_node_dc: "{{ openldap_domain | regex_replace('\\..+', '') }}"
+openldap_root_node_o: "{{ openldap_organization | default('not set!', true) }}"
+
+openldap_fd_soft_limit: "8192"
+openldap_fd_hard_limit: "8192"
+
+openldap_module_path: "/usr/lib/openldap"
+openldap_modules:
+  - "mdb"
+  - "hdb"
+
+openldap_core_schema_path: "{{ openldap_schema_path }}/core.ldif"
+openldap_enabled_schemas:
+  - name: "cosine"
+  - name: "inetorgperson"
+openldap_additional_schemas: []
+openldap_schemas: >-2
+  {{ openldap_enabled_schemas + openldap_additional_schemas }}
+
+openldap_config_db: "cn=config"
+openldap_config_db_olc_access: >-2
+  to *
+    by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" manage
+    by * none
+openldap_config_db_attributes:
+  olcAccess: "{{ openldap_config_db_olc_access }}"
+
+openldap_default_indices:
+  - "objectClass eq"
+openldap_indices: []
+
+openldap_default_database_name: "mdb"
+openldap_default_database_object_class: "olcMdbConfig"
+openldap_default_database_suffix: "{{ openldap_dn }}"
+openldap_default_database_root_dn: >-2
+  cn={{ openldap_root_username }},{{ openldap_default_database_suffix }}
+openldap_default_database_root_pw: "{{ openldap_root_pw }}"
+openldap_default_database_directory: >-2
+  {{ openldap_data_path }}/{{ openldap_default_database_name }}
+openldap_default_database_indices: >-2
+  {{ openldap_default_indices + openldap_indices }}
+openldap_default_database_config: >-2
+  olcDatabase={1}{{ openldap_default_database_name }},{{ openldap_config_db }}
+openldap_default_database:
+  name: "{{ openldap_default_database_name }}"
+  object_class: "{{ openldap_default_database_object_class }}"
+  suffix: "{{ openldap_default_database_suffix }}"
+  root_dn: "{{ openldap_default_database_root_dn }}"
+  root_pw: "{{ openldap_default_database_root_pw }}"
+  directory: "{{ openldap_default_database_directory }}"
+  indices: "{{ openldap_default_database_indices }}"
+openldap_databases:
+  - "{{ openldap_default_database }}"