Update to 2021-02-08 12:00

master
Daniel Berteaud 3 years ago
parent c5475b8881
commit 7d57e11314
  1. 8
      roles/bitwarden_rs/defaults/main.yml
  2. 101
      roles/lemonldap_ng/files/mysql_schema.sql
  3. 6
      roles/lemonldap_ng/tasks/mysql.yml
  4. 19
      roles/lemonldap_ng/templates/lemonldap-ng.ini.j2
  5. 1
      roles/lemonldap_ng/vars/CentOS-7.yml
  6. 1
      roles/lemonldap_ng/vars/CentOS-8.yml
  7. 20
      roles/lemonldap_ng/vars/main.yml

@ -1,12 +1,12 @@
---
bitwarden_version: 1.18.0
bitwarden_version: 1.19.0
bitwarden_archive_url: https://github.com/dani-garcia/bitwarden_rs/archive/{{ bitwarden_version }}.tar.gz
bitwarden_archive_sha1: 6fa3866dbfbf0b9d5471b90e8cda363bf44554b9
bitwarden_archive_sha1: d1b989c4a243fbc8d010b01b3c70063503868124
bitwarden_web_version: 2.18.1
bitwarden_web_version: 2.18.1b
bitwarden_web_archive_url: https://github.com/dani-garcia/bw_web_builds/releases/download/v{{ bitwarden_web_version }}/bw_web_v{{ bitwarden_web_version }}.tar.gz
bitwarden_web_archive_sha1: 9130c63cbe99b6f3a8fb64b0ad233d736210b7e7
bitwarden_web_archive_sha1: d2a916d3692ac62b98922b7f30dcf9933aa50159
bitwarden_root_dir: /opt/bitwarden_rs
bitwarden_user: bitwarden_rs

@ -1,27 +1,76 @@
CREATE TABLE IF NOT EXISTS `lmConfig` (
`cfgNum` INT(11) NOT NULL,
`FIELD` VARCHAR(255) NOT NULL DEFAULT '',
`VALUE` LONGTEXT,
PRIMARY KEY (`cfgNum`,`FIELD`)
);
CREATE TABLE IF NOT EXISTS `sessions` (
`id` VARCHAR(64) NOT NULL PRIMARY KEY,
`a_session` TEXT,
`_whatToTrace` TEXT,
`_session_kind` TEXT,
`_utime` BIGINT,
`ipAddr` TEXT
);
CREATE INDEX IF NOT EXISTS `uid1` ON `sessions` (`_whatToTrace`(128)) USING BTREE;
CREATE INDEX IF NOT EXISTS `s1` ON `sessions` (`_session_kind`(32));
CREATE INDEX IF NOT EXISTS `u1` ON `sessions` (`_utime`);
CREATE INDEX IF NOT EXISTS `ip1` ON `sessions` (`ipAddr`(39)) USING BTREE;
CREATE TABLE IF NOT EXISTS `notifications` (
`date` datetime NOT NULL,
`uid` VARCHAR(255) NOT NULL,
`ref` VARCHAR(255) NOT NULL,
`cond` VARCHAR(255) DEFAULT NULL,
`xml` longblob NOT NULL,
`done` datetime DEFAULT NULL,
PRIMARY KEY (`date`, `uid`, `ref`)
CREATE TABLE IF NOT EXISTS lmConfig (
cfgNum int not null primary key,
data longtext
);
CREATE TABLE IF NOT EXISTS sessions (
id varchar(64) not null primary key,
a_session text,
_whatToTrace varchar(64),
_session_kind varchar(15),
ipAddr varchar(64),
_utime bigint,
_httpSessionType varchar(64),
user varchar(64)
) DEFAULT CHARSET utf8;
CREATE INDEX IF NOT EXISTS i_s__whatToTrace ON sessions (_whatToTrace);
CREATE INDEX IF NOT EXISTS i_s__session_kind ON sessions (_session_kind);
CREATE INDEX IF NOT EXISTS i_s__utime ON sessions (_utime);
CREATE INDEX IF NOT EXISTS i_s_ipAddr ON sessions (ipAddr);
CREATE INDEX IF NOT EXISTS i_s__httpSessionType ON sessions (_httpSessionType);
CREATE INDEX IF NOT EXISTS i_s_user ON sessions (user);
CREATE TABLE IF NOT EXISTS psessions (
id varchar(64) not null primary key,
a_session text,
_session_kind varchar(15),
_httpSessionType varchar(64),
_whatToTrace varchar(64),
ipAddr varchar(64),
_session_uid varchar(64)
) DEFAULT CHARSET utf8;
CREATE INDEX IF NOT EXISTS i_p__session_kind ON psessions (_session_kind);
CREATE INDEX IF NOT EXISTS i_p__httpSessionType ON psessions (_httpSessionType);
CREATE INDEX IF NOT EXISTS i_p__session_uid ON psessions (_session_uid);
CREATE INDEX IF NOT EXISTS i_p_ipAddr ON psessions (ipAddr);
CREATE INDEX IF NOT EXISTS i_p__whatToTrace ON psessions (_whatToTrace);
CREATE TABLE IF NOT EXISTS samlsessions (
id varchar(64) not null primary key,
a_session text,
_session_kind varchar(15),
_utime bigint,
ProxyID varchar(64),
_nameID varchar(128),
_assert_id varchar(64),
_art_id varchar(64),
_saml_id varchar(64)
) DEFAULT CHARSET utf8;
CREATE INDEX IF NOT EXISTS i_a__session_kind ON samlsessions (_session_kind);
CREATE INDEX IF NOT EXISTS i_a__utime ON samlsessions (_utime);
CREATE INDEX IF NOT EXISTS i_a_ProxyID ON samlsessions (ProxyID);
CREATE INDEX IF NOT EXISTS i_a__nameID ON samlsessions (_nameID);
CREATE INDEX IF NOT EXISTS i_a__assert_id ON samlsessions (_assert_id);
CREATE INDEX IF NOT EXISTS i_a__art_id ON samlsessions (_art_id);
CREATE INDEX IF NOT EXISTS i_a__saml_id ON samlsessions (_saml_id);
CREATE TABLE IF NOT EXISTS oidcsessions (
id varchar(64) not null primary key,
a_session text,
_session_kind varchar(15),
_utime bigint
) DEFAULT CHARSET utf8;
CREATE INDEX IF NOT EXISTS i_o__session_kind ON oidcsessions (_session_kind);
CREATE INDEX IF NOT EXISTS i_o__utime ON oidcsessions (_utime);
CREATE TABLE IF NOT EXISTS cassessions (
id varchar(64) not null primary key,
a_session text,
_session_kind varchar(15),
_utime bigint,
_cas_id varchar(128),
pgtIou varchar(128)
) DEFAULT CHARSET utf8;
CREATE INDEX IF NOT EXISTS i_c__session_kind ON cassessions (_session_kind);
CREATE INDEX IF NOT EXISTS i_c__utime ON cassessions (_utime);
CREATE INDEX IF NOT EXISTS i_c__cas_id ON cassessions (_cas_id);
CREATE INDEX IF NOT EXISTS i_c_pgtIou ON cassessions (pgtIou);

@ -68,14 +68,14 @@
mysql_user:
name: "{{ llng_handler_db_user }}"
password: "{{ llng_handler_db_pass }}"
priv: "{{ llng_db_name }}.sessions:SELECT,INSERT,DELETE,UPDATE/{{ llng_db_name }}.lmConfig:SELECT"
host: "{{ ( llng_db_server == 'localhost' ) | ternary('localhost', item ) }}"
priv: "{{ llng_db_name }}.{{ llng_session_tables[item.1].name }}:SELECT,INSERT,DELETE,UPDATE/{{ llng_db_name }}.lmConfig:SELECT"
host: "{{ ( llng_db_server == 'localhost' ) | ternary('localhost', item.0 ) }}"
login_host: "{{ llng_db_server }}"
login_user: sqladmin
login_password: "{{ mysql_admin_pass }}"
state: present
append_privs: True
when: llng_handler == True
loop: "{{ ansible_all_ipv4_addresses }}"
loop: "{{ ansible_all_ipv4_addresses | product(llng_session_tables.keys() | list) | list }}"
tags: web

@ -13,11 +13,26 @@ globalStorageOptions = {
localSessionStorage = Cache::FileCache
localSessionStorageOptions = { \
'namespace' => 'sessions', \
'default_expires_in' => '600', \
'default_expires_in' => '300', \
'directory_umask' => '007', \
'cache_root' => '/var/cache/lemonldap-ng', \
'cache_depth' => 3 \
}
{% if llng_conf_backend == 'mysql' %}
{% for type in llng_session_tables.keys() | list %}
{{ type }}Storage = Apache::Session::Browseable::MySQL
{{ type }}StorageOptions = { \
'DataSource' => 'DBI:mysql:database={{ llng_db_name }};host={{ llng_db_server }};mysql_enable_utf8=1', \
'UserName' => '{{ llng_handler_db_user }}', \
'Password' => '{{ llng_handler_db_pass }}', \
'TableName' => '{{ llng_session_tables[type].name }}', \
{% if llng_session_tables[type].index is defined %}
'Index' => '{{ llng_session_tables[type].index }}', \
{% endif %}
'generateModule' => 'Lemonldap::NG::Common::Apache::Session::Generate::SHA256' \
}
{% endfor %}
{% endif %}
[configuration]
{% if llng_conf_backend == 'file' %}
@ -32,7 +47,7 @@ Password = {{ llng_api_pass }}
{% endif %}
proxyOptions = { timeout => 5 }
{% elif llng_conf_backend == 'mysql' %}
type = RDBI
type = CDBI
dbiChain = DBI:mysql:database={{ llng_db_name }};host={{ llng_db_server }}
dbiUser = {{ (llng_manager or llng_portal) | ternary(llng_db_user,llng_handler_db_user) }}
dbiPassword = {{ (llng_manager or llng_portal) | ternary(llng_db_pass,llng_handler_db_pass) }}

@ -12,6 +12,7 @@ llng_portal_packages:
- lasso
- lasso-perl
- perl-Authen-Captcha
- perl-Auth-Yubikey_WebClient
llng_manager_packages:
- lemonldap-ng-manager

@ -13,6 +13,7 @@ llng_portal_packages:
- lasso
- lasso-perl
- perl-Authen-Captcha
- perl-Auth-Yubikey_WebClient
llng_manager_packages:
- lemonldap-ng-manager

@ -0,0 +1,20 @@
---
# Session tables used with the database backend
# to store the various type of sessions
llng_session_tables:
global:
name: sessions
index: ipAddr _whatToTrace user _session_kind _utime _httpSessionType
persistent:
name: psessions
index: ipAddr _whatToTrace _session_kind _httpSessionType _session_uid
saml:
name: samlsessions
index: _session_kind _utime _saml_id
oidc:
name: oidcsessions
index: _session_kind _utime
cas:
name: cassessions
index: _session_kind _utime _cas_id
Loading…
Cancel
Save