From a2e0016dfc620beb5fce3727caa1873d23da3102 Mon Sep 17 00:00:00 2001 From: Chuck Levesque Date: Thu, 21 Dec 2023 10:04:29 -0500 Subject: [PATCH] Fix ipa user search group & add base_teardown Fix ipa user search group & add base_teardown Signed-off-by: Chuck Levesque --- private-cloud/base/aws-iaas/base_teardown.yml | 85 +++++++++++++++++++ private-cloud/base/aws-iaas/definition.yml | 2 +- 2 files changed, 86 insertions(+), 1 deletion(-) create mode 100644 private-cloud/base/aws-iaas/base_teardown.yml diff --git a/private-cloud/base/aws-iaas/base_teardown.yml b/private-cloud/base/aws-iaas/base_teardown.yml new file mode 100644 index 0000000..44687a6 --- /dev/null +++ b/private-cloud/base/aws-iaas/base_teardown.yml @@ -0,0 +1,85 @@ +--- + +# Copyright 2023 Cloudera, Inc. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# STARTBLOCK # Init run +- name: Init run tasks for Ansible Controller + hosts: localhost + gather_facts: yes + tasks: + - ansible.builtin.include_role: + name: cloudera.exe.init_deployment + public: yes + when: init__completed is undefined + + - name: Prepare inventory for PvC Plays + ansible.builtin.include_role: + name: cloudera.exe.init_deployment + public: yes + tasks_from: prep_pvc.yml + tags: + - always + +# ENDBLOCK # Init run + + +# STARTBLOCK # Teardown +# Teardown CA +- name: Teardown CA server + hosts: "{{ target | default('ca_server') }}" + gather_facts: yes + become: yes + tasks: + - ansible.builtin.include_role: + name: cloudera.cluster.infrastructure.ca_certs + tasks_from: clean.yml + tags: + - teardown_ca + +- name: Teardown security artifact directories + hosts: "{{ target | default('tls') }}" + gather_facts: yes + become: yes + roles: + - role: cloudera.cluster.security.tls_clean + when: "'tls' in groups" + tags: + - teardown_tls + +# Teardown Cluster +- name: Teardown ECS + hosts: "{{ target | default('ecs_nodes') }}" + gather_facts: yes + become: yes + tasks: + - ansible.builtin.include_role: + name: cloudera.cluster.teardown + tasks_from: teardown_ecs.yml + vars: + cluster: "{{ definition.clusters | selectattr('type', 'defined') | selectattr('type', 'search', 'ecs') | first }}" + tags: + - teardown_ecs + +- name: Cluster Teardown Process + hosts: "{{ target | default('cloudera_manager, cluster') }}" + gather_facts: yes + become: yes + any_errors_fatal: true + roles: + - cloudera.cluster.teardown + tags: + - teardown_cluster + +# ENDBLOCK # Teardown diff --git a/private-cloud/base/aws-iaas/definition.yml b/private-cloud/base/aws-iaas/definition.yml index 177be9b..c6d7149 100644 --- a/private-cloud/base/aws-iaas/definition.yml +++ b/private-cloud/base/aws-iaas/definition.yml @@ -123,7 +123,7 @@ auth_providers: user: "person" group: "posixgroup" ldap_search_filter: # Used for mapping Services (Atlas, Ranger, etc.) to LDAP - user: "(&(sAMAccountName={0})(objectClass=person))" + user: "(&(uid={0})(objectClass=person))" member: "(&(member={0})(objectClass=group))" # group: (&(member={0})(objectclass=posixgroup)(!(cn=admins))) ldap_attribute: # Used for mapping CM to LDAP