-
Notifications
You must be signed in to change notification settings - Fork 73
/
bootstrap.ldif
336 lines (290 loc) · 11.6 KB
/
bootstrap.ldif
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
###############################################################################
# Rudder LDAP directory - Bootstrap file
###############################################################################
# This file contains the basic structure and minimal entries that MUST be
# present in the LDAP backend for Rudder to function correctly.
###############################################################################
# Base structure
dn: cn=rudder-configuration
objectclass: configurationRoot
cn: rudder-configuration
dn: ou=Nodes,cn=rudder-configuration
objectclass: top
objectclass: organizationalUnit
ou: Nodes
description: Branch that stores all the Nodes
dn: ou=Rudder,cn=rudder-configuration
objectclass: top
objectclass: organizationalUnit
ou: Rudder
description: Branch that stores all Rudder specific data
## Rudder Node configuration branch
dn: ou=Nodes Configuration,ou=Rudder,cn=rudder-configuration
objectClass: organizationalUnit
objectClass: top
ou: Nodes Configuration
## Inventories related branches
dn: ou=Inventories,cn=rudder-configuration
objectclass: top
objectclass: organizationalUnit
ou: Inventories
description: Inventory information
dn: ou=Software,ou=Inventories,cn=rudder-configuration
objectClass: top
objectClass: organizationalUnit
ou: Software
description: Software packages installed on servers from ou=Nodes, including details such as full name, version, architecture, etc.
dn: ou=Accepted Inventories,ou=Inventories,cn=rudder-configuration
objectclass: top
objectclass: organizationalUnit
ou: Accepted Inventories
description: Store accepted inventories
dn: ou=Machines,ou=Accepted Inventories,ou=Inventories,cn=rudder-configuration
objectClass: top
objectClass: organizationalUnit
ou: Machines
description: Containers for servers from ou=Nodes, such as physical machines or virtual machines.
dn: ou=Nodes,ou=Accepted Inventories,ou=Inventories,cn=rudder-configuration
objectClass: top
objectClass: organizationalUnit
ou: Nodes
description: Logical servers, an OS installation. May be on a virtual machine or a physical machine, from ou=Machines.
## Same structure, for pending inventories (before acceptation)
dn: ou=Pending Inventories,ou=Inventories,cn=rudder-configuration
objectclass: top
objectclass: organizationalUnit
ou: Pending Inventories
description: Store inventories not yet accepted in Rudder
# Machines, pending @ example.org
dn: ou=Machines,ou=Pending Inventories,ou=Inventories,cn=rudder-configuration
objectClass: top
objectClass: organizationalUnit
ou: Machines
description: Containers for servers from ou=Nodes, such as physical machines or virtual machines.
# Nodes, pending @ example.org
dn: ou=Nodes,ou=Pending Inventories,ou=Inventories,cn=rudder-configuration
objectClass: top
objectClass: organizationalUnit
ou: Nodes
description: Logical servers, an OS installation. May be on a virtual machine or a physical machine, from ou=Machines.
## Same structure, for removed inventories (after deletion)
dn: ou=Removed Inventories,ou=Inventories,cn=rudder-configuration
objectclass: top
objectclass: organizationalUnit
ou: Removed Inventories
description: Store inventories removed from Rudder
# Machines, removed
dn: ou=Machines,ou=Removed Inventories,ou=Inventories,cn=rudder-configuration
objectClass: top
objectClass: organizationalUnit
ou: Machines
description: Containers for servers from ou=Nodes, such as physical machines or virtual machines.
# Nodes, removed
dn: ou=Nodes,ou=Removed Inventories,ou=Inventories,cn=rudder-configuration
objectClass: top
objectClass: organizationalUnit
ou: Servers
description: Logical servers, an OS installation. May be on a virtual machine or a physical machine, from ou=Machines.
# System groups
dn: groupCategoryId=GroupRoot,ou=Rudder,cn=rudder-configuration
objectClass: groupCategory
objectClass: top
cn: Root of the group and group categories
description: This is the root category for the groups (both dynamic and stat
ic) and group categories
groupCategoryId: GroupRoot
isSystem: TRUE
dn: groupCategoryId=SystemGroups,groupCategoryId=GroupRoot,ou=Rudder,cn=rudder-configuration
objectClass: groupCategory
objectClass: top
cn: System groups
description: That category holds all the system and special target
groupCategoryId: SystemGroups
isSystem: TRUE
dn: ruleTarget=special:all,groupCategoryId=SystemGroups,groupCategoryId=GroupRoot,ou=Rudder,cn=rudder-configuration
objectClass: specialRuleTarget
objectClass: top
ruleTarget: special:all
cn: All nodes
description: All nodes known by Rudder (including Rudder policy servers)
isEnabled: TRUE
isSystem: TRUE
dn: ruleTarget=special:all_exceptPolicyServers,groupCategoryId=SystemGroups,groupCategoryId=GroupRoot,ou=Rudder,cn=rudder-configuration
objectClass: specialRuleTarget
objectClass: top
ruleTarget: special:all_exceptPolicyServers
cn: All managed nodes
description: All nodes known by Rudder (excluding Rudder policy servers)
isEnabled: TRUE
isSystem: TRUE
dn: ruleTarget=special:all_servers_with_role,groupCategoryId=SystemGroups,groupCategoryId=GroupRoot,ou=Rudder,cn=rudder-configuration
objectClass: specialRuleTarget
objectClass: top
ruleTarget: special:all_servers_with_role
cn: All nodes with a Server role
description: All nodes that have at least one Server role defined
isEnabled: TRUE
isSystem: TRUE
dn: ruleTarget=special:all_nodes_without_role,groupCategoryId=SystemGroups,groupCategoryId=GroupRoot,ou=Rudder,cn=rudder-configuration
objectClass: specialRuleTarget
objectClass: top
ruleTarget: special:all_nodes_without_role
cn: All nodes excluding Rudder server roles
description: All nodes excluding Rudder server components
isEnabled: TRUE
isSystem: TRUE
# Active technique library
dn: techniqueCategoryId=Active Techniques,ou=Rudder,cn=rudder-configuration
objectClass: techniqueCategory
objectClass: top
cn: Root of active techniques's library
description: This is the root category for active techniques. It contains subcategories, actives techniques and directives
techniqueCategoryId: Active Techniques
isSystem: TRUE
# System active technique library
dn: techniqueCategoryId=Rudder Internal,techniqueCategoryId=Active Techniques,ou=Rudder,cn=rudder-configuration
objectClass: techniqueCategory
objectClass: top
cn: Active techniques used by Rudder
description: This category contains "system" active techniques, used to configure Rudder agents and essential parts of Rudder server.
techniqueCategoryId: Rudder Internal
isSystem: TRUE
# Distribute policy (root policy server)
dn: activeTechniqueId=distributePolicy,techniqueCategoryId=Rudder Internal,techniqueCategoryId=Active Techniques,ou=Rudder,cn=rudder-configuration
objectClass: activeTechnique
objectClass: top
techniqueId: distributePolicy
activeTechniqueId: distributePolicy
acceptationTimestamp: {"1.0":"20110715124328.999Z"}
isEnabled: TRUE
isSystem: TRUE
# common (has policy server)
dn: activeTechniqueId=common,techniqueCategoryId=Rudder Internal,techniqueCategoryId=Active Techniques,ou=Rudder,cn=rudder-configuration
objectClass: activeTechnique
objectClass: top
techniqueId: common
activeTechniqueId: common
acceptationTimestamp: {"1.0":"20110715124328.999Z"}
isEnabled: TRUE
isSystem: TRUE
# inventory
dn: activeTechniqueId=inventory,techniqueCategoryId=Rudder Internal,techniqueCategoryId=Active Techniques,ou=Rudder,cn=rudder-configuration
objectClass: activeTechnique
objectClass: top
techniqueId: inventory
activeTechniqueId: inventory
acceptationTimestamp: {"1.0":"20110715124328.999Z"}
isEnabled: TRUE
isSystem: TRUE
dn: directiveId=inventory-all,activeTechniqueId=inventory,techniqueCategoryId=Rudder Internal,techniqueCategoryId=Active Techniques,ou=Rudder,cn=rudder-configuration
objectClass: directive
objectClass: top
directiveId: inventory-all
techniqueVersion: 0:1.0
cn: Inventory
description: inventory - Technical
isEnabled: TRUE
isSystem: TRUE
directivePriority: 0
# server_roles
dn: activeTechniqueId=server-roles,techniqueCategoryId=Rudder Internal,techniqueCategoryId=Active Techniques,ou=Rudder,cn=rudder-configuration
objectClass: activeTechnique
objectClass: top
techniqueId: server-roles
activeTechniqueId: server_roles
acceptationTimestamp: {"1.0":"20140603124328.999Z"}
isEnabled: TRUE
isSystem: TRUE
dn: directiveId=server-roles-directive,activeTechniqueId=server-roles,techniqueCategoryId=Rudder Internal,techniqueCategoryId=Active Techniques,ou=Rudder,cn=rudder-configuration
objectClass: directive
objectClass: top
directiveId: server-roles-directive
techniqueVersion: 0:1.0
cn: Server Roles
description: Server Roles - Technical
isEnabled: TRUE
isSystem: TRUE
directivePriority: 0
#######################################################################################################################
## Rules
#######################################################################################################################
dn: ou=Rules,ou=Rudder,cn=rudder-configuration
objectClass: organizationalUnit
objectClass: top
ou: Rules
dn: ruleId=inventory-all,ou=Rules,ou=Rudder,cn=rudder-configuration
objectClass: rule
objectClass: top
ruleId: inventory-all
ruleTarget: special:all
directiveId: inventory-all
cn: Rudder system policy: daily inventory
description: Inventory
isEnabled: TRUE
isSystem: TRUE
longDescription: This rule makes all nodes do daily self inventories
serial: 0
dn: ruleId=server-roles,ou=Rules,ou=Rudder,cn=rudder-configuration
objectClass: rule
objectClass: top
ruleId: server-roles
ruleTarget: special:all_servers_with_role
directiveId: server-roles-directive
cn: Rudder system policy: Server roles
description: Server roles
isEnabled: TRUE
isSystem: TRUE
longDescription: This rule configures the nodes that have Server Roles defined
serial: 0
# A demonstration rule: group "all nodes", no directive
dn: ruleId=32377fd7-02fd-43d0-aab7-28460a91347b,ou=Rules,ou=Rudder,cn=rudder
-configuration
objectClass: top
objectClass: rule
ruleId: 32377fd7-02fd-43d0-aab7-28460a91347b
ruleTarget: special:all
cn: Global configuration for all nodes
longDescription: This Rule was created automatically when Rudder was installed.
It can be used to target Directives to all nodes (including the Rudder root
server itself), or deleted if you would rather create your own set of
Rules (it will never be created again).
isEnabled: TRUE
isSystem: FALSE
tag: rootRuleCategory
serial: 0
#######################################################################################################################
## Archives
#######################################################################################################################
dn: ou=Archives,ou=Rudder,cn=rudder-configuration
objectClass: organizationalUnit
objectClass: top
ou: Archives
#######################################################################################################################
## API Accounts
#######################################################################################################################
dn: ou=API Accounts,ou=Rudder,cn=rudder-configuration
objectClass: organizationalUnit
objectClass: top
ou: API Accounts
## Rudder Parameters configuration branch
dn: ou=Parameters,ou=Rudder,cn=rudder-configuration
objectClass: organizationalUnit
objectClass: top
ou: Parameters
dn: parameterName=rudder_file_edit_header,ou=Parameters,ou=Rudder,cn=rudder-configuration
objectClass: parameter
objectClass: top
parameterName: rudder_file_edit_header
description: Default inform message put in header of managed files by Rudder
overridable: TRUE
parameterValue: ### Managed by Rudder, edit with care ###
dn: ou=Application Properties,cn=rudder-configuration
objectClass: organizationalUnit
objectClass: top
ou: Application Properties
dn: propertyName=rudder_syslog_protocol,ou=Application Properties,cn=rudder-
configuration
objectClass: property
objectClass: top
propertyName: rudder_syslog_protocol
propertyValue: UDP