forked from Normation/rudder
-
Notifications
You must be signed in to change notification settings - Fork 0
/
init-policy-server.ldif
207 lines (183 loc) · 8.02 KB
/
init-policy-server.ldif
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
#####################################################################################
# Copyright 2011 Normation SAS
#####################################################################################
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as
# published by the Free Software Foundation, either version 3 of the
# License, or (at your option) any later version.
#
# In accordance with the terms of section 7 (7. Additional Terms.) of
# the GNU Affero GPL v3, the copyright holders add the following
# Additional permissions:
# Notwithstanding to the terms of section 5 (5. Conveying Modified Source
# Versions) and 6 (6. Conveying Non-Source Forms.) of the GNU Affero GPL v3
# licence, when you create a Related Module, this Related Module is
# not considered as a part of the work and may be distributed under the
# license agreement of your choice.
# A "Related Module" means a set of sources files including their
# documentation that, without modification of the Source Code, enables
# supplementary functions or services in addition to those offered by
# the Software.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/agpl.html>.
#
#####################################################################################
###############################################################################
# Rudder LDAP directory - Initial root server configuration
###############################################################################
# This file contains sample entries that MUST be configured and added to the
# LDAP backend for Rudder to function correctly.
# These entries define the root policy server (the server the LDAP inventory
# is installed on), and must be configured with the following variables:
# - POLICY_SERVER_HOSTNAME: Full hostname of this server, that clients
# can use to reach it.
# - POLICY_SERVER_ALLOWED_NETWORKS: List of networks in network/bits
# format that are allowed to connect to
# the Cfengine policy server.
#
# These variables can be replaced using sed commands as follows:
# sed -i "s/%%POLICY_SERVER_HOSTNAME%%/demo.normation.com/g" me.ldif
# sed -i "s#%%POLICY_SERVER_ALLOWED_NETWORKS%%#192\\.168\\.100\\.0/24#g" me.ldif
###############################################################################
#######################################################################################################################
## Root Policy Node
#######################################################################################################################
dn: nodeId=root,ou=Nodes Configuration,ou=Rudder,cn=rudder-configuration
objectClass: rootPolicyServerNodeConfiguration
objectClass: nodeConfiguration
objectClass: top
nodeId: root
isModified: TRUE
cn: Rudder root policy server
lastUpdateTimestamp: 20101026130817+0200
nodeHostname: %%POLICY_SERVER_HOSTNAME%%
localAdministratorAccountName: root
#agentsName: Nova
agentName: Community
policyServerId: root
isPolicyServer: TRUE
targetName: Rudder root policy server
targetNodeHostname: %%POLICY_SERVER_HOSTNAME%%
targetAgentName: Community
targetPolicyServerId: root
targetLocalAdministratorAccountName: root
#######################################################################################################################
## Nodes
#######################################################################################################################
dn: nodeId=root,ou=Nodes,cn=rudder-configuration
objectClass: rudderPolicyServer
objectClass: rudderNode
objectClass: top
cn: root
nodeId: root
description: the policy server
isSystem: TRUE
isBroken: FALSE
dn: nodeId=root,ou=Nodes,ou=Accepted Inventories,ou=Inventories,cn=rudder-configuration
objectClass: top
objectClass: node
objectClass: unixNode
objectClass: linuxNode
nodeId: root
osKernelVersion: 1.0-dummy-version
osName: Linux
osVersion: Linux
localAccountName: root
cn: root
localAdministratorAccountName: root
nodeHostname: %%POLICY_SERVER_HOSTNAME%%
PolicyServerId: root
inventoryDate: 19700101000000+0200
receiveDate: 19700101000000+0200
ipHostNumber: 127.0.0.1
agentName: Community
#agentsName: Nova
publicKey: Currently not used
#######################################################################################################################
## Node groups (including special target)
#######################################################################################################################
dn: nodeGroupId=hasPolicyServer-root,groupCategoryId=SystemGroups,groupCategoryId=GroupRoot,ou=Rudder,cn=rudder-configuration
objectClass: nodeGroup
objectClass: top
cn: Root server group
description: Root server goup
isDynamic: FALSE
nodeGroupId: hasPolicyServer-root
nodeId: root
isSystem: TRUE
isEnabled: TRUE
dn: ruleTarget=policyServer:root,groupCategoryId=SystemGroups,groupCategoryId=GroupRoot,ou=Rudder,cn=rudder-configuration
objectClass: specialRuleTarget
objectClass: top
ruleTarget: policyServer:root
cn: Root policy server
description: A special target which only matches the policy server with the ID given after the semicolon
isEnabled: TRUE
isSystem: TRUE
#######################################################################################################################
## Directives
#######################################################################################################################
dn: directiveId=root-distributePolicy,activeTechniqueId=distributePolicy,techniqueCategoryId=Rudder Internal,techniqueCategoryId=Active Techniques,ou=Rudder,cn=rudder-configuration
objectClass: directive
objectClass: top
directiveId: root-distributePolicy
cn: Distribute Policy
description: Distribute policy - Technical
techniqueVersion: 0:1.0
isEnabled: TRUE
isSystem: TRUE
directivePriority: 0
# common (has policy server)
dn: directiveId=common-root,activeTechniqueId=common,techniqueCategoryId=Rudder Internal,techniqueCategoryId=Active Techniques,ou=Rudder,cn=rudder-configuration
objectClass: directive
objectClass: top
directiveId: common-root
cn: Common
description: Common - Technical
techniqueVersion: 0:1.0
isEnabled: TRUE
isSystem: TRUE
directivePriority: 0
directiveVariable: OWNER[0]:${rudder.node.admin}
directiveVariable: UUID[0]:${rudder.node.id}
directiveVariable: POLICYSERVER[0]:%%POLICY_SERVER_HOSTNAME%%
directiveVariable: POLICYSERVER_ID[0]:root
directiveVariable: POLICYSERVER_ADMIN[0]:root
directiveVariable: ALLOWEDNETWORK[0]:%%POLICY_SERVER_ALLOWED_NETWORKS%%
directiveVariable: POLICYCHILDREN[0]:${rudder.hasPolicyServer-root.target.hostname}
directiveVariable: ADMIN[0]:${rudder.hasPolicyServer-root.target.admin}
directiveVariable: CHILDRENID[0]:${rudder.hasPolicyServer-root.target.id}
#######################################################################################################################
## Rules
#######################################################################################################################
dn: ruleId=root-DP,ou=Rules,ou=Rudder,cn=rudder-configuration
objectClass: rule
objectClass: top
ruleId: root-DP
ruleTarget: policyServer:root
directiveId: root-distributePolicy
cn: distributePolicy
description: Distribute Policy - Technical
isEnabled: TRUE
isSystem: TRUE
longDescription: This rule allows to distribute policies to nodes
serial: 0
dn: ruleId=hasPolicyServer-root,ou=Rules,ou=Rudder,cn=rudder-configuration
objectClass: rule
objectClass: top
ruleId: hasPolicyServer-root
ruleTarget: group:hasPolicyServer-root
directiveId: common-root
cn: Rudder system policy: basic setup (common)
description: Common - Technical
isEnabled: TRUE
isSystem: TRUE
longDescription: This is the basic system rule which all nodes must have.
serial: 0