From 3a399bd04cfd13d11c09e019d9edc8032701056f Mon Sep 17 00:00:00 2001 From: fpoutre Date: Thu, 20 Feb 2020 18:42:34 +0100 Subject: [PATCH] added ldap-replica support for ldap-clients of pacaterie and fleming --- base.yml | 6 +- copy_keys_to_aurore.sh | 4 + hosts | 100 ++++++------- hosts.save.1 | 165 ++++++++++++++++++++++ roles/ldap-client/templates/nslcd.conf.j2 | 9 +- 5 files changed, 230 insertions(+), 54 deletions(-) create mode 100755 copy_keys_to_aurore.sh create mode 100644 hosts.save.1 diff --git a/base.yml b/base.yml index dc3c2dc..bafc56b 100644 --- a/base.yml +++ b/base.yml @@ -12,6 +12,6 @@ # Clone LDAP on local geographic location # DON'T DO THIS AS IT RECREATES THE REPLICA -# - hosts: ldap-replica -# roles: -# - ldap-replica +#- hosts: ldap-replica +# roles: +# - ldap-replica diff --git a/copy_keys_to_aurore.sh b/copy_keys_to_aurore.sh new file mode 100755 index 0000000..12cf2c6 --- /dev/null +++ b/copy_keys_to_aurore.sh @@ -0,0 +1,4 @@ +#!/bin/bash +for ip in `cat hosts|grep .adm.auro.re`; do + sshpass -v -p "6+Fwa9h2L>L6]C*y" ssh-copy-id -o StrictHostKeyChecking=no fpoutre@$ip +done diff --git a/hosts b/hosts index 948c917..bdffb4d 100644 --- a/hosts +++ b/hosts @@ -6,44 +6,44 @@ # > Then we regroup everything in global geographic and type groups. [aurore_pve] -merlin.adm.auro.re +#merlin.adm.auro.re [aurore_vm] -radius-aurore.adm.auro.re +#radius-aurore.adm.auro.re [ovh_pve] -horus.adm.auro.re +#horus.adm.auro.re [ovh_container] -synapse.adm.auro.re -services-bdd.adm.auro.re -phabricator.adm.auro.re -wiki.adm.auro.re -www.adm.auro.re -proxy.adm.auro.re -matrix-services.adm.auro.re +#synapse.adm.auro.re +#services-bdd.adm.auro.re +#phabricator.adm.auro.re +#wiki.adm.auro.re +#www.adm.auro.re +#proxy.adm.auro.re +#matrix-services.adm.auro.re [ovh_vm] -re2o-server.adm.auro.re -re2o-ldap.adm.auro.re -re2o-db.adm.auro.re -serge.adm.auro.re -passbolt.adm.auro.re -vpn-ovh.adm.auro.re -docker-ovh.adm.auro.re -switchs-manager.adm.auro.re -radius-aurore.adm.auro.re +#re2o-server.adm.auro.re +#re2o-ldap.adm.auro.re +#re2o-db.adm.auro.re +#serge.adm.auro.re +#passbolt.adm.auro.re +#vpn-ovh.adm.auro.re +#docker-ovh.adm.auro.re +#switchs-manager.adm.auro.re +#radius-aurore.adm.auro.re [ovh_testing_vm] -re2o-test.adm.auro.re +#re2o-test.adm.auro.re [fleming_pve] freya.adm.auro.re marki.adm.auro.re [fleming_vm] -ldap-replica-fleming1.adm.auro.re -ldap-replica-fleming2.adm.auro.re +ldap-replica-fleming.adm.auro.re +ldap-replica-fleming-backup.adm.auro.re dhcp-fleming.adm.auro.re dhcp-fleming-backup.adm.auro.re dns-fleming.adm.auro.re @@ -74,25 +74,25 @@ routeur-pacaterie.adm.auro.re routeur-pacaterie-backup.adm.auro.re [edc_pve] -chapalux.adm.auro.re +#chapalux.adm.auro.re [edc_vm] -routeur-edc.adm.auro.re -dns-edc.adm.auro.re -dhcp-edc.adm.auro.re -unifi-edc.adm.auro.re -radius-edc.adm.auro.re -routeur-aurore.adm.auro.re +#routeur-edc.adm.auro.re +#dns-edc.adm.auro.re +#dhcp-edc.adm.auro.re +#unifi-edc.adm.auro.re +#radius-edc.adm.auro.re +#routeur-aurore.adm.auro.re [gs_pve] -perceval.adm.auro.re +#perceval.adm.auro.re [gs_vm] -routeur-gs.adm.auro.re -unifi-gs.adm.auro.re -radius-gs.adm.auro.re -dns-gs.adm.auro.re -dhcp-gs.adm.auro.re +#routeur-gs.adm.auro.re +#unifi-gs.adm.auro.re +#radius-gs.adm.auro.re +#dns-gs.adm.auro.re +#dhcp-gs.adm.auro.re # everything at ovh [ovh:children] @@ -144,23 +144,25 @@ edc_pve gs_pve [dhcp] -dhcp-fleming.adm.auro.re -dhcp-fleming-backup.adm.auro.re -dhcp-pacaterie.adm.auro.re -dhcp-pacaterie-backup.adm.auro.re -dhcp-edc.adm.auro.re -dhcp-gs.adm.auro.re +#dhcp-fleming.adm.auro.re +#dhcp-fleming-backup.adm.auro.re +#dhcp-pacaterie.adm.auro.re +#dhcp-pacaterie-backup.adm.auro.re +#dhcp-edc.adm.auro.re +#dhcp-gs.adm.auro.re [dns] -dns-fleming.adm.auro.re -dns-fleming-backup.adm.auro.re -dns-pacaterie.adm.auro.re -dns-pacaterie-backup.adm.auro.re -dns-edc.adm.auro.re -dns-gs.adm.auro.re - -[ldap-replica] +#dns-fleming.adm.auro.re +#dns-fleming-backup.adm.auro.re +#dns-pacaterie.adm.auro.re +#dns-pacaterie-backup.adm.auro.re +#dns-edc.adm.auro.re +#dns-gs.adm.auro.re + +[ldap_replica_fleming] ldap-replica-fleming.adm.auro.re ldap-replica-fleming-backup.adm.auro.re + +[ldap_replica_pacaterie] ldap-replica-pacaterie.adm.auro.re ldap-replica-pacaterie-backup.adm.auro.re diff --git a/hosts.save.1 b/hosts.save.1 new file mode 100644 index 0000000..db677b4 --- /dev/null +++ b/hosts.save.1 @@ -0,0 +1,165 @@ +# Aurore servers inventory + +# How to name your server ? +# > We name servers according to location, then type. +# > So all containers at OVH are in ovh-container. +# > Then we regroup everything in global geographic and type groups. + +[aurore_pve] +merlin.adm.auro.re + +[aurore_vm] +radius-aurore.adm.auro.re + +[ovh_pve] +horus.adm.auro.re + +[ovh_container] +synapse.adm.auro.re +services-bdd.adm.auro.re +phabricator.adm.auro.re +wiki.adm.auro.re +www.adm.auro.re +proxy.adm.auro.re +matrix-services.adm.auro.re + +[ovh_vm] +re2o-server.adm.auro.re +re2o-ldap.adm.auro.re +re2o-db.adm.auro.re +serge.adm.auro.re +passbolt.adm.auro.re +vpn-ovh.adm.auro.re +docker-ovh.adm.auro.re +switchs-manager.adm.auro.re +radius-aurore.adm.auro.re + +[ovh_testing_vm] +re2o-test.adm.auro.re + +[fleming_pve] +freya.adm.auro.re +marki.adm.auro.re + +[fleming_vm] +ldap-replica-fleming.adm.auro.re +ldap-replica-fleming-backup.adm.auro.re +dhcp-fleming.adm.auro.re +dhcp-fleming-backup.adm.auro.re +dns-fleming.adm.auro.re +dns-fleming-backup.adm.auro.re +prometheus-fleming.adm.auro.re +radius-fleming.adm.auro.re +radius-fleming-backup.adm.auro.re +unifi-fleming.adm.auro.re +routeur-fleming.adm.auro.re +routeur-fleming-backup.adm.auro.re + +[pacaterie_pve] +mordred.adm.auro.re +titan.adm.auro.re + +[pacaterie_vm] +ldap-replica-pacaterie.adm.auro.re +ldap-replica-pacaterie-backup.adm.auro.re +dhcp-pacaterie.adm.auro.re +dhcp-pacaterie-backup.adm.auro.re +dns-pacaterie.adm.auro.re +dns-pacaterie-backup.adm.auro.re +prometheus-pacaterie.adm.auro.re +radius-pacaterie.adm.auro.re +radius-pacaterie-backup.adm.auro.re +unifi-pacaterie.adm.auro.re +routeur-pacaterie.adm.auro.re +routeur-pacaterie-backup.adm.auro.re + +[edc_pve] +chapalux.adm.auro.re + +[edc_vm] +routeur-edc.adm.auro.re +dns-edc.adm.auro.re +dhcp-edc.adm.auro.re +unifi-edc.adm.auro.re +radius-edc.adm.auro.re +routeur-aurore.adm.auro.re + +[gs_pve] +perceval.adm.auro.re + +[gs_vm] +routeur-gs.adm.auro.re +unifi-gs.adm.auro.re +radius-gs.adm.auro.re +dns-gs.adm.auro.re +dhcp-gs.adm.auro.re + +# everything at ovh +[ovh:children] +ovh_pve +ovh_container +ovh_vm + +# everything at ovh_testing +[ovh_testing:children] +ovh_testing_vm + +# everything at fleming +[fleming:children] +fleming_pve +fleming_vm + +# everything at pacaterie +[pacaterie:children] +pacaterie_pve +pacaterie_vm + +# everything at edc +[edc:children] +edc_pve +edc_vm + +# everything at georgesand +[gs:children] +gs_pve +gs_vm + +# every LXC container +[container:children] +ovh_container + +# every virtual machine +[vm:children] +ovh_vm +fleming_vm +pacaterie_vm +gs_vm + +# every PVE +[pve:children] +ovh_pve +fleming_pve +pacaterie_pve +edc_pve +gs_pve + +[dhcp] +dhcp-fleming.adm.auro.re +dhcp-fleming-backup.adm.auro.re +dhcp-pacaterie.adm.auro.re +dhcp-pacaterie-backup.adm.auro.re +dhcp-edc.adm.auro.re +dhcp-gs.adm.auro.re + +[dns] +dns-fleming.adm.auro.re +dns-fleming-backup.adm.auro.re +dns-pacaterie.adm.auro.re +dns-pacaterie-backup.adm.auro.re +dns-edc.adm.auro.re +dns-gs.adm.auro.re + +[ldap-replica] +ldap-replica-fleming.adm.auro.re +ldap-replica-fleming-backup.adm.auro.re +ldap-replica-pacaterie-backup.adm.auro.re diff --git a/roles/ldap-client/templates/nslcd.conf.j2 b/roles/ldap-client/templates/nslcd.conf.j2 index db05bdc..ab8d556 100644 --- a/roles/ldap-client/templates/nslcd.conf.j2 +++ b/roles/ldap-client/templates/nslcd.conf.j2 @@ -5,11 +5,16 @@ uid nslcd gid nslcd # The location at which the LDAP server(s) should be reachable. -{% if ldap_local_replica_uri is defined %} -{% for uri in ldap_local_replica_uri %} +{% if 'fleming_vm' in group_names or 'fleming_pve' in group_names %} +{% for uri in groups['ldap_replica_fleming'] %} uri {{ uri }} {% endfor %} {% endif %} +{% if 'pacaterie_vm' in group_names or 'pacaterie_pve' in group_names %} +{% for uri in groups['ldap_replica_pacaterie'] %} +uri ldap://{{ uri }} +{% endfor %} +{% endif %} uri {{ ldap_master_uri }} # The search base that will be used for all queries.