added ldap-replica support for ldap-clients of pacaterie and fleming

This commit is contained in:
fpoutre 2020-02-20 18:42:34 +01:00
parent 73a22ba77f
commit 3a399bd04c
5 changed files with 229 additions and 53 deletions

4
copy_keys_to_aurore.sh Executable file
View file

@ -0,0 +1,4 @@
#!/bin/bash
for ip in `cat hosts|grep .adm.auro.re`; do
sshpass -v -p "6+Fwa9h2L>L6]C*y" ssh-copy-id -o StrictHostKeyChecking=no fpoutre@$ip
done

98
hosts
View file

@ -6,44 +6,44 @@
# > Then we regroup everything in global geographic and type groups. # > Then we regroup everything in global geographic and type groups.
[aurore_pve] [aurore_pve]
merlin.adm.auro.re #merlin.adm.auro.re
[aurore_vm] [aurore_vm]
radius-aurore.adm.auro.re #radius-aurore.adm.auro.re
[ovh_pve] [ovh_pve]
horus.adm.auro.re #horus.adm.auro.re
[ovh_container] [ovh_container]
synapse.adm.auro.re #synapse.adm.auro.re
services-bdd.adm.auro.re #services-bdd.adm.auro.re
phabricator.adm.auro.re #phabricator.adm.auro.re
wiki.adm.auro.re #wiki.adm.auro.re
www.adm.auro.re #www.adm.auro.re
proxy.adm.auro.re #proxy.adm.auro.re
matrix-services.adm.auro.re #matrix-services.adm.auro.re
[ovh_vm] [ovh_vm]
re2o-server.adm.auro.re #re2o-server.adm.auro.re
re2o-ldap.adm.auro.re #re2o-ldap.adm.auro.re
re2o-db.adm.auro.re #re2o-db.adm.auro.re
serge.adm.auro.re #serge.adm.auro.re
passbolt.adm.auro.re #passbolt.adm.auro.re
vpn-ovh.adm.auro.re #vpn-ovh.adm.auro.re
docker-ovh.adm.auro.re #docker-ovh.adm.auro.re
switchs-manager.adm.auro.re #switchs-manager.adm.auro.re
radius-aurore.adm.auro.re #radius-aurore.adm.auro.re
[ovh_testing_vm] [ovh_testing_vm]
re2o-test.adm.auro.re #re2o-test.adm.auro.re
[fleming_pve] [fleming_pve]
freya.adm.auro.re freya.adm.auro.re
marki.adm.auro.re marki.adm.auro.re
[fleming_vm] [fleming_vm]
ldap-replica-fleming1.adm.auro.re ldap-replica-fleming.adm.auro.re
ldap-replica-fleming2.adm.auro.re ldap-replica-fleming-backup.adm.auro.re
dhcp-fleming.adm.auro.re dhcp-fleming.adm.auro.re
dhcp-fleming-backup.adm.auro.re dhcp-fleming-backup.adm.auro.re
dns-fleming.adm.auro.re dns-fleming.adm.auro.re
@ -74,25 +74,25 @@ routeur-pacaterie.adm.auro.re
routeur-pacaterie-backup.adm.auro.re routeur-pacaterie-backup.adm.auro.re
[edc_pve] [edc_pve]
chapalux.adm.auro.re #chapalux.adm.auro.re
[edc_vm] [edc_vm]
routeur-edc.adm.auro.re #routeur-edc.adm.auro.re
dns-edc.adm.auro.re #dns-edc.adm.auro.re
dhcp-edc.adm.auro.re #dhcp-edc.adm.auro.re
unifi-edc.adm.auro.re #unifi-edc.adm.auro.re
radius-edc.adm.auro.re #radius-edc.adm.auro.re
routeur-aurore.adm.auro.re #routeur-aurore.adm.auro.re
[gs_pve] [gs_pve]
perceval.adm.auro.re #perceval.adm.auro.re
[gs_vm] [gs_vm]
routeur-gs.adm.auro.re #routeur-gs.adm.auro.re
unifi-gs.adm.auro.re #unifi-gs.adm.auro.re
radius-gs.adm.auro.re #radius-gs.adm.auro.re
dns-gs.adm.auro.re #dns-gs.adm.auro.re
dhcp-gs.adm.auro.re #dhcp-gs.adm.auro.re
# everything at ovh # everything at ovh
[ovh:children] [ovh:children]
@ -144,23 +144,25 @@ edc_pve
gs_pve gs_pve
[dhcp] [dhcp]
dhcp-fleming.adm.auro.re #dhcp-fleming.adm.auro.re
dhcp-fleming-backup.adm.auro.re #dhcp-fleming-backup.adm.auro.re
dhcp-pacaterie.adm.auro.re #dhcp-pacaterie.adm.auro.re
dhcp-pacaterie-backup.adm.auro.re #dhcp-pacaterie-backup.adm.auro.re
dhcp-edc.adm.auro.re #dhcp-edc.adm.auro.re
dhcp-gs.adm.auro.re #dhcp-gs.adm.auro.re
[dns] [dns]
dns-fleming.adm.auro.re #dns-fleming.adm.auro.re
dns-fleming-backup.adm.auro.re #dns-fleming-backup.adm.auro.re
dns-pacaterie.adm.auro.re #dns-pacaterie.adm.auro.re
dns-pacaterie-backup.adm.auro.re #dns-pacaterie-backup.adm.auro.re
dns-edc.adm.auro.re #dns-edc.adm.auro.re
dns-gs.adm.auro.re #dns-gs.adm.auro.re
[ldap-replica] [ldap_replica_fleming]
ldap-replica-fleming.adm.auro.re ldap-replica-fleming.adm.auro.re
ldap-replica-fleming-backup.adm.auro.re ldap-replica-fleming-backup.adm.auro.re
[ldap_replica_pacaterie]
ldap-replica-pacaterie.adm.auro.re ldap-replica-pacaterie.adm.auro.re
ldap-replica-pacaterie-backup.adm.auro.re ldap-replica-pacaterie-backup.adm.auro.re

165
hosts.save.1 Normal file
View file

@ -0,0 +1,165 @@
# Aurore servers inventory
# How to name your server ?
# > We name servers according to location, then type.
# > So all containers at OVH are in ovh-container.
# > Then we regroup everything in global geographic and type groups.
[aurore_pve]
merlin.adm.auro.re
[aurore_vm]
radius-aurore.adm.auro.re
[ovh_pve]
horus.adm.auro.re
[ovh_container]
synapse.adm.auro.re
services-bdd.adm.auro.re
phabricator.adm.auro.re
wiki.adm.auro.re
www.adm.auro.re
proxy.adm.auro.re
matrix-services.adm.auro.re
[ovh_vm]
re2o-server.adm.auro.re
re2o-ldap.adm.auro.re
re2o-db.adm.auro.re
serge.adm.auro.re
passbolt.adm.auro.re
vpn-ovh.adm.auro.re
docker-ovh.adm.auro.re
switchs-manager.adm.auro.re
radius-aurore.adm.auro.re
[ovh_testing_vm]
re2o-test.adm.auro.re
[fleming_pve]
freya.adm.auro.re
marki.adm.auro.re
[fleming_vm]
ldap-replica-fleming.adm.auro.re
ldap-replica-fleming-backup.adm.auro.re
dhcp-fleming.adm.auro.re
dhcp-fleming-backup.adm.auro.re
dns-fleming.adm.auro.re
dns-fleming-backup.adm.auro.re
prometheus-fleming.adm.auro.re
radius-fleming.adm.auro.re
radius-fleming-backup.adm.auro.re
unifi-fleming.adm.auro.re
routeur-fleming.adm.auro.re
routeur-fleming-backup.adm.auro.re
[pacaterie_pve]
mordred.adm.auro.re
titan.adm.auro.re
[pacaterie_vm]
ldap-replica-pacaterie.adm.auro.re
ldap-replica-pacaterie-backup.adm.auro.re
dhcp-pacaterie.adm.auro.re
dhcp-pacaterie-backup.adm.auro.re
dns-pacaterie.adm.auro.re
dns-pacaterie-backup.adm.auro.re
prometheus-pacaterie.adm.auro.re
radius-pacaterie.adm.auro.re
radius-pacaterie-backup.adm.auro.re
unifi-pacaterie.adm.auro.re
routeur-pacaterie.adm.auro.re
routeur-pacaterie-backup.adm.auro.re
[edc_pve]
chapalux.adm.auro.re
[edc_vm]
routeur-edc.adm.auro.re
dns-edc.adm.auro.re
dhcp-edc.adm.auro.re
unifi-edc.adm.auro.re
radius-edc.adm.auro.re
routeur-aurore.adm.auro.re
[gs_pve]
perceval.adm.auro.re
[gs_vm]
routeur-gs.adm.auro.re
unifi-gs.adm.auro.re
radius-gs.adm.auro.re
dns-gs.adm.auro.re
dhcp-gs.adm.auro.re
# everything at ovh
[ovh:children]
ovh_pve
ovh_container
ovh_vm
# everything at ovh_testing
[ovh_testing:children]
ovh_testing_vm
# everything at fleming
[fleming:children]
fleming_pve
fleming_vm
# everything at pacaterie
[pacaterie:children]
pacaterie_pve
pacaterie_vm
# everything at edc
[edc:children]
edc_pve
edc_vm
# everything at georgesand
[gs:children]
gs_pve
gs_vm
# every LXC container
[container:children]
ovh_container
# every virtual machine
[vm:children]
ovh_vm
fleming_vm
pacaterie_vm
gs_vm
# every PVE
[pve:children]
ovh_pve
fleming_pve
pacaterie_pve
edc_pve
gs_pve
[dhcp]
dhcp-fleming.adm.auro.re
dhcp-fleming-backup.adm.auro.re
dhcp-pacaterie.adm.auro.re
dhcp-pacaterie-backup.adm.auro.re
dhcp-edc.adm.auro.re
dhcp-gs.adm.auro.re
[dns]
dns-fleming.adm.auro.re
dns-fleming-backup.adm.auro.re
dns-pacaterie.adm.auro.re
dns-pacaterie-backup.adm.auro.re
dns-edc.adm.auro.re
dns-gs.adm.auro.re
[ldap-replica]
ldap-replica-fleming.adm.auro.re
ldap-replica-fleming-backup.adm.auro.re
ldap-replica-pacaterie-backup.adm.auro.re

View file

@ -5,11 +5,16 @@ uid nslcd
gid nslcd gid nslcd
# The location at which the LDAP server(s) should be reachable. # The location at which the LDAP server(s) should be reachable.
{% if ldap_local_replica_uri is defined %} {% if 'fleming_vm' in group_names or 'fleming_pve' in group_names %}
{% for uri in ldap_local_replica_uri %} {% for uri in groups['ldap_replica_fleming'] %}
uri {{ uri }} uri {{ uri }}
{% endfor %} {% endfor %}
{% endif %} {% endif %}
{% if 'pacaterie_vm' in group_names or 'pacaterie_pve' in group_names %}
{% for uri in groups['ldap_replica_pacaterie'] %}
uri ldap://{{ uri }}
{% endfor %}
{% endif %}
uri {{ ldap_master_uri }} uri {{ ldap_master_uri }}
# The search base that will be used for all queries. # The search base that will be used for all queries.