added ldap-replica support for ldap-clients of pacaterie and fleming

2020-02-20 18:42:34 +01:00 · 2020-02-20 18:42:34 +01:00 · 3a399bd04c
commit 3a399bd04c
parent 73a22ba77f
5 changed files with 229 additions and 53 deletions
--- a/base.yml
+++ b/base.yml
@ -12,6 +12,6 @@
 # Clone LDAP on local geographic location
 # DON'T DO THIS AS IT RECREATES THE REPLICA
-# - hosts: ldap-replica
+#- hosts: ldap-replica
 #  roles:
 #    - ldap-replica
--- a/copy_keys_to_aurore.sh
+++ b/copy_keys_to_aurore.sh
@ -0,0 +1,4 @@
 #!/bin/bash
 for ip in `cat hosts|grep .adm.auro.re`; do
    sshpass -v -p "6+Fwa9h2L>L6]C*y" ssh-copy-id -o StrictHostKeyChecking=no fpoutre@$ip
 done
--- a/98
+++ b/98
@ -6,44 +6,44 @@
 # > Then we regroup everything in global geographic and type groups.
 [aurore_pve]
-merlin.adm.auro.re
+#merlin.adm.auro.re
 [aurore_vm]
-radius-aurore.adm.auro.re
+#radius-aurore.adm.auro.re
 [ovh_pve]
-horus.adm.auro.re
+#horus.adm.auro.re
 [ovh_container]
-synapse.adm.auro.re
+#synapse.adm.auro.re
-services-bdd.adm.auro.re
+#services-bdd.adm.auro.re
-phabricator.adm.auro.re
+#phabricator.adm.auro.re
-wiki.adm.auro.re
+#wiki.adm.auro.re
-www.adm.auro.re
+#www.adm.auro.re
-proxy.adm.auro.re
+#proxy.adm.auro.re
-matrix-services.adm.auro.re
+#matrix-services.adm.auro.re
 [ovh_vm]
-re2o-server.adm.auro.re
+#re2o-server.adm.auro.re
-re2o-ldap.adm.auro.re
+#re2o-ldap.adm.auro.re
-re2o-db.adm.auro.re
+#re2o-db.adm.auro.re
-serge.adm.auro.re
+#serge.adm.auro.re
-passbolt.adm.auro.re
+#passbolt.adm.auro.re
-vpn-ovh.adm.auro.re
+#vpn-ovh.adm.auro.re
-docker-ovh.adm.auro.re
+#docker-ovh.adm.auro.re
-switchs-manager.adm.auro.re
+#switchs-manager.adm.auro.re
-radius-aurore.adm.auro.re
+#radius-aurore.adm.auro.re
 [ovh_testing_vm]
-re2o-test.adm.auro.re
+#re2o-test.adm.auro.re
 [fleming_pve]
 freya.adm.auro.re
 marki.adm.auro.re
 [fleming_vm]
-ldap-replica-fleming1.adm.auro.re
+ldap-replica-fleming.adm.auro.re
-ldap-replica-fleming2.adm.auro.re
+ldap-replica-fleming-backup.adm.auro.re
 dhcp-fleming.adm.auro.re
 dhcp-fleming-backup.adm.auro.re
 dns-fleming.adm.auro.re
@ -74,25 +74,25 @@ routeur-pacaterie.adm.auro.re
 routeur-pacaterie-backup.adm.auro.re
 [edc_pve]
-chapalux.adm.auro.re
+#chapalux.adm.auro.re
 [edc_vm]
-routeur-edc.adm.auro.re
+#routeur-edc.adm.auro.re
-dns-edc.adm.auro.re
+#dns-edc.adm.auro.re
-dhcp-edc.adm.auro.re
+#dhcp-edc.adm.auro.re
-unifi-edc.adm.auro.re
+#unifi-edc.adm.auro.re
-radius-edc.adm.auro.re
+#radius-edc.adm.auro.re
-routeur-aurore.adm.auro.re
+#routeur-aurore.adm.auro.re
 [gs_pve]
-perceval.adm.auro.re
+#perceval.adm.auro.re
 [gs_vm]
-routeur-gs.adm.auro.re
+#routeur-gs.adm.auro.re
-unifi-gs.adm.auro.re
+#unifi-gs.adm.auro.re
-radius-gs.adm.auro.re
+#radius-gs.adm.auro.re
-dns-gs.adm.auro.re
+#dns-gs.adm.auro.re
-dhcp-gs.adm.auro.re
+#dhcp-gs.adm.auro.re
 # everything at ovh
 [ovh:children]
@ -144,23 +144,25 @@ edc_pve
 gs_pve
 [dhcp]
-dhcp-fleming.adm.auro.re
+#dhcp-fleming.adm.auro.re
-dhcp-fleming-backup.adm.auro.re
+#dhcp-fleming-backup.adm.auro.re
-dhcp-pacaterie.adm.auro.re
+#dhcp-pacaterie.adm.auro.re
-dhcp-pacaterie-backup.adm.auro.re
+#dhcp-pacaterie-backup.adm.auro.re
-dhcp-edc.adm.auro.re
+#dhcp-edc.adm.auro.re
-dhcp-gs.adm.auro.re
+#dhcp-gs.adm.auro.re
 [dns]
-dns-fleming.adm.auro.re
+#dns-fleming.adm.auro.re
-dns-fleming-backup.adm.auro.re
+#dns-fleming-backup.adm.auro.re
-dns-pacaterie.adm.auro.re
+#dns-pacaterie.adm.auro.re
-dns-pacaterie-backup.adm.auro.re
+#dns-pacaterie-backup.adm.auro.re
-dns-edc.adm.auro.re
+#dns-edc.adm.auro.re
-dns-gs.adm.auro.re
+#dns-gs.adm.auro.re
-[ldap-replica]
+[ldap_replica_fleming]
 ldap-replica-fleming.adm.auro.re
 ldap-replica-fleming-backup.adm.auro.re
 [ldap_replica_pacaterie]
 ldap-replica-pacaterie.adm.auro.re
 ldap-replica-pacaterie-backup.adm.auro.re
--- a/hosts.save.1
+++ b/hosts.save.1
@ -0,0 +1,165 @@
 # Aurore servers inventory
 # How to name your server ?
 # > We name servers according to location, then type.
 # > So all containers at OVH are in ovh-container.
 # > Then we regroup everything in global geographic and type groups.
 [aurore_pve]
 merlin.adm.auro.re
 [aurore_vm]
 radius-aurore.adm.auro.re
 [ovh_pve]
 horus.adm.auro.re
 [ovh_container]
 synapse.adm.auro.re
 services-bdd.adm.auro.re
 phabricator.adm.auro.re
 wiki.adm.auro.re
 www.adm.auro.re
 proxy.adm.auro.re
 matrix-services.adm.auro.re
 [ovh_vm]
 re2o-server.adm.auro.re
 re2o-ldap.adm.auro.re
 re2o-db.adm.auro.re
 serge.adm.auro.re
 passbolt.adm.auro.re
 vpn-ovh.adm.auro.re
 docker-ovh.adm.auro.re
 switchs-manager.adm.auro.re
 radius-aurore.adm.auro.re
 [ovh_testing_vm]
 re2o-test.adm.auro.re
 [fleming_pve]
 freya.adm.auro.re
 marki.adm.auro.re
 [fleming_vm]
 ldap-replica-fleming.adm.auro.re
 ldap-replica-fleming-backup.adm.auro.re
 dhcp-fleming.adm.auro.re
 dhcp-fleming-backup.adm.auro.re
 dns-fleming.adm.auro.re
 dns-fleming-backup.adm.auro.re
 prometheus-fleming.adm.auro.re
 radius-fleming.adm.auro.re
 radius-fleming-backup.adm.auro.re
 unifi-fleming.adm.auro.re
 routeur-fleming.adm.auro.re
 routeur-fleming-backup.adm.auro.re
 [pacaterie_pve]
 mordred.adm.auro.re
 titan.adm.auro.re
 [pacaterie_vm]
 ldap-replica-pacaterie.adm.auro.re
 ldap-replica-pacaterie-backup.adm.auro.re
 dhcp-pacaterie.adm.auro.re
 dhcp-pacaterie-backup.adm.auro.re
 dns-pacaterie.adm.auro.re
 dns-pacaterie-backup.adm.auro.re
 prometheus-pacaterie.adm.auro.re
 radius-pacaterie.adm.auro.re
 radius-pacaterie-backup.adm.auro.re
 unifi-pacaterie.adm.auro.re
 routeur-pacaterie.adm.auro.re
 routeur-pacaterie-backup.adm.auro.re
 [edc_pve]
 chapalux.adm.auro.re
 [edc_vm]
 routeur-edc.adm.auro.re
 dns-edc.adm.auro.re
 dhcp-edc.adm.auro.re
 unifi-edc.adm.auro.re
 radius-edc.adm.auro.re
 routeur-aurore.adm.auro.re
 [gs_pve]
 perceval.adm.auro.re
 [gs_vm]
 routeur-gs.adm.auro.re
 unifi-gs.adm.auro.re
 radius-gs.adm.auro.re
 dns-gs.adm.auro.re
 dhcp-gs.adm.auro.re
 # everything at ovh
 [ovh:children]
 ovh_pve
 ovh_container
 ovh_vm
 # everything at ovh_testing
 [ovh_testing:children]
 ovh_testing_vm
 # everything at fleming
 [fleming:children]
 fleming_pve
 fleming_vm
 # everything at pacaterie
 [pacaterie:children]
 pacaterie_pve
 pacaterie_vm
 # everything at edc
 [edc:children]
 edc_pve
 edc_vm
 # everything at georgesand
 [gs:children]
 gs_pve
 gs_vm
 # every LXC container
 [container:children]
 ovh_container
 # every virtual machine
 [vm:children]
 ovh_vm
 fleming_vm
 pacaterie_vm
 gs_vm
 # every PVE
 [pve:children]
 ovh_pve
 fleming_pve
 pacaterie_pve
 edc_pve
 gs_pve
 [dhcp]
 dhcp-fleming.adm.auro.re
 dhcp-fleming-backup.adm.auro.re
 dhcp-pacaterie.adm.auro.re
 dhcp-pacaterie-backup.adm.auro.re
 dhcp-edc.adm.auro.re
 dhcp-gs.adm.auro.re
 [dns]
 dns-fleming.adm.auro.re
 dns-fleming-backup.adm.auro.re
 dns-pacaterie.adm.auro.re
 dns-pacaterie-backup.adm.auro.re
 dns-edc.adm.auro.re
 dns-gs.adm.auro.re
 [ldap-replica]
 ldap-replica-fleming.adm.auro.re
 ldap-replica-fleming-backup.adm.auro.re
 ldap-replica-pacaterie-backup.adm.auro.re
--- a/roles/ldap-client/templates/nslcd.conf.j2
+++ b/roles/ldap-client/templates/nslcd.conf.j2
@ -5,11 +5,16 @@ uid nslcd
 gid nslcd
 # The location at which the LDAP server(s) should be reachable.
-{% if ldap_local_replica_uri is defined %}
+{% if 'fleming_vm' in group_names or 'fleming_pve' in group_names %}
-{% for uri in ldap_local_replica_uri %}
+{% for uri in groups['ldap_replica_fleming'] %}
 uri {{ uri }}
 {% endfor %}
 {% endif %}
 {% if 'pacaterie_vm' in group_names or 'pacaterie_pve' in group_names %}
 {% for uri in groups['ldap_replica_pacaterie'] %}
 uri ldap://{{ uri }}
 {% endfor %}
 {% endif %}
 uri {{ ldap_master_uri }}
 # The search base that will be used for all queries.