added ldap-replica support for ldap-clients of pacaterie and fleming

2020-02-20 18:42:34 +01:00 · 2020-02-20 18:42:34 +01:00 · 3a399bd04c
commit 3a399bd04c
parent 73a22ba77f
5 changed files with 229 additions and 53 deletions
--- a/base.yml
+++ b/base.yml
@ -12,6 +12,6 @@

 # Clone LDAP on local geographic location
 # DON'T DO THIS AS IT RECREATES THE REPLICA
-# - hosts: ldap-replica
+#- hosts: ldap-replica
 #  roles:
 #    - ldap-replica
--- a/copy_keys_to_aurore.sh
+++ b/copy_keys_to_aurore.sh
@ -0,0 +1,4 @@
+#!/bin/bash
+for ip in `cat hosts|grep .adm.auro.re`; do
+    sshpass -v -p "6+Fwa9h2L>L6]C*y" ssh-copy-id -o StrictHostKeyChecking=no fpoutre@$ip
+done
--- a/98
+++ b/98
@ -6,44 +6,44 @@
 # > Then we regroup everything in global geographic and type groups.

 [aurore_pve]
-merlin.adm.auro.re
+#merlin.adm.auro.re

 [aurore_vm]
-radius-aurore.adm.auro.re
+#radius-aurore.adm.auro.re

 [ovh_pve]
-horus.adm.auro.re
+#horus.adm.auro.re

 [ovh_container]
-synapse.adm.auro.re
-services-bdd.adm.auro.re
-phabricator.adm.auro.re
-wiki.adm.auro.re
-www.adm.auro.re
-proxy.adm.auro.re
-matrix-services.adm.auro.re
+#synapse.adm.auro.re
+#services-bdd.adm.auro.re
+#phabricator.adm.auro.re
+#wiki.adm.auro.re
+#www.adm.auro.re
+#proxy.adm.auro.re
+#matrix-services.adm.auro.re

 [ovh_vm]
-re2o-server.adm.auro.re
-re2o-ldap.adm.auro.re
-re2o-db.adm.auro.re
-serge.adm.auro.re
-passbolt.adm.auro.re
-vpn-ovh.adm.auro.re
-docker-ovh.adm.auro.re
-switchs-manager.adm.auro.re
-radius-aurore.adm.auro.re
+#re2o-server.adm.auro.re
+#re2o-ldap.adm.auro.re
+#re2o-db.adm.auro.re
+#serge.adm.auro.re
+#passbolt.adm.auro.re
+#vpn-ovh.adm.auro.re
+#docker-ovh.adm.auro.re
+#switchs-manager.adm.auro.re
+#radius-aurore.adm.auro.re

 [ovh_testing_vm]
-re2o-test.adm.auro.re
+#re2o-test.adm.auro.re

 [fleming_pve]
 freya.adm.auro.re
 marki.adm.auro.re

 [fleming_vm]
-ldap-replica-fleming1.adm.auro.re
-ldap-replica-fleming2.adm.auro.re
+ldap-replica-fleming.adm.auro.re
+ldap-replica-fleming-backup.adm.auro.re
 dhcp-fleming.adm.auro.re
 dhcp-fleming-backup.adm.auro.re
 dns-fleming.adm.auro.re
@ -74,25 +74,25 @@ routeur-pacaterie.adm.auro.re
 routeur-pacaterie-backup.adm.auro.re

 [edc_pve]
-chapalux.adm.auro.re
+#chapalux.adm.auro.re

 [edc_vm]
-routeur-edc.adm.auro.re
-dns-edc.adm.auro.re
-dhcp-edc.adm.auro.re
-unifi-edc.adm.auro.re
-radius-edc.adm.auro.re
-routeur-aurore.adm.auro.re
+#routeur-edc.adm.auro.re
+#dns-edc.adm.auro.re
+#dhcp-edc.adm.auro.re
+#unifi-edc.adm.auro.re
+#radius-edc.adm.auro.re
+#routeur-aurore.adm.auro.re

 [gs_pve]
-perceval.adm.auro.re
+#perceval.adm.auro.re

 [gs_vm]
-routeur-gs.adm.auro.re
-unifi-gs.adm.auro.re
-radius-gs.adm.auro.re
-dns-gs.adm.auro.re
-dhcp-gs.adm.auro.re
+#routeur-gs.adm.auro.re
+#unifi-gs.adm.auro.re
+#radius-gs.adm.auro.re
+#dns-gs.adm.auro.re
+#dhcp-gs.adm.auro.re

 # everything at ovh
 [ovh:children]
@ -144,23 +144,25 @@ edc_pve
 gs_pve

 [dhcp]
-dhcp-fleming.adm.auro.re
-dhcp-fleming-backup.adm.auro.re
-dhcp-pacaterie.adm.auro.re
-dhcp-pacaterie-backup.adm.auro.re
-dhcp-edc.adm.auro.re
-dhcp-gs.adm.auro.re
+#dhcp-fleming.adm.auro.re
+#dhcp-fleming-backup.adm.auro.re
+#dhcp-pacaterie.adm.auro.re
+#dhcp-pacaterie-backup.adm.auro.re
+#dhcp-edc.adm.auro.re
+#dhcp-gs.adm.auro.re

 [dns]
-dns-fleming.adm.auro.re
-dns-fleming-backup.adm.auro.re
-dns-pacaterie.adm.auro.re
-dns-pacaterie-backup.adm.auro.re
-dns-edc.adm.auro.re
-dns-gs.adm.auro.re
+#dns-fleming.adm.auro.re
+#dns-fleming-backup.adm.auro.re
+#dns-pacaterie.adm.auro.re
+#dns-pacaterie-backup.adm.auro.re
+#dns-edc.adm.auro.re
+#dns-gs.adm.auro.re

-[ldap-replica]
+[ldap_replica_fleming]
 ldap-replica-fleming.adm.auro.re
 ldap-replica-fleming-backup.adm.auro.re
+
+[ldap_replica_pacaterie]
 ldap-replica-pacaterie.adm.auro.re
 ldap-replica-pacaterie-backup.adm.auro.re
--- a/hosts.save.1
+++ b/hosts.save.1
@ -0,0 +1,165 @@
+# Aurore servers inventory
+
+# How to name your server ?
+# > We name servers according to location, then type.
+# > So all containers at OVH are in ovh-container.
+# > Then we regroup everything in global geographic and type groups.
+
+[aurore_pve]
+merlin.adm.auro.re
+
+[aurore_vm]
+radius-aurore.adm.auro.re
+
+[ovh_pve]
+horus.adm.auro.re
+
+[ovh_container]
+synapse.adm.auro.re
+services-bdd.adm.auro.re
+phabricator.adm.auro.re
+wiki.adm.auro.re
+www.adm.auro.re
+proxy.adm.auro.re
+matrix-services.adm.auro.re
+
+[ovh_vm]
+re2o-server.adm.auro.re
+re2o-ldap.adm.auro.re
+re2o-db.adm.auro.re
+serge.adm.auro.re
+passbolt.adm.auro.re
+vpn-ovh.adm.auro.re
+docker-ovh.adm.auro.re
+switchs-manager.adm.auro.re
+radius-aurore.adm.auro.re
+
+[ovh_testing_vm]
+re2o-test.adm.auro.re
+
+[fleming_pve]
+freya.adm.auro.re
+marki.adm.auro.re
+
+[fleming_vm]
+ldap-replica-fleming.adm.auro.re
+ldap-replica-fleming-backup.adm.auro.re
+dhcp-fleming.adm.auro.re
+dhcp-fleming-backup.adm.auro.re
+dns-fleming.adm.auro.re
+dns-fleming-backup.adm.auro.re
+prometheus-fleming.adm.auro.re
+radius-fleming.adm.auro.re
+radius-fleming-backup.adm.auro.re
+unifi-fleming.adm.auro.re
+routeur-fleming.adm.auro.re
+routeur-fleming-backup.adm.auro.re
+
+[pacaterie_pve]
+mordred.adm.auro.re
+titan.adm.auro.re
+
+[pacaterie_vm]
+ldap-replica-pacaterie.adm.auro.re
+ldap-replica-pacaterie-backup.adm.auro.re
+dhcp-pacaterie.adm.auro.re
+dhcp-pacaterie-backup.adm.auro.re
+dns-pacaterie.adm.auro.re
+dns-pacaterie-backup.adm.auro.re
+prometheus-pacaterie.adm.auro.re
+radius-pacaterie.adm.auro.re
+radius-pacaterie-backup.adm.auro.re
+unifi-pacaterie.adm.auro.re
+routeur-pacaterie.adm.auro.re
+routeur-pacaterie-backup.adm.auro.re
+
+[edc_pve]
+chapalux.adm.auro.re
+
+[edc_vm]
+routeur-edc.adm.auro.re
+dns-edc.adm.auro.re
+dhcp-edc.adm.auro.re
+unifi-edc.adm.auro.re
+radius-edc.adm.auro.re
+routeur-aurore.adm.auro.re
+
+[gs_pve]
+perceval.adm.auro.re
+
+[gs_vm]
+routeur-gs.adm.auro.re
+unifi-gs.adm.auro.re
+radius-gs.adm.auro.re
+dns-gs.adm.auro.re
+dhcp-gs.adm.auro.re
+
+# everything at ovh
+[ovh:children]
+ovh_pve
+ovh_container
+ovh_vm
+
+# everything at ovh_testing
+[ovh_testing:children]
+ovh_testing_vm
+
+# everything at fleming
+[fleming:children]
+fleming_pve
+fleming_vm
+
+# everything at pacaterie
+[pacaterie:children]
+pacaterie_pve
+pacaterie_vm
+
+# everything at edc
+[edc:children]
+edc_pve
+edc_vm
+
+# everything at georgesand
+[gs:children]
+gs_pve
+gs_vm
+
+# every LXC container
+[container:children]
+ovh_container
+
+# every virtual machine
+[vm:children]
+ovh_vm
+fleming_vm
+pacaterie_vm
+gs_vm
+
+# every PVE
+[pve:children]
+ovh_pve
+fleming_pve
+pacaterie_pve
+edc_pve
+gs_pve
+
+[dhcp]
+dhcp-fleming.adm.auro.re
+dhcp-fleming-backup.adm.auro.re
+dhcp-pacaterie.adm.auro.re
+dhcp-pacaterie-backup.adm.auro.re
+dhcp-edc.adm.auro.re
+dhcp-gs.adm.auro.re
+
+[dns]
+dns-fleming.adm.auro.re
+dns-fleming-backup.adm.auro.re
+dns-pacaterie.adm.auro.re
+dns-pacaterie-backup.adm.auro.re
+dns-edc.adm.auro.re
+dns-gs.adm.auro.re
+
+[ldap-replica]
+ldap-replica-fleming.adm.auro.re
+ldap-replica-fleming-backup.adm.auro.re
+ldap-replica-pacaterie-backup.adm.auro.re
--- a/roles/ldap-client/templates/nslcd.conf.j2
+++ b/roles/ldap-client/templates/nslcd.conf.j2
@ -5,11 +5,16 @@ uid nslcd
 gid nslcd

 # The location at which the LDAP server(s) should be reachable.
-{% if ldap_local_replica_uri is defined %}
-{% for uri in ldap_local_replica_uri %}
+{% if 'fleming_vm' in group_names or 'fleming_pve' in group_names %}
+{% for uri in groups['ldap_replica_fleming'] %}
 uri {{ uri }}
 {% endfor %}
 {% endif %}
+{% if 'pacaterie_vm' in group_names or 'pacaterie_pve' in group_names %}
+{% for uri in groups['ldap_replica_pacaterie'] %}
+uri ldap://{{ uri }}
+{% endfor %}
+{% endif %}
 uri {{ ldap_master_uri }}

 # The search base that will be used for all queries.