Browse Source

add uw00

merge-requests/4/head
Max Erenberg 1 year ago
parent
commit
30429a9ef4
  1. 4
      dns/templates/dnsmasq.conf.j2
  2. 7
      hosts.sample
  3. 109
      uw00/main.yml

4
dns/templates/dnsmasq.conf.j2

@ -22,6 +22,7 @@ address=/auth1.{{ base_domain }}/{{ auth1_ipv4_addr }}
cname=ldap1.{{ base_domain }},auth1.{{ base_domain }}
cname=kdc1.{{ base_domain }},auth1.{{ base_domain }}
cname=kadmin.{{ base_domain }},auth1.{{ base_domain }}
cname=ldap-master.{{ base_domain }},auth1.{{ base_domain }}
address=/fs00.{{ base_domain }}/{{ fs00_ipv4_addr }}
ptr-record={{ fs00_ipv4_addr.split('.') | reverse | join('.') }}.in-addr.arpa.,"fs00.{{ base_domain }}"
@ -31,3 +32,6 @@ ptr-record={{ phosphoric_acid_ipv4_addr.split('.') | reverse | join('.') }}.in-a
address=/cobalamin.{{ base_domain }}/{{ cobalamin_ipv4_addr }}
ptr-record={{ cobalamin_ipv4_addr.split('.') | reverse | join('.') }}.in-addr.arpa.,"cobalamin.{{ base_domain }}"
address=/uwldap.uwaterloo.ca/{{ uw00_ipv4_addr }}
ptr-record={{ uw00_ipv4_addr.split('.') | reverse | join('.') }}.in-addr.arpa.,"uwldap.uwaterloo.ca"

7
hosts.sample

@ -7,6 +7,7 @@ fs00 ansible_lxc_host=fs00
phosphoric-acid ansible_lxc_host=phosphoric-acid
cobalamin ansible_lxc_host=cobalamin
outsider ansible_lxc_host=outsider
uw00 ansible_lxc_host=uw00
[containers:vars]
ansible_connection = lxc
@ -29,12 +30,11 @@ upstream_dns = 192.168.122.1
# the IP address of the VM - this should be the VM's default outgoing
# IP address if you are using a shared bridge, or the VM's bridge
# address if you are using a standalone bridge.
#host_ipv4_addr = 192.168.100.1
host_ipv4_addr = 192.168.122.226
host_ipv4_addr = 192.168.100.1
# The IP addresses for the VMs. The outsider IP address does not really
# matter, just make sure it is in a different subnet from the others.
# Make sure to update the IP addresses of the other containers is in the
# Make sure the IP addresses of the other containers are in the
# ipv4_subnet which you specified above.
outsider_ipv4_addr = 192.168.101.2
dns_ipv4_addr = 192.168.100.4
@ -44,3 +44,4 @@ auth1_ipv4_addr = 192.168.100.117
fs00_ipv4_addr = 192.168.100.35
phosphoric_acid_ipv4_addr = 192.168.100.114
cobalamin_ipv4_addr = 192.168.100.18
uw00_ipv4_addr = 192.168.100.234

109
uw00/main.yml

@ -0,0 +1,109 @@
---
- hosts: uw00
tasks:
- name: setup networking
import_role:
name: ../roles/network_setup
vars:
ipv4_addr: "{{ uw00_ipv4_addr }}"
base_domain: uwaterloo.ca
# LDAP
- name: install LDAP packages
apt:
name: "{{ item }}"
loop:
- slapd
- ldap-utils
- ldapvi
- name: configure ldap.conf
copy:
dest: /etc/ldap/ldap.conf
content: |
BASE dc=uwaterloo,dc=ca
URI ldapi:///
TLS_CACERT /etc/ssl/certs/ca-certificates.crt
- name: give root write access to LDAP
command:
cmd: ldapmodify -Y EXTERNAL -H ldapi:///
stdin: |
dn: olcDatabase={1}mdb,cn=config
changetype: modify
replace: olcAccess
olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage by * break
olcAccess: {1}to attrs=userPassword by self write by anonymous auth by * none
olcAccess: {2}to attrs=shadowLastChange by self write by * read
olcAccess: {3}to * by * read
-
- name: delete admin record
shell:
cmd: ldapdelete -Y EXTERNAL -H ldapi:/// cn=admin,dc=uwaterloo,dc=ca || true
- name: set organization name
command:
cmd: ldapmodify -Y EXTERNAL -H ldapi:///
stdin: |
dn: dc=uwaterloo,dc=ca
changetype: modify
replace: o
o: University of Waterloo
# for inetLocalMailRecipient
- name: add misc.ldif
shell:
cmd: ldapadd -Y EXTERNAL -H ldapi:/// < /etc/ldap/schema/misc.ldif || true
- name: add people OU
shell:
cmd: ldapadd -Y EXTERNAL -H ldapi:/// || true
stdin: |
dn: ou=People,dc=uwaterloo,dc=ca
objectClass: top
objectClass: organizationalUnit
ou: People
- name: add people records
shell:
cmd: ldapadd -Y EXTERNAL -H ldapi:/// || true
stdin: |
dn: uid={{ item.uid }},ou=People,dc=uwaterloo,dc=ca
displayName: {{ item.givenName }} {{ item.sn }}
givenName: {{ item.givenName }}
sn: {{ item.sn }}
cn: {{ item.givenName }} {{ item.sn }}
mailRoutingAddress: {{ item.uid }}@connect.uwaterloo.ca
ou: MAT/Mathematics Computer Science
mailLocalAddress: {{ item.uid }}@uwaterloo.ca
objectClass: inetLocalMailRecipient
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
objectClass: top
uid: {{ item.uid }}
mail: {{ item.uid }}@uwaterloo.ca
loop:
- uid: ctdalek
givenName: Calum
sn: Dalek
- uid: regular1
givenName: Regular
sn: One
- uid: regular2
givenName: Regular
sn: Two
- uid: regular3
givenName: Regular
sn: Three
- uid: exec1
givenName: Exec
sn: One
- uid: exec2
givenName: Exec
sn: Two
- uid: exec3
givenName: Exec
sn: Three
- uid: syscom1
givenName: Syscom
sn: One
- uid: syscom2
givenName: Syscom
sn: Two
- uid: syscom3
givenName: Syscom
sn: Three
Loading…
Cancel
Save