From 30429a9ef46f0bdbcb11058c57e98e027ad35e6d Mon Sep 17 00:00:00 2001 From: Max Erenberg Date: Thu, 1 Jul 2021 21:51:47 -0400 Subject: [PATCH] add uw00 --- dns/templates/dnsmasq.conf.j2 | 4 ++ hosts.sample | 7 ++- uw00/main.yml | 109 ++++++++++++++++++++++++++++++++++ 3 files changed, 117 insertions(+), 3 deletions(-) create mode 100644 uw00/main.yml diff --git a/dns/templates/dnsmasq.conf.j2 b/dns/templates/dnsmasq.conf.j2 index e6bd4bf..8b437f6 100644 --- a/dns/templates/dnsmasq.conf.j2 +++ b/dns/templates/dnsmasq.conf.j2 @@ -22,6 +22,7 @@ address=/auth1.{{ base_domain }}/{{ auth1_ipv4_addr }} cname=ldap1.{{ base_domain }},auth1.{{ base_domain }} cname=kdc1.{{ base_domain }},auth1.{{ base_domain }} cname=kadmin.{{ base_domain }},auth1.{{ base_domain }} +cname=ldap-master.{{ base_domain }},auth1.{{ base_domain }} address=/fs00.{{ base_domain }}/{{ fs00_ipv4_addr }} ptr-record={{ fs00_ipv4_addr.split('.') | reverse | join('.') }}.in-addr.arpa.,"fs00.{{ base_domain }}" @@ -31,3 +32,6 @@ ptr-record={{ phosphoric_acid_ipv4_addr.split('.') | reverse | join('.') }}.in-a address=/cobalamin.{{ base_domain }}/{{ cobalamin_ipv4_addr }} ptr-record={{ cobalamin_ipv4_addr.split('.') | reverse | join('.') }}.in-addr.arpa.,"cobalamin.{{ base_domain }}" + +address=/uwldap.uwaterloo.ca/{{ uw00_ipv4_addr }} +ptr-record={{ uw00_ipv4_addr.split('.') | reverse | join('.') }}.in-addr.arpa.,"uwldap.uwaterloo.ca" diff --git a/hosts.sample b/hosts.sample index ccc2e80..ad96c03 100644 --- a/hosts.sample +++ b/hosts.sample @@ -7,6 +7,7 @@ fs00 ansible_lxc_host=fs00 phosphoric-acid ansible_lxc_host=phosphoric-acid cobalamin ansible_lxc_host=cobalamin outsider ansible_lxc_host=outsider +uw00 ansible_lxc_host=uw00 [containers:vars] ansible_connection = lxc @@ -29,12 +30,11 @@ upstream_dns = 192.168.122.1 # the IP address of the VM - this should be the VM's default outgoing # IP address if you are using a shared bridge, or the VM's bridge # address if you are using a standalone bridge. -#host_ipv4_addr = 192.168.100.1 -host_ipv4_addr = 192.168.122.226 +host_ipv4_addr = 192.168.100.1 # The IP addresses for the VMs. The outsider IP address does not really # matter, just make sure it is in a different subnet from the others. -# Make sure to update the IP addresses of the other containers is in the +# Make sure the IP addresses of the other containers are in the # ipv4_subnet which you specified above. outsider_ipv4_addr = 192.168.101.2 dns_ipv4_addr = 192.168.100.4 @@ -44,3 +44,4 @@ auth1_ipv4_addr = 192.168.100.117 fs00_ipv4_addr = 192.168.100.35 phosphoric_acid_ipv4_addr = 192.168.100.114 cobalamin_ipv4_addr = 192.168.100.18 +uw00_ipv4_addr = 192.168.100.234 diff --git a/uw00/main.yml b/uw00/main.yml new file mode 100644 index 0000000..cfaa26a --- /dev/null +++ b/uw00/main.yml @@ -0,0 +1,109 @@ +--- +- hosts: uw00 + tasks: + - name: setup networking + import_role: + name: ../roles/network_setup + vars: + ipv4_addr: "{{ uw00_ipv4_addr }}" + base_domain: uwaterloo.ca + # LDAP + - name: install LDAP packages + apt: + name: "{{ item }}" + loop: + - slapd + - ldap-utils + - ldapvi + - name: configure ldap.conf + copy: + dest: /etc/ldap/ldap.conf + content: | + BASE dc=uwaterloo,dc=ca + URI ldapi:/// + TLS_CACERT /etc/ssl/certs/ca-certificates.crt + - name: give root write access to LDAP + command: + cmd: ldapmodify -Y EXTERNAL -H ldapi:/// + stdin: | + dn: olcDatabase={1}mdb,cn=config + changetype: modify + replace: olcAccess + olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage by * break + olcAccess: {1}to attrs=userPassword by self write by anonymous auth by * none + olcAccess: {2}to attrs=shadowLastChange by self write by * read + olcAccess: {3}to * by * read + - + - name: delete admin record + shell: + cmd: ldapdelete -Y EXTERNAL -H ldapi:/// cn=admin,dc=uwaterloo,dc=ca || true + - name: set organization name + command: + cmd: ldapmodify -Y EXTERNAL -H ldapi:/// + stdin: | + dn: dc=uwaterloo,dc=ca + changetype: modify + replace: o + o: University of Waterloo + # for inetLocalMailRecipient + - name: add misc.ldif + shell: + cmd: ldapadd -Y EXTERNAL -H ldapi:/// < /etc/ldap/schema/misc.ldif || true + - name: add people OU + shell: + cmd: ldapadd -Y EXTERNAL -H ldapi:/// || true + stdin: | + dn: ou=People,dc=uwaterloo,dc=ca + objectClass: top + objectClass: organizationalUnit + ou: People + - name: add people records + shell: + cmd: ldapadd -Y EXTERNAL -H ldapi:/// || true + stdin: | + dn: uid={{ item.uid }},ou=People,dc=uwaterloo,dc=ca + displayName: {{ item.givenName }} {{ item.sn }} + givenName: {{ item.givenName }} + sn: {{ item.sn }} + cn: {{ item.givenName }} {{ item.sn }} + mailRoutingAddress: {{ item.uid }}@connect.uwaterloo.ca + ou: MAT/Mathematics Computer Science + mailLocalAddress: {{ item.uid }}@uwaterloo.ca + objectClass: inetLocalMailRecipient + objectClass: inetOrgPerson + objectClass: organizationalPerson + objectClass: person + objectClass: top + uid: {{ item.uid }} + mail: {{ item.uid }}@uwaterloo.ca + loop: + - uid: ctdalek + givenName: Calum + sn: Dalek + - uid: regular1 + givenName: Regular + sn: One + - uid: regular2 + givenName: Regular + sn: Two + - uid: regular3 + givenName: Regular + sn: Three + - uid: exec1 + givenName: Exec + sn: One + - uid: exec2 + givenName: Exec + sn: Two + - uid: exec3 + givenName: Exec + sn: Three + - uid: syscom1 + givenName: Syscom + sn: One + - uid: syscom2 + givenName: Syscom + sn: Two + - uid: syscom3 + givenName: Syscom + sn: Three