add uw00
This commit is contained in:
parent
09ad06cac3
commit
30429a9ef4
|
@ -22,6 +22,7 @@ address=/auth1.{{ base_domain }}/{{ auth1_ipv4_addr }}
|
||||||
cname=ldap1.{{ base_domain }},auth1.{{ base_domain }}
|
cname=ldap1.{{ base_domain }},auth1.{{ base_domain }}
|
||||||
cname=kdc1.{{ base_domain }},auth1.{{ base_domain }}
|
cname=kdc1.{{ base_domain }},auth1.{{ base_domain }}
|
||||||
cname=kadmin.{{ base_domain }},auth1.{{ base_domain }}
|
cname=kadmin.{{ base_domain }},auth1.{{ base_domain }}
|
||||||
|
cname=ldap-master.{{ base_domain }},auth1.{{ base_domain }}
|
||||||
|
|
||||||
address=/fs00.{{ base_domain }}/{{ fs00_ipv4_addr }}
|
address=/fs00.{{ base_domain }}/{{ fs00_ipv4_addr }}
|
||||||
ptr-record={{ fs00_ipv4_addr.split('.') | reverse | join('.') }}.in-addr.arpa.,"fs00.{{ base_domain }}"
|
ptr-record={{ fs00_ipv4_addr.split('.') | reverse | join('.') }}.in-addr.arpa.,"fs00.{{ base_domain }}"
|
||||||
|
@ -31,3 +32,6 @@ ptr-record={{ phosphoric_acid_ipv4_addr.split('.') | reverse | join('.') }}.in-a
|
||||||
|
|
||||||
address=/cobalamin.{{ base_domain }}/{{ cobalamin_ipv4_addr }}
|
address=/cobalamin.{{ base_domain }}/{{ cobalamin_ipv4_addr }}
|
||||||
ptr-record={{ cobalamin_ipv4_addr.split('.') | reverse | join('.') }}.in-addr.arpa.,"cobalamin.{{ base_domain }}"
|
ptr-record={{ cobalamin_ipv4_addr.split('.') | reverse | join('.') }}.in-addr.arpa.,"cobalamin.{{ base_domain }}"
|
||||||
|
|
||||||
|
address=/uwldap.uwaterloo.ca/{{ uw00_ipv4_addr }}
|
||||||
|
ptr-record={{ uw00_ipv4_addr.split('.') | reverse | join('.') }}.in-addr.arpa.,"uwldap.uwaterloo.ca"
|
||||||
|
|
|
@ -7,6 +7,7 @@ fs00 ansible_lxc_host=fs00
|
||||||
phosphoric-acid ansible_lxc_host=phosphoric-acid
|
phosphoric-acid ansible_lxc_host=phosphoric-acid
|
||||||
cobalamin ansible_lxc_host=cobalamin
|
cobalamin ansible_lxc_host=cobalamin
|
||||||
outsider ansible_lxc_host=outsider
|
outsider ansible_lxc_host=outsider
|
||||||
|
uw00 ansible_lxc_host=uw00
|
||||||
|
|
||||||
[containers:vars]
|
[containers:vars]
|
||||||
ansible_connection = lxc
|
ansible_connection = lxc
|
||||||
|
@ -29,12 +30,11 @@ upstream_dns = 192.168.122.1
|
||||||
# the IP address of the VM - this should be the VM's default outgoing
|
# the IP address of the VM - this should be the VM's default outgoing
|
||||||
# IP address if you are using a shared bridge, or the VM's bridge
|
# IP address if you are using a shared bridge, or the VM's bridge
|
||||||
# address if you are using a standalone bridge.
|
# address if you are using a standalone bridge.
|
||||||
#host_ipv4_addr = 192.168.100.1
|
host_ipv4_addr = 192.168.100.1
|
||||||
host_ipv4_addr = 192.168.122.226
|
|
||||||
|
|
||||||
# The IP addresses for the VMs. The outsider IP address does not really
|
# The IP addresses for the VMs. The outsider IP address does not really
|
||||||
# matter, just make sure it is in a different subnet from the others.
|
# matter, just make sure it is in a different subnet from the others.
|
||||||
# Make sure to update the IP addresses of the other containers is in the
|
# Make sure the IP addresses of the other containers are in the
|
||||||
# ipv4_subnet which you specified above.
|
# ipv4_subnet which you specified above.
|
||||||
outsider_ipv4_addr = 192.168.101.2
|
outsider_ipv4_addr = 192.168.101.2
|
||||||
dns_ipv4_addr = 192.168.100.4
|
dns_ipv4_addr = 192.168.100.4
|
||||||
|
@ -44,3 +44,4 @@ auth1_ipv4_addr = 192.168.100.117
|
||||||
fs00_ipv4_addr = 192.168.100.35
|
fs00_ipv4_addr = 192.168.100.35
|
||||||
phosphoric_acid_ipv4_addr = 192.168.100.114
|
phosphoric_acid_ipv4_addr = 192.168.100.114
|
||||||
cobalamin_ipv4_addr = 192.168.100.18
|
cobalamin_ipv4_addr = 192.168.100.18
|
||||||
|
uw00_ipv4_addr = 192.168.100.234
|
||||||
|
|
|
@ -0,0 +1,109 @@
|
||||||
|
---
|
||||||
|
- hosts: uw00
|
||||||
|
tasks:
|
||||||
|
- name: setup networking
|
||||||
|
import_role:
|
||||||
|
name: ../roles/network_setup
|
||||||
|
vars:
|
||||||
|
ipv4_addr: "{{ uw00_ipv4_addr }}"
|
||||||
|
base_domain: uwaterloo.ca
|
||||||
|
# LDAP
|
||||||
|
- name: install LDAP packages
|
||||||
|
apt:
|
||||||
|
name: "{{ item }}"
|
||||||
|
loop:
|
||||||
|
- slapd
|
||||||
|
- ldap-utils
|
||||||
|
- ldapvi
|
||||||
|
- name: configure ldap.conf
|
||||||
|
copy:
|
||||||
|
dest: /etc/ldap/ldap.conf
|
||||||
|
content: |
|
||||||
|
BASE dc=uwaterloo,dc=ca
|
||||||
|
URI ldapi:///
|
||||||
|
TLS_CACERT /etc/ssl/certs/ca-certificates.crt
|
||||||
|
- name: give root write access to LDAP
|
||||||
|
command:
|
||||||
|
cmd: ldapmodify -Y EXTERNAL -H ldapi:///
|
||||||
|
stdin: |
|
||||||
|
dn: olcDatabase={1}mdb,cn=config
|
||||||
|
changetype: modify
|
||||||
|
replace: olcAccess
|
||||||
|
olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage by * break
|
||||||
|
olcAccess: {1}to attrs=userPassword by self write by anonymous auth by * none
|
||||||
|
olcAccess: {2}to attrs=shadowLastChange by self write by * read
|
||||||
|
olcAccess: {3}to * by * read
|
||||||
|
-
|
||||||
|
- name: delete admin record
|
||||||
|
shell:
|
||||||
|
cmd: ldapdelete -Y EXTERNAL -H ldapi:/// cn=admin,dc=uwaterloo,dc=ca || true
|
||||||
|
- name: set organization name
|
||||||
|
command:
|
||||||
|
cmd: ldapmodify -Y EXTERNAL -H ldapi:///
|
||||||
|
stdin: |
|
||||||
|
dn: dc=uwaterloo,dc=ca
|
||||||
|
changetype: modify
|
||||||
|
replace: o
|
||||||
|
o: University of Waterloo
|
||||||
|
# for inetLocalMailRecipient
|
||||||
|
- name: add misc.ldif
|
||||||
|
shell:
|
||||||
|
cmd: ldapadd -Y EXTERNAL -H ldapi:/// < /etc/ldap/schema/misc.ldif || true
|
||||||
|
- name: add people OU
|
||||||
|
shell:
|
||||||
|
cmd: ldapadd -Y EXTERNAL -H ldapi:/// || true
|
||||||
|
stdin: |
|
||||||
|
dn: ou=People,dc=uwaterloo,dc=ca
|
||||||
|
objectClass: top
|
||||||
|
objectClass: organizationalUnit
|
||||||
|
ou: People
|
||||||
|
- name: add people records
|
||||||
|
shell:
|
||||||
|
cmd: ldapadd -Y EXTERNAL -H ldapi:/// || true
|
||||||
|
stdin: |
|
||||||
|
dn: uid={{ item.uid }},ou=People,dc=uwaterloo,dc=ca
|
||||||
|
displayName: {{ item.givenName }} {{ item.sn }}
|
||||||
|
givenName: {{ item.givenName }}
|
||||||
|
sn: {{ item.sn }}
|
||||||
|
cn: {{ item.givenName }} {{ item.sn }}
|
||||||
|
mailRoutingAddress: {{ item.uid }}@connect.uwaterloo.ca
|
||||||
|
ou: MAT/Mathematics Computer Science
|
||||||
|
mailLocalAddress: {{ item.uid }}@uwaterloo.ca
|
||||||
|
objectClass: inetLocalMailRecipient
|
||||||
|
objectClass: inetOrgPerson
|
||||||
|
objectClass: organizationalPerson
|
||||||
|
objectClass: person
|
||||||
|
objectClass: top
|
||||||
|
uid: {{ item.uid }}
|
||||||
|
mail: {{ item.uid }}@uwaterloo.ca
|
||||||
|
loop:
|
||||||
|
- uid: ctdalek
|
||||||
|
givenName: Calum
|
||||||
|
sn: Dalek
|
||||||
|
- uid: regular1
|
||||||
|
givenName: Regular
|
||||||
|
sn: One
|
||||||
|
- uid: regular2
|
||||||
|
givenName: Regular
|
||||||
|
sn: Two
|
||||||
|
- uid: regular3
|
||||||
|
givenName: Regular
|
||||||
|
sn: Three
|
||||||
|
- uid: exec1
|
||||||
|
givenName: Exec
|
||||||
|
sn: One
|
||||||
|
- uid: exec2
|
||||||
|
givenName: Exec
|
||||||
|
sn: Two
|
||||||
|
- uid: exec3
|
||||||
|
givenName: Exec
|
||||||
|
sn: Three
|
||||||
|
- uid: syscom1
|
||||||
|
givenName: Syscom
|
||||||
|
sn: One
|
||||||
|
- uid: syscom2
|
||||||
|
givenName: Syscom
|
||||||
|
sn: Two
|
||||||
|
- uid: syscom3
|
||||||
|
givenName: Syscom
|
||||||
|
sn: Three
|
Loading…
Reference in New Issue