add uw00

dns/templates/dnsmasq.conf.j2

@@ -22,6 +22,7 @@ address=/auth1.{{ base_domain }}/{{ auth1_ipv4_addr }}
 cname=ldap1.{{ base_domain }},auth1.{{ base_domain }}
 cname=kdc1.{{ base_domain }},auth1.{{ base_domain }}
 cname=kadmin.{{ base_domain }},auth1.{{ base_domain }}
+cname=ldap-master.{{ base_domain }},auth1.{{ base_domain }}
 
 address=/fs00.{{ base_domain }}/{{ fs00_ipv4_addr }}
 ptr-record={{ fs00_ipv4_addr.split('.') | reverse | join('.') }}.in-addr.arpa.,"fs00.{{ base_domain }}"
@@ -31,3 +32,6 @@ ptr-record={{ phosphoric_acid_ipv4_addr.split('.') | reverse | join('.') }}.in-a
 
 address=/cobalamin.{{ base_domain }}/{{ cobalamin_ipv4_addr }}
 ptr-record={{ cobalamin_ipv4_addr.split('.') | reverse | join('.') }}.in-addr.arpa.,"cobalamin.{{ base_domain }}"
+
+address=/uwldap.uwaterloo.ca/{{ uw00_ipv4_addr }}
+ptr-record={{ uw00_ipv4_addr.split('.') | reverse | join('.') }}.in-addr.arpa.,"uwldap.uwaterloo.ca"

hosts.sample

@@ -7,6 +7,7 @@ fs00            ansible_lxc_host=fs00
 phosphoric-acid ansible_lxc_host=phosphoric-acid
 cobalamin       ansible_lxc_host=cobalamin
 outsider        ansible_lxc_host=outsider
+uw00            ansible_lxc_host=uw00
 
 [containers:vars]
 ansible_connection = lxc
@@ -29,12 +30,11 @@ upstream_dns       = 192.168.122.1
 # the IP address of the VM - this should be the VM's default outgoing
 # IP address if you are using a shared bridge, or the VM's bridge
 # address if you are using a standalone bridge.
-#host_ipv4_addr     = 192.168.100.1
+host_ipv4_addr     = 192.168.100.1
-host_ipv4_addr = 192.168.122.226
 
 # The IP addresses for the VMs. The outsider IP address does not really
 # matter, just make sure it is in a different subnet from the others.
-# Make sure to update the IP addresses of the other containers is in the
+# Make sure the IP addresses of the other containers are in the
 # ipv4_subnet which you specified above.
 outsider_ipv4_addr        = 192.168.101.2
 dns_ipv4_addr             = 192.168.100.4
@@ -44,3 +44,4 @@ auth1_ipv4_addr           = 192.168.100.117
 fs00_ipv4_addr            = 192.168.100.35
 phosphoric_acid_ipv4_addr = 192.168.100.114
 cobalamin_ipv4_addr       = 192.168.100.18
+uw00_ipv4_addr            = 192.168.100.234

uw00/main.yml

@@ -0,0 +1,109 @@
+---
+- hosts: uw00
+  tasks:
+    - name: setup networking
+      import_role:
+        name: ../roles/network_setup
+      vars:
+        ipv4_addr: "{{ uw00_ipv4_addr }}"
+        base_domain: uwaterloo.ca
+    # LDAP
+    - name: install LDAP packages
+      apt:
+        name: "{{ item }}"
+      loop:
+        - slapd
+        - ldap-utils
+        - ldapvi
+    - name: configure ldap.conf
+      copy:
+        dest: /etc/ldap/ldap.conf
+        content: |
+          BASE dc=uwaterloo,dc=ca
+          URI ldapi:///
+          TLS_CACERT /etc/ssl/certs/ca-certificates.crt
+    - name: give root write access to LDAP
+      command:
+        cmd: ldapmodify -Y EXTERNAL -H ldapi:///
+        stdin: |
+          dn: olcDatabase={1}mdb,cn=config
+          changetype: modify
+          replace: olcAccess
+          olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage by * break 
+          olcAccess: {1}to attrs=userPassword by self write by anonymous auth by * none
+          olcAccess: {2}to attrs=shadowLastChange by self write by * read
+          olcAccess: {3}to * by * read
+          -
+    - name: delete admin record
+      shell:
+        cmd: ldapdelete -Y EXTERNAL -H ldapi:/// cn=admin,dc=uwaterloo,dc=ca || true
+    - name: set organization name
+      command:
+        cmd: ldapmodify -Y EXTERNAL -H ldapi:///
+        stdin: |
+          dn: dc=uwaterloo,dc=ca
+          changetype: modify
+          replace: o
+          o: University of Waterloo
+    # for inetLocalMailRecipient
+    - name: add misc.ldif
+      shell:
+        cmd: ldapadd -Y EXTERNAL -H ldapi:/// < /etc/ldap/schema/misc.ldif || true
+    - name: add people OU
+      shell:
+        cmd: ldapadd -Y EXTERNAL -H ldapi:/// || true
+        stdin: |
+          dn: ou=People,dc=uwaterloo,dc=ca
+          objectClass: top
+          objectClass: organizationalUnit
+          ou: People
+    - name: add people records
+      shell:
+        cmd: ldapadd -Y EXTERNAL -H ldapi:/// || true
+        stdin: |
+          dn: uid={{ item.uid }},ou=People,dc=uwaterloo,dc=ca
+          displayName: {{ item.givenName }} {{ item.sn }}
+          givenName: {{ item.givenName }}
+          sn: {{ item.sn }}
+          cn: {{ item.givenName }} {{ item.sn }}
+          mailRoutingAddress: {{ item.uid }}@connect.uwaterloo.ca
+          ou: MAT/Mathematics Computer Science
+          mailLocalAddress: {{ item.uid }}@uwaterloo.ca
+          objectClass: inetLocalMailRecipient
+          objectClass: inetOrgPerson
+          objectClass: organizationalPerson
+          objectClass: person
+          objectClass: top
+          uid: {{ item.uid }}
+          mail: {{ item.uid }}@uwaterloo.ca
+      loop:
+        - uid: ctdalek
+          givenName: Calum
+          sn: Dalek
+        - uid: regular1
+          givenName: Regular
+          sn: One
+        - uid: regular2
+          givenName: Regular
+          sn: Two
+        - uid: regular3
+          givenName: Regular
+          sn: Three
+        - uid: exec1
+          givenName: Exec
+          sn: One
+        - uid: exec2
+          givenName: Exec
+          sn: Two
+        - uid: exec3
+          givenName: Exec
+          sn: Three
+        - uid: syscom1
+          givenName: Syscom
+          sn: One
+        - uid: syscom2
+          givenName: Syscom
+          sn: Two
+        - uid: syscom3
+          givenName: Syscom
+          sn: Three