From 24ff9e958497695a57d1e4e21a88e941685c7ceb Mon Sep 17 00:00:00 2001 From: shirenn Date: Mon, 14 Nov 2022 16:58:03 +0100 Subject: [PATCH] Use query rather than specify ip directly --- group_vars/all/home_nounou.yml | 2 +- group_vars/all/ldap.yml | 8 +++---- group_vars/all/mirror.yml | 2 +- group_vars/all/network_interfaces.yml | 12 +++++----- group_vars/all/prometheus_nginx_exporter.yaml | 2 +- group_vars/all/prometheus_node_exporter.yaml | 2 +- group_vars/all/rsyslog_client.yml | 2 +- group_vars/all/ssh_known_hosts.yml | 2 +- group_vars/aurore/home_nounou.yml | 2 +- group_vars/aurore/ldap.yml | 2 +- group_vars/aurore/ssh_known_hosts.yml | 2 +- group_vars/bird.yml | 2 +- group_vars/certbot.yml | 2 +- group_vars/constellation.yml | 4 ++-- group_vars/django_cas.yml | 4 ++-- group_vars/dovecot.yml | 2 +- group_vars/ethercalc.yml | 2 +- group_vars/horde.yml | 4 ++-- group_vars/keepalived.yml | 14 +++++------ group_vars/mailman.yml | 4 ++-- group_vars/printer.yml | 10 ++++---- group_vars/prometheus.yml | 2 +- group_vars/re2o.yml | 4 ++-- group_vars/re2o_front.yml | 4 ++-- group_vars/re2o_ldap.yml | 2 +- group_vars/reverseproxy.yml | 6 ++--- group_vars/slapd.yml | 2 +- group_vars/sssd.yml | 12 +++++----- group_vars/thelounge.yml | 2 +- group_vars/viarezo/home_nounou.yml | 2 +- group_vars/viarezo/ldap.yml | 2 +- group_vars/viarezo/ssh_known_hosts.yml | 2 +- group_vars/virtu.yml | 4 ++-- group_vars/virtu_adh.yml | 4 ++-- host_vars/backup-ft.adm.crans.org.yml | 4 ++-- host_vars/backup-thot.adm.crans.org.yml | 4 ++-- host_vars/boeing.adm.crans.org.yml | 8 +++---- host_vars/daniel.adm.crans.org.yml | 2 +- host_vars/eclat.adm.crans.org.yml | 2 +- host_vars/ft.adm.crans.org.yml | 2 +- host_vars/fyre.adm.crans.org.yml | 2 +- host_vars/gitzly.adm.crans.org.yml | 4 ++-- host_vars/helloworld.adm.crans.org.yml | 2 +- host_vars/irc.adm.crans.org.yml | 24 +++++++++---------- host_vars/jack.adm.crans.org.yml | 2 +- host_vars/owncloud.adm.crans.org.yml | 2 +- host_vars/ptf.adm.crans.org.yml | 2 +- host_vars/re2o-dev.adm.crans.org.yml | 2 +- host_vars/redisdead.adm.crans.org.yml | 4 ++-- .../routeur-daniel.adm.crans.org/dhcp.yml | 4 ++-- .../prefix_delegation.yml | 2 +- host_vars/routeur-ft.adm.crans.org.yml | 8 +++---- host_vars/routeur-jack.adm.crans.org/dhcp.yml | 4 ++-- .../prefix_delegation.yml | 2 +- host_vars/routeur-sam.adm.crans.org/dhcp.yml | 4 ++-- .../prefix_delegation.yml | 2 +- host_vars/routeur-thot.adm.crans.org.yml | 8 +++---- host_vars/sam.adm.crans.org.yml | 2 +- host_vars/sputnik.adm.crans.org.yml | 14 +++++------ host_vars/tealc.adm.crans.org.yml | 2 +- host_vars/thot.adm.crans.org.yml | 2 +- host_vars/vol447.adm.crans.org.yml | 10 ++++---- host_vars/zamok.adm.crans.org.yml | 6 ++--- lookup_plugins/ldap.py | 16 +++++++++++++ 64 files changed, 151 insertions(+), 135 deletions(-) diff --git a/group_vars/all/home_nounou.yml b/group_vars/all/home_nounou.yml index f6c691bf..04898044 100644 --- a/group_vars/all/home_nounou.yml +++ b/group_vars/all/home_nounou.yml @@ -1,7 +1,7 @@ --- glob_home_nounou: mounts: - - ip: "{{ query('ldap', 'ip', 'tealc', 'adm') | ansible.utils.ipv4 | first }}" + - ip: "{{ query('ldap', 'ip4', 'tealc', 'adm') }}" mountpoint: /pool/home target: /home_nounou name: home_nounou diff --git a/group_vars/all/ldap.yml b/group_vars/all/ldap.yml index 8aa06540..aa77d30e 100644 --- a/group_vars/all/ldap.yml +++ b/group_vars/all/ldap.yml @@ -3,8 +3,8 @@ glob_ldap: uri: 'ldap://re2o-ldap.adm.crans.org/' users_base: 'cn=Utilisateurs,dc=crans,dc=org' servers: - - 172.16.10.100 - - 172.16.10.11 - - 172.16.10.12 - - 172.16.10.13 + - "{{ query('ldap', 'ip4', 'ldap-adm', 'adm') }}" + - "{{ query('ldap', 'ip4', 'sam', 'adm') }}" + - "{{ query('ldap', 'ip4', 'daneel', 'adm') }}" + - "{{ query('ldap', 'ip4', 'jack', 'adm') }}" base: 'dc=crans,dc=org' diff --git a/group_vars/all/mirror.yml b/group_vars/all/mirror.yml index 4e3202e6..81376705 100644 --- a/group_vars/all/mirror.yml +++ b/group_vars/all/mirror.yml @@ -1,7 +1,7 @@ --- glob_mirror: hostname: mirror.adm.crans.org - ip: 172.16.10.104 + ip: "{{ query('ldap', 'ip4', 'eclat', 'adm') }}" debian_mirror: http://mirror.adm.crans.org/debian ubuntu_mirror: http://mirror.adm.crans.org/ubuntu diff --git a/group_vars/all/network_interfaces.yml b/group_vars/all/network_interfaces.yml index f69952f7..a44f860b 100644 --- a/group_vars/all/network_interfaces.yml +++ b/group_vars/all/network_interfaces.yml @@ -3,26 +3,26 @@ glob_network_interfaces: vlan: - name: srv id: 2 - gateway: "{{ query('ldap', 'ip', 'passerelle', 'srv') | ansible.utils.ipv4 | first }}" - gateway_v6: "{{ query('ldap', 'ip', 'passerelle', 'srv') | ansible.utils.ipv6 | first }}" + gateway: "{{ query('ldap', 'ip4', 'passerelle', 'srv') }}" + gateway_v6: "{{ query('ldap', 'ip6', 'passerelle', 'srv') }}" - name: srv_nat id: 3 - gateway: "{{ query('ldap', 'ip', 'passerelle', 'srv-nat') | ansible.utils.ipv4 | first }}" - gateway_v6: "{{ query('ldap', 'ip', 'passerelle', 'srv-nat') | ansible.utils.ipv6 | first }}" + gateway: "{{ query('ldap', 'ip4', 'passerelle', 'srv-nat') }}" + gateway_v6: "{{ query('ldap', 'ip6', 'passerelle', 'srv-nat') }}" - name: san id: 4 extra: - "mtu 9000" - name: adm id: 10 - dns: "{{ query('ldap', 'ip', 'romanesco', 'adm') | ansible.utils.ipv4 | first }}" + dns: "{{ query('ldap', 'ip4', 'romanesco', 'adm') }}" - name: adh id: 12 - name: adh_adm id: 13 - name: renater id: 38 - gateway: "{{ query('ldap', 'ip', 'dsi', 'renater') | ansible.utils.ipv4 | first }}" + gateway: "{{ query('ldap', 'ip4', 'dsi', 'renater') }}" - name: lp id: 56 - name: auto diff --git a/group_vars/all/prometheus_nginx_exporter.yaml b/group_vars/all/prometheus_nginx_exporter.yaml index d73de03c..acb00f53 100644 --- a/group_vars/all/prometheus_nginx_exporter.yaml +++ b/group_vars/all/prometheus_nginx_exporter.yaml @@ -1,3 +1,3 @@ --- glob_prometheus_nginx_exporter: - listen_addr: "{{ query('ldap', 'ip', ansible_hostname, 'adm') | ansible.utils.ipv4 | first }}" + listen_addr: "{{ query('ldap', 'ip4', ansible_hostname, 'adm') }}" diff --git a/group_vars/all/prometheus_node_exporter.yaml b/group_vars/all/prometheus_node_exporter.yaml index 99de748e..72a6bc8f 100644 --- a/group_vars/all/prometheus_node_exporter.yaml +++ b/group_vars/all/prometheus_node_exporter.yaml @@ -1,3 +1,3 @@ --- glob_prometheus_node_exporter: - listen_addr: "{{ query('ldap', 'ip', ansible_hostname, 'adm') | ansible.utils.ipv4 | first }}" + listen_addr: "{{ query('ldap', 'ip4', ansible_hostname, 'adm') }}" diff --git a/group_vars/all/rsyslog_client.yml b/group_vars/all/rsyslog_client.yml index a41cfb09..f8406365 100644 --- a/group_vars/all/rsyslog_client.yml +++ b/group_vars/all/rsyslog_client.yml @@ -1,3 +1,3 @@ --- glob_rsyslog_client: - server: "{{ query('ldap', 'ip', 'tealc', 'adm') | ansible.utils.ipv4 | first }}" + server: "{{ query('ldap', 'ip4', 'tealc', 'adm') }}" diff --git a/group_vars/all/ssh_known_hosts.yml b/group_vars/all/ssh_known_hosts.yml index de39ccd9..5b1147af 100644 --- a/group_vars/all/ssh_known_hosts.yml +++ b/group_vars/all/ssh_known_hosts.yml @@ -12,4 +12,4 @@ glob_service_ssh_known_hosts: frequency: "*/10 * * * *" config: ldap: - server: "ldaps://{{ query('ldap', 'ip', 'ldap-adm', 'adm') | ansible.utils.ipv4 | first }}" + server: "ldaps://{{ query('ldap', 'ip4', 'ldap-adm', 'adm') }}" diff --git a/group_vars/aurore/home_nounou.yml b/group_vars/aurore/home_nounou.yml index 676e1a1a..a2126f8c 100644 --- a/group_vars/aurore/home_nounou.yml +++ b/group_vars/aurore/home_nounou.yml @@ -1,7 +1,7 @@ --- loc_home_nounou: mounts: - - ip: "{{ query('ldap', 'ip', 'thot', 'adm') | ansible.utils.ipv4 | first }}" + - ip: "{{ query('ldap', 'ip4', 'thot', 'adm') }}" mountpoint: /home_nounou target: /home_nounou name: home_nounou diff --git a/group_vars/aurore/ldap.yml b/group_vars/aurore/ldap.yml index 90548cee..7cc7dad2 100644 --- a/group_vars/aurore/ldap.yml +++ b/group_vars/aurore/ldap.yml @@ -1,4 +1,4 @@ --- loc_ldap: servers: - - "{{ query('ldap', 'ip', 'thot', 'adm') | ansible.utils.ipv4 | first }}" + - "{{ query('ldap', 'ip4', 'thot', 'adm') }}" diff --git a/group_vars/aurore/ssh_known_hosts.yml b/group_vars/aurore/ssh_known_hosts.yml index 3279c0d3..fc67c9df 100644 --- a/group_vars/aurore/ssh_known_hosts.yml +++ b/group_vars/aurore/ssh_known_hosts.yml @@ -2,4 +2,4 @@ loc_service_ssh_known_hosts: config: ldap: - server: "ldaps://{{ query('ldap', 'ip', 'thot', 'adm') | ansible.utils.ipv4 | first }}" + server: "ldaps://{{ query('ldap', 'ip4', 'thot', 'adm') }}" diff --git a/group_vars/bird.yml b/group_vars/bird.yml index e1d2e891..ebecfc01 100644 --- a/group_vars/bird.yml +++ b/group_vars/bird.yml @@ -2,4 +2,4 @@ glob_bird: {} glob_prometheus_bird_exporter: - listen_addr: "{{ query('ldap', 'ip', ansible_hostname, 'adm') | ansible.utils.ipv4 | first }}" + listen_addr: "{{ query('ldap', 'ip4', ansible_hostname, 'adm') }}" diff --git a/group_vars/certbot.yml b/group_vars/certbot.yml index 15bca89b..696f9997 100644 --- a/group_vars/certbot.yml +++ b/group_vars/certbot.yml @@ -15,7 +15,7 @@ glob_service_certbot: config: "crans.org": zone: _acme-challenge.crans.org - server: 172.16.10.147 + server: "{{ query('ldap', 'ip4', 'silice', 'adm') }}" port: 53 key: name: certbot_challenge. diff --git a/group_vars/constellation.yml b/group_vars/constellation.yml index 1a2fbd90..620292fe 100644 --- a/group_vars/constellation.yml +++ b/group_vars/constellation.yml @@ -8,14 +8,14 @@ glob_constellation: - 'intranet.crans.org' email: ssl: false - host: "{{ query('ldap', 'ip', 'redisdead', 'adm') | ansible.utils.ipv4 | first }}" + host: "{{ query('ldap', 'ip4', 'redisdead', 'adm') }}" port: 25 user: '' password: '' from: "root@crans.org" from_full: "Crans " database: - host: "{{ query('ldap', 'ip', 'tealc', 'adm') | ansible.utils.ipv4 | first }}" + host: "{{ query('ldap', 'ip4', 'tealc', 'adm') }}" port: 5432 user: 'constellation' password: "{{ vault.constellation.django_db_password }}" diff --git a/group_vars/django_cas.yml b/group_vars/django_cas.yml index b28a9040..b0db89b0 100644 --- a/group_vars/django_cas.yml +++ b/group_vars/django_cas.yml @@ -6,14 +6,14 @@ glob_django_cas: dn: 'cn=Utilisateurs,dc=crans,dc=org' password: "{{ vault.cas.ldap.password }}" user: 'cn=cas,ou=service-users,dc=crans,dc=org' - server: 172.16.10.157 + server: "{{ query('ldap', 'ip4', 'yson-partou', 'adm') }}" db: host: tealc.adm.crans.org password: "{{ vault.cas.database.password }}" secret_key: "{{ vault.cas.secret_key }}" mail: address: 'root@crans.org' - host: "{{ query('ldap', 'ip', 'redisdead', 'adm') | ansible.utils.ipv4 | first }}" + host: "{{ query('ldap', 'ip4', 'redisdead', 'adm') }}" port: 25 loc_nginx: diff --git a/group_vars/dovecot.yml b/group_vars/dovecot.yml index 28cd3418..e947a267 100644 --- a/group_vars/dovecot.yml +++ b/group_vars/dovecot.yml @@ -1,7 +1,7 @@ --- glob_dovecot: ldap: - uri: "ldap://{{ query('ldap', 'ip', 're2o-ldap', 'adm') | ansible.utils.ipv4 | first }}/" + uri: "ldap://{{ query('ldap', 'ip4', 're2o-ldap', 'adm') }}/" dn: 'cn=dovecot,ou=service-users,dc=crans,dc=org' pass: "{{ vault.dovecot_dnpass }}" users_base: 'cn=Utilisateurs,dc=crans,dc=org' diff --git a/group_vars/ethercalc.yml b/group_vars/ethercalc.yml index 1957a9a1..775cc2f2 100644 --- a/group_vars/ethercalc.yml +++ b/group_vars/ethercalc.yml @@ -1,3 +1,3 @@ --- glob_ethercalc: - ip: "{{ query('ldap', 'ip', ansible_hostname, 'adm') | ansible.utils.ipv4 | first }}" + ip: "{{ query('ldap', 'ip4', ansible_hostname, 'adm') }}" diff --git a/group_vars/horde.yml b/group_vars/horde.yml index ec4ce238..3b624d16 100644 --- a/group_vars/horde.yml +++ b/group_vars/horde.yml @@ -19,5 +19,5 @@ glob_horde: admin_dest_hostname: webmail.adm.crans.org zone_ipv4: 172.16.10.0/24 zone_ipv6: fd00:0:0:10::/64 - ipv4: "{{ query('ldap', 'ip', ansible_hostname, 'adm') | ansible.utils.ipv4 | first }}" - ipv6: "{{ query('ldap', 'ip', ansible_hostname, 'adm') | ansible.utils.ipv6 | first }}" + ipv4: "{{ query('ldap', 'ip4', ansible_hostname, 'adm') }}" + ipv6: "{{ query('ldap', 'ip6', ansible_hostname, 'adm') }}" diff --git a/group_vars/keepalived.yml b/group_vars/keepalived.yml index 11175f46..06f5ea51 100644 --- a/group_vars/keepalived.yml +++ b/group_vars/keepalived.yml @@ -2,7 +2,7 @@ glob_keepalived: mail_source: keepalived@crans.org mail_destination: root@crans.org - smtp_server: "{{ query('ldap', 'ip', 'redisdead', 'adm') | ansible.utils.ipv4 | first }}" + smtp_server: "{{ query('ldap', 'ip4', 'redisdead', 'adm') }}" routeur_id: "{{ ansible_hostname }}" pool: VI_ALL: @@ -20,19 +20,19 @@ glob_keepalived: ipv6: - {ip: '2a0c:700:28::1/64', scope: 'global'} - vlan: srv - ipv4: 185.230.79.62/26 + ipv4: "{{ query('ldap', 'ip4', 'passerelle', 'srv') }}/26" ipv6: - - {ip: '2a0c:700:2::ff:fe00:9902/64', scope: 'global'} + - {ip: "{{ query('ldap', 'ip6', 'passerelle', 'srv') }}/64", scope: 'global'} - {ip: 'fe80::1/64', scope: 'link'} - vlan: srv_nat - ipv4: 172.16.3.99/24 + ipv4: "{{ query('ldap', 'ip4', 'passerelle', 'srv-nat') }}/24" ipv6: - - {ip: '2a0c:700:3::ff:fe00:9903/64', scope: 'global'} + - {ip: "{{ query('ldap', 'ip6', 'passerelle', 'srv-nat') }}/64", scope: 'global'} - {ip: 'fe80::1/64', scope: 'link'} - vlan: adh - ipv4: 185.230.78.99/24 + ipv4: "{{ query('ldap', 'ip4', 'passerelle', 'adh') }}/24" ipv6: - - {ip: '2a0c:700:12::ff:fe00:9912/48', scope: 'global'} + - {ip: "{{ query('ldap', 'ip6', 'passerelle', 'adh') }}/48", scope: 'global'} - {ip: 'fe80::1/64', scope: 'link'} # - vlan: ens # ipv4: 100.84.0.99/16 diff --git a/group_vars/mailman.yml b/group_vars/mailman.yml index 7f1d21ae..202d7dca 100644 --- a/group_vars/mailman.yml +++ b/group_vars/mailman.yml @@ -57,13 +57,13 @@ glob_mailman3: database: user: "mailman3" pass: "{{ vault.mailman3.database.pass }}" - host: "{{ query('ldap', 'ip', 'tealc', 'adm') | ansible.utils.ipv4 | first }}" + host: "{{ query('ldap', 'ip4', 'tealc', 'adm') }}" port: 5432 name: "mailman3" web_database: user: "mailman3web" pass: "{{ vault.mailman3.web_database.pass }}" - host: "{{ query('ldap', 'ip', 'tealc', 'adm') | ansible.utils.ipv4 | first }}" + host: "{{ query('ldap', 'ip4', 'tealc', 'adm') }}" port: 5432 name: "mailman3web" restadmin_pass: "{{ vault.mailman3.restadmin_pass }}" diff --git a/group_vars/printer.yml b/group_vars/printer.yml index da1fb882..b0af8365 100644 --- a/group_vars/printer.yml +++ b/group_vars/printer.yml @@ -8,14 +8,14 @@ glob_printer: - 'imprimante.crans.org' email: ssl: false - host: "{{ query('ldap', 'ip', 'redisdead', 'adm') | ansible.utils.ipv4 | first }}" + host: "{{ query('ldap', 'ip4', 'redisdead', 'adm') }}" port: 25 user: '' password: '' from: "root@crans.org" from_full: "Crans " database: - host: "{{ query('ldap', 'ip', 'tealc', 'adm') | ansible.utils.ipv4 | first }}" + host: "{{ query('ldap', 'ip4', 'tealc', 'adm') }}" port: 5432 user: 'helloworld' password: "{{ vault.printer.django_db_password }}" @@ -27,9 +27,9 @@ glob_printer: note_id: 2088 note_alias: 'Crans' printer_name: 'Lexmark_X950_Series' - domain: "{{ query('ldap', 'ip', 'printer', 'lp') | ansible.utils.ipv4 | first }}" + domain: "{{ query('ldap', 'ip4', 'printer', 'lp') }}" scan_server: - address: "{{ query('ldap', 'ip', ansible_hostname, 'lp') | ansible.utils.ipv4 | first }}" + address: "{{ query('ldap', 'ip4', ansible_hostname, 'lp') }}" port: 9751 debug: false owner: www-data @@ -38,7 +38,7 @@ glob_printer: settings_local_owner: www-data settings_local_group: _nounou ldap: - uri: "ldaps://{{ query('ldap', 'ip', 'tealc', 'adm') | ansible.utils.ipv4 | first }}/" + uri: "ldaps://{{ query('ldap', 'ip4', 'tealc', 'adm') }}/" dn_template: uid=%(user)s,ou=passwd,dc=crans,dc=org group_search: ou=group,dc=crans,dc=org read_group: cn=_user,ou=group,dc=crans,dc=org diff --git a/group_vars/prometheus.yml b/group_vars/prometheus.yml index 1d76a619..ec112bf2 100644 --- a/group_vars/prometheus.yml +++ b/group_vars/prometheus.yml @@ -13,7 +13,7 @@ glob_service_prometheus_target: options: "" config: ldap: - server: "ldaps://{{ query('ldap', 'ip', 'ldap-adh', 'adm') | ansible.utils.ipv4 | first }}" + server: "ldaps://{{ query('ldap', 'ip4', 'ldap-adh', 'adm') }}" glob_ninjabot: config: diff --git a/group_vars/re2o.yml b/group_vars/re2o.yml index fe6f777b..1406b598 100644 --- a/group_vars/re2o.yml +++ b/group_vars/re2o.yml @@ -9,7 +9,7 @@ glob_re2o: - 'intranet.adm.crans.org' - 're2o.crans.org' - 'intranet.crans.org' - - '172.16.10.156' + - "{{ query('ldap', 'ip4', 're2o', 'adm') }}" from_email: "root@crans.org" smtp_server: smtp.adm.crans.org ldap: @@ -18,7 +18,7 @@ glob_re2o: dn: "{{ vault.slapd.re2o.admin.binddn }}" database: password: "{{ vault.re2o.database.password }}" - uri: "172.16.10.1" + uri: "{{ query('ldap', 'ip4', 'tealc', 'adm') }}" optional_apps: - api - captcha diff --git a/group_vars/re2o_front.yml b/group_vars/re2o_front.yml index d53e848c..3c2ffb80 100644 --- a/group_vars/re2o_front.yml +++ b/group_vars/re2o_front.yml @@ -1,8 +1,8 @@ --- glob_re2o_front: server_names: - - "{{ query('ldap', 'ip', 're2o', 'adm') | ansible.utils.ipv4 | first }}" - - "[{{ query('ldap', 'ip', 're2o', 'adm') | ansible.utils.ipv6 | first }}]" + - "{{ query('ldap', 'ip4', 're2o', 'adm') }}" + - "[{{ query('ldap', 'ip6', 're2o', 'adm') }}]" - re2o.adm.crans.org - intranet.adm.crans.org - re2o.crans.org diff --git a/group_vars/re2o_ldap.yml b/group_vars/re2o_ldap.yml index 26d5d265..e3bfb6cd 100644 --- a/group_vars/re2o_ldap.yml +++ b/group_vars/re2o_ldap.yml @@ -1,7 +1,7 @@ --- glob_re2o_ldap: suffix: dc=crans,dc=org - url: "ldaps://{{ query('ldap', 'ip', 'yson-partou', 'adm') | ansible.utils.ipv4 | first }}:636" + url: "ldaps://{{ query('ldap', 'ip4', 'yson-partou', 'adm') }}:636" root_password_hash: "{{ vault.slapd.re2o.admin.bindpass_hash }}" certificate: "{{ vault.slapd.re2o.certificate }}" private_key: "{{ vault.slapd.re2o.private_key }}" diff --git a/group_vars/reverseproxy.yml b/group_vars/reverseproxy.yml index a25aba30..11645ae3 100644 --- a/group_vars/reverseproxy.yml +++ b/group_vars/reverseproxy.yml @@ -8,7 +8,7 @@ loc_service_certbot: config: "crans.org": zone: _acme-challenge.crans.org - server: 172.16.10.147 + server: "{{ query('ldap', 'ip4', 'silice', 'adm') }}" port: 53 key: name: certbot_challenge. @@ -16,7 +16,7 @@ loc_service_certbot: algorithm: HMAC-SHA512 "crans.eu": zone: _acme-challenge.crans.org - server: 172.16.10.147 + server: "{{ query('ldap', 'ip4', 'silice', 'adm') }}" port: 53 key: name: certbot_challenge. @@ -24,7 +24,7 @@ loc_service_certbot: algorithm: HMAC-SHA512 "crans.fr": zone: _acme-challenge.crans.org - server: 172.16.10.147 + server: "{{ query('ldap', 'ip4', 'silice', 'adm') }}" port: 53 key: name: certbot_challenge. diff --git a/group_vars/slapd.yml b/group_vars/slapd.yml index 0198b88c..9572aab7 100644 --- a/group_vars/slapd.yml +++ b/group_vars/slapd.yml @@ -1,6 +1,6 @@ --- glob_slapd: - master_ip: "{{ query('ldap', 'ip', 'ldap-adm', 'adm') | ansible.utils.ipv4 | first }}" + master_ip: "{{ query('ldap', 'ip4', 'ldap-adm', 'adm') }}" regex: "^(role:(dhcp|dns|dns-primary|dns-secondary|ftp|gitlab|miroir|ntp|pve|radius|backup)|ecdsa-sha2-nistp256:.*|ssh-(ed25519|dss|rsa):.*|description:.*|location:.*)$" replication_credentials: "{{ vault.slapd.main.replication_credentials }}" private_key: "{{ vault.slapd.main.private_key }}" diff --git a/group_vars/sssd.yml b/group_vars/sssd.yml index 3159225f..71953457 100644 --- a/group_vars/sssd.yml +++ b/group_vars/sssd.yml @@ -4,17 +4,17 @@ glob_sssd: domain: ldap-adm.adm.crans.org enumerate: "true" servers: - - "ldaps://{{ query('ldap','ip','ldap-adm','adm') | ansible.utils.ipv4 | first }}/" - - "ldaps://{{ query('ldap','ip','sam','adm') | ansible.utils.ipv4 | first }}/" - - "ldaps://{{ query('ldap','ip','daniel','adm') | ansible.utils.ipv4 | first }}/" - - "ldaps://{{ query('ldap','ip','jack','adm') | ansible.utils.ipv4 | first }}/" + - "ldaps://{{ query('ldap', 'ip4', 'ldap-adm', 'adm') }}/" + - "ldaps://{{ query('ldap', 'ip4', 'sam', 'adm') }}/" + - "ldaps://{{ query('ldap', 'ip4', 'daniel', 'adm') }}/" + - "ldaps://{{ query('ldap', 'ip4', 'jack', 'adm') }}/" base: "dc=crans,dc=org" secondary: domain: re2o-ldap.adm.crans.org enumerate: "false" servers: - - "ldaps://{{ query('ldap','ip','re2o-ldap','adm') | ansible.utils.ipv4 | first }}/" - - "ldaps://{{ query('ldap','ip','terenez','adm') | ansible.utils.ipv4 | first }}/" + - "ldaps://{{ query('ldap', 'ip4', 're2o-ldap', 'adm') }}/" + - "ldaps://{{ query('ldap', 'ip4', 'terenez', 'adm') }}/" base: "dc=crans,dc=org" bind: dn: "{{ vault.sssd.secondary_ldap.binddn }}" diff --git a/group_vars/thelounge.yml b/group_vars/thelounge.yml index 8c4c891c..d163665c 100644 --- a/group_vars/thelounge.yml +++ b/group_vars/thelounge.yml @@ -17,7 +17,7 @@ glob_thelounge: join: "#general" ldap_enable: "false" ldap: - url: "ldap://172.16.10.157" + url: "ldap://{{ query('ldap', 'ip4', 'yson-partou', 'adm') }}" primaryKey: "cn" rootDN: "{{ vault.thelounge.ldap.rootDN }}" rootPassword: "{{ vault.thelounge.ldap.rootPassword }}" diff --git a/group_vars/viarezo/home_nounou.yml b/group_vars/viarezo/home_nounou.yml index a9a6ed67..f9150196 100644 --- a/group_vars/viarezo/home_nounou.yml +++ b/group_vars/viarezo/home_nounou.yml @@ -1,7 +1,7 @@ --- loc_home_nounou: mounts: - - ip: "{{ query('ldap', 'ip', 'ft', 'adm') | ansible.utils.ipv4 | first }}" + - ip: "{{ query('ldap', 'ip4', 'ft', 'adm') }}" mountpoint: /home_nounou target: /home_nounou name: home_nounou diff --git a/group_vars/viarezo/ldap.yml b/group_vars/viarezo/ldap.yml index dedbfdb8..0a128c3d 100644 --- a/group_vars/viarezo/ldap.yml +++ b/group_vars/viarezo/ldap.yml @@ -1,4 +1,4 @@ --- loc_ldap: servers: - - "{{ query('ldap', 'ip', 'ft', 'adm') | ansible.utils.ipv4 | first }}" + - "{{ query('ldap', 'ip4', 'ft', 'adm') }}" diff --git a/group_vars/viarezo/ssh_known_hosts.yml b/group_vars/viarezo/ssh_known_hosts.yml index a38dade9..72ec7a9d 100644 --- a/group_vars/viarezo/ssh_known_hosts.yml +++ b/group_vars/viarezo/ssh_known_hosts.yml @@ -2,4 +2,4 @@ loc_service_ssh_known_hosts: config: ldap: - server: "ldaps://{{ query('ldap', 'ip', 'ft', 'adm') | ansible.utils.ipv4 | first }}" + server: "ldaps://{{ query('ldap', 'ip4', 'ft', 'adm') }}" diff --git a/group_vars/virtu.yml b/group_vars/virtu.yml index bc9b8b6a..bc548fb1 100644 --- a/group_vars/virtu.yml +++ b/group_vars/virtu.yml @@ -18,7 +18,7 @@ glob_service_proxmox_user: config: ldap: admin: - uri: "ldaps://{{ query('ldap', 'ip', ansible_hostname, 'adm') | ansible.utils.ipv4 | first }}/" + uri: "ldaps://{{ query('ldap', 'ip4', ansible_hostname, 'adm') }}/" userBase: "ou=passwd,dc=crans,dc=org" realm: "pam" dependencies: @@ -34,7 +34,7 @@ loc_service_certbot: config: "adm.crans.org": zone: _acme-challenge.adm.crans.org - server: 172.16.10.147 + server: "{{ query('ldap', 'ip4', 'silice', 'adm') }}" port: 53 key: name: certbot_adm_challenge. diff --git a/group_vars/virtu_adh.yml b/group_vars/virtu_adh.yml index 98987167..7ca66224 100644 --- a/group_vars/virtu_adh.yml +++ b/group_vars/virtu_adh.yml @@ -12,11 +12,11 @@ glob_service_proxmox_user: config: ldap: admin: - uri: "ldaps://{{ query('ldap', 'ip', 'ldap-adm', 'adm') | ansible.utils.ipv4 | first }}/" + uri: "ldaps://{{ query('ldap', 'ip4', 'ldap-adm', 'adm') }}/" userBase: "ou=passwd,dc=crans,dc=org" realm: "pam" user: - uri: "ldaps://{{ query('ldap', 'ip', 'flirt', 'adm') | ansible.utils.ipv4 | first }}/" + uri: "ldaps://{{ query('ldap', 'ip4', 'flirt', 'adm') }}/" userBase: "ou=users,dc=adh,dc=crans,dc=org" realm: "pve" binddn: "{{ vault.ldap_adh_reader.binddn }}" diff --git a/host_vars/backup-ft.adm.crans.org.yml b/host_vars/backup-ft.adm.crans.org.yml index 86d938d7..3b1e2e37 100644 --- a/host_vars/backup-ft.adm.crans.org.yml +++ b/host_vars/backup-ft.adm.crans.org.yml @@ -4,14 +4,14 @@ interfaces: loc_home_nounou: mounts: - - ip: "{{ query('ldap', 'ip', 'ft', 'adm') | ansible.utils.ipv4 | first }}" + - ip: "{{ query('ldap', 'ip4', 'ft', 'adm') }}" mountpoint: /home_nounou target: /home_nounou name: home_nounou owner: root group: _user mode: '0750' - - ip: "{{ query('ldap', 'ip', 'ft', 'adm') | ansible.utils.ipv4 | first }}" + - ip: "{{ query('ldap', 'ip4', 'ft', 'adm') }}" mountpoint: /rpool/backup target: /backup name: backup diff --git a/host_vars/backup-thot.adm.crans.org.yml b/host_vars/backup-thot.adm.crans.org.yml index 015a6900..a8666858 100644 --- a/host_vars/backup-thot.adm.crans.org.yml +++ b/host_vars/backup-thot.adm.crans.org.yml @@ -4,14 +4,14 @@ interfaces: loc_home_nounou: mounts: - - ip: "{{ query('ldap', 'ip', 'thot', 'adm') | ansible.utils.ipv4 | first }}" + - ip: "{{ query('ldap', 'ip4', 'thot', 'adm') }}" mountpoint: /home_nounou target: /home_nounou name: home_nounou owner: root group: _user mode: '0750' - - ip: "{{ query('ldap', 'ip', 'thot', 'adm') | ansible.utils.ipv4 | first }}" + - ip: "{{ query('ldap', 'ip4', 'thot', 'adm') }}" mountpoint: /rpool/backup target: /backup name: backup diff --git a/host_vars/boeing.adm.crans.org.yml b/host_vars/boeing.adm.crans.org.yml index 263937bc..32e14888 100644 --- a/host_vars/boeing.adm.crans.org.yml +++ b/host_vars/boeing.adm.crans.org.yml @@ -12,9 +12,9 @@ loc_wireguard: peers: - public_key: "{{ vault.wireguard.sputnik.pubkey }}" allowed_ips: - - "{{ query('ldap', 'ip', 'sputnik', 'adm') | ansible.utils.ipv4 | first }}/32" - - "{{ query('ldap', 'ip', 'sputnik', 'adm') | ansible.utils.ipv6 | first }}/128" - endpoint: "{{ query('ldap', 'ip', 'sputnik', 'srv') | ansible.utils.ipv4 | first }}:51820" + - "{{ query('ldap', 'ip4', 'sputnik', 'adm') }}/32" + - "{{ query('ldap', 'ip6', 'sputnik', 'adm') }}/128" + endpoint: "{{ query('ldap', 'ip4', 'sputnik', 'srv') }}:51820" post_up: - "sysctl -w net.ipv4.conf.%i.proxy_arp=1" - "sysctl -w net.ipv6.conf.%i.proxy_ndp=1" @@ -63,7 +63,7 @@ loc_wireguard: loc_service_proxy: config: ldap: - - server: "ldaps://{{ query('ldap', 'ip', 'ldap-adm', 'adm') | ansible.utils.ipv4 | first }}/" + - server: "ldaps://{{ query('ldap', 'ip4', 'ldap-adm', 'adm') }}/" protocol: "proxy" filter: ".adm.crans.org" proxy: diff --git a/host_vars/daniel.adm.crans.org.yml b/host_vars/daniel.adm.crans.org.yml index 43c45e8c..478b69ea 100644 --- a/host_vars/daniel.adm.crans.org.yml +++ b/host_vars/daniel.adm.crans.org.yml @@ -1,6 +1,6 @@ --- loc_slapd: - ip: "{{ query('ldap', 'ip', 'daniel', 'adm') | ansible.utils.ipv4 | first }}" + ip: "{{ query('ldap', 'ip4', 'daniel', 'adm') }}" replica: true replica_rid: 2 diff --git a/host_vars/eclat.adm.crans.org.yml b/host_vars/eclat.adm.crans.org.yml index cc342837..fd0e477d 100644 --- a/host_vars/eclat.adm.crans.org.yml +++ b/host_vars/eclat.adm.crans.org.yml @@ -6,7 +6,7 @@ interfaces: loc_nfs_mount: mounts: - - ip: 172.16.4.1 + - ip: "{{ query('ldap', 'ip4', 'tealc', 'san') }}" mountpoint: /pool/mirror target: /mirror name: mirror diff --git a/host_vars/ft.adm.crans.org.yml b/host_vars/ft.adm.crans.org.yml index ef0c7981..79ae4a42 100644 --- a/host_vars/ft.adm.crans.org.yml +++ b/host_vars/ft.adm.crans.org.yml @@ -6,6 +6,6 @@ loc_borg: - /var loc_slapd: - ip: "{{ query('ldap', 'ip', 'ft', 'adm') | ansible.utils.ipv4 | first }}" + ip: "{{ query('ldap', 'ip4', 'ft', 'adm') }}" replica: true replica_rid: 6 diff --git a/host_vars/fyre.adm.crans.org.yml b/host_vars/fyre.adm.crans.org.yml index 63f5d00e..745f01ff 100644 --- a/host_vars/fyre.adm.crans.org.yml +++ b/host_vars/fyre.adm.crans.org.yml @@ -171,5 +171,5 @@ loc_prometheus: target_label: __param_target - source_labels: [__param_target] target_label: instance - - replacement: 172.16.10.131:9116 + - replacement: "{{ query('ldap', 'ip4', 'helloworld', 'adm') }}:9116" target_label: __address__ diff --git a/host_vars/gitzly.adm.crans.org.yml b/host_vars/gitzly.adm.crans.org.yml index 6f944d3d..734770fc 100644 --- a/host_vars/gitzly.adm.crans.org.yml +++ b/host_vars/gitzly.adm.crans.org.yml @@ -15,7 +15,7 @@ loc_service_certbot: config: "crans.org": zone: _acme-challenge.crans.org - server: 172.16.10.147 + server: "{{ query('ldap', 'ip4', 'silice', 'adm') }}" port: 53 key: name: certbot_challenge. @@ -23,7 +23,7 @@ loc_service_certbot: algorithm: HMAC-SHA512 "adm.crans.org": zone: _acme-challenge.adm.crans.org - server: 172.16.10.147 + server: "{{ query('ldap', 'ip4', 'silice', 'adm') }}" port: 53 key: name: certbot_adm_challenge. diff --git a/host_vars/helloworld.adm.crans.org.yml b/host_vars/helloworld.adm.crans.org.yml index 18fa9524..b72c4dd2 100644 --- a/host_vars/helloworld.adm.crans.org.yml +++ b/host_vars/helloworld.adm.crans.org.yml @@ -5,4 +5,4 @@ interfaces: lp: ens20 loc_snmp_exporter: - listen_address: "{{ query('ldap', 'ip', 'helloworld', 'adm') | ansible.utils.ipv4 | first }}:9116" + listen_address: "{{ query('ldap', 'ip4', 'helloworld', 'adm') }}:9116" diff --git a/host_vars/irc.adm.crans.org.yml b/host_vars/irc.adm.crans.org.yml index bfd16929..bdcb7478 100644 --- a/host_vars/irc.adm.crans.org.yml +++ b/host_vars/irc.adm.crans.org.yml @@ -42,15 +42,15 @@ loc_inspircd: nick: PEB email: root@crans.org bind: - - address: "{{ query('ldap', 'ip', 'irc', 'srv') | ansible.utils.ipv4 | first }}" + - address: "{{ query('ldap', 'ip4', 'irc', 'srv') }}" type: clients clair: 6667 ssl: 6697 - - address: "{{ query('ldap', 'ip', 'irc', 'srv') | ansible.utils.ipv6 | first }}" + - address: "{{ query('ldap', 'ip6', 'irc', 'srv') }}" type: clients clair: 6667 ssl: 6697 - - address: "{{ query('ldap', 'ip', 'irc', 'adm') | ansible.utils.ipv4 | first }}" + - address: "{{ query('ldap', 'ip4', 'irc', 'adm') }}" type: clients clair: 6667 - address: 127.0.0.1 @@ -59,28 +59,28 @@ loc_inspircd: connect: - name: zamok allows: - ipv4: "{{ query('ldap', 'ip', 'zamok', 'srv') | ansible.utils.ipv4 | first }}/32" - ipv6: "{{ query('ldap', 'ip', 'zamok', 'srv') | ansible.utils.ipv6 | first }}/128" + ipv4: "{{ query('ldap', 'ip4', 'zamok', 'srv') }}/32" + ipv6: "{{ query('ldap', 'ip6', 'zamok', 'srv') }}/128" threshold: 1 - name: irc allows: - ipv4: "{{ query('ldap', 'ip', 'irc', 'srv') | ansible.utils.ipv4 | first }}/32" - ipv6: "{{ query('ldap', 'ip', 'irc', 'srv') | ansible.utils.ipv6 | first }}/128" + ipv4: "{{ query('ldap', 'ip4', 'irc', 'srv') }}/32" + ipv6: "{{ query('ldap', 'ip6', 'irc', 'srv') }}/128" threshold: 1 - name: gitlab allows: - ipv4: "{{ query('ldap', 'ip', 'gitzly', 'srv') | ansible.utils.ipv4 | first }}/32" - ipv6: "{{ query('ldap', 'ip', 'gitzly', 'srv') | ansible.utils.ipv6 | first }}/128" + ipv4: "{{ query('ldap', 'ip4', 'gitzly', 'srv') }}/32" + ipv6: "{{ query('ldap', 'ip6', 'gitzly', 'srv') }}/128" threshold: 10 commandrate: 10000 - name: monitoring allows: - ipv4: "{{ query('ldap', 'ip', 'fyre', 'adm') | ansible.utils.ipv4 | first }}/32" - ipv6: "{{ query('ldap', 'ip', 'fyre', 'adm') | ansible.utils.ipv6 | first }}/128" + ipv4: "{{ query('ldap', 'ip4', 'fyre', 'adm') }}/32" + ipv6: "{{ query('ldap', 'ip6', 'fyre', 'adm') }}/128" threshold: 10 commandrate: 10000 modes: true - dns: "{{ query('ldap', 'ip', 'romanesco', 'srv') | ansible.utils.ipv4 | first }}" + dns: "{{ query('ldap', 'ip4', 'romanesco', 'srv') }}" services: name: services.irc.crans.org port: 6668 diff --git a/host_vars/jack.adm.crans.org.yml b/host_vars/jack.adm.crans.org.yml index 59caef34..2f0a0487 100644 --- a/host_vars/jack.adm.crans.org.yml +++ b/host_vars/jack.adm.crans.org.yml @@ -1,6 +1,6 @@ --- loc_slapd: - ip: "{{ query('ldap', 'ip', 'jack', 'adm') | ansible.utils.ipv4 | first }}" + ip: "{{ query('ldap', 'ip4', 'jack', 'adm') }}" replica: true replica_rid: 3 diff --git a/host_vars/owncloud.adm.crans.org.yml b/host_vars/owncloud.adm.crans.org.yml index 0441f9fd..008ec043 100644 --- a/host_vars/owncloud.adm.crans.org.yml +++ b/host_vars/owncloud.adm.crans.org.yml @@ -7,4 +7,4 @@ interfaces: loc_ldap: base_dn: "{{ vault.slapd.re2o.admin.binddn }}" password: "{{ vault.slapd.re2o.admin.bindpass }}" - uri: "ldap://172.16.10.157" + uri: "ldap://{{ query('ldap', 'ip4', 'yson-partou', 'adm') }}" diff --git a/host_vars/ptf.adm.crans.org.yml b/host_vars/ptf.adm.crans.org.yml index c0e5bbb1..7b454c71 100644 --- a/host_vars/ptf.adm.crans.org.yml +++ b/host_vars/ptf.adm.crans.org.yml @@ -6,7 +6,7 @@ interfaces: loc_nfs_mount: mounts: - - ip: 172.16.4.1 + - ip: "{{ query('ldap', 'ip4', 'tealc', 'san') }}" mountpoint: /pool/ftp target: /ftp name: ftp diff --git a/host_vars/re2o-dev.adm.crans.org.yml b/host_vars/re2o-dev.adm.crans.org.yml index 3fc6b733..9aee775b 100644 --- a/host_vars/re2o-dev.adm.crans.org.yml +++ b/host_vars/re2o-dev.adm.crans.org.yml @@ -4,4 +4,4 @@ interfaces: srv_nat: eth1 loc_re2o_ldap_replica: - url: "ldaps://{{ query('ldap', 'ip', 'yson-partou', 'adm') | ansible.utils.ipv4 | first }}:636" + url: "ldaps://{{ query('ldap', 'ip4', 'yson-partou', 'adm') }}:636" diff --git a/host_vars/redisdead.adm.crans.org.yml b/host_vars/redisdead.adm.crans.org.yml index 61536825..e6b95278 100644 --- a/host_vars/redisdead.adm.crans.org.yml +++ b/host_vars/redisdead.adm.crans.org.yml @@ -19,7 +19,7 @@ loc_service_certbot: config: "crans.org": zone: _acme-challenge.crans.org - server: 172.16.10.147 + server: "{{ query('ldap', 'ip4', 'silice', 'adm') }}" port: 53 key: name: certbot_challenge. @@ -27,7 +27,7 @@ loc_service_certbot: algorithm: HMAC-SHA512 "adm.crans.org": zone: _acme-challenge.adm.crans.org - server: 172.16.10.147 + server: "{{ query('ldap', 'ip4', 'silice', 'adm') }}" port: 53 key: name: certbot_adm_challenge. diff --git a/host_vars/routeur-daniel.adm.crans.org/dhcp.yml b/host_vars/routeur-daniel.adm.crans.org/dhcp.yml index 2acf4c75..ebb35117 100644 --- a/host_vars/routeur-daniel.adm.crans.org/dhcp.yml +++ b/host_vars/routeur-daniel.adm.crans.org/dhcp.yml @@ -7,8 +7,8 @@ loc_dhcp: vlan: "adh" default_lease_time: "600" max_lease_time: "7200" - routers: "185.230.78.99" - dns: ["185.230.78.99"] + routers: "{{ query('ldap', 'ip4', 'passerelle', 'adh') }}" + dns: ["{{ query('ldap', 'ip4', 'romanesco', 'adh') }}"] domain_name: "adh.crans.org" domain_search: "adh.crans.org" options: [] diff --git a/host_vars/routeur-daniel.adm.crans.org/prefix_delegation.yml b/host_vars/routeur-daniel.adm.crans.org/prefix_delegation.yml index 3a1973b1..50cd36e1 100644 --- a/host_vars/routeur-daniel.adm.crans.org/prefix_delegation.yml +++ b/host_vars/routeur-daniel.adm.crans.org/prefix_delegation.yml @@ -15,6 +15,6 @@ loc_service_prefix_delegation: prefix: "2a0c:700:12::" length: "48" ldap: - server: "ldaps://172.16.10.114" + server: "ldaps://{{ query('ldap', 'ip4', 'flirt', 'adm') }}" binddn: "{{ vault.ldap_adh_reader.binddn }}" password: "{{ vault.ldap_adh_reader.bindpass }}" diff --git a/host_vars/routeur-ft.adm.crans.org.yml b/host_vars/routeur-ft.adm.crans.org.yml index 6201f6e5..f2e0571b 100644 --- a/host_vars/routeur-ft.adm.crans.org.yml +++ b/host_vars/routeur-ft.adm.crans.org.yml @@ -14,12 +14,12 @@ loc_wireguard: allowed_ips: - "{{ query('ldap', 'network', 'adm') }}" - "fd00:0:0:{{ query('ldap', 'vlanid', 'adm') }}::/64" - endpoint: "{{ query('ldap', 'ip', 'boeing', 'srv') | ansible.utils.ipv4 | first }}:51821" + endpoint: "{{ query('ldap', 'ip4', 'boeing', 'srv') }}:51821" persistent_keepalive: 25 post_up: - "sysctl -w net.ipv4.conf.%i.proxy_arp=1" - "sysctl -w net.ipv6.conf.%i.proxy_ndp=1" - - "ip route add 172.16.10.1 dev %i proto proxy" + - "ip route add {{ query('ldap', 'ip4', 'tealc', 'adm') }} dev %i proto proxy" - "python3 /var/local/services/proxy/proxy.py --alter" pre_down: - "sysctl -w net.ipv4.conf.%i.proxy_arp=0" @@ -29,8 +29,8 @@ loc_wireguard: loc_service_proxy: config: ldap: - - server: "ldaps://{{ query('ldap', 'ip', 'ldap-adm', 'adm') | ansible.utils.ipv4 | first }}/" - - server: "ldaps://{{ query('ldap', 'ip', 'ft', 'adm') | ansible.utils.ipv4 | first }}/" + - server: "ldaps://{{ query('ldap', 'ip4', 'ldap-adm', 'adm') }}/" + - server: "ldaps://{{ query('ldap', 'ip4', 'ft', 'adm') }}/" protocol: "proxy" filter: ".adm.crans.org" proxy: diff --git a/host_vars/routeur-jack.adm.crans.org/dhcp.yml b/host_vars/routeur-jack.adm.crans.org/dhcp.yml index 2acf4c75..ebb35117 100644 --- a/host_vars/routeur-jack.adm.crans.org/dhcp.yml +++ b/host_vars/routeur-jack.adm.crans.org/dhcp.yml @@ -7,8 +7,8 @@ loc_dhcp: vlan: "adh" default_lease_time: "600" max_lease_time: "7200" - routers: "185.230.78.99" - dns: ["185.230.78.99"] + routers: "{{ query('ldap', 'ip4', 'passerelle', 'adh') }}" + dns: ["{{ query('ldap', 'ip4', 'romanesco', 'adh') }}"] domain_name: "adh.crans.org" domain_search: "adh.crans.org" options: [] diff --git a/host_vars/routeur-jack.adm.crans.org/prefix_delegation.yml b/host_vars/routeur-jack.adm.crans.org/prefix_delegation.yml index 3a1973b1..50cd36e1 100644 --- a/host_vars/routeur-jack.adm.crans.org/prefix_delegation.yml +++ b/host_vars/routeur-jack.adm.crans.org/prefix_delegation.yml @@ -15,6 +15,6 @@ loc_service_prefix_delegation: prefix: "2a0c:700:12::" length: "48" ldap: - server: "ldaps://172.16.10.114" + server: "ldaps://{{ query('ldap', 'ip4', 'flirt', 'adm') }}" binddn: "{{ vault.ldap_adh_reader.binddn }}" password: "{{ vault.ldap_adh_reader.bindpass }}" diff --git a/host_vars/routeur-sam.adm.crans.org/dhcp.yml b/host_vars/routeur-sam.adm.crans.org/dhcp.yml index 2acf4c75..ebb35117 100644 --- a/host_vars/routeur-sam.adm.crans.org/dhcp.yml +++ b/host_vars/routeur-sam.adm.crans.org/dhcp.yml @@ -7,8 +7,8 @@ loc_dhcp: vlan: "adh" default_lease_time: "600" max_lease_time: "7200" - routers: "185.230.78.99" - dns: ["185.230.78.99"] + routers: "{{ query('ldap', 'ip4', 'passerelle', 'adh') }}" + dns: ["{{ query('ldap', 'ip4', 'romanesco', 'adh') }}"] domain_name: "adh.crans.org" domain_search: "adh.crans.org" options: [] diff --git a/host_vars/routeur-sam.adm.crans.org/prefix_delegation.yml b/host_vars/routeur-sam.adm.crans.org/prefix_delegation.yml index 3a1973b1..50cd36e1 100644 --- a/host_vars/routeur-sam.adm.crans.org/prefix_delegation.yml +++ b/host_vars/routeur-sam.adm.crans.org/prefix_delegation.yml @@ -15,6 +15,6 @@ loc_service_prefix_delegation: prefix: "2a0c:700:12::" length: "48" ldap: - server: "ldaps://172.16.10.114" + server: "ldaps://{{ query('ldap', 'ip4', 'flirt', 'adm') }}" binddn: "{{ vault.ldap_adh_reader.binddn }}" password: "{{ vault.ldap_adh_reader.bindpass }}" diff --git a/host_vars/routeur-thot.adm.crans.org.yml b/host_vars/routeur-thot.adm.crans.org.yml index f06e0338..35aae9f9 100644 --- a/host_vars/routeur-thot.adm.crans.org.yml +++ b/host_vars/routeur-thot.adm.crans.org.yml @@ -14,12 +14,12 @@ loc_wireguard: allowed_ips: - "{{ query('ldap', 'network', 'adm') }}" - "fd00:0:0:{{ query('ldap', 'vlanid', 'adm') }}::/64" - endpoint: "{{ query('ldap', 'ip', 'boeing', 'srv') | ansible.utils.ipv4 | first }}:51822" + endpoint: "{{ query('ldap', 'ip4', 'boeing', 'srv') }}:51822" persistent_keepalive: 25 post_up: - "sysctl -w net.ipv4.conf.%i.proxy_arp=1" - "sysctl -w net.ipv6.conf.%i.proxy_ndp=1" - - "ip route add 172.16.10.1 dev %i proto proxy" + - "ip route add {{ query('ldap', 'ip4', 'tealc', 'adm') }} dev %i proto proxy" - "python3 /var/local/services/proxy/proxy.py --alter" pre_down: - "sysctl -w net.ipv4.conf.%i.proxy_arp=0" @@ -30,8 +30,8 @@ loc_wireguard: loc_service_proxy: config: ldap: - - server: "ldaps://{{ query('ldap', 'ip', 'ldap-adm', 'adm') | ansible.utils.ipv4 | first }}/" - - server: "ldaps://{{ query('ldap', 'ip', 'thot', 'adm') | ansible.utils.ipv4 | first }}/" + - server: "ldaps://{{ query('ldap', 'ip4', 'ldap-adm', 'adm') }}/" + - server: "ldaps://{{ query('ldap', 'ip4', 'thot', 'adm') }}/" protocol: "proxy" filter: ".adm.crans.org" proxy: diff --git a/host_vars/sam.adm.crans.org.yml b/host_vars/sam.adm.crans.org.yml index 0372a19b..e0f65f21 100644 --- a/host_vars/sam.adm.crans.org.yml +++ b/host_vars/sam.adm.crans.org.yml @@ -6,7 +6,7 @@ loc_borg: - /var loc_slapd: - ip: "{{ query('ldap', 'ip', 'sam', 'adm') | ansible.utils.ipv4 | first }}" + ip: "{{ query('ldap', 'ip4', 'sam', 'adm') }}" replica: true replica_rid: 1 diff --git a/host_vars/sputnik.adm.crans.org.yml b/host_vars/sputnik.adm.crans.org.yml index 3fd06ed4..64402c39 100644 --- a/host_vars/sputnik.adm.crans.org.yml +++ b/host_vars/sputnik.adm.crans.org.yml @@ -12,8 +12,8 @@ loc_wireguard: tunnels: - name: "sputnik" addresses: - - "{{ query('ldap', 'ip', 'sputnik', 'adm') | ansible.utils.ipv4 | first }}/24" - - "{{ query('ldap', 'ip', 'sputnik', 'adm') | ansible.utils.ipv6 | first }}/64" + - "{{ query('ldap', 'ip4', 'sputnik', 'adm') }}/24" + - "{{ query('ldap', 'ip6', 'sputnik', 'adm') }}/64" listen_port: 51820 private_key: "{{ vault.wireguard.sputnik.privkey }}" peers: @@ -21,12 +21,12 @@ loc_wireguard: allowed_ips: - "{{ query('ldap', 'network', 'adm') }}" - "fd00:0:0:{{ query('ldap', 'vlanid', 'adm') }}::/64" - endpoint: "{{ query('ldap', 'ip', 'boeing', 'srv') | ansible.utils.ipv4 | first }}:51820" + endpoint: "{{ query('ldap', 'ip4', 'boeing', 'srv') }}:51820" post_up: - "/sbin/ip link set sputnik alias adm" loc_slapd: - ip: "{{ query('ldap', 'ip', 'sputnik', 'adm') | ansible.utils.ipv4 | first }}" + ip: "{{ query('ldap', 'ip4', 'sputnik', 'adm') }}" replica: true replica_rid: 4 @@ -45,7 +45,7 @@ loc_service_certbot: config: "crans.org": zone: _acme-challenge.crans.org - server: 172.16.10.147 + server: "{{ query('ldap', 'ip4', 'silice', 'adm') }}" port: 53 key: name: certbot_challenge. @@ -53,7 +53,7 @@ loc_service_certbot: algorithm: HMAC-SHA512 "adm.crans.org": zone: _acme-challenge.adm.crans.org - server: 172.16.10.147 + server: "{{ query('ldap', 'ip4', 'silice', 'adm') }}" port: 53 key: name: certbot_adm_challenge. @@ -121,4 +121,4 @@ loc_bind: loc_service_ssh_known_hosts: config: ldap: - server: "ldaps://{{ query('ldap', 'ip', 'sputnik', 'adm') | ansible.utils.ipv4 | first }}" + server: "ldaps://{{ query('ldap', 'ip4', 'sputnik', 'adm') }}" diff --git a/host_vars/tealc.adm.crans.org.yml b/host_vars/tealc.adm.crans.org.yml index c84d862b..68407ac2 100644 --- a/host_vars/tealc.adm.crans.org.yml +++ b/host_vars/tealc.adm.crans.org.yml @@ -33,7 +33,7 @@ loc_postgres: frequency: "{{ 60 | random(seed=inventory_hostname) }} {{ ((24 | random(seed=inventory_hostname))+12)%24 }} * * *" loc_slapd: - ip: "{{ query('ldap', 'ip', 'tealc', 'adm') | ansible.utils.ipv4 | first }}" + ip: "{{ query('ldap', 'ip4', 'tealc', 'adm') }}" replica: false loc_borg: diff --git a/host_vars/thot.adm.crans.org.yml b/host_vars/thot.adm.crans.org.yml index 7a6739cb..3b0dd8e1 100644 --- a/host_vars/thot.adm.crans.org.yml +++ b/host_vars/thot.adm.crans.org.yml @@ -6,6 +6,6 @@ loc_borg: - /var loc_slapd: - ip: "{{ query('ldap', 'ip', 'thot', 'adm') | ansible.utils.ipv4 | first }}" + ip: "{{ query('ldap', 'ip4', 'thot', 'adm') }}" replica: true replica_rid: 5 diff --git a/host_vars/vol447.adm.crans.org.yml b/host_vars/vol447.adm.crans.org.yml index 556e4ec6..ccd6dfca 100644 --- a/host_vars/vol447.adm.crans.org.yml +++ b/host_vars/vol447.adm.crans.org.yml @@ -11,8 +11,8 @@ loc_wireguard: peers: - public_key: "{{ vault.wireguard.charybde.pubkey }}" allowed_ips: - - "{{ query('ldap', 'ip', 'charybde', 'adm') | ansible.utils.ipv4 | first }}/32" - - "{{ query('ldap', 'ip', 'charybde', 'adm') | ansible.utils.ipv6 | first }}/128" - endpoint: "{{ query('ldap', 'ip', 'freebox', 'srv') | ansible.utils.ipv4 | first }}:51820" - post_up: "sysctl -w net.ipv4.conf.ens18.proxy_arp=1; sysctl -w net.ipv4.conf.gulp.proxy_arp=1; sysctl -w net.ipv6.conf.ens18.proxy_ndp=1; sysctl -w net.ipv6.conf.gulp.proxy_ndp=1; ip neigh add proxy {{ query('ldap', 'ip', 'charybde', 'adm') | ansible.utils.ipv6 | first }} dev ens18" - post_down: "sysctl -w net.ipv4.conf.ens18.proxy_arp=0; sysctl -w net.ipv4.conf.gulp.proxy_arp=0; sysctl -w net.ipv6.conf.ens18.proxy_ndp=0; sysctl -w net.ipv6.conf.gulp.proxy_ndp=0; ip neigh delete proxy {{ query('ldap', 'ip', 'charybde', 'adm') | ansible.utils.ipv6 | first }} dev ens18" + - "{{ query('ldap', 'ip4', 'charybde', 'adm') }}/32" + - "{{ query('ldap', 'ip6', 'charybde', 'adm') }}/128" + endpoint: "{{ query('ldap', 'ip4', 'freebox', 'srv') }}:51820" + post_up: "sysctl -w net.ipv4.conf.ens18.proxy_arp=1; sysctl -w net.ipv4.conf.gulp.proxy_arp=1; sysctl -w net.ipv6.conf.ens18.proxy_ndp=1; sysctl -w net.ipv6.conf.gulp.proxy_ndp=1; ip neigh add proxy {{ query('ldap', 'ip6', 'charybde', 'adm') }} dev ens18" + post_down: "sysctl -w net.ipv4.conf.ens18.proxy_arp=0; sysctl -w net.ipv4.conf.gulp.proxy_arp=0; sysctl -w net.ipv6.conf.ens18.proxy_ndp=0; sysctl -w net.ipv6.conf.gulp.proxy_ndp=0; ip neigh delete proxy {{ query('ldap', 'ip6', 'charybde', 'adm') }} dev ens18" diff --git a/host_vars/zamok.adm.crans.org.yml b/host_vars/zamok.adm.crans.org.yml index 514f1fbd..b0851a06 100644 --- a/host_vars/zamok.adm.crans.org.yml +++ b/host_vars/zamok.adm.crans.org.yml @@ -7,7 +7,7 @@ loc_borg: - /var/lib/mysql loc_thelounge: - host: "\"172.16.10.31\"" + host: "\"{{ query('ldap', 'ip4, 'zamok', 'adm') }}\"" oidentd: "\"/usr/local/lib/thelounge/.oidentd.conf\"" reverseProxy: "true" ldap_enable: "true" @@ -19,14 +19,14 @@ loc_crans_scripts: loc_nfs_mount: mounts: - - ip: 172.16.4.2 + - ip: "{{ query('ldap', 'ip4', 'cameron', 'san') }}" mountpoint: /pool/home target: /home name: home owner: root group: root mode: '0755' - - ip: 172.16.4.2 + - ip: "{{ query('ldap', 'ip4', 'cameron', 'san') }}" mountpoint: /pool/mail target: /var/mail name: var-mail diff --git a/lookup_plugins/ldap.py b/lookup_plugins/ldap.py index d29b0c7f..5baf7dbf 100644 --- a/lookup_plugins/ldap.py +++ b/lookup_plugins/ldap.py @@ -60,6 +60,22 @@ class LookupModule(LookupBase): result = [res.decode('utf-8') for res in result['ipHostNumber']] return result + def ip4(self, host, vlan): + """ + Retrieve the first IP addresses of an interface of a device + query('ldap', 'ip4', HOST, VLAN) + """ + result = [res for res in self.ip(host, vlan) if ipaddress.ip_address(res).version == 4 ] + return result[0] + + def ip6(self, host, vlan): + """ + Retrieve IP addresses of an interface of a device + query('ldap', 'ip', HOST, VLAN) + """ + result = [res for res in self.ip(host, vlan) if ipaddress.ip_address(res).version == 6 ] + return result[0] + def all_ip(self, host): """ Retrieve all IP addresses of a device