From 90f40285971a899b8a8c5243f91f7b870c775a47 Mon Sep 17 00:00:00 2001
From: Benjamin Graillot <graillot@crans.org>
Date: Fri, 4 Nov 2022 19:35:59 +0100
Subject: [PATCH] Add ldap-adm.adm.crans.org as main slapd server

---
 group_vars/all/ldap.yml              | 1 +
 group_vars/all/ssh_known_hosts.yml   | 2 +-
 group_vars/prometheus.yml            | 2 +-
 group_vars/slapd.yml                 | 8 ++++----
 group_vars/virtu_adh.yml             | 2 +-
 host_vars/boeing.adm.crans.org.yml   | 2 +-
 host_vars/ldap-adm.adm.crans.org.yml | 3 +++
 hosts                                | 2 ++
 8 files changed, 14 insertions(+), 8 deletions(-)
 create mode 100644 host_vars/ldap-adm.adm.crans.org.yml

diff --git a/group_vars/all/ldap.yml b/group_vars/all/ldap.yml
index 781301c8..6bc80a44 100644
--- a/group_vars/all/ldap.yml
+++ b/group_vars/all/ldap.yml
@@ -3,6 +3,7 @@ glob_ldap:
   uri: 'ldap://re2o-ldap.adm.crans.org/'
   users_base: 'cn=Utilisateurs,dc=crans,dc=org'
   servers:
+    - 172.16.10.100
     - 172.16.10.1
     - 172.16.10.11
     - 172.16.10.12
diff --git a/group_vars/all/ssh_known_hosts.yml b/group_vars/all/ssh_known_hosts.yml
index 3e29c6cc..de39ccd9 100644
--- a/group_vars/all/ssh_known_hosts.yml
+++ b/group_vars/all/ssh_known_hosts.yml
@@ -12,4 +12,4 @@ glob_service_ssh_known_hosts:
     frequency: "*/10 * * * *"
   config:
     ldap:
-      server: "ldaps://{{ query('ldap', 'ip', 'tealc', 'adm') | ansible.utils.ipv4 | first }}"
+      server: "ldaps://{{ query('ldap', 'ip', 'ldap-adm', 'adm') | ansible.utils.ipv4 | first }}"
diff --git a/group_vars/prometheus.yml b/group_vars/prometheus.yml
index 4979349e..1d76a619 100644
--- a/group_vars/prometheus.yml
+++ b/group_vars/prometheus.yml
@@ -13,7 +13,7 @@ glob_service_prometheus_target:
     options: ""
   config:
     ldap:
-      server: "ldaps://{{ query('ldap', 'ip', 'tealc', 'adm') | ansible.utils.ipv4 | first }}"
+      server: "ldaps://{{ query('ldap', 'ip', 'ldap-adh', 'adm') | ansible.utils.ipv4 | first }}"
 
 glob_ninjabot:
   config:
diff --git a/group_vars/slapd.yml b/group_vars/slapd.yml
index 98995765..0198b88c 100644
--- a/group_vars/slapd.yml
+++ b/group_vars/slapd.yml
@@ -1,7 +1,7 @@
 ---
 glob_slapd:
-  master_ip: "{{ query('ldap', 'ip', 'tealc', 'adm') | ansible.utils.ipv4 | first }}"
+  master_ip: "{{ query('ldap', 'ip', 'ldap-adm', 'adm') | ansible.utils.ipv4 | first }}"
   regex: "^(role:(dhcp|dns|dns-primary|dns-secondary|ftp|gitlab|miroir|ntp|pve|radius|backup)|ecdsa-sha2-nistp256:.*|ssh-(ed25519|dss|rsa):.*|description:.*|location:.*)$"
-  replication_credentials: "{{ vault.slapd.tealc.replication_credentials }}"
-  private_key: "{{ vault.slapd.tealc.private_key }}"
-  certificate: "{{ vault.slapd.tealc.certificate }}"
+  replication_credentials: "{{ vault.slapd.main.replication_credentials }}"
+  private_key: "{{ vault.slapd.main.private_key }}"
+  certificate: "{{ vault.slapd.main.certificate }}"
diff --git a/group_vars/virtu_adh.yml b/group_vars/virtu_adh.yml
index c3ad33ea..98987167 100644
--- a/group_vars/virtu_adh.yml
+++ b/group_vars/virtu_adh.yml
@@ -12,7 +12,7 @@ glob_service_proxmox_user:
   config:
     ldap:
       admin:
-        uri: "ldaps://{{ query('ldap', 'ip', 'tealc', 'adm') | ansible.utils.ipv4 | first }}/"
+        uri: "ldaps://{{ query('ldap', 'ip', 'ldap-adm', 'adm') | ansible.utils.ipv4 | first }}/"
         userBase: "ou=passwd,dc=crans,dc=org"
         realm: "pam"
       user:
diff --git a/host_vars/boeing.adm.crans.org.yml b/host_vars/boeing.adm.crans.org.yml
index e7d986cb..6fa5bac4 100644
--- a/host_vars/boeing.adm.crans.org.yml
+++ b/host_vars/boeing.adm.crans.org.yml
@@ -63,7 +63,7 @@ loc_wireguard:
 loc_service_proxy:
   config:
     ldap:
-      server: "ldaps://{{ query('ldap', 'ip', 'tealc', 'adm') | ansible.utils.ipv4 | first }}/"
+      server: "ldaps://{{ query('ldap', 'ip', 'ldap-adm', 'adm') | ansible.utils.ipv4 | first }}/"
     protocol: "proxy"
     filter: "adm.crans.org"
     proxy:
diff --git a/host_vars/ldap-adm.adm.crans.org.yml b/host_vars/ldap-adm.adm.crans.org.yml
new file mode 100644
index 00000000..5fccab83
--- /dev/null
+++ b/host_vars/ldap-adm.adm.crans.org.yml
@@ -0,0 +1,3 @@
+loc_slapd:
+  ip: "{{ query('ldap', 'ip', 'ldap-adm', 'adm') | ipv4 | first }}"
+  replica: false
diff --git a/hosts b/hosts
index a913b875..7d4c4e76 100644
--- a/hosts
+++ b/hosts
@@ -238,6 +238,7 @@ helloworld.adm.crans.org
 daniel.adm.crans.org
 ft.adm.crans.org
 jack.adm.crans.org
+ldap-adm.adm.crans.org
 sam.adm.crans.org
 sputnik.adm.crans.org
 tealc.adm.crans.org
@@ -317,6 +318,7 @@ irc.adm.crans.org
 jitsi.adm.crans.org
 kenobi.adm.crans.org
 kiwi.adm.crans.org
+ldap-adm.adm.crans.org
 linx.adm.crans.org
 mailman.adm.crans.org
 neree.adm.crans.org