[slapd] Filter ipv4s responsibly

2021-02-22 09:45:13 +01:00 · 2021-02-22 09:45:13 +01:00 · a82d770043
parent 02df5674b1
commit a82d770043
9 changed files with 8 additions and 26 deletions
--- a/group_vars/ldap_server.yml
+++ b/group_vars/ldap_server.yml
@ -1,7 +1,6 @@
 ---
 glob_slapd:
-  master_ip: "{{ query('ldap', 'ipv4', 'tealc', 'adm') | first }}"
+  master_ip: "{{ query('ldap', 'ip', 'tealc', 'adm') | ipv4 | first }}"
  regex: "^(role:(dhcp|dns|dns-primary|dns-secondary|ftp|gitlab|miroir|ntp|pve|radius|backup)|ecdsa-sha2-nistp256:.*|ssh-(ed25519|dss|rsa):.*)$"
  replication_credentials: "{{ vault_ldap_replication_credentials }}"
  private_key: "{{ vault_ldap_private_key }}"
--- a/host_vars/daniel.adm.crans.org.yml
+++ b/host_vars/daniel.adm.crans.org.yml
@ -1,5 +1,5 @@
 ---
 loc_slapd:
-  ip: "{{ query('ldap', 'ipv4', 'daniel', 'adm') | first }}"
+  ip: "{{ query('ldap', 'ip', 'daniel', 'adm') | ipv4 | first }}"
  replica: true
  replica_rid: 2
--- a/host_vars/jack.adm.crans.org.yml
+++ b/host_vars/jack.adm.crans.org.yml
@ -1,5 +1,5 @@
 ---
 loc_slapd:
-  ip: "{{ query('ldap', 'ipv4', 'jack', 'adm') | first }}"
+  ip: "{{ query('ldap', 'ip', 'jack', 'adm') | ipv4 | first }}"
  replica: true
  replica_rid: 3
--- a/host_vars/sam.adm.crans.org.yml
+++ b/host_vars/sam.adm.crans.org.yml
@ -1,5 +1,5 @@
 ---
 loc_slapd:
-  ip: "{{ query('ldap', 'ipv4', 'sam', 'adm') | first }}"
+  ip: "{{ query('ldap', 'ip', 'sam', 'adm') | ipv4 | first }}"
  replica: true
  replica_rid: 1
--- a/host_vars/sputnik.adm.crans.org
+++ b/host_vars/sputnik.adm.crans.org
@ -1,5 +1,5 @@
 ---
 loc_slapd:
-  ip: "{{ query('ldap', 'ipv4', 'sputnik', 'adm') | first }}"
+  ip: "{{ query('ldap', 'ip', 'sputnik', 'adm') | ipv4 | first }}"
  replica: true
  replica_rid: 4
--- a/host_vars/tealc.adm.crans.org.yml
+++ b/host_vars/tealc.adm.crans.org.yml
@ -2,5 +2,5 @@ loc_postgresql:
  version: 11
 loc_slapd:
-  ip: 172.16.10.1
+  ip: "{{ query('ldap', 'ip', 'tealc', 'adm') | ipv4 | first }}"
  replica: false
--- a/2
+++ b/2
@ -61,7 +61,7 @@ irc.adm.crans.org
 [keepalived:children]
 routeurs_vm
-[ldap_server]
+[slapd]
 tealc.adm.crans.org
 sam.adm.crans.org
 daniel.adm.crans.org
--- a/lookup_plugins/ldap.py
+++ b/lookup_plugins/ldap.py
@ -60,21 +60,6 @@ class LookupModule(LookupBase):
        result = [res.decode('utf-8') for res in result['ipHostNumber']]
        return result
    def ipv4(self, host, vlan):
        if isinstance(vlan, int):
            network_query_id = self.base.search(f"ou=networks,{self.base_dn}", ldap.SCOPE_ONELEVEL, f"description={vlan}")
            network_result = self.base.result(network_query_id)
            vlan = network_result[1][0][1]['cn'][0].decode('utf-8')
        if vlan == 'srv':
            query_id = self.base.search(f"cn={host}.crans.org,cn={host},ou=hosts,{self.base_dn}", ldap.SCOPE_BASE)
        else:
            query_id = self.base.search(f"cn={host}.{vlan}.crans.org,cn={host},ou=hosts,{self.base_dn}", ldap.SCOPE_BASE)
        result = self.base.result(query_id)
        result = result[1][0][1]
        result = [res.decode('utf-8') for res in result['ipHostNumber']]
        result = [ res for res in result if type(ipaddress.ip_address(res)) is ipaddress.IPv4Address ]
        return result
    def all_ip(self, host):
        """
        Retrieve all IP addresses of a device
@ -156,8 +141,6 @@ class LookupModule(LookupBase):
            result = self.query(*terms[1:])
        elif terms[0] == 'ip':
            result = self.ip(*terms[1:])
        elif terms[0] == 'ipv4':
            result = self.ipv4(*terms[1:])
        elif terms[0] == 'all_ip':
            result = self.all_ip(*terms[1:])
        elif terms[0] == 'cn':
--- a/plays/slapd.yml
+++ b/plays/slapd.yml
@ -1,6 +1,6 @@
 #!/usr/bin/env ansible-playbook
 ---
- hosts: ldap_server
+- hosts: slapd
  vars:
    slapd: '{{ glob_slapd | default({}) | combine(loc_slapd | default({})) }}'
  roles: