From d75b81fd04aaeaa5b7774fc5d04f640aa0219b9a Mon Sep 17 00:00:00 2001 From: korenstin Date: Sat, 26 Oct 2024 11:46:47 +0200 Subject: [PATCH] =?UTF-8?q?syntaxe=20d=C3=A9pr=C3=A9ci=C3=A9e=20lookup=20l?= =?UTF-8?q?dap?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- group_vars/all/home_nounou.yml | 2 +- group_vars/all/ldap.yml | 8 ++--- group_vars/all/mirror.yml | 2 +- group_vars/all/network_interfaces.yml | 12 ++++---- group_vars/all/prometheus_nginx_exporter.yaml | 2 +- group_vars/all/prometheus_node_exporter.yaml | 2 +- group_vars/all/rsyslog_client.yml | 2 +- group_vars/all/ssh_known_hosts.yml | 2 +- group_vars/aurore/home_nounou.yml | 2 +- group_vars/aurore/ldap.yml | 2 +- group_vars/aurore/ssh_known_hosts.yml | 2 +- group_vars/bird.yml | 2 +- group_vars/certbot.yml | 2 +- group_vars/constellation.yml | 4 +-- group_vars/django_cas.yml | 4 +-- group_vars/dovecot.yml | 2 +- group_vars/ethercalc.yml | 2 +- group_vars/keepalived.yml | 14 ++++----- group_vars/mailman.yml | 4 +-- group_vars/postfix.yml | 2 +- group_vars/prefix_delegation.yml | 2 +- group_vars/printer.yml | 10 +++---- group_vars/prometheus.yml | 2 +- group_vars/re2o.yml | 4 +-- group_vars/re2o_front.yml | 4 +-- group_vars/re2o_ldap.yml | 2 +- group_vars/reverseproxy.yml | 6 ++-- group_vars/routeurs_vm.yml | 4 +-- group_vars/slapd.yml | 2 +- group_vars/sssd.yml | 12 ++++---- group_vars/thelounge.yml | 2 +- group_vars/viarezo/home_nounou.yml | 2 +- group_vars/viarezo/ldap.yml | 2 +- group_vars/viarezo/ssh_known_hosts.yml | 2 +- group_vars/virtu.yml | 4 +-- group_vars/virtu_adh.yml | 4 +-- host_vars/backup-ft.adm.crans.org.yml | 4 +-- host_vars/backup-thot.adm.crans.org.yml | 4 +-- host_vars/boeing.adm.crans.org.yml | 12 ++++---- host_vars/cameron.adm.crans.org.yml | 4 +-- host_vars/cephiroth.adm.crans.org.yml | 2 +- host_vars/daniel.adm.crans.org.yml | 2 +- host_vars/eclat.adm.crans.org.yml | 2 +- host_vars/ft.adm.crans.org.yml | 2 +- host_vars/fyre.adm.crans.org.yml | 2 +- host_vars/gitzly.adm.crans.org.yml | 4 +-- host_vars/helloworld.adm.crans.org.yml | 2 +- host_vars/irc.adm.crans.org.yml | 30 +++++++++---------- host_vars/jack.adm.crans.org.yml | 2 +- host_vars/owncloud.adm.crans.org.yml | 2 +- host_vars/ptf.adm.crans.org.yml | 2 +- host_vars/re2o-dev.adm.crans.org.yml | 2 +- host_vars/redisdead.adm.crans.org.yml | 4 +-- host_vars/routeur-ft.adm.crans.org.yml | 10 +++---- host_vars/routeur-thot.adm.crans.org.yml | 10 +++---- host_vars/sam.adm.crans.org.yml | 2 +- host_vars/sputnik.adm.crans.org.yml | 16 +++++----- host_vars/thot.adm.crans.org.yml | 2 +- host_vars/zamok.adm.crans.org.yml | 6 ++-- lookup_plugins/ldap.py | 10 +++---- .../templates/network/interfaces.d/ifalias.j2 | 4 +-- 61 files changed, 140 insertions(+), 140 deletions(-) diff --git a/group_vars/all/home_nounou.yml b/group_vars/all/home_nounou.yml index 04898044..3bff1f66 100644 --- a/group_vars/all/home_nounou.yml +++ b/group_vars/all/home_nounou.yml @@ -1,7 +1,7 @@ --- glob_home_nounou: mounts: - - ip: "{{ query('ldap', 'ip4', 'tealc', 'adm') }}" + - ip: "{{ lookup('ldap', 'ip4', 'tealc', 'adm') }}" mountpoint: /pool/home target: /home_nounou name: home_nounou diff --git a/group_vars/all/ldap.yml b/group_vars/all/ldap.yml index 876bac30..30a2bd89 100644 --- a/group_vars/all/ldap.yml +++ b/group_vars/all/ldap.yml @@ -3,8 +3,8 @@ glob_ldap: uri: 'ldap://yson-partou.adm.crans.org/' users_base: 'cn=Utilisateurs,dc=crans,dc=org' servers: - - "{{ query('ldap', 'ip4', 'wall-e', 'adm') }}" -# - "{{ query('ldap', 'ip4', 'sam', 'adm') }}" -# - "{{ query('ldap', 'ip4', 'daniel', 'adm') }}" -# - "{{ query('ldap', 'ip4', 'jack', 'adm') }}" + - "{{ lookup('ldap', 'ip4', 'wall-e', 'adm') }}" +# - "{{ lookup('ldap', 'ip4', 'sam', 'adm') }}" +# - "{{ lookup('ldap', 'ip4', 'daniel', 'adm') }}" +# - "{{ lookup('ldap', 'ip4', 'jack', 'adm') }}" base: 'dc=crans,dc=org' diff --git a/group_vars/all/mirror.yml b/group_vars/all/mirror.yml index 81376705..4b78e5cf 100644 --- a/group_vars/all/mirror.yml +++ b/group_vars/all/mirror.yml @@ -1,7 +1,7 @@ --- glob_mirror: hostname: mirror.adm.crans.org - ip: "{{ query('ldap', 'ip4', 'eclat', 'adm') }}" + ip: "{{ lookup('ldap', 'ip4', 'eclat', 'adm') }}" debian_mirror: http://mirror.adm.crans.org/debian ubuntu_mirror: http://mirror.adm.crans.org/ubuntu diff --git a/group_vars/all/network_interfaces.yml b/group_vars/all/network_interfaces.yml index 3d533147..08ae7463 100644 --- a/group_vars/all/network_interfaces.yml +++ b/group_vars/all/network_interfaces.yml @@ -3,12 +3,12 @@ glob_network_interfaces: vlan: - name: srv id: 2 - gateway: "{{ query('ldap', 'ip4', 'passerelle', 'srv') }}" - gateway_v6: "{{ query('ldap', 'ip6', 'passerelle', 'srv') }}" + gateway: "{{ lookup('ldap', 'ip4', 'passerelle', 'srv') }}" + gateway_v6: "{{ lookup('ldap', 'ip6', 'passerelle', 'srv') }}" - name: srv_nat id: 3 - gateway: "{{ query('ldap', 'ip4', 'passerelle', 'srv-nat') }}" - gateway_v6: "{{ query('ldap', 'ip6', 'passerelle', 'srv-nat') }}" + gateway: "{{ lookup('ldap', 'ip4', 'passerelle', 'srv-nat') }}" + gateway_v6: "{{ lookup('ldap', 'ip6', 'passerelle', 'srv-nat') }}" - name: san id: 4 extra: @@ -19,14 +19,14 @@ glob_network_interfaces: - "mtu 9000" - name: adm id: 10 - dns: "{{ query('ldap', 'ip4', 'romanesco', 'adm') }}" + dns: "{{ lookup('ldap', 'ip4', 'romanesco', 'adm') }}" - name: adh id: 12 - name: adh_adm id: 13 - name: renater id: 38 - gateway: "{{ query('ldap', 'ip4', 'dsi', 'renater') }}" + gateway: "{{ lookup('ldap', 'ip4', 'dsi', 'renater') }}" - name: lp id: 56 - name: auto diff --git a/group_vars/all/prometheus_nginx_exporter.yaml b/group_vars/all/prometheus_nginx_exporter.yaml index acb00f53..18e8c716 100644 --- a/group_vars/all/prometheus_nginx_exporter.yaml +++ b/group_vars/all/prometheus_nginx_exporter.yaml @@ -1,3 +1,3 @@ --- glob_prometheus_nginx_exporter: - listen_addr: "{{ query('ldap', 'ip4', ansible_hostname, 'adm') }}" + listen_addr: "{{ lookup('ldap', 'ip4', ansible_hostname, 'adm') }}" diff --git a/group_vars/all/prometheus_node_exporter.yaml b/group_vars/all/prometheus_node_exporter.yaml index 72a6bc8f..feeb7bbb 100644 --- a/group_vars/all/prometheus_node_exporter.yaml +++ b/group_vars/all/prometheus_node_exporter.yaml @@ -1,3 +1,3 @@ --- glob_prometheus_node_exporter: - listen_addr: "{{ query('ldap', 'ip4', ansible_hostname, 'adm') }}" + listen_addr: "{{ lookup('ldap', 'ip4', ansible_hostname, 'adm') }}" diff --git a/group_vars/all/rsyslog_client.yml b/group_vars/all/rsyslog_client.yml index f8406365..5b33523e 100644 --- a/group_vars/all/rsyslog_client.yml +++ b/group_vars/all/rsyslog_client.yml @@ -1,3 +1,3 @@ --- glob_rsyslog_client: - server: "{{ query('ldap', 'ip4', 'tealc', 'adm') }}" + server: "{{ lookup('ldap', 'ip4', 'tealc', 'adm') }}" diff --git a/group_vars/all/ssh_known_hosts.yml b/group_vars/all/ssh_known_hosts.yml index 047b4f8c..4a3c42ef 100644 --- a/group_vars/all/ssh_known_hosts.yml +++ b/group_vars/all/ssh_known_hosts.yml @@ -12,4 +12,4 @@ glob_service_ssh_known_hosts: frequency: "*/10 * * * *" config: ldap: - server: "ldaps://{{ query('ldap', 'ip4', 'wall-e', 'adm') }}" + server: "ldaps://{{ lookup('ldap', 'ip4', 'wall-e', 'adm') }}" diff --git a/group_vars/aurore/home_nounou.yml b/group_vars/aurore/home_nounou.yml index a2126f8c..86b33901 100644 --- a/group_vars/aurore/home_nounou.yml +++ b/group_vars/aurore/home_nounou.yml @@ -1,7 +1,7 @@ --- loc_home_nounou: mounts: - - ip: "{{ query('ldap', 'ip4', 'thot', 'adm') }}" + - ip: "{{ lookup('ldap', 'ip4', 'thot', 'adm') }}" mountpoint: /home_nounou target: /home_nounou name: home_nounou diff --git a/group_vars/aurore/ldap.yml b/group_vars/aurore/ldap.yml index 7cc7dad2..0e2c8085 100644 --- a/group_vars/aurore/ldap.yml +++ b/group_vars/aurore/ldap.yml @@ -1,4 +1,4 @@ --- loc_ldap: servers: - - "{{ query('ldap', 'ip4', 'thot', 'adm') }}" + - "{{ lookup('ldap', 'ip4', 'thot', 'adm') }}" diff --git a/group_vars/aurore/ssh_known_hosts.yml b/group_vars/aurore/ssh_known_hosts.yml index fc67c9df..cb33ce83 100644 --- a/group_vars/aurore/ssh_known_hosts.yml +++ b/group_vars/aurore/ssh_known_hosts.yml @@ -2,4 +2,4 @@ loc_service_ssh_known_hosts: config: ldap: - server: "ldaps://{{ query('ldap', 'ip4', 'thot', 'adm') }}" + server: "ldaps://{{ lookup('ldap', 'ip4', 'thot', 'adm') }}" diff --git a/group_vars/bird.yml b/group_vars/bird.yml index 702ae11f..0424b984 100644 --- a/group_vars/bird.yml +++ b/group_vars/bird.yml @@ -49,4 +49,4 @@ glob_bird: ipv6: true glob_prometheus_bird_exporter: - listen_addr: "{{ query('ldap', 'ip4', ansible_hostname, 'adm') }}" + listen_addr: "{{ lookup('ldap', 'ip4', ansible_hostname, 'adm') }}" diff --git a/group_vars/certbot.yml b/group_vars/certbot.yml index 696f9997..895a2a19 100644 --- a/group_vars/certbot.yml +++ b/group_vars/certbot.yml @@ -15,7 +15,7 @@ glob_service_certbot: config: "crans.org": zone: _acme-challenge.crans.org - server: "{{ query('ldap', 'ip4', 'silice', 'adm') }}" + server: "{{ lookup('ldap', 'ip4', 'silice', 'adm') }}" port: 53 key: name: certbot_challenge. diff --git a/group_vars/constellation.yml b/group_vars/constellation.yml index 620292fe..33937957 100644 --- a/group_vars/constellation.yml +++ b/group_vars/constellation.yml @@ -8,14 +8,14 @@ glob_constellation: - 'intranet.crans.org' email: ssl: false - host: "{{ query('ldap', 'ip4', 'redisdead', 'adm') }}" + host: "{{ lookup('ldap', 'ip4', 'redisdead', 'adm') }}" port: 25 user: '' password: '' from: "root@crans.org" from_full: "Crans " database: - host: "{{ query('ldap', 'ip4', 'tealc', 'adm') }}" + host: "{{ lookup('ldap', 'ip4', 'tealc', 'adm') }}" port: 5432 user: 'constellation' password: "{{ vault.constellation.django_db_password }}" diff --git a/group_vars/django_cas.yml b/group_vars/django_cas.yml index b0db89b0..f6ee474d 100644 --- a/group_vars/django_cas.yml +++ b/group_vars/django_cas.yml @@ -6,14 +6,14 @@ glob_django_cas: dn: 'cn=Utilisateurs,dc=crans,dc=org' password: "{{ vault.cas.ldap.password }}" user: 'cn=cas,ou=service-users,dc=crans,dc=org' - server: "{{ query('ldap', 'ip4', 'yson-partou', 'adm') }}" + server: "{{ lookup('ldap', 'ip4', 'yson-partou', 'adm') }}" db: host: tealc.adm.crans.org password: "{{ vault.cas.database.password }}" secret_key: "{{ vault.cas.secret_key }}" mail: address: 'root@crans.org' - host: "{{ query('ldap', 'ip4', 'redisdead', 'adm') }}" + host: "{{ lookup('ldap', 'ip4', 'redisdead', 'adm') }}" port: 25 loc_nginx: diff --git a/group_vars/dovecot.yml b/group_vars/dovecot.yml index cfa8f645..0e25ac39 100644 --- a/group_vars/dovecot.yml +++ b/group_vars/dovecot.yml @@ -1,7 +1,7 @@ --- glob_dovecot: ldap: - uri: "ldap://{{ query('ldap', 'ip4', 'yson-partou', 'adm') }}/" + uri: "ldap://{{ lookup('ldap', 'ip4', 'yson-partou', 'adm') }}/" dn: 'cn=dovecot,ou=service-users,dc=crans,dc=org' pass: "{{ vault.dovecot.dnpass }}" users_base: 'cn=Utilisateurs,dc=crans,dc=org' diff --git a/group_vars/ethercalc.yml b/group_vars/ethercalc.yml index 775cc2f2..a2270d46 100644 --- a/group_vars/ethercalc.yml +++ b/group_vars/ethercalc.yml @@ -1,3 +1,3 @@ --- glob_ethercalc: - ip: "{{ query('ldap', 'ip4', ansible_hostname, 'adm') }}" + ip: "{{ lookup('ldap', 'ip4', ansible_hostname, 'adm') }}" diff --git a/group_vars/keepalived.yml b/group_vars/keepalived.yml index 80b1837a..92340aa0 100644 --- a/group_vars/keepalived.yml +++ b/group_vars/keepalived.yml @@ -2,7 +2,7 @@ glob_keepalived: mail_source: keepalived@crans.org mail_destination: root@crans.org - smtp_server: "{{ query('ldap', 'ip4', 'redisdead', 'adm') }}" + smtp_server: "{{ lookup('ldap', 'ip4', 'redisdead', 'adm') }}" routeur_id: "{{ ansible_hostname }}" pool: VI_ALL: @@ -20,19 +20,19 @@ glob_keepalived: ipv6: - {ip: '2a0c:700:28::1/64', scope: 'global'} - vlan: srv - ipv4: "{{ query('ldap', 'ip4', 'passerelle', 'srv') }}/26" + ipv4: "{{ lookup('ldap', 'ip4', 'passerelle', 'srv') }}/26" ipv6: - - {ip: "{{ query('ldap', 'ip6', 'passerelle', 'srv') }}/64", scope: 'global'} + - {ip: "{{ lookup('ldap', 'ip6', 'passerelle', 'srv') }}/64", scope: 'global'} - {ip: 'fe80::1/64', scope: 'link'} - vlan: srv_nat - ipv4: "{{ query('ldap', 'ip4', 'passerelle', 'srv-nat') }}/24" + ipv4: "{{ lookup('ldap', 'ip4', 'passerelle', 'srv-nat') }}/24" ipv6: - - {ip: "{{ query('ldap', 'ip6', 'passerelle', 'srv-nat') }}/64", scope: 'global'} + - {ip: "{{ lookup('ldap', 'ip6', 'passerelle', 'srv-nat') }}/64", scope: 'global'} - {ip: 'fe80::1/64', scope: 'link'} - vlan: adh - ipv4: "{{ query('ldap', 'ip4', 'passerelle', 'adh') }}/24" + ipv4: "{{ lookup('ldap', 'ip4', 'passerelle', 'adh') }}/24" ipv6: - - {ip: "{{ query('ldap', 'ip6', 'passerelle', 'adh') }}/48", scope: 'global'} + - {ip: "{{ lookup('ldap', 'ip6', 'passerelle', 'adh') }}/48", scope: 'global'} - {ip: 'fe80::1/64', scope: 'link'} # - vlan: ens # ipv4: 100.84.0.99/16 diff --git a/group_vars/mailman.yml b/group_vars/mailman.yml index 202d7dca..4d494a45 100644 --- a/group_vars/mailman.yml +++ b/group_vars/mailman.yml @@ -57,13 +57,13 @@ glob_mailman3: database: user: "mailman3" pass: "{{ vault.mailman3.database.pass }}" - host: "{{ query('ldap', 'ip4', 'tealc', 'adm') }}" + host: "{{ lookup('ldap', 'ip4', 'tealc', 'adm') }}" port: 5432 name: "mailman3" web_database: user: "mailman3web" pass: "{{ vault.mailman3.web_database.pass }}" - host: "{{ query('ldap', 'ip4', 'tealc', 'adm') }}" + host: "{{ lookup('ldap', 'ip4', 'tealc', 'adm') }}" port: 5432 name: "mailman3web" restadmin_pass: "{{ vault.mailman3.restadmin_pass }}" diff --git a/group_vars/postfix.yml b/group_vars/postfix.yml index 42ee4953..898a1ed3 100644 --- a/group_vars/postfix.yml +++ b/group_vars/postfix.yml @@ -1,3 +1,3 @@ --- glob_prometheus_postfix_exporter: - listen_addr: "{{ query('ldap', 'ip4', ansible_hostname, 'adm') }}" + listen_addr: "{{ lookup('ldap', 'ip4', ansible_hostname, 'adm') }}" diff --git a/group_vars/prefix_delegation.yml b/group_vars/prefix_delegation.yml index 06325303..bf85722f 100644 --- a/group_vars/prefix_delegation.yml +++ b/group_vars/prefix_delegation.yml @@ -14,6 +14,6 @@ loc_service_prefix_delegation: prefix: "2a0c:700:12::" length: "48" ldap: - server: "ldaps://{{ query('ldap', 'ip4', 'flirt', 'adm') }}" + server: "ldaps://{{ lookup('ldap', 'ip4', 'flirt', 'adm') }}" binddn: "{{ vault.ldap_adh_reader.binddn }}" password: "{{ vault.ldap_adh_reader.bindpass }}" diff --git a/group_vars/printer.yml b/group_vars/printer.yml index b0af8365..b7a4f3ed 100644 --- a/group_vars/printer.yml +++ b/group_vars/printer.yml @@ -8,14 +8,14 @@ glob_printer: - 'imprimante.crans.org' email: ssl: false - host: "{{ query('ldap', 'ip4', 'redisdead', 'adm') }}" + host: "{{ lookup('ldap', 'ip4', 'redisdead', 'adm') }}" port: 25 user: '' password: '' from: "root@crans.org" from_full: "Crans " database: - host: "{{ query('ldap', 'ip4', 'tealc', 'adm') }}" + host: "{{ lookup('ldap', 'ip4', 'tealc', 'adm') }}" port: 5432 user: 'helloworld' password: "{{ vault.printer.django_db_password }}" @@ -27,9 +27,9 @@ glob_printer: note_id: 2088 note_alias: 'Crans' printer_name: 'Lexmark_X950_Series' - domain: "{{ query('ldap', 'ip4', 'printer', 'lp') }}" + domain: "{{ lookup('ldap', 'ip4', 'printer', 'lp') }}" scan_server: - address: "{{ query('ldap', 'ip4', ansible_hostname, 'lp') }}" + address: "{{ lookup('ldap', 'ip4', ansible_hostname, 'lp') }}" port: 9751 debug: false owner: www-data @@ -38,7 +38,7 @@ glob_printer: settings_local_owner: www-data settings_local_group: _nounou ldap: - uri: "ldaps://{{ query('ldap', 'ip4', 'tealc', 'adm') }}/" + uri: "ldaps://{{ lookup('ldap', 'ip4', 'tealc', 'adm') }}/" dn_template: uid=%(user)s,ou=passwd,dc=crans,dc=org group_search: ou=group,dc=crans,dc=org read_group: cn=_user,ou=group,dc=crans,dc=org diff --git a/group_vars/prometheus.yml b/group_vars/prometheus.yml index 5100a06f..bbe5a062 100644 --- a/group_vars/prometheus.yml +++ b/group_vars/prometheus.yml @@ -13,7 +13,7 @@ glob_service_prometheus_target: options: "" config: ldap: - server: "ldaps://{{ query('ldap', 'ip4', 'wall-e', 'adm') }}" + server: "ldaps://{{ lookup('ldap', 'ip4', 'wall-e', 'adm') }}" glob_ninjabot: config: diff --git a/group_vars/re2o.yml b/group_vars/re2o.yml index 430b0a9f..7e361267 100644 --- a/group_vars/re2o.yml +++ b/group_vars/re2o.yml @@ -9,7 +9,7 @@ glob_re2o: - 'intranet.adm.crans.org' - 're2o.crans.org' - 'intranet.crans.org' - - "{{ query('ldap', 'ip4', 're2o', 'adm') }}" + - "{{ lookup('ldap', 'ip4', 're2o', 'adm') }}" from_email: "root@crans.org" smtp_server: smtp.adm.crans.org ldap: @@ -18,7 +18,7 @@ glob_re2o: dn: "{{ vault.slapd.re2o.admin.binddn }}" database: password: "{{ vault.re2o.database.password }}" - uri: "{{ query('ldap', 'ip4', 'tealc', 'adm') }}" + uri: "{{ lookup('ldap', 'ip4', 'tealc', 'adm') }}" optional_apps: - api - captcha diff --git a/group_vars/re2o_front.yml b/group_vars/re2o_front.yml index 3c2ffb80..63bc0ff4 100644 --- a/group_vars/re2o_front.yml +++ b/group_vars/re2o_front.yml @@ -1,8 +1,8 @@ --- glob_re2o_front: server_names: - - "{{ query('ldap', 'ip4', 're2o', 'adm') }}" - - "[{{ query('ldap', 'ip6', 're2o', 'adm') }}]" + - "{{ lookup('ldap', 'ip4', 're2o', 'adm') }}" + - "[{{ lookup('ldap', 'ip6', 're2o', 'adm') }}]" - re2o.adm.crans.org - intranet.adm.crans.org - re2o.crans.org diff --git a/group_vars/re2o_ldap.yml b/group_vars/re2o_ldap.yml index e3bfb6cd..d6293920 100644 --- a/group_vars/re2o_ldap.yml +++ b/group_vars/re2o_ldap.yml @@ -1,7 +1,7 @@ --- glob_re2o_ldap: suffix: dc=crans,dc=org - url: "ldaps://{{ query('ldap', 'ip4', 'yson-partou', 'adm') }}:636" + url: "ldaps://{{ lookup('ldap', 'ip4', 'yson-partou', 'adm') }}:636" root_password_hash: "{{ vault.slapd.re2o.admin.bindpass_hash }}" certificate: "{{ vault.slapd.re2o.certificate }}" private_key: "{{ vault.slapd.re2o.private_key }}" diff --git a/group_vars/reverseproxy.yml b/group_vars/reverseproxy.yml index 3a7a58a6..198658ec 100644 --- a/group_vars/reverseproxy.yml +++ b/group_vars/reverseproxy.yml @@ -8,7 +8,7 @@ loc_service_certbot: config: "crans.org": zone: _acme-challenge.crans.org - server: "{{ query('ldap', 'ip4', 'silice', 'adm') }}" + server: "{{ lookup('ldap', 'ip4', 'silice', 'adm') }}" port: 53 key: name: certbot_challenge. @@ -16,7 +16,7 @@ loc_service_certbot: algorithm: HMAC-SHA512 "crans.eu": zone: _acme-challenge.crans.org - server: "{{ query('ldap', 'ip4', 'silice', 'adm') }}" + server: "{{ lookup('ldap', 'ip4', 'silice', 'adm') }}" port: 53 key: name: certbot_challenge. @@ -24,7 +24,7 @@ loc_service_certbot: algorithm: HMAC-SHA512 "crans.fr": zone: _acme-challenge.crans.org - server: "{{ query('ldap', 'ip4', 'silice', 'adm') }}" + server: "{{ lookup('ldap', 'ip4', 'silice', 'adm') }}" port: 53 key: name: certbot_challenge. diff --git a/group_vars/routeurs_vm.yml b/group_vars/routeurs_vm.yml index 3ff8a719..e20ab4b6 100644 --- a/group_vars/routeurs_vm.yml +++ b/group_vars/routeurs_vm.yml @@ -20,8 +20,8 @@ loc_dhcp: vlan: "adh" default_lease_time: "600" max_lease_time: "7200" - routers: "{{ query('ldap', 'ip4', 'passerelle', 'adh') }}" - dns: ["{{ query('ldap', 'ip4', 'romanesco', 'adh') }}"] + routers: "{{ lookup('ldap', 'ip4', 'passerelle', 'adh') }}" + dns: ["{{ lookup('ldap', 'ip4', 'romanesco', 'adh') }}"] domain_name: "adh.crans.org" domain_search: "adh.crans.org" options: [] diff --git a/group_vars/slapd.yml b/group_vars/slapd.yml index 3b9bf4d5..b4d899f9 100644 --- a/group_vars/slapd.yml +++ b/group_vars/slapd.yml @@ -1,6 +1,6 @@ --- glob_slapd: - master_ip: "{{ query('ldap', 'ip4', 'wall-e', 'adm') }}" + master_ip: "{{ lookup('ldap', 'ip4', 'wall-e', 'adm') }}" regex: "^(role:(dhcp|dns|dns-primary|dns-secondary|ftp|gitlab|miroir|ntp|pve|radius|backup)|ecdsa-sha2-nistp256:.*|ssh-(ed25519|dss|rsa):.*|description:.*|location:.*)$" replication_credentials: "{{ vault.slapd.main.replication_credentials }}" private_key: "{{ vault.slapd.main.private_key }}" diff --git a/group_vars/sssd.yml b/group_vars/sssd.yml index f43aaac3..162d0255 100644 --- a/group_vars/sssd.yml +++ b/group_vars/sssd.yml @@ -4,17 +4,17 @@ glob_sssd: domain: wall-e.adm.crans.org enumerate: "true" servers: - - "ldaps://{{ query('ldap', 'ip4', 'wall-e', 'adm') }}/" - - "ldaps://{{ query('ldap', 'ip4', 'sam', 'adm') }}/" - - "ldaps://{{ query('ldap', 'ip4', 'daniel', 'adm') }}/" - - "ldaps://{{ query('ldap', 'ip4', 'jack', 'adm') }}/" + - "ldaps://{{ lookup('ldap', 'ip4', 'wall-e', 'adm') }}/" + - "ldaps://{{ lookup('ldap', 'ip4', 'sam', 'adm') }}/" + - "ldaps://{{ lookup('ldap', 'ip4', 'daniel', 'adm') }}/" + - "ldaps://{{ lookup('ldap', 'ip4', 'jack', 'adm') }}/" base: "dc=crans,dc=org" secondary: domain: yson-partou.adm.crans.org enumerate: "false" servers: - - "ldaps://{{ query('ldap', 'ip4', 'yson-partou', 'adm') }}/" - - "ldaps://{{ query('ldap', 'ip4', 'terenez', 'adm') }}/" + - "ldaps://{{ lookup('ldap', 'ip4', 'yson-partou', 'adm') }}/" + - "ldaps://{{ lookup('ldap', 'ip4', 'terenez', 'adm') }}/" base: "dc=crans,dc=org" bind: dn: "{{ vault.sssd.secondary_ldap.binddn }}" diff --git a/group_vars/thelounge.yml b/group_vars/thelounge.yml index d2fe4a9e..4e3266e2 100644 --- a/group_vars/thelounge.yml +++ b/group_vars/thelounge.yml @@ -20,7 +20,7 @@ glob_thelounge: join: "#general" ldap_enable: "false" ldap: - url: "ldap://{{ query('ldap', 'ip4', 'yson-partou', 'adm') }}" + url: "ldap://{{ lookup('ldap', 'ip4', 'yson-partou', 'adm') }}" primaryKey: "cn" rootDN: "{{ vault.thelounge.ldap.rootDN }}" rootPassword: "{{ vault.thelounge.ldap.rootPassword }}" diff --git a/group_vars/viarezo/home_nounou.yml b/group_vars/viarezo/home_nounou.yml index f9150196..43268991 100644 --- a/group_vars/viarezo/home_nounou.yml +++ b/group_vars/viarezo/home_nounou.yml @@ -1,7 +1,7 @@ --- loc_home_nounou: mounts: - - ip: "{{ query('ldap', 'ip4', 'ft', 'adm') }}" + - ip: "{{ lookup('ldap', 'ip4', 'ft', 'adm') }}" mountpoint: /home_nounou target: /home_nounou name: home_nounou diff --git a/group_vars/viarezo/ldap.yml b/group_vars/viarezo/ldap.yml index 0a128c3d..6e02b950 100644 --- a/group_vars/viarezo/ldap.yml +++ b/group_vars/viarezo/ldap.yml @@ -1,4 +1,4 @@ --- loc_ldap: servers: - - "{{ query('ldap', 'ip4', 'ft', 'adm') }}" + - "{{ lookup('ldap', 'ip4', 'ft', 'adm') }}" diff --git a/group_vars/viarezo/ssh_known_hosts.yml b/group_vars/viarezo/ssh_known_hosts.yml index 72ec7a9d..d656c165 100644 --- a/group_vars/viarezo/ssh_known_hosts.yml +++ b/group_vars/viarezo/ssh_known_hosts.yml @@ -2,4 +2,4 @@ loc_service_ssh_known_hosts: config: ldap: - server: "ldaps://{{ query('ldap', 'ip4', 'ft', 'adm') }}" + server: "ldaps://{{ lookup('ldap', 'ip4', 'ft', 'adm') }}" diff --git a/group_vars/virtu.yml b/group_vars/virtu.yml index 335ab4b5..0c642f14 100644 --- a/group_vars/virtu.yml +++ b/group_vars/virtu.yml @@ -18,7 +18,7 @@ glob_service_proxmox_user: config: ldap: admin: - uri: "ldaps://{{ query('ldap', 'ip4', 'wall-e', 'adm') }}/" + uri: "ldaps://{{ lookup('ldap', 'ip4', 'wall-e', 'adm') }}/" userBase: "ou=passwd,dc=crans,dc=org" realm: "pam" dependencies: @@ -34,7 +34,7 @@ loc_service_certbot: config: "adm.crans.org": zone: _acme-challenge.adm.crans.org - server: "{{ query('ldap', 'ip4', 'silice', 'adm') }}" + server: "{{ lookup('ldap', 'ip4', 'silice', 'adm') }}" port: 53 key: name: certbot_adm_challenge. diff --git a/group_vars/virtu_adh.yml b/group_vars/virtu_adh.yml index 3df3c664..a0a73642 100644 --- a/group_vars/virtu_adh.yml +++ b/group_vars/virtu_adh.yml @@ -12,11 +12,11 @@ glob_service_proxmox_user: config: ldap: admin: - uri: "ldaps://{{ query('ldap', 'ip4', 'wall-e', 'adm') }}/" + uri: "ldaps://{{ lookup('ldap', 'ip4', 'wall-e', 'adm') }}/" userBase: "ou=passwd,dc=crans,dc=org" realm: "pam" user: - uri: "ldaps://{{ query('ldap', 'ip4', 'flirt', 'adm') }}/" + uri: "ldaps://{{ lookup('ldap', 'ip4', 'flirt', 'adm') }}/" userBase: "ou=users,dc=adh,dc=crans,dc=org" realm: "pve" binddn: "{{ vault.ldap_adh_reader.binddn }}" diff --git a/host_vars/backup-ft.adm.crans.org.yml b/host_vars/backup-ft.adm.crans.org.yml index 4663b9c6..28c62814 100644 --- a/host_vars/backup-ft.adm.crans.org.yml +++ b/host_vars/backup-ft.adm.crans.org.yml @@ -10,14 +10,14 @@ loc_needrestart: loc_home_nounou: mounts: - - ip: "{{ query('ldap', 'ip4', 'ft', 'adm') }}" + - ip: "{{ lookup('ldap', 'ip4', 'ft', 'adm') }}" mountpoint: /home_nounou target: /home_nounou name: home_nounou owner: root group: _user mode: '0750' - - ip: "{{ query('ldap', 'ip4', 'ft', 'adm') }}" + - ip: "{{ lookup('ldap', 'ip4', 'ft', 'adm') }}" mountpoint: /rpool/backup target: /backup name: backup diff --git a/host_vars/backup-thot.adm.crans.org.yml b/host_vars/backup-thot.adm.crans.org.yml index a307080c..9d544042 100644 --- a/host_vars/backup-thot.adm.crans.org.yml +++ b/host_vars/backup-thot.adm.crans.org.yml @@ -10,14 +10,14 @@ loc_needrestart: loc_home_nounou: mounts: - - ip: "{{ query('ldap', 'ip4', 'thot', 'adm') }}" + - ip: "{{ lookup('ldap', 'ip4', 'thot', 'adm') }}" mountpoint: /home_nounou target: /home_nounou name: home_nounou owner: root group: _user mode: '0750' - - ip: "{{ query('ldap', 'ip4', 'thot', 'adm') }}" + - ip: "{{ lookup('ldap', 'ip4', 'thot', 'adm') }}" mountpoint: /rpool/backup target: /backup name: backup diff --git a/host_vars/boeing.adm.crans.org.yml b/host_vars/boeing.adm.crans.org.yml index 3f739a8a..d864c5f3 100644 --- a/host_vars/boeing.adm.crans.org.yml +++ b/host_vars/boeing.adm.crans.org.yml @@ -18,9 +18,9 @@ loc_wireguard: peers: - public_key: "{{ vault.wireguard.sputnik.pubkey }}" allowed_ips: - - "{{ query('ldap', 'ip4', 'sputnik', 'adm') }}/32" - - "{{ query('ldap', 'ip6', 'sputnik', 'adm') }}/128" - endpoint: "{{ query('ldap', 'ip4', 'sputnik', 'srv') }}:51820" + - "{{ lookup('ldap', 'ip4', 'sputnik', 'adm') }}/32" + - "{{ lookup('ldap', 'ip6', 'sputnik', 'adm') }}/128" + endpoint: "{{ lookup('ldap', 'ip4', 'sputnik', 'srv') }}:51820" post_up: - "sysctl -w net.ipv4.conf.%i.proxy_arp=1" - "sysctl -w net.ipv6.conf.%i.proxy_ndp=1" @@ -36,7 +36,7 @@ loc_wireguard: peers: - public_key: "{{ vault.wireguard.routeur_ft.pubkey }}" allowed_ips: - - "{{ query('ldap', 'network', 'adm') }}" + - "{{ lookup('ldap', 'network', 'adm') }}" - "fd00:0:0:{{ query('ldap', 'vlanid', 'adm') }}::/64" persistent_keepalive: 25 post_up: @@ -54,7 +54,7 @@ loc_wireguard: peers: - public_key: "{{ vault.wireguard.routeur_thot.pubkey }}" allowed_ips: - - "{{ query('ldap', 'network', 'adm') }}" + - "{{ lookup('ldap', 'network', 'adm') }}" - "fd00:0:0:{{ query('ldap', 'vlanid', 'adm') }}::/64" persistent_keepalive: 25 post_up: @@ -69,7 +69,7 @@ loc_wireguard: loc_service_proxy: config: ldap: - - server: "ldaps://{{ query('ldap', 'ip4', 'wall-e', 'adm') }}/" + - server: "ldaps://{{ lookup('ldap', 'ip4', 'wall-e', 'adm') }}/" protocol: "proxy" filter: ".adm.crans.org" proxy: diff --git a/host_vars/cameron.adm.crans.org.yml b/host_vars/cameron.adm.crans.org.yml index b16813c5..c273cef5 100644 --- a/host_vars/cameron.adm.crans.org.yml +++ b/host_vars/cameron.adm.crans.org.yml @@ -23,7 +23,7 @@ loc_service_home: version: master config: ldap: - server: "ldap://{{ query('ldap', 'ip4', 'yson-partou', 'adm') }}/" + server: "ldap://{{ lookup('ldap', 'ip4', 'yson-partou', 'adm') }}/" binddn: "{{ vault.services.home.ldap.binddn }}" basedn: cn=Utilisateurs,dc=crans,dc=org password: "{{ vault.services.home.ldap.bindpass }}" @@ -48,7 +48,7 @@ loc_service_borg: version: main config: ldap: - server: "ldap://{{ query('ldap', 'ip4', 'yson-partou', 'adm') }}" + server: "ldap://{{ lookup('ldap', 'ip4', 'yson-partou', 'adm') }}" binddn: "{{ vault.services.home.ldap.binddn }}" rootdn: cn=Utilisateurs,dc=crans,dc=org password: "{{ vault.services.home.ldap.bindpass }}" diff --git a/host_vars/cephiroth.adm.crans.org.yml b/host_vars/cephiroth.adm.crans.org.yml index ed4d6dcd..c0f8db57 100644 --- a/host_vars/cephiroth.adm.crans.org.yml +++ b/host_vars/cephiroth.adm.crans.org.yml @@ -12,6 +12,6 @@ loc_borg: - /var loc_slapd: - ip: "{{ query('ldap', 'ip4', 'cephiroth', 'adm') }}" + ip: "{{ lookup('ldap', 'ip4', 'cephiroth', 'adm') }}" replica: true replica_rid: 5 diff --git a/host_vars/daniel.adm.crans.org.yml b/host_vars/daniel.adm.crans.org.yml index 7d40fa5c..a6fc7090 100644 --- a/host_vars/daniel.adm.crans.org.yml +++ b/host_vars/daniel.adm.crans.org.yml @@ -6,7 +6,7 @@ loc_needrestart: override: [] loc_slapd: - ip: "{{ query('ldap', 'ip4', 'daniel', 'adm') }}" + ip: "{{ lookup('ldap', 'ip4', 'daniel', 'adm') }}" replica: true replica_rid: 2 diff --git a/host_vars/eclat.adm.crans.org.yml b/host_vars/eclat.adm.crans.org.yml index 3cb60555..9c3871ce 100644 --- a/host_vars/eclat.adm.crans.org.yml +++ b/host_vars/eclat.adm.crans.org.yml @@ -12,7 +12,7 @@ loc_needrestart: loc_nfs_mount: mounts: - - ip: "{{ query('ldap', 'ip4', 'tealc', 'san') }}" + - ip: "{{ lookup('ldap', 'ip4', 'tealc', 'san') }}" mountpoint: /pool/mirror target: /mirror name: mirror diff --git a/host_vars/ft.adm.crans.org.yml b/host_vars/ft.adm.crans.org.yml index 5e57b5ba..b29692fc 100644 --- a/host_vars/ft.adm.crans.org.yml +++ b/host_vars/ft.adm.crans.org.yml @@ -12,6 +12,6 @@ loc_borg: - /var loc_slapd: - ip: "{{ query('ldap', 'ip4', 'ft', 'adm') }}" + ip: "{{ lookup('ldap', 'ip4', 'ft', 'adm') }}" replica: true replica_rid: 6 diff --git a/host_vars/fyre.adm.crans.org.yml b/host_vars/fyre.adm.crans.org.yml index 535dd4a5..a1a19521 100644 --- a/host_vars/fyre.adm.crans.org.yml +++ b/host_vars/fyre.adm.crans.org.yml @@ -248,7 +248,7 @@ loc_prometheus: target_label: __param_target - source_labels: [__param_target] target_label: instance - - replacement: "{{ query('ldap', 'ip4', 'helloworld', 'adm') }}:9116" + - replacement: "{{ lookup('ldap', 'ip4', 'helloworld', 'adm') }}:9116" target_label: __address__ tsdb: retention_time: "180d" diff --git a/host_vars/gitzly.adm.crans.org.yml b/host_vars/gitzly.adm.crans.org.yml index f88fe3ce..99b6ebe4 100644 --- a/host_vars/gitzly.adm.crans.org.yml +++ b/host_vars/gitzly.adm.crans.org.yml @@ -22,7 +22,7 @@ loc_service_certbot: config: "crans.org": zone: _acme-challenge.crans.org - server: "{{ query('ldap', 'ip4', 'silice', 'adm') }}" + server: "{{ lookup('ldap', 'ip4', 'silice', 'adm') }}" port: 53 key: name: certbot_challenge. @@ -30,7 +30,7 @@ loc_service_certbot: algorithm: HMAC-SHA512 "adm.crans.org": zone: _acme-challenge.adm.crans.org - server: "{{ query('ldap', 'ip4', 'silice', 'adm') }}" + server: "{{ lookup('ldap', 'ip4', 'silice', 'adm') }}" port: 53 key: name: certbot_adm_challenge. diff --git a/host_vars/helloworld.adm.crans.org.yml b/host_vars/helloworld.adm.crans.org.yml index 8e318d8a..e500fe32 100644 --- a/host_vars/helloworld.adm.crans.org.yml +++ b/host_vars/helloworld.adm.crans.org.yml @@ -11,4 +11,4 @@ loc_needrestart: override: [] loc_snmp_exporter: - listen_address: "{{ query('ldap', 'ip4', 'helloworld', 'adm') }}:9116" + listen_address: "{{ lookup('ldap', 'ip4', 'helloworld', 'adm') }}:9116" diff --git a/host_vars/irc.adm.crans.org.yml b/host_vars/irc.adm.crans.org.yml index 6260d72f..26f4d09f 100644 --- a/host_vars/irc.adm.crans.org.yml +++ b/host_vars/irc.adm.crans.org.yml @@ -54,22 +54,22 @@ loc_inspircd: - name: crans.org - name: adm.crans.org bind: - - address: "{{ query('ldap', 'ip4', 'irc', 'srv') }}" + - address: "{{ lookup('ldap', 'ip4', 'irc', 'srv') }}" type: clients clair: 6667 ssl: 6697 certificate: crans.org - - address: "{{ query('ldap', 'ip6', 'irc', 'srv') }}" + - address: "{{ lookup('ldap', 'ip6', 'irc', 'srv') }}" type: clients clair: 6667 ssl: 6697 certificate: crans.org - - address: "{{ query('ldap', 'ip4', 'irc', 'adm') }}" + - address: "{{ lookup('ldap', 'ip4', 'irc', 'adm') }}" type: clients clair: 6667 ssl: 6697 certificate: adm.crans.org - - address: "{{ query('ldap', 'ip6', 'irc', 'adm') }}" + - address: "{{ lookup('ldap', 'ip6', 'irc', 'adm') }}" type: clients clair: 6667 ssl: 6697 @@ -80,28 +80,28 @@ loc_inspircd: connect: - name: zamok allows: - ipv4: "{{ query('ldap', 'ip4', 'zamok', 'srv') }}/32" - ipv6: "{{ query('ldap', 'ip6', 'zamok', 'srv') }}/128" + ipv4: "{{ lookup('ldap', 'ip4', 'zamok', 'srv') }}/32" + ipv6: "{{ lookup('ldap', 'ip6', 'zamok', 'srv') }}/128" threshold: 1 - name: irc allows: - ipv4: "{{ query('ldap', 'ip4', 'irc', 'srv') }}/32" - ipv6: "{{ query('ldap', 'ip6', 'irc', 'srv') }}/128" + ipv4: "{{ lookup('ldap', 'ip4', 'irc', 'srv') }}/32" + ipv6: "{{ lookup('ldap', 'ip6', 'irc', 'srv') }}/128" threshold: 1 - name: gitlab allows: - ipv4: "{{ query('ldap', 'ip4', 'gitzly', 'srv') }}/32" - ipv6: "{{ query('ldap', 'ip6', 'gitzly', 'srv') }}/128" + ipv4: "{{ lookup('ldap', 'ip4', 'gitzly', 'srv') }}/32" + ipv6: "{{ lookup('ldap', 'ip6', 'gitzly', 'srv') }}/128" threshold: 10 commandrate: 10000 - name: monitoring allows: - ipv4: "{{ query('ldap', 'ip4', 'fyre', 'adm') }}/32" - ipv6: "{{ query('ldap', 'ip6', 'fyre', 'adm') }}/128" + ipv4: "{{ lookup('ldap', 'ip4', 'fyre', 'adm') }}/32" + ipv6: "{{ lookup('ldap', 'ip6', 'fyre', 'adm') }}/128" threshold: 10 commandrate: 10000 modes: true - dns: "{{ query('ldap', 'ip4', 'romanesco', 'srv') }}" + dns: "{{ lookup('ldap', 'ip4', 'romanesco', 'srv') }}" services: name: services.irc.crans.org port: 6668 @@ -127,7 +127,7 @@ loc_service_certbot: config: "crans.org": zone: _acme-challenge.crans.org - server: "{{ query('ldap', 'ip4', 'silice', 'adm') }}" + server: "{{ lookup('ldap', 'ip4', 'silice', 'adm') }}" port: 53 key: name: certbot_challenge. @@ -135,7 +135,7 @@ loc_service_certbot: algorithm: HMAC-SHA512 "adm.crans.org": zone: _acme-challenge.adm.crans.org - server: "{{ query('ldap', 'ip4', 'silice', 'adm') }}" + server: "{{ lookup('ldap', 'ip4', 'silice', 'adm') }}" port: 53 key: name: certbot_adm_challenge. diff --git a/host_vars/jack.adm.crans.org.yml b/host_vars/jack.adm.crans.org.yml index e8e51245..96a39a03 100644 --- a/host_vars/jack.adm.crans.org.yml +++ b/host_vars/jack.adm.crans.org.yml @@ -6,7 +6,7 @@ loc_needrestart: override: [] loc_slapd: - ip: "{{ query('ldap', 'ip4', 'jack', 'adm') }}" + ip: "{{ lookup('ldap', 'ip4', 'jack', 'adm') }}" replica: true replica_rid: 3 diff --git a/host_vars/owncloud.adm.crans.org.yml b/host_vars/owncloud.adm.crans.org.yml index 9184485e..b0040835 100644 --- a/host_vars/owncloud.adm.crans.org.yml +++ b/host_vars/owncloud.adm.crans.org.yml @@ -15,4 +15,4 @@ loc_needrestart: loc_ldap: base_dn: "{{ vault.slapd.re2o.admin.binddn }}" password: "{{ vault.slapd.re2o.admin.bindpass }}" - uri: "ldap://{{ query('ldap', 'ip4', 'yson-partou', 'adm') }}" + uri: "ldap://{{ lookup('ldap', 'ip4', 'yson-partou', 'adm') }}" diff --git a/host_vars/ptf.adm.crans.org.yml b/host_vars/ptf.adm.crans.org.yml index f3dbec9b..40d22e53 100644 --- a/host_vars/ptf.adm.crans.org.yml +++ b/host_vars/ptf.adm.crans.org.yml @@ -12,7 +12,7 @@ loc_needrestart: loc_nfs_mount: mounts: - - ip: "{{ query('ldap', 'ip4', 'tealc', 'san') }}" + - ip: "{{ lookup('ldap', 'ip4', 'tealc', 'san') }}" mountpoint: /pool/ftp target: /ftp name: ftp diff --git a/host_vars/re2o-dev.adm.crans.org.yml b/host_vars/re2o-dev.adm.crans.org.yml index da943a59..c851e724 100644 --- a/host_vars/re2o-dev.adm.crans.org.yml +++ b/host_vars/re2o-dev.adm.crans.org.yml @@ -10,4 +10,4 @@ loc_needrestart: override: [] loc_re2o_ldap_replica: - url: "ldaps://{{ query('ldap', 'ip4', 'yson-partou', 'adm') }}:636" + url: "ldaps://{{ lookup('ldap', 'ip4', 'yson-partou', 'adm') }}:636" diff --git a/host_vars/redisdead.adm.crans.org.yml b/host_vars/redisdead.adm.crans.org.yml index 065c1117..2173ed05 100644 --- a/host_vars/redisdead.adm.crans.org.yml +++ b/host_vars/redisdead.adm.crans.org.yml @@ -25,7 +25,7 @@ loc_service_certbot: config: "crans.org": zone: _acme-challenge.crans.org - server: "{{ query('ldap', 'ip4', 'silice', 'adm') }}" + server: "{{ lookup('ldap', 'ip4', 'silice', 'adm') }}" port: 53 key: name: certbot_challenge. @@ -33,7 +33,7 @@ loc_service_certbot: algorithm: HMAC-SHA512 "adm.crans.org": zone: _acme-challenge.adm.crans.org - server: "{{ query('ldap', 'ip4', 'silice', 'adm') }}" + server: "{{ lookup('ldap', 'ip4', 'silice', 'adm') }}" port: 53 key: name: certbot_adm_challenge. diff --git a/host_vars/routeur-ft.adm.crans.org.yml b/host_vars/routeur-ft.adm.crans.org.yml index 9996b31c..61d5a9cb 100644 --- a/host_vars/routeur-ft.adm.crans.org.yml +++ b/host_vars/routeur-ft.adm.crans.org.yml @@ -18,14 +18,14 @@ loc_wireguard: peers: - public_key: "{{ vault.wireguard.boeing.viarezo.pubkey }}" allowed_ips: - - "{{ query('ldap', 'network', 'adm') }}" + - "{{ lookup('ldap', 'network', 'adm') }}" - "fd00:0:0:{{ query('ldap', 'vlanid', 'adm') }}::/64" - endpoint: "{{ query('ldap', 'ip4', 'boeing', 'srv') }}:51821" + endpoint: "{{ lookup('ldap', 'ip4', 'boeing', 'srv') }}:51821" persistent_keepalive: 25 post_up: - "sysctl -w net.ipv4.conf.%i.proxy_arp=1" - "sysctl -w net.ipv6.conf.%i.proxy_ndp=1" - - "ip route add {{ query('ldap', 'ip4', 'tealc', 'adm') }} dev %i proto proxy" + - "ip route add {{ lookup('ldap', 'ip4', 'tealc', 'adm') }} dev %i proto proxy" - "python3 /var/local/services/proxy/proxy.py --alter" pre_down: - "sysctl -w net.ipv4.conf.%i.proxy_arp=0" @@ -35,8 +35,8 @@ loc_wireguard: loc_service_proxy: config: ldap: - - server: "ldaps://{{ query('ldap', 'ip4', 'wall-e', 'adm') }}/" - - server: "ldaps://{{ query('ldap', 'ip4', 'ft', 'adm') }}/" + - server: "ldaps://{{ lookup('ldap', 'ip4', 'wall-e', 'adm') }}/" + - server: "ldaps://{{ lookup('ldap', 'ip4', 'ft', 'adm') }}/" protocol: "proxy" filter: ".adm.crans.org" proxy: diff --git a/host_vars/routeur-thot.adm.crans.org.yml b/host_vars/routeur-thot.adm.crans.org.yml index ea3c8c1d..3c61601d 100644 --- a/host_vars/routeur-thot.adm.crans.org.yml +++ b/host_vars/routeur-thot.adm.crans.org.yml @@ -18,14 +18,14 @@ loc_wireguard: peers: - public_key: "{{ vault.wireguard.boeing.aurore.pubkey }}" allowed_ips: - - "{{ query('ldap', 'network', 'adm') }}" + - "{{ lookup('ldap', 'network', 'adm') }}" - "fd00:0:0:{{ query('ldap', 'vlanid', 'adm') }}::/64" - endpoint: "{{ query('ldap', 'ip4', 'boeing', 'srv') }}:51822" + endpoint: "{{ lookup('ldap', 'ip4', 'boeing', 'srv') }}:51822" persistent_keepalive: 25 post_up: - "sysctl -w net.ipv4.conf.%i.proxy_arp=1" - "sysctl -w net.ipv6.conf.%i.proxy_ndp=1" - - "ip route add {{ query('ldap', 'ip4', 'tealc', 'adm') }} dev %i proto proxy" + - "ip route add {{ lookup('ldap', 'ip4', 'tealc', 'adm') }} dev %i proto proxy" - "python3 /var/local/services/proxy/proxy.py --alter" pre_down: - "sysctl -w net.ipv4.conf.%i.proxy_arp=0" @@ -36,8 +36,8 @@ loc_wireguard: loc_service_proxy: config: ldap: - - server: "ldaps://{{ query('ldap', 'ip4', 'wall-e', 'adm') }}/" - - server: "ldaps://{{ query('ldap', 'ip4', 'thot', 'adm') }}/" + - server: "ldaps://{{ lookup('ldap', 'ip4', 'wall-e', 'adm') }}/" + - server: "ldaps://{{ lookup('ldap', 'ip4', 'thot', 'adm') }}/" protocol: "proxy" filter: ".adm.crans.org" proxy: diff --git a/host_vars/sam.adm.crans.org.yml b/host_vars/sam.adm.crans.org.yml index a9693e4d..66942904 100644 --- a/host_vars/sam.adm.crans.org.yml +++ b/host_vars/sam.adm.crans.org.yml @@ -12,7 +12,7 @@ loc_borg: - /var loc_slapd: - ip: "{{ query('ldap', 'ip4', 'sam', 'adm') }}" + ip: "{{ lookup('ldap', 'ip4', 'sam', 'adm') }}" replica: true replica_rid: 1 diff --git a/host_vars/sputnik.adm.crans.org.yml b/host_vars/sputnik.adm.crans.org.yml index c6cf1716..178706c6 100644 --- a/host_vars/sputnik.adm.crans.org.yml +++ b/host_vars/sputnik.adm.crans.org.yml @@ -18,21 +18,21 @@ loc_wireguard: tunnels: - name: "sputnik" addresses: - - "{{ query('ldap', 'ip4', 'sputnik', 'adm') }}/24" - - "{{ query('ldap', 'ip6', 'sputnik', 'adm') }}/64" + - "{{ lookup('ldap', 'ip4', 'sputnik', 'adm') }}/24" + - "{{ lookup('ldap', 'ip6', 'sputnik', 'adm') }}/64" listen_port: 51820 private_key: "{{ vault.wireguard.sputnik.privkey }}" peers: - public_key: "{{ vault.wireguard.boeing.sputnik.pubkey }}" allowed_ips: - - "{{ query('ldap', 'network', 'adm') }}" + - "{{ lookup('ldap', 'network', 'adm') }}" - "fd00:0:0:{{ query('ldap', 'vlanid', 'adm') }}::/64" - endpoint: "{{ query('ldap', 'ip4', 'boeing', 'srv') }}:51820" + endpoint: "{{ lookup('ldap', 'ip4', 'boeing', 'srv') }}:51820" post_up: - "/sbin/ip link set sputnik alias adm" loc_slapd: - ip: "{{ query('ldap', 'ip4', 'sputnik', 'adm') }}" + ip: "{{ lookup('ldap', 'ip4', 'sputnik', 'adm') }}" replica: true replica_rid: 4 @@ -48,7 +48,7 @@ loc_service_certbot: config: "crans.org": zone: _acme-challenge.crans.org - server: "{{ query('ldap', 'ip4', 'silice', 'adm') }}" + server: "{{ lookup('ldap', 'ip4', 'silice', 'adm') }}" port: 53 key: name: certbot_challenge. @@ -56,7 +56,7 @@ loc_service_certbot: algorithm: HMAC-SHA512 "adm.crans.org": zone: _acme-challenge.adm.crans.org - server: "{{ query('ldap', 'ip4', 'silice', 'adm') }}" + server: "{{ lookup('ldap', 'ip4', 'silice', 'adm') }}" port: 53 key: name: certbot_adm_challenge. @@ -82,4 +82,4 @@ loc_bind: loc_service_ssh_known_hosts: config: ldap: - server: "ldaps://{{ query('ldap', 'ip4', 'sputnik', 'adm') }}" + server: "ldaps://{{ lookup('ldap', 'ip4', 'sputnik', 'adm') }}" diff --git a/host_vars/thot.adm.crans.org.yml b/host_vars/thot.adm.crans.org.yml index 327842cc..8b2496c7 100644 --- a/host_vars/thot.adm.crans.org.yml +++ b/host_vars/thot.adm.crans.org.yml @@ -12,6 +12,6 @@ loc_borg: - /var loc_slapd: - ip: "{{ query('ldap', 'ip4', 'thot', 'adm') }}" + ip: "{{ lookup('ldap', 'ip4', 'thot', 'adm') }}" replica: true replica_rid: 5 diff --git a/host_vars/zamok.adm.crans.org.yml b/host_vars/zamok.adm.crans.org.yml index 90e157d4..93291237 100644 --- a/host_vars/zamok.adm.crans.org.yml +++ b/host_vars/zamok.adm.crans.org.yml @@ -20,7 +20,7 @@ loc_borg: - /var/lib/mysql loc_thelounge: - host: "\"{{ query('ldap', 'ip4', 'zamok', 'adm') }}\"" + host: "\"{{ lookup('ldap', 'ip4', 'zamok', 'adm') }}\"" oidentd: "\"/usr/local/lib/thelounge/.oidentd.conf\"" reverseProxy: "true" ldap_enable: "true" @@ -32,14 +32,14 @@ loc_crans_scripts: loc_nfs_mount: mounts: - - ip: "{{ query('ldap', 'ip4', 'cameron', 'san') }}" + - ip: "{{ lookup('ldap', 'ip4', 'cameron', 'san') }}" mountpoint: /pool/home target: /home name: home owner: root group: root mode: '0755' - - ip: "{{ query('ldap', 'ip4', 'cameron', 'san') }}" + - ip: "{{ lookup('ldap', 'ip4', 'cameron', 'san') }}" mountpoint: /pool/mail target: /var/mail name: var-mail diff --git a/lookup_plugins/ldap.py b/lookup_plugins/ldap.py index 42501ffd..7bb9a206 100644 --- a/lookup_plugins/ldap.py +++ b/lookup_plugins/ldap.py @@ -63,18 +63,18 @@ class LookupModule(LookupBase): def ip4(self, host, vlan): """ Retrieve the first IPv4 addresse of an interface of a device - query('ldap', 'ip4', HOST, VLAN) + lookup('ldap', 'ip4', HOST, VLAN) """ result = [ res for res in self.ip(host, vlan) if ipaddress.ip_address(res).version == 4 ] - return result[0] + return [result[0]] def ip6(self, host, vlan): """ Retrieve the first IPv6 addresse of an interface of a device - query('ldap', 'ip6', HOST, VLAN) + lookup('ldap', 'ip6', HOST, VLAN) """ result = [ res for res in self.ip(host, vlan) if ipaddress.ip_address(res).version == 6 ] - return result[0] + return [result[0]] def all_ip(self, host): """ @@ -200,7 +200,7 @@ class LookupModule(LookupBase): query_id = self.base.search(f"cn={network},ou=networks,{self.base_dn}", ldap.SCOPE_BASE, "objectClass=ipNetwork") result = self.base.result(query_id) result = result[1][0][1] - return str(ipaddress.ip_network('{}/{}'.format(result['ipNetworkNumber'][0].decode('utf-8'), result['ipNetmaskNumber'][0].decode('utf-8')))) + return [str(ipaddress.ip_network('{}/{}'.format(result['ipNetworkNumber'][0].decode('utf-8'), result['ipNetmaskNumber'][0].decode('utf-8'))))] elif terms[0] == 'zones': query_id = self.base.search(f"ou=networks,{self.base_dn}", ldap.SCOPE_ONELEVEL, "objectClass=ipNetwork") result = self.base.result(query_id) diff --git a/roles/network-interfaces/templates/network/interfaces.d/ifalias.j2 b/roles/network-interfaces/templates/network/interfaces.d/ifalias.j2 index e9be1bf3..3f115582 100644 --- a/roles/network-interfaces/templates/network/interfaces.d/ifalias.j2 +++ b/roles/network-interfaces/templates/network/interfaces.d/ifalias.j2 @@ -6,8 +6,8 @@ auto {{ interfaces[item.name] }} iface {{ interfaces[item.name] }} inet dhcp iface {{ interfaces[item.name] }} inet6 auto {% else %} -{% set subnet_network = (query('ldap', 'network', vlan_name) | ansible.utils.ipaddr('network')) %} -{% set subnet_netmask = (query('ldap', 'network', vlan_name) | ansible.utils.ipaddr('netmask')) %} +{% set subnet_network = (lookup('ldap', 'network', vlan_name) | ansible.utils.ipaddr('network')) %} +{% set subnet_netmask = (lookup('ldap', 'network', vlan_name) | ansible.utils.ipaddr('netmask')) %} {% set ips = query('ldap', 'ip', ansible_hostname, vlan_name) %} {% if (ips | ansible.utils.ipv4 | length) > 0 %} auto {{ interfaces[item.name] }}