From 8d4db7290ec1dffa9d85c111e75b1ff619a7b985 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A2u=20Cao?= Date: Sat, 26 Nov 2022 16:44:05 +0100 Subject: [PATCH 1/4] Rename dirsrv_primary role The term used in 389 docs is "supplier" instead (ex "master") --- nodes/ldap-3.kosmos.org.json | 4 ++-- roles/{dirsrv_primary.rb => dirsrv_supplier.rb} | 2 +- roles/hubot.rb | 2 +- site-cookbooks/kosmos-dirsrv/recipes/hostsfile.rb | 8 ++++---- 4 files changed, 8 insertions(+), 8 deletions(-) rename roles/{dirsrv_primary.rb => dirsrv_supplier.rb} (63%) diff --git a/nodes/ldap-3.kosmos.org.json b/nodes/ldap-3.kosmos.org.json index c3570d0..637595e 100644 --- a/nodes/ldap-3.kosmos.org.json +++ b/nodes/ldap-3.kosmos.org.json @@ -59,6 +59,6 @@ "run_list": [ "recipe[kosmos-base]", "role[kvm_guest]", - "role[dirsrv_primary]" + "role[dirsrv_supplier]" ] -} \ No newline at end of file +} diff --git a/roles/dirsrv_primary.rb b/roles/dirsrv_supplier.rb similarity index 63% rename from roles/dirsrv_primary.rb rename to roles/dirsrv_supplier.rb index ab18c68..bf4cfb3 100644 --- a/roles/dirsrv_primary.rb +++ b/roles/dirsrv_supplier.rb @@ -1,4 +1,4 @@ -name "dirsrv_primary" +name "dirsrv_supplier" run_list %w( recipe[kosmos-dirsrv] diff --git a/roles/hubot.rb b/roles/hubot.rb index 9bdc549..f13d5b0 100644 --- a/roles/hubot.rb +++ b/roles/hubot.rb @@ -7,6 +7,6 @@ default_run_list = %w( env_run_lists( '_default' => default_run_list, - 'development' => [], + 'development' => default_run_list, 'production' => default_run_list ) diff --git a/site-cookbooks/kosmos-dirsrv/recipes/hostsfile.rb b/site-cookbooks/kosmos-dirsrv/recipes/hostsfile.rb index f6e18c5..d3fdc0f 100644 --- a/site-cookbooks/kosmos-dirsrv/recipes/hostsfile.rb +++ b/site-cookbooks/kosmos-dirsrv/recipes/hostsfile.rb @@ -3,12 +3,12 @@ # Recipe:: hostsfile # -dirsrv_primary = search(:node, "role:dirsrv_primary AND chef_environment:#{node.chef_environment}").first +dirsrv_supplier = search(:node, "role:dirsrv_supplier AND chef_environment:#{node.chef_environment}").first -unless dirsrv_primary.nil? - primary_ip = dirsrv_primary['knife_zero']['host'] +unless dirsrv_supplier.nil? + supplier_ip = dirsrv_supplier['knife_zero']['host'] - hostsfile_entry primary_ip do + hostsfile_entry supplier_ip do hostname "ldap.kosmos.local" unique true end -- 2.25.1 From 991458208da4dc307a9856aec529ef69250bb685 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A2u=20Cao?= Date: Sat, 26 Nov 2022 16:45:45 +0100 Subject: [PATCH 2/4] Use a role for configuring LDAP hostname on clients This way it's also easy to converge all LDAP clients at once. --- nodes/akkounts-1.json | 5 +++-- nodes/ejabberd-4.json | 5 +++-- nodes/ejabberd-8.json | 3 ++- nodes/gitea-2.json | 1 + nodes/wiki-1.json | 5 +++-- roles/ldap_client.rb | 5 +++++ site-cookbooks/kosmos-akkounts/recipes/default.rb | 1 - site-cookbooks/kosmos-dirsrv/recipes/default.rb | 2 -- site-cookbooks/kosmos-ejabberd/recipes/default.rb | 2 -- site-cookbooks/kosmos-mediawiki/recipes/default.rb | 1 - site-cookbooks/kosmos_gitea/recipes/default.rb | 2 -- 11 files changed, 17 insertions(+), 15 deletions(-) create mode 100644 roles/ldap_client.rb diff --git a/nodes/akkounts-1.json b/nodes/akkounts-1.json index 5182b61..0ca0d1e 100644 --- a/nodes/akkounts-1.json +++ b/nodes/akkounts-1.json @@ -78,8 +78,9 @@ } }, "run_list": [ - "recipe[kosmos-base]", + "role[base]", "role[kvm_guest]", + "role[ldap_client]", "role[akkounts]" ] -} \ No newline at end of file +} diff --git a/nodes/ejabberd-4.json b/nodes/ejabberd-4.json index 18e81cc..8645317 100644 --- a/nodes/ejabberd-4.json +++ b/nodes/ejabberd-4.json @@ -59,8 +59,9 @@ } }, "run_list": [ - "recipe[kosmos-base]", + "role[base]", "role[kvm_guest]", + "role[ldap_client]", "role[ejabberd]" ] -} \ No newline at end of file +} diff --git a/nodes/ejabberd-8.json b/nodes/ejabberd-8.json index 71c7504..f06d5a6 100644 --- a/nodes/ejabberd-8.json +++ b/nodes/ejabberd-8.json @@ -57,8 +57,9 @@ } }, "run_list": [ - "recipe[kosmos-base]", + "role[base]", "role[kvm_guest]", + "role[ldap_client]", "role[ejabberd]" ] } diff --git a/nodes/gitea-2.json b/nodes/gitea-2.json index d326adc..f386f88 100644 --- a/nodes/gitea-2.json +++ b/nodes/gitea-2.json @@ -64,6 +64,7 @@ "run_list": [ "role[base]", "role[kvm_guest]", + "role[ldap_client]", "role[garage_gateway]", "role[gitea]" ] diff --git a/nodes/wiki-1.json b/nodes/wiki-1.json index b2bac6b..22f5c17 100644 --- a/nodes/wiki-1.json +++ b/nodes/wiki-1.json @@ -74,8 +74,9 @@ } }, "run_list": [ - "recipe[kosmos-base]", + "role[base]", "role[kvm_guest]", + "role[ldap_client]", "recipe[kosmos-mediawiki]" ] -} \ No newline at end of file +} diff --git a/roles/ldap_client.rb b/roles/ldap_client.rb new file mode 100644 index 0000000..03abbf4 --- /dev/null +++ b/roles/ldap_client.rb @@ -0,0 +1,5 @@ +name "ldap_client" + +run_list %w( + kosmos-dirsrv::hostsfile +) diff --git a/site-cookbooks/kosmos-akkounts/recipes/default.rb b/site-cookbooks/kosmos-akkounts/recipes/default.rb index 9b2d290..efd8f63 100644 --- a/site-cookbooks/kosmos-akkounts/recipes/default.rb +++ b/site-cookbooks/kosmos-akkounts/recipes/default.rb @@ -22,7 +22,6 @@ package "libpq-dev" include_recipe 'kosmos-nodejs' include_recipe "kosmos-redis" -include_recipe "kosmos-dirsrv::hostsfile" npm_package "yarn" do version "1.22.4" diff --git a/site-cookbooks/kosmos-dirsrv/recipes/default.rb b/site-cookbooks/kosmos-dirsrv/recipes/default.rb index 5ab07bb..c79e329 100644 --- a/site-cookbooks/kosmos-dirsrv/recipes/default.rb +++ b/site-cookbooks/kosmos-dirsrv/recipes/default.rb @@ -3,8 +3,6 @@ # Recipe:: default # -include_recipe "kosmos-dirsrv::hostsfile" - credentials = data_bag_item("credentials", "dirsrv") dirsrv_instance "master" do diff --git a/site-cookbooks/kosmos-ejabberd/recipes/default.rb b/site-cookbooks/kosmos-ejabberd/recipes/default.rb index e742a97..6573631 100644 --- a/site-cookbooks/kosmos-ejabberd/recipes/default.rb +++ b/site-cookbooks/kosmos-ejabberd/recipes/default.rb @@ -3,8 +3,6 @@ # Recipe:: default # -include_recipe "kosmos-dirsrv::hostsfile" - ejabberd_credentials = data_bag_item("credentials", "ejabberd") ejabberd_version = node["kosmos-ejabberd"]["version"] diff --git a/site-cookbooks/kosmos-mediawiki/recipes/default.rb b/site-cookbooks/kosmos-mediawiki/recipes/default.rb index 4f24146..7cbfcdf 100644 --- a/site-cookbooks/kosmos-mediawiki/recipes/default.rb +++ b/site-cookbooks/kosmos-mediawiki/recipes/default.rb @@ -27,7 +27,6 @@ include_recipe 'apt' include_recipe 'ark' include_recipe 'composer' -include_recipe 'kosmos-dirsrv::hostsfile' server_name = 'wiki.kosmos.org' diff --git a/site-cookbooks/kosmos_gitea/recipes/default.rb b/site-cookbooks/kosmos_gitea/recipes/default.rb index 8327ae1..ad127ab 100644 --- a/site-cookbooks/kosmos_gitea/recipes/default.rb +++ b/site-cookbooks/kosmos_gitea/recipes/default.rb @@ -3,8 +3,6 @@ # Recipe:: default # -include_recipe "kosmos-dirsrv::hostsfile" - working_directory = node["gitea"]["working_directory"] git_home_directory = "/home/git" repository_root_directory = "#{git_home_directory}/gitea-repositories" -- 2.25.1 From 2958ba4b817928a017a75ce04af0891490d3793e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A2u=20Cao?= Date: Sat, 26 Nov 2022 16:47:28 +0100 Subject: [PATCH 3/4] Use *.kosmos.local hostnames for LDAP nodes --- site-cookbooks/kosmos-dirsrv/recipes/default.rb | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/site-cookbooks/kosmos-dirsrv/recipes/default.rb b/site-cookbooks/kosmos-dirsrv/recipes/default.rb index c79e329..e8269ed 100644 --- a/site-cookbooks/kosmos-dirsrv/recipes/default.rb +++ b/site-cookbooks/kosmos-dirsrv/recipes/default.rb @@ -4,9 +4,14 @@ # credentials = data_bag_item("credentials", "dirsrv") +local_hostname = "#{node["hostname"]}.kosmos.local" + +hostsfile_entry "127.0.0.1" do + hostname local_hostname +end dirsrv_instance "master" do - hostname "ldap.kosmos.local" + hostname local_hostname admin_password credentials['admin_password'] suffix "dc=kosmos,dc=org" end -- 2.25.1 From c3e98688fdbda00e0cd4a0a671ac68d7c55072aa Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A2u=20Cao?= Date: Sat, 26 Nov 2022 16:47:55 +0100 Subject: [PATCH 4/4] Deploy second dirsrv supplier Manually configured (once) to replicate data from and to the first supplier on `ldap-3`. --- clients/ldap-4.json | 4 +++ nodes/ldap-4.kosmos.org.json | 57 ++++++++++++++++++++++++++++++++++++ 2 files changed, 61 insertions(+) create mode 100644 clients/ldap-4.json create mode 100644 nodes/ldap-4.kosmos.org.json diff --git a/clients/ldap-4.json b/clients/ldap-4.json new file mode 100644 index 0000000..e680bc5 --- /dev/null +++ b/clients/ldap-4.json @@ -0,0 +1,4 @@ +{ + "name": "ldap-4", + "public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmzFyZh5/J2BsKRunghis\nwUGbv4j/ynAF7QY+CYoOwDBcbLHk6odn1JyUqCgfhCIX0mh8F/fDKyU9Aw6+HHZ/\nX0DTt/enLTaWc2vxRfyJLRXP7/ymHOr4u6HYEINMdVJp4yQ9XLcWpuRHfA+fHrZ7\n9fI8sCMSEawvVpEKytYdVnm3VCjfIVrfCAkY0lP0mNG908edX2ZuJ4GS1UwADUZX\nLZuMhbGX9JqIQYWCyiMDakD7P7PlEDf/JVkvkao4HQatkqJGmGDhvfIPodIo8JC0\n6FsYxWtvrLJBArYjnVBKRuxIlBqq/7Yx0gj09kGf84aSXvkMDgio7AO4xSp9GJTJ\n4wIDAQAB\n-----END PUBLIC KEY-----\n" +} \ No newline at end of file diff --git a/nodes/ldap-4.kosmos.org.json b/nodes/ldap-4.kosmos.org.json new file mode 100644 index 0000000..4a7230c --- /dev/null +++ b/nodes/ldap-4.kosmos.org.json @@ -0,0 +1,57 @@ +{ + "name": "ldap-4.kosmos.org", + "normal": { + "knife_zero": { + "host": "10.1.1.106" + } + }, + "automatic": { + "fqdn": "ldap-4.kosmos.org", + "os": "linux", + "os_version": "5.4.0-1079-kvm", + "hostname": "ldap-4", + "ipaddress": "192.168.122.73", + "roles": [ + "base", + "kvm_guest" + ], + "recipes": [ + "kosmos-base", + "kosmos-base::default", + "kosmos_kvm::guest", + "apt::default", + "timezone_iii::default", + "timezone_iii::debian", + "ntp::default", + "ntp::apparmor", + "kosmos-base::systemd_emails", + "apt::unattended-upgrades", + "kosmos-base::firewall", + "kosmos-postfix::default", + "postfix::default", + "postfix::_common", + "postfix::_attributes", + "postfix::sasl_auth", + "hostname::default" + ], + "platform": "ubuntu", + "platform_version": "20.04", + "cloud": null, + "chef_packages": { + "chef": { + "version": "17.10.3", + "chef_root": "/opt/chef/embedded/lib/ruby/gems/3.0.0/gems/chef-17.10.3/lib", + "chef_effortless": null + }, + "ohai": { + "version": "17.9.0", + "ohai_root": "/opt/chef/embedded/lib/ruby/gems/3.0.0/gems/ohai-17.9.0/lib/ohai" + } + } + }, + "run_list": [ + "role[base]", + "role[kvm_guest]", + "role[dirsrv_supplier]" + ] +} -- 2.25.1