|
|
@ -1,17 +1,43 @@ |
|
|
|
--- |
|
|
|
- hosts: biff |
|
|
|
roles: |
|
|
|
- role: lxc_guest |
|
|
|
vm_name: ldap |
|
|
|
- role: ssh_server |
|
|
|
ansible_connection: ssh_lxc |
|
|
|
ansible_ssh_lxc_name: ldap |
|
|
|
# 1) Deploy the lxc container(s) |
|
|
|
- hosts: ldap |
|
|
|
# The host may not exist yet: do not gather facts |
|
|
|
gather_facts: false |
|
|
|
tags: |
|
|
|
- lxc |
|
|
|
tasks: |
|
|
|
# Delegate lxc container deployment to `ansible_lxc_host` |
|
|
|
- import_role: name='lxc_guest' |
|
|
|
vars: |
|
|
|
vm_name: '{{ inventory_hostname }}' |
|
|
|
vm_size: '1G' |
|
|
|
vg_name: '{{ hostvars[ansible_lxc_host]["vg_name"] }}' |
|
|
|
delegate_to: '{{ ansible_lxc_host }}' |
|
|
|
# The host may not be directly reachable: use `ssh_lxc` proxy to |
|
|
|
# gather facts (setup) and configure SSH. |
|
|
|
- set_fact: ansible_connection='ssh_lxc' |
|
|
|
- setup: |
|
|
|
- include_role: name='ssh_server' |
|
|
|
# Now the host should be ssh-reachable |
|
|
|
- set_fact: ansible_connection='ssh' |
|
|
|
|
|
|
|
# 2) Deploy LDAP server(s) |
|
|
|
- hosts: ldap |
|
|
|
roles: |
|
|
|
- role: dns_record |
|
|
|
- role: ldap |
|
|
|
ldap_domain: 'lilik.it' |
|
|
|
ldap_organization: 'LILiK' |
|
|
|
fqdn_domain: 'dmz.{{ domain }}' |
|
|
|
x509_suffix: 'o=LILiK,l=Firenze,st=IT' |
|
|
|
virtual_domains: |
|
|
|
- '{{ domain }}' |
|
|
|
# Default values: |
|
|
|
#ldap_tls_enabled: true |
|
|
|
#renew_rootdn_pw: true |
|
|
|
#check_tree: true |
|
|
|
|
|
|
|
# 3) Enable monitoring |
|
|
|
- hosts: status |
|
|
|
roles: |
|
|
|
- role: icinga2-monitoring |