update openldap default tree

This commit is contained in:
vincent 2024-05-08 21:14:37 +02:00
parent c9f4656470
commit 272efbb844
5 changed files with 80 additions and 90 deletions

View File

@ -34,5 +34,3 @@ postgresql_hba_entries:
- {type: host, database: all, user: all, address: '::1/128', auth_method: md5} - {type: host, database: all, user: all, address: '::1/128', auth_method: md5}
- {type: host, database: all, user: all, address: '::0/128', auth_method: md5} - {type: host, database: all, user: all, address: '::0/128', auth_method: md5}
- {type: host, database: all, user: all, address: '0.0.0.0/0', auth_method: md5} - {type: host, database: all, user: all, address: '0.0.0.0/0', auth_method: md5}
- {type: host, database: replication, user: repli, address: '192.168.1.42/32', auth_method: md5}
- {type: host, database: replication, user: repli, address: '192.168.1.40/32', auth_method: md5}

View File

@ -1,47 +1,50 @@
$ANSIBLE_VAULT;1.1;AES256 $ANSIBLE_VAULT;1.1;AES256
38633535353630393131613866663164303337323939363261633266376163336664313930336664 62363033346539353361643130383163333634363564623262643966333661316136393136626438
3135653966393866633438306361303165633337306333640a333532336662323333376333386637 3361626263643632363037633535326131313132636131340a366364393336306536303630323337
37376462646539653637323930366239353036376330623732393434353231333730653338386433 31646635353839663039653666393836383133306533303137663064646333326237646536633437
6238333164646237620a316434373136393765363630306130353237623961353166376233366364 3366663537313431370a353866646663383134616266353461666235633337326430396566633834
34616362626231393732333535373765616533333038326636626434396432323831313530623562 30393064336532326635383364653932643239633061366638393732333634373435313031663637
31616331323936643761373639336132666166613163616431346330643333613738663231353433 64643532653835316263633235646432363662323966643736643835356137313532376435326366
66353264616535346238313061646362313764613733383334313230383539643961653339313931 61653833336462616666313437303262646137663432666364396136313862633665333630373836
64326634646133386162353835633630386235343637666437643238616233643036343566393962 64353364303634636639626462343964663935326232633834316664393630316166353937383731
32646334306439326664666139396136333033396536656438316130393032653563623539653430 38616631663436643938363039656435323964643739333565666365626238623331396165383434
33393564303135363738326630373232396235383635313366333333666564613162613235613066 63366362383765373735306239643630373536663632643636323035363139646231363933363134
66636430623335393562323365383030633335353834313065346566626632316162323761633637 64373634613935323531323933353365393166336131656361633736313261636363666263386338
64356136313438313161353933633133623861623638646463366134636630616630373466336436 63353831393738336534313164633537383838313733646331306266363462383831626631663332
34363264613665393062666330373934666230313662383862353336613531366139666636333635 62646362363534643632646334366537616534323265623033623036616364353663643565366264
66383730363630396131636338396461356563353164373466343334646336383536623661353235 64393238393731633433343666656539313333333033613163323665653837396331376234353763
38663761353462306562336237663133633032323037663932643966393032613337656163313636 34666434363733663635663634396630666334623565656532353962346230383835636634646365
65303732636331646231346366376631353436306332306439323563383765636537613061346463 61313830666465626335303639396633656631393131363035333032633739653163383061616536
61383666653537353732343834613461393133393264633336643966643532373336333761316464 62303139653438313064363265313535666264343533306363363132613765656331356264323333
62656562343733626331663066646462393835623065636432356634356630643761393538323437 31346537663436366332633863393264653339373864386362623666396361623130643533643931
62353934633839616631616564353833633739333366633162313166646664646663303132363536 63353737613236303031663164373961633562386564383961393932323636383966313536623337
36626461653764613238623237643965333932666563303461323566653137313431323364646334 62616161326238653331363966366131626633613766643161373237313732653063653765353762
39326135306330373233333538646130343035373231323461633637353836356236653862343432 33316265656533643132396631336161313231316634353437363261366633623562663731373431
36656239653838313035333761343261646665316530393739643538373231303764343762646565 38653837396263636164656432396436393461663761373864353463346537396537356439326534
61343334356438663831386166626662613361616632346631373466656335323838346131366634 38376634343338623831613034383162633837633830663435353061376239303932316265303963
39383534306139313934316431623638363734616438396335323430643537663166663061626464 30333533656230366438656162643665386433653535646332366136323365363261303133633735
63356230343062666165393062386461393233616238613366643164336538356636303635343036 65393238393965393131353364393063383262313438333265623964373931656664343966633230
62363664326231313864613164353561346238363237613935323361313135303366306464333631 31373562623536663535343763613432323365633735353837663861613536363234363262646261
31633730353637303933666137373238643731356361393731616566366564373330326365333362 36623062306163626233626161643036366261636237626537613165613632376263666234623036
38326338633938363935633735633830663635363036393661303031663035386238383566393339 36313631396163633330343835316562343961343831323262346466373166313735623963356537
61376333363832386131663962323932663263356335346538616261626432376638396235333163 32636565633765323863663432396439363765393039323332616538303935363436633431636635
62333439353836633931306262633065306235313633356266383837313134633334623762333362 65326462393033613664336566393836646137353138386437396264386137396263666233643139
37306235333066626435313465636632316131396565396161396437653038333865656532623537 33653536643362353864623737386239333439333164346635386464343936316538656231663732
66656237393139363034366337386262386130373662363432333137356134373966376261323930 32383832323963393234366261353864386437343266353335393365633739386637613834633761
34396666636533633762373532316336623634383963323635613435373734343935363136353634 61323838366334616337316236656532616563303736393636636164353866663836333835666136
66616530656265323536343934353534633736316538316565336637623631376236363031623161 31346531396530656230303463353663336366363935356261356564353562326537303364633039
36666339643265313738373262353739633337383134363832343330643662396133393163623661 39333034373963393335386365346166626462386431386332623666393238343132383730316633
63323739303464313132353766613831396338393338636531343936353134663232323033306230 38613165663339666131313630353234383666343835363330336432633735303564666238323937
66636562386466353061343161336335323763663564343863373362303962373534356366346564 64383538626233613834313030636465326538363065383061613530376236333338663562613430
31353565333963623736376239363838346530646262356533613431346361653962313765636532 30656665373938303438383836343935353963316335326630366562643736386538633739653464
64333634646664613436316331313832613463646335373261303363653030346235313666633365 32306461653836363361646664666332616665613235643330343535636532313230316432386230
65666562623832346364646364356333386130633130346533633437333033616232363162613936 30653364643439353037663936633831646632353633363138666230386634633161626566396162
36353737653031383165396163346561306136376531613338323665393763663339613236353837 36623637316364626163653333636264663837373536653738613263303739643930386564333336
32653233343235306262353665353861623132663961386338383238346335313039383866613830 61613931363530313165353132323338353966633536386661626634323432366139623630663131
31373634613039633466376330386563653638656631333839346131616332326363343935363731 33336531346264376561383363386337316638346538373639643561646539626138333966623961
61643433653463313833623834643862623238613561666630363137393730333538666361613937 66313930303032633936333036613536636535313562653939333764663566633039373366303965
32663630303864396630303465343064333035313836346131393834303135323766303861666133 37646333646662633366646234386265313530363030366635326535623661363735343935316661
3030326636393762613263626666373133363237633030356265 31623364346261316362306134626665303932383531393861393832646263333263316162616562
62636465303334613161353335613635333931356433633931346664383963613366353132623839
62373430646539643938306466316664663063393139393830626337333433363333333362333063
37333538393435626235643837346539326138393466333738626364356633306230

View File

@ -2,6 +2,16 @@
- hosts: database - hosts: database
vars: vars:
# certbot_force: true # certbot_force: true
pre_tasks:
- name: Add database member to pg_hba replication
set_fact:
postgresql_hba_entries: "{{postgresql_hba_entries + [\
{'type':'host', \
'database': 'replication',\
'user':'repli',\
'address':hostvars[item]['ansible_'+default_interface]['ipv4']['address']+'/32',\
'auth_method':'trust'}] }}"
loop: "{{ groups.database }}"
roles: roles:
- role: ansible-role-postgresql - role: ansible-role-postgresql
become: true become: true
@ -14,3 +24,20 @@
- pg_read_all_data - pg_read_all_data
become: true become: true
become_user: "{{ postgresql_user }}" become_user: "{{ postgresql_user }}"
when: inventory_hostname in groups["database_active"]
- name: Check if inactive database is initialised
ansible.builtin.stat:
path: /var/lib/postgres/data/postgresql.conf
become: true
register: in_recovery
- name: Launch replication
command: pg_basebackup -D /var/lib/postgres/data -h {{groups["database_active"]|first}} -U repli -Fp -Xs -P -R -w
become: true
become_user: postgres
when: inventory_hostname in groups["database_standby"] and not in_recovery.stat.exists
- name: Ensure PostgreSQL is started and enabled on boot.
service:
name: "{{ postgresql_daemon }}"
state: "{{ postgresql_service_state }}"
enabled: "{{ postgresql_service_enabled }}"
become: true

View File

@ -5,6 +5,7 @@ oscar-dev
oscar-dev oscar-dev
[database_standby] [database_standby]
gerard-dev
[database:children] [database:children]
database_active database_active

View File

@ -169,8 +169,9 @@ objectClass: shadowAccount
objectClass: top objectClass: top
cn: authelia cn: authelia
gidNumber: 1000001 gidNumber: 1000001
sn: supysonicServiceAccount homeDirectory: /home/authelia
uid: supysonicServiceAccount sn: authelia
uid: authelia
uidNumber: 1000008 uidNumber: 1000008
displayName: authelia displayName: authelia
shadowExpire: -1 shadowExpire: -1
@ -191,7 +192,6 @@ gidNumber: 1000011
member: cn=Directory Consumers,ou=groups,dc=ducamps,dc=eu member: cn=Directory Consumers,ou=groups,dc=ducamps,dc=eu
member: uid=vincent,ou=users,dc=ducamps,dc=eu member: uid=vincent,ou=users,dc=ducamps,dc=eu
displayName: na_a displayName: na_a
memberUid: vincent
dn: cn=NAS_user,ou=groups,dc=ducamps,dc=eu dn: cn=NAS_user,ou=groups,dc=ducamps,dc=eu
objectClass: extensibleObject objectClass: extensibleObject
@ -201,15 +201,9 @@ objectClass: top
cn: NAS_user cn: NAS_user
gidNumber: 1000013 gidNumber: 1000013
member: uid=hubert,ou=users,dc=ducamps,dc=eu member: uid=hubert,ou=users,dc=ducamps,dc=eu
member: uid=loic,ou=users,dc=ducamps,dc=eu
member: uid=olivier,ou=users,dc=ducamps,dc=eu member: uid=olivier,ou=users,dc=ducamps,dc=eu
member: uid=vincent,ou=users,dc=ducamps,dc=eu member: uid=vincent,ou=users,dc=ducamps,dc=eu
displayName: NAS_user displayName: NAS_user
memberUid: admin
memberUid: hubert
memberUid: loic
memberUid: olivier
memberUid: vincent
dn: cn=NAS_ebook,ou=groups,dc=ducamps,dc=eu dn: cn=NAS_ebook,ou=groups,dc=ducamps,dc=eu
objectClass: extensibleObject objectClass: extensibleObject
@ -221,8 +215,6 @@ gidNumber: 1000006
member: uid=vincent,ou=users,dc=ducamps,dc=eu member: uid=vincent,ou=users,dc=ducamps,dc=eu
description: group owner of ebook folder description: group owner of ebook folder
displayName: NAS_ebook displayName: NAS_ebook
memberUid: admin
memberUid: vincent
dn: cn=NAS_media,ou=groups,dc=ducamps,dc=eu dn: cn=NAS_media,ou=groups,dc=ducamps,dc=eu
objectClass: extensibleObject objectClass: extensibleObject
@ -234,8 +226,6 @@ gidNumber: 1000003
member: uid=vincent,ou=users,dc=ducamps,dc=eu member: uid=vincent,ou=users,dc=ducamps,dc=eu
description: group owner of media folder description: group owner of media folder
displayName: media displayName: media
memberUid: admin
memberUid: vincent
dn: cn=NAS_music,ou=groups,dc=ducamps,dc=eu dn: cn=NAS_music,ou=groups,dc=ducamps,dc=eu
objectClass: extensibleObject objectClass: extensibleObject
@ -247,8 +237,6 @@ gidNumber: 1000005
member: uid=vincent,ou=users,dc=ducamps,dc=eu member: uid=vincent,ou=users,dc=ducamps,dc=eu
description: group owner of Music folder description: group owner of Music folder
displayName: NAS_music displayName: NAS_music
memberUid: admin
memberUid: vincent
dn: cn=NAS_photo,ou=groups,dc=ducamps,dc=eu dn: cn=NAS_photo,ou=groups,dc=ducamps,dc=eu
objectClass: extensibleObject objectClass: extensibleObject
@ -262,10 +250,6 @@ member: uid=olivier,ou=users,dc=ducamps,dc=eu
member: uid=vincent,ou=users,dc=ducamps,dc=eu member: uid=vincent,ou=users,dc=ducamps,dc=eu
description: group owner of photo folder description: group owner of photo folder
displayName: photo displayName: photo
memberUid: admin
memberUid: hubert
memberUid: olivier
memberUid: vincent
dn: cn=serverAdmin,ou=groups,dc=ducamps,dc=eu dn: cn=serverAdmin,ou=groups,dc=ducamps,dc=eu
objectClass: extensibleObject objectClass: extensibleObject
@ -276,7 +260,6 @@ cn: serverAdmin
gidNumber: 1000016 gidNumber: 1000016
member: uid=vincent,ou=users,dc=ducamps,dc=eu member: uid=vincent,ou=users,dc=ducamps,dc=eu
displayName: server_admin displayName: server_admin
memberUid: vincent
dn: cn=vault_admin,ou=groups,dc=ducamps,dc=eu dn: cn=vault_admin,ou=groups,dc=ducamps,dc=eu
objectClass: extensibleObject objectClass: extensibleObject
@ -287,7 +270,6 @@ cn: vault_admin
gidNumber: 1000014 gidNumber: 1000014
member: uid=vincent,ou=users,dc=ducamps,dc=eu member: uid=vincent,ou=users,dc=ducamps,dc=eu
displayName: vaultaccess displayName: vaultaccess
memberUid: vincent
dn: cn=NAS_download,ou=groups,dc=ducamps,dc=eu dn: cn=NAS_download,ou=groups,dc=ducamps,dc=eu
objectClass: extensibleObject objectClass: extensibleObject
@ -300,8 +282,6 @@ member: uid=olivier,ou=users,dc=ducamps,dc=eu
member: uid=vincent,ou=users,dc=ducamps,dc=eu member: uid=vincent,ou=users,dc=ducamps,dc=eu
description: group owner du dossier download description: group owner du dossier download
displayName: NAS_download displayName: NAS_download
memberUid: olivier
memberUid: vincent
dn: cn=JellyfinUsers,ou=groups,dc=ducamps,dc=eu dn: cn=JellyfinUsers,ou=groups,dc=ducamps,dc=eu
objectClass: extensibleObject objectClass: extensibleObject
@ -315,10 +295,6 @@ member: uid=loic,ou=users,dc=ducamps,dc=eu
member: uid=olivier,ou=users,dc=ducamps,dc=eu member: uid=olivier,ou=users,dc=ducamps,dc=eu
member: uid=vincent,ou=users,dc=ducamps,dc=eu member: uid=vincent,ou=users,dc=ducamps,dc=eu
displayName: JellyfinUsers displayName: JellyfinUsers
memberUid: admin
memberUid: loic
memberUid: olivier
memberUid: vincent
dn: cn=administrators,ou=groups,dc=ducamps,dc=eu dn: cn=administrators,ou=groups,dc=ducamps,dc=eu
objectClass: extensibleObject objectClass: extensibleObject
@ -330,7 +306,6 @@ gidNumber: 1000002
member: uid=vincent,ou=users,dc=ducamps,dc=eu member: uid=vincent,ou=users,dc=ducamps,dc=eu
description: System default admin group description: System default admin group
displayName: administrators displayName: administrators
memberUid: vincent
dn: cn=LDAP Operators,ou=groups,dc=ducamps,dc=eu dn: cn=LDAP Operators,ou=groups,dc=ducamps,dc=eu
objectClass: extensibleObject objectClass: extensibleObject
@ -343,7 +318,6 @@ gidNumber: 1000000
member: uid=vincent,ou=users,dc=ducamps,dc=eu member: uid=vincent,ou=users,dc=ducamps,dc=eu
description: Directory default admin group description: Directory default admin group
displayName: Directory Operators displayName: Directory Operators
memberUid: vincent
dn: cn=SupysonicUsers,ou=groups,dc=ducamps,dc=eu dn: cn=SupysonicUsers,ou=groups,dc=ducamps,dc=eu
objectClass: extensibleObject objectClass: extensibleObject
@ -356,9 +330,6 @@ member: uid=hubert,ou=users,dc=ducamps,dc=eu
member: uid=olivier,ou=users,dc=ducamps,dc=eu member: uid=olivier,ou=users,dc=ducamps,dc=eu
member: uid=vincent,ou=users,dc=ducamps,dc=eu member: uid=vincent,ou=users,dc=ducamps,dc=eu
displayName: SupysonicUsers displayName: SupysonicUsers
memberUid: hubert
memberUid: olivier
memberUid: vincent
dn: cn=SupysonicAdmins,ou=groups,dc=ducamps,dc=eu dn: cn=SupysonicAdmins,ou=groups,dc=ducamps,dc=eu
objectClass: extensibleObject objectClass: extensibleObject
@ -369,7 +340,6 @@ cn: SupysonicAdmins
gidNumber: 1000019 gidNumber: 1000019
member: uid=vincent,ou=users,dc=ducamps,dc=eu member: uid=vincent,ou=users,dc=ducamps,dc=eu
displayName: SupysonicAdmins displayName: SupysonicAdmins
memberUid: vincent
dn: cn=workstationAdmin,ou=groups,dc=ducamps,dc=eu dn: cn=workstationAdmin,ou=groups,dc=ducamps,dc=eu
objectClass: extensibleObject objectClass: extensibleObject
@ -380,7 +350,6 @@ cn: workstationAdmin
gidNumber: 1000017 gidNumber: 1000017
member: uid=vincent,ou=users,dc=ducamps,dc=eu member: uid=vincent,ou=users,dc=ducamps,dc=eu
displayName: workstation_admin displayName: workstation_admin
memberUid: vincent
dn: cn=JellyfinAdministrator,ou=groups,dc=ducamps,dc=eu dn: cn=JellyfinAdministrator,ou=groups,dc=ducamps,dc=eu
objectClass: extensibleObject objectClass: extensibleObject
@ -391,7 +360,6 @@ cn: JellyfinAdministrator
gidNumber: 1000015 gidNumber: 1000015
member: uid=vincent,ou=users,dc=ducamps,dc=eu member: uid=vincent,ou=users,dc=ducamps,dc=eu
displayName: JellyfinAdministrator displayName: JellyfinAdministrator
memberUid: vincent
dn: cn=users,ou=groups,dc=ducamps,dc=eu dn: cn=users,ou=groups,dc=ducamps,dc=eu
objectClass: extensibleObject objectClass: extensibleObject
@ -401,13 +369,6 @@ objectClass: top
cn: users cn: users
gidNumber: 1000001 gidNumber: 1000001
member: uid=hubert,ou=users,dc=ducamps,dc=eu member: uid=hubert,ou=users,dc=ducamps,dc=eu
member: uid=loic,ou=users,dc=ducamps,dc=eu
member: uid=olivier,ou=users,dc=ducamps,dc=eu member: uid=olivier,ou=users,dc=ducamps,dc=eu
member: uid=vincent,ou=users,dc=ducamps,dc=eu member: uid=vincent,ou=users,dc=ducamps,dc=eu
sambaGroupType: 2
displayName: NAS_user displayName: NAS_user
memberUid: admin
memberUid: hubert
memberUid: loic
memberUid: olivier
memberUid: vincent