diff --git a/CICD/heat/gc_HOT.yaml b/CICD/heat/gc_HOT.yaml
index 75f12b0ee4902e6b2c3a742914ef282e0d869814..35697358442baa1e14a3aa9a58763275d3fe98b5 100644
--- a/CICD/heat/gc_HOT.yaml
+++ b/CICD/heat/gc_HOT.yaml
@@ -58,6 +58,11 @@ parameters:
type: string
label: Resource ID
default: 8a029c04-08ce-40f1-a705-d45a2077e27d
+ LDAPSecGroupID:
+ type: string
+ label: Resource ID
+ default: 070a32e2-858b-462a-b2b5-b3a92eec2669
+
resources:
@@ -70,9 +75,9 @@ resources:
flavor: m3.xsmall
image: { get_param: centos_7_image_id }
key_name: { get_param: ssh_key }
- security_groups: [ { get_param: SSHMonashSecGroupID }, { get_param: SlurmSecGroupID }, { get_param: MySQLSecGroupID }, { get_param: NFSSecGroupID } ]
+ security_groups: [ { get_param: SSHMonashSecGroupID }, { get_param: SlurmSecGroupID }, { get_param: MySQLSecGroupID }, { get_param: NFSSecGroupID }, { get_param: LDAPSecGroupID } ]
metadata:
- ansible_host_groups: [ SQLNodes, NFSNodes ]
+ ansible_host_groups: [ SQLNodes, NFSNodes, LDAPServer ]
ansible_ssh_user: ec2-user
project_name: { get_param: project_name }
networks:
@@ -159,7 +164,7 @@ resources:
key_name: { get_param: ssh_key }
name:
list_join: [ '-', [ { get_param: "OS::stack_name" }, 'login%index%' ]]
- security_groups: [ default, { get_param: PublicSSHSecGroupID }, { get_param: SlurmSecGroupID }, { get_param: NFSSecGroupID } ]
+ security_groups: [ default, { get_param: PublicSSHSecGroupID }, { get_param: SlurmSecGroupID }, { get_param: NFSSecGroupID }, { get_param: LDAPSecGroupID } ]
metadata:
ansible_host_groups: [ LoginNodes ]
ansible_ssh_user: ec2-user
@@ -180,7 +185,7 @@ resources:
key_name: { get_param: ssh_key }
name:
list_join: [ '-', [ { get_param: "OS::stack_name" }, 'loginU%index%' ]]
- security_groups: [ default, { get_param: SSHMonashSecGroupID }, { get_param: SlurmSecGroupID }, { get_param: NFSSecGroupID } ]
+ security_groups: [ default, { get_param: SSHMonashSecGroupID }, { get_param: SlurmSecGroupID }, { get_param: NFSSecGroupID }, { get_param: LDAPSecGroupID } ]
metadata:
ansible_host_groups: [ LoginNodes ]
ansible_ssh_user: ubuntu
@@ -201,7 +206,7 @@ resources:
key_name: { get_param: ssh_key }
name:
list_join: [ '-', [ { get_param: "OS::stack_name" }, 'desktopc%index%' ]]
- security_groups: [ default, { get_param: SSHMonashSecGroupID }, { get_param: SlurmSecGroupID }, { get_param: NFSSecGroupID } ]
+ security_groups: [ default, { get_param: SSHMonashSecGroupID }, { get_param: SlurmSecGroupID }, { get_param: NFSSecGroupID }, { get_param: LDAPSecGroupID } ]
metadata:
ansible_host_groups: [ DesktopNodes, VisNodes, ComputeNodes ]
ansible_ssh_user: ec2-user
@@ -222,7 +227,7 @@ resources:
key_name: { get_param: ssh_key }
name:
list_join: [ '-', [ { get_param: "OS::stack_name" }, 'computeU%index%' ]]
- security_groups: [ default, { get_param: SlurmSecGroupID }, { get_param: NFSSecGroupID }, { get_param: SSHMonashSecGroupID } ]
+ security_groups: [ default, { get_param: SlurmSecGroupID }, { get_param: NFSSecGroupID }, { get_param: SSHMonashSecGroupID }, { get_param: LDAPSecGroupID } ]
metadata:
ansible_host_groups: [ ComputeNodes ]
ansible_ssh_user: ubuntu
@@ -243,7 +248,7 @@ resources:
key_name: { get_param: ssh_key }
name:
list_join: [ '-', [ { get_param: "OS::stack_name" }, 'computec7%index%' ]]
- security_groups: [ default, { get_param: SSHMonashSecGroupID }, { get_param: SlurmSecGroupID }, { get_param: NFSSecGroupID } ]
+ security_groups: [ default, { get_param: SSHMonashSecGroupID }, { get_param: SlurmSecGroupID }, { get_param: NFSSecGroupID }, { get_param: LDAPSecGroupID } ]
metadata:
ansible_host_groups: [ ComputeNodes ]
ansible_ssh_user: ec2-user
@@ -264,7 +269,7 @@ resources:
key_name: { get_param: ssh_key }
name:
list_join: [ '-', [ { get_param: "OS::stack_name" }, 'gpudesktopu%index%' ]]
- security_groups: [ default, { get_param: SSHMonashSecGroupID }, { get_param: SlurmSecGroupID }, { get_param: NFSSecGroupID } ]
+ security_groups: [ default, { get_param: SSHMonashSecGroupID }, { get_param: SlurmSecGroupID }, { get_param: NFSSecGroupID }, { get_param: LDAPSecGroupID } ]
metadata:
ansible_host_groups: [ DesktopNodes, GPU, ComputeNodes, K1, VisNodes ]
ansible_ssh_user: ubuntu
@@ -285,7 +290,7 @@ resources:
key_name: { get_param: ssh_key }
name:
list_join: [ '-', [ { get_param: "OS::stack_name" }, 'computerhel%index%' ]]
- security_groups: [ default, { get_param: SSHMonashSecGroupID }, { get_param: SlurmSecGroupID }, { get_param: NFSSecGroupID } ]
+ security_groups: [ default, { get_param: SSHMonashSecGroupID }, { get_param: SlurmSecGroupID }, { get_param: NFSSecGroupID }, { get_param: LDAPSecGroupID } ]
metadata:
ansible_host_groups: [ DGXRHELNodes ]
ansible_ssh_user: cloud-user
@@ -302,7 +307,7 @@ resources:
# flavor: m3.xsmall
# image: { get_param: ubuntu_1804_image_id }
# key_name: { get_param: ssh_key }
-# security_groups: [ { get_resource_id SSHMonashSecGroup }, { get_resource_id webaccess } ]
+# security_groups: [ { get_resource_id SSHMonashSecGroup }, { get_resource_id webaccess }, { get_param: LDAPSecGroupID } ]
# metadata:
# ansible_host_groups: [ PySSHauthz ]
# ansible_ssh_user: ubuntu
diff --git a/CICD/heat/gc_secgroups.hot b/CICD/heat/gc_secgroups.hot
index ad6e779035e99df7fd93639f2a0179848cc69a5e..43bb8fc07202746e345e631510ab3b4795b0a1d6 100644
--- a/CICD/heat/gc_secgroups.hot
+++ b/CICD/heat/gc_secgroups.hot
@@ -37,6 +37,14 @@ resources:
port_range_min: 111,
port_range_max: 111,
remote_mode: "remote_group_id"} ]
+ LDAPSecGroup:
+ type: "OS::Neutron::SecurityGroup"
+ properties:
+ name: "heatldapsecgroup"
+ rules: [ { protocol: tcp,
+ port_range_min: 389,
+ port_range_max: 389,
+ remote_mode: "remote_group_id"} ]
MySQLSecGroup:
type: "OS::Neutron::SecurityGroup"
properties:
diff --git a/CICD/plays/mockldap.yml b/CICD/plays/mockldap.yml
index 8c7fbe296cae8495f9bdf21d76ccea2d0d5d86d8..b11b077a021f474fb0b11a73fa659033a7384adb 100644
--- a/CICD/plays/mockldap.yml
+++ b/CICD/plays/mockldap.yml
@@ -1,5 +1,5 @@
---
-- hosts: SQLNodes
+- hosts: LDAPServer
vars_files:
- vars/passwords.yml
- vars/ldapConfig.yml
diff --git a/roles/ldapclient/defaults/main.yml b/roles/ldapclient/defaults/main.yml
index 943ed859cbbe42cc152c91188f2cf9644469b13e..df326328713f54cee72c9153014b9e2804d49a84 100644
--- a/roles/ldapclient/defaults/main.yml
+++ b/roles/ldapclient/defaults/main.yml
@@ -1,3 +1,4 @@
---
ldapRfc2307: ""
ldapRfc2307Pam: ""
+useTLS: True
diff --git a/roles/ldapclient/tasks/configLdapClient.yml b/roles/ldapclient/tasks/configLdapClient.yml
index 7e7dad770d8b429aa3603ec1454c6eecabe1bc64..05da27b348e0cf9318a12ba4d1feb187e7ae99fd 100644
--- a/roles/ldapclient/tasks/configLdapClient.yml
+++ b/roles/ldapclient/tasks/configLdapClient.yml
@@ -36,10 +36,10 @@
become_user: root
- name: "Add LDAP server IP address to /etc/hosts"
- lineinfile: dest=/etc/hosts line="{{ ldapServerHostIpLine }}" state=present insertafter=EOF
+ lineinfile: dest=/etc/hosts line="{{ hostvars[groups['LDAPServer'][0]]['ansible_host'] }} {{ ldapServerHostName }}" state=present insertafter=EOF
become: true
become_user: root
- when: ldapServerHostIpLine is defined
+ #when: ldapServerHostIpLine is defined
- name: "Copy sssd.conf to ldap client"
template: src=sssd.j2 dest=/etc/sssd/sssd.conf owner=root group=root mode=600
diff --git a/roles/ldapclient/templates/sssd.j2 b/roles/ldapclient/templates/sssd.j2
index a64b92eb1a0dd25502e979e0caeba40b042c87bb..5139ff68ca3c9ee43375d5372099882e9d81ed96 100644
--- a/roles/ldapclient/templates/sssd.j2
+++ b/roles/ldapclient/templates/sssd.j2
@@ -26,15 +26,13 @@ access_provider = ldap
ldap_uri = {{ ldapURI }}, {{ ldapROURI }}
ldap_chpass_uri = {{ ldapURI }}
{% else %}
-ldap_uri = {{ ldapURI }}
+ldap_uri = {{ ldapURI }}
{% endif %}
ldap_id_use_start_tls = {{ useTLS }}
-{% if useTLS is not defined%}
-ldap_tls_reqcert = never
-ldap_id_use_start_tls = True
+{% if useTLS %}
+ldap_tls_reqcert = allow
{% else %}
-ldap_tls_reqcert = always
-ldap_id_use_start_tls = {{ useTLS }}
+ldap_tls_reqcert = never
{% endif %}
{% if ldapCaCertFile is defined %}
ldap_tls_cacert = {{ ldapCaCertFile }}