--- # tasks file for ericomeehan.openldap.eom.dev - name: Deploy openldap network services hosts: alpha-control-plane become: true tasks: - name: Create persistent volume for openldap database files k8s: state: present definition: apiVersion: v1 kind: PersistentVolume metadata: name: openldap-db-pv spec: capacity: storage: 1Gi accessModes: - ReadWriteOnce persistentVolumeReclaimPolicy: Retain storageClassName: standard hostPath: path: /mnt/data/openldap-db-pv nodeAffinity: required: nodeSelectorTerms: - matchExpressions: - key: kubernetes.io/hostname operator: In values: - alpha-worker-0 - name: Create persistent volume for openldap configurations k8s: state: present definition: apiVersion: v1 kind: PersistentVolume metadata: name: openldap-conf-pv spec: capacity: storage: 1Gi accessModes: - ReadWriteOnce persistentVolumeReclaimPolicy: Retain storageClassName: standard hostPath: path: /mnt/data/openldap-conf-pv nodeAffinity: required: nodeSelectorTerms: - matchExpressions: - key: kubernetes.io/hostname operator: In values: - alpha-worker-0 - name: Create persistent volume claim for openldap database volume k8s: state: present definition: apiVersion: v1 kind: PersistentVolumeClaim metadata: name: openldap-db-pv-claim namespace: {{ namespace }} spec: accessModes: - ReadWriteOnce resources: requests: storage: 1Gi storageClassName: standard volumeName: openldap-db-pv - name: Create persistent volume claim for openldap configuration volume k8s: state: present definition: apiVersion: v1 kind: PersistentVolumeClaim metadata: name: openldap-conf-pv-claim namespace: {{ namespace }} spec: accessModes: - ReadWriteOnce resources: requests: storage: 1Gi storageClassName: standard volumeName: openldap-conf-pv # TODO: get ldap database from previous network - name: Copy ldap database to persistent volume copy: src: files/slapd dest: /data/openldap-db-pv/slapd - name: Copy base.ldif to persistent volume copy: src: files/base.ldif dest: /data/openldap-conf-pv/base.ldif - name: Copy allowpwchagne.ldif to persistent volume copy: src: files/allowpwchagne.ldif dest: /data/openldap-conf-pv/allowpwchagne.ldif - name: Copy service_accounts.ldif to persistent volume copy: src: files/service_accounts.ldif dest: /data/openldap-conf-pv/service_accounts.ldif - name: Copy config.ldif template to the persistent volumes template: src: files/config.ldiff.j2 dest: /data/openldap-conf-pv/config.ldiff - name: Copy eric.ldif template to the persistent volumes template: src: files/eric.ldiff.j2 dest: /data/openldap-conf-pv/eric.ldiff - name: Copy reader.ldif template to the persistent volumes template: src: files/reader.ldiff.j2 dest: /data/openldap-conf-pv/reader.ldiff - name: Create a deployment k8s: definition: apiVersion: apps/v1 kind: Deployment metadata: name: openldap-deployment namespace: {{ namespace }} spec: replicas: 1 selector: matchLabels: app: openldap template: metadata: labels: app: openldap spec: containers: - name: openopenldap image: osixia/openldap:1.5.0 volumeMounts: - name: openldap-db-pv mountPath: /var/lib/openldap - name: openldap-conf-pv mountPath: /etc/openldap/slapd.d ports: - containerPort: 389 - containerPort: 636 env: - name: LDAP_ORGANIZATION value: "EOM" - name: LDAP_DOMAIN value: "eom.dev" - name: LDAP_ADMIN_PASSWORD value: "{{ slappasswd }}" volumes: - name: openldap-db-pv persistentVolumeClaim: claimName: openldap-db-pv-claim - name: openldap-conf-pv persistentVolumeClaim: claimName: openldap-conf-claim - name: Expose deployment as a service k8s: definition: apiVersion: v1 kind: Service metadata: name: openldap-service namespace: {{ namespace }} spec: selector: app: openldap ports: - port: 389 protocol: TCP name: openldap-port-389 nodePort: {{ nodePorts[openldap-port-389] }} - port: 636 protocol: TCP name: openldap-port-636 nodePort: {{ nodePorts[openldap-port-636] }} type: NodePort