197 lines
5.9 KiB
YAML
197 lines
5.9 KiB
YAML
---
|
|
# tasks file for ericomeehan.openldap.eom.dev
|
|
- name: Deploy openldap network services
|
|
hosts: alpha-control-plane
|
|
become: true
|
|
tasks:
|
|
|
|
- name: Create persistent volume for openldap database files
|
|
k8s:
|
|
state: present
|
|
definition:
|
|
apiVersion: v1
|
|
kind: PersistentVolume
|
|
metadata:
|
|
name: openldap-db-pv
|
|
spec:
|
|
capacity:
|
|
storage: 1Gi
|
|
accessModes:
|
|
- ReadWriteOnce
|
|
persistentVolumeReclaimPolicy: Retain
|
|
storageClassName: standard
|
|
hostPath:
|
|
path: /mnt/data/openldap-db-pv
|
|
nodeAffinity:
|
|
required:
|
|
nodeSelectorTerms:
|
|
- matchExpressions:
|
|
- key: kubernetes.io/hostname
|
|
operator: In
|
|
values:
|
|
- alpha-worker-0
|
|
|
|
- name: Create persistent volume for openldap configurations
|
|
k8s:
|
|
state: present
|
|
definition:
|
|
apiVersion: v1
|
|
kind: PersistentVolume
|
|
metadata:
|
|
name: openldap-conf-pv
|
|
spec:
|
|
capacity:
|
|
storage: 1Gi
|
|
accessModes:
|
|
- ReadWriteOnce
|
|
persistentVolumeReclaimPolicy: Retain
|
|
storageClassName: standard
|
|
hostPath:
|
|
path: /mnt/data/openldap-conf-pv
|
|
nodeAffinity:
|
|
required:
|
|
nodeSelectorTerms:
|
|
- matchExpressions:
|
|
- key: kubernetes.io/hostname
|
|
operator: In
|
|
values:
|
|
- alpha-worker-0
|
|
|
|
- name: Create persistent volume claim for openldap database volume
|
|
k8s:
|
|
state: present
|
|
definition:
|
|
apiVersion: v1
|
|
kind: PersistentVolumeClaim
|
|
metadata:
|
|
name: openldap-db-pv-claim
|
|
namespace: {{ namespace }}
|
|
spec:
|
|
accessModes:
|
|
- ReadWriteOnce
|
|
resources:
|
|
requests:
|
|
storage: 1Gi
|
|
storageClassName: standard
|
|
volumeName: openldap-db-pv
|
|
|
|
- name: Create persistent volume claim for openldap configuration volume
|
|
k8s:
|
|
state: present
|
|
definition:
|
|
apiVersion: v1
|
|
kind: PersistentVolumeClaim
|
|
metadata:
|
|
name: openldap-conf-pv-claim
|
|
namespace: {{ namespace }}
|
|
spec:
|
|
accessModes:
|
|
- ReadWriteOnce
|
|
resources:
|
|
requests:
|
|
storage: 1Gi
|
|
storageClassName: standard
|
|
volumeName: openldap-conf-pv
|
|
|
|
# TODO: get ldap database from previous network
|
|
- name: Copy ldap database to persistent volume
|
|
copy:
|
|
src: files/slapd
|
|
dest: /data/openldap-db-pv/slapd
|
|
|
|
- name: Copy base.ldif to persistent volume
|
|
copy:
|
|
src: files/base.ldif
|
|
dest: /data/openldap-conf-pv/base.ldif
|
|
|
|
- name: Copy allowpwchagne.ldif to persistent volume
|
|
copy:
|
|
src: files/allowpwchagne.ldif
|
|
dest: /data/openldap-conf-pv/allowpwchagne.ldif
|
|
|
|
- name: Copy service_accounts.ldif to persistent volume
|
|
copy:
|
|
src: files/service_accounts.ldif
|
|
dest: /data/openldap-conf-pv/service_accounts.ldif
|
|
|
|
- name: Copy config.ldif template to the persistent volumes
|
|
template:
|
|
src: files/config.ldiff.j2
|
|
dest: /data/openldap-conf-pv/config.ldiff
|
|
|
|
- name: Copy eric.ldif template to the persistent volumes
|
|
template:
|
|
src: files/eric.ldiff.j2
|
|
dest: /data/openldap-conf-pv/eric.ldiff
|
|
|
|
- name: Copy reader.ldif template to the persistent volumes
|
|
template:
|
|
src: files/reader.ldiff.j2
|
|
dest: /data/openldap-conf-pv/reader.ldiff
|
|
|
|
- name: Create a deployment
|
|
k8s:
|
|
definition:
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: openldap-deployment
|
|
namespace: {{ namespace }}
|
|
spec:
|
|
replicas: 1
|
|
selector:
|
|
matchLabels:
|
|
app: openldap
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: openldap
|
|
spec:
|
|
containers:
|
|
- name: openopenldap
|
|
image: osixia/openldap:1.5.0
|
|
volumeMounts:
|
|
- name: openldap-db-pv
|
|
mountPath: /var/lib/openldap
|
|
- name: openldap-conf-pv
|
|
mountPath: /etc/openldap/slapd.d
|
|
ports:
|
|
- containerPort: 389
|
|
- containerPort: 636
|
|
env:
|
|
- name: LDAP_ORGANIZATION
|
|
value: "EOM"
|
|
- name: LDAP_DOMAIN
|
|
value: "eom.dev"
|
|
- name: LDAP_ADMIN_PASSWORD
|
|
value: "{{ slappasswd }}"
|
|
volumes:
|
|
- name: openldap-db-pv
|
|
persistentVolumeClaim:
|
|
claimName: openldap-db-pv-claim
|
|
- name: openldap-conf-pv
|
|
persistentVolumeClaim:
|
|
claimName: openldap-conf-claim
|
|
|
|
- name: Expose deployment as a service
|
|
k8s:
|
|
definition:
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
name: openldap-service
|
|
namespace: {{ namespace }}
|
|
spec:
|
|
selector:
|
|
app: openldap
|
|
ports:
|
|
- port: 389
|
|
protocol: TCP
|
|
name: openldap-port-389
|
|
nodePort: {{ nodePorts[openldap-port-389] }}
|
|
- port: 636
|
|
protocol: TCP
|
|
name: openldap-port-636
|
|
nodePort: {{ nodePorts[openldap-port-636] }}
|
|
type: NodePort
|