From 9782ef2df00718be5f1778f5571e14477b3e9994 Mon Sep 17 00:00:00 2001
From: Andy Doan <andy.doan@linaro.org>
Date: Tue, 1 Mar 2016 14:16:35 -0600
Subject: colo: support for dev-cloud logins

Change-Id: I20220bfc810c1e70ca9c4de66dece955e7351ed7
---
 group_vars/dev-cloud               |  8 ++++++++
 hosts                              | 29 +++++++++++++++++++++++++++++
 roles/ssh-ldap/tasks/main.yml      | 11 +++++++++++
 roles/ssh-ldap/templates/ldap.conf |  4 ++++
 4 files changed, 52 insertions(+)
 create mode 100644 group_vars/dev-cloud

diff --git a/group_vars/dev-cloud b/group_vars/dev-cloud
new file mode 100644
index 00000000..53288fd5
--- /dev/null
+++ b/group_vars/dev-cloud
@@ -0,0 +1,8 @@
+login_groups:
+  - dev-cloud-admins
+
+sudoers:
+  - andy.doan
+  - martin.stadtler
+  - christian.allen
+  - yazen.ghannam
diff --git a/hosts b/hosts
index 230b99e9..7ff7e0df 100644
--- a/hosts
+++ b/hosts
@@ -5,6 +5,35 @@ r1-maas-server.aus-colo.linaro.org
 r2-x86-1.aus-colo.linaro.org
 r3-x86-1.aus-colo.linaro.org
 
+[aus-colo:children]
+dev-cloud
+
+[dev-cloud]
+r3-m1-c4
+r3-m1-c5
+r3-m1-c6
+r3-m1-c7
+r3-m1-c8
+r3-m1-c9
+r3-m1-c10
+r3-m1-c11
+r3-m1-c12
+r3-m1-c13
+r3-m1-c14
+r3-m1-c15
+r3-m1-c16
+r3-m1-c17
+r3-m1-c18
+r3-m1-c19
+r3-m1-c20
+r3-m1-c21
+r3-m1-c22
+r3-m1-c23
+r3-m1-c24
+r3-m1-c25
+r3-m1-c26
+r3-m1-c27
+
 [weblogs]
 weblogs.linaro.org
 
diff --git a/roles/ssh-ldap/tasks/main.yml b/roles/ssh-ldap/tasks/main.yml
index cc1ba17f..be5abade 100644
--- a/roles/ssh-ldap/tasks/main.yml
+++ b/roles/ssh-ldap/tasks/main.yml
@@ -17,6 +17,17 @@
 - name: Configure ldap.conf
   template: src=ldap.conf dest=/etc/
 
+- name: LDAP symlinks for Debian systems
+  when: ansible_distribution == 'Debian'
+  file: src=/etc/ldap.conf dest=/etc/{{item}} state=link force=yes
+  with_items:
+    - pam_ldap.conf
+    - libnss-ldap.conf
+
+- name: Disable nscd for Debian
+  when: ansible_distribution == 'Debian'
+  service: name=nscd enabled=no state=stopped
+
 - name: See if offline LDAP cache exists
   stat: path=/var/lib/misc/group.db
   register: cache
diff --git a/roles/ssh-ldap/templates/ldap.conf b/roles/ssh-ldap/templates/ldap.conf
index 2014b54c..3188114c 100644
--- a/roles/ssh-ldap/templates/ldap.conf
+++ b/roles/ssh-ldap/templates/ldap.conf
@@ -1,5 +1,9 @@
 ## !!MANAGED BY ANSIBLE!!
 
+{% if ansible_distribution == 'Debian' %}
+TLS_REQCERT allow
+{% endif %}
+
 base {{ldap_base}}
 uri {{ldap_uri}}
 binddn {{ldap_binddn}}
-- 
cgit v1.2.3