servers/roles/proxmox/tasks/user.yml

# synchronize user and group data from LDAP when sync-ldap context key is set to a realm
- name: Set up LDAP user synchronization
  when: '"sync-ldap" in hostvars[inventory_hostname]'
  block:
    - name: Install LDAP sync script
      template:
        dest: /usr/local/bin/sync-ldap.py
        src: sync-ldap.py.j2
        mode: 0700
      when: is_primary

    - name: Remove LDAP sync script
      file:
        path: /usr/local/bin/sync-ldap.py
        state: absent
      when: not is_primary

    - name: Configure cronjob
      cron:
        name: 'sync LDAP users and groups'
        job: 'ip vrf exec default /usr/local/bin/sync-ldap.py'
        user: root
        cron_file: sync-ldap
        hour: "2"
        minute: "51"
        state: '{{ "present" if is_primary else "absent" }}'
proxmox: only install firewall rules on one node And let the cluster take care of distribution. 2024-05-14 10:40:33 +00:00			`# synchronize user and group data from LDAP when sync-ldap context key is set to a realm`
Factor frr role from debian, ceph and proxmox Consolidate base system and networking setup into debian role and BGP configuration into frr role. Add facts role to collect data from NetBox once to avoid many slow lookups. Also many other tweaks and cleanups. 2024-05-18 16:35:41 +00:00			`- name: Set up LDAP user synchronization`
			`when: '"sync-ldap" in hostvars[inventory_hostname]'`
			`block:`
proxmox: add LDAP user sync script Since OIDC auth doesn’t support groups, get them from AD over LDAP. Add a script to fetch user and groups, and update /etc/pve/user.cfg. The script is only installed on one node (first alphabetically), with a cron job to run it daily. The script is installed for clusters with the sync-ldap context key set to a corresponding OIDC realm. The keys ldap_user and ldap_pass must be present in the password store under cluster/<name>. 2024-05-14 10:04:35 +00:00			`- name: Install LDAP sync script`
			`template:`
			`dest: /usr/local/bin/sync-ldap.py`
			`src: sync-ldap.py.j2`
			`mode: 0700`
Factor frr role from debian, ceph and proxmox Consolidate base system and networking setup into debian role and BGP configuration into frr role. Add facts role to collect data from NetBox once to avoid many slow lookups. Also many other tweaks and cleanups. 2024-05-18 16:35:41 +00:00			`when: is_primary`
proxmox: add LDAP user sync script Since OIDC auth doesn’t support groups, get them from AD over LDAP. Add a script to fetch user and groups, and update /etc/pve/user.cfg. The script is only installed on one node (first alphabetically), with a cron job to run it daily. The script is installed for clusters with the sync-ldap context key set to a corresponding OIDC realm. The keys ldap_user and ldap_pass must be present in the password store under cluster/<name>. 2024-05-14 10:04:35 +00:00
			`- name: Remove LDAP sync script`
			`file:`
			`path: /usr/local/bin/sync-ldap.py`
			`state: absent`
Factor frr role from debian, ceph and proxmox Consolidate base system and networking setup into debian role and BGP configuration into frr role. Add facts role to collect data from NetBox once to avoid many slow lookups. Also many other tweaks and cleanups. 2024-05-18 16:35:41 +00:00			`when: not is_primary`
proxmox: add LDAP user sync script Since OIDC auth doesn’t support groups, get them from AD over LDAP. Add a script to fetch user and groups, and update /etc/pve/user.cfg. The script is only installed on one node (first alphabetically), with a cron job to run it daily. The script is installed for clusters with the sync-ldap context key set to a corresponding OIDC realm. The keys ldap_user and ldap_pass must be present in the password store under cluster/<name>. 2024-05-14 10:04:35 +00:00
			`- name: Configure cronjob`
			`cron:`
			`name: 'sync LDAP users and groups'`
			`job: 'ip vrf exec default /usr/local/bin/sync-ldap.py'`
			`user: root`
			`cron_file: sync-ldap`
			`hour: "2"`
			`minute: "51"`
Factor frr role from debian, ceph and proxmox Consolidate base system and networking setup into debian role and BGP configuration into frr role. Add facts role to collect data from NetBox once to avoid many slow lookups. Also many other tweaks and cleanups. 2024-05-18 16:35:41 +00:00			`state: '{{ "present" if is_primary else "absent" }}'`